fix: 预付款按钮增加权限控制

app/controller/advance_controller.js

@@ -1,6 +1,7 @@
 'use strict';
 const accountGroup = require('../const/account_group').group;
 const auditConst = require('../const/audit').advance;
+const ledgerAuditConst = require('../const/audit').ledger.status;
 const sendToWormhole = require('stream-wormhole');
 const path = require('path');
 const fs = require('fs');
@@ -17,8 +18,10 @@ module.exports = app => {
             const latestOrder = await ctx.service.advance.getLastestAdvance(ctx.tender.id, type, true);
             const advancePayTotal = ctx.tender.info.deal_param.startAdvance;
             const progress = await ctx.service.advance.calcProgress(latestOrder, advancePayTotal);
+            const showAddBtn = ctx.tender.data.ledger_status !== ledgerAuditConst.uncheck && ctx.tender.data.user_id === ctx.session.sessionUser.accountId ? !latestOrder || (latestOrder.status === auditConst.status.checked && latestOrder.prev_total_amount < advancePayTotal) : false;
             const renderData = {
                 type,
+                showAddBtn,
                 advanceList,
                 latestOrder,
                 auditConst,
@@ -40,8 +43,10 @@ module.exports = app => {
             const latestOrder = await ctx.service.advance.getLastestAdvance(ctx.tender.id, type, true);
             const advancePayTotal = ctx.tender.info.deal_param.materialAdvance;
             const progress = await ctx.service.advance.calcProgress(latestOrder, advancePayTotal);
+            const showAddBtn = ctx.tender.data.ledger_status !== ledgerAuditConst.uncheck && ctx.tender.data.user_id === ctx.session.sessionUser.accountId ? !latestOrder || (latestOrder.status === auditConst.status.checked && latestOrder.prev_total_amount < advancePayTotal) : false;
             const renderData = {
                 type,
+                showAddBtn,
                 advanceList,
                 latestOrder,
                 auditConst,

app/middleware/tender_check.js

@@ -43,6 +43,7 @@ module.exports = options => {
                 tender.data.ledger_times = 1;
             }
             if (tender.data.project_id !== this.session.sessionProject.id) {
+
                 throw '您无权查看该项目';
             } else {
                 const accountId = this.session.sessionUser.accountId;

app/service/advance.js

@@ -81,6 +81,8 @@ module.exports = app => {
                     prev_amount: 0.00,
                     prev_total_amount: 0.00,
                 };
+            } else {
+                latestOrder.order = latestOrder.order + 1;
             }
             const record = await this.db.insert(this.tableName, { type, uid, tid, status: auditConst.status.uncheck, order: latestOrder.order, prev_amount: latestOrder.prev_total_amount, prev_total_amount: latestOrder.prev_total_amount });
             return await this.getDataById(record.insertId);

app/view/advance/index.ejs

@@ -29,7 +29,7 @@
                 </div>
             </div>
             <div>
-                <% if(!latestOrder || (latestOrder.status === auditConst.status.checked && latestOrder.prev_total_amount < advancePayTotal)) { %>
+                <% if(showAddBtn) { %>
                     <form action="<%- preUrl %>" method="POST">
                         <input type="hidden" name="_csrf" value="<%= ctx.csrf %>">
                         <button type="submit" class="btn btn-primary btn-sm pull-right">开始新一期</button>