5 月之前 · 7304158fcf
--- a/app/controller/sub_proj_controller.js
+++ b/app/controller/sub_proj_controller.js
@@ -423,6 +423,11 @@ module.exports = app => {
 
				                 ctx.ajaxErrorBody(error, '删除附件失败');
			
 
				             }
			
 
				         }
			
 
				+
			
 
				+        async noPermission(ctx) {
			
 
				+            ctx.controllerName = ctx.params.block;
			
 
				+            await this.layout('sub_proj/no_permission.ejs');
			
 
				+        }
			
 
				     }
			
 
				 
			
 
				     return SubProjController;
			
--- a/app/middleware/sub_project_check.js
+++ b/app/middleware/sub_project_check.js
@@ -40,7 +40,11 @@ module.exports = options => {
 
				                 if (!bp) throw '您无权查看该项目';
			
 
				                 this.subProject.permission = bp;
			
 
				             }
			
 
				-            yield next;
			
 
				+            if (this.helper.isAjax(this.request) || this.method === 'POST' || this.service.subProjPermission.checkViewPermission(this)) {
			
 
				+                yield next;
			
 
				+            } else {
			
 
				+                this.redirect(`/sp/${this.subProject.id}/nop/${this.controllerName}`);
			
 
				+            }
			
 
				         } catch (err) {
			
 
				             this.log(err);
			
 
				             if (this.helper.isAjax(this.request)) {
			
--- a/app/router.js
+++ b/app/router.js
@@ -220,6 +220,8 @@ module.exports = app => {
 
				     app.get('/sp/:id/setting/manage', sessionAuth, subProjectCheck, 'subProjSettingController.manage');
			
 
				     app.post('/sp/:id/setting/manage/tender/save', sessionAuth, subProjectCheck, 'subProjSettingController.manageTenderSave');
			
 
				 
			
 
				+    app.get('/sp/:id/nop/:block', sessionAuth, subProjectCheck, 'subProjController.noPermission');
			
 
				+
			
 
				     // 项目列表跳转项目内部 todo 除标段内，均改为/sp/:id/xxx的链接形式
			
 
				     // **控制面板
			
 
				     app.get('/sp/:id/dashboard', sessionAuth, subProjectCheck, 'dashboardController.index');
			
--- a/app/service/sub_proj_permission.js
+++ b/app/service/sub_proj_permission.js
@@ -125,6 +125,11 @@ module.exports = app => {
 
				                 x.budget_permission = x.budget_permission ? _.map(x.budget_permission.split(','), _.toInteger) : [];
			
 
				                 x.file_permission = x.file_permission ? _.map(x.file_permission.split(','), _.toInteger) : [];
			
 
				                 x.manage_permission = x.manage_permission ? _.map(x.manage_permission.split(','), _.toInteger) : [];
			
 
				+                x.info_permission = x.info_permission ? _.map(x.info_permission.split(','), _.toInteger) : [];
			
 
				+                x.datacollect_permission = x.datacollect_permission ? _.map(x.datacollect_permission.split(','), _.toInteger) : [];
			
 
				+                x.contract_permission = x.contract_permission ? _.map(x.contract_permission.split(','), _.toInteger) : [];
			
 
				+                x.fund_pay_permission = x.fund_pay_permission ? _.map(x.fund_pay_permission.split(','), _.toInteger) : [];
			
 
				+                x.fund_trans_permission = x.fund_trans_permission ? _.map(x.fund_trans_permission.split(','), _.toInteger) : [];
			
 
				                 x.filing_type = x.filing_type ? _.map(x.filing_type.split(','), _.toInteger): [];
			
 
				             });
			
 
				         }
			
@@ -276,6 +281,23 @@ module.exports = app => {
 
				             });
			
 
				             if (updateData.length > 0) await this.db.updateRows(this.tableName, updateData);
			
 
				         }
			
 
				+
			
 
				+        checkViewPermission(ctx) {
			
 
				+            const permissionBlock = ctx.service.subProjPermission.PermissionBlock.find(x => { return x.key === ctx.controllerName; });
			
 
				+            if (!permissionBlock) return true;
			
 
				+            if (permissionBlock.children) {
			
 
				+                let canView = false;
			
 
				+                for (const c of permissionBlock.children) {
			
 
				+                    const viewPermission = permissionBlock.permission.find(x => { return x.key === 'view'; });
			
 
				+                    if (!viewPermission || ctx.subProject.permission[c.field].indexOf(viewPermission.value) >= 0) canView = true;
			
 
				+                }
			
 
				+                return canView;
			
 
				+            } else {
			
 
				+                const viewPermission = permissionBlock.permission.find(x => { return x.key === 'view'; });
			
 
				+                if (!viewPermission) return true;
			
 
				+                return ctx.subProject.permission[permissionBlock.field].indexOf(viewPermission.value) >= 0;
			
 
				+            }
			
 
				+        };
			
 
				     }
			
 
				 
			
 
				     return subProjPermission;
			
--- a/app/view/sub_proj/no_permission.ejs
+++ b/app/view/sub_proj/no_permission.ejs
@@ -0,0 +1,14 @@
 
				+<div class="panel-content">
			
 
				+    <div class="content-wrap">
			
 
				+        <div class="sjs-height-0" style="background-color: #fff">
			
 
				+            <div class="c-body">
			
 
				+                <div class="jumbotron">
			
 
				+                    <h3 class="display-6">暂无权限</h3>
			
 
				+                </div>
			
 
				+            </div>
			
 
				+        </div>
			
 
				+    </div>
			
 
				+</div>
			
 
				+<script>
			
 
				+    autoFlashHeight();
			
 
				+</script>