权限功能更新

app/controller/payment_controller.js

@@ -180,8 +180,18 @@ module.exports = app => {
                             id: data.postData.id,
                         };
                         if (type === 'tender') {
+                            const tenderInfo = await ctx.service.paymentTender.getDataById(conditionData.id);
+                            if (!tenderInfo) throw '标段不存在';
+                            if (tenderInfo.uid !== ctx.session.sessionUser.accountId && !ctx.session.sessionUser.is_admin) {
+                                throw '您没有权限重命名此标段';
+                            }
                             await ctx.service.paymentTender.update(updateData, conditionData);
                         } else {
+                            const folderInfo = await ctx.service.paymentFolder.getDataById(conditionData.id);
+                            if (!folderInfo) throw '目录不存在';
+                            if (folderInfo.uid !== ctx.session.sessionUser.accountId && !ctx.session.sessionUser.is_admin) {
+                                throw '您没有权限重命名此目录';
+                            }
                             await ctx.service.paymentFolder.update(updateData, conditionData);
                         }
                         break;
@@ -542,7 +552,7 @@ module.exports = app => {
 
         async process(ctx) {
             try {
-                if (!ctx.payment.auditPermission || !ctx.payment.auditPermission.admin) {
+                if (!ctx.payment.auditPermission || !ctx.payment.auditPermission.admin || !(ctx.session.sessionUser.is_admin || ctx.tender.uid === ctx.session.sessionUser.accountId)) {
                     throw '权限不足';
                 }
                 let [tenderRptList, rptProjectList] = await this._returnRptProjectList(ctx, true);
@@ -577,7 +587,7 @@ module.exports = app => {
                 console.log(err);
                 this.log(err);
                 ctx.session.postError = err.toString();
-                ctx.redirect(this.request.headers.referer ? this.request.headers.referer : '/payment');
+                ctx.redirect(this.request && this.request.headers && this.request.headers.referer ? this.request.headers.referer : '/payment');
             }
         }
 

app/public/js/payment_index.js

@@ -62,27 +62,29 @@ $(function () {
         html.push('<td style="width: 15%" class="text-center">', node.in_time && node.parent_id === undefined ? moment(node.in_time).format('YYYY-MM-DD HH:mm:ss') : '', '</td>');
         // 审批流程
         html.push('<td style="width: 15%" class="text-center">');
-        if (node.parent_id === undefined && auditPermission.admin) {
+        if (node.parent_id === undefined && auditPermission.admin && (node.uid === uid || is_admin)) {
             html.push('<a href="/payment/'+ node.id +'/process" target="_blank">设置</a>');
         }
         html.push('</td>');
         // 操作
         html.push('<td style="width: 15%" class="text-center">');
-        if (auditPermission.admin) {
+        if (auditPermission.admin && (node.uid === uid || is_admin || node.parent_id !== undefined)) {
             html.push('<div class="dropdown">\n' +
                 '                        <a href="#" class="dropdown-toggle text-primary" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">\n' +
                 '                          <i class="fa fa-bars"></i>\n' +
                 '                        </a>\n' +
                 '                        <div class="dropdown-menu">\n');
-            html.push('<a class="dropdown-item edit_name_btn" data-type="'+ (node.parent_id === undefined ? 'tender' : 'folder') +'" data-id="'+ node.id +'" href="javascript:void(0);"><i class="fa fa-edit mr-2"></i>重命名</a>\n');
-            if (!node.had_tender) {
+            if (node.uid === uid || is_admin) {
+                html.push('<a class="dropdown-item edit_name_btn" data-type="'+ (node.parent_id === undefined ? 'tender' : 'folder') +'" data-id="'+ node.id +'" href="javascript:void(0);"><i class="fa fa-edit mr-2"></i>重命名</a>\n');
+            }
+            if (!node.had_tender && node.uid === uid || is_admin) {
                 if (node.have_detail) {
                     html.push('<a class="dropdown-item" style="cursor:not-allowed" href="javascript:void(0);" data-toggle="tooltip" data-placement="bottom" title="请先删除所有审批期数据"><i class="fa fa-remove mr-2"></i>删除</a>\n');
                 } else {
                     html.push('<a class="dropdown-item show_del_btn" data-type="'+ (node.parent_id === undefined ? 'tender' : 'folder') +'" data-id="'+ node.id +'" href="javascript:void(0);"><i class="fa fa-remove mr-2"></i>删除</a>\n');
                 }
             }
-            if ((auditPermission.admin && node.is_leaf) || (auditPermission.admin && node.parent_id !== undefined && !node.is_tender)) {
+            if (auditPermission.admin && (node.uid === uid || is_admin) && (node.is_leaf || (node.parent_id !== undefined && !node.is_tender))) {
                 html.push('<div class="dropdown-divider"></div>\n');
             }
             if (auditPermission.admin && node.parent_id !== undefined && !node.is_tender) {

app/service/payment_folder.js

@@ -19,6 +19,10 @@ module.exports = app => {
         async addFolder(projectId, uid, parentId = 0, name) {
             const transaction = await this.db.beginTransaction();
             try {
+                const tenderCount = await this.ctx.service.paymentTender.count({ folder_id: parentId });
+                if (tenderCount > 0) {
+                    throw '目录下存在标段无法创建子目录';
+                }
                 let level = 1;
                 let parent_path = '';
                 if (parentId !== 0) {
@@ -56,6 +60,9 @@ module.exports = app => {
             const transaction = await this.db.beginTransaction();
             try {
                 const info = await this.getDataById(id);
+                if (info.uid !== this.ctx.session.sessionUser.accountId && !this.ctx.session.sessionUser.is_admin) {
+                    throw '您没有权限删除此目录';
+                }
                 let ids = [info.id];
                 if (info.parent_path) {
                     const deleteData = await this.getDataByParentPath(this.tableName, info.parent_path + '-' + info.id + '%', transaction);
@@ -64,6 +71,11 @@ module.exports = app => {
                         ids = [...ids, ...delids];
                     }
                 }
+                // 判断是否存在标段，有则无法删除目录
+                const tenderCount = await this.ctx.service.paymentTender.count({ folder_id: ids });
+                if (tenderCount > 0) {
+                    throw '目录下存在标段，无法删除';
+                }
                 await transaction.delete(this.tableName, { id: ids });
                 await transaction.commit();
             } catch (err) {
@@ -84,35 +96,48 @@ module.exports = app => {
         }
 
         async getList(uid, tenderList, auditPermission) {
+            // 获取所有项目参与者
+            const accountList = await this.ctx.service.projectAccount.getAllDataByCondition({
+                where: { project_id: this.ctx.session.sessionProject.id, enable: 1 },
+                columns: ['id', 'name'],
+            });
+            let folderList = [];
             if (auditPermission.view_all) {
-                return await this.getAllDataByCondition({ where: { pid: this.ctx.session.sessionProject.id } });
-            }
-            let folderList = await this.getAllDataByCondition({ where: { uid } });
-            // 再找出标段对应的目录及自建的目录下的子目录
-            if (tenderList.length > 0) {
-                for (const t of tenderList) {
-                    if (this._.findIndex(folderList, { id: t.folder_id }) === -1) {
-                        const folderInfo = await this.getDataById(t.folder_id);
-                        folderList.push(folderInfo);
+                folderList = await this.getAllDataByCondition({ where: { pid: this.ctx.session.sessionProject.id } });
+            } else {
+                folderList = await this.getAllDataByCondition({ where: { uid } });
+                // 再找出标段对应的目录及自建的目录下的子目录
+                if (tenderList.length > 0) {
+                    for (const t of tenderList) {
+                        if (this._.findIndex(folderList, { id: t.folder_id }) === -1) {
+                            const folderInfo = await this.getDataById(t.folder_id);
+                            folderList.push(folderInfo);
+                        }
+                    }
+                }
+                if (folderList.length > 0) {
+                    const leafFolderList = this._.filter(folderList, { is_leaf: 1 });
+                    const parentFolderIdList = this._.map(this._.filter(folderList, { is_leaf: 0 }), 'id');
+                    for (const lf of leafFolderList) {
+                        let parentPathArray = lf.parent_path !== '' ? lf.parent_path.split('-') : [];
+                        if (parentPathArray.length > 0) {
+                            parentPathArray = parentPathArray.map(function(data) {
+                                return +data;
+                            });// 字符串数组转整型数组
+                        }
+                        const notExistFolderIds = this._.difference(parentPathArray, parentFolderIdList);
+                        if (notExistFolderIds.length > 0) {
+                            const newFolderList = await this.getAllDataByCondition({ where: { id: notExistFolderIds } });
+                            console.log(newFolderList);
+                            folderList = [...folderList, ...newFolderList];
+                        }
                     }
                 }
             }
             if (folderList.length > 0) {
-                const leafFolderList = this._.filter(folderList, { is_leaf: 1 });
-                const parentFolderIdList = this._.map(this._.filter(folderList, { is_leaf: 0 }), 'id');
-                for (const lf of leafFolderList) {
-                    let parentPathArray = lf.parent_path !== '' ? lf.parent_path.split('-') : [];
-                    if (parentPathArray.length > 0) {
-                        parentPathArray = parentPathArray.map(function(data) {
-                            return +data;
-                        });// 字符串数组转整型数组
-                    }
-                    const notExistFolderIds = this._.difference(parentPathArray, parentFolderIdList);
-                    if (notExistFolderIds.length > 0) {
-                        const newFolderList = await this.getAllDataByCondition({ where: { id: notExistFolderIds } });
-                        console.log(newFolderList);
-                        folderList = [...folderList, ...newFolderList];
-                    }
+                for (const f of folderList) {
+                    const userInfo = this._.find(accountList, { id: f.uid });
+                    f.user_name = userInfo ? userInfo.name : '';
                 }
             }
             return folderList;

app/service/payment_tender.js

@@ -95,6 +95,9 @@ module.exports = app => {
                 if (!tenderInfo) {
                     throw '标段不存在';
                 }
+                if (tenderInfo.uid !== this.ctx.session.sessionUser.accountId && !this.ctx.session.sessionUser.is_admin) {
+                    throw '您没有权限删除此标段';
+                }
                 const had_detail = await this.ctx.service.paymentDetail.haveDetail2Tender(id);
                 if (had_detail) {
                     throw '请先删除所有报表表单详情';

app/view/payment/index.ejs

@@ -25,5 +25,6 @@
     let allFolders = [];
     let allTenders = [];
     const uid = <%- ctx.session.sessionUser.accountId %>;
+    const is_admin = <%- ctx.session.sessionUser.is_admin %>;
     const auditPermission = JSON.parse(unescape('<%- escape(JSON.stringify(auditPermission)) %>'));
 </script>