%!s(int64=4) %!d(string=hai) anos · 8b65883d24
--- a/app/controller/stage_controller.js
+++ b/app/controller/stage_controller.js
@@ -762,10 +762,9 @@ module.exports = app => {
 
				                 }
			
 
				 
			
 
				                 // 用户有无权限上传和删除附件
			
 
				-                // renderData.uploadPermission = ((ctx.stage.status === auditConst.status.uncheck || ctx.stage.status === auditConst.status.checkNo) && ctx.session.sessionUser.accountId === ctx.stage.user_id) ||
			
 
				-                //     (ctx.stage.status === auditConst.status.checkNoPre && ctx.session.sessionUser.accountId === ctx.stage.curAuditor.aid) ||
			
 
				-                //     (ctx.stage.status === auditConst.status.checking && ctx.stage.curAuditor && ctx.stage.curAuditor.aid === ctx.session.sessionUser.accountId);
			
 
				-                renderData.uploadPermission = ctx.stage.users.indexOf(ctx.session.sessionUser.accountId) >= 0;
			
 
				+                renderData.uploadPermission = ((ctx.stage.status === auditConst.status.uncheck || ctx.stage.status === auditConst.status.checkNo) && ctx.session.sessionUser.accountId === ctx.stage.user_id) ||
			
 
				+                    (ctx.stage.status === auditConst.status.checkNoPre && ctx.session.sessionUser.accountId === ctx.stage.curAuditor.aid) ||
			
 
				+                    (ctx.stage.status === auditConst.status.checking && ctx.stage.curAuditor && ctx.stage.curAuditor.aid === ctx.session.sessionUser.accountId);
			
 
				 
			
 
				                 if (!ctx.stage.readOnly) {
			
 
				                     // 计算 本期金额
			
@@ -1608,7 +1607,7 @@ module.exports = app => {
 
				             };
			
 
				             let stream;
			
 
				             try {
			
 
				-                //this._checkStageCanModify(ctx);
			
 
				+                this._checkStageCanModify(ctx);
			
 
				 
			
 
				                 const parts = ctx.multipart({ autoFields: true });
			
 
				                 const files = [];
			
@@ -1638,7 +1637,6 @@ module.exports = app => {
 
				                         filepath: path.join(dirName, fileName),
			
 
				                         uid: ctx.session.sessionUser.accountId,
			
 
				                         in_time: moment(create_time * 1000).format('YYYY-MM-DD'),
			
 
				-                        renew: ctx.stage.status === auditConst.status.checked,
			
 
				                     };
			
 
				                     const result = await ctx.service.stagePay.saveAtt(parts.field.pay_id, attData);
			
 
				                     if (!result) {
			
@@ -1722,11 +1720,6 @@ module.exports = app => {
 
				                 const payInfo = await ctx.service.stagePay.getDataById(data.id);
			
 
				                 if (payInfo !== undefined) {
			
 
				                     const fileInfo = JSON.parse(payInfo.attachment)[data.index];
			
 
				-
			
 
				-                    if (fileInfo.uid !== ctx.session.sessionUser.accountId) throw '您无权删除该文件';
			
 
				-
			
 
				-                    if (ctx.stage.status === auditConst.status.checked && !fileInfo.renew) throw '不可删除该文件';
			
 
				-
			
 
				                     // 先删除文件
			
 
				                     await fs.unlinkSync(path.join(this.app.baseDir, fileInfo.filepath));
			
 
				                     // 再删除数据库
			
--- a/app/public/js/stage_pay.js
+++ b/app/public/js/stage_pay.js
@@ -34,7 +34,7 @@ function makeAttTable(payNode) {
 
				     let html = '';
			
 
				     if (attachment !== null) {
			
 
				         for (const [index, att] of attachment.entries()) {
			
 
				-            const delhtml = uploadPermission && (parseInt(att.uid) === userID) && (!stageChecked || att.renew)
			
 
				+            const delhtml = !readOnly && uploadPermission && (parseInt(att.uid) === userID || payNode.uid === userID || (payNode.uid === -1 && userID === stage.user_id))
			
 
				                 ? '<a class="delete-att text-danger" href="javascript:void(0);" data-payid="'+ id +'" data-attindex="'+ index +'" title="删除"><i class="fa fa-remove "></i></a>'
			
 
				                 : '';
			
 
				             html += '<tr><td style="width: 200px">' + att.filename + att.fileext + '</td><td>' + att.username + '</td><td>' + att.in_time + '</td>' +
			
--- a/app/service/stage_pay.js
+++ b/app/service/stage_pay.js
@@ -296,6 +296,15 @@ module.exports = app => {
 
				             return await transaction.query(sql, sqlParam);
			
 
				         }
			
 
				 
			
 
				+        async getLastestPayId(id) {
			
 
				+            const info = await this.getDataById(id);
			
 
				+            const sql = 'SELECT SP.* FROM ?? As SP WHERE SP.`sid` = ? AND SP.`pid` = ? ORDER BY SP.`stimes` DESC, SP.`sorder` DESC';
			
 
				+            const sqlParam = [this.tableName, info.sid, info.pid];
			
 
				+            const lst = await this.db.queryOne(sql, sqlParam);
			
 
				+            if (!lst || !lst.id) throw '数据错误';
			
 
				+            return lst.id;
			
 
				+        }
			
 
				+
			
 
				         /**
			
 
				          * 拷贝上一操作人数据 为 下一操作人数据
			
 
				          * @param stage - 期数据
			
--- a/app/view/stage/pay.ejs
+++ b/app/view/stage/pay.ejs
@@ -68,5 +68,4 @@
 
				     const preContractTp = <%- (pre.contract_tp || 0) %>;
			
 
				     const preQcTp = <%- (pre.qc_tp || 0) %>;
			
 
				     const preGatherTp = <%- (pre.gather_tp || 0) %>;
			
 
				-    const stageChecked = <%- ctx.stage.status === auditConst.status.checked %>;
			
 
				 </script>