签约清单，增加权限判断

app/const/account_permission.js

@@ -28,6 +28,7 @@ const permission = {
         children: [
             { title: '创建标段', value: 1 },
             { title: '查阅所有标段', value: 2 },
+            { title: '维护签约清单', value: 3, hint: '开启该选项，台帐审批通过后，可上传签约清单', hintIcon: 'fa-question-circle' },
         ],
     },
     // cooperation: {

app/controller/deal_bills_controller.js

@@ -19,6 +19,7 @@ const loadExcelType = {
 };
 const loadType = loadExcelType.display;
 const auditConst = require('../const/audit').ledger;
+const permissionConst = require('../const/account_permission');
 
 module.exports = app => {
     class DealBillsController extends app.BaseController {
@@ -48,6 +49,24 @@ module.exports = app => {
             ctx.body = responseData;
         }
 
+        async checkPermisision(ctx) {
+            if (!ctx.tender.data) throw '标段数据错误';
+
+            const tender = ctx.tender.data;
+            const isUser = tender.user_id === this.ctx.session.sessionUser.accountId;
+            const auditors = await this.service.ledgerAudit.getAuditors(tender.id, tender.ledger_times);
+            const auditorsId = this.ctx.helper._.map(auditors, 'audit_id');
+            const isAuditor  = auditorsId.indexOf(this.ctx.session.sessionUser.accountId) >= 0;
+            const upPermision = this.ctx.session.sessionUser.permission
+                ? this.ctx.session.sessionUser.permission.tender.indexOf('3') >= 0
+                : false;
+            if (((tender.ledger_status === auditConst.status.uncheck || tender.ledger_status === auditConst.status) && !isUser) ||
+                (tender.ledger_status === auditConst.status.checking && !isAuditor) ||
+                !(tender.ledger_status === auditConst.status.checked && isAuditor && upPermision)) {
+                throw '您无权进行该操作';
+            }
+        }
+
         /**
          * 导入Excel数据
          * @param ctx
@@ -56,6 +75,7 @@ module.exports = app => {
         async loadExcel(ctx) {
             let stream;
             try {
+                await this.checkPermisision(ctx);
                 stream = await ctx.getFileStream();
                 const create_time = Date.parse(new Date()) / 1000;
                 const fileInfo = path.parse(stream.filename);
@@ -165,10 +185,7 @@ module.exports = app => {
          */
         async update(ctx) {
             try {
-                if (!ctx.tender.data) throw '标段数据错误';
-                if (ctx.tender.data.user_id !== ctx.session.sessionUser.accountId ||
-                    (ctx.tender.ledger_status === auditConst.status.checking || ctx.tender.ledger_status === auditConst.status.checked))
-                    throw '您无权进行该操作';
+                await this.checkPermisision(ctx);
                 const data = JSON.parse(ctx.request.body.data);
                 const result = await ctx.service.dealBills.updateDatas(data);
                 ctx.body = { err: 0, msg: '', data: result };

app/controller/ledger_controller.js

@@ -56,6 +56,18 @@ module.exports = app => {
                 (tender.ledger_status === auditConst.status.checking || tender.ledger_status === auditConst.status.checked);
         }
 
+        _canUpdateDealBills(tender, auditors) {
+            const isUser = tender.user_id === this.ctx.session.sessionUser.accountId;
+            const auditorsId = this.ctx.helper._.map(auditors, 'audit_id');
+            const isAuditor  = auditorsId.indexOf(this.ctx.session.sessionUser.accountId) >= 0;
+            const upPermission = this.ctx.session.sessionUser.permission
+                ? this.ctx.session.sessionUser.permission.tender.indexOf('3') >= 0
+                : false;
+            return !(((tender.ledger_status === auditConst.status.uncheck || tender.ledger_status === auditConst.status) && !isUser) ||
+                (tender.ledger_status === auditConst.status.checking && !isAuditor) ||
+                !(tender.ledger_status === auditConst.status.checked && isAuditor && upPermission));
+        }
+
         /**
          * 获取SpreadSetting
          * @private
@@ -145,6 +157,7 @@ module.exports = app => {
                     jsFiles: this.app.jsFiles.common.concat(this.app.jsFiles.ledger.explode),
                     stdBills,
                     stdChapters,
+                    dealBillsPermission: this._canUpdateDealBills(tender.data, auditors)
                 };
                 if ((tender.data.ledger_status === auditConst.status.uncheck || tender.data.ledger_status === auditConst.status.checkNo) && tender.data.user_id === ctx.session.sessionUser.accountId) {
                     // renderData.accountGroup = accountGroup;

app/view/ledger/explode.ejs

@@ -139,7 +139,11 @@
                     <div id="deal-bills" class="tab-pane">
                         <div class="sjs-bar-4">
                             <div class="pb-1">
+                                <% if (dealBillsPermission) { %>
                                 <a href="#upload-deal" data-toggle="modal" data-target="#upload-deal" class="btn btn-sm btn-primary">上传签约清单</a>
+                                <% } else { %>
+                                <a href="javascript: void(0);" class="btn btn-sm btn-outline-dark">上传签约清单</a>
+                                <% } %>
                                 <a href="/tender/<%- ctx.tender.id %>/deal/download/签约清单.xlsx" class="btn btn-sm btn-primary" style="display: none">下载签约清单</a>
                             </div>
                         </div>

app/view/setting/user_permission_modal.ejs

@@ -81,6 +81,9 @@
                         <div class="form-check form-check-inline">
                             <input class="form-check-input" type="<%= permission[pm].type %>" id="<%= pm %>_<%= ip.value %>" name="<%= pm %><% if (permission[pm].type === 'checkbox') { %>[]<% } %>" value="<%= ip.value %>">
                             <label class="form-check-label" for="<%= pm %>_<%= ip.value %>"><%= ip.title %></label>
+                            <% if (ip.hint && ip.hintIcon) { %>
+                            <a href="" data-toggle="tooltip" data-placement="bottom" title="" data-original-title="<%- ip.hint%>"><i class="fa <%- ip.hintIcon%>"></i></a>
+                            <% } %>
                         </div>
                         <% } %>
                     </div>