5 年之前 · 935424105c
--- a/app/controller/advance_controller.js
+++ b/app/controller/advance_controller.js
@@ -23,7 +23,8 @@ module.exports = app => {
 
				             const latestOrder = await ctx.service.advance.getLastestAdvance(ctx.tender.id, type, true);
			
 
				             const advancePayTotal = ctx.tender.info.deal_param.startAdvance;
			
 
				             const progress = await ctx.service.advance.calcProgress(latestOrder, advancePayTotal);
			
 
				-            const showAddBtn = ctx.tender.data.ledger_status !== ledgerAuditConst.uncheck && ctx.tender.data.user_id === ctx.session.sessionUser.accountId ? !latestOrder || (latestOrder.status === auditConst.status.checked && latestOrder.prev_total_amount < advancePayTotal) : false;
			
 
				+            // const showAddBtn = ctx.tender.data.ledger_status !== ledgerAuditConst.uncheck && ctx.tender.data.user_id === ctx.session.sessionUser.accountId ? !latestOrder || (latestOrder.status === auditConst.status.checked && latestOrder.prev_total_amount < advancePayTotal) : false;
			
 
				+            const showAddBtn = ctx.tender.data.user_id === ctx.session.sessionUser.accountId ? (!latestOrder || (latestOrder.status === auditConst.status.checked && latestOrder.prev_total_amount < advancePayTotal)) : false;
			
 
				             const renderData = {
			
 
				                 type,
			
 
				                 decimal: this.decimal,
			
--- a/app/middleware/tender_check.js
+++ b/app/middleware/tender_check.js
@@ -47,9 +47,15 @@ module.exports = options => {
 
				                 throw '您无权查看该项目';
			
 
				             } else {
			
 
				                 const accountId = this.session.sessionUser.accountId;
			
 
				+                const advanceAuditors = yield this.service.advanceAudit.getAllAuditors(tender.id);
			
 
				+                const advanceAuditorsId = this.helper._.map(advanceAuditors, 'audit_id');
			
 
				                 if (tender.data.ledger_status === auditConst.status.uncheck) {
			
 
				-                    if (tender.data.user_id !== accountId) {
			
 
				+                    if (tender.data.user_id !== accountId && advanceAuditorsId.indexOf(accountId) === -1) {
			
 
				                         throw '您无权查看该项目';
			
 
				+                    } else if (advanceAuditorsId.indexOf(accountId) !== -1) {
			
 
				+                        if (!(this.url === '/tender/' + this.params.id || this.url.indexOf('/advance') !== -1)) {
			
 
				+                            throw '您无权查看该内容';
			
 
				+                        }
			
 
				                     }
			
 
				                 } else {
			
 
				                     const times = tender.data.ledger_status === auditConst.status.checkNo ? tender.data.ledger_times - 1 : tender.data.ledger_times;
			
@@ -63,8 +69,8 @@ module.exports = options => {
 
				                     const reviseAuditorsId = this.helper._.map(reviseAuditors, 'audit_id');
			
 
				                     const materialAuditors = yield this.service.materialAudit.getAllAuditors(tender.id);
			
 
				                     const materialAuditorsId = this.helper._.map(materialAuditors, 'aid');
			
 
				-                    const advanceAuditors = yield this.service.advanceAudit.getAllAuditors(tender.id);
			
 
				-                    const advanceAuditorsId = this.helper._.map(advanceAuditors, 'audit_id');
			
 
				+                    // const advanceAuditors = yield this.service.advanceAudit.getAllAuditors(tender.id);
			
 
				+                    // const advanceAuditorsId = this.helper._.map(advanceAuditors, 'audit_id');
			
 
				                     const tenderPermission = this.session.sessionUser.permission ? this.session.sessionUser.permission.tender : null;
			
 
				                     if (auditorsId.indexOf(accountId) === -1 && tender.data.user_id !== accountId &&
			
 
				                         (tenderPermission === null || tenderPermission === undefined || tenderPermission.indexOf('2') === -1) &&
			
@@ -102,7 +108,7 @@ module.exports = options => {
 
				             if (this.helper.isWap(this.request)) {
			
 
				                 this.redirect('/wap/list');
			
 
				             } else {
			
 
				-                this.redirect('/list');
			
 
				+                err === '您无权查看该内容' ? this.redirect(this.request.headers.referer) : this.redirect('/list');
			
 
				             }
			
 
				         }
			
 
				     };
			
--- a/app/service/tender.js
+++ b/app/service/tender.js
@@ -133,8 +133,7 @@ module.exports = app => {
 
				                     '    OR (t.`ledger_status` = ' + auditConst.ledger.status.checked + ' AND ' +
			
 
				                     '        t.id IN ( SELECT ma.`tid` FROM ?? AS ma WHERE ma.`aid` = ? GROUP BY ma.`tid`))' +
			
 
				                     // 参与审批 预付款 的标段
			
 
				-                    '    OR (t.`ledger_status` = ' + auditConst.ledger.status.checked + ' AND ' +
			
 
				-                    '        t.id IN ( SELECT ad.`tid` FROM ?? AS ad WHERE ad.`audit_id` = ? GROUP BY ad.`tid`))' +
			
 
				+                    '    OR (t.id IN ( SELECT ad.`tid` FROM ?? AS ad WHERE ad.`audit_id` = ? GROUP BY ad.`tid`))' +
			
 
				                     // 未参与，但可见的标段
			
 
				                     ') ORDER BY CONVERT(t.`name` USING GBK) ASC';
			
 
				                 sqlParam = [this.tableName, this.ctx.service.projectAccount.tableName, session.sessionProject.id, session.sessionUser.accountId,