游客预付款bug

app/controller/advance_controller.js

@@ -119,15 +119,20 @@ module.exports = app => {
          * @private
          */
         async _checkCanEntry(ctx) {
+            ctx.advance.filePermission = false;
             if (ctx.advance.status === auditConst.status.uncheck) {
-                if (ctx.session.sessionUser.accountId !== ctx.advance.uid) {
+                if (ctx.session.sessionUser.accountId !== ctx.advance.uid && !ctx.tender.isTourist) {
                     throw '无权访问';
+                } else if (ctx.session.sessionUser.accountId === ctx.advance.uid) {
+                    ctx.advance.filePermission = true;
                 }
             } else {
                 const auditors = await ctx.service.advanceAudit.getAuditorsWithOwner(ctx.advance.id, ctx.advance.times);
                 const cur_uid = ctx.session.sessionUser.accountId;
-                if (auditors.findIndex(item => item.audit_id === cur_uid) === -1) {
+                if (auditors.findIndex(item => item.audit_id === cur_uid) === -1 && !ctx.tender.isTourist) {
                     throw '无权访问';
+                } else if (auditors.findIndex(item => item.audit_id === cur_uid) !== -1 || ctx.session.sessionUser.accountId === ctx.advance.uid) {
+                    ctx.advance.filePermission = true;
                 }
             }
         }

app/public/js/advance_audit.js

@@ -353,7 +353,7 @@ $(document).ready(function () {
             }
             return {...file, showDel}
         })
-        let html = `<tr><td colspan="3"><a href="#addfujian" data-toggle="modal" class="btn btn-sm btn-light text-primary" data-placement="bottom" title="" data-original-title="添加清单"><i class="fa fa-cloud-upload" aria-hidden="true"></i> 上传附件</a></td></tr>`
+        let html = advance.filePermission ? `<tr><td colspan="3"><a href="#addfujian" data-toggle="modal" class="btn btn-sm btn-light text-primary" data-placement="bottom" title="" data-original-title="添加清单"><i class="fa fa-cloud-upload" aria-hidden="true"></i> 上传附件</a></td></tr>` : '';
         newFiles.forEach((file, idx) => {
             if (file.showDel) {
                 html += `<tr><td width="70">${idx + 1}</td><td><a href="/${file.filepath}" target="_blank">${file.filename}</a></td><td width="90"><a href="javascript: void(0);" class="text-danger file-del" data-id="${file.id}">移除</a></td></tr>`

app/service/advance.js

@@ -25,7 +25,7 @@ module.exports = app => {
                 value: type,
                 operate: '=',
             });
-            if (this.ctx.session.sessionUser.accountId !== this.ctx.tender.data.user_id) {
+            if (this.ctx.session.sessionUser.accountId !== this.ctx.tender.data.user_id && !this.ctx.tender.isTourist) {
                 this.sqlBuilder.setAndWhere('status', {
                     value: auditConst.status.uncheck,
                     operate: '!=',

app/view/advance/detail.ejs

@@ -380,8 +380,8 @@
 </script>
 <% if(isEdited && ctx.session.sessionUser.accountId === ctx.advance.uid) { %>
 <script>
-    const accountList = JSON.parse('<%- JSON.stringify(accountList) %>');
-    const accountGroup = JSON.parse('<%- JSON.stringify(accountGroup) %>');
+    const accountList = JSON.parse(unescape('<%- escape(JSON.stringify(accountList)) %>'));
+    const accountGroup = JSON.parse(unescape('<%- escape(JSON.stringify(accountGroup)) %>'));
     const shenpi_status = <%- ctx.tender.info.shenpi.advance %>;
     const shenpiConst =  JSON.parse('<%- JSON.stringify(shenpiConst) %>');
 </script>