合同支付，附件上传权限调整

app/controller/stage_controller.js

@@ -762,9 +762,10 @@ module.exports = app => {
                 }
 
                 // 用户有无权限上传和删除附件
-                renderData.uploadPermission = ((ctx.stage.status === auditConst.status.uncheck || ctx.stage.status === auditConst.status.checkNo) && ctx.session.sessionUser.accountId === ctx.stage.user_id) ||
-                    (ctx.stage.status === auditConst.status.checkNoPre && ctx.session.sessionUser.accountId === ctx.stage.curAuditor.aid) ||
-                    (ctx.stage.status === auditConst.status.checking && ctx.stage.curAuditor && ctx.stage.curAuditor.aid === ctx.session.sessionUser.accountId);
+                // renderData.uploadPermission = ((ctx.stage.status === auditConst.status.uncheck || ctx.stage.status === auditConst.status.checkNo) && ctx.session.sessionUser.accountId === ctx.stage.user_id) ||
+                //     (ctx.stage.status === auditConst.status.checkNoPre && ctx.session.sessionUser.accountId === ctx.stage.curAuditor.aid) ||
+                //     (ctx.stage.status === auditConst.status.checking && ctx.stage.curAuditor && ctx.stage.curAuditor.aid === ctx.session.sessionUser.accountId);
+                renderData.uploadPermission = ctx.stage.users.indexOf(ctx.session.sessionUser.accountId) >= 0;
 
                 if (!ctx.stage.readOnly) {
                     // 计算 本期金额
@@ -1607,7 +1608,7 @@ module.exports = app => {
             };
             let stream;
             try {
-                this._checkStageCanModify(ctx);
+                //this._checkStageCanModify(ctx);
 
                 const parts = ctx.multipart({ autoFields: true });
                 const files = [];
@@ -1637,6 +1638,7 @@ module.exports = app => {
                         filepath: path.join(dirName, fileName),
                         uid: ctx.session.sessionUser.accountId,
                         in_time: moment(create_time * 1000).format('YYYY-MM-DD'),
+                        renew: ctx.stage.status === auditConst.status.checked,
                     };
                     const result = await ctx.service.stagePay.saveAtt(parts.field.pay_id, attData);
                     if (!result) {
@@ -1720,6 +1722,11 @@ module.exports = app => {
                 const payInfo = await ctx.service.stagePay.getDataById(data.id);
                 if (payInfo !== undefined) {
                     const fileInfo = JSON.parse(payInfo.attachment)[data.index];
+
+                    if (fileInfo.uid !== ctx.session.sessionUser.accountId) throw '您无权删除该文件';
+
+                    if (ctx.stage.status === auditConst.status.checked && !fileInfo.renew) throw '不可删除该文件';
+
                     // 先删除文件
                     await fs.unlinkSync(path.join(this.app.baseDir, fileInfo.filepath));
                     // 再删除数据库

app/public/js/stage_pay.js

@@ -34,7 +34,7 @@ function makeAttTable(payNode) {
     let html = '';
     if (attachment !== null) {
         for (const [index, att] of attachment.entries()) {
-            const delhtml = !readOnly && uploadPermission && (parseInt(att.uid) === userID || payNode.uid === userID || (payNode.uid === -1 && userID === stage.user_id))
+            const delhtml = uploadPermission && (parseInt(att.uid) === userID) && (!stageChecked || att.renew)
                 ? '<a class="delete-att text-danger" href="javascript:void(0);" data-payid="'+ id +'" data-attindex="'+ index +'" title="删除"><i class="fa fa-remove "></i></a>'
                 : '';
             html += '<tr><td style="width: 200px">' + att.filename + att.fileext + '</td><td>' + att.username + '</td><td>' + att.in_time + '</td>' +

app/view/stage/pay.ejs

@@ -68,4 +68,5 @@
     const preContractTp = <%- (pre.contract_tp || 0) %>;
     const preQcTp = <%- (pre.qc_tp || 0) %>;
     const preGatherTp = <%- (pre.gather_tp || 0) %>;
+    const stageChecked = <%- ctx.stage.status === auditConst.status.checked %>;
 </script>