安全巡检查看所有权限

app/middleware/safe_inspection_check.js

@@ -43,6 +43,8 @@ module.exports = options => {
             const permission = this.session.sessionUser.permission;
             if (accountId === inspection.uid) { // 原报
                 inspection.filePermission = true;
+            } else if (this.permission.safe_inspection.view_all) {
+                inspection.filePermission = true;
             } else if (auditorIds.indexOf(accountId) !== -1) { // 审批人
                 if (inspection.status === status.uncheck) {
                     throw '您无权查看该数据';

app/service/safe_inspection.js

@@ -158,7 +158,7 @@ module.exports = app => {
         async getListByStatus(tid, status, hadlimit = 0, sortBy = '', orderBy = '') {
             let sql = '';
             let sqlParam = '';
-            if ((this.ctx.tender.isTourist || this.ctx.session.sessionUser.is_admin) && status === 0) {
+            if ((this.ctx.tender.isTourist || this.ctx.session.sessionUser.is_admin || this.ctx.permission.safe_inspection.view_all) && status === 0) {
                 sql = 'SELECT a.* FROM ?? As a WHERE a.tid = ?';
                 sqlParam = [this.tableName, tid];
             } else {
@@ -198,7 +198,7 @@ module.exports = app => {
                         sql =
                             'SELECT a.* FROM ?? AS a WHERE ' +
                             '(a.status = ? OR a.status = ?) AND a.tid = ?' +
-                            (this.ctx.session.sessionUser.is_admin ? '' : ' AND a.id IN (SELECT b.qiid FROM ?? AS b WHERE b.aid = ? GROUP BY b.qiid)');
+                            (this.ctx.session.sessionUser.is_admin || this.ctx.permission.safe_inspection.view_all ? '' : ' AND a.id IN (SELECT b.qiid FROM ?? AS b WHERE b.aid = ? GROUP BY b.qiid)');
                         sqlParam = [this.tableName, status, auditConst.status.checkNoPre, tid, this.ctx.service.safeInspectionAudit.tableName, this.ctx.session.sessionUser.accountId];
                         break;
                     case auditConst.filter.status.rectification: // 整改中（所有的）
@@ -206,7 +206,7 @@ module.exports = app => {
                         sql =
                             'SELECT a.* FROM ?? AS a WHERE ' +
                             'a.status = ? AND a.tid = ?' +
-                            (this.ctx.session.sessionUser.is_admin ? '' : ' AND a.id IN (SELECT b.qiid FROM ?? AS b WHERE b.aid = ? GROUP BY b.qiid)');
+                            (this.ctx.session.sessionUser.is_admin || this.ctx.permission.safe_inspection.view_all ? '' : ' AND a.id IN (SELECT b.qiid FROM ?? AS b WHERE b.aid = ? GROUP BY b.qiid)');
                         sqlParam = [this.tableName, status, tid, this.ctx.service.safeInspectionAudit.tableName, this.ctx.session.sessionUser.accountId];
                         break;
                     case auditConst.filter.status.checked: // 已完成（所有的）
@@ -243,7 +243,7 @@ module.exports = app => {
          * @return {void}
          */
         async getCountByStatus(tid, status = 0) {
-            if ((this.ctx.tender.isTourist || this.ctx.session.sessionUser.is_admin) && status === 0) {
+            if ((this.ctx.tender.isTourist || this.ctx.session.sessionUser.is_admin || this.ctx.permission.safe_inspection.view_all) && status === 0) {
                 const sql5 = 'SELECT count(*) AS count FROM ?? AS a WHERE a.tid = ?';
                 const sqlParam5 = [this.tableName, tid];
                 const result5 = await this.db.query(sql5, sqlParam5);
@@ -287,7 +287,7 @@ module.exports = app => {
                     const sql7 =
                         'SELECT count(*) AS count FROM ?? as a WHERE ' +
                         '(a.status = ? OR a.status = ?) AND a.tid = ?' +
-                        (this.ctx.session.sessionUser.is_admin ? '' : ' AND a.id IN (SELECT b.qiid FROM ?? AS b WHERE b.aid = ? GROUP BY b.qiid)');
+                        (this.ctx.session.sessionUser.is_admin || this.ctx.permission.safe_inspection.view_all ? '' : ' AND a.id IN (SELECT b.qiid FROM ?? AS b WHERE b.aid = ? GROUP BY b.qiid)');
                     const sqlParam7 = [this.tableName, status, auditConst.status.checkNoPre, tid, this.ctx.service.safeInspectionAudit.tableName, this.ctx.session.sessionUser.accountId];
                     const result7 = await this.db.query(sql7, sqlParam7);
                     return result7[0].count;
@@ -296,7 +296,7 @@ module.exports = app => {
                     const sql3 =
                         'SELECT count(*) AS count FROM ?? as a WHERE ' +
                         'a.status = ? AND a.tid = ?' +
-                        (this.ctx.session.sessionUser.is_admin ? '' : ' AND a.id IN (SELECT b.qiid FROM ?? AS b WHERE b.aid = ? GROUP BY b.qiid)');
+                        (this.ctx.session.sessionUser.is_admin || this.ctx.permission.safe_inspection.view_all ? '' : ' AND a.id IN (SELECT b.qiid FROM ?? AS b WHERE b.aid = ? GROUP BY b.qiid)');
                     const sqlParam3 = [this.tableName, status, tid, this.ctx.service.safeInspectionAudit.tableName, this.ctx.session.sessionUser.accountId];
                     const result3 = await this.db.query(sql3, sqlParam3);
                     return result3[0].count;

app/view/safe/inspection.ejs

@@ -73,7 +73,7 @@
                     </thead>
                     <tbody id="changeList">
                     <% for (const c of inspectionList) { %>
-                        <tr><td><a href="/sp/<%- ctx.subProject.id %>/quality/tender/<%- ctx.tender.id %>/inspection/<%- c.id %>/information"><%- c.code %></a></td><td></td>
+                        <tr><td><a href="/sp/<%- ctx.subProject.id %>/safe/tender/<%- ctx.tender.id %>/inspection/<%- c.id %>/information"><%- c.code %></a></td><td></td>
                             <td><%- c.check_item %></td>
                             <td><%- c.check_situation %></td>
                             <td><%- c.action %></td>