关联标段鉴权

app/controller/sub_proj_controller.js

@@ -139,6 +139,8 @@ module.exports = app => {
             try {
                 const data = JSON.parse(ctx.request.body.data);
                 if (!data.id || !data.rela_tender) throw '参数有误';
+                const permission = await ctx.service.subProjPermission.getSubProjectUserPermission(data.id, ctx.session.sessionUser.accountId);
+                if (!permission || permission.manage_permission.indexOf(ctx.service.subProjPermission.PermissionConst.manage.rela.value) < 0) throw '您无权进行该操作';
                 const result = await ctx.service.subProject.setRelaTender({ id: data.id, rela_tender: data.rela_tender });
                 ctx.body = { err: 0, msg: '', data: { update: [result] } };
             } catch(err) {