游客可添加书签v2

app/controller/tender_controller.js

@@ -1045,12 +1045,13 @@ module.exports = app => {
 
         async billsTag(ctx) {
             try {
+                const isValidTourist = ctx.tender.isTourist && ctx.tender.touristPermission.tag;
                 if (ctx.stage) {
-                    if (ctx.stage.users.indexOf(this.ctx.session.sessionUser.accountId) < 0 && !ctx.tender.isTourist)
-                        throw '您无权进行该操作';
+                    const isAuditor = ctx.stage.users.indexOf(this.ctx.session.sessionUser.accountId) >= 0;
+                    if (!isAuditor && !isValidTourist) throw '您无权进行该操作';
                 } else {
-                    if (ctx.tender.ledgerUsers.indexOf(this.ctx.session.sessionUser.accountId) < 0 && !ctx.tender.isTourist)
-                        throw '您无权进行该操作';
+                    const isAuditor = ctx.tender.ledgerUsers.indexOf(this.ctx.session.sessionUser.accountId) >= 0;
+                    if (!isAuditor && !isValidTourist) throw '您无权进行该操作';
                 }
                 const data = JSON.parse(ctx.request.body.data);
                 const result = await ctx.service.ledgerTag.update(data);