附件游客权限和游客权限设置

app/controller/advance_controller.js

@@ -126,7 +126,7 @@ module.exports = app => {
             if (ctx.advance.status === auditConst.status.uncheck) {
                 if (ctx.session.sessionUser.accountId !== ctx.advance.uid && !ctx.tender.isTourist) {
                     throw '无权访问';
-                } else if (ctx.session.sessionUser.accountId === ctx.advance.uid) {
+                } else if (ctx.session.sessionUser.accountId === ctx.advance.uid || ctx.tender.touristPermission.file) {
                     ctx.advance.filePermission = true;
                 }
             } else {
@@ -134,7 +134,7 @@ module.exports = app => {
                 const cur_uid = ctx.session.sessionUser.accountId;
                 if (auditors.findIndex(item => item.audit_id === cur_uid) === -1 && !ctx.tender.isTourist) {
                     throw '无权访问';
-                } else if (auditors.findIndex(item => item.audit_id === cur_uid) !== -1 || ctx.session.sessionUser.accountId === ctx.advance.uid) {
+                } else if (auditors.findIndex(item => item.audit_id === cur_uid) !== -1 || ctx.session.sessionUser.accountId === ctx.advance.uid || ctx.tender.touristPermission.file) {
                     ctx.advance.filePermission = true;
                 }
             }

app/controller/material_controller.js

@@ -883,7 +883,7 @@ module.exports = app => {
             const auditors = await ctx.service.materialAudit.getAuditorsWithOwner(ctx.material.id, ctx.material.times);
             // console.log(auditors);
 
-            if (auditors.findIndex(item => item.aid === accountId) === -1) {
+            if (auditors.findIndex(item => item.aid === accountId) === -1 && !ctx.tender.touristPermission.file) {
                 throw '该调差期当前您无权操作';
             }
             // if (!ctx.material.curAuditor) {

app/controller/stage_controller.js

@@ -774,9 +774,10 @@ module.exports = app => {
                 }
 
                 // 用户有无权限上传和删除附件
-                renderData.uploadPermission = ((ctx.stage.status === auditConst.status.uncheck || ctx.stage.status === auditConst.status.checkNo) && ctx.session.sessionUser.accountId === ctx.stage.user_id) ||
+                renderData.uploadPermission = (!(ctx.stage.readOnly || ctx.stage.revising) && ((ctx.stage.status === auditConst.status.uncheck || ctx.stage.status === auditConst.status.checkNo) && ctx.session.sessionUser.accountId === ctx.stage.user_id) ||
                     (ctx.stage.status === auditConst.status.checkNoPre && ctx.session.sessionUser.accountId === ctx.stage.curAuditor.aid) ||
-                    (ctx.stage.status === auditConst.status.checking && ctx.stage.curAuditor && ctx.stage.curAuditor.aid === ctx.session.sessionUser.accountId);
+                    (ctx.stage.status === auditConst.status.checking && ctx.stage.curAuditor && ctx.stage.curAuditor.aid === ctx.session.sessionUser.accountId)) ||
+                    (ctx.tender.isTourist && ctx.tender.touristPermission.file);
 
                 if (!ctx.stage.readOnly || ctx.tender.isTourist) {
                     // 计算 本期金额
@@ -1618,7 +1619,8 @@ module.exports = app => {
             };
             let stream;
             try {
-                this._checkStageCanModify(ctx);
+                // this._checkStageCanModify(ctx);
+                this._checkStageCanModifyRe(ctx);
 
                 const parts = ctx.multipart({ autoFields: true });
                 const files = [];
@@ -1725,7 +1727,8 @@ module.exports = app => {
                 data: '',
             };
             try {
-                this._checkStageCanModify(ctx);
+                // this._checkStageCanModify(ctx);
+                this._checkStageCanModifyRe(ctx);
 
                 const data = JSON.parse(ctx.request.body.data);
                 const payInfo = await ctx.service.stagePay.getDataById(data.id);

app/controller/tender_controller.js

@@ -455,6 +455,9 @@ module.exports = app => {
                 };
                 if (ctx.session.sessionUser.is_admin) {
                     renderData.tourists = await ctx.service.tenderTourist.getTourists(tender.id);
+                    for (const t of renderData.tourists) {
+                        t.permission = await ctx.service.tenderTourist.getTouristPermission(t);
+                    }
                     // 获取所有项目参与者
                     const accountList = await ctx.service.projectAccount.getAllDataByCondition({
                         where: { project_id: ctx.session.sessionProject.id, enable: 1 },
@@ -1012,6 +1015,9 @@ module.exports = app => {
                     case 'del':
                         await ctx.service.tenderTourist.removeAudit(data);
                         break;
+                    case 'permission':
+                        await ctx.service.tenderTourist.setPermission(data);
+                        break;
                     default:break;
                 }
                 ctx.body = { err: 0, msg: '', data: info };

app/middleware/material_check.js

@@ -80,6 +80,7 @@ module.exports = options => {
                 } else {
                     material.curOrder = material.curAuditor.order;
                 }
+                material.filePermission = this.tender.touristPermission.file;
             } else if (auditorIds.indexOf(accountId) !== -1) { // 审批人
                 if (material.status === status.uncheck) {
                     throw '您无权查看该数据';

app/public/js/change_information.js

@@ -81,7 +81,7 @@ $(document).ready(() => {
             formData.append('size', filesize);
             formData.append('file[]', file);
         }
-        if (auditList.findIndex(item => item.uid === parseInt(accountId)) === -1) {
+        if (auditList.findIndex(item => item.uid === parseInt(accountId)) === -1 && !touristPermission) {
             return toastr.error('暂无权限上传!');
         }
         postDataWithFile(window.location.pathname + '/file/upload', formData, function (data) {

app/public/js/stage_pay.js

@@ -34,7 +34,7 @@ function makeAttTable(payNode) {
     let html = '';
     if (attachment !== null) {
         for (const [index, att] of attachment.entries()) {
-            const delhtml = !readOnly && uploadPermission && (parseInt(att.uid) === userID || payNode.uid === userID || (payNode.uid === -1 && userID === stage.user_id))
+            const delhtml = uploadPermission && (parseInt(att.uid) === userID || payNode.uid === userID || (payNode.uid === -1 && userID === stage.user_id))
                 ? '<a class="delete-att text-danger" href="javascript:void(0);" data-payid="'+ id +'" data-attindex="'+ index +'" title="删除"><i class="fa fa-remove "></i></a>'
                 : '';
             html += '<tr><td style="width: 200px">' + att.filename + att.fileext + '</td><td>' + att.username + '</td><td>' + att.in_time + '</td>' +

app/service/tender_tourist.js

@@ -63,10 +63,22 @@ module.exports = app => {
 
         async getTouristPermission(info) {
             if (info && info.permission) {
-                return info.permission;
+                return JSON.parse(info.permission);
             }
             return touristPermissionConst;
         }
+
+        async setPermission(data) {
+            const transaction = await this.db.beginTransaction();
+            try {
+                await transaction.update(this.tableName, { id: data.id, permission: JSON.stringify(data.permission) });
+                await transaction.commit();
+                return true;
+            } catch (err) {
+                await transaction.rollback();
+                throw err;
+            }
+        }
     }
 
     return TenderTourist;

app/view/change/information.ejs

@@ -96,7 +96,7 @@
                             <!--所有附件 翻页-->
                             <a href="javascript: void(0);" data-toggle="modal" class="btn btn-sm btn-primary" id="bach-download"><i class="fa fa-download "></i> 批量下载</a>
                             <a href="javascript:void(0);" class="page-select ml-3" content="pre"><i class="fa fa-chevron-left"></i></a> <span id="currentPage">1</span>/<span id="totalPage">10</span> <a href="javascript:void(0);" class="page-select mr-3" content="next"><i class="fa fa-chevron-right"></i></a>
-                            <% if (auditStatus !== 8) { %>
+                            <% if (auditStatus !== 8 || (auditStatus === 8 && ctx.tender.touristPermission.file)) { %>
                             <a href="#addfujian" data-toggle="modal" class="btn btn-sm btn-light text-primary" data-placement="bottom" title="" data-original-title="上传附件"><i class="fa fa-cloud-upload" aria-hidden="true"></i> 上传附件</a>
                             <% } %>
                             <a href="" id="downloadZip" style="display: none;" download></a>
@@ -388,6 +388,7 @@
     const ledgeStatus = '<%- tender.ledger_status %>';
     const ledgerConsts = JSON.parse('<%- JSON.stringify(ledgerConsts) %>');
     const auditStatus = parseInt('<%- auditStatus %>');
+    const touristPermission = parseInt('<%- ctx.tender.touristPermission.file %>');
     const auditList = JSON.parse(unescape('<%- escape(JSON.stringify(auditList)) %>'));
     const precision = JSON.parse('<%- JSON.stringify(precision) %>');
     const whiteList = JSON.parse('<%- JSON.stringify(whiteList) %>');

app/view/material/file.ejs

@@ -13,7 +13,7 @@
           </div>
         </div>
         <div class="d-inline-block">
-          <% if (!ctx.tender.isTourist && material.filePermission) { %>
+          <% if (material.filePermission) { %>
           <a href="#addfujian" data-toggle="modal" class="btn btn-sm btn-light text-primary" data-toggle="tooltip" data-placement="bottom" title="" data-original-title="添加清单"><i class="fa fa-cloud-upload" aria-hidden="true"></i> 上传附件</a>
           <% } %>
           <a href="javascript: void(0);" data-toggle="modal" class="btn btn-sm btn-light text-primary" id="bach-download"><i class="fa fa-download "></i> 批量下载</a>

app/view/stage/index.ejs

@@ -276,7 +276,7 @@
                                     <!-- <% if (!ctx.tender.isTourist && stage.filePermission) { %>
                                     <a href="#upload" data-toggle="modal" data-target="#upload"  class="btn btn-sm btn-outline-primary ml-3">上传</a>
                                     <% } %> -->
-                                    <% if (!ctx.tender.isTourist) { %>
+                                    <% if (!ctx.tender.isTourist || (ctx.tender.isTourist && ctx.tender.touristPermission.file)) { %>
                                     <a href="#upload" data-toggle="modal" data-target="#upload"  class="btn btn-sm btn-outline-primary ml-3">上传</a>
                                     <% } %>
                                 </li>

app/view/tender/detail_modal.ejs

@@ -1693,17 +1693,34 @@
                         </dl>
                     </div>
                 </div>
-                <div class="card mt-3">
-                    <div class="card-header">
-                        游客列表
-                    </div>
-                    <div class="modal-height-300">
-                        <ul class="list-group list-group-flush" id="tourist-users">
+                <div class="mt-3">
+                    <!-- <div class="card-header">
+                      游客列表
+                    </div> -->
+                    <div class="">
+                        <table class="table table-bordered">
+                            <tr><th>用户</th><th>附件</th><th >书签</th><th>设置</th></tr>
+                            <tbody id="tourist-users">
                             <% for (const t of tourists) { %>
-                                <li class="list-group-item"  data-id="<%- t.user_id %>">
-                                    <a href="javascript:void(0);" class="text-danger pull-right remove-tourist-user" data-id="<%- t.id %>">移除</a><%- t.user_name %>  <small class="text-muted"><%- t.user_role %></small><p class="m-0 ml-2"><small class="text-muted"><%- t.user_company %></small></p></li>
+                                <tr data-id="<%- t.user_id %>">
+                                    <td><b class="col-3 pl-0"><%- t.user_name %></b></td>
+                                    <td>
+                                        <div class="custom-control custom-checkbox mb-2">
+                                            <input type="checkbox" id="<%- t.id %>_file" data-id="<%- t.id %>" name="file" class="custom-control-input set-tourist-permission" <% if(t.permission.file) { %>checked<% } %>>
+                                            <label class="custom-control-label" for="<%- t.id %>_file"></label>
+                                        </div>
+                                    </td>
+                                    <td>
+                                        <div class="custom-control custom-checkbox mb-2">
+                                            <input type="checkbox" id="<%- t.id %>_tag" data-id="<%- t.id %>" name="tag" class="custom-control-input set-tourist-permission" <% if(t.permission.tag) { %>checked<% } %>>
+                                            <label class="custom-control-label" for="<%- t.id %>_tag"></label>
+                                        </div>
+                                    </td>
+                                    <td><a href="javascript:void(0);" data-id="<%- t.id %>" class="text-danger remove-tourist-user">移除</a></td>
+                                </tr>
                             <% } %>
-                        </ul>
+                            </tbody>
+                        </table>
                     </div>
                 </div>
             </div>
@@ -1842,8 +1859,8 @@
                     return item.id === id;
                 });
                 const saIdList = [];
-                for (let i = 0; i < $('#tourist-users li').length; i++) {
-                    saIdList.push(parseInt($('#tourist-users li').eq(i).data('id')));
+                for (let i = 0; i < $('#tourist-users tr').length; i++) {
+                    saIdList.push(parseInt($('#tourist-users tr').eq(i).data('id')));
                 }
                 if (_.includes(saIdList, id)) {
                     toastr.error('该用户已存在列表中，无需重复添加');
@@ -1855,12 +1872,28 @@
                     type: 'add',
                 };
                 postData('/tender/' + cur_tenderid + '/tourist/audit/save', prop, function (data) {
-                    const html = '<li class="list-group-item"  data-id="' + user.id + '">\n' +
-                        '<a href="javascript:void(0);" class="text-danger pull-right remove-tourist-user" data-id="' + data.id + '">移除</a>' + user.name + '  ' +
-                        '<small class="text-muted">' + user.role + '</small><p class="m-0 ml-2"><small class="text-muted">' + user.company + '</small></p></li>';
+                    // const html = '<li class="list-group-item"  data-id="' + user.id + '">\n' +
+                    //     '<a href="javascript:void(0);" class="text-danger pull-right remove-tourist-user" data-id="' + data.id + '">移除</a>' + user.name + '  ' +
+                    //     '<small class="text-muted">' + user.role + '</small><p class="m-0 ml-2"><small class="text-muted">' + user.company + '</small></p></li>';
+                    const html = '<tr data-id="' + user.id + '">\n' +
+                        '                                    <td><b class="col-3 pl-0">' + user.name + '</b></td>\n' +
+                        '                                    <td>\n' +
+                        '                                        <div class="custom-control custom-checkbox mb-2">\n' +
+                        '                                            <input type="checkbox" id="'+ data.id +'_file" data-id="'+ data.id +'" name="file" class="custom-control-input set-tourist-permission">\n' +
+                        '                                            <label class="custom-control-label" for="'+ data.id +'_file"></label>\n' +
+                        '                                        </div>\n' +
+                        '                                    </td>\n' +
+                        '                                    <td>\n' +
+                        '                                        <div class="custom-control custom-checkbox mb-2">\n' +
+                        '                                            <input type="checkbox" id="'+ data.id +'_tag" data-id="'+ data.id +'" name="tag" class="custom-control-input set-tourist-permission">\n' +
+                        '                                            <label class="custom-control-label" for="'+ data.id +'_tag"></label>\n' +
+                        '                                        </div>\n' +
+                        '                                    </td>\n' +
+                        '                                    <td><a href="javascript:void(0);" data-id="' + data.id + '" class="text-danger remove-tourist-user">移除</a></td>\n' +
+                        '                                </tr>';
                     $('#tourist-users').append(html);
                     // 外面显示游客数量
-                    const num = $('#tourist-users li').length;
+                    const num = $('#tourist-users tr').length;
                     if (!$('#tourist-num').hasClass('badge')) {
                         $('#tourist-num').addClass('badge badge-secondary').text(num);
                     } else {
@@ -1880,9 +1913,9 @@
                 };
                 const _self = $(this);
                 postData('/tender/' + cur_tenderid + '/tourist/audit/save', prop, function (data) {
-                    _self.parents('li').remove();
+                    _self.parents('tr').remove();
                     // 外面显示游客数量
-                    const num = $('#tourist-users li').length;
+                    const num = $('#tourist-users tr').length;
                     if (num == 0) {
                         $('#tourist-num').removeClass('badge badge-secondary').text('');
                     } else {
@@ -1891,6 +1924,23 @@
                 });
             }
         });
+
+        // 权限设置
+        $('body').on('click', '#tourist-users .set-tourist-permission', function () {
+            const id = parseInt($(this).data('id'));
+            const permission = {
+                file: ($(this).attr('name') === 'file' ? $(this).is(':checked') : $('#' + id + '_file').is(':checked')) ? 1 : 0,
+                tag: ($(this).attr('name') === 'tag' ? $(this).is(':checked') : $('#' + id + '_tag').is(':checked')) ? 1 : 0,
+            }
+            const prop = {
+                id,
+                type: 'permission',
+                permission,
+            }
+            console.log(prop);
+            postData('/tender/' + cur_tenderid + '/tourist/audit/save', prop, function (data) {
+            });
+        });
     });
 </script>
 <% } %>