1 年之前 · fa97afbb98
--- a/app/lib/stage_im.js
+++ b/app/lib/stage_im.js
@@ -1037,7 +1037,7 @@ class StageIm {
 
				     _sortImData() {
			
 
				         const st = (['fj', 'sz'].indexOf(this.tender.info.s_type) >= 0 && [imType.zl.value, imType.bw.value].indexOf(stage.im_type) >= 0)
			
 
				             ? SortType.TZ
			
 
				-            : (stage.im_type !== imType.tz.value && stage.im_type !== imType.bb.value ? SortType.GCL : SortType.TZ);
			
 
				+            : (this.stage.im_type !== imType.tz.value && this.stage.im_type !== imType.bb.value ? SortType.GCL : SortType.TZ);
			
 
				         if (st === SortType.GCL) {
			
 
				             const helper = this.ctx.helper;
			
 
				             this.ImData.sort(function(x, y) {
			
--- a/app/middleware/budget_check.js
+++ b/app/middleware/budget_check.js
@@ -27,6 +27,8 @@ module.exports = options => {
 
				             if (!id) throw '参数错误';
			
 
				             this.budget = yield this.service.budget.getCurBudget(id);
			
 
				             if (!this.budget) throw '项目不存在';
			
 
				+            if (this.budget.pid !== this.session.sessionProject.id) throw '您无权查看该项目';
			
 
				+
			
 
				             const subProj = yield this.service.subProject.getDataByCondition({ budget_id: this.budget.id });
			
 
				             if (subProj) this.budget.name = subProj.name || '';
			
 
				             if (this.session.sessionUser.is_admin) {
			
--- a/app/middleware/payment_tender_check.js
+++ b/app/middleware/payment_tender_check.js
@@ -30,6 +30,7 @@ module.exports = options => {
 
				                 throw '当前未打开标段';
			
 
				             }
			
 
				             const tender = yield this.service.paymentTender.getDataById(this.params.id);
			
 
				+            if (tender.pid !== this.session.sessionProject.id) throw '您无权查看该项目';
			
 
				             const projectInfo = yield this.service.project.getDataById(this.session.sessionProject.id);
			
 
				             const modes = projectInfo.payment_setting ? JSON.parse(projectInfo.payment_setting) : _.cloneDeep(paymentConst.setting_modes);
			
 
				             for (const m in paymentConst.setting_modes) {
			
--- a/app/middleware/sub_project_check.js
+++ b/app/middleware/sub_project_check.js
@@ -27,6 +27,8 @@ module.exports = options => {
 
				             if (!id) throw '参数错误';
			
 
				 
			
 
				             this.subProject = yield this.service.subProject.getDataById(id);
			
 
				+            if (this.subProject.project_id !== this.session.sessionProject.id) throw '您无权查看该项目';
			
 
				+
			
 
				             if (!this.subProject) throw '项目不存在';
			
 
				 
			
 
				             if (this.session.sessionUser.is_admin) {