sub_proj_permission.js 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531
  1. 'use strict';
  2. /**
  3. *
  4. *
  5. * @author Mai
  6. * @date
  7. * @version
  8. */
  9. module.exports = app => {
  10. class subProjPermission extends app.BaseService {
  11. /**
  12. * 构造函数
  13. *
  14. * @param {Object} ctx - egg全局变量
  15. * @param {String} tableName - 表名
  16. * @return {void}
  17. */
  18. constructor(ctx) {
  19. super(ctx);
  20. this.tableName = 'sub_project_permission';
  21. this._definePermission();
  22. }
  23. _definePermission() {
  24. this.PermissionConst = {
  25. budget: {
  26. view: { title: '查看', value: 1 },
  27. edit: { title: '编辑', value: 2 },
  28. },
  29. file: {
  30. view: { title: '查看', value: 1 },
  31. upload: { title: '上传/引用', value: 2 },
  32. delete: { title: '删除文件', value: 4 },
  33. filing: { title: '文件类别编辑', value: 3 },
  34. },
  35. manage: {
  36. rela: { title: '关联标段', value: 1 },
  37. },
  38. info: {
  39. view: { title: '查看', value: 1},
  40. edit: { title: '编辑', value: 2 },
  41. },
  42. datacollect: {
  43. view: { title: '查看', value: 1},
  44. },
  45. contract: {
  46. edit: { title: '编辑节点', value: 1 },
  47. add: { title: '添加合同', value: 2 },
  48. node: { title: '授权查看本节点合同', value: 3 },
  49. unit: { title: '授权查看本单位合同', value: 4 },
  50. view: { title: '查看所有合同', value: 5 },
  51. },
  52. fund_trans: {
  53. view: { title: '查看', value: 1 },
  54. add: { title: '新建划拨', value: 2 },
  55. att: { title: '上传附件', value: 3 },
  56. },
  57. fund_pay: {
  58. view: { title: '查看', value: 1 },
  59. att: { title: '上传附件', value: 3 },
  60. },
  61. payment: {
  62. view: { title: '查看', value: 1 },
  63. admin: { title: '模块管理员', value: 2 },
  64. view_all: { title: '查看所有标段', value: 3 },
  65. }
  66. };
  67. this.PermissionBlock = [
  68. { key: 'datacollect', name: '决策大屏', field: 'datacollect_permission' },
  69. { key: 'info', name: '项目概况', field: 'info_permission' },
  70. { key: 'contract', name: '合同管理', field: 'contract_permission', hint: ['1、编辑节点:编辑合同管理内页树结构',
  71. '2、添加合同:允许添加合同',
  72. '3、授权查看本节点合同:授权节点下查看所有人上传的合同',
  73. '4、授权查看本单位合同:授权节点下查看本单位人员添加的所有合同',
  74. '5、查看所有合同:查看所有合同,包括其他单位人员添加的合同',
  75. '注:查看合同第3、4、5必须选择其一,否则无法查看本项目合同管理',
  76. ] },
  77. { key: 'file', name: '资料归集', field: 'file_permission' },
  78. { key: 'budget', name: '动态投资', field: 'budget_permission' },
  79. {
  80. key: 'financial', name: '资金监管', children: [
  81. { key: 'fund_trans', name: '资金划拨', field: 'fund_trans_permission' },
  82. { key: 'fund_pay', name: '资金支付', field: 'fund_pay_permission' },
  83. ]
  84. },
  85. { key: 'payment', name: '支付审批', field: 'payment_permission' },
  86. ];
  87. for (const p of this.PermissionBlock) {
  88. if (p.children) {
  89. for (const c of p.children) {
  90. c.permission = [];
  91. const pConst = this.PermissionConst[c.key];
  92. if (!pConst) continue;
  93. for (const prop in pConst) {
  94. c.permission.push({ key: prop, ...pConst[prop]});
  95. }
  96. }
  97. } else {
  98. p.permission = [];
  99. const pConst = this.PermissionConst[p.key];
  100. if (!pConst) continue;
  101. for (const prop in pConst) {
  102. p.permission.push({ key: prop, ...pConst[prop]});
  103. }
  104. }
  105. }
  106. }
  107. getRelaPermissionBlock(key) {
  108. for (const p of this.PermissionBlock) {
  109. if (p.key === key) return p;
  110. if (p.children) {
  111. for (const c of p.children) {
  112. if (c.key === key) return c;
  113. }
  114. }
  115. }
  116. }
  117. get adminPermission () {
  118. return {
  119. budget_permission: this.ctx.helper.mapAllSubField(this.PermissionConst.budget, 'value'),
  120. file_permission: this.ctx.helper.mapAllSubField(this.PermissionConst.file, 'value'),
  121. manage_permission: this.ctx.helper.mapAllSubField(this.PermissionConst.manage, 'value'),
  122. filing_type: 'all',
  123. info_permission: this.ctx.helper.mapAllSubField(this.PermissionConst.info, 'value'),
  124. datacollect_permission: this.ctx.helper.mapAllSubField(this.PermissionConst.datacollect, 'value'),
  125. contract_permission: this.ctx.helper.mapAllSubField(this.PermissionConst.contract, 'value'),
  126. fund_pay_permission: this.ctx.helper.mapAllSubField(this.PermissionConst.fund_pay, 'value'),
  127. fund_trans_permission: this.ctx.helper.mapAllSubField(this.PermissionConst.fund_trans, 'value'),
  128. payment_permission: this.ctx.helper.mapAllSubField(this.PermissionConst.payment, 'value'),
  129. }
  130. }
  131. async showSubTab(uid, type) {
  132. const sql = `SELECT count(*) as count FROM ${this.tableName} WHERE ${type}_permission <> '' AND uid = ?`;
  133. const result = await this.db.queryOne(sql, [uid]);
  134. return result.count;
  135. }
  136. async showBudget(uid) {
  137. return await this.showSubTab(uid, 'budget');
  138. }
  139. async showFile(uid) {
  140. return await this.showSubTab(uid, 'file');
  141. }
  142. async showPayment(uid) {
  143. return await this.showSubTab(uid, 'payment');
  144. }
  145. parsePermission(data) {
  146. const _ = this.ctx.helper._;
  147. const datas = data instanceof Array ? data : [data];
  148. datas.forEach(x => {
  149. x.budget_permission = x.budget_permission ? _.map(x.budget_permission.split(','), _.toInteger) : [];
  150. x.file_permission = x.file_permission ? _.map(x.file_permission.split(','), _.toInteger) : [];
  151. x.manage_permission = x.manage_permission ? _.map(x.manage_permission.split(','), _.toInteger) : [];
  152. x.info_permission = x.info_permission ? _.map(x.info_permission.split(','), _.toInteger) : [];
  153. x.datacollect_permission = x.datacollect_permission ? _.map(x.datacollect_permission.split(','), _.toInteger) : [];
  154. x.contract_permission = x.contract_permission ? _.map(x.contract_permission.split(','), _.toInteger) : [];
  155. x.fund_pay_permission = x.fund_pay_permission ? _.map(x.fund_pay_permission.split(','), _.toInteger) : [];
  156. x.fund_trans_permission = x.fund_trans_permission ? _.map(x.fund_trans_permission.split(','), _.toInteger) : [];
  157. x.filing_type = x.filing_type ? _.map(x.filing_type.split(','), _.toInteger): [];
  158. x.payment_permission = x.payment_permission ? _.map(x.payment_permission.split(','), _.toInteger) : [];
  159. });
  160. }
  161. async getPermission(subProjectId) {
  162. const result = await this.db.query(`SELECT spp.*, p.name, p.role
  163. FROM ${this.tableName} spp LEFT JOIN ${this.ctx.service.projectAccount.tableName} p
  164. On spp.uid = p.id WHERE spp.spid = ?`, [subProjectId]);
  165. this.parsePermission(result);
  166. return result;
  167. }
  168. async getBudgetPermission(subProjectId) {
  169. const result = await this.db.query(`SELECT spp.*, p.name, p.role
  170. FROM ${this.tableName} spp LEFT JOIN ${this.ctx.service.projectAccount.tableName} p
  171. On spp.uid = p.id WHERE spp.spid = ? and budget_permission <> ''`, [subProjectId]);
  172. this.parsePermission(result);
  173. return result;
  174. }
  175. async getUserPermission(pid, uid) {
  176. const result = await this.getAllDataByCondition({
  177. where: { uid: this.ctx.session.sessionUser.accountId, pid: this.ctx.session.sessionProject.id }
  178. });
  179. this.parsePermission(result);
  180. return result;
  181. }
  182. async getBudgetUserPermission(bid) {
  183. const subProj = await this.service.subProject.getDataByCondition({ budget_id: bid });
  184. const result = await this.getDataByCondition({ spid: subProj.id, uid: this.ctx.session.sessionUser.accountId });
  185. if (result) this.parsePermission(result);
  186. return result;
  187. }
  188. async getSubProjectUserPermission(spid, uid) {
  189. const result = await this.getDataByCondition({ spid, uid });
  190. if (result) this.parsePermission(result);
  191. return result;
  192. };
  193. async savePermission(subProjectId, member) {
  194. const orgMember = await this.getAllDataByCondition({ where: { spid: subProjectId } });
  195. const dm = [], um = [], im = [];
  196. for (const om of orgMember) {
  197. const nm = member.find(x => { return om.uid === x.uid; });
  198. if (!nm) {
  199. dm.push(om.id);
  200. } else {
  201. um.push({
  202. id: om.id, budget_permission: nm.budget_permission.join(','),
  203. file_permission: nm.file_permission.join(','),
  204. manage_permission: nm.manage_permission.join(',')
  205. });
  206. member.splice(member.indexOf(nm), 1);
  207. }
  208. }
  209. for (const m of member) {
  210. im.push({
  211. id: this.uuid.v4(),
  212. spid: subProjectId, pid: this.ctx.session.sessionProject.id, uid: m.uid,
  213. budget_permission: m.budget_permission.join(','),
  214. file_permission: m.file_permission.join(','),
  215. manage_permission: m.manage_permission.join(',')
  216. });
  217. }
  218. const conn = await this.db.beginTransaction();
  219. try {
  220. if (dm.length > 0) await conn.delete(this.tableName, { id: dm });
  221. if (um.length > 0) await conn.updateRows(this.tableName, um);
  222. if (im.length > 0) await conn.insert(this.tableName, im);
  223. await conn.commit();
  224. } catch (err) {
  225. await conn.rollback();
  226. throw err;
  227. }
  228. }
  229. async _addUser(subProject, data) {
  230. const ids = data instanceof Array ? data : [data];
  231. const exists = await this.getAllDataByCondition({ where: { spid: subProject.id, uid: ids } });
  232. if (exists.length > 0) throw '请勿重复选择账号';
  233. const insertData = ids.map(x => {
  234. return { id: this.uuid.v4(), spid: subProject.id, pid: subProject.project_id, uid: x };
  235. });
  236. await this.db.insert(this.tableName, insertData);
  237. return insertData;
  238. }
  239. async _delUser(subProject, data) {
  240. const ids = data instanceof Array ? data : [data];
  241. const permissions = await this.getAllDataByCondition({ where: { spid: subProject.id, uid: ids } });
  242. await this.db.delete(this.tableName, { id: permissions.map(x => { return x.id; }) });
  243. return data;
  244. }
  245. async _updateUserPermission(data) {
  246. const datas = data instanceof Array ? data : [data];
  247. const updateData = [];
  248. // const contractData = [];
  249. for (const x of datas) {
  250. const ud = { id: x.id };
  251. for (const p of this.PermissionBlock) {
  252. if (p.children) {
  253. for (const c of p.children) {
  254. if (x[c.field] !== undefined) ud[c.field] = x[c.field] || '';
  255. }
  256. } else {
  257. if (x[p.field] !== undefined) ud[p.field] = x[p.field] || '';
  258. // if (p.field === 'contract_permission') {
  259. // const spAudit = await this.getDataById(x.id);
  260. // if (spAudit) {
  261. // const contractAudit = await this.ctx.service.contractAudit.getDataByCondition({ spid: spAudit.spid, uid: spAudit.uid });
  262. // const contractPermission = x.contract_permission ? this._.map(x.contract_permission.split(','), this._.toInteger) : [];
  263. // const newContractPermission = contractPermission.length > 0 ? await this.getContractPermission(contractPermission) : [];
  264. // console.log(newContractPermission, contractAudit);
  265. // if (!contractAudit && contractPermission.length === 0) continue;
  266. // if (contractAudit) {
  267. // if (contractPermission.length === 0 || this._.intersection([3,4,5], contractPermission).length === 0) {
  268. // contractData.push({ delete: { id: contractAudit.id }});
  269. // } else if (contractAudit.permission_add !== newContractPermission.permission_add ||
  270. // contractAudit.permission_edit !== newContractPermission.permission_edit ||
  271. // contractAudit.permission_show_unit !== newContractPermission.permission_show_unit ||
  272. // contractAudit.permission_show_node !== newContractPermission.permission_show_node) {
  273. // contractData.push({ update: { id: contractAudit.id,
  274. // permission_add: newContractPermission.permission_add,
  275. // permission_edit: newContractPermission.permission_edit,
  276. // permission_show_unit: newContractPermission.permission_show_unit,
  277. // permission_show_node: newContractPermission.permission_show_node,
  278. // }});
  279. // }
  280. // } else if (!contractAudit && contractPermission.length > 0) {
  281. // contractData.push({ add: {
  282. // spid: spAudit.spid,
  283. // tid: null,
  284. // uid: spAudit.uid,
  285. // permission_add: newContractPermission.permission_add,
  286. // permission_edit: newContractPermission.permission_edit,
  287. // permission_show_unit: newContractPermission.permission_show_unit,
  288. // permission_show_node: newContractPermission.permission_show_node,
  289. // create_time: new Date(),
  290. // }});
  291. // }
  292. // }
  293. // }
  294. }
  295. }
  296. updateData.push(ud);
  297. }
  298. const conn = await this.db.beginTransaction();
  299. try {
  300. // if (contractData.length > 0) {
  301. // for (const d of contractData) {
  302. // if (d.add) {
  303. // await conn.insert(this.ctx.service.contractAudit.tableName, d.add);
  304. // } else if (d.update) {
  305. // await conn.update(this.ctx.service.contractAudit.tableName, d.update);
  306. // } else if (d.delete) {
  307. // await conn.delete(this.ctx.service.contractAudit.tableName, d.delete);
  308. // }
  309. // }
  310. // }
  311. await conn.updateRows(this.tableName, updateData);
  312. await conn.commit();
  313. } catch(err) {
  314. await conn.rollback();
  315. throw err;
  316. }
  317. return updateData;
  318. }
  319. async updatePermission(subProject, data) {
  320. const result = {};
  321. if (data.add) result.add = await this._addUser(subProject, data.add);
  322. if (data.del) result.del = await this._delUser(subProject, data.del);
  323. if (data.update) result.update = await this._updateUserPermission(data.update);
  324. return result;
  325. }
  326. async getFilingType(subProjectId) {
  327. const permissionConst = {}, prefix = 'f';
  328. for (const p in this.PermissionConst.file) {
  329. const fp = this.PermissionConst.file[p];
  330. permissionConst[prefix + fp.value] = fp.title;
  331. }
  332. const result = await this.db.query(`SELECT spp.id, p.name, p.role, p.company, p.mobile, spp.file_permission, spp.filing_type, spp.create_time
  333. FROM ${this.tableName} spp LEFT JOIN ${this.ctx.service.projectAccount.tableName} p
  334. On spp.uid = p.id WHERE spp.spid = ? and file_permission <> ''`, [subProjectId]);
  335. result.forEach(x => {
  336. const filePermission = x.file_permission.split(',');
  337. x.file_permission = filePermission.map(x => {
  338. return permissionConst[prefix + x] || '';
  339. }).join(',');
  340. });
  341. return result;
  342. }
  343. // 资料归集,授权固定分类
  344. async saveFilingType(data) {
  345. const updateData = [];
  346. data.forEach(x => {
  347. updateData.push({ id: x.id, filing_type: x.filing_type });
  348. });
  349. if (updateData.length > 0) await this.db.updateRows(this.tableName, updateData);
  350. }
  351. checkViewPermission(ctx) {
  352. const permissionBlock = ctx.service.subProjPermission.PermissionBlock.find(x => { return x.key === ctx.controllerName; });
  353. if (!permissionBlock) return true;
  354. if (permissionBlock.children) {
  355. let canView = false;
  356. for (const c of permissionBlock.children) {
  357. const viewPermission = c.permission.find(x => { return x.key === 'view'; });
  358. if (!viewPermission || ctx.subProject.permission[c.field].indexOf(viewPermission.value) >= 0) canView = true;
  359. }
  360. return canView;
  361. } else if (ctx.controllerName === 'contract') {
  362. if (ctx.url.indexOf('contract/tender') >= 0) return true;
  363. const contractViewPermission = this._.map(permissionBlock.permission.filter(x => { return ['view', 'unit', 'node'].indexOf(x.key) >= 0; }), 'value');
  364. if (!contractViewPermission) return true;
  365. return this._.intersection(ctx.subProject.permission[permissionBlock.field], contractViewPermission).length > 0;
  366. } else {
  367. const viewPermission = permissionBlock.permission.find(x => { return x.key === 'view'; });
  368. if (!viewPermission) return true;
  369. return ctx.subProject.permission[permissionBlock.field].indexOf(viewPermission.value) >= 0;
  370. }
  371. };
  372. async getContractAuditList(spid, uid = null) {
  373. const uidSql = uid ? 'AND uid in (' + uid.join(',') + ')' : '';
  374. const sql = `SELECT * FROM ?? WHERE spid = ? AND contract_permission <> ''` + uidSql;
  375. const sqlParams = [this.tableName, spid];
  376. const result = await this.db.query(sql, sqlParams);
  377. const list = [];
  378. for (const r of result) {
  379. const permission = await this.getContractPermission(this._.map(r.contract_permission.split(','), this._.toInteger));
  380. list.push({
  381. id: r.id,
  382. spid: r.spid,
  383. tid: null,
  384. uid: r.uid,
  385. permission_add: permission.permission_add,
  386. permission_edit: permission.permission_edit,
  387. permission_show_node: permission.permission_show_node,
  388. permission_show_unit: permission.permission_show_unit,
  389. });
  390. }
  391. return list;
  392. }
  393. async getNewContractPermission(permission, newContractPermission) {
  394. const oldPermission = await this.getContractPermission(this._.map(permission.split(','), this._.toInteger));
  395. if (newContractPermission.permission_add !== undefined) {
  396. oldPermission.permission_add = newContractPermission.permission_add;
  397. }
  398. if (newContractPermission.permission_edit !== undefined) {
  399. oldPermission.permission_edit = newContractPermission.permission_edit;
  400. }
  401. if (newContractPermission.permission_show_node !== undefined) {
  402. oldPermission.permission_show_node = newContractPermission.permission_show_node;
  403. }
  404. if (newContractPermission.permission_show_unit !== undefined) {
  405. oldPermission.permission_show_unit = newContractPermission.permission_show_unit;
  406. }
  407. const permissionArr = [];
  408. if (oldPermission.permission_edit) permissionArr.push(1);
  409. if (oldPermission.permission_add) permissionArr.push(2);
  410. if (oldPermission.permission_show_node) permissionArr.push(3);
  411. if (oldPermission.permission_show_unit) permissionArr.push(4);
  412. if (!oldPermission.permission_show_unit && !oldPermission.permission_show_node) permissionArr.push(5);
  413. return permissionArr.join(',');
  414. }
  415. async getContractPermission(cp) {
  416. const permission = {
  417. permission_edit: cp.indexOf(1) !== -1 ? 1: 0,
  418. permission_add: cp.indexOf(2) !== -1 ? 1: 0,
  419. permission_show_node: cp.indexOf(3) !== -1 ? 1: 0,
  420. permission_show_unit: cp.indexOf(4) !== -1 ? 1: 0,
  421. };
  422. return permission;
  423. }
  424. async getFinancailPermission(trans_permission, pay_permission) {
  425. const permission = {
  426. transfer_show: trans_permission.indexOf(1) !== -1,
  427. transfer_add: trans_permission.indexOf(2) !== -1,
  428. transfer_file: trans_permission.indexOf(3) !== -1,
  429. pay_show: pay_permission.indexOf(1) !== -1,
  430. pay_file: pay_permission.indexOf(3) !== -1,
  431. };
  432. return permission;
  433. }
  434. async getPaymentAuditList(spid, uid = null) {
  435. const uidSql = uid ? 'AND uid in (' + uid.join(',') + ')' : '';
  436. const sql = `SELECT * FROM ?? WHERE spid = ? AND payment_permission <> ''` + uidSql;
  437. const sqlParams = [this.tableName, spid];
  438. const result = await this.db.query(sql, sqlParams);
  439. const list = [];
  440. for (const r of result) {
  441. const permission = await this.getPaymentPermission(this._.map(r.payment_permission.split(','), this._.toInteger));
  442. const accountInfo = await this.ctx.service.projectAccount.getDataById(r.uid);
  443. list.push({
  444. id: r.id,
  445. name: accountInfo.name,
  446. company: accountInfo.company,
  447. uid: r.uid,
  448. permission_json: permission,
  449. });
  450. }
  451. return list;
  452. }
  453. async getPaymentPermission(pp) {
  454. if (!pp || pp.length === 0) return false;
  455. const permission = {
  456. admin: pp.indexOf(2) !== -1,
  457. view_all: pp.indexOf(3) !== -1,
  458. };
  459. return permission;
  460. }
  461. async savePaymentPermissionAudits(spid, uids, operation = 'add', transaction= null) {
  462. const updateArr = [];
  463. const spAudits = await this.getAllDataByCondition({ where: { spid: spid, uid: uids } });
  464. for (const a of spAudits) {
  465. if (operation === 'add' && a.payment_permission !== '') continue;
  466. updateArr.push({
  467. id: a.id,
  468. payment_permission: operation === 'add' ? '1' : (operation === 'del' ? '' : a.payment_permission),
  469. });
  470. }
  471. if (updateArr.length > 0) transaction ? await transaction.updateRows(this.tableName, updateArr) : await this.db.updateRows(this.tableName, updateArr);
  472. }
  473. async updateOnePaymentPermission(spid, updateData) {
  474. if (!updateData.uid || !updateData.permission_json) {
  475. return false;
  476. }
  477. const spAudit = await this.getDataByCondition({ spid: spid, uid: updateData.uid });
  478. if (spAudit) {
  479. const newPermission = await this.getNewPaymentPermission(spAudit.payment_permission, updateData.permission_json);
  480. return await this.db.update(this.tableName, { id: spAudit.id, payment_permission: newPermission });
  481. }
  482. return false;
  483. }
  484. async getNewPaymentPermission(permission, newPermission) {
  485. const oldPermission = await this.getPaymentPermission(this._.map(permission.split(','), this._.toInteger));
  486. if (newPermission.admin !== undefined) {
  487. oldPermission.admin = newPermission.admin;
  488. }
  489. if (newPermission.view_all !== undefined) {
  490. oldPermission.view_all = newPermission.view_all;
  491. }
  492. const permissionArr = [1];
  493. if (oldPermission.admin) permissionArr.push(2);
  494. if (oldPermission.view_all) permissionArr.push(3);
  495. return permissionArr.join(',');
  496. }
  497. }
  498. return subProjPermission;
  499. };