change_apply_check.js 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
  1. 'use strict';
  2. /**
  3. *
  4. *
  5. * @author Ellisran
  6. * @date 2020/10/15
  7. * @version
  8. */
  9. const status = require('../const/audit').changeApply.status;
  10. const _ = require('lodash');
  11. module.exports = options => {
  12. /**
  13. * 标段校验 中间件
  14. * 1. 读取标段数据(包括属性)
  15. * 2. 检验用户是否可见标段(不校验具体权限)
  16. *
  17. * @param {function} next - 中间件继续执行的方法
  18. * @return {void}
  19. */
  20. return function* changeApplyCheck(next) {
  21. try {
  22. // 获取revise
  23. if (!this.subProject.page_show.openChangeApply) {
  24. throw '该功能已关闭';
  25. }
  26. const caid = this.params.caid || this.request.body.caid;
  27. if (!caid) {
  28. throw '您访问的变更申请不存在';
  29. }
  30. const change = yield this.service.changeApply.getDataById(caid);
  31. if (!change) throw '变更申请数据有误';
  32. // 读取原报、审核人数据
  33. yield this.service.changeApply.loadChangeUser(change);
  34. // decimal小数位设置
  35. change.decimal = change.decimal ? JSON.parse(change.decimal) : { tp: this.tender.info.decimal.tp, up: this.tender.info.decimal.up, precision: this.tender.info.precision };
  36. // 权限相关
  37. // todo 校验权限 (标段参与人、分享)
  38. const accountId = this.session.sessionUser.accountId,
  39. auditorIds = _.map(change.auditors, 'aid'),
  40. shareIds = [];
  41. const permission = this.session.sessionUser.permission;
  42. if (accountId === change.uid) { // 原报
  43. change.curTimes = change.times;
  44. change.filePermission = true;
  45. } else if (auditorIds.indexOf(accountId) !== -1) { // 审批人
  46. if (change.status === status.uncheck) {
  47. throw '您无权查看该数据';
  48. }
  49. change.curTimes = change.status === status.checkNo || change.status === status.revise ? change.times - 1 : change.times;
  50. change.filePermission = true;
  51. } else if ((change.status === status.checkNo || change.status === status.revise) && change.uid !== accountId) {
  52. const preAuditors = yield this.service.changeApplyAudit.getAuditors(change.id, change.times - 1);
  53. const preAuditorIds = _.map(preAuditors, 'aid');
  54. if (preAuditorIds.indexOf(accountId) === -1) {
  55. throw '您无权查看该数据';
  56. }
  57. change.filePermission = true;
  58. } else if (this.tender.isTourist || this.session.sessionUser.is_admin) {
  59. change.curTimes = change.times;
  60. change.filePermission = this.tender.touristPermission.file || auditorIds.indexOf(accountId) !== -1;
  61. } else if (shareIds.indexOf(accountId) !== -1 || (permission !== null && permission.tender !== undefined && permission.tender.indexOf('2') !== -1)) { // 分享人
  62. if (change.status === status.uncheck) {
  63. throw '您无权查看该数据';
  64. }
  65. change.curTimes = change.status === status.checkNo || change.status === status.revise ? change.times - 1 : change.times;
  66. change.filePermission = false;
  67. } else { // 其他不可见
  68. throw '您无权查看该数据';
  69. }
  70. // 调差的readOnly 指表格和页面只能看不能改,和审批无关
  71. change.readOnly = !((change.status === status.uncheck || change.status === status.checkNo || change.status === status.revise) && accountId === change.uid);
  72. change.shenpiPower = change.status === status.checking && change.curAuditorIds.indexOf(accountId) !== -1;
  73. this.change = change;
  74. yield this.service.changeApply.doCheckChangeCanCancel(this.change);
  75. yield next;
  76. } catch (err) {
  77. console.log(err);
  78. // 输出错误到日志
  79. if (err.stack) {
  80. this.logger.error(err);
  81. } else {
  82. this.getLogger('fail').info(JSON.stringify({
  83. error: err,
  84. project: this.session.sessionProject,
  85. user: this.session.sessionUser,
  86. body: this.session.body,
  87. }));
  88. }
  89. // 重定向值标段管理
  90. this.redirect(this.request.headers.referer);
  91. }
  92. };
  93. };