diff --git a/app/controller/api/community/Community.php b/app/controller/api/community/Community.php index bf19598e..9ae1818e 100644 --- a/app/controller/api/community/Community.php +++ b/app/controller/api/community/Community.php @@ -673,16 +673,16 @@ class Community extends BaseController if ($communityInfo['mer_status'] > 0) { return app('json')->fail('该委托商品已审核'); } - $merchantId = Db::name('merchant')->where('uid', $this->request->uid())->value('mer_id'); - if ($merchantId != $communityInfo['entrust_mer_id']) { - return app('json')->fail('当前商户无审核此委托商品权限'); - } $status = $this->request->param('status'); if (!$status) { return app('json')->fail('请设置审核状态'); } // 同意 if ($status == 1) { + $merchantId = Db::name('merchant')->where('uid', $this->request->uid())->value('mer_id'); + if ($merchantId != $communityInfo['entrust_mer_id']) { + return app('json')->fail('当前商户无审核此委托商品权限'); + } $res = Db::name('community')->where('community_id', $id)->where('is_del', 0)->update(['status' => $status, 'mer_status' => 1, 'entrust_start_date' =>date('Y-m-d H:i:s')]); if (!$res) { return app('json')->fail('审核失败'); @@ -690,6 +690,10 @@ class Community extends BaseController } // 拒绝 if ($status == 2) { + $merchantId = Db::name('merchant')->where('uid', $this->request->uid())->value('mer_id'); + if ($merchantId != $communityInfo['entrust_mer_id']) { + return app('json')->fail('当前商户无审核此委托商品权限'); + } $refusal = $this->request->param('refusal', ''); Db::startTrans(); try { @@ -708,6 +712,9 @@ class Community extends BaseController } // 删除 if ($status == 3) { + if ($communityInfo['uid'] != $this->request->uid()) { + return app('json')->fail('当前商户无删除此委托商品权限'); + } Db::startTrans(); try { $list = Db::name('entrust')->where('community_id', $id)->where('is_del', 0)->where('status', 0)->select();