From f9569be7dc3cda974321833d436ee6dbe38a86b7 Mon Sep 17 00:00:00 2001
From: yaooo <272523191@qq.com>
Date: Fri, 8 Sep 2023 16:42:44 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=95=86=E5=AE=B6=E5=88=A0?=
 =?UTF-8?q?=E9=99=A4=E5=A7=94=E6=89=98=E5=95=86=E5=93=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controller/api/community/Community.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/app/controller/api/community/Community.php b/app/controller/api/community/Community.php
index bf19598e..9ae1818e 100644
--- a/app/controller/api/community/Community.php
+++ b/app/controller/api/community/Community.php
@@ -673,16 +673,16 @@ class Community extends BaseController
         if ($communityInfo['mer_status'] > 0) {
             return app('json')->fail('该委托商品已审核');
         }
-        $merchantId = Db::name('merchant')->where('uid', $this->request->uid())->value('mer_id');
-        if ($merchantId != $communityInfo['entrust_mer_id']) {
-            return app('json')->fail('当前商户无审核此委托商品权限');
-        }
         $status = $this->request->param('status');
         if (!$status) {
             return app('json')->fail('请设置审核状态');
         }
         // 同意
         if ($status == 1) {
+            $merchantId = Db::name('merchant')->where('uid', $this->request->uid())->value('mer_id');
+            if ($merchantId != $communityInfo['entrust_mer_id']) {
+                return app('json')->fail('当前商户无审核此委托商品权限');
+            }
             $res = Db::name('community')->where('community_id', $id)->where('is_del', 0)->update(['status' => $status, 'mer_status' => 1, 'entrust_start_date' =>date('Y-m-d H:i:s')]);
             if (!$res) {
                 return app('json')->fail('审核失败');
@@ -690,6 +690,10 @@ class Community extends BaseController
         }
         // 拒绝
         if ($status == 2) {
+            $merchantId = Db::name('merchant')->where('uid', $this->request->uid())->value('mer_id');
+            if ($merchantId != $communityInfo['entrust_mer_id']) {
+                return app('json')->fail('当前商户无审核此委托商品权限');
+            }
             $refusal = $this->request->param('refusal', '');
             Db::startTrans();
             try {
@@ -708,6 +712,9 @@ class Community extends BaseController
         }
         // 删除
         if ($status == 3) {
+            if ($communityInfo['uid'] != $this->request->uid()) {
+                return app('json')->fail('当前商户无删除此委托商品权限');
+            }
             Db::startTrans();
             try {
                 $list = Db::name('entrust')->where('community_id', $id)->where('is_del', 0)->where('status', 0)->select();