Merge branch 'dev' of http://gitlab.fjmaimaimai.com/mmm-go/oppmg into dev

-FROM golang:1.13 as builder
+FROM 192.168.0.243:5000/mmm/mmm-oppmg:20200110
 
 # ENV GOPROXY https://goproxy.cn
 ENV GOPATH /go

@@ -39,7 +39,7 @@ func (c *AuditController) AuditList() {
 	uid := c.GetUserId()
 	companyId := c.GetCompanyId()
 	list, err := serveaudit.GetAuditList(param, companyId, uid)
-	msg = protocol.NewReturnResponse(list, err)
+	msg = protocol.NewPageDataResponse(list, err)
 	return
 }
 

@@ -8,6 +8,8 @@ import (
 	"oppmg/utils/exceltool"
 	"strconv"
 
+	serveauth "oppmg/services/auth"
+
 	"github.com/astaxie/beego"
 	"github.com/astaxie/beego/context"
 	"github.com/astaxie/beego/validation"
@@ -28,16 +30,24 @@ func (this *BaseController) Prepare() {
 		this.Ctx.WriteString("")
 		return
 	}
-	// p := this.Ctx.Input.GetData("RouterPattern")
-	// userid := this.GetUserId()
-	// companyid := this.GetCompanyId()
+	if beego.BConfig.RunMode == "dev" {
+		return
+	}
+	p := fmt.Sprint(this.Ctx.Input.GetData("RouterPattern"))
+	userid := this.GetUserId()
+	companyid := this.GetCompanyId()
+	ok := serveauth.ValidUserPermission(p, userid, companyid)
+	if !ok {
+		msg := protocol.NewMessage("10080")
+		this.ResposeJson(msg)
+		return
+	}
 	//权限校验
-
+	return
 }
 
 func (this *BaseController) GetAppHead() (appHead protocol.BaseHeader) {
 	appHead.AccessToken = this.Ctx.Input.Header(protocol.HeaderAccessToken)
-	//appHead.RefreshToken = this.Ctx.Input.Header(protocol.HeaderRefreshToken)
 	return
 
 }

+package models
+
+import (
+	"time"
+
+	"github.com/astaxie/beego/orm"
+)
+
+type AuditFlowProcess struct {
+	Id             int64     `orm:"column(id);pk" description:"唯一标识"`
+	ChanceId       int64     `orm:"column(chance_id)" description:"实例id，关联chance表id"`
+	Uid            int64     `orm:"column(uid)" description:"用户id(审批人)"`
+	Level          int       `orm:"column(level)" description:"审批步骤"`
+	IsActive       int8      `orm:"column(is_active)" description:"是否激活"`
+	ApproveTime    time.Time `orm:"column(approve_time);type(timestamp);null" description:"审批时间"`
+	BasicScore     float64   `orm:"column(basic_score);null;digits(4);decimals(1)" description:"基础评分"`
+	ExtraScore     float64   `orm:"column(extra_score);null;digits(4);decimals(1)" description:"附加评分"`
+	ValueScore     float64   `orm:"column(value_score);null;digits(4);decimals(1)" description:"价值评分"`
+	DiscoveryScore float64   `orm:"column(discovery_score);null;digits(4);decimals(0)" description:"发现评分"`
+	ReviewStatus   int8      `orm:"column(review_status)" description:"审核状态 审核状态 0:待处理 1:待审核 2:被退回 3:已通过 4:提交  "`
+	AuditFlowType  int       `orm:"column(audit_flow_type)" description:"审核流类型 1.部门长 2.指定成员 3.指定角色 4.特殊审核人"`
+	FlowType       int       `orm:"column(flow_type)" description:"审批类型 1:正常审核  2：特殊审核"`
+	ActionType     int       `orm:"column(action_type)" description:"审批执行方式【1:or】【2:and】"`
+	CreateAt       time.Time `orm:"column(create_at);type(timestamp)" description:"创建时间"`
+	UpdateAt       time.Time `orm:"column(update_at);type(timestamp)" description:"更新时间"`
+	EnableStatus   int8      `orm:"column(enable_status)" description:"有效状态 0:无效 1:有效 (被驳回以后，未完成的审核置为无效)"`
+	ApproveData    string    `orm:"column(approve_data);size(500);null" description:"审核数据 json{公开状态 公开对象 分数}"`
+	UserName       string    `orm:"column(user_name);size(50);null" description:"用户名-冗余"`
+	RoleName       string    `orm:"column(role_name);size(50);null" description:"角色名-冗余"`
+	RoleId         int       `orm:"column(role_id);null" description:"角色id-冗余"`
+	ApproveMessage string    `orm:"column(approve_message);size(255);null" description:"审核消息-冗余"`
+	TemplateId     int       `orm:"column(template_id);null" description:"模板编号"`
+}
+
+func (t *AuditFlowProcess) TableName() string {
+	return "audit_flow_process"
+}
+
+func init() {
+	orm.RegisterModel(new(AuditFlowProcess))
+}
+
+//有效状态 0:无效 1:有效 (被驳回以后，未完成的审核置为无效)
+const (
+	AuditFlowProcessEnableYes int = 1
+	AuditFlowProcessEnableNo  int = 0
+)
+
+//审核状态 审核状态 0:待处理 1:待审核 2:被退回 3:已通过 4:提交
+const (
+	AuditFlowProcessReviewWait   int = 0
+	AuditFlowProcessReviewIng    int = 1
+	AuditFlowProcessReviewBack   int = 2
+	AuditFlowProcessReviewPass   int = 3
+	AuditFlowProcessReviewCommit int = 4
+)
+
+// GetAuditFlowProcessById retrieves AuditFlowProcess by Id. Returns error if
+// Id doesn't exist
+func GetAuditFlowProcessById(id int64) (v *AuditFlowProcess, err error) {
+	o := orm.NewOrm()
+	v = &AuditFlowProcess{Id: id}
+	if err = o.Read(v); err == nil {
+		return v, nil
+	}
+	return nil, err
+}

@@ -24,6 +24,7 @@ type Bulletin struct {
 	//AllowCondition int8      `orm:"column(allow_condition);null" description:"关闭条件 (1(bit 0):公告内容查看完 2(bit 1):回答完问题)"`
 	CompanyId int64 `orm:"column(company_id);null" description:"公司Id"`
 	Status    int8  `orm:"column(status)" description:"状态 1-下架 2-上架"`
+	AllPeople int8  `orm:"column(all_people);null" description:"是否是所有人 0:否 1:是"`
 }
 
 func (t *Bulletin) TableName() string {

@@ -31,6 +31,7 @@ type Chance struct {
 	PublishStatus       int       `orm:"column(publish_status)" description:"公开状态 -1 未公开、1部门公开、2公司公开"`
 	AuditLevel          int       `orm:"column(audit_level)" description:"当前审批步骤"`
 	ApproveData         string    `orm:"column(approve_data);size(500);null" description:"公开数据 （公开状态 公开对象）"`
+	Code                string    `orm:"column(code)" description:"机会编码"`
 }
 
 func (t *Chance) TableName() string {

@@ -143,3 +143,15 @@ func GetUserCompanyReal(ids []int64) ([]UserCompany, error) {
 		All(&data)
 	return data, err
 }
+
+//获取公司的所有人员
+func GetUserCompanyAll(companyId int64) (v []*UserCompany, err error) {
+	o := orm.NewOrm()
+	sql := `select a.*,b.nick_name  from (
+select id,user_id from user_company where company_id=? and enable=1 
+)a inner join user b on a.user_id = b.id`
+	if _, err = o.Raw(sql, companyId).QueryRows(&v); err == nil {
+		return v, nil
+	}
+	return nil, err
+}

@@ -263,6 +263,8 @@ type RspAuditList struct {
 	ReviewStatusName  string `json:"review_status_name"`
 	EnableStatus      int8   `json:"enable_status"`
 	EnableStatusName  string `json:"enable_status_name"`
+	DiscoveryScore    string `json:"discovery_score"`
+	CommentTotal      string `json:"comment_total"`
 }
 
 type ChanceFlowLog struct {

@@ -20,7 +20,7 @@ type BulletinReleaseRequest struct {
 	//AllowCondition int      `json:"allow_condition"`
 	QuestionSwitch int             `json:"question_switch"`
 	Receiver       []VisibleObject `json:"receiver"`
-	SendToAll      int             `json:"send_to_all"` //所有人  1：是 0：否
+	AllPeo         int8            `json:"allPeo"` //所有人  1：是 0：否
 	Question       Question        `json:"question"`
 	Cover          Cover           `json:"cover"`
 	IsPublish      int             `json:"is_publish"` //是否直接发布 0:否 1:直接发布
@@ -70,6 +70,7 @@ type GetBulletinResponse struct {
 	Title      string `json:"title" valid:"Required"`
 	Content    string `json:"content" valid:"Required"`
 	AllowClose int    `json:"allow_close"`
+	AllPeo     int8   `json:"allPeo"` //所有人  1：是 0：否
 	//AllowCondition int        `json:"allow_condition"`
 	QuestionSwitch int             `json:"question_switch"`
 	Receiver       []VisibleObject `json:"receiver" valid:"Required"`
@@ -90,10 +91,12 @@ type UpdateBulletinRequest struct {
 	Content    string `json:"content" valid:"Required"`
 	AllowClose int    `json:"allow_close"`
 	//AllowCondition int      `json:"allow_condition"`
+	AllPeo         int8            `json:"allPeo"` //所有人  1：是 0：否
 	QuestionSwitch int             `json:"question_switch"`
-	Receiver       []VisibleObject `json:"receiver" valid:"Required"`
+	Receiver       []VisibleObject `json:"receiver"`
 	Question       Question        `json:"question"`
 	Cover          Cover           `json:"cover" valid:"Required"`
+	IsPublish      int             `json:"is_publish"` //是否直接发布 0:否 1:直接发布
 }
 type UpdateBulletinResponse struct {
 }

@@ -22,6 +22,7 @@ var errmessge ErrorMap = map[string]string{
 	"10012": "超过10级的职位限制，请重新选择",
 	"10013": "同一级职位名称不允许重复",
 	"10014": "职位名称最多10个字符",
+	"10015": "上级职位不能选择当前职位及其下级职位",
 	//安全认证相关
 	"10020": "验证码过期",
 	"10021": "账号或密码不正确",
@@ -33,6 +34,7 @@ var errmessge ErrorMap = map[string]string{
 	"10027": "无操作权限",
 	"10028": "验证码错误",
 	"10029": "获取验证码失败",
+	"10080": "无操作权限",
 
 	//用户相关
 	"10031": "无效角色",
@@ -47,6 +49,8 @@ var errmessge ErrorMap = map[string]string{
 	"10071": "不能删除主管理员",
 	"10072": "不能禁用主管理员",
 	"10073": "角色组已存在",
+	"10074": "删除失败,存在需要用户审批的单子",
+	"10075": "禁用失败,存在需要用户审批的单子",
 	//部门相关
 	"10041": "无效的主管设置",
 	"10042": "上级部门不能选择当前部门及其子部门",
@@ -76,6 +80,7 @@ var errmessge ErrorMap = map[string]string{
 	"10276": "最多选择1个角色",
 	"10277": "最多一个小数",
 	"10278": "公告标题大于30个字符",
+	"10279": "该子分类名称已存在",
 
 	"10170": "请选择指定成员",
 	"10171": "请选择审批人类别",
@@ -90,6 +95,8 @@ var errmessge ErrorMap = map[string]string{
 	//评分配置相关
 	"12101": "分值范围不符合要求",
 	"12102": "评分规则不符合要求",
+	//权限配置相关
+	"10091": "至少选择一个特定部门",
 }
 
 //错误码转换 ，兼容需要

@@ -135,6 +135,8 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64
 			ReviewStatus:      v.ReviewStatus,
 			ReviewStatusName:  models.ChanceReviewStatusMap[v.ReviewStatus],
 			Code:              v.Code,
+			DiscoveryScore:    v.DiscoveryScore,
+			CommentTotal:      v.CommentTotal,
 		}
 
 		if t < 0 {

@@ -35,7 +35,7 @@ func TemplateAdd(uid, companyId int64, request *protocol.TemplateAddRequest) (rs
 		return
 	}
 	if _, err = models.GetAuditTemplateByName(companyId, request.Template.Name); err == nil {
-		err = protocol.NewErrWithMessage("10271")
+		err = protocol.NewErrWithMessage("10279")
 		return
 	}
 	orm := orm2.NewOrm()
@@ -111,6 +111,8 @@ func TemplateAdd(uid, companyId int64, request *protocol.TemplateAddRequest) (rs
 			flowConfig.ToRole = jsonAssertMarsh(getIdsFrom(config.ToRole))
 			flowConfig.ToUser = jsonAssertMarsh(getIdsFrom(config.ToUser))
 			flowConfig.ActionType = config.AcitonType
+			//flowConfig.FlowType = config.ProcessType
+			//flowConfig.AuditFlowType = config.ApproveType
 			flowConfig.CreateAt = time.Now()
 			flowConfig.AuditGroupId = int64(config.GroupId)
 			flowConfig.ConfigData = jsonAssertMarsh(config)
@@ -160,9 +162,11 @@ func TemplateUpdate(uid, companyId int64, request *protocol.TemplateUpdateReques
 		log.Error("template_id:%v 不存在 ,err:%v", request.Template.Id, err.Error())
 		return
 	}
-	if _, err = models.GetAuditTemplateByName(companyId, request.Template.Name); err == nil {
-		err = protocol.NewErrWithMessage("10271")
-		return
+	if template.Name != request.Template.Name {
+		if _, err = models.GetAuditTemplateByName(companyId, request.Template.Name); err == nil {
+			err = protocol.NewErrWithMessage("10279")
+			return
+		}
 	}
 	orm := orm2.NewOrm()
 	//模板
@@ -218,7 +222,7 @@ func TemplateUpdate(uid, companyId int64, request *protocol.TemplateUpdateReques
 		for i := range request.AuditFlowConfig.ProcessConfig {
 			config := request.AuditFlowConfig.ProcessConfig[i]
 			flowConfig := &models.AuditFlowConfig{
-				AuditFlowType: config.ProcessType,
+				//AuditFlowType: config.ApproveType,
 			}
 			if config.ProcessType == models.FlowTypeNormal {
 				flowConfig.Level = normalLevel
@@ -231,6 +235,8 @@ func TemplateUpdate(uid, companyId int64, request *protocol.TemplateUpdateReques
 			flowConfig.ToRole = jsonAssertMarsh(getIdsFrom(config.ToRole))
 			flowConfig.ToUser = jsonAssertMarsh(getIdsFrom(config.ToUser))
 			flowConfig.ActionType = config.AcitonType
+			flowConfig.FlowType = config.ProcessType
+			flowConfig.AuditFlowType = config.ApproveType
 			flowConfig.CreateAt = time.Now()
 			flowConfig.AuditGroupId = int64(config.GroupId)
 			flowConfig.ConfigData = jsonAssertMarsh(config)

@@ -143,30 +143,6 @@ func ChangeLoginToken(userid, companyid int64) (protocol.LoginAuthToken, error)
 	return logintoken, nil
 }
 
-// func RefreshLoginToken(refreshtoken string) (protocol.LoginAuthToken, error) {
-// 	var (
-// 		logintoken protocol.LoginAuthToken
-// 		mtoken     *MyToken
-// 		err        error
-// 		storetoken redisdata.RedisLoginToken
-// 	)
-// 	mtoken, err = ValidJWTToken(refreshtoken)
-// 	if err != nil {
-// 		log.Debug("token失效 err:%s", err)
-// 		return logintoken, protocol.NewErrWithMessage("10024")
-// 	}
-// 	storetoken, err = redisdata.GetLoginToken(mtoken.UID, mtoken.CompanyID)
-// 	if err != nil {
-// 		log.Error("redis err:%s", err)
-// 		return logintoken, protocol.NewErrWithMessage("10024")
-// 	}
-// 	if storetoken.RefreshToken != refreshtoken {
-// 		return logintoken, protocol.NewErrWithMessage("10024")
-// 	}
-// 	logintoken, _ = GenerateAuthToken(mtoken.UID, mtoken.CompanyID)
-// 	return logintoken, nil
-// }
-
 func LoginAuthByUCenter(account, password string) (protocol.LoginAuthToken, error) {
 	var (
 		err           error
@@ -239,7 +215,7 @@ func LoginAuthByUCenter(account, password string) (protocol.LoginAuthToken, erro
 		log.Error("更新用户数据失败：%s", err)
 	}
 
-	InitPermission(usercompanyid)
+	InitPermission(usercompanyid, userdata.Id)
 	return logintoken, err
 }
 
@@ -392,22 +368,6 @@ func GetUserHasMenu(userid, companyid int64) ([]protocol.ResponseUserHasMenu, er
 	return list, nil
 }
 
-//主管拥有全部的菜单
-// func getAdminHasMenu() ([]protocol.PermissionItem, error) {
-// 	const datasql string = `SELECT id,name,icon,parent_id,senior_status,sort,code
-// 				FROM menu WHERE enabled=1 ORDER BY sort `
-// 	var (
-// 		list = make([]protocol.PermissionItem, 0)
-// 		err  error
-// 	)
-// 	err = utils.ExecuteQueryAll(&list, datasql)
-// 	if err != nil {
-// 		log.Error("EXECUTE SQL err:%s", err)
-// 		return nil, protocol.NewErrWithMessage("1")
-// 	}
-// 	return list, nil
-// }
-
 func LoginAuthBySmsCode(phone string, code string) (protocol.LoginAuthToken, error) {
 	var (
 		err           error
@@ -477,7 +437,7 @@ func LoginAuthBySmsCode(phone string, code string) (protocol.LoginAuthToken, err
 	if err != nil {
 		log.Error("更新用户数据失败：%s", err)
 	}
-	InitPermission(usercompanyid)
+	InitPermission(usercompanyid, userdata.Id)
 	return logintoken, err
 }
 
@@ -508,7 +468,7 @@ func SmsCodeCheck(phone string, code string) error {
 }
 
 //InitPermission  登录时权限初始化
-func InitPermission(usercompanyid int64) error {
+func InitPermission(usercompanyid int64, usercompamyid int64) error {
 	var (
 		err           error
 		permissionMap map[string]serverbac.PermissionOptionObject
@@ -518,7 +478,8 @@ func InitPermission(usercompanyid int64) error {
 		log.Error("获取用户的权限失败")
 		return err
 	}
-	err = redisdata.SetUserPermission(permissionMap, usercompanyid)
+
+	err = redisdata.SetUserPermission(permissionMap, usercompamyid)
 	if err != nil {
 		log.Error("缓存用户权限失败:%s", err)
 	}
@@ -536,9 +497,18 @@ func ValidUserPermission(urlPath string, userid int64, companyid int64) bool {
 	if !ok {
 		return true
 	}
+	companyinfo, err := models.GetCompanyById(companyid)
+	if err != nil {
+		log.Error("获取公司数据失败")
+		return false
+	}
+	if companyinfo.AdminId == userid {
+		return true
+	}
+
 	permissionObj, err = redisdata.GetUserPermission(userid, permissionbase.CodeName)
 	if err != nil {
-		log.Error("未取到权限数据")
+		log.Error("未取到权限数据 err:%s", err)
 		return false
 	}
 	ok = permissionObj.GetValidFunc(permissionbase.ActionName)

@@ -45,6 +45,7 @@ func BulletinRelease(uid, companyId int64, request *protocol.BulletinReleaseRequ
 		CreateAt:   time.Now(),
 		UpdateAt:   time.Now(),
 		Status:     status,
+		AllPeople:  request.AllPeo,
 	}
 
 	orm := orm2.NewOrm()
@@ -85,7 +86,7 @@ func BulletinRelease(uid, companyId int64, request *protocol.BulletinReleaseRequ
 	}
 	//TODO:发送公告消息
 	if request.IsPublish == 1 {
-		if err = sendBulletinUserMsg(orm, request.Receiver, companyId, int64(id), bulletin.Title); err != nil {
+		if err = sendBulletinUserMsg(orm, request.Receiver, companyId, int64(id), bulletin.Title, request.AllPeo); err != nil {
 			log.Error(err.Error())
 			orm.Rollback()
 			return
@@ -136,13 +137,23 @@ func getBulletinReceiverIds(orm orm2.Ormer, receivers []protocol.VisibleObject,
 }
 
 //发送公告消息
-func sendBulletinUserMsg(orm orm2.Ormer, receivers []protocol.VisibleObject, companyId int64, sourceId int64, message string) (err error) {
+func sendBulletinUserMsg(orm orm2.Ormer, receivers []protocol.VisibleObject, companyId int64, sourceId int64, message string, allPeople int8) (err error) {
 	var (
 		ids    []int64
 		sended = make(map[int64]int64)
 	)
-	if ids, err = getBulletinReceiverIds(orm, receivers, companyId, sourceId, message); err != nil {
-		return
+	if allPeople == 1 {
+		if userCompanys, e := models.GetUserCompanyAll(companyId); e == nil {
+			for i := range userCompanys {
+				ids = append(ids, userCompanys[i].Id)
+			}
+		} else {
+			log.Error("%v %v", companyId, e.Error())
+		}
+	} else {
+		if ids, err = getBulletinReceiverIds(orm, receivers, companyId, sourceId, message); err != nil {
+			return
+		}
 	}
 	for i := range ids {
 		if _, ok := sended[ids[i]]; ok {
@@ -256,6 +267,7 @@ func GetBulletin(id int, companyId int64, request *protocol.GetBulletinRequest)
 		Title:      bulletin.Title,
 		Content:    bulletin.Content,
 		AllowClose: int(bulletin.AllowClose),
+		AllPeo:     bulletin.AllPeople,
 		//AllowCondition: int(bulletin.AllowCondition),
 		Cover: protocol.Cover(bulletin.Cover),
 		Question: protocol.Question{
@@ -326,7 +338,11 @@ func UpdateBulletin(companyId int64, request *protocol.UpdateBulletinRequest) (r
 		bulletin.QuestionSwitch = int8(request.QuestionSwitch)
 		//bulletin.AllowCondition = int8(request.AllowCondition)
 		bulletin.AllowClose = int8(request.AllowClose)
+		bulletin.AllPeople = request.AllPeo
 		bulletin.UpdateAt = time.Now()
+		if request.IsPublish == 1 && bulletin.Status == protocol.BulletinUnRelease {
+			bulletin.Status = protocol.BulletinRelease
+		}
 		if err = models.UpdateBulletinById(bulletin); err != nil {
 			log.Error(err.Error())
 			return
@@ -377,6 +393,14 @@ func UpdateBulletin(companyId int64, request *protocol.UpdateBulletinRequest) (r
 		}
 
 	}
+	orm := orm2.NewOrm()
+	if request.IsPublish == 1 && bulletin.Status == protocol.BulletinUnRelease {
+		if err = sendBulletinUserMsg(orm, request.Receiver, companyId, int64(bulletin.Id), bulletin.Title, request.AllPeo); err != nil {
+			log.Error(err.Error())
+			orm.Rollback()
+			return
+		}
+	}
 	return
 }
 
@@ -419,7 +443,7 @@ func OperateBulletin(companyId int64, request *protocol.OperateBulletinRequest)
 	}
 	if request.CmdType == protocol.BulletinRelease { //上架
 		status = protocol.BulletinRelease
-		if err = sendBulletinUserMsg(orm, receiver, companyId, int64(bulletin.Id), bulletin.Title); err != nil {
+		if err = sendBulletinUserMsg(orm, receiver, companyId, int64(bulletin.Id), bulletin.Title, bulletin.AllPeople); err != nil {
 			log.Error(err.Error())
 			orm.Rollback()
 			return

@@ -213,7 +213,7 @@ func positionRelationUpdate(positionUpdate *models.Position, newparent *models.P
 			o.Rollback()
 			e := fmt.Errorf("departSubset[i].Id == newparent.Id")
 			log.Error(e.Error())
-			return protocol.NewErrWithMessage("1", e)
+			return protocol.NewErrWithMessage("10015", e)
 		}
 		//重建关系树
 		s := strings.TrimPrefix(positionSubset[i].Relation, oldRelation)

@@ -465,7 +465,14 @@ func UserDelete(userCompanyids []int64, companyid int64) error {
 		log.Error("获取用户数据失败：%s", err)
 		return protocol.NewErrWithMessage("1")
 	}
-
+	exist := o.QueryTable(&models.AuditFlowProcess{}).
+		Filter("uid__in", userCompanyids).
+		Filter("enable_status", models.AuditFlowProcessEnableYes).
+		Filter("review_status__in", models.AuditFlowProcessReviewWait, models.AuditFlowProcessReviewIng).
+		Exist()
+	if exist {
+		return protocol.NewErrWithMessage("10074")
+	}
 	var (
 		ids []int64
 	)
@@ -657,6 +664,14 @@ func UserForbid(userCompanyids []int64, companyid int64) error {
 		log.Error("获取用户数据失败：%s", err)
 		return protocol.NewErrWithMessage("1")
 	}
+	exist := o.QueryTable(&models.AuditFlowProcess{}).
+		Filter("uid__in", userCompanyids).
+		Filter("enable_status", models.AuditFlowProcessEnableYes).
+		Filter("review_status__in", models.AuditFlowProcessReviewWait, models.AuditFlowProcessReviewIng).
+		Exist()
+	if exist {
+		return protocol.NewErrWithMessage("10075")
+	}
 	var (
 		ids []int64
 	)

@@ -173,6 +173,13 @@ func UpdateSetOpportunity(param OptionOpportunity, roleid int64, companyid int64
 		err      error
 		menuinfo *models.Menu
 	)
+
+	if param.Check == OpportunityCheckLv3 {
+		if len(param.CheckOption.Departments) == 0 {
+			return protocol.NewErrWithMessage("10091")
+		}
+	}
+
 	menuinfo, err = models.GetMenuByCode(M_SYSTEM_OPPORTUNITY)
 	if err != nil {
 		log.Error("获取菜单数据失败GetMenuByCode(%s)：%s", M_SYSTEM_OPPORTUNITY, err)

@@ -53,9 +53,9 @@ var RouterPermission = map[string]PermissionBase{
 	"/v1/rbac/role_group/add":        PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
 	"/v1/rbac/role_group/edit":       PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
 	"/v1/rbac/role_group/delete":     PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
+	"/v1/rbac/role/menu":             PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
 	"/v1/rbac/menu/list":             PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
-	"/v1/rbac/menu":                  PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
-	"/v1/rbac/menu/edit":             PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
+	"/v1/rbac/role/menu/edit":        PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
 	"/v1/rbac/menu/opportunity":      PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
 	"/v1/rbac/menu/opportunity/edit": PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE_ROLE, ActionName: "default"},
 	"/v1/user/list":                  PermissionBase{CodeName: M_ENTERPRISE_EMPLOYEE, ActionName: "default"},
@@ -84,6 +84,9 @@ var RouterPermission = map[string]PermissionBase{
 	"/v1/template/deleteCategory":    PermissionBase{CodeName: M_SYSTEM_OPPORTUNITY_TEMPLATE, ActionName: "default"},
 	"/v1/config/score":               PermissionBase{CodeName: M_SYSTEM_RATING, ActionName: "default"},
 	"/v1/config/score/get":           PermissionBase{CodeName: M_SYSTEM_RATING, ActionName: "default"},
+	"/v1/audit/list":                 PermissionBase{CodeName: M_SYSTEM_OPPORTUNITY, ActionName: "check"},
+	"/v1/audit/info":                 PermissionBase{CodeName: M_SYSTEM_OPPORTUNITY, ActionName: "check"},
+	"/v1/audit/allow_forbid":         PermissionBase{CodeName: M_SYSTEM_OPPORTUNITY, ActionName: "close_chance"},
 }
 
 type CodeToObject func() PermissionOptionObject
@@ -143,3 +146,26 @@ func GetUserPermission(userCompanyid int64) (map[string]PermissionOptionObject,
 	}
 	return objMap, nil
 }
+
+// func ValidUserPermission(urlPath string, userid int64, companyid int64) bool {
+// 	var (
+// 		err            error
+// 		permissionbase PermissionBase
+// 		ok             bool = false
+// 		permissionObj  PermissionOptionObject
+// 	)
+// 	permissionbase, ok = RouterPermission[urlPath]
+// 	if !ok {
+// 		return true
+// 	}
+// 	permissionObj, err = redisdata.GetUserPermission(userid, permissionbase.CodeName)
+// 	if err != nil {
+// 		log.Error("未取到权限数据")
+// 		return false
+// 	}
+// 	ok = permissionObj.GetValidFunc(permissionbase.ActionName)
+// 	if ok {
+// 		return true
+// 	}
+// 	return false
+// }

@@ -134,8 +134,17 @@ func NewOptionOpportunity() PermissionOptionObject {
 //GetValidFunc   PermissionOptionBase 接口实现
 func (p *OptionOpportunity) GetValidFunc(k string) bool {
 	m := map[string]func() bool{
-		"check": p.ValidCheck,
-	}
+		"check":              p.ValidCheck,
+		"edit_sorce":         p.ValidEditSorce,
+		"close_chance":       p.ValidCloseChance,
+		"edit_public_status": p.ValidEditPublicStatus,
+	}
+	/*
+		EditSorce        int         `json:"edit_sorce"`
+		EditPublicStatus int         `json:"edit_public_status"`
+		CloseChance      int         `json:"close_chance"`
+		EditChance       int         `json:"edit_chance"`
+	*/
 	if fn, ok := m[k]; ok {
 		b := fn()
 		return b
@@ -217,6 +226,13 @@ func (p *OptionOpportunity) ValidEditPublicStatus() bool {
 	return false
 }
 
+func (p *OptionOpportunity) ValidCloseChance() bool {
+	if p.CloseChance > 0 {
+		return true
+	}
+	return false
+}
+
 // //StringUnmarshal  PermissionOptionBase 接口实现
 // func (p *OptionOpportunity) StringUnmarshal(s string) error {
 // 	err := json.Unmarshal([]byte(s), p)

@@ -100,8 +100,8 @@ func GetCaptchAuth(phone string) (string, error) {
 	return r, err
 }
 
-func SetUserPermission(objMap map[string]rbac.PermissionOptionObject, usercompanyid int64) error {
-	key := GetKeyUserPermission(usercompanyid)
+func SetUserPermission(objMap map[string]rbac.PermissionOptionObject, userid int64) error {
+	key := GetKeyUserPermission(userid)
 	client := redis.GetRedis()
 	for k := range objMap {
 		s, err := json.Marshal(objMap[k])