机会列表过滤

@@ -50,8 +50,8 @@ func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) st
 		//指定提交的部门
 		sql4 string = ` SELECT id FROM chance WHERE department_id IN (%s) and review_status =3 `
 		//全公司公开的
-		sql5 string = ` SELECT id FROM chance where publish_status = 1 AND review_status = 3 `
-
+		sql5 string = fmt.Sprintf(` SELECT id FROM chance where publish_status = 1 AND review_status = 3 AND company_id=%d `, companyid)
+		//查看所有公开的
 		allsql           string = ` SELECT t.id FROM (%s) as t `
 		unionsql         string = ``
 		permissionObject serverabc.PermissionOptionObject
@@ -151,7 +151,7 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64
 		log.Error("GetUserCompanyBy(userid, companyid) err:%s", err)
 		return returnData, protocol.NewErrWithMessage("1")
 	}
-	sqlFromPermission = buildSqlForAuditList(usercompany.Id, usercompany.CompanyId, usercompany.UserId)
+
 	s1 := `SELECT a.id,a.user_id,a.department_id,a.audit_template_id,a.chance_type_id
 			,a.publish_status,a.create_at,a.review_status,a.enable_status
 			,a.discovery_score,a.comment_total ,a.code,d.nick_name
@@ -164,7 +164,15 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64
 			JOIN user_company AS c ON c.id = a.user_id
 			JOIN user AS d ON c.user_id = d.id
 	        %s
-			where a.company_id=?`
+			where a.company_id=? `
+	if companyinfo, err := models.GetCompanyById(companyid); err == nil {
+		//非主管进行权限过滤
+		if companyinfo.AdminId != userid {
+			s1 += " AND a.publish_status>0 "
+			s2 += " AND a.publish_status>0 "
+		}
+		sqlFromPermission = buildSqlForAuditList(usercompany.Id, usercompany.CompanyId, usercompany.UserId)
+	}
 	if len(sqlFromPermission) > 0 {
 		temp := fmt.Sprintf(`JOIN (%s) AS tt ON tt.id=a.id`, sqlFromPermission)
 		s1 = fmt.Sprintf(s1, temp)