挂售

app/api/controller/auction/AuctionOrderController.php

@@ -103,7 +103,7 @@ class AuctionOrderController
 
         $order = AuctionOrder::where('order_id', $data['order_id'])->find();
         if (!$order) return app('json')->fail('订单不存在');
-        if ($order['status'] != 2)  return app('json')->fail('当前订单已完成');
+        if ($order['status'] == 3)  return app('json')->fail('当前订单已完成');
         $order['upload_image'] = $data['image'];
         $order['status'] = 2;
         $order['voucher_time'] = time();

app/api/controller/auction/AuctionProductController.php

@@ -426,6 +426,7 @@ class AuctionProductController
 
         $details = $productModel->find($data['id']);
         if (!$details)  return app('json')->fail('商品不存在');
+        if ($details['uid'] != $request->uid()) return app('json')->fail('当前商品不属于你');
         $order = AuctionOrder::where([['product_id', '=', $details['id']], ['status', '<', 3], ['status', '>', 0]])->find();
         if ($order) return app('json')->fail('商品已出售，无法取消');