From b4101f856a2001e127d38a3387ef1e8a746dbaf6 Mon Sep 17 00:00:00 2001
From: kuaifan <aipaw@live.cn>
Date: Mon, 7 Jul 2025 20:34:24 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E9=A1=B9=E7=9B=AE?=
 =?UTF-8?q?=E6=88=90=E5=91=98=E6=97=A0=E6=B3=95=E8=AE=A4=E9=A2=86=E4=BB=BB?=
 =?UTF-8?q?=E5=8A=A1=E7=9A=84=E6=83=85=E5=86=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/Api/ProjectController.php | 17 ++++++++++-------
 app/Models/ProjectPermission.php               |  8 ++++----
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/app/Http/Controllers/Api/ProjectController.php b/app/Http/Controllers/Api/ProjectController.php
index d70d9ecbf..17a35d563 100755
--- a/app/Http/Controllers/Api/ProjectController.php
+++ b/app/Http/Controllers/Api/ProjectController.php
@@ -2120,14 +2120,17 @@ class ProjectController extends AbstractController
         //
         $task = ProjectTask::userTask($task_id);
         //
-        $project = Project::userProject($task->project_id);
-        $permissionKey = ProjectPermission::TASK_UPDATE;
-        if (Arr::exists($param, 'times')) {
-            $permissionKey = ProjectPermission::TASK_TIME;
-        } else if (Arr::exists($param, 'flow_item_id')) {
-            $permissionKey = ProjectPermission::TASK_STATUS;
+        if ($task->hasOwner()) {
+            // 已经存在负责人，则需要检查权限（即：没有任务负责人时，不检查权限）
+            $project = Project::userProject($task->project_id);
+            $permissionKey = ProjectPermission::TASK_UPDATE;
+            if (Arr::exists($param, 'times')) {
+                $permissionKey = ProjectPermission::TASK_TIME;
+            } else if (Arr::exists($param, 'flow_item_id')) {
+                $permissionKey = ProjectPermission::TASK_STATUS;
+            }
+            ProjectPermission::userTaskPermission($project, $permissionKey, $task);
         }
-        ProjectPermission::userTaskPermission($project, $permissionKey, $task);
         //
         $taskUser = ProjectTaskUser::select(['userid', 'owner'])->whereTaskId($task_id)->get();
         $owners = $taskUser->where('owner', 1)->pluck('userid')->toArray();
diff --git a/app/Models/ProjectPermission.php b/app/Models/ProjectPermission.php
index a30da12d7..02380fbfb 100644
--- a/app/Models/ProjectPermission.php
+++ b/app/Models/ProjectPermission.php
@@ -128,8 +128,8 @@ class ProjectPermission extends AbstractModel
     /**
      * 更新项目权限
      *
-     * @param  int  $projectId
-     * @param  array  $permissions
+     * @param int $projectId
+     * @param $newPermissions
      * @return ProjectPermission
      */
     public static function updatePermissions($projectId, $newPermissions)
@@ -146,9 +146,9 @@ class ProjectPermission extends AbstractModel
 
     /**
      * 检查用户是否有执行特定动作的权限
-     * @param string $action 动作名称
      * @param Project $project 项目实例
-     * @param ProjectTask $task 任务实例
+     * @param string $action 动作名称
+     * @param ProjectTask|null $task 任务实例
      * @return bool
      */
     public static function userTaskPermission(Project $project, $action, ProjectTask $task = null)