diff --git a/server.js b/server.js index 65f6acd..f82b1ba 100644 --- a/server.js +++ b/server.js @@ -1897,17 +1897,10 @@ async function dispatchToBolsa(serviceId, guildId, cp, accountId, userId) { AND ug.guild_id = $2 AND u.zones::jsonb @> $3::jsonb `, [accountId, guildId, JSON.stringify([{ cps: (cp || "00000").toString() }])]); + // 🔥 Se ha ELIMINADO el bloque fallback. Si nadie tiene el CP, abortamos misión y se queda en el buzón. if (workersQ.rowCount === 0) { - workersQ = await pool.query(` - SELECT u.id, u.full_name, u.phone FROM users u - JOIN user_guilds ug ON u.id = ug.user_id - WHERE u.owner_id = $1 AND u.role = 'operario' AND u.status = 'active' AND ug.guild_id = $2 - `, [accountId, guildId]); - } - - if (workersQ.rowCount === 0) { - console.log(`⚠️ [AUTO-DISPATCH] No hay operarios activos para el gremio ${guildId}.`); - return { ok: false, error: "No hay operarios disponibles para este gremio" }; + console.log(`⚠️ [AUTO-DISPATCH] Abortado: No hay operarios de ese gremio dados de alta en el CP ${cp}.`); + return { ok: false, error: "No hay operarios con este código postal asignado." }; } await pool.query("UPDATE scraped_services SET automation_status = 'in_progress' WHERE id = $1", [serviceId]); @@ -1916,7 +1909,7 @@ async function dispatchToBolsa(serviceId, guildId, cp, accountId, userId) { await pool.query(`INSERT INTO assignment_pings (scraped_id, user_id, token, expires_at) VALUES ($1, $2, $3, CURRENT_TIMESTAMP + INTERVAL '5 minutes')`, [serviceId, worker.id, token]); - // 🧠 MAGIA AÑADIDA: BUSCAMOS EL NOMBRE DEL GREMIO PARA EL WHATSAPP + // 🧠 Buscamos el nombre del gremio para el WhatsApp let nombreGremio = "URGENCIA"; const gQ = await pool.query("SELECT name FROM guilds WHERE id = $1", [guildId]); if(gQ.rowCount > 0) nombreGremio = gQ.rows[0].name.toUpperCase(); @@ -2014,11 +2007,11 @@ app.post("/providers/scraped", authMiddleware, async (req, res) => { }); // ========================================== -// 📤 OBTENER SERVICIOS PARA EL BUZÓN +// 📤 OBTENER SERVICIOS PARA EL BUZÓN (Y BOLSA DE LA APP) // ========================================== app.get("/providers/scraped", authMiddleware, async (req, res) => { try { - const q = await pool.query(` + let query = ` SELECT s.*, ap.token as active_token, EXTRACT(EPOCH FROM (ap.expires_at - CURRENT_TIMESTAMP)) as seconds_left, u.full_name as current_worker_name, @@ -2028,14 +2021,38 @@ app.get("/providers/scraped", authMiddleware, async (req, res) => { FROM scraped_services s LEFT JOIN assignment_pings ap ON s.id = ap.scraped_id AND ap.status = 'pending' LEFT JOIN users u ON ap.user_id = u.id - WHERE s.owner_id = $1 ORDER BY s.created_at DESC - `, [req.user.accountId]); + WHERE s.owner_id = $1 + `; + const params = [req.user.accountId]; + + // 🛡️ ESCUDO DE ZONA: Si es operario, aplicamos filtros de gremio y CP obligatorios + if (req.user.role === 'operario') { + query += ` AND s.assigned_to IS NULL AND s.status != 'archived'`; + + // 1. Tiene que ser de un gremio que el operario tenga asignado + query += ` AND (s.raw_data->>'guild_id')::int IN (SELECT guild_id FROM user_guilds WHERE user_id = $2)`; + + // 2. El CP de la avería tiene que coincidir SÍ o SÍ con los del operario + // Buscamos el CP en varios campos del JSON para asegurarnos de que no se escapa + query += ` AND EXISTS ( + SELECT 1 FROM jsonb_array_elements((SELECT zones FROM users WHERE id = $2)) as z + WHERE z->>'cps' = COALESCE(s.raw_data->>'Código Postal', s.raw_data->>'C.P.', substring(s.raw_data::text from '\\y[0-9]{5}\\y'), '00000') + )`; + params.push(req.user.sub); + } + + query += ` ORDER BY s.created_at DESC`; + + const q = await pool.query(query, params); const services = q.rows.map(row => { if (row.seconds_left && row.seconds_left > 0) row.token_expires_at = new Date(Date.now() + (row.seconds_left * 1000)); return row; }); res.json({ ok: true, services }); - } catch (e) { res.status(500).json({ ok: false }); } + } catch (e) { + console.error("Error buzón/bolsa:", e); + res.status(500).json({ ok: false }); + } }); // ==========================================