Actualizar server.js

2026-03-07 16:29:07 +00:00
parent 8881d50a28
commit 9828761ac8
1 changed files with 4 additions and 15 deletions
--- a/server.js
+++ b/server.js
@@ -2776,24 +2776,19 @@ app.get("/providers/credentials", authMiddleware, async (req, res) => {
 // 💬 CHAT Y COMUNICACIÓN INTERNA (TIPO iTRAMIT)
 // ==========================================

-// 1. Obtener los mensajes de un expediente
 app.get("/services/:id/chat", authMiddleware, async (req, res) => {
    try {
        const { id } = req.params;
        const isOperario = req.user.role === 'operario';

-        // Si es operario, NO puede ver los mensajes marcados como "is_internal = true"
        let query = `
            SELECT id, sender_id, sender_name, sender_role, message, is_internal, created_at 
            FROM service_communications 
            WHERE scraped_id = $1 AND owner_id = $2
        `;
        
-        if (isOperario) {
-            query += ` AND is_internal = FALSE`;
-        }
-
-        query += ` ORDER BY created_at ASC`; // Orden cronológico (chat)
+        if (isOperario) query += ` AND is_internal = FALSE`;
+        query += ` ORDER BY created_at ASC`;

        const q = await pool.query(query, [id, req.user.accountId]);
        res.json({ ok: true, messages: q.rows });
@@ -2803,26 +2798,20 @@ app.get("/services/:id/chat", authMiddleware, async (req, res) => {
    }
 });

-// 2. Enviar un nuevo mensaje (Oficina u Operario)
 app.post("/services/:id/chat", authMiddleware, async (req, res) => {
    try {
        const { id } = req.params;
        const { message, is_internal } = req.body;

-        if (!message || message.trim() === "") {
-            return res.status(400).json({ ok: false, error: "El mensaje está vacío" });
-        }
+        if (!message || message.trim() === "") return res.status(400).json({ ok: false, error: "Vacío" });

-        // Bloqueo de seguridad: Un operario NUNCA puede crear una nota interna oculta
        const isOperario = req.user.role === 'operario';
        const finalIsInternal = isOperario ? false : (is_internal || false);

-        // Sacar el nombre y rol del que escribe
        const userQ = await pool.query("SELECT full_name, role FROM users WHERE id=$1", [req.user.sub]);
-        const senderName = userQ.rows[0]?.full_name || "Usuario Desconocido";
+        const senderName = userQ.rows[0]?.full_name || "Usuario";
        const senderRole = userQ.rows[0]?.role || "operario";

-        // Guardar el mensaje en la base de datos
        await pool.query(`
            INSERT INTO service_communications 
            (scraped_id, owner_id, sender_id, sender_name, sender_role, message, is_internal)