marsalva/api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualizar server.js

Browse Source
This commit is contained in:
marsalva
2026-03-07 16:29:07 +00:00
parent 8881d50a28
commit 9828761ac8
1 changed files with 4 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
server.js
View File

@@ -2776,24 +2776,19 @@ app.get("/providers/credentials", authMiddleware, async (req, res) => {
// 💬 CHAT Y COMUNICACIÓN INTERNA (TIPO iTRAMIT) // 💬 CHAT Y COMUNICACIÓN INTERNA (TIPO iTRAMIT)
// ========================================== // ==========================================
// 1. Obtener los mensajes de un expediente
app.get("/services/:id/chat", authMiddleware, async (req, res) => { app.get("/services/:id/chat", authMiddleware, async (req, res) => {
try { try {
const { id } = req.params; const { id } = req.params;
const isOperario = req.user.role === 'operario'; const isOperario = req.user.role === 'operario';
// Si es operario, NO puede ver los mensajes marcados como "is_internal = true"
let query = ` let query = `
SELECT id, sender_id, sender_name, sender_role, message, is_internal, created_at SELECT id, sender_id, sender_name, sender_role, message, is_internal, created_at
FROM service_communications FROM service_communications
WHERE scraped_id = $1 AND owner_id = $2 WHERE scraped_id = $1 AND owner_id = $2
`; `;
if (isOperario) { if (isOperario) query += ` AND is_internal = FALSE`;
query += ` AND is_internal = FALSE`; query += ` ORDER BY created_at ASC`;
}
query += ` ORDER BY created_at ASC`; // Orden cronológico (chat)
const q = await pool.query(query, [id, req.user.accountId]); const q = await pool.query(query, [id, req.user.accountId]);
res.json({ ok: true, messages: q.rows }); res.json({ ok: true, messages: q.rows });
@@ -2803,26 +2798,20 @@ app.get("/services/:id/chat", authMiddleware, async (req, res) => {
} }
}); });
// 2. Enviar un nuevo mensaje (Oficina u Operario)
app.post("/services/:id/chat", authMiddleware, async (req, res) => { app.post("/services/:id/chat", authMiddleware, async (req, res) => {
try { try {
const { id } = req.params; const { id } = req.params;
const { message, is_internal } = req.body; const { message, is_internal } = req.body;
if (!message || message.trim() === "") { if (!message || message.trim() === "") return res.status(400).json({ ok: false, error: "Vacío" });
return res.status(400).json({ ok: false, error: "El mensaje está vacío" });
}
// Bloqueo de seguridad: Un operario NUNCA puede crear una nota interna oculta
const isOperario = req.user.role === 'operario'; const isOperario = req.user.role === 'operario';
const finalIsInternal = isOperario ? false : (is_internal || false); const finalIsInternal = isOperario ? false : (is_internal || false);
// Sacar el nombre y rol del que escribe
const userQ = await pool.query("SELECT full_name, role FROM users WHERE id=$1", [req.user.sub]); const userQ = await pool.query("SELECT full_name, role FROM users WHERE id=$1", [req.user.sub]);
const senderName = userQ.rows[0]?.full_name || "Usuario Desconocido"; const senderName = userQ.rows[0]?.full_name || "Usuario";
const senderRole = userQ.rows[0]?.role || "operario"; const senderRole = userQ.rows[0]?.role || "operario";
// Guardar el mensaje en la base de datos
await pool.query(` await pool.query(`
INSERT INTO service_communications INSERT INTO service_communications
(scraped_id, owner_id, sender_id, sender_name, sender_role, message, is_internal) (scraped_id, owner_id, sender_id, sender_name, sender_role, message, is_internal)