From dfa2b21f0bb8607d828604b0e4ec58d65ab9e200 Mon Sep 17 00:00:00 2001
From: marsalva <info@marsalva.es>
Date: Tue, 24 Feb 2026 21:10:15 +0000
Subject: [PATCH] Actualizar server.js

---
 server.js | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/server.js b/server.js
index e560815..bffb364 100644
--- a/server.js
+++ b/server.js
@@ -725,17 +725,27 @@ app.post("/public/portal/:token/book", async (req, res) => {
     }
 });
 
-// 3. OBTENER SOLICITUDES PARA EL PANEL DEL ADMIN
+// 3. OBTENER SOLICITUDES PARA EL PANEL DEL ADMIN Y APP OPERARIO
 app.get("/agenda/requests", authMiddleware, async (req, res) => {
     try {
-        const q = await pool.query(`
+        let query = `
             SELECT s.id, s.service_ref, s.raw_data, u.full_name as assigned_name
             FROM scraped_services s
             LEFT JOIN users u ON s.assigned_to = u.id
             WHERE s.owner_id = $1 
             AND s.raw_data->>'appointment_status' = 'pending'
-            ORDER BY s.created_at ASC
-        `, [req.user.accountId]);
+        `;
+        const params = [req.user.accountId];
+
+        // Si es operario, solo ve sus propias solicitudes
+        if (req.user.role === 'operario' || req.user.role === 'operario_cerrado') {
+            query += ` AND s.assigned_to = $2`;
+            params.push(req.user.sub);
+        }
+
+        query += ` ORDER BY s.created_at ASC`;
+
+        const q = await pool.query(query, params);
         res.json({ ok: true, requests: q.rows });
     } catch (e) { res.status(500).json({ ok: false }); }
 });