From 446e180cf06e24e7e2a496c345cc9efa647f89e3 Mon Sep 17 00:00:00 2001
From: jgallego <jgallego@verdnatura.es>
Date: Wed, 12 Jun 2024 11:58:07 +0200
Subject: [PATCH] hotfix claim

---
 db/dump/.dump/data.sql                          |  2 +-
 modules/claim/back/methods/claim/updateClaim.js | 14 +++++---------
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/db/dump/.dump/data.sql b/db/dump/.dump/data.sql
index c0d0c34e6..632f3b4b0 100644
--- a/db/dump/.dump/data.sql
+++ b/db/dump/.dump/data.sql
@@ -1711,7 +1711,7 @@ INSERT INTO `ACL` VALUES (570,'InvoiceOut','canCreatePdf','WRITE','ALLOW','ROLE'
 INSERT INTO `ACL` VALUES (571,'Supplier','editPayMethodCheck','WRITE','ALLOW','ROLE','financial');
 INSERT INTO `ACL` VALUES (572,'Worker','isTeamBoss','WRITE','ALLOW','ROLE','teamBoss');
 INSERT INTO `ACL` VALUES (573,'Worker','forceIsSubordinate','READ','ALLOW','ROLE','hr');
-INSERT INTO `ACL` VALUES (574,'Claim','editState','WRITE','ALLOW','ROLE','claimManager');
+INSERT INTO `ACL` VALUES (574,'Claim','editPickup','WRITE','ALLOW','ROLE','claimManager');
 INSERT INTO `ACL` VALUES (577,'Claim','findOne','READ','ALLOW','ROLE','salesPerson');
 INSERT INTO `ACL` VALUES (579,'Claim','updateClaim','WRITE','ALLOW','ROLE','salesPerson');
 INSERT INTO `ACL` VALUES (580,'Claim','regularizeClaim','WRITE','ALLOW','ROLE','claimManager');
diff --git a/modules/claim/back/methods/claim/updateClaim.js b/modules/claim/back/methods/claim/updateClaim.js
index c99e0e2f1..326192385 100644
--- a/modules/claim/back/methods/claim/updateClaim.js
+++ b/modules/claim/back/methods/claim/updateClaim.js
@@ -69,30 +69,26 @@ module.exports = Self => {
                     }
                 }
             }, myOptions);
-            // Get sales person from claim client
-            const salesPerson = claim.client().salesPersonUser();
 
-            const changedPickup = args.pickup != claim.pickup;
+            const changedPickup = args.pickup && args.pickup != claim.pickup;
 
-            // Validate when claimState has been changed
             if (args.claimStateFk) {
                 const canEditOldState = await models.ClaimState.isEditable(ctx, claim.claimStateFk, myOptions);
                 const canEditNewState = await models.ClaimState.isEditable(ctx, args.claimStateFk, myOptions);
-                const canEditState = await models.ACL.checkAccessAcl(ctx, 'Claim', 'editState', 'WRITE');
+                const canEditPickup = await models.ACL.checkAccessAcl(ctx, 'Claim', 'editPickup', 'WRITE');
 
-                if (!canEditOldState || !canEditNewState || changedPickup && !canEditState)
+                if (!canEditOldState || !canEditNewState || (changedPickup && !canEditPickup))
                     throw new UserError(`You don't have enough privileges to change that field`);
             }
 
             delete args.ctx;
             const updatedClaim = await claim.updateAttributes(args, myOptions);
 
-            // When pickup has been changed
+            const salesPerson = claim.client().salesPersonUser();
             if (salesPerson) {
                 if (changedPickup && updatedClaim.pickup)
                     await notifyPickUp(ctx, salesPerson.id, claim);
 
-                // When claimState has been changed
                 if (args.claimStateFk) {
                     const newState = await models.ClaimState.findById(args.claimStateFk, null, myOptions);
                     await notifyStateChange(ctx, salesPerson.id, claim, newState.description);
@@ -113,7 +109,7 @@ module.exports = Self => {
     async function notifyStateChange(ctx, workerId, claim, newState) {
         const models = Self.app.models;
         const url = await models.Url.getUrl();
-        const $t = ctx.req.__; // $translate
+        const $t = ctx.req.__;
 
         const message = $t(`Claim state has changed to`, {
             claimId: claim.id,