diff --git a/server/middleware/authenticate.js b/server/middleware/authenticate.js
index 98105e8..a68a007 100644
--- a/server/middleware/authenticate.js
+++ b/server/middleware/authenticate.js
@@ -4,10 +4,10 @@ var {User} = require('../models/user');
 
 const tools = require('../tools/general');
 
-var authenticate = (req, res, next) => {
-  var token = req.header('x-auth');
+const authenticate = (req, res, next) => {
+  const token = req.header('x-auth');
 
-  console.log('authenticate... ');
+  // console.log('authenticate... ');
 
   const access = 'auth';
 
diff --git a/server/models/user.js b/server/models/user.js
index cad8ac9..6af69d2 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -160,6 +160,14 @@ UserSchema.statics.isAdmin = function (user) {
   }
 };
 
+UserSchema.statics.isManager = function (user) {
+  try {
+    return ((user.perm & shared_consts.Permissions.Manager) === shared_consts.Permissions.Manager);
+  }catch (e) {
+    return false
+  }
+};
+
 UserSchema.statics.findByToken = function (token, typeaccess) {
   const User = this;
   let decoded;
diff --git a/server/router/booking_router.js b/server/router/booking_router.js
index b34f88f..cb159bf 100644
--- a/server/router/booking_router.js
+++ b/server/router/booking_router.js
@@ -100,7 +100,7 @@ router.get('/:userId/:idapp/:sall', authenticate, (req, res) => {
   const sall = req.params.sall;
   // var category = req.params.category;
 
-  tools.mylog('GET BOOKINGS : ', req.params);
+  // tools.mylog('GET BOOKINGS : ', req.params);
 
   if (!ObjectID.isValid(userId)) {
     return res.status(404).send();
diff --git a/server/router/index_router.js b/server/router/index_router.js
index 5b61da7..0beb845 100644
--- a/server/router/index_router.js
+++ b/server/router/index_router.js
@@ -149,20 +149,22 @@ router.post(process.env.LINK_UPDATE_PASSWORD, (req, res) => {
 
 });
 
-router.post('/gettable', authenticate, (req, res) => {
-  const params = req.body;
+function getTableByTableName(tablename) {
 
-  tools.mylog('GET ALL USERS: ', params);
-
-  let mytable = null;
-
-  if (params.table === 'users')
+  if (tablename === 'users')
     mytable = User;
-  else if (params.table === 'booking')
+  else if (tablename === 'booking')
     mytable = Booking;
 
+  return mytable
+}
+
+router.post('/gettable', authenticate, (req, res) => {
+  const params = req.body;
+  const mytable = getTableByTableName(params.table);
+
   return mytable.queryTable(req.user.idapp, params).then(ris => {
-    tools.mylog('list', ris);
+    // tools.mylog('list', ris);
     return res.send(ris);
   }).catch((e) => {
     console.log(e);
@@ -171,4 +173,62 @@ router.post('/gettable', authenticate, (req, res) => {
 
 });
 
+router.patch('/chval', authenticate, (req, res) => {
+  // const idapp = req.body.idapp;
+  const id = req.body.data.id;
+  const mydata = req.body.data;
+
+  const mytable = getTableByTableName(mydata.table);
+  const fieldsvalue = mydata.fieldsvalue;
+
+  tools.mylogshow('PATCH CHVAL: ', id);
+
+  if (!User.isAdmin(req.user) && !User.isManager(req.user)) {
+    // If without permissions, exit
+    return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
+  }
+
+  mytable.findByIdAndUpdate(id, { $set: fieldsvalue }).then((rec) => {
+    tools.mylogshow(' REC TO MODIFY: ', rec);
+    if (!rec) {
+      return res.status(404).send();
+    } else {
+      res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
+    }
+
+  }).catch((e) => {
+    tools.mylogserr('Error patch USER: ', e);
+    res.status(400).send();
+  })
+});
+
+router.delete('/delrec/:table/:id', authenticate, (req, res) => {
+  const id = req.params.id;
+  const tablename = req.params.table;
+  // const idapp = req.body.idapp;
+
+  console.log('id', id , 'table', tablename);
+
+  const mytable = getTableByTableName(tablename);
+
+  if (!User.isAdmin(req.user) && !User.isManager(req.user)) {
+    // If without permissions, exit
+    return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
+  }
+
+  mytable.findByIdAndRemove(id).then((rec) => {
+    if (!rec) {
+      return res.status(404).send();
+    }
+
+    tools.mylog('DELETED ', rec._id);
+
+    res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
+  }).catch((e) => {
+    res.status(400).send();
+  });
+});
+
+
+
 module.exports = router;
diff --git a/server/tools/shared_nodejs.js b/server/tools/shared_nodejs.js
index a8cd066..663a72e 100644
--- a/server/tools/shared_nodejs.js
+++ b/server/tools/shared_nodejs.js
@@ -3,6 +3,7 @@ module.exports = {
   Permissions: {
     Normal: 0,
     Admin: 1,
+    Manager: 2,
   },
 
   fieldsUserToChange() {