Skip to main content

Overview

The Super Admin (superadmin) role is the highest-level administrative role in DentControl. This role is designed for the SaaS platform owner and has unrestricted access to manage all clinics, users, and system-wide configurations.
The Super Admin role should only be assigned to trusted platform administrators. This role has no restrictions and can modify or delete any data in the system.

Key Characteristics

Platform-Wide Access

Manage all registered clinics and their users across the entire SaaS platform

No Clinic Association

Super Admins are not tied to a specific clinic (id_clinica is null)

User Management

Create, edit, suspend, and reactivate users for any clinic

System Dashboard

Access to platform-wide metrics and analytics

Accessible Routes

Super Admin routes are protected by the can:admin-only middleware, which verifies the user’s role is superadmin.

Dashboard

GET /admin/dashboard
View platform-wide statistics including:
  • Total active clinics
  • Total active users across all clinics
  • Total patients in the system
  • Recently registered clinics
Implemented in: app/Http/Controllers/Admin/AdminController.php:12

Clinic Management

Route: GET /clinicasController: ClinicaController@indexPurpose: Lists all registered clinics ordered by most recent firstSource: routes/web.php:22
Route: POST /clinicasController: ClinicaController@storeValidates:
  • Clinic name (max 50 chars, alphanumeric)
  • RFC (12-13 chars, unique)
  • Address details
  • Phone (10 digits, unique)
  • Optional logo upload (jpeg, png, jpg - max 2MB)
Source: routes/web.php:23
Route: GET /clinicas/{id}/editController: ClinicaController@editReturns: JSON with clinic data for modal editingSource: routes/web.php:24
Route: PUT /clinicas/{id}Controller: ClinicaController@updateFeatures:
  • Updates clinic information
  • Handles logo replacement (deletes old file)
  • Validates unique RFC and phone per clinic
Source: routes/web.php:25
Route: PATCH /clinicas/{id}/toggleController: ClinicaController@toggleStatusPurpose: Activate or deactivate clinics (switches between ‘activo’ and ‘baja’)Impact: When a clinic is set to ‘baja’, all associated users are blocked from logging inSource: routes/web.php:26

User Management

Route: GET /usuariosController: UsuarioController@indexPurpose: Lists all users with their associated clinic informationSource: routes/web.php:29
Route: POST /usuariosController: UsuarioController@storeValidates:
  • Clinic assignment (must be an active clinic)
  • Name, paternal surname (min 3 chars, letters only)
  • Username (4-20 alphanumeric, unique)
  • Password (min 8 chars, mixed case, numbers)
  • Role (dentista or asistente)
  • Professional license (required for dentistas, 7-10 digits)
Source: routes/web.php:30
Route: GET /usuarios/{id}/editController: UsuarioController@editReturns: JSON with user data for modal editingSource: routes/web.php:31
Route: PUT /usuarios/{id}Controller: UsuarioController@updateProtection: Superadmin users cannot have their role changed (forced to remain ‘superadmin’)Source: routes/web.php:32
Route: PATCH /usuarios/{id}/toggleController: UsuarioController@toggleStatusPurpose: Suspend or reactivate users (switches between ‘activo’ and ‘baja’)Protection: Cannot suspend other superadmin usersSource: routes/web.php:33

Permission Boundaries

Super Admins are restricted from:
  • Accessing clinic-specific routes (/dentista/*, /asistente/*)
  • Logging in if their account status is not ‘activo’
  • Being edited or suspended by other users

Authentication & Authorization

Gate Definition

The admin-only gate is defined in AppServiceProvider.php:26: 
Gate::define('admin-only', function ($user) {
    return $user->rol === 'superadmin';
});

Login Redirection

After successful authentication, Super Admins are redirected to: 
/admin/dashboard
Implemented in: AuthController.php:65

Database Schema

Super Admin users are stored in the usuario table with these distinguishing characteristics:
FieldValue
rol'superadmin'
id_clinicaNULL (not associated with any specific clinic)
estatus'activo' (required for login)
cedula_profesionalNULL (not required)

Security Considerations

Account Protection:
  • Super Admin accounts cannot be deleted or downgraded by other users
  • The system forces the role to remain ‘superadmin’ during updates
  • Only Super Admins can manage other Super Admins

Session Management

Super Admin sessions are subject to the same authentication rules:
  • Account must have estatus = 'activo'
  • Session regeneration on login for security
  • Proper logout and token invalidation

Best Practices

  1. Limit Super Admin Accounts: Only create Super Admin accounts for trusted platform administrators
  2. Monitor Activity: Regularly audit Super Admin actions, especially clinic and user modifications
  3. Strong Passwords: Enforce the system’s password requirements (min 8 chars, mixed case, numbers)
  4. Clinic Status: Use clinic deactivation (toggle status) instead of deleting clinics to preserve data integrity
  5. User Suspension: Suspend users rather than deleting them to maintain audit trails

Build docs developers (and LLMs) love

Get started for freeTalk to us