Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/CRISTIANCAMACH34/Zippi/llms.txt

Use this file to discover all available pages before exploring further.

Every user in Zippi is assigned exactly one role. That role determines which portal surface is rendered in the frontend, which API endpoints are accessible, which database rows are visible through the tenant scope filter, and which actions are permitted. The role catalog is defined in backend/app/modules/auth/domain/rbac.py and is the single source of truth — roles cannot be invented at runtime.
The role controls the entire UI experience, not just a permission gate. A kitchen_staff user enters a command-ticket screen with a priority timer and alarm — not a business dashboard. A cashier lands on the till screen with expected-vs-received amounts and shift closure. Designing a portal means designing the right tool for that role’s job, not a permission-restricted version of a generic admin UI.

All 16 Roles

Role keyLabelSurfacehome_routeDefault scope
super_adminSuper administradorsuperadmin_panel/app/superadminglobal
platform_adminAdministrador plataformasuperadmin_panel/app/superadminglobal
country_adminAdministrador paísadmin_panel/app/admin/countrycountry
city_adminAdministrador ciudadadmin_panel/app/admin/citycity
zippi_branch_adminAdministrador sucursal Zippiadmin_panel/app/admin/branchzippi_branch
operations_adminAdministrador operacionesadmin_panel/app/admincity
finance_adminAdministrador financieroadmin_panel/app/admincity
support_agentAgente soporteadmin_panel/admin-platform/supportcity
business_ownerDueño de negociobusiness_portal/app/businessbusiness_group
business_adminAdministrador negociobusiness_portal/app/businessbusiness
business_branch_adminAdministrador sucursal negociobusiness_branch_portal/app/business/branchbusiness_branch
kitchen_staffCocinakitchen_app/app/business/kitchenbusiness_branch
cashierCajerocashier_app/app/business/cashierbusiness_branch
waiterMeserowaiter_app/app/business/waiterbusiness_branch
delivery_driverDomiciliariocourier_app/app/driverself
customerClienteclient_app/app/clienteself

Portal Surfaces

superadmin_panel — Global Platform Control

The superadmin panel hosts super_admin and platform_admin. Both roles receive _all_permissions() — every permission in the system. The surface provides global visibility across all countries, cities, businesses, and tenants. Roles: super_admin, platform_admin Modules: all modules in MODULES (sorted alphabetically), including administration, audit, countries, cities, Zippi branches, business groups, businesses, orders, couriers, dispatch, payments, liquidations, settings, and more. Key distinction: super_admin has true root access and full audit trail requirements. platform_admin shares the same permission set but is intended for platform configuration work rather than security-sensitive operations.

admin_panel — Geographic Operations

The admin panel serves six roles that operate at different geographic levels of the Zippi hierarchy. Each role is scoped to a specific geography — from country down to a single Zippi branch — and sees only the data within that scope. Roles: country_admin, city_admin, zippi_branch_admin, operations_admin, finance_admin, support_agent
RoleScopeFocus
country_admincountryAll cities, businesses, operations and finances within one country
city_admincityFull city operations: businesses, couriers, dispatch, payments, settlements
zippi_branch_adminzippi_branchOperations for one Zippi-owned branch (not business branches)
operations_admincityOrders, dispatch, fleet, evidence, incidents — no financial access
finance_admincityWompi, cash register, liquidations, audit — no dispatch or catalog
support_agentcityTickets, WhatsApp, clients, incidents, evidence — no money
Modules (OPERATIONS_MODULES): dashboard, admin_app, orders, clients, couriers, dispatch, businesses, business_branches, pricing, zones, evidence, cashier, payments, liquidations, coupons, support, incidents, reports, notifications

business_portal — Brand Management

The business portal is for users who own or administer one or more brands. It combines a business dashboard with operational tools and financial reporting. Roles: business_owner, business_admin
RoleScopeDistinction
business_ownerbusiness_groupControls a full business group (multiple brands/branches), has business_groups.* permissions
business_adminbusinessAdministers a single brand and its branches; no business_groups.* permissions
Modules (BUSINESS_MODULES): dashboard, business_portal, businesses, business_branches, catalog, product_options, orders, kitchen, cashier, waiter, payments, liquidations, coupons, support, reports, notifications

business_branch_portal — Branch Admin

The branch portal is the surface for business_branch_admin. It gives full operational control over one physical business location — catalog, orders, kitchen, cashier, waiter, payments, and reports — all scoped to that single branch. Role: business_branch_admin Default scope: business_branch · Home route: /app/business/branch Modules (BUSINESS_BRANCH_MODULES): business_branch_portal, orders, kitchen, cashier, waiter, catalog, product_options, payments, support, reports Permissions: dashboard, business_branches, catalog, orders, kitchen, cashier, waiter, payments, incidents, reports (.read + .manage per module).

kitchen_app — Kitchen Commands Screen

The kitchen app is the focused command-ticket surface for kitchen_staff. It shows the live preparation queue with priority, timers, and alarms — no dashboards, no financial data. Role: kitchen_staff Default scope: business_branch · Home route: /app/business/kitchen Modules: kitchen_app, orders, catalog Permissions: orders.read, orders.prepare, orders.pack, kitchen.read, kitchen.manage, catalog.read, catalog.edit_availability

cashier_app — Till and Shift Screen

The cashier app is the dedicated till surface for the cashier role. It covers opening and closing shifts, registering payments, reconciling cash vs. Wompi, and arqueo. Role: cashier Default scope: business_branch · Home route: /app/business/cashier Modules: cashier_app, orders, payments, reports Permissions: orders.read, orders.close, orders.collect_payment, cashier.read, cashier.reconcile, cashier.open, cashier.close, payments.read, reports.read

waiter_app — Table Map and Order Intake

The waiter app is the table-service surface for the waiter role. It shows the dining room map, order intake, and bridges kitchen and cashier. Role: waiter Default scope: business_branch · Home route: /app/business/waiter Modules: waiter_app, orders, kitchen, cashier Permissions: orders.read, orders.accept, orders.reject, waiter.read, waiter.manage, kitchen.read, cashier.read

courier_app — Delivery App

The courier app is the mobile experience for delivery_driver. The scope type is self — the driver sees only their own assigned deliveries. Role: delivery_driver Modules: courier_app Permissions: orders.read, orders.pickup, orders.transit, orders.deliver, orders.mark_failed, orders.mark_absent, couriers.read, evidence.read, evidence.manage, incidents.read The courier app is designed to operate efficiently on a mobile device: receive assignment, navigate to pickup, mark states, upload photo evidence, and report incidents — without access to any other business data.

client_app — Customer Marketplace

The client app is the consumer-facing surface. The scope type is self — the customer sees only their own orders and profile. Role: customer Modules: client_app Permissions: orders.read, clients.read, incidents.read, incidents.manage Note that customer does not have orders.manage. Customers view their orders and create support incidents — they cannot transition order states, which is an operator action. Orders can also be created via the WhatsApp bot channel, but those orders enter the same state machine and are subject to the same scope rules.

Access Profile Construction

When a user authenticates, build_access_profile() assembles the complete JWT payload from the role definition:
# backend/app/modules/auth/domain/rbac.py
def build_access_profile(
    *,
    role: object,
    scope_type: object = None,
    scope_id: object = None,
    scope_label: object = None,
) -> dict[str, Any]:
    definition = get_role_definition(role)
    resolved_scope_type = normalize_scope_key(scope_type or definition["default_scope_type"])
    return {
        "role": definition["key"],
        "role_label": definition["label"],
        "surface": definition["surface"],
        "home_route": definition["home_route"],
        "modules": definition["modules"],
        "permissions": expand_permissions(definition["permissions"]),
        "scope_type": resolved_scope_type,
        "scope_id": scope_id,
        "scope_label": str(scope_label or "").strip() or None,
    }
The expand_permissions() call resolves implied permissions (for example, catalog.manage expands to all fine-grained catalog.* action permissions) before the payload is embedded in the JWT. See Permissions for the full implication model.

Build docs developers (and LLMs) love