Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_WEB/llms.txt

Use this file to discover all available pages before exploring further.

The Supreme Admin module (src/app/supreme/) is the global SaaS management layer of Dragon Guard WMS, reserved exclusively for Grupo MAS platform operators. From a single interface, a SUPERADMIN_SUPREMO user can provision and configure tenant companies, assign subscription plans, bootstrap tenant administrators, and fine-tune per-tenant RFID behavior — all without touching the tenant-facing Admin module that company admins use day to day. The two modules are fully isolated: changes in Supreme Admin do not surface inside any tenant’s admin panel, and tenant admins cannot access Supreme Admin routes.
The Supreme Admin module is protected by supremeGuard. Every route under /dashboard/supreme requires the authenticated user to pass AuthService.isSupremeAdmin(). Any other role — including tenant ADMIN — is redirected away at the route level. Upon login, SUPERADMIN_SUPREMO users are automatically directed to the SaaS dashboard at /dashboard/supreme instead of the standard tenant dashboard.

Access Control

MechanismDetail
GuardsupremeGuard — applied to the entire /dashboard/supreme route tree
Role CheckAuthService.isSupremeAdmin() must return true
Menu VisibilityThe Supreme Admin menu items are rendered only when isSupremeAdmin() is true; they are completely absent from the navigation for all other roles
Login RedirectSUPERADMIN_SUPREMO is redirected to /dashboard/supreme on successful login

Available Routes

SaaS Dashboard

App route /dashboard/supreme — Top-level summary dashboard powered by SupremeService. Displays aggregate metrics across all registered tenant companies.

Companies

App route /dashboard/supreme/companies — Full company list with create and edit flows at /companies/new and /companies/:id.

Subscription Plans

App route /dashboard/supreme/plans — Manage available SaaS subscription plans that can be assigned to tenant companies.

Users

App route /dashboard/supreme/users — Cross-tenant user management, including the tenant admin bootstrapping workflow.

SupremeService

SupremeService is the single Angular service that backs all Supreme Admin screens. It manages data fetching and mutation for the following domain objects:
DomainDescription
Dashboard SummaryAggregate stats displayed on the SaaS dashboard
CompaniesTenant company records — CRUD operations
PlansSubscription plan definitions
Tenant UsersUser accounts scoped to a specific tenant company
RFID Tenant SettingsGlobal RFID on/off and mode configuration per tenant
RFID Tenant PoliciesPer-module RFID behavioral rules per tenant
RFID Tenant EventsRFID scan events viewed in the context of a specific company

Tenant User Bootstrapping

The Users screen includes a bootstrapping workflow for creating the initial administrator account of a new tenant company:
1

Select the target company

Navigate to /dashboard/supreme/users and select the company for which you need to create the first admin.
2

Trigger admin creation

Use the Bootstrap Admin action. Provide the required user fields (name, email, and any company-specific attributes).
3

Capture the temporary password

If the backend creates a net-new user, a generated temporary password is displayed once in the UI immediately after the response. Copy it before closing the dialog — it will not be shown again.
4

Deliver credentials to the tenant admin

Share the email and temporary password with the tenant’s administrator. The user will be prompted to change the password on first login.
If the target tenant already has an admin user account registered with the same email, the backend may reuse the existing user rather than generating a new one. In that case, no temporary password is returned and the existing credentials remain valid. Verify with the tenant admin whether they already have access before re-triggering this flow.

Per-Tenant RFID Configuration

RFID configuration for a tenant company is managed from the Company Detail screen (/dashboard/supreme/companies/:id), under the integration panel. It is split into two layers: global settings and per-module policies.

Global RFID Settings (rfidSettings)

These settings apply tenant-wide and control whether RFID is active at all.
FieldTypeDescription
enabledbooleanMaster switch — enables or disables RFID functionality for the entire tenant
modeenumGlobal operating mode (e.g., strict enforcement, advisory, disabled)
Module ScopesPer-module toggles to enable RFID within specific WMS workflows
Module Scopes available:
ScopeWorkflow
inquiryItem Inquiry / EPC resolution lookups
receiptsReceiving / inbound operations
shipmentsShipping / outbound operations
movementsInternal warehouse movements and transfers

Per-Module RFID Policies (rfidPolicies)

Each module scope can have an independent policy record that controls how the backend behaves when an RFID scan event occurs in that context.
Policy FieldDescription
Manual FallbackWhether the operator is allowed to fall back to manual entry when a scan fails to resolve
Barcode FallbackWhether a barcode scan is accepted as a fallback when RFID resolution fails
Exact MatchWhether the resolved item must exactly match the expected document line, or if fuzzy matching is permitted
Duplicate Read WindowTime window (in seconds or milliseconds) within which repeated reads of the same EPC are suppressed
Evidence FlagsControls which evidence artifacts (device snapshot, location snapshot, etc.) are captured and stored per event
Audit FlagsControls which events are written to the persistent RFID audit log
If no policy has been saved for a module yet, the UI renders the policy form using frontend defaults rather than leaving the form blank. The defaults are not persisted until the operator explicitly saves the policy for that module.
When the backend returns ignoreDuplicateReadsWithinWindow: true for a module policy, the UI treats duplicateTagBehavior as a derived value and keeps the corresponding dropdown disabled. This prevents the operator from setting conflicting behavior when the backend is already configured to suppress duplicates at the window level.

RFID Endpoints for Supreme Admin

All RFID configuration endpoints for Supreme Admin are distinct from the tenant-facing RFID APIs.
MethodEndpointDescription
PATCH/api/supreme/companies/{id}/integration/rfid-settingsUpdate global RFID settings for a specific tenant company
GET/api/supreme/companies/{id}/integration/rfid-policiesRetrieve all per-module RFID policies for a tenant
PUT/api/supreme/companies/{id}/integration/rfid-policiesReplace all per-module RFID policies for a tenant
GET/api/rfid/events?companyId={id}Retrieve RFID scan events scoped to a specific tenant company

Company Integration Panel

Each company detail screen (/dashboard/supreme/companies/:id) includes an Integration panel where the platform operator configures the connector between Dragon Guard WMS and the tenant’s backend ERP or fulfillment system.

Connector Selection

Before configuring any integration fields, the operator must select a connector type. The available fields, their labels, and their visibility rules are determined by the selected connector.

Field Visibility Rules

The integration panel organizes fields into the following categories to guide the operator:
CategoryMeaning
RequiredMust be filled before the connector can function
RecommendedStrongly advised for full functionality; not strictly required
OptionalAvailable for advanced configuration; can be left blank
Old / LegacyDeprecated fields retained for backward compatibility; shown with a visual indicator
The UI highlights required and recommended fields automatically when a connector type is selected.

GrupoMASNative Connector

When the GrupoMASNative connector is selected, the following field rules apply:
FieldCategoryNotes
Company CodeRequiredThe tenant’s internal company identifier in the Grupo MAS system
Base URLRequiredRoot URL of the Grupo MAS native API endpoint
API KeyOptionalValue is masked in the UI; displayed as a password-type input
Bearer TokenOptionalValue is masked in the UI; displayed as a password-type input
X-Api-Key (Legacy)LegacyThe older API key header; shown in a separate legacy block, distinct from the delegated login flow
The delegated login flow and the legacy X-Api-Key block are rendered as separate sections in the integration panel for GrupoMASNative. The legacy block is clearly labeled to indicate it should be used only for backward-compatible integrations that cannot be migrated to the delegated authentication model.

AdminModule vs. SupremeModule

The AdminModule (src/app/admin/) is preserved intact for tenant company administrators. It provides tenant-scoped management of items, users, RFID tags, and other warehouse resources. It is entirely separate from SupremeModule. Tenant admins never see Supreme routes, and Supreme Admin operators cannot perform tenant-level warehouse operations through the Supreme interface.
ModuleAudienceRoute PrefixGuard
AdminModuleTenant company admins/dashboard/adminStandard role guard
SupremeModuleSUPERADMIN_SUPREMO only/dashboard/supremesupremeGuard

Edge Cases

If a tenant company has not been assigned a subscription plan, the company list and detail screens display ‘Sin plan’ in the plan column. The company remains functional at the platform level; plan assignment is an administrative step, not a technical requirement for the company record to exist.
When triggering the Bootstrap Admin flow for a company whose email is already registered, the backend may return the existing user record instead of creating a new one. No temporary password is generated in this case. The UI will not display a password field. Confirm with the tenant admin that they can still access their account before assuming the bootstrapping step needs to be repeated.
If a module (e.g., Receipts) has never had its RFID policy saved, the policy form renders with frontend-defined default values. These defaults are not written to the backend until the operator clicks Save. Until then, the backend falls back to its own internal defaults for that module. Ensure you save each module policy explicitly after reviewing the defaults.
When this flag is true on a retrieved policy, the duplicate tag behavior dropdown in the policy form is rendered in a disabled state. The UI infers that the backend is managing duplicate suppression at the window level and does not allow a conflicting manual override.
Events viewed from the company detail RFID events panel follow the same rendering rules as the tenant RFID Events screen. Missing CorrelationId or SessionId display as dashes. Invalid or plain-text MetadataJson renders as raw text. The detail dialog remains stable in all cases.

Build docs developers (and LLMs) love