Introduction The Restaurant Management System is built on Laravel 11 and provides a comprehensive web application with role-based access control. The system manages restaurant operations including menu management, table reservations, orders, and staff coordination.
This application uses Laravel Sanctum for authentication with Jetstream integration. While primarily a web application, it follows RESTful conventions and can be extended for API usage.
Architecture The application follows Laravel’s MVC architecture with the following key components:
Authentication : Laravel Sanctum + Jetstream (Livewire stack)Authorization : Role-based access control using Spatie Laravel Permission + custom middlewareDatabase : Eloquent ORM with migrationsFrontend : Blade templates with Livewire components
Supported User Roles The system supports four distinct user roles:
Guest - Public access to menu browsingCustomer (authenticated) - Can place orders, manage cart, make reservationsChef - Manages food menu items and their profileMesero (Waiter) - Manages tables and reservationsAdmin - Full system access including user management, orders, and reports
All responses follow standard Laravel conventions:
Successful Responses Web Routes : Returns rendered HTML views or redirects with session flash messages:// Success redirect return redirect () -> route ( 'home' ) -> with ( 'success' , 'Order created successfully. ID: 123' ); // View response return view ( 'comidaview' , compact ( 'foods' , 'count' ));
JSON Responses (for API-compatible endpoints):{ "success" : true , "message" : "Operation completed successfully" , "data" : { "id" : 1 , "name" : "Example" } }
Error Responses Validation Errors (HTTP 422):{ "message" : "The given data was invalid." , "errors" : { "email" : [ "The email field is required." ], "password" : [ "The password must be at least 8 characters." ] } }
Authorization Errors (HTTP 403):{ "message" : "No tienes permiso para acceder a esta página. (sin-rol)" }
Authentication Errors (HTTP 401):
Redirects to /login route for web requests
Returns null for JSON requests (expectsJson)
Endpoint Structure by Role Public Endpoints No authentication required:
Method Endpoint Controller Description GET /HomeController@indexHome page with food listings GET /menuHomeController@comidaviewFull menu view (paginated) GET /comidaviewHomeController@comidaviewAlternative menu route GET /infocomida/{food}HomeController@infocomidaFood item details
Authenticated Customer Endpoints Requires auth middleware:
Method Endpoint Controller Description GET /redirectsHomeController@redirectsPost-login role-based redirect GET /cartCartController@indexView shopping cart POST /cart/{food}CartController@storeAdd item to cart DELETE /cart/{cart}CartController@destroyRemove cart item POST /orderconfirmHomeController@orderConfirmConfirm and create order
Cart operations are only available to authenticated users. The cart is user-specific and persists in the database.
Admin Endpoints Prefix: /admin | Middleware: auth, role:admin
User Management Method Endpoint Controller Description GET /admin/usersAdminController@userList all users POST /admin/usersAdminController@createUserCreate new user POST /admin/users/{id}AdminController@updateUserUpdate user DELETE /admin/users/{id}AdminController@deleteuserDelete user
Method Endpoint Controller Description GET /admin/foodmenuAdminController@foodmenuList all menu items POST /admin/foodmenuAdminController@uploadfoodCreate menu item GET /admin/foodmenu/{id}/editAdminController@updateviewEdit form POST /admin/foodmenu/{id}AdminController@updateUpdate menu item DELETE /admin/foodmenu/{id}AdminController@deletemenuDelete menu item
Chef Management Method Endpoint Controller Description GET /admin/chefsAdminController@viewchefList all chefs POST /admin/chefsAdminController@uploadchefCreate chef PUT /admin/chefs/{id}AdminController@updatechefUpdate chef DELETE /admin/chefs/{id}AdminController@deletechefDelete chef
Table Management Method Endpoint Controller Description GET /admin/tablesTableController@indexList all tables POST /admin/tablesTableController@storeCreate table PUT /admin/tables/{id}TableController@updateUpdate table DELETE /admin/tables/{id}TableController@destroyDelete table POST /admin/tables/{id}/mark-as-usedTableController@markAsUsedMark table as occupied
Reservations Method Endpoint Controller Description GET /admin/reservationsAdminController@viewreservationList reservations POST /admin/reservations/{reservationId}/assign-tableAdminController@assignTableAssign table to reservation
Orders Method Endpoint Controller Description GET /admin/ordersAdminController@ordersList all orders GET /admin/orders/searchAdminController@searchSearch orders
Chef Endpoints Prefix: /chef | Middleware: auth, role:chef
Method Endpoint Controller Description GET /chef/profileChefController@showProfileView profile POST /chef/profileChefController@storeProfileCreate profile POST /chef/profile/updateChefController@updateProfileUpdate profile GET /chef/menuChefController@cheffoodmenuList menu items POST /chef/menuChefController@uploadfoodchefCreate menu item GET /chef/menu/{id}/editChefController@chefupdateviewEdit form POST /chef/menu/{id}ChefController@updatechefUpdate menu item DELETE /chef/menu/{id}ChefController@chefdeletemenuDelete menu item
Mesero (Waiter) Endpoints Prefix: /mesero | Middleware: auth, role:mesero
Method Endpoint Controller Description GET /mesero/homeView Dashboard home GET /mesero/tablesMeseroController@viewTablesList tables POST /mesero/tablesMeseroController@storeTableCreate table PUT /mesero/tables/{id}MeseroController@updateTableUpdate table DELETE /mesero/tables/{id}MeseroController@deleteTableDelete table POST /mesero/tables/{id}/mark-as-usedTableController@markAsUsedMark table as used GET /mesero/reservationsMeseroController@meseroviewreservationView reservations POST /mesero/reservations/{reservationId}/assign-tableMeseroController@assignTableAssign table
Unified Admin Panel Endpoints Prefix: /admin | Middleware: auth, role:admin,chef,mesero
The unified admin panel provides a single dashboard accessible to admin, chef, and mesero roles with role-specific permissions enforced at the route level.
Method Endpoint Roles Controller Description GET /admin/dashboardadmin, chef, mesero Admin\DashboardController@indexMain dashboard Resource /admin/usersadmin Admin\UserControllerUser CRUD Resource /admin/chefsadmin Admin\ChefControllerChef CRUD Resource /admin/foodsadmin, chef Admin\FoodControllerFood menu CRUD Resource /admin/tablesadmin, mesero Admin\TableControllerTable CRUD POST /admin/tables/{table}/mark-as-usedadmin, mesero Admin\TableController@markAsUsedMark table used GET /admin/reservationsadmin, mesero Admin\ReservationController@indexList reservations POST /admin/reservations/{reservation}/assign-tableadmin, mesero Admin\ReservationController@assignTableAssign table DELETE /admin/reservations/{reservation}admin, mesero Admin\ReservationController@destroyDelete reservation GET /admin/ordersadmin Admin\OrderController@indexList orders GET /admin/orders/{order}admin Admin\OrderController@showView order GET/POST/etc /admin/profileadmin, chef Admin\ProfileControllerProfile management
The /orderconfirm endpoint (routes/web.php:44) accepts two payload formats:
{ "name" : "John Doe" , "phone" : "+1234567890" , "address" : "123 Main St" , "items" : [ { "food_id" : 1 , "quantity" : 2 }, { "food_id" : 3 , "quantity" : 1 } ] }
POST /orderconfirm name=John Doe phone=+1234567890 address=123 Main St foodname[]=Pizza foodname[]=Burger price[]= 15.99 price[]= 12.99 quantity[]= 2 quantity[]= 1
The legacy format is maintained for backward compatibility but the structured JSON format is recommended for all new integrations.
Route Model Binding The application uses Laravel’s route model binding extensively:
// Automatic model resolution Route :: get ( '/infocomida/{food}' , [ HomeController :: class , 'infocomida' ]); // Controller receives Food model instance public function infocomida ( Food $food ) { return view ( 'infocomida' , compact ( 'food' )); }
List endpoints return paginated results:
Home page : 12 items per page (routes/web.php:25)Menu view : 24 items per page (routes/web.php:69)Standard Laravel pagination links included in views
CSRF Protection All POST, PUT, PATCH, and DELETE requests require CSRF token validation:
< form method = "POST" action = "/cart/1" > @csrf <!-- form fields --> </ form >
CSRF protection is enforced by App\Http\Middleware\VerifyCsrfToken (config/sanctum.php:80)
Next Steps
Authentication Learn about Laravel Sanctum authentication, role-based access, and middleware
Admin Controller Detailed documentation for administrator endpoints
Chef Controller Chef-specific menu management operations
Waiter Controller Waiter endpoints for tables and reservations
