Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/DragonesMagicos/ferromax_v0.8/llms.txt

Use this file to discover all available pages before exploring further.

The ADMIN role is reserved for business owners and managers who need full visibility and control over every system operation. Admins are the only users who can see purchase (cost) prices, supplier names, voided transactions, pending remito approvals, stock adjustment logs, and the invoice OCR pipeline. In a typical Ferromax installation, the admin is José Rodríguez — the store owner who monitors daily KPIs, reviews cash flow, and acts on low-stock alerts.

Default Credentials

The DataInitializer seeds the following admin account on first boot if no users exist in the database:
FieldValue
Email[email protected]
Passwordadmin123
RoleADMIN
Change the default admin password immediately in any production or staging environment. The seed credentials are public knowledge and present a critical security risk if left unchanged.

Accessible Modules

Dashboard

Real-time KPI summary (/dashboard/resumen), sales-per-day chart for the last 7 days (/dashboard/ventas-semana), and the 10 most recent transactions (/dashboard/transacciones). The first page an admin sees after login.

Products — Full CRUD

Full product list including precioCompra (purchase/cost price) and nombreProveedor. Create, update, and deactivate products via POST /productos, PUT /productos/{id}, and DELETE /productos/{id}.

Sales — Full History & Void

View all sales across all cashiers for any date range via GET /ventas?desde=&hasta=. Void any transaction with PUT /ventas/{id}/anular. Employees only see their own daily sales.

Stock Management

Post manual stock corrections via POST /ajustes-stock (e.g., shrinkage, inventory count discrepancies). View full adjustment history via GET /ajustes-stock. Review and approve supplier remitos via GET /recepciones-remito/pendientes and PATCH /recepciones-remito/{id}/confirmar.

Invoice Scanning (OCR)

Upload a supplier invoice image or PDF via POST /facturas/analizar (multipart). The OCR service extracts line items; the admin reviews and confirms the stock ingestion via POST /facturas/confirmar. Historical invoice records are paginated at GET /facturas.

Stock Alerts

GET /alertas returns all unread low-stock alerts; GET /alertas/todas shows the last 30 days. Mark individual alerts read with PUT /alertas/{id}/leer or clear all at once with PUT /alertas/leer-todas.

Admin-Only API Endpoints

The table below lists every endpoint that requires the ADMIN role, sourced directly from SecurityConfig.java, DashboardController.java, ProductoController.java, VentaController.java, AjusteStockController.java, FacturaController.java, AlertaController.java, and RecepcionRemitoController.java.
MethodPathDescription
GET/dashboard/resumenKPI summary (total sales today, stock alerts, cash flow)
GET/dashboard/ventas-semanaDaily sales totals for the last 7 days
GET/dashboard/transaccionesLast 10 transactions across all cashiers
GET/productosFull product list including cost price and supplier
GET/productos/{id}Product detail by ID (includes cost price)
GET/productos/sku/{sku}Product lookup by SKU (includes cost price)
GET/productos/barcode/{codigo}Product lookup by barcode (includes cost price)
GET/productos/stock-criticoProducts below minimum stock threshold
POST/productosCreate a new product
PUT/productos/{id}Update an existing product
DELETE/productos/{id}Deactivate a product (soft delete)
GET/ventasAll sales with optional ?desde=&hasta= date filter
PUT/ventas/{id}/anularVoid a sale
POST/ajustes-stockPost a manual stock adjustment
GET/ajustes-stockPaginated stock adjustment history
POST/facturas/analizarUpload invoice image/PDF for OCR analysis
POST/facturas/confirmarConfirm and commit OCR-extracted stock ingestion
GET/facturasPaginated list of processed invoices
GET/alertasUnread low-stock alerts
GET/alertas/todasAll alerts from the last 30 days
PUT/alertas/{id}/leerMark a single alert as read
PUT/alertas/leer-todasMark all alerts as read
GET/recepciones-remito/pendientesRemitos awaiting admin approval
GET/recepciones-remitoAll remito receipts
PATCH/recepciones-remito/{id}/confirmarApprove or reject a remito
GET/proveedoresSupplier list — also accessible to EMPLEADO
POST, PUT, DELETE/proveedores/**Create, update, and delete suppliers — ADMIN-only
The following endpoints are shared between ADMIN and EMPLEADO: POST /ventas, GET /ventas/{id}, GET /ventas/{id}/detalle, POST /recepcion, POST /recepciones-remito, GET /recepciones-remito/mis-recepciones, GET /recepciones-remito/{id}, and GET /proveedores. See the Empleado page for the full shared-access list.

Frontend Routes (Admin)

The React application (App.jsx) guards these pages with <ProtectedRoute requiereAdmin>, making them accessible only to admins:
RouteComponentDescription
/DashboardPageKPI dashboard — default landing page for admin
/remitosRemitosPagePending remito list and approval flow
/ajuste-stockAjusteStockPageManual stock adjustment form and history
/ingreso-facturaIngresoFacturaPageInvoice OCR upload and confirmation
Admins also have full access to the <ProtectedRoute requiereEmpleado> routes, because isEmpleado() in AuthContext.jsx returns true for both ADMIN and EMPLEADO roles:
RouteComponentDescription
/posPOSBarcode-scanner POS terminal
/recepcionRecepcionPageSingle-item stock receipt form
/productosProductosProduct browser
/ventasVentasFull sales history (admins see all cashiers)

What Admins Cannot Do

Despite their broad permissions, there are two things the ADMIN role cannot do through the API:
  1. Self-register. The POST /auth/register endpoint always assigns CLIENTE. Admin accounts must be created via DataInitializer on first boot or through a direct database insert (UPDATE usuario SET rol = 'ADMIN' WHERE email = '...').
  2. Change another user’s role via the API. There is no PUT /usuarios/{id}/rol endpoint in the current version. Role changes require direct database access.

Build docs developers (and LLMs) love

Get started for freeTalk to us