Skip to main content
GET /api/permisos/mis-permisos/:idPerfil Joins permisos_perfil with modulo and returns a Record<string, PermisosAccion> indexed by the uppercased module name. This is the key endpoint for RBAC enforcement in the frontend. useAuth.ts calls this endpoint inside cargarMisPermisos() immediately after a successful login and again when the session is restored on page refresh. The result is stored in the global misPermisos state and later checked via tienePermiso(nombreModulo, accion).

Path parameters

idPerfil
number
required
ID of the profile whose permission map you want to load.

Response

success
boolean
required
true when the query completes without error.
permisos
object
required
A plain object whose keys are uppercase module names (e.g. "USUARIO", "PERFIL") and whose values are PermisosAccion objects. Returns an empty object {} when the profile has no assigned permissions.

PermisosAccion interface

Defined in app/composables/useAuth.ts: 
export interface PermisosAccion {
  bitConsulta: boolean;
  bitAgregar: boolean;
  bitEditar: boolean;
  bitEliminar: boolean;
  bitDetalle: boolean;
}
The global permissions state is typed as Record<string, PermisosAccion> and accessed via tienePermiso(nombreModulo, accion), which looks up the module name in uppercase and returns false if the key does not exist: 
const tienePermiso = (nombreModulo: string, accion: keyof PermisosAccion) => {
  const modulo = misPermisos.value[nombreModulo.toUpperCase()]
  return modulo ? modulo[accion] : false
}

Error response

500
{
  "statusCode": 500,
  "message": "Error al cargar los permisos del usuario"
}

Examples

curl --request GET \
  --url 'https://your-domain.com/api/permisos/mis-permisos/2' \
  --cookie 'auth_token=<your-jwt>'

Success response

The response key permisos is a plain object — not an array. Each key is the module name in uppercase exactly as stored in the modulo table.
200
{
  "success": true,
  "permisos": {
    "USUARIO": {
      "nombreModulo": "Usuario",
      "bitAgregar": false,
      "bitEditar": true,
      "bitConsulta": true,
      "bitEliminar": false,
      "bitDetalle": true
    },
    "PERFIL": {
      "nombreModulo": "Perfil",
      "bitAgregar": false,
      "bitEditar": false,
      "bitConsulta": true,
      "bitEliminar": false,
      "bitDetalle": false
    },
    "MODULO": {
      "nombreModulo": "Modulo",
      "bitAgregar": false,
      "bitEditar": false,
      "bitConsulta": true,
      "bitEliminar": false,
      "bitDetalle": false
    }
  }
}
Each value object includes nombreModulo because the server selects it from the modulo join alongside the permission flags. Only the boolean flag fields are used by tienePermiso(); nombreModulo is informational.

Build docs developers (and LLMs) love

Get started for freeTalk to us