Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/JuanDiego3030/Planta_Milenio/llms.txt

Use this file to discover all available pages before exploring further.

Planta Milenio’s access control system is built on five independent boolean flags stored directly on each User_admin record. There are no roles, no groups, and no inherited privileges — every flag is evaluated individually at the top of each view function. A user can hold any combination of flags, enabling fine-grained access that fits the operational responsibilities of each operator.
A user with no permission flags set can still complete the login flow successfully — their session will be created and user_admin_id will be written. However, they will be immediately redirected back to the login page with an access-denied message the moment they try to open any protected view.

Permission Flags Reference

FieldURLModule purpose
permiso_control/control/Register purchase order entries and view entry history
permiso_control_personas/control_personas/Log and track visitor and personnel access
permiso_reportes/reportes/View operational reports and download PDFs
permiso_auditoria/auditoria/View and edit transport records in orden_profit_transporte
permiso_usuarios/usuarios/Create, edit, and delete User_admin accounts
Each view checks its corresponding flag immediately after loading the user from the session. If the flag is False, the view never renders — it redirects to login with an error message.

Per-Permission Details

What it enables:
  • Search purchase orders by order number (fact_num) against the external sqlserver and ceres_romana databases
  • Register a purchase order entry into the local Historial table and the orden_profit_transporte table in ceres_romana via the Orden_Profit_Transporte_Insert stored procedure
  • Browse the paginated entry history with date-range filtering
  • Download entry history as a PDF report
What it blocks (without this flag): The control view redirects to login immediately with: “No tiene permiso para acceder a la vista de control.”Additional solo_consulta restriction: Even with this flag enabled, a solo_consulta user cannot submit the order registration form (POST). Any attempt is redirected with: “No tiene permisos para registrar ingresos. Solo puede consultar y descargar el historial.”
What it enables:
  • Log a new AccesoPersona entry: captures name, surname, ID number (cedula), company, entry reason, authorized by, vehicle plate, and visit status (aprobada / negada)
  • Record departure time for an approved visit, auto-calculating tiempo_visita in minutes
  • Search the paginated visitor history by name, surname, ID number, or vehicle plate
What it blocks (without this flag): The control_personas view redirects to login immediately with: “No tiene permiso para acceder a la vista de control de personas.”Additional solo_consulta restriction: A solo_consulta user can open the page and search the visitor history but cannot submit new entries or record departures. Any POST is blocked with: “No tiene permisos para registrar o modificar accesos de personas. Solo puede consultar.”
What it enables:
  • View the materia_prima report: paginated Historial entries filterable by date range
  • View the personal report: paginated AccesoPersona entries filterable by date range
  • Download either report as a PDF (generated by WeasyPrint from a Django template)
What it blocks (without this flag): The reportes view redirects to login with: “No tiene permiso para acceder a la vista de reportes.”Additional solo_consulta restriction: The reports views are read-only by nature (GET-only navigation and PDF downloads). A solo_consulta user with this permission experiences no functional difference from a full-access user on this module.
What it enables:
  • Browse the most recent 100 records from orden_profit_transporte in ceres_romana, with full-text search across order number, vehicle plate, and conductor fields
  • Edit transport record fields (product code, company RIF, conductor ID number, vehicle plates, destination) via the Orden_Profit_Transporte_Update stored procedure
  • Records with a non-zero Pesada_Id are locked — the edit button is hidden and any attempt to edit them is rejected with: “No se puede editar este registro porque ya tiene Pesada_Id.”
What it blocks (without this flag): The auditoria view redirects to login with: “No tiene permiso para acceder a la auditoría.”Additional solo_consulta restriction: A solo_consulta user can browse and search audit records but cannot submit the edit form. Any POST with editar_registro is blocked with: “No tiene permisos para editar registros.”
What it enables:
  • List all User_admin records alphabetically, paginated at 10 per page
  • Create new users with full control over all fields and permission flags
  • Edit any existing user’s fields, permissions, and lock status (password is only updated when a new value is explicitly entered)
  • Delete users permanently
What it blocks (without this flag): The control_usuarios view redirects to login with: “No tiene permiso para acceder a la gestión de usuarios.”Additional solo_consulta restriction: A solo_consulta user can view the user list but all Create, Edit, and Delete form submissions are blocked with: “No tiene permisos para crear, editar o eliminar usuarios. Solo puede consultar.”

solo_consulta — Read-Only Mode

When solo_consulta is True, the user can log in normally and navigate to any view their permission flags allow. The restriction applies exclusively to HTTP POST requests: every write operation across all five modules is intercepted before any database call occurs and the user is redirected with an explanatory error message. This mode is well-suited for:
  • Auditors who need to inspect records and download PDFs but must not modify operational data
  • Supervisors who review activity across all modules without making entries themselves
  • Temporary or provisional accounts being reviewed before being granted full write access
Setting solo_consulta in the web panel is done through the checkbox on the Create or Edit user form. Via the CLI, it is set during initial registration (the s/n prompt) or can be changed at any time using option 2 (change password) in CreateUser.py.

bloqueado — Account Locking

The bloqueado flag is a complete login block. The login view checks it before verifying the password: 
user = User_admin.objects.get(nombre=nombre)
if user.bloqueado:
    messages.error(request, 'Usuario bloqueado')
    # session is NOT written — login fails here
A locked account cannot authenticate regardless of whether the password is correct. No session key is created. The user sees only the message “Usuario bloqueado” on the login page. To unlock an account, uncheck Bloqueado in the web panel’s Edit form (requires permiso_usuarios) and save. There is no self-service unlock flow.

Configuring Permissions

1

Log in as a user with permiso_usuarios

Navigate to /usuarios/. If you see the user list, your account has the necessary access.
2

Open the Create or Edit form

Click Crear usuario for a new account, or the Edit icon next to an existing user.
3

Toggle the permission checkboxes

Each permiso_* field is rendered as a checkbox. Check the modules the user should be able to access. Set Solo consulta if the user should have read-only access across their permitted modules. Set Bloqueado to disable login without deleting the record.
4

Submit

Click Guardar. Changes take effect on the user’s next page load — any currently active session will reflect the updated permissions on the next view request.

Build docs developers (and LLMs) love

Get started for freeTalk to us