Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ProyectoFerretek/FerreMarket/llms.txt
Use this file to discover all available pages before exploring further.
src/utils/auth.ts provides server-side role checks and permission guards used across FerreMarket’s admin pages. These functions complement the session-based AuthContext with business-logic level access control: while AuthContext manages whether a user is authenticated at all, the utilities in this module determine what that authenticated user is allowed to do based on their role and active/inactive status stored in the usuarios table.
The usuarioActual Object
At the module level, auth.ts maintains a single shared state object that holds the currently authenticated worker’s role and status:
cargarPermisosTrabajador() after a Supabase session has been established. All permission-guard functions read directly from this object, so they will return false (or their fallback) until the object has been loaded.
cargarPermisosTrabajador
usuarios table for the row whose uid matches the authenticated user’s UUID, and writes the returned rol, estado, and nombre fields into usuarioActual. Each value is normalised through capitalizeWords before storage, so raw lowercase database values like 'admin' become 'Admin'.
If there is no active session, a warning is logged to the console and the function returns without modifying usuarioActual. If the Supabase query fails, the error is logged and the function returns early without mutating state.
Parameters — none.
Returns Promise<void>.
obtenerUsuarioIdByUUID
usuarios table. Internally it runs:
data.id (a number) is returned. If the query fails or no matching row exists, the error is logged and the function returns null.
The UUID string from Supabase Auth (i.e.
session.user.id). This is the value stored in the uid column of the usuarios table.Promise<number | null> — the internal numeric id of the user row, or null if the lookup fails.
esAdministrador
true when the loaded usuarioActual.rol is exactly 'Admin'. The comparison is case-sensitive — the value must be the capitalised form written by cargarPermisosTrabajador. This function is the foundation of every other permission guard; all other guards call esAdministrador() internally before applying their own additional conditions.
Parameters — none.
Returns boolean — true if and only if usuarioActual.rol === 'Admin'.
puedeGestionarUsuarios
true only when esAdministrador() is true and usuarioActual.estado === 'Activo'. This is used as the entry guard for the User Management page to prevent suspended administrators from making changes to user accounts.
Parameters — none.
Returns boolean — true if the current user is an active administrator.
puedeRealizarAccion
false regardless of the action requested. For admins, most actions are permitted freely, but 'eliminar' carries an extra constraint: the administrator’s account must also be in 'Activo' status.
The operation being attempted. Must be one of the five literal string values listed in the union type.
boolean — whether the current user may perform the requested action.
accion | Admin 'Activo' | Admin 'Inactivo' | Non-admin |
|---|---|---|---|
'ver' | true | true | false |
'crear' | true | true | false |
'editar' | true | true | false |
'recuperar' | true | true | false |
'eliminar' | true | false | false |
obtenerUsuarioActual
usuarioActual module-level object. This is the recommended way to read the logged-in user’s name and role in UI components — for example to display "Bienvenido, {nombre}" in a navbar or to show a role badge in the profile dropdown.
Parameters — none.
Returns typeof usuarioActual — the shared object with id, rol, estado, and nombre fields.
Important Notes
Role and status values inside
usuarioActual are capitalised — 'Admin', 'Usuario', 'Cliente', 'Activo', 'Inactivo' — because cargarPermisosTrabajador passes every value through capitalizeWords before writing it to the object. The raw values in the Supabase usuarios table are stored in lowercase ('admin', 'usuario', 'activo', etc.). Keep this distinction in mind if you ever compare usuarioActual.rol directly against a value you have read from the database: normalise both sides first, or rely on the exported guard functions which already handle this correctly.