IEE Edu uses a simple two-role model: every registered user is either aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/RigbySawGame/ieeEdu_Wen/llms.txt
Use this file to discover all available pages before exploring further.
student or an admin. There is no permissions table or policy file — access control is enforced at three distinct layers: the route group middleware, the EnsureAdmin middleware class, and helper methods on the User model. This keeps the system straightforward while still providing strong separation between the learner experience and the platform administration.
User Roles
| Role | Description | How Granted |
|---|---|---|
admin | Full access to the admin dashboard, all CRUD operations, payment approvals, user management, and subscription control. Also bypasses all course-access checks. | Granted via the iie:make-admin Artisan command. |
student | Default role for every self-registered user. Can access the dashboard, classroom, and their own payments and certificates. | Assigned automatically on registration. |
User::updateOrCreate, so it is safe to run on an existing account. It sets role = 'admin' and status = 'activo' atomically.
User Status
Every user also has astatus field that is independent of their role. The two possible values are:
| Status | Meaning |
|---|---|
activo | The account is active and the user can log in. |
inactivo | The account is suspended. The user will be logged out on their next request. |
CheckUserStatus middleware enforces this at the global web level — it runs on every request and immediately logs out any authenticated user whose status is not activo:
activo to inactivo (and back) via PATCH /admin/users/{user}/toggle-status.
EnsureAdmin Middleware
TheEnsureAdmin middleware is applied to the entire admin.* route group. It performs three sequential checks — any failure immediately returns HTTP 403:
routes/admin.php:
auth runs before EnsureAdmin::class. If the session is unauthenticated, auth redirects to login before EnsureAdmin is ever reached.
Access Check Methods on the User Model
TheUser model exposes several helper methods used by controllers and the SubscriptionAccessService to determine what content a student may access:
| Method | Returns | Logic |
|---|---|---|
hasAccess($courseId) | bool | true if admin, has an active subscription, the course is free, or the user has permanent individual access. |
hasPermanentCourseAccess(int $courseId) | bool | true if admin, has an approved course payment, or has a non-subscription enrollment. Persists after subscription expiry. |
hasSubscriptionActive() | bool | true if the user has a Subscription with status = 'activa' and end_date >= now(). |
hasBookAccess(int $bookId) | bool | true if the user has an approved payment for that book (or is admin). |
hasApprovedBookPayment(int $bookId) | bool | Direct check for an approved book payment record. |
hasPendingBookPayment(int $bookId) | bool | true if a book payment is pendiente or en_revision. |
hasAccess method in full:
Route Protection
Route protection is applied at the group level, not per individual route:public.php carry no middleware at all — they are accessible to anonymous visitors.
The
User model implements the MustVerifyEmail interface. Users who register but have not verified their email address may be blocked from certain routes that require the verified middleware, depending on Laravel’s default email verification guards.