Documentation Index
Fetch the complete documentation index at: https://mintlify.com/astrxnomo/tourify/llms.txt
Use this file to discover all available pages before exploring further.
The Role System
Tourify uses a simple two-role system stored in theroles table and referenced on every user record via role_id.
role_id | Role | Description |
|---|---|---|
1 | Admin | Full access to the admin panel — can manage all content, users, reviews, and notifications |
2 | User | Standard mobile app account — no admin panel access |
User model declares its relationship:
Role model:
Default Role on Registration
Every new account created through the mobile app API is automatically assignedrole_id = 2. There is no self-service path for a regular user to elevate their own role — only an existing admin can promote another account.
Managing Users
URL:/admin/users
Viewing All Users
Navigate to/admin/users to see a full list of registered accounts. The index loads each user with:
- Their role (via
User::with('role')) - Counts for reviews, event registrations, and favorites (via
withCount(...)) - Sorted alphabetically by name
Toggling Admin Role
Route:PATCH /admin/users/{user}/roleNamed route:
admin.users.toggleRole
The toggle is a single action that flips a user’s role_id between 1 (admin) and 2 (regular user):
| Guard | Behaviour |
|---|---|
| Self-modification | An admin cannot toggle their own role — returns an error: “No puedes cambiar tu propio rol.” |
| Last admin protection | If the target user is currently the only admin (role_id = 1 count ≤ 1), the toggle is blocked — returns an error: “Debe existir al menos un administrador.” |
Deleting a User
Route:DELETE /admin/users/{user}Named route:
admin.users.destroy
Clicking Delete on a user’s row sends a DELETE request to /admin/users/{user}. The same two guardrails apply:
| Guard | Behaviour |
|---|---|
| Self-deletion | An admin cannot delete their own account — returns an error: “No puedes eliminar tu propia cuenta.” |
| Last admin protection | The sole remaining admin account cannot be deleted — returns an error: “No puedes eliminar al último administrador.” |
The IsAdmin Middleware
All protected admin routes are gated by the custom IsAdmin middleware registered as is_admin:
- The session is unauthenticated (
auth()->check()returnsfalse), or - The authenticated user’s
role_idis not1
/admin/login. This runs on every request — there is no cached or token-based bypass.
Creating an Admin User
There is no registration form in the admin panel. To create the first admin account (or add additional ones), use one of the following approaches:- Database Seeder
- Manual Database Update
- Promote via Admin Panel
The recommended approach for a fresh installation is to define a seeder that creates an admin account with Run it with:
role_id = 1: