Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/astrxnomo/tourify/llms.txt

Use this file to discover all available pages before exploring further.

The Role System

Tourify uses a simple two-role system stored in the roles table and referenced on every user record via role_id.
role_idRoleDescription
1AdminFull access to the admin panel — can manage all content, users, reviews, and notifications
2UserStandard mobile app account — no admin panel access
The User model declares its relationship:
// app/Models/User.php
public function role(): BelongsTo
{
    return $this->belongsTo(Role::class);
}
And the Role model:
// app/Models/Role.php
protected $fillable = ['name', 'label', 'description'];

public function users(): HasMany
{
    return $this->hasMany(User::class);
}

Default Role on Registration

Every new account created through the mobile app API is automatically assigned role_id = 2. There is no self-service path for a regular user to elevate their own role — only an existing admin can promote another account.

Managing Users

URL: /admin/users

Viewing All Users

Navigate to /admin/users to see a full list of registered accounts. The index loads each user with:
  • Their role (via User::with('role'))
  • Counts for reviews, event registrations, and favorites (via withCount(...))
  • Sorted alphabetically by name
Each row in the table shows the user’s name, email address, role, registration date, and activity counts.

Toggling Admin Role

Route: PATCH /admin/users/{user}/role
Named route: admin.users.toggleRole
The toggle is a single action that flips a user’s role_id between 1 (admin) and 2 (regular user):
$user->update(['role_id' => $user->role_id === 1 ? 2 : 1]);
The controller enforces two safety guardrails before applying the change:
GuardBehaviour
Self-modificationAn admin cannot toggle their own role — returns an error: “No puedes cambiar tu propio rol.”
Last admin protectionIf the target user is currently the only admin (role_id = 1 count ≤ 1), the toggle is blocked — returns an error: “Debe existir al menos un administrador.”
Granting a user the admin role (role_id = 1) gives them full, unrestricted access to the admin panel — including the ability to delete content, remove other users, and broadcast push notifications to all app users. Only promote accounts you fully trust.

Deleting a User

Route: DELETE /admin/users/{user}
Named route: admin.users.destroy
Clicking Delete on a user’s row sends a DELETE request to /admin/users/{user}. The same two guardrails apply:
GuardBehaviour
Self-deletionAn admin cannot delete their own account — returns an error: “No puedes eliminar tu propia cuenta.”
Last admin protectionThe sole remaining admin account cannot be deleted — returns an error: “No puedes eliminar al último administrador.”
On success, the user record is permanently deleted and you are redirected to the users index.
Account deletion is permanent and irreversible. All data associated with the user — reviews, favorites, event registrations, and notifications — may also be affected depending on your database cascade rules.

The IsAdmin Middleware

All protected admin routes are gated by the custom IsAdmin middleware registered as is_admin:
// app/Http/Middleware/IsAdmin.php
public function handle(Request $request, Closure $next): Response
{
    if (!auth()->check() || auth()->user()->role_id !== 1) {
        return redirect()->route('admin.login');
    }

    return $next($request);
}
Any request to a protected route where:
  • The session is unauthenticated (auth()->check() returns false), or
  • The authenticated user’s role_id is not 1
…is immediately redirected to /admin/login. This runs on every request — there is no cached or token-based bypass.

Creating an Admin User

There is no registration form in the admin panel. To create the first admin account (or add additional ones), use one of the following approaches:
The recommended approach for a fresh installation is to define a seeder that creates an admin account with role_id = 1:
// database/seeders/AdminUserSeeder.php
use App\Models\User;

User::create([
    'role_id'  => 1,
    'name'     => 'Admin',
    'email'    => 'admin@tourify.app',
    'password' => bcrypt('your-secure-password'),
]);
Run it with:
php artisan db:seed --class=AdminUserSeeder
After creating your first admin account, log in to the panel and immediately verify you can reach /admin/dashboard. If you are redirected back to /admin/login, confirm the role_id in the database is set to 1 and that the roles table has a record with id = 1.

Build docs developers (and LLMs) love