Corpen’s user management system controls who can access the platform and what each person can do within it. Built on top of Spatie Permission, it combines a customDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/corpentunida-org/corpen/llms.txt
Use this file to discover all available pages before exploring further.
actions pivot table for role assignments with a model_has_permissions table for fine-grained per-user permission overrides. Administrators manage all accounts, roles, and permissions through three dedicated resource controllers registered under the auth middleware.
Admin Routes
| Method | URI | Controller Action | Route Name |
|---|---|---|---|
| GET | /users | UserController@index | admin.users.index |
| GET | /users/create | UserController@create | admin.users.create |
| POST | /users | UserController@store | admin.users.store |
| GET | /users/{user}/edit | UserController@edit | admin.users.edit |
| PUT/PATCH | /users/{user} | UserController@update | admin.users.update |
| GET | /roles | RoleController@index | admin.roles.index |
| POST | /roles | RoleController@store | admin.roles.store |
| PUT/PATCH | /roles/{role} | RoleController@update | admin.roles.update |
| DELETE | /roles/{id} | RoleController@destroy | admin.roles.destroy |
| GET | /permisos/create | PermissionsController@create | admin.permisos.create |
| POST | /permisos | PermissionsController@store | admin.permisos.store |
auth middleware. The /users route additionally requires the candirect:admin.users.index middleware gate.
User Model
TheApp\Models\User model extends Laravel’s Authenticatable and uses the Spatie HasRoles trait. Its mass-assignable fields are:
| Field | Type | Description |
|---|---|---|
name | string | Full name, stored in uppercase |
email | string | Unique login email address |
password | string (hashed) | Bcrypt-hashed password |
nid | string | National ID (cédula) — used to link the user to an employee profile |
fecha_nacimiento | date | Date of birth — used in the associate validation flow |
type | string|null | User category; standard admin-panel users have type = null |
Custom Accessors and Methods
getNombreCortoAttribute()
Returns the first two space-separated parts of the user’s name. Useful for compact UI display:
hasPermission($permiso)
Checks whether the user has a given permission via the model_has_permissions pivot:
hasDirectPermission($permiso)
Delegates to Spatie’s getDirectPermissions() to verify only directly assigned (non-role-inherited) permissions:
Employee Profile Integration
perfilEmpleado() — hasOne(GdoEmpleado::class, 'cedula', 'nid')
Joins the user to their GDO_Empleados record by matching users.nid against GDO_Empleados.cedula.
getFotoPerfilAttribute()
Accessor ($user->foto_perfil) that returns a signed route URL to the employee’s photo stored in S3. Returns null when no photo is on record, allowing views to fall back to initials or a placeholder avatar.
Role Model
TheApp\Models\Role model maps to the roles table. Fillable fields are id, name, and guard_name. It exposes two permission relationships:
permissions()—belongsToMany(Permisos::class, 'role_has_permissions')— the Spatie pivot table linking roles to permissions.permissionsRole()—hasMany(Permisos::class, 'role_id')— permissions that list this role as their primaryrole_id.
Permissions Model
TheApp\Models\Permisos model maps to the permissions table. Fillable fields are id, name, guard_name, and role_id. A permission belongs to a role through rolePermission() (belongsTo(Role::class, 'role_id')).
Setting Up Users, Roles, and Permissions
Create a Permission
Navigate to
/permisos/create in the admin panel and submit the form, or create one programmatically. The permission name should follow dot-notation convention (e.g., creditos.index):Create a Role
Navigate to
/roles and use the creation form, or use tinker. Role names are forced to lowercase by RoleController@store:Assign Permissions to the Role
Open the role’s edit view at The
/roles/{role}/edit and select the permissions to attach. Programmatically:RoleController@update method performs a diff between the current permission list and the submitted list, then calls attach() and detach() accordingly — no duplicates are inserted.Create a User Account
Navigate to
/users/create. The form requires a full name, email, password, and at least one role selection. UserController@store uppercases the name, bcrypt-hashes the password, creates an actions pivot record for each selected role, and copies the role’s permissions into model_has_permissions:Searching Users
TheUserController@show method provides a live search over name and email for users whose type is null (standard users). It returns a paginated result of 5 records per page:
Associate (Asociado) Self-Registration
Corpen also supports a member self-registration flow throughUserController@validarAsociadoCreate and UserController@validarAsociado. These routes validate a prospect’s nid (cédula) and fecha_nacimiento against an external API endpoint configured via API_PRODUCCION and TOKEN_ADMIN environment variables before allowing account creation.
Associates registered through the self-registration flow have a non-null
type field. The admin user list at /users only shows users where type IS NULL, keeping standard and associate accounts in separate views.