Corpen uses Spatie Laravel Permission (v6.9) for role-based access control across all modules. Every route in Corpen that requires a specific module access — insurance policies, claims, reservations, credits, archive management, and more — is guarded either by aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/corpentunida-org/corpen/llms.txt
Use this file to discover all available pages before exploring further.
candirect middleware check (direct permissions) or by Spatie’s can middleware (role permissions). This page explains the full access control model and how to manage roles and permissions through the admin panel.
Package and Database Tables
Thespatie/laravel-permission package is installed via Composer and creates four tables during the 2024_11_05_135024_create_permission_tables.php migration:
| Table | Purpose |
|---|---|
permissions | All named permissions (e.g. seguros.poliza.index) |
roles | All roles (e.g. admin, seguros, creditos) |
model_has_permissions | Direct permission → User assignments |
role_has_permissions | Permission → Role assignments |
actions table (migration 2024_10_21_141315_create_actions_table.php) stores the User → Role pivot used by Corpen’s custom Role model relationship.
User Model Integration
TheApp\Models\User model uses the HasRoles trait from Spatie, giving it the full Spatie permission API:
CanDirect middleware calls $user->getDirectPermissions() directly (the Spatie HasRoles method) to retrieve permissions stored in model_has_permissions. The custom hasDirectPermission() wrapper on User is a convenience helper available elsewhere in the codebase but is not invoked by the middleware itself.
The CanDirect Middleware
Corpen defines a custom middleware at app/Http/Middleware/CanDirect.php that checks whether the authenticated user has a direct permission matching the permission name passed to the middleware:
Middleware Usage in Routes
The middleware aliascandirect is applied across all sensitive routes:
Default Roles
TheRoleSeeder creates five default roles when you run php artisan db:seed --class=RoleSeeder:
| Role | Intended use |
|---|---|
admin | Full platform access, user and role management |
exequial | Funeral services module |
creditos | Credit management module |
seguros | Insurance policies, claims, and benefits |
read | Read-only viewer across modules |
Permission Naming Convention
Corpen permission names follow the pattern{module}.{resource}.{action}. Examples from production routes:
| Permission Name | Guards Access To |
|---|---|
admin.users.index | User management panel |
admin.auditoria.index | Audit log |
seguros.poliza.index | Insurance policies list |
seguros.reclamacion.index | Insurance claims list |
seguros.convenio.index | Insurance agreements |
seguros.beneficios.index | Insurance benefits |
cinco.tercero.index | Savings module — third parties |
cinco.movcontables.index | Savings accounting movements |
cinco.retiros.index | Savings withdrawals |
reservas.Reserva.pagos | Reservation payments |
reservas.reserva.confirmadas | Confirmed reservations |
reservas.inmueble.active | Active properties |
soporte.lista.administrador | Support admin panel |
correspondencia.usuario.admin | Correspondence admin tools |
Managing Roles and Permissions via the Admin Panel
Corpen provides a web-based admin interface for creating permissions, managing roles, and assigning permissions to roles.Admin Panel Routes
| URL | Controller | Purpose |
|---|---|---|
/users | Admin\UserController | List users, assign/remove roles |
/roles | Admin\RoleController | List roles, attach/detach permissions |
/permisos/create | Admin\PermissionsController | Create a new named permission |
How Role → Permission Assignment Works
RoleController@update syncs permissions for a given role by computing the diff between existing and submitted permission IDs:
Full Workflow: Creating and Assigning Access
Navigate to
/permisos/create in the admin panel, or create it programmatically using Spatie’s Permission model:use Spatie\Permission\Models\Permission;
Permission::create([
'name' => 'seguros.poliza.index',
'guard_name' => 'web',
]);
Permission names must match the string passed to the
candirect or can middleware on the corresponding route exactly.Navigate to
/roles in the admin panel and submit the role creation form, or create it programmatically:use Spatie\Permission\Models\Role;
$role = Role::create([
'name' => 'seguros',
'guard_name' => 'web',
]);
In the admin panel at
/roles, select a role and check the desired permissions in the permission matrix form. Programmatically:$role = Role::findByName('seguros');
$role->givePermissionTo('seguros.poliza.index');
$role->givePermissionTo('seguros.reclamacion.index');
$role->givePermissionTo('seguros.convenio.index');
$role->givePermissionTo('seguros.beneficios.index');
In the admin panel at
/users, select a user and attach the role. Programmatically, using the Spatie API on the User model:$user = User::find($userId);
// Assign a role
$user->assignRole('seguros');
// Or assign a direct permission (checked by CanDirect middleware)
$user->givePermissionTo('seguros.poliza.index');
The
CanDirect middleware checks direct permissions (model_has_permissions table), not role-based permissions. If you only assign a role to a user — without also assigning the individual permission directly — the candirect middleware will still deny access. Use $user->givePermissionTo(...) to assign direct permissions, or use the admin panel’s user permission form.Programmatic Permission Reference
Model Relationships
TheApp\Models\Permisos model (backed by the permissions table) exposes the following relationships:
App\Models\Role model exposes: