A permission in PermisosQR represents a single authorized exit event. It begins the moment an operator scans anDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/edgar2420/QrPermision/llms.txt
Use this file to discover all available pages before exploring further.
available QR code and assigns it to an employee — recording the exit time, the employee’s name, and the maximum duration allowed. The permission stays open until the employee returns and the QR is scanned again. At that point the system calculates exactly how long the employee was absent, how much of that exceeded the allowed window, and whether they were compliant. Every field is immutable once the return is recorded, giving you a tamper-proof audit trail.
Enabling a Permission
To open a permission, the QR code must be inavailable status. The system locks the QR row with FOR UPDATE during the transaction to prevent race conditions. On success, the QR’s status immediately changes to active.
The numeric ID of the QR code to activate. Must refer to a QR currently in
available status.Full name of the employee receiving the permission. Stored as a free-text string — no user account required.
Maximum number of minutes the employee is permitted to be absent. Defaults to
15 if omitted or non-numeric.Optional free-text annotation (e.g., reason for exit, destination). Stored in the permission record and visible in history.
201 Created
available status the API returns 400 with the message "El QR no está disponible. Estado actual: <current_status>".
Returning a Permission
When the employee returns, scanning the same QR (nowactive) triggers the return flow. The system finds the open permission record, computes all timing fields, writes them atomically, and resets the QR’s status to available.
Required fields
| Field | Type | Notes |
|---|---|---|
qrId | integer | The same QR ID that was enabled |
notes | string | Optional. Appended to the permission record |
200 OK
Compliance Calculation
All three compliance fields are calculated in JavaScript on the server at the momentreturn_time is recorded and stored as DECIMAL(10, 2) columns. The calculation uses millisecond-precision timestamps:
time_used_minutes and delay_minutes are rounded to two decimal places with parseFloat(...toFixed(2)) before storage. A permission where the employee returned exactly on time or early has delay_minutes = 0.00 and is_compliant = true.
Example walkthrough
Permission History
GET /api/permissions/history returns a paginated, reverse-chronological list of all permission records. Each row is enriched with the QR’s current status, the operator who enabled it, and (if already returned) the operator who recorded the return.
Query parameters
| Parameter | Type | Description |
|---|---|---|
page | integer | Page number (default: 1) |
limit | integer | Records per page (default: 20) |
qrId | integer | Filter to a specific QR code |
startDate | string | ISO 8601 date — filters created_at ≥ |
endDate | string | ISO 8601 date — the server appends 23:59:59 |
isCompliant | boolean | true or false |
Role-based visibility: Operators with the
admin_operator role can only see permissions they personally enabled — the enabledBy filter is injected automatically from the JWT. Super Admins (super_admin) receive the full, unfiltered history across all operators.Deleting a Permission Record
Super Admins can permanently delete any permission record. If the deleted permission was still open (return_time IS NULL), the associated QR code is automatically reset to available so it can be used again.
200 OK