Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/edgar2420/QrPermision/llms.txt

Use this file to discover all available pages before exploring further.

In PermisosQR, a QR code is the physical token that authorizes an employee to leave the premises. Each code is a database record with a numeric ID, a lifecycle status, and a complete audit trail of every permission it has ever carried. QR codes are not tied to a specific person — they are reusable physical labels that can be handed to any employee and recovered when they return. The code printed on the label encodes nothing more than the QR’s numeric ID, which the system resolves at scan time to determine the current status and take the appropriate action.

QR Status States

Every QR code moves through a well-defined set of states. Understanding these states is essential for operating the system correctly.
StatusMeaningCan Be Used?
availableReady to be assigned to an employee✅ Yes — enables a new permission
activeCurrently held by an employee who has not yet returned⏳ Scannable for return only
expiredPermission time elapsed without a return being recorded❌ No — must be reactivated first
disabledManually taken out of rotation by an operator❌ No — must be reactivated first
The expired status is reserved for future automation. Currently, the system sets QR codes to available when a return is recorded and to disabled when manually decommissioned. Reactivating either state restores the code to available.

Generating QR Codes

Only users with the Super Admin role (super_admin) can generate new QR codes. A single generation request creates between 1 and 500 codes atomically inside a database transaction — if any row insertion fails, the entire batch is rolled back.
1

Open the Generate dialog

In the QR Management screen, click Generar QR. Enter the number of codes you want (1–500).
2

Send the API request

The frontend calls POST /api/qr/generate with a JSON body containing the requested quantity.
3

Print the batch

The response includes all newly created codes. A print preview dialog opens automatically so you can label them immediately.
API reference
curl -X POST http://localhost:4000/api/qr/generate \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"quantity": 20}'
Response201 Created
{
  "success": true,
  "count": 20,
  "data": [
    { "id": 101, "status": "available", "created_at": "2024-06-15T14:32:00.000Z" },
    { "id": 102, "status": "available", "created_at": "2024-06-15T14:32:00.000Z" },
    { "id": 103, "status": "available", "created_at": "2024-06-15T14:32:00.000Z" }
  ]
}
The quantity field is validated on the server: values outside the range 1–500 return a 400 error with the message "Cantidad debe ser entre 1 y 500".
Generate your entire label stock in one request and use the Print All button in the preview dialog to send the whole sheet to your printer at once. Each label is rendered as a canvas element at 500 px wide — high enough resolution for physical stickers or laminated cards.

Printing QR Codes

Every QR code can be printed directly from the browser without any external software. Clicking the Print button (🖨) on any QR card in the management list opens a dedicated browser print window. The QR image is rendered on a <canvas> element with:
  • A branded color band at the top reading “Laboratorios ABD”
  • The QR matrix encoding the string QR-<id> at errorCorrectionLevel: H
  • A centered circular logo overlay
  • A bottom strip showing the human-readable code QR-<id>
When a device camera scans the printed code, it decodes the string QR-<id>. The app extracts the numeric ID with the regex /QR-?(\d+)/i and fetches the QR’s current status from the server. The public scan URL format is:
https://<host>:3000/scan/<id>
Scanning this URL in any mobile browser opens the public scan page directly, where the operator can authorize or record a return without being logged in.

Disabling a QR

Disabling removes a QR from active circulation without deleting its history. Any status except active can be disabled.
curl -X PATCH http://localhost:4000/api/qr/5/disable \
  -H "Authorization: Bearer <token>"
Attempting to disable an active QR returns a 400 error:
{
  "success": false,
  "message": "No se puede deshabilitar un QR activo"
}
The QR must first have its open permission returned (status returns to available) before it can be disabled.

Reactivating a QR

Reactivation resets any non-active QR back to available, making it immediately usable again.
curl -X PATCH http://localhost:4000/api/qr/5/reactivate \
  -H "Authorization: Bearer <token>"
Response200 OK
{
  "success": true,
  "data": {
    "id": 5,
    "status": "available",
    "created_by": 1,
    "created_at": "2024-06-01T08:00:00.000Z",
    "updated_at": "2024-06-15T14:35:00.000Z"
  }
}
Calling reactivate on an already-active QR returns a 400 error: "El QR ya está activo".

Deleting a QR

Permanent deletion is restricted to Super Admins and is blocked while the QR is active. The service first deletes all associated permission records explicitly, then removes the QR code row itself — both steps run in sequence so no orphaned data remains.
curl -X DELETE http://localhost:4000/api/qr/5 \
  -H "Authorization: Bearer <token>"
Response200 OK
{
  "success": true,
  "message": "QR eliminado permanentemente"
}
Deletion is irreversible. All permission history linked to this QR — including compliance records and timing data — will be lost. Use disable instead if you only want to retire the physical label from circulation while keeping the audit trail.

Listing QR Codes

GET /api/qr returns a paginated list of all QR codes, optionally filtered by status or ID. Each row includes the creator’s name, the current active permission details (if active), and the name of the operator who enabled the current permission. Query parameters
ParameterTypeDescription
statusstringFilter by available, active, expired, or disabled
searchstringPartial match against the QR numeric ID
pageintegerPage number (default: 1)
limitintegerResults per page (default: 20)
Example
curl "http://localhost:4000/api/qr?status=active&page=1&limit=25" \
  -H "Authorization: Bearer <token>"
Response shape
{
  "success": true,
  "data": [
    {
      "id": 7,
      "status": "active",
      "created_at": "2024-06-01T08:00:00.000Z",
      "updated_at": "2024-06-15T09:12:00.000Z",
      "created_by_name": "Admin Principal",
      "active_permission_id": 43,
      "received_by": "María García",
      "allowed_minutes": 30,
      "exit_time": "2024-06-15T09:12:00.000Z",
      "enabled_by": 2,
      "enabled_by_name": "Operador Norte"
    }
  ],
  "total": 1,
  "page": 1,
  "limit": 25,
  "pages": 1
}
The active_permission_id, received_by, allowed_minutes, exit_time, enabled_by, and enabled_by_name fields are only populated when the QR’s status is active; they are null otherwise.

Build docs developers (and LLMs) love