Admin Roles API

Overview

The Admin Roles API allows administrators to manage user roles, view role assignments, and configure permissions for different CMS views. This endpoint requires admin authentication. Endpoint: /api/admin_roles_api.php

Authentication

This endpoint requires admin privileges. Users must have:

Role: administrador or admin, OR
Email: emmanuel.jarquin@grupomecsa.net, OR
User metadata: admin: true

Session Requirements

session_start();
if (!isset($_SESSION['token'])) {
    // Returns 401 Unauthorized
}

GET Requests

Get Roles

Retrieve all roles with user counts. Request:

GET /api/admin_roles_api.php?action=get_roles

Response:

{
  "success": true,
  "roles": [
    {
      "nombre": "ventas",
      "total": 12,
      "is_standard": true
    },
    {
      "nombre": "proyectos",
      "total": 8,
      "is_standard": true
    },
    {
      "nombre": "administrador",
      "total": 3,
      "is_standard": true
    },
    {
      "nombre": "recepcion",
      "total": 2,
      "is_standard": true
    },
    {
      "nombre": "mercadeo",
      "total": 5,
      "is_standard": true
    },
    {
      "nombre": "contabilidad",
      "total": 4,
      "is_standard": true
    }
  ]
}

Response Fields:

success

boolean

required

Indicates if the request was successful

roles

array

required

Array of role objects

Show Role Object

nombre

string

required

Role name (lowercase)

total

integer

required

Number of active users assigned to this role

is_standard

boolean

required

Whether this is a standard system role

Standard Roles:

ventas - Sales team
proyectos - Projects team
administrador - System administrators
recepcion - Reception
mercadeo - Marketing team
contabilidad - Accounting team

Get Permissions

Retrieve all role-view permission mappings. Request:

GET /api/admin_roles_api.php?action=get_permisos

Response:

{
  "success": true,
  "permisos": [
    {
      "id": 1,
      "rol_nombre": "ventas",
      "vista_slug": "dashboard",
      "puede_ver": true
    },
    {
      "id": 2,
      "rol_nombre": "ventas",
      "vista_slug": "clientes",
      "puede_ver": true
    },
    {
      "id": 3,
      "rol_nombre": "ventas",
      "vista_slug": "proyectos",
      "puede_ver": true
    }
  ]
}

Response Fields:

success

boolean

required

Indicates if the request was successful

permisos

array

required

Array of permission objects ordered by role name

Show Permission Object

integer

required

Unique permission ID

rol_nombre

string

required

Role name this permission applies to

vista_slug

string

required

CMS view/section identifier

puede_ver

boolean

required

Whether the role has access to this view

Available Views:

dashboard - Main dashboard
usuarios - User management
categorias - Category management
clientes - Client management
proyectos - Project management
empleados - Employee management
departamentos - Department management
testimoniales - Testimonials
preguntas - FAQ management
contenido - Content management
templates - Template editor
menus - Menu configuration
pages - Page management
media - Media library
seo - SEO settings
blog - Blog posts
vacantes - Job postings
contactos - Contact forms

POST Requests

Save Permissions

Update permissions for a specific role. Request:

POST /api/admin_roles_api.php
Content-Type: application/json

{
  "action": "save_permisos",
  "rol_nombre": "ventas",
  "permisos": [
    {
      "vista_slug": "dashboard",
      "puede_ver": true
    },
    {
      "vista_slug": "clientes",
      "puede_ver": true
    },
    {
      "vista_slug": "proyectos",
      "puede_ver": true
    },
    {
      "vista_slug": "usuarios",
      "puede_ver": false
    }
  ]
}

Parameters:

action

string

required

Must be save_permisos

rol_nombre

string

required

Role name to update permissions for

permisos

array

required

Array of permission objects

Show Permission Object

vista_slug

string

required

View identifier

puede_ver

boolean

required

Access permission for this view

Response:

{
  "success": true
}

Behavior:

Deletes all existing permissions for the role
Inserts the new permission set
Returns success status

Create Role

Create a new role with default permissions. Request:

POST /api/admin_roles_api.php
Content-Type: application/json

{
  "action": "create_rol",
  "rol_nombre": "marketing"
}

Parameters:

action

string

required

Must be create_rol

rol_nombre

string

required

Name of the new role (will be stored in lowercase)

Response:

{
  "success": true
}

Behavior:

Creates permission entries for all available views
All permissions are set to false by default
Admin must configure permissions after creation

Delete Role

Delete a role if it has no assigned users. Request:

POST /api/admin_roles_api.php
Content-Type: application/json

{
  "action": "delete_rol",
  "rol_nombre": "marketing"
}

Parameters:

action

string

required

Must be delete_rol

rol_nombre

string

required

Name of the role to delete

Success Response:

{
  "success": true
}

Error Response (has users):

{
  "success": false,
  "error": "El rol tiene usuarios asignados"
}

A role cannot be deleted if any users are currently assigned to it. You must reassign or deactivate those users first.

Error Responses

401 Unauthorized

{
  "success": false,
  "error": "No autenticado"
}

403 Forbidden

{
  "success": false,
  "error": "Sin permisos. Su correo: user@example.com"
}

400 Bad Request

{
  "success": false,
  "error": "Falta rol_nombre"
}

Usage Example

<?php
session_start();

// Ensure user is authenticated and admin
if (!isset($_SESSION['token']) || $_SESSION['rol'] !== 'administrador') {
    die('Unauthorized');
}

// Fetch all roles
$ch = curl_init('https://cms.grupomecsa.net/api/admin_roles_api.php?action=get_roles');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIE, session_name() . '=' . session_id());
$response = curl_exec($ch);
$data = json_decode($response, true);

foreach ($data['roles'] as $role) {
    echo $role['nombre'] . ': ' . $role['total'] . ' users<br>';
}

// Update permissions for 'ventas' role
$permissions = [
    'action' => 'save_permisos',
    'rol_nombre' => 'ventas',
    'permisos' => [
        ['vista_slug' => 'dashboard', 'puede_ver' => true],
        ['vista_slug' => 'clientes', 'puede_ver' => true],
        ['vista_slug' => 'proyectos', 'puede_ver' => true]
    ]
];

$ch = curl_init('https://cms.grupomecsa.net/api/admin_roles_api.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($permissions));
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_COOKIE, session_name() . '=' . session_id());
$result = curl_exec($ch);
?>

Employee Role API - Update individual employee roles
Authentication - Learn about admin authorization

API Overview

Endpoints

PHP Classes

Overview

Authentication

Session Requirements

GET Requests

Get Roles

Get Permissions

POST Requests

Save Permissions

Create Role

Delete Role

Error Responses

401 Unauthorized

403 Forbidden

400 Bad Request

Usage Example

Build docs developers (and LLMs) love

API Overview

Endpoints

PHP Classes

Documentation Index

​Overview

​Authentication

​Session Requirements

​GET Requests

​Get Roles

​Get Permissions

​POST Requests

​Save Permissions

​Create Role

​Delete Role

​Error Responses

​401 Unauthorized

​403 Forbidden

​400 Bad Request

​Usage Example

​Related

Build docs developers (and LLMs) love

Overview

Authentication

Session Requirements

GET Requests

Get Roles

Get Permissions

POST Requests

Save Permissions

Create Role

Delete Role

Error Responses

401 Unauthorized

403 Forbidden

400 Bad Request

Usage Example

Related