Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/emmanueljarquin-sys/GrupoMecsaCMS/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The Employee Role API allows administrators to update employee information including their role, chat role, department, and system access status. This endpoint operates on the public.Empleados table. Endpoint: /api/update_employee_role.php Method: POST

Authentication

This endpoint requires admin privileges. Users must have:
  • Role: administrador or admin, OR
  • User metadata: admin: true

Session Requirements

session_start();
if (!isset($_SESSION['token'])) {
    // Returns 401 Unauthorized
}

Request

Content-Type: application/x-www-form-urlencoded or application/json 
POST /api/update_employee_role.php

Parameters

id
string
required
Employee ID (UUID) to update
rol
string
New role assignment for the employeeCommon values:
  • ventas
  • proyectos
  • administrador
  • recepcion
  • mercadeo
  • contabilidad
chat_role
string
Role designation for chat/messaging features
departamento
string
Department assignment for the employee
activo
boolean
System access status
  • true or "1": Grant CMS access
  • false or "0": Revoke CMS access
When set, automatically updates sistemas_acceso array:
  • Active: Adds “CMS” to the systems array
  • Inactive: Removes “CMS” from the systems array

Request Examples

Form Data

curl -X POST "https://cms.grupomecsa.net/api/update_employee_role.php" \
  -H "Cookie: PHPSESSID=your_session_id" \
  -d "id=550e8400-e29b-41d4-a716-446655440000" \
  -d "rol=ventas" \
  -d "departamento=Ventas Región Norte" \
  -d "activo=1"

JSON

curl -X POST "https://cms.grupomecsa.net/api/update_employee_role.php" \
  -H "Content-Type: application/json" \
  -H "Cookie: PHPSESSID=your_session_id" \
  -d '{
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "rol": "proyectos",
    "chat_role": "project_manager",
    "departamento": "Gestión de Proyectos",
    "activo": true
  }'

PHP Example

<?php
session_start();

// Verify admin access
if ($_SESSION['rol'] !== 'administrador') {
    die('Unauthorized');
}

$employeeId = '550e8400-e29b-41d4-a716-446655440000';

$data = http_build_query([
    'id' => $employeeId,
    'rol' => 'ventas',
    'departamento' => 'Ventas',
    'activo' => '1'
]);

$ch = curl_init('https://cms.grupomecsa.net/api/update_employee_role.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_COOKIE, session_name() . '=' . session_id());

$response = curl_exec($ch);
$result = json_decode($response, true);

if ($result['success']) {
    echo "Employee updated successfully";
} else {
    echo "Error: " . $result['error'];
}
?>

Response

Success Response

{
  "success": true,
  "error": null,
  "debug": {
    "payload": {
      "rol": "ventas",
      "departamento": "Ventas Región Norte",
      "sistemas_acceso": ["CMS", "ERP"],
      "activo": true
    },
    "http_code": 200
  }
}
Response Fields:
success
boolean
required
Indicates if the update was successful
error
string
required
Error message (null if successful)
debug
object
Debug information about the request

Error Responses

401 Unauthorized

{
  "success": false,
  "error": "No autenticado"
}

403 Forbidden

{
  "success": false,
  "error": "Sin permisos"
}

400 Bad Request

{
  "success": false,
  "error": "ID requerido"
}

Update Failed

{
  "success": false,
  "error": "Error HTTP 422 al actualizar. {\"code\":\"...\",\"message\":\"...\"}" ,
  "debug": {
    "payload": {...},
    "http_code": 422
  }
}

System Access Management

The activo parameter has special behavior:

Granting CMS Access

When activo=true:
  1. Fetches current sistemas_acceso array
  2. Adds “CMS” if not already present
  3. Updates both sistemas_acceso and activo fields
// Before
$sistemas_acceso = ["ERP", "Portal"];

// After (activo=true)
$sistemas_acceso = ["ERP", "Portal", "CMS"];
$activo = true;

Revoking CMS Access

When activo=false:
  1. Fetches current sistemas_acceso array
  2. Removes “CMS” (case-insensitive)
  3. Updates both fields
// Before
$sistemas_acceso = ["ERP", "CMS", "Portal"];

// After (activo=false)
$sistemas_acceso = ["ERP", "Portal"];
$activo = false;
The sistemas_acceso array may contain other system identifiers (e.g., “ERP”, “Portal”). The API only modifies the “CMS” entry, preserving access to other systems.

Partial Updates

You can update any combination of fields. Only provided fields are updated: 
# Update only role
curl -X POST "..." -d "id=...&rol=ventas"

# Update only department
curl -X POST "..." -d "id=...&departamento=Marketing"

# Update only access status
curl -X POST "..." -d "id=...&activo=0"

# Update multiple fields
curl -X POST "..." -d "id=...&rol=proyectos&departamento=Proyectos&activo=1"

Database Schema

The endpoint updates the public.Empleados table:
ColumnTypeDescription
idUUIDEmployee unique identifier
rolTEXTRole assignment
chat_roleTEXTChat/messaging role
departamentoTEXTDepartment assignment
activoBOOLEANGlobal active status
sistemas_accesoJSONBArray of accessible systems

Common Use Cases

Promote Employee to Manager

$data = [
    'id' => $employeeId,
    'rol' => 'administrador',
    'chat_role' => 'manager',
    'activo' => '1'
];

Transfer to Different Department

$data = [
    'id' => $employeeId,
    'rol' => 'ventas',
    'departamento' => 'Ventas Región Sur'
];

Revoke CMS Access

$data = [
    'id' => $employeeId,
    'activo' => '0'  // Removes "CMS" from sistemas_acceso
];

Grant CMS Access to Existing Employee

$data = [
    'id' => $employeeId,
    'activo' => '1'  // Adds "CMS" to sistemas_acceso
];

Build docs developers (and LLMs) love

Get started for freeTalk to us