TranslogiX uses a role-based access control system to determine what each user can see and do. Every user account is assigned one of four roles, and that role controls which dashboard section they land on after login, which API endpoints they can call, and what data they are permitted to view or modify.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/fatelessdev/translogiX/llms.txt
Use this file to discover all available pages before exploring further.
The four roles
ADMIN
Full access to all platform data. Can manage users, transporters, vehicles, routes, and shipments across the entire system. Not scoped to any single transporter.
TRANSPORTER
Access scoped to their own transporter entity. Can manage vehicles and shipments that belong to their linked transporter account. Must have a
transporterId set by an admin.DRIVER
Routed to the
/driver section of the application. Intended for drivers operating under a transporter. Specific driver-level permissions are enforced at the route level.CUSTOMER
The default role assigned to all new accounts. Routed to the
/customer section. Can track shipments and view information relevant to their own orders.Role capabilities
| Capability | ADMIN | TRANSPORTER | DRIVER | CUSTOMER |
|---|---|---|---|---|
| View all shipments | Yes | Own only | — | — |
| Create shipments | Yes | Own only | — | — |
| Update shipment status | Yes | Own only | — | — |
| Manage vehicles | Yes | Own only | — | — |
| Manage routes | Yes | No | — | — |
| Manage transporters | Yes | No | — | — |
| Manage users / assign roles | Yes | No | No | No |
The DRIVER and CUSTOMER dashboard capabilities depend on their respective route implementations. The table above reflects the API-layer permissions enforced by the backend.
Role-based routing
After a user signs in, the root page (/) reads the session and immediately redirects to the section that matches their role:
| Role | Redirect destination |
|---|---|
ADMIN | /admin |
TRANSPORTER | /transporter |
DRIVER | /driver |
CUSTOMER | /customer |
CUSTOMER visiting /admin — the middleware intercepts the request and redirects them back to their own home route. Unauthenticated users are always redirected to /login.
The only publicly accessible paths are /login, /track (public shipment tracking), and /api/auth/*.
TRANSPORTER data scoping
TRANSPORTER users are linked to a specific transporter entity via thetransporterId field on their user record. This field is set by an ADMIN and cannot be self-assigned.
When a TRANSPORTER calls the API:
- All list queries are automatically filtered to return only records belonging to their
transporterId. - Attempts to read or modify a resource owned by a different transporter return a
403 Forbiddenresponse. - ADMIN users are never filtered — they see and can modify all records regardless of transporter.
How roles are assigned
Roles are assigned exclusively by ADMIN users. There is no self-registration path for theADMIN, TRANSPORTER, or DRIVER roles. New accounts default to the CUSTOMER role and must be promoted by an admin.
API authentication utilities
The backend exposes three composable helpers inlib/auth/api-utils.ts for enforcing roles inside API route handlers:
| Helper | What it does |
|---|---|
requireSession | Returns 401 if the request has no valid session. |
requireRole(request, roles[]) | Returns 401 with no session, 403 if the user’s role is not in the allowed list. |
requireTransporterScope | Allows ADMIN (unfiltered) and TRANSPORTER (filtered to their transporterId). Returns 403 for all other roles. |
verifyOwnership | Checks that a TRANSPORTER user owns a specific resource. ADMIN always passes. |