Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/iamalexis689725/cole/llms.txt

Use this file to discover all available pages before exploring further.

Cole does not expose a generic /users CRUD endpoint. Instead, user accounts are created implicitly as a side effect of provisioning higher-level resources — a school, a professor profile, a student, or a parent. This design keeps user creation tightly coupled to the resource it represents, ensuring that every account is always associated with a role and, where applicable, a tenant.

How users are created

Each user type in Cole is created through its own dedicated endpoint. The table below maps each role to the resource endpoint that creates it:
RoleCreated byEndpoint
super-adminManual registrationPOST /api/auth/register
directorTenant provisioningPOST /api/tenants
profesorProfessor creationPOST /api/profesores
estudianteStudent creationPOST /api/estudiantes
padreParent creationPOST /api/padres
In every case, the underlying operation is the same: a User record is created in the users table, assignRole() is called with the appropriate role name via the Spatie Laravel Permission package, and the new user’s token (where applicable) or credentials are returned to the caller.

The User model

The User model (app/Models/User.php) uses the HasRoles trait from Spatie Permission and the HasApiTokens trait from Laravel Sanctum. Its fillable fields are:
FieldTypeDescription
idintegerAuto-incrementing primary key.
namestringDisplay name.
emailstringUnique email address used for login.
passwordstringbcrypt-hashed password. Never returned in API responses.
tenant_idinteger | nullForeign key to the tenants table. null for super-admin accounts, which are platform-wide.
created_attimestampRecord creation time.
updated_attimestampLast modification time.
The password and remember_token fields are listed in the model’s $hidden array and are never returned in any API response.

Roles

Cole defines five roles, managed by Spatie Permission:
RoleScopeDescription
super-adminPlatform-wideCan create and delete tenants, manage all modules. Not attached to any tenant.
directorTenant-scopedManages their own school: academic periods, professors, students, parents, courses.
profesorTenant-scopedAccess to assigned courses, grades, attendance, and schedules.
estudianteTenant-scopedCan view their own enrollments, grades, and attendance.
padreTenant-scopedCan view information about their linked students.
Roles are assigned at creation time via $user->assignRole($roleName) and are not changed through any API endpoint after the fact. To retrieve the roles of the currently authenticated user, use GET /api/auth/me.
Role checks are enforced with the role: middleware (from Spatie Permission). Requests made by a user who lacks the required role receive a 403 Forbidden response automatically.

Tenant association

All users except super-admin are associated with a tenant through the tenant_id column. This column is set at creation time and is never changed via the API. When a director calls a scoped endpoint (for example, GET /api/periodos), Cole resolves the correct tenant automatically using auth()->user()->tenant_id — no tenant ID needs to be passed in the request. The User model exposes a tenant() relationship:
public function tenant()
{
    return $this->belongsTo(Tenant::class);
}

Resource profile relationships

Beyond the base User record, three roles have a corresponding profile model with additional domain-specific data. The User model defines these as hasOne relationships:
RoleProfile modelRelationship
profesorProfesor$user->profesor
estudianteEstudiante$user->estudiante
padrePadreFamilia$user->padreFamilia
The director role has no separate profile model — the director’s identity is fully captured by the User record and the tenant they own.

Retrieving the authenticated user

Once a client holds a valid Sanctum token, it can fetch the authenticated user’s full profile and role list at any time:
curl -s -X GET https://your-cole-api.test/api/auth/me \
  -H "Accept: application/json" \
  -H "Authorization: Bearer 5|directorToken..."
{
  "user": {
    "id": 5,
    "name": "Carlos Mendoza",
    "email": "carlos@lincoln.edu",
    "tenant_id": 3,
    "created_at": "2026-04-02T10:15:00.000000Z",
    "updated_at": "2026-04-02T10:15:00.000000Z"
  },
  "roles": ["director"]
}
For full details on all authentication endpoints, see the Authentication API reference.

Build docs developers (and LLMs) love