Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/lerichardv/patolab-platform/llms.txt

Use this file to discover all available pages before exploring further.

PatoLab uses a flat role-based access control (RBAC) system: every user belongs to exactly one role, and each role carries a set of permissions that gate individual UI routes and controller actions. Permissions follow a consistent resource.action naming convention (e.g., specimens.view, invoices.manage) and are enforced server-side via Laravel’s Gate::authorize() calls — bypassing the UI does not bypass the guard.

Data model

Role  ──────────< role_permission >────────── Permission
 │  (many-to-many pivot)

 └── has many ──► User (role_id FK)
ModelKey fieldsRelationships
Rolename, slugbelongsToMany(Permission), hasMany(User)
Permissionname, slugbelongsToMany(Role)
Username, email, role_id, active, user_signaturebelongsTo(Role)
A user’s effective permissions are the union of all permissions attached to their role. There is no per-user permission override — change a user’s role to change their access level.

Built-in roles

Three roles are seeded automatically by RolesSeeder (which calls PermissionsSeeder and MorePermissionsSeeder internally). Run the seeder to bootstrap a fresh installation:
php artisan db:seed --class=RolesSeeder
Receives all permissions in the system. The seeder calls $admin->permissions()->sync($allPermissions->pluck('id')), so any new permission added by a future migration is automatically available to admins after re-running the seeder.
Full access to specimens, patients, and inventory management. Read-only access to the user list. Does not have access to roles, CAI ranges, invoices, sequences, or system settings.Included permissions:
specimens.view       specimens.create     specimens.edit      specimens.delete
my_assignments.view
patients.view        patients.create      patients.edit
users.view
products.create      products.edit        products.delete
inventory.add        inventory.manage     inventory.movements.view
storages.create      storages.edit        storages.delete
specimen_types.create     specimen_types.edit     specimen_types.delete
specimen_type_examinations.create  .edit  .delete
specimen_categories.create  .edit  .delete
Scoped to work-order management only. Intended for lab technicians who execute the physical processing steps assigned to them by pathologists.Included permissions:
my_work_orders.view
work_orders.view     work_orders.create   work_orders.edit    work_orders.delete

All permissions reference

Permissions are seeded by PermissionsSeeder and MorePermissionsSeeder. Below is the complete list derived from those seeders.

Users & Roles

SlugDescription
users.viewView the user list
users.createCreate new users
users.editEdit existing users
users.deleteDelete users
roles.viewView the roles list
roles.createCreate new roles
roles.editEdit roles and their permission sets
roles.deleteDelete roles

Commission tracking

SlugDescription
user_commission_rules.viewView pathologist commission rules
user_commission_rules.createCreate commission rules
user_commission_rules.editEdit commission rules
user_commission_rules.deleteDelete commission rules

Patients

SlugDescription
patients.viewView patient records
patients.createRegister new patients
patients.editEdit patient information
patients.deleteDelete patients

Specimens

SlugDescription
specimens.viewView the specimen list and details
specimens.createRegister new specimens
specimens.editEdit specimen data
specimens.deleteDelete specimens
specimens.manageAssign pathologists to specimens
my_assignments.viewView one’s own specimen assignments

Reports

SlugDescription
reports.viewView reports module
reports.exportExport report data

Settings

SlugDescription
settings.viewView system settings
settings.manageFull settings administration
settings.editEdit system setting values

Inventory & Products

SlugDescription
products.viewView the product catalog
products.createAdd products
products.editEdit products
products.deleteDelete products
inventory.viewView inventory levels
inventory.addAdd products to inventory
inventory.manageRestock (abastecer) inventory
inventory.movements.viewView inventory movement history
storages.viewView storage locations
storages.createCreate storage locations
storages.editEdit storage locations
storages.deleteDelete storage locations

Specimen administration

SlugDescription
specimen_types.viewView specimen types
specimen_types.createCreate specimen types
specimen_types.editEdit specimen types
specimen_types.deleteDelete specimen types
specimen_type_examinations.viewView examinations linked to specimen types
specimen_type_examinations.createCreate examinations
specimen_type_examinations.editEdit examinations
specimen_type_examinations.deleteDelete examinations
specimen_categories.viewView specimen categories
specimen_categories.createCreate specimen categories
specimen_categories.editEdit specimen categories
specimen_categories.deleteDelete specimen categories
sequences.viewView sequence numbering rules
sequences.createCreate sequences
sequences.editEdit sequences
sequences.deleteSoft-delete sequences

Specimen templates

SlugDescription
specimen_type_templates.viewView global report templates
specimen_type_templates.createCreate global templates
specimen_type_templates.editEdit global templates
specimen_type_templates.deleteDelete global templates
my_specimen_type_templates.viewView one’s own report templates
my_specimen_type_templates.manageCreate/edit own templates

Work orders

SlugDescription
work_orders.viewView work order types
work_orders.createCreate work order types
work_orders.editEdit work order types
work_orders.deleteDelete work order types
work_orders.admin_viewView all work order records (admin)
my_work_orders.viewView own assigned work orders

Referrers

SlugDescription
referrers.viewView referrers
referrers.createCreate referrers
referrers.editEdit referrers
referrers.deleteDelete referrers
referrer_types.viewView referrer types
referrer_types.createCreate referrer types
referrer_types.editEdit referrer types
referrer_types.deleteDelete referrer types

Locations

SlugDescription
locations.viewView branch locations
locations.createCreate locations
locations.editEdit locations
locations.deleteDelete locations

Billing & CAI

SlugDescription
cai_ranges.viewView CAI fiscal invoice ranges
cai_ranges.createCreate new CAI ranges
cai_ranges.editEdit CAI ranges
cai_ranges.deleteDelete CAI ranges
invoices.viewView invoices
invoices.manageAdminister invoices
credits.viewView credit records
credits.manageProcess credit payments

Rentals

SlugDescription
rentals.viewView rental agreements
rentals.createCreate rentals
rentals.editEdit rentals
rentals.deleteDelete rentals

Managing roles via UI

Navigate to /roles to access the full roles CRUD interface. The required permission is roles.view (to view) and roles.create/roles.edit to make changes. From the roles page you can:
  • Create a new role with a unique name and slug
  • Attach or detach permissions using the permission matrix
  • Delete roles that are no longer needed (users assigned to a deleted role lose all permissions)
The admin role is created by the seeder with slug: admin. You can rename it via the UI, but avoid changing its slug if any code references it directly.

Managing users

Navigate to /users to create, edit, deactivate, or delete user accounts. When creating or editing a user, select their Role from the dropdown — this is a required field. Key user fields:
FieldNotes
nameDisplay name shown throughout the platform
emailLogin credential; must be unique
passwordHashed with bcrypt (rounds controlled by BCRYPT_ROUNDS)
role_idForeign key to the roles table
activeBoolean flag; inactive users cannot log in
user_signatureImage upload used when signing PDF reports (pathologists)
PatoLab uses Laravel Fortify for authentication with full two-factor authentication (2FA) support via the TwoFactorAuthenticatable trait. Users can enroll their own TOTP device from the profile / security settings page. The 2FA secret is stored in two_factor_secret (hidden from API responses) and the two_factor_confirmed_at timestamp records when 2FA was confirmed.

Restoring default permissions

If you add new permissions to the codebase (e.g., for a new feature module), run the seeders again to upsert them into the database without destroying existing role assignments:
php artisan db:seed --class=PermissionsSeeder
php artisan db:seed --class=MorePermissionsSeeder
Both seeders use updateOrCreate keyed on the slug column, so running them on an existing database is safe — existing permissions are updated in place and no duplicates are created. After running, go to /roles and attach the new permissions to the appropriate roles.
To fully reset roles and re-sync all permissions (destructive to custom role assignments):
php artisan db:seed --class=RolesSeeder

Commission tracking

PatoLab includes a lightweight commission module for tracking pathologist earnings:
  • /user-commission-rules — Define percentage or flat-rate commission rules per user (pathologist). Requires user_commission_rules.* permissions.
  • /user-commissions — View and reconcile generated commission records. Supports update and delete operations. Requires no special create permission (commissions are generated automatically when specimens are invoiced).
These routes are only meaningful for users with the pathologist role or equivalent; the Técnico Patólogo role has no commission permissions by default.

Build docs developers (and LLMs) love