Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/pabloeferreyra/Turnero/llms.txt

Use this file to discover all available pages before exploring further.

Turnero groups its back-office management functionality across five controllers. AdministrationController handles ASP.NET Core Identity user and role administration — including claims management and role-membership editing. RoleController provides basic CRUD for IdentityRole records. MedicsController manages the Medic catalogue that links Identity users to doctor profiles used throughout the scheduling system. TimeTurnController manages the TimeTurn time-slot catalogue that populates appointment time dropdowns. FirebaseController is a JSON API controller that delegates Firebase Authentication operations to an IFirebaseService and is entirely unauthenticated. Unless otherwise noted, every MVC action in this group requires the Admin role.

AdministrationController

The AdministrationController class is decorated with [Authorize(Roles = "Admin")]. It uses ASP.NET Core’s UserManager<IdentityUser> and RoleManager<IdentityRole> to inspect and mutate the identity store.

Endpoint summary

MethodPathRolesDescription
GET/Administration/ListUsersAdminLists all registered users
GET/Administration/EditUser/{id}AdminEdit user form
POST/Administration/EditUserAdminPersists user edits
POST/Administration/DeleteUserAdminDeletes a user account
GET/Administration/ListRolesAdminLists all identity roles
GET/Administration/CreateRoleAdminNew role form
POST/Administration/CreateRoleAdminCreates a new role
GET/Administration/EditRole/{id}AdminEdit role form
POST/Administration/EditRoleAdminPersists role edits
POST/Administration/DeleteRoleAdminDeletes a role
GET/Administration/ManageUserClaimsAdminUser claims form
POST/Administration/ManageUserClaimsAdminSaves claim assignments
GET/Administration/EditUsersInRoleAdminRole membership form
POST/Administration/EditUsersInRoleAdminSaves role membership

GET /Administration/ListUsers

Returns the ListUsers view with all IdentityUser records from the store. No filtering or pagination is applied server-side. Response: HTML view ListUsers with IQueryable<IdentityUser>.

GET /Administration/EditUser/

Loads the specified user together with their current claims and roles, and returns the EditUser view populated with an EditUserViewModel.
id
string
required
The ASP.NET Core Identity user ID (string format, e.g. a GUID string).
Response: HTML view EditUser with an EditUserViewModel, or NotFound view when the user does not exist. EditUserViewModel fields:
Id
string
Identity user ID.
UserName
string
Username.
Email
string
Email address.
Claims
string[]
List of claim values currently assigned to the user.
Roles
string[]
List of role names the user belongs to.

POST /Administration/EditUser

Applies changes to the specified user’s Email and UserName via UserManager.UpdateAsync. On success, redirects to ListUsers. Requestapplication/x-www-form-urlencoded
Id
string
required
Identity user ID. Used to locate the record before saving.
UserName
string
required
New username.
Email
string
required
New email address. Must be a valid email format.
Responses: Redirect to ListUsers on success, or re-render the EditUser view with ModelState errors on failure. Returns the Error view on DbUpdateException.

POST /Administration/DeleteUser

Deletes the specified user account via UserManager.DeleteAsync.
id
string
required
Identity user ID to delete.
Responses: Redirect to ListUsers on success, or NotFound / ListUsers views with errors on failure. Returns the Error view on DbUpdateException.

GET /Administration/ListRoles

Returns the ListRoles view with all roles from RoleManager.Roles. Response: HTML view ListRoles with IQueryable<IdentityRole>.

GET /Administration/CreateRole

Returns the CreateRole view with a new blank IdentityRole model. Response: HTML view CreateRole.

POST /Administration/CreateRole

Creates a new role via RoleManager.CreateAsync and redirects to ListRoles.
Name
string
required
The name for the new role (e.g. "Ingreso", "Medico", "Admin").
Response: Redirect to ListRoles.

GET /Administration/EditRole/

Loads the specified role and builds an EditRoleViewModel that includes a list of all users currently in the role.
id
string
required
The IdentityRole.Id to edit.
Response: HTML view EditRole with EditRoleViewModel, or NotFound view. EditRoleViewModel fields:
Id
string
Role ID.
RoleName
string
Current role name.
Users
string[]
Usernames of all users presently in this role.

POST /Administration/EditRole

Renames the role via RoleManager.UpdateAsync. Redirects to ListRoles on success.
Id
string
required
The IdentityRole.Id to update.
RoleName
string
required
New name for the role.
Responses: Redirect to ListRoles on success, re-render EditRole view with errors on failure, or Error view on DbUpdateException.

POST /Administration/DeleteRole

Deletes the specified role via RoleManager.DeleteAsync. Roles that still have assigned users cannot be deleted; a DbUpdateException is caught and the Error view is returned with a descriptive message.
id
string
required
The IdentityRole.Id to delete.
Responses: Redirect to ListRoles on success, NotFound or Error view on failure.

GET /Administration/ManageUserClaims

Loads all claims from ClaimsStore.AllClaims and marks which are currently assigned to the user. Returns the ManageUserClaims view.
userId
string
required
Identity user ID whose claims to manage.
Response: HTML view ManageUserClaims with a UserClaimsViewModel, or NotFound view. UserClaimsViewModel structure:
UserId
string
Identity user ID.
Claims
UserClaim[]
All application claims, each with ClaimType and IsSelected flag indicating current assignment.

POST /Administration/ManageUserClaims

Replaces the user’s claims entirely: first removes all existing claims, then adds those from the submitted model where IsSelected is true. Both the claim type and value are set to the claim’s type string. Redirects to EditUser on success. Requestapplication/x-www-form-urlencoded
UserId
string
required
Identity user ID.
Claims[n][ClaimType]
string
Claim type for the nth claim entry.
Claims[n][IsSelected]
boolean
Whether the nth claim should be assigned to the user.
Response: Redirect to EditUser on success, or re-render ManageUserClaims view with errors on failure.

GET /Administration/EditUsersInRole

Builds a list of all users with a flag indicating whether each is currently in the specified role. Returns the EditUsersInRole view.
roleId
string
required
The IdentityRole.Id whose membership to edit. Passed as a query string parameter (e.g. /Administration/EditUsersInRole?roleId=...).
Response: HTML view EditUsersInRole with List<UserRoleViewModel>, or NotFound view. UserRoleViewModel per user:
UserId
string
Identity user ID.
UserName
string
Username.
IsSelected
boolean
Whether the user is currently in the role.

POST /Administration/EditUsersInRole

Iterates over the submitted list and adds or removes each user from the role as indicated by their IsSelected flag. Users already in the correct state are skipped. Redirects to EditRole on completion.
roleId
string
required
The IdentityRole.Id being edited (passed as a query or route value alongside the form body).
[n][UserId]
string
Identity user ID for the nth entry.
[n][IsSelected]
boolean
Target membership state for the nth user.
Response: Redirect to EditRole on success, or NotFound view when the role does not exist.

RoleController

RoleController is a lean complement to the role-management actions on AdministrationController. It provides an independent index listing and a simple create flow using RoleManager<IdentityRole>. All actions require the Admin role.

Endpoint summary

MethodPathRolesDescription
GET/Role/IndexAdminLists all roles
GET/Role/CreateAdminNew role form
POST/Role/CreateAdminCreates a role and redirects to Index

GET /Role/Index

Returns the Index view with all roles from RoleManager.Roles. Response: HTML view Index with List<IdentityRole>.

GET /Role/Create

Returns the Create view with a blank IdentityRole model. Response: HTML view Create.

POST /Role/Create

Creates the role via RoleManager.CreateAsync and redirects to Index.
Name
string
required
The name for the new role.
Response: Redirect to Role/Index.

MedicsController

MedicsController manages the Medic catalogue — the bridge between ASP.NET Core Identity users and the doctor profiles that own appointments, visits, and other clinical records. A medic record consists of a Name string and a UserGuid that matches the Identity user’s Id. All actions require the Admin role.

Endpoint summary

MethodPathRolesDescription
GET/Medics/IndexAdminLists all medics
GET/Medics/Details/{id}AdminMedic detail view
GET/Medics/CreateAsyncAdminNew medic form
POST/Medics/CreateAdminInserts a medic
GET/Medics/Edit/{id}AdminEdit medic (redirects to Index)
POST/Medics/EditAdminUpdates a medic
GET/Medics/Delete/{id}AdminDelete confirmation (redirects to Index)
POST/Medics/DeleteAdminDeletes a medic

GET /Medics/Index

Returns the Index view with all medic records via getMedicsServices.GetMedics(). Response: HTML view Index with IEnumerable<Medic>.

GET /Medics/Details/

Returns the Details view for the specified medic.
id
string (GUID)
required
The Medic.Id to display.
Response: HTML view Details with the Medic model, or NotFound view.

GET /Medics/CreateAsync

Populates ViewBag.User with all Identity users in the "Medico" role, prepending a placeholder "Seleccione..." entry, and returns the CreateAsync view. Response: HTML view CreateAsync.

POST /Medics/Create

Inserts a new Medic record and redirects to Index. Requires a valid anti-forgery token and a valid ModelState.
Name
string
required
Display name for the doctor.
UserGuid
string
required
The ASP.NET Core Identity user ID to link this medic record to. Must correspond to a user in the "Medico" role.
Response: Redirect to Medics/Index on success, or re-render the view with the model on validation failure.

GET /Medics/Edit/

Looks up the medic by ID and redirects to Index. The actual edit form is handled in the POST action below.
id
string (GUID)
required
The Medic.Id to edit.
Response: Redirect to Medics/Index, or NotFound view when not found.

POST /Medics/Edit

Updates the specified medic record. Requires a valid anti-forgery token and ModelState. Uses updateMedicServices.Update(medic).
Id
string (GUID)
required
The Medic.Id to update. Validated for existence before the update call.
Name
string
required
Updated display name.
UserGuid
string
Updated linked Identity user ID.
Response: Redirect to Medics/Index on success, NotFound view if the medic does not exist, or Error view if Update returns false.

GET /Medics/Delete/

Confirms the medic exists and redirects to Index. Serves as the confirmation step before the POST delete.
id
string (GUID)
required
The Medic.Id to delete.
Response: Redirect to Medics/Index, or NotFound view when not found.

POST /Medics/Delete (ActionName: “Delete”)

Deletes the specified medic if it exists via updateMedicServices.Delete(medic). Requires a valid anti-forgery token.
id
string (GUID)
required
The Medic.Id to delete.
Response: Redirect to Medics/Index.

TimeTurnController

TimeTurnController manages the TimeTurn time-slot catalogue. Each TimeTurn record has an auto-generated Guid ID and a Time string (e.g. "09:00"). These records populate the time dropdown on the appointment create/edit forms and are cached in IMemoryCache for performance. All actions require the Admin role.

Endpoint summary

MethodPathRolesDescription
GET/TimeTurn/IndexAdminLists all time slots
GET/TimeTurn/CreateAdminNew time-slot form
POST/TimeTurn/CreateAdminInserts a time slot
GET/TimeTurn/Delete/{id}AdminDelete confirmation view
POST/TimeTurn/Delete (ActionName: Delete)AdminDeletes a time slot

GET /TimeTurn/Index

Returns the Index view with all TimeTurn records via getTimeTurns.GetTimeTurns(). Response: HTML view Index with IEnumerable<TimeTurn>.

GET /TimeTurn/Create

Returns the Create view with a blank form. Response: HTML view Create.

POST /TimeTurn/Create

Inserts a new TimeTurn record. Only Id and Time are bound from the form (via [Bind("Id,Time")]). Requires a valid anti-forgery token and ModelState.
Id
string (GUID)
Optional client-supplied GUID. The database generates one automatically.
Time
string
required
The appointment time string in HH:mm format (e.g. "08:30", "14:00").
Response: Redirect to TimeTurn/Index on success, or re-render the Create view with the model on validation failure.

GET /TimeTurn/Delete/

Loads the time slot for confirmation and returns the Delete view.
id
string (GUID)
required
The TimeTurn.Id to confirm deletion of.
Response: HTML view Delete with the TimeTurn model, or NotFound view.

POST /TimeTurn/Delete (ActionName: “Delete”)

Deletes the specified TimeTurn record. Requires a valid anti-forgery token.
id
string (GUID)
required
The TimeTurn.Id to delete.
Response: Redirect to TimeTurn/Index.

FirebaseController

FirebaseController is a JSON API controller ([ApiController], [Route("api/[controller]")]) that exposes two Firebase Authentication endpoints. Both actions are decorated with [AllowAnonymous] — they accept unauthenticated requests so that mobile or external clients can register and log in without a prior session cookie. The controller delegates all logic to an IFirebaseService implementation.

Endpoint summary

MethodPathAuthDescription
POST/api/Firebase/registerAnonymousRegisters a new Firebase user
POST/api/Firebase/loginAnonymousAuthenticates and returns a token

POST /api/Firebase/register

Registers a new user in Firebase Authentication by calling firebaseService.RegisterAsync(userRegister). Returns the UserRecord created by the Firebase Admin SDK. Requestapplication/json
Name
string
Display name for the new Firebase user.
Email
string
required
Email address for the new account.
Password
string
required
Password for the new account.
Role
string
Optional role string to associate with the Firebase user (application-layer concept; not a Firebase custom claim unless implemented in the service).
Response200 OK, application/json Returns the Firebase Admin SDK UserRecord object for the newly created user. Key fields include:
Uid
string
Firebase UID assigned to the user.
Email
string
Email address of the registered user.
DisplayName
string
Display name set during registration.
EmailVerified
boolean
Whether the email address has been verified.
Disabled
boolean
Whether the account is disabled.
Example request:
{
  "name": "Dr. Ana Martínez",
  "email": "ana.martinez@clinica.com",
  "password": "S3cur3P@ss!",
  "role": "Medico"
}

POST /api/Firebase/login

Authenticates a user against Firebase Authentication by calling firebaseService.LoginAsync(request). Returns a token object that clients can use for subsequent authenticated calls. Requestapplication/json
Email
string
required
The user’s email address.
Password
string
required
The user’s password.
Response200 OK, application/json Returns an AuthFirebase-compatible token object. Key fields:
kind
string
Firebase response kind identifier.
localId
string
Firebase UID of the authenticated user.
email
string
Authenticated user’s email.
displayName
string
User’s display name.
idToken
string
Firebase ID token (JWT) for use in Authorization: Bearer headers.
refreshToken
string
Long-lived refresh token for obtaining new ID tokens.
expiresIn
integer
Seconds until the idToken expires (typically 3600).
registered
boolean
true when the user was previously registered.
Example request:
{
  "email": "ana.martinez@clinica.com",
  "password": "S3cur3P@ss!"
}
Example response:
{
  "kind": "identitytoolkit#VerifyPasswordResponse",
  "localId": "abc123XYZ",
  "email": "ana.martinez@clinica.com",
  "displayName": "Dr. Ana Martínez",
  "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "AMf-vBy...",
  "expiresIn": 3600,
  "registered": true
}

Build docs developers (and LLMs) love