Turnero groups its back-office management functionality across five controllers.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/pabloeferreyra/Turnero/llms.txt
Use this file to discover all available pages before exploring further.
AdministrationController handles ASP.NET Core Identity user and role administration — including claims management and role-membership editing. RoleController provides basic CRUD for IdentityRole records. MedicsController manages the Medic catalogue that links Identity users to doctor profiles used throughout the scheduling system. TimeTurnController manages the TimeTurn time-slot catalogue that populates appointment time dropdowns. FirebaseController is a JSON API controller that delegates Firebase Authentication operations to an IFirebaseService and is entirely unauthenticated.
Unless otherwise noted, every MVC action in this group requires the Admin role.
AdministrationController
TheAdministrationController class is decorated with [Authorize(Roles = "Admin")]. It uses ASP.NET Core’s UserManager<IdentityUser> and RoleManager<IdentityRole> to inspect and mutate the identity store.
Endpoint summary
| Method | Path | Roles | Description |
|---|---|---|---|
GET | /Administration/ListUsers | Admin | Lists all registered users |
GET | /Administration/EditUser/{id} | Admin | Edit user form |
POST | /Administration/EditUser | Admin | Persists user edits |
POST | /Administration/DeleteUser | Admin | Deletes a user account |
GET | /Administration/ListRoles | Admin | Lists all identity roles |
GET | /Administration/CreateRole | Admin | New role form |
POST | /Administration/CreateRole | Admin | Creates a new role |
GET | /Administration/EditRole/{id} | Admin | Edit role form |
POST | /Administration/EditRole | Admin | Persists role edits |
POST | /Administration/DeleteRole | Admin | Deletes a role |
GET | /Administration/ManageUserClaims | Admin | User claims form |
POST | /Administration/ManageUserClaims | Admin | Saves claim assignments |
GET | /Administration/EditUsersInRole | Admin | Role membership form |
POST | /Administration/EditUsersInRole | Admin | Saves role membership |
GET /Administration/ListUsers
Returns theListUsers view with all IdentityUser records from the store. No filtering or pagination is applied server-side.
Response: HTML view ListUsers with IQueryable<IdentityUser>.
GET /Administration/EditUser/
Loads the specified user together with their current claims and roles, and returns theEditUser view populated with an EditUserViewModel.
The ASP.NET Core Identity user ID (string format, e.g. a GUID string).
EditUser with an EditUserViewModel, or NotFound view when the user does not exist.
EditUserViewModel fields:
Identity user ID.
Username.
Email address.
List of claim values currently assigned to the user.
List of role names the user belongs to.
POST /Administration/EditUser
Applies changes to the specified user’sEmail and UserName via UserManager.UpdateAsync. On success, redirects to ListUsers.
Request — application/x-www-form-urlencoded
Identity user ID. Used to locate the record before saving.
New username.
New email address. Must be a valid email format.
ListUsers on success, or re-render the EditUser view with ModelState errors on failure. Returns the Error view on DbUpdateException.
POST /Administration/DeleteUser
Deletes the specified user account viaUserManager.DeleteAsync.
Identity user ID to delete.
ListUsers on success, or NotFound / ListUsers views with errors on failure. Returns the Error view on DbUpdateException.
GET /Administration/ListRoles
Returns theListRoles view with all roles from RoleManager.Roles.
Response: HTML view ListRoles with IQueryable<IdentityRole>.
GET /Administration/CreateRole
Returns theCreateRole view with a new blank IdentityRole model.
Response: HTML view CreateRole.
POST /Administration/CreateRole
Creates a new role viaRoleManager.CreateAsync and redirects to ListRoles.
The name for the new role (e.g.
"Ingreso", "Medico", "Admin").ListRoles.
GET /Administration/EditRole/
Loads the specified role and builds anEditRoleViewModel that includes a list of all users currently in the role.
The
IdentityRole.Id to edit.EditRole with EditRoleViewModel, or NotFound view.
EditRoleViewModel fields:
Role ID.
Current role name.
Usernames of all users presently in this role.
POST /Administration/EditRole
Renames the role viaRoleManager.UpdateAsync. Redirects to ListRoles on success.
The
IdentityRole.Id to update.New name for the role.
ListRoles on success, re-render EditRole view with errors on failure, or Error view on DbUpdateException.
POST /Administration/DeleteRole
Deletes the specified role viaRoleManager.DeleteAsync. Roles that still have assigned users cannot be deleted; a DbUpdateException is caught and the Error view is returned with a descriptive message.
The
IdentityRole.Id to delete.ListRoles on success, NotFound or Error view on failure.
GET /Administration/ManageUserClaims
Loads all claims fromClaimsStore.AllClaims and marks which are currently assigned to the user. Returns the ManageUserClaims view.
Identity user ID whose claims to manage.
ManageUserClaims with a UserClaimsViewModel, or NotFound view.
UserClaimsViewModel structure:
Identity user ID.
All application claims, each with
ClaimType and IsSelected flag indicating current assignment.POST /Administration/ManageUserClaims
Replaces the user’s claims entirely: first removes all existing claims, then adds those from the submitted model whereIsSelected is true. Both the claim type and value are set to the claim’s type string. Redirects to EditUser on success.
Request — application/x-www-form-urlencoded
Identity user ID.
Claim type for the nth claim entry.
Whether the nth claim should be assigned to the user.
EditUser on success, or re-render ManageUserClaims view with errors on failure.
GET /Administration/EditUsersInRole
Builds a list of all users with a flag indicating whether each is currently in the specified role. Returns theEditUsersInRole view.
The
IdentityRole.Id whose membership to edit. Passed as a query string parameter (e.g. /Administration/EditUsersInRole?roleId=...).EditUsersInRole with List<UserRoleViewModel>, or NotFound view.
UserRoleViewModel per user:
Identity user ID.
Username.
Whether the user is currently in the role.
POST /Administration/EditUsersInRole
Iterates over the submitted list and adds or removes each user from the role as indicated by theirIsSelected flag. Users already in the correct state are skipped. Redirects to EditRole on completion.
The
IdentityRole.Id being edited (passed as a query or route value alongside the form body).Identity user ID for the nth entry.
Target membership state for the nth user.
EditRole on success, or NotFound view when the role does not exist.
RoleController
RoleController is a lean complement to the role-management actions on AdministrationController. It provides an independent index listing and a simple create flow using RoleManager<IdentityRole>. All actions require the Admin role.
Endpoint summary
| Method | Path | Roles | Description |
|---|---|---|---|
GET | /Role/Index | Admin | Lists all roles |
GET | /Role/Create | Admin | New role form |
POST | /Role/Create | Admin | Creates a role and redirects to Index |
GET /Role/Index
Returns theIndex view with all roles from RoleManager.Roles.
Response: HTML view Index with List<IdentityRole>.
GET /Role/Create
Returns theCreate view with a blank IdentityRole model.
Response: HTML view Create.
POST /Role/Create
Creates the role viaRoleManager.CreateAsync and redirects to Index.
The name for the new role.
Role/Index.
MedicsController
MedicsController manages the Medic catalogue — the bridge between ASP.NET Core Identity users and the doctor profiles that own appointments, visits, and other clinical records. A medic record consists of a Name string and a UserGuid that matches the Identity user’s Id. All actions require the Admin role.
Endpoint summary
| Method | Path | Roles | Description |
|---|---|---|---|
GET | /Medics/Index | Admin | Lists all medics |
GET | /Medics/Details/{id} | Admin | Medic detail view |
GET | /Medics/CreateAsync | Admin | New medic form |
POST | /Medics/Create | Admin | Inserts a medic |
GET | /Medics/Edit/{id} | Admin | Edit medic (redirects to Index) |
POST | /Medics/Edit | Admin | Updates a medic |
GET | /Medics/Delete/{id} | Admin | Delete confirmation (redirects to Index) |
POST | /Medics/Delete | Admin | Deletes a medic |
GET /Medics/Index
Returns theIndex view with all medic records via getMedicsServices.GetMedics().
Response: HTML view Index with IEnumerable<Medic>.
GET /Medics/Details/
Returns theDetails view for the specified medic.
The
Medic.Id to display.Details with the Medic model, or NotFound view.
GET /Medics/CreateAsync
PopulatesViewBag.User with all Identity users in the "Medico" role, prepending a placeholder "Seleccione..." entry, and returns the CreateAsync view.
Response: HTML view CreateAsync.
POST /Medics/Create
Inserts a newMedic record and redirects to Index. Requires a valid anti-forgery token and a valid ModelState.
Display name for the doctor.
The ASP.NET Core Identity user ID to link this medic record to. Must correspond to a user in the
"Medico" role.Medics/Index on success, or re-render the view with the model on validation failure.
GET /Medics/Edit/
Looks up the medic by ID and redirects toIndex. The actual edit form is handled in the POST action below.
The
Medic.Id to edit.Medics/Index, or NotFound view when not found.
POST /Medics/Edit
Updates the specified medic record. Requires a valid anti-forgery token andModelState. Uses updateMedicServices.Update(medic).
The
Medic.Id to update. Validated for existence before the update call.Updated display name.
Updated linked Identity user ID.
Medics/Index on success, NotFound view if the medic does not exist, or Error view if Update returns false.
GET /Medics/Delete/
Confirms the medic exists and redirects toIndex. Serves as the confirmation step before the POST delete.
The
Medic.Id to delete.Medics/Index, or NotFound view when not found.
POST /Medics/Delete (ActionName: “Delete”)
Deletes the specified medic if it exists viaupdateMedicServices.Delete(medic). Requires a valid anti-forgery token.
The
Medic.Id to delete.Medics/Index.
TimeTurnController
TimeTurnController manages the TimeTurn time-slot catalogue. Each TimeTurn record has an auto-generated Guid ID and a Time string (e.g. "09:00"). These records populate the time dropdown on the appointment create/edit forms and are cached in IMemoryCache for performance. All actions require the Admin role.
Endpoint summary
| Method | Path | Roles | Description |
|---|---|---|---|
GET | /TimeTurn/Index | Admin | Lists all time slots |
GET | /TimeTurn/Create | Admin | New time-slot form |
POST | /TimeTurn/Create | Admin | Inserts a time slot |
GET | /TimeTurn/Delete/{id} | Admin | Delete confirmation view |
POST | /TimeTurn/Delete (ActionName: Delete) | Admin | Deletes a time slot |
GET /TimeTurn/Index
Returns theIndex view with all TimeTurn records via getTimeTurns.GetTimeTurns().
Response: HTML view Index with IEnumerable<TimeTurn>.
GET /TimeTurn/Create
Returns theCreate view with a blank form.
Response: HTML view Create.
POST /TimeTurn/Create
Inserts a newTimeTurn record. Only Id and Time are bound from the form (via [Bind("Id,Time")]). Requires a valid anti-forgery token and ModelState.
Optional client-supplied GUID. The database generates one automatically.
The appointment time string in
HH:mm format (e.g. "08:30", "14:00").TimeTurn/Index on success, or re-render the Create view with the model on validation failure.
GET /TimeTurn/Delete/
Loads the time slot for confirmation and returns theDelete view.
The
TimeTurn.Id to confirm deletion of.Delete with the TimeTurn model, or NotFound view.
POST /TimeTurn/Delete (ActionName: “Delete”)
Deletes the specifiedTimeTurn record. Requires a valid anti-forgery token.
The
TimeTurn.Id to delete.TimeTurn/Index.
FirebaseController
FirebaseController is a JSON API controller ([ApiController], [Route("api/[controller]")]) that exposes two Firebase Authentication endpoints. Both actions are decorated with [AllowAnonymous] — they accept unauthenticated requests so that mobile or external clients can register and log in without a prior session cookie. The controller delegates all logic to an IFirebaseService implementation.
Endpoint summary
| Method | Path | Auth | Description |
|---|---|---|---|
POST | /api/Firebase/register | Anonymous | Registers a new Firebase user |
POST | /api/Firebase/login | Anonymous | Authenticates and returns a token |
POST /api/Firebase/register
Registers a new user in Firebase Authentication by callingfirebaseService.RegisterAsync(userRegister). Returns the UserRecord created by the Firebase Admin SDK.
Request — application/json
Display name for the new Firebase user.
Email address for the new account.
Password for the new account.
Optional role string to associate with the Firebase user (application-layer concept; not a Firebase custom claim unless implemented in the service).
200 OK, application/json
Returns the Firebase Admin SDK UserRecord object for the newly created user. Key fields include:
Firebase UID assigned to the user.
Email address of the registered user.
Display name set during registration.
Whether the email address has been verified.
Whether the account is disabled.
POST /api/Firebase/login
Authenticates a user against Firebase Authentication by callingfirebaseService.LoginAsync(request). Returns a token object that clients can use for subsequent authenticated calls.
Request — application/json
The user’s email address.
The user’s password.
200 OK, application/json
Returns an AuthFirebase-compatible token object. Key fields:
Firebase response kind identifier.
Firebase UID of the authenticated user.
Authenticated user’s email.
User’s display name.
Firebase ID token (JWT) for use in
Authorization: Bearer headers.Long-lived refresh token for obtaining new ID tokens.
Seconds until the
idToken expires (typically 3600).true when the user was previously registered.