Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/scooller/Leben-site/llms.txt

Use this file to discover all available pages before exploring further.

iLeben’s admin panel is protected by Laravel Sanctum session-based authentication, meaning panel users log in with an email and password rather than a bearer token. Role enforcement is handled by Spatie Laravel Permission (spatie/laravel-permission ^7.3), which attaches named roles to users and controls access at the resource, page, and action levels. Two roles are recognized by the application: admin (full access) and marketing (read-only catalog view). Users who do not hold either role are rejected by canAccessPanel() on the User model before they reach any Filament page.

Roles Overview

RolePanel AccessCreate / Edit / DeleteSiteSettingsUsuariosPagos & Tokens
admin
marketing
Role membership is checked via two complementary methods on User:
public function isAdmin(): bool
{
    return $this->hasRole('admin') || $this->user_type === 'admin';
}

public function isMarketing(): bool
{
    return $this->hasRole('marketing') || $this->user_type === 'marketing';
}
The user_type column acts as a fallback for installs that have not yet run Spatie’s role sync, so both mechanisms are checked in every gate.

User Fields

The users table and the User model expose the following fillable attributes:
FieldTypeNotes
namestringFull display name
emailstringUnique login credential
rutstringChilean tax ID, optional
phonestringContact phone number, optional
user_typestringRole field: admin, marketing, or cliente / customer
passwordhashed stringStored as bcrypt hash via Laravel’s hashed cast
The UserResource in Filament is restricted to admin users only — neither the navigation entry nor the canViewAny() gate is accessible to marketing users.

Creating the First Admin User

On a fresh install, no users exist. Use php artisan tinker to seed the first admin account before accessing the panel.
1

Open Tinker

php artisan tinker
2

Create the user and assign the admin role

$user = \App\Models\User::create([
    'name'      => 'Admin',
    'email'     => 'admin@ileben.cl',
    'user_type' => 'admin',
    'password'  => \Illuminate\Support\Facades\Hash::make('your-secure-password'),
]);

// Assign the Spatie role (run after migrations and after seeding roles)
$user->assignRole('admin');
3

Verify access

Navigate to /admin and log in with the credentials you just created.
Never commit real credentials to source control. In production, rotate the admin password immediately after the first login and store it in a password manager. The password field is protected by Laravel’s hashed cast, but the plaintext value must not appear in logs, .env files, or deployment scripts.

Export

The users table includes Filament’s ExportAction so admins can download a CSV of all user records. Like plant and payment exports, user exports are dispatched as queued jobs on the database queue, and a persistent notification appears in the Filament notification tray when the download is ready.
// Declared in UsersTable::configure()
ExportAction::make()
    ->exporter(UserExporter::class)

UserActivitiesPage

The panel ships a custom page — UserActivitiesPage — that extends the base AlizHarb\ActivityLog\Pages\UserActivitiesPage class. It renders a chronological audit trail for a specific user, showing every model change attributed to that account. Admins reach it through the Actividad action on a user record. The page also hosts a header action for importing contact submissions via CSV:
protected function getHeaderActions(): array
{
    return [
        ImportContactSubmissionsCsvAction::make()
            ->label('Importar contactos CSV'),
    ];
}
The import wizard lets operators select a contact channel first, then map CSV columns to canonical fields (rango_renta, apellido, phone, UTM parameters). A dedicated progress page (ContactImportProgress) tracks the job in real time from inside the panel.

API Tokens (PersonalAccessToken)

iLeben extends Sanctum’s PersonalAccessToken to add an authorized_url field and an active scope. These tokens are used by the external React frontend to authenticate API calls that require elevated data access (e.g., payment gateway configuration in GET /api/v1/site-config).
class PersonalAccessToken extends SanctumPersonalAccessToken
{
    protected $fillable = [
        'name',
        'token',
        'abilities',
        'authorized_url',  // URL the token is issued for
        'last_used_at',
        'expires_at',
    ];

    public function scopeActive(Builder $query): Builder
    {
        return $query->where(function (Builder $builder): void {
            $builder->whereNull('expires_at')
                ->orWhere('expires_at', '>', now());
        });
    }
}
Tokens are managed through the Tokens API resource in the Herramientas navigation group. Only admin users can view, create, or delete tokens. Editing is intentionally disabled (canEdit() returns false). The middleware on the public API endpoint uses PersonalAccessToken::findToken() (without relying on the session) to validate the bearer token and determine whether to expose sensitive payment gateway configuration in the site-config response.
Tokens with a non-null expires_at are automatically excluded by the active scope. Use the panel to revoke tokens immediately by deleting the record, or set expires_at to a past timestamp.

Build docs developers (and LLMs) love