Documentation Index Fetch the complete documentation index at: https://mintlify.com/scoria02/marbes2021_backend/llms.txt
Use this file to discover all available pages before exploring further.
Marbes uses a role-based access control (RBAC) model. Roles are named groups (for example, admin or analista) that carry a set of permissions. Employees can hold multiple roles simultaneously. All endpoints in this section require a valid JWT bearer token.
The typical workflow is:
Create a role with POST /api/rrhh/roles.
Assign permissions to it with POST /api/rrhh/roles/permisos.
Assign roles to an employee with PUT /api/rrhh/user/roles/editar.
Inspect the effective permissions of any role with GET /api/rrhh/roles/:rolNombre/analisis.
List all roles GET /api/rrhh/rolesReturns every role registered in the system.
curl -X GET "https://api.marbes.org/api/rrhh/roles" \ -H "Authorization: Bearer {token}"
[ { "id" : "rol-uuid-001" , "nombre" : "admin" , "descripcion" : "Acceso completo al sistema" , "activo" : true , "created_at" : "2024-01-10T09:00:00Z" }, { "id" : "rol-uuid-002" , "nombre" : "analista" , "descripcion" : "Acceso de solo lectura a reportes" , "activo" : true , "created_at" : "2024-02-01T11:00:00Z" } ]
{ "message" : "Error interno del servidor." }
Create role POST /api/rrhh/rolesCreates a new role. The nombre field must be unique.
Unique name for the role (e.g., "analista", "gerente").
Human-readable description of what the role grants.
curl -X POST "https://api.marbes.org/api/rrhh/roles" \ -H "Authorization: Bearer {token}" \ -H "Content-Type: application/json" \ -d '{ "nombre": "gerente", "descripcion": "Gestión de equipo y aprobaciones" }'
{ "success" : true , "message" : "Rol creado exitosamente" , "data" : { "id" : "rol-uuid-003" , "nombre" : "gerente" , "descripcion" : "Gestión de equipo y aprobaciones" , "activo" : true , "created_at" : "2024-05-06T12:00:00Z" } }
{ "success" : false , "message" : "El nombre del rol es requerido" }
List all permissions GET /api/rrhh/permisosReturns the full catalogue of permissions available for assignment.
curl -X GET "https://api.marbes.org/api/rrhh/permisos" \ -H "Authorization: Bearer {token}"
[ { "id" : "perm-uuid-001" , "nombre" : "ver_empleados" , "descripcion" : "Permite listar y ver detalles de empleados" , "modulo" : "rrhh" }, { "id" : "perm-uuid-002" , "nombre" : "editar_empleados" , "descripcion" : "Permite modificar datos de empleados" , "modulo" : "rrhh" } ]
Get permissions for the authenticated user GET /api/rrhh/permisosbyuserReturns the effective permissions for the currently authenticated employee. Optionally accepts a userId query parameter to inspect another user’s permissions.
UUID of the employee to inspect. Defaults to the authenticated user when omitted.
cURL
cURL (specific user)
JavaScript
curl -X GET "https://api.marbes.org/api/rrhh/permisosbyuser" \ -H "Authorization: Bearer {token}"
List of permissions the employee currently holds. Human-readable description.
Module the permission belongs to.
{ "success" : true , "permisos" : [ { "id" : "perm-uuid-001" , "nombre" : "ver_empleados" , "descripcion" : "Permite listar y ver detalles de empleados" , "modulo" : "rrhh" } ] }
Update employee roles PUT /api/rrhh/user/roles/editarReplaces the full set of roles assigned to an employee. The authenticated user is recorded as asignado_por.
UUID of the employee whose roles should be updated.
Array of role names to assign. Must contain at least one entry. Example: ["admin", "analista"].
curl -X PUT "https://api.marbes.org/api/rrhh/user/roles/editar?userId=a1b2c3d4-e5f6-7890-abcd-ef1234567890" \ -H "Authorization: Bearer {token}" \ -H "Content-Type: application/json" \ -d '{ "roles": ["analista", "gerente"] }'
The updated list of role assignments for the employee. Whether the role is active.
ISO 8601 timestamp of the assignment.
UUID of the employee who made the assignment.
{ "success" : true , "data" : [ { "id" : "rol-uuid-002" , "nombre" : "analista" , "descripcion" : "Acceso de solo lectura a reportes" , "activo" : true , "fecha_asignacion" : "2024-05-06T14:00:00Z" , "asignado_por" : "editor-uuid-001" } ] }
{ "success" : false , "message" : "Debe proporcionar al menos un rol" }
{ "success" : false , "message" : "Usuario no autenticado" }
Assign permissions to a role POST /api/rrhh/roles/permisosAssigns one or more permissions to an existing role. The authenticated user is recorded as asignado_por. Sending this request replaces only the permissions included in permiso_ids; it does not remove previously assigned permissions unless they are explicitly excluded.
UUID of the role that will receive the permissions.
Array of permission UUIDs to assign. Must contain at least one entry.
curl -X POST "https://api.marbes.org/api/rrhh/roles/permisos" \ -H "Authorization: Bearer {token}" \ -H "Content-Type: application/json" \ -d '{ "role_id": "rol-uuid-002", "permiso_ids": ["perm-uuid-001", "perm-uuid-002"] }'
{ "success" : true , "message" : "Permisos asignados exitosamente" , "asignados" : 2 }
{ "success" : false , "message" : "role_id y permiso_ids son requeridos" }
{ "success" : false , "message" : "Usuario no autenticado" }
Analyze role permissions GET /api/rrhh/roles/:rolNombre/analisisReturns a detailed breakdown of all permissions held by a named role, including metadata about when each permission was assigned and by whom.
The name of the role to analyze (e.g., admin, analista).
curl -X GET "https://api.marbes.org/api/rrhh/roles/admin/analisis" \ -H "Authorization: Bearer {token}"
Permissions assigned to the role. Module the permission belongs to.
When the permission was assigned.
{ "success" : true , "rol" : { "id" : "rol-uuid-001" , "nombre" : "admin" , "descripcion" : "Acceso completo al sistema" }, "permisos" : [ { "id" : "perm-uuid-001" , "nombre" : "ver_empleados" , "modulo" : "rrhh" , "fecha_asignacion" : "2024-03-01T09:00:00Z" , "asignado_por" : "editor-uuid-001" }, { "id" : "perm-uuid-002" , "nombre" : "editar_empleados" , "modulo" : "rrhh" , "fecha_asignacion" : "2024-03-01T09:00:00Z" , "asignado_por" : "editor-uuid-001" } ] }
{ "success" : false , "message" : "Nombre del rol es requerido" }
{ "success" : false , "message" : "Error interno del servidor" }