The Roles API allows administrators to manage user roles and their associated permissions. Roles define what actions users can perform in the system.
All role endpoints require administrator privileges.
List Roles
Returns all available roles in the system with their permissions.
Response
Role name (e.g., ADMINISTRADOR, VENDEDOR)
Human-readable description of the role
Permission to create, update, and deactivate users
Permission to access reports and analytics
Permission to manage product catalog
Permission to process sales transactions
Permission to process returns and refunds
Dynamic permissions object for UI/menu access control. Structure: {"dashboard": true, "pos": true, "inventario": false}
Example
curl -X GET "https://api.torn.cl/api/roles/" \
-H "Authorization: Bearer YOUR_TOKEN"
[
{
"id": 1,
"name": "ADMINISTRADOR",
"description": "Administrador con acceso completo",
"can_manage_users": true,
"can_view_reports": true,
"can_edit_products": true,
"can_perform_sales": true,
"can_perform_returns": true,
"permissions": {
"dashboard": true,
"pos": true,
"inventario": true,
"reportes": true
}
},
{
"id": 2,
"name": "VENDEDOR",
"description": "Usuario de ventas",
"can_manage_users": false,
"can_view_reports": false,
"can_edit_products": true,
"can_perform_sales": true,
"can_perform_returns": false,
"permissions": {
"dashboard": false,
"pos": true,
"inventario": true,
"reportes": false
}
}
]
Get Role
Returns detailed information about a specific role.
Path Parameters
ID of the role to retrieve
Response
Returns a single role object with the same structure as the list endpoint.
Example
curl -X GET "https://api.torn.cl/api/roles/2" \
-H "Authorization: Bearer YOUR_TOKEN"
{
"id": 2,
"name": "VENDEDOR",
"description": "Usuario de ventas",
"can_manage_users": false,
"can_view_reports": false,
"can_edit_products": true,
"can_perform_sales": true,
"can_perform_returns": false,
"permissions": {
"dashboard": false,
"pos": true,
"inventario": true
}
}
Update Role
Updates the permissions and configuration of an existing role.
Path Parameters
Request Body
Updated description of the role
Permission to manage users
Permission to view reports
Permission to edit products
Permission to perform sales
Permission to perform returns
Dynamic permissions object for UI controls
All fields are optional. Only provided fields will be updated.
Response
Returns the updated role object.
Example
curl -X PUT "https://api.torn.cl/api/roles/2" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"description": "Vendedor con permisos de devoluciĆ³n",
"can_perform_returns": true,
"permissions": {
"dashboard": false,
"pos": true,
"inventario": true,
"devoluciones": true
}
}'
{
"id": 2,
"name": "VENDEDOR",
"description": "Vendedor con permisos de devoluciĆ³n",
"can_manage_users": false,
"can_view_reports": false,
"can_edit_products": true,
"can_perform_sales": true,
"can_perform_returns": true,
"permissions": {
"dashboard": false,
"pos": true,
"inventario": true,
"devoluciones": true
}
}
Permission Structure
The permissions field allows for flexible, granular control over UI elements and features:
Common Permission Keys
dashboard - Access to analytics dashboardpos - Point of Sale interfaceinventario - Inventory managementreportes - Reports and analyticscaja - Cash session managementconfiguracion - System configurationdevoluciones - Returns and refundscompras - Purchase management
Example Use Cases
Store Manager Role:
{
"can_manage_users": false,
"can_view_reports": true,
"can_edit_products": true,
"can_perform_sales": true,
"can_perform_returns": true,
"permissions": {
"dashboard": true,
"pos": true,
"inventario": true,
"reportes": true,
"caja": true
}
}
{
"can_manage_users": false,
"can_view_reports": false,
"can_edit_products": false,
"can_perform_sales": true,
"can_perform_returns": false,
"permissions": {
"pos": true,
"caja": true
}
}