Skip to main content

Overview

Sistema de Abogados implements a role-based access control system with four distinct user types, each with specific capabilities and access levels. This structure ensures that users can only access the functionality relevant to their role within the legal practice.

User Role Hierarchy

Admin Role

Administrator

Full system access with complete control over users, roles, permissions, and all application features.

Capabilities

Administrators have unrestricted access to all system functionality:
  • User Management: Create, edit, and delete users (except other admins)
  • Role Management: Create, modify, and delete roles
  • Permission Management: Create and assign permissions to roles and users
  • All Data Access: Full access to cases, conciliations, clients, and documents
  • System Configuration: Manage system-wide settings and configurations

Admin-Exclusive Routes

The following routes are only accessible to users with the admin role:
routes/web.php
Route::middleware(['auth', 'role:admin'])->name('admin.')->prefix('admin')->group(function() {
    Route::get('/', [IndexController::class, 'index'])->name('index');
    
    // Role Management
    Route::resource('/roles', RoleController::class);
    Route::post('/roles/{role}/permissions', [RoleController::class, 'givePermission']);
    Route::delete('/roles/{role}/permissions/{permission}', [RoleController::class, 'revokePermission']);
    
    // Permission Management
    Route::resource('/permissions', PermissionController::class);
    Route::post('/permissions/{permission}/roles', [PermissionController::class, 'assignRole']);
    Route::delete('/permissions/{permission}/roles/{role}', [PermissionController::class, 'removeRole']);
    
    // User Management
    Route::resource('/users', UserController::class);
    Route::post('/users/{user}/roles', [UserController::class, 'assignRole']);
    Route::delete('/users/{user}/roles/{role}', [UserController::class, 'removeRole']);
    Route::post('/users/{user}/permissions', [UserController::class, 'givePermission']);
    Route::delete('/users/{user}/permissions/{permission}', [UserController::class, 'revokePermission']);
});

Admin Seeder

The default admin user is created during database seeding:
database/seeders/AdminSeeder.php
public function run()
{
    User::create([
        'name' => 'admin',
        'email' => '[email protected]',
        'email_verified_at' => now(),
        'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi',
    ])->assignRole('writer', 'admin');
}
Admin users are protected from deletion. The system prevents deleting users with the admin role to maintain system integrity.

Encargado Role

Case Manager (Encargado)

Senior staff member with comprehensive access to both case management and conciliation processes.

Capabilities

Encargados serve as case managers with broad access:
  • Case Management: Full CRUD access to legal cases (casos)
  • Conciliation Management: Complete access to conciliation processes (conciliación)
  • Expediente Management: Manage conciliation expedientes and documentation
  • Client Management: Create and manage client records
  • Activity Scheduling: Create and manage activities for both cases and conciliations
  • Document Management: Upload and manage case and expediente documents

Encargado Routes

Encargados have access to the following route groups:
routes/web.php
Route::middleware(['auth', 'role:encargado|admin|asistente|abogado'])
    ->name('clientes.')
    ->prefix('clientes')
    ->group(function() {
        Route::resource('/', ClienteController::class);
        // Full client CRUD operations
    });
routes/web.php
Route::middleware(['auth', 'role:encargado|admin|asistente'])
    ->name('conciliacion.')
    ->prefix('conciliacion')
    ->group(function() {
        Route::resource('/submaterias', SubmateriaController::class);
        Route::resource('/invitado', InvitadoConciliacionController::class);
        Route::resource('/conciliador', ConciliadorController::class);
        Route::resource('/expediente', ExpedienteController::class);
    });
routes/web.php
Route::middleware(['auth', 'role:encargado|admin|abogado'])
    ->name('caso.')
    ->prefix('caso')
    ->group(function() {
        Route::resource('/caso', CasosController::class);
        Route::resource('/tipoProceso', TipoProcesoController::class);
        Route::resource('/parteContraria', ParteContrariaController::class);
    });
routes/web.php
// General activities (all authenticated users)
Route::middleware(['auth', 'verified'])
    ->name('agenda.')
    ->prefix('agenda')
    ->group(function() {
        Route::resource('/actividad', ActividadController::class);
    });

// Conciliation activities
Route::middleware(['auth', 'role:encargado|admin|asistente'])
    ->name('agenda.')
    ->prefix('agenda')
    ->group(function() {
        Route::resource('/actividadConciliacion', ActividadConciliacionController::class);
    });

// Case activities
Route::middleware(['auth', 'role:encargado|admin|abogado'])
    ->name('agenda.')
    ->prefix('agenda')
    ->group(function() {
        Route::resource('/actividadCaso', ActividadCasoController::class);
    });

Asistente Role

Assistant (Asistente)

Support staff focused on conciliation processes and administrative tasks.

Capabilities

Asistentes provide administrative support for conciliation:
  • Conciliation Support: Full access to conciliation processes
  • Expediente Management: Create and manage conciliation expedientes
  • Client Management: View and manage client information
  • Document Management: Handle expediente documentation
  • Conciliation Activities: Schedule and manage conciliation-related activities
  • Submateria Management: Manage conciliation subject matters
  • Invitado Management: Manage invited parties to conciliation

Asistente Routes

Asistentes share conciliation routes with Encargados and Admins:
  • Expediente management (/conciliacion/expediente)
  • Submateria management (/conciliacion/submaterias)
  • Invitado management (/conciliacion/invitado)
  • Conciliador management (/conciliacion/conciliador)
  • Expediente documents and file management
Full client management alongside other roles:
Route::middleware(['auth', 'role:encargado|admin|asistente|abogado'])
    ->name('clientes.')
    ->prefix('clientes')
    ->group(function() {
        Route::get('/', [ClienteController::class, 'index']);
        Route::get('/{cliente}', [ClienteController::class, 'show']);
        // Full CRUD operations
    });
Access to general activities and conciliation-specific activities:
  • General activities (/agenda/actividad)
  • Conciliation activities (/agenda/actividadConciliacion)
Asistentes do not have access to case (caso) management routes, which are reserved for Encargados, Admins, and Abogados.

Abogado Role

Lawyer (Abogado)

Licensed attorney with access to case management and client interaction.

Capabilities

Abogados focus on legal case management:
  • Case Management: Full CRUD access to legal cases
  • Client Management: View and manage client records
  • Process Types: Manage tipos de proceso (process types)
  • Opposing Parties: Manage partes contrarias (opposing parties)
  • Case Documents: Upload and manage case documentation
  • Case Activities: Schedule and track case-related activities
  • Calendar Access: View and manage activity calendar

Abogado Routes

Full access to case management routes:
routes/web.php
Route::middleware(['auth', 'role:encargado|admin|abogado'])
    ->name('caso.')
    ->prefix('caso')
    ->group(function() {
        Route::resource('/caso', CasosController::class);
        Route::post('/caso/{caso}/procesos', [CasosController::class, 'assignProceso']);
        Route::post('/caso/{caso}/p_contrarias', [CasosController::class, 'assignPContraria']);
        // Case document management routes
    });
Shared client access with all other roles:
  • View client list
  • Create new clients
  • Edit client information
  • View client details
  • Search clients
Access to general activities and case-specific activities:
// Case activities
Route::middleware(['auth', 'role:encargado|admin|abogado'])
    ->name('agenda.')
    ->prefix('agenda')
    ->group(function() {
        Route::resource('/actividadCaso', ActividadCasoController::class);
    });
Abogados do not have access to conciliation (conciliación) routes, which are reserved for Encargados, Admins, and Asistentes.

Role Comparison Matrix

FeatureAdminEncargadoAsistenteAbogado
User Management
Role Management
Permission Management
Case Management
Conciliation Management
Client Management
Expediente Management
Case Activities
Conciliation Activities
General Activities
Calendar Access
Profile Management

Common Routes (All Authenticated Users)

Some routes are available to all authenticated users regardless of role:
routes/web.php
// Dashboard
Route::middleware(['auth', 'verified'])->name('dashboard')->prefix('dashboard')->group(function() {
    Route::get('/', [indexController::class, 'dashboard']);
    Route::get('/', [indexController::class, 'dashCalendar']);
});

// Calendar
Route::middleware(['auth', 'verified'])->name('agenda.')->prefix('agenda')->group(function() {
    Route::get('/calendar', [CalendarController::class, 'index'])->name('calendar.index');
});

// Profile Management
Route::middleware('auth')->group(function () {
    Route::get('/profile', [ProfileController::class, 'edit'])->name('profile.edit');
    Route::patch('/profile', [ProfileController::class, 'update'])->name('profile.update');
    Route::delete('/profile', [ProfileController::class, 'destroy'])->name('profile.destroy');
});

// General Activities
Route::middleware(['auth', 'verified'])->name('agenda.')->prefix('agenda')->group(function() {
    Route::resource('/actividad', ActividadController::class);
});

Assigning Roles

Only administrators can assign roles to users. See the Roles and Permissions guide for detailed instructions on role assignment.
1

Admin Access Required

Log in as a user with the admin role
2

Navigate to User Management

Go to /admin/users to view all users
3

Select User

Click on a user to view their role management page
4

Assign Role

Select the appropriate role and submit the assignment

Best Practices

Single Role Assignment

Typically, assign one primary role per user based on their job function

Principle of Least Privilege

Grant the minimum role necessary for users to perform their duties

Regular Reviews

Periodically review user roles to ensure they align with current responsibilities

Role Documentation

Document role assignments and reasons for any exceptions or multiple roles

See Also

Roles and Permissions

Learn how to manage roles, permissions, and access control

Authentication

Understand authentication flows and session management

Build docs developers (and LLMs) love

Get started for freeTalk to us