Skip to main content

Get by ID

Retrieve details of a specific restriction rule.

Endpoint

GET /api/v1/restrictions/:id
Authorization: Authenticated users (ADMIN, VENTANA, VENDEDOR)

Path Parameters

id
string
required
UUID of the restriction rule

Response

success
boolean
Indicates if the request was successful
data
object
Restriction rule details (see List endpoint for full schema)

Example

curl -X GET "https://api.example.com/api/v1/restrictions/550e8400-e29b-41d4-a716-446655440000" \
  -H "Authorization: Bearer YOUR_TOKEN"

My Restrictions (Vendedor View)

Get all effective restrictions for the authenticated vendedor, including inherited rules from ventana and banca.

Endpoint

GET /api/v1/restrictions/me
Authorization: Authenticated users (ADMIN, VENTANA, VENDEDOR)
Hierarchical resolution: Returns both general (banca/ventana-level) and user-specific restrictions with proper priority sorting.

Query Parameters

vendedorId
string
Impersonation: Specify vendedor UUID to view their restrictions
  • ADMIN: Can query any vendedor
  • VENTANA: Can query vendedores in their ventana only
  • VENDEDOR: Parameter is ignored, always returns own restrictions

Response

success
boolean
Indicates if the request was successful
data
object
Effective restrictions organized by scope

Examples

curl -X GET "https://api.example.com/api/v1/restrictions/me" \
  -H "Authorization: Bearer YOUR_TOKEN"

Response Example

{
  "success": true,
  "data": {
    "general": [
      {
        "id": "rule-banca-1",
        "bancaId": "banca-uuid",
        "ventanaId": null,
        "userId": null,
        "number": null,
        "maxTotal": 50000,
        "salesCutoffMinutes": 10,
        "loteriaId": "loteria-uuid",
        "priority": 1,
        "isActive": true
      },
      {
        "id": "rule-ventana-1",
        "bancaId": null,
        "ventanaId": "ventana-uuid",
        "userId": null,
        "number": "25",
        "maxAmount": 4000,
        "priority": 10,
        "isActive": true
      }
    ],
    "vendorSpecific": [
      {
        "id": "rule-user-1",
        "bancaId": null,
        "ventanaId": null,
        "userId": "vendedor-uuid",
        "number": "25",
        "maxAmount": 3000,
        "priority": 100,
        "message": "Límite especial para este vendedor",
        "isActive": true
      }
    ]
  }
}

Priority Resolution

When multiple rules match a bet:
  1. User-specific rules (priority 100) are checked first
  2. Ventana rules (priority 10) are checked next
  3. Banca rules (priority 1) are checked last
First matching rule wins - lower priority rules are ignored.

Implementation Details

From src/api/v1/controllers/restrictionRule.controller.ts:93-230: 
async myRestrictions(req: AuthenticatedRequest, res: Response) {
  const me = req.user!;
  const { vendedorId } = req.query as any;

  // Build auth context
  const context: AuthContext = {
    userId: me.id,
    role: me.role,
    ventanaId: me.ventanaId,
    bancaId: req.bancaContext?.bancaId || null,
  };

  // Apply RBAC filters to validate vendedorId permission
  const effectiveFilters = await applyRbacFilters(context, { vendedorId });
  const effectiveVendorId = effectiveFilters.vendedorId || me.id;

  // Fetch vendedor context if impersonating
  let effectiveBancaId = req.bancaContext?.bancaId || null;
  let effectiveVentanaId = me.ventanaId || null;

  if (effectiveVendorId !== me.id) {
    const vendor = await prisma.user.findUnique({
      where: { id: effectiveVendorId },
      select: {
        ventanaId: true,
        ventana: { select: { bancaId: true } },
      },
    });

    if (vendor) {
      effectiveVentanaId = vendor.ventanaId;
      effectiveBancaId = vendor.ventana?.bancaId || null;
    }
  }

  // Fetch effective restrictions
  const result = await RestrictionRuleService.forVendor(
    effectiveVendorId,
    effectiveBancaId,
    effectiveVentanaId
  );

  res.json({ success: true, data: result });
}

Use Cases

Cache effective restrictions client-side to show real-time limit warnings:
const { data } = await fetch('/api/v1/restrictions/me');
localStorage.setItem('myRestrictions', JSON.stringify(data));
Check what restrictions a specific vendedor sees:
GET /api/v1/restrictions/me?vendedorId=problem-vendor-uuid
VENTANA users can check restrictions for their team:
vendedores.forEach(async (v) => {
  const res = await fetch(`/api/v1/restrictions/me?vendedorId=${v.id}`);
  console.log(`${v.name} restrictions:`, res.data);
});

Error Responses

{
  "success": false,
  "error": "Restriction rule not found",
  "code": "NOT_FOUND"
}

List Restrictions

View all restriction rules

Create Restriction

Create new restriction rule

Update Restriction

Modify existing rule

Build docs developers (and LLMs) love

Get started for freeTalk to us