Skip to main content
The Permissions Management system provides granular control over user access to features and data throughout AutoLog. Permissions are assigned per user and organized into functional groups.

Overview

Permissions are managed through the User Permissions Drawer (/components/Users/Permissions/UserPermissionsDrawer.jsx), which provides:
  • Group-based permission organization
  • Individual permission toggles
  • Search and filtering capabilities
  • Cascading permission logic (optional)
  • Real-time permission updates

Accessing Permission Management

1

Navigate to Users

Go to the User Management page
2

Select User

Click the three-dot menu on any user row
3

Open Permissions

Select Permissions from the dropdown menu
Only Admin users or users with asignar_permisos permission can manage permissions.

Permission Structure

Permissions are organized in a hierarchical structure: 
{
  "Vehiculos": [
    { nombre: "ver_vehiculos", descripcion: "View vehicles", asignado: true },
    { nombre: "crear_vehiculo", descripcion: "Create vehicles", asignado: false },
    { nombre: "editar_vehiculo", descripcion: "Edit vehicles", asignado: false }
  ],
  "Usuarios": [
    { nombre: "ver_usuarios", descripcion: "View users", asignado: true },
    { nombre: "crear_usuario", descripcion: "Create users", asignado: false }
  ]
}
Each permission includes:
nombre
string
required
Unique permission identifier (snake_case format)
descripcion
string
Human-readable description of what the permission grants
asignado
boolean
required
Whether the permission is currently assigned to the user

Permission Groups

Permissions are organized into functional groups for better management:

Standard Groups

Standard groups display all permissions as individual toggleable items:
  • Vehiculos - Vehicle management permissions
  • Usuarios - User management permissions
  • Clientes - Client management permissions
  • Inventario - Inventory permissions
  • Reportes - Reporting and analytics permissions
  • Configuraciones - System configuration permissions

Cascading Groups (Optional)

Cascading groups feature a master toggle that controls access to a feature set: 
const CASCADING_CONFIG = {
  Vehiculos: {
    isCascade: true,
    masterPermission: "gestion_vehiculos",
    titleKey: "permissions.groups.vehicles.title",
    descKey: "permissions.groups.vehicles.desc",
  }
}
Cascading Logic:
  1. Master toggle enables/disables the entire group
  2. When master is ON, sub-permissions become available
  3. When master is OFF, all sub-permissions are disabled
  4. Visual highlighting indicates active cascading groups
Cascading mode is currently disabled by default (isCascade: false). Enable it in the configuration to activate this behavior.

Managing Permissions

Assigning Individual Permissions

To grant or revoke a single permission:
  1. Open the permissions drawer for a user
  2. Find the permission in the list
  3. Toggle the switch to enable/disable
  4. Click Save Changes at the bottom
The search bar filters permissions by:
  • Permission name (nombre)
  • Permission description (descripcion)
  • Group name
Search results update in real-time as you type.

Master Toggle (Cascading Groups)

For groups with cascading enabled:
  1. Toggle the master switch in the group header
  2. When enabled, the group expands to show sub-permissions
  3. Individual sub-permissions can be fine-tuned
  4. Disabling the master toggle removes all group permissions

Bulk Operations

To efficiently manage multiple permissions:
  1. Use the search to filter relevant permissions
  2. Toggle multiple switches before saving
  3. Click Save Changes once to apply all changes
All permission changes are sent to the backend in a single request using updateUserPermissions(userId, permissionList).

Permission Refresh and Caching

The permissions service implements cache-busting to ensure fresh data: 
const timestamp = new Date().getTime();
const url = `${endpoints.getUserPermissions}${id}?t=${timestamp}`;
This prevents stale permission data from being displayed after updates.

Common Permission Sets

Basic User Permissions

Minimum permissions for standard users:
  • ver_vehiculos - View vehicle list
  • ver_clientes - View clients
  • ver_reportes - Access basic reports

Manager Permissions

Typical permissions for supervisors:
  • All Basic User permissions
  • crear_vehiculo - Add new vehicles
  • editar_vehiculo - Modify vehicle data
  • ver_usuarios - View team members
  • crear_reporte - Generate reports

Admin Permissions

Admin role users automatically have access to all features regardless of individual permission settings. Use the Admin role sparingly.
Admins typically have:
  • All Manager permissions
  • gestion_usuarios - Full user management
  • asignar_permisos - Manage permissions
  • editar_configuraciones - System settings
  • ver_paises, crear_paises, editar_paises - Location management
  • ver_ciudades, crear_ciudades, editar_ciudades - City management

Permission Checking in Application

The application uses the useAuth hook to check permissions: 
const { userData, hasPermiso } = useAuth();
const isAdmin = userData?.rol?.toLowerCase() === "admin";
const canEdit = isAdmin || hasPermiso("editar_vehiculo");
Permission Check Pattern:
  1. First check if user is Admin (bypass all checks)
  2. If not Admin, check specific permission via hasPermiso()
  3. Enable/disable UI elements based on result

UI States

Loading State

While fetching permissions:
  • Circular progress indicator displayed
  • Drawer content area shows centered spinner
  • Save button is disabled

Empty Search State

When search yields no results:
  • Filter icon with “No matches found” message
  • Suggestion to clear or modify search terms

Error State

If permission loading fails:
  • Error toast notification displayed
  • Message: “Failed to load permissions”
  • Drawer remains open for retry

Saving Changes

When clicking Save Changes:
1

Validation

System prepares the list of assigned permission names
2

API Request

Calls updateUserPermissions(userId, permissionArray) with payload:
{
  "id_usuario": 123,
  "permisos": ["ver_vehiculos", "crear_vehiculo", "editar_vehiculo"]
}
3

Success Handling

  • Success toast: “Permissions updated successfully”
  • Drawer closes automatically
  • Optional onUpdateSuccess callback fired
4

Error Handling

  • Error toast: “Failed to save permissions”
  • Drawer remains open
  • Changes preserved for retry

Permission Groups Reference

Vehicles (Vehiculos)

PermissionDescription
ver_vehiculosView vehicle list and details
crear_vehiculoAdd new vehicles to the system
editar_vehiculoModify existing vehicle information
eliminar_vehiculoDelete or archive vehicles
gestion_vehiculosMaster permission for all vehicle operations

Users (Usuarios)

PermissionDescription
ver_usuariosView user list
crear_usuarioCreate new user accounts
editar_usuarioModify user information
eliminar_usuarioDeactivate user accounts
restaurar_usuarioRestore deactivated users
asignar_permisosManage user permissions
gestion_usuariosMaster permission for user management

Locations (Administración)

PermissionDescription
ver_paisesView countries list
crear_paisesAdd new countries
editar_paisesModify country information
eliminar_paisesDelete countries
ver_ciudadesView cities list
crear_ciudadesAdd new cities
editar_ciudadesModify city information
eliminar_ciudadesDelete cities

Reports (Reportes)

PermissionDescription
ver_reportesAccess reporting interface
crear_reporteGenerate new reports
exportar_reporteExport reports to file formats

Settings (Configuraciones)

PermissionDescription
ver_configuracionesView system settings
editar_configuracionesModify system configuration

Best Practices

Permission Assignment Strategy
  1. Principle of Least Privilege: Grant only necessary permissions
  2. Role-Based Templates: Create standard permission sets for common roles
  3. Regular Audits: Review permissions quarterly
  4. Document Custom Permissions: Keep notes on non-standard assignments
  5. Test After Changes: Verify user can access expected features
Security Considerations
  • Never grant asignar_permisos to users who shouldn’t manage security
  • Review Admin role assignments regularly
  • Use cascading groups to simplify management while maintaining security
  • Monitor permission changes through activity logs
  • Immediately revoke permissions for departing users

Troubleshooting

User Can’t Access Feature After Permission Grant

  1. Verify permission was saved (check for success toast)
  2. Ask user to log out and log back in
  3. Check if feature requires multiple permissions
  4. Verify user’s role doesn’t conflict with permission

Permissions Not Loading

  1. Check network connection
  2. Verify user has asignar_permisos or Admin role
  3. Check browser console for API errors
  4. Ensure backend permission service is running

Changes Not Persisting

  1. Verify you clicked Save Changes button
  2. Check for error toasts during save
  3. Reload permissions drawer to verify
  4. Check backend logs for save failures

API Reference

Get User Permissions

getUserPermissions(userId)
Returns permission groups with assigned status for the specified user.

Update User Permissions

updateUserPermissions(userId, permissionArray)
Updates the permission set for a user. Parameters:
  • userId - User ID to update
  • permissionArray - Array of permission names (strings)
Example: 
await updateUserPermissions(123, [
  "ver_vehiculos",
  "crear_vehiculo",
  "editar_vehiculo"
]);

Build docs developers (and LLMs) love

Get started for freeTalk to us