The Roles section (/panel/configuracion/roles) lets you create and manage administrator accounts for the panel. Each account has a set of areas (permissions) that determine which sections of the panel it can access.
Records are stored in the admins table with role = 'admin' and deleted = false.
In this system, “Roles” refers to admin panel accounts — not to end-user roles (Student, Teacher, Tutor). Each record in the admins table is an administrator with their own permission set.
Available access areas
Areas are grouped into four categories:
Users
| Area | Key | Access |
|---|
| Teachers | users:teachers | /panel/usuarios/maestros |
| Tutors | users:tutors | /panel/usuarios/tutores |
| Students | users:students | /panel/usuarios/alumnos |
Classes
| Area | Key | Access |
|---|
| Classes | classes | /panel/clases |
System
| Area | Key | Access |
|---|
| Containment situations | system:contention | /panel/sistema/contencion |
| Questionnaire | system:questionnaire | /panel/sistema/cuestionario |
| Promotions | system:promotions | /panel/sistema/promociones |
| Logs | system:logs | /panel/sistema/logs |
Configuration
| Area | Key | Access |
|---|
| General | config:general | /panel/configuracion |
| Roles | config:roles | /panel/configuracion/roles |
| Backup | config:backup | /panel/configuracion/respaldo |
| Restore account | config:account-restore | /panel/configuracion/restaurar-cuentas |
If an administrator has all available areas enabled, the panel displays the label Full access instead of listing each permission individually.
Creating an administrator
Open the form
Click the Add button in the top-right corner of the Roles page.
Fill in personal information
- Name (required)
- Last name
- Email (required, must be unique)
- Phone (optional)
Select access areas
Check the boxes for the panel sections the new administrator should have access to. An administrator with no areas selected cannot see any section.
Save
The Save button is enabled when name and email have values. When created, the system automatically generates a temporary password and sends it to the specified email address.
Creation behavior
- If the email already exists and the record is marked
deleted: true, the account is reactivated with the new data.
- If the email already exists and
deleted: false, creation fails with a 409 Conflict error.
- A welcome email with the generated temporary password is sent on creation.
Create/update endpoint
POST /api/admin/create-update-role
Content-Type: multipart/form-data
| Field | Type | Description |
|---|
admin | JSON string | Administrator object |
{
"id": null,
"name": "Ana",
"last_name": "García",
"email": "ana@school.edu.mx",
"phone": "5551234567",
"areas": ["users:students", "classes", "system:logs"]
}
{
"id": "existing-uuid",
"name": "Ana",
"last_name": "García",
"email": "ana@school.edu.mx",
"phone": "5551234567",
"areas": ["users:students", "classes", "system:logs", "config:backup"]
}
{
"success": true,
"data": {
"id": "uuid",
"name": "Ana",
"last_name": "García",
"email": "ana@school.edu.mx",
"phone": "5551234567",
"areas": ["users:students", "classes", "system:logs"],
"deleted": false
}
}
Editing an administrator
Click the gear icon on the row. The modal opens with the current administrator data. Saving updates the row in real time. Editing does not change the administrator’s password.
Deleting an administrator
Click the trash icon and confirm in the alert dialog. The action is a soft-delete on the admins table (the record is marked deleted: true).
Delete endpoint
POST /api/admin/delete-role
Content-Type: multipart/form-data
| Field | Type | Description |
|---|
record | string (UUID) | ID of the administrator to delete |
Deleted administrators lose access to the panel immediately. The protected account admin@montero.com cannot be modified or deleted.
Required permissions
The administrator managing roles must have the config:roles area enabled in their own record.