> For the complete documentation index, see [llms.txt](https://senselab.gitbook.io/senselab-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://senselab.gitbook.io/senselab-docs/docs/diagrams/07-matriz-rbac-seguridad.md).
# Matriz de Seguridad RBAC β Control de Acceso
> 68 permisos granulares distribuidos en 8 roles sistΓ©micos y 18 mΓ³dulos.
## Mapa de Acceso por Rol
```
π’ = CVED (Crear, Ver, Editar, Eliminar) π‘ = Solo Ver π΄ = Sin acceso
```
| MΓ³dulo | Super Admin | Administrador | Gerente | Contador | Vendedor | Comprador | Bodeguero | Usuario |
| ------------------ | :---------: | :-----------: | :-----: | :------: | :------: | :-------: | :-------: | :-----: |
| **Empresas** | π’ CVED | π’ CVED | π‘ V | π΄ | π΄ | π΄ | π΄ | π΄ |
| **Sucursales** | π’ CVED | π’ CVED | π‘ V | π΄ | π΄ | π΄ | π΄ | π΄ |
| **Usuarios** | π’ CVED | π’ CVED | π‘ VE | π΄ | π΄ | π΄ | π΄ | π΄ |
| **Roles** | π’ CVED | π’ CVED | π‘ V | π΄ | π΄ | π΄ | π΄ | π΄ |
| **Productos** | π’ CVED | π’ CVED | π’ CVED | π‘ V | π‘ V | π‘ VE | π’ CVED | π‘ V |
| **Clientes** | π’ CVED | π’ CVED | π’ CVED | π‘ V | π’ CVED | π΄ | π΄ | π‘ V |
| **Proveedores** | π’ CVED | π’ CVED | π’ CVED | π‘ V | π΄ | π’ CVED | π‘ V | π΄ |
| **Inventario** | π’ CVED | π’ CVED | π’ CVED | π‘ V | π΄ | π‘ VE | π’ CVED | π΄ |
| **Ventas** | π’ CVED | π’ CVED | π’ CVED | π‘ V | π’ CVED | π΄ | π΄ | π‘ V |
| **Compras** | π’ CVED | π’ CVED | π’ CVED | π‘ V | π΄ | π’ CVED | π‘ V | π΄ |
| **Contabilidad** | π’ CVED | π’ CVED | π‘ V | π’ CVED | π΄ | π΄ | π΄ | π΄ |
| **NΓ³mina** | π’ CVED | π’ CVED | π‘ V | π’ CVED | π΄ | π΄ | π΄ | π΄ |
| **Cuentas Cobrar** | π’ CVED | π’ CVED | π‘ V | π’ CVED | π‘ V | π΄ | π΄ | π΄ |
| **Cuentas Pagar** | π’ CVED | π’ CVED | π‘ V | π’ CVED | π΄ | π‘ V | π΄ | π΄ |
| **FacturaciΓ³n** | π’ CVED | π’ CVED | π‘ V | π’ CVED | π’ CVE | π΄ | π΄ | π΄ |
| **Reportes** | π’ CVED | π’ CVED | π’ CVED | π’ CVED | π‘ V | π‘ V | π‘ V | π‘ V |
| **ConfiguraciΓ³n** | π’ CVED | π’ CVED | π‘ V | π΄ | π΄ | π΄ | π΄ | π΄ |
| **Webhooks** | π’ CVED | π’ CVED | π‘ V | π΄ | π΄ | π΄ | π΄ | π΄ |
## Diagrama de Relaciones RBAC
```mermaid
graph TD
subgraph AUTH["π AutenticaciΓ³n"]
SANCTUM["Laravel Sanctum
Bearer Token"]
end
subgraph LAYER1["π‘οΈ Capa 1 β Middleware HTTP"]
MW["CheckPermission Middleware
Route::middleware('permission:ver-ventas')"]
end
subgraph LAYER2["π Capa 2 β Policy Authorization"]
BP["BasePolicy
βββββββββββ
view() β 'ver-{modulo}'
create() β 'crear-{modulo}'
update() β 'editar-{modulo}'
delete() β 'eliminar-{modulo}'"]
end
subgraph CACHE_LAYER["β‘ Cache Redis"]
PCACHE["cache:permisos:{empresa}:{usuario}
TTL: 1 hora
Hit Rate: 95%"]
end
subgraph DB_LAYER["ποΈ Base de Datos"]
U["Usuario"] --> RU["roles_usuarios"]
RU --> R["Rol"]
R --> RP["roles_permisos"]
RP --> P["Permiso
βββ
68 permisos
18 mΓ³dulos Γ 4 acciones"]
end
SANCTUM --> MW
MW --> BP
MW --> PCACHE
PCACHE -.->|miss| DB_LAYER
BP --> PCACHE
style AUTH fill:#1a472a,stroke:#2ecc71,color:#fff
style LAYER1 fill:#1a3a5c,stroke:#3498db,color:#fff
style LAYER2 fill:#4a1a5c,stroke:#9b59b6,color:#fff
style CACHE_LAYER fill:#5c3a1a,stroke:#e67e22,color:#fff
```
## Enforcement en Doble Capa
### Capa 1 β Middleware (HTTP Request)
```php
// routes/api/ventas.php
Route::middleware(['auth:sanctum', 'permission:ver-ventas'])
->get('/ventas', [VentaController::class, 'index']);
```
### Capa 2 β Policy (Controller/Blade)
```php
// app/Policies/VentaPolicy.php
class VentaPolicy extends BasePolicy {
protected $permission = 'ventas';
// Hereda: viewβ'ver-ventas', createβ'crear-ventas', etc.
}
```
### Cache de Permisos
```php
// Cache invalidation vΓa Observer en RolPermiso
cache:permisos:{empresa_id}:{usuario_id} β Set(68 permisos)
// TTL: 1 hora | Hit rate: 95%
```
## 80 Policies Implementadas
Una Policy por modelo principal, todas extienden `BasePolicy`:
| CategorΓa | Policies | MΓ³dulo |
| -------------- | ----------------------------------------------------------------------- | --------------- |
| **Admin** | EmpresaPolicy, SucursalPolicy, UsuarioPolicy, RolPolicy | AdministraciΓ³n |
| **Maestros** | ProductoPolicy, ClientePolicy, ProveedorPolicy, CategoriaPolicy | CatΓ‘logos |
| **Operativo** | VentaPolicy, CompraPolicy, InventarioPolicy | Operaciones |
| **Financiero** | ContabilidadPolicy, NominaPolicy, CuentaCobrarPolicy, CuentaPagarPolicy | Finanzas |
| **FE** | ComprobantePolicy, FacturacionPolicy | Hacienda |
| **Sistema** | ReportePolicy, ConfiguracionPolicy, WebhookPolicy | Infraestructura |
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://senselab.gitbook.io/senselab-docs/docs/diagrams/07-matriz-rbac-seguridad.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.