Users API

Endpoints for user management. Most endpoints require admin authentication.

List Users

Get a paginated list of users.

GET /api/users

Query Parameters:

Parameter	Type	Description
page	int	Page number (default: 1)
limit	int	Items per page (default: 20, max: 100)
search	string	Search by name or email
role	string	Filter by role

Response:

{
  "data": [
    {
      "id": 1,
      "email": "user@example.com",
      "name": "John Doe",
      "roles": ["ROLE_USER"],
      "notificationsEnabled": true,
      "emailNotificationsEnabled": true,
      "createdAt": "2024-01-15T10:30:00+00:00"
    }
  ],
  "meta": {
    "currentPage": 1,
    "totalPages": 5,
    "totalItems": 100,
    "itemsPerPage": 20
  }
}

Admin Only

This endpoint requires ROLE_ADMIN.

Get User

Get a single user by ID.

GET /api/users/{id}

Response:

{
  "id": 1,
  "email": "user@example.com",
  "name": "John Doe",
  "street": "123 Main St",
  "postalCode": "12345",
  "city": "Amsterdam",
  "country": "Netherlands",
  "roles": ["ROLE_USER"],
  "notificationsEnabled": true,
  "emailNotificationsEnabled": true,
  "profilePicture": "/api/user/profile-picture/abc123.jpg",
  "createdAt": "2024-01-15T10:30:00+00:00"
}

Update User

Update user information.

PATCH /api/users/{id}

Request Body:

{
  "name": "Jane Doe",
  "street": "456 Oak Ave",
  "postalCode": "54321",
  "city": "Rotterdam",
  "country": "Netherlands",
  "notificationsEnabled": false,
  "emailNotificationsEnabled": true
}

All fields are optional - only provided fields are updated.

Delete User

Delete a user account.

DELETE /api/users/{id}

Response: 204 No Content

Cascading Delete

Deleting a user will also delete:

• All products owned by the user
• All receipts for those products
• All warranty claims where user is customer
• All device tokens

Current User Endpoints

Get Current User

Get the authenticated user's profile.

GET /api/me

Response: Same as Get User

Update Current User

Update the authenticated user's profile.

PATCH /api/me

Request Body: Same as Update User

Delete Current User

Delete the authenticated user's account.

DELETE /api/me

Profile Picture

Upload Profile Picture

Upload a profile picture for the current user.

POST /api/user/profile-picture
Content-Type: multipart/form-data

Form Data:

Field	Type	Description
file	file	Image file (jpg, png, gif, webp)

Response:

{
  "profilePicture": "/api/user/profile-picture/abc123.jpg"
}

Get Profile Picture

Get a user's profile picture.

GET /api/user/profile-picture/{filename}

Response: Image file with appropriate content-type header.

User Roles

Role	Description
ROLE_USER	Default role, can manage own products and claims
ROLE_SUPPLIER	Can be assigned to claims and respond to customers
ROLE_ADMIN	Full access to all users, products, and claims

Role Hierarchy

• ROLE_ADMIN inherits all permissions from ROLE_SUPPLIER and ROLE_USER
• ROLE_SUPPLIER inherits permissions from ROLE_USER