User Management Procedures
This guide provides step-by-step instructions for managing users in the BT Management system. These actions are typically performed by Super Admins via the Internal Admin Dashboard or API.
1. Creating New Users
While users can self-register via the public endpoint (POST /users), admins can manually create users via the API or Dashboard.
Via API
Endpoint: POST /users
Payload:
{
"email": "gabay@shul.com",
"name": "Gabay Cohen",
"password": "temporary-password-123",
"role": "User"
}
2. Managing User Roles
Roles determine the permission set for a user. The default role for new sign-ups is User.
Assigning a Role
To change a user's role (e.g., promoting to Manager):
Endpoint: PATCH /users/:id/assign-role
Payload:
{
"role": "Admin" // or "Manager", "User"
}
The system verifies the requester has MANAGE_USERS permission.
3. Account Security & Maintenance
Resetting Passwords
If a user forgets their password and cannot use the self-service flow:
Endpoint: PATCH /users/:id/reset-password
Payload:
{
"newPassword": "new-secure-password"
}
Note: The system logs this action in the Audit Log for security tracking.
Deactivating a User
To temporarily ban or deactivate a user without deleting their data:
Endpoint: PATCH /users/:id/toggle-status
- Toggles the
isActiveflag. - Inactive users strictly cannot log in (
LocalAuthGuardchecks this). - Existing sessions (JWTs) remain valid until expiry unless blacklisted (future feature).
4. Deleting Users
Deleting a user is a destructive action.
Endpoint: DELETE /users/:id
- Removes the user record.
- Cascading Deletes: Depending on the Prisma schema
onDelete: Cascadesettings, this may delete associated tenant data. - Recommendation: Prefer deactivating (
toggle-status) over deleting unless strictly necessary (e.g. GDPR request).