User Management APIs
These endpoints handle user CRUD operations and profile management.
GET/POST/PUT/DELETE /api/users
Full user management CRUD. Used by the admin user management page.
Authentication: None (intended for admin access, protected by middleware at the page level)
File: src/app/api/users/route.ts
GET — List all users
Response:
{
"status": 200,
"data": [
{
"_id": "...",
"name": "John Doe",
"email": "john@bahri.sa",
"role": "user",
"department": "engineering",
"access": "standard"
}
]
}
POST — Create a user
Request body:
{
"email": "jane@bahri.sa",
"password": "initialPassword",
"name": "Jane Smith",
"department": "operations",
"access": "standard",
"role": "user"
}
- Checks for duplicate email addresses
- Hashes the password with bcrypt before storage
- Returns status
201on success
PUT — Update a user
Request body:
{
"_id": "userId",
"name": "Jane Smith Updated",
"department": "fleet",
"role": "admin"
}
- Re-hashes password only if it has changed
- Other fields are updated directly
DELETE — Delete a user
Request body:
{
"_id": "userId"
}
Permanently removes the user from the database.
GET /api/user
Gets the current user's full profile with populated MOC/action references.
Authentication: Required
File: src/app/api/user/route.tsx
Response: User document with deeply populated chain: actions → moc_id → originator_form + originator_id.
PATCH /api/user
Updates the current user's profile.
Authentication: Required
File: src/app/api/user/route.tsx
Request body: Partial user fields to update.
GET /api/UserFromDatabase
Gets the current user's full document from the database.
Authentication: Required
File: src/app/api/UserFromDatabase/route.tsx
Response:
{
"user": { ... },
"status": 200
}
PUT /api/UserFromDatabase
Updates the current user's document in the database.
Authentication: Required
File: src/app/api/UserFromDatabase/route.tsx
Request body: User fields to update. Uses $set with runValidators: true.