Logotipo Hedhog

Get Hedhog updates in your inbox

New releases, fresh recipes, and breaking changes — no spam.

Back to Core modulesWired in CoreModule
user module screenshot

Core Submodule

user

Manages users, avatars and role/menu/route assignments.

Source path: libraries/core/src/user

Module file: user.module.ts

Introduction

The User submodule handles the administrative side of user account management: creation, profile updates, avatar handling, role assignment, permission inspection, and identifier verification. It is intentionally separated from the Profile submodule, which handles self-service operations by authenticated users on their own accounts, enforcing the principle of least privilege at the API boundary.

Administrators holding the admin or admin-user role can create new accounts with a name, email, and initial password. Account updates allow changing the display name. Password resets set a new password on behalf of the user without requiring the current password, useful for locked-out accounts and onboarding flows where the initial credential must be reset immediately. Deletion via DELETE /user permanently removes accounts with no soft-delete option.

User avatars are stored via the File submodule. POST /user/:userId/avatar accepts a multipart image, stores it, and links the resulting File record to the user. The avatar is then publicly accessible at GET /user/avatar/:fileId without authentication, enabling embedding in email templates, public-facing profiles, and third-party integrations. Profile owners can also manage their own avatar through PUT /profile/avatar in the Profile submodule.

Role assignment can be managed from the user side: POST /user/:userId/role/:roleId assigns a single role and DELETE /user/:userId/role/:roleId revokes it. GET /user/:userId/role lists all roles currently held by a user. These endpoints complement the Role submodule's batch-replacement approach — both paths write to the same join table and can be used interchangeably.

The permission inspection endpoints GET /user/:userId/menu and GET /user/:userId/route return the effective set of menu entries and HTTP routes accessible to a specific user, computed from the union of all assigned roles. These are used by the admin panel to display an accurate summary of what a user can do without requiring the admin to manually union multiple role definitions.

User identifiers (email addresses) go through a verification flow by default. POST /user/:userId/verify-identifier/:identifierId allows admins to force-mark an identifier as verified, bypassing the email confirmation step. This is useful for seeding test users, migrating accounts from legacy systems, or resolving support escalations where the user cannot access the verification email.

HTTP Endpoints

14 endpoints

List all users with pagination.

Query
page, pageSize, search

Get user details by ID.

Params
userId (int)

Serve a user's avatar image publicly.

Params
fileId (int)

Create a new user account.

Body

FieldTypeRequiredNotes
namestringyes
emailstringyesValid email address
passwordstringyesStrong password

Update a user's profile information.

Params
userId (int)

Body

FieldTypeRequiredNotes
namestringno

Reset a user's password as an admin.

Params
userId (int)

Body

FieldTypeRequiredNotes
passwordstringnoStrong password

Upload or replace a user's avatar.

Params
userId (int)

Body

FieldTypeRequiredNotes
fileFileyesImage file, multipart/form-data

Force-verify a user identifier (e.g. email) as an admin.

Params
userId (int), identifierId (int)

Delete one or more user accounts.

Body

FieldTypeRequiredNotes
idsnumber[]yesIDs to delete

List roles assigned to a user.

Params
userId (int)

List menu entries accessible to a user.

Params
userId (int)

List routes accessible to a user.

Params
userId (int)

Assign a role to a user.

Params
userId (int), roleId (int)

Remove a role from a user.

Params
userId (int), roleId (int)

MCP Tools

Named tools callable by AI models via the Model Context Protocol (MCP).

  • core.users.me

    Return the current authenticated user's full record

  • core.users.list

    List all users with pagination and search

  • core.users.get

    Get a user by ID

  • core.users.create

    Create a new user

  • core.users.update

    Update an existing user's information

  • core.users.reset-password

    Send a password reset link to a user

  • core.users.delete

    Delete one or more users

  • core.users.roles

    List roles assigned to a user

  • core.users.menus

    List menu entries accessible to a user

  • core.users.routes

    List routes the user is permitted to access

  • core.users.assign-role

    Assign a role to a user

  • core.users.remove-role

    Remove a role from a user

  • core.users.verify-identifier

    Verify a user identity token or identifier