Skip to main content
Administrators have the ability to view and manage all users on the Duit platform, including monitoring their access patterns and managing their roles.

User Management Overview

The admin user management page is accessible via GET /admin/users (AdminController.java:17), which displays the user management interface.

View All Users

Access comprehensive lists of all registered users with their details and status.

Monitor Access Logs

Track user login activity, including timestamps, IP addresses, and success status.

Manage User Roles

Assign and modify user roles to control platform permissions.

User Status Control

Activate or deactivate user accounts as needed.

User Entity Structure

The AppUser entity (AppUser.java:22) contains comprehensive user information:
FieldTypeValidationDescription
idLongAuto-generatedUnique user identifier
firstNameStringRequired, 2-100 charsUser’s first name
lastNameStringRequired, max 150 charsUser’s last name
dniStringPattern: 8 digits + letterSpanish ID number
usernameStringRequired, valid email, uniqueUser’s email address
phoneStringPattern: 9-15 digitsContact phone number
activeBooleanRequired, default: trueAccount status
registeredAtLocalDateTimeAuto-setRegistration timestamp
lastLoginAtLocalDateTimeAuto-updatedLast login timestamp
roleUserRoleRequiredUser’s assigned role

Key User Methods

// Get user's full display name
public String getFullName() {
    return lastName != null ? firstName + " " + lastName : firstName;
}

// Check if user is a professional
public boolean isProfessional() {
    return professionalProfile != null;
}

// Check if user has admin privileges
public boolean isAdmin() {
    return role != null && role.isAdmin();
}
Reference: AppUser.java:108-126

User Roles

The UserRole entity (UserRole.java:20) defines the available user roles in the system.

Available Role Types

The RoleName enum (UserRole.java:22) defines four role types: 
public enum RoleName {
    ADMIN,        // Full system access
    USER,         // Standard client access
    PROFESSIONAL, // Service provider access
    MODERATOR     // Limited admin access
}

Role Entity Fields

FieldTypeDescription
idLongUnique role identifier
nameRoleNameRole type enum value
descriptionStringRole description (max 100 chars)
activeBooleanWhether role is active

Role Helper Methods

// Check if role is admin
public boolean isAdmin() {
    return RoleName.ADMIN.equals(name);
}

// Check if role is professional
public boolean isProfessional() {
    return RoleName.PROFESSIONAL.equals(name);
}

// Get count of users with this role
public int getUsersCount() {
    return users != null ? users.size() : 0;
}
Reference: UserRole.java:52-62

Access Logging

The AccessLog entity (AccessLog.java:18) tracks all user login attempts for security monitoring.

AccessLog Structure

FieldTypeDescription
idLongUnique log identifier
accessedAtLocalDateTimeWhen the access attempt occurred
sourceIpStringIP address of the request (max 45 chars)
successbooleanWhether login was successful
userAppUserReference to the user account

Automatic Timestamp Creation

The access timestamp is automatically set when a log entry is created: 
@PrePersist
protected void onCreate() {
    if (accessedAt == null) {
        accessedAt = LocalDateTime.now();
    }
}
Reference: AccessLog.java:43-48

Database Indexing

Access logs are indexed for efficient querying: 
@Table(name = "access_log", indexes = {
    @Index(name = "idx_access_log_user", columnList = "id_user"),
    @Index(name = "idx_access_log_accessed_at", columnList = "accessed_at")
})
This enables fast lookups by user or by date range for security analysis.

User Oversight Features

Access comprehensive user information including:
  • Full name and contact details
  • Registration date and last login
  • Assigned role and permissions
  • Active/inactive status
  • Professional profile (if applicable)
Track user access patterns through AccessLog entries:
  • Login timestamps
  • Source IP addresses
  • Success/failure status
  • Historical login patterns
Control user account status:
  • Activate or deactivate accounts
  • Prevent access without deleting accounts
  • Preserve user data for historical records
Assign appropriate roles to users:
  • ADMIN: Full platform management
  • PROFESSIONAL: Service provider capabilities
  • USER: Standard client access
  • MODERATOR: Limited administrative access

Security Considerations

Access logs contain sensitive information including IP addresses. Ensure compliance with data protection regulations (GDPR, etc.) when storing and processing this data.
The password field in AppUser is excluded from toString and equals operations (AppUser.java:51-53) to prevent accidental password exposure in logs.

Best Practices

1

Regular Access Review

Periodically review access logs to identify suspicious login patterns or unauthorized access attempts.
2

Role Management

Assign the minimum necessary role to each user. Only grant ADMIN or MODERATOR roles to trusted personnel.
3

Account Deactivation

When users no longer need access, deactivate their accounts rather than deleting them to maintain audit trails.
4

Monitor Failed Logins

Pay special attention to multiple failed login attempts from the same IP or for the same user account.

Build docs developers (and LLMs) love

Get started for freeTalk to us