Overview
Beils Dashboard provides comprehensive user management capabilities for beauty center staff and administrators. You can create, update, and manage user accounts with different permission levels.User management is restricted to administrators (ADMIN role) only. Regular users cannot access these features.
User Roles
The system supports two primary roles defined in the database schema:ADMIN
Full system access with permissions to:
- Manage all users
- Configure system settings
- Access all modules and features
- View and manage all data
USER
Standard staff access with permissions to:
- Manage clients and appointments
- Process sales and checkouts
- Create and edit catalog items
- View assigned data
User Status
Each user account has a status that controls access:- ON - User is active and can log into the system
- OFF - User is inactive and cannot authenticate
Accessing User Management
Navigate to the Users section from the main navigation menu. This page displays all system users with their key information.User List View
The user management interface provides:- Search and filtering - Find users by name, email, or role
- Status indicators - Visual badges showing active/inactive status
- Quick actions - Edit, delete, or toggle user status
- Pagination - Navigate through large user lists (10 users per page)
Creating Users
To add a new user to the system:Enter Basic Information
Provide required fields:
- Full name and surname
- Email address (must be unique)
- Phone number
- Password (default:
123456if not specified)
Assign Role and Status
Select the appropriate role:
- ADMIN for administrators
- USER for standard staff (default)
Add Personal Details
Complete optional fields:
- Address, city, country, postal code
- Gender and birth date
- Document type (DNI, PASSPORT, NIE)
- Document number
API Endpoint
Editing Users
To update an existing user account:- Click the Edit icon next to the user in the list
- Modify any fields in the user form
- Update the password if needed (automatically hashed with bcrypt)
- Click Update to save changes
Password changes take effect immediately. The user must use the new password for their next login.
API Endpoint
Toggling User Status
Quickly activate or deactivate users without opening the edit form:- Locate the user in the list
- Click the Status Toggle button
- Confirm the action if prompted
Deleting Users
To remove a user from the system:- Click the Delete icon next to the user
- Confirm the deletion in the modal dialog
- The user and associated data are permanently removed
API Endpoint
User Authentication
Users authenticate using their email and password:Login Process
- User enters email and password at
/login - System validates credentials using bcrypt password comparison
- Checks if user status is ON
- Generates JWT token containing:
- User ID
- Email address
- Role (ADMIN or USER)
- Returns user data (excluding password) and authentication token
Session Management
Authentication tokens:- Valid for 24 hours by default
- Stored in HTTP-only cookie (
auth_token) - Can be sent via Authorization header:
Bearer <token> - Automatically validated by server middleware on protected routes
User Data Model
Each user record contains:| Field | Type | Description |
|---|---|---|
user_id | UUID | Unique user identifier |
email | String | Unique email address (max 50 chars) |
password | String | Bcrypt hashed password |
name | String | First name (max 50 chars) |
surname | String | Last name (max 50 chars) |
phone | String | Contact phone number |
address | String | Street address |
city | String | City name |
country | String | Country name |
postal_code | String | Postal/ZIP code |
gender | String | Gender identifier |
birth_date | Date | Date of birth |
role | Enum | ADMIN or USER |
status | Enum | ON or OFF |
avatar | String | Avatar URL (auto-generated if not provided) |
document_type | Enum | DNI, PASSPORT, or NIE |
document_number | String | ID document number |
refresh_token | String | OAuth refresh token (nullable) |
created_at | DateTime | Account creation timestamp |
updated_at | DateTime | Last update timestamp |
Filtering and Search
The user management interface supports advanced filtering:Available Filters
- Search Query - Search by name, email, or role
- Role Filter - Show only ADMIN or USER accounts
- Status Filter - Display active (ON) or inactive (OFF) users
- Document Type - Filter by DNI, PASSPORT, or NIE
Avatar Generation
If no avatar is provided during user creation, the system automatically generates one using the UI Avatars service:Security Considerations
- Strong Passwords - Enforce password complexity requirements
- Regular Audits - Review user accounts periodically and deactivate unused accounts
- Least Privilege - Assign USER role by default; only promote to ADMIN when necessary
- Secure Storage - All passwords are hashed with bcrypt (10 rounds)
- Token Security - JWT tokens contain minimal user data (ID, email, role)
- HTTPS Only - Always use HTTPS in production for secure cookie transmission
Best Practices
- Unique Emails - Each user must have a unique email address
- Document Verification - Collect and verify document information for compliance
- Regular Updates - Keep user contact information current
- Status Management - Use OFF status instead of deletion when possible
- Role Assignment - Carefully control who receives ADMIN privileges
Related Resources
Roles & Permissions
Learn about role-based access control
User API Reference
View API endpoints for user management
Configuration
Configure authentication and security settings
Data Management
Backup and export user data