Skip to main content
The User Management system allows administrators to control user accounts, manage AI permissions, and maintain platform security.

User Roles

The platform supports two user roles:

Admin

Full platform access including:
  • User management
  • Platform settings
  • All scheduled messages
  • Unlimited AI usage
  • Cannot be deleted by other admins

User

Standard user with access to:
  • Personal webhooks
  • Templates and scheduled messages
  • Collaboration features
  • Optional AI access (if enabled)

Viewing Users

The admin dashboard displays the 10 most recent users with the following information:
  • Name: User’s display name
  • Email: User’s email address
  • Role: admin or user
  • AI Access: Whether the user can use AI features
  • Registration Date: When the user joined
// From web.php:114
$recentUsers = \App\Models\User::latest()->limit(10)->get();

Managing AI Permissions

AI permissions control whether users can access the AI content generation features available in the message editor.

Toggling AI Access

Administrators can enable or disable AI access for individual users:
1

Navigate to User List

Access the admin dashboard at /admin
2

Find Target User

Locate the user in the recent users list
3

Toggle AI Access

Click the toggle button to enable/disable AI access

API Endpoint

The toggle action uses the following route: 
// From web.php:177
Route::post('admin/users/{user}/toggle-ai', 
    [\App\Http\Controllers\AiController::class, 'toggleAccess']
)->name('admin.users.toggle-ai');

Implementation Details

The toggleAccess method in AiController.php:67-82: 
public function toggleAccess(\App\Models\User $user)
{
    if (!auth()->user()->isAdmin()) {
        abort(403);
    }

    if ($user->isAdmin()) {
        return redirect()->back()->with('error', 
            'No se puede cambiar el acceso de un administrador.');
    }

    $user->update([
        'can_use_ai' => !$user->can_use_ai
    ]);

    return redirect()->back()->with('success', 
        'Acceso a IA actualizado para el usuario.');
}
Admin Protection: You cannot modify AI access for other admin users. Admins always have unlimited AI access.

AI Usage Limits

For users with AI access enabled, you can configure daily usage limits:
  • Daily Limit: Set in platform settings (default: 5 requests per day)
  • Usage Tracking: Stored in the ai_usages table
  • Admin Exemption: Admins have unlimited AI usage

How Limits Work

From AiController.php:26-38: 
if (!$user->isAdmin()) {
    $dailyLimit = \App\Models\Setting::get('ai_daily_limit', 5);
    $usageCount = \App\Models\AiUsage::where('user_id', $user->id)
        ->whereDate('created_at', now()->today())
        ->count();

    if ($usageCount >= $dailyLimit) {
        return response()->json([
            'success' => false,
            'message' => 'Has alcanzado el límite diario de uso de la IA'
        ], 429);
    }
}
Usage limits reset daily at midnight UTC. You can adjust the daily limit in Platform Settings.

Deleting Users

Administrators can delete user accounts with the following restrictions:
Deletion Restrictions:
  • You cannot delete your own account
  • You cannot delete other admin accounts
  • User deletion is permanent and cascades to related data

Deletion Process

1

Identify User

Select the user account to delete from the dashboard
2

Confirm Action

Confirm the deletion action (this is irreversible)
3

Cascade Delete

User and all related data (webhooks, templates, messages) are removed

Deletion Endpoint

From web.php:163-175: 
Route::delete('admin/users/{user}', function (\App\Models\User $user) {
    if ($user->id === auth()->id()) {
        return redirect()->back()->with('error', 
            'You cannot delete your own account.');
    }

    if ($user->role === 'admin') {
        return redirect()->back()->with('error', 
            'You cannot delete another admin account.');
    }

    $user->delete();

    return redirect()->back()->with('success', 
        'User deleted successfully.');
})->name('admin.users.destroy');

User Database Structure

Users are stored with the following key attributes from User.php:22-28: 
protected $fillable = [
    'name',
    'email',
    'password',
    'role',           // 'admin' or 'user'
    'can_use_ai',     // boolean
];

User Relationships

Each user has the following relationships:
  • webhooks: Webhooks owned by the user
  • collaboratedWebhooks: Webhooks shared with the user
  • templates: Templates created by the user
  • sharedTemplates: Templates shared with the user
  • scheduledMessages: Scheduled messages created by the user
  • sentMessages: Message history

Permission Levels

When users collaborate on resources, they can have different permission levels:

Admin

  • Full management access
  • Can invite others
  • Can modify permissions
  • Can delete resource

Editor

  • Can edit resource
  • Can send messages
  • Cannot manage collaborators
  • Cannot delete resource

Viewer

  • Read-only access
  • View history
  • Cannot edit or send
  • Cannot manage collaborators
Resource permission levels are separate from user roles. A standard user can have admin permissions on specific webhooks or templates they own.

Best Practices

1

Regular Audits

Periodically review user accounts and AI access permissions
2

AI Limits

Set appropriate daily AI limits based on your API costs and user needs
3

Admin Accounts

Keep the number of admin accounts to a minimum for security
4

User Monitoring

Monitor user activity through scheduled messages and webhook usage

Dashboard

Return to admin dashboard overview

AI Settings

Configure AI providers and limits

Scheduled Messages

View user activity and scheduled messages

Build docs developers (and LLMs) love

Get started for freeTalk to us