Users API

Overview

The Users API manages user accounts for the C.A.R. 911 system. It handles user creation, updates, role assignments, profile management, and theme preferences. The system uses Spatie Permission package for role-based access control.

Endpoints

List Users

Retrieve a paginated list of users.

GET /usuarios

page

integer

default:"1"

Page number (100 items per page)

Response

usuarios

array

Array of user objects

Show User Object

integer

User ID

name

string

required

User first name

apellido

string

required

User last name

string

required

LP number (unique identifier for police personnel)

dni

string

required

National ID number (DNI)

string

required

Email address (must be unique)

photo

string

Profile photo path

theme

string

User theme preference: light or dark

created_at

datetime

Account creation timestamp

updated_at

datetime

Last update timestamp

roles

array

Assigned roles

Example Request

curl -X GET "https://your-domain.com/usuarios?page=1" \
  -H "Cookie: your-session-cookie"

Create User

Create a new user account with role assignment.

POST /usuarios

Request Body

name

string

required

User first name

apellido

string

required

User last name

string

required

LP number (must be unique)

dni

string

required

National ID number

string

required

Email address (must be unique and valid)

password

string

required

User password

confirm-password

string

required

Password confirmation (must match password)

roles

string

required

Role name to assign (from available roles)

Example Request

curl -X POST "https://your-domain.com/usuarios" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Cookie: your-session-cookie" \
  -d "name=Juan" \
  -d "apellido=Pérez" \
  -d "lp=LP12345" \
  -d "dni=35123456" \
  -d "[email protected]" \
  -d "password=SecurePassword123" \
  -d "confirm-password=SecurePassword123" \
  -d "roles=Operador"

Response Redirects to /usuarios on success. Error Responses

error

string

“Ya se encuentra un usuario con el mismo LP” - User with this LP already exists

Validation Rules

Email must be unique and valid format
Password and confirm-password must match
LP must be unique
All required fields must be provided

Show User

GET /usuarios/{id}

integer

required

User ID

Edit User

Get user details for editing.

GET /usuarios/{id}/edit

integer

required

User ID

Response Returns view with user data, available roles, and current user roles.

Update User

Update an existing user account.

PUT /usuarios/{id}

integer

required

User ID to update

Request Body

name

string

required

User first name

apellido

string

required

User last name

string

required

LP number

dni

string

required

National ID

string

required

Email address (unique, excluding current user)

password

string

New password (optional, leave empty to keep current)

confirm-password

string

Password confirmation (required if password provided)

roles

string

required

Role name to assign

Example Request

curl -X PUT "https://your-domain.com/usuarios/123" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Cookie: your-session-cookie" \
  -d "name=Juan" \
  -d "apellido=Pérez" \
  -d "lp=LP12345" \
  -d "dni=35123456" \
  -d "[email protected]" \
  -d "roles=Administrador"

Response Redirects to /usuarios on success. Note: When updating, if password is empty, the current password is preserved.

Delete User

Delete a user account.

DELETE /usuarios/{id}

integer

required

User ID to delete

Response Redirects to /usuarios on success.

Profile Management

Update Profile

Update user profile information and photo.

POST /profile/update

Request Body

user_id

integer

required

User ID to update

name

string

required

User name (max 255 characters)

string

required

Email address (must be unique excluding current user)

photo

file

Profile photo (jpeg, png, jpg, gif, max 2MB)

Example Request

curl -X POST "https://your-domain.com/profile/update" \
  -H "Cookie: your-session-cookie" \
  -F "user_id=123" \
  -F "name=Juan Pérez" \
  -F "[email protected]" \
  -F "[email protected]"

Response

{
  "success": true,
  "message": "Perfil actualizado correctamente",
  "photo_url": "https://your-domain.com/uploads/profiles/profile_123_1234567890.jpg"
}

Notes

If a new photo is uploaded, the previous photo is deleted
Photos are stored in public/uploads/profiles/
Filename format: profile_{user_id}_{timestamp}.{extension}

Update Theme

Update user theme preference (light/dark mode).

POST /profile/update-theme

Request Body

theme

string

required

Theme preference: light or dark

Example Request

curl -X POST "https://your-domain.com/profile/update-theme" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Cookie: your-session-cookie" \
  -d "theme=dark"

Response

{
  "success": true,
  "message": "Tema actualizado correctamente",
  "theme": "dark"
}

Authentication

GET /

Returns the login view.

Authentication Routes

The system uses Laravel’s built-in authentication:

Auth::routes();

This provides:

POST /login - Authenticate user
POST /logout - Log out user
GET /password/reset - Password reset form
POST /password/email - Send password reset email
POST /password/reset - Reset password

User Roles & Permissions

The system uses Spatie Laravel Permission package. Users can have one or more roles, and roles have associated permissions.

Common Permissions

Equipment: ver-equipo, crear-equipo, editar-equipo, borrar-equipo
Fleet: ver-flota, crear-flota, editar-flota, borrar-flota
Cameras: ver-camara, crear-camara, editar-camara, borrar-camara
Bodycams: ver-bodycam, crear-bodycam, editar-bodycam, borrar-bodycam
Dependencies: ver-dependencia, crear-dependencia, editar-dependencia, borrar-dependencia
Users: ver-usuario, crear-usuario, editar-usuario, borrar-usuario
Roles: ver-rol, crear-rol, editar-rol, borrar-rol

Check User Role

$user->hasRole('Administrador')
$user->hasPermissionTo('crear-equipo')

Error Codes

400

error

Bad Request - Validation error or missing required fields

401

error

Unauthorized - Authentication required

403

error

Forbidden - Insufficient permissions

404

error

Not Found - User not found

422

error

Unprocessable Entity - Duplicate email/LP or validation failure

Models

User Model

Represents a system user. Traits

HasApiTokens - Laravel Sanctum API tokens
HasFactory - Factory support
Notifiable - Notification support
HasRoles - Spatie role management

Hidden Attributes

password - Never returned in responses
remember_token - Session token

Relationships

auditoria - HasMany Auditoria (audit trail)
roles - BelongsToMany Role (via Spatie)
permissions - BelongsToMany Permission (via Spatie)

Methods

getRoleColor($roleName) - Get color associated with role

Source Code Reference Controller: app/Http/Controllers/UsuarioController.php:1-216 Model: app/Models/User.php:1-63

Overview

Resources

CECOCO APIs

Overview

Endpoints

List Users

Create User

Show User

Edit User

Update User

Delete User

Profile Management

Update Profile

Update Theme

Authentication

Authentication Routes

User Roles & Permissions

Common Permissions

Check User Role

Error Codes

Models

User Model

Build docs developers (and LLMs) love

Overview

Resources

CECOCO APIs

​Overview

​Endpoints

​List Users

​Create User

​Show User

​Edit User

​Update User

​Delete User

​Profile Management

​Update Profile

​Update Theme

​Authentication

​Login

​Authentication Routes

​User Roles & Permissions

​Common Permissions

​Check User Role

​Error Codes

​Models

​User Model

Build docs developers (and LLMs) love

Overview

Endpoints

List Users

Create User

Show User

Edit User

Update User

Delete User

Profile Management

Update Profile

Update Theme

Authentication

Login

Authentication Routes

User Roles & Permissions

Common Permissions

Check User Role

Error Codes

Models

User Model