Skip to main content

Overview

jshERP provides comprehensive user management capabilities including account creation, authentication, role assignment, and profile management. All users are scoped to a specific tenant and inherit that tenant’s permissions and limitations.
Users can only be created by administrators and are automatically associated with the current tenant. Each tenant’s user count is limited by their subscription.

User Account Structure

Each user account contains:
id
Long
Unique user identifier
username
String
required
Display name for the user
loginName
String
required
Username for authentication (must be unique)
password
String
required
Encrypted password (MD5 hashed)
email
String
User email address
phonenum
String
Contact phone number
position
String
Job position/title
department
String
Department or division
leaderFlag
String
Whether user has leadership permissions
ismanager
Byte
Manager status flag
isystem
Byte
System administrator flag
status
Byte
Account status: 0 (enabled) or 1 (disabled)
tenantId
Long
required
Associated tenant ID
weixinOpenId
String
WeChat OpenID for WeChat login integration
description
String
User description or notes
Reference: User.java:1-173

Creating Users

1

Check Tenant Limits

Before creating a user, verify the tenant hasn’t reached their user limit.
Long currentCount = userService.countUser(null, null);
if (currentCount >= tenant.getUserNumLimit()) {
    throw new BusinessParamCheckingException(
        "USER_OVER_LIMIT",
        "Cannot create user: tenant limit exceeded"
    );
}
Reference: UserController.java:320-325
2

Prepare User Data

Collect required user information including login credentials and profile details.
3

Create User Account

Submit the user creation request:
POST /user/addUser
Request Body:
{
  "username": "John Doe",
  "loginName": "johndoe",
  "password": "hashedPassword",
  "email": "[email protected]",
  "phonenum": "+1234567890",
  "position": "Sales Manager",
  "department": "Sales",
  "orgaId": 1,
  "roleId": [2, 3]
}
Reference: UserController.java:313-331
4

Assign Roles

Users can be assigned to multiple roles during creation. The role assignments control their permissions.

Authentication

Standard Login

jshERP uses a session-based authentication system with CAPTCHA verification.
1

Get Verification Code

Request a CAPTCHA image:
GET /user/randomImage
Response:
{
  "code": 200,
  "data": {
    "uuid": "abc123...",
    "base64": "data:image/png;base64,..."
  }
}
Reference: UserController.java:511-532
2

Submit Login Credentials

Post login credentials with CAPTCHA:
POST /user/login
Request Body:
{
  "loginName": "username",
  "password": "hashedPassword",
  "code": "1234",
  "uuid": "abc123..."
}
Reference: UserController.java:135-152
3

Session Management

On successful login, the system creates a Redis-backed session with:
  • User ID
  • Client IP address
  • Session expiration
The system automatically logs out users if their tenant has expired. Check expireTime during authentication.

WeChat Login Integration

jshERP supports WeChat authentication for mobile users:

Bind WeChat Account

POST /user/weixinBind
Request Body: 
{
  "loginName": "username",
  "password": "hashedPassword",
  "weixinCode": "wx_openid_123"
}
Reference: UserController.java:179-193

WeChat Login

POST /user/weixinLogin
Request Body: 
{
  "weixinCode": "wx_openid_123"
}
Reference: UserController.java:154-177

User Management Operations

Get User Information

GET /user/info?id={userId}
Returns detailed user profile information. Reference: UserController.java:65-77

List Users

GET /user/list?search={searchParams}
Search parameters:
  • userName: Filter by display name
  • loginName: Filter by login name
Reference: UserController.java:79-87

Update User

PUT /user/updateUser
Request Body: 
{
  "id": 123,
  "username": "John Doe Updated",
  "email": "[email protected]",
  "phonenum": "+1234567890",
  "position": "Senior Sales Manager",
  "roleId": [2, 3, 4],
  "orgaId": 1
}
Reference: UserController.java:341-349

Delete Users

Deleting users performs a soft delete, preserving audit trails.
DELETE /user/delete?id={userId}
DELETE /user/deleteBatch?ids={id1,id2,id3}
Reference: UserController.java:105-119

Password Management

Change Password

Users can update their own password: 
PUT /user/updatePwd
Request Body: 
{
  "userId": 123,
  "oldpassword": "oldHashedPassword",
  "password": "newHashedPassword"
}
The system validates the old password before allowing the change.
Reference: UserController.java:245-277

Reset Password (Admin Only)

Administrators can reset user passwords: 
POST /user/resetPwd
Request Body: 
{
  "id": 123,
  "password": "newHashedPassword"
}
Reference: UserController.java:230-243

User Status Management

Enable/Disable Users

Batch enable or disable user accounts: 
POST /user/batchSetStatus
Request Body: 
{
  "status": 0,
  "ids": "1,2,3"
}
  • Status 0: Enabled
  • Status 1: Disabled
Reference: UserController.java:540-553

Organization Integration

Get Organization User Tree

Retrieve the hierarchical organization structure with users: 
GET /user/getOrganizationUserTree
Returns a tree structure showing organizational hierarchy with associated users. Reference: UserController.java:374-387

User Registration

jshERP supports self-service user registration:
1

Get CAPTCHA

Request verification code (same as login flow).
2

Submit Registration

POST /user/registerUser
Request Body:
{
  "loginName": "newuser",
  "username": "newuser",
  "password": "hashedPassword",
  "code": "1234",
  "uuid": "abc123..."
}
3

Auto-Assignment

New users are automatically assigned to the default manager role (configurable via manage.roleId).
Reference: UserController.java:357-367

Session Management

Get Current User Session

GET /user/getUserSession
Returns the currently authenticated user’s information. Reference: UserController.java:195-213

Logout

GET /user/logout
Clears the user’s session from Redis. Reference: UserController.java:215-228

User Business Permissions

Users can be assigned specific business entities (customers, warehouses, etc.) through the UserBusiness relationship: 
GET /user/getUserWithChecked?UBType={type}&UBValue={value}
Returns users with checkmarks indicating which ones have access to specific business resources. Reference: UserController.java:465-504

Tenant Information

Get User Count and Tenant Info

GET /user/infoWithTenant
Response: 
{
  "type": "1",
  "expireTime": "2025-12-31",
  "userCurrentNum": 25,
  "userNumLimit": 50,
  "tenantId": 123
}
This endpoint provides:
  • Current user count
  • User limit for the tenant
  • Tenant type and expiration
Reference: UserController.java:560-589

Button Permissions

Users inherit button-level permissions from their roles: 
GET /user/getUserBtnByCurrentUser
Returns an array of button permissions for the current user. The admin user has access to all buttons. Reference: UserController.java:438-456

Validation

Check Login Name Uniqueness

GET /user/checkIsNameExist?id={id}&name={loginName}
Validates whether a login name is already in use. Reference: UserController.java:121-133

Best Practices

Security Recommendations:
  • Always hash passwords before transmission
  • Enable CAPTCHA for login attempts
  • Monitor failed login attempts
  • Regularly audit user permissions
  • Set strong password policies
Important Limitations:
  • Users cannot exceed tenant limits
  • Expired tenants prevent all user access
  • Soft-deleted users retain audit history
  • The admin user has unrestricted access

Build docs developers (and LLMs) love

Get started for freeTalk to us