The Library Management System provides user management capabilities at two levels: users can manage their own profiles, and administrators can manage all user accounts in the system.
View your profile
You can view your private profile information including your account details.
curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
http://localhost:8080/api/users/me
{
"success": true,
"message": null,
"data": {
"id": 1,
"email": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"roles": ["USER"],
"createdAt": "2024-01-15T10:30:00Z"
}
}
Your private profile includes sensitive information like your email address. Other users can only see your public profile.
Edit your profile
You can update your account information at any time.
Prepare updated information
Decide which fields you want to update. You can change your first name, last name, or password.
Send update request
Make a PUT request to /api/users/me:curl -X PUT http://localhost:8080/api/users/me \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"firstName": "John",
"lastName": "Smith",
"password": "NewSecurePass123!"
}'
If you don’t want to change your password, omit the password field from the request.
Review confirmation
The system returns your updated profile:{
"success": true,
"message": null,
"data": {
"id": 1,
"email": "[email protected]",
"firstName": "John",
"lastName": "Smith",
"updatedAt": "2024-01-20T14:25:00Z"
}
}
Profile update requirements
- First name: 2-50 characters, letters and common name characters only
- Last name: 2-50 characters, letters and common name characters only
- Password: Minimum 8 characters (optional in update requests)
View public profiles
You can view the public profile of any user in the system using their user ID.
curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
http://localhost:8080/api/users/2
{
"success": true,
"message": null,
"data": {
"id": 2,
"firstName": "Jane",
"lastName": "Williams",
"joinedAt": "2024-01-10T09:00:00Z"
}
}
Public profiles show limited information and don’t include sensitive data like email addresses.
Administrator functions
The following operations require administrator privileges. Ensure you’re authenticated with an admin account.
View all users
Administrators can browse all user accounts with pagination support.
curl -H "Authorization: Bearer YOUR_ADMIN_ACCESS_TOKEN" \
http://localhost:8080/api/management/users?page=0&size=20&sort=id
{
"success": true,
"message": null,
"data": {
"content": [
{
"id": 1,
"email": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"roles": ["USER"],
"createdAt": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"email": "[email protected]",
"firstName": "Jane",
"lastName": "Williams",
"roles": ["USER", "ADMIN"],
"createdAt": "2024-01-10T09:00:00Z"
}
],
"pageable": {
"pageNumber": 0,
"pageSize": 20
},
"totalElements": 45,
"totalPages": 3
}
}
By default, the user list returns 20 users per page sorted by ID. Customize pagination using the page, size, and sort query parameters.
Create a user account
Administrators can create new user accounts and assign roles.
Prepare account details
Gather the required user information including email, password, name, and roles.When creating a user as an administrator, you can assign multiple roles including USER and ADMIN.
Send create request
Make a POST request to /api/management/users:curl -X POST http://localhost:8080/api/management/users \
-H "Authorization: Bearer YOUR_ADMIN_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "SecurePass123!",
"firstName": "Alice",
"lastName": "Johnson",
"roles": ["USER"]
}'
Review new user
The system returns the newly created user account:{
"success": true,
"message": null,
"data": {
"id": 3,
"email": "[email protected]",
"firstName": "Alice",
"lastName": "Johnson",
"roles": ["USER"],
"createdAt": "2024-01-21T11:15:00Z"
}
}
View user details
Administrators can view detailed information about any user account.
curl -H "Authorization: Bearer YOUR_ADMIN_ACCESS_TOKEN" \
http://localhost:8080/api/management/users/3
Update a user account
Administrators can modify user accounts including changing roles and personal information.
curl -X PUT http://localhost:8080/api/management/users/3 \
-H "Authorization: Bearer YOUR_ADMIN_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"firstName": "Alice",
"lastName": "Johnson-Smith",
"roles": ["USER", "ADMIN"]
}'
{
"success": true,
"message": null,
"data": {
"id": 3,
"email": "[email protected]",
"firstName": "Alice",
"lastName": "Johnson-Smith",
"roles": ["USER", "ADMIN"],
"updatedAt": "2024-01-21T15:30:00Z"
}
}
Administrator updates allow changing roles, which regular users cannot do for themselves.
Delete a user account
Administrators can remove user accounts from the system.
Identify user to delete
Ensure you have the correct user ID for the account you want to remove.Deleting a user account is permanent and cannot be undone. All associated data may be affected.
Send delete request
Make a DELETE request to /api/management/users/{id}:curl -X DELETE http://localhost:8080/api/management/users/3 \
-H "Authorization: Bearer YOUR_ADMIN_ACCESS_TOKEN"
Confirmation
The system confirms the deletion:{
"success": true,
"message": null,
"data": null
}
User roles
The system supports role-based access control with the following roles:
- USER: Standard user role with access to basic features like browsing books, viewing profiles, and managing their own profile
- ADMIN: Administrator role with full access to management functions including user management, book catalog management, and system configuration
Users can have multiple roles. For example, a user can be both USER and ADMIN, which gives them both standard and administrative privileges.
Common user management errors
You may encounter these errors when managing users:
- User not found: The specified user ID doesn’t exist in the database
- Email already exists: This email is already registered with another account
- Invalid email format: The email address format is incorrect
- Unauthorized: You don’t have permission to perform this operation
- Cannot delete yourself: Administrators cannot delete their own account
- At least one role required: Every user must have at least one role assigned