Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/160906/Yakultt-App/llms.txt

Use this file to discover all available pages before exploring further.

User management in Yakult App is restricted exclusively to accounts with the Master role. Masters can view all registered users, activate or deactivate accounts, promote or demote users between the three available roles, and permanently delete accounts. These operations are accessible both from the in-app Admin screen and directly through the REST API.

Roles overview

Every user in Yakult App belongs to exactly one of three roles. The table below summarises what each role can do:
RoleDescriptionCan manage usersCan access admin panel
MasterFull administrator. Assigned automatically to @upa.edu.mx email addresses or promoted manually.
PromotorSales promoter. Default role for non-institutional email addresses.
RepartidorDelivery driver. Assigned manually by a Master via the role-change endpoint. Never auto-assigned at registration.

API endpoints

All user management endpoints live under /api/auth/ and require a valid Master JWT token in the Authorization header.

List all users

Retrieves every registered account ordered by creation date (newest first). GET /api/auth/usuarios

Example

curl https://your-api/api/auth/usuarios \
  -H "Authorization: Bearer <master-token>"

Response 200 OK

[
  {
    "id": 1,
    "nombre": "Ana García",
    "correo": "ana@upa.edu.mx",
    "rol": "Master",
    "activo": true,
    "creado_en": "2024-06-15T10:30:00.000Z"
  },
  {
    "id": 2,
    "nombre": "Carlos López",
    "correo": "carlos@gmail.com",
    "rol": "Promotor",
    "activo": true,
    "creado_en": "2024-06-16T08:00:00.000Z"
  }
]
FieldTypeDescription
idnumberUnique user identifier.
nombrestringDisplay name.
correostringEmail address (lowercase).
rolstringCurrent role: Master, Promotor, or Repartidor.
activobooleantrue if the account can log in; false if deactivated.
creado_enstringISO 8601 timestamp of account creation.

Activate or deactivate an account

Toggles whether a user can log in. A deactivated user receives a 403 error on login attempts until reactivated. PUT /api/auth/usuarios/:id

Request body

{
  "activo": false
}
FieldTypeDescription
activobooleantrue to enable the account, false to disable it.

Example — deactivate user 2

curl -X PUT https://your-api/api/auth/usuarios/2 \
  -H "Authorization: Bearer <master-token>" \
  -H "Content-Type: application/json" \
  -d '{ "activo": false }'

Example — reactivate user 2

curl -X PUT https://your-api/api/auth/usuarios/2 \
  -H "Authorization: Bearer <master-token>" \
  -H "Content-Type: application/json" \
  -d '{ "activo": true }'

Response 200 OK

{ "ok": true }

Change a user’s role

Updates the role of any user. Only the three canonical role values are accepted; any other value returns a 400 error. PUT /api/auth/usuarios/:id/rol

Request body

{
  "rol": "Repartidor"
}
FieldAccepted values
rol"Master" | "Promotor" | "Repartidor"

Example — promote user 2 to Master

curl -X PUT https://your-api/api/auth/usuarios/2/rol \
  -H "Authorization: Bearer <master-token>" \
  -H "Content-Type: application/json" \
  -d '{ "rol": "Master" }'

Example — assign Repartidor role to user 3

curl -X PUT https://your-api/api/auth/usuarios/3/rol \
  -H "Authorization: Bearer <master-token>" \
  -H "Content-Type: application/json" \
  -d '{ "rol": "Repartidor" }'

Response 200 OK

{ "ok": true }

Error — invalid role value

{
  "error": "Rol inválido."
}

Delete a user

Permanently removes the account from the database. DELETE /api/auth/usuarios/:id
Deleting a user is permanent and irreversible. There is no soft-delete or recovery mechanism. Prefer deactivating an account (activo: false) if you only need to revoke login access.

Example — delete user 5

curl -X DELETE https://your-api/api/auth/usuarios/5 \
  -H "Authorization: Bearer <master-token>"

Response 200 OK

{ "ok": true }

Admin screen (mobile app)

The Admin screen in the Yakult App mobile interface gives Master users a visual dashboard to manage all accounts without needing direct API access.
1

Open the Admin panel

Tap the Admin option in the navigation menu. This option is only visible to users with the Master role.
2

Review the user list

All registered accounts are displayed in a scrollable table. Each row shows the user’s name, email, and a colour-coded role badge (Master, Promotor, or Repartidor).
3

Activate or deactivate an account

Tap the toggle button on any row to flip the account’s active status. Deactivated accounts are visually dimmed. The change takes effect immediately.
4

Change a user's role

Use the compact role selector on each row. Roles are shown as single-letter initials — M (Master), P (Promotor), R (Repartidor) — to keep the table readable on small screens. Selecting a new initial sends the role-change request automatically.
5

Delete an account

Tap the delete button (trash icon) on a row to remove the account. A confirmation dialog appears before the deletion is sent to the server.

Constraints and safeguards

The following rules are enforced by the application to prevent accidental lock-outs:

Deletion is permanent

There is no recycle bin or undo for deleted users. Always deactivate first, wait for any dispute period, then delete only when certain.

Role values are strict

The API rejects any role value outside of Master, Promotor, and Repartidor with a 400 Bad Request response and the message "Rol inválido.".

Repartidor is manually assigned

The Repartidor role is never auto-assigned at registration. It must be explicitly set by a Master user via PUT /api/auth/usuarios/:id/rol.

Deactivated accounts cannot log in

A deactivated user receives a 403 response on every login attempt until a Master reactivates their account.

Build docs developers (and LLMs) love