Skip to main content
The Users management page is available at /administration/users-list and is accessible to Admin accounts. It fetches data from GET /api/users, which is publicly accessible but write operations require elevated roles.

Listing users

The list view shows all registered users in a paginated table with a search bar at the top.
ColumnDescription
NameUser’s full name (FirstName + LastName)
EmailRegistered email address
RoleAssigned role: ADMIN, ORGANIZER, or USER
ReportsNumber of reports filed against this user
RatingsNumber of ratings this user has received
StatusWhether the account is active or blocked
DetailsLink to the full user profile
Type a name or email in the search field and click Buscar to filter results. Pagination controls appear below the table when there are more results than fit on one page.

Creating a user

Only admins can create user accounts directly via the API. The Nuevo usuario button on the list page links to /administration/users-list/new. 
POST /api/users
Authorization: Bearer <admin-token>
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "SecurePass1!",
  "role": "USER",
  "firstName": "Jane",
  "lastName": "Doe",
  "location": "San José, CR"
}

User fields

FieldRequiredConstraints
emailYesMust be a valid email address
passwordYesMinimum 8 characters; must include uppercase, lowercase, digit, and special character (@$!%*?&)
roleYesMust be exactly ADMIN, ORGANIZER, or USER
firstNameYesNon-empty string
lastNameYesNon-empty string
locationYesNon-empty string

Editing a user

Admins (and the user themselves) can edit an account via PUT /api/users/{id}. The request body uses the same fields as creation. 
PUT /api/users/{id}
Authorization: Bearer <admin-token>
Content-Type: application/json

{
  "email": "updated@example.com",
  "password": "NewSecurePass1!",
  "role": "ORGANIZER",
  "firstName": "Jane",
  "lastName": "Smith",
  "location": "Heredia, CR"
}

Deleting a user

Admins (and the user themselves) can delete an account via DELETE /api/users/{id}. 
DELETE /api/users/{id}
Authorization: Bearer <admin-token>
Deleting a user is permanent. All data associated with the account — events, attendances, comments, ratings, and reports — may be affected depending on cascade rules configured in the database.

Blocking and unblocking a user

Blocking toggles the IsBlocked flag on an account. A blocked user cannot interact with the platform. This action is exclusive to Admins.
1

Open the users list

Navigate to Administration → Usuarios (/administration/users-list).
2

Locate the target user

Use the search bar to filter by name or email, then find the user in the table.
3

Click the block/unblock action

In the user’s row, click the status action button. The label reflects the current state — blocked users show an option to unblock, and active users show an option to block.
4

Confirm the change

The frontend calls PUT /api/users/block/{id}. The endpoint toggles IsBlocked and returns the updated user record. The table refreshes automatically via handleBlockedChange.
PUT /api/users/block/{id}
Authorization: Bearer <admin-token>
Calling this endpoint on an already-blocked user unblocks them. It is a toggle — there is no separate unblock endpoint.

Build docs developers (and LLMs) love

Get started for freeTalk to us