Every person who interacts with Comunidades Vecinos is represented by aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/GuillermoNavarro/Proyecto_comunidades/llms.txt
Use this file to discover all available pages before exploring further.
Usuario record tied to one community. Access to features is controlled by a three-tier role system enforced through Spring Security @PreAuthorize annotations on every endpoint. Roles are stored as a Rol enum value in the database and are also embedded in the JWT token so the frontend can gate UI elements without additional API calls.
The Three Roles
USER
A regular resident (vecino). Can view their own receipts and outstanding balance, read community financial movements, download community documents, and read news posts. Can update their own profile and change their own password.
ADMIN
Community manager — typically the president or treasurer. Has all USER capabilities plus: manage community residents, create and delete fees, view all community receipts and the delinquency report, record financial movements, upload and delete documents, and publish news posts.
SUPER_ADMIN
Platform-level administrator. Has full access across all communities: create/update communities, view all users globally, access all movements, and upload documents to any community using the
idComunidadManual override.Capability Matrix
| Capability | USER | ADMIN | SUPER_ADMIN |
|---|---|---|---|
View own receipts (GET /api/recibos/me) | ✅ | ✅ | — |
| View community movements | ✅ | ✅ | ✅ |
| View movements linked to own account | ✅ | ✅ | — |
| Update own profile | ✅ | ✅ | ✅ |
| Change own password | ✅ | ✅ | ✅ |
| View community documents | ✅ | ✅ | ✅ |
| Read news posts | ✅ | ✅ | — |
| Manage community users | — | ✅ | ✅ |
| Create / delete fees | — | ✅ | ✅ |
| View all community receipts | — | ✅ | — |
| View delinquency report | — | ✅ | — |
| Create financial movements | — | ✅ | ✅ |
| Upload / delete documents | — | ✅ | ✅ |
| Publish / edit / delete news | — | ✅ | — |
| Manage all communities | — | — | ✅ |
| View all users globally | — | — | ✅ |
| View all movements globally | — | — | ✅ |
The Usuario Entity
| Field | Column | Type | Description |
|---|---|---|---|
id | id_usuario | Long (auto) | Primary key |
dni | dni | String | National ID number |
nombre | nombre | String | First name |
apellidos | apellidos | String | Surnames |
puerta | puerta | String | Apartment / door identifier |
telefono | telefono | String | Phone number |
email | email | String | Login username (used as Spring getUsername()) |
password | password | String | BCrypt-hashed password (WRITE_ONLY in JSON) |
rol | rol | Rol enum | USER, ADMIN, or SUPER_ADMIN |
comunidad | id_comunidad (FK) | Comunidad | The community this user belongs to |
coeficiente | coeficiente | Double | Ownership share (%) used for proportional fee calculation |
estado | estado | Boolean | true = active; false = soft-deleted |
cambiarPass | cambiar_pass | Boolean | true forces a password change on first login |
First-Login Password Flow
When an ADMIN creates a new user, the account is created withcambiarPass = true. Until the user changes their password, the getAuthorities() method on the Usuario entity returns ROLE_PRE_AUTH instead of the user’s actual role. This special role is blocked by all business-logic endpoints — the user can only call PATCH /api/usuarios/pass to set a new password.
Admin creates the user
The ADMIN calls
POST /api/usuarios with the new resident’s details. The backend sets cambiarPass = true and assigns a temporary password.User receives credentials
The resident receives their temporary password (typically by email) and logs in for the first time, obtaining a JWT with the
ROLE_PRE_AUTH authority.User changes their password
The user submits their old (temporary) password and chosen new password to
PATCH /api/usuarios/pass. The request body uses the CambioPass DTO with oldPassword and newPassword fields.Key API Endpoints
- Create user
- List community users
- Own profile
- Update own profile
- Admin edit user
- Deactivate user
409 Conflict if a user with the same DNI already exists. The rol field is always set to USER by the service layer regardless of the value provided.Admin Password Reset
An ADMIN can trigger a password reset for any user in their community without knowing the current password:cambiarPass = true so the user is forced through the first-login flow again on their next session.
The coeficiente Field
Each resident’s coeficiente value represents their ownership share of the community as a percentage. This number is used directly by the fee-generation logic: when a new ORDINARIA or EXTRAORDINARIA fee is created, each resident’s receipt amount is calculated as:
null or zero coeficiente are skipped during automatic receipt generation. This typically applies to commercial units or common-area entries that are not billed.