Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/GuillermoNavarro/Proyecto_comunidades/llms.txt

Use this file to discover all available pages before exploring further.

Every person who interacts with Comunidades Vecinos is represented by a Usuario record tied to one community. Access to features is controlled by a three-tier role system enforced through Spring Security @PreAuthorize annotations on every endpoint. Roles are stored as a Rol enum value in the database and are also embedded in the JWT token so the frontend can gate UI elements without additional API calls.

The Three Roles

USER

A regular resident (vecino). Can view their own receipts and outstanding balance, read community financial movements, download community documents, and read news posts. Can update their own profile and change their own password.

ADMIN

Community manager — typically the president or treasurer. Has all USER capabilities plus: manage community residents, create and delete fees, view all community receipts and the delinquency report, record financial movements, upload and delete documents, and publish news posts.

SUPER_ADMIN

Platform-level administrator. Has full access across all communities: create/update communities, view all users globally, access all movements, and upload documents to any community using the idComunidadManual override.

Capability Matrix

CapabilityUSERADMINSUPER_ADMIN
View own receipts (GET /api/recibos/me)
View community movements
View movements linked to own account
Update own profile
Change own password
View community documents
Read news posts
Manage community users
Create / delete fees
View all community receipts
View delinquency report
Create financial movements
Upload / delete documents
Publish / edit / delete news
Manage all communities
View all users globally
View all movements globally

The Usuario Entity

FieldColumnTypeDescription
idid_usuarioLong (auto)Primary key
dnidniStringNational ID number
nombrenombreStringFirst name
apellidosapellidosStringSurnames
puertapuertaStringApartment / door identifier
telefonotelefonoStringPhone number
emailemailStringLogin username (used as Spring getUsername())
passwordpasswordStringBCrypt-hashed password (WRITE_ONLY in JSON)
rolrolRol enumUSER, ADMIN, or SUPER_ADMIN
comunidadid_comunidad (FK)ComunidadThe community this user belongs to
coeficientecoeficienteDoubleOwnership share (%) used for proportional fee calculation
estadoestadoBooleantrue = active; false = soft-deleted
cambiarPasscambiar_passBooleantrue forces a password change on first login

First-Login Password Flow

When an ADMIN creates a new user, the account is created with cambiarPass = true. Until the user changes their password, the getAuthorities() method on the Usuario entity returns ROLE_PRE_AUTH instead of the user’s actual role. This special role is blocked by all business-logic endpoints — the user can only call PATCH /api/usuarios/pass to set a new password.
1

Admin creates the user

The ADMIN calls POST /api/usuarios with the new resident’s details. The backend sets cambiarPass = true and assigns a temporary password.
2

User receives credentials

The resident receives their temporary password (typically by email) and logs in for the first time, obtaining a JWT with the ROLE_PRE_AUTH authority.
3

User changes their password

The user submits their old (temporary) password and chosen new password to PATCH /api/usuarios/pass. The request body uses the CambioPass DTO with oldPassword and newPassword fields.
{
  "oldPassword": "temporal123",
  "newPassword": "MiNuevaContraseña!2024"
}
4

Full access granted

The backend sets cambiarPass = false. On the next login, the JWT is issued with the user’s real role (ROLE_USER, ROLE_ADMIN, etc.) and all features become accessible.

Key API Endpoints

POST /api/usuarios
Authorization: Bearer <admin_token>
Content-Type: application/json
The community is automatically assigned from the JWT — do not include it in the request body. Returns 409 Conflict if a user with the same DNI already exists. The rol field is always set to USER by the service layer regardless of the value provided.
{
  "dni": "12345678A",
  "nombre": "María",
  "apellidos": "García López",
  "puerta": "3B",
  "telefono": "600123456",
  "email": "[email protected]",
  "coeficiente": 8.5
}

Admin Password Reset

An ADMIN can trigger a password reset for any user in their community without knowing the current password:
PATCH /api/usuarios/admin/{id}
Authorization: Bearer <admin_token>
The backend generates a new temporary password, sends it to the user’s registered email address, and sets cambiarPass = true so the user is forced through the first-login flow again on their next session.

The coeficiente Field

Each resident’s coeficiente value represents their ownership share of the community as a percentage. This number is used directly by the fee-generation logic: when a new ORDINARIA or EXTRAORDINARIA fee is created, each resident’s receipt amount is calculated as:
importe_recibo = importe_cuota × coeficiente / 100
Users with a null or zero coeficiente are skipped during automatic receipt generation. This typically applies to commercial units or common-area entries that are not billed.
Deleting a user via DELETE /api/usuarios/{idUsuario} does not remove the database record. It performs a soft delete by setting estado = false and resetting coeficiente to 0.0, which prevents them from being included in future receipt generation. Inactive users cannot log in. Their existing receipts, movements, and document references are preserved for financial integrity. To reactivate a user, call PUT /api/usuarios/admin/{id} and restore the appropriate estado and coeficiente values.

Build docs developers (and LLMs) love