Gestor Financiero supports two user roles —Documentation Index
Fetch the complete documentation index at: https://mintlify.com/JDzuu/AplicativoWEB_GestorFinanciero/llms.txt
Use this file to discover all available pages before exploring further.
admin and empleado — giving you fine-grained control over who can manage the team and who can only work on projects and budgets. All user management actions are restricted to administrators and are enforced on the backend, not just in the UI.
Roles
| Role | Can do |
|---|---|
admin | Everything: create, edit, and delete users; all project and budget operations |
empleado | All project and budget operations; cannot manage users |
The Principal Admin
On first boot, Gestor Financiero automatically creates one administrator account — the principal admin. This account is flagged in the database (principal = 1) and is permanently protected by the API. It cannot be edited or deleted through any endpoint, regardless of who is making the request. The system also enforces that at least one admin account must exist at all times, preventing the last remaining admin from being removed or downgraded.
User Fields
When creating or editing a user, the following fields apply:| Field | Description | Constraints |
|---|---|---|
usuario | Unique login username | Max 50 characters; must be unique across all users |
nombre | Display name shown in the UI | Max 120 characters |
password | Account password | Min 8 characters |
rol | User role | Must be admin or empleado |
Creating Users
Only administrators can create new users. Send aPOST request to /usuarios with the new user’s details. The username must not already exist in the system.
id, usuario, nombre, and rol.
Editing Users
PUT /usuarios/{id} allows an admin to update a user’s username, display name, role, and optionally set a new password.
- The principal admin cannot be edited through this endpoint.
- If you change the target user’s password, all of their active sessions are closed immediately — they will need to log in again.
- Downgrading the last remaining
admintoempleadois blocked; the system requires at least one admin at all times. - Usernames must remain unique: the API rejects the change if the new username is already taken by a different user.
"nueva_password": "NewPass456" in the body.
Resetting Passwords
POST /usuarios/{id}/password is an admin-only endpoint that overwrites a user’s password without requiring their current one. As soon as the password is changed, all active sessions for that user are closed.
- Cannot be used on the principal admin — that account manages its own password through the standard
/cambiar-passwordendpoint. - The new password must be at least 8 characters.
Deleting Users
DELETE /usuarios/{id} permanently removes a user account. The following deletions are always blocked:
- Your own account — you cannot delete yourself.
- The principal admin — protected at the API level.
- The last remaining admin — the system must always have at least one admin.
Theme Preferences
Each user can independently set their preferred UI theme. The available options areclaro (light), oscuro (dark), and sistema (follow the OS setting). The preference is stored per user in the database and is returned on login via the tema field.
Users update their own theme via POST /preferencias/tema: