The users admin atDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/PloutusLab/krafta-web/llms.txt
Use this file to discover all available pages before exploring further.
/admin/users provides a searchable, filterable CRM table of every registered User record, showing email, role badge, creator storefront name (if applicable), and account creation date. Admins can create new accounts directly from the panel, edit existing users’ roles or email addresses, reset passwords, and configure creator storefronts — all without direct database access.
User roles
| Role | Description |
|---|---|
CLIENTE | Default role assigned at registration. Can browse the storefront, place orders, and submit payment receipts. |
CREADOR | Creator with a branded storefront. Can upload designs, create listings, and earn royalties. Storefront visibility requires Creator.approved = true. |
TALLER | Workshop operator. Linked to a specific Workshop record via a WorkshopUser join record. Can manage assigned production orders. |
ADMIN | Full platform administration access. Required to access /admin and all sub-routes. |
List all users
ADMIN role JWT. Returns all user records ordered by createdAt descending, including each user’s linked CreatorStore if they are a CREADOR.
Create a user
Admins can create accounts directly from the panel without the standard registration flow.POST /api/users — request body
Email address for the new account. Must be unique — a duplicate email returns a
400 error.Plain-text password. The API hashes it with PBKDF2-SHA512 (1 000 iterations, 64-byte key) before storage. The plain-text value is never persisted.
Initial role for the account. One of
CLIENTE, CREADOR, TALLER, or ADMIN.Update a user
PUT /api/users — request body
UUID of the user to update.
New email address. Leave unchanged to keep the current value.
New role assignment. The change takes effect on the user’s next login.
New plain-text password. If omitted, the existing password hash is preserved. If provided, the API hashes and replaces the stored value.
Required when
role is "CREADOR". Creates or updates the associated CreatorStore record via an upsert.Creator approvals
ACreator profile is created automatically when a user is assigned the CREADOR role with valid storeInfo. However, the store remains hidden from public browsing until two approval flags are set:
Creator.approved— must betruefor the creator’s storefront to be accessible at/creator/<slug>. The API sets this totrueautomatically when an admin saves store info, but it can be overridden manually in Prisma Studio.CreatorDesign.approved— each individual design listing must also be approved before it appears in the storefront. Design approvals are managed separately and are not yet exposed through the admin UI.
Onboarding a workshop operator
When a new workshop contact needs access to the platform with theTALLER role:
- Create or update the user account with
role: "TALLER"viaPUT /api/users. - Create a
WorkshopUserrecord in the database linking the user’sidto the targetWorkshop.id. This join record grants the TALLER user access to their specific workshop’s production queue.
WorkshopUser management at this time.
Password security
Passwords are stored as PBKDF2-SHA512 hashes in thepasswordHash field on the User model, encoded as <salt>:<hash> where the salt is a 16-byte random hex string. Plain-text passwords are never written to the database or logged. JWT tokens are signed with HMAC-SHA256 server-side, expire after 24 hours, and there is no refresh token mechanism — users must re-authenticate after expiry.