Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/PloutusLab/krafta-web/llms.txt

Use this file to discover all available pages before exploring further.

The users admin at /admin/users provides a searchable, filterable CRM table of every registered User record, showing email, role badge, creator storefront name (if applicable), and account creation date. Admins can create new accounts directly from the panel, edit existing users’ roles or email addresses, reset passwords, and configure creator storefronts — all without direct database access.
A role change takes effect on the user’s next login. The Krafta JWT payload includes the role at issuance time, and tokens are valid for 24 hours with no refresh mechanism. A user who is promoted to ADMIN must log out and back in before their new privileges are active.

User roles

RoleDescription
CLIENTEDefault role assigned at registration. Can browse the storefront, place orders, and submit payment receipts.
CREADORCreator with a branded storefront. Can upload designs, create listings, and earn royalties. Storefront visibility requires Creator.approved = true.
TALLERWorkshop operator. Linked to a specific Workshop record via a WorkshopUser join record. Can manage assigned production orders.
ADMINFull platform administration access. Required to access /admin and all sub-routes.

List all users

GET /api/users
Requires an ADMIN role JWT. Returns all user records ordered by createdAt descending, including each user’s linked CreatorStore if they are a CREADOR.

Create a user

Admins can create accounts directly from the panel without the standard registration flow.

POST /api/users — request body

{
  "email": "nueva@krafta.com",
  "password": "contraseñaSegura123",
  "role": "CREADOR"
}
email
string
required
Email address for the new account. Must be unique — a duplicate email returns a 400 error.
password
string
required
Plain-text password. The API hashes it with PBKDF2-SHA512 (1 000 iterations, 64-byte key) before storage. The plain-text value is never persisted.
role
string
required
Initial role for the account. One of CLIENTE, CREADOR, TALLER, or ADMIN.

Update a user

PUT /api/users — request body

{
  "id": "user-uuid",
  "email": "actualizado@krafta.com",
  "role": "CREADOR",
  "password": "nuevaContraseña",
  "storeInfo": {
    "displayName": "Tienda de María",
    "slug": "tienda-maria",
    "bio": "Diseños ilustrados a mano para Venezuela.",
    "active": true
  }
}
id
string
required
UUID of the user to update.
email
string
New email address. Leave unchanged to keep the current value.
role
string
New role assignment. The change takes effect on the user’s next login.
password
string
New plain-text password. If omitted, the existing password hash is preserved. If provided, the API hashes and replaces the stored value.
storeInfo
object
Required when role is "CREADOR". Creates or updates the associated CreatorStore record via an upsert.

Creator approvals

A Creator profile is created automatically when a user is assigned the CREADOR role with valid storeInfo. However, the store remains hidden from public browsing until two approval flags are set:
  • Creator.approved — must be true for the creator’s storefront to be accessible at /creator/<slug>. The API sets this to true automatically when an admin saves store info, but it can be overridden manually in Prisma Studio.
  • CreatorDesign.approved — each individual design listing must also be approved before it appears in the storefront. Design approvals are managed separately and are not yet exposed through the admin UI.

Onboarding a workshop operator

When a new workshop contact needs access to the platform with the TALLER role:
  1. Create or update the user account with role: "TALLER" via PUT /api/users.
  2. Create a WorkshopUser record in the database linking the user’s id to the target Workshop.id. This join record grants the TALLER user access to their specific workshop’s production queue.
{
  "userId": "user-uuid",
  "workshopId": "workshop-uuid"
}
This record must be created directly via Prisma Studio or a migration script, as there is no admin UI endpoint for WorkshopUser management at this time.

Password security

Passwords are stored as PBKDF2-SHA512 hashes in the passwordHash field on the User model, encoded as <salt>:<hash> where the salt is a 16-byte random hex string. Plain-text passwords are never written to the database or logged. JWT tokens are signed with HMAC-SHA256 server-side, expire after 24 hours, and there is no refresh token mechanism — users must re-authenticate after expiry.

Build docs developers (and LLMs) love