Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Pragyat-Nikunj/Learning-Management-System-backend/llms.txt

Use this file to discover all available pages before exploring further.

Every user account in the LMS Backend carries a role field that controls which actions they can take. The role is stored on the User document and is verified at the controller level — endpoints check req.id against resource ownership or rely on the role value to gate access. There are three roles: student, instructor, and admin.

Role assignment

The role field is defined in the user schema with an explicit allow-list and a default of 'student':
models/user.model.js
role: {
    type: String,
    enum: {
        values: ['student', 'instructor', 'admin'],
        message: 'Please select a valid role'
    },
    default: 'student',
},
When a new account is created via POST /api/v1/user/signup, the request body may include a role field. If omitted, the account is created as a student:
controllers/user.controller.js
const { name, email, password, role = 'student' } = req.body;
Role is set at account creation time. There is no public endpoint to change your own role after sign-up. Role escalation requires direct database access or an admin-level operation.

Role capabilities

Students are the primary consumers of course content. After creating an account and signing in they can:
ActionEndpoint
View published coursesGET /api/v1/courses/published
Search courses by keywordGET /api/v1/courses/search
View course details and lecture listGET /api/v1/courses/:courseId
Purchase a course via StripePOST /api/v1/payments/create-checkout-session
List all purchased coursesGET /api/v1/payments/purchased-courses
Check purchase status for a courseGET /api/v1/payments/courses/:courseId/purchase-status
Track lecture-level progressPATCH /api/v1/progress/:courseId/lectures/:lectureId
Mark a course as completedPOST /api/v1/progress/:courseId/complete
Reset progress on a coursePOST /api/v1/progress/:courseId/reset
Manage their own profile and avatarGET / PATCH /api/v1/user/profile
Enrolled courses are stored on the user document as an array of { course, enrolledAt } objects. The virtual field totalEnrolledCourses returns the count.
Instructors have all student capabilities plus the ability to create and manage courses. Authorization at the controller level verifies that the requesting user (req.id) matches the course.instructor field before allowing mutations.
ActionEndpoint
Create a new course (with thumbnail)POST /api/v1/courses
List courses they have createdGET /api/v1/courses/my-courses
Update course details or thumbnailPATCH /api/v1/courses/:courseId
Add a lecture with video to a coursePOST /api/v1/courses/:courseId/lectures
Created courses are tracked on the user document in a createdCourses array of Course ObjectIds.
Calling POST /api/v1/courses or POST /api/v1/courses/:courseId/lectures as a student will not automatically fail at the middleware layer — authorization is enforced inside the controller by comparing req.id to course.instructor. Attempting to modify a course you did not create returns an error.
The admin role is defined in the schema and is a valid value that can be assigned to a user. Admin-specific route middleware is not present in the current public route definitions — admin operations are distinguished by the role value on the user document and can be used by controllers to gate privileged actions.
If you are building admin tooling, check the role field on the authenticated user’s document (User.findById(req.id)) and return a 403 if the role is not 'admin'.

Role comparison table

Capabilitystudentinstructoradmin
Browse & search published coursesYesYesYes
Purchase courses via StripeYesYesYes
Track and reset course progressYesYesYes
Manage own profile and avatarYesYesYes
Forgot / reset passwordYesYesYes
Create new coursesNoYesYes
Add lectures to own coursesNoYesYes
Update own course detailsNoYesYes
List own created coursesNoYesYes
Platform-level admin operationsNoNoYes
The user schema stores role-relevant data that is returned on GET /api/v1/user/profile:
models/user.model.js
enrolledCourses: [{
    course: { type: mongoose.Schema.Types.ObjectId, ref: 'Course' },
    enrolledAt: { type: Date, default: Date.now }
}],
createdCourses: [{
    type: mongoose.Schema.Types.ObjectId,
    ref: 'Course'
}],
enrolledCourses is populated with title, thumbnail, and description when you fetch your profile, so a single request gives you the full list of courses a student is enrolled in.

Build docs developers (and LLMs) love

Get started for freeTalk to us