This API provides basic functionalities to manage user profiles in a Java-based system, allowing for both administrative and regular user interactions. It is designed to handle user registration, profile management, and role-based access controls, as well as file upload and download functionalities.
- Admin Users: Admins have the ability to modify any user's profile, delete any account, and manage user roles, including granting and revoking admin rights. This allows admins to perform broad management tasks across the entire user base, as well as upload and download files.
- Regular Users: Regular users are limited to viewing and modifying their own profiles. They cannot access or modify other users' information, nor can they manage roles. This ensures that users can maintain privacy and control over their own information without affecting others. Regular users can download files but cannot upload them.
- Non-Users: Non-users are not allowed to perform any actions on the system.
Ensure your local server is running at http://localhost:8080
before you begin using these commands.
To register a new user without admin privileges, execute the following command:
curl -X POST 'http://localhost:8080/users/register' \
-H "Content-Type: application/json" \
-d '{"username": "regularuser", "password": "securepassword", "email": "[email protected]", "profileDescription": "Just a regular user"}'
To register a new user with admin privileges by using an admin secret, use:
curl -X POST 'http://localhost:8080/users/register?adminSecret=secret' \
-H "Content-Type: application/json" \
-d '{"username": "adminuser", "password": "securepassword", "email": "[email protected]", "profileDescription": "Administrator account"}'
To retrieve an existing user profile, replace USER_ID
with the actual ID of the user:
curl -X GET 'http://localhost:8080/users/USER_ID' \
-u username:password
To selectively update a user's profile information, such as email or profile description:
curl -X PATCH 'http://localhost:8080/users/USER_ID' \
-H "Content-Type: application/json" \
-u username:password \
-d '{"email": "[email protected]"}'
For an admin to grant another user admin privileges:
curl -X PUT 'http://localhost:8080/users/admin/USER_ID/grant-admin' \
-u adminuser:securepassword
For an admin to revoke admin privileges from another user:
curl -X PUT 'http://localhost:8080/users/admin/USER_ID/revoke-admin' \
-u adminuser:securepassword
To delete a user, ensure you have appropriate permissions (admin for any user, individual users can only delete their own profiles):
curl -X DELETE 'http://localhost:8080/users/USER_ID' \
-u username:password
To upload a file, only admins can perform this action:
curl -X POST 'http://localhost:8080/files/upload' \
-u adminuser:securepassword \
-F "file=@/path/to/file"
To download a file, only authenticated users can perform this action:
curl -X GET 'http://localhost:8080/files/download/FILENAME' \
-u username:password \
-o downloaded_file.ext
- Acces Denied Message Not all case and features have a propre acces denied msg (even if there is no msg, the acces denied is manage for all case).
- Database Integration: Plan to integrate PostgreSQL for robust data management.
- Vault for Sensitive Data: Implementing a vault for securely managing the admin secret.
- Persistent Login: Incorporating JWT for persistent user authentication and session management.
- Documentation: Detailed API documentation is underway, aiming to provide comprehensive usage and technical details.