-
Notifications
You must be signed in to change notification settings - Fork 1
UserController
Adrian Goral edited this page Jun 30, 2025
·
12 revisions
This page contains documentation for the UserController class, which handles authenticated user operations and admin user management.
Base Path: /api/v1/authorized
Package: dev.goral.rpghandyhelper.user
All requests to this controller require an XSRF token to be included in the headers.
Example:
headers: {
"X-XSRF-TOKEN": "<csrfToken>"
}
| HTTP Method | Path | Description |
|---|---|---|
| GET | /user |
Returns basic info about the logged-in user |
| POST | /setPassword |
Sets the password for a Discord-created user |
| POST | /user/setUserPhotoPath |
Sets the user's photo path (URL string) |
| PUT | /user/update |
Updates user profile data |
| POST | /user/photo |
Uploads a new profile photo (multipart file) |
| GET | /user/photo |
Returns path to users profile pic |
| GET | /user/photo/{filename} |
Returns user photo as byte array |
| GET | /user/photo/username/{username} |
Returns username’s profile pic path |
| GET | /user/photo/defaults |
Get a list of default profile pictures |
| GET | /admin/user/{id} |
Returns basic info about the user (ADMIN only) |
| GET | /admin/user/all |
Gets a list of all users (ADMIN only) |
| POST | /admin/user/create |
Creates a new user (ADMIN only) |
| PUT | /admin/user/update/{id} |
Updates user profile data (ADMIN only) |
| PUT | /admin/user/changePassword/{id} |
Changes the password for the user (ADMIN only) |
| DELETE | /admin/user/delete/{id} |
Deletes the user (ADMIN only) |
Method: GET
Path: /user
{
"username": "user1",
"firstName": "John",
"surname": "Doe",
"email": "john.doe@example.com",
"userPhotoPath": "/img/profilePics/defaultProfilePic.png"
}-
401 Unauthorized: User is not logged in. -
500 Internal Server Error: User object could not be resolved.
Method: POST
Path: /setPassword
{
"password": "SecurePassword123!"
}{
"message": "Hasło zostało ustawione",
"error": 200,
"timestamp": "..."
}-
400 Bad Request: Password too weak or already set. -
401 Unauthorized: User not authenticated or OAuth account mismatch.
Method: POST
Path: /user/setUserPhotoPath
"/img/profilePics/customPic.png"{
"message": "Zdjęcie profilowe zostało ustawione.",
"error": 200,
"timestamp": "..."
}-
400 Bad Request: User not authenticated.
Method: PUT
Path: /user/update
{
"username": "newUser",
"firstName": "New",
"surname": "Name",
"email": "new.email@example.com"
}{
"message": "Profil zaktualizowany.",
"error": 200,
"timestamp": "..."
}-
400 Bad Request: Invalid fields or duplicate username. -
401 Unauthorized: Not logged in. -
404 Not Found: User not found.
Method: POST
Path: /user/photo
Form-data:
-
file: Image file (JPEG/PNG, max 5MB)
{
"message": "Zdjęcie profilowe zaktualizowane.",
"error": 200,
"timestamp": "..."
}-
400 Bad Request: No file provided, invalid type, or too large. -
401 Unauthorized: User not authenticated.
Method: GET
Path: /user/photo
{
"message": "Pobrano aktualną ścieżkę zdjęciową użytkownika.",
"error": 200,
"userPhotoPath": "/img/profilePics/defaultProfilePic.png",
"timestamp": "..."
}-
400 Bad Request: User not authenticated.
Method: GET
Path: /user/photo/{filename}
- Returns image file (Content-Type: image/jpeg or image/png)
-
400 Bad Request: Invalid filename. -
404 Not Found: File does not exist.
Method: GET
Path: /user/photo/username/{username}
{
"message": "Pobrano ścieżkę zdjęciową do profilu użytkownika.",
"error": 200,
"userPhotoPath": "/img/profilePics/defaultProfilePic.png",
"timestamp": "..."
}-
404 Not Found: User not found. -
404 Not Found: File does not exist.
Method: GET
Path: /user/photo/defaults
{
"defaultProfilePics": [
"/img/profilePics/defaultProfilePic-blue.png",
"...",
"/img/profilePics/defaultProfilePic.png"
],
"message": "Pobrano domyślne zdjęcia profilowe.",
"error": 200,
"timestamp": "..."
}Method: GET
Path: /admin/user/{id}
{
"message": "Pobrano użytkownika.",
"error": 200,
"user": {
"id": 2,
"username": "testuser",
"email": "test@example.com",
...
},
"timestamp": "..."
}-
404 Not Found: User with given ID not found. -
403 Forbidden: User is not an admin. -
401 Unauthorized: Not logged in.
Method: GET
Path: /admin/user/all
{
"message": "Pobrano listę użytkowników.",
"error": 200,
"users": [
{
"id": 1,
"username": "admin",
"email": "admin@example.com",
"role": "ROLE_ADMIN"
}
],
"timestamp": "..."
}-
403 Forbidden: User is not an admin. -
401 Unauthorized: Not logged in.
Method: POST
Path: /admin/user/create
{
"username": "newuser",
"firstName": "Alice",
"surname": "Cooper",
"email": "alice.cooper@example.com",
"password": "StrongPass123!",
"role": "ROLE_USER"
}{
"message": "Użytkownik został utworzony.",
"error": 200,
"timestamp": "..."
}-
400 Bad Request: Missing fields, weak password, or duplicate username/email. -
403 Forbidden: User is not an admin.
Method: PUT
Path: /admin/user/update/{id}
{
"username": "updatedName",
"firstName": "Updated",
"surname": "User",
"email": "updated@example.com",
"role": "ROLE_USER",
"locked": false,
"enabled": true,
"userPhotoPath": "/img/profilePics/defaultProfilePic-red.png"
}{
"message": "Użytkownik zaktualizowany.",
"error": 200,
"timestamp": "..."
}-
404 Not Found: User with given ID not found. -
400 Bad Request: Invalid field value (e.g., too short name). -
403 Forbidden: User is not an admin. -
401 Unauthorized: Not logged in.
Method: PUT
Path: /admin/user/changePassword/{id}
{
"password": "StrongPass123!"
}{
"message": "Twoje hasło zostało zmienione.",
"error": 200,
"timestamp": "..."
}-
404 Not Found: User with given ID not found. -
400 Bad Request: Password does not meet validation rules. -
403 Forbidden: User is not an admin. -
401 Unauthorized: Not logged in.
Method: DELETE
Path: /admin/user/delete/{id}
{
"message": "Użytkownik został usunięty.",
"error": 200,
"timestamp": "..."
}- Deletes the user account.
- Removes all associated notes, game participations, and scheduler assignments.
- Deletes user's custom profile photo (if not default).
-
404 Not Found: User with given ID not found. -
500 Internal Server Error: Failed to delete user’s data or photo. -
403 Forbidden: User is not an admin. -
401 Unauthorized: Not logged in.
-
Missing XSRF Token: Ensure the
X-XSRF-TOKENheader is included in every request. - Invalid Fields: Double-check the request body for missing or invalid fields.
- Permission Issues: Verify that the user has the necessary permissions for the requested operation.
- OAuth Account Setup: Users created via Discord login must set a password before logging in via form-based login.
-
Home
- GameNoteController
- SchedulerController
- UserController
- ForgotPasswordController
- RegisterController
- RpgSystemsController
- GameController
- GameRoomController
- AmmunitionController
- ArmorsController
- ClassesController
- CriticalInjuriesController
- CyberwaresController
- EquipmentsController
- SkillsController
- StatsController
- WeaponsController
- WeaponModsController
- CustomAmmunitionController
- CustomArmorsController
- CustomCriticalInjuriesController
- CustomCyberwaresController
- CustomEquipmentsController
- CustomWeaponModsController
- CustomWeaponsController
- CharacterAmmunitionController
- CharacterArmorController
- CharacterClassesController
- CharacterCriticalInjuriesController
- CharacterCustomAmmunitionController
- CharacterCustomArmorsController
- CharacterCustomCriticalInjuriesController
- CharacterCustomCyberwareController
- CharacterCustomEquipmentController
- CharacterCustomWeaponController
- CharacterCyberwareController
- CharacterEnemiesController
- CharacterEquipmentController
- CharacterFriendsController
- CharacterLifePathController
- CharacterOtherInfoController
- CharacterSkillsController
- CharacterStatsController
- CharacterTragicLoveStoryController
- CharacterWeaponsController
- CharacterWeaponModsController