Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/LizandroCanul/back_sdo/llms.txt

Use this file to discover all available pages before exploring further.

Permission Required - Only admins or the account owner can view user details.

Overview

Retrieve detailed information about a specific user. This endpoint enforces ownership validation - users can only view their own profile unless they have admin privileges.

Authentication

Requires a valid JWT token. The authenticated user must be either:
  • An admin (can view any user)
  • The owner of the account (can only view their own profile)
Authorization: Bearer YOUR_JWT_TOKEN

Path Parameters

id
string (UUID)
required
The unique identifier of the user to retrieve

Response

id
string (UUID)
Unique identifier for the user
email
string
User’s email address (unique)
nombreCompleto
string
User’s full name
roles
string
User role: either admin or user
isActive
boolean
Whether the user account is active
mustChangePassword
boolean
Flag indicating if user must change password on next login
createdAt
string (ISO 8601)
Timestamp when the user was created
updatedAt
string (ISO 8601)
Timestamp when the user was last updated

Example Request

cURL
curl -X GET https://api.yucatan.gob.mx/users/550e8400-e29b-41d4-a716-446655440000 \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Example Response

200 Success
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "email": "juan@yucatan.gob.mx",
  "nombreCompleto": "Juan Pérez",
  "roles": "user",
  "isActive": true,
  "mustChangePassword": false,
  "createdAt": "2024-01-15T10:30:00.000Z",
  "updatedAt": "2024-03-01T14:22:00.000Z"
}
400 Bad Request
{
  "statusCode": 400,
  "message": "Validation failed (uuid is expected)",
  "error": "Bad Request"
}
403 Forbidden
{
  "statusCode": 403,
  "message": "No tienes permiso para ver este perfil."
}
404 Not Found
{
  "statusCode": 404,
  "message": "Usuario no encontrado"
}

Authorization Rules

The endpoint validates permissions as follows:
  1. Admin users: Can view any user profile
  2. Regular users: Can only view their own profile (user.userId === id)
  3. Mismatch: If a regular user tries to view another user’s profile, returns 403 Forbidden
See implementation in /home/daytona/workspace/source/src/users/users.controller.ts:45