Users API

Endpoints

GET /api/users/me

Returns the authenticated user’s profile and permission map.

Permission: Any authenticated user

Response:

{
  "user": {
    "id": "uuid",
    "email": "brendon@dotcollective.com.au",
    "name": "Brendon Nicholas",
    "picture": "https://lh3.googleusercontent.com/...",
    "job_role": "DM",
    "access_level": "executive",
    "created_at": "2026-03-01T00:00:00.000Z",
    "updated_at": "2026-03-01T00:00:00.000Z"
  },
  "permissions": {
    "onboarding": { "tool": "onboarding", "can_view": true, "can_update": true, "can_manage": true },
    "scorecards": { "tool": "scorecards", "can_view": true, "can_update": true, "can_manage": true }
  }
}

PUT /api/users/me

Update the authenticated user’s own profile.

Permission: Any authenticated user

Body (all fields optional):

{
  "name": "New Name",
  "picture": "https://example.com/photo.jpg"
}

GET /api/dev/users

List all users for the dev mode user picker. No authentication required — only available locally.

Response:

{
  "users": [
    { "id": "uuid", "email": "...", "name": "...", "picture": null, "job_role": "DL", "access_level": "employee" }
  ]
}

GET /api/admin/users

List all users with their access levels and job roles.

Permission: Executive only

PUT /api/admin/users/:id

Update a user’s access level and/or job role.

Permission: Executive only