4.5. Update users
| Id | 4.5. |
| Description | As a Application Administrator, I must be able to update user accounts and re-assign them appropriate roles, So that I can control access to the system and ensure that each user has the correct permissions based on their responsibilities. |
| Priority | High |
| Actors | User |
| API Calls | GET /admin/api-users/<user-id> PUT /admin/api-users/<user-id> PATCH /admin/api-users/<user-id> |
| Linked Processes | |
| Status | Implemented |
Preconditions
- The User must be authenticated and have the Application Administrator role.
- The system must have a list of predefined roles available for assignment.
- The user to be modified must exist on the platform
Postconditions
- The user list is updated with the modified accounts.
- All assigned roles are correctly enforced by the system.
Main flow
- The Application Administrator retrieves a list of existing users with their details and roles (GET).
- The Application Administrator uses an API to modify an existing user by modifying the required details (e.g., name, email) and assigning roles (PUT/PATCH).
- The system validates the input data.
- The system saves the changes and updates the user list.
Exceptions
[400 Bad Request] Invalid input:
If mandatory fields are missing or invalid, the system returns an error message.
[404 Not found] User not found
If the Application Administrator attempts to modify a user that does not exist, the system returns an error and prevents the action.
[500 Internal Server Error] System Error
If the system fails to save changes due to an internal error, it displays an appropriate message and logs the error for further investigation.