Skip to content
Trailer.devDocumentation

Search is only available in production builds. Try building and previewing the site to test it out locally.

Users

The Users page at /users showing the user table (Name, Admin, Last update columns), the search field, and the Create User / Invite User buttons.

The Users page lists every account on the platform and is where administrators create, invite, edit, and delete users. It lives at /users.

The user model is intentionally small. There are two boolean attributes that control access:

  • Admin: grants administrative privileges. Only admins can create, invite, edit, or delete users.
  • Enabled: controls whether the account can access the platform. Disabling a user blocks access but keeps all associated data intact, so the account can be re-enabled later.

There are no other named roles or permission tiers at the user level. Everything finer-grained lives on hosts and resources; see Permissions and access control.

The list is a searchable, sortable, paginated table.

  • Columns: Name (with avatar), Admin, and Last update.
  • Search: filters by name or email.
  • Sort: by Last update (default), Name, or Admin.
  • Actions: the per-row delete action and the Create User / Invite User buttons are visible only to admins.

Non-admins can view the list but cannot add or remove accounts.

Admins open the create form from the Create User button (/users/create). Non-admins are redirected back to the list.

Creating a user sets the password immediately, so the account is usable right away. The form fields are:

  • Email (up to 64 characters)
  • Name
  • Avatar (optional image, PNG, JPG, WEBP, or GIF, max 5 MB)
  • Admin checkbox
  • Enabled checkbox
  • Password and Confirm password (at least 10 characters)
The Create User form at /users/create with email, name, avatar, Admin and Enabled checkboxes, and the password fields.

Admins can instead invite a user from the Invite User button (/users/invite). With an invite, the administrator does not set a password. The system emails the new user a link to set their own.

The invite form is shorter than the create form:

  • Email
  • Name
  • Admin checkbox

On submit, the server creates the account (enabled, with a random throwaway password) and sends a password-setup email. The user becomes active once they follow the link and choose a password.

The Invite User form at /users/invite with email, name, and the Admin checkbox.
sequenceDiagram
    participant Admin
    participant Server
    participant Invitee
    Admin->>Server: Submit invite (email, name, admin)
    Server->>Server: Create account (enabled, random password)
    Server->>Invitee: Send password-setup email
    Invitee->>Server: Open link, set password
    Server->>Invitee: Redirect to login
CreateInvite
PasswordAdmin sets it nowUser sets it via email link
Avatar fieldYesNo
Enabled fieldYes (toggle)Always enabled
Ready to log inImmediatelyAfter accepting the invite

The invitation email links to /accept-invitation/<token>, a page that does not require an existing session. The invitee enters a new password (and confirms it), at least 10 characters. After it is saved, they are sent to the login page to sign in.

Selecting a user opens their detail page at /user/<id>. Editing requires admin privileges. Non-admins see the page in read-only form.

The page has two sections:

  • Profile: email (read-only here), email visibility, name, avatar, the Admin toggle (only an admin can change it), and the Enabled toggle (admin only).
  • Delete: removes the account after typing the user’s name to confirm. This action is irreversible.

You cannot delete your own account from the list’s row action.

The user detail page at /user/<id> showing the Profile section and the Delete section with name confirmation.