# Users User and library access management ## Endpoints ### GET /api/v1/admin/users List all users (admin only) **Authentication:** Required (Bearer JWT) #### Responses | Status | Description | | ------ | ------------- | | 200 | List of users | | 401 | Unauthorized | | 403 | Forbidden | --- ### POST /api/v1/admin/users Create a new user (admin only) **Authentication:** Required (Bearer JWT) #### Request Body username, password, role, and optional profile fields `Content-Type: application/json` See `docs/api/openapi.json` for the full schema. #### Responses | Status | Description | | ------ | --------------------- | | 200 | User created | | 400 | Bad request | | 401 | Unauthorized | | 403 | Forbidden | | 500 | Internal server error | --- ### GET /api/v1/admin/users/{id} Get a specific user by ID **Authentication:** Required (Bearer JWT) #### Parameters | Name | In | Required | Description | | ---- | ---- | -------- | ----------- | | `id` | path | Yes | User ID | #### Responses | Status | Description | | ------ | ------------ | | 200 | User details | | 401 | Unauthorized | | 403 | Forbidden | | 404 | Not found | --- ### PATCH /api/v1/admin/users/{id} Update a user **Authentication:** Required (Bearer JWT) #### Parameters | Name | In | Required | Description | | ---- | ---- | -------- | ----------- | | `id` | path | Yes | User ID | #### Request Body Optional password, role, or profile fields to update `Content-Type: application/json` See `docs/api/openapi.json` for the full schema. #### Responses | Status | Description | | ------ | ------------ | | 200 | User updated | | 400 | Bad request | | 401 | Unauthorized | | 403 | Forbidden | | 404 | Not found | --- ### DELETE /api/v1/admin/users/{id} Delete a user (admin only) **Authentication:** Required (Bearer JWT) #### Parameters | Name | In | Required | Description | | ---- | ---- | -------- | ----------- | | `id` | path | Yes | User ID | #### Responses | Status | Description | | ------ | ------------ | | 200 | User deleted | | 401 | Unauthorized | | 403 | Forbidden | | 404 | Not found | --- ### GET /api/v1/admin/users/{id}/libraries Get user's accessible libraries **Authentication:** Required (Bearer JWT) #### Parameters | Name | In | Required | Description | | ---- | ---- | -------- | ----------- | | `id` | path | Yes | User ID | #### Responses | Status | Description | | ------ | -------------- | | 200 | User libraries | | 401 | Unauthorized | | 403 | Forbidden | --- ### POST /api/v1/admin/users/{id}/libraries Grant library access to a user (admin only) **Authentication:** Required (Bearer JWT) #### Parameters | Name | In | Required | Description | | ---- | ---- | -------- | ----------- | | `id` | path | Yes | User ID | #### Request Body `Content-Type: application/json` See `docs/api/openapi.json` for the full schema. #### Responses | Status | Description | | ------ | -------------- | | 200 | Access granted | | 400 | Bad request | | 401 | Unauthorized | | 403 | Forbidden | --- ### DELETE /api/v1/admin/users/{id}/libraries Revoke library access from a user (admin only) Uses a JSON body instead of a path parameter because `root_path` may contain slashes that conflict with URL routing. **Authentication:** Required (Bearer JWT) #### Parameters | Name | In | Required | Description | | ---- | ---- | -------- | ----------- | | `id` | path | Yes | User ID | #### Request Body `Content-Type: application/json` See `docs/api/openapi.json` for the full schema. #### Responses | Status | Description | | ------ | -------------- | | 200 | Access revoked | | 400 | Bad request | | 401 | Unauthorized | | 403 | Forbidden | ---