From 99f0c694bdbe25076d098d8a4467c89de5574a8b Mon Sep 17 00:00:00 2001
From: jessikitty <jess.rogerson.29@outlook.com>
Date: Wed, 28 Jan 2026 17:40:33 +1100
Subject: [PATCH] Add GET /api/v1/users endpoint for admin to list all users

---
 backend/app/api/v1/auth.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/backend/app/api/v1/auth.py b/backend/app/api/v1/auth.py
index 3c3dbde..0a21218 100644
--- a/backend/app/api/v1/auth.py
+++ b/backend/app/api/v1/auth.py
@@ -3,6 +3,7 @@ from datetime import timedelta
 from fastapi import APIRouter, Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from sqlalchemy.orm import Session
+from typing import List
 
 from app.core.database import get_db
 from app.core.security import verify_password, create_access_token, decode_access_token, get_password_hash
@@ -144,6 +145,15 @@ async def update_current_user(
     db.refresh(current_user)
     return current_user
 
+@router.get("/users", response_model=List[UserResponse])
+async def list_users(
+    db: Session = Depends(get_db),
+    admin_user: User = Depends(get_current_admin_user)
+):
+    """Admin endpoint to list all users."""
+    users = db.query(User).all()
+    return users
+
 @router.put("/users/{user_id}", response_model=UserResponse)
 async def update_user_admin(
     user_id: int,