User Routes and Protection
Normal users can only modify self.
Password field modification must follow change password flow.
Administrators may modify all, but may only issue a password reset email, not set password.
-
GET /api/user -
GET /api/user/:id -
GET /api/user/:username -
GET /api/user/:email -
POST /api/user -
PUT /api/user/:id -
DELETE /api/user/:id -
PROTECT GET /api/user -
PROTECT GET /api/user/:id -
PROTECT GET /api/user/:username -
PROTECT GET /api/user/:email -
PROTECT POST /api/user -
PROTECT PUT /api/user/:id -
PROTECT DELETE /api/user/:id
Edited by Kyle Brennan