User Routes

The Users routes manage user-related functionalities, such as retrieving, updating, and deleting user information.

GET /
/users
- Controller: getAllUsers
- Middleware: ensureAdmin
- Functionality: Retrieves a list of all users. Accessible only to admins.
GET /
- Controller: getOneUser
- Middleware: ensureCorrectUserOrAdmin
- Functionality: Retrieves details of a specific user. Accessible to the user themselves or an admin.
PUT /
- Controller: updateUser
- Middleware: ensureCorrectUserOrAdmin
- Functionality: Updates details of a specific user. Accessible to the user themselves or an admin.
DELETE /
- Controller: deleteUser
- Middleware: ensureAdmin
- Functionality: Deletes a specific user. Accessible only to admins.

Implement more granular access controls and audit logs for sensitive operations, especially update and delete operations.
Regularly review user access patterns to ensure compliance with privacy and security best practices.