diff --git a/app/backend/dummy_data.py b/app/backend/dummy_data.py
index c1c4050ef00a1c3dcc39f31b3f09c27c024fb920..bcb27d557e87219cbb3719a4e6c2d892c0f5ce9c 100644
--- a/app/backend/dummy_data.py
+++ b/app/backend/dummy_data.py
@@ -27,6 +27,12 @@ def insert_dummy_data(session: Session):
                 password=hash_password("string"),
                 role="shop_owner",
             ),
+            User(
+                username="admin",
+                email="admin@gmail.com",
+                password=hash_password("admin"),
+                role="admin",
+            ),
         ]
         session.add_all(users)
         session.commit()
diff --git a/app/backend/routes/user.py b/app/backend/routes/user.py
index f7bc71274156e7e7e82e4c0d9d0f2341919cad87..f7947fcfe78248bd67c42264aaed3111d9eb3771 100644
--- a/app/backend/routes/user.py
+++ b/app/backend/routes/user.py
@@ -10,7 +10,9 @@ router = APIRouter()
 
 # Get all users
 @router.get("/", response_model=list[UserResponse])
-def get_all_users(db: Session = Depends(get_session)):
+def get_all_users(
+    db: Session = Depends(get_session), current_user: User = Depends(admin_required)
+):
     users = db.query(User).all()
     return users
 
@@ -24,10 +26,27 @@ def get_user(user_id: int, db: Session = Depends(get_session)):
     return user
 
 
-# Update a user
+# Update current user profile
+@router.put("/me", response_model=UserResponse)
+def update_current_user(
+    user_update: UserUpdate,
+    db: Session = Depends(get_session),
+    current_user: User = Depends(get_current_user),
+):
+    for key, value in user_update.dict(exclude_unset=True).items():
+        setattr(current_user, key, value)
+    db.commit()
+    db.refresh(current_user)
+    return current_user
+
+
+# Admin updates any user
 @router.put("/{user_id}", response_model=UserResponse)
-def update_user(
-    user_id: int, user_update: UserUpdate, db: Session = Depends(get_session)
+def admin_update_user(
+    user_id: int,
+    user_update: UserUpdate,
+    db: Session = Depends(get_session),
+    current_user: User = Depends(admin_required),  # restrict to admins
 ):
     user = db.query(User).filter(User.id == user_id).first()
     if not user:
diff --git a/app/backend/schemas/user.py b/app/backend/schemas/user.py
index 9328e1b17529f6285a5bc83743d19197b1d8c801..59c4c4b904eeb98f360a7e5640f9073a2ac96e51 100644
--- a/app/backend/schemas/user.py
+++ b/app/backend/schemas/user.py
@@ -31,4 +31,5 @@ class UserResponse(BaseModel):
 class UserUpdate(BaseModel):
     username: Optional[str] = None
     email: Optional[EmailStr] = None
+    phone_number: Optional[str] = None
     password: Optional[str] = None