Merge pull request 'dev-2026-03-29' (#14) from dev-2026-03-29 into main

Reviewed-on: #14

app/api/routers/users.py

@@ -241,7 +241,7 @@ def delete_user(
 def reset_user_apikey(
     identifier: str,
     db: Session = Depends(get_db),
-    current_user: models.User = Depends(get_current_user),
+    current_user: models.User = Depends(get_current_user_or_apikey),
 ):
     """Reset (regenerate) a user's API key.
 
@@ -249,6 +249,8 @@ def reset_user_apikey(
     - user.reset-apikey: can reset any user's API key
     - user.reset-self-apikey: can reset only own API key
     - admin: can reset any user's API key
+
+    Accepts both OAuth2 Bearer token and X-API-Key authentication.
     """
     import secrets
     from app.models.apikey import APIKey

app/init_wizard.py

@@ -189,6 +189,7 @@ _DEV_PERMISSIONS = {
 
 _ACCOUNT_MANAGER_PERMISSIONS = {
     "account.create",
+    "user.reset-apikey",
 }
 
 # Role definitions: (name, description, permission_set)