diff --git a/src/controllers/auth/login.js b/src/controllers/auth/login.js
index 434f044..7070221 100644
--- a/src/controllers/auth/login.js
+++ b/src/controllers/auth/login.js
@@ -37,6 +37,10 @@ const login = async (req, res) => {
       user: {
         id: user.id,
         email: user.email,
+        name: user.name,
+        role: user.role,
+        profilePictureUrl: user.profilePictureUrl,
+        isEmailVerified: user.isEmailVerified,
       },
     },
   });
diff --git a/src/controllers/users/getAnnouncementStatus.js b/src/controllers/users/getAnnouncementStatus.js
index 4a95950..cf68fc1 100644
--- a/src/controllers/users/getAnnouncementStatus.js
+++ b/src/controllers/users/getAnnouncementStatus.js
@@ -8,6 +8,11 @@ const getUserAnnouncementStatus = async (req, res) => {
   const { status: userStatus } = req.query; // Validated and parsed by Zod middleware
   const skip = (page - 1) * limit;
 
+  // Authorization Check
+  if (req.user.role !== "ADMIN" && req.user.id !== userId) {
+    throw new AppError("Not authorized", 403);
+  }
+
   // Check if user exists
   const user = await prisma.user.findUnique({
     where: { id: userId },
diff --git a/src/routes/users.js b/src/routes/users.js
index eb2eab4..acad811 100644
--- a/src/routes/users.js
+++ b/src/routes/users.js
@@ -42,7 +42,6 @@ router.delete("/:id", authorize("ADMIN"), asyncHandler(deleteUser));
 
 router.get(
   "/:id/announcements",
-  authorize("ADMIN"),
   validateRequest(statusQuerySchema, "query"),
   asyncHandler(getUserAnnouncementStatus),
 ); // Query params for key "status" should be either "read" or "unread"