diff --git a/app/Http/Controllers/API/AppController.php b/app/Http/Controllers/API/AppController.php
index 16c5c0f..472ba5a 100644
--- a/app/Http/Controllers/API/AppController.php
+++ b/app/Http/Controllers/API/AppController.php
@@ -7,7 +7,9 @@ use App\Exceptions\NoPermissionException;
 use App\Exceptions\NotLoggedInException;
 use App\Exceptions\ResourceNotFound;
 use App\Http\Resources\API\App;
+use App\Http\Resources\API\AppAccess;
 use App\Http\Resources\API\AppForOwner;
+use App\Http\Resources\API\AppUser;
 use App\Models\Setting;
 use App\Models\User;
 use http\Env\Request;
@@ -63,6 +65,54 @@ class AppController extends BaseController
 
         $response->setPagination($apps->currentPage(), $apps->lastPage(), $apps->perPage());
         return $response->withData(App::collection($apps));
+    }
 
+    public function updateApp(Response $response, \Illuminate\Http\Request $request, $id) {
+        if(!Auth::check()) {
+            throw new NotLoggedInException();
+        }
+
+        $this->validate($request, [
+            'name' => 'required|max:255|min:3|regex:@^[a-zA-Z0-9]*$@',
+            'description' => 'required|min:3',
+            'url' => 'required|url',
+            'direct_url' => 'url'
+        ]);
+
+        $app = \App\Models\App::query()->where("id", "=", $id)->firstOrFail();
+
+        if($app->owner_id != Auth::user()->id) {
+            throw new NoPermissionException(403, "Not your app");
+        }
+
+        $app->name = $request->input("name");
+        $app->description = $request->input("description");
+        $app->url = $request->input("url");
+        $app->direct_url = $request->input("direct_url");
+        $app->saveOrFail();
+
+        return $response->withData(new AppForOwner($app));
+    }
+
+    public function getUsers(Response $response, $id) {
+        if(!Auth::check()) {
+            throw new NotLoggedInException();
+        }
+
+        $app = \App\Models\App::query()->where("id", "=", $id)->firstOrFail();
+
+        if($app->user_id != Auth::user()->id) {
+            throw new NoPermissionException(403, "Not your app");
+        }
+
+        $access = \App\Models\AppAccess::query()->where("status", "=", "allowed")->where("app_id", "=", $id)->paginate(100);
+
+        $response->setPagination(
+            $access->currentPage(),
+            $access->lastPage(),
+            $access->perPage()
+        );
+
+        return $response->withData(AppUser::collection($access));
     }
 }
diff --git a/app/Http/Middleware/CorsMiddleware.php b/app/Http/Middleware/CorsMiddleware.php
index 8dc0d2a..acdc2a1 100644
--- a/app/Http/Middleware/CorsMiddleware.php
+++ b/app/Http/Middleware/CorsMiddleware.php
@@ -19,7 +19,7 @@ class CorsMiddleware
             'Access-Control-Allow-Methods'     => 'POST, GET, OPTIONS, PUT, DELETE',
             'Access-Control-Allow-Credentials' => 'true',
             'Access-Control-Max-Age'           => '86400',
-            'Access-Control-Allow-Headers'     => 'Content-Type, Authorization, X-Requested-With'
+            'Access-Control-Allow-Headers'     => 'Content-Type, Authorization, X-Requested-With, Access-Control-Allow-Origin'
         ];
 
         if ($request->isMethod('OPTIONS'))
diff --git a/app/Http/Resources/API/AppUser.php b/app/Http/Resources/API/AppUser.php
new file mode 100644
index 0000000..7f56e6c
--- /dev/null
+++ b/app/Http/Resources/API/AppUser.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Resources\API;
+
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class AppUser extends JsonResource
+{
+    /**
+     * Transform the resource into an array.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return array
+     */
+    public function toArray($request)
+    {
+        return [
+            'user_id' => $this->user_id,
+            'username' => $this->getUser()->username,
+            'status' => $this->status
+        ];
+    }
+}
\ No newline at end of file
diff --git a/database/migrations/2019_06_20_130513_app_permission.php b/database/migrations/2019_06_20_130513_app_permission.php
index dc656d5..7198eef 100644
--- a/database/migrations/2019_06_20_130513_app_permission.php
+++ b/database/migrations/2019_06_20_130513_app_permission.php
@@ -32,12 +32,6 @@ class AppPermission extends Migration
         $app->access_read_apps  = true;
         $app->saveOrFail();
 
-        $setting = new \App\Models\Setting();
-        $setting->name = "gui_url";
-        $setting->description = "GUI Url for redirect User from API/PHP-GUI to WebGui";
-        $setting->typ = "textinput";
-        $setting->value = "http://localhost:8080";
-        $setting->saveOrFail();
     }
 
     /**
@@ -58,6 +52,5 @@ class AppPermission extends Migration
             $table->dropColumn('access_read_profile');
         });
 
-        \App\Models\Setting::query()->where("name", "=", "gui_url")->delete();
     }
 }
diff --git a/routes/web.php b/routes/web.php
index 24ffe55..9a5b046 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -51,8 +51,12 @@ $router->group(['prefix' => 'api'], function () use ($router) {
             $router->get("/find", ['uses' => 'API\AppController@findApp']);
             $router->group(['prefix' => '{id}'], function () use ($router) {
                 $router->get("/", ['uses' => 'API\AppController@appDetails']);
+                $router->put("/", ['uses' => 'API\AppController@updateApp']);
                 $router->get("/access", ["uses" => "API\oAuthController@getAccess"]);
                 $router->post("/access/allow", ["uses" => "API\oAuthController@allowAccess"]);
+                $router->get("/user", ["uses" => "API\AppController@getUsers"]);
+
+
 
             });
         });