diff --git a/api/users.go b/api/users.go
index 8abb266..330b54d 100644
--- a/api/users.go
+++ b/api/users.go
@@ -44,18 +44,13 @@ func (u UserService) List(val *url.Values, claims *types.Claims) (types.Entity,
 		return nil, newJSONError(err, http.StatusInternalServerError)
 	}
 
-	// TODO: fix this
-	users := make(models.Users, 0)
-	sql := `SELECT id, email, 'password' AS password, name, role,
-		created_at, updated_at, deleted_at
-		FROM users
-		WHERE verified IS TRUE
-		AND deleted_at IS NULL;`
-	if err := models.DBH.Select(&users, sql); err != nil {
+	users, err := models.ListUsers(opt, claims)
+	if err != nil {
 		return nil, newJSONError(err, http.StatusInternalServerError)
 	}
+
 	payload := payloads.Users{
-		Users: &users,
+		Users: users,
 		Meta: &models.UserMeta{
 			CanAdd: claims.Role == "A",
 		},
diff --git a/models/users.go b/models/users.go
index b4f28ad..f2ad267 100644
--- a/models/users.go
+++ b/models/users.go
@@ -146,3 +146,23 @@ func DbGetUserByEmail(email string) (*User, error) {
 	}
 	return &user, nil
 }
+
+// ListUsers returns all users.
+func ListUsers(opt helpers.ListOptions, claims *types.Claims) (*Users, error) {
+	q := `SELECT id, email, 'password' AS password, name, role, created_at,
+		updated_at, deleted_at
+		FROM users
+		WHERE verified IS TRUE
+		AND deleted_at IS NULL;`
+
+	users := make(Users, 0)
+	if err := DBH.Select(&users, q); err != nil {
+		return nil, err
+	}
+
+	for _, u := range users {
+		u.CanEdit = claims.Role == "A" || u.ID == claims.Sub
+	}
+
+	return &users, nil
+}