From 9628ea2d245f289f324fea1048daa9a603ad2b4c Mon Sep 17 00:00:00 2001
From: Ben <45583362+ben-basten@users.noreply.github.com>
Date: Sun, 26 May 2024 21:43:30 +0000
Subject: [PATCH 01/14] fix(web): keyboard event propagation in modals (#9713)

* fix: key events propagating from modal, visible close button focus

* feat: set initial focus on the text field for album creation

* chore: step back duplicated changes
---
 .../full-screen-modal.svelte                  | 21 +++++++++++--------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/web/src/lib/components/shared-components/full-screen-modal.svelte b/web/src/lib/components/shared-components/full-screen-modal.svelte
index dfd42be568..afc465a32d 100644
--- a/web/src/lib/components/shared-components/full-screen-modal.svelte
+++ b/web/src/lib/components/shared-components/full-screen-modal.svelte
@@ -43,13 +43,16 @@
   }
 </script>
 
-<FocusTrap>
-  <section
-    role="presentation"
-    in:fade={{ duration: 100 }}
-    out:fade={{ duration: 100 }}
-    class="fixed left-0 top-0 z-[9990] flex h-screen w-screen place-content-center place-items-center bg-black/40"
-  >
+<section
+  role="presentation"
+  in:fade={{ duration: 100 }}
+  out:fade={{ duration: 100 }}
+  class="fixed left-0 top-0 z-[9990] flex h-screen w-screen place-content-center place-items-center bg-black/40"
+  on:keydown={(event) => {
+    event.stopPropagation();
+  }}
+>
+  <FocusTrap>
     <div
       class="z-[9999] max-w-[95vw] max-h-[95vh] {modalWidth} overflow-y-auto rounded-3xl bg-immich-bg shadow-md dark:bg-immich-dark-gray dark:text-immich-dark-fg immich-scrollbar"
       style="max-height: min(95vh, 900px);"
@@ -72,5 +75,5 @@
         </div>
       {/if}
     </div>
-  </section>
-</FocusTrap>
+  </FocusTrap>
+</section>

From 50f9b2d44eaf4c74d26c3c885e6e6043219a124a Mon Sep 17 00:00:00 2001
From: Alexandre Bouijoux <0q8hnjtu2@mozmail.com>
Date: Sun, 26 May 2024 23:45:05 +0200
Subject: [PATCH 02/14] docs: update README fr (#9764)

Update README_fr_FR.md
---
 readme_i18n/README_fr_FR.md | 48 +++++++++++++++++++++++++++----------
 1 file changed, 36 insertions(+), 12 deletions(-)

diff --git a/readme_i18n/README_fr_FR.md b/readme_i18n/README_fr_FR.md
index 08be3cc02f..47f0dab740 100644
--- a/readme_i18n/README_fr_FR.md
+++ b/readme_i18n/README_fr_FR.md
@@ -11,7 +11,7 @@
 <p align="center">
 <img src="../design/immich-logo-stacked-light.svg" width="300" title="Login With Custom URL">
 </p>
-<h3 align="center">Immich - Solution de sauvegarde performante et auto-hébergée des photos et des vidéos</h3>
+<h3 align="center">Immich - Solution de sauvegarde performante et auto-hébergée de photos et de vidéos</h3>
 <br/>
 <a href="https://immich.app">
 <img src="../design/immich-screenshots.png" title="Main Screenshot">
@@ -36,16 +36,16 @@
 ## Clause de non-responsabilité
 
 - ⚠️ Le projet est en **très fort** développement.
-- ⚠️ Attendez-vous à rencontrer des bugs et des changements importants.
-- ⚠️ **N'utilisez pas cette application comme seule façon de sauvegarder vos photos et vos vidéos.**
+- ⚠️ Attendez-vous à rencontrer des bogues et des changements importants.
+- ⚠️ **N'utilisez pas cette application comme seul support de sauvegarde de vos photos et vos vidéos.**
 - ⚠️ Ayez toujours un plan de sauvegarde en [3-2-1](https://www.seagate.com/fr/fr/blog/what-is-a-3-2-1-backup-strategy/) pour vos précieuses photos et vidéos !
 
 ## Sommaire
 
 - [Documentation officielle](https://immich.app/docs)
 - [Feuille de route](https://github.com/orgs/immich-app/projects/1)
-- [Démo](#demo)
-- [Fonctionnalités](#features)
+- [Démo](#démo)
+- [Fonctionnalités](#fonctionnalités)
 - [Introduction](https://immich.app/docs/overview/introduction)
 - [Installation](https://immich.app/docs/install/requirements)
 - [Contribution](https://immich.app/docs/overview/support-the-project)
@@ -56,26 +56,31 @@ Vous pouvez trouver la documentation principale ainsi que les guides d'installat
 
 ## Démo
 
-Vous pouvez accéder à la démo Web sur https://demo.immich.app
+Vous pouvez accéder à la démo en ligne sur https://demo.immich.app
 
-Pour l'application mobile, vous pouvez utiliser `https://demo.immich.app/api` dans le champ 'URL du point d'accès au serveur'
+Pour l'application mobile, vous pouvez utiliser `https://demo.immich.app/api` dans le champ `URL du point d'accès au serveur`
 
-```bash title="Demo Credential"
+```bash title="Identifiants pour la démo"
 Les identifiants
 email: demo@immich.app
 mot de passe: demo
 ```
 
 ```
-Caractéristiques: Plan gratuit Oracle VM - Amsterdam - 2.4Ghz quatre-cœurs ARM64 CPU, 24GB RAM
+Caractéristiques : Plan gratuit Oracle VM - Amsterdam - 2.4Ghz quatre-cœurs ARM64 CPU, 24GB RAM
 ```
 
-# Fonctionnalités
+## Activités
+
+![Activités](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Image des statistiques Repobeats")
+
+## Fonctionnalités
 
 | Fonctionnalités                                                  | Mobile | Web |
 | ---------------------------------------------------------------- | ------ | --- |
 | Téléverser et voir les vidéos et photos                          | Oui    | Oui |
 | Sauvegarde automatique quand l'application est ouverte           | Oui    | N/A |
+| Prévention contre la duplication des photos et des vidéos        | Oui    | Oui |
 | Sélection des albums à sauvegarder                               | Oui    | N/A |
 | Télécharger les photos et les vidéos sur l'appareil              | Oui    | Oui |
 | Support multi-utilisateur                                        | Oui    | Oui |
@@ -89,13 +94,32 @@ Caractéristiques: Plan gratuit Oracle VM - Amsterdam - 2.4Ghz quatre-cœurs ARM
 | Défilement virtuel                                               | Oui    | Oui |
 | Support de l'OAuth                                               | Oui    | Oui |
 | Clés d'API                                                       | N/A    | Oui |
-| Sauvegarde et lecture des LivePhotos                             | iOS    | Oui |
+| Sauvegarde et lecture des LivePhoto/MotionPhoto                  | Oui    | Oui |
+| Support de l'affichage des images à 360°                         | Non    | Oui |
 | Structure de stockage définissable                               | Oui    | Oui |
 | Partage public                                                   | Non    | Oui |
 | Archives et favoris                                              | Oui    | Oui |
-| Carte globale                                                    | Non    | Oui |
+| Carte globale                                                    | Oui    | Oui |
 | Partage entre utilisateurs                                       | Oui    | Oui |
 | Reconnaissance et regroupement facial                            | Oui    | Oui |
 | Souvenirs (il y a x années)                                      | Oui    | Oui |
 | Support hors-ligne                                               | Oui    | Non |
 | Gallerie en lecture seule                                        | Oui    | Oui |
+| Empilage de photos                                               | Oui    | Oui |
+
+
+## Contributeurs
+
+<a href="https://github.com/alextran1502/immich/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
+</a>
+
+## Historique des favoris
+
+<a href="https://star-history.com/#immich-app/immich&Date">
+ <picture>
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date&theme=dark" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" />
+   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" width="100%" />
+ </picture>
+</a>

From e7c8501930a988dfb6c23ce1c48b0beb076a58c2 Mon Sep 17 00:00:00 2001
From: Mert <101130780+mertalev@users.noreply.github.com>
Date: Sun, 26 May 2024 18:04:23 -0400
Subject: [PATCH 03/14] fix(server): search duplicates of the same asset type
 (#9747)

* search by type

* make sql

---------

Co-authored-by: Alex <alex.tran1502@gmail.com>
---
 server/src/interfaces/search.interface.ts     |  3 ++-
 server/src/queries/search.repository.sql      |  3 ++-
 server/src/repositories/search.repository.ts  | 13 +++++++++----
 server/src/services/duplicate.service.spec.ts |  2 ++
 server/src/services/duplicate.service.ts      |  1 +
 5 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/server/src/interfaces/search.interface.ts b/server/src/interfaces/search.interface.ts
index 57523aa940..ce9e2a1940 100644
--- a/server/src/interfaces/search.interface.ts
+++ b/server/src/interfaces/search.interface.ts
@@ -155,8 +155,9 @@ export interface FaceEmbeddingSearch extends SearchEmbeddingOptions {
 export interface AssetDuplicateSearch {
   assetId: string;
   embedding: Embedding;
-  userIds: string[];
   maxDistance?: number;
+  type: AssetType;
+  userIds: string[];
 }
 
 export interface FaceSearchResult {
diff --git a/server/src/queries/search.repository.sql b/server/src/queries/search.repository.sql
index 1a4245592b..9efeae6248 100644
--- a/server/src/queries/search.repository.sql
+++ b/server/src/queries/search.repository.sql
@@ -204,6 +204,7 @@ WITH
         "asset"."ownerId" IN ($2)
         AND "asset"."id" != $3
         AND "asset"."isVisible" = $4
+        AND "asset"."type" = $5
       )
       AND ("asset"."deletedAt" IS NULL)
     ORDER BY
@@ -216,7 +217,7 @@ SELECT
 FROM
   "cte" "res"
 WHERE
-  res.distance <= $5
+  res.distance <= $6
 
 -- SearchRepository.searchFaces
 START TRANSACTION
diff --git a/server/src/repositories/search.repository.ts b/server/src/repositories/search.repository.ts
index 072d452777..f0c5dcb364 100644
--- a/server/src/repositories/search.repository.ts
+++ b/server/src/repositories/search.repository.ts
@@ -160,6 +160,7 @@ export class SearchRepository implements ISearchRepository {
     assetId,
     embedding,
     maxDistance,
+    type,
     userIds,
   }: AssetDuplicateSearch): Promise<AssetDuplicateResult[]> {
     const cte = this.assetRepository.createQueryBuilder('asset');
@@ -171,18 +172,22 @@ export class SearchRepository implements ISearchRepository {
       .where('asset.ownerId IN (:...userIds )')
       .andWhere('asset.id != :assetId')
       .andWhere('asset.isVisible = :isVisible')
+      .andWhere('asset.type = :type')
       .orderBy('search.embedding <=> :embedding')
       .limit(64)
-      .setParameters({ assetId, embedding: asVector(embedding), isVisible: true, userIds });
+      .setParameters({ assetId, embedding: asVector(embedding), isVisible: true, type, userIds });
 
     const builder = this.assetRepository.manager
       .createQueryBuilder()
       .addCommonTableExpression(cte, 'cte')
       .from('cte', 'res')
-      .select('res.*')
-      .where('res.distance <= :maxDistance', { maxDistance });
+      .select('res.*');
 
-    return builder.getRawMany() as any as Promise<AssetDuplicateResult[]>;
+    if (maxDistance) {
+      builder.where('res.distance <= :maxDistance', { maxDistance });
+    }
+
+    return builder.getRawMany() as Promise<AssetDuplicateResult[]>;
   }
 
   @GenerateSql({
diff --git a/server/src/services/duplicate.service.spec.ts b/server/src/services/duplicate.service.spec.ts
index 4560d9024c..79374ea7ae 100644
--- a/server/src/services/duplicate.service.spec.ts
+++ b/server/src/services/duplicate.service.spec.ts
@@ -215,6 +215,7 @@ describe(SearchService.name, () => {
         assetId: assetStub.hasEmbedding.id,
         embedding: assetStub.hasEmbedding.smartSearch!.embedding,
         maxDistance: 0.03,
+        type: assetStub.hasEmbedding.type,
         userIds: [assetStub.hasEmbedding.ownerId],
       });
       expect(assetMock.updateDuplicates).toHaveBeenCalledWith({
@@ -240,6 +241,7 @@ describe(SearchService.name, () => {
         assetId: assetStub.hasEmbedding.id,
         embedding: assetStub.hasEmbedding.smartSearch!.embedding,
         maxDistance: 0.03,
+        type: assetStub.hasEmbedding.type,
         userIds: [assetStub.hasEmbedding.ownerId],
       });
       expect(assetMock.updateDuplicates).toHaveBeenCalledWith({
diff --git a/server/src/services/duplicate.service.ts b/server/src/services/duplicate.service.ts
index 95a12bd18e..6313ffa21f 100644
--- a/server/src/services/duplicate.service.ts
+++ b/server/src/services/duplicate.service.ts
@@ -94,6 +94,7 @@ export class DuplicateService {
       assetId: asset.id,
       embedding: asset.smartSearch.embedding,
       maxDistance: machineLearning.duplicateDetection.maxDistance,
+      type: asset.type,
       userIds: [asset.ownerId],
     });
 

From 75830a4878561046f07314dff6043cfa82b6cdfb Mon Sep 17 00:00:00 2001
From: Jason Rasmussen <jrasm91@gmail.com>
Date: Sun, 26 May 2024 18:15:52 -0400
Subject: [PATCH 04/14] refactor(server): user endpoints (#9730)

* refactor(server): user endpoints

* fix repos

* fix unit tests

---------

Co-authored-by: Daniel Dietzler <mail@ddietzler.dev>
Co-authored-by: Alex <alex.tran1502@gmail.com>
---
 cli/src/commands/auth.ts                      |   6 +-
 cli/src/commands/server-info.ts               |   4 +-
 cli/src/utils.ts                              |   4 +-
 e2e/src/api/specs/album.e2e-spec.ts           |   4 +-
 e2e/src/api/specs/asset.e2e-spec.ts           |   4 +-
 e2e/src/api/specs/shared-link.e2e-spec.ts     |   4 +-
 e2e/src/api/specs/user-admin.e2e-spec.ts      | 317 ++++++++
 e2e/src/api/specs/user.e2e-spec.ts            | 315 +++-----
 e2e/src/utils.ts                              |   8 +-
 mobile/lib/entities/user.entity.dart          |  14 +-
 .../providers/authentication.provider.dart    |  10 +-
 mobile/lib/providers/user.provider.dart       |   2 +-
 .../lib/routing/tab_navigation_observer.dart  |   2 +-
 mobile/lib/services/user.service.dart         |   8 +-
 mobile/openapi/README.md                      |  26 +-
 mobile/openapi/lib/api.dart                   |   9 +-
 .../openapi/lib/api/authentication_api.dart   |   8 +-
 mobile/openapi/lib/api/o_auth_api.dart        |   8 +-
 mobile/openapi/lib/api/user_api.dart          | 332 +++++---
 mobile/openapi/lib/api_client.dart            |  18 +-
 .../lib/model/activity_response_dto.dart      |   4 +-
 .../lib/model/partner_response_dto.dart       | 119 +--
 ...er_dto.dart => user_admin_create_dto.dart} |  36 +-
 ...er_dto.dart => user_admin_delete_dto.dart} |  36 +-
 .../lib/model/user_admin_response_dto.dart    | 243 ++++++
 ...er_dto.dart => user_admin_update_dto.dart} |  67 +-
 mobile/openapi/lib/model/user_dto.dart        | 130 ---
 .../openapi/lib/model/user_response_dto.dart  | 119 +--
 .../openapi/lib/model/user_update_me_dto.dart | 175 +++++
 open-api/immich-openapi-specs.json            | 738 ++++++++++--------
 open-api/typescript-sdk/README.md             |   9 +
 open-api/typescript-sdk/src/fetch-client.ts   | 221 +++---
 .../commands/reset-admin-password.command.ts  |   4 +-
 server/src/controllers/auth.controller.ts     |   8 +-
 server/src/controllers/index.ts               |   2 +
 server/src/controllers/oauth.controller.ts    |   6 +-
 .../src/controllers/user-admin.controller.ts  |  63 ++
 server/src/controllers/user.controller.ts     |  60 +-
 server/src/cores/user.core.ts                 |  43 +-
 server/src/dtos/activity.dto.ts               |   6 +-
 server/src/dtos/user.dto.spec.ts              |  29 +-
 server/src/dtos/user.dto.ts                   | 112 +--
 server/src/queries/api.key.repository.sql     |   6 +-
 server/src/queries/session.repository.sql     |   6 +-
 server/src/repositories/api-key.repository.ts |   4 +-
 server/src/repositories/session.repository.ts |   9 +-
 server/src/services/auth.service.spec.ts      |   1 +
 server/src/services/auth.service.ts           |  27 +-
 server/src/services/cli.service.ts            |  17 +-
 server/src/services/index.ts                  |   2 +
 server/src/services/partner.service.spec.ts   |  47 +-
 server/src/services/partner.service.ts        |   8 +-
 .../src/services/user-admin.service.spec.ts   | 197 +++++
 server/src/services/user-admin.service.ts     | 154 ++++
 server/src/services/user.service.spec.ts      | 264 +------
 server/src/services/user.service.ts           | 111 +--
 server/src/validation.ts                      |   2 +-
 .../admin-page/delete-confirm-dialogue.svelte |   6 +-
 .../admin-page/restore-dialogue.svelte        |   4 +-
 .../album-page/share-info-modal.svelte        |   4 +-
 .../album-page/user-selection-modal.svelte    |   8 +-
 .../forms/change-password-form.svelte         |  11 +-
 .../components/forms/create-user-form.svelte  |   6 +-
 .../components/forms/edit-user-form.svelte    |  20 +-
 .../forms/library-user-picker-form.svelte     |   4 +-
 .../navigation-bar/account-info-panel.svelte  |   7 +-
 .../memories-settings.svelte                  |  13 +-
 .../user-settings-page/oauth-settings.svelte  |   4 +-
 .../partner-selection-modal.svelte            |   9 +-
 .../user-profile-settings.svelte              |  17 +-
 web/src/lib/stores/user.store.ts              |   6 +-
 web/src/lib/utils.ts                          |   3 +-
 web/src/lib/utils/auth.ts                     |   4 +-
 .../[[photos=photos]]/[[assetId=id]]/+page.ts |   4 +-
 .../admin/library-management/+page.svelte     |   4 +-
 .../routes/admin/library-management/+page.ts  |   4 +-
 .../routes/admin/user-management/+page.svelte |  22 +-
 web/src/routes/admin/user-management/+page.ts |   4 +-
 .../routes/auth/change-password/+page.svelte  |   2 +-
 web/src/test-data/factories/user-factory.ts   |  13 +-
 80 files changed, 2453 insertions(+), 1914 deletions(-)
 create mode 100644 e2e/src/api/specs/user-admin.e2e-spec.ts
 rename mobile/openapi/lib/model/{create_user_dto.dart => user_admin_create_dto.dart} (80%)
 rename mobile/openapi/lib/model/{delete_user_dto.dart => user_admin_delete_dto.dart} (67%)
 create mode 100644 mobile/openapi/lib/model/user_admin_response_dto.dart
 rename mobile/openapi/lib/model/{update_user_dto.dart => user_admin_update_dto.dart} (73%)
 delete mode 100644 mobile/openapi/lib/model/user_dto.dart
 create mode 100644 mobile/openapi/lib/model/user_update_me_dto.dart
 create mode 100644 server/src/controllers/user-admin.controller.ts
 create mode 100644 server/src/services/user-admin.service.spec.ts
 create mode 100644 server/src/services/user-admin.service.ts

diff --git a/cli/src/commands/auth.ts b/cli/src/commands/auth.ts
index 6675201a7b..f0011c6a24 100644
--- a/cli/src/commands/auth.ts
+++ b/cli/src/commands/auth.ts
@@ -1,4 +1,4 @@
-import { getMyUserInfo } from '@immich/sdk';
+import { getMyUser } from '@immich/sdk';
 import { existsSync } from 'node:fs';
 import { mkdir, unlink } from 'node:fs/promises';
 import { BaseOptions, connect, getAuthFilePath, logError, withError, writeAuthFile } from 'src/utils';
@@ -10,13 +10,13 @@ export const login = async (url: string, key: string, options: BaseOptions) => {
 
   await connect(url, key);
 
-  const [error, userInfo] = await withError(getMyUserInfo());
+  const [error, user] = await withError(getMyUser());
   if (error) {
     logError(error, 'Failed to load user info');
     process.exit(1);
   }
 
-  console.log(`Logged in as ${userInfo.email}`);
+  console.log(`Logged in as ${user.email}`);
 
   if (!existsSync(configDir)) {
     // Create config folder if it doesn't exist
diff --git a/cli/src/commands/server-info.ts b/cli/src/commands/server-info.ts
index 074513bd61..bea49231c9 100644
--- a/cli/src/commands/server-info.ts
+++ b/cli/src/commands/server-info.ts
@@ -1,4 +1,4 @@
-import { getAssetStatistics, getMyUserInfo, getServerVersion, getSupportedMediaTypes } from '@immich/sdk';
+import { getAssetStatistics, getMyUser, getServerVersion, getSupportedMediaTypes } from '@immich/sdk';
 import { BaseOptions, authenticate } from 'src/utils';
 
 export const serverInfo = async (options: BaseOptions) => {
@@ -8,7 +8,7 @@ export const serverInfo = async (options: BaseOptions) => {
     getServerVersion(),
     getSupportedMediaTypes(),
     getAssetStatistics({}),
-    getMyUserInfo(),
+    getMyUser(),
   ]);
 
   console.log(`Server Info (via ${userInfo.email})`);
diff --git a/cli/src/utils.ts b/cli/src/utils.ts
index 3b239bacc4..4919a2b3ca 100644
--- a/cli/src/utils.ts
+++ b/cli/src/utils.ts
@@ -1,4 +1,4 @@
-import { getMyUserInfo, init, isHttpError } from '@immich/sdk';
+import { getMyUser, init, isHttpError } from '@immich/sdk';
 import { glob } from 'fast-glob';
 import { createHash } from 'node:crypto';
 import { createReadStream } from 'node:fs';
@@ -48,7 +48,7 @@ export const connect = async (url: string, key: string) => {
 
   init({ baseUrl: url, apiKey: key });
 
-  const [error] = await withError(getMyUserInfo());
+  const [error] = await withError(getMyUser());
   if (isHttpError(error)) {
     logError(error, 'Failed to connect to server');
     process.exit(1);
diff --git a/e2e/src/api/specs/album.e2e-spec.ts b/e2e/src/api/specs/album.e2e-spec.ts
index 4a231dbf9b..319cc4033d 100644
--- a/e2e/src/api/specs/album.e2e-spec.ts
+++ b/e2e/src/api/specs/album.e2e-spec.ts
@@ -4,7 +4,7 @@ import {
   AlbumUserRole,
   AssetFileUploadResponseDto,
   AssetOrder,
-  deleteUser,
+  deleteUserAdmin,
   getAlbumInfo,
   LoginResponseDto,
   SharedLinkType,
@@ -107,7 +107,7 @@ describe('/albums', () => {
       }),
     ]);
 
-    await deleteUser({ id: user3.userId, deleteUserDto: {} }, { headers: asBearerAuth(admin.accessToken) });
+    await deleteUserAdmin({ id: user3.userId, userAdminDeleteDto: {} }, { headers: asBearerAuth(admin.accessToken) });
   });
 
   describe('GET /albums', () => {
diff --git a/e2e/src/api/specs/asset.e2e-spec.ts b/e2e/src/api/specs/asset.e2e-spec.ts
index 98dca464bc..caf032e130 100644
--- a/e2e/src/api/specs/asset.e2e-spec.ts
+++ b/e2e/src/api/specs/asset.e2e-spec.ts
@@ -5,7 +5,7 @@ import {
   LoginResponseDto,
   SharedLinkType,
   getAssetInfo,
-  getMyUserInfo,
+  getMyUser,
   updateAssets,
 } from '@immich/sdk';
 import { exiftool } from 'exiftool-vendored';
@@ -1162,7 +1162,7 @@ describe('/asset', () => {
       expect(body).toEqual({ id: expect.any(String), duplicate: false });
       expect(status).toBe(201);
 
-      const user = await getMyUserInfo({ headers: asBearerAuth(quotaUser.accessToken) });
+      const user = await getMyUser({ headers: asBearerAuth(quotaUser.accessToken) });
 
       expect(user).toEqual(expect.objectContaining({ quotaUsageInBytes: 70 }));
     });
diff --git a/e2e/src/api/specs/shared-link.e2e-spec.ts b/e2e/src/api/specs/shared-link.e2e-spec.ts
index aa4ec7e349..0d76fb6efe 100644
--- a/e2e/src/api/specs/shared-link.e2e-spec.ts
+++ b/e2e/src/api/specs/shared-link.e2e-spec.ts
@@ -5,7 +5,7 @@ import {
   SharedLinkResponseDto,
   SharedLinkType,
   createAlbum,
-  deleteUser,
+  deleteUserAdmin,
 } from '@immich/sdk';
 import { createUserDto, uuidDto } from 'src/fixtures';
 import { errorDto } from 'src/responses';
@@ -86,7 +86,7 @@ describe('/shared-links', () => {
         }),
       ]);
 
-    await deleteUser({ id: user2.userId, deleteUserDto: {} }, { headers: asBearerAuth(admin.accessToken) });
+    await deleteUserAdmin({ id: user2.userId, userAdminDeleteDto: {} }, { headers: asBearerAuth(admin.accessToken) });
   });
 
   describe('GET /share/${key}', () => {
diff --git a/e2e/src/api/specs/user-admin.e2e-spec.ts b/e2e/src/api/specs/user-admin.e2e-spec.ts
new file mode 100644
index 0000000000..ac2b3e693a
--- /dev/null
+++ b/e2e/src/api/specs/user-admin.e2e-spec.ts
@@ -0,0 +1,317 @@
+import { LoginResponseDto, deleteUserAdmin, getMyUser, getUserAdmin, login } from '@immich/sdk';
+import { Socket } from 'socket.io-client';
+import { createUserDto, uuidDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { app, asBearerAuth, utils } from 'src/utils';
+import request from 'supertest';
+import { afterAll, beforeAll, describe, expect, it } from 'vitest';
+
+describe('/admin/users', () => {
+  let websocket: Socket;
+
+  let admin: LoginResponseDto;
+  let nonAdmin: LoginResponseDto;
+  let deletedUser: LoginResponseDto;
+  let userToDelete: LoginResponseDto;
+  let userToHardDelete: LoginResponseDto;
+
+  beforeAll(async () => {
+    await utils.resetDatabase();
+    admin = await utils.adminSetup({ onboarding: false });
+
+    [websocket, nonAdmin, deletedUser, userToDelete, userToHardDelete] = await Promise.all([
+      utils.connectWebsocket(admin.accessToken),
+      utils.userSetup(admin.accessToken, createUserDto.user1),
+      utils.userSetup(admin.accessToken, createUserDto.user2),
+      utils.userSetup(admin.accessToken, createUserDto.user3),
+      utils.userSetup(admin.accessToken, createUserDto.user4),
+    ]);
+
+    await deleteUserAdmin(
+      { id: deletedUser.userId, userAdminDeleteDto: {} },
+      { headers: asBearerAuth(admin.accessToken) },
+    );
+  });
+
+  afterAll(() => {
+    utils.disconnectWebsocket(websocket);
+  });
+
+  describe('GET /admin/users', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get(`/admin/users`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const { status, body } = await request(app)
+        .get(`/admin/users`)
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+
+    it('should hide deleted users by default', async () => {
+      const { status, body } = await request(app)
+        .get(`/admin/users`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toHaveLength(4);
+      expect(body).toEqual(
+        expect.arrayContaining([
+          expect.objectContaining({ email: admin.userEmail }),
+          expect.objectContaining({ email: nonAdmin.userEmail }),
+          expect.objectContaining({ email: userToDelete.userEmail }),
+          expect.objectContaining({ email: userToHardDelete.userEmail }),
+        ]),
+      );
+    });
+
+    it('should include deleted users', async () => {
+      const { status, body } = await request(app)
+        .get(`/admin/users?withDeleted=true`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toHaveLength(5);
+      expect(body).toEqual(
+        expect.arrayContaining([
+          expect.objectContaining({ email: admin.userEmail }),
+          expect.objectContaining({ email: nonAdmin.userEmail }),
+          expect.objectContaining({ email: userToDelete.userEmail }),
+          expect.objectContaining({ email: userToHardDelete.userEmail }),
+          expect.objectContaining({ email: deletedUser.userEmail }),
+        ]),
+      );
+    });
+  });
+
+  describe('POST /admin/users', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post(`/admin/users`).send(createUserDto.user1);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const { status, body } = await request(app)
+        .post(`/admin/users`)
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`)
+        .send(createUserDto.user1);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+
+    for (const key of [
+      'password',
+      'email',
+      'name',
+      'quotaSizeInBytes',
+      'shouldChangePassword',
+      'memoriesEnabled',
+      'notify',
+    ]) {
+      it(`should not allow null ${key}`, async () => {
+        const { status, body } = await request(app)
+          .post(`/admin/users`)
+          .set('Authorization', `Bearer ${admin.accessToken}`)
+          .send({ ...createUserDto.user1, [key]: null });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest());
+      });
+    }
+
+    it('should ignore `isAdmin`', async () => {
+      const { status, body } = await request(app)
+        .post(`/admin/users`)
+        .send({
+          isAdmin: true,
+          email: 'user5@immich.cloud',
+          password: 'password123',
+          name: 'Immich',
+        })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toMatchObject({
+        email: 'user5@immich.cloud',
+        isAdmin: false,
+        shouldChangePassword: true,
+      });
+      expect(status).toBe(201);
+    });
+
+    it('should create a user without memories enabled', async () => {
+      const { status, body } = await request(app)
+        .post(`/admin/users`)
+        .send({
+          email: 'no-memories@immich.cloud',
+          password: 'Password123',
+          name: 'No Memories',
+          memoriesEnabled: false,
+        })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toMatchObject({
+        email: 'no-memories@immich.cloud',
+        memoriesEnabled: false,
+      });
+      expect(status).toBe(201);
+    });
+  });
+
+  describe('PUT /admin/users/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).put(`/admin/users/${uuidDto.notFound}`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const { status, body } = await request(app)
+        .put(`/admin/users/${uuidDto.notFound}`)
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+
+    for (const key of ['password', 'email', 'name', 'shouldChangePassword', 'memoriesEnabled']) {
+      it(`should not allow null ${key}`, async () => {
+        const { status, body } = await request(app)
+          .put(`/admin/users/${uuidDto.notFound}`)
+          .set('Authorization', `Bearer ${admin.accessToken}`)
+          .send({ [key]: null });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest());
+      });
+    }
+
+    it('should not allow a non-admin to become an admin', async () => {
+      const { status, body } = await request(app)
+        .put(`/admin/users/${nonAdmin.userId}`)
+        .send({ isAdmin: true })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ isAdmin: false });
+    });
+
+    it('ignores updates to profileImagePath', async () => {
+      const { status, body } = await request(app)
+        .put(`/admin/users/${admin.userId}`)
+        .send({ profileImagePath: 'invalid.jpg' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ id: admin.userId, profileImagePath: '' });
+    });
+
+    it('should update first and last name', async () => {
+      const before = await getUserAdmin({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
+
+      const { status, body } = await request(app)
+        .put(`/admin/users/${admin.userId}`)
+        .send({ name: 'Name' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...before,
+        updatedAt: expect.any(String),
+        name: 'Name',
+      });
+      expect(before.updatedAt).not.toEqual(body.updatedAt);
+    });
+
+    it('should update memories enabled', async () => {
+      const before = await getUserAdmin({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
+      const { status, body } = await request(app)
+        .put(`/admin/users/${admin.userId}`)
+        .send({ memoriesEnabled: false })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        ...before,
+        updatedAt: expect.anything(),
+        memoriesEnabled: false,
+      });
+      expect(before.updatedAt).not.toEqual(body.updatedAt);
+    });
+
+    it('should update password', async () => {
+      const { status, body } = await request(app)
+        .put(`/admin/users/${nonAdmin.userId}`)
+        .send({ password: 'super-secret' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ email: nonAdmin.userEmail });
+
+      const token = await login({ loginCredentialDto: { email: nonAdmin.userEmail, password: 'super-secret' } });
+      expect(token.accessToken).toBeDefined();
+
+      const user = await getMyUser({ headers: asBearerAuth(token.accessToken) });
+      expect(user).toMatchObject({ email: nonAdmin.userEmail });
+    });
+  });
+
+  describe('DELETE /admin/users/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).delete(`/admin/users/${userToDelete.userId}`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const { status, body } = await request(app)
+        .delete(`/admin/users/${userToDelete.userId}`)
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+
+    it('should delete user', async () => {
+      const { status, body } = await request(app)
+        .delete(`/admin/users/${userToDelete.userId}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        id: userToDelete.userId,
+        updatedAt: expect.any(String),
+        deletedAt: expect.any(String),
+      });
+    });
+
+    it('should hard delete a user', async () => {
+      const { status, body } = await request(app)
+        .delete(`/admin/users/${userToHardDelete.userId}`)
+        .send({ force: true })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        id: userToHardDelete.userId,
+        updatedAt: expect.any(String),
+        deletedAt: expect.any(String),
+      });
+
+      await utils.waitForWebsocketEvent({ event: 'userDelete', id: userToHardDelete.userId, timeout: 5000 });
+    });
+  });
+
+  describe('POST /admin/users/:id/restore', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post(`/admin/users/${userToDelete.userId}/restore`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const { status, body } = await request(app)
+        .post(`/admin/users/${userToDelete.userId}/restore`)
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+  });
+});
diff --git a/e2e/src/api/specs/user.e2e-spec.ts b/e2e/src/api/specs/user.e2e-spec.ts
index 08b2d34ef6..0cc08479d3 100644
--- a/e2e/src/api/specs/user.e2e-spec.ts
+++ b/e2e/src/api/specs/user.e2e-spec.ts
@@ -1,37 +1,28 @@
-import { LoginResponseDto, deleteUser, getUserById } from '@immich/sdk';
-import { Socket } from 'socket.io-client';
-import { createUserDto, userDto } from 'src/fixtures';
+import { LoginResponseDto, SharedLinkType, deleteUserAdmin, getMyUser, login } from '@immich/sdk';
+import { createUserDto } from 'src/fixtures';
 import { errorDto } from 'src/responses';
 import { app, asBearerAuth, utils } from 'src/utils';
 import request from 'supertest';
-import { afterAll, beforeAll, describe, expect, it } from 'vitest';
+import { beforeAll, describe, expect, it } from 'vitest';
 
 describe('/users', () => {
-  let websocket: Socket;
-
   let admin: LoginResponseDto;
   let deletedUser: LoginResponseDto;
-  let userToDelete: LoginResponseDto;
-  let userToHardDelete: LoginResponseDto;
   let nonAdmin: LoginResponseDto;
 
   beforeAll(async () => {
     await utils.resetDatabase();
     admin = await utils.adminSetup({ onboarding: false });
 
-    [websocket, deletedUser, nonAdmin, userToDelete, userToHardDelete] = await Promise.all([
-      utils.connectWebsocket(admin.accessToken),
+    [deletedUser, nonAdmin] = await Promise.all([
       utils.userSetup(admin.accessToken, createUserDto.user1),
       utils.userSetup(admin.accessToken, createUserDto.user2),
-      utils.userSetup(admin.accessToken, createUserDto.user3),
-      utils.userSetup(admin.accessToken, createUserDto.user4),
     ]);
 
-    await deleteUser({ id: deletedUser.userId, deleteUserDto: {} }, { headers: asBearerAuth(admin.accessToken) });
-  });
-
-  afterAll(() => {
-    utils.disconnectWebsocket(websocket);
+    await deleteUserAdmin(
+      { id: deletedUser.userId, userAdminDeleteDto: {} },
+      { headers: asBearerAuth(admin.accessToken) },
+    );
   });
 
   describe('GET /users', () => {
@@ -44,71 +35,14 @@ describe('/users', () => {
     it('should get users', async () => {
       const { status, body } = await request(app).get('/users').set('Authorization', `Bearer ${admin.accessToken}`);
       expect(status).toEqual(200);
-      expect(body).toHaveLength(5);
-      expect(body).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ email: 'admin@immich.cloud' }),
-          expect.objectContaining({ email: 'user1@immich.cloud' }),
-          expect.objectContaining({ email: 'user2@immich.cloud' }),
-          expect.objectContaining({ email: 'user3@immich.cloud' }),
-          expect.objectContaining({ email: 'user4@immich.cloud' }),
-        ]),
-      );
-    });
-
-    it('should hide deleted users', async () => {
-      const { status, body } = await request(app)
-        .get(`/users`)
-        .query({ isAll: true })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(status).toBe(200);
-      expect(body).toHaveLength(4);
+      expect(body).toHaveLength(2);
       expect(body).toEqual(
         expect.arrayContaining([
           expect.objectContaining({ email: 'admin@immich.cloud' }),
           expect.objectContaining({ email: 'user2@immich.cloud' }),
-          expect.objectContaining({ email: 'user3@immich.cloud' }),
-          expect.objectContaining({ email: 'user4@immich.cloud' }),
         ]),
       );
     });
-
-    it('should include deleted users', async () => {
-      const { status, body } = await request(app)
-        .get(`/users`)
-        .query({ isAll: false })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toHaveLength(5);
-      expect(body).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ email: 'admin@immich.cloud' }),
-          expect.objectContaining({ email: 'user1@immich.cloud' }),
-          expect.objectContaining({ email: 'user2@immich.cloud' }),
-          expect.objectContaining({ email: 'user3@immich.cloud' }),
-          expect.objectContaining({ email: 'user4@immich.cloud' }),
-        ]),
-      );
-    });
-  });
-
-  describe('GET /users/:id', () => {
-    it('should require authentication', async () => {
-      const { status } = await request(app).get(`/users/${admin.userId}`);
-      expect(status).toEqual(401);
-    });
-
-    it('should get the user info', async () => {
-      const { status, body } = await request(app)
-        .get(`/users/${admin.userId}`)
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(status).toBe(200);
-      expect(body).toMatchObject({
-        id: admin.userId,
-        email: 'admin@immich.cloud',
-      });
-    });
   });
 
   describe('GET /users/me', () => {
@@ -118,154 +52,54 @@ describe('/users', () => {
       expect(body).toEqual(errorDto.unauthorized);
     });
 
-    it('should get my info', async () => {
+    it('should not work for shared links', async () => {
+      const album = await utils.createAlbum(admin.accessToken, { albumName: 'Album' });
+      const sharedLink = await utils.createSharedLink(admin.accessToken, {
+        type: SharedLinkType.Album,
+        albumId: album.id,
+      });
+      const { status, body } = await request(app).get(`/users/me?key=${sharedLink.key}`);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+
+    it('should get my user', async () => {
       const { status, body } = await request(app).get(`/users/me`).set('Authorization', `Bearer ${admin.accessToken}`);
       expect(status).toBe(200);
       expect(body).toMatchObject({
         id: admin.userId,
         email: 'admin@immich.cloud',
+        memoriesEnabled: true,
+        quotaUsageInBytes: 0,
       });
     });
   });
 
-  describe('POST /users', () => {
+  describe('PUT /users/me', () => {
     it('should require authentication', async () => {
-      const { status, body } = await request(app).post(`/users`).send(createUserDto.user1);
+      const { status, body } = await request(app).put(`/users/me`);
       expect(status).toBe(401);
       expect(body).toEqual(errorDto.unauthorized);
     });
 
-    for (const key of Object.keys(createUserDto.user1)) {
+    for (const key of ['email', 'name', 'memoriesEnabled', 'avatarColor']) {
       it(`should not allow null ${key}`, async () => {
+        const dto = { [key]: null };
         const { status, body } = await request(app)
-          .post(`/users`)
+          .put(`/users/me`)
           .set('Authorization', `Bearer ${admin.accessToken}`)
-          .send({ ...createUserDto.user1, [key]: null });
+          .send(dto);
         expect(status).toBe(400);
         expect(body).toEqual(errorDto.badRequest());
       });
     }
 
-    it('should ignore `isAdmin`', async () => {
-      const { status, body } = await request(app)
-        .post(`/users`)
-        .send({
-          isAdmin: true,
-          email: 'user5@immich.cloud',
-          password: 'password123',
-          name: 'Immich',
-        })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(body).toMatchObject({
-        email: 'user5@immich.cloud',
-        isAdmin: false,
-        shouldChangePassword: true,
-      });
-      expect(status).toBe(201);
-    });
-
-    it('should create a user without memories enabled', async () => {
-      const { status, body } = await request(app)
-        .post(`/users`)
-        .send({
-          email: 'no-memories@immich.cloud',
-          password: 'Password123',
-          name: 'No Memories',
-          memoriesEnabled: false,
-        })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(body).toMatchObject({
-        email: 'no-memories@immich.cloud',
-        memoriesEnabled: false,
-      });
-      expect(status).toBe(201);
-    });
-  });
-
-  describe('DELETE /users/:id', () => {
-    it('should require authentication', async () => {
-      const { status, body } = await request(app).delete(`/users/${userToDelete.userId}`);
-      expect(status).toBe(401);
-      expect(body).toEqual(errorDto.unauthorized);
-    });
-
-    it('should delete user', async () => {
-      const { status, body } = await request(app)
-        .delete(`/users/${userToDelete.userId}`)
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toMatchObject({
-        id: userToDelete.userId,
-        updatedAt: expect.any(String),
-        deletedAt: expect.any(String),
-      });
-    });
-
-    it('should hard delete user', async () => {
-      const { status, body } = await request(app)
-        .delete(`/users/${userToHardDelete.userId}`)
-        .send({ force: true })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toMatchObject({
-        id: userToHardDelete.userId,
-        updatedAt: expect.any(String),
-        deletedAt: expect.any(String),
-      });
-
-      await utils.waitForWebsocketEvent({ event: 'userDelete', id: userToHardDelete.userId, timeout: 5000 });
-    });
-  });
-
-  describe('PUT /users', () => {
-    it('should require authentication', async () => {
-      const { status, body } = await request(app).put(`/users`);
-      expect(status).toBe(401);
-      expect(body).toEqual(errorDto.unauthorized);
-    });
-
-    for (const key of Object.keys(userDto.admin)) {
-      it(`should not allow null ${key}`, async () => {
-        const { status, body } = await request(app)
-          .put(`/users`)
-          .set('Authorization', `Bearer ${admin.accessToken}`)
-          .send({ ...userDto.admin, [key]: null });
-        expect(status).toBe(400);
-        expect(body).toEqual(errorDto.badRequest());
-      });
-    }
-
-    it('should not allow a non-admin to become an admin', async () => {
-      const { status, body } = await request(app)
-        .put(`/users`)
-        .send({ isAdmin: true, id: nonAdmin.userId })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.alreadyHasAdmin);
-    });
-
-    it('ignores updates to profileImagePath', async () => {
-      const { status, body } = await request(app)
-        .put(`/users`)
-        .send({ id: admin.userId, profileImagePath: 'invalid.jpg' })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toMatchObject({ id: admin.userId, profileImagePath: '' });
-    });
-
     it('should update first and last name', async () => {
-      const before = await getUserById({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
+      const before = await getMyUser({ headers: asBearerAuth(admin.accessToken) });
 
       const { status, body } = await request(app)
-        .put(`/users`)
-        .send({
-          id: admin.userId,
-          name: 'Name',
-        })
+        .put(`/users/me`)
+        .send({ name: 'Name' })
         .set('Authorization', `Bearer ${admin.accessToken}`);
 
       expect(status).toBe(200);
@@ -274,17 +108,13 @@ describe('/users', () => {
         updatedAt: expect.any(String),
         name: 'Name',
       });
-      expect(before.updatedAt).not.toEqual(body.updatedAt);
     });
 
     it('should update memories enabled', async () => {
-      const before = await getUserById({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
+      const before = await getMyUser({ headers: asBearerAuth(admin.accessToken) });
       const { status, body } = await request(app)
-        .put(`/users`)
-        .send({
-          id: admin.userId,
-          memoriesEnabled: false,
-        })
+        .put(`/users/me`)
+        .send({ memoriesEnabled: false })
         .set('Authorization', `Bearer ${admin.accessToken}`);
 
       expect(status).toBe(200);
@@ -293,7 +123,80 @@ describe('/users', () => {
         updatedAt: expect.anything(),
         memoriesEnabled: false,
       });
-      expect(before.updatedAt).not.toEqual(body.updatedAt);
+
+      const after = await getMyUser({ headers: asBearerAuth(admin.accessToken) });
+      expect(after.memoriesEnabled).toBe(false);
+    });
+
+    /** @deprecated */
+    it('should allow a user to change their password (deprecated)', async () => {
+      const user = await getMyUser({ headers: asBearerAuth(nonAdmin.accessToken) });
+
+      expect(user.shouldChangePassword).toBe(true);
+
+      const { status, body } = await request(app)
+        .put(`/users/me`)
+        .send({ password: 'super-secret' })
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        email: nonAdmin.userEmail,
+        shouldChangePassword: false,
+      });
+
+      const token = await login({ loginCredentialDto: { email: nonAdmin.userEmail, password: 'super-secret' } });
+
+      expect(token.accessToken).toBeDefined();
+    });
+
+    it('should not allow user to change to a taken email', async () => {
+      const { status, body } = await request(app)
+        .put(`/users/me`)
+        .send({ email: 'admin@immich.cloud' })
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+
+      expect(status).toBe(400);
+      expect(body).toMatchObject(errorDto.badRequest('Email already in use by another account'));
+    });
+
+    it('should update my email', async () => {
+      const before = await getMyUser({ headers: asBearerAuth(nonAdmin.accessToken) });
+      const { status, body } = await request(app)
+        .put(`/users/me`)
+        .send({ email: 'non-admin@immich.cloud' })
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        ...before,
+        email: 'non-admin@immich.cloud',
+        updatedAt: expect.anything(),
+      });
+    });
+  });
+
+  describe('GET /users/:id', () => {
+    it('should require authentication', async () => {
+      const { status } = await request(app).get(`/users/${admin.userId}`);
+      expect(status).toEqual(401);
+    });
+
+    it('should get the user', async () => {
+      const { status, body } = await request(app)
+        .get(`/users/${admin.userId}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        id: admin.userId,
+        email: 'admin@immich.cloud',
+      });
+
+      expect(body).not.toMatchObject({
+        shouldChangePassword: expect.anything(),
+        memoriesEnabled: expect.anything(),
+        storageLabel: expect.anything(),
+      });
     });
   });
 });
diff --git a/e2e/src/utils.ts b/e2e/src/utils.ts
index 1454135c12..f9bc7a4445 100644
--- a/e2e/src/utils.ts
+++ b/e2e/src/utils.ts
@@ -5,10 +5,10 @@ import {
   CreateAlbumDto,
   CreateAssetDto,
   CreateLibraryDto,
-  CreateUserDto,
   MetadataSearchDto,
   PersonCreateDto,
   SharedLinkCreateDto,
+  UserAdminCreateDto,
   ValidateLibraryDto,
   createAlbum,
   createApiKey,
@@ -16,7 +16,7 @@ import {
   createPartner,
   createPerson,
   createSharedLink,
-  createUser,
+  createUserAdmin,
   deleteAssets,
   getAllJobsStatus,
   getAssetInfo,
@@ -273,8 +273,8 @@ export const utils = {
     return response;
   },
 
-  userSetup: async (accessToken: string, dto: CreateUserDto) => {
-    await createUser({ createUserDto: dto }, { headers: asBearerAuth(accessToken) });
+  userSetup: async (accessToken: string, dto: UserAdminCreateDto) => {
+    await createUserAdmin({ userAdminCreateDto: dto }, { headers: asBearerAuth(accessToken) });
     return login({
       loginCredentialDto: { email: dto.email, password: dto.password },
     });
diff --git a/mobile/lib/entities/user.entity.dart b/mobile/lib/entities/user.entity.dart
index d02be2f30a..b6adcf5d87 100644
--- a/mobile/lib/entities/user.entity.dart
+++ b/mobile/lib/entities/user.entity.dart
@@ -27,7 +27,7 @@ class User {
 
   Id get isarId => fastHash(id);
 
-  User.fromUserDto(UserResponseDto dto)
+  User.fromUserDto(UserAdminResponseDto dto)
       : id = dto.id,
         updatedAt = dto.updatedAt,
         email = dto.email,
@@ -44,21 +44,21 @@ class User {
 
   User.fromPartnerDto(PartnerResponseDto dto)
       : id = dto.id,
-        updatedAt = dto.updatedAt,
+        updatedAt = DateTime.now(),
         email = dto.email,
         name = dto.name,
         isPartnerSharedBy = false,
         isPartnerSharedWith = false,
         profileImagePath = dto.profileImagePath,
-        isAdmin = dto.isAdmin,
-        memoryEnabled = dto.memoriesEnabled ?? false,
+        isAdmin = false,
+        memoryEnabled = false,
         avatarColor = dto.avatarColor.toAvatarColor(),
         inTimeline = dto.inTimeline ?? false,
-        quotaUsageInBytes = dto.quotaUsageInBytes ?? 0,
-        quotaSizeInBytes = dto.quotaSizeInBytes ?? 0;
+        quotaUsageInBytes = 0,
+        quotaSizeInBytes = 0;
 
   /// Base user dto used where the complete user object is not required
-  User.fromSimpleUserDto(UserDto dto)
+  User.fromSimpleUserDto(UserResponseDto dto)
       : id = dto.id,
         email = dto.email,
         name = dto.name,
diff --git a/mobile/lib/providers/authentication.provider.dart b/mobile/lib/providers/authentication.provider.dart
index a595d43c86..073ee09db1 100644
--- a/mobile/lib/providers/authentication.provider.dart
+++ b/mobile/lib/providers/authentication.provider.dart
@@ -138,11 +138,9 @@ class AuthenticationNotifier extends StateNotifier<AuthenticationState> {
 
   Future<bool> changePassword(String newPassword) async {
     try {
-      await _apiService.userApi.updateUser(
-        UpdateUserDto(
-          id: state.userId,
+      await _apiService.userApi.updateMyUser(
+        UserUpdateMeDto(
           password: newPassword,
-          shouldChangePassword: false,
         ),
       );
 
@@ -178,9 +176,9 @@ class AuthenticationNotifier extends StateNotifier<AuthenticationState> {
       user = offlineUser;
       retResult = false;
     } else {
-      UserResponseDto? userResponseDto;
+      UserAdminResponseDto? userResponseDto;
       try {
-        userResponseDto = await _apiService.userApi.getMyUserInfo();
+        userResponseDto = await _apiService.userApi.getMyUser();
       } on ApiException catch (error, stackTrace) {
         _log.severe(
           "Error getting user information from the server [API EXCEPTION]",
diff --git a/mobile/lib/providers/user.provider.dart b/mobile/lib/providers/user.provider.dart
index eb2824ec3f..bf052ebbba 100644
--- a/mobile/lib/providers/user.provider.dart
+++ b/mobile/lib/providers/user.provider.dart
@@ -20,7 +20,7 @@ class CurrentUserProvider extends StateNotifier<User?> {
 
   refresh() async {
     try {
-      final user = await _apiService.userApi.getMyUserInfo();
+      final user = await _apiService.userApi.getMyUser();
       if (user != null) {
         Store.put(
           StoreKey.currentUser,
diff --git a/mobile/lib/routing/tab_navigation_observer.dart b/mobile/lib/routing/tab_navigation_observer.dart
index f88adbda91..8825e2ef02 100644
--- a/mobile/lib/routing/tab_navigation_observer.dart
+++ b/mobile/lib/routing/tab_navigation_observer.dart
@@ -57,7 +57,7 @@ class TabNavigationObserver extends AutoRouterObserver {
       // Update user info
       try {
         final userResponseDto =
-            await ref.read(apiServiceProvider).userApi.getMyUserInfo();
+            await ref.read(apiServiceProvider).userApi.getMyUser();
 
         if (userResponseDto == null) {
           return;
diff --git a/mobile/lib/services/user.service.dart b/mobile/lib/services/user.service.dart
index 81100f1624..4e88bab12c 100644
--- a/mobile/lib/services/user.service.dart
+++ b/mobile/lib/services/user.service.dart
@@ -37,10 +37,10 @@ class UserService {
     this._partnerService,
   );
 
-  Future<List<User>?> _getAllUsers({required bool isAll}) async {
+  Future<List<User>?> _getAllUsers() async {
     try {
-      final dto = await _apiService.userApi.getAllUsers(isAll);
-      return dto?.map(User.fromUserDto).toList();
+      final dto = await _apiService.userApi.searchUsers();
+      return dto?.map(User.fromSimpleUserDto).toList();
     } catch (e) {
       _log.warning("Failed get all users", e);
       return null;
@@ -71,7 +71,7 @@ class UserService {
   }
 
   Future<List<User>?> getUsersFromServer() async {
-    final List<User>? users = await _getAllUsers(isAll: true);
+    final List<User>? users = await _getAllUsers();
     final List<User>? sharedBy =
         await _partnerService.getPartners(PartnerDirection.sharedBy);
     final List<User>? sharedWith =
diff --git a/mobile/openapi/README.md b/mobile/openapi/README.md
index dbbbdc2fee..273585c368 100644
--- a/mobile/openapi/README.md
+++ b/mobile/openapi/README.md
@@ -212,15 +212,18 @@ Class | Method | HTTP request | Description
 *TrashApi* | [**restoreAssets**](doc//TrashApi.md#restoreassets) | **POST** /trash/restore/assets | 
 *TrashApi* | [**restoreTrash**](doc//TrashApi.md#restoretrash) | **POST** /trash/restore | 
 *UserApi* | [**createProfileImage**](doc//UserApi.md#createprofileimage) | **POST** /users/profile-image | 
-*UserApi* | [**createUser**](doc//UserApi.md#createuser) | **POST** /users | 
+*UserApi* | [**createUserAdmin**](doc//UserApi.md#createuseradmin) | **POST** /admin/users | 
 *UserApi* | [**deleteProfileImage**](doc//UserApi.md#deleteprofileimage) | **DELETE** /users/profile-image | 
-*UserApi* | [**deleteUser**](doc//UserApi.md#deleteuser) | **DELETE** /users/{id} | 
-*UserApi* | [**getAllUsers**](doc//UserApi.md#getallusers) | **GET** /users | 
-*UserApi* | [**getMyUserInfo**](doc//UserApi.md#getmyuserinfo) | **GET** /users/me | 
+*UserApi* | [**deleteUserAdmin**](doc//UserApi.md#deleteuseradmin) | **DELETE** /admin/users/{id} | 
+*UserApi* | [**getMyUser**](doc//UserApi.md#getmyuser) | **GET** /users/me | 
 *UserApi* | [**getProfileImage**](doc//UserApi.md#getprofileimage) | **GET** /users/{id}/profile-image | 
-*UserApi* | [**getUserById**](doc//UserApi.md#getuserbyid) | **GET** /users/{id} | 
-*UserApi* | [**restoreUser**](doc//UserApi.md#restoreuser) | **POST** /users/{id}/restore | 
-*UserApi* | [**updateUser**](doc//UserApi.md#updateuser) | **PUT** /users | 
+*UserApi* | [**getUser**](doc//UserApi.md#getuser) | **GET** /users/{id} | 
+*UserApi* | [**getUserAdmin**](doc//UserApi.md#getuseradmin) | **GET** /admin/users/{id} | 
+*UserApi* | [**restoreUserAdmin**](doc//UserApi.md#restoreuseradmin) | **POST** /admin/users/{id}/restore | 
+*UserApi* | [**searchUsers**](doc//UserApi.md#searchusers) | **GET** /users | 
+*UserApi* | [**searchUsersAdmin**](doc//UserApi.md#searchusersadmin) | **GET** /admin/users | 
+*UserApi* | [**updateMyUser**](doc//UserApi.md#updatemyuser) | **PUT** /users/me | 
+*UserApi* | [**updateUserAdmin**](doc//UserApi.md#updateuseradmin) | **PUT** /admin/users/{id} | 
 
 
 ## Documentation For Models
@@ -280,8 +283,6 @@ Class | Method | HTTP request | Description
  - [CreateLibraryDto](doc//CreateLibraryDto.md)
  - [CreateProfileImageResponseDto](doc//CreateProfileImageResponseDto.md)
  - [CreateTagDto](doc//CreateTagDto.md)
- - [CreateUserDto](doc//CreateUserDto.md)
- - [DeleteUserDto](doc//DeleteUserDto.md)
  - [DownloadArchiveInfo](doc//DownloadArchiveInfo.md)
  - [DownloadInfoDto](doc//DownloadInfoDto.md)
  - [DownloadResponseDto](doc//DownloadResponseDto.md)
@@ -402,12 +403,15 @@ Class | Method | HTTP request | Description
  - [UpdatePartnerDto](doc//UpdatePartnerDto.md)
  - [UpdateStackParentDto](doc//UpdateStackParentDto.md)
  - [UpdateTagDto](doc//UpdateTagDto.md)
- - [UpdateUserDto](doc//UpdateUserDto.md)
  - [UsageByUserDto](doc//UsageByUserDto.md)
+ - [UserAdminCreateDto](doc//UserAdminCreateDto.md)
+ - [UserAdminDeleteDto](doc//UserAdminDeleteDto.md)
+ - [UserAdminResponseDto](doc//UserAdminResponseDto.md)
+ - [UserAdminUpdateDto](doc//UserAdminUpdateDto.md)
  - [UserAvatarColor](doc//UserAvatarColor.md)
- - [UserDto](doc//UserDto.md)
  - [UserResponseDto](doc//UserResponseDto.md)
  - [UserStatus](doc//UserStatus.md)
+ - [UserUpdateMeDto](doc//UserUpdateMeDto.md)
  - [ValidateAccessTokenResponseDto](doc//ValidateAccessTokenResponseDto.md)
  - [ValidateLibraryDto](doc//ValidateLibraryDto.md)
  - [ValidateLibraryImportPathResponseDto](doc//ValidateLibraryImportPathResponseDto.md)
diff --git a/mobile/openapi/lib/api.dart b/mobile/openapi/lib/api.dart
index 7e71c9db3e..d7223a1ecf 100644
--- a/mobile/openapi/lib/api.dart
+++ b/mobile/openapi/lib/api.dart
@@ -112,8 +112,6 @@ part 'model/create_album_dto.dart';
 part 'model/create_library_dto.dart';
 part 'model/create_profile_image_response_dto.dart';
 part 'model/create_tag_dto.dart';
-part 'model/create_user_dto.dart';
-part 'model/delete_user_dto.dart';
 part 'model/download_archive_info.dart';
 part 'model/download_info_dto.dart';
 part 'model/download_response_dto.dart';
@@ -234,12 +232,15 @@ part 'model/update_library_dto.dart';
 part 'model/update_partner_dto.dart';
 part 'model/update_stack_parent_dto.dart';
 part 'model/update_tag_dto.dart';
-part 'model/update_user_dto.dart';
 part 'model/usage_by_user_dto.dart';
+part 'model/user_admin_create_dto.dart';
+part 'model/user_admin_delete_dto.dart';
+part 'model/user_admin_response_dto.dart';
+part 'model/user_admin_update_dto.dart';
 part 'model/user_avatar_color.dart';
-part 'model/user_dto.dart';
 part 'model/user_response_dto.dart';
 part 'model/user_status.dart';
+part 'model/user_update_me_dto.dart';
 part 'model/validate_access_token_response_dto.dart';
 part 'model/validate_library_dto.dart';
 part 'model/validate_library_import_path_response_dto.dart';
diff --git a/mobile/openapi/lib/api/authentication_api.dart b/mobile/openapi/lib/api/authentication_api.dart
index c2aa50e7e7..cb81867425 100644
--- a/mobile/openapi/lib/api/authentication_api.dart
+++ b/mobile/openapi/lib/api/authentication_api.dart
@@ -48,7 +48,7 @@ class AuthenticationApi {
   /// Parameters:
   ///
   /// * [ChangePasswordDto] changePasswordDto (required):
-  Future<UserResponseDto?> changePassword(ChangePasswordDto changePasswordDto,) async {
+  Future<UserAdminResponseDto?> changePassword(ChangePasswordDto changePasswordDto,) async {
     final response = await changePasswordWithHttpInfo(changePasswordDto,);
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
@@ -57,7 +57,7 @@ class AuthenticationApi {
     // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
     // FormatException when trying to decode an empty string.
     if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserResponseDto',) as UserResponseDto;
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
     
     }
     return null;
@@ -183,7 +183,7 @@ class AuthenticationApi {
   /// Parameters:
   ///
   /// * [SignUpDto] signUpDto (required):
-  Future<UserResponseDto?> signUpAdmin(SignUpDto signUpDto,) async {
+  Future<UserAdminResponseDto?> signUpAdmin(SignUpDto signUpDto,) async {
     final response = await signUpAdminWithHttpInfo(signUpDto,);
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
@@ -192,7 +192,7 @@ class AuthenticationApi {
     // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
     // FormatException when trying to decode an empty string.
     if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserResponseDto',) as UserResponseDto;
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
     
     }
     return null;
diff --git a/mobile/openapi/lib/api/o_auth_api.dart b/mobile/openapi/lib/api/o_auth_api.dart
index 9c238f01dc..aafcb28461 100644
--- a/mobile/openapi/lib/api/o_auth_api.dart
+++ b/mobile/openapi/lib/api/o_auth_api.dart
@@ -95,7 +95,7 @@ class OAuthApi {
   /// Parameters:
   ///
   /// * [OAuthCallbackDto] oAuthCallbackDto (required):
-  Future<UserResponseDto?> linkOAuthAccount(OAuthCallbackDto oAuthCallbackDto,) async {
+  Future<UserAdminResponseDto?> linkOAuthAccount(OAuthCallbackDto oAuthCallbackDto,) async {
     final response = await linkOAuthAccountWithHttpInfo(oAuthCallbackDto,);
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
@@ -104,7 +104,7 @@ class OAuthApi {
     // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
     // FormatException when trying to decode an empty string.
     if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserResponseDto',) as UserResponseDto;
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
     
     }
     return null;
@@ -216,7 +216,7 @@ class OAuthApi {
     );
   }
 
-  Future<UserResponseDto?> unlinkOAuthAccount() async {
+  Future<UserAdminResponseDto?> unlinkOAuthAccount() async {
     final response = await unlinkOAuthAccountWithHttpInfo();
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
@@ -225,7 +225,7 @@ class OAuthApi {
     // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
     // FormatException when trying to decode an empty string.
     if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserResponseDto',) as UserResponseDto;
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
     
     }
     return null;
diff --git a/mobile/openapi/lib/api/user_api.dart b/mobile/openapi/lib/api/user_api.dart
index 301169cb9a..3c1a3ff4e7 100644
--- a/mobile/openapi/lib/api/user_api.dart
+++ b/mobile/openapi/lib/api/user_api.dart
@@ -73,16 +73,16 @@ class UserApi {
     return null;
   }
 
-  /// Performs an HTTP 'POST /users' operation and returns the [Response].
+  /// Performs an HTTP 'POST /admin/users' operation and returns the [Response].
   /// Parameters:
   ///
-  /// * [CreateUserDto] createUserDto (required):
-  Future<Response> createUserWithHttpInfo(CreateUserDto createUserDto,) async {
+  /// * [UserAdminCreateDto] userAdminCreateDto (required):
+  Future<Response> createUserAdminWithHttpInfo(UserAdminCreateDto userAdminCreateDto,) async {
     // ignore: prefer_const_declarations
-    final path = r'/users';
+    final path = r'/admin/users';
 
     // ignore: prefer_final_locals
-    Object? postBody = createUserDto;
+    Object? postBody = userAdminCreateDto;
 
     final queryParams = <QueryParam>[];
     final headerParams = <String, String>{};
@@ -104,9 +104,9 @@ class UserApi {
 
   /// Parameters:
   ///
-  /// * [CreateUserDto] createUserDto (required):
-  Future<UserResponseDto?> createUser(CreateUserDto createUserDto,) async {
-    final response = await createUserWithHttpInfo(createUserDto,);
+  /// * [UserAdminCreateDto] userAdminCreateDto (required):
+  Future<UserAdminResponseDto?> createUserAdmin(UserAdminCreateDto userAdminCreateDto,) async {
+    final response = await createUserAdminWithHttpInfo(userAdminCreateDto,);
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
     }
@@ -114,7 +114,7 @@ class UserApi {
     // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
     // FormatException when trying to decode an empty string.
     if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserResponseDto',) as UserResponseDto;
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
     
     }
     return null;
@@ -153,19 +153,19 @@ class UserApi {
     }
   }
 
-  /// Performs an HTTP 'DELETE /users/{id}' operation and returns the [Response].
+  /// Performs an HTTP 'DELETE /admin/users/{id}' operation and returns the [Response].
   /// Parameters:
   ///
   /// * [String] id (required):
   ///
-  /// * [DeleteUserDto] deleteUserDto (required):
-  Future<Response> deleteUserWithHttpInfo(String id, DeleteUserDto deleteUserDto,) async {
+  /// * [UserAdminDeleteDto] userAdminDeleteDto (required):
+  Future<Response> deleteUserAdminWithHttpInfo(String id, UserAdminDeleteDto userAdminDeleteDto,) async {
     // ignore: prefer_const_declarations
-    final path = r'/users/{id}'
+    final path = r'/admin/users/{id}'
       .replaceAll('{id}', id);
 
     // ignore: prefer_final_locals
-    Object? postBody = deleteUserDto;
+    Object? postBody = userAdminDeleteDto;
 
     final queryParams = <QueryParam>[];
     final headerParams = <String, String>{};
@@ -189,9 +189,9 @@ class UserApi {
   ///
   /// * [String] id (required):
   ///
-  /// * [DeleteUserDto] deleteUserDto (required):
-  Future<UserResponseDto?> deleteUser(String id, DeleteUserDto deleteUserDto,) async {
-    final response = await deleteUserWithHttpInfo(id, deleteUserDto,);
+  /// * [UserAdminDeleteDto] userAdminDeleteDto (required):
+  Future<UserAdminResponseDto?> deleteUserAdmin(String id, UserAdminDeleteDto userAdminDeleteDto,) async {
+    final response = await deleteUserAdminWithHttpInfo(id, userAdminDeleteDto,);
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
     }
@@ -199,66 +199,14 @@ class UserApi {
     // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
     // FormatException when trying to decode an empty string.
     if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserResponseDto',) as UserResponseDto;
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
     
     }
     return null;
   }
 
-  /// Performs an HTTP 'GET /users' operation and returns the [Response].
-  /// Parameters:
-  ///
-  /// * [bool] isAll (required):
-  Future<Response> getAllUsersWithHttpInfo(bool isAll,) async {
-    // ignore: prefer_const_declarations
-    final path = r'/users';
-
-    // ignore: prefer_final_locals
-    Object? postBody;
-
-    final queryParams = <QueryParam>[];
-    final headerParams = <String, String>{};
-    final formParams = <String, String>{};
-
-      queryParams.addAll(_queryParams('', 'isAll', isAll));
-
-    const contentTypes = <String>[];
-
-
-    return apiClient.invokeAPI(
-      path,
-      'GET',
-      queryParams,
-      postBody,
-      headerParams,
-      formParams,
-      contentTypes.isEmpty ? null : contentTypes.first,
-    );
-  }
-
-  /// Parameters:
-  ///
-  /// * [bool] isAll (required):
-  Future<List<UserResponseDto>?> getAllUsers(bool isAll,) async {
-    final response = await getAllUsersWithHttpInfo(isAll,);
-    if (response.statusCode >= HttpStatus.badRequest) {
-      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
-    }
-    // When a remote server returns no body with a status of 204, we shall not decode it.
-    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
-    // FormatException when trying to decode an empty string.
-    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      final responseBody = await _decodeBodyBytes(response);
-      return (await apiClient.deserializeAsync(responseBody, 'List<UserResponseDto>') as List)
-        .cast<UserResponseDto>()
-        .toList(growable: false);
-
-    }
-    return null;
-  }
-
   /// Performs an HTTP 'GET /users/me' operation and returns the [Response].
-  Future<Response> getMyUserInfoWithHttpInfo() async {
+  Future<Response> getMyUserWithHttpInfo() async {
     // ignore: prefer_const_declarations
     final path = r'/users/me';
 
@@ -283,8 +231,8 @@ class UserApi {
     );
   }
 
-  Future<UserResponseDto?> getMyUserInfo() async {
-    final response = await getMyUserInfoWithHttpInfo();
+  Future<UserAdminResponseDto?> getMyUser() async {
+    final response = await getMyUserWithHttpInfo();
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
     }
@@ -292,7 +240,7 @@ class UserApi {
     // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
     // FormatException when trying to decode an empty string.
     if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserResponseDto',) as UserResponseDto;
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
     
     }
     return null;
@@ -350,7 +298,7 @@ class UserApi {
   /// Parameters:
   ///
   /// * [String] id (required):
-  Future<Response> getUserByIdWithHttpInfo(String id,) async {
+  Future<Response> getUserWithHttpInfo(String id,) async {
     // ignore: prefer_const_declarations
     final path = r'/users/{id}'
       .replaceAll('{id}', id);
@@ -379,8 +327,8 @@ class UserApi {
   /// Parameters:
   ///
   /// * [String] id (required):
-  Future<UserResponseDto?> getUserById(String id,) async {
-    final response = await getUserByIdWithHttpInfo(id,);
+  Future<UserResponseDto?> getUser(String id,) async {
+    final response = await getUserWithHttpInfo(id,);
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
     }
@@ -394,13 +342,61 @@ class UserApi {
     return null;
   }
 
-  /// Performs an HTTP 'POST /users/{id}/restore' operation and returns the [Response].
+  /// Performs an HTTP 'GET /admin/users/{id}' operation and returns the [Response].
   /// Parameters:
   ///
   /// * [String] id (required):
-  Future<Response> restoreUserWithHttpInfo(String id,) async {
+  Future<Response> getUserAdminWithHttpInfo(String id,) async {
     // ignore: prefer_const_declarations
-    final path = r'/users/{id}/restore'
+    final path = r'/admin/users/{id}'
+      .replaceAll('{id}', id);
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      path,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  Future<UserAdminResponseDto?> getUserAdmin(String id,) async {
+    final response = await getUserAdminWithHttpInfo(id,);
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
+    
+    }
+    return null;
+  }
+
+  /// Performs an HTTP 'POST /admin/users/{id}/restore' operation and returns the [Response].
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  Future<Response> restoreUserAdminWithHttpInfo(String id,) async {
+    // ignore: prefer_const_declarations
+    final path = r'/admin/users/{id}/restore'
       .replaceAll('{id}', id);
 
     // ignore: prefer_final_locals
@@ -427,8 +423,8 @@ class UserApi {
   /// Parameters:
   ///
   /// * [String] id (required):
-  Future<UserResponseDto?> restoreUser(String id,) async {
-    final response = await restoreUserWithHttpInfo(id,);
+  Future<UserAdminResponseDto?> restoreUserAdmin(String id,) async {
+    final response = await restoreUserAdminWithHttpInfo(id,);
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
     }
@@ -436,22 +432,120 @@ class UserApi {
     // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
     // FormatException when trying to decode an empty string.
     if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserResponseDto',) as UserResponseDto;
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
     
     }
     return null;
   }
 
-  /// Performs an HTTP 'PUT /users' operation and returns the [Response].
-  /// Parameters:
-  ///
-  /// * [UpdateUserDto] updateUserDto (required):
-  Future<Response> updateUserWithHttpInfo(UpdateUserDto updateUserDto,) async {
+  /// Performs an HTTP 'GET /users' operation and returns the [Response].
+  Future<Response> searchUsersWithHttpInfo() async {
     // ignore: prefer_const_declarations
     final path = r'/users';
 
     // ignore: prefer_final_locals
-    Object? postBody = updateUserDto;
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      path,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  Future<List<UserResponseDto>?> searchUsers() async {
+    final response = await searchUsersWithHttpInfo();
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      final responseBody = await _decodeBodyBytes(response);
+      return (await apiClient.deserializeAsync(responseBody, 'List<UserResponseDto>') as List)
+        .cast<UserResponseDto>()
+        .toList(growable: false);
+
+    }
+    return null;
+  }
+
+  /// Performs an HTTP 'GET /admin/users' operation and returns the [Response].
+  /// Parameters:
+  ///
+  /// * [bool] withDeleted:
+  Future<Response> searchUsersAdminWithHttpInfo({ bool? withDeleted, }) async {
+    // ignore: prefer_const_declarations
+    final path = r'/admin/users';
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    if (withDeleted != null) {
+      queryParams.addAll(_queryParams('', 'withDeleted', withDeleted));
+    }
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      path,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Parameters:
+  ///
+  /// * [bool] withDeleted:
+  Future<List<UserAdminResponseDto>?> searchUsersAdmin({ bool? withDeleted, }) async {
+    final response = await searchUsersAdminWithHttpInfo( withDeleted: withDeleted, );
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      final responseBody = await _decodeBodyBytes(response);
+      return (await apiClient.deserializeAsync(responseBody, 'List<UserAdminResponseDto>') as List)
+        .cast<UserAdminResponseDto>()
+        .toList(growable: false);
+
+    }
+    return null;
+  }
+
+  /// Performs an HTTP 'PUT /users/me' operation and returns the [Response].
+  /// Parameters:
+  ///
+  /// * [UserUpdateMeDto] userUpdateMeDto (required):
+  Future<Response> updateMyUserWithHttpInfo(UserUpdateMeDto userUpdateMeDto,) async {
+    // ignore: prefer_const_declarations
+    final path = r'/users/me';
+
+    // ignore: prefer_final_locals
+    Object? postBody = userUpdateMeDto;
 
     final queryParams = <QueryParam>[];
     final headerParams = <String, String>{};
@@ -473,9 +567,9 @@ class UserApi {
 
   /// Parameters:
   ///
-  /// * [UpdateUserDto] updateUserDto (required):
-  Future<UserResponseDto?> updateUser(UpdateUserDto updateUserDto,) async {
-    final response = await updateUserWithHttpInfo(updateUserDto,);
+  /// * [UserUpdateMeDto] userUpdateMeDto (required):
+  Future<UserAdminResponseDto?> updateMyUser(UserUpdateMeDto userUpdateMeDto,) async {
+    final response = await updateMyUserWithHttpInfo(userUpdateMeDto,);
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
     }
@@ -483,7 +577,59 @@ class UserApi {
     // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
     // FormatException when trying to decode an empty string.
     if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserResponseDto',) as UserResponseDto;
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
+    
+    }
+    return null;
+  }
+
+  /// Performs an HTTP 'PUT /admin/users/{id}' operation and returns the [Response].
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [UserAdminUpdateDto] userAdminUpdateDto (required):
+  Future<Response> updateUserAdminWithHttpInfo(String id, UserAdminUpdateDto userAdminUpdateDto,) async {
+    // ignore: prefer_const_declarations
+    final path = r'/admin/users/{id}'
+      .replaceAll('{id}', id);
+
+    // ignore: prefer_final_locals
+    Object? postBody = userAdminUpdateDto;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>['application/json'];
+
+
+    return apiClient.invokeAPI(
+      path,
+      'PUT',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Parameters:
+  ///
+  /// * [String] id (required):
+  ///
+  /// * [UserAdminUpdateDto] userAdminUpdateDto (required):
+  Future<UserAdminResponseDto?> updateUserAdmin(String id, UserAdminUpdateDto userAdminUpdateDto,) async {
+    final response = await updateUserAdminWithHttpInfo(id, userAdminUpdateDto,);
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'UserAdminResponseDto',) as UserAdminResponseDto;
     
     }
     return null;
diff --git a/mobile/openapi/lib/api_client.dart b/mobile/openapi/lib/api_client.dart
index 1f959757da..bd3433872a 100644
--- a/mobile/openapi/lib/api_client.dart
+++ b/mobile/openapi/lib/api_client.dart
@@ -292,10 +292,6 @@ class ApiClient {
           return CreateProfileImageResponseDto.fromJson(value);
         case 'CreateTagDto':
           return CreateTagDto.fromJson(value);
-        case 'CreateUserDto':
-          return CreateUserDto.fromJson(value);
-        case 'DeleteUserDto':
-          return DeleteUserDto.fromJson(value);
         case 'DownloadArchiveInfo':
           return DownloadArchiveInfo.fromJson(value);
         case 'DownloadInfoDto':
@@ -536,18 +532,24 @@ class ApiClient {
           return UpdateStackParentDto.fromJson(value);
         case 'UpdateTagDto':
           return UpdateTagDto.fromJson(value);
-        case 'UpdateUserDto':
-          return UpdateUserDto.fromJson(value);
         case 'UsageByUserDto':
           return UsageByUserDto.fromJson(value);
+        case 'UserAdminCreateDto':
+          return UserAdminCreateDto.fromJson(value);
+        case 'UserAdminDeleteDto':
+          return UserAdminDeleteDto.fromJson(value);
+        case 'UserAdminResponseDto':
+          return UserAdminResponseDto.fromJson(value);
+        case 'UserAdminUpdateDto':
+          return UserAdminUpdateDto.fromJson(value);
         case 'UserAvatarColor':
           return UserAvatarColorTypeTransformer().decode(value);
-        case 'UserDto':
-          return UserDto.fromJson(value);
         case 'UserResponseDto':
           return UserResponseDto.fromJson(value);
         case 'UserStatus':
           return UserStatusTypeTransformer().decode(value);
+        case 'UserUpdateMeDto':
+          return UserUpdateMeDto.fromJson(value);
         case 'ValidateAccessTokenResponseDto':
           return ValidateAccessTokenResponseDto.fromJson(value);
         case 'ValidateLibraryDto':
diff --git a/mobile/openapi/lib/model/activity_response_dto.dart b/mobile/openapi/lib/model/activity_response_dto.dart
index d276d19e6c..cd7a4f482f 100644
--- a/mobile/openapi/lib/model/activity_response_dto.dart
+++ b/mobile/openapi/lib/model/activity_response_dto.dart
@@ -31,7 +31,7 @@ class ActivityResponseDto {
 
   ActivityResponseDtoTypeEnum type;
 
-  UserDto user;
+  UserResponseDto user;
 
   @override
   bool operator ==(Object other) => identical(this, other) || other is ActivityResponseDto &&
@@ -87,7 +87,7 @@ class ActivityResponseDto {
         createdAt: mapDateTime(json, r'createdAt', r'')!,
         id: mapValueOfType<String>(json, r'id')!,
         type: ActivityResponseDtoTypeEnum.fromJson(json[r'type'])!,
-        user: UserDto.fromJson(json[r'user'])!,
+        user: UserResponseDto.fromJson(json[r'user'])!,
       );
     }
     return null;
diff --git a/mobile/openapi/lib/model/partner_response_dto.dart b/mobile/openapi/lib/model/partner_response_dto.dart
index 1efd91c346..7c3cf03bd9 100644
--- a/mobile/openapi/lib/model/partner_response_dto.dart
+++ b/mobile/openapi/lib/model/partner_response_dto.dart
@@ -14,30 +14,15 @@ class PartnerResponseDto {
   /// Returns a new [PartnerResponseDto] instance.
   PartnerResponseDto({
     required this.avatarColor,
-    required this.createdAt,
-    required this.deletedAt,
     required this.email,
     required this.id,
     this.inTimeline,
-    required this.isAdmin,
-    this.memoriesEnabled,
     required this.name,
-    required this.oauthId,
     required this.profileImagePath,
-    required this.quotaSizeInBytes,
-    required this.quotaUsageInBytes,
-    required this.shouldChangePassword,
-    required this.status,
-    required this.storageLabel,
-    required this.updatedAt,
   });
 
   UserAvatarColor avatarColor;
 
-  DateTime createdAt;
-
-  DateTime? deletedAt;
-
   String email;
 
   String id;
@@ -50,121 +35,44 @@ class PartnerResponseDto {
   ///
   bool? inTimeline;
 
-  bool isAdmin;
-
-  ///
-  /// Please note: This property should have been non-nullable! Since the specification file
-  /// does not include a default value (using the "default:" property), however, the generated
-  /// source code must fall back to having a nullable type.
-  /// Consider adding a "default:" property in the specification file to hide this note.
-  ///
-  bool? memoriesEnabled;
-
   String name;
 
-  String oauthId;
-
   String profileImagePath;
 
-  int? quotaSizeInBytes;
-
-  int? quotaUsageInBytes;
-
-  bool shouldChangePassword;
-
-  UserStatus status;
-
-  String? storageLabel;
-
-  DateTime updatedAt;
-
   @override
   bool operator ==(Object other) => identical(this, other) || other is PartnerResponseDto &&
     other.avatarColor == avatarColor &&
-    other.createdAt == createdAt &&
-    other.deletedAt == deletedAt &&
     other.email == email &&
     other.id == id &&
     other.inTimeline == inTimeline &&
-    other.isAdmin == isAdmin &&
-    other.memoriesEnabled == memoriesEnabled &&
     other.name == name &&
-    other.oauthId == oauthId &&
-    other.profileImagePath == profileImagePath &&
-    other.quotaSizeInBytes == quotaSizeInBytes &&
-    other.quotaUsageInBytes == quotaUsageInBytes &&
-    other.shouldChangePassword == shouldChangePassword &&
-    other.status == status &&
-    other.storageLabel == storageLabel &&
-    other.updatedAt == updatedAt;
+    other.profileImagePath == profileImagePath;
 
   @override
   int get hashCode =>
     // ignore: unnecessary_parenthesis
     (avatarColor.hashCode) +
-    (createdAt.hashCode) +
-    (deletedAt == null ? 0 : deletedAt!.hashCode) +
     (email.hashCode) +
     (id.hashCode) +
     (inTimeline == null ? 0 : inTimeline!.hashCode) +
-    (isAdmin.hashCode) +
-    (memoriesEnabled == null ? 0 : memoriesEnabled!.hashCode) +
     (name.hashCode) +
-    (oauthId.hashCode) +
-    (profileImagePath.hashCode) +
-    (quotaSizeInBytes == null ? 0 : quotaSizeInBytes!.hashCode) +
-    (quotaUsageInBytes == null ? 0 : quotaUsageInBytes!.hashCode) +
-    (shouldChangePassword.hashCode) +
-    (status.hashCode) +
-    (storageLabel == null ? 0 : storageLabel!.hashCode) +
-    (updatedAt.hashCode);
+    (profileImagePath.hashCode);
 
   @override
-  String toString() => 'PartnerResponseDto[avatarColor=$avatarColor, createdAt=$createdAt, deletedAt=$deletedAt, email=$email, id=$id, inTimeline=$inTimeline, isAdmin=$isAdmin, memoriesEnabled=$memoriesEnabled, name=$name, oauthId=$oauthId, profileImagePath=$profileImagePath, quotaSizeInBytes=$quotaSizeInBytes, quotaUsageInBytes=$quotaUsageInBytes, shouldChangePassword=$shouldChangePassword, status=$status, storageLabel=$storageLabel, updatedAt=$updatedAt]';
+  String toString() => 'PartnerResponseDto[avatarColor=$avatarColor, email=$email, id=$id, inTimeline=$inTimeline, name=$name, profileImagePath=$profileImagePath]';
 
   Map<String, dynamic> toJson() {
     final json = <String, dynamic>{};
       json[r'avatarColor'] = this.avatarColor;
-      json[r'createdAt'] = this.createdAt.toUtc().toIso8601String();
-    if (this.deletedAt != null) {
-      json[r'deletedAt'] = this.deletedAt!.toUtc().toIso8601String();
-    } else {
-    //  json[r'deletedAt'] = null;
-    }
       json[r'email'] = this.email;
       json[r'id'] = this.id;
     if (this.inTimeline != null) {
       json[r'inTimeline'] = this.inTimeline;
     } else {
     //  json[r'inTimeline'] = null;
-    }
-      json[r'isAdmin'] = this.isAdmin;
-    if (this.memoriesEnabled != null) {
-      json[r'memoriesEnabled'] = this.memoriesEnabled;
-    } else {
-    //  json[r'memoriesEnabled'] = null;
     }
       json[r'name'] = this.name;
-      json[r'oauthId'] = this.oauthId;
       json[r'profileImagePath'] = this.profileImagePath;
-    if (this.quotaSizeInBytes != null) {
-      json[r'quotaSizeInBytes'] = this.quotaSizeInBytes;
-    } else {
-    //  json[r'quotaSizeInBytes'] = null;
-    }
-    if (this.quotaUsageInBytes != null) {
-      json[r'quotaUsageInBytes'] = this.quotaUsageInBytes;
-    } else {
-    //  json[r'quotaUsageInBytes'] = null;
-    }
-      json[r'shouldChangePassword'] = this.shouldChangePassword;
-      json[r'status'] = this.status;
-    if (this.storageLabel != null) {
-      json[r'storageLabel'] = this.storageLabel;
-    } else {
-    //  json[r'storageLabel'] = null;
-    }
-      json[r'updatedAt'] = this.updatedAt.toUtc().toIso8601String();
     return json;
   }
 
@@ -177,22 +85,11 @@ class PartnerResponseDto {
 
       return PartnerResponseDto(
         avatarColor: UserAvatarColor.fromJson(json[r'avatarColor'])!,
-        createdAt: mapDateTime(json, r'createdAt', r'')!,
-        deletedAt: mapDateTime(json, r'deletedAt', r''),
         email: mapValueOfType<String>(json, r'email')!,
         id: mapValueOfType<String>(json, r'id')!,
         inTimeline: mapValueOfType<bool>(json, r'inTimeline'),
-        isAdmin: mapValueOfType<bool>(json, r'isAdmin')!,
-        memoriesEnabled: mapValueOfType<bool>(json, r'memoriesEnabled'),
         name: mapValueOfType<String>(json, r'name')!,
-        oauthId: mapValueOfType<String>(json, r'oauthId')!,
         profileImagePath: mapValueOfType<String>(json, r'profileImagePath')!,
-        quotaSizeInBytes: mapValueOfType<int>(json, r'quotaSizeInBytes'),
-        quotaUsageInBytes: mapValueOfType<int>(json, r'quotaUsageInBytes'),
-        shouldChangePassword: mapValueOfType<bool>(json, r'shouldChangePassword')!,
-        status: UserStatus.fromJson(json[r'status'])!,
-        storageLabel: mapValueOfType<String>(json, r'storageLabel'),
-        updatedAt: mapDateTime(json, r'updatedAt', r'')!,
       );
     }
     return null;
@@ -241,20 +138,10 @@ class PartnerResponseDto {
   /// The list of required keys that must be present in a JSON.
   static const requiredKeys = <String>{
     'avatarColor',
-    'createdAt',
-    'deletedAt',
     'email',
     'id',
-    'isAdmin',
     'name',
-    'oauthId',
     'profileImagePath',
-    'quotaSizeInBytes',
-    'quotaUsageInBytes',
-    'shouldChangePassword',
-    'status',
-    'storageLabel',
-    'updatedAt',
   };
 }
 
diff --git a/mobile/openapi/lib/model/create_user_dto.dart b/mobile/openapi/lib/model/user_admin_create_dto.dart
similarity index 80%
rename from mobile/openapi/lib/model/create_user_dto.dart
rename to mobile/openapi/lib/model/user_admin_create_dto.dart
index 4b0bdd55da..daf8854e01 100644
--- a/mobile/openapi/lib/model/create_user_dto.dart
+++ b/mobile/openapi/lib/model/user_admin_create_dto.dart
@@ -10,9 +10,9 @@
 
 part of openapi.api;
 
-class CreateUserDto {
-  /// Returns a new [CreateUserDto] instance.
-  CreateUserDto({
+class UserAdminCreateDto {
+  /// Returns a new [UserAdminCreateDto] instance.
+  UserAdminCreateDto({
     required this.email,
     this.memoriesEnabled,
     required this.name,
@@ -59,7 +59,7 @@ class CreateUserDto {
   String? storageLabel;
 
   @override
-  bool operator ==(Object other) => identical(this, other) || other is CreateUserDto &&
+  bool operator ==(Object other) => identical(this, other) || other is UserAdminCreateDto &&
     other.email == email &&
     other.memoriesEnabled == memoriesEnabled &&
     other.name == name &&
@@ -82,7 +82,7 @@ class CreateUserDto {
     (storageLabel == null ? 0 : storageLabel!.hashCode);
 
   @override
-  String toString() => 'CreateUserDto[email=$email, memoriesEnabled=$memoriesEnabled, name=$name, notify=$notify, password=$password, quotaSizeInBytes=$quotaSizeInBytes, shouldChangePassword=$shouldChangePassword, storageLabel=$storageLabel]';
+  String toString() => 'UserAdminCreateDto[email=$email, memoriesEnabled=$memoriesEnabled, name=$name, notify=$notify, password=$password, quotaSizeInBytes=$quotaSizeInBytes, shouldChangePassword=$shouldChangePassword, storageLabel=$storageLabel]';
 
   Map<String, dynamic> toJson() {
     final json = <String, dynamic>{};
@@ -117,14 +117,14 @@ class CreateUserDto {
     return json;
   }
 
-  /// Returns a new [CreateUserDto] instance and imports its values from
+  /// Returns a new [UserAdminCreateDto] instance and imports its values from
   /// [value] if it's a [Map], null otherwise.
   // ignore: prefer_constructors_over_static_methods
-  static CreateUserDto? fromJson(dynamic value) {
+  static UserAdminCreateDto? fromJson(dynamic value) {
     if (value is Map) {
       final json = value.cast<String, dynamic>();
 
-      return CreateUserDto(
+      return UserAdminCreateDto(
         email: mapValueOfType<String>(json, r'email')!,
         memoriesEnabled: mapValueOfType<bool>(json, r'memoriesEnabled'),
         name: mapValueOfType<String>(json, r'name')!,
@@ -138,11 +138,11 @@ class CreateUserDto {
     return null;
   }
 
-  static List<CreateUserDto> listFromJson(dynamic json, {bool growable = false,}) {
-    final result = <CreateUserDto>[];
+  static List<UserAdminCreateDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <UserAdminCreateDto>[];
     if (json is List && json.isNotEmpty) {
       for (final row in json) {
-        final value = CreateUserDto.fromJson(row);
+        final value = UserAdminCreateDto.fromJson(row);
         if (value != null) {
           result.add(value);
         }
@@ -151,12 +151,12 @@ class CreateUserDto {
     return result.toList(growable: growable);
   }
 
-  static Map<String, CreateUserDto> mapFromJson(dynamic json) {
-    final map = <String, CreateUserDto>{};
+  static Map<String, UserAdminCreateDto> mapFromJson(dynamic json) {
+    final map = <String, UserAdminCreateDto>{};
     if (json is Map && json.isNotEmpty) {
       json = json.cast<String, dynamic>(); // ignore: parameter_assignments
       for (final entry in json.entries) {
-        final value = CreateUserDto.fromJson(entry.value);
+        final value = UserAdminCreateDto.fromJson(entry.value);
         if (value != null) {
           map[entry.key] = value;
         }
@@ -165,14 +165,14 @@ class CreateUserDto {
     return map;
   }
 
-  // maps a json object with a list of CreateUserDto-objects as value to a dart map
-  static Map<String, List<CreateUserDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
-    final map = <String, List<CreateUserDto>>{};
+  // maps a json object with a list of UserAdminCreateDto-objects as value to a dart map
+  static Map<String, List<UserAdminCreateDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<UserAdminCreateDto>>{};
     if (json is Map && json.isNotEmpty) {
       // ignore: parameter_assignments
       json = json.cast<String, dynamic>();
       for (final entry in json.entries) {
-        map[entry.key] = CreateUserDto.listFromJson(entry.value, growable: growable,);
+        map[entry.key] = UserAdminCreateDto.listFromJson(entry.value, growable: growable,);
       }
     }
     return map;
diff --git a/mobile/openapi/lib/model/delete_user_dto.dart b/mobile/openapi/lib/model/user_admin_delete_dto.dart
similarity index 67%
rename from mobile/openapi/lib/model/delete_user_dto.dart
rename to mobile/openapi/lib/model/user_admin_delete_dto.dart
index a758991fa9..7778b15775 100644
--- a/mobile/openapi/lib/model/delete_user_dto.dart
+++ b/mobile/openapi/lib/model/user_admin_delete_dto.dart
@@ -10,9 +10,9 @@
 
 part of openapi.api;
 
-class DeleteUserDto {
-  /// Returns a new [DeleteUserDto] instance.
-  DeleteUserDto({
+class UserAdminDeleteDto {
+  /// Returns a new [UserAdminDeleteDto] instance.
+  UserAdminDeleteDto({
     this.force,
   });
 
@@ -25,7 +25,7 @@ class DeleteUserDto {
   bool? force;
 
   @override
-  bool operator ==(Object other) => identical(this, other) || other is DeleteUserDto &&
+  bool operator ==(Object other) => identical(this, other) || other is UserAdminDeleteDto &&
     other.force == force;
 
   @override
@@ -34,7 +34,7 @@ class DeleteUserDto {
     (force == null ? 0 : force!.hashCode);
 
   @override
-  String toString() => 'DeleteUserDto[force=$force]';
+  String toString() => 'UserAdminDeleteDto[force=$force]';
 
   Map<String, dynamic> toJson() {
     final json = <String, dynamic>{};
@@ -46,25 +46,25 @@ class DeleteUserDto {
     return json;
   }
 
-  /// Returns a new [DeleteUserDto] instance and imports its values from
+  /// Returns a new [UserAdminDeleteDto] instance and imports its values from
   /// [value] if it's a [Map], null otherwise.
   // ignore: prefer_constructors_over_static_methods
-  static DeleteUserDto? fromJson(dynamic value) {
+  static UserAdminDeleteDto? fromJson(dynamic value) {
     if (value is Map) {
       final json = value.cast<String, dynamic>();
 
-      return DeleteUserDto(
+      return UserAdminDeleteDto(
         force: mapValueOfType<bool>(json, r'force'),
       );
     }
     return null;
   }
 
-  static List<DeleteUserDto> listFromJson(dynamic json, {bool growable = false,}) {
-    final result = <DeleteUserDto>[];
+  static List<UserAdminDeleteDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <UserAdminDeleteDto>[];
     if (json is List && json.isNotEmpty) {
       for (final row in json) {
-        final value = DeleteUserDto.fromJson(row);
+        final value = UserAdminDeleteDto.fromJson(row);
         if (value != null) {
           result.add(value);
         }
@@ -73,12 +73,12 @@ class DeleteUserDto {
     return result.toList(growable: growable);
   }
 
-  static Map<String, DeleteUserDto> mapFromJson(dynamic json) {
-    final map = <String, DeleteUserDto>{};
+  static Map<String, UserAdminDeleteDto> mapFromJson(dynamic json) {
+    final map = <String, UserAdminDeleteDto>{};
     if (json is Map && json.isNotEmpty) {
       json = json.cast<String, dynamic>(); // ignore: parameter_assignments
       for (final entry in json.entries) {
-        final value = DeleteUserDto.fromJson(entry.value);
+        final value = UserAdminDeleteDto.fromJson(entry.value);
         if (value != null) {
           map[entry.key] = value;
         }
@@ -87,14 +87,14 @@ class DeleteUserDto {
     return map;
   }
 
-  // maps a json object with a list of DeleteUserDto-objects as value to a dart map
-  static Map<String, List<DeleteUserDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
-    final map = <String, List<DeleteUserDto>>{};
+  // maps a json object with a list of UserAdminDeleteDto-objects as value to a dart map
+  static Map<String, List<UserAdminDeleteDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<UserAdminDeleteDto>>{};
     if (json is Map && json.isNotEmpty) {
       // ignore: parameter_assignments
       json = json.cast<String, dynamic>();
       for (final entry in json.entries) {
-        map[entry.key] = DeleteUserDto.listFromJson(entry.value, growable: growable,);
+        map[entry.key] = UserAdminDeleteDto.listFromJson(entry.value, growable: growable,);
       }
     }
     return map;
diff --git a/mobile/openapi/lib/model/user_admin_response_dto.dart b/mobile/openapi/lib/model/user_admin_response_dto.dart
new file mode 100644
index 0000000000..3fc8c2e274
--- /dev/null
+++ b/mobile/openapi/lib/model/user_admin_response_dto.dart
@@ -0,0 +1,243 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class UserAdminResponseDto {
+  /// Returns a new [UserAdminResponseDto] instance.
+  UserAdminResponseDto({
+    required this.avatarColor,
+    required this.createdAt,
+    required this.deletedAt,
+    required this.email,
+    required this.id,
+    required this.isAdmin,
+    this.memoriesEnabled,
+    required this.name,
+    required this.oauthId,
+    required this.profileImagePath,
+    required this.quotaSizeInBytes,
+    required this.quotaUsageInBytes,
+    required this.shouldChangePassword,
+    required this.status,
+    required this.storageLabel,
+    required this.updatedAt,
+  });
+
+  UserAvatarColor avatarColor;
+
+  DateTime createdAt;
+
+  DateTime? deletedAt;
+
+  String email;
+
+  String id;
+
+  bool isAdmin;
+
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  bool? memoriesEnabled;
+
+  String name;
+
+  String oauthId;
+
+  String profileImagePath;
+
+  int? quotaSizeInBytes;
+
+  int? quotaUsageInBytes;
+
+  bool shouldChangePassword;
+
+  UserStatus status;
+
+  String? storageLabel;
+
+  DateTime updatedAt;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is UserAdminResponseDto &&
+    other.avatarColor == avatarColor &&
+    other.createdAt == createdAt &&
+    other.deletedAt == deletedAt &&
+    other.email == email &&
+    other.id == id &&
+    other.isAdmin == isAdmin &&
+    other.memoriesEnabled == memoriesEnabled &&
+    other.name == name &&
+    other.oauthId == oauthId &&
+    other.profileImagePath == profileImagePath &&
+    other.quotaSizeInBytes == quotaSizeInBytes &&
+    other.quotaUsageInBytes == quotaUsageInBytes &&
+    other.shouldChangePassword == shouldChangePassword &&
+    other.status == status &&
+    other.storageLabel == storageLabel &&
+    other.updatedAt == updatedAt;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (avatarColor.hashCode) +
+    (createdAt.hashCode) +
+    (deletedAt == null ? 0 : deletedAt!.hashCode) +
+    (email.hashCode) +
+    (id.hashCode) +
+    (isAdmin.hashCode) +
+    (memoriesEnabled == null ? 0 : memoriesEnabled!.hashCode) +
+    (name.hashCode) +
+    (oauthId.hashCode) +
+    (profileImagePath.hashCode) +
+    (quotaSizeInBytes == null ? 0 : quotaSizeInBytes!.hashCode) +
+    (quotaUsageInBytes == null ? 0 : quotaUsageInBytes!.hashCode) +
+    (shouldChangePassword.hashCode) +
+    (status.hashCode) +
+    (storageLabel == null ? 0 : storageLabel!.hashCode) +
+    (updatedAt.hashCode);
+
+  @override
+  String toString() => 'UserAdminResponseDto[avatarColor=$avatarColor, createdAt=$createdAt, deletedAt=$deletedAt, email=$email, id=$id, isAdmin=$isAdmin, memoriesEnabled=$memoriesEnabled, name=$name, oauthId=$oauthId, profileImagePath=$profileImagePath, quotaSizeInBytes=$quotaSizeInBytes, quotaUsageInBytes=$quotaUsageInBytes, shouldChangePassword=$shouldChangePassword, status=$status, storageLabel=$storageLabel, updatedAt=$updatedAt]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'avatarColor'] = this.avatarColor;
+      json[r'createdAt'] = this.createdAt.toUtc().toIso8601String();
+    if (this.deletedAt != null) {
+      json[r'deletedAt'] = this.deletedAt!.toUtc().toIso8601String();
+    } else {
+    //  json[r'deletedAt'] = null;
+    }
+      json[r'email'] = this.email;
+      json[r'id'] = this.id;
+      json[r'isAdmin'] = this.isAdmin;
+    if (this.memoriesEnabled != null) {
+      json[r'memoriesEnabled'] = this.memoriesEnabled;
+    } else {
+    //  json[r'memoriesEnabled'] = null;
+    }
+      json[r'name'] = this.name;
+      json[r'oauthId'] = this.oauthId;
+      json[r'profileImagePath'] = this.profileImagePath;
+    if (this.quotaSizeInBytes != null) {
+      json[r'quotaSizeInBytes'] = this.quotaSizeInBytes;
+    } else {
+    //  json[r'quotaSizeInBytes'] = null;
+    }
+    if (this.quotaUsageInBytes != null) {
+      json[r'quotaUsageInBytes'] = this.quotaUsageInBytes;
+    } else {
+    //  json[r'quotaUsageInBytes'] = null;
+    }
+      json[r'shouldChangePassword'] = this.shouldChangePassword;
+      json[r'status'] = this.status;
+    if (this.storageLabel != null) {
+      json[r'storageLabel'] = this.storageLabel;
+    } else {
+    //  json[r'storageLabel'] = null;
+    }
+      json[r'updatedAt'] = this.updatedAt.toUtc().toIso8601String();
+    return json;
+  }
+
+  /// Returns a new [UserAdminResponseDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static UserAdminResponseDto? fromJson(dynamic value) {
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return UserAdminResponseDto(
+        avatarColor: UserAvatarColor.fromJson(json[r'avatarColor'])!,
+        createdAt: mapDateTime(json, r'createdAt', r'')!,
+        deletedAt: mapDateTime(json, r'deletedAt', r''),
+        email: mapValueOfType<String>(json, r'email')!,
+        id: mapValueOfType<String>(json, r'id')!,
+        isAdmin: mapValueOfType<bool>(json, r'isAdmin')!,
+        memoriesEnabled: mapValueOfType<bool>(json, r'memoriesEnabled'),
+        name: mapValueOfType<String>(json, r'name')!,
+        oauthId: mapValueOfType<String>(json, r'oauthId')!,
+        profileImagePath: mapValueOfType<String>(json, r'profileImagePath')!,
+        quotaSizeInBytes: mapValueOfType<int>(json, r'quotaSizeInBytes'),
+        quotaUsageInBytes: mapValueOfType<int>(json, r'quotaUsageInBytes'),
+        shouldChangePassword: mapValueOfType<bool>(json, r'shouldChangePassword')!,
+        status: UserStatus.fromJson(json[r'status'])!,
+        storageLabel: mapValueOfType<String>(json, r'storageLabel'),
+        updatedAt: mapDateTime(json, r'updatedAt', r'')!,
+      );
+    }
+    return null;
+  }
+
+  static List<UserAdminResponseDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <UserAdminResponseDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = UserAdminResponseDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, UserAdminResponseDto> mapFromJson(dynamic json) {
+    final map = <String, UserAdminResponseDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = UserAdminResponseDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of UserAdminResponseDto-objects as value to a dart map
+  static Map<String, List<UserAdminResponseDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<UserAdminResponseDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = UserAdminResponseDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'avatarColor',
+    'createdAt',
+    'deletedAt',
+    'email',
+    'id',
+    'isAdmin',
+    'name',
+    'oauthId',
+    'profileImagePath',
+    'quotaSizeInBytes',
+    'quotaUsageInBytes',
+    'shouldChangePassword',
+    'status',
+    'storageLabel',
+    'updatedAt',
+  };
+}
+
diff --git a/mobile/openapi/lib/model/update_user_dto.dart b/mobile/openapi/lib/model/user_admin_update_dto.dart
similarity index 73%
rename from mobile/openapi/lib/model/update_user_dto.dart
rename to mobile/openapi/lib/model/user_admin_update_dto.dart
index caa0600793..ecd145248f 100644
--- a/mobile/openapi/lib/model/update_user_dto.dart
+++ b/mobile/openapi/lib/model/user_admin_update_dto.dart
@@ -10,13 +10,11 @@
 
 part of openapi.api;
 
-class UpdateUserDto {
-  /// Returns a new [UpdateUserDto] instance.
-  UpdateUserDto({
+class UserAdminUpdateDto {
+  /// Returns a new [UserAdminUpdateDto] instance.
+  UserAdminUpdateDto({
     this.avatarColor,
     this.email,
-    required this.id,
-    this.isAdmin,
     this.memoriesEnabled,
     this.name,
     this.password,
@@ -41,16 +39,6 @@ class UpdateUserDto {
   ///
   String? email;
 
-  String id;
-
-  ///
-  /// Please note: This property should have been non-nullable! Since the specification file
-  /// does not include a default value (using the "default:" property), however, the generated
-  /// source code must fall back to having a nullable type.
-  /// Consider adding a "default:" property in the specification file to hide this note.
-  ///
-  bool? isAdmin;
-
   ///
   /// Please note: This property should have been non-nullable! Since the specification file
   /// does not include a default value (using the "default:" property), however, the generated
@@ -86,20 +74,12 @@ class UpdateUserDto {
   ///
   bool? shouldChangePassword;
 
-  ///
-  /// Please note: This property should have been non-nullable! Since the specification file
-  /// does not include a default value (using the "default:" property), however, the generated
-  /// source code must fall back to having a nullable type.
-  /// Consider adding a "default:" property in the specification file to hide this note.
-  ///
   String? storageLabel;
 
   @override
-  bool operator ==(Object other) => identical(this, other) || other is UpdateUserDto &&
+  bool operator ==(Object other) => identical(this, other) || other is UserAdminUpdateDto &&
     other.avatarColor == avatarColor &&
     other.email == email &&
-    other.id == id &&
-    other.isAdmin == isAdmin &&
     other.memoriesEnabled == memoriesEnabled &&
     other.name == name &&
     other.password == password &&
@@ -112,8 +92,6 @@ class UpdateUserDto {
     // ignore: unnecessary_parenthesis
     (avatarColor == null ? 0 : avatarColor!.hashCode) +
     (email == null ? 0 : email!.hashCode) +
-    (id.hashCode) +
-    (isAdmin == null ? 0 : isAdmin!.hashCode) +
     (memoriesEnabled == null ? 0 : memoriesEnabled!.hashCode) +
     (name == null ? 0 : name!.hashCode) +
     (password == null ? 0 : password!.hashCode) +
@@ -122,7 +100,7 @@ class UpdateUserDto {
     (storageLabel == null ? 0 : storageLabel!.hashCode);
 
   @override
-  String toString() => 'UpdateUserDto[avatarColor=$avatarColor, email=$email, id=$id, isAdmin=$isAdmin, memoriesEnabled=$memoriesEnabled, name=$name, password=$password, quotaSizeInBytes=$quotaSizeInBytes, shouldChangePassword=$shouldChangePassword, storageLabel=$storageLabel]';
+  String toString() => 'UserAdminUpdateDto[avatarColor=$avatarColor, email=$email, memoriesEnabled=$memoriesEnabled, name=$name, password=$password, quotaSizeInBytes=$quotaSizeInBytes, shouldChangePassword=$shouldChangePassword, storageLabel=$storageLabel]';
 
   Map<String, dynamic> toJson() {
     final json = <String, dynamic>{};
@@ -135,12 +113,6 @@ class UpdateUserDto {
       json[r'email'] = this.email;
     } else {
     //  json[r'email'] = null;
-    }
-      json[r'id'] = this.id;
-    if (this.isAdmin != null) {
-      json[r'isAdmin'] = this.isAdmin;
-    } else {
-    //  json[r'isAdmin'] = null;
     }
     if (this.memoriesEnabled != null) {
       json[r'memoriesEnabled'] = this.memoriesEnabled;
@@ -175,18 +147,16 @@ class UpdateUserDto {
     return json;
   }
 
-  /// Returns a new [UpdateUserDto] instance and imports its values from
+  /// Returns a new [UserAdminUpdateDto] instance and imports its values from
   /// [value] if it's a [Map], null otherwise.
   // ignore: prefer_constructors_over_static_methods
-  static UpdateUserDto? fromJson(dynamic value) {
+  static UserAdminUpdateDto? fromJson(dynamic value) {
     if (value is Map) {
       final json = value.cast<String, dynamic>();
 
-      return UpdateUserDto(
+      return UserAdminUpdateDto(
         avatarColor: UserAvatarColor.fromJson(json[r'avatarColor']),
         email: mapValueOfType<String>(json, r'email'),
-        id: mapValueOfType<String>(json, r'id')!,
-        isAdmin: mapValueOfType<bool>(json, r'isAdmin'),
         memoriesEnabled: mapValueOfType<bool>(json, r'memoriesEnabled'),
         name: mapValueOfType<String>(json, r'name'),
         password: mapValueOfType<String>(json, r'password'),
@@ -198,11 +168,11 @@ class UpdateUserDto {
     return null;
   }
 
-  static List<UpdateUserDto> listFromJson(dynamic json, {bool growable = false,}) {
-    final result = <UpdateUserDto>[];
+  static List<UserAdminUpdateDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <UserAdminUpdateDto>[];
     if (json is List && json.isNotEmpty) {
       for (final row in json) {
-        final value = UpdateUserDto.fromJson(row);
+        final value = UserAdminUpdateDto.fromJson(row);
         if (value != null) {
           result.add(value);
         }
@@ -211,12 +181,12 @@ class UpdateUserDto {
     return result.toList(growable: growable);
   }
 
-  static Map<String, UpdateUserDto> mapFromJson(dynamic json) {
-    final map = <String, UpdateUserDto>{};
+  static Map<String, UserAdminUpdateDto> mapFromJson(dynamic json) {
+    final map = <String, UserAdminUpdateDto>{};
     if (json is Map && json.isNotEmpty) {
       json = json.cast<String, dynamic>(); // ignore: parameter_assignments
       for (final entry in json.entries) {
-        final value = UpdateUserDto.fromJson(entry.value);
+        final value = UserAdminUpdateDto.fromJson(entry.value);
         if (value != null) {
           map[entry.key] = value;
         }
@@ -225,14 +195,14 @@ class UpdateUserDto {
     return map;
   }
 
-  // maps a json object with a list of UpdateUserDto-objects as value to a dart map
-  static Map<String, List<UpdateUserDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
-    final map = <String, List<UpdateUserDto>>{};
+  // maps a json object with a list of UserAdminUpdateDto-objects as value to a dart map
+  static Map<String, List<UserAdminUpdateDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<UserAdminUpdateDto>>{};
     if (json is Map && json.isNotEmpty) {
       // ignore: parameter_assignments
       json = json.cast<String, dynamic>();
       for (final entry in json.entries) {
-        map[entry.key] = UpdateUserDto.listFromJson(entry.value, growable: growable,);
+        map[entry.key] = UserAdminUpdateDto.listFromJson(entry.value, growable: growable,);
       }
     }
     return map;
@@ -240,7 +210,6 @@ class UpdateUserDto {
 
   /// The list of required keys that must be present in a JSON.
   static const requiredKeys = <String>{
-    'id',
   };
 }
 
diff --git a/mobile/openapi/lib/model/user_dto.dart b/mobile/openapi/lib/model/user_dto.dart
deleted file mode 100644
index 1c4c4eb0b4..0000000000
--- a/mobile/openapi/lib/model/user_dto.dart
+++ /dev/null
@@ -1,130 +0,0 @@
-//
-// AUTO-GENERATED FILE, DO NOT MODIFY!
-//
-// @dart=2.18
-
-// ignore_for_file: unused_element, unused_import
-// ignore_for_file: always_put_required_named_parameters_first
-// ignore_for_file: constant_identifier_names
-// ignore_for_file: lines_longer_than_80_chars
-
-part of openapi.api;
-
-class UserDto {
-  /// Returns a new [UserDto] instance.
-  UserDto({
-    required this.avatarColor,
-    required this.email,
-    required this.id,
-    required this.name,
-    required this.profileImagePath,
-  });
-
-  UserAvatarColor avatarColor;
-
-  String email;
-
-  String id;
-
-  String name;
-
-  String profileImagePath;
-
-  @override
-  bool operator ==(Object other) => identical(this, other) || other is UserDto &&
-    other.avatarColor == avatarColor &&
-    other.email == email &&
-    other.id == id &&
-    other.name == name &&
-    other.profileImagePath == profileImagePath;
-
-  @override
-  int get hashCode =>
-    // ignore: unnecessary_parenthesis
-    (avatarColor.hashCode) +
-    (email.hashCode) +
-    (id.hashCode) +
-    (name.hashCode) +
-    (profileImagePath.hashCode);
-
-  @override
-  String toString() => 'UserDto[avatarColor=$avatarColor, email=$email, id=$id, name=$name, profileImagePath=$profileImagePath]';
-
-  Map<String, dynamic> toJson() {
-    final json = <String, dynamic>{};
-      json[r'avatarColor'] = this.avatarColor;
-      json[r'email'] = this.email;
-      json[r'id'] = this.id;
-      json[r'name'] = this.name;
-      json[r'profileImagePath'] = this.profileImagePath;
-    return json;
-  }
-
-  /// Returns a new [UserDto] instance and imports its values from
-  /// [value] if it's a [Map], null otherwise.
-  // ignore: prefer_constructors_over_static_methods
-  static UserDto? fromJson(dynamic value) {
-    if (value is Map) {
-      final json = value.cast<String, dynamic>();
-
-      return UserDto(
-        avatarColor: UserAvatarColor.fromJson(json[r'avatarColor'])!,
-        email: mapValueOfType<String>(json, r'email')!,
-        id: mapValueOfType<String>(json, r'id')!,
-        name: mapValueOfType<String>(json, r'name')!,
-        profileImagePath: mapValueOfType<String>(json, r'profileImagePath')!,
-      );
-    }
-    return null;
-  }
-
-  static List<UserDto> listFromJson(dynamic json, {bool growable = false,}) {
-    final result = <UserDto>[];
-    if (json is List && json.isNotEmpty) {
-      for (final row in json) {
-        final value = UserDto.fromJson(row);
-        if (value != null) {
-          result.add(value);
-        }
-      }
-    }
-    return result.toList(growable: growable);
-  }
-
-  static Map<String, UserDto> mapFromJson(dynamic json) {
-    final map = <String, UserDto>{};
-    if (json is Map && json.isNotEmpty) {
-      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
-      for (final entry in json.entries) {
-        final value = UserDto.fromJson(entry.value);
-        if (value != null) {
-          map[entry.key] = value;
-        }
-      }
-    }
-    return map;
-  }
-
-  // maps a json object with a list of UserDto-objects as value to a dart map
-  static Map<String, List<UserDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
-    final map = <String, List<UserDto>>{};
-    if (json is Map && json.isNotEmpty) {
-      // ignore: parameter_assignments
-      json = json.cast<String, dynamic>();
-      for (final entry in json.entries) {
-        map[entry.key] = UserDto.listFromJson(entry.value, growable: growable,);
-      }
-    }
-    return map;
-  }
-
-  /// The list of required keys that must be present in a JSON.
-  static const requiredKeys = <String>{
-    'avatarColor',
-    'email',
-    'id',
-    'name',
-    'profileImagePath',
-  };
-}
-
diff --git a/mobile/openapi/lib/model/user_response_dto.dart b/mobile/openapi/lib/model/user_response_dto.dart
index 063b3d33b6..41c1899848 100644
--- a/mobile/openapi/lib/model/user_response_dto.dart
+++ b/mobile/openapi/lib/model/user_response_dto.dart
@@ -14,141 +14,49 @@ class UserResponseDto {
   /// Returns a new [UserResponseDto] instance.
   UserResponseDto({
     required this.avatarColor,
-    required this.createdAt,
-    required this.deletedAt,
     required this.email,
     required this.id,
-    required this.isAdmin,
-    this.memoriesEnabled,
     required this.name,
-    required this.oauthId,
     required this.profileImagePath,
-    required this.quotaSizeInBytes,
-    required this.quotaUsageInBytes,
-    required this.shouldChangePassword,
-    required this.status,
-    required this.storageLabel,
-    required this.updatedAt,
   });
 
   UserAvatarColor avatarColor;
 
-  DateTime createdAt;
-
-  DateTime? deletedAt;
-
   String email;
 
   String id;
 
-  bool isAdmin;
-
-  ///
-  /// Please note: This property should have been non-nullable! Since the specification file
-  /// does not include a default value (using the "default:" property), however, the generated
-  /// source code must fall back to having a nullable type.
-  /// Consider adding a "default:" property in the specification file to hide this note.
-  ///
-  bool? memoriesEnabled;
-
   String name;
 
-  String oauthId;
-
   String profileImagePath;
 
-  int? quotaSizeInBytes;
-
-  int? quotaUsageInBytes;
-
-  bool shouldChangePassword;
-
-  UserStatus status;
-
-  String? storageLabel;
-
-  DateTime updatedAt;
-
   @override
   bool operator ==(Object other) => identical(this, other) || other is UserResponseDto &&
     other.avatarColor == avatarColor &&
-    other.createdAt == createdAt &&
-    other.deletedAt == deletedAt &&
     other.email == email &&
     other.id == id &&
-    other.isAdmin == isAdmin &&
-    other.memoriesEnabled == memoriesEnabled &&
     other.name == name &&
-    other.oauthId == oauthId &&
-    other.profileImagePath == profileImagePath &&
-    other.quotaSizeInBytes == quotaSizeInBytes &&
-    other.quotaUsageInBytes == quotaUsageInBytes &&
-    other.shouldChangePassword == shouldChangePassword &&
-    other.status == status &&
-    other.storageLabel == storageLabel &&
-    other.updatedAt == updatedAt;
+    other.profileImagePath == profileImagePath;
 
   @override
   int get hashCode =>
     // ignore: unnecessary_parenthesis
     (avatarColor.hashCode) +
-    (createdAt.hashCode) +
-    (deletedAt == null ? 0 : deletedAt!.hashCode) +
     (email.hashCode) +
     (id.hashCode) +
-    (isAdmin.hashCode) +
-    (memoriesEnabled == null ? 0 : memoriesEnabled!.hashCode) +
     (name.hashCode) +
-    (oauthId.hashCode) +
-    (profileImagePath.hashCode) +
-    (quotaSizeInBytes == null ? 0 : quotaSizeInBytes!.hashCode) +
-    (quotaUsageInBytes == null ? 0 : quotaUsageInBytes!.hashCode) +
-    (shouldChangePassword.hashCode) +
-    (status.hashCode) +
-    (storageLabel == null ? 0 : storageLabel!.hashCode) +
-    (updatedAt.hashCode);
+    (profileImagePath.hashCode);
 
   @override
-  String toString() => 'UserResponseDto[avatarColor=$avatarColor, createdAt=$createdAt, deletedAt=$deletedAt, email=$email, id=$id, isAdmin=$isAdmin, memoriesEnabled=$memoriesEnabled, name=$name, oauthId=$oauthId, profileImagePath=$profileImagePath, quotaSizeInBytes=$quotaSizeInBytes, quotaUsageInBytes=$quotaUsageInBytes, shouldChangePassword=$shouldChangePassword, status=$status, storageLabel=$storageLabel, updatedAt=$updatedAt]';
+  String toString() => 'UserResponseDto[avatarColor=$avatarColor, email=$email, id=$id, name=$name, profileImagePath=$profileImagePath]';
 
   Map<String, dynamic> toJson() {
     final json = <String, dynamic>{};
       json[r'avatarColor'] = this.avatarColor;
-      json[r'createdAt'] = this.createdAt.toUtc().toIso8601String();
-    if (this.deletedAt != null) {
-      json[r'deletedAt'] = this.deletedAt!.toUtc().toIso8601String();
-    } else {
-    //  json[r'deletedAt'] = null;
-    }
       json[r'email'] = this.email;
       json[r'id'] = this.id;
-      json[r'isAdmin'] = this.isAdmin;
-    if (this.memoriesEnabled != null) {
-      json[r'memoriesEnabled'] = this.memoriesEnabled;
-    } else {
-    //  json[r'memoriesEnabled'] = null;
-    }
       json[r'name'] = this.name;
-      json[r'oauthId'] = this.oauthId;
       json[r'profileImagePath'] = this.profileImagePath;
-    if (this.quotaSizeInBytes != null) {
-      json[r'quotaSizeInBytes'] = this.quotaSizeInBytes;
-    } else {
-    //  json[r'quotaSizeInBytes'] = null;
-    }
-    if (this.quotaUsageInBytes != null) {
-      json[r'quotaUsageInBytes'] = this.quotaUsageInBytes;
-    } else {
-    //  json[r'quotaUsageInBytes'] = null;
-    }
-      json[r'shouldChangePassword'] = this.shouldChangePassword;
-      json[r'status'] = this.status;
-    if (this.storageLabel != null) {
-      json[r'storageLabel'] = this.storageLabel;
-    } else {
-    //  json[r'storageLabel'] = null;
-    }
-      json[r'updatedAt'] = this.updatedAt.toUtc().toIso8601String();
     return json;
   }
 
@@ -161,21 +69,10 @@ class UserResponseDto {
 
       return UserResponseDto(
         avatarColor: UserAvatarColor.fromJson(json[r'avatarColor'])!,
-        createdAt: mapDateTime(json, r'createdAt', r'')!,
-        deletedAt: mapDateTime(json, r'deletedAt', r''),
         email: mapValueOfType<String>(json, r'email')!,
         id: mapValueOfType<String>(json, r'id')!,
-        isAdmin: mapValueOfType<bool>(json, r'isAdmin')!,
-        memoriesEnabled: mapValueOfType<bool>(json, r'memoriesEnabled'),
         name: mapValueOfType<String>(json, r'name')!,
-        oauthId: mapValueOfType<String>(json, r'oauthId')!,
         profileImagePath: mapValueOfType<String>(json, r'profileImagePath')!,
-        quotaSizeInBytes: mapValueOfType<int>(json, r'quotaSizeInBytes'),
-        quotaUsageInBytes: mapValueOfType<int>(json, r'quotaUsageInBytes'),
-        shouldChangePassword: mapValueOfType<bool>(json, r'shouldChangePassword')!,
-        status: UserStatus.fromJson(json[r'status'])!,
-        storageLabel: mapValueOfType<String>(json, r'storageLabel'),
-        updatedAt: mapDateTime(json, r'updatedAt', r'')!,
       );
     }
     return null;
@@ -224,20 +121,10 @@ class UserResponseDto {
   /// The list of required keys that must be present in a JSON.
   static const requiredKeys = <String>{
     'avatarColor',
-    'createdAt',
-    'deletedAt',
     'email',
     'id',
-    'isAdmin',
     'name',
-    'oauthId',
     'profileImagePath',
-    'quotaSizeInBytes',
-    'quotaUsageInBytes',
-    'shouldChangePassword',
-    'status',
-    'storageLabel',
-    'updatedAt',
   };
 }
 
diff --git a/mobile/openapi/lib/model/user_update_me_dto.dart b/mobile/openapi/lib/model/user_update_me_dto.dart
new file mode 100644
index 0000000000..1b54d4a383
--- /dev/null
+++ b/mobile/openapi/lib/model/user_update_me_dto.dart
@@ -0,0 +1,175 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class UserUpdateMeDto {
+  /// Returns a new [UserUpdateMeDto] instance.
+  UserUpdateMeDto({
+    this.avatarColor,
+    this.email,
+    this.memoriesEnabled,
+    this.name,
+    this.password,
+  });
+
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  UserAvatarColor? avatarColor;
+
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  String? email;
+
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  bool? memoriesEnabled;
+
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  String? name;
+
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  String? password;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is UserUpdateMeDto &&
+    other.avatarColor == avatarColor &&
+    other.email == email &&
+    other.memoriesEnabled == memoriesEnabled &&
+    other.name == name &&
+    other.password == password;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (avatarColor == null ? 0 : avatarColor!.hashCode) +
+    (email == null ? 0 : email!.hashCode) +
+    (memoriesEnabled == null ? 0 : memoriesEnabled!.hashCode) +
+    (name == null ? 0 : name!.hashCode) +
+    (password == null ? 0 : password!.hashCode);
+
+  @override
+  String toString() => 'UserUpdateMeDto[avatarColor=$avatarColor, email=$email, memoriesEnabled=$memoriesEnabled, name=$name, password=$password]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+    if (this.avatarColor != null) {
+      json[r'avatarColor'] = this.avatarColor;
+    } else {
+    //  json[r'avatarColor'] = null;
+    }
+    if (this.email != null) {
+      json[r'email'] = this.email;
+    } else {
+    //  json[r'email'] = null;
+    }
+    if (this.memoriesEnabled != null) {
+      json[r'memoriesEnabled'] = this.memoriesEnabled;
+    } else {
+    //  json[r'memoriesEnabled'] = null;
+    }
+    if (this.name != null) {
+      json[r'name'] = this.name;
+    } else {
+    //  json[r'name'] = null;
+    }
+    if (this.password != null) {
+      json[r'password'] = this.password;
+    } else {
+    //  json[r'password'] = null;
+    }
+    return json;
+  }
+
+  /// Returns a new [UserUpdateMeDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static UserUpdateMeDto? fromJson(dynamic value) {
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return UserUpdateMeDto(
+        avatarColor: UserAvatarColor.fromJson(json[r'avatarColor']),
+        email: mapValueOfType<String>(json, r'email'),
+        memoriesEnabled: mapValueOfType<bool>(json, r'memoriesEnabled'),
+        name: mapValueOfType<String>(json, r'name'),
+        password: mapValueOfType<String>(json, r'password'),
+      );
+    }
+    return null;
+  }
+
+  static List<UserUpdateMeDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <UserUpdateMeDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = UserUpdateMeDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, UserUpdateMeDto> mapFromJson(dynamic json) {
+    final map = <String, UserUpdateMeDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = UserUpdateMeDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of UserUpdateMeDto-objects as value to a dart map
+  static Map<String, List<UserUpdateMeDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<UserUpdateMeDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = UserUpdateMeDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+  };
+}
+
diff --git a/open-api/immich-openapi-specs.json b/open-api/immich-openapi-specs.json
index 82e328bc47..558823e62b 100644
--- a/open-api/immich-openapi-specs.json
+++ b/open-api/immich-openapi-specs.json
@@ -206,6 +206,274 @@
         ]
       }
     },
+    "/admin/users": {
+      "get": {
+        "operationId": "searchUsersAdmin",
+        "parameters": [
+          {
+            "name": "withDeleted",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "type": "boolean"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "items": {
+                    "$ref": "#/components/schemas/UserAdminResponseDto"
+                  },
+                  "type": "array"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "User"
+        ]
+      },
+      "post": {
+        "operationId": "createUserAdmin",
+        "parameters": [],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/UserAdminCreateDto"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "201": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "User"
+        ]
+      }
+    },
+    "/admin/users/{id}": {
+      "delete": {
+        "operationId": "deleteUserAdmin",
+        "parameters": [
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          }
+        ],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/UserAdminDeleteDto"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "User"
+        ]
+      },
+      "get": {
+        "operationId": "getUserAdmin",
+        "parameters": [
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "User"
+        ]
+      },
+      "put": {
+        "operationId": "updateUserAdmin",
+        "parameters": [
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          }
+        ],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/UserAdminUpdateDto"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "User"
+        ]
+      }
+    },
+    "/admin/users/{id}/restore": {
+      "post": {
+        "operationId": "restoreUserAdmin",
+        "parameters": [
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "User"
+        ]
+      }
+    },
     "/albums": {
       "get": {
         "operationId": "getAllAlbums",
@@ -1879,7 +2147,7 @@
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/UserResponseDto"
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
                 }
               }
             },
@@ -1910,7 +2178,7 @@
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/UserResponseDto"
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
                 }
               }
             },
@@ -3160,7 +3428,7 @@
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/UserResponseDto"
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
                 }
               }
             },
@@ -3206,7 +3474,7 @@
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/UserResponseDto"
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
                 }
               }
             },
@@ -6030,17 +6298,8 @@
     },
     "/users": {
       "get": {
-        "operationId": "getAllUsers",
-        "parameters": [
-          {
-            "name": "isAll",
-            "required": true,
-            "in": "query",
-            "schema": {
-              "type": "boolean"
-            }
-          }
-        ],
+        "operationId": "searchUsers",
+        "parameters": [],
         "responses": {
           "200": {
             "content": {
@@ -6070,26 +6329,18 @@
         "tags": [
           "User"
         ]
-      },
-      "post": {
-        "operationId": "createUser",
+      }
+    },
+    "/users/me": {
+      "get": {
+        "operationId": "getMyUser",
         "parameters": [],
-        "requestBody": {
-          "content": {
-            "application/json": {
-              "schema": {
-                "$ref": "#/components/schemas/CreateUserDto"
-              }
-            }
-          },
-          "required": true
-        },
         "responses": {
-          "201": {
+          "200": {
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/UserResponseDto"
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
                 }
               }
             },
@@ -6112,13 +6363,13 @@
         ]
       },
       "put": {
-        "operationId": "updateUser",
+        "operationId": "updateMyUser",
         "parameters": [],
         "requestBody": {
           "content": {
             "application/json": {
               "schema": {
-                "$ref": "#/components/schemas/UpdateUserDto"
+                "$ref": "#/components/schemas/UserUpdateMeDto"
               }
             }
           },
@@ -6129,39 +6380,7 @@
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/UserResponseDto"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "security": [
-          {
-            "bearer": []
-          },
-          {
-            "cookie": []
-          },
-          {
-            "api_key": []
-          }
-        ],
-        "tags": [
-          "User"
-        ]
-      }
-    },
-    "/users/me": {
-      "get": {
-        "operationId": "getMyUserInfo",
-        "parameters": [],
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/UserResponseDto"
+                  "$ref": "#/components/schemas/UserAdminResponseDto"
                 }
               }
             },
@@ -6251,58 +6470,8 @@
       }
     },
     "/users/{id}": {
-      "delete": {
-        "operationId": "deleteUser",
-        "parameters": [
-          {
-            "name": "id",
-            "required": true,
-            "in": "path",
-            "schema": {
-              "format": "uuid",
-              "type": "string"
-            }
-          }
-        ],
-        "requestBody": {
-          "content": {
-            "application/json": {
-              "schema": {
-                "$ref": "#/components/schemas/DeleteUserDto"
-              }
-            }
-          },
-          "required": true
-        },
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/UserResponseDto"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "security": [
-          {
-            "bearer": []
-          },
-          {
-            "cookie": []
-          },
-          {
-            "api_key": []
-          }
-        ],
-        "tags": [
-          "User"
-        ]
-      },
       "get": {
-        "operationId": "getUserById",
+        "operationId": "getUser",
         "parameters": [
           {
             "name": "id",
@@ -6384,48 +6553,6 @@
           "User"
         ]
       }
-    },
-    "/users/{id}/restore": {
-      "post": {
-        "operationId": "restoreUser",
-        "parameters": [
-          {
-            "name": "id",
-            "required": true,
-            "in": "path",
-            "schema": {
-              "format": "uuid",
-              "type": "string"
-            }
-          }
-        ],
-        "responses": {
-          "201": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/UserResponseDto"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "security": [
-          {
-            "bearer": []
-          },
-          {
-            "cookie": []
-          },
-          {
-            "api_key": []
-          }
-        ],
-        "tags": [
-          "User"
-        ]
-      }
     }
   },
   "info": {
@@ -6567,7 +6694,7 @@
             "type": "string"
           },
           "user": {
-            "$ref": "#/components/schemas/UserDto"
+            "$ref": "#/components/schemas/UserResponseDto"
           }
         },
         "required": [
@@ -7775,52 +7902,6 @@
         ],
         "type": "object"
       },
-      "CreateUserDto": {
-        "properties": {
-          "email": {
-            "type": "string"
-          },
-          "memoriesEnabled": {
-            "type": "boolean"
-          },
-          "name": {
-            "type": "string"
-          },
-          "notify": {
-            "type": "boolean"
-          },
-          "password": {
-            "type": "string"
-          },
-          "quotaSizeInBytes": {
-            "format": "int64",
-            "minimum": 1,
-            "nullable": true,
-            "type": "integer"
-          },
-          "shouldChangePassword": {
-            "type": "boolean"
-          },
-          "storageLabel": {
-            "nullable": true,
-            "type": "string"
-          }
-        },
-        "required": [
-          "email",
-          "name",
-          "password"
-        ],
-        "type": "object"
-      },
-      "DeleteUserDto": {
-        "properties": {
-          "force": {
-            "type": "boolean"
-          }
-        },
-        "type": "object"
-      },
       "DownloadArchiveInfo": {
         "properties": {
           "assetIds": {
@@ -8803,15 +8884,6 @@
           "avatarColor": {
             "$ref": "#/components/schemas/UserAvatarColor"
           },
-          "createdAt": {
-            "format": "date-time",
-            "type": "string"
-          },
-          "deletedAt": {
-            "format": "date-time",
-            "nullable": true,
-            "type": "string"
-          },
           "email": {
             "type": "string"
           },
@@ -8821,62 +8893,19 @@
           "inTimeline": {
             "type": "boolean"
           },
-          "isAdmin": {
-            "type": "boolean"
-          },
-          "memoriesEnabled": {
-            "type": "boolean"
-          },
           "name": {
             "type": "string"
           },
-          "oauthId": {
-            "type": "string"
-          },
           "profileImagePath": {
             "type": "string"
-          },
-          "quotaSizeInBytes": {
-            "format": "int64",
-            "nullable": true,
-            "type": "integer"
-          },
-          "quotaUsageInBytes": {
-            "format": "int64",
-            "nullable": true,
-            "type": "integer"
-          },
-          "shouldChangePassword": {
-            "type": "boolean"
-          },
-          "status": {
-            "$ref": "#/components/schemas/UserStatus"
-          },
-          "storageLabel": {
-            "nullable": true,
-            "type": "string"
-          },
-          "updatedAt": {
-            "format": "date-time",
-            "type": "string"
           }
         },
         "required": [
           "avatarColor",
-          "createdAt",
-          "deletedAt",
           "email",
           "id",
-          "isAdmin",
           "name",
-          "oauthId",
-          "profileImagePath",
-          "quotaSizeInBytes",
-          "quotaUsageInBytes",
-          "shouldChangePassword",
-          "status",
-          "storageLabel",
-          "updatedAt"
+          "profileImagePath"
         ],
         "type": "object"
       },
@@ -10810,48 +10839,6 @@
         },
         "type": "object"
       },
-      "UpdateUserDto": {
-        "properties": {
-          "avatarColor": {
-            "$ref": "#/components/schemas/UserAvatarColor"
-          },
-          "email": {
-            "type": "string"
-          },
-          "id": {
-            "format": "uuid",
-            "type": "string"
-          },
-          "isAdmin": {
-            "type": "boolean"
-          },
-          "memoriesEnabled": {
-            "type": "boolean"
-          },
-          "name": {
-            "type": "string"
-          },
-          "password": {
-            "type": "string"
-          },
-          "quotaSizeInBytes": {
-            "format": "int64",
-            "minimum": 1,
-            "nullable": true,
-            "type": "integer"
-          },
-          "shouldChangePassword": {
-            "type": "boolean"
-          },
-          "storageLabel": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "id"
-        ],
-        "type": "object"
-      },
       "UsageByUserDto": {
         "properties": {
           "photos": {
@@ -10886,49 +10873,53 @@
         ],
         "type": "object"
       },
-      "UserAvatarColor": {
-        "enum": [
-          "primary",
-          "pink",
-          "red",
-          "yellow",
-          "blue",
-          "green",
-          "purple",
-          "orange",
-          "gray",
-          "amber"
-        ],
-        "type": "string"
-      },
-      "UserDto": {
+      "UserAdminCreateDto": {
         "properties": {
-          "avatarColor": {
-            "$ref": "#/components/schemas/UserAvatarColor"
-          },
           "email": {
             "type": "string"
           },
-          "id": {
-            "type": "string"
+          "memoriesEnabled": {
+            "type": "boolean"
           },
           "name": {
             "type": "string"
           },
-          "profileImagePath": {
+          "notify": {
+            "type": "boolean"
+          },
+          "password": {
+            "type": "string"
+          },
+          "quotaSizeInBytes": {
+            "format": "int64",
+            "minimum": 1,
+            "nullable": true,
+            "type": "integer"
+          },
+          "shouldChangePassword": {
+            "type": "boolean"
+          },
+          "storageLabel": {
+            "nullable": true,
             "type": "string"
           }
         },
         "required": [
-          "avatarColor",
           "email",
-          "id",
           "name",
-          "profileImagePath"
+          "password"
         ],
         "type": "object"
       },
-      "UserResponseDto": {
+      "UserAdminDeleteDto": {
+        "properties": {
+          "force": {
+            "type": "boolean"
+          }
+        },
+        "type": "object"
+      },
+      "UserAdminResponseDto": {
         "properties": {
           "avatarColor": {
             "$ref": "#/components/schemas/UserAvatarColor"
@@ -11007,6 +10998,81 @@
         ],
         "type": "object"
       },
+      "UserAdminUpdateDto": {
+        "properties": {
+          "avatarColor": {
+            "$ref": "#/components/schemas/UserAvatarColor"
+          },
+          "email": {
+            "type": "string"
+          },
+          "memoriesEnabled": {
+            "type": "boolean"
+          },
+          "name": {
+            "type": "string"
+          },
+          "password": {
+            "type": "string"
+          },
+          "quotaSizeInBytes": {
+            "format": "int64",
+            "minimum": 1,
+            "nullable": true,
+            "type": "integer"
+          },
+          "shouldChangePassword": {
+            "type": "boolean"
+          },
+          "storageLabel": {
+            "nullable": true,
+            "type": "string"
+          }
+        },
+        "type": "object"
+      },
+      "UserAvatarColor": {
+        "enum": [
+          "primary",
+          "pink",
+          "red",
+          "yellow",
+          "blue",
+          "green",
+          "purple",
+          "orange",
+          "gray",
+          "amber"
+        ],
+        "type": "string"
+      },
+      "UserResponseDto": {
+        "properties": {
+          "avatarColor": {
+            "$ref": "#/components/schemas/UserAvatarColor"
+          },
+          "email": {
+            "type": "string"
+          },
+          "id": {
+            "type": "string"
+          },
+          "name": {
+            "type": "string"
+          },
+          "profileImagePath": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "avatarColor",
+          "email",
+          "id",
+          "name",
+          "profileImagePath"
+        ],
+        "type": "object"
+      },
       "UserStatus": {
         "enum": [
           "active",
@@ -11015,6 +11081,26 @@
         ],
         "type": "string"
       },
+      "UserUpdateMeDto": {
+        "properties": {
+          "avatarColor": {
+            "$ref": "#/components/schemas/UserAvatarColor"
+          },
+          "email": {
+            "type": "string"
+          },
+          "memoriesEnabled": {
+            "type": "boolean"
+          },
+          "name": {
+            "type": "string"
+          },
+          "password": {
+            "type": "string"
+          }
+        },
+        "type": "object"
+      },
       "ValidateAccessTokenResponseDto": {
         "properties": {
           "authStatus": {
diff --git a/open-api/typescript-sdk/README.md b/open-api/typescript-sdk/README.md
index 91b702d43e..53a83a4237 100644
--- a/open-api/typescript-sdk/README.md
+++ b/open-api/typescript-sdk/README.md
@@ -13,13 +13,22 @@ npm i --save @immich/sdk
 For a more detailed example, check out the [`@immich/cli`](https://github.com/immich-app/immich/tree/main/cli).
 
 ```typescript
+<<<<<<< HEAD
+import { getAllAlbums, getAllAssets, getMyUser, init } from "@immich/sdk";
+=======
 import { getAllAlbums, getMyUserInfo, init } from "@immich/sdk";
+>>>>>>> e7c8501930a988dfb6c23ce1c48b0beb076a58c2
 
 const API_KEY = "<API_KEY>"; // process.env.IMMICH_API_KEY
 
 init({ baseUrl: "https://demo.immich.app/api", apiKey: API_KEY });
 
+<<<<<<< HEAD
+const user = await getMyUser();
+const assets = await getAllAssets({ take: 1000 });
+=======
 const user = await getMyUserInfo();
+>>>>>>> e7c8501930a988dfb6c23ce1c48b0beb076a58c2
 const albums = await getAllAlbums({});
 
 console.log({ user, albums });
diff --git a/open-api/typescript-sdk/src/fetch-client.ts b/open-api/typescript-sdk/src/fetch-client.ts
index adbae62bbd..2c07072f68 100644
--- a/open-api/typescript-sdk/src/fetch-client.ts
+++ b/open-api/typescript-sdk/src/fetch-client.ts
@@ -14,7 +14,7 @@ const oazapfts = Oazapfts.runtime(defaults);
 export const servers = {
     server1: "/api"
 };
-export type UserDto = {
+export type UserResponseDto = {
     avatarColor: UserAvatarColor;
     email: string;
     id: string;
@@ -27,7 +27,7 @@ export type ActivityResponseDto = {
     createdAt: string;
     id: string;
     "type": Type;
-    user: UserDto;
+    user: UserResponseDto;
 };
 export type ActivityCreateDto = {
     albumId: string;
@@ -38,7 +38,7 @@ export type ActivityCreateDto = {
 export type ActivityStatisticsResponseDto = {
     comments: number;
 };
-export type UserResponseDto = {
+export type UserAdminResponseDto = {
     avatarColor: UserAvatarColor;
     createdAt: string;
     deletedAt: string | null;
@@ -56,6 +56,29 @@ export type UserResponseDto = {
     storageLabel: string | null;
     updatedAt: string;
 };
+export type UserAdminCreateDto = {
+    email: string;
+    memoriesEnabled?: boolean;
+    name: string;
+    notify?: boolean;
+    password: string;
+    quotaSizeInBytes?: number | null;
+    shouldChangePassword?: boolean;
+    storageLabel?: string | null;
+};
+export type UserAdminDeleteDto = {
+    force?: boolean;
+};
+export type UserAdminUpdateDto = {
+    avatarColor?: UserAvatarColor;
+    email?: string;
+    memoriesEnabled?: boolean;
+    name?: string;
+    password?: string;
+    quotaSizeInBytes?: number | null;
+    shouldChangePassword?: boolean;
+    storageLabel?: string | null;
+};
 export type AlbumUserResponseDto = {
     role: AlbumUserRole;
     user: UserResponseDto;
@@ -517,22 +540,11 @@ export type OAuthCallbackDto = {
 };
 export type PartnerResponseDto = {
     avatarColor: UserAvatarColor;
-    createdAt: string;
-    deletedAt: string | null;
     email: string;
     id: string;
     inTimeline?: boolean;
-    isAdmin: boolean;
-    memoriesEnabled?: boolean;
     name: string;
-    oauthId: string;
     profileImagePath: string;
-    quotaSizeInBytes: number | null;
-    quotaUsageInBytes: number | null;
-    shouldChangePassword: boolean;
-    status: UserStatus;
-    storageLabel: string | null;
-    updatedAt: string;
 };
 export type UpdatePartnerDto = {
     inTimeline: boolean;
@@ -1060,27 +1072,12 @@ export type TimeBucketResponseDto = {
     count: number;
     timeBucket: string;
 };
-export type CreateUserDto = {
-    email: string;
-    memoriesEnabled?: boolean;
-    name: string;
-    notify?: boolean;
-    password: string;
-    quotaSizeInBytes?: number | null;
-    shouldChangePassword?: boolean;
-    storageLabel?: string | null;
-};
-export type UpdateUserDto = {
+export type UserUpdateMeDto = {
     avatarColor?: UserAvatarColor;
     email?: string;
-    id: string;
-    isAdmin?: boolean;
     memoriesEnabled?: boolean;
     name?: string;
     password?: string;
-    quotaSizeInBytes?: number | null;
-    shouldChangePassword?: boolean;
-    storageLabel?: string;
 };
 export type CreateProfileImageDto = {
     file: Blob;
@@ -1089,9 +1086,6 @@ export type CreateProfileImageResponseDto = {
     profileImagePath: string;
     userId: string;
 };
-export type DeleteUserDto = {
-    force?: boolean;
-};
 export function getActivities({ albumId, assetId, level, $type, userId }: {
     albumId: string;
     assetId?: string;
@@ -1146,6 +1140,77 @@ export function deleteActivity({ id }: {
         method: "DELETE"
     }));
 }
+export function searchUsersAdmin({ withDeleted }: {
+    withDeleted?: boolean;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: UserAdminResponseDto[];
+    }>(`/admin/users${QS.query(QS.explode({
+        withDeleted
+    }))}`, {
+        ...opts
+    }));
+}
+export function createUserAdmin({ userAdminCreateDto }: {
+    userAdminCreateDto: UserAdminCreateDto;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 201;
+        data: UserAdminResponseDto;
+    }>("/admin/users", oazapfts.json({
+        ...opts,
+        method: "POST",
+        body: userAdminCreateDto
+    })));
+}
+export function deleteUserAdmin({ id, userAdminDeleteDto }: {
+    id: string;
+    userAdminDeleteDto: UserAdminDeleteDto;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: UserAdminResponseDto;
+    }>(`/admin/users/${encodeURIComponent(id)}`, oazapfts.json({
+        ...opts,
+        method: "DELETE",
+        body: userAdminDeleteDto
+    })));
+}
+export function getUserAdmin({ id }: {
+    id: string;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: UserAdminResponseDto;
+    }>(`/admin/users/${encodeURIComponent(id)}`, {
+        ...opts
+    }));
+}
+export function updateUserAdmin({ id, userAdminUpdateDto }: {
+    id: string;
+    userAdminUpdateDto: UserAdminUpdateDto;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: UserAdminResponseDto;
+    }>(`/admin/users/${encodeURIComponent(id)}`, oazapfts.json({
+        ...opts,
+        method: "PUT",
+        body: userAdminUpdateDto
+    })));
+}
+export function restoreUserAdmin({ id }: {
+    id: string;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 201;
+        data: UserAdminResponseDto;
+    }>(`/admin/users/${encodeURIComponent(id)}/restore`, {
+        ...opts,
+        method: "POST"
+    }));
+}
 export function getAllAlbums({ assetId, shared }: {
     assetId?: string;
     shared?: boolean;
@@ -1589,7 +1654,7 @@ export function signUpAdmin({ signUpDto }: {
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 201;
-        data: UserResponseDto;
+        data: UserAdminResponseDto;
     }>("/auth/admin-sign-up", oazapfts.json({
         ...opts,
         method: "POST",
@@ -1601,7 +1666,7 @@ export function changePassword({ changePasswordDto }: {
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 200;
-        data: UserResponseDto;
+        data: UserAdminResponseDto;
     }>("/auth/change-password", oazapfts.json({
         ...opts,
         method: "POST",
@@ -1934,7 +1999,7 @@ export function linkOAuthAccount({ oAuthCallbackDto }: {
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 201;
-        data: UserResponseDto;
+        data: UserAdminResponseDto;
     }>("/oauth/link", oazapfts.json({
         ...opts,
         method: "POST",
@@ -1949,7 +2014,7 @@ export function redirectOAuthToMobile(opts?: Oazapfts.RequestOpts) {
 export function unlinkOAuthAccount(opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 201;
-        data: UserResponseDto;
+        data: UserAdminResponseDto;
     }>("/oauth/unlink", {
         ...opts,
         method: "POST"
@@ -2687,50 +2752,34 @@ export function restoreAssets({ bulkIdsDto }: {
         body: bulkIdsDto
     })));
 }
-export function getAllUsers({ isAll }: {
-    isAll: boolean;
-}, opts?: Oazapfts.RequestOpts) {
+export function searchUsers(opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 200;
         data: UserResponseDto[];
-    }>(`/users${QS.query(QS.explode({
-        isAll
-    }))}`, {
+    }>("/users", {
         ...opts
     }));
 }
-export function createUser({ createUserDto }: {
-    createUserDto: CreateUserDto;
-}, opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 201;
-        data: UserResponseDto;
-    }>("/users", oazapfts.json({
-        ...opts,
-        method: "POST",
-        body: createUserDto
-    })));
-}
-export function updateUser({ updateUserDto }: {
-    updateUserDto: UpdateUserDto;
-}, opts?: Oazapfts.RequestOpts) {
+export function getMyUser(opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 200;
-        data: UserResponseDto;
-    }>("/users", oazapfts.json({
-        ...opts,
-        method: "PUT",
-        body: updateUserDto
-    })));
-}
-export function getMyUserInfo(opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: UserResponseDto;
+        data: UserAdminResponseDto;
     }>("/users/me", {
         ...opts
     }));
 }
+export function updateMyUser({ userUpdateMeDto }: {
+    userUpdateMeDto: UserUpdateMeDto;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: UserAdminResponseDto;
+    }>("/users/me", oazapfts.json({
+        ...opts,
+        method: "PUT",
+        body: userUpdateMeDto
+    })));
+}
 export function deleteProfileImage(opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchText("/users/profile-image", {
         ...opts,
@@ -2749,20 +2798,7 @@ export function createProfileImage({ createProfileImageDto }: {
         body: createProfileImageDto
     })));
 }
-export function deleteUser({ id, deleteUserDto }: {
-    id: string;
-    deleteUserDto: DeleteUserDto;
-}, opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: UserResponseDto;
-    }>(`/users/${encodeURIComponent(id)}`, oazapfts.json({
-        ...opts,
-        method: "DELETE",
-        body: deleteUserDto
-    })));
-}
-export function getUserById({ id }: {
+export function getUser({ id }: {
     id: string;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
@@ -2782,17 +2818,6 @@ export function getProfileImage({ id }: {
         ...opts
     }));
 }
-export function restoreUser({ id }: {
-    id: string;
-}, opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 201;
-        data: UserResponseDto;
-    }>(`/users/${encodeURIComponent(id)}/restore`, {
-        ...opts,
-        method: "POST"
-    }));
-}
 export enum ReactionLevel {
     Album = "album",
     Asset = "asset"
@@ -2817,15 +2842,15 @@ export enum UserAvatarColor {
     Gray = "gray",
     Amber = "amber"
 }
-export enum AlbumUserRole {
-    Editor = "editor",
-    Viewer = "viewer"
-}
 export enum UserStatus {
     Active = "active",
     Removing = "removing",
     Deleted = "deleted"
 }
+export enum AlbumUserRole {
+    Editor = "editor",
+    Viewer = "viewer"
+}
 export enum TagTypeEnum {
     Object = "OBJECT",
     Face = "FACE",
diff --git a/server/src/commands/reset-admin-password.command.ts b/server/src/commands/reset-admin-password.command.ts
index 32f77109b0..e5dee49837 100644
--- a/server/src/commands/reset-admin-password.command.ts
+++ b/server/src/commands/reset-admin-password.command.ts
@@ -1,9 +1,9 @@
 import { Command, CommandRunner, InquirerService, Question, QuestionSet } from 'nest-commander';
-import { UserResponseDto } from 'src/dtos/user.dto';
+import { UserAdminResponseDto } from 'src/dtos/user.dto';
 import { CliService } from 'src/services/cli.service';
 
 const prompt = (inquirer: InquirerService) => {
-  return function ask(admin: UserResponseDto) {
+  return function ask(admin: UserAdminResponseDto) {
     const { id, oauthId, email, name } = admin;
     console.log(`Found Admin:
 - ID=${id}
diff --git a/server/src/controllers/auth.controller.ts b/server/src/controllers/auth.controller.ts
index 40fdf90916..7dcef9df5f 100644
--- a/server/src/controllers/auth.controller.ts
+++ b/server/src/controllers/auth.controller.ts
@@ -12,7 +12,7 @@ import {
   SignUpDto,
   ValidateAccessTokenResponseDto,
 } from 'src/dtos/auth.dto';
-import { UserResponseDto, mapUser } from 'src/dtos/user.dto';
+import { UserAdminResponseDto } from 'src/dtos/user.dto';
 import { Auth, Authenticated, GetLoginDetails } from 'src/middleware/auth.guard';
 import { AuthService, LoginDetails } from 'src/services/auth.service';
 import { respondWithCookie, respondWithoutCookie } from 'src/utils/response';
@@ -40,7 +40,7 @@ export class AuthController {
   }
 
   @Post('admin-sign-up')
-  signUpAdmin(@Body() dto: SignUpDto): Promise<UserResponseDto> {
+  signUpAdmin(@Body() dto: SignUpDto): Promise<UserAdminResponseDto> {
     return this.service.adminSignUp(dto);
   }
 
@@ -54,8 +54,8 @@ export class AuthController {
   @Post('change-password')
   @HttpCode(HttpStatus.OK)
   @Authenticated()
-  changePassword(@Auth() auth: AuthDto, @Body() dto: ChangePasswordDto): Promise<UserResponseDto> {
-    return this.service.changePassword(auth, dto).then(mapUser);
+  changePassword(@Auth() auth: AuthDto, @Body() dto: ChangePasswordDto): Promise<UserAdminResponseDto> {
+    return this.service.changePassword(auth, dto);
   }
 
   @Post('logout')
diff --git a/server/src/controllers/index.ts b/server/src/controllers/index.ts
index 187ba4b4db..ca454b6a1d 100644
--- a/server/src/controllers/index.ts
+++ b/server/src/controllers/index.ts
@@ -27,6 +27,7 @@ import { SystemMetadataController } from 'src/controllers/system-metadata.contro
 import { TagController } from 'src/controllers/tag.controller';
 import { TimelineController } from 'src/controllers/timeline.controller';
 import { TrashController } from 'src/controllers/trash.controller';
+import { UserAdminController } from 'src/controllers/user-admin.controller';
 import { UserController } from 'src/controllers/user.controller';
 
 export const controllers = [
@@ -59,5 +60,6 @@ export const controllers = [
   TagController,
   TimelineController,
   TrashController,
+  UserAdminController,
   UserController,
 ];
diff --git a/server/src/controllers/oauth.controller.ts b/server/src/controllers/oauth.controller.ts
index 3b498c7ddd..764e67d676 100644
--- a/server/src/controllers/oauth.controller.ts
+++ b/server/src/controllers/oauth.controller.ts
@@ -10,7 +10,7 @@ import {
   OAuthCallbackDto,
   OAuthConfigDto,
 } from 'src/dtos/auth.dto';
-import { UserResponseDto } from 'src/dtos/user.dto';
+import { UserAdminResponseDto } from 'src/dtos/user.dto';
 import { Auth, Authenticated, GetLoginDetails } from 'src/middleware/auth.guard';
 import { AuthService, LoginDetails } from 'src/services/auth.service';
 import { respondWithCookie } from 'src/utils/response';
@@ -53,13 +53,13 @@ export class OAuthController {
 
   @Post('link')
   @Authenticated()
-  linkOAuthAccount(@Auth() auth: AuthDto, @Body() dto: OAuthCallbackDto): Promise<UserResponseDto> {
+  linkOAuthAccount(@Auth() auth: AuthDto, @Body() dto: OAuthCallbackDto): Promise<UserAdminResponseDto> {
     return this.service.link(auth, dto);
   }
 
   @Post('unlink')
   @Authenticated()
-  unlinkOAuthAccount(@Auth() auth: AuthDto): Promise<UserResponseDto> {
+  unlinkOAuthAccount(@Auth() auth: AuthDto): Promise<UserAdminResponseDto> {
     return this.service.unlink(auth);
   }
 }
diff --git a/server/src/controllers/user-admin.controller.ts b/server/src/controllers/user-admin.controller.ts
new file mode 100644
index 0000000000..4d0b781e81
--- /dev/null
+++ b/server/src/controllers/user-admin.controller.ts
@@ -0,0 +1,63 @@
+import { Body, Controller, Delete, Get, Param, Post, Put, Query } from '@nestjs/common';
+import { ApiTags } from '@nestjs/swagger';
+import { AuthDto } from 'src/dtos/auth.dto';
+import {
+  UserAdminCreateDto,
+  UserAdminDeleteDto,
+  UserAdminResponseDto,
+  UserAdminSearchDto,
+  UserAdminUpdateDto,
+} from 'src/dtos/user.dto';
+import { Auth, Authenticated } from 'src/middleware/auth.guard';
+import { UserAdminService } from 'src/services/user-admin.service';
+import { UUIDParamDto } from 'src/validation';
+
+@ApiTags('User')
+@Controller('admin/users')
+export class UserAdminController {
+  constructor(private service: UserAdminService) {}
+
+  @Get()
+  @Authenticated({ admin: true })
+  searchUsersAdmin(@Auth() auth: AuthDto, @Query() dto: UserAdminSearchDto): Promise<UserAdminResponseDto[]> {
+    return this.service.search(auth, dto);
+  }
+
+  @Post()
+  @Authenticated({ admin: true })
+  createUserAdmin(@Body() createUserDto: UserAdminCreateDto): Promise<UserAdminResponseDto> {
+    return this.service.create(createUserDto);
+  }
+
+  @Get(':id')
+  @Authenticated({ admin: true })
+  getUserAdmin(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<UserAdminResponseDto> {
+    return this.service.get(auth, id);
+  }
+
+  @Put(':id')
+  @Authenticated({ admin: true })
+  updateUserAdmin(
+    @Auth() auth: AuthDto,
+    @Param() { id }: UUIDParamDto,
+    @Body() dto: UserAdminUpdateDto,
+  ): Promise<UserAdminResponseDto> {
+    return this.service.update(auth, id, dto);
+  }
+
+  @Delete(':id')
+  @Authenticated({ admin: true })
+  deleteUserAdmin(
+    @Auth() auth: AuthDto,
+    @Param() { id }: UUIDParamDto,
+    @Body() dto: UserAdminDeleteDto,
+  ): Promise<UserAdminResponseDto> {
+    return this.service.delete(auth, id, dto);
+  }
+
+  @Post(':id/restore')
+  @Authenticated({ admin: true })
+  restoreUserAdmin(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<UserAdminResponseDto> {
+    return this.service.restore(auth, id);
+  }
+}
diff --git a/server/src/controllers/user.controller.ts b/server/src/controllers/user.controller.ts
index 1b995c5944..f66807b92c 100644
--- a/server/src/controllers/user.controller.ts
+++ b/server/src/controllers/user.controller.ts
@@ -10,7 +10,6 @@ import {
   Param,
   Post,
   Put,
-  Query,
   Res,
   UploadedFile,
   UseInterceptors,
@@ -19,7 +18,7 @@ import { ApiBody, ApiConsumes, ApiTags } from '@nestjs/swagger';
 import { NextFunction, Response } from 'express';
 import { AuthDto } from 'src/dtos/auth.dto';
 import { CreateProfileImageDto, CreateProfileImageResponseDto } from 'src/dtos/user-profile.dto';
-import { CreateUserDto, DeleteUserDto, UpdateUserDto, UserResponseDto } from 'src/dtos/user.dto';
+import { UserAdminResponseDto, UserResponseDto, UserUpdateMeDto } from 'src/dtos/user.dto';
 import { ILoggerRepository } from 'src/interfaces/logger.interface';
 import { Auth, Authenticated, FileResponse } from 'src/middleware/auth.guard';
 import { FileUploadInterceptor, Route } from 'src/middleware/file-upload.interceptor';
@@ -37,58 +36,28 @@ export class UserController {
 
   @Get()
   @Authenticated()
-  getAllUsers(@Auth() auth: AuthDto, @Query('isAll') isAll: boolean): Promise<UserResponseDto[]> {
-    return this.service.getAll(auth, isAll);
-  }
-
-  @Post()
-  @Authenticated({ admin: true })
-  createUser(@Body() createUserDto: CreateUserDto): Promise<UserResponseDto> {
-    return this.service.create(createUserDto);
+  searchUsers(): Promise<UserResponseDto[]> {
+    return this.service.search();
   }
 
   @Get('me')
   @Authenticated()
-  getMyUserInfo(@Auth() auth: AuthDto): Promise<UserResponseDto> {
+  getMyUser(@Auth() auth: AuthDto): UserAdminResponseDto {
     return this.service.getMe(auth);
   }
 
+  @Put('me')
+  @Authenticated()
+  updateMyUser(@Auth() auth: AuthDto, @Body() dto: UserUpdateMeDto): Promise<UserAdminResponseDto> {
+    return this.service.updateMe(auth, dto);
+  }
+
   @Get(':id')
   @Authenticated()
-  getUserById(@Param() { id }: UUIDParamDto): Promise<UserResponseDto> {
+  getUser(@Param() { id }: UUIDParamDto): Promise<UserResponseDto> {
     return this.service.get(id);
   }
 
-  @Delete('profile-image')
-  @HttpCode(HttpStatus.NO_CONTENT)
-  @Authenticated()
-  deleteProfileImage(@Auth() auth: AuthDto): Promise<void> {
-    return this.service.deleteProfileImage(auth);
-  }
-
-  @Delete(':id')
-  @Authenticated({ admin: true })
-  deleteUser(
-    @Auth() auth: AuthDto,
-    @Param() { id }: UUIDParamDto,
-    @Body() dto: DeleteUserDto,
-  ): Promise<UserResponseDto> {
-    return this.service.delete(auth, id, dto);
-  }
-
-  @Post(':id/restore')
-  @Authenticated({ admin: true })
-  restoreUser(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<UserResponseDto> {
-    return this.service.restore(auth, id);
-  }
-
-  // TODO: replace with @Put(':id')
-  @Put()
-  @Authenticated()
-  updateUser(@Auth() auth: AuthDto, @Body() updateUserDto: UpdateUserDto): Promise<UserResponseDto> {
-    return this.service.update(auth, updateUserDto);
-  }
-
   @UseInterceptors(FileUploadInterceptor)
   @ApiConsumes('multipart/form-data')
   @ApiBody({ description: 'A new avatar for the user', type: CreateProfileImageDto })
@@ -101,6 +70,13 @@ export class UserController {
     return this.service.createProfileImage(auth, fileInfo);
   }
 
+  @Delete('profile-image')
+  @HttpCode(HttpStatus.NO_CONTENT)
+  @Authenticated()
+  deleteProfileImage(@Auth() auth: AuthDto): Promise<void> {
+    return this.service.deleteProfileImage(auth);
+  }
+
   @Get(':id/profile-image')
   @FileResponse()
   @Authenticated()
diff --git a/server/src/cores/user.core.ts b/server/src/cores/user.core.ts
index 504687fb18..153463a9cc 100644
--- a/server/src/cores/user.core.ts
+++ b/server/src/cores/user.core.ts
@@ -1,7 +1,6 @@
-import { BadRequestException, ForbiddenException } from '@nestjs/common';
+import { BadRequestException } from '@nestjs/common';
 import sanitize from 'sanitize-filename';
 import { SALT_ROUNDS } from 'src/constants';
-import { UserResponseDto } from 'src/dtos/user.dto';
 import { UserEntity } from 'src/entities/user.entity';
 import { ICryptoRepository } from 'src/interfaces/crypto.interface';
 import { IUserRepository } from 'src/interfaces/user.interface';
@@ -26,46 +25,6 @@ export class UserCore {
     instance = null;
   }
 
-  // TODO: move auth related checks to the service layer
-  async updateUser(user: UserEntity | UserResponseDto, id: string, dto: Partial<UserEntity>): Promise<UserEntity> {
-    if (!user.isAdmin && user.id !== id) {
-      throw new ForbiddenException('You are not allowed to update this user');
-    }
-
-    if (!user.isAdmin) {
-      // Users can never update the isAdmin property.
-      delete dto.isAdmin;
-      delete dto.storageLabel;
-    } else if (dto.isAdmin && user.id !== id) {
-      // Admin cannot create another admin.
-      throw new BadRequestException('The server already has an admin');
-    }
-
-    if (dto.email) {
-      const duplicate = await this.userRepository.getByEmail(dto.email);
-      if (duplicate && duplicate.id !== id) {
-        throw new BadRequestException('Email already in use by another account');
-      }
-    }
-
-    if (dto.storageLabel) {
-      const duplicate = await this.userRepository.getByStorageLabel(dto.storageLabel);
-      if (duplicate && duplicate.id !== id) {
-        throw new BadRequestException('Storage label already in use by another account');
-      }
-    }
-
-    if (dto.password) {
-      dto.password = await this.cryptoRepository.hashBcrypt(dto.password, SALT_ROUNDS);
-    }
-
-    if (dto.storageLabel === '') {
-      dto.storageLabel = null;
-    }
-
-    return this.userRepository.update(id, { ...dto, updatedAt: new Date() });
-  }
-
   async createUser(dto: Partial<UserEntity> & { email: string }): Promise<UserEntity> {
     const user = await this.userRepository.getByEmail(dto.email);
     if (user) {
diff --git a/server/src/dtos/activity.dto.ts b/server/src/dtos/activity.dto.ts
index bd0d400951..4a3de208ff 100644
--- a/server/src/dtos/activity.dto.ts
+++ b/server/src/dtos/activity.dto.ts
@@ -1,6 +1,6 @@
 import { ApiProperty } from '@nestjs/swagger';
 import { IsEnum, IsNotEmpty, IsString, ValidateIf } from 'class-validator';
-import { UserDto, mapSimpleUser } from 'src/dtos/user.dto';
+import { UserResponseDto, mapUser } from 'src/dtos/user.dto';
 import { ActivityEntity } from 'src/entities/activity.entity';
 import { Optional, ValidateUUID } from 'src/validation';
 
@@ -20,7 +20,7 @@ export class ActivityResponseDto {
   id!: string;
   createdAt!: Date;
   type!: ReactionType;
-  user!: UserDto;
+  user!: UserResponseDto;
   assetId!: string | null;
   comment?: string | null;
 }
@@ -73,6 +73,6 @@ export function mapActivity(activity: ActivityEntity): ActivityResponseDto {
     createdAt: activity.createdAt,
     comment: activity.comment,
     type: activity.isLiked ? ReactionType.LIKE : ReactionType.COMMENT,
-    user: mapSimpleUser(activity.user),
+    user: mapUser(activity.user),
   };
 }
diff --git a/server/src/dtos/user.dto.spec.ts b/server/src/dtos/user.dto.spec.ts
index 95e625a1a8..683879a310 100644
--- a/server/src/dtos/user.dto.spec.ts
+++ b/server/src/dtos/user.dto.spec.ts
@@ -1,12 +1,12 @@
 import { plainToInstance } from 'class-transformer';
 import { validate } from 'class-validator';
-import { CreateUserDto, CreateUserOAuthDto, UpdateUserDto } from 'src/dtos/user.dto';
+import { UserAdminCreateDto, UserUpdateMeDto } from 'src/dtos/user.dto';
 
 describe('update user DTO', () => {
   it('should allow emails without a tld', async () => {
     const someEmail = 'test@test';
 
-    const dto = plainToInstance(UpdateUserDto, {
+    const dto = plainToInstance(UserUpdateMeDto, {
       email: someEmail,
       id: '3fe388e4-2078-44d7-b36c-39d9dee3a657',
     });
@@ -18,22 +18,22 @@ describe('update user DTO', () => {
 
 describe('create user DTO', () => {
   it('validates the email', async () => {
-    const params: Partial<CreateUserDto> = {
+    const params: Partial<UserAdminCreateDto> = {
       email: undefined,
       password: 'password',
       name: 'name',
     };
-    let dto: CreateUserDto = plainToInstance(CreateUserDto, params);
+    let dto: UserAdminCreateDto = plainToInstance(UserAdminCreateDto, params);
     let errors = await validate(dto);
     expect(errors).toHaveLength(1);
 
     params.email = 'invalid email';
-    dto = plainToInstance(CreateUserDto, params);
+    dto = plainToInstance(UserAdminCreateDto, params);
     errors = await validate(dto);
     expect(errors).toHaveLength(1);
 
     params.email = 'valid@email.com';
-    dto = plainToInstance(CreateUserDto, params);
+    dto = plainToInstance(UserAdminCreateDto, params);
     errors = await validate(dto);
     expect(errors).toHaveLength(0);
   });
@@ -41,7 +41,7 @@ describe('create user DTO', () => {
   it('should allow emails without a tld', async () => {
     const someEmail = 'test@test';
 
-    const dto = plainToInstance(CreateUserDto, {
+    const dto = plainToInstance(UserAdminCreateDto, {
       email: someEmail,
       password: 'some password',
       name: 'some name',
@@ -51,18 +51,3 @@ describe('create user DTO', () => {
     expect(dto.email).toEqual(someEmail);
   });
 });
-
-describe('create user oauth DTO', () => {
-  it('should allow emails without a tld', async () => {
-    const someEmail = 'test@test';
-
-    const dto = plainToInstance(CreateUserOAuthDto, {
-      email: someEmail,
-      oauthId: 'some oauth id',
-      name: 'some name',
-    });
-    const errors = await validate(dto);
-    expect(errors).toHaveLength(0);
-    expect(dto.email).toEqual(someEmail);
-  });
-});
diff --git a/server/src/dtos/user.dto.ts b/server/src/dtos/user.dto.ts
index 18b9d07b08..8290df6adb 100644
--- a/server/src/dtos/user.dto.ts
+++ b/server/src/dtos/user.dto.ts
@@ -1,12 +1,63 @@
 import { ApiProperty } from '@nestjs/swagger';
 import { Transform } from 'class-transformer';
-import { IsBoolean, IsEmail, IsEnum, IsNotEmpty, IsNumber, IsPositive, IsString, IsUUID } from 'class-validator';
+import { IsBoolean, IsEmail, IsEnum, IsNotEmpty, IsNumber, IsPositive, IsString } from 'class-validator';
 import { UserAvatarColor } from 'src/entities/user-metadata.entity';
 import { UserEntity, UserStatus } from 'src/entities/user.entity';
 import { getPreferences } from 'src/utils/preferences';
 import { Optional, ValidateBoolean, toEmail, toSanitized } from 'src/validation';
 
-export class CreateUserDto {
+export class UserUpdateMeDto {
+  @Optional()
+  @IsEmail({ require_tld: false })
+  @Transform(toEmail)
+  email?: string;
+
+  // TODO: migrate to the other change password endpoint
+  @Optional()
+  @IsNotEmpty()
+  @IsString()
+  password?: string;
+
+  @Optional()
+  @IsString()
+  @IsNotEmpty()
+  name?: string;
+
+  @ValidateBoolean({ optional: true })
+  memoriesEnabled?: boolean;
+
+  @Optional()
+  @IsEnum(UserAvatarColor)
+  @ApiProperty({ enumName: 'UserAvatarColor', enum: UserAvatarColor })
+  avatarColor?: UserAvatarColor;
+}
+
+export class UserResponseDto {
+  id!: string;
+  name!: string;
+  email!: string;
+  profileImagePath!: string;
+  @IsEnum(UserAvatarColor)
+  @ApiProperty({ enumName: 'UserAvatarColor', enum: UserAvatarColor })
+  avatarColor!: UserAvatarColor;
+}
+
+export const mapUser = (entity: UserEntity): UserResponseDto => {
+  return {
+    id: entity.id,
+    email: entity.email,
+    name: entity.name,
+    profileImagePath: entity.profileImagePath,
+    avatarColor: getPreferences(entity).avatar.color,
+  };
+};
+
+export class UserAdminSearchDto {
+  @ValidateBoolean({ optional: true })
+  withDeleted?: boolean;
+}
+
+export class UserAdminCreateDto {
   @IsEmail({ require_tld: false })
   @Transform(toEmail)
   email!: string;
@@ -41,23 +92,7 @@ export class CreateUserDto {
   notify?: boolean;
 }
 
-export class CreateUserOAuthDto {
-  @IsEmail({ require_tld: false })
-  @Transform(({ value }) => value?.toLowerCase())
-  email!: string;
-
-  @IsNotEmpty()
-  oauthId!: string;
-
-  name?: string;
-}
-
-export class DeleteUserDto {
-  @ValidateBoolean({ optional: true })
-  force?: boolean;
-}
-
-export class UpdateUserDto {
+export class UserAdminUpdateDto {
   @Optional()
   @IsEmail({ require_tld: false })
   @Transform(toEmail)
@@ -73,18 +108,10 @@ export class UpdateUserDto {
   @IsNotEmpty()
   name?: string;
 
-  @Optional()
+  @Optional({ nullable: true })
   @IsString()
   @Transform(toSanitized)
-  storageLabel?: string;
-
-  @IsNotEmpty()
-  @IsUUID('4')
-  @ApiProperty({ format: 'uuid' })
-  id!: string;
-
-  @ValidateBoolean({ optional: true })
-  isAdmin?: boolean;
+  storageLabel?: string | null;
 
   @ValidateBoolean({ optional: true })
   shouldChangePassword?: boolean;
@@ -104,17 +131,12 @@ export class UpdateUserDto {
   quotaSizeInBytes?: number | null;
 }
 
-export class UserDto {
-  id!: string;
-  name!: string;
-  email!: string;
-  profileImagePath!: string;
-  @IsEnum(UserAvatarColor)
-  @ApiProperty({ enumName: 'UserAvatarColor', enum: UserAvatarColor })
-  avatarColor!: UserAvatarColor;
+export class UserAdminDeleteDto {
+  @ValidateBoolean({ optional: true })
+  force?: boolean;
 }
 
-export class UserResponseDto extends UserDto {
+export class UserAdminResponseDto extends UserResponseDto {
   storageLabel!: string | null;
   shouldChangePassword!: boolean;
   isAdmin!: boolean;
@@ -131,19 +153,9 @@ export class UserResponseDto extends UserDto {
   status!: string;
 }
 
-export const mapSimpleUser = (entity: UserEntity): UserDto => {
+export function mapUserAdmin(entity: UserEntity): UserAdminResponseDto {
   return {
-    id: entity.id,
-    email: entity.email,
-    name: entity.name,
-    profileImagePath: entity.profileImagePath,
-    avatarColor: getPreferences(entity).avatar.color,
-  };
-};
-
-export function mapUser(entity: UserEntity): UserResponseDto {
-  return {
-    ...mapSimpleUser(entity),
+    ...mapUser(entity),
     storageLabel: entity.storageLabel,
     shouldChangePassword: entity.shouldChangePassword,
     isAdmin: entity.isAdmin,
diff --git a/server/src/queries/api.key.repository.sql b/server/src/queries/api.key.repository.sql
index fa0431fb0f..ba54a6e67c 100644
--- a/server/src/queries/api.key.repository.sql
+++ b/server/src/queries/api.key.repository.sql
@@ -22,13 +22,17 @@ FROM
       "APIKeyEntity__APIKeyEntity_user"."status" AS "APIKeyEntity__APIKeyEntity_user_status",
       "APIKeyEntity__APIKeyEntity_user"."updatedAt" AS "APIKeyEntity__APIKeyEntity_user_updatedAt",
       "APIKeyEntity__APIKeyEntity_user"."quotaSizeInBytes" AS "APIKeyEntity__APIKeyEntity_user_quotaSizeInBytes",
-      "APIKeyEntity__APIKeyEntity_user"."quotaUsageInBytes" AS "APIKeyEntity__APIKeyEntity_user_quotaUsageInBytes"
+      "APIKeyEntity__APIKeyEntity_user"."quotaUsageInBytes" AS "APIKeyEntity__APIKeyEntity_user_quotaUsageInBytes",
+      "7f5f7a38bf327bfbbf826778460704c9a50fe6f4"."userId" AS "7f5f7a38bf327bfbbf826778460704c9a50fe6f4_userId",
+      "7f5f7a38bf327bfbbf826778460704c9a50fe6f4"."key" AS "7f5f7a38bf327bfbbf826778460704c9a50fe6f4_key",
+      "7f5f7a38bf327bfbbf826778460704c9a50fe6f4"."value" AS "7f5f7a38bf327bfbbf826778460704c9a50fe6f4_value"
     FROM
       "api_keys" "APIKeyEntity"
       LEFT JOIN "users" "APIKeyEntity__APIKeyEntity_user" ON "APIKeyEntity__APIKeyEntity_user"."id" = "APIKeyEntity"."userId"
       AND (
         "APIKeyEntity__APIKeyEntity_user"."deletedAt" IS NULL
       )
+      LEFT JOIN "user_metadata" "7f5f7a38bf327bfbbf826778460704c9a50fe6f4" ON "7f5f7a38bf327bfbbf826778460704c9a50fe6f4"."userId" = "APIKeyEntity__APIKeyEntity_user"."id"
     WHERE
       (("APIKeyEntity"."key" = $1))
   ) "distinctAlias"
diff --git a/server/src/queries/session.repository.sql b/server/src/queries/session.repository.sql
index b26b291e8b..17fff94f42 100644
--- a/server/src/queries/session.repository.sql
+++ b/server/src/queries/session.repository.sql
@@ -38,13 +38,17 @@ FROM
       "SessionEntity__SessionEntity_user"."status" AS "SessionEntity__SessionEntity_user_status",
       "SessionEntity__SessionEntity_user"."updatedAt" AS "SessionEntity__SessionEntity_user_updatedAt",
       "SessionEntity__SessionEntity_user"."quotaSizeInBytes" AS "SessionEntity__SessionEntity_user_quotaSizeInBytes",
-      "SessionEntity__SessionEntity_user"."quotaUsageInBytes" AS "SessionEntity__SessionEntity_user_quotaUsageInBytes"
+      "SessionEntity__SessionEntity_user"."quotaUsageInBytes" AS "SessionEntity__SessionEntity_user_quotaUsageInBytes",
+      "469e6aa7ff79eff78f8441f91ba15bb07d3634dd"."userId" AS "469e6aa7ff79eff78f8441f91ba15bb07d3634dd_userId",
+      "469e6aa7ff79eff78f8441f91ba15bb07d3634dd"."key" AS "469e6aa7ff79eff78f8441f91ba15bb07d3634dd_key",
+      "469e6aa7ff79eff78f8441f91ba15bb07d3634dd"."value" AS "469e6aa7ff79eff78f8441f91ba15bb07d3634dd_value"
     FROM
       "sessions" "SessionEntity"
       LEFT JOIN "users" "SessionEntity__SessionEntity_user" ON "SessionEntity__SessionEntity_user"."id" = "SessionEntity"."userId"
       AND (
         "SessionEntity__SessionEntity_user"."deletedAt" IS NULL
       )
+      LEFT JOIN "user_metadata" "469e6aa7ff79eff78f8441f91ba15bb07d3634dd" ON "469e6aa7ff79eff78f8441f91ba15bb07d3634dd"."userId" = "SessionEntity__SessionEntity_user"."id"
     WHERE
       (("SessionEntity"."token" = $1))
   ) "distinctAlias"
diff --git a/server/src/repositories/api-key.repository.ts b/server/src/repositories/api-key.repository.ts
index d03d048063..c5cdb80551 100644
--- a/server/src/repositories/api-key.repository.ts
+++ b/server/src/repositories/api-key.repository.ts
@@ -34,7 +34,9 @@ export class ApiKeyRepository implements IKeyRepository {
       },
       where: { key: hashedToken },
       relations: {
-        user: true,
+        user: {
+          metadata: true,
+        },
       },
     });
   }
diff --git a/server/src/repositories/session.repository.ts b/server/src/repositories/session.repository.ts
index 97b8750510..a4b55a19d7 100644
--- a/server/src/repositories/session.repository.ts
+++ b/server/src/repositories/session.repository.ts
@@ -18,7 +18,14 @@ export class SessionRepository implements ISessionRepository {
 
   @GenerateSql({ params: [DummyValue.STRING] })
   getByToken(token: string): Promise<SessionEntity | null> {
-    return this.repository.findOne({ where: { token }, relations: { user: true } });
+    return this.repository.findOne({
+      where: { token },
+      relations: {
+        user: {
+          metadata: true,
+        },
+      },
+    });
   }
 
   getByUserId(userId: string): Promise<SessionEntity[]> {
diff --git a/server/src/services/auth.service.spec.ts b/server/src/services/auth.service.spec.ts
index aef0f04668..f9c3ed08cf 100644
--- a/server/src/services/auth.service.spec.ts
+++ b/server/src/services/auth.service.spec.ts
@@ -138,6 +138,7 @@ describe('AuthService', () => {
         email: 'test@immich.com',
         password: 'hash-password',
       } as UserEntity);
+      userMock.update.mockResolvedValue(userStub.user1);
 
       await sut.changePassword(auth, dto);
 
diff --git a/server/src/services/auth.service.ts b/server/src/services/auth.service.ts
index 5e61cad187..304be49f27 100644
--- a/server/src/services/auth.service.ts
+++ b/server/src/services/auth.service.ts
@@ -11,7 +11,7 @@ import { DateTime } from 'luxon';
 import { IncomingHttpHeaders } from 'node:http';
 import { ClientMetadata, Issuer, UserinfoResponse, custom, generators } from 'openid-client';
 import { SystemConfig } from 'src/config';
-import { AuthType, LOGIN_URL, MOBILE_REDIRECT } from 'src/constants';
+import { AuthType, LOGIN_URL, MOBILE_REDIRECT, SALT_ROUNDS } from 'src/constants';
 import { SystemConfigCore } from 'src/cores/system-config.core';
 import { UserCore } from 'src/cores/user.core';
 import {
@@ -27,7 +27,7 @@ import {
   SignUpDto,
   mapLoginResponse,
 } from 'src/dtos/auth.dto';
-import { UserResponseDto, mapUser } from 'src/dtos/user.dto';
+import { UserAdminResponseDto, mapUserAdmin } from 'src/dtos/user.dto';
 import { UserEntity } from 'src/entities/user.entity';
 import { IKeyRepository } from 'src/interfaces/api-key.interface';
 import { ICryptoRepository } from 'src/interfaces/crypto.interface';
@@ -109,7 +109,7 @@ export class AuthService {
     };
   }
 
-  async changePassword(auth: AuthDto, dto: ChangePasswordDto) {
+  async changePassword(auth: AuthDto, dto: ChangePasswordDto): Promise<UserAdminResponseDto> {
     const { password, newPassword } = dto;
     const user = await this.userRepository.getByEmail(auth.user.email, true);
     if (!user) {
@@ -121,10 +121,14 @@ export class AuthService {
       throw new BadRequestException('Wrong password');
     }
 
-    return this.userCore.updateUser(auth.user, auth.user.id, { password: newPassword });
+    const hashedPassword = await this.cryptoRepository.hashBcrypt(newPassword, SALT_ROUNDS);
+
+    const updatedUser = await this.userRepository.update(user.id, { password: hashedPassword });
+
+    return mapUserAdmin(updatedUser);
   }
 
-  async adminSignUp(dto: SignUpDto): Promise<UserResponseDto> {
+  async adminSignUp(dto: SignUpDto): Promise<UserAdminResponseDto> {
     const adminUser = await this.userRepository.getAdmin();
     if (adminUser) {
       throw new BadRequestException('The server already has an admin');
@@ -138,7 +142,7 @@ export class AuthService {
       storageLabel: 'admin',
     });
 
-    return mapUser(admin);
+    return mapUserAdmin(admin);
   }
 
   async validate(headers: IncomingHttpHeaders, params: Record<string, string>): Promise<AuthDto> {
@@ -237,7 +241,7 @@ export class AuthService {
     return this.createLoginResponse(user, loginDetails);
   }
 
-  async link(auth: AuthDto, dto: OAuthCallbackDto): Promise<UserResponseDto> {
+  async link(auth: AuthDto, dto: OAuthCallbackDto): Promise<UserAdminResponseDto> {
     const config = await this.configCore.getConfig();
     const { sub: oauthId } = await this.getOAuthProfile(config, dto.url);
     const duplicate = await this.userRepository.getByOAuthId(oauthId);
@@ -245,11 +249,14 @@ export class AuthService {
       this.logger.warn(`OAuth link account failed: sub is already linked to another user (${duplicate.email}).`);
       throw new BadRequestException('This OAuth account has already been linked to another user.');
     }
-    return mapUser(await this.userRepository.update(auth.user.id, { oauthId }));
+
+    const user = await this.userRepository.update(auth.user.id, { oauthId });
+    return mapUserAdmin(user);
   }
 
-  async unlink(auth: AuthDto): Promise<UserResponseDto> {
-    return mapUser(await this.userRepository.update(auth.user.id, { oauthId: '' }));
+  async unlink(auth: AuthDto): Promise<UserAdminResponseDto> {
+    const user = await this.userRepository.update(auth.user.id, { oauthId: '' });
+    return mapUserAdmin(user);
   }
 
   private async getLogoutEndpoint(authType: AuthType): Promise<string> {
diff --git a/server/src/services/cli.service.ts b/server/src/services/cli.service.ts
index 459dde1888..f676d43e89 100644
--- a/server/src/services/cli.service.ts
+++ b/server/src/services/cli.service.ts
@@ -1,7 +1,7 @@
 import { Inject, Injectable } from '@nestjs/common';
+import { SALT_ROUNDS } from 'src/constants';
 import { SystemConfigCore } from 'src/cores/system-config.core';
-import { UserCore } from 'src/cores/user.core';
-import { UserResponseDto, mapUser } from 'src/dtos/user.dto';
+import { UserAdminResponseDto, mapUserAdmin } from 'src/dtos/user.dto';
 import { ICryptoRepository } from 'src/interfaces/crypto.interface';
 import { ILoggerRepository } from 'src/interfaces/logger.interface';
 import { ISystemMetadataRepository } from 'src/interfaces/system-metadata.interface';
@@ -10,7 +10,6 @@ import { IUserRepository } from 'src/interfaces/user.interface';
 @Injectable()
 export class CliService {
   private configCore: SystemConfigCore;
-  private userCore: UserCore;
 
   constructor(
     @Inject(ICryptoRepository) private cryptoRepository: ICryptoRepository,
@@ -18,26 +17,26 @@ export class CliService {
     @Inject(IUserRepository) private userRepository: IUserRepository,
     @Inject(ILoggerRepository) private logger: ILoggerRepository,
   ) {
-    this.userCore = UserCore.create(cryptoRepository, userRepository);
     this.logger.setContext(CliService.name);
     this.configCore = SystemConfigCore.create(systemMetadataRepository, this.logger);
   }
 
-  async listUsers(): Promise<UserResponseDto[]> {
+  async listUsers(): Promise<UserAdminResponseDto[]> {
     const users = await this.userRepository.getList({ withDeleted: true });
-    return users.map((user) => mapUser(user));
+    return users.map((user) => mapUserAdmin(user));
   }
 
-  async resetAdminPassword(ask: (admin: UserResponseDto) => Promise<string | undefined>) {
+  async resetAdminPassword(ask: (admin: UserAdminResponseDto) => Promise<string | undefined>) {
     const admin = await this.userRepository.getAdmin();
     if (!admin) {
       throw new Error('Admin account does not exist');
     }
 
-    const providedPassword = await ask(mapUser(admin));
+    const providedPassword = await ask(mapUserAdmin(admin));
     const password = providedPassword || this.cryptoRepository.newPassword(24);
+    const hashedPassword = await this.cryptoRepository.hashBcrypt(password, SALT_ROUNDS);
 
-    await this.userCore.updateUser(admin, admin.id, { password });
+    await this.userRepository.update(admin.id, { password: hashedPassword });
 
     return { admin, password, provided: !!providedPassword };
   }
diff --git a/server/src/services/index.ts b/server/src/services/index.ts
index 5ea16d9e4b..eee0fac126 100644
--- a/server/src/services/index.ts
+++ b/server/src/services/index.ts
@@ -33,6 +33,7 @@ import { SystemMetadataService } from 'src/services/system-metadata.service';
 import { TagService } from 'src/services/tag.service';
 import { TimelineService } from 'src/services/timeline.service';
 import { TrashService } from 'src/services/trash.service';
+import { UserAdminService } from 'src/services/user-admin.service';
 import { UserService } from 'src/services/user.service';
 import { VersionService } from 'src/services/version.service';
 
@@ -73,5 +74,6 @@ export const services = [
   TimelineService,
   TrashService,
   UserService,
+  UserAdminService,
   VersionService,
 ];
diff --git a/server/src/services/partner.service.spec.ts b/server/src/services/partner.service.spec.ts
index 8fe93e7961..043b8ae71a 100644
--- a/server/src/services/partner.service.spec.ts
+++ b/server/src/services/partner.service.spec.ts
@@ -1,6 +1,4 @@
 import { BadRequestException } from '@nestjs/common';
-import { PartnerResponseDto } from 'src/dtos/partner.dto';
-import { UserAvatarColor } from 'src/entities/user-metadata.entity';
 import { IAccessRepository } from 'src/interfaces/access.interface';
 import { IPartnerRepository, PartnerDirection } from 'src/interfaces/partner.interface';
 import { PartnerService } from 'src/services/partner.service';
@@ -9,45 +7,6 @@ import { partnerStub } from 'test/fixtures/partner.stub';
 import { newPartnerRepositoryMock } from 'test/repositories/partner.repository.mock';
 import { Mocked } from 'vitest';
 
-const responseDto = {
-  admin: <PartnerResponseDto>{
-    email: 'admin@test.com',
-    name: 'admin_name',
-    id: 'admin_id',
-    isAdmin: true,
-    oauthId: '',
-    profileImagePath: '',
-    shouldChangePassword: false,
-    storageLabel: 'admin',
-    createdAt: new Date('2021-01-01'),
-    deletedAt: null,
-    updatedAt: new Date('2021-01-01'),
-    memoriesEnabled: true,
-    avatarColor: UserAvatarColor.GRAY,
-    quotaSizeInBytes: null,
-    inTimeline: true,
-    quotaUsageInBytes: 0,
-  },
-  user1: <PartnerResponseDto>{
-    email: 'immich@test.com',
-    name: 'immich_name',
-    id: 'user-id',
-    isAdmin: false,
-    oauthId: '',
-    profileImagePath: '',
-    shouldChangePassword: false,
-    storageLabel: null,
-    createdAt: new Date('2021-01-01'),
-    deletedAt: null,
-    updatedAt: new Date('2021-01-01'),
-    memoriesEnabled: true,
-    avatarColor: UserAvatarColor.PRIMARY,
-    inTimeline: true,
-    quotaSizeInBytes: null,
-    quotaUsageInBytes: 0,
-  },
-};
-
 describe(PartnerService.name, () => {
   let sut: PartnerService;
   let partnerMock: Mocked<IPartnerRepository>;
@@ -65,13 +24,13 @@ describe(PartnerService.name, () => {
   describe('getAll', () => {
     it("should return a list of partners with whom I've shared my library", async () => {
       partnerMock.getAll.mockResolvedValue([partnerStub.adminToUser1, partnerStub.user1ToAdmin1]);
-      await expect(sut.getAll(authStub.user1, PartnerDirection.SharedBy)).resolves.toEqual([responseDto.admin]);
+      await expect(sut.getAll(authStub.user1, PartnerDirection.SharedBy)).resolves.toBeDefined();
       expect(partnerMock.getAll).toHaveBeenCalledWith(authStub.user1.user.id);
     });
 
     it('should return a list of partners who have shared their libraries with me', async () => {
       partnerMock.getAll.mockResolvedValue([partnerStub.adminToUser1, partnerStub.user1ToAdmin1]);
-      await expect(sut.getAll(authStub.user1, PartnerDirection.SharedWith)).resolves.toEqual([responseDto.admin]);
+      await expect(sut.getAll(authStub.user1, PartnerDirection.SharedWith)).resolves.toBeDefined();
       expect(partnerMock.getAll).toHaveBeenCalledWith(authStub.user1.user.id);
     });
   });
@@ -81,7 +40,7 @@ describe(PartnerService.name, () => {
       partnerMock.get.mockResolvedValue(null);
       partnerMock.create.mockResolvedValue(partnerStub.adminToUser1);
 
-      await expect(sut.create(authStub.admin, authStub.user1.user.id)).resolves.toEqual(responseDto.user1);
+      await expect(sut.create(authStub.admin, authStub.user1.user.id)).resolves.toBeDefined();
 
       expect(partnerMock.create).toHaveBeenCalledWith({
         sharedById: authStub.admin.user.id,
diff --git a/server/src/services/partner.service.ts b/server/src/services/partner.service.ts
index 14503cc7fa..e1d4e9738b 100644
--- a/server/src/services/partner.service.ts
+++ b/server/src/services/partner.service.ts
@@ -25,7 +25,7 @@ export class PartnerService {
     }
 
     const partner = await this.repository.create(partnerId);
-    return this.mapToPartnerEntity(partner, PartnerDirection.SharedBy);
+    return this.mapPartner(partner, PartnerDirection.SharedBy);
   }
 
   async remove(auth: AuthDto, sharedWithId: string): Promise<void> {
@@ -44,7 +44,7 @@ export class PartnerService {
     return partners
       .filter((partner) => partner.sharedBy && partner.sharedWith) // Filter out soft deleted users
       .filter((partner) => partner[key] === auth.user.id)
-      .map((partner) => this.mapToPartnerEntity(partner, direction));
+      .map((partner) => this.mapPartner(partner, direction));
   }
 
   async update(auth: AuthDto, sharedById: string, dto: UpdatePartnerDto): Promise<PartnerResponseDto> {
@@ -52,10 +52,10 @@ export class PartnerService {
     const partnerId: PartnerIds = { sharedById, sharedWithId: auth.user.id };
 
     const entity = await this.repository.update({ ...partnerId, inTimeline: dto.inTimeline });
-    return this.mapToPartnerEntity(entity, PartnerDirection.SharedWith);
+    return this.mapPartner(entity, PartnerDirection.SharedWith);
   }
 
-  private mapToPartnerEntity(partner: PartnerEntity, direction: PartnerDirection): PartnerResponseDto {
+  private mapPartner(partner: PartnerEntity, direction: PartnerDirection): PartnerResponseDto {
     // this is opposite to return the non-me user of the "partner"
     const user = mapUser(
       direction === PartnerDirection.SharedBy ? partner.sharedWith : partner.sharedBy,
diff --git a/server/src/services/user-admin.service.spec.ts b/server/src/services/user-admin.service.spec.ts
new file mode 100644
index 0000000000..b7060b1786
--- /dev/null
+++ b/server/src/services/user-admin.service.spec.ts
@@ -0,0 +1,197 @@
+import { BadRequestException, ForbiddenException } from '@nestjs/common';
+import { mapUserAdmin } from 'src/dtos/user.dto';
+import { UserStatus } from 'src/entities/user.entity';
+import { IAlbumRepository } from 'src/interfaces/album.interface';
+import { ICryptoRepository } from 'src/interfaces/crypto.interface';
+import { IJobRepository, JobName } from 'src/interfaces/job.interface';
+import { ILoggerRepository } from 'src/interfaces/logger.interface';
+import { IUserRepository } from 'src/interfaces/user.interface';
+import { UserAdminService } from 'src/services/user-admin.service';
+import { authStub } from 'test/fixtures/auth.stub';
+import { userStub } from 'test/fixtures/user.stub';
+import { newAlbumRepositoryMock } from 'test/repositories/album.repository.mock';
+import { newCryptoRepositoryMock } from 'test/repositories/crypto.repository.mock';
+import { newJobRepositoryMock } from 'test/repositories/job.repository.mock';
+import { newLoggerRepositoryMock } from 'test/repositories/logger.repository.mock';
+import { newUserRepositoryMock } from 'test/repositories/user.repository.mock';
+import { Mocked, describe } from 'vitest';
+
+describe(UserAdminService.name, () => {
+  let sut: UserAdminService;
+  let userMock: Mocked<IUserRepository>;
+  let cryptoRepositoryMock: Mocked<ICryptoRepository>;
+
+  let albumMock: Mocked<IAlbumRepository>;
+  let jobMock: Mocked<IJobRepository>;
+  let loggerMock: Mocked<ILoggerRepository>;
+
+  beforeEach(() => {
+    albumMock = newAlbumRepositoryMock();
+    cryptoRepositoryMock = newCryptoRepositoryMock();
+    jobMock = newJobRepositoryMock();
+    userMock = newUserRepositoryMock();
+    loggerMock = newLoggerRepositoryMock();
+
+    sut = new UserAdminService(albumMock, cryptoRepositoryMock, jobMock, userMock, loggerMock);
+
+    userMock.get.mockImplementation((userId) =>
+      Promise.resolve([userStub.admin, userStub.user1].find((user) => user.id === userId) ?? null),
+    );
+  });
+
+  describe('create', () => {
+    it('should not create a user if there is no local admin account', async () => {
+      userMock.getAdmin.mockResolvedValueOnce(null);
+
+      await expect(
+        sut.create({
+          email: 'john_smith@email.com',
+          name: 'John Smith',
+          password: 'password',
+        }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+    });
+
+    it('should create user', async () => {
+      userMock.getAdmin.mockResolvedValue(userStub.admin);
+      userMock.create.mockResolvedValue(userStub.user1);
+
+      await expect(
+        sut.create({
+          email: userStub.user1.email,
+          name: userStub.user1.name,
+          password: 'password',
+          storageLabel: 'label',
+        }),
+      ).resolves.toEqual(mapUserAdmin(userStub.user1));
+
+      expect(userMock.getAdmin).toBeCalled();
+      expect(userMock.create).toBeCalledWith({
+        email: userStub.user1.email,
+        name: userStub.user1.name,
+        storageLabel: 'label',
+        password: expect.anything(),
+      });
+    });
+  });
+
+  describe('update', () => {
+    it('should update the user', async () => {
+      const update = {
+        shouldChangePassword: true,
+        email: 'immich@test.com',
+        storageLabel: 'storage_label',
+      };
+      userMock.getByEmail.mockResolvedValue(null);
+      userMock.getByStorageLabel.mockResolvedValue(null);
+      userMock.update.mockResolvedValue(userStub.user1);
+
+      await sut.update(authStub.user1, userStub.user1.id, update);
+
+      expect(userMock.getByEmail).toHaveBeenCalledWith(update.email);
+      expect(userMock.getByStorageLabel).toHaveBeenCalledWith(update.storageLabel);
+    });
+
+    it('should not set an empty string for storage label', async () => {
+      userMock.update.mockResolvedValue(userStub.user1);
+      await sut.update(authStub.admin, userStub.user1.id, { storageLabel: '' });
+      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, {
+        storageLabel: null,
+        updatedAt: expect.any(Date),
+      });
+    });
+
+    it('should not change an email to one already in use', async () => {
+      const dto = { id: userStub.user1.id, email: 'updated@test.com' };
+
+      userMock.get.mockResolvedValue(userStub.user1);
+      userMock.getByEmail.mockResolvedValue(userStub.admin);
+
+      await expect(sut.update(authStub.admin, userStub.user1.id, dto)).rejects.toBeInstanceOf(BadRequestException);
+
+      expect(userMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should not let the admin change the storage label to one already in use', async () => {
+      const dto = { id: userStub.user1.id, storageLabel: 'admin' };
+
+      userMock.get.mockResolvedValue(userStub.user1);
+      userMock.getByStorageLabel.mockResolvedValue(userStub.admin);
+
+      await expect(sut.update(authStub.admin, userStub.user1.id, dto)).rejects.toBeInstanceOf(BadRequestException);
+
+      expect(userMock.update).not.toHaveBeenCalled();
+    });
+
+    it('update user information should throw error if user not found', async () => {
+      userMock.get.mockResolvedValueOnce(null);
+
+      await expect(
+        sut.update(authStub.admin, userStub.user1.id, { shouldChangePassword: true }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+    });
+  });
+
+  describe('delete', () => {
+    it('should throw error if user could not be found', async () => {
+      userMock.get.mockResolvedValue(null);
+
+      await expect(sut.delete(authStub.admin, userStub.admin.id, {})).rejects.toThrowError(BadRequestException);
+      expect(userMock.delete).not.toHaveBeenCalled();
+    });
+
+    it('cannot delete admin user', async () => {
+      await expect(sut.delete(authStub.admin, userStub.admin.id, {})).rejects.toBeInstanceOf(ForbiddenException);
+    });
+
+    it('should require the auth user be an admin', async () => {
+      await expect(sut.delete(authStub.user1, authStub.admin.user.id, {})).rejects.toBeInstanceOf(ForbiddenException);
+
+      expect(userMock.delete).not.toHaveBeenCalled();
+    });
+
+    it('should delete user', async () => {
+      userMock.get.mockResolvedValue(userStub.user1);
+      userMock.update.mockResolvedValue(userStub.user1);
+
+      await expect(sut.delete(authStub.admin, userStub.user1.id, {})).resolves.toEqual(mapUserAdmin(userStub.user1));
+      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, {
+        status: UserStatus.DELETED,
+        deletedAt: expect.any(Date),
+      });
+    });
+
+    it('should force delete user', async () => {
+      userMock.get.mockResolvedValue(userStub.user1);
+      userMock.update.mockResolvedValue(userStub.user1);
+
+      await expect(sut.delete(authStub.admin, userStub.user1.id, { force: true })).resolves.toEqual(
+        mapUserAdmin(userStub.user1),
+      );
+
+      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, {
+        status: UserStatus.REMOVING,
+        deletedAt: expect.any(Date),
+      });
+      expect(jobMock.queue).toHaveBeenCalledWith({
+        name: JobName.USER_DELETION,
+        data: { id: userStub.user1.id, force: true },
+      });
+    });
+  });
+
+  describe('restore', () => {
+    it('should throw error if user could not be found', async () => {
+      userMock.get.mockResolvedValue(null);
+      await expect(sut.restore(authStub.admin, userStub.admin.id)).rejects.toThrowError(BadRequestException);
+      expect(userMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should restore an user', async () => {
+      userMock.get.mockResolvedValue(userStub.user1);
+      userMock.update.mockResolvedValue(userStub.user1);
+      await expect(sut.restore(authStub.admin, userStub.user1.id)).resolves.toEqual(mapUserAdmin(userStub.user1));
+      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, { status: UserStatus.ACTIVE, deletedAt: null });
+    });
+  });
+});
diff --git a/server/src/services/user-admin.service.ts b/server/src/services/user-admin.service.ts
new file mode 100644
index 0000000000..1b93f96e71
--- /dev/null
+++ b/server/src/services/user-admin.service.ts
@@ -0,0 +1,154 @@
+import { BadRequestException, ForbiddenException, Inject, Injectable } from '@nestjs/common';
+import { SALT_ROUNDS } from 'src/constants';
+import { UserCore } from 'src/cores/user.core';
+import { AuthDto } from 'src/dtos/auth.dto';
+import {
+  UserAdminCreateDto,
+  UserAdminDeleteDto,
+  UserAdminResponseDto,
+  UserAdminSearchDto,
+  UserAdminUpdateDto,
+  mapUserAdmin,
+} from 'src/dtos/user.dto';
+import { UserMetadataKey } from 'src/entities/user-metadata.entity';
+import { UserStatus } from 'src/entities/user.entity';
+import { IAlbumRepository } from 'src/interfaces/album.interface';
+import { ICryptoRepository } from 'src/interfaces/crypto.interface';
+import { IJobRepository, JobName } from 'src/interfaces/job.interface';
+import { ILoggerRepository } from 'src/interfaces/logger.interface';
+import { IUserRepository, UserFindOptions } from 'src/interfaces/user.interface';
+import { getPreferences, getPreferencesPartial } from 'src/utils/preferences';
+
+@Injectable()
+export class UserAdminService {
+  private userCore: UserCore;
+
+  constructor(
+    @Inject(IAlbumRepository) private albumRepository: IAlbumRepository,
+    @Inject(ICryptoRepository) private cryptoRepository: ICryptoRepository,
+    @Inject(IJobRepository) private jobRepository: IJobRepository,
+    @Inject(IUserRepository) private userRepository: IUserRepository,
+    @Inject(ILoggerRepository) private logger: ILoggerRepository,
+  ) {
+    this.userCore = UserCore.create(cryptoRepository, userRepository);
+    this.logger.setContext(UserAdminService.name);
+  }
+
+  async search(auth: AuthDto, dto: UserAdminSearchDto): Promise<UserAdminResponseDto[]> {
+    const users = await this.userRepository.getList({ withDeleted: dto.withDeleted });
+    return users.map((user) => mapUserAdmin(user));
+  }
+
+  async create(dto: UserAdminCreateDto): Promise<UserAdminResponseDto> {
+    const { memoriesEnabled, notify, ...rest } = dto;
+    let user = await this.userCore.createUser(rest);
+
+    // TODO remove and replace with entire dto.preferences config
+    if (memoriesEnabled === false) {
+      await this.userRepository.upsertMetadata(user.id, {
+        key: UserMetadataKey.PREFERENCES,
+        value: { memories: { enabled: false } },
+      });
+
+      user = await this.findOrFail(user.id, {});
+    }
+
+    const tempPassword = user.shouldChangePassword ? rest.password : undefined;
+    if (notify) {
+      await this.jobRepository.queue({ name: JobName.NOTIFY_SIGNUP, data: { id: user.id, tempPassword } });
+    }
+    return mapUserAdmin(user);
+  }
+
+  async get(auth: AuthDto, id: string): Promise<UserAdminResponseDto> {
+    const user = await this.findOrFail(id, { withDeleted: true });
+    return mapUserAdmin(user);
+  }
+
+  async update(auth: AuthDto, id: string, dto: UserAdminUpdateDto): Promise<UserAdminResponseDto> {
+    const user = await this.findOrFail(id, {});
+
+    if (dto.quotaSizeInBytes && user.quotaSizeInBytes !== dto.quotaSizeInBytes) {
+      await this.userRepository.syncUsage(id);
+    }
+
+    // TODO replace with entire preferences object
+    if (dto.memoriesEnabled !== undefined || dto.avatarColor) {
+      const newPreferences = getPreferences(user);
+      if (dto.memoriesEnabled !== undefined) {
+        newPreferences.memories.enabled = dto.memoriesEnabled;
+        delete dto.memoriesEnabled;
+      }
+
+      if (dto.avatarColor) {
+        newPreferences.avatar.color = dto.avatarColor;
+        delete dto.avatarColor;
+      }
+
+      await this.userRepository.upsertMetadata(id, {
+        key: UserMetadataKey.PREFERENCES,
+        value: getPreferencesPartial(user, newPreferences),
+      });
+    }
+
+    if (dto.email) {
+      const duplicate = await this.userRepository.getByEmail(dto.email);
+      if (duplicate && duplicate.id !== id) {
+        throw new BadRequestException('Email already in use by another account');
+      }
+    }
+
+    if (dto.storageLabel) {
+      const duplicate = await this.userRepository.getByStorageLabel(dto.storageLabel);
+      if (duplicate && duplicate.id !== id) {
+        throw new BadRequestException('Storage label already in use by another account');
+      }
+    }
+
+    if (dto.password) {
+      dto.password = await this.cryptoRepository.hashBcrypt(dto.password, SALT_ROUNDS);
+    }
+
+    if (dto.storageLabel === '') {
+      dto.storageLabel = null;
+    }
+
+    const updatedUser = await this.userRepository.update(id, { ...dto, updatedAt: new Date() });
+
+    return mapUserAdmin(updatedUser);
+  }
+
+  async delete(auth: AuthDto, id: string, dto: UserAdminDeleteDto): Promise<UserAdminResponseDto> {
+    const { force } = dto;
+    const { isAdmin } = await this.findOrFail(id, {});
+    if (isAdmin) {
+      throw new ForbiddenException('Cannot delete admin user');
+    }
+
+    await this.albumRepository.softDeleteAll(id);
+
+    const status = force ? UserStatus.REMOVING : UserStatus.DELETED;
+    const user = await this.userRepository.update(id, { status, deletedAt: new Date() });
+
+    if (force) {
+      await this.jobRepository.queue({ name: JobName.USER_DELETION, data: { id: user.id, force } });
+    }
+
+    return mapUserAdmin(user);
+  }
+
+  async restore(auth: AuthDto, id: string): Promise<UserAdminResponseDto> {
+    await this.findOrFail(id, { withDeleted: true });
+    await this.albumRepository.restoreAll(id);
+    const user = await this.userRepository.update(id, { deletedAt: null, status: UserStatus.ACTIVE });
+    return mapUserAdmin(user);
+  }
+
+  private async findOrFail(id: string, options: UserFindOptions) {
+    const user = await this.userRepository.get(id, options);
+    if (!user) {
+      throw new BadRequestException('User not found');
+    }
+    return user;
+  }
+}
diff --git a/server/src/services/user.service.spec.ts b/server/src/services/user.service.spec.ts
index 0b0cdb5699..bc4a1e2874 100644
--- a/server/src/services/user.service.spec.ts
+++ b/server/src/services/user.service.spec.ts
@@ -1,11 +1,5 @@
-import {
-  BadRequestException,
-  ForbiddenException,
-  InternalServerErrorException,
-  NotFoundException,
-} from '@nestjs/common';
-import { UpdateUserDto, mapUser } from 'src/dtos/user.dto';
-import { UserEntity, UserStatus } from 'src/entities/user.entity';
+import { BadRequestException, InternalServerErrorException, NotFoundException } from '@nestjs/common';
+import { UserEntity } from 'src/entities/user.entity';
 import { IAlbumRepository } from 'src/interfaces/album.interface';
 import { ICryptoRepository } from 'src/interfaces/crypto.interface';
 import { IJobRepository, JobName } from 'src/interfaces/job.interface';
@@ -63,13 +57,13 @@ describe(UserService.name, () => {
   describe('getAll', () => {
     it('should get all users', async () => {
       userMock.getList.mockResolvedValue([userStub.admin]);
-      await expect(sut.getAll(authStub.admin, false)).resolves.toEqual([
+      await expect(sut.search()).resolves.toEqual([
         expect.objectContaining({
           id: authStub.admin.user.id,
           email: authStub.admin.user.email,
         }),
       ]);
-      expect(userMock.getList).toHaveBeenCalledWith({ withDeleted: true });
+      expect(userMock.getList).toHaveBeenCalledWith({ withDeleted: false });
     });
   });
 
@@ -82,255 +76,17 @@ describe(UserService.name, () => {
 
     it('should throw an error if a user is not found', async () => {
       userMock.get.mockResolvedValue(null);
-      await expect(sut.get(authStub.admin.user.id)).rejects.toBeInstanceOf(NotFoundException);
+      await expect(sut.get(authStub.admin.user.id)).rejects.toBeInstanceOf(BadRequestException);
       expect(userMock.get).toHaveBeenCalledWith(authStub.admin.user.id, { withDeleted: false });
     });
   });
 
   describe('getMe', () => {
-    it("should get the auth user's info", async () => {
-      userMock.get.mockResolvedValue(userStub.admin);
-      await sut.getMe(authStub.admin);
-      expect(userMock.get).toHaveBeenCalledWith(authStub.admin.user.id, {});
-    });
-
-    it('should throw an error if a user is not found', async () => {
-      userMock.get.mockResolvedValue(null);
-      await expect(sut.getMe(authStub.admin)).rejects.toBeInstanceOf(BadRequestException);
-      expect(userMock.get).toHaveBeenCalledWith(authStub.admin.user.id, {});
-    });
-  });
-
-  describe('update', () => {
-    it('should update user', async () => {
-      const update: UpdateUserDto = {
-        id: userStub.user1.id,
-        shouldChangePassword: true,
-        email: 'immich@test.com',
-        storageLabel: 'storage_label',
-      };
-      userMock.getByEmail.mockResolvedValue(null);
-      userMock.getByStorageLabel.mockResolvedValue(null);
-      userMock.update.mockResolvedValue(userStub.user1);
-
-      await sut.update({ user: { ...authStub.user1.user, isAdmin: true } }, update);
-
-      expect(userMock.getByEmail).toHaveBeenCalledWith(update.email);
-      expect(userMock.getByStorageLabel).toHaveBeenCalledWith(update.storageLabel);
-    });
-
-    it('should not set an empty string for storage label', async () => {
-      userMock.update.mockResolvedValue(userStub.user1);
-      await sut.update(authStub.admin, { id: userStub.user1.id, storageLabel: '' });
-      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, {
-        id: userStub.user1.id,
-        storageLabel: null,
-        updatedAt: expect.any(Date),
-      });
-    });
-
-    it('should omit a storage label set by non-admin users', async () => {
-      userMock.update.mockResolvedValue(userStub.user1);
-      await sut.update({ user: userStub.user1 }, { id: userStub.user1.id, storageLabel: 'admin' });
-      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, {
-        id: userStub.user1.id,
-        updatedAt: expect.any(Date),
-      });
-    });
-
-    it('user can only update its information', async () => {
-      userMock.get.mockResolvedValueOnce({
-        ...userStub.user1,
-        id: 'not_immich_auth_user_id',
-      });
-
-      const result = sut.update(
-        { user: userStub.user1 },
-        {
-          id: 'not_immich_auth_user_id',
-          password: 'I take over your account now',
-        },
-      );
-      await expect(result).rejects.toBeInstanceOf(ForbiddenException);
-    });
-
-    it('should let a user change their email', async () => {
-      const dto = { id: userStub.user1.id, email: 'updated@test.com' };
-
-      userMock.get.mockResolvedValue(userStub.user1);
-      userMock.update.mockResolvedValue(userStub.user1);
-
-      await sut.update({ user: userStub.user1 }, dto);
-
-      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, {
-        id: 'user-id',
-        email: 'updated@test.com',
-        updatedAt: expect.any(Date),
-      });
-    });
-
-    it('should not let a user change their email to one already in use', async () => {
-      const dto = { id: userStub.user1.id, email: 'updated@test.com' };
-
-      userMock.get.mockResolvedValue(userStub.user1);
-      userMock.getByEmail.mockResolvedValue(userStub.admin);
-
-      await expect(sut.update({ user: userStub.user1 }, dto)).rejects.toBeInstanceOf(BadRequestException);
-
-      expect(userMock.update).not.toHaveBeenCalled();
-    });
-
-    it('should not let the admin change the storage label to one already in use', async () => {
-      const dto = { id: userStub.user1.id, storageLabel: 'admin' };
-
-      userMock.get.mockResolvedValue(userStub.user1);
-      userMock.getByStorageLabel.mockResolvedValue(userStub.admin);
-
-      await expect(sut.update(authStub.admin, dto)).rejects.toBeInstanceOf(BadRequestException);
-
-      expect(userMock.update).not.toHaveBeenCalled();
-    });
-
-    it('admin can update any user information', async () => {
-      const update: UpdateUserDto = {
-        id: userStub.user1.id,
-        shouldChangePassword: true,
-      };
-
-      userMock.update.mockResolvedValueOnce(userStub.user1);
-      await sut.update(authStub.admin, update);
-      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, {
-        id: 'user-id',
-        shouldChangePassword: true,
-        updatedAt: expect.any(Date),
-      });
-    });
-
-    it('update user information should throw error if user not found', async () => {
-      userMock.get.mockResolvedValueOnce(null);
-
-      const result = sut.update(authStub.admin, {
-        id: userStub.user1.id,
-        shouldChangePassword: true,
-      });
-
-      await expect(result).rejects.toBeInstanceOf(BadRequestException);
-    });
-
-    it('should let the admin update himself', async () => {
-      const dto = { id: userStub.admin.id, shouldChangePassword: true, isAdmin: true };
-
-      userMock.update.mockResolvedValueOnce(userStub.admin);
-
-      await sut.update(authStub.admin, dto);
-
-      expect(userMock.update).toHaveBeenCalledWith(userStub.admin.id, { ...dto, updatedAt: expect.any(Date) });
-    });
-
-    it('should not let the another user become an admin', async () => {
-      const dto = { id: userStub.user1.id, shouldChangePassword: true, isAdmin: true };
-
-      userMock.get.mockResolvedValueOnce(userStub.user1);
-
-      await expect(sut.update(authStub.admin, dto)).rejects.toBeInstanceOf(BadRequestException);
-    });
-  });
-
-  describe('restore', () => {
-    it('should throw error if user could not be found', async () => {
-      userMock.get.mockResolvedValue(null);
-      await expect(sut.restore(authStub.admin, userStub.admin.id)).rejects.toThrowError(BadRequestException);
-      expect(userMock.update).not.toHaveBeenCalled();
-    });
-
-    it('should restore an user', async () => {
-      userMock.get.mockResolvedValue(userStub.user1);
-      userMock.update.mockResolvedValue(userStub.user1);
-      await expect(sut.restore(authStub.admin, userStub.user1.id)).resolves.toEqual(mapUser(userStub.user1));
-      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, { status: UserStatus.ACTIVE, deletedAt: null });
-    });
-  });
-
-  describe('delete', () => {
-    it('should throw error if user could not be found', async () => {
-      userMock.get.mockResolvedValue(null);
-
-      await expect(sut.delete(authStub.admin, userStub.admin.id, {})).rejects.toThrowError(BadRequestException);
-      expect(userMock.delete).not.toHaveBeenCalled();
-    });
-
-    it('cannot delete admin user', async () => {
-      await expect(sut.delete(authStub.admin, userStub.admin.id, {})).rejects.toBeInstanceOf(ForbiddenException);
-    });
-
-    it('should require the auth user be an admin', async () => {
-      await expect(sut.delete(authStub.user1, authStub.admin.user.id, {})).rejects.toBeInstanceOf(ForbiddenException);
-
-      expect(userMock.delete).not.toHaveBeenCalled();
-    });
-
-    it('should delete user', async () => {
-      userMock.get.mockResolvedValue(userStub.user1);
-      userMock.update.mockResolvedValue(userStub.user1);
-
-      await expect(sut.delete(authStub.admin, userStub.user1.id, {})).resolves.toEqual(mapUser(userStub.user1));
-      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, {
-        status: UserStatus.DELETED,
-        deletedAt: expect.any(Date),
-      });
-    });
-
-    it('should force delete user', async () => {
-      userMock.get.mockResolvedValue(userStub.user1);
-      userMock.update.mockResolvedValue(userStub.user1);
-
-      await expect(sut.delete(authStub.admin, userStub.user1.id, { force: true })).resolves.toEqual(
-        mapUser(userStub.user1),
-      );
-
-      expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, {
-        status: UserStatus.REMOVING,
-        deletedAt: expect.any(Date),
-      });
-      expect(jobMock.queue).toHaveBeenCalledWith({
-        name: JobName.USER_DELETION,
-        data: { id: userStub.user1.id, force: true },
-      });
-    });
-  });
-
-  describe('create', () => {
-    it('should not create a user if there is no local admin account', async () => {
-      userMock.getAdmin.mockResolvedValueOnce(null);
-
-      await expect(
-        sut.create({
-          email: 'john_smith@email.com',
-          name: 'John Smith',
-          password: 'password',
-        }),
-      ).rejects.toBeInstanceOf(BadRequestException);
-    });
-
-    it('should create user', async () => {
-      userMock.getAdmin.mockResolvedValue(userStub.admin);
-      userMock.create.mockResolvedValue(userStub.user1);
-
-      await expect(
-        sut.create({
-          email: userStub.user1.email,
-          name: userStub.user1.name,
-          password: 'password',
-          storageLabel: 'label',
-        }),
-      ).resolves.toEqual(mapUser(userStub.user1));
-
-      expect(userMock.getAdmin).toBeCalled();
-      expect(userMock.create).toBeCalledWith({
-        email: userStub.user1.email,
-        name: userStub.user1.name,
-        storageLabel: 'label',
-        password: expect.anything(),
+    it("should get the auth user's info", () => {
+      const user = authStub.admin.user;
+      expect(sut.getMe(authStub.admin)).toMatchObject({
+        id: user.id,
+        email: user.email,
       });
     });
   });
diff --git a/server/src/services/user.service.ts b/server/src/services/user.service.ts
index bb3313e4a9..1f36501051 100644
--- a/server/src/services/user.service.ts
+++ b/server/src/services/user.service.ts
@@ -1,13 +1,13 @@
-import { BadRequestException, ForbiddenException, Inject, Injectable, NotFoundException } from '@nestjs/common';
+import { BadRequestException, Inject, Injectable, NotFoundException } from '@nestjs/common';
 import { DateTime } from 'luxon';
+import { SALT_ROUNDS } from 'src/constants';
 import { StorageCore, StorageFolder } from 'src/cores/storage.core';
 import { SystemConfigCore } from 'src/cores/system-config.core';
-import { UserCore } from 'src/cores/user.core';
 import { AuthDto } from 'src/dtos/auth.dto';
 import { CreateProfileImageResponseDto, mapCreateProfileImageResponse } from 'src/dtos/user-profile.dto';
-import { CreateUserDto, DeleteUserDto, UpdateUserDto, UserResponseDto, mapUser } from 'src/dtos/user.dto';
+import { UserAdminResponseDto, UserResponseDto, UserUpdateMeDto, mapUser, mapUserAdmin } from 'src/dtos/user.dto';
 import { UserMetadataKey } from 'src/entities/user-metadata.entity';
-import { UserEntity, UserStatus } from 'src/entities/user.entity';
+import { UserEntity } from 'src/entities/user.entity';
 import { IAlbumRepository } from 'src/interfaces/album.interface';
 import { ICryptoRepository } from 'src/interfaces/crypto.interface';
 import { IEntityJob, IJobRepository, JobName, JobStatus } from 'src/interfaces/job.interface';
@@ -21,73 +21,30 @@ import { getPreferences, getPreferencesPartial } from 'src/utils/preferences';
 @Injectable()
 export class UserService {
   private configCore: SystemConfigCore;
-  private userCore: UserCore;
 
   constructor(
     @Inject(IAlbumRepository) private albumRepository: IAlbumRepository,
-    @Inject(ICryptoRepository) cryptoRepository: ICryptoRepository,
+    @Inject(ICryptoRepository) private cryptoRepository: ICryptoRepository,
     @Inject(IJobRepository) private jobRepository: IJobRepository,
     @Inject(IStorageRepository) private storageRepository: IStorageRepository,
     @Inject(ISystemMetadataRepository) systemMetadataRepository: ISystemMetadataRepository,
     @Inject(IUserRepository) private userRepository: IUserRepository,
     @Inject(ILoggerRepository) private logger: ILoggerRepository,
   ) {
-    this.userCore = UserCore.create(cryptoRepository, userRepository);
     this.logger.setContext(UserService.name);
     this.configCore = SystemConfigCore.create(systemMetadataRepository, this.logger);
   }
 
-  async listUsers(): Promise<UserResponseDto[]> {
-    const users = await this.userRepository.getList({ withDeleted: true });
+  async search(): Promise<UserResponseDto[]> {
+    const users = await this.userRepository.getList({ withDeleted: false });
     return users.map((user) => mapUser(user));
   }
 
-  async getAll(auth: AuthDto, isAll: boolean): Promise<UserResponseDto[]> {
-    const users = await this.userRepository.getList({ withDeleted: !isAll });
-    return users.map((user) => mapUser(user));
+  getMe(auth: AuthDto): UserAdminResponseDto {
+    return mapUserAdmin(auth.user);
   }
 
-  async get(userId: string): Promise<UserResponseDto> {
-    const user = await this.userRepository.get(userId, { withDeleted: false });
-    if (!user) {
-      throw new NotFoundException('User not found');
-    }
-
-    return mapUser(user);
-  }
-
-  getMe(auth: AuthDto): Promise<UserResponseDto> {
-    return this.findOrFail(auth.user.id, {}).then(mapUser);
-  }
-
-  async create(dto: CreateUserDto): Promise<UserResponseDto> {
-    const { memoriesEnabled, notify, ...rest } = dto;
-    let user = await this.userCore.createUser(rest);
-
-    // TODO remove and replace with entire dto.preferences config
-    if (memoriesEnabled === false) {
-      await this.userRepository.upsertMetadata(user.id, {
-        key: UserMetadataKey.PREFERENCES,
-        value: { memories: { enabled: false } },
-      });
-
-      user = await this.findOrFail(user.id, {});
-    }
-
-    const tempPassword = user.shouldChangePassword ? rest.password : undefined;
-    if (notify) {
-      await this.jobRepository.queue({ name: JobName.NOTIFY_SIGNUP, data: { id: user.id, tempPassword } });
-    }
-    return mapUser(user);
-  }
-
-  async update(auth: AuthDto, dto: UpdateUserDto): Promise<UserResponseDto> {
-    const user = await this.findOrFail(dto.id, {});
-
-    if (dto.quotaSizeInBytes && user.quotaSizeInBytes !== dto.quotaSizeInBytes) {
-      await this.userRepository.syncUsage(dto.id);
-    }
-
+  async updateMe({ user }: AuthDto, dto: UserUpdateMeDto): Promise<UserAdminResponseDto> {
     // TODO replace with entire preferences object
     if (dto.memoriesEnabled !== undefined || dto.avatarColor) {
       const newPreferences = getPreferences(user);
@@ -101,42 +58,40 @@ export class UserService {
         delete dto.avatarColor;
       }
 
-      await this.userRepository.upsertMetadata(dto.id, {
+      await this.userRepository.upsertMetadata(user.id, {
         key: UserMetadataKey.PREFERENCES,
         value: getPreferencesPartial(user, newPreferences),
       });
     }
 
-    const updatedUser = await this.userCore.updateUser(auth.user, dto.id, dto);
+    if (dto.email) {
+      const duplicate = await this.userRepository.getByEmail(dto.email);
+      if (duplicate && duplicate.id !== user.id) {
+        throw new BadRequestException('Email already in use by another account');
+      }
+    }
 
-    return mapUser(updatedUser);
+    const update: Partial<UserEntity> = {
+      email: dto.email,
+      name: dto.name,
+    };
+
+    if (dto.password) {
+      const hashedPassword = await this.cryptoRepository.hashBcrypt(dto.password, SALT_ROUNDS);
+      update.password = hashedPassword;
+      update.shouldChangePassword = false;
+    }
+
+    const updatedUser = await this.userRepository.update(user.id, update);
+
+    return mapUserAdmin(updatedUser);
   }
 
-  async delete(auth: AuthDto, id: string, dto: DeleteUserDto): Promise<UserResponseDto> {
-    const { force } = dto;
-    const { isAdmin } = await this.findOrFail(id, {});
-    if (isAdmin) {
-      throw new ForbiddenException('Cannot delete admin user');
-    }
-
-    await this.albumRepository.softDeleteAll(id);
-
-    const status = force ? UserStatus.REMOVING : UserStatus.DELETED;
-    const user = await this.userRepository.update(id, { status, deletedAt: new Date() });
-
-    if (force) {
-      await this.jobRepository.queue({ name: JobName.USER_DELETION, data: { id: user.id, force } });
-    }
-
+  async get(id: string): Promise<UserResponseDto> {
+    const user = await this.findOrFail(id, { withDeleted: false });
     return mapUser(user);
   }
 
-  async restore(auth: AuthDto, id: string): Promise<UserResponseDto> {
-    await this.findOrFail(id, { withDeleted: true });
-    await this.albumRepository.restoreAll(id);
-    return this.userRepository.update(id, { deletedAt: null, status: UserStatus.ACTIVE }).then(mapUser);
-  }
-
   async createProfileImage(auth: AuthDto, fileInfo: Express.Multer.File): Promise<CreateProfileImageResponseDto> {
     const { profileImagePath: oldpath } = await this.findOrFail(auth.user.id, { withDeleted: false });
     const updatedUser = await this.userRepository.update(auth.user.id, { profileImagePath: fileInfo.path });
diff --git a/server/src/validation.ts b/server/src/validation.ts
index bc1dbae819..6fb1684c06 100644
--- a/server/src/validation.ts
+++ b/server/src/validation.ts
@@ -154,7 +154,7 @@ export function validateCronExpression(expression: string) {
 
 type IValue = { value: string };
 
-export const toEmail = ({ value }: IValue) => value?.toLowerCase();
+export const toEmail = ({ value }: IValue) => (value ? value.toLowerCase() : value);
 
 export const toSanitized = ({ value }: IValue) => sanitize((value || '').replaceAll('.', ''));
 
diff --git a/web/src/lib/components/admin-page/delete-confirm-dialogue.svelte b/web/src/lib/components/admin-page/delete-confirm-dialogue.svelte
index cda78daa28..94112a70ac 100644
--- a/web/src/lib/components/admin-page/delete-confirm-dialogue.svelte
+++ b/web/src/lib/components/admin-page/delete-confirm-dialogue.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
   import ConfirmDialogue from '$lib/components/shared-components/confirm-dialogue.svelte';
   import { handleError } from '$lib/utils/handle-error';
-  import { deleteUser, type UserResponseDto } from '@immich/sdk';
+  import { deleteUserAdmin, type UserResponseDto } from '@immich/sdk';
   import { serverConfig } from '$lib/stores/server-config.store';
   import { createEventDispatcher } from 'svelte';
   import Checkbox from '$lib/components/elements/checkbox.svelte';
@@ -20,9 +20,9 @@
 
   const handleDeleteUser = async () => {
     try {
-      const { deletedAt } = await deleteUser({
+      const { deletedAt } = await deleteUserAdmin({
         id: user.id,
-        deleteUserDto: { force: forceDelete },
+        userAdminDeleteDto: { force: forceDelete },
       });
 
       if (deletedAt == undefined) {
diff --git a/web/src/lib/components/admin-page/restore-dialogue.svelte b/web/src/lib/components/admin-page/restore-dialogue.svelte
index 44edb1e7aa..5b308d2f51 100644
--- a/web/src/lib/components/admin-page/restore-dialogue.svelte
+++ b/web/src/lib/components/admin-page/restore-dialogue.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
   import ConfirmDialogue from '$lib/components/shared-components/confirm-dialogue.svelte';
   import { handleError } from '$lib/utils/handle-error';
-  import { restoreUser, type UserResponseDto } from '@immich/sdk';
+  import { restoreUserAdmin, type UserResponseDto } from '@immich/sdk';
   import { createEventDispatcher } from 'svelte';
 
   export let user: UserResponseDto;
@@ -14,7 +14,7 @@
 
   const handleRestoreUser = async () => {
     try {
-      const { deletedAt } = await restoreUser({ id: user.id });
+      const { deletedAt } = await restoreUserAdmin({ id: user.id });
       if (deletedAt == undefined) {
         dispatch('success');
       } else {
diff --git a/web/src/lib/components/album-page/share-info-modal.svelte b/web/src/lib/components/album-page/share-info-modal.svelte
index 2a586aec15..b8cee9c341 100644
--- a/web/src/lib/components/album-page/share-info-modal.svelte
+++ b/web/src/lib/components/album-page/share-info-modal.svelte
@@ -1,6 +1,6 @@
 <script lang="ts">
   import {
-    getMyUserInfo,
+    getMyUser,
     removeUserFromAlbum,
     type AlbumResponseDto,
     type UserResponseDto,
@@ -36,7 +36,7 @@
 
   onMount(async () => {
     try {
-      currentUser = await getMyUserInfo();
+      currentUser = await getMyUser();
     } catch (error) {
       handleError(error, 'Unable to refresh user');
     }
diff --git a/web/src/lib/components/album-page/user-selection-modal.svelte b/web/src/lib/components/album-page/user-selection-modal.svelte
index 78947c2032..f436c01c0e 100644
--- a/web/src/lib/components/album-page/user-selection-modal.svelte
+++ b/web/src/lib/components/album-page/user-selection-modal.svelte
@@ -7,7 +7,7 @@
   import {
     AlbumUserRole,
     getAllSharedLinks,
-    getAllUsers,
+    searchUsers,
     type AlbumResponseDto,
     type AlbumUserAddDto,
     type SharedLinkResponseDto,
@@ -36,10 +36,10 @@
   let sharedLinks: SharedLinkResponseDto[] = [];
   onMount(async () => {
     await getSharedLinks();
-    const data = await getAllUsers({ isAll: false });
+    const data = await searchUsers();
 
-    // remove invalid users
-    users = data.filter((user) => !(user.deletedAt || user.id === album.ownerId));
+    // remove album owner
+    users = data.filter((user) => user.id !== album.ownerId);
 
     // Remove the existed shared users from the album
     for (const sharedUser of album.albumUsers) {
diff --git a/web/src/lib/components/forms/change-password-form.svelte b/web/src/lib/components/forms/change-password-form.svelte
index 8e0d4d6f82..9736ed7821 100644
--- a/web/src/lib/components/forms/change-password-form.svelte
+++ b/web/src/lib/components/forms/change-password-form.svelte
@@ -2,9 +2,8 @@
   import { createEventDispatcher } from 'svelte';
   import Button from '../elements/buttons/button.svelte';
   import PasswordField from '../shared-components/password-field.svelte';
-  import { updateUser, type UserResponseDto } from '@immich/sdk';
+  import { updateMyUser } from '@immich/sdk';
 
-  export let user: UserResponseDto;
   let errorMessage: string;
   let success: string;
 
@@ -31,13 +30,7 @@
     if (valid) {
       errorMessage = '';
 
-      await updateUser({
-        updateUserDto: {
-          id: user.id,
-          password: String(password),
-          shouldChangePassword: false,
-        },
-      });
+      await updateMyUser({ userUpdateMeDto: { password: String(password) } });
 
       dispatch('success');
     }
diff --git a/web/src/lib/components/forms/create-user-form.svelte b/web/src/lib/components/forms/create-user-form.svelte
index 9094e4b4f6..5a8c8dc37b 100644
--- a/web/src/lib/components/forms/create-user-form.svelte
+++ b/web/src/lib/components/forms/create-user-form.svelte
@@ -2,7 +2,7 @@
   import { serverInfo } from '$lib/stores/server-info.store';
   import { convertToBytes } from '$lib/utils/byte-converter';
   import { handleError } from '$lib/utils/handle-error';
-  import { createUser } from '@immich/sdk';
+  import { createUserAdmin } from '@immich/sdk';
   import { createEventDispatcher } from 'svelte';
   import Button from '../elements/buttons/button.svelte';
   import PasswordField from '../shared-components/password-field.svelte';
@@ -49,8 +49,8 @@
       error = '';
 
       try {
-        await createUser({
-          createUserDto: {
+        await createUserAdmin({
+          userAdminCreateDto: {
             email,
             password,
             shouldChangePassword,
diff --git a/web/src/lib/components/forms/edit-user-form.svelte b/web/src/lib/components/forms/edit-user-form.svelte
index c392bbc935..9222892701 100644
--- a/web/src/lib/components/forms/edit-user-form.svelte
+++ b/web/src/lib/components/forms/edit-user-form.svelte
@@ -1,16 +1,16 @@
 <script lang="ts">
   import ConfirmDialogue from '$lib/components/shared-components/confirm-dialogue.svelte';
+  import FullScreenModal from '$lib/components/shared-components/full-screen-modal.svelte';
   import { AppRoute } from '$lib/constants';
   import { serverInfo } from '$lib/stores/server-info.store';
   import { convertFromBytes, convertToBytes } from '$lib/utils/byte-converter';
   import { handleError } from '$lib/utils/handle-error';
-  import { updateUser, type UserResponseDto } from '@immich/sdk';
+  import { updateUserAdmin, type UserAdminResponseDto } from '@immich/sdk';
+  import { mdiAccountEditOutline } from '@mdi/js';
   import { createEventDispatcher } from 'svelte';
   import Button from '../elements/buttons/button.svelte';
-  import FullScreenModal from '$lib/components/shared-components/full-screen-modal.svelte';
-  import { mdiAccountEditOutline } from '@mdi/js';
 
-  export let user: UserResponseDto;
+  export let user: UserAdminResponseDto;
   export let canResetPassword = true;
   export let newPassword: string;
   export let onClose: () => void;
@@ -36,9 +36,9 @@
   const editUser = async () => {
     try {
       const { id, email, name, storageLabel } = user;
-      await updateUser({
-        updateUserDto: {
-          id,
+      await updateUserAdmin({
+        id,
+        userAdminUpdateDto: {
           email,
           name,
           storageLabel: storageLabel || '',
@@ -56,9 +56,9 @@
     try {
       newPassword = generatePassword();
 
-      await updateUser({
-        updateUserDto: {
-          id: user.id,
+      await updateUserAdmin({
+        id: user.id,
+        userAdminUpdateDto: {
           password: newPassword,
           shouldChangePassword: true,
         },
diff --git a/web/src/lib/components/forms/library-user-picker-form.svelte b/web/src/lib/components/forms/library-user-picker-form.svelte
index 523ec0718c..07da560b82 100644
--- a/web/src/lib/components/forms/library-user-picker-form.svelte
+++ b/web/src/lib/components/forms/library-user-picker-form.svelte
@@ -4,7 +4,7 @@
   import FullScreenModal from '../shared-components/full-screen-modal.svelte';
   import { mdiFolderSync } from '@mdi/js';
   import { onMount } from 'svelte';
-  import { getAllUsers } from '@immich/sdk';
+  import { searchUsersAdmin } from '@immich/sdk';
   import { user } from '$lib/stores/user.store';
   import SettingSelect from '$lib/components/shared-components/settings/setting-select.svelte';
 
@@ -13,7 +13,7 @@
   let userOptions: { value: string; text: string }[] = [];
 
   onMount(async () => {
-    const users = await getAllUsers({ isAll: true });
+    const users = await searchUsersAdmin({});
     userOptions = users.map((user) => ({ value: user.id, text: user.name }));
   });
 
diff --git a/web/src/lib/components/shared-components/navigation-bar/account-info-panel.svelte b/web/src/lib/components/shared-components/navigation-bar/account-info-panel.svelte
index 1dec6019b7..3eab813d3a 100644
--- a/web/src/lib/components/shared-components/navigation-bar/account-info-panel.svelte
+++ b/web/src/lib/components/shared-components/navigation-bar/account-info-panel.svelte
@@ -4,7 +4,7 @@
   import { AppRoute } from '$lib/constants';
   import { user } from '$lib/stores/user.store';
   import { handleError } from '$lib/utils/handle-error';
-  import { deleteProfileImage, updateUser, type UserAvatarColor } from '@immich/sdk';
+  import { deleteProfileImage, updateMyUser, type UserAvatarColor } from '@immich/sdk';
   import { mdiCog, mdiLogout, mdiPencil } from '@mdi/js';
   import { createEventDispatcher } from 'svelte';
   import { fade } from 'svelte/transition';
@@ -27,9 +27,8 @@
         await deleteProfileImage();
       }
 
-      $user = await updateUser({
-        updateUserDto: {
-          id: $user.id,
+      $user = await updateMyUser({
+        userUpdateMeDto: {
           email: $user.email,
           name: $user.name,
           avatarColor: color,
diff --git a/web/src/lib/components/user-settings-page/memories-settings.svelte b/web/src/lib/components/user-settings-page/memories-settings.svelte
index 28be6570cc..dcd7033aa4 100644
--- a/web/src/lib/components/user-settings-page/memories-settings.svelte
+++ b/web/src/lib/components/user-settings-page/memories-settings.svelte
@@ -3,23 +3,18 @@
     notificationController,
     NotificationType,
   } from '$lib/components/shared-components/notification/notification';
-  import { updateUser, type UserResponseDto } from '@immich/sdk';
+  import { updateMyUser, type UserAdminResponseDto } from '@immich/sdk';
   import { fade } from 'svelte/transition';
   import { handleError } from '../../utils/handle-error';
 
-  import Button from '../elements/buttons/button.svelte';
   import SettingSwitch from '$lib/components/shared-components/settings/setting-switch.svelte';
+  import Button from '../elements/buttons/button.svelte';
 
-  export let user: UserResponseDto;
+  export let user: UserAdminResponseDto;
 
   const handleSave = async () => {
     try {
-      const data = await updateUser({
-        updateUserDto: {
-          id: user.id,
-          memoriesEnabled: user.memoriesEnabled,
-        },
-      });
+      const data = await updateMyUser({ userUpdateMeDto: { memoriesEnabled: user.memoriesEnabled } });
 
       Object.assign(user, data);
 
diff --git a/web/src/lib/components/user-settings-page/oauth-settings.svelte b/web/src/lib/components/user-settings-page/oauth-settings.svelte
index e17acd1678..cd10877ffd 100644
--- a/web/src/lib/components/user-settings-page/oauth-settings.svelte
+++ b/web/src/lib/components/user-settings-page/oauth-settings.svelte
@@ -2,7 +2,7 @@
   import { goto } from '$app/navigation';
   import { featureFlags } from '$lib/stores/server-config.store';
   import { oauth } from '$lib/utils';
-  import { type UserResponseDto } from '@immich/sdk';
+  import { type UserAdminResponseDto } from '@immich/sdk';
   import { onMount } from 'svelte';
   import { fade } from 'svelte/transition';
   import { handleError } from '../../utils/handle-error';
@@ -10,7 +10,7 @@
   import LoadingSpinner from '../shared-components/loading-spinner.svelte';
   import { notificationController, NotificationType } from '../shared-components/notification/notification';
 
-  export let user: UserResponseDto;
+  export let user: UserAdminResponseDto;
 
   let loading = true;
 
diff --git a/web/src/lib/components/user-settings-page/partner-selection-modal.svelte b/web/src/lib/components/user-settings-page/partner-selection-modal.svelte
index 7d68877d91..499c8523cc 100644
--- a/web/src/lib/components/user-settings-page/partner-selection-modal.svelte
+++ b/web/src/lib/components/user-settings-page/partner-selection-modal.svelte
@@ -1,5 +1,5 @@
 <script lang="ts">
-  import { getAllUsers, getPartners, type UserResponseDto } from '@immich/sdk';
+  import { searchUsers, getPartners, type UserResponseDto } from '@immich/sdk';
   import { createEventDispatcher, onMount } from 'svelte';
   import Button from '../elements/buttons/button.svelte';
   import UserAvatar from '../shared-components/user-avatar.svelte';
@@ -14,11 +14,10 @@
   const dispatch = createEventDispatcher<{ 'add-users': UserResponseDto[] }>();
 
   onMount(async () => {
-    // TODO: update endpoint to have a query param for deleted users
-    let users = await getAllUsers({ isAll: false });
+    let users = await searchUsers();
 
-    // remove invalid users
-    users = users.filter((_user) => !(_user.deletedAt || _user.id === user.id));
+    // remove current user
+    users = users.filter((_user) => _user.id !== user.id);
 
     // exclude partners from the list of users available for selection
     const partners = await getPartners({ direction: 'shared-by' });
diff --git a/web/src/lib/components/user-settings-page/user-profile-settings.svelte b/web/src/lib/components/user-settings-page/user-profile-settings.svelte
index 053d852dda..d239fcdf5a 100644
--- a/web/src/lib/components/user-settings-page/user-profile-settings.svelte
+++ b/web/src/lib/components/user-settings-page/user-profile-settings.svelte
@@ -3,23 +3,22 @@
     notificationController,
     NotificationType,
   } from '$lib/components/shared-components/notification/notification';
-  import { fade } from 'svelte/transition';
-  import { handleError } from '../../utils/handle-error';
-  import Button from '../elements/buttons/button.svelte';
-  import { user } from '$lib/stores/user.store';
-  import { cloneDeep } from 'lodash-es';
-  import { updateUser } from '@immich/sdk';
   import SettingInputField, {
     SettingInputFieldType,
   } from '$lib/components/shared-components/settings/setting-input-field.svelte';
+  import { user } from '$lib/stores/user.store';
+  import { updateMyUser } from '@immich/sdk';
+  import { cloneDeep } from 'lodash-es';
+  import { fade } from 'svelte/transition';
+  import { handleError } from '../../utils/handle-error';
+  import Button from '../elements/buttons/button.svelte';
 
   let editedUser = cloneDeep($user);
 
   const handleSaveProfile = async () => {
     try {
-      const data = await updateUser({
-        updateUserDto: {
-          id: editedUser.id,
+      const data = await updateMyUser({
+        userUpdateMeDto: {
           email: editedUser.email,
           name: editedUser.name,
         },
diff --git a/web/src/lib/stores/user.store.ts b/web/src/lib/stores/user.store.ts
index 0fc4e9e01d..506782f48a 100644
--- a/web/src/lib/stores/user.store.ts
+++ b/web/src/lib/stores/user.store.ts
@@ -1,12 +1,12 @@
-import type { UserResponseDto } from '@immich/sdk';
+import type { UserAdminResponseDto } from '@immich/sdk';
 import { writable } from 'svelte/store';
 
-export const user = writable<UserResponseDto>();
+export const user = writable<UserAdminResponseDto>();
 
 /**
  * Reset the store to its initial undefined value. Make sure to
  * only do this _after_ redirecting to an unauthenticated page.
  */
 export const resetSavedUser = () => {
-  user.set(undefined as unknown as UserResponseDto);
+  user.set(undefined as unknown as UserAdminResponseDto);
 };
diff --git a/web/src/lib/utils.ts b/web/src/lib/utils.ts
index 7d32501395..358f4467d4 100644
--- a/web/src/lib/utils.ts
+++ b/web/src/lib/utils.ts
@@ -11,7 +11,6 @@ import {
   startOAuth,
   unlinkOAuthAccount,
   type SharedLinkResponseDto,
-  type UserResponseDto,
 } from '@immich/sdk';
 import { mdiCogRefreshOutline, mdiDatabaseRefreshOutline, mdiImageRefreshOutline } from '@mdi/js';
 
@@ -264,7 +263,7 @@ export const oauth = {
   login: (location: Location) => {
     return finishOAuth({ oAuthCallbackDto: { url: location.href } });
   },
-  link: (location: Location): Promise<UserResponseDto> => {
+  link: (location: Location) => {
     return linkOAuthAccount({ oAuthCallbackDto: { url: location.href } });
   },
   unlink: () => {
diff --git a/web/src/lib/utils/auth.ts b/web/src/lib/utils/auth.ts
index 1fbc158f74..91beb0293f 100644
--- a/web/src/lib/utils/auth.ts
+++ b/web/src/lib/utils/auth.ts
@@ -1,7 +1,7 @@
 import { browser } from '$app/environment';
 import { serverInfo } from '$lib/stores/server-info.store';
 import { user } from '$lib/stores/user.store';
-import { getMyUserInfo, getStorage } from '@immich/sdk';
+import { getMyUser, getStorage } from '@immich/sdk';
 import { redirect } from '@sveltejs/kit';
 import { get } from 'svelte/store';
 import { AppRoute } from '../constants';
@@ -15,7 +15,7 @@ export const loadUser = async () => {
   try {
     let loaded = get(user);
     if (!loaded && hasAuthCookie()) {
-      loaded = await getMyUserInfo();
+      loaded = await getMyUser();
       user.set(loaded);
     }
     return loaded;
diff --git a/web/src/routes/(user)/partners/[userId]/[[photos=photos]]/[[assetId=id]]/+page.ts b/web/src/routes/(user)/partners/[userId]/[[photos=photos]]/[[assetId=id]]/+page.ts
index d5c38e5966..a01c79a93c 100644
--- a/web/src/routes/(user)/partners/[userId]/[[photos=photos]]/[[assetId=id]]/+page.ts
+++ b/web/src/routes/(user)/partners/[userId]/[[photos=photos]]/[[assetId=id]]/+page.ts
@@ -1,12 +1,12 @@
 import { authenticate } from '$lib/utils/auth';
 import { getAssetInfoFromParam } from '$lib/utils/navigation';
-import { getUserById } from '@immich/sdk';
+import { getUser } from '@immich/sdk';
 import type { PageLoad } from './$types';
 
 export const load = (async ({ params }) => {
   await authenticate();
 
-  const partner = await getUserById({ id: params.userId });
+  const partner = await getUser({ id: params.userId });
   const asset = await getAssetInfoFromParam(params);
   return {
     asset,
diff --git a/web/src/routes/admin/library-management/+page.svelte b/web/src/routes/admin/library-management/+page.svelte
index 8fdbd60d52..fe5cb2686f 100644
--- a/web/src/routes/admin/library-management/+page.svelte
+++ b/web/src/routes/admin/library-management/+page.svelte
@@ -23,7 +23,7 @@
     deleteLibrary,
     getAllLibraries,
     getLibraryStatistics,
-    getUserById,
+    getUserAdmin,
     removeOfflineFiles,
     scanLibrary,
     updateLibrary,
@@ -99,7 +99,7 @@
 
   const refreshStats = async (listIndex: number) => {
     stats[listIndex] = await getLibraryStatistics({ id: libraries[listIndex].id });
-    owner[listIndex] = await getUserById({ id: libraries[listIndex].ownerId });
+    owner[listIndex] = await getUserAdmin({ id: libraries[listIndex].ownerId });
     photos[listIndex] = stats[listIndex].photos;
     videos[listIndex] = stats[listIndex].videos;
     totalCount[listIndex] = stats[listIndex].total;
diff --git a/web/src/routes/admin/library-management/+page.ts b/web/src/routes/admin/library-management/+page.ts
index 78831d38c7..5cb90cd7f9 100644
--- a/web/src/routes/admin/library-management/+page.ts
+++ b/web/src/routes/admin/library-management/+page.ts
@@ -1,11 +1,11 @@
 import { authenticate, requestServerInfo } from '$lib/utils/auth';
-import { getAllUsers } from '@immich/sdk';
+import { searchUsersAdmin } from '@immich/sdk';
 import type { PageLoad } from './$types';
 
 export const load = (async () => {
   await authenticate({ admin: true });
   await requestServerInfo();
-  const allUsers = await getAllUsers({ isAll: false });
+  const allUsers = await searchUsersAdmin({ withDeleted: false });
 
   return {
     allUsers,
diff --git a/web/src/routes/admin/user-management/+page.svelte b/web/src/routes/admin/user-management/+page.svelte
index 8ced466595..0875f819b9 100644
--- a/web/src/routes/admin/user-management/+page.svelte
+++ b/web/src/routes/admin/user-management/+page.svelte
@@ -1,14 +1,15 @@
 <script lang="ts">
   import { page } from '$app/stores';
-  import ConfirmDialogue from '$lib/components/shared-components/confirm-dialogue.svelte';
   import DeleteConfirmDialog from '$lib/components/admin-page/delete-confirm-dialogue.svelte';
-  import LinkButton from '$lib/components/elements/buttons/link-button.svelte';
   import RestoreDialogue from '$lib/components/admin-page/restore-dialogue.svelte';
   import Button from '$lib/components/elements/buttons/button.svelte';
+  import CircleIconButton from '$lib/components/elements/buttons/circle-icon-button.svelte';
+  import LinkButton from '$lib/components/elements/buttons/link-button.svelte';
   import Icon from '$lib/components/elements/icon.svelte';
   import CreateUserForm from '$lib/components/forms/create-user-form.svelte';
   import EditUserForm from '$lib/components/forms/edit-user-form.svelte';
   import UserPageLayout from '$lib/components/layouts/user-page-layout.svelte';
+  import ConfirmDialogue from '$lib/components/shared-components/confirm-dialogue.svelte';
   import {
     NotificationType,
     notificationController,
@@ -17,28 +18,27 @@
   import { serverConfig } from '$lib/stores/server-config.store';
   import { user } from '$lib/stores/user.store';
   import { websocketEvents } from '$lib/stores/websocket';
-  import { asByteUnitString } from '$lib/utils/byte-units';
   import { copyToClipboard } from '$lib/utils';
-  import { UserStatus, getAllUsers, type UserResponseDto } from '@immich/sdk';
+  import { asByteUnitString } from '$lib/utils/byte-units';
+  import { UserStatus, searchUsersAdmin, type UserAdminResponseDto } from '@immich/sdk';
   import { mdiClose, mdiContentCopy, mdiDeleteRestore, mdiPencilOutline, mdiTrashCanOutline } from '@mdi/js';
   import { DateTime } from 'luxon';
   import { onMount } from 'svelte';
   import type { PageData } from './$types';
-  import CircleIconButton from '$lib/components/elements/buttons/circle-icon-button.svelte';
 
   export let data: PageData;
 
-  let allUsers: UserResponseDto[] = [];
+  let allUsers: UserAdminResponseDto[] = [];
   let shouldShowEditUserForm = false;
   let shouldShowCreateUserForm = false;
   let shouldShowPasswordResetSuccess = false;
   let shouldShowDeleteConfirmDialog = false;
   let shouldShowRestoreDialog = false;
-  let selectedUser: UserResponseDto;
+  let selectedUser: UserAdminResponseDto;
   let newPassword: string;
 
   const refresh = async () => {
-    allUsers = await getAllUsers({ isAll: false });
+    allUsers = await searchUsersAdmin({ withDeleted: true });
   };
 
   const onDeleteSuccess = (userId: string) => {
@@ -75,7 +75,7 @@
     shouldShowCreateUserForm = false;
   };
 
-  const editUserHandler = (user: UserResponseDto) => {
+  const editUserHandler = (user: UserAdminResponseDto) => {
     selectedUser = user;
     shouldShowEditUserForm = true;
   };
@@ -91,7 +91,7 @@
     shouldShowPasswordResetSuccess = true;
   };
 
-  const deleteUserHandler = (user: UserResponseDto) => {
+  const deleteUserHandler = (user: UserAdminResponseDto) => {
     selectedUser = user;
     shouldShowDeleteConfirmDialog = true;
   };
@@ -101,7 +101,7 @@
     shouldShowDeleteConfirmDialog = false;
   };
 
-  const restoreUserHandler = (user: UserResponseDto) => {
+  const restoreUserHandler = (user: UserAdminResponseDto) => {
     selectedUser = user;
     shouldShowRestoreDialog = true;
   };
diff --git a/web/src/routes/admin/user-management/+page.ts b/web/src/routes/admin/user-management/+page.ts
index e93cdc3c44..4c62e36c91 100644
--- a/web/src/routes/admin/user-management/+page.ts
+++ b/web/src/routes/admin/user-management/+page.ts
@@ -1,11 +1,11 @@
 import { authenticate, requestServerInfo } from '$lib/utils/auth';
-import { getAllUsers } from '@immich/sdk';
+import { searchUsersAdmin } from '@immich/sdk';
 import type { PageLoad } from './$types';
 
 export const load = (async () => {
   await authenticate({ admin: true });
   await requestServerInfo();
-  const allUsers = await getAllUsers({ isAll: false });
+  const allUsers = await searchUsersAdmin({ withDeleted: true });
 
   return {
     allUsers,
diff --git a/web/src/routes/auth/change-password/+page.svelte b/web/src/routes/auth/change-password/+page.svelte
index 277b3c0040..6f9bcf000f 100644
--- a/web/src/routes/auth/change-password/+page.svelte
+++ b/web/src/routes/auth/change-password/+page.svelte
@@ -25,5 +25,5 @@
     enter the new password below.
   </p>
 
-  <ChangePasswordForm user={$user} on:success={onSuccess} />
+  <ChangePasswordForm on:success={onSuccess} />
 </FullscreenContainer>
diff --git a/web/src/test-data/factories/user-factory.ts b/web/src/test-data/factories/user-factory.ts
index 563844e07d..24d75254d2 100644
--- a/web/src/test-data/factories/user-factory.ts
+++ b/web/src/test-data/factories/user-factory.ts
@@ -1,22 +1,11 @@
 import { faker } from '@faker-js/faker';
-import { UserAvatarColor, UserStatus, type UserResponseDto } from '@immich/sdk';
+import { UserAvatarColor, type UserResponseDto } from '@immich/sdk';
 import { Sync } from 'factory.ts';
 
 export const userFactory = Sync.makeFactory<UserResponseDto>({
   id: Sync.each(() => faker.string.uuid()),
   email: Sync.each(() => faker.internet.email()),
   name: Sync.each(() => faker.person.fullName()),
-  storageLabel: Sync.each(() => faker.string.alphanumeric()),
   profileImagePath: '',
-  shouldChangePassword: Sync.each(() => faker.datatype.boolean()),
-  isAdmin: true,
-  createdAt: Sync.each(() => faker.date.past().toISOString()),
-  deletedAt: null,
-  updatedAt: Sync.each(() => faker.date.past().toISOString()),
-  memoriesEnabled: true,
-  oauthId: '',
   avatarColor: UserAvatarColor.Primary,
-  quotaUsageInBytes: 0,
-  quotaSizeInBytes: null,
-  status: UserStatus.Active,
 });

From 11152f9b3db5ee8c6fb53b09aefe05df1ca22234 Mon Sep 17 00:00:00 2001
From: Conner Hnatiuk <46903591+ConnerWithAnE@users.noreply.github.com>
Date: Sun, 26 May 2024 18:13:32 -0600
Subject: [PATCH 05/14] fix(mobile): appBar on album viewer screen animates out
 and doesnt alter asset grid position (#9741)

* Animated out top bar added, currenlty need to move up current app bar as it is too far down

* album viewer appBar animates out and does not cause screen shift

* Formatting

---------

Co-authored-by: Alex <alex.tran1502@gmail.com>
---
 .../lib/pages/common/album_viewer.page.dart   |  42 ++++---
 .../album/album_viewer_editable_title.dart    | 104 +++++++++---------
 .../asset_grid/immich_asset_grid_view.dart    |   6 +-
 3 files changed, 84 insertions(+), 68 deletions(-)

diff --git a/mobile/lib/pages/common/album_viewer.page.dart b/mobile/lib/pages/common/album_viewer.page.dart
index a7cb8c218a..e1e0419d52 100644
--- a/mobile/lib/pages/common/album_viewer.page.dart
+++ b/mobile/lib/pages/common/album_viewer.page.dart
@@ -133,7 +133,7 @@ class AlbumViewerPage extends HookConsumerWidget {
 
     Widget buildTitle(Album album) {
       return Padding(
-        padding: const EdgeInsets.only(left: 8, right: 8, top: 24),
+        padding: const EdgeInsets.only(left: 8, right: 8),
         child: userId == album.ownerId && album.isRemote
             ? AlbumViewerEditableTitle(
                 album: album,
@@ -228,9 +228,30 @@ class AlbumViewerPage extends HookConsumerWidget {
     }
 
     return Scaffold(
-      appBar: ref.watch(multiselectProvider)
-          ? null
-          : album.when(
+      body: Stack(
+        children: [
+          album.widgetWhen(
+            onData: (data) => MultiselectGrid(
+              renderListProvider: albumRenderlistProvider(albumId),
+              topWidget: Column(
+                crossAxisAlignment: CrossAxisAlignment.start,
+                children: [
+                  buildHeader(data),
+                  if (data.isRemote) buildControlButton(data),
+                ],
+              ),
+              onRemoveFromAlbum: onRemoveFromAlbumPressed,
+              editEnabled: data.ownerId == userId,
+            ),
+          ),
+          AnimatedPositioned(
+            duration: const Duration(milliseconds: 300),
+            top: ref.watch(multiselectProvider)
+                ? -(kToolbarHeight + MediaQuery.of(context).padding.top)
+                : 0,
+            left: 0,
+            right: 0,
+            child: album.when(
               data: (data) => AlbumViewerAppbar(
                 titleFocusNode: titleFocusNode,
                 album: data,
@@ -242,19 +263,8 @@ class AlbumViewerPage extends HookConsumerWidget {
               error: (error, stackTrace) => AppBar(title: const Text("Error")),
               loading: () => AppBar(),
             ),
-      body: album.widgetWhen(
-        onData: (data) => MultiselectGrid(
-          renderListProvider: albumRenderlistProvider(albumId),
-          topWidget: Column(
-            crossAxisAlignment: CrossAxisAlignment.start,
-            children: [
-              buildHeader(data),
-              if (data.isRemote) buildControlButton(data),
-            ],
           ),
-          onRemoveFromAlbum: onRemoveFromAlbumPressed,
-          editEnabled: data.ownerId == userId,
-        ),
+        ],
       ),
     );
   }
diff --git a/mobile/lib/widgets/album/album_viewer_editable_title.dart b/mobile/lib/widgets/album/album_viewer_editable_title.dart
index 5114d7ba7f..788c61d8a4 100644
--- a/mobile/lib/widgets/album/album_viewer_editable_title.dart
+++ b/mobile/lib/widgets/album/album_viewer_editable_title.dart
@@ -36,58 +36,62 @@ class AlbumViewerEditableTitle extends HookConsumerWidget {
       [],
     );
 
-    return TextField(
-      onChanged: (value) {
-        if (value.isEmpty) {
-        } else {
-          ref.watch(albumViewerProvider.notifier).setEditTitleText(value);
-        }
-      },
-      focusNode: titleFocusNode,
-      style: context.textTheme.headlineMedium,
-      controller: titleTextEditController,
-      onTap: () {
-        FocusScope.of(context).requestFocus(titleFocusNode);
+    return Material(
+      color: Colors.transparent,
+      child: TextField(
+        onChanged: (value) {
+          if (value.isEmpty) {
+          } else {
+            ref.watch(albumViewerProvider.notifier).setEditTitleText(value);
+          }
+        },
+        focusNode: titleFocusNode,
+        style: context.textTheme.headlineMedium,
+        controller: titleTextEditController,
+        onTap: () {
+          FocusScope.of(context).requestFocus(titleFocusNode);
 
-        ref.watch(albumViewerProvider.notifier).setEditTitleText(album.name);
-        ref.watch(albumViewerProvider.notifier).enableEditAlbum();
+          ref.watch(albumViewerProvider.notifier).setEditTitleText(album.name);
+          ref.watch(albumViewerProvider.notifier).enableEditAlbum();
 
-        if (titleTextEditController.text == 'Untitled') {
-          titleTextEditController.clear();
-        }
-      },
-      decoration: InputDecoration(
-        contentPadding: const EdgeInsets.symmetric(horizontal: 8, vertical: 8),
-        suffixIcon: titleFocusNode.hasFocus
-            ? IconButton(
-                onPressed: () {
-                  titleTextEditController.clear();
-                },
-                icon: Icon(
-                  Icons.cancel_rounded,
-                  color: context.primaryColor,
-                ),
-                splashRadius: 10,
-              )
-            : null,
-        enabledBorder: OutlineInputBorder(
-          borderSide: const BorderSide(color: Colors.transparent),
-          borderRadius: BorderRadius.circular(10),
-        ),
-        focusedBorder: OutlineInputBorder(
-          borderSide: const BorderSide(color: Colors.transparent),
-          borderRadius: BorderRadius.circular(10),
-        ),
-        focusColor: Colors.grey[300],
-        fillColor: context.isDarkTheme
-            ? const Color.fromARGB(255, 32, 33, 35)
-            : Colors.grey[200],
-        filled: titleFocusNode.hasFocus,
-        hintText: 'share_add_title'.tr(),
-        hintStyle: TextStyle(
-          fontSize: 28,
-          color: context.isDarkTheme ? Colors.grey[300] : Colors.grey[700],
-          fontWeight: FontWeight.bold,
+          if (titleTextEditController.text == 'Untitled') {
+            titleTextEditController.clear();
+          }
+        },
+        decoration: InputDecoration(
+          contentPadding:
+              const EdgeInsets.symmetric(horizontal: 8, vertical: 8),
+          suffixIcon: titleFocusNode.hasFocus
+              ? IconButton(
+                  onPressed: () {
+                    titleTextEditController.clear();
+                  },
+                  icon: Icon(
+                    Icons.cancel_rounded,
+                    color: context.primaryColor,
+                  ),
+                  splashRadius: 10,
+                )
+              : null,
+          enabledBorder: OutlineInputBorder(
+            borderSide: const BorderSide(color: Colors.transparent),
+            borderRadius: BorderRadius.circular(10),
+          ),
+          focusedBorder: OutlineInputBorder(
+            borderSide: const BorderSide(color: Colors.transparent),
+            borderRadius: BorderRadius.circular(10),
+          ),
+          focusColor: Colors.grey[300],
+          fillColor: context.isDarkTheme
+              ? const Color.fromARGB(255, 32, 33, 35)
+              : Colors.grey[200],
+          filled: titleFocusNode.hasFocus,
+          hintText: 'share_add_title'.tr(),
+          hintStyle: TextStyle(
+            fontSize: 28,
+            color: context.isDarkTheme ? Colors.grey[300] : Colors.grey[700],
+            fontWeight: FontWeight.bold,
+          ),
         ),
       ),
     );
diff --git a/mobile/lib/widgets/asset_grid/immich_asset_grid_view.dart b/mobile/lib/widgets/asset_grid/immich_asset_grid_view.dart
index 40c6c52914..61104d282d 100644
--- a/mobile/lib/widgets/asset_grid/immich_asset_grid_view.dart
+++ b/mobile/lib/widgets/asset_grid/immich_asset_grid_view.dart
@@ -238,8 +238,10 @@ class ImmichAssetGridViewState extends ConsumerState<ImmichAssetGridView> {
     }
 
     bool appBarOffset() {
-      return ref.watch(tabProvider).index == 0 &&
-          ModalRoute.of(context)?.settings.name == TabControllerRoute.name;
+      return (ref.watch(tabProvider).index == 0 &&
+              ModalRoute.of(context)?.settings.name ==
+                  TabControllerRoute.name) ||
+          (ModalRoute.of(context)?.settings.name == AlbumViewerRoute.name);
     }
 
     final listWidget = ScrollablePositionedList.builder(

From 6879bcb7a475a84187826715d23cb7a4df44206a Mon Sep 17 00:00:00 2001
From: Alex <alex.tran1502@gmail.com>
Date: Mon, 27 May 2024 07:51:41 +0700
Subject: [PATCH 06/14] chore(server): duplication default settings (#9781)

---
 server/src/config.ts                                          | 4 ++--
 server/src/services/duplicate.service.spec.ts                 | 4 ++--
 server/src/services/server-info.service.spec.ts               | 2 +-
 server/src/services/system-config.service.spec.ts             | 4 ++--
 .../machine-learning-settings.svelte                          | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/server/src/config.ts b/server/src/config.ts
index 0f8a645005..4d1704c47f 100644
--- a/server/src/config.ts
+++ b/server/src/config.ts
@@ -256,8 +256,8 @@ export const defaults = Object.freeze<SystemConfig>({
       modelName: 'ViT-B-32__openai',
     },
     duplicateDetection: {
-      enabled: false,
-      maxDistance: 0.03,
+      enabled: true,
+      maxDistance: 0.0155,
     },
     facialRecognition: {
       enabled: true,
diff --git a/server/src/services/duplicate.service.spec.ts b/server/src/services/duplicate.service.spec.ts
index 79374ea7ae..cbde4ea777 100644
--- a/server/src/services/duplicate.service.spec.ts
+++ b/server/src/services/duplicate.service.spec.ts
@@ -214,7 +214,7 @@ describe(SearchService.name, () => {
       expect(searchMock.searchDuplicates).toHaveBeenCalledWith({
         assetId: assetStub.hasEmbedding.id,
         embedding: assetStub.hasEmbedding.smartSearch!.embedding,
-        maxDistance: 0.03,
+        maxDistance: 0.0155,
         type: assetStub.hasEmbedding.type,
         userIds: [assetStub.hasEmbedding.ownerId],
       });
@@ -240,7 +240,7 @@ describe(SearchService.name, () => {
       expect(searchMock.searchDuplicates).toHaveBeenCalledWith({
         assetId: assetStub.hasEmbedding.id,
         embedding: assetStub.hasEmbedding.smartSearch!.embedding,
-        maxDistance: 0.03,
+        maxDistance: 0.0155,
         type: assetStub.hasEmbedding.type,
         userIds: [assetStub.hasEmbedding.ownerId],
       });
diff --git a/server/src/services/server-info.service.spec.ts b/server/src/services/server-info.service.spec.ts
index 57beb165db..90d70b21ff 100644
--- a/server/src/services/server-info.service.spec.ts
+++ b/server/src/services/server-info.service.spec.ts
@@ -149,7 +149,7 @@ describe(ServerInfoService.name, () => {
     it('should respond the server features', async () => {
       await expect(sut.getFeatures()).resolves.toEqual({
         smartSearch: true,
-        duplicateDetection: false,
+        duplicateDetection: true,
         facialRecognition: true,
         map: true,
         reverseGeocoding: true,
diff --git a/server/src/services/system-config.service.spec.ts b/server/src/services/system-config.service.spec.ts
index 878916b0d2..281090cb3f 100644
--- a/server/src/services/system-config.service.spec.ts
+++ b/server/src/services/system-config.service.spec.ts
@@ -81,8 +81,8 @@ const updatedConfig = Object.freeze<SystemConfig>({
       modelName: 'ViT-B-32__openai',
     },
     duplicateDetection: {
-      enabled: false,
-      maxDistance: 0.03,
+      enabled: true,
+      maxDistance: 0.0155,
     },
     facialRecognition: {
       enabled: true,
diff --git a/web/src/lib/components/admin-page/settings/machine-learning-settings/machine-learning-settings.svelte b/web/src/lib/components/admin-page/settings/machine-learning-settings/machine-learning-settings.svelte
index cb6c2b480b..b570681774 100644
--- a/web/src/lib/components/admin-page/settings/machine-learning-settings/machine-learning-settings.svelte
+++ b/web/src/lib/components/admin-page/settings/machine-learning-settings/machine-learning-settings.svelte
@@ -102,7 +102,7 @@
             min={0.001}
             max={0.1}
             desc="Maximum distance between two images to consider them duplicates, ranging from 0.001-0.1. Higher values will detect more duplicates, but may result in false positives."
-            disabled={disabled || $featureFlags.duplicateDetection}
+            disabled={disabled || !$featureFlags.duplicateDetection}
             isEdited={config.machineLearning.duplicateDetection.maxDistance !==
               savedConfig.machineLearning.duplicateDetection.maxDistance}
           />

From fc5615eff67015d9619979871e428184b3124963 Mon Sep 17 00:00:00 2001
From: Michel Heusschen <59014050+michelheusschen@users.noreply.github.com>
Date: Mon, 27 May 2024 09:01:33 +0200
Subject: [PATCH 07/14] fix(web): memories year missing (#9787)

---
 web/src/lib/utils.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/lib/utils.ts b/web/src/lib/utils.ts
index 358f4467d4..d2aa26b35c 100644
--- a/web/src/lib/utils.ts
+++ b/web/src/lib/utils.ts
@@ -291,4 +291,4 @@ export const handlePromiseError = <T>(promise: Promise<T>): void => {
 
 export const s = (count: number) => (count === 1 ? '' : 's');
 
-export const memoryLaneTitle = (yearsAgo: number) => `year${s(yearsAgo)} ago`;
+export const memoryLaneTitle = (yearsAgo: number) => `${yearsAgo} year${s(yearsAgo)} ago`;

From 38f4a02a14371f891a25192b89c6e5dbb2b77945 Mon Sep 17 00:00:00 2001
From: Michel Heusschen <59014050+michelheusschen@users.noreply.github.com>
Date: Mon, 27 May 2024 09:06:15 +0200
Subject: [PATCH 08/14] fix(web): require button type (#9786)

---
 web/.eslintrc.cjs                             |  1 +
 .../admin-page/jobs/job-tile-button.svelte    |  1 +
 .../album-page/album-card-group.svelte        |  1 +
 .../album-page/album-options.svelte           |  2 +-
 .../album-page/albums-table-header.svelte     |  1 +
 .../components/album-page/albums-table.svelte |  1 +
 .../album-page/share-info-modal.svelte        |  1 +
 .../album-page/user-selection-modal.svelte    | 14 ++++++----
 .../asset-viewer/activity-status.svelte       |  4 +--
 .../asset-viewer/activity-viewer.svelte       |  2 ++
 .../asset-viewer/album-list-item.svelte       |  1 +
 .../asset-viewer/navigation-area.svelte       | 18 ++++++-------
 .../assets/thumbnail/thumbnail.svelte         |  1 +
 .../lib/components/elements/dropdown.svelte   |  1 +
 .../lib/components/elements/group-tab.svelte  |  1 +
 .../faces-page/assign-face-side-panel.svelte  |  2 +-
 .../faces-page/face-thumbnail.svelte          |  1 +
 .../faces-page/merge-suggestion-modal.svelte  |  5 ++--
 .../faces-page/person-side-panel.svelte       |  1 +
 .../memory-page/memory-viewer.svelte          | 27 ++++++++++++++-----
 .../onboarding-page/onboarding-theme.svelte   |  2 ++
 .../components/photos-page/memory-lane.svelte |  9 ++++---
 .../album-selection-modal.svelte              |  1 +
 .../shared-components/change-location.svelte  |  3 ++-
 .../context-menu/menu-option.svelte           |  1 +
 .../shared-components/dropdown-button.svelte  |  2 ++
 .../navigation-bar/account-info-panel.svelte  |  1 +
 .../navigation-bar/avatar-selector.svelte     |  2 +-
 .../navigation-bar/navigation-bar.svelte      |  1 +
 .../notification/notification-card.svelte     |  1 +
 .../settings/setting-accordion.svelte         | 12 ++++++---
 .../settings/setting-buttons-row.svelte       |  1 +
 .../upload-asset-preview.svelte               |  3 ++-
 .../shared-components/upload-panel.svelte     |  3 +++
 .../partner-selection-modal.svelte            |  1 +
 .../duplicates-compare-control.svelte         |  2 +-
 .../utilities-page/utilities-menu.svelte      | 20 +++++++-------
 .../[[assetId=id]]/+page.svelte               |  6 +++--
 web/src/routes/(user)/people/+page.svelte     |  1 +
 .../[[assetId=id]]/+page.svelte               |  2 ++
 web/src/routes/+error.svelte                  | 12 ++++-----
 41 files changed, 113 insertions(+), 59 deletions(-)

diff --git a/web/.eslintrc.cjs b/web/.eslintrc.cjs
index e29c4a9b48..de0a64bd37 100644
--- a/web/.eslintrc.cjs
+++ b/web/.eslintrc.cjs
@@ -51,6 +51,7 @@ module.exports = {
     'unicorn/consistent-function-scoping': 'off',
     'unicorn/prefer-top-level-await': 'off',
     'unicorn/import-style': 'off',
+    'svelte/button-has-type': 'error',
     // TODO: set recommended-type-checked and remove these rules
     '@typescript-eslint/await-thenable': 'error',
     '@typescript-eslint/no-floating-promises': 'error',
diff --git a/web/src/lib/components/admin-page/jobs/job-tile-button.svelte b/web/src/lib/components/admin-page/jobs/job-tile-button.svelte
index 709ed60924..0aa90ed4d8 100644
--- a/web/src/lib/components/admin-page/jobs/job-tile-button.svelte
+++ b/web/src/lib/components/admin-page/jobs/job-tile-button.svelte
@@ -17,6 +17,7 @@
 </script>
 
 <button
+  type="button"
   {disabled}
   class="flex h-full w-full flex-col place-content-center place-items-center gap-2 px-8 py-2 text-xs text-gray-600 transition-colors dark:text-gray-200 {colorClasses[
     color
diff --git a/web/src/lib/components/album-page/album-card-group.svelte b/web/src/lib/components/album-page/album-card-group.svelte
index 99347b3a02..d70965c9f6 100644
--- a/web/src/lib/components/album-page/album-card-group.svelte
+++ b/web/src/lib/components/album-page/album-card-group.svelte
@@ -30,6 +30,7 @@
 {#if group}
   <div class="grid">
     <button
+      type="button"
       on:click={() => toggleAlbumGroupCollapsing(group.id)}
       class="w-fit mt-2 pt-2 pr-2 mb-2 dark:text-immich-dark-fg"
       aria-expanded={!isCollapsed}
diff --git a/web/src/lib/components/album-page/album-options.svelte b/web/src/lib/components/album-page/album-options.svelte
index 0b91dbb027..ead7f6e5e9 100644
--- a/web/src/lib/components/album-page/album-options.svelte
+++ b/web/src/lib/components/album-page/album-options.svelte
@@ -75,7 +75,7 @@
     <div class="py-2">
       <div class="text-gray text-sm mb-3">PEOPLE</div>
       <div class="p-2">
-        <button class="flex items-center gap-2" on:click={() => dispatch('showSelectSharedUser')}>
+        <button type="button" class="flex items-center gap-2" on:click={() => dispatch('showSelectSharedUser')}>
           <div class="rounded-full w-10 h-10 border border-gray-500 flex items-center justify-center">
             <div><Icon path={mdiPlus} size="25" /></div>
           </div>
diff --git a/web/src/lib/components/album-page/albums-table-header.svelte b/web/src/lib/components/album-page/albums-table-header.svelte
index d01d34ec72..527b1822e0 100644
--- a/web/src/lib/components/album-page/albums-table-header.svelte
+++ b/web/src/lib/components/album-page/albums-table-header.svelte
@@ -16,6 +16,7 @@
 
 <th class="text-sm font-medium {option.columnStyle}">
   <button
+    type="button"
     class="rounded-lg p-2 hover:bg-immich-dark-primary hover:dark:bg-immich-dark-primary/50"
     on:click={handleSort}
   >
diff --git a/web/src/lib/components/album-page/albums-table.svelte b/web/src/lib/components/album-page/albums-table.svelte
index 1af4d7629d..0c33584eb1 100644
--- a/web/src/lib/components/album-page/albums-table.svelte
+++ b/web/src/lib/components/album-page/albums-table.svelte
@@ -41,6 +41,7 @@
       {@const isCollapsed = isAlbumGroupCollapsed($albumViewSettings, albumGroup.id)}
       {@const iconRotation = isCollapsed ? 'rotate-0' : 'rotate-90'}
       <button
+        type="button"
         on:click={() => toggleAlbumGroupCollapsing(albumGroup.id)}
         class="flex w-full mt-4 rounded-md"
         aria-expanded={!isCollapsed}
diff --git a/web/src/lib/components/album-page/share-info-modal.svelte b/web/src/lib/components/album-page/share-info-modal.svelte
index b8cee9c341..790d4c1bc5 100644
--- a/web/src/lib/components/album-page/share-info-modal.svelte
+++ b/web/src/lib/components/album-page/share-info-modal.svelte
@@ -141,6 +141,7 @@
               </div>
             {:else if user.id == currentUser?.id}
               <button
+                type="button"
                 on:click={() => (selectedRemoveUser = user)}
                 class="text-sm font-medium text-immich-primary transition-colors hover:text-immich-primary/75 dark:text-immich-dark-primary"
                 >Leave</button
diff --git a/web/src/lib/components/album-page/user-selection-modal.svelte b/web/src/lib/components/album-page/user-selection-modal.svelte
index f436c01c0e..291f5c112e 100644
--- a/web/src/lib/components/album-page/user-selection-modal.svelte
+++ b/web/src/lib/components/album-page/user-selection-modal.svelte
@@ -1,5 +1,4 @@
 <script lang="ts">
-  import { goto } from '$app/navigation';
   import Dropdown from '$lib/components/elements/dropdown.svelte';
   import Icon from '$lib/components/elements/icon.svelte';
   import FullScreenModal from '$lib/components/shared-components/full-screen-modal.svelte';
@@ -122,7 +121,11 @@
         {#each users as user}
           {#if !Object.keys(selectedUsers).includes(user.id)}
             <div class="flex place-items-center transition-all hover:bg-gray-200 dark:hover:bg-gray-700 rounded-xl">
-              <button on:click={() => handleToggle(user)} class="flex w-full place-items-center gap-4 p-4">
+              <button
+                type="button"
+                on:click={() => handleToggle(user)}
+                class="flex w-full place-items-center gap-4 p-4"
+              >
                 <UserAvatar {user} size="md" />
                 <div class="text-left flex-grow">
                   <p class="text-immich-fg dark:text-immich-dark-fg">
@@ -160,6 +163,7 @@
 
   <div id="shared-buttons" class="mt-4 flex place-content-center place-items-center justify-around">
     <button
+      type="button"
       class="flex flex-col place-content-center place-items-center gap-2 hover:cursor-pointer"
       on:click={() => dispatch('share')}
     >
@@ -168,13 +172,13 @@
     </button>
 
     {#if sharedLinks.length}
-      <button
+      <a
+        href={AppRoute.SHARED_LINKS}
         class="flex flex-col place-content-center place-items-center gap-2 hover:cursor-pointer"
-        on:click={() => goto(AppRoute.SHARED_LINKS)}
       >
         <Icon path={mdiShareCircle} size={24} />
         <p class="text-sm">View links</p>
-      </button>
+      </a>
     {/if}
   </div>
 </FullScreenModal>
diff --git a/web/src/lib/components/asset-viewer/activity-status.svelte b/web/src/lib/components/asset-viewer/activity-status.svelte
index 9a561eb6c3..099ba40a0f 100644
--- a/web/src/lib/components/asset-viewer/activity-status.svelte
+++ b/web/src/lib/components/asset-viewer/activity-status.svelte
@@ -18,12 +18,12 @@
 <div
   class="w-full h-14 flex p-4 text-white items-center justify-center rounded-full gap-4 bg-immich-dark-bg bg-opacity-60"
 >
-  <button class={disabled ? 'cursor-not-allowed' : ''} on:click={() => dispatch('favorite')} {disabled}>
+  <button type="button" class={disabled ? 'cursor-not-allowed' : ''} on:click={() => dispatch('favorite')} {disabled}>
     <div class="items-center justify-center">
       <Icon path={isLiked ? mdiHeart : mdiHeartOutline} size={24} />
     </div>
   </button>
-  <button on:click={() => dispatch('openActivityTab')}>
+  <button type="button" on:click={() => dispatch('openActivityTab')}>
     <div class="flex gap-2 items-center justify-center">
       <Icon path={mdiCommentOutline} class="scale-x-[-1]" size={24} />
       {#if numberOfComments}
diff --git a/web/src/lib/components/asset-viewer/activity-viewer.svelte b/web/src/lib/components/asset-viewer/activity-viewer.svelte
index 670311dd16..7cf0989797 100644
--- a/web/src/lib/components/asset-viewer/activity-viewer.svelte
+++ b/web/src/lib/components/asset-viewer/activity-viewer.svelte
@@ -200,6 +200,7 @@
               <div>
                 {#if showDeleteReaction[index]}
                   <button
+                    type="button"
                     class="absolute right-6 rounded-xl items-center bg-gray-300 dark:bg-slate-100 py-3 px-6 text-left text-sm font-medium text-immich-fg hover:bg-red-300 focus:outline-none focus:ring-2 focus:ring-inset dark:text-immich-dark-bg dark:hover:bg-red-100 transition-colors"
                     use:clickOutside
                     on:outclick={() => (showDeleteReaction[index] = false)}
@@ -252,6 +253,7 @@
                 <div>
                   {#if showDeleteReaction[index]}
                     <button
+                      type="button"
                       class="absolute right-6 rounded-xl items-center bg-gray-300 dark:bg-slate-100 py-3 px-6 text-left text-sm font-medium text-immich-fg hover:bg-red-300 focus:outline-none focus:ring-2 focus:ring-inset dark:text-immich-dark-bg dark:hover:bg-red-100 transition-colors"
                       use:clickOutside
                       on:outclick={() => (showDeleteReaction[index] = false)}
diff --git a/web/src/lib/components/asset-viewer/album-list-item.svelte b/web/src/lib/components/asset-viewer/album-list-item.svelte
index 0cde7c8465..405d306be6 100644
--- a/web/src/lib/components/asset-viewer/album-list-item.svelte
+++ b/web/src/lib/components/asset-viewer/album-list-item.svelte
@@ -28,6 +28,7 @@
 </script>
 
 <button
+  type="button"
   on:click={() => dispatch('album')}
   class="flex w-full gap-4 px-6 py-2 text-left transition-colors hover:bg-gray-200 dark:hover:bg-gray-700 rounded-xl"
 >
diff --git a/web/src/lib/components/asset-viewer/navigation-area.svelte b/web/src/lib/components/asset-viewer/navigation-area.svelte
index 801d203643..e69d93b6b6 100644
--- a/web/src/lib/components/asset-viewer/navigation-area.svelte
+++ b/web/src/lib/components/asset-viewer/navigation-area.svelte
@@ -3,13 +3,11 @@
   export let label: string;
 </script>
 
-<!-- svelte-ignore a11y-no-static-element-interactions -->
-<!-- svelte-ignore a11y-click-events-have-key-events -->
-<div class="my-auto group hover:cursor-pointer" on:click={onClick}>
-  <button
-    class="mx-4 rounded-full p-3 text-gray-500 transition group-hover:bg-gray-500 group-hover:text-white"
-    aria-label={label}
-  >
-    <slot />
-  </button>
-</div>
+<button
+  type="button"
+  class="my-auto mx-4 rounded-full p-3 text-gray-500 transition hover:bg-gray-500 hover:text-white"
+  aria-label={label}
+  on:click={onClick}
+>
+  <slot />
+</button>
diff --git a/web/src/lib/components/assets/thumbnail/thumbnail.svelte b/web/src/lib/components/assets/thumbnail/thumbnail.svelte
index 1ee4463756..308137eae7 100644
--- a/web/src/lib/components/assets/thumbnail/thumbnail.svelte
+++ b/web/src/lib/components/assets/thumbnail/thumbnail.svelte
@@ -106,6 +106,7 @@
         <!-- Select asset button  -->
         {#if !readonly && (mouseOver || selected || selectionCandidate)}
           <button
+            type="button"
             on:click={onIconClickedHandler}
             class="absolute p-2 focus:outline-none"
             class:cursor-not-allowed={disabled}
diff --git a/web/src/lib/components/elements/dropdown.svelte b/web/src/lib/components/elements/dropdown.svelte
index 423049930f..19c727ee6a 100644
--- a/web/src/lib/components/elements/dropdown.svelte
+++ b/web/src/lib/components/elements/dropdown.svelte
@@ -93,6 +93,7 @@
         {@const renderedOption = renderOption(option)}
         {@const buttonStyle = renderedOption.disabled ? '' : 'transition-all hover:bg-gray-300 dark:hover:bg-gray-800'}
         <button
+          type="button"
           class="grid grid-cols-[36px,1fr] place-items-center p-2 disabled:opacity-40 {buttonStyle}"
           disabled={renderedOption.disabled}
           on:click={() => !renderedOption.disabled && handleSelectOption(option)}
diff --git a/web/src/lib/components/elements/group-tab.svelte b/web/src/lib/components/elements/group-tab.svelte
index 8ed38c8c6f..c2bc835295 100644
--- a/web/src/lib/components/elements/group-tab.svelte
+++ b/web/src/lib/components/elements/group-tab.svelte
@@ -7,6 +7,7 @@
 <div class="flex bg-gray-200 dark:bg-immich-dark-gray rounded-2xl h-full">
   {#each filters as filter, index}
     <button
+      type="button"
       class="text-sm px-4 {filter === selected
         ? 'dark:bg-gray-700 bg-gray-300'
         : 'dark:hover:bg-gray-800 hover:bg-gray-300'}  {index === 0 ? 'rounded-l-2xl' : ''} {index ===
diff --git a/web/src/lib/components/faces-page/assign-face-side-panel.svelte b/web/src/lib/components/faces-page/assign-face-side-panel.svelte
index b47810028e..8a818a9233 100644
--- a/web/src/lib/components/faces-page/assign-face-side-panel.svelte
+++ b/web/src/lib/components/faces-page/assign-face-side-panel.svelte
@@ -162,7 +162,7 @@
       {#each showPeople as person (person.id)}
         {#if person.id !== editedPerson.id}
           <div class="w-fit">
-            <button class="w-[90px]" on:click={() => dispatch('reassign', person)}>
+            <button type="button" class="w-[90px]" on:click={() => dispatch('reassign', person)}>
               <div class="relative">
                 <ImageThumbnail
                   curve
diff --git a/web/src/lib/components/faces-page/face-thumbnail.svelte b/web/src/lib/components/faces-page/face-thumbnail.svelte
index e1c6ab154e..bb17ca5795 100644
--- a/web/src/lib/components/faces-page/face-thumbnail.svelte
+++ b/web/src/lib/components/faces-page/face-thumbnail.svelte
@@ -21,6 +21,7 @@
 </script>
 
 <button
+  type="button"
   class="relative rounded-lg transition-all"
   on:click={handleOnClicked}
   disabled={!selectable}
diff --git a/web/src/lib/components/faces-page/merge-suggestion-modal.svelte b/web/src/lib/components/faces-page/merge-suggestion-modal.svelte
index 65f5b04e1f..e29e49711a 100644
--- a/web/src/lib/components/faces-page/merge-suggestion-modal.svelte
+++ b/web/src/lib/components/faces-page/merge-suggestion-modal.svelte
@@ -51,6 +51,7 @@
       </div>
 
       <button
+        type="button"
         disabled={potentialMergePeople.length === 0}
         class="flex h-28 w-28 items-center rounded-full border-2 border-immich-primary px-1 dark:border-immich-dark-primary md:h-32 md:w-32 md:px-2"
         on:click={() => {
@@ -71,13 +72,13 @@
     {:else}
       <div class="grid w-full grid-cols-1 gap-2">
         <div class="px-2">
-          <button on:click={() => (choosePersonToMerge = false)}> <Icon path={mdiArrowLeft} /></button>
+          <button type="button" on:click={() => (choosePersonToMerge = false)}> <Icon path={mdiArrowLeft} /></button>
         </div>
         <div class="flex items-center justify-center">
           <div class="flex flex-wrap justify-center md:grid md:grid-cols-{potentialMergePeople.length}">
             {#each potentialMergePeople as person (person.id)}
               <div class="h-24 w-24 md:h-28 md:w-28">
-                <button class="p-2 w-full" on:click={() => changePersonToMerge(person)}>
+                <button type="button" class="p-2 w-full" on:click={() => changePersonToMerge(person)}>
                   <ImageThumbnail
                     border={true}
                     circle
diff --git a/web/src/lib/components/faces-page/person-side-panel.svelte b/web/src/lib/components/faces-page/person-side-panel.svelte
index 9e2148d93c..d77a34803f 100644
--- a/web/src/lib/components/faces-page/person-side-panel.svelte
+++ b/web/src/lib/components/faces-page/person-side-panel.svelte
@@ -189,6 +189,7 @@
     </div>
     {#if !isShowLoadingDone}
       <button
+        type="button"
         class="justify-self-end rounded-lg p-2 hover:bg-immich-dark-primary hover:dark:bg-immich-dark-primary/50"
         on:click={() => handleEditFaces()}
       >
diff --git a/web/src/lib/components/memory-page/memory-viewer.svelte b/web/src/lib/components/memory-page/memory-viewer.svelte
index 0b35ccc93c..d863b6c273 100644
--- a/web/src/lib/components/memory-page/memory-viewer.svelte
+++ b/web/src/lib/components/memory-page/memory-viewer.svelte
@@ -182,10 +182,9 @@
           />
 
           {#each currentMemory.assets as _, index}
-            <button
+            <a
               class="relative w-full py-2"
-              on:click={() =>
-                goto(`?${QueryParameter.MEMORY_INDEX}=${memoryIndex}&${QueryParameter.ASSET_INDEX}=${index}`)}
+              href="?{QueryParameter.MEMORY_INDEX}={memoryIndex}&{QueryParameter.ASSET_INDEX}={index}"
             >
               <span class="absolute left-0 h-[2px] w-full bg-gray-500" />
               {#await resetPromise}
@@ -196,7 +195,7 @@
                   style:width={`${index < assetIndex ? 100 : index > assetIndex ? 0 : $progress * 100}%`}
                 />
               {/await}
-            </button>
+            </a>
           {/each}
 
           <div>
@@ -214,7 +213,11 @@
         class:opacity-0={!galleryInView}
         class:opacity-100={galleryInView}
       >
-        <button on:click={() => memoryWrapper.scrollIntoView({ behavior: 'smooth' })} disabled={!galleryInView}>
+        <button
+          type="button"
+          on:click={() => memoryWrapper.scrollIntoView({ behavior: 'smooth' })}
+          disabled={!galleryInView}
+        >
           <CircleIconButton title="Hide gallery" icon={mdiChevronUp} color="light" />
         </button>
       </div>
@@ -231,7 +234,12 @@
           class:opacity-0={!previousMemory}
           class:hover:opacity-70={previousMemory}
         >
-          <button class="relative h-full w-full rounded-2xl" disabled={!previousMemory} on:click={toPreviousMemory}>
+          <button
+            type="button"
+            class="relative h-full w-full rounded-2xl"
+            disabled={!previousMemory}
+            on:click={toPreviousMemory}
+          >
             {#if previousMemory}
               <img
                 class="h-full w-full rounded-2xl object-cover"
@@ -304,7 +312,12 @@
           class:opacity-0={!nextMemory}
           class:hover:opacity-70={nextMemory}
         >
-          <button class="relative h-full w-full rounded-2xl" on:click={toNextMemory} disabled={!nextMemory}>
+          <button
+            type="button"
+            class="relative h-full w-full rounded-2xl"
+            on:click={toNextMemory}
+            disabled={!nextMemory}
+          >
             {#if nextMemory}
               <img
                 class="h-full w-full rounded-2xl object-cover"
diff --git a/web/src/lib/components/onboarding-page/onboarding-theme.svelte b/web/src/lib/components/onboarding-page/onboarding-theme.svelte
index 9a801a7be7..82cc75bb89 100644
--- a/web/src/lib/components/onboarding-page/onboarding-theme.svelte
+++ b/web/src/lib/components/onboarding-page/onboarding-theme.svelte
@@ -23,6 +23,7 @@
 
   <div class="flex gap-4 mb-6">
     <button
+      type="button"
       class="w-1/2 aspect-square bg-immich-bg rounded-3xl transition-all shadow-sm hover:shadow-xl border-[3px] border-immich-dark-primary/80 border-immich-primary dark:border dark:border-transparent"
       on:click={() => ($colorTheme.value = Theme.LIGHT)}
     >
@@ -34,6 +35,7 @@
       </div>
     </button>
     <button
+      type="button"
       class="w-1/2 aspect-square bg-immich-dark-bg rounded-3xl dark:border-[3px] dark:border-immich-dark-primary/80 dark:border-immich-dark-primary border border-transparent"
       on:click={() => ($colorTheme.value = Theme.DARK)}
     >
diff --git a/web/src/lib/components/photos-page/memory-lane.svelte b/web/src/lib/components/photos-page/memory-lane.svelte
index 0d89a6747d..d1bbe19b96 100644
--- a/web/src/lib/components/photos-page/memory-lane.svelte
+++ b/web/src/lib/components/photos-page/memory-lane.svelte
@@ -1,5 +1,4 @@
 <script lang="ts">
-  import { goto } from '$app/navigation';
   import Icon from '$lib/components/elements/icon.svelte';
   import { AppRoute, QueryParameter } from '$lib/constants';
   import { memoryStore } from '$lib/stores/memory.store';
@@ -46,6 +45,7 @@
         {#if canScrollLeft}
           <div class="absolute left-4 top-[6rem] z-20" transition:fade={{ duration: 200 }}>
             <button
+              type="button"
               class="rounded-full border border-gray-500 bg-gray-100 p-2 text-gray-500 opacity-50 hover:opacity-100"
               on:click={scrollLeft}
             >
@@ -56,6 +56,7 @@
         {#if canScrollRight}
           <div class="absolute right-4 top-[6rem] z-20" transition:fade={{ duration: 200 }}>
             <button
+              type="button"
               class="rounded-full border border-gray-500 bg-gray-100 p-2 text-gray-500 opacity-50 hover:opacity-100"
               on:click={scrollRight}
             >
@@ -68,9 +69,9 @@
     <div class="inline-block" bind:offsetWidth={innerWidth}>
       {#each $memoryStore as memory, index (memory.yearsAgo)}
         {#if memory.assets.length > 0}
-          <button
+          <a
             class="memory-card relative mr-8 inline-block aspect-video h-[215px] rounded-xl"
-            on:click={() => goto(`${AppRoute.MEMORY}?${QueryParameter.MEMORY_INDEX}=${index}`)}
+            href="{AppRoute.MEMORY}?{QueryParameter.MEMORY_INDEX}={index}"
           >
             <img
               class="h-full w-full rounded-xl object-cover"
@@ -84,7 +85,7 @@
             <div
               class="absolute left-0 top-0 z-0 h-full w-full rounded-xl bg-gradient-to-t from-black/40 via-transparent to-transparent transition-all hover:bg-black/20"
             />
-          </button>
+          </a>
         {/if}
       {/each}
     </div>
diff --git a/web/src/lib/components/shared-components/album-selection-modal.svelte b/web/src/lib/components/shared-components/album-selection-modal.svelte
index d1d9713949..97b4959835 100644
--- a/web/src/lib/components/shared-components/album-selection-modal.svelte
+++ b/web/src/lib/components/shared-components/album-selection-modal.svelte
@@ -77,6 +77,7 @@
       />
       <div class="immich-scrollbar overflow-y-auto">
         <button
+          type="button"
           on:click={handleNew}
           class="flex w-full items-center gap-4 px-6 py-2 transition-colors hover:bg-gray-200 dark:hover:bg-gray-700 rounded-xl"
         >
diff --git a/web/src/lib/components/shared-components/change-location.svelte b/web/src/lib/components/shared-components/change-location.svelte
index 20b2f02841..b5961741b9 100644
--- a/web/src/lib/components/shared-components/change-location.svelte
+++ b/web/src/lib/components/shared-components/change-location.svelte
@@ -117,7 +117,7 @@
       use:clickOutside={{ onOutclick: () => (hideSuggestion = true) }}
       use:listNavigation={suggestionContainer}
     >
-      <button class="w-full" on:click={() => (hideSuggestion = false)}>
+      <button type="button" class="w-full" on:click={() => (hideSuggestion = false)}>
         <SearchBar
           placeholder="Search places"
           bind:name={searchWord}
@@ -133,6 +133,7 @@
         {#if !hideSuggestion}
           {#each suggestedPlaces as place, index}
             <button
+              type="button"
               class=" flex w-full border-t border-gray-400 dark:border-immich-dark-gray h-14 place-items-center bg-gray-200 p-2 dark:bg-gray-700 hover:bg-gray-300 hover:dark:bg-[#232932] focus:bg-gray-300 focus:dark:bg-[#232932] {index ===
               suggestedPlaces.length - 1
                 ? 'rounded-b-lg border-b'
diff --git a/web/src/lib/components/shared-components/context-menu/menu-option.svelte b/web/src/lib/components/shared-components/context-menu/menu-option.svelte
index 28c29c74ad..00795d7808 100644
--- a/web/src/lib/components/shared-components/context-menu/menu-option.svelte
+++ b/web/src/lib/components/shared-components/context-menu/menu-option.svelte
@@ -7,6 +7,7 @@
 </script>
 
 <button
+  type="button"
   on:click
   class="w-full bg-slate-100 p-4 text-left text-sm font-medium text-immich-fg hover:bg-gray-200 focus:outline-none focus:ring-2 focus:ring-inset dark:text-immich-dark-bg"
   role="menuitem"
diff --git a/web/src/lib/components/shared-components/dropdown-button.svelte b/web/src/lib/components/shared-components/dropdown-button.svelte
index a59782f6c8..978fcb862c 100644
--- a/web/src/lib/components/shared-components/dropdown-button.svelte
+++ b/web/src/lib/components/shared-components/dropdown-button.svelte
@@ -22,6 +22,7 @@
 
 <div id="immich-dropdown" class="relative">
   <button
+    type="button"
     {disabled}
     on:click={toggle}
     aria-expanded={isOpen}
@@ -52,6 +53,7 @@
     <div class="absolute mt-2 flex w-full flex-col">
       {#each options.options as option}
         <button
+          type="button"
           on:click={() => {
             selected = option;
             isOpen = false;
diff --git a/web/src/lib/components/shared-components/navigation-bar/account-info-panel.svelte b/web/src/lib/components/shared-components/navigation-bar/account-info-panel.svelte
index 3eab813d3a..8c73ed4d84 100644
--- a/web/src/lib/components/shared-components/navigation-bar/account-info-panel.svelte
+++ b/web/src/lib/components/shared-components/navigation-bar/account-info-panel.svelte
@@ -92,6 +92,7 @@
 
     <div class="mb-4 flex flex-col">
       <button
+        type="button"
         class="flex w-full place-content-center place-items-center gap-2 py-3 font-medium text-gray-500 hover:bg-immich-primary/10 dark:text-gray-300"
         on:click={() => dispatch('logout')}
       >
diff --git a/web/src/lib/components/shared-components/navigation-bar/avatar-selector.svelte b/web/src/lib/components/shared-components/navigation-bar/avatar-selector.svelte
index 0a6c47a338..fda9ec6d50 100644
--- a/web/src/lib/components/shared-components/navigation-bar/avatar-selector.svelte
+++ b/web/src/lib/components/shared-components/navigation-bar/avatar-selector.svelte
@@ -17,7 +17,7 @@
   <div class="flex items-center justify-center mt-4">
     <div class="grid grid-cols-2 md:grid-cols-5 gap-4">
       {#each colors as color}
-        <button on:click={() => dispatch('choose', color)}>
+        <button type="button" on:click={() => dispatch('choose', color)}>
           <UserAvatar label={color} {user} {color} size="xl" showProfileImage={false} />
         </button>
       {/each}
diff --git a/web/src/lib/components/shared-components/navigation-bar/navigation-bar.svelte b/web/src/lib/components/shared-components/navigation-bar/navigation-bar.svelte
index 0c8cafc01e..fc4cc58281 100644
--- a/web/src/lib/components/shared-components/navigation-bar/navigation-bar.svelte
+++ b/web/src/lib/components/shared-components/navigation-bar/navigation-bar.svelte
@@ -119,6 +119,7 @@
           on:escape={() => (shouldShowAccountInfoPanel = false)}
         >
           <button
+            type="button"
             class="flex"
             on:mouseover={() => (shouldShowAccountInfo = true)}
             on:focus={() => (shouldShowAccountInfo = true)}
diff --git a/web/src/lib/components/shared-components/notification/notification-card.svelte b/web/src/lib/components/shared-components/notification/notification-card.svelte
index d98d2f6066..27bd1fdd2c 100644
--- a/web/src/lib/components/shared-components/notification/notification-card.svelte
+++ b/web/src/lib/components/shared-components/notification/notification-card.svelte
@@ -101,6 +101,7 @@
   {#if notification.button}
     <p class="pl-[28px] mt-2.5 text-sm">
       <button
+        type="button"
         class="{buttonStyle[notification.type]} rounded px-3 pt-1.5 pb-1 transition-all duration-200"
         on:click={handleButtonClick}
       >
diff --git a/web/src/lib/components/shared-components/settings/setting-accordion.svelte b/web/src/lib/components/shared-components/settings/setting-accordion.svelte
index be450b3b5b..8d883019cb 100755
--- a/web/src/lib/components/shared-components/settings/setting-accordion.svelte
+++ b/web/src/lib/components/shared-components/settings/setting-accordion.svelte
@@ -27,7 +27,12 @@
 </script>
 
 <div class="border-b-[1px] border-gray-200 py-4 dark:border-gray-700">
-  <button on:click={() => (isOpen = !isOpen)} class="flex w-full place-items-center justify-between text-left">
+  <button
+    type="button"
+    aria-expanded={isOpen}
+    on:click={() => (isOpen = !isOpen)}
+    class="flex w-full place-items-center justify-between text-left"
+  >
     <div>
       <h2 class="font-medium text-immich-primary dark:text-immich-dark-primary">
         {title}
@@ -38,8 +43,7 @@
       </slot>
     </div>
 
-    <button
-      aria-expanded={isOpen}
+    <div
       class="immich-circle-icon-button flex place-content-center place-items-center rounded-full p-3 transition-all hover:bg-immich-primary/10 dark:text-immich-dark-fg hover:dark:bg-immich-dark-primary/20"
     >
       <svg
@@ -55,7 +59,7 @@
       >
         <path d="M19 9l-7 7-7-7" />
       </svg>
-    </button>
+    </div>
   </button>
 
   {#if isOpen}
diff --git a/web/src/lib/components/shared-components/settings/setting-buttons-row.svelte b/web/src/lib/components/shared-components/settings/setting-buttons-row.svelte
index a367832cc1..8199db17b2 100644
--- a/web/src/lib/components/shared-components/settings/setting-buttons-row.svelte
+++ b/web/src/lib/components/shared-components/settings/setting-buttons-row.svelte
@@ -16,6 +16,7 @@
   <div class="left">
     {#if showResetToDefault}
       <button
+        type="button"
         on:click={() => dispatch('reset', { default: true })}
         class="bg-none text-sm font-medium text-immich-primary hover:text-immich-primary/75 dark:text-immich-dark-primary hover:dark:text-immich-dark-primary/75"
       >
diff --git a/web/src/lib/components/shared-components/upload-asset-preview.svelte b/web/src/lib/components/shared-components/upload-asset-preview.svelte
index a517d66abc..025d4f03a6 100644
--- a/web/src/lib/components/shared-components/upload-asset-preview.svelte
+++ b/web/src/lib/components/shared-components/upload-asset-preview.svelte
@@ -84,10 +84,11 @@
     </div>
     {#if uploadAsset.state === UploadState.ERROR}
       <div class="flex h-full flex-col place-content-evenly place-items-center justify-items-center pr-2">
-        <button on:click={() => handleRetry(uploadAsset)} title="Retry upload" class="flex text-sm">
+        <button type="button" on:click={() => handleRetry(uploadAsset)} title="Retry upload" class="flex text-sm">
           <span class="text-immich-dark-gray dark:text-immich-dark-fg"><Icon path={mdiRefresh} size="20" /></span>
         </button>
         <button
+          type="button"
           on:click={() => uploadAssetsStore.removeUploadAsset(uploadAsset.id)}
           title="Dismiss error"
           class="flex text-sm"
diff --git a/web/src/lib/components/shared-components/upload-panel.svelte b/web/src/lib/components/shared-components/upload-panel.svelte
index 7793fd5a1c..3ae5667711 100644
--- a/web/src/lib/components/shared-components/upload-panel.svelte
+++ b/web/src/lib/components/shared-components/upload-panel.svelte
@@ -128,6 +128,7 @@
     {:else}
       <div class="rounded-full">
         <button
+          type="button"
           in:scale={{ duration: 250, easing: quartInOut }}
           on:click={() => (showDetail = true)}
           class="absolute -left-4 -top-4 flex h-10 w-10 place-content-center place-items-center rounded-full bg-immich-primary p-5 text-xs text-gray-200"
@@ -136,6 +137,7 @@
         </button>
         {#if $hasError}
           <button
+            type="button"
             in:scale={{ duration: 250, easing: quartInOut }}
             on:click={() => (showDetail = true)}
             class="absolute -right-4 -top-4 flex h-10 w-10 place-content-center place-items-center rounded-full bg-immich-error p-5 text-xs text-gray-200"
@@ -144,6 +146,7 @@
           </button>
         {/if}
         <button
+          type="button"
           in:scale={{ duration: 250, easing: quartInOut }}
           on:click={() => (showDetail = true)}
           class="flex h-16 w-16 place-content-center place-items-center rounded-full bg-gray-200 p-5 text-sm text-immich-primary shadow-lg dark:bg-gray-600 dark:text-immich-gray"
diff --git a/web/src/lib/components/user-settings-page/partner-selection-modal.svelte b/web/src/lib/components/user-settings-page/partner-selection-modal.svelte
index 499c8523cc..f6b01091a3 100644
--- a/web/src/lib/components/user-settings-page/partner-selection-modal.svelte
+++ b/web/src/lib/components/user-settings-page/partner-selection-modal.svelte
@@ -37,6 +37,7 @@
     {#if availableUsers.length > 0}
       {#each availableUsers as user}
         <button
+          type="button"
           on:click={() => selectUser(user)}
           class="flex w-full place-items-center gap-4 px-5 py-4 transition-all hover:bg-gray-200 dark:hover:bg-gray-700 rounded-xl"
         >
diff --git a/web/src/lib/components/utilities-page/duplicates/duplicates-compare-control.svelte b/web/src/lib/components/utilities-page/duplicates/duplicates-compare-control.svelte
index ffc6e59e69..af31f34b15 100644
--- a/web/src/lib/components/utilities-page/duplicates/duplicates-compare-control.svelte
+++ b/web/src/lib/components/utilities-page/duplicates/duplicates-compare-control.svelte
@@ -53,7 +53,7 @@
       {@const assetData = JSON.stringify(asset, null, 2)}
 
       <div class="relative">
-        <button on:click={() => onSelectAsset(asset)} class="block relative">
+        <button type="button" on:click={() => onSelectAsset(asset)} class="block relative">
           <!-- THUMBNAIL-->
           <img
             src={getAssetThumbnailUrl(asset.id, ThumbnailFormat.Webp)}
diff --git a/web/src/lib/components/utilities-page/utilities-menu.svelte b/web/src/lib/components/utilities-page/utilities-menu.svelte
index 81759fd830..e6e6346321 100644
--- a/web/src/lib/components/utilities-page/utilities-menu.svelte
+++ b/web/src/lib/components/utilities-page/utilities-menu.svelte
@@ -4,15 +4,13 @@
   import { AppRoute } from '$lib/constants';
 </script>
 
-<a href={AppRoute.DUPLICATES}>
-  <div class="border border-gray-300 dark:border-immich-dark-gray rounded-3xl pt-1 pb-6 dark:text-white">
-    <p class="text-xs font-medium p-4">ORGANIZE YOUR LIBRARY</p>
+<div class="border border-gray-300 dark:border-immich-dark-gray rounded-3xl pt-1 pb-6 dark:text-white">
+  <p class="text-xs font-medium p-4">ORGANIZE YOUR LIBRARY</p>
 
-    <button class="w-full hover:bg-gray-100 dark:hover:bg-immich-dark-gray flex gap-4 p-4">
-      <span
-        ><Icon path={mdiContentDuplicate} class="text-immich-primary dark:text-immich-dark-primary" size="24" />
-      </span>
-      Review duplicates
-    </button>
-  </div>
-</a>
+  <a href={AppRoute.DUPLICATES} class="w-full hover:bg-gray-100 dark:hover:bg-immich-dark-gray flex gap-4 p-4">
+    <span
+      ><Icon path={mdiContentDuplicate} class="text-immich-primary dark:text-immich-dark-primary" size="24" />
+    </span>
+    Review duplicates
+  </a>
+</div>
diff --git a/web/src/routes/(user)/albums/[albumId=id]/[[photos=photos]]/[[assetId=id]]/+page.svelte b/web/src/routes/(user)/albums/[albumId=id]/[[photos=photos]]/[[assetId=id]]/+page.svelte
index 32fb7c01ee..cb6bac42b2 100644
--- a/web/src/routes/(user)/albums/[albumId=id]/[[photos=photos]]/[[assetId=id]]/+page.svelte
+++ b/web/src/routes/(user)/albums/[albumId=id]/[[photos=photos]]/[[assetId=id]]/+page.svelte
@@ -510,6 +510,7 @@
 
           <svelte:fragment slot="trailing">
             <button
+              type="button"
               on:click={handleSelectFromComputer}
               class="rounded-lg px-6 py-2 text-sm font-medium text-immich-primary transition-all hover:bg-immich-primary/10 dark:text-immich-dark-primary dark:hover:bg-immich-dark-primary/25"
             >
@@ -577,13 +578,13 @@
                     {/if}
 
                     <!-- owner -->
-                    <button on:click={() => (viewMode = ViewMode.VIEW_USERS)}>
+                    <button type="button" on:click={() => (viewMode = ViewMode.VIEW_USERS)}>
                       <UserAvatar user={album.owner} size="md" />
                     </button>
 
                     <!-- users with write access (collaborators) -->
                     {#each album.albumUsers.filter(({ role }) => role === AlbumUserRole.Editor) as { user } (user.id)}
-                      <button on:click={() => (viewMode = ViewMode.VIEW_USERS)}>
+                      <button type="button" on:click={() => (viewMode = ViewMode.VIEW_USERS)}>
                         <UserAvatar {user} size="md" />
                       </button>
                     {/each}
@@ -620,6 +621,7 @@
                 <div class="w-[300px]">
                   <p class="text-xs dark:text-immich-dark-fg">ADD PHOTOS</p>
                   <button
+                    type="button"
                     on:click={() => (viewMode = ViewMode.SELECT_ASSETS)}
                     class="mt-5 flex w-full place-items-center gap-6 rounded-md border bg-immich-bg px-8 py-8 text-immich-fg transition-all hover:bg-gray-100 hover:text-immich-primary dark:border-none dark:bg-immich-dark-gray dark:text-immich-dark-fg dark:hover:text-immich-dark-primary"
                   >
diff --git a/web/src/routes/(user)/people/+page.svelte b/web/src/routes/(user)/people/+page.svelte
index e1fdb9cacc..64ae4658a3 100644
--- a/web/src/routes/(user)/people/+page.svelte
+++ b/web/src/routes/(user)/people/+page.svelte
@@ -502,6 +502,7 @@
     <div class="w-full grid grid-cols-2 sm:grid-cols-3 lg:grid-cols-5 xl:grid-cols-7 2xl:grid-cols-9 gap-1">
       {#each people as person, index (person.id)}
         <button
+          type="button"
           class="relative"
           on:click={() => (person.isHidden = !person.isHidden)}
           on:mouseenter={() => (eyeColorMap[person.id] = 'black')}
diff --git a/web/src/routes/(user)/people/[personId]/[[photos=photos]]/[[assetId=id]]/+page.svelte b/web/src/routes/(user)/people/[personId]/[[photos=photos]]/[[assetId=id]]/+page.svelte
index cfcc3eeeb7..0fdea06137 100644
--- a/web/src/routes/(user)/people/[personId]/[[photos=photos]]/[[assetId=id]]/+page.svelte
+++ b/web/src/routes/(user)/people/[personId]/[[photos=photos]]/[[assetId=id]]/+page.svelte
@@ -464,6 +464,7 @@
             {:else}
               <div class="relative">
                 <button
+                  type="button"
                   class="flex items-center justify-center"
                   title="Edit name"
                   on:click={() => (isEditingName = true)}
@@ -507,6 +508,7 @@
                 <div bind:this={suggestionContainer}>
                   {#each suggestedPeople as person, index (person.id)}
                     <button
+                      type="button"
                       class="flex w-full border-t border-gray-400 dark:border-immich-dark-gray h-14 place-items-center bg-gray-200 p-2 dark:bg-gray-700 hover:bg-gray-300 hover:dark:bg-[#232932] focus:bg-gray-300 focus:dark:bg-[#232932] {index ===
                       suggestedPeople.length - 1
                         ? 'rounded-b-lg border-b'
diff --git a/web/src/routes/+error.svelte b/web/src/routes/+error.svelte
index a97da5620f..4ec3fd1d7d 100644
--- a/web/src/routes/+error.svelte
+++ b/web/src/routes/+error.svelte
@@ -68,10 +68,10 @@
               rel="noopener noreferrer"
               class="flex grow basis-0 justify-center p-4"
             >
-              <button class="flex flex-col place-content-center place-items-center gap-2">
+              <div class="flex flex-col place-content-center place-items-center gap-2">
                 <Icon path={mdiMessage} size={24} />
                 <p class="text-sm">Get Help</p>
-              </button>
+              </div>
             </a>
 
             <a
@@ -80,10 +80,10 @@
               rel="noopener noreferrer"
               class="flex grow basis-0 justify-center p-4"
             >
-              <button class="flex flex-col place-content-center place-items-center gap-2">
+              <div class="flex flex-col place-content-center place-items-center gap-2">
                 <Icon path={mdiPartyPopper} size={24} />
                 <p class="text-sm">Read Changelog</p>
-              </button>
+              </div>
             </a>
 
             <a
@@ -92,10 +92,10 @@
               rel="noopener noreferrer"
               class="flex grow basis-0 justify-center p-4"
             >
-              <button class="flex flex-col place-content-center place-items-center gap-2">
+              <div class="flex flex-col place-content-center place-items-center gap-2">
                 <Icon path={mdiCodeTags} size={24} />
                 <p class="text-sm">Check Logs</p>
-              </button>
+              </div>
             </a>
           </div>
         </div>

From e3d39837d03c9cd35a882eb98e708c8a595279ae Mon Sep 17 00:00:00 2001
From: aviv926 <51673860+aviv926@users.noreply.github.com>
Date: Mon, 27 May 2024 10:39:59 +0300
Subject: [PATCH 09/14] docs: Add Google OAuth example (#9778)

* Add Google OAuth example

* npm run format:fix

* fix

* PR feedback

* Fix
---
 .../administration/img/google-example.webp    | Bin 0 -> 10990 bytes
 .../img/immich-google-example.webp            | Bin 0 -> 115674 bytes
 docs/docs/administration/oauth.md             |  38 +++++++++++++++++-
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 docs/docs/administration/img/google-example.webp
 create mode 100644 docs/docs/administration/img/immich-google-example.webp

diff --git a/docs/docs/administration/img/google-example.webp b/docs/docs/administration/img/google-example.webp
new file mode 100644
index 0000000000000000000000000000000000000000..742e77cd37d57fab9bb26fb2a86d9e111d3b5607
GIT binary patch
literal 10990
zcmaL6Q*<Rz)8~C++qP}9W3!WVtWL+)iEZ1q(Xq{rZQJIV=UMOf&CJ#8tGe2&>c4-5
zRa;F~O6r&%0ML>YSNW;JOS=9a`?d~{14fSs4g?cUkja*(Dkd)|ntwm7M~Abt`*hK9
z#QTZXHTCjcaUxnUdAjr6T3T0@C$D!cQ2t#jG9e_{^(aJhulc$0b@Fae@$bCn?;FQg
z+FahKu<XapQ{86oP0x_wg@@b2%vrBqx8%3j^T}i04v6F{4TSJqb?VoHa^lzOEA<)p
zZTwmF#qvZ#W>~8~gYW(k_wJkD)A(8TRrWHo-TU}`klO%)_(Un+i36#F8m_@UtKM-w
z>J&i#UKPIVzof71`$!&ku6iGON50L!7(jR+ug{kc<xLdJ-h5CvX!M(7m*g$&Y3D6(
zA2k1Q?DqnizBPQ|0D(F{SJI#X!U(pZ24`%7@=HaeD)dSd$jYhS0Yar=sYXQuqx~$e
zl}k_~W;d{&IMVN8e4x{uu@0J>7;F3J5@-CS5wgrY00uwSO_gAi@W;02jKORDs^8;4
zOnQ0~ym7=-P>c4hQF0P-FcwuAmu>zrEB&`}qHv|+r?0s=PElp5Y4aYX`kn0_vm)ER
zHqzntO|)5t{UN^}IB!bps_18cj+;3{JU7N<4f;CI0j&ppO=rt>xJ6WAHm^v#*;cY1
zj#$o}7JIC~)?IWG(`T6Sg?`?%*T>^ffCL-L#JoI2*h)U%-Rhaz4-qO{c|bZ_xQgxj
z{JL~Vjw`u&Z`@RM;iD7c&i^<Q`{Hd%Iq64|@$1)SY8B5f=p`(@$$1urwes+w4~yC)
zY~N@g;Zk<#6$rhV`xz`sXsiY!Vb0p!r(mJ8`ik`0hIP1iXjc&FL|8EC53wsOYQ``+
zA^RKYYtbz%2|dK&3vHB6*p78?m3JsDnx4nnIgd8kvic1s%-Z0eusy8g*gK^4-jPXd
zg4fT938qkCXj_vwsWSsp0X*bmvAZNb#f@*OKem_P8y~oO|5yoPgLS+8(Tztx%FpKd
z<X2Tvm~U3E&@4_z3#N4@>~`)Le%Kq~Ha%iRn?GHsE^Satc4ag%FvcO`FY^`?j7rT|
zvbY5(@Xx9M2p}Lc`0F11<Fnr|o1%`~DzgEswiYJ6EbVA<?!Xe}OaK=j-2tikPpCBF
z7UdCU!>#Y5YNY>a23>PaM8hIxWUcjW;Znzz6CF17|0#s(dG?}Q^m%@e-tQn0;(1$2
zl^>0Yu6?aYL+p<BpCBOqFEMLwO?RdEQv~U|(#8tjooVnu236n`9l!1r>@^<T-44+B
zFpjkB_1Px}vui}d9S!w-e;+DWMw9)9pQ<K+s}a+hKDzybYIyFTxX&U8GHcmUm*rrE
z4ZoR=zl?hpb(SBpf$8x=g(Cy1g1_bafyq~e>}1u^X{v_&UP<hj(sR+BYs0Mn++vur
zFeTd@6J{qwvIY#*Aa(oe`jOXjo!{)L3;KQj2NcKuf%D*jse{>EV3?o(FYnbHIJcNE
zXRNHL@x0kM`_Aa`PgNlAjr#~cX`lq&*3lOmTK22Ie#E|_o~#8TN2_+tibEc$cBiBc
zKD^ogxvzW2+~1VqfAgm!d1eu+`(FxJq=~LyM`TmKMYtBddMVn<GYH3rO2F^8EGOFu
zo?^BLGdM<Jf1qyL^#9#1>Hf{pxL|Wzu2#3SJ)~F)0#P(9TOYn?D7>`kT~;YJjT(!&
z1{JmWM+Z*HYCNF8ULcO&b3T_7$5vW#Im%^{H27d8&&51TgAzEvwG{co6&;)B!YSg-
z2JlY6_qx<=$fa23|L5ItivH^>ti_y|?bf0oNYZcC0k&ZIIp~$v5c3Ib9woON`$Wl`
zoNvI{H(}JPhb{5Hsn#mVvqpxHMB$bK<<GPAqVWIc?0+~C0RX<w;e~u+`?HApg~@Zh
zH=YymU4(F5o<ckoAMAB>XP-q-DDm@4xX;w4o}4tcw?(-gOBUKP6zW%`DerNJ7j${h
zJJwxPlNRt@_?M#)w@%_t>xXkOollse3f7Q1QM*^Y%!6dZy3+7+U|4{yQ}At`4O>v#
zdgouF>mAI1map~@_h+b5sQiAm_`i8ey!^pTv*Fq0bFi)&C*V}JPTLoRoQ9cG^=l<+
z0yW;G%3}M>yq%N%!*?@!NNA2{Br4>H9x0xArkWlC1KFhp{@iB6H?2#4dlub5PVIIc
zTxZdhK}x|gM<HM5L#_E~dz}}6PeKD(;;2T}1}5b;m<qtT0A)SxUEV3jj=LQUmWDoO
z1kaSQC03T%S#(@DlU*Y6ZbagR+UV9|4I}qZhC@$sTDr_4^LAA8E*Gw3@>RROn|Loj
zmC9Pvfe>eea<KIqCGL4M(yj8tH>@?aDs@9~@$vKv>1^qI{NUkNpq}Fa7KXM`?ilQY
zhF$cWM8Gs%n&ccvyI6t0(0P(RL^aH|hoV>m=D_lV!=j2czuUw|`=)4fA<kwZfE{(O
z-tFr7QG0jBz~Gl<WsvXC01UgOfE@KZ&3L$SrRDO0eXwp=xGB|Csw6NWF>LtqS>QRo
zz}hq@N*5K%Q<c!KbZ<*Uo)BeG>wD9EQhOL}Zan$2cYD^@PX{6(Yn$VD2dCfQL%)MX
zWA<V~f}UlBmT|;o0>9X!sj-sS&|wksy6^8kzQh@h!anTkBa95++uHBG=An$GK5R^{
zzlBX#OHIY9-V=tB!#33rN(92#4!*}7*W#=Q`3MjhEXP%8lUm1Y+*Z(~rH(+355n4_
zlJ2Tyn+d#7cqhHMQI7eVB%Ho*2Bny1g5zTj9J<5uB4Gyb<#wO)Q8dDwZ`oV}3(CjE
zwXX&E6GHKI6%{8veB^h%t))9iew{9{F>{PPG5IY@xsNo$5Et)zBl*bgbFQA=*b<Iy
zzHzHXg`rqE+t74m?f#tnO3tm%fs@n=)xnffSJm@V??@FPy7qRt%<7kN(z*P9Cqz2!
zPUR^8HTv&F$hlZT%!Hm@R~<F+zBQ|MNETKolk4PkP#zZE$$H;@#r65z96(x#(kosQ
z6CSDVVX(zaezZhvPn^ls!d-3PWWA(Nk&*QPXO2H#^}1b7i7y-sGI%z@saSEms?MQn
z8jN4}pE|yqb<A^y_%a!nJ>M~IAHm5KoNHaEMG3^WqIStK(o9(0CYQB^*xb+25e^fR
zP-E_@JmWwA%%AYoE1vD5vJ9X8b{Mi~AmK^z{C@Ia#;e%DI1AHg#n>TH03w00C>ZZ;
zK%$nlRVcT4k7YLvvmq(KiVuATOEx)TF%-=Q@+Vf;nKs}kC&TC^v;AGd<Bk=Wd{y9q
z5)M6cBm>Hb!e6!^aDl&P$lslfUM%_V`uWR?G~_S;WP8GKX=-t-y{2O^mM>{{r;eK3
zRGxG!w#kfgr?@y%{H?*w?_Bldrv}AcZeL4X70~tPnr05457G72Clk>2fwO~T$m+y;
zGBq==`f_W^QvuWPh#FG&<Nf`E0>Mga`~Fa@*m5m%l&l+kzo?nqV9^UU_DkZ|0gV0g
zRf7pQilPQc*9{r%VM`X%(6de!<v>o;;nPPv;rh!<+&vMns)Q;MbH(?@lKDC{A&&{G
z7nLH0$T%7^?eenv2N}ydk8<(8pV+D3?7RD3DWF05E2ULE!sh8>&Es5DKE-6^kPn3W
z_Hlua%Xd=Ys(v%(V_}Du_qqK+zybraH8=?qHyQOS{iw!?7!EniO+13{pKsKb3{p0%
z{XD1Y;j*G>KHxtGZ2Q_D($zl{)NI2<Lslz!rkaj7MSDga>ykPpBBmYe75C>HQa-Qx
zpvr;*SsWTNtA5vSFExW?I|su-i>x@Jn^CsAiq@0P2`vWAX&T%LlQjv%lf&CQ<sIc(
zQyeMPojk93w-^PlZ)zgGxo|gyM|q3%Y5|1teLmLsP0;AvggL`TX=T9l^y=kR_Dn|<
zQLv5~P+lPc#Pl=Yd=qkY?r!)4ytg6#l2B{8{<4EnWde6yOYGE~VJQr8&?Tg%Z$ez#
zKhwq=8&E8c!5Naf*YLdL3M%M*mz9OWcF5dHX9<3+yEtZgZ<u=Kg<XG*<-lg?5~voo
zQi{dV&D55mO&vRR5)90(Xi8ay#*vQ1#g|QO5Y+02N6(;574OsqcP)Qzm=!~YM>Q)u
zqv5Mu>YbdXh$BQb0V<oz#NILDoQ$GF!ti`b#}iY*wGiKS{xEydx-(<g$G=dP#Zud-
z&5@R&UVM*^84~*ddl+ocMlA?lYjI%G=Vq7)9-WP`gh=7LvPBq=+BxnMZ+Ubv(564U
zZ=?DoL|w2W(bpc5;9wD&_wSV{(!5JAT~``SN@<T2@>^<IKHmbTLJI>)M^L10qB7O{
zD=ubeg+R&VeG>Pq&aO;|X!!glTG<y+oD+SCxc%H?S+F@JkOz+z%`^ve3C^D7V)V;o
zhE~igOW6H@BPjI1ViJ;}A#if=5{1AYCnX9S*@X^FEb=oO3h9BAH+-#6Jb|9%Rkp6L
z^?tw)W=w+D^i5>3MG4__XLW84%`3N>+o`k}w;GL9ss6Ctx~V3Fc^DVE%UiB~y4g|w
zyFw7@vx0g7(-kc*m+fOPcH%;Y?4k~FA4vDR*R0DDYh)utrJ%wn&^BZ;7{{LNI>&Q8
zb*q>-Fp>J&HolGn7JZy5WS^J5<qt_fZoDx$$!-?uvQ*hi=QfM0?S^W{n8`o006bbq
zg`i=Y(PA&8ZV_Dv>U^YcG2SO_z>}$?h2J7vZQV7~I=Pi5%#)pC@@&?khQxDeJ&Fky
zv@btt<vgVHRG{-N?|`aip7<*dZ^d)|hzs2F;qtb6B_4!E(8sX{Es~QDEWtDe)nRHx
zzzs9q1~Xm<AP&n(RPLRbHa<Ij-<uLMAXE8rXrrBnTF(g1+U|W^!p{LZ&enw&1^M%P
zQn5jhe_R`ZLGX(S+POPQg7y@a^k(7l&U|rG3{$AW4G4hNdnXe~km^^lWzO2ZcyVCk
z*uWg6-o0gC8j`jDS32EUn^W%6PtX*@%@ai(IR<S+Xf7o1tjT5ET69IONFp-r{OJZJ
zDEtf&;sXF6!LjTQW$UN2!dziY3Ahv<e)Y$GT-{J2-(d-t{^BGGz|)aIWF;`AVeCMO
znUm_0hJ+mB_(>o0?|7i7DD6a?iIwP#k-GQgxYL0RDeX?qW$QP^{1?xIu6^UmH8Xq>
zd>hoEjZ!%=@f%Zr=0JrV@dMr)*vF{qt<dal&h(*;{qfdR)-VP)f-+5E<h$Q$5e(JR
z;A%Vx5Cxs>hh<bF<i8Qtoy_6#ZUqON>6jgUdPpfY_}2QYjU%@5T`=MMeU9yVL+x~J
z$HPtwx2(KRpbgqD?tM$uD0FMrQ2_v5gijE8PuY(j`HTo-zMjhtjnRe|7#w;!IDS5z
zmV8BSp#o)yRC`_Yw9Ip)8B%J;F(42*U}evG_wo|$)6_Nwo2LP(D_kdA_;2HojKv_n
z>MuQ&8NdY`u%V*Z>`L(k|19oTrXV=H1gB~7*S?8>?bO2b33wj#=EDjvMK(*@Cmr2M
zFSghp$i#kQ^s6__Ozo;Y-@KB~yq_&<p<LM8mJTpwr_59gA&560Rm4*s#lmm+QG-LY
zYqLQp)!qYDUv~BMO@V52q8&5<QkYnO>ZS4R6g1XIUOKeQ-dgmgYx!WO9_s8wu1(@S
zs2kI(;3;Q4M66+4%+VBGBBd9NjQ%C@!a8F2z@oN^_O-q+=2@j@U@A7vDOqbHHr4_E
zwp!8$EK1kuib{PnnC!UnUwDL5g)di(w|{mkY(nF!Cx&#V>5k8JFAZB>^IAL3Tvu`f
zi=+GBgFZqxJN%DDLQ&|yrGHdAh2CWG7SF;^RdBLnmAsM$e8QNLN|<H}pxaMPIHnF<
z!UAZ)(8DoDo1AkiOf;DV>3KIk0xti0G8NBH`VuRuSks=6njNWxr7sbHc?=c^RRHqE
z8o9Sd)d(~GIPXA<9C4>Y{uMTSV@_xvoPav#7*=6xE9RK)La3ZgLbUT-JTMuVx3Z*)
zYL1I#ku=K#H&X%@DNXZ>Yl)D(W{L|=!>LAi@c31~A_FBnPVM9la?A|Pqi&c4B(Gmw
zIdUyi9cQ??iVD}C2bKyIl#}XQ&GXd%)%{d-u$|V-Ed0S6FKcaQ49~>mq54c@d3}VL
zXwhB9=Rg1w7k(KdRcq-QVBuxVAJb_riGYy!Yg!}<eXNeax<h(EmmSsS-9-BXc_YWx
z9GEFqGRorTMRa`dmMX4G24`#V@zp%ju(`)N?S}WVpQ|uKiIQtF$giQLScKEP;ZMlZ
z)T+s}AgJt>`{Hp&>n9~SVIYvHwe07m-GEJYVZ%ZH2hqNluyU23f0KhIH0A~MHLWD{
zX~CP7;cw>3{wQ0(%}!bQv`6b2iuxyE$2nQ2XbxoINGp*)-|mXvPfqS7Heuy9j?K{m
zlE7#Ou|U61k7Y@dJ9`I`?(5<ae2Z@rb7$;AXT&r#r)sq3FgaYtOHmpq0tZTyxq{#C
zTd-Ad6K6iZfd9&4gAEf`F8Fc*YRp%o4Y^BE8ZEnrLb~-_Xj&wbwMvE?w4n;-@le()
zb@tSp3e9irSsD|+7x6HCM)#{&{n1w7H^Y*4p@@%YeQb*=oSoM<E8#s_qtEdtuArwz
z+YdR^iEq?!OfM3vwK!nHrlqU#6>91fydUpG-4tI#A{IV4D02o2>w`)9l9+ocJv1wd
zCbd_Etoq<fEeH9z@7Ogm$ITuOn*W+uT{((gmc_7gcu$?M-_O~?6dU2sgi8D^cQYVj
zWYTKHg$<ba?jn<yUI~zmDnU)z`uBmW=-WCe*h94py9O>6-~FfepHZyLedjOUHZq*P
z$+QKzi(7k^*-B!{rU`LF99{MiRLLN&NqQd`c?rXOkq?ZFASGi4S);s>deP^k5;(3T
zQ{BS}m+>v6*%eN@_bG`<u^3N~-7j&|kG5$ExGV2uQzP_;I#}VDkV(PxU9ptdiP=#;
zK*qG4uie$A2tZiHBwd1lJPW2}T8OFOD?lk1t$vN%rWDEZn0bV9l_Ph*2UTCqa%)!h
zT}%oMtYocqL`k9%8BtX-Yk6h@7A%gu#PzO3fJ*Ag-A1P6di*m=nP&Vl%`&yO$Yhi-
z!-=3?o<MnM24PPr*Y)D0-2v(Y-8_ud+G-&`RK>ULkEWka!68DpQ29$+hy&v}aGfmt
zGbakBl96?~A5BWH6n2YrPc_t%z<D){iB!);e2baWg=-1`62qiqK&h*)w`61Wug|?a
zW%adqEvZMQKnjcef0R79{uCuwcEK%tp(Rf0eG&5thmrVyIMn%zDKETa!HH9`_^2&V
z$$MjQqCyd@sHRlp156!wmK%6AWgBDF27@=9TkD8#FD;lm&Gn69RrXrANz9$fMxhGy
zUkpyS%BI|@XovSc#i^!Zb{9@^g|hSDF<G-mGh@g`c1Lk%cO_YS`Z@J2sv$F@YMJCd
ze<Js)q-p|i9-}Sr<OvzeJM$n}jPvM>X(2+5n%m*$KT$=$AsXVz*`|pic#bJl6^2t&
zKS<3LoEyF*y6j9!2e$_EJw_~wAn$A<j=H~*z`<^Nm_)DKp?>c1oK%X^JkuwY<u=rb
z96%)Gk@w%Ew~~rD)vVLdBt3bByAcmJFFzfm)uutCgc8ucT60Tv&7E1^2WQSH`l^|d
zi*1*CaH_nX2nbA#QoUcQW$~9}<iO`R)y$x!ZoKg1mt$bc@4-Wx%=5U9+r%xetge8y
z9m>@^xkYLx;$xcH2TmTukuMQ>RWZKjx&j-mgY2xTm(cNs0_Am`VO1@y2jc24l-+5I
zlZ3ALCjEEb(O!DQz*GJnqj~n5LyJ$BFv{RlRT1F>c-Yf*Lf>HU6b|(Vk21t@-8L_*
z85ZY}nEAXuR&RJnrW(=LVCAh|cCJc&Vo%^gt?OrcF&_dJ<AYX&6Mk`F*ccn^oZ}4<
zIPmqTJJYm3<vwFN34M}dR|vnmeiYVTASI$2H@d)eHAWGU>Vv{qZaL9T$6=pbRlLT=
zp<Ea$0>Wz!mI+6;wg?{#N^ii-NcH7-w`YES%zrH3cX-+wsG}Tp-i{Fo)5JQEoIM;u
zg~p1Xa3y1rIQ<rZx*gCNY!>S%kNb60Z{$#C9WF038lZoTcbvF5LV>%Aa<1%D7Q0%b
z`15J7^|}sXi&=lCjtklrM3J17P;OnJb-Zvs!3%6e1W3c>w%~H?@^>yVNkVu#-+C3S
zr8tcKb?;oTzkggAt_fs$LJNbQz&WIXW3>=wRyF}59*BZFYGJb*MMajiG7-70;%0=U
z7UUfl+)L@ZrBp-1Otuq3U}15tH&vGv>&g)=@cVQJn;bavN{w59;e3pzKTDJqbkv>=
zgQ@HYYYE6(Q)60bjaYrX!FYs6Mxs{&8ued*m51*8!bU$N7GEl2QhVOtW`dmZCCgdG
zs6_n(PH7;~{2lY-t3H|$rC4JVzH;xysa9p4^(6Pl)vT$K7Gmd@Wl5#oKZldAUtENc
zb!WHLeo`H$fy)hRpi}L!rXbHz-xFn??0FhZsdU<<i%L}VCl+hlY?^<@k65=tpsx90
zmMJcq2(c{qu{BiN$X{;UT=G)h5(yI<*|Ur?&Uh@WybuO=ym6+};vN%qsKwd?nhGP*
zJge_lx)jklN~|gqrZms^eqQou=R8SpB8#wOlYDu3b?Ca!k}Q{QHbs-ISUVyj^~eTs
zc6x|C+AyoToR<=&rB*FLMR#OH+zF-)a9cjB006L$oE!GCa767nsHVS72u@mW!Pb``
zuT(kiL6D(bJeuO*>^a}Q|7^K8dErB|lH(XO@AEoqzOxPDCS*FIe_b^hQzFWa>u}hT
z8yro@_4idX>n`QNE@K_SalX!{tc;_n#8?ONv<#Vuxp}1l3>&bDPm8?t#78bDG!a!6
z?GsQkckn_;saFS6Tt${|oV(fPZPIG~XJDK~Jt%-P2S3ZCmCeu1f$$CS;pWE1;1?hG
zj7h`wRx{6E79bQ^1{UebhMZG{1+Pj5--h2wjN>Bk`}+RFjyOU_&cpS*8?tkaF~pty
zA-DF)EmtTu-`>ILRryD8$ahk0FNQ3eSy8NlA<JjyU^;+Gc_}Q?^sJ*?9~R=HLpd?#
z@;Bl`0P8drOHhkP8=8};k-1y-e2lES8kGo=Gqa}t`>KwwKfD;)AA2y=1Rbw4WtyZb
z$|igSciluybftJqo9!@WUr}cWcSb+u7{>IB*@Wy|i;|Y1wxhFaIsZE#;a<r}u3=WE
zZC`EC&ZRpp8jHWG4yAexLRhi8gizd)OY4JBO`<^1h`?)aA(#+P_2;braLjf698(6S
z-X#kno0b&Vr&DHllJ;rUDlwDjL-K$FcRVDKBz-~J-%3$hRGXN+vk-&V;b#|iWIZL*
zZF|?^G?}gGR8v2lA5;d|Sdox&GMN%Pf$iQr62YypZ^9Wl;rWrs^{QQWlXeyESFnh$
zx<kDHOVWVdPP@+Esq{x3@BwTRJy;+sdZ?dMg@JyU=38GaRO{_siGU(<X)ejr2&mQi
zDi^f$wX}MyF0LX5HSUUwz^*0*pR2~9KPU82ZFPC>ejX8A=S6r;#z7S)044IVP?2$u
z+fFIvjq@2In@>>7$wy%nglIybKW(gaghy7*pLhWjT<{gmJC0(%-Vx<|qfn<eJllH8
zx@N6iD>Azv(?(fvS$iicQE_71wH}4Os<Js)4&(}}7|$d|*7)u;zO7D_&}<ug6_|U2
zi!5UT4}AU0_CYo~wPiuY%M*6?EWx5v%=nD}(*BRT!W^|4)_tn@$m2}}o!>+atS9<g
zMULvMBu38fZs4*ylkf`F8J*DclUQeBLPurUkVtFJD=iUx+#&J#lW&`8o_H!uwh5%>
z7iZ(@XqX?;YZ{LMK^qE)QE0GJ0%5hT>cb)Mlj7822VH)4HTwnV8k7a1>_v;$>y;Q9
zG=9dSwO38+GCWKv13%uw>L@$yl-1OlDuau-cJ@Rscpf?mo1Bx}pnv&A1BI%Xqzv@J
zSxTIzVkuzVAAPVZu?5OXNw6<NV-<{t&8+bwsx2akw0}^N?{{1R*jvDQE?8m9HysvL
z-o4H6vAL+c^-i-vqV(~)nUkhugT&SCqeWyoO}_2@d)ViMPE=y}*w#jcz;-yk){rm<
zf0+T<LYzy-o_BYb=`P7YWC~n$V5{SHfmqlG5`CC<1=Nx_c2=C2`c4pt4Sno6VT=Sm
zX%fwuo&kd~7t-1Tq8U@lj`&0k?iGO&RR*?Sr~2-eIR9YVj(-}VnupaS!9N0H+r~3)
z`{Y<je2)w+hJ)omfcY0W(m<9SjApch$y?%n&bxhFV&BYOTWOP=0)@z^QEm@}TC6*=
zX&L?wBYH@FjzrXwT|GD@bAMu6k@JrL|I~h1YHy$ugxa&w^T~zr8g6cBLAu=XWY#iX
z!5qr(LE7lTG)CkKdVR&|a3($?o>3r>AXUc&p#l1`j{NLRkj`lq9+zs0GAyPh0Q-xH
zsw*PdK0ln_`n#JtBKh-f9<46U=I1xNw7Z@*fc@pZpX_I%1U>VVfK4UgNRh6w3zxW)
zC6wXiPAE~|Q|b%plzfg-UjG9JKxu<Tng7;S)>n{**sSazWgPl3SW|12vO6e+dA)^V
z*SQ14-@uHyE6C4US&2=fd^wfqjvU#a4)#brxcVcH-e1U*PK7a$RU9E3K#R{@uXra8
z+Ac}xB>V`#KW1NCCaT#+To-I13fH|bm<0f+0_}v!UvEJ3Ep7er)F3_L4_@Zp0$mzc
ze!QRrkYsaQ<HTB51bc$4W8E3--A|USm6Q+Wh{Y>%QR()!7QEOQAwqv7#SWkQ8u0d(
z+zUd=ts4$&3^4!7$IUkJ8mQrm9~NO5eHbxa!7s<^_HI^<sl({?WERh+LPSfgv(zdZ
ze&z`OC~$qgZV6k;*<PP<ad-q{G~7)YW3!I`Ss59PKJAq@vRNCsmn<1x=OHVP#(cJ(
zd_KRhh1vw??L|)d{YDLCtRi%PMw3$51pox#6&1VC`9?gUhhBEU-0ya)dt6o)JYtsY
zy>EfbqskF+%T~v6MU;J<?nEbm00#lymcI-@0-*Kf9z#35)=$;}ocY9j%J3lne-JEu
z2ZH7(ycLYjiP}6JhuZN7;Jj1s4zVBj4OeEgum9cj8do5tbwiAdH1MqvwlLW$m9(#R
z=oFbrJ#a<xqQ?kA@9fp`zurz!FBMGgyW(c~xOU{y>;Bg7Q0%+>^69^6VOKQx&kw^V
zcRRCT_&E|mXjxl?cpmn@4T(;bE``7LlmsKLsCSoz2|pq?EV?f9VI-2u@=$Q860=a0
zs`9$p@#R}W2aO!NFC7_KSyj|ZYh@Sg2iNqXyJbt8vHnGaxyD0>!fJ8N&vsK-oFL$j
z@C$a(Wdh~2Bok4|L$Q)ah28l16$haYkz~Z=={QEl<plpU9v^SmR-QRQ*_FcSkgXDl
zv_WFF)mAY&2d{qN;32`w)&`b%Vik7OZ>#$<G6{b%W7_evoCAQ#89xJhbd|}rnBmX_
z=925Or3}j%1kzBdljtJ|A+58P?j7LYN?pcN;e@*6$E#aK_n9kg8aBb%nd{-MQmP7j
z-_qh{h9IbIx)S~lutzA=64WC6!@kt3@dd|$Q<TTT9>Y-zI^Ob#k*o55Ggx@hkU9?h
zfMT~m6VGmPCo4<+HKbp@*E;+7kDJiF6zXqfLw8hB37HhDQ1<9`*?i5E0BDdaZt0+Z
zsj9h}=t7!3?3^E-mOR4%y0?X*o<gkBOQ^h?FaIZ_SYw^Yz?ZQ9V&{cJ>SiggSlWu{
z@SBC;`xwRv*lu5Vq^#YsL(LV<e5oE4IPhqO=Bi%7MaA-^ie_K>m0H{&$7pG%wg*1j
zLr`l3DUO2#@wb94X}-Iz=e`@?5mR$?(QelRJS`1(hQC!b)DN&s>*>~}UaK3(JXTiV
z{NpBM*8+=;_KCxUwiO4t&6!pK(n<Dt8t20~Vq-@L>`JC^Cuz8m4yQyo-V;XU1z@RI
zmC30vvsPesskQUrmK#sy2nA{a+&hZ?MqV+$iIm)HOljRuMUD;sn0v$92oo$S<+~IQ
zu3Jt2)K}BIxgQZ3<m*GBpIryZfZfrF>jjq!|FW0SlQN;_M(?x81LVd@&u*LR=?Pb;
zp)j3y31sq2KZUJ@?O|;lwAXQ&=FN)3D6|pNbK`sH4eRA$KZ+J;I=<GTN$HR5ACAN^
zJ-B9bt!ARhg=WMqJD8<N-Rb%K^-DU7ek}qhlxz}T>Je{HCJQ8SYB9TteSZFQFf?g;
zhZ?fAQQmhkkaM3Nt~GPYsp02P9V~TY*YxUj(5fVYAltiQ0X|C8-R8GlOs)?+2QGX~
z&uq0$*5~UtJe{4$PjDM}tS{bJ0svV6mewMqG-!6OZzn&ZPV-%Nve2fX00AAnDRRLH
zfMNswo}`yFJJ&MB@si)TcN2Rc$xE&L#Y<N1s6~X$A5!bLltz^=nNa;;YSgc>>c`Qv
zCR7i6G_U(F@W>>(jmm`esoN;-MD$Gb)OE1&DQVFe;4N-9KbKlH_%j4x_|8AC%6M8e
z*S`<?XQJk#VO`&^77)7jyjP?zKH2+1$^oR(m3=~0T6JbcoP4?6>zUAaDgCLoCs`%2
z{JxIsbW;2W(RaPV=Cc!7f+TgX7zdH8$oFYZ`1c2c6V&*Z$;^Yygth9CyW6jnXVV9i
z*0Aqo94z#m+*C_McN1Oso(1~8#*cIenC`B+9>I*tr`6+>^G7IFw`{<9nXX8XK^wg)
z&eDt$e#?2(uMrfIs49Oi55Iw^`Fr>zD@&=04lZd(%l>Wk;YXhtN=@3+4a53&Nk=UL
zc<N3y#~wP@P>coAU?pt74mR`>F6ZZUs^cO;wsX~k$rzU5N*#5uxr~pEGn=)a1NIwZ
zF?&KTG-J>nyBNvq!x+r;EO#^eCE8}a9;-pfu=17Spl_lL1sW}q6$e<3k*ww|MGBVJ
zClL?sfXXJAk4)jbxE2ZbAz1sOR>8licGl<`k}7(Aicdk-z!@9jWOiGee|k?Ps|^`<
zbuj`L?LXZSsMQ7I{CBZCW|eC-Y@M83ws$XizeC#-Unh!q6TvONNL5|s=bWFsvylm{
zQ#NP(`wrg_hEuM~;p&fE>|0};9grWtYI6le9C<_#8>NB9E5Rzmcg~vebcZgYB%|OK
z!0_I&!r=52E&3#L9zJ_b)0(3yc7YV;izr4Iyqjs?4l14;`F}sW@!?op$QEa16RT||
z&HorPL$kBq4TCs^C&t8QHQdPk3aI)**jY)ahAa0RZeb}rB7fFYZA-;#@yKnSaNMfa
z<np1J9+ZBjTEGbrMU67UBC+Bfv<4_zyuXAL_`;ysT3Iy>2Bq7)&0Un%KXK7}W8;h|
z9Ez!cb*VW*+%Yyu0%ZR!o7U^*Ej^qhlFwZ$2dC@vrhkF%z{cSE7l{m~JbY0Uds&)`
z*gi?V65N%S{JMYtd~Ux3COR7Z3IA2{*cF<nO7P5Cbx~iJx2h2cN;crnxYh&U*^Dq~
zW{OCrhm_S;fnnT0M*Z-(xz+@eOd`(th%DW(wNyw~vP8AyMQ19I?O(-xTQ<DN-*aT)
zJL(?HYIDa^kio{EFTcSDgBr$th!?doZZo6C8Q?R=pr)(ZB{HJ}|I2brAeKudN~LRc
zT6e+08j0Ko@IU-dzqJto!R<%p4r>zi@gAL$&ID6q`a|+d*7h`(Pn&Ds^fJpU_M6=J
z@r3ZQ6Ic=`f9QWcgrRQv^^EMSEd<}3%{&f_ucWBkA0A&qrm4@;Yzh!FKs{#H^voE6
z&A|GWeq7pi`7UB(<b@Ap${?fy@Dyfy`?O~>rA`r?+IHl%*-Mtgx=@Tv{$d~UgZ0K!
zYp5;Tl~uVzJo{w^uL`XCty9lDU2CoSMOnWf-$W{uZ=GX@ly!XL9@6p}q>BgC%cBY5
zT>=UEtT}?@@d}}5Fg}A9;H|@gFlen|-aeC4()YQTPTjS|=L|EL4l7Kyu(U7{RNWL8
zw0g<BtrBXbAj?p667_81BJ8vhch^GiNw4@HmV2`kJTeAuwSYEa=T?Q_h6ITLH|h>>
zA2cs7eBhG|2L_S}xM0eDDj`n$&A}^!*5GP~lL5c)$aN7wu8UNJOAKVwyx44X<_lqN
zyaQj@7-SX&x;k%Ps&3v8T>Gfsdwo8ob5<47dh1%7(zkU@{yf6a3knxrzQLiv_0*h3
zwc?&r%vM3AFz6Wj90T~lT!Ll18Lj-dzL8_z__O*gUA^I>MxD6fxM<`}6818`(>FbD
ztfV)brT}Wd1a`23)`IPQN}%JfNc|=p&Vs-|l<Z^~t59LnlN%|pP~Lvw^kq|sLWQoA
zRajQEAuCXjs+EmAI3mHf>gvRS+Zi5_@5aR60M%8lycofAl42DIe>8zXwTTi+@cto0
zpVNn7ZELhs{$A@n!Lcha8t4W*8myz;3LYTUGiz}*WKevde`KM~HHVc{83H`de5qm-
zIxw$*TZ$+7yQf_2vGwJKO4&SmMKF|)9B}xu5(3eu^%3eTpZDYVV>o>37>vRn0Qg@)
C)^w%-

literal 0
HcmV?d00001

diff --git a/docs/docs/administration/img/immich-google-example.webp b/docs/docs/administration/img/immich-google-example.webp
new file mode 100644
index 0000000000000000000000000000000000000000..ed6c31432de4440333033d4489cfbeafb241d836
GIT binary patch
literal 115674
zcmeFXgLmY6_5~WVW22*vZQC8&w$rg~cWk3$+qP}n>Nu&__s-0n+w+@w>-_;Q>#WLm
zRjsOg>vPW8XYYNY@KscFwhtIcRYXuuMUGt!2IwC@)}TP^kU+nlA<+5t>Nhj6OkheI
z&<)66uaXqD*`LLDBi}>_cimkh)bZtAkg2?zJakT}sNOce=0D8cmWNZHyv3ih^}OV2
zrmL9%yr%BEP`q0md3P%qD+O77yKYzD`N|1@F1`BDb4MR{$$V_RU0u>WXK!?+UCLgd
zZ1RP@JAB{+@K<#oefr)v9|rFDp81yE_ujBye_VGhb&UbO0j54I0f70c7yRR{ML_U-
z!OP5x%bUxy>}FR^%xTvKU#oWyU<H5y09+)$S6ytKcKLk7d7lHK-@gH_ZVg`m&$9P?
zdp=%(op(8(f{&69vd7mCvIYDLz!9L)C-TD-0QksWR(<ID$>#%L&3@(u0A9Qb0SSQ2
zN5DP)tI#6=064V-@V#W;bWQUC04J|rfX@KUcbDg_t*#ecIlvh&fR~@|<JBAh1OP0?
z9O!QF{qQ+@r~62MXM0&%=nDI=d&j@Ndl`DTy6jy0z`vOq^?~y#2H1aGTwgqO?KR!d
zUE{BN*}uiyZ;kn2@x{IIy@j0e_4y$9MEf{@96Tbt&>i?hWDolE_}JX?yxrZ1J@Y;3
zUgPU^#RHH&(4M^BWM8`;x2(5D`3U)9oZLU`o<F}O?_(_aL;_IXv_Ggml3$0)A9n!}
zT|*zV?`+Rqw|oN#y8u1DA)hb+?3?Td;fKp9-6deCv%l-qBh)MY^~c@TgHK)8Am4>I
zFo6Dp?M?PA<}CY0_Jz+1kOM#h_`Nc{F@31^#7uYP`{2KYey{<UuDPCVZ?<;%V(|L_
zNAIKnq_=|)Bmm%Q=?rjJ^@`sD=<@-5(0Zr(Py)<fE8ds@kFR?(K$Q`DT5cJxrK!q7
z$(1x24rfdOXJ?A=uL{%tG*S=tNYVq+ZK6|7y4r`)p+&nz8~LWKRh4&Q!isV)uK^HX
zE77mu8mUH7r3+bo9uRftX-gsl4>K{T+~)OCe}!11y&-m9fCeS+$_-}?w*mIGnptGH
zvaf5(rl0xF*xPpWqc==65CJmtG~x}Z*?W<R`?P%*o{A;I#p(p<Tt9ZM4FibsIK9Us
zex2nWFE9N>a9SyA2d~jh(G0_%K}V?cv|(@8+dMEnxD~tKvF~%lhatiiyBrR+4b1Jo
z+nz(wJx@)5%s;Hv6(OEJ=G|N_I(fCKRBy2Fu|e5(gE0-(;$Nc7tMBCZXwrdE-f(h9
z7R4I&uZTbF#3iJ@+MU(#9NCl3GyHetuGxB&vfxnpE~!Idmf@!2ZiC?0q(ihS3iad?
zZY$XlRWq*+zI4CXUG^>+)Hy)Oiv1X$uIcneb@yJ8`+}r$5!#yIa0c#UBDYOss4sYk
zwVTTQSh%K>&FDI3mNI7+K%DvVAv@uDFR!_)lm?f*b-kc)H|*odr<0nVWOT{*9l2V!
zO1b?Jx4~OulSO-nT7Kb*k3CKGb6(}nHP6^r^eIp}mG59&$ZDR|go+U?^Rj&Mqvteo
z4G2FD-6+Fn+xdvH5$<aB&B3}NH#wZ?Pq1x2ImTgmu$AEsODO5@5$`g0W&=(q5Zoyf
zZ*Z+$!q>I%^+ZR9W{?A(t<YOLMmg7`-I_hIe<mY5>;3y|3K1w`>kSWOv8^dS@4w!x
ze#&BACH)mlgxgmnW`uVkNq^7YpE;bCxzYCoB^xFT)6?K2s9d@iOAVGz-Yf-Xh2qw{
zb_f-N@Zxw6f%x^2D1QZ#VqlIhy4|qul-WISNXk;vHW`%U{j6ftfcf<b68S}~bTLD7
z*l!t=EKH{vxiow!dj0q~me0<fI4RO)8OO1#R4z=$yyP;-@Ph*dPOm}Yur$Q=oMnx!
zM1)FhrAmrl7@pIO2{jeW?98YuFD)@&EWtL1q25&#Xw5(t)8h!$avQ#U=)d^={$R6i
z@isL^io{2Wks4faqW!y!YL|YD|MM{ZIFgn3g~7zA?6Y8$4b>&L{5*>0k|wj2%d)ff
znHkh|rL}sijo2=Te^tY;g7__F3&}i<{bU>4-PY?JzI#Ebf9(_WmLhRjWlcdsw8ngn
zA50hiTku6~d7pb?6_8bSO?}qG&W%g;<H>dV!HO}Eqr|gas>ZW$^q^090_vn_%SxCt
zL2@@fw#rGA9-i(Tm37+LHu3o%Xiyd&&TtD&mUJBVeaK*pjbionIuJ8%l81OfJ8Av-
zN$}HGQ@l8f$}t<yH$n*Fy06|69GH_Bft#$;?jamWK<!`<z<R^ps|<f@u}H}4&%v;_
zrY45*I&JXjd+(m2zzyWjD5RLP9#9V{wb(Px)KaRO^CZWQa9KgQnS63Cz2MW~n%P&j
z{_iDh;IlG1QDX46mTNLK`5M>$Rj-w3We$LA_XC6rjHZv5C*qjDYUbAkw<}kj1!z!8
z1EZ@g(iXw34PI(c2-kz?-)hTh{T)R;Qsu!Hei1nHbD2($NnWAd(}u{(*U!q7=XA9K
zNs)WA(#k8=Q`vz8{YiEwq^0MLM^n9s29oSMZyg2#bp!O@{+8!ItN&NR`8_hY{{vk9
zi83J>Qqp7lTGe09?R%H;vop!VL8{`;aw3*1T1iCz_4a>s(VvgR+}5@vJ}tP-u9xNk
z2QL97)^CW8z!WkGogf6}r_QD?YGvv^k$i!Qc8WGLb-!1aq2<(pf?8+s`b&#zXwZMn
zTFh4#RpTaJZ$y7}E5+<FjEX1$1Ebr%X1TJUb1b~PU=<7^f}rBv{eE({?Eq>X4O1%i
z`*?Yq7$%5Mh(GrW9c6PC_TT6L2}rR)`jrMDCiS;k_0iYui-nCpm$(VgD4qaodJ6W*
zI~pujd2u!RZS>-|y_hbrEE~Kt${QCdP`HLgn-Sul&qcd?B}o;|1}oo%z!nDs=n+!2
z4k*n2iH<3AkoCU28d!{Tilkq=fe;x;<txo$+6ecStiEkmp}xRqPBN4n<Vo9nfFj1n
zx)Agi6wWW;2&nF*lXIu%W<2S7Sqww<Icgayi~p=E=r9M&BpPQQo_|XFf?!MB*srxk
zZTsyVI-oBsa=_L@yebe5mO&63_^dNw#=%(MhFapUl;6iIEDg_PxPL8eB_xKe@%?mA
z<!hPKM55Cm7(O4O(@UntZ)(9tj`#iEj!o;{UXmSf`Db%vk8+|A9_>Ieko@u9Hky{Z
zf3{LFfh2n5uVEvDcsBP3jQ$(*{^zwNQR?H~=_IB7*d3uQe!~8M7nl<1aR+E_hawVf
zU4%cvULR3$zlA*01((^--!W*Fl)|P9E~@xK%!CaV?vr3_ze`JymmTSx!>Q_5C8q`#
z#5lK6Xx>jt;;V76iCKSZ?Z1j709k#gAT2drs0nwABZ;+J$?q86Bo;{YfW7)nX`{N6
zXVeAy{?d;|4_<-r=2EfYfzoEWPMYB}F+b5Egu4U#L-SQhey%yX1zto>UR)XNzp&%i
zA5f97!RXEO)szX69FHry?0o_hBG{shabXdaqpY<wD!H9Vi>FcCm=U#CemVPr%ZH&b
z?{iOJ^=*|OyULX?l6RSCeuchidi%W`x3qTjox(Em0e2D3{UWUFd*DB(JoB}fPgFKt
z@1TPn7sdQ##`DwU*!#t~`04~C8V?QlUc&<e6ayaYzq9iP&><Ew-<2<u;q@gqV%sit
z1rkKztgTY~BZn|j(t?vb@Qwv=Nr~*OY63)os7E*jN63}E_%4!QE0cH{_y38_f8ul^
zIF5h+-vIkx;BCZH-jjJ$&CYocB6Rk6ajyUpDwl|lCUgQ0mJ#%`SLQDs^ba=l=ObJU
zmCo>kkUoSR3yD@L^ugw&S#uWS0OUz#Z^7?)bsw+ntm*Jq6;@4KkZRz%1LoCkdDUnK
z(!)#*iT#|Z*Cn~IewDV#uKMx_fp!FUAvlduf)#8k;t(WXJ!0W0CQJwkJlQr?H3`Oz
zeK{f=pt+wIo$Yjgt#78Wk-|lqzVT#DaZ0XGWgpoZdE+1C;Gb2EmGVsJd0gM;6e2I3
z#UvJ?=E%CNbHva~5jANAuEoRH{H<*zN(fh^Qd%&nk!CDS7fj7<b>Ti4fyVuBd`uIa
z2?oFzFnWpU8rnQP!9V~>fmZ7Jd(!?sojgP$bgYL{+S061#<^I$pF*l>idNwq5KzB<
zADn-=dv<$k|IqQF<4evSn>skUy*aP@Ut@UAEV1(#BBb?}XTkTkvG$8U>Qzczvr3PP
z`Y*xkM1^%p*^JRzP~fkoue{bN-php)41Nb8AVh7+H1l(bR9myL1xpkhSu6N~;IIj5
zY+`U_aZ@c~n6mWy*q<}=pz^%QwN1l28Yz%pc6Pz1;yDS_l>gL=Qs^yoZoUV(a98rs
zhIGX;aX^+w5u$_VzFBBz!zW6;A>7T}{sz|w=8@1D;znUUMavCG&l*LUemhTQ+jx$g
z!s;g?BNkGdsrXd!|MmH=_6dFD(EGYtXh#!xen~NwA83?aNWcPbzsZGPQ)sH=?5k}n
z_B2Byz%f-)r4o7^uPG3%Z=PQw!i+pR+1@e<>DlYI!oaph9?I~myZeq|-3g_?ifFH+
zACQn%I$}pQ^zRYykF(Lq!W#pdabBK0m_c$3)8G8xC{<Rwmd!m2;eZAzZK<8edV#~U
z;N_C`pFBsx=)d&gKiHHBt{MJ5Bt6)%$VqVEr@!ljKSw#lXf}maV9vhW(kG|Ka1M<1
zfUvig_GkIo>@71G;it;c80d};b{lhxqr#c|*kd=g5TTsTI@&9DvECHr$^^PhKz3b+
zI2y_Q4)4vFjs0eDTqpO}DppYZzlPqQ-*|~qViY-s-l4r({9e4Kgd6EbDPf;?tv#Ap
zUSKf5#4kWHh_ITP>FYN#ghI}72!9OG?ll$&SuEQm(7)gxm+nF4=@azPj>)#`3Kg-@
z@r~q5`&znqtgD6gaoKmNSRf~vQ~&v4NEXT@IMs23MGBA&)X1^rn;_*c{`E;?VEG!M
z%_O?#ynNh)eB2wYNl2cnv?tF1a9YMupj=h~Y*Q6|A821`gO;WsO9`b78$5uPkaM*f
zMqyv*9Ggx=WVbuIV{#5ncsETt-6!MaLiE6oCK9>)65>c4XJqf~Y6;Vaw@@@O->z<m
z>$wT4X!Qkpg96pwq7UXI3h*7<cMd|<KSAL5@ik@Icq5vkMN9cI(N~Q+yw?~76M+vP
z-z1=@*Gm0^f^`KzrvT~rRM}GYR!YxH|K2fBNhlrk#UTgfQX=q>#KaP?F%cH-7s2=A
z8HC__ft9oMC{@1ud##F(le3C!xA*fru6**ls3IP%{Lwak=b{Dc4&%2=t;yu1GZLca
zb))oOWn_KMW(SC#+BI-{0AmQFo>$^yp#Fm<&RDDeUz&I?<%p7C83!wK4bO{tBgH<N
z#gYGN46*2KS(-JB<qI<Igy$B<gm+61;l_ZkU;JD46N7qLzw0qL#~lk3!?)ier1#;6
zv?m^`8+wTyM!2%%=~8vft(lr7GMytsysG1`pJ8gvlQ~0C(dp)<WjJoEt&D$8qDa~A
z3+2R0`)w8tg?@Ik%-P-5c+>hF@7a(i2fu=xt2ZY(Gm2wKVzq=Hr&)~O-y5|yGrV8w
zTZlSa>)qbCT>cjU@HdtqUp5W`m!mH9R|Wnd3ja@#IAx~&4cPyX+mc9pS<pKURX2ny
zFkH$kT5W~EW=F}LK&bu4PX3v+k8ZZdg1|6u%M+#e!2so-h{;w~AwYQtAZV44^H{%`
z5#}|+mY0TZCOrP5-uFQqmm&E%dzX2rB>R1H?b!upq5<8HiWF&2qhZJB)!mARJnbAK
zfVxI5{pF_E;UxS~(<h7myHd`he^~?nV($go>wy*tMWMAs^Bn#a42W(nstORw#1WH(
z7C;sbTu%P#c)d}iJs^u^OiafX?;9Pfft9O6I4Ttc@3`zA>1KTEt<|E)t6WT|ms+<{
z{tYdDmG)*!AUElbsySe5rdMQ6He9r%^O&%1+?c`xnIT+7)F1uB*z`V&f8?+KjFg!-
z+R17!BY%Q9KgE=N#p|Fb63CXyZ+*lz-jzKrslWoAI((T1XGX)!?@>O2?-pHrLU8bs
zH8@USKjfJU7$8;brISRBhBA_pFBmM@#}IrH;@nb=deCpq45d9|iq@?Z!p=c_?wP49
zCU!kVNJb@%O{*o8A66KZLb0;%`Ql=@#rVl3(}*T{n#)CgJlEX;Q(^Fu4Y7UW&U-ZS
zib($}PcN4WitSbF<by`p6-7p(yIrzg9i!ucR+zAC&q0-JDz~ugBvK`2H35ptRQMys
z8V#p9N+Fl7u2q7eVug6CK|LR)lf^4VDupO(@U@)MMy?s7kn1@|lHPcJzxo3<8urQ!
zm(~SrE!EKRM-RNS;+dM)Og--ad1&HoyJJx&H5O;Vp155B`z)?mm$SnN)%9eC{p}I4
z4YW(ek{E`)(uQr_$tr8A00pf;#gGHmATC@f9Wl~Kl*eHc!ap3XhD7Iolq<=xqnQ30
zn}jniW1h-){H<|0gSb2Eh~K-!V4}aSCXT-i%|J0=)cvJnVlTt3+0lVGLPcHuds4tq
z&wo>o|6*fcjb9wWyN^Rt=IZore>V+&wanZyF4%u#eSi32l$4mmaCkPjj%#2R%Y)V4
zXZNtJbn44-W<#qs{w@fNkB<v5Uuel{+H3V+8Hz_yRWsD^gJZ`qf659m+yn!J(1LOQ
z-ZD|CQJJd_LV$OE?hvDoomX05tMF}smY8xVN*gzFf(M3XPJ;-4l=(vVC#N&P+fIy3
zd7b;#R`17BNXiR2-kE4hS&qbe0y*!vM~%!<oa{U)53*i(6ff724}+%^7;rgr3SD>w
zeoamO$b8e3L}f4@PAAfyWDiR$j=r(KjIfm1e6{a#eo+_urM;c6<*TN8UU8wgce)r<
zIt^!I5e~;uQ5g2fa`g$7QD5TtxpyV8B!t95>7hRm!KoWgZX3RgJ}5(_klJ6;o<QVN
zMSyR3Jbn-EI-6F(harMXbEu@uGq5^F%rR-q1?4pDIr~{>?D(~!{diugGQOwoVg+3_
z%M14;ae$krw&4lZXuNkvC#cI%OmxsfXE$BF?WoI>uaxKDY=0TmcB>#V0>>V2jnpTP
z2Yp}GwiP{N89Iy7F$Gh=C(*}$aCESGQjFBt`2mF&E%nRhLx!L{pU#hI{U1^Jtw43!
zkf_G5>jwJ0{aqo5ob(-8+qbj;?l)!#rtqoLq2bij6dk)~(5>p^wMo5jUVwOQrK~cp
zF+;=jrs-q8F&070362efFFul#$Uy;)dG@LKcPzAr`J*+{yK}JI*`$N6)cs5NW7{{|
z${q%uUt|lX3^VBuh4V|0)kC_AKz4fVX@Hqot^cq*SK26${7bLd61o(4AzbDR3cR7d
zX;P3z{)Zm;v+{ur98}A|SH&8026@G+RYd_`IO<DqFfpFs{x9H@nYsvytYZjH#(j&V
zH6>$rv;1A?A}@ywPQHqhi9X6l<^22*kIbOJ|Jx+_LvQ}U<oKWj!v37GzpNPJg?txP
ze}}=WM6~PQ9GQRh)L%Ngnbf7M{_jQpH@Din46g<)yVQ|@^$!95Z>#s0?VEd+u)ZR1
zgl*?vuVyY2O7b%rHiALgghe>ZiKh4gKZLCnqN<npKZ#@7SvFF~`&LTQoIA?{s&VEB
zY27H$Cfj!W3M9*>X-iA)lgt18F8}5WFw^w6zN)Wm$vZON?q`STEl2$<R-3D}|2x>U
z_D;mlbrwhGIyGZ%a^7FP{=6%lub#;I>21ZIMGxen=WZ3#4X3Q_Qm8-6hIEb=)O}h|
zFjsp%B4ZXA_`4|0kX!h&bTI!MQ6K&`#A310-l4r>FTNwe1e!uR;F(VgH4h_THhQul
zt@pdtn0&s`yl8s@{%LMtqvS4(0QQ%hXL+f+SrY%Bx-)hEwCBPHMYtGc&^{XT^zVCy
zzu8xCzgNiLJP}LA+BD-pTo(6!jd~ooe;fDzn$G<+eIgUSd#1E3>@4nHif*L6Rk{Uv
zg_efX+Pi|nyXG+QSAsY|`JiZ<#yHK(=|R&%0tYI<t3+S#^Z`_K|G@r#mWV_M%C3*K
z1*fE-K}{nteXUE@CTUXr+<W2%yORvS!qo@w*0L|K)%mw2h(gJl#MadsKHF$h=B^Q_
zCwHCa8Kv@W;LOX}P19;j@XR9VmUyBpF=@as9qj6Y=IXOjdROZfbq8a0#dkJbGsTTA
zYCQjfk|Bdozwx!VL(+lVfa+)I`bmOtx}ve60A-&6j_xmGS|%mNHKlxq!Me+gMmte+
zEZW*h-Cus_W#MuPFiCBNWiEel%9*%<nyPY5U=g1zb_^O#=-_Yz>-u;YWdfO3hKQfg
z+OJ03;M-w06o=OUS`+0px{cO}0prx*CQ=F`jJWR+BpX)jwC}qKx6*C=7E9qou*><H
z(zkfI)#&o0diz(u6g(GAZzDb!*8g5ie>6oRy>BfZVdyNh;?>p9RtaL2r<PX?kriU!
zpLFnslS$to-I8Y!6Tw}MQNVxSA(?W}O4EibuqF9>sBB3ExlV#kBa$0_?+BaO2LzPn
zO$mQBW=WGiimFW^c=T#~p|zOWdI&Z94=t(DG$^mp@Sxnh>grhnI{e<h-fZvEuE3Z`
z5~`uO)VBiiO@Mcf($+OOdiR;|+2Z5ITB37xr1G$|4z$Vbsdle&Lk;~5<Y#TEafXvE
z)c}PHJH()GAEzKJ5q-VW(k7-~t~_)RkOV3hQ%yfdA$6z7OinGyWh`#v9MHmmg>@Fo
zC9QnWl<rX~h@Fw`7bqZ>5~rf|9Fb?#ZQSBOr)Jw`-b|He9@1?%tI#T?Vvu0k=4Fzn
zo)S02<u|x?R87z>)z!)}GSL;i-6Qp4#M}TVJ6B&XboNQfvX=HvR>;iDAEW{N?>8Ni
zr$cn5E_KXbXe2my&D+KYX&u>-jcJE=Qo$%xI>u<4wByl9ZmLB|d3NzYZ}|Aepelw?
z7X{S3(umDHUa(;*Ab4DBu|84`Im2rEAKxc`vc2%$gg$z;;*Nnz*W(!sNx%7=v8F8U
zpN9sDWYC*Mh+AGIK=;01*Oi8~WmWc411lBn9X2)jTw^<ojKD|7q65DOr#vQ!Aq}RB
zNLX0x7M0nX6vICdLvlpc-=+Ah#(w;<$fLieYDUA(2OKg48_aaKZDeU#Myr*Glj{?%
z>y0N6?7J!-=9RNMcp=RWv~@e<tZT?K0n*?-cm5=ff2<nILM9;&lgD$roKFkwx5xm|
zu3B`j5x|(w4!-EzE%dx*c(QfKWZdiItfT~LrDlZj>%(DVnTYpMO6dJWPwyMxd|&$5
zj#eG=j5@N+#2I8#$$4yJiG}(r21)Jl!%cto3g~Bxn)djR$kn#Z{I$WN{;aXWOasyJ
zh#d%JR7r2Dc-d!Meiq}DlT)|GAP+rywhp7aJ?XrG;#E(NLp-pKr0svqb2PU!;_ULv
z1xNV44;)x3%Ce!Rn0IRQ^$-(pdmN7Nfd=jhDGJ@WdEc`tvI;25P|)trEhi116Jx;Q
zUbr<KMT#xLv}Mc9pm^t)`1DUBn8HKL)rgTH7jbiZ4Bj*#E7c#YSC$-vaJocsc0G5V
z8+^T|bCLz|;KEenJixt}f<vkqRo=RxsBBRIFJEjE<~YW6ou+0XPGh1D+_P1Aa>`BI
zd?ZX)rI9^`!Z>FrQ8#)y{Q23T4W3)CQ#UkJkNFhkvg(DrEUUO-{f2Swx&t&`P|K^$
zHH=U5;bUGC`Ch7xqJCgaXx0K_*|5gG$aJ;!fBjQ3MYR(d{=$eKCOyYjdET^m8V~ya
z9<nOW6{4u>w7?f!mq6(IIw1eCM>ek;!7@3+uy^BQOo!iEh3n-bNM~PmaEirdX~|9E
z=c`ipzZyTUx#~V)Q9wv@ZN@zy;7HsBJy>xrfjy+mmQ~B%+L_yH>bKfMD<b2{gG`ZQ
zy?z>%<ol&O{@PXlx{y(d@DBX!(dDu7YR%R5<|CwX)9&uvIlux%Mds^rCU!PILG<6~
z$FGqc^Bvd?J)=S#^U(<?*HSkwZ@D!rpYIR1`ft|hKShFAe5)p}@m`prh@2&x%XHgn
zFe-JS09){rT2U|TdLeQLxuFGB>&_tXsV!pdL=KX|^o_NV!?%9b&0;Hu`M$&_fopJg
zP$XUIT(VN@=|rXvgHeU@NOv0{lSv-~aVHCW%W{@-aptmw+}B(l(V>wL7zRd0zM5W&
z+`S0lL%)F;oDK85TyVK(gAM|6NE6g5o~KwWn6KfXGJ0h6C@D}K;icLQt!0lYxs-$-
zdFA8fW~(hrhn=}(6`E#{I%O>JU&XZWZrJl1Q!TfH*d;Z1MG*j)3#S}5yy#dWJ@T9E
ztbAhLuw+S`w*(I8op2H=^+T@8(BJ+vNLfzivb<46t8{@ZMNukV&|zAXKsPQiV!wza
z8&`Y|X){=Tf`j(x=iBqGz2AuZ&y8Y?5GMTGN7qXHJqthrZ<8v?)<Q`L_V46?5Skt6
z1AwYfp<AU_BKwy2WE>9lWGvwx%rKM&z_G|&;=Nf4;phgl11}?C?Rwl4G6#72J82(~
z5VMGR`PCRLG*}i+cxUIvx%uadu!hHO6$*J`OI&2{Giwcd$irrJThnr^AW@UI%)`Y2
z<mgl8#O6Epoj}JiYn~b!@~w7Nm{s3TSei_QMu-pLr=!0i&kXId=G{winl=VO`dd63
zygObMbctedKFN~iMC0J$=&0Q|d%dM3B8?=IWG@Cg>f6GgfqV8?Ka`0KVI(tvG}`el
z@kIsL&6u@75xiZk(xK~R>=0A;83(zB33&AFWv63VG>@j1Pof5!AJYx;6L%=XM(q$w
z#<$!W3Dlke!}>7a3aD$Ho4ol4im*Kl%S1d5q$i1#Mjfic%gb_F2#FovlNytbkIesQ
zXszKYQH(M)lUI-1L<KWT*T*m({v;@%Em~1_2A?2MbztUtj40HTMM{ReXDSK~Xy325
z6D;ePbcr&VdU1pIH))wch^TEx?=bLJI^ChDV4!o0nj5)_Ljbm4IIve&%^&VmmwZj?
z;9>JTKb{<YK3B;sB&`()jSvFqWUuKW>$a;F`!r~fuG9wE#;Usb`pE~^>H8vc9CK|0
z-Xdp%0>k6yc=!#n<kTRdrWoa*w$jk0&Kev>4ku>=K100m*EX8endsU^F-4$-)WF4t
zaR`i`#v?A+^Qnl9tVx;?+Uh)6waFJM8@shaU`+3L(M{AKn8r;NTDU9b&Zc#09|;{b
z@pjjpzSr5#pA($k2HsnQXLJDt2;mQJ^gwsmsgw~6J~r~q-<qk>20Xkmf!v~`5=BzF
zn#j}Gwa{U9JGwpraSs+r<c;gDB}n7a!h+lBYy|`187h*<o6ud1l15{I`!`qF_5mR<
zl*AR+VLTk5h{5{zXsI^s_(G=4k0_}}yxNE52lePxQmtKggN|Dml~VtC7roons%RHa
zdccP)jLPT+AM1H$JKxl({{I{MpC>lnxTO4)@#|!L5IphlT1IFgTa&whKf`j8NNzVf
z#)%eU<~()nKZwh34~y(SPeqqEJ3OD&Pw~_p8ZH!p<*4l#tbMY^eoRr~deS5f4EBa2
z(D3SIDf1%(U19nW|KN@!HRI1VJzQIx2O(C0CF$CaBkQW-Lf%PO9ZUy`-Q)pP>)cU7
zeIzX&QXjwnNF(F=i@oGGrS==~&+sCwSz|DIEU-Qvi1XSc=t8E`dEwYHZu2u(!p~qu
zPuD7m@`zMZNfqU00(IPS5@EOs5UgS}(~tr0n^`Y^5hx>>Pte_!_{?+?I~PHUUi^7(
zLnx{*qv?rLLD)2RLR6#a>r58E-1ffCL{g94N`T(;`LuE%ev8E|zsiC=zrCxMoudQt
zV=WHWFOxzc_f2Dk_vL_B<+Bf#{z_GVjH{DkIH~L518b?sA%bl}ST0N-HpA4BpcR=;
z(pAhElwwtPFILV>^uZRtv=D3DRS(4!dtlB2fl2NM#LICPTi6;VIc~+?jlNF<`m1bT
z%s@1XAK}(VUfO05(JD}`ilC94V5-bdKzL{u3S?Rzm#pc>@+|}~C#UO6w+L;oO^mQX
z*?{_a$9d<*>B86z#YOF|Uc?WECnt#4V^=Ygmw)~P<sZM$RiVJs=wv<F<bFoS(y%q0
z#EU7W*R0&)80%IC4HhB+JV<vGp4aIk={A@+qUXX?tH@Ry=MkOOm$XTn<8+a@T$uTk
z&>q+Iu{e`!1j;2E<Pk_z<P${f6P%BI%icRPq~8z^UYmw=;InCD#B$ywW5F+RNDxCU
z8%YB)mXu#t58^5DQSvQY>k&a24ozjODj-^M#@{phDWi$RNap)?h-+eiG@?0Pt|r&(
zLG$D5>N8ke`ok(yMbZpv6|?eeZQE&z@JWL1!-sEZ-qU%oVFlI|NU7uXy0@pN#B+YO
zCFh8Ha3|s|z(~49zPknYfjXj81dQwttAD0bCUmon_jBREPZX`UBLjePaD^q^eW{{G
zz#E~tqX&G!`@+~I9VZ$b!8`mten3j*W_#EjIEwrmQy{%YN!%x&RWe~m&E6Nmo0Ks@
z;1^q$(Tg!L0`miK+grqwu*^rggo8otOH4?ZDDW0=`2z3lVUX|n>7C|>r?k~xNub6l
z`VkOOCO|f{mNH0XBNm17G(B^=T}zLe@?k19G+4@rJn&XJTlY891A=hEXA{7rRZ!45
zFpI4*S=t9B$w4(IX-PrVuc)VvAcciH1X4Th`Zf5i`m7yV7fj;$9-qp+_U81Z%@Ypz
z7bn261azgXvDbG>F%4%>u)?zMUxee^PZ1*llzOR(4}pB2w>w&fse_w#H(1A@SuW<6
zk_vSMi}EZ0+75)<30hbg3w0K~r_QL5JV1v}*`KD}4JWZ-_|Z`K$gZjQE&+N+jjV%%
zm3`3u;?Z@sM<O3}9X9?y7t_cm?t&upYWV{&@4+@B)xe%++nnwNwJmqAmnjXBgAY^e
zaMvQGpLmjn+;S<%i5cVBYHYn|irq$OwD>eb4Tb`gI_JY?qz2LKzA(O$qX&2)B;_1e
z#)7)Lw%j_qC-ti+{>)NzA!q2Cr_V5PNu;_RX3|Kpid6gphX=i^tr}(5%yxH7#<`+B
zP5EO-u9u7B{CXDm6RxY+04$vGd=nmOq0|K-)B?*uD%^t4Y`g?6Q{Os&{dK!9f-R5U
z4w=J@(JaY*qo(C1)d2bE0v=64n&5gix*y?vxMqK44oS*do|t63$M=n5jAuWO<sXq7
z6#GoKbFPqkIaVaQ-h`zAE2@UWb{LHhv6vElww?F59LVD~(#oZNaknMD^Bta@It~3+
z;Bf^yR1FDxEFmP@FVT$)#Q2nF9VRAIbin3_2<$ziXuDMll0<4@(kXfZ<MNQQ>BXaD
zVe+A=xgqI*Vxz_HJ?jiYXF9`gpS#|sR8wXsOD-s1CO$oE%@dtrlmHOCG*K3j`hdMI
zKnH}yr!%*Z=Am)nJ-B3Wj&59OfAq(lfPSdRP_hP&Zq7t`&G@P>FpEokreI+5S5|yR
zu9C}+y!6de&?~pTcUA#1|BmP9bOpC@HT=~w8N_F4hu?i`6)kWt?X~5d5$}q>Y!F9W
z`yN&E>NM80yj`w~{RVb$TY0Q2J=2BNl+_4DNcO4=`b0;^awUQ)H?}=l|H^1-w{eao
z0eHqqvVW5T)#$|dJVpHnNtpdE0&(eVR@GY31n6S7B9dKVjAqAb3aIIL;ZUl~OK7Q4
zmU>2Mi=an~yDkD_kJo5r3Io8^Bqv+Uc4AFN8@EfHC4N@q{{Ecwm?$VR;Cm7y8oX8%
zG~HW=D=3_s^~w@y0XDZpS6a^^%vKuSI1;iX^H~1Nd@jhtIvZO*uM?PSmI4y!V^p1-
z>eU`|_H^lM9gpl5oq;Xqqk#n?Db~QDQq-!vx`IAYb<Ri_oYWbN(<}H5qsMl<b(dYu
z!B)MPi=vPJ3Y-3z)mE*m*^Hm(NbSX$WYlA$I;~ZqQivR-r)gfiTG3#p6#0{-j|S(5
zOctFBrYkp-F@b|-s-fmV#r^`98?UB1nMVeEme4mcpWU`3etqiR%R_Bqx{jAIJ;e?b
z$uV5L1%CeViIaDA?GeP{iZL<u#u=ONH~%;37Zzw3X^+%Q%3g+bg%DXsyuj~~=m1Q7
z=01-o-BixZUcURj^<bb%SCjFVB~H3p4b>LLisz)+)KF1MAQB0OF&9XMO!_KTUKko;
z`bvv;80rZZe4e0cK9`M{DogIenJAkz7kgHoab)J;$Tw@!^`^Pyc&N+kmP9b*rd{1?
zy5|87JfnV%R0E@lORK_fIsSyPMp@?q$5A?l;i{%cQ%KGfbO?x$kbN8Z>3VsmG|uT`
z{g7>_7D07RaNRe@Siw49+gEPG6=5*;<HFvwBS?4PAfd61s4ul)H7|jHRBnq7<a@t-
z{s9_OK4`Z|3IuW%=D!n-wEFdP9!t;_{><U9C%dLxw*b_Ah49aM-U%9YEj<f77fiO0
z$`**BtZ3qxh)WGhP+JEmy(=sWoLT$y>3|)KND;V=D3_%D&s(_l%+{v6{JbzwDeFAS
z*rwqN#-wRNFf{t$r?#XvZOAB8o=hY`)|JuRA9QS`)+WX01YT;v9uLm|L&kZ#XV%0N
zU$)PKbv1j<l6|8cR1d~8$Nu(Nes|wWOswz8J1clr{Y`PUMherY5`uVxa;V{lN>(vp
zsyT931i2HcpOtL-l$<ZqxYkv}kpp`@wci)KBO)-`+7bur6q@w666gEAJ>|I%bgGRz
z0dbQcBE92Hfm_3`=`)!LkK_9(v!vF*b<rlYEySk<%>a&PYZzQqh}NT1wD=(^E&ct!
zucKT8*+%41?%Z}kQP-s@{k%L>^D;lT!iTYc0z)@EV?!V2l5$UlCcjs6Ul9Lc6x=(B
zz%5>Zv!TQMKp3W&q5y*|G~A~1bp~1E9pnkB2I%h6q=jXJg>-wEMI~lkh95XjcWC?o
zd+!M{G)WpV^oCoPK1F0!cP-kTFwE)G9z=l(`y9U*y7vxxDJ@}|-eQg`ZrajfHv=Nu
zcC$&vSfi4M=vW7Zmt37`u(NC=H54#G^t21n95<(iEgd@qU;7}sn;Jj)Is_Ds)T<{j
z%A-!shP=%l=G$#ER6vBq-iZCqu*}$Aha$Vx4j=4yL4^Hp6LTS&*jbS<St%Gohv%L*
z2hQK+W+ZDg*omG-%s(6GEY(-^*S6`#IJ6CozB@hz?%&T5enJ5p5-`GTxI0S*4vX(I
zUO-2}R^9h)23vf=BheT0CttWCcUXqfE(}uh@b`R=Zk~es8a|<L`kmI&flig_8@@5y
zLn?Me%gY+brPhEZ=t~gGsV`!yME$7&WvNsVYTFUm%h|2e5?tdqiLxXCeJ5~y?X7M7
zESMt*9FOr>5wvpKZO&A#f#`dT46ea!5Lv-3+h}#n=*x-VrcMKsrAI<c<6rySO!ozD
z$_8%I=A0qOEprp{_+ZK%WwxN;ZO?pTlids3gxNRwBN7`z#Xg+LJniJzPF%h<1|EeO
znj|DAYfz<Tj}LC1A9Pe=-Tj05%E<7%@^~?}bl-_!nTg#nN@hr?!--{&Bi7v!^;4=m
zptc9TMm>s(p=@<8aGU@5g7IPg2#G|o&1Pe~)L)?OY?C=vM3XC|C>{76G96-?7;k1n
z4G)E$SKsI~GzeRcyab2<vnOmyNUV3fCX-|s8?CmOBzWegwMS|>{!~ic*!B-z3R!9e
z)UE>r1Z+X<uJTa1d-t<^HHkj~c$LnU1Xl9EF;|Yn$>6n{A3?+#EH!c#uZSz(GSEwA
zS93VsEmik5M)^l>%l@13KF12h*XfzGF;ZC;;Tu()V7e0<_J(ff;?Jmp2f5~RHnplq
zm4ynEBwJZILe9Bd_34O@yy7bQ$X=`W7b3t{M)gRn>=mP;jk@vKI#xlVmk^1MtRQ@r
zgsb1imve6Le-s*&2BLCtj=VLB7L7ZMyF#{kXd@xYra04{V}~hEu55{n%RQ?PE;Mkw
zZYcpMvkisA;}(r?1TweR0!p9J)CUamP(#4^-^=*~UyWi!zAlE4rOHN()HnJgv|L>0
z(4zNTd8VKPKd|3nzi)<$+$uUajCAx;W7WOmw$bfveRPGDS^!B2czI{+9erv!SUnz;
z%|$3{&f~e#sGP@;{^|RE0xlHSZ(tCzeml{EIydAR{$)sy${S2-;@(+M$YQLCjgYe&
zsFBgxS}cj+m%&8xW$I)y>FOI@$d(F){ep+byMW6ZXn2=DZIo5{dcskc52#H7WadJt
z*aj!7Heo=DBrHPp8E0{h3i;2M>3BE1^Ey+z^P5aQgTX-Qg;9FWrR{^5vO04ENaR6-
zEMuPhPKkgbF4WHp0@Z8M7PIkBv!CZ>C8|sD4Z#lM>XLivDYlhEi1f<U(w^0Q-Gz-t
z+N|(gUXbGAfa-Ij5W&^--;z%l7cY|&L@GCGcmRx3EQn`&KmD>3YP%T+?m*6T7@6KV
z14O08N5_k)UZSd_xu_V=%ZPGB0_f<jztOxNr^s=fT&u+Va1|Xi<aKd2e~}zA;2n6v
z(?9NwRev?dMl6g4DS^$VX<bFE>g;4reO{{~b*OBUN*-KH-W7h+*Wi`&bCFu?^IHH_
z2Id0;+h$A5U=`Ej+9W6d(CkV(W2SDDNM3*YInze4ij~c0DL5DXZGLj>WAFVQG#D8#
z9H-3%C-n$~E+vv#L5J0$RkQ6A@5|P1I6nbP8t{{Be+DyBMEJ?QZR_@-3wTFPFJ_o_
z4!3Am$kDIQ94=VYs!RV-gbH)a6H%<POoj-zwKIH!{k{@Wt;Mk{ubsoP_Gq1Xm`$jE
z;sq4HZYV}Bw$C5KDmMH{M>5=K2y@F98pW!gNpslQM^rnIM3)cREz0Ly%SlQeiEYiC
z9O0-2XToy0R1cn(V+fZed*yP(d6PFJT5e%`LNi(2)K^U(a(?5^uMXo{O>4))aOB4q
zYz<p!54)3`2J^xfHL8*LVoeF(E`IEnwZi;&Y($&40s<y3!6&HBCjA9b{S0``rAh6E
z?E)gTIs?AIQ5s&mZ%vse)rN{J^#UxfddnSL(4r^0%JcVl5}*_ZgCZ9atP(k&7*+1j
zcm=a!AV;Q%h7|#Ly~fQz(vl}EhFEz>aBrIQV*hVPv--18*Gzl~Wz;NhHXmO>p*i3R
zf`<w41TLrUOiZjM?ATxGrZjw7@bOl1+G7H|h!l<wSK_&WEJ1aXXVfdQ!40Ih!XY}U
z!3P14ef2I>ImHPoAG7U<b)Sm06X&$}2uUCd4Tot{J);9EY@ajC(?rf9Oz~kSQXRl;
zt-*D%MA>v6v^B6;Q(VHuyB8l-s%OUvXEZRgp5IdH&b+u2Z?&N=Ouk#f#@+X{;tsT<
z%(LGHZ3tLO7J2clUpaCn(7;IaWsxDJU{lNFbA?3ZT~XxQE7-jd-X?OF1m&2S-ROgF
z0$WK|H8{dBkyAARo>T?ZgyxC&R#BvG+-L@GH|_TViI67Z44O{WeE5h0T|7#6-o*^O
z)zEKA$BDumqRWfN5BBPIym?1#i0R+r2yu*?y>vQgf4dIFfH)}v>rU>XyZeCUbB<7(
zOa+^T$>o<H9Z%`%RuXt!fF>dDu%YP+2&s%(ftVhDe$_zFun$;&?G4j7g`i&Afpbyv
zVvA9fyo;Z{4*F?4*`lr*<s@>;VT&?|-%55FbUh>cNIBg21w$4eb)M=nq;-<(BOkj6
zkS1n|-;O&UfT4Ctod6KP-yJIxSPEk*my@q+QR>oWOA!+JtT=<U;HAxDfn+0fdDcF^
zmv}Ux(SFd9WN_t=Koca_Evu@E{llYi{lPVkIy2j<-DAO%n)MWgaP^1Qi#Mr38WYE)
zj}=Rr=G5L-pr01Qf*<qRDExp*dOEYvhybH6RR+kN9~w+iWo!v_DpkGm`q%L+#s(|M
zL>xolyS>bH7@8ulSLdJ#CgD&E9x-!v^wkJ05knC&o1aXe{dlgba-1wttP!fhTjA$j
zlGFR#kjS-Rv`X$CzU~s-RuvH2tvs)_Vmatbc4NpTw3_%gVAsrS=sAyYeo~;Wu+eBQ
z^7Sg=EQ?;-X8YD_eOj1(-Dm5;(8=|US{XOfrj{Ur#a)3D0g?`=1o7PYRvnPP{gGKb
z(i@cZq!KlAt1sxzMJ%QV1k$A{b)s9~WvujA9O99W#f0!VRtq$gmPh!uYp~T=g|J(9
zkIVe~9#8!1K)^xe?p181&gP!)Mp^Q#%q*p=q;!UbKstr!Q3o`JcFmB;XhU=^Ek%=!
z$P^vgw^x==0YSym(8BXTty3gPq1nI$ip+Bj<Bx=0MVrfnfnVq;;STbfn6%8i43YI~
z6op&VV`rYCLJJoFdAOp4kFFRoTm@{wgt3r$1W-g_na3(Z2|Bwh8l`1UP3)G4Tz*U*
zRTt6}-!m&oxn3woon*guHJiJ`bOdntgHY|KN_y<@cmE`TrEC)?fwI9tGPMSohhiSi
zhu*2eJzi({5+iXEkjk7pjoUBK>`__3fc#N6-is{goSBCP7WEQoSo{;QGFq$<hj1!A
zs&O72?`LKr863D^#9aS|O0LC(e9|LWPL=-4m&5(t1q;{K@%6Klw1R>bT&FAIcn}gt
z>!P*%cx+Ybxom0Yy&1`XW`!wVJb7_y(Rnlz>uIQVLXHCS3ljbx$KMQvM86a-mGqs<
zM?-p*dSO(XMFHDRZwhL<L5NnF!wWa8(oxI65PV$)D&%XVK0z&?)G|0&9>|@3XYO4@
zU6hk#XHt2~+I#dJ#DmehHvnls0rW2U%x{WIG&LP2^PBr~0g)QEWt>Pl-IlI@>p_J1
zWbI6_^Th}KRlq(6H_+z6U&i#r2E=KXa-^qwE)qO*Vtj%43=;J^Fks48qDq}+aiIZ3
z^!s;pyO8ng)vj~^ifd1aF5kB>H}Z4rIK&IvEn^=NawiDR>&zU6)Cg5pVN_E2vmv7<
z%ukGPS~xYx;r@`cA+=yxSohvpu&ekfh_Zx2r%2jLHR7Ct<6BC7`claPxyS}3TIy^{
z5TRQ*!jjc{E$7>`#QFH#FOL4rWx}e4M7)@b4%@-i<gQ2+iB{TQU=W?sJq~bH2b90!
z0DZBQZZKpsm2MnIq{Eweo9fk&oXhYwRmW9GnqC@(I5XHeOLHcMF!azBw|t*p=FVXP
z8GZ}Yrl}OlUv!R@zZyawfmx`c>3PuA^@_aMt|mmDD36$__r+DW@@RIPyDM`-Z)#`x
za^p0&!|R|9O}Pe3o%m{BZF`&W?7KOI{t%B>Eauj!qu@q${o?(+Ry(Y|OuZl3ykZ=D
zQI5AzLZ=AAj^8<%3ouaFS2oE7%YBt-$tk(0k6zKahOGn>+1%Lll)K8~jRjVCsg5fk
zrJ*V@Q0)g#LfDB?&EZkdkPT!`p@`}e2s=d*xbvVSF<0*Jqc;Xa{ZY%O^C}E@UlStT
z^U~R1i1unJbm6@=ndUn?zBOYmL8l<(Y-h$49!IK0Kxb9?r0?58($X*e<+aF@>ypJ}
z-=UX#6V(=m<C^)0VdiGc0gmm6vY>@qxdqko35Q>ZSS*P$Yn^$6Cum->wP17_Is@vr
zYYnbTSV3WY!lbMzidmRNgB|&I;Vc49gQbu&{ap7Jl7;b@x)V63;~ukg%3s#9JrR3A
z`-9JV?^*(8o`ObSDW-G0=HMV}awDLI+hcj4zq<g3ivgI|ajn$O>0@IkG_m&%BvFRG
zq<_!flLwCWK(Q%`J)HWSFiN6>-Z`->r2x#{dLsi;GD%$CzBH|orK9d8N4k|7n0@_c
zyPaUA4#%3UiavzxH2A=RzM3(Z9Y@ZRLpV>qQ$lH63%9F)_JT6za6^5wjt_x3Kpp$N
zsJW2}`ms+Qn9bBap8`<oVWU<fYKmjdF|&g~#xCk~h{dYL`-wYNS?F|%w4dz>rc>Q-
z0V5CY_}aubx5HMTMxaIrni8(yZ0aF`Ewg`M+K8YOYj=IZBo<cn0^u{QRj2EmX%iaZ
z4ul<V-9xyLt0?kpye^M?=wK@8(b?zHY5#6pX3KD+!3KW?x##PsuZ{@yFmk~)jqp^v
zgMsw%Z@BB(Jv_PE-h-9!OeF7OQ3T5y(ZuJ;;{NGx-iJqB_SThW8{2{U;XRZ?I-*vw
zQ(NZ_c9#4Li|diOLIq_L_hd(5dYDC*SY5iBd88KaB*%nwS$$5%Aq}o74?OHJ2WpG6
z9Tz2;l*QY+Hr!N3$>Xii*2UyHSQiZR5B^}VhIZM#+`S<U2sngTnfkg42Uy=-7#|P%
zYf%&P>}*~MU3IMDf|-l=nkE~3UQbi3VStZifE2Xx+A|KCtyD;wWm};llkOxLm57Og
zVdV#woCPh(y$*OWHQG~_-LPaHAHQLb56EkK^z>`=KvI|k1u*PqbNT2VFUWSMXnsqz
zwKzym<M9sG^7cOgLaCH!>)PW3jeY{cg`@v2gDt<=L5Rj?*a`iqbgkKd{W#&IveMJl
zVia%u1rEo&?lw1Xr3<OvXqVP!8KKXvyo^SCvUcF4`yi#_AsX{LUj2genQi+=O@+g!
z9-*OSvg8bBE{t&s?-32p;hU@Src~tQ`!yORX1YRH#A&2A;v8!;&?h%=%veC-!m8J6
z>rCg^Sk}E?W}xZkSceOADM?{DSxuXT^3j<Xer7S8kS;l6<{!3K^W>H`TCu2xXE~cU
zIu$5<A3hlxYSUcI<**QH3U{T&QJe8<OT9X2H}}dZ6(L;C=T-q(7QW#p%#`?WcPt$v
z{mh0uHaZlrWNYIO`=SnQ>+R94K+K(rGX&yf@CM4!Z``cN;_hSh+h+5y6#iXMbeaJW
z;AYtOi7><`@L3#Y!n%{{1VppgowS!!o)RTr<&y5eNc|%goD}NDhDgCi?`V-FNcRw9
zJ%q9Yc1+x|Qp{R?9Dy;-?h1hCzqYfU6-CvAMjRKs_E_D5Uf6T?vnSiv22q#~HVx)4
zPIf4r01c&Q4Z%p<5t*>(#$uYYL!<N!AeY@B@Pk7{eFmd1ho}utN^D=eP=9w}`&!|H
z{_NnS*@=Mi&RL2c3>jFrvoU$lo0G>y_<*YuwWV!A+?MQIG?JLdlx3d}=dt2*%A>*S
ztSNwJ14XbUWHf)o5L*s@^|X5sJde1bfp#Z(nX8`u!6|1WJ&qwQU-2c@PV6lyYcNY@
zKrmH39R9P#LVlnOLrUAes8D*yN57G~8^lr;P$Tb--VgQQBGt0S4}4+PMwFXY9k!Ia
z8xInvE3!_;GS}C!_;JTnx%^WDK6sLHKX5w~*;yMCeY|uE-0FzX&FGo&(RtBgr}LQ_
z!roSMnNOw1;^q~zG@#7HWzfBTyfoKIYO$G7i1LZS<@T3}4SPtsz11Eu=EW0UlnT@J
z3axKd0SlJ?^7G#keonw%`YVi)JcMv3;TIw(d)c5-UBR=iVP7(hIg4!Upt}Gi4It}E
zl(l{aGLtEi7MwX>qx}q0ze3(#@N>I@{Bni~of1o3q1HrvYK`nVf5hWk9sy#Q@%w>g
zej7VMI8i@6$>N+I?L7M7mj09fiqlx_Gmuz`Hy$^OzY@n!cP-8pgUts=SO@KJ6HMQ&
z>1N1%EFNn}bg$bDTyNbrmGpa8<_jD13mnxYU)c1xsEJD2=*MQ_4kPUMBYI*rqQ0N&
znR%{$EewW1eP9JeCsx5U<R%Ax9E-Ub6(%v1M2f+Ccl*m0MqUUt=X7JROoIcweYUer
zn#x;7c9a#Y?Sc=$E3W}vZ~L|=q~+$p_@vk`5lHG}VR3Beo(58PSbLclBYvf3rV8--
zgSVdoT!whCh&?5I%2Gu&6p1B2!wWk#4yLGeZFP773bh>6UVGnda-_P`=E1>%fI!5;
zR5!;ZBQw}Nl=mCn$bK{ff!uX&Nc5Z719O4MYbpZA22T`AN%iIgL8zT~I+MW)?@N>U
zvb9M{max+Q@|ZqB>VLHS@S<3zGxolSz5ot&r@DB?9uNRBXV}nHEyxzo%OrRMlbXgo
z`%ulSag_yzv?OBj(aUkz->^py5r-4A>v>BPslMH>d>(K(>OTAokufzaIZ{aQ2wd-|
zB@q};Oj%V-Uz>N|Ln_P+y(HOrxJ9k?F*hGkw12*R-KJW%p)1@L_G{ImdFUrw_EwQU
zZh)|<&1S_a*_aLpr!~s62=ySP8Q+^uVvD5evK)N(D)~Gp=nC+RT9hz*$-JWzmF*mV
z<_tnffG^Rx@FsySfG__PNOwgSje>(VxH~{qkqv*AL@sYR`5ag%7ybWG_f4_F0MB>#
zyS8oHw$1O_wr$(CZQHhO+qV1tntz%$P5RP@ru(*YvdKQ2ot^CLoT1D^tK35fJIjW=
z8uNTp0}k{oBC9>sHhYETUhqYyQy%);eVGgD`1muD>0V0gfeE#M%qj`Bkd4#a%0q=d
zsMV<8Ig#$10*ULQf3<<iQJHdBg|VcL%*^pcSxaBxn_Ixa*S{~v6*$tLh4iaZ2<^sQ
zDrvZD#=^gt|L`aL^6}T`lc!G%em5DpoLxnW;+Se5sXP+n*{`Fj_(iEo3thDC(i|X`
z44O$g7JuN&g4YnH9UIMsA^|&e&%A4;f8*#7+ncseK0iJOep8wSNAim#9<GSRps?;Z
zBOo_OX5(|j23xn`;jS}a$o4rvzI;&fEPT0F+O<m9_INa6y@a?vTN+!)Jv1W6dffzk
zRf#>KfAHID_SRiL-(tLfehTXz?@PbNtq4&t)o^>?Hb(}G>_L3R+^_~|bK!<DU+UKz
zEpn9R==mHecSuSDS~!G#LpL0r2C{fXeXYpRdy!}N^NHvy#)zel6PNEbALR`JyVa9y
zHr|GYM!4e8z02_n{aC5doHQ>(uS(yc>P+)OBO1Rgr7nLx2hvSyGuK&rNp-u9+~k%L
zCe5vx%nAJMwqN}mR*nYEdtcs30w63=ogv%W!w&iFCT3F)kUt+jM*TKGz*<_Vk%QQ?
zS>Ihx2CzUZnH%mDyw^za6{j!-Gj$ufK0gu>TJX1bdjKnUt~{+*g5{K@XBjPoTVYFo
z$)m1EBIGooeuF0&E`pA%Sc|1|Twq~^B;()dSXZ_sYmxR4WuP~)G1`c5Q>s!U%Q^!c
zD$ZRa@!##qiV{_*pY$|+?lN^CY%bnTSm|X0g8pD63%agjGjxrG)i(ZsppU9o<n5SP
z^k>?3Idt}hYRSq|p>8E9YDxssx#ohqs0B}z%XAJ>kkEgccXeGb6NYq1Tn{5fPIes4
z%mu^0rBt?TFU&NdG+oDXN>B?aL#o9GN>2S#^IWDI$EhU82*%&u!k<SEjI8_-GT8IB
zD!SDGX%V?n?~NOQ5r~XdCdId67t0QL;wPyOZ`Q<9e~w0hyP#~G4E<d0Opw?){Zl43
zZTD5)<LmHc0pTbXx<|*Pmc$Rzmi!G7GX=Zyk*Dm~199(rs1YVxPNoA?7&@o_-KjP+
za|%f_WTgRY-)_12acgW%G*)-hM!JQbq8^_7p<G%r)}fgPZh~|d475jijSidCNRIuY
z6&oTNtd;>CQExTSPW58%vhU>wS?R<6KoA7}8({sjMT8{Jl}8Yrvn^>6<hU^P3m2xS
zAbeOXFHJM$k(vAoHa7)?QqTO`uJO@|<Q87@`a67MWpATWjOYjOXVVIM&`WdePxv0P
z{>En1nwosij8aEC_}Yf9F~^vS7%<-<oO!*UgjZi(i8F2PLAlu3Lr4wSTANGNFnSIc
z7D%?DkmMqgK;I@}s!)Mm+`eoC)-Z>!q^KhF2Tvz;A%rJc=0jm;$uIUpApplO^k7MM
zjMK39F2Lhoiog$PygYhRPD;mkZ%x9zUlw0h(Ru{rgKyf@F{9M^J)BsLY)!<@Y8}@W
zG?=pb^j{s6DA1O~u!-btZ8{~Z*^Ed)`l0a`?4FgcxK;Ww@mQrQazlFW<<H6ePhdp7
zS%(eEHF9l<(Z+U*XbS9~_x5h3=!dm<h5m$#sTRdw2|9SnfQg>sni0YUkYr5jWYCcu
zs|;o}rnqQ9znCTkOoPD_K&HCxK#D=1XnZ|P15G@x@O`@nN4c}_f)84<QLFT142vi8
z9m<hWc!CJ5%O&rH8JpjbGp}3(=8eMJVXn!rtD#MUrW2RKJKlx|a7|v9;NJL@4G_e0
z5KbB&;4E+J0MM0Er%+9YJ>=PWIq=(OZZw5Q{vPhzmUS`%c{||q&>%pJXsOn#cZop7
zV7k$ei4eDH;S|fEgS&v9uKIZZKwH#Wx|-BDLwGNVSEMCiggw&ZF%bDc&NAj6+Br`|
z7t`q4=&(;@Ro0hKy)mY!5+djt30UH(?7Z>xtL<R&Nf;MmvdxeL8n7HLUsNC*zao~<
zhjw{1YeBqW>#^F%)#2n2Ap1g`f`lh}peh_X;-M9IYGtnomp<pGOfNz91vL<dQ_gWY
zJrUQ<W)rtl?BSfY64#9yQT>7+M?Z0miYwJ}uI3K9QGLthdmO*dVcEj%g{k6?qcEXH
zw(RCne->4HL#>}tNIab2BRn%cWM%_jj6zPd>f=U6i)_Tw+;|QKnY1QA*1@N(fcM2b
zVs^~2uJoIt55*v~=@&Z_<{rEK(}<g3uV%(NSPlY5cHS2KSugPE5C86&W)F3oQxA{{
zbX2Ufp&9<hlaFE5@LpNvC_oN%R7NT~Ve&E0VXME$s50T~zx#%ph%a*3BQJXjI8$rg
zjuaArl%5s3DsBvXw~gegF6z{)#xN&Q^^8_ND)KEFDcQBrP!eud8ZzTSF7}~rsKMaE
zC3sj%DyY^P_`h<X5e~YF*GmqMSX%q}8hb*3->qvNI5bfEmP;z&syDjw2zAu$ZdxaZ
z0{0gyGn%*QuUc*VRi|0~aQFtJ49%h>D;^u0EA>Me&As%8>W+UvTpPbygQWJfDP2+Q
zqBWlLv1;v#XuslbC}X14X}-GTBa*03npHAKWL~S92f<s&rdIhH5MQvejqEOoBjJA>
zWWCx{89l9xeV3^96B8W5zGPeN7Z<3hETNXVT06cwE~gmwC7IQmD0^s|bxI!~o8tC}
zu+b|s&?uYJ8<#eJ5H&fch`tAiY7<g7eX$v>yl?~OG>REdQ%CogFD9<g(;asBvRWJR
zvn4!T-aN52-#l|hFe&{Pv}=V9$L#eD=w)%VUK06rew0_1HqG<sBYmfbC60$?K|L#R
zyoZH&uw1yPjMF!1DB&<kHdY#F7)v7}&?cbWGEK&d<);3A;u($M9OLF#mmH(vt5vq&
z2)cxLEFz_$I;ZSwU1bI%Y4~Gv^q;S=+4$W*L@PYKdw^>`f@u`V1cIV8=>o#7%>1mq
z<UaHciQ6Q1Qjn(&lf?U9xDRbmuz+tkNXZMcKwmu!<$z2-sqiV|?an()WXU&t3y~Bq
zs@8^_kpYmiUla_ccm`0|qIGMEo!FiJ1~zJPAN!8#w2hy6T`Qt2YS8gA$_cH?DoP26
z0RvELwD$ObGc)!m-?pneCdo8uLJS4l(?DOT#EtcTkJT=D4Vty$&1dwd=%KwS`^{I*
zSNf<YGsbn_6Igx4FTePkO$|~mG*C~=wRMSJg-1h6t}(Zi(YjDj_{D201RM=2deTfR
z%s*H0ZTubgG-#2nbWaGd9?vQQPl;3Lx}bzS*Bnp53Z3@`Rl<f_JtM5UeJd@LXu%4|
zaHg5<?xirI3+wHO*PfN=zT4`HKn+V-;`rV%!UE#vG}Ee7$}`P@Loy(xxQsmoT(lVg
z#2trJEt*I7n}zf4K0x4-j6ykgbrIQ-P2vdLd*iFMS1Kxq>;Nf>mnTZ_#7)sWU07sY
zjgYl1-W=xn1*^>AaEIXUN@)sDB|6zh!^)S-OUN%yOt~lrydZgKtaTiCvVnQ8ycB!0
z8m*5-tsjN{JPbY3?fPS_=J^A1YTCU;YfG=W^HA$T5x)9eQahPbVO5r&=0wNVW#NoK
z>Hy`-8ks`0t1i4+94UyP0<_$io5Wni=F`?1&*<(*fIpZsY&~BH`#f^mrK(OBjHW-A
zTUOajI59()RYtmyHY8bSouBwawk2Z`lY{d$*aiRquLN+%3~e7UI?ZqS?ncBWw@LCH
z7K(NFqGe)Y?n9iCGIh8=G6eq!Qm^B^6i%NP<p{~q9BMHu!I=}e<OG1i<)DmHVg19l
z4=MK$pc|WjGG+HKCITSmNQ3qr&xt@|P%;1UiQu{|ZNj4{BmQ&uACUbZt%UU#gVN8q
zI6gh|*YBU{Pv5v-RclacR!H?M|89?a`QY#3tb-?gp;k{@qt21w!7q>pm+p!5dRGlP
z<`p8!NUkP@Yxv4ao?wI7+=_*WGBiHaBwqKj67cIfL1Uq$5=CgMCr5#=(?uDh{tIY5
zp0$x|zUr2Dh_Gpk4je;aTzb>R;563r6PH?_8TvjT(s*pNAI7K=^J9;0AqC(Q;LtlW
zMub6<AtG+v{;7?k4D0p6pbi)f!C=-xGQ7sXJVYD1X)pb+FbvqID|V0PyZg6bYA%{f
zv+griK-JfmRrzC#Xz_b4KRm7PH=kGagt6N!Fy<>T1|VGiUUWxoy<mKvU$k0@-2BD$
zN}MAK<#BCwLm<SK6^_e>kEScSwPpVhEgJSoPAAF7Xi_WbL{=`qB$|!B)Yu-L$~!g?
z?9;t5y3;`|U6V79pY5pg<GaUNi}*CuywjSy5Wr!l&GTF44_}eE5jRX_2||&)@#1Cb
zLAF&lsXGCR$A{~*rY_{j@-|bLTHX1W$*pd$p^di(FCtM^Rug41MCBn{iCZGwN6k2w
z5*${=UO}uvbgQuXxJp`H=0n1<%Ds#eW6hG)Ari{HEfc$|cHIH%(LjC*(}mfE31FIB
zkO3Z6{M<Q3?2N=DB|L+TB|Zzu?-%tq%9R@~q)ak@m=ydY9Oya?u!J@4-#T=zcqpKW
zY~U5<bg06htrsZ);IdgU8+Kg!-*(lvA(o4d`|z6UGX}}l<Y$=VIiY`K0nS#u*MMyJ
z9qbcq<{KYfXd}4E;9%SCKrpvylapshNH$y#3Z|Q>v<*eiPD@me<-v@R!k<%NS<c$M
ztiuaxOMd(vB?h215IQq}N(SL>gTkWy8=DQr>hg3d$T@YA@j27avVw$b8SGaRfH)fr
z`qUW;b`f;PntTSd;ZRUbUKt2a3TjJvLlk@7H1<L-vb8ghShpDc?BE>=0msy#$dMrS
zqaYh<igM$6#jFn3mK`FhkFRO|-Op64HNoRR)zI?@+1GH3QQvRrnE47xj{v$W(D2h$
z5wjx9&4G?{GlJUBS8gIolpS+5Koo4@csYp8?lLY1Hi<h*Vic}=_=iBpkTqs3MAk>h
zWT9Y{%=%K-#jt+y-0lNw0k#djx~2Dqr2yJW?=BwKAobO0aNNmWZHt+pFwL{&-Fx8D
zt|rq8a;3{&0xMcqj<qr(pZ@tXfbArv-1vbI6AxF`t<!p;iWmAt-_$ivE!<`Lo_-S~
z>6LR=&t3*SUHVyNri?Jr&Vo}ZOKql8j7mT9X`#O|^EPf5+9u+jX+xE!bNk&I)+{z^
z^19$`t0(VgjjMl;;;rU-1Y6|lCDDRk^4|Pxjg68IAJLOK00lS!OlByx;Zd6vRP0&4
z<O3<7u;UXQdYX{7`bSs?v2u=T_k##WK)@t^+4@WXCQZ!mxiCcUj}3Kwe3?B&tVn@4
z);8jH?Defz-N9&hKngi_i4}??UIBDiIsHJ6ggm8^$;1h%Xd$ZpD&ilIF=4&2?ibRu
zg=!e@A-k8#+^Kk6JXzKZ`v7Oz6{a;c_HwKat(dCN@IWI@&j;U&in9>*(6Cc8x2C7J
z4JFkht#e)dN4J;=7)V?;@vm;}Sw^nmHLmIg$qG+-DRM1`MGx)NnF$wZDVK#E-Y4zB
zP?Hw6H&tLqnx&^sa6SMT@<Bl4g_baJd#iF-(1$G2da4peIDaq@m*UCRGsdGOGWr9W
zxf#`xuyIBcq)`o?*;~_sjeyxhEgxW~L3lGn|75<Jm))9-;!wNS_l%Z`eTXJs7ReUX
zI%~0>I=sdS^N#J$;N=x2%JtE1k+KK)tuJ+j*`wsk<YP^>v)kYlwb;%VZd*IZ=x15y
z5{8T{P~rGU^2RAAp=wWyWjuj`E>|$fZ@ox8O!U&+odGl?)x*XwP^!}Jmw-V{9%v)e
zBEu1YGA=|E8;r{s&9bpH=qK1F7{@%*^rmjIiR(~6+Jk=6uFCyqrRylt9H~ii<{|5}
zySJb~Q*j&JX1!RMe0{9I&=&WH49z;?Cwz-x4*oM;r?+{IGdex*C{ECW*O>QQk8HVE
zAgSF+$rTokU&mww_JsD-Gre`DnMbf)VFA?*$RwB%l~bhG5FkcfhAhqiyJtyMgwpi&
zv`+ICj(_d}w+Qg}_+cH9_3KF16x22|i;9BX?JUAa-g(Spe_g+PG{rVvc^+m78HAEF
zC;#`0H3qAp9m<I>0Tt#Exd{|9KgR-pL4V&ItEF*SJky^(JI{W=URaze{Z*4IKD5B%
zON`cMl1{}hUR56hps7*w3p**};61T+MW8(1Dz8_4V2Er-a)g<1nam7~+IR(V`Bl-Z
zKTuVMJK9H=xv`(d(n`meNEtwG*_3rs%*#vswbS|2%@1mlAqFFzYM5Ya-=a;b5zFyi
zaCSr3*=J$cg-Z%$?V4KEu&G`<=KtN)$zjqD3AsCi%GP2ANfVe7%{fX<?q?E;B*+9%
z{_^1VmV5JpRYZI;2}^ad*yr!IdzA`ujm<tHe=UQyJ~))HlP7<65ah)yNbl)lY)@A8
z+^N86<P*$$dNp;apn_R-3L-^)2RV1!9TFHD;+1+2kOi(YeHHZYFS9o^G}>A-s?tEQ
zB{j=%TPaBk#^w~D6(wkc**pi_!6?CTdHDRcTS<?WO*k&k<?!YUjmnZ{I{X2|2J+IA
zZuyuHToRQh&*i<9tlV;TVFjD2ox=1Xg_g*86ZG4j-0r_(@q1C|n}V|q!U&KlTWT_Y
zv=yIwp(HgPxCLm9tq#s<KprWWT5=?2LWRD!pmLL3VdL#@>;WRzf;BzJpTh-yoi7YJ
znB{&q{(tlXD6B&)O0aif@wW@mqI-~61Dho8Bf%kG**^!gWS4mVx{8wsG}gXRo<^6)
zS&KlU48&TCVJpyC`7l=gCpgWH&|G2yoo>lIItm?M%9_tH#Sm1st(dJ4kg^TG2cA=b
z*%HhP<U)ilBX<5$UH^cW9fuy4+s+w<J>86_$Ya~7@eJd)b9>yrWjwE#EdQs+9d$CK
z2NJouY>wE}0{jR>O_|v>D<+xkU8<;^460%s%k}y3g7LaSvjFRMs?=)`Bo|p^D8dZ5
zEL9Q=8t=MgTxQ+A>xnlcRLn=26V1e|AA1^Zi6>NXMPhtIP(|GA=*gXTub3wk6#|tF
z3!v<u%JSvR)9cfEllF2#ndo2t;3X)9XHoKzf>Rn=+WnT5DPtz60+GwA)`UY;uLI27
z_=(x$K8J-I@O>YWVrr`no5ZNF8LSe^^K`O9dySphqRB#M*%QgrxPHFrEU2KyRF@A6
z2n8rbr+@&3(UJW3QyLvzhp&dKYOF@NlslUkw^0Frpd-gnR75sAdA6qlfBhd=*lt!8
zNO<t!c6nRI2@QbGSBwW5w1nL?kiCXVi$I3~nJ}~56j&U{?nE}t;`?7=({ZvCLBw;L
zfF=C?m`rfntzd-9f(&k2T<ts3TOWvM4CC_PPqxQ4G+N~wk7KXLa@}1jdo$2+YKg5+
zINKCa<L8&zVnE~7(|SsAxwya+1fb2nJ74EvxkH!=q-pzY2xt=<knSct#<$u=yB<kw
z0cJC;L#L7&!=Hfo-GScnWM|V6LJt!FN`_Pl0ll$C3@MMi+e&j~$HWDb!jJ={g)U)@
zI_KbXucCdqP~Z^!m?A``hH5+BmkrpgS!w>!kqd+_WKW%%H@#8(jyGl?Q*tdi#p9f9
z!x%e#1_b9p9)`)0X^c{HIvvh{6BUJRKq3>@#s%V*pL<!NP`)20Rk@3YN=kn+mY2#D
z&JB%~6|t*|X6AlUo>$%;HYN(IsxwCPnN{?}cCY!tn3&?k6JC3236oQos`Z*TpT%^5
zYSi@5!u%lRul6Q*%Yqh%ZBW~FOTUHkB@%N(a@tbflSX1aKaE-6wPjf?j098HToD{D
zP+E9ZBu5cATfbPd8eYHKOWj1Rei)G5V05w9tftXvXBYfWAbcHy?xu06vfl(47p~Xl
zMC5@F+i2x6s{Z!S!LRShoo^CYV+j_hK7To3UE=YXFnR4;VdftOg`o$zxOD36<!+Ct
zzjXK^$-u|aY_3An7!~U9OC-$j{VCSMWP<+0c8B(Vx4DAnsC>9?CIrD!ER+ub%A9a#
z@{3@*s9k<bG`fD%sue<oWI3a)L=>y<ym?A#I4<r{Bh&xsb@hX^U3rUR0)(!|w&sO8
z8{JKTfhO#o5%UtV`QQ0XenxVqnR(_orjuwv_>AB{_9dg(^p}ImSqS!$4|VlUlW7{R
z2s5XIiINV_b0wd<4daP#wM(Pocb-M4#N@fSy6|pLe2Ac~AWjT9EKWtELP$7mL7$Sn
z>w&S|=iMFI+fVsc&07s%$_;B^e~uPBL{)5G^*D|$fWbxYM3(os`>1UcIlC8CPr%Dp
zBTIfdCXFcP(ZBiX6*uZM*-G87K!W~-1)kiD_yCX3B2rWU<K8OQyQ$!EOM7+;+0432
zbrtde%w0oaq26LEJaB(4V0};|R|tW1J<sK1s)pwk4dBSh7PMHZW&ra!+#AzncBnu<
zw&|2HDt4>*D1V4nR-Z;2<T7zmdirS7g8%AY6fnxV02~cjzdWJ%6V)F{>zG#|lx0(#
zx&F91PVM6C{yks$uc%>?lx)K<?83YUp>LhB&lJ>=6Clo;%J<DI*CMO3Jq<nlUwRY!
zv*d@p!o5q#YKu?pU>Q*|;;yD#xqHQ)sA9fi!Y`O4rwPpWh96$%;#U<G<9t|)<@o8t
zT%xno(X|VVhI>tGUh%p~aa6WY%4yCqbzdm3rd}R%<)G@eq_N}xB=jNziV{4ZM8#x$
zm^0+s2RU<}fOv_9^7=vn#6L+FXK#c{O|Gl;@QH-)8!|{#tK~yB;N+g<RLHu?s&OXz
zfe!rL?ucJf4~GAHvES6FEQhcNX%Q~SK6L=mCr#(Olg9_lm(S#{eDj;_?;p3MzY_;g
z-$dHoQ;;DFcI}pJwo;zkcDj47dojxHf!iwz1KdyFtXkc8#zO?Xv~`+$5Hqp|hBi6(
zPR#qXpS_U&*N>!K6%%<9)7}-wF)b-g@vqi1JE4Cs(+;o9HRtZ#%@Yb5c;&e<hp|{$
zc$NWM&pr-gGRgF^oCX9FG8YSozLXU9R_`{c;fSL|hK7>4Y>k_qrbQ@!&%^BFd#>in
z@Ch1j7(YVyL-(xIAAyk9$c_bva4mLLWPpPnyZ!ab$WlOox+?ynmcvL+v?kxS^RK1g
zFnb(MG=R_LT27|U;prNF{4s4~_aMu;i!k`p0WmB${IsaXX>z0^-7V2K#&3E!nI(xl
z=efdpA0gfx&Mu*d%9;_E@&N7?UHZ_bal3Xb#ARd7{Dipd#iss~8q-@Fdnk&Er70zs
zq7M}2xx`P!|6r8%(jRY;ZP=ZSAOjXX5nkl#I)<sMA;It@euHDSX}*`B;a6UMq|XiY
z4w*XTOADc#SPu`#4gkQPYB7d7J><HoYJ?;%V*TepQd&FmF}-n`g;(5sk1q^6a+k$}
z9_u9hIeA%SFdB~?PxhE_K9F|bSt&8~ct$0@@u0Xk=SDSKgQtuTQQ;=9ybIa@?=P|o
zUiN<WIkHjzBNXMA6iLUKDf|E<7_2aPC0sblqFJV8texm2noRR(8<BBj$;ROpLc{Q)
zwfznFy1{u%+bghDz0;<aX8@~Ohjk54KNht%>nbc+hdm7#R7{8t#fk{sC~9rBG%)*P
znHL3xaK38>%T@XIB1(Il&LMR7C)@t774=Q2LcXG>=L{G3-Je|)!A@0zRHRC6M#;<|
z2IMG!=UEoAMF=j6JQ&)3!$tfR2#{yWJnaref$X<ape9YAoW_welj28OD4)OwdO*Yl
zsZzl2gT)>VAiN{?eAtsWM%{I0mHzjG#cpSe6zc3v)@1ikvj3QzXaxcv7!#`QsS-sn
z-%#+WYWc2Jz6Upw^p;A&j*Lmv4^&AbSngOsvCV!il^FZ~USeIUOg~%56VukqTy-M~
zULx;I&i{WjY4ED9<@FL^yWJQ_)s#Mb5yI6X_$fz5Q^s|isTfgdP>^*JZ-EMlWte6t
zA&A5OPsI2?28d8aBOYh`T%L1A=m>5CucTu#Rk3+Q%G6bo-qDZ~tu}kaU8rkMsqvdz
zEQ>ZX83iGd?E&15H%wi2LKOuIs7DR|r1zr{rds3yyjFy>*Tl=E>BmLJ^!}!8mfqY=
za$(Hc+zsC+;Fpcb(xgApS*B2J>H^c#ns&Y_rmXJ<tV1)V{tlT>l2_q)r(GQRWivFg
znLyRARg7Q&+Y+Xw)PtIR58&@CHGg!U2(*9-cONp8<6cVQ^nFNPpkrZx<Zb_RLg)3a
zn^b?G9n#s-R4;oVf0MzRTH{6WrFgSkoFz(L;sg*6W1@>a_)TyL5?f(6);^T~fipnK
zXa*OR^yc#@3#@h-9f#G#7XMnL2n&kANgONk3|xFy_ueK`Q8kKoh|oGRQAM#UC1B;S
zT2)(lB|gS$e(@$SpCh(i(pIpbaNYJx%v?wUj1gSqRhtJuYS|~KD;kAOa<);oxUM6?
z5KbxJS}42QU%yMJxTws1^}q05X)Pyu1hV~(gl=ITUG{XS@LH5YS}apr?(_rEsXwd=
z{EUePVtMek_@*t;38UEyoR{6WcCD=}L1nH%ex14xX<sC0L3t;$4v1OX-|LOw%T;m_
zfA%Ro&eXir8#Q@ZHg#+y##L3K28i_RM-2cg1~p;+#QB?_;CsAELR}vYs@fPrF~o$T
zY{YEfxq%aUNAc*bD0Ckk$OQJ}<0}HM>scQ1FODHL>JxO~rkU=b8yLJY@7-<ev&Glm
zK&J_&?T0XN=Es{haq#R+!10ez1LNa`>Iu^@;PAyvn8=078Q8NX??bf82mHk`g3uI7
z#o%QjafCQ5RcO|ea6bj;4?TtJu_1F!-HNx5`^QB>^fV@UXX?iT;8Ye-VLv<5&C-fi
z$U0O`eC~&-zXi>;)1*D%rZ>m<^ng{{RoQizV4x+0Ww;#&P<4}Tu{E~xt!cr3`wyF`
zdOM1=0FVRyPb6~Zpf3H%ONE|UP7AK~jwa;iPK8a#e-}<PuoS=>t$UU___4?>OnXr3
z=Avfb=p&1=Oo)vLs{<!7B%wS|YG;niE*M~D?2?3d<89GP`>e!B61dePC-f99(mTTy
zEsiTP?;Lq&p14g&eCyd6lnF2_i~r<o1kT_EuyUu`;E$^R<B64R+8@A<y$}7neyPTM
znxXh5OVJzb8^fJz;RNh;a1h7w^@xGqXcY9rKM|BP;yX#@e@17BL9wiksA?o&v`s4)
zPmmiRThhy(`qoeJ60^Qdx(@FQsNM^R{dH^*AqiTcQJ>pIhP9x3?`%xq8r<drk-ZHJ
zd~(sLXs1X(@<A&<a|k!uY=1X48^_ton)W=?nqsk1pk+Gl4l*Er-cKQh_XVA1Mg{rF
z@}c6ogzF0O&Z#lxJwxMNTQ;BdZAZk?7m7vUK<n1Q=G|jufv}qZcMgW%9xpthV*LJn
z*jtu40vw(K3J;>r2h*()iV1$3(JU(xxsJDJTQ=@ol(kG1<i)a3Y_<{?siiv8$2+fQ
zXLt1zd(lcb$E<e#r!Qml*1~<@h*T2laS5|hj^m!=j@pknR`)2bLHW3~+?}flAY3+g
zZHmUfN}`freX<Y7sh}fUksl5<+11#2FAR|i_%k?33X}#!EJ*h#bvC>g&Cazk5;o?V
zD^z7V&i`{p8}-XcsU(3twwOF4#}pd0eCOd#sV?+mJ-wkLFZg=T3334)559H<lZd_6
zR<jgD4wJxQ+B?vNOrtxs;+i0iv1C!&O|Xd;*~!ixqFMq*jDW-ssj0&7S~xTJfw*SB
z;NoeihIb?^tPZOkxl1e7nULQAOC;p?kJ1^(J@y=zk#-)Kv}%Ov*S|ZCFMw2lu6+Pw
z9x<F99aOQ9!Jb&}68N2UAl9H>DZ_?AVG$ej%0E@6hc(A3pLSb*@#TB!Y;AQl@}RVH
zq128eo7;3xlyWud&&zLPLSV+M*V4q|m(=ECfC~{H8Wq?@g|=%<S=HMcG};N9hKLL;
z!KSK+dZIT5jebqHUc)^oGx9{%&oZ%FwXXqwS5ZC9eU^9gXaK7K!35(4Q0gSxD><tb
zi7+xGcSYhVz@s(f=by<~I#m6^+18EH*VC;?p|TPLfEys-5E*+Af?rw(Kp9Z`EOE-3
zg*zn)Yt!>Q!FdG2OiO);^}v*AAbES%I-FF*C;V~A@mZz83M1<8^X2m`_R8n}FWb)(
z2)A9OcNp<L37j|nXM{LFKJO-`bI%AiDsuCI#7jc7-u4ULCuvDg4AjzkLka=0x>9pk
zdDKa-CN%Xi6j#6p1by;<J{$Gk!B8CI+(@8SWarHST>>#~IuN~-q1DaLf=#)X10k%}
z>eQINb2Zu;2#QJ?fd6!S!_*%sU-F)gyNS^)e9X1bP&gnxmr%~8OJsydFi*Nvus$-M
zaUs<`QZoctED9lmEq6U*g3ul=o(NLKpz-<r=}16RiAHH?_+eNm)p!=@=YlLhyUbjF
z&pD-=Bb|#^-bc+4;4mJ7c|cqqHzl8>-JrbtQbJ|9yNDfC;~!-2gLNQhhG%_4#oxxq
z33?wZh4bI&O<ca${F@|t%Q^bQ+bFlAqN|7zuuUN#8a{gE`^lHH)1ek0I(9_ZY<xF*
zxuRmri3)f?j;eL=i(GOxUghq=1S>dOK4Kj-Jn(f#vq~_lTDI@PMML<*=X(y4S3qIU
ze5LSZ2IbTPi9HPV=@QAat06nU*a#Fg=7WuN*dTe~l_hbWIMIto`DB*f92f8xITv<)
zt5C-Jc}iux$(OuBGa|A?(f}fj<gGjYYXA=ZhTZFyIeC0h)v7{*wj}tg7e`7m%dw01
zw4ea=wAFNc$lLp(-<jRc+K}>EW%4WPFw%i&Y$cM1lj5(;nc7qGimZ?LK3!*b%q4H<
zhDsC8h-XbuGcqjU6-#}Kw5?UEM5Kd@acq4dZ*57Fpx?}pPcY=c!53_J>OOh+YwIBO
zsNa*Dr5nT*<GkJ(yu*4o(m}zjIL@&KN`OrUb<>rt2$A|uOo?$h+7S#V_!S&&-iaQX
z09uz@`yp>|X8ggsmylHcgfVe8`TngnfO=U+axQK}nvWdB)j}Pv!+oUC$G~<hA$vP7
zok;1uUe$9TVdv>Dw_Z{!-M^YM1PUS4;Prv85v~I!CXr}qur2RV&v7DqMA9%}dFFu3
z^o&M;-Uk;>j7R_+YJU$+7GTL%ZAmS_c#<4u)bKvk%p!*v|Mu9`^n!@ZDu<`H%Sd?H
z(G%+Y5#J>LcC@(EY=cJ@FnviMPth5$)2IxM2L1_I;Rncu**MGWxmn;_d$eDi5*#|a
zS9%HC>Y(F<Bc6b%cl6PhcQ9tWdYcoOjR;M%&?S30@F`o8<A+rcWg`(YH)k>UJ=~)A
zU(}|HK8emIoi-k*g-HqU^H(NGGMdcv+y(m*<M$de>L<n$wZzgKVui&5toAj*zCLCo
z483uGr@?2eFBORb;6|MowvX3v5##hJ8C8AU8Q{SP9A3VmtwE9y(Ami0TpZwOx3BO7
zbdcGt{JYdYKNMWQs$~_;@x=;>4>_-NXUQ|g>2@jf9Nrh20--ru{3xY8cu5XdAWuHZ
zEoS!nL)XA&B6W#}uu$S^bHgHJPvA(ZknfA0!Nio0Awu=n5)o@)DM>z><}%=i37)$s
z@1wduPq<)vH?CB&1~H&??y2B<o0PfcHHeW8;0Hw6n<4KQCeld}98;a)GR|R50!h-<
z^FJl9J4+MJ`5=LNw?xj5)=j8<<&5)Dp~nVACBCI}lGcsP(GBAYknIXN^x7(Vj;&Z#
zy)mdFQ3U7{b<)$1v`l_GLu)=O;{NF~0~8kBA!fLcf`ci`??bxto?h$yM6Lj@e+sk`
zBP8h5;%^9;`{~IL=AzE#5~+#6Vq>{fdvD3Fg6|?<jIsL5;$W|)aWU%YK&v8a=5w65
zc7%6-PuX3NUkF3ftj2${azcafb1S!2d)OeY6+k(55oeKO_ZP(hJRqPWHoTw-2NYLs
zj^b9wp2%qPo4K-O=DT`ZVvihrM%U)`(U2|ZsIh2{9bPVFuV*OUl?fNKg;R1tl3c|o
z3{_dO(y%84@KX~w4X5-KGXCf?9Spl~VSZPAi@E%gEE`AB4X%{3%zpGKEkMb;Ru*09
zBLan8&(t}I$KGaw)D^7~;?=wCqi>V@j2LfS-)Q>*AZS&&+3>tnIxRd5w86*bGakeq
zc$U<EqRmU{emdJb#BkX^$}_&fF4ON9j)LW6%>~h#bOBO$Sxqw=(<ttN3}Z-A=54rh
zwX3>2S$no{LpQo}$1m_zwd=%`N<P-dU3SmxdQ2>k#V)^&GaY8>G&4&Kxxi<*jv)EB
z?3rgc(Lbc8%Byg=v@G2iRpT8|7=3J7S^K)mGABDW>>Ee@!1T{Vc;w>rqfSRsF+VGB
z&Tf{NLk4v$Ke-lB8y^ZMOeJmJo3qCSUC%Uz;sJV4%`M>AjQ}DwOf4(*;=w>#k2w@&
z=k34AW1Jx-b&)!d1p7_GLmO&+6{eFp-q`w7xAm68x!(t%T&sm#$@PYOvskT)Zyq*%
z{^m0pMT}7z*pxtriz{S38`+FJ1g!oVQ*{AJ?u^T9kjH`UZvPddLi1dDA<m%d2Zqix
z-3o)?MGew>wgWzM>lsgB_|eoQW{9r<H|q38^ryF`4PIJ`O*)T^bu)H36CMxyAj5h3
z^hEl6D*u-)#B<%5tMY=Rk5~V4AMzE;r@vd+gZqRj`&o`2lW1KTt$7K5l9zJY@ZKhe
zPmR9lArUueSwLNmZ_8?hc5_>jKXz%e*t`Z<ad`aWO~R#AD|x!8d`2~U+YtO1#rV*L
zbpF-3QR0N~dNF$4`{IwUaTezUDs_On0D^?QtSK%{GJe_J{rAMvU{@*)XRY3!4Kb`c
zzZF4(X>JW$h;F7O(t3Mb$B~ToNWkmCuil>>>Lnl{)gkG8kFat`XNCkZHvqyAK*j~G
z6o5uS9K{1r6rrAK>r}AJUHo2T2pOf@D5jc*)B-ESACInHWQB7!EyVn>P}f%a08Zl(
z*kn2B4NcSq!VOLyKLCjzIo|=fLN~+zi!8@j75sx%FmT~7`)Xo_XvW^H5-RL7EFY=f
zH-i3;F^LX9Ixa=1IoxAQwE-WDyZK)&pu5kFtmaAs>3unJHkX*^ahmaV0OjuN#6;N{
ziv<@q&1T2y==FxHjDDHiKdFo!i(mWiHMG?^%Ld1Pn+p1zouTS2`VAB|&8Mj2PcXL5
z^dmqr{FGx_P$08O1Irq^h9^0io!pf6X+??`<6*x{S_({lHf)M_8-5;H1zlV{B#3`L
zbpoMqWr}A0S{Ni{KwwpaA;SCc%Ky9Dz%v9QMOBy52EvnfpM3%0XO?{lvQoVLZCl%z
zL*W;9S7X`8Jl=x8QvKEI<K$vZ7*c80zv=oQBo0f^6ez(7<G&N?zjD7TD1VPnR`rT$
zAk0Q1DPgza1^;5G7emw9lRMT5HW$Qr-i=+kS$439tAU7Kj^Wr9Nt1dCSPtlR1GHja
zA`x9XvQ6++4#Dc-TvY97{8|)cFuF3FcgyKt?hD6Oj+*6g`MeDWEu|2BZht*iqCL7o
zO`WV{4yQ>nW+{X_Uqx@a$t$hBLkPNxUBb|mljLh#Piu#PYq-_*;^&0d1%63-*X3@O
z89w)Mdl^yj5K<KO-}y{1xLFMAtFBJo%LgRg3M-=}Bx}df@0gUhT+~aB@!GPiESp88
zs8TkWrY=TRqmjL4KEO!0agKQn@v{d?P_*Ep?KAP!pE?WI9_<ZNljC{nMDy#;YsO_I
z8f{H(EgwB>NIW1z>Qd#yGB<2EeWw>JjDoxR&YSbaJFJ0K3ZU&S5fp-&Q1P09Rt;pN
z!g`CVRQS1w0t;D%Deu}GrcR_sUVFQpvw``JKz%d@7r_9xCcnq84klv-sYh|6VU0N~
zS6vPz_XK0Y4z&GI^>rqpfyhLH;cS`MIcyLP8=(rn&A$n*h~>%}S+Y}iZBT<b^m2<x
z$0%fA1B0J}@)L!Sni2`Gt)cAgNjQSn0THY9_Ca9fGSe9^FDyL?wh%3$DJe!JMf72|
zU#o;Bzymc|yA0WYWaB0T{m@-5jp}aymw1YooMGH2pZ~_k=08;R=<v@59JK5qo=kWH
znDxwqcH+AHwJq2?L6{H26D}p~KC+#5J<MUt4K$6~u#2iIoqgPRx$RE=Juh+q$FikV
zeTGqOL>c^rDPTF2GHwa#6#`uL$J^4-1vH;Cg{;u;&1wW<X8C$oi<C~8=Q4plCHQQp
z26c93txVS4V?Q}Fia$}=<2+7u_=!GigCvbL{%8sJpOx%KEHN>>S-05)2TSkdHrF8>
z<6cU>2`#Jl^Bbr+=S8#D$kRy$IgA^Qpa_U!V_0VqOWPXsO;Ww(4Alp&ldSMkg<P<S
z{=+$L{b!&Cfe~xixrU&&I}R8=IyACura^KB?hgTe8xhz9tp_5|p5tNT!tR~XcQ9KO
znvkG1>Go9UEQ{K4x^E+vSe$@xq>b8YSuzZYR9c)?0NIe(%o8n|EyZbJa6u3buH)>K
z#xNl9c8Xgf4uw3ZmuxY69__WU<w@WrhpKsk?mFanaQJ#hkr|bKGun83Os}cFOee(}
zYIeCKv|{_OF$9V!QGYu;A#4ihZG<7=?gB~Pw8fQvDg~~lz|D%sh)M4rHhS+ctXQUZ
zKG8^7LqQbg>WvY@ol53IkE1OU=#sw3TYU1D37=e)OR1*+!Z&D|kdEo#K}!72w557C
ze)my6d<HfAQ?u{(80)~2>*`Bsz$!(=T3%dEmLm}7W6w{yyNx~tC12ZxCamlr`v@1^
zF(qjOQ-rDsG?_H<+<+~JA8vo%!|T=vGu_+n)a|P7AMYSkXtW4Fi>|(SwGFolf$*4S
zM)<8{C-2u5AK&GY+#*&2m5un<9Tv1K^9l1gFkU?ANn5W8Xnw|>;dKoRjA}=xHLB3x
zzn&LsLZhHMFCM1~1pzuf=WdFkiamgxV90sU;wVXuI<tY-?Tj6v-i01bZM>bnksomG
zED1vU4OJZ8!E<B}zyntBW~7^FIbz8wE&60OMunRI%k?WCVN9fV@garX1)ts5BQ->5
zzpWR_P$>M>F~W#NPor4bHyfbuR_T#-ua-#<9DQRtE~@y+mq$%UVlE1$Ns2#4rJIgS
zDerR4H^ibBzx(!ok)c|ir%91@-pmGP8ND3zC(giIVyMr|MI|R9tUFbCY@K{&xaPu9
zi|PD;n>I~{3pjzy2lkoD`_0&#e^&+h=^fNJ*MfOxN$#HgHHwS^_$X8uJ0bsl`WWG0
z;xP!g&j43tnNC$vyQP=7HwRbuPC_1L<noCJe<ZiDqFOg+U7cQT!1wUqRX92?LqbL*
zgPQy)ldw|+*pQ&2$KDz4je$dvp7NAJC&`D8+kk2Xw7mXa$7p1G|EIERJ5q2&A}4)E
zx-)IeTCp&j_8Sw!%s^($<c<j=@F+?8^-<@jELKwA`&k62kly6qz7|EBwxi~nBks&c
zCiy9Z(8_kF9zXnZ&H^uzLBm>>6-~Coa}}*$aSNk6=vH`l=5)ceHdh2N1|h+ow}{=`
zIc_QbPYu3e)SjQG*Bo|b9Bmy9GiGBC)ib2KsM1uRjEy=5^_^_w{wB>aXdvR@QgCrX
zru5$SN(JGc;-OxLTC)9|=MG&T5?A_AX?*~)Yabfwy`9Z>983(M5nS!LA1%$n-u5Rx
z7Pjyh9`YGG*!XGcPELa+)5wy6b&mFu#jgDX>t&ui9m6F*>e9v>v!p;fKN{*UQtP_L
zbJpLr=8$94N83n%Jz=bB?Pk1Sgh$jP7Q9@t9OdiXPcJqqzDzGQFhKlmi|ev4^4PRi
zg0io7?uS~N-_8AY^{>r?K6V7qOI2&JePOTRlD=_jVRz=bdWs4t4g$kGs7M#Hq~D)^
z`^^8hIl=HaK4c3%UODcbXJeTf6VK@$Y9N1jn`W0KA7rs9&A25WuN-&PR^RKpt*RgE
zdp&IMK<CPq!n*=qgGIBX;i-M-@J)Ou5y~kw{Y<gUZ!BcGe=kb^%Ydut;X|yv8u;Ym
z#NA&xJUyrR#x%n6<hiQ4+gW#l&y)Cld2-;iZ2TJ|L3`X4lOW!-i6UqZOP!IfiY(;*
zp@5*sl_j6$y9w_V37Xioe4xvV=iRzav-<^%c3QnsKuP(R5BGaL2-%{wr?A~|0y{?`
ziJ%~_>^aEiyzBL5_sdz~H_=)~)w;UAx0W6}#2b<={q)*7OE!=H5B&lt(i1HDsd3#D
z`_}Cc?8kTqbyugMH6y<+3HPuOJ~du1pHjh50Vsk_DYcY(W<znd)hXi!FhQyy5jUAT
zP2B`rp#CpNAGeLJ?-vQ2YkxQSj9}GMM!1D=X%>$Z{Vak~ZZ$#5Si~gG-|7(tprn95
z%X?Yt;HQ^!n8_YquRT6er_Lu(&4M#^TC;0;g)@|_^}!ly<8(29&7U_2cIQOIR8$Rn
z`r|yk&HSOY)~gp_mK3%rO8R#AR4&cRhq~UkI3Qz^DpX+@Y|y+;K*Q;WLmB~8pP3l^
zqBvY>^Ia6p+0w$>j-#RIB5gX;y^vOAKw3>boGQalLb61BCzm~a-SN7Z^(Wr}Mk5D?
z=c|k}jUF6qmjD+VqcAVNMhD1FLDw9KaenWCCCC_dt~j~anRkrxljY{nVsoIb@WVKW
zI<b0Bef)zajlp=23Pd|(43n2XTI2Q=hG-9M%67eFw5Y!Sb+&M`i?@A>>FMoE+2ySa
z$W+p2LUn&zdv|3Q<J(iWF584hP>V^<(T>D9<SdsK!B5&)tn4*3E6DN<^0%p*%AYm_
z3o^v{HC-q8vc63EZOP$wFAgTE=BGP`b=8Q@$}4Tj|I4Pf79{&7Jy(?ZHloi+L>Aex
zh@3V;S`ofW=eL(N<LMo>bZ$QT?ii~dSAlI4(r@|N7si4lPXO*V<1Sb>rDzvzN%EW+
zHu>Cm>~QwFQ#|+7JGEJwAVMQAx|f5)00-_X4Op#-b)sM^M$R#>_}<g!Z;<Xg78lTB
z1d(G(Fs)vR%)ei6R>^ye9pEv|WFgp9y-R@<c+|Gz0`xcP<`_ojov*>hCRgf2fevti
ze#lMOBiqGcwy7VfLHK-Gij(<I4kSdV4ag_x+8@6v97&Mp;wxrPg#v-;9qe)m4&@E{
zFdudbJX;{mqO7g*(|`5oD6=c!XEVq^c}0Yc;5BcZP<qyqROIb%8#uPLkJ7+Q2S2Jl
zzimXb1wi@cqnOl1zwpR0s?#LZ)Sz}~-o2^my66+;gef`e^Pvqx5k>27-zPE%6NV+P
zbM4!H%@DXo!Zm{G?Rq@S-hVvZ8vMJ~f-f!2zoFqNp3^g(<V|_Q!erao9o&bHwl|Bg
zD}0Y_$Jrma-%>@8I`&q5r)+?tR{0J@Rx4XWMqB^+1Hcuo-K)r`NK7}-)C~yAKJ>nc
zak>;}xHFazn>Qp(@}nZJHW5;7rgcjsS^D?SdVhjEZruI80^LTIBg&`Mmoy?1(BbTC
z`1gd)O2JCmc^tF%WU+8x+Vo@phbDYTgJ)_#IaqH)b1SJF<BmkZlW#GFa%;6=>Wu>m
zi8qfJ@s-uQwkQyECC>CJUBZ8Daf?*0>t81&v72Aa%0mqDx(;I@XjlOW*C88mz(Fi8
z;xDgU|8>lw|8P2TZ|pDbo?XP=e)Ce4oOa0^I{Q7JLn2eeMDJf5Lof}@oHcK13;b&_
zQS&!%Ls}{IrZsalfA3H21iwKXoJ0@xGxDrs$ugw1?AZ@42cmbW#>4vRfXec+$?)_{
zTEk?_V{Uxw`}Et7^3xh8vX<0rN!Ld)MIZAfrRQR1>fG%C%M1&4lO-{*is)L{deTu6
zzZcWsV9tpFe|DK49>YVqCz2sv-?Xv;5*lt}a>ol_(|{kAM@}*^&%QVcgc4|I<YeM|
z^oFHxq!&C)v^KXFe?`Bu61T56KGFq>T5M%($>L8%_W5L<KXTPRg4yBNF_1%zm^B>+
zYvkelu-koGL_2Gc@IF2Odv_KFJCR*NvUx@JbWl0nI8-YyYqrn+AfkJoEju_{671X4
z%Y_$rhLE&H-wKip>M3m5BzMnRNUyx!KwUg4tAqLej~b*HazH?F;3hgO)5f+30!@4P
z*=xaHkRe2u^xhvmBmoPs{2Uw?<7v<2>D{Z2SyV|tnl&9==)oFdX(zz%ceH7KO3lHe
zTZCjGQwo&X9bJGX7$s0frZW%p`V$<vp36b>DgF*MSpW_v`w|f-QGsu)b40j-Xv+An
z%r|x&H}n3iOQPY7&@-}_UqYlQ6q5{i5c7SHTwz0C;r?KmMnbR+UTA%Z?3hh@9~U^o
zn~lXi#tuYc2*NQ9XW3b&x&8Q*3AK!kr-b4)ANXVvjv|m(VIpzX%P<;xc=4_nT~(VE
zW*Q9ipl3Z5QF7TA97r3(Ty#RVX7!To3`E2(BmH13G5BW)YX{n;>A_J6(F+g@>Qw-(
z?%Eb~1EnwQXFS407-}-Fla>cCuGH<8(Z2$`IVl88)wlT!?F|`<fooVWfcY^BysX2~
zT8g_H(o|({{`hWHRj8cA>nhv{+urg{EEtPoy?v_7S;mkLe(}KKCo_)H@v#l{FDkqf
zqw8v)RCvaQS5@B0|JSCG4;HyduokF0X=z+3Yv<=KX}Uep<fmf2LNSQOPg!=KSdx}+
z;tPtYb~xi7>+w+hk3Gb;bI-)>f=3r+4Te2&_P~AZT8zE?cXy^&ysrs8F%kiTiP`Df
zO12gNSwHz%k(l)cxS1H>mW{Fw!dFZI8egGSvKnFYgOR{^#&GP-E*fymT>(^FDl<&-
z#8p|y(NTGNA*HvetQ-Y8Hd030e?j0=h8kJygZ*ebql(SYSM+r-Rik+~Fll!h1p+n*
zA(3B^upM$(3}EbXp8_E}q_Ef@@vy!Bf(oDiI~0%5C;!m~$*1~1LI1VtAN0Si`aeNK
ze$!{NggI*A)9HrJl3(&9Yg_WpK_0-Kg_s*ujHJmO@zC?oZDLqWXH#Cy_vh2rEXx~N
zWXINecgvz^y)Zm6Tl@yJaK$ol>jHu*RaE;Aul0tM4m9H4`dbQz%)euQ%&%^x0ULrR
z{SRLv-?Lq5J(yoX8L-m<^zk7G<g`0o7`v@G#1HNlAAUNDXCLJH)hg5354*1PrzFjW
zvg;rpkf02x*jwh#!p>K%%!?iaa<;Q7Ryq1F`70K$uT!6zmGav#1Xrgd*cP!$hm=av
z9yH>J;4*XVF*%RZFv5|pd5%ZfMzEC>8R&D9(YXeM5BRs^&saXw5zsVwCC=(X$wO$L
ze>S^SEV?xvPiAs>?gPB{G8j&TJurxI@`A}u?;%Ap=f&IaB%$VcwEqHT!y=Vue9D~u
z`4L4e>iMRT3`d>oN)B8QPtQQEik1BB^Av~oq05UQXzPNc+E-2>^45tj>Ews5%W=->
zV{!dyP868mle8Q8WM#gy*Q=;JbzdG_R-bjJ?@T2jYz*@24{t58#$(Iz_Nh?SG4xX^
z5q^NLdYGJGw84BdM}?`A=deRFxbTNkyUMz{lhoBZ0AEH$-6DN=rYi!NKqLn@67CJ<
zxvr})Ha;fLSX_|ag4R-l&o!PPGq+A7hGqsUJ*=8+j(h;nHT4yNONa6v9&3Xn2cFDV
ziUyh$R@J~>(*r`%U+K1#oLV7W6o%<LsCZ6Z&o}(U*7Cv!*0K|d<;#*Pp)CS4r5-_S
z?TN`^mh5g5H8<5%GK(c{4IZYBNf%8x@>tb=Hpn4xq*6YZ)%QVv(uLw*nd1InhXo*4
z4*zt-(`D%zTY#ixYF?(emDssIDD(@~*3;e<aV;csofdgSv5cJwnL%zVl&pS>P*+)C
zjm<ptyFYa>xBsC8nbqxg#}u<5R=IW=8?JL9dkimmopiCFxfOQ^|8Kl~V~{98v*p;f
zb;q`C+qP}nwr$(CZTpUG&))C7_h)}@?8bIQbVWsXRAxtYRb*A>$wU9jhx!F3P>{j2
zFmJyU>b<Uos@0yP64FoB&qmHe5zgy$@StIG?koXYq*<~@0|aVD{r;Hk^0h4(*<eMP
z;iB{9JnlI$us&Lomd@UC3#8qX%LMBr%Rc$dO~Bi<U<5hi-+dX$`^cA}5iQarA4&YC
zq{2tI279t~Kg%nUWw+x2AS5t9@){CHHTgLgKM}-`MBj4&!kK?=3{8@D+2h=qU8=VM
zT2WIQM4;Tk>xIwYh$I!A8Juf1^u<6rzGrEoNq^^JjR=w&f^NiueBGEThqbbaML7f>
z7x0J;sHa@IvDXD|JAa^yr)9{p%`bYEBb%IKIW>K>IS^IS>knLH;usJV5La#h%-x-w
zc&n4;8(FE|O=@PA)n;ZwrVwU?W*pF$%NSi;^GlF)(|}(HL~St_D15cE$Xsv2E#!I{
z{`t`XoERQG%Er~^oZAx2eL>LB5-lER%FnJg&A)tr>7|`hhM`4RJ@^frRrS{6d1ERB
zobb7W;?Pk+A6mw{GhreZ!-5A-mRSmP`tY0orSO<Ks<>bR6P%NY<}Lh=8;J6Vw{e_u
z9L2B{0W}B`%Zcjj_$hSDIEux-quO^Q-W>?Domg>STGWp=W3r?3cVA{70Hm`9*z>HC
zjnv;%#3+Hg)RNjkf^=$I6&6u>?7bfm8lgFKs>_JjPn6L-c=XKW?^14vi^eCbM|AU`
zE%d9elN8jN@ASh9r*{2C%`3%si3G=}L>U2`l}F5q7!fC)<;41wG#RGo&R*tpLS3Kg
z1yrYIVuaR>(x+siQ*@FnKhEkSc4e%vGxthTLu$G#V@y{cOU55P-&!!1u|HTDM{VBG
z1^3VlE)`;GC;8r&C_u9#szLLLOUn1-!M<V`6%7#8o?%K>cTL6?zGTYI!b-QACpzzg
zWVRrGH|`N5=o)T-l9X-Ox<fPfk&eJv<l>j`N_nI`*H76`F<}|bh+N5q$vUT9V424%
z;*<#g`w<5$!-Y|{QHCI;p*h4mCdpVxti!+J6thEjAT*th*(enUja4zm7_2-zkNCj&
zf6_vW@*b_yPAvH<`L8`QV19x1$V`l$a7F*Www-T|5yLq}67$S}%&V-KSE;RNbeba6
zDN;H4KPQY`$O=;W@yG{+47~bOU!LXMgOv&Cg!z04O1X`&T>5%-i3V4nMnWFV{Bkm-
z>b?XE!smNi%@~?l;$T=-NR-)f0kR)A*@9d*h#BT1MtB`eC6CqqYI`fLcAF!1E+okk
z4IsAFUZnIquKm^->@X~vwVgs`#em9p1{1(<Xz-U>5ZeHd>cnzj&&aBtWRLlmy;s&G
zM8nSU>tG7&EV-y#Ei={1R>s%tuZdN22oBTP=@%vj41#XJW~4_~`6jdRHxluU<1%`s
zRatS#tqd^gWcW_dziEm#qwywT4cJA0ym+?hxt8`xgw1`)wx&dyvW}O{!Lk`RKuWp1
zRt$xjd+u)|p=PzZ+ziU|=U`xiowKZuHfkL867tyDCW#nz_csPJhA#c_u>)onz$GN-
zx3-G+=l-u8uhd-dDkoYAmVm@lL(L&N(v6`uCA9fp);+LR=lOtgD5$Zv{FmCf3Ys7h
z{psMvj1I%m6!bFe)Uxtw>iOM+>ci$Uly#5P3!O$(Wp@^TsYV+uJ{dm9B<F?KJu*I-
z-?Zug>4dP@^|QdMDVgNwvz(^g&-22H1=I(M)WH%$G^~&x;6|)1IcL;(3)Xf2!t69=
zlHG(8@|OY-rC*NXNW3FTo?}Bc4jxU9&4r9BsfyQtA0gAOW45UM^V-EB;L{>p0JMQE
zZ1XBz0HHu29Ft-d!jhxGp{0k|F3YQDq9WVu(WLyB^-n?}ygJrHRsl$xrx76G(M-p&
zR0)!_qZSUiX#`{p#R5R?ID&&fDDxwjI@v7_$?E1b0(Yzpz>Rx9ier9Zai>Ab`6`Bx
zX3!F<lL@sob$kylQ~r%u#{*t&^vTl4g6X@QA5?Lg6EN({=dDOwsnMQU@}N9&AY?->
zL-zj!%Yh;{;qFn@FpjqY$cHo3rElqEyO2@AHWMBwyb{C+y>0k_@23{8UB<>zDG8mb
zU-L%{7U)`yYTU}Cm_xVR@R!2c?c~+a&Z2TaBd!QEF*dX@+F)HggP5eD1GHYbf0<{6
zK>qaTFSZNb>oGF2*Dhk5$2S4j$mta%rQiEKD&X5~IVCEd{WYo6jV{is6JXb3VJUSB
z9C@9UoZ|wi!iM*@UZ`qVSmSVV#q>btFh%Xm^{LIti>N9At-KK~nw(o5%cHAobHG`N
zb1+08{@~E$^J8*cdj}6qtEbn~yoQ6*ovMRR`$Dy5KY&1Kh)mmyn-8a{Kk~7jqH<{R
zp_1fR>8`E32S7QaZQ(^?j(2l^K(pD{MdhQ%&5Gs+RZ-BEc$AzZpsKaXjGhS!s$A*^
z96;x0CzF^LidbKXFji9!pQq7v`0J;r9?QJ4fEq<agO;y)fm$6~aE#6}s=~uE7o3=J
zL9?Yc>(DDrM4@OD>DvT!CwfEdeeV_ryFRqop_f8wgx^vyPc!M9K?@y1ACzdhM(bST
z5bFQ*try{0BepydPvj2(fQr#wLnJryy)PhX=AYo9o8F|hd1IV_RY8PgtJZxF5qg5A
z3?BJbhmcn*Gzy5Blr_144{)X__B{L}e$8HpCItkmV8MYZvD8KPB_w1~NX7O-rXLI*
zu$gI%RAXh&Z&3ZRs4ZVRGLp0nKec%#YFYVp%*ac5PBXFJ@u9_4))&v&+4@Is>1tD;
z>`w$0X%=Qn$Dk<EE@fE3ksYR<!0;6+Nz5O+B?NT{!LSV0bdMy9|DRQ^t(e|Y`*6Oz
z1Yj)>iCRi$NdSSs5jQOjZWfd)3UMt1`rD!zM5N@&WoZ0eEz}=`u7wlEY;8nR+U4Ve
zRuWQXgKrgUNDK(lz+)iFar{wsLG+#{ah>B~eI|sI_r-ame2|k;IGO8?Xk~P4sMt8M
z-Y?wL5}zq0SBLKdk1l=Vj{y}8B1Sqa{9389fBA!VF=8WfaUMWSh`j3zvBl-GJtBVt
zSdBps_ymjEO4|VY_+CiDw7|aoEcK0zZ^>?I6LzDj@P!b}25AsFR0h!nC~F4`Um_lD
z9BLa5kpqCeXT2IY_J&N~0>cVt_OZAR5c`c_+0@)OL_$wdA=}lC=EZ$*L-m;7=9N%c
z0Sn}x+-jR|K^u2~wmzB;7GTUeq}%>jeKHTI5@bsW(-`~CoiK0p)?N(DE|htvoE%{}
z1FkaRc618RRYUL)S<s4j8G8}ea}zlvIZRQMwI+?3`ajfA#`b`MQ+M$>R<K^UPbPi=
z%i^KqXjGYp|03t^d~?u8qx<q~Jin>9B~>ji8Zf173AC?CS{)e%i<2llq0aDMfDy)e
zrKzr73E==yzwap!QXS%8DOI@#JECHYkE_<fHnGsgm^2p}#eu?lL0jefAy4u-#aa8(
zmrr}Fm;R<8{sm;oYdF5r{%BLREmYQ;KA6tGSC1idm=+a4W))z+Mi3Hs(lUcGk|oKo
z(u(MXMvIS=js${_Y~EW@>w6zXXrU^{1yvf_QSlUrHv#_(ag29~`!*U>x2d9NGsv&l
zIEF<_^Mu{|v0H9CmIdcsAeIkz&jOloEw6X9JvOg|2#PCC`wmHL?le7YW-w?nic6!5
zm3aCaeVk8w#8{*46Qj>KMNfkfq`Rh%w5X&2T4)_kGZ&O`q6Ox}W;Zi9n1(9Db0UK}
z9HG+g(kJ1+lZd4=q5c%?fI?7pbpC5oS<`lT-t~`-@ilSr6O1l3!7B_oN)~5+gl>ps
zj0&W|$5TMMSF%Dqg}l?!;!3oiY2F9TqJ|d_q>~ZQQ~+6>e{>LL@M%(4jPC<0j6w4T
znc2hu0O><fcbiiOTDgh{6sBFn^v%Ns*W}jYNIsvppA-&^fTuSCwx(6ml)ssEd%ks-
zE!Z>m%n6obeb<vv;Tbd|qVucjhA>{>C;KLqh-L^{upthv=z<015npv_D(dIaMP0Yg
z?FtfN8i?@fD)-mGWaKcw%hu=US}y_`4%OVVvf_6~WoyWvcV}Qg5D|gqjUEv%9Nr<o
z^9?=Et}H|g08&`gDx;ggz5>Yebsyq^wJ&i~5n|;IA-KPYF!aRT?EdEx@|g^o@BOxt
z>4pI5g4oiNOpq+}O%Rn5%Py^-`4a9un-vu95N5OH-zxdvmr%9vB^ceC>LSr8<<8fW
z#BMB0Gk-B;%^%(l_hJ#QU+%Ga>LWEebiGKFSuur~Us58Cgej&;p%va$35`GH{2$Q7
z<??`poxb_5{o*%{)ejQB)W=SG#=2tP*L4YjH=MXedF!I8TQ+O0X7hpp)Gk;k|7=8s
z9t=gK^QZ{l^zDR$U5{1j=QmptgBjp_dBH|f<Ei-5?Y@gUCyS_9!@y3D$?}2=l+V-h
zRfLp3k+>BO1Dt>T-bi+r3Pj7K_Gw4RWr8lkcL77Gw*Y4dftJ#RWFRWIo=ZJw_L&?&
zlkHYqnG;+pG>Nxij<!3<FH2;-{p<#s^AZ7R9HJqVg26+&drt;U!H9I0@-LO~9q(i;
z0YDlMix~^{ZuLB+!`t3A-|C0U9^k@<fbkGU+g}3y^kk5aJ1ku*FEf>cgxGMj{D{#m
z+5(zG$9Ht=UvwB#>;n_QAvZOZ#)P7BKa;m8O)NADH&6LU*fAc337B@ZqI5*hwTU5r
z9|Tz_MQ`qc)_H@Ar4F1Q0(LMn0iE^sxd#-pa|vC*5!Zt>L&>mnQ&@12V)n8pyD({%
zqiq%X+0<L58^&MW{??`PpAhWgyiW}GT*(W=1mY<v%sLA3vSQM3B1VBif`HaF=ag85
zjuVrLetFB~A!($io(%(le*e(w*JSt<I0{U$K7{WTIYy)W!@5BMeC3L-wgvF=4poHZ
zG{T%=2r0}*>D`I$9U4Yp!f&+;D)RGBrLy1rlFp`886zY{<-0*8V~LmC@f72$tY@2U
zj$dqKpY8zL_&=c90Aiak<#I!wpJ$Tl2~W~&FU_UlJOu5rLqT};<E+eZn~qIq)_|FY
zFi6aXuiyb{@wz`UcuStF?&;fp!)R6^B&2ra853=Nr+3pUO^RnMcpMCC-VyBj@l8XH
zl%hKh$=9)+xa{DvFaZ5?q%=jOto^>7b7e#$x?jfk_h&w$&pVL@%||gjk`Do(5xqf1
z2fzMeeE7NTiTPj5af(|0jtTE&PR93VPv<6mP?$%%Ut5{U$i70_b;2M~JlFf#p9T%;
zPvK1en<K-Mtn~1{<aE4YzQPM-YLQK42&Mi?I9PAxb-MrYR^xnj@4C}4{QEbDY4~sG
z`?EmAQSbb9O{ciJ5rW}J0=SgN9I0$e<4Y^;u__j;jz=ZvxOV=uAWX50NOvCC);5v@
z$uIA5A=P8g^$+<=kT!Y&%2oH3n2Q7_vth2P{t-6*o8p12;U_sCwxHp=uQ@qv9s^9V
znVM^1qAL`_llD{tu^poF!?b7e>DiJJ{*Uc(vOE93ItWR-0j;hU4WD*Z`3q|DO(jT8
z-Dgi@V#q9N)L2JOMR%@=XkhXgU`2&k$b_5XA@Cm=QP6bT&>HG7i0M~VlTcG1s=@02
zBQ$!<L|0x_Z?TzZaOxH4KZ==hQ9cAV{-hM3q3N}wH8x=VVc1YhM*WXQ^^M>C|GP3_
zG)-pm1P7FPCH2uV@`2?kq<t8?=>p&h(OYP#?79ji<!q0{M|)1fYIS~BQwXi$SCg5h
z0fxnUf{1_$pP-ICU=^MJPW=I(zl5CZ+-&|0%+i){?C#C~ecAl)g%D|Z2KNRqIXT@o
z<N+u>7v04>Ve)Ugfs#J}!0b8)mrBAe=@q4)$#E|gq9DTQDi-)`kspvj``_i(xw8?O
z2!hYAiogE5VtK29A7m*Q;4laM^{~4;Y@3Z_c4<wLejtdgGwhw+amNInD_AKB4@dW=
z;Nr{>s1yy<mq?OihR8qVrPT)}l2e*(C`W<N2`$G5ge8&>%W2y;T0S|86J5wAl2B1=
z5Vy1&A77g{G4Ms)uxh<>hv9+`ZOiuEQaG=%n8YG48)=$1m=ZCSWWlgm6Oxju7tii0
z{_d$y86XkP*)&csg2%FQa35kY$gZ}We*pr_060pxdu9`4cRKm=1J@j?&g0(;XsgrR
z&oz@)qgfgo%5xeM$?c_6i9AtFUp9+Y^$_>qJH565zu{`ZexAgNxbI6MM#uXPIBM(-
zaFb$~^y7E}%Sp7o3ivbBvMS%~^;O}(tFs=VQN6|`gm^&@#7iSe7-acRONfLn$3aI2
z#b|OmH`&PL_kv=ILN)Vay+80W#fJY>u1VvB&(KRk0)~26Sb;V6-azVqIiYjTmUd8q
ze;;FMHb%Z}uS!#*p~9?GW<Fl67GQ8?C}anROgWa+j)2Ok7Jt=H$KxM@C#%_WSe!Gg
zbhM#WP1MeUwc^TIrIvHCtZp;OiU9fk3glzdo_itC^DtW}4b;+~5UjR<kj3ugz6deO
ztre~0Q(^-5h@+4>iMQ*%MKmB`uL8lU$F|LQACBA!ar*K_*8<}+12>=2hX<@Ind&Rz
z^}@n))QTUMU!LMREcez`Ppf*W57q|F<KXS(TC5Kzd@+jR%eJTvxJ~O#)0vDt+e+xv
zag?*+wGW2*Dz1(l>pXauY>9a}R?br%?BKP&VYUiX?`YJOD5JCpBkaY}_I-J8+ABKp
z&bq&)xQxfcy-|9b9`c}8Ckabi=WEmM(s7Bo_729B&apRYFx~(3QJuHp!wZ%U_8&!>
zVOaU@N#;h+%(3y^6i_uSRTl=xYI<%pMMx1=SON^XpE66}sfE(%OdHnnzbN`}Rzp)C
z4IICUAE-GX;N?`H9jUOBdYZ%t)16ELjW7@x=-MMw?O2_N!RdK;oiWvqb#%NGECfCm
z(yx&Y9<m8}xSgWLak^?y?z||v=*^{NLV6eDGwQ0|#T16pPpX9+g4jeU*y7FA$tj$M
z2eeYwORt;x6gleX3c&j-m?n@VR$m{v-s160hHQhSBt2Su4%v|gqdd?M_#`*RnE7Hu
z;=T>lI{Wp2@kzlr7Q!GWk7MFPKakV7afrK*{$N<iEfH@52>Esu?W3Sw1*oRw$wc{*
z5rv|#O}0!sjB5Jya>#y(mOTrELE+xb=R&e1@qxo)>ABiDKk51Yq`dPPbVup`Lnx=p
z0<z*7Ufv4>{^o7ni@GcVpW;`>p;X5A0%#Ekqqop%SJIR#VehsTor9wc>@E&yJanA5
zIxoI&s>aEEWHxAewEcquYY9`>uPsNk&FUN1g#`E=zyPRMY2_Xg**KjVs1g?3Dp2VF
z`Tdw(*4Iyj$aL;Pi*>A21Ktk(`5w6E9`4%o`)MJ>8^$T7pmH3w@(i&n<oB2th^d;$
zPHE}xn6_v)ufbd?9s=Yl_}KPV(W%**V<38cXXmM)sbSYGK{2w<88%dsa3>(YW49J?
zy9N_cE!FN^bz^8uhLw%TUSY3H==`f={|S$wk_>?S!=pjPd;Diy=Ma3{3Wd0U_O<J(
z19}@e6nHg8^=aWI@%vMV$F5Cz{8Sy7ob>^vDD<qZ;YFNFOk-REJ7SmbJ?oi&<tNgL
zne5cR;{kvl1e*ty+9Aa#*_|a-jJ65?h4as)&EVipJRDCIfNw$VI<)Pusw@$%Z2`dQ
zU^k8<ae;{fH#Ebw=d5ZIB}tjU7^K&7*Ptsm>9US39cq<z_t0dh_JYlURJ2m9bK^|?
zs8(dS&ROLr1}z<wSFX;!iPUjfn~<19PLy^4sW}2%ZiUG%N?pen8rTFB>^XTH;n9ez
zpexZ?5%<|{3=>h;Cy;zW(Ppy;yQ-nL)-9_OBnXH%hDa#J(NE82-2qYRRRw9Cjq+?Y
zKT+L6mXf&x)T9yr?HW!7j*$r!d5q?9sA+htS#zPHAE=^yIJ<Spy$VI!<M%NAdM%^L
zfOAZ}{9TsdL2moV{8gufX3X?UWL*%dcfuxivL)puXh6ntY=9})?U`qXfOg(~qrJm+
zqrvSlZQ(J_VopO{n28Wue+T~j9ClC(Oknw>g*kyuEucu*FTNqGYPHQFHLK`?+7nLV
zo05ME&8xv7+IWO1)KcgsrgV9T)mn0x#or3GXKg7EKpC2*<tpD%ALI<w=KL#F2!DWi
zEQ&HKQGp(^*J{#fQx9_`<v3%6I*lI{#M_A^KZ?i=0cM2aZaY*Bh!F|WCr%Xf^E(b&
zt>7>fDY@p|c)t#_Ae;=@2j!ZXp9mo<q`q5KTi<dEpNLYn4~f%_#a+$7Gb#xEsN-+)
zQjrZrdJ$V?66$9RHf)mY@6Oc}kHLQbfd#8KTR1YCrV`tD6zDflgTO{|SrYe|tk;^>
zBS^OpsQqsfi@3cBd-6ZvUT%he9rytNAillnn~_f)v(+$MGC>PH5qjv*`y)o|l*s)H
z%zDc5MjEc?+C4-!Y|zKeikE!LE>W+G)0$Okgpp&h7fLbi+?*OE)A~<rE2W%_klFug
zk8KDeos3VVMvQH|+CTH9l_Ud^d9gkomM#N7!duqEP9=VM9{*jvxiWdR3rWk2jyxtP
z?jbh7dcnT}q_N9@q0dmp>I?Adj+8IBtwks$Q;W(PAgXie&_y>Wxtum%W?-)RuuQo<
zd5(Ez{gqUIJz0Ap&H+8;yY~+Z!|@(94(s|cO)UkyJkEs?qP0*mrB7MVL{vU1;Omts
zUUydWzdqpTf{v|P%nPS?<&Te%s2I6=`hl%qZ48|FdwOm5P3hfO_J;E+P<<f?*m)Z#
z4hUo{ge)8OOHIpK^(AC~b83?L7`U_}!}mqb0WYl}h}q@Iln>I+8LVZ=NI6VrP_k$1
z?3SDzRCm_HHvAxS|804Y{(*a?xfI_@WlP{ywF`*|Aft^CoC?n%x-7LK)?o(Crr2sk
zyW?lvRWWH3>{F~G&Iv4giLPur_%#;hBKR>U$QhEF+l!)7IV@%~j9cJa>+Y!ofyGnD
zxp}vxQiP5XhPL#M3&i7Jz`*d=+FpR<kRy`*d@;^s8f;Ef?V7U!9q0ZLS6DFi5ZBj0
z9n(;Nv0>2(0yb}PMtLX2@wVeTmJon<h0vs>QJZa=_Gs4Y%^3T}N|1J#nxNOMvo!^2
zLY{fsw?9dELDe9CMP1WAQ+;dvC)9eA3yr^Q8s1%ET}1i)yPMY(&zwQ^0S`=dARIk0
zf`yvRF7M1NL27K)XbsK}Za9tJvc0*D(OE;$zq3}v7)LHDUacamnDA3GId9peNA;q&
zlhM40&0PU#LC4>2A!2oGM9}|^vsmKQJF^%sQGVRhYT?9oX**8-6ymJ{=Ze+mE^Lbo
z1+nZqAlwL5;~aQvvO@wlfU~b?&ff|a{sk?!rD1YWrNUE^bBDSed&-Xd6<$ZioH*R4
z+Be5dMKTP#5pOTH?+#83u&#i2-P<#Ox)_QwDP&TKhV_sDo&@%Lf=bG{us-ZK=&*D@
zOGcH4gHjftc<|6Ktct<H*y2^z{@Div@Ty(WI!~w({xMiwWC0k4Nd*Cmp0(f+h>@_}
ze1oJAnVM)8J?Q5j!R3tm<&}RT4zqy#O_$}$?RT%so6A^evHCfvB}qD$-Qh>Y&S2p9
z3QnNY$4#PCuhcTURrG`jv4)2O=6NMMgR1At`qWc3k)J&Zd^dn-cjTY#x(|^-6uR;i
zb(d_6NGT0|!`UJT`96+SdUghs)W&crL*~ws5$FpRRa`SLqQq5sjHdE`@6WnK!@-D<
zR2L$x$Iw<d2!6z<glP<f7q=vXQD4x9KtJXf0S6&USdj;}{*kKGmhUZ6F<7-Xq@XbY
zjN*(Y6#P0>@82I*)SM)w317TO`~Rwd<)1X;Sp(0b@+XHtvk>}hGnu=fs6dIcN1`W>
ztCC%lwuS)<^;YDm&!NhDD|}053}&h<!&pXpUju?q|C|*EH$ZrGn|rs5=p=5ogW|lL
zCC0{S09nAMgKJ_j(Ie&5#JsMA>e)8CTy+a)E*x#}oeSerq1?A$J@6b`ZeH3^2OV-n
zIc*i3zvA13WNZb!eOY>_LTC;ik@n=nd$c-J?qyLssh&5E_6vI93L&=JE662EcCQk-
zz=2n(VQ1>83dk^bIOxXBe1gM`;pt}n`&}djA7~`W!b9BPpc^#s^9|I6q?r5cv=ipO
zArU5s^mBj%u2Moz)KcUTq3&?djhgrch8n`sO#SvciSyskNRvbc|4%zl!YCCrf)JC;
zq9%!Ai4B|s9w#!A)*qtiVTdcyu1m>IaWDGVj(%q{7vyjFFp8a>-RB6aoQC#IoR`Tq
z@Vee>zAZ50v>G5NCJgAqS&aD?JH8^=k@8d9S&Ulma5O0IiUty%_KNX2F5Jpml-_E7
zULn`EMoyl{NU%XB!*jRsgiGy67dG~}v8*%QvoPxKb0D?vY(~^d_^^>n9FE+)Xz#4n
z`ynUrdaFwq9dQZj^<lzJbDmmkE6nNb*=yP}ySvQ1=@yo>^aRhw<84Ep3D%-+RLi02
z@O>N5T(~ExXA%rRqiyY|8<U`2w+sF=4Tn9F+)x8c{b@=b<t|!KYB@-SS{u_>odZqj
zL1x-91tBCG0%guwz0#gon5CX*n*maD+|fx_n)8#nX}>CmH}MU`kc?9*bB26obf9N_
zHQXTFG}*DR0xeOW5iUZm<BL!?Bmd;Sa3sBu^OFXhNBy^U3arZb25hmj;qF_fRN2YI
zv8vQ78$da98Tb=+biqV*A(LEr_Fqz-#v~@=Jj5c~Zq}viHL)DU9>`?S4+8BBOvwxV
z*?$ByPYEUPp8K&Ah$25`8QOa>V?-Pz;ZfGtYwbIIYuyxTH0-U>n7{nVXwM2Qs;zAH
zzYrBG$jJ|`<OSb_Hi0>0(x)l*^97hVvNaOe>C$bi;$vew<2JF8ZChgz)_2Zl{r|m-
z|DXFp6c$Yp(LLqJlz22PNi2<RTtmKVE)hzp(Isjsc*jzbURD|glauoev1<n&qFxF>
zLZx8=*lTW>Ta<?ABLY^=TawtEBP*mMAQJilU0t8EBJs`}eBzY-W&D=B)p!vl4a5(B
z0%FuBG4n$c0CfIZu|FAMDPfmqCs$x+G!C@LDK>x3IKVRS?f4>OC)`lP!+}#$vW+2%
zg@WIYrE{))uLLp9FBVD0ba|$!8>iEnmi_Qf3al>bcb*sw8mjLjaI4g=;6z(dCX%+E
z%|sB!R48Y#31(ZZwQ@%Z9Om7YWr8(AB56=i{=W|f-Y=PpTNM(HnW#Lb2?QHnp=~Jo
zUb=Ahq6+ocAz0}`kx*+MlKiwb!l26ZiNdIg1B+I9$Y#<itw_KcH_=>wpG_Rkg$;cJ
z{RUdodMVdXmCJ0!_m2MR?B6%?aDhhFBwe4CFL+__@yb54{8*jy0@-)`Cze7?Kdqw^
z-y4f}<lLZfC2$Ct*(NY9M$Dzp{EPE-ezF-?s_jBm8aUOH_e$(s-z`7qF+rndo{gv;
z=<4dWr_|7a^!OLi{7kwVKzD~!77`iO`M*XFbEp14HK1Uthme^wU}yMVC50sHY}{lQ
z9^UMSkMqQS<4u(rEI(Ryx2gYn&U>CrBou*5=${MQe~?%Jw7fD+3c;OqKBz^lW%F{G
z+vuYtnOVhJB`n<uDgf$fdonn2Lx*f8yfMs%+#YbxK@jEJJCCNG@x(M~R5KrW&a|P8
z$um;soDEvKHr18YozRTXK+R>xX<>kkd8diFot#hJ5wEW>wOe>W{K>_9ks-GP;UomA
z{lC`vJckVkbu=lw3K_iATh6z4=yl#*lc=2b;8VF)Js($q&(jW;E7Sq<cZE00gno-k
zqi;0Ron8O3oaz{S+MQ;!2kkOY0{64e;LxLOH7I!iF}YXf5=lSpqs_&}&VC$a1RFw%
zoT!APPtXekVm}X4BY|%Ru1Ad|)NbSNrvE(+=^04sV!q<m2a)R37K!?pDlol-Y#Bm5
z-Pv>uJ-odulL+uWD=K>;H)II0gbX^$X}-Pk&_x<Nv&c6RcM}5;TF&`^ESH=v2n{P6
z<IGUI3G14+-v^b7aJr0x)ZQG3eu>Li=`1T$%+x!=JgcICnOaww<F+5$_@j+AqS`CT
zWOl)PX5Finn*1EXaB5vd0#}O3K(?(`quJxnCmHHfo{25dh+Kn)CB>)ccy>KU+@4Ym
z!$2BzGZ@t@823t=>rVK?@*>8!XQ<;J(`1WUhVy=g>awfXZ>yRf#wG3J+pHCpADH}m
zx^`GXy~&`f*;h_fEJ+q62VoF}_O<@|z;frmcf=LJA23nTWETU#V)vqQHmvE8&dY{j
zR_22%6U(7T2@;NsrZyFg4o#E+<FlsnwqhXK|MgXx5>L;aow<vh{vb-r36B=s)lVea
zm##aXbC!OdJ_G&6HA(riJ>K3l1($p5T!W|?#v^O^!6to%$8D8SB2D}Cz$l1;C7K3|
z33Pkm{My^#f2m&4M4gUiE#{ajz><sZK}kVv-rcNV&p-@q^CHyOr;{umC}LzDrs%g_
z*Sd4DN-M@j{^>x-!Fp1OBeE529Cqvdw_I|HT>C6bw6od0^^W)G)j`FJ%}}gtw<@qA
z84~ySp=&etRm_It7ETvpzg6*IG=Zz`nq5oyb}dSubCFtcIk$t^w<fpvLNYl$t^J8(
zan}&u%Dd2W6f*+FzKy1aM5ge5w?eY0KrDTPql(HE;sm}81<5jKLPdYKn3q0Bkz$c3
zCoQpea=0#E>iUftxm+{}x{()Hb4FpZIWB|TDZ#B0w#o6gEl8R8ol91VP2ziUar$Ai
z(=UHRrK$8g)K<fHi{GY()v6>dq2Is_joK%EX8yAQpN7RR@6bv6XtTzTzU}FnLmOQb
z#Om)Y%Z?FZ7tw@qR%HRrLf^(J=W%KduGX{)0Nh@`7sL;RP+rZvCfJng#Rzyt;alr`
zAG;*-potS>IqPG#raREsu)DxX-6pQHU8bIiP)@@}F<GgvdY-p43nWSYb+(cjUnrMH
zAo0jI4~K^0UiHnZ*=fxT4T;F`o<UEL7<@gWto;`&{&3$I`X9ovI(LJR_K8b`k3$W5
z8!DisntzNlN4{<bvt+C2716-6_r1tD&jkSlM47aB&$n}b3tbd0=dQ;z4~C9xcwttI
zfe3xyA*ez+*Iq2fb{K!>yH)?H3C>B{s9#-$fc}WZ<MrWU2ZGYDg7?W(uIB4Y2NTv+
z`~5b7G6fiu)h(LjGwCQ+aDmNsP;q&x+*%Dd3S)fC%Mw8xb7#Tba9?K?Su$_`0MmuJ
zW|jC{tqFd~6@UuDerPpJ={f;KV1F!={gl~b-{pTlN>ZYd`>%0!hN>-IV&D`ClwqLy
zx5P1i<>>2|)JJT2%U#A?3F=n&4SmnQtcgBm4jbC3OLz$=N71?mYgxZBvAP?Jn^^8R
z{^tMrm|3oj%=I7Wnd^L5$An}p=MD+jNYn3H9O$KY&uQ^bTJL+TsB&blZBii-S0O#2
z2qyP;R)j;!Q6+`jWsTV(Oa%HC$Ox|g<DnOVz9{e$cryfVswe4nsj&7)!vAH2EOMws
z-uSz+Iy&cX0dC-}ZgUIbN4UBOEe~qPC*P+NyV}@U_A?t-;@j@J^h-SuB0j4o#rasC
z$mQtU!c+x}Ler7-K2mRHQ)%!(@)X&zt3A@9t(<j;r91^y4-G}DN|0u>rJ7l+&%_Je
zA2p$8$347-58j>E*v5QnH8tBhcLKKYL~4k?Xudn?(YnZ8Sj$6!=tup5_WrC28m8L!
z?hSTU&aoO|L3x)N`El=2kox&A`Rzi~G6}^Sp>q$82=<O)6nMd8JatE!`_FC}xg>dr
zem)qITvgCkx*6lMK?4|)gz(?mCMC=a&2J`j{|^wMEXDFK3#_S#*Zfn;&EH<p-MP0p
z9Y0yNM1vV2-l>bnBdzu@hw6-DgAKJJBpNc_e)&*j0&#EWULyIGld&xLD;AJIAA|ix
zA8z}NN>d<63Yun@`Wvq05o`6KOa3DRI^FKHtO{x38&Fdi%y5>2OjqMB^(ajrg?W-3
zhSnzltyImD1%1I8f=oo92$vCuoEN$Y|5KHf(h6~slUUn(Hy6b)HXoKx3q=Vj@Nz1*
zYj@^qh^ZI@*nT6&3;9E~Igy4RHANQ)WZmclAcd3Om>2mB2NH+|<|DHJ4?N`?WP)*V
z(fy6ps0``{ApUtbs|cx|n3tE#2sSKTR=S9`uFwUcWPZviBpK~!+nr`r?U<UfG~dkW
zp9V~SrVAh_0<>z;{#vchq%v%?`oKhKX<k|sA`BWN3Rx80_>r4n@NSn!S`CXxX_F-#
z=Bn?DZXED}*!8uqh7Kjx3Rre3j@~%*xY3ni5khpXM3oJ`MSUHG_uDJFwP$P}mI*$t
zmk=RC1Nt-=9l4y@sIRa`st#OcAAsIHHDaqb8n}Kc5gYvI>}O4zx|#T?Nf>Q6(Z;nq
zxI->{MK-&Y?Sg#Fi!hw$OWZZy66=GpHt?I0zaHaS=rcWg5JsHu{eK7-DO!N*17-#E
zwvS&WU!^3N-a-CcS3GQ^FZIL>R~`U*eXy-jI4~@0BR4I&Jyq0m)-p5#<d{P5w@Ir#
zQA8Jge*=%oh8u-YL!cLu7ZwP^4CaJ<rc1%m%$rSYfY~8~sdP@@HH!;UA=28H0?!k?
zgb+W`{@v!FcI<d)VfScDfTBxDzf02uIH*oK#cFf8@A_)2hP4-pnpTdDe63-XVhauV
zdVS@g_67kQ|5JYWWrJRE5eNgZG@WDlnLimc?@%JquhOTEnG5asaL=tKj#*J+opgl8
zP2pd}SJil+O4a&A3@sORCFm+D<i`xU!D`<l{^iEVT@g?9c1^AZkQ=aW|Ie1Qu*_eh
z{9rcl`s@rYsY?P=x0BjAE@hA@)2EH_<YdT{+ikKfI_wKpq=r6ZgQdB7BCt)#<Mj>J
zLO%kQ_+xx{ROv*pA78dBmfWJN4~Jmz#cW3_FfQfOd8O;d#J(WMXxjV@CJ%k~XRo(@
zci|sbHp~MsMQ<$TF&&F!{zX_P*tRcZDKV!$Kw|-Frw3pk*T+OYxSX!TGlNNgkrRUl
z*X+o@W2gHRIZ;a^`vd|)*T7H64%?K3!`SiFml?{CCSfzmr%SJ|_4%rb4QHX$-ilKL
zti3E?9^|MB<Wbgmq(Lj?xfc&+;!it&9F%0r1}+Bf-9iV&l@~}jE_$<07S5CDs5Ehv
z2S-!cYx&k!u91`e1_R!C9)Ccz;FATtfQ~IoZRa2Ev01GSX)*mUX!)y%R48Wo75I_B
zE9q(&#Kh9!B(J}8p}}_q&?lPk`*lv+0yR#Vjxbj+!xbb4$)uS*y89T8`~XJ)v)KaH
z=WjhjbOr(BP^iB<H4J*c7ca`zt#zvC_nMHdMBmzRw@xpXUOOSRc9R#a%`qk?KPu8-
zi-cH#Qd;B1EXGXK-Ewu`CSFdYxfFTM*)b{hO*p&eKQFS7kAW&8=?<viNJD9>j}Jm$
zoy08`Zjbk)F)}9Q;NYv-DY+#t$CH#Ie?sfMwX$-cNIf?bnH!Kw?KwZ~UZTd5m2rTD
zVq%U`ksHmv2o2h?==tq9m?h1dYdk(Hi2&bL+I7|Xvq=NROc7;TL#|*@Fri2EfC#*_
z#Bfh7CYXKz`syQ`Mu`k6^Un<>541)m!3z}g4}zYI#zzWw(4ZH0f!8+A3CF~zlR)Zi
z6l5iuOYcv%nULloO6ctmlttAGNtrzps-xXh)=*XZzx|2Y4H@HEWGO^XREAwrHJ%z7
zx;FS}il1z_E2D#sHw>Va8O&^rbj3>$xN`fw*qimR2lwM(<HHd$5eoPm0UAWIeUwPO
z<AB2fgaKgj+8Ef2%-k{3hThb}T3N*Y2K+u7nRV8>rr~huryR7rq_pGxsV!xLE8JAp
zO)({qUC+e)3bYyC-|%pWh^z7JmK;4JOpe;Mj9DJyy9scN9$0m7(5Oh@&Ccoxg0Apl
zn^x4kGu!e%5q5*amV;<>Q7Ax<?kzUralBkW=ZN7*xwg<Nzf6Q4@otLKtl<b9S$wKT
zclgl2PZ^rCht{gBOVIkg;DlRIvWy}W;g@O6*UyY<qa$;fGOY7`7}(db62~u8hrs}p
zZNOhe8h_y7^okO;{9LL`&#ayS;5g`NI#H!{Y_W#-k)`Y4G|^_S7?mZ^swIbl0%BQ~
zBe~_>#Y0k+C}!?T`CF5qfH&abZ0LbPb8LZ{&Gb{JS0ePZf}EBYxNv?Bi9meP3irj>
z14UI^?$mR+xQy_y<C`91l#4UU1Xw)#oc&OX{`#5d1YzTLN19zO>?MLDlA|qIdIW2W
zik;D2>VsOZOT{7o;|V}0u)u{&WSUXM%YDtYyKK8usLDe#K$u%z!*9&|r#DQf`v#}`
zOAg04k7>QKh(4}Z|9%R1(0xKn$E=PZyG~(X8hp7&zJBvKIq*2cq8#N*_soNCiZf-i
zSP5A*I2<Ie3N+bIgX-i|*}wX*AdtOlWW+gMhJGX%PUDu98s(*K)IvQ{A**X*KUzl9
z2h=r_fUsf+s@@SaAQ8!c0v)!9ku4=SZoDBHvh!VL*ikCzEGnr`6KjLE><C3Tvk)rp
z1r53f<0Hqwl=D!UJQeK6`>(gcK}u#qg$vpcd1?M}u?(wSIZ@3KfF%Yr5M+nX5W`^?
zlsyTE!l=l3Sdxv<BiO;*ultVv^*uR^jr2H;%_31_oD@W8#m;n5l<Rq5Ir~u4MZODR
z#7=L;gJ`{x<<7%FxQ|gXTD|ug!@kQF1b2fUOO@vl3?!*2=a3(%$8Du5LTGt~L%9R}
zO~*LAxx|2d#jsgv2XU<+mp%@99sA?tL*nP!qY7$3<%`w$x(q`1<f;)FIq*NEFk^#3
z`{f}0BJT=Lftly2WH=L0gU4pvS}k;Eu+043Qm|FlU1Gu$2EnZCb=3Mx3bkACzFqQX
zZnK`cJPT-4rtBW@nGPIrS~egevkUc1>Qx#Ijmgi{=rM;V*f8>up3dpo`x=J~EhL;m
zjlf3=AtKU3%orcAZv*P&x;T&&F9@Pr5SgITFu@80p1hMI-7$H}Un9&Wc!p2;V8h<v
zeO*&)veYF_li^NUzDr<nV$6x>o?B$?$y<_tdCOa3V7I;zv3-vS@wl~Oh^D1|5q?yD
z2uArgb%e;X=;aNTU4kAE8qXKtC)0CF;ve^6zRDoLnz6v*q*kAjj`Qnr3rhRqTWPbk
z$T`4_vzkO>9(%Z05~|L)X)75}lX<M%982O<2RfCo*u`%{P&Ql%p&VVa7{=5a?srVA
zfRs~|JZK%HN2LyJaLn_w%@CMr`(TbEXp6=Brr7C@k4m_9_D2rnx<n~dRCcN1;It+h
z@}iF1ItcD-5c>GD65MX;^KDR2f;EmQMWyQlTXOuTh=tPBAa1|(gK2#1vv;!nU~@9a
z)n+zDcpv;gEImX=KlpD9T~hWCy~@jJO06EzbhPae!ZC9MD|PV&F0V#*PRnQIIc?oq
zB{du(v!^<?G`9`ySUk$V>#wu^LeP{T(UT{_0U4$r5kbnkZKaqw6Fn)1og&&9=PfSW
zLUtwIJO<I$Jn89>U`7nlhXkVYm5_s9Tz993)qR-o*ZYQV3pu?pEp~tOab!u$N2;=t
z(QIXFl|ywMzdO$Q03|+gvd<5DmTwq_(->-2DeQaLmu7lQ8M70%QPO|of<Pxc&?>a~
zl;{@NuL#mezh09*i8MJ@$It;NeXte!q5>#?_b1i*|J2DctJR?rk;f=)YnZ^}tQr@J
z?EO^Ikh$3u(H>-Cr~R&8G9(5>%#{u<QzeA1f&b>|3R;dTvu;U>o{TpL28yw84DO!0
zUNr(JKJi`Blo;OtNTwBFUk~bU)PII^ghHN96VbST2Z))l$S2kYm6ue>xw5oQYX}rH
zu=o6V)}P|syqCy~OY~wvA#1PBQ7Efgh1-Uc*!wN|OPBwb8NG@w0&8CNwc}^i7?A?~
zd8|;W>||ni$y`os0F%Lg6$TzZ`^XLEUGXLX40Fv|v2cLzxEb4e*_JWTq=d^w`L=i0
zZXbV;S<RzZ3y?+^mF+yAsyA-FcOEN~J0H{#prA!jQBH=cP8Kxj7qjB&*Y5y9P2Y09
zPf|->C*lkcD1>aEZ3XA%Uq}sCaa<2EYiPJJFX*t`td6N>VmMNsX9!fK4jSTs8|dV=
z@*odCVe%fAZmg%Ur2md251Z#a|75Z6gI~in;^7uSbf#*EtDO~De45bo@;EdgG!MEP
z72b{N)Q*rm(V_RLBllP<<Par1cSyw7*S+`opwf!Q0IRFJ0-w<)#m^QK|7cajsHEIZ
z-~wV&MgI;$6Tp{g^xUuMwpgT#WF(cch9fhDvlsw~pJt^C{gY_vhtN9xL9be$TiDEa
z<>&bqi}sljc$p$92yurP^rAxX7EM=*DT`1F-kI5}PVVv{6$suO{Y1=1OrKZI^DAAm
zBw7!?>T$`no(&7D9f4qzN0a69uD&t7{pg~!Z^WYm`HJEf?WC>$mRv3gy)s(0>YE@!
z%@ki)c6;GxdE00Nr=C0gu&A54s^<gX_CB@syRs?Vp*gan>U!--5E?VwzLx^xaojtO
ze6_`~#tL%>|52X24P|0IQ~}<Xs>+tQdBDUcX}5T=J9xo!zzGuNn=h~zZ3LOlstNI;
zL$v|2EFBp!u;JQ9^<mu*U#!r4xw){5l=DG5Iu_LqpZVzYe3xH5Aq+U1k*jwJ_!IZj
z#8d~bX1*<$N#5IJn!)1k1a5c<a|{MN_?UqU$_z#MSnF02XRj;R?H2CySOL@R1|8P6
zO00j-WfT0MDRV-o`!ba|TUZnNq79kH<5%P&_+-7ouG?+YF(_$YI6|Ql>=Dn#>MkO6
zxK7u^p9(BLNWvNcwZ10SRcA=U*&4!!B`{m{*0~Cbd{xeB?Su+=OfV2R4mqC<jkH5A
zVlC91Jc5hC+h+1O{?PClYXmKi{n7#aSLtx&!*&jCIBd^8*<5S4o1oFvmfXe)H%OZ1
z+Y5eRxL-eO2vF~xW0h4G5va;Bw70j!Z9TbH{yoTvG{>T2#}jI*HL}Nf*dhy^-5;#I
zyMnFd_6F`!Ue_Z>cy+}lWdi~KVv{ew{WZk~m&#Y2jn6|Gpl-k68WFBjO5uKpQ=m7l
zcqqYqRmg^&Rh=M`?XXHHWb>-VIJryVTH$D8#&r{}2Z+cX?2%tBW*w>;F#>s4_&-yx
zRYI6pa6U<5jM8#bJ|%%;(|I|a8M6rKO@F{br0>EC8a0(YFqvDT?OTwnc<nb41-dc8
z1m6XA-C>?DUx47_HB|pTB*`MoD&AiHT_%KVZf)nIOF4rUD~s8?<9;Pq=rth6w7X^Y
z42{DWZ1@FL`ab%Tt=EIgv5KZ$T5QnT6dx*p>GkXK=q&JQ_(@%)QvS;Y*lYfF`G`!0
zjVxb28`L98EjD$ypli|c!P-K6uKrO6LdahPI@y59Y{RP_n$m}~y@m%m)R&;10jzc;
z$IZ54w6IVwzY_XJJ9P@T|BQ`pbL*RSZo?Ugw7vx}k+hPm7Szmdq64k{9LP2ENqz6y
zsQ+mD#~g3##fL*Tq2p;yUzS!RB4qKk$$W*(8uVq*`I(mJb>|W$eVBz;zFR*GO4P@)
zyR6AjmpZR1aza2_$=3!+MPx2rndr;Mb|ulN28@Zy7DFjq$Z5orD6CUT%mML&6VH=a
z^Qa~Ds@=L6QEg1>+P!Z)zMiVOtinKf$z_Dt!X3z^G6xuzf6=teo%mWx{zG(_=?5M=
z3OOa(NZn??Df{k8^4>?kJ>H%yU)N=C5mCcP_k0$!wdkmv$Z0fjY-$Jv@wl#V0LYhM
z0S4Am#hE<^f(`bjxs&5gW)3{zO}n5;YN`_A>xPJ4?tYtjqpD<+T!`=iwMj{XKRwet
zI;%E8>kvC820jJD7BQ%|62N)OLU!)AJRQxUSJaEi`=&^C^U`uJVgfMyJw|AudW@E&
z_s<fq%K;euxyAmPZ{L+gGW0O@DcwFYql5i?U)4a7X3%b1lbwi;nuAnp_CpZfJj@L_
zKNcwyM7md3&5XUO5ac4`)#3hLC*birA$zCDUCNjzZ|V<T*%e3SRqcB81y|$k>wc{h
zhyl;p;JLJ<c@X7?8m&n2*j&<SXMGCT^QuY3iIqJ4kArZ$b0Of#A^Uo3WYmig;QGSS
z__N$EipAT@=4g*cx8$0|0#2`1ixr&-o8*bp>E;_X?$J!-=;GEK<MMpmICx@#y$RvT
zX^80a0m)uq1}}0%<toyfV$DDM_omL*y&68p$6h8OZeDv8mvqKPDTK;eT>X=oxEd=0
zon=-p$JTEx@(_Gu+=+dX$S2Z!Uk=b&K|WJzAYtt0qMyK2N~P>P{7?k{!TOr(sdmvN
zi?-B^d=<MNTK0W&U_MZGVEjYP)ek=SQ;IBQqa0hI!UkIxQ;g92m1IgCMpE(n8y<n+
zfD3QQ2eB$#oR%|`_(eZc)Y}yMt;NmN)h)kelvIuyN9cWEAZvPOl2T}IF>2yM<zcF#
zb1S=MfY3k|maPvAf<$JdM2U_*|Hg|x4^+Q%bZ5bkGu~3rrl{^P4N&tQ#YdUO2dfvz
z;mtFOg04p#-PG&rNFS>0G<<Igb_LuN5|GYG7pN5zs@rpAiW5T!HHdb~yOgq=59Fke
zEqx48mZtNGjT~PKHYGM1TcWfVB8Jf+%K^Hch%UC?<xH-G>>|+v(470?In(%9fJRs{
zPYL0Wos+Dqy0^`TU+!!n5hVqv&=PtvVwKRA@TB=Ju^ivizBr=vxfz}wg$5Grt53=`
zXfBT}LUYPZ*Z1u!KqAhW)D>Xm+nVric}T3<)h93_cD&iKm8}g_i8p59^)b<S24i5H
zcdocXE%+#@%G+yJBK!v{*~fE69+MCU$sZ@0bHmnh9cy`^V{ErKNZeO##TCZgcj;${
zD~Q0Njlwc=c2SEvlQ}4zonm54)HSX>ijkmuJ)9gugr-;ZS@kR|4FzHR#8jzuoLND>
zNR$(2E^VJ{gDf3d8C&9(2W0mkemwL*behY@vybm#Md!36Io<n{;G56dus*$&aWhQ`
z9k?hloY*@>p)blh_g1`+%b!TY$LC-4<eRXRgAE5UB-CSVI2C|WH^W&Eb5k2Ybr&?8
z&J;qial(Y%cuBF(*$QVy#D<PoqC2%&6G!$>crHwFW8C$DvX_s_TbAObYEL7p)38~O
zv%|+qV}xuDNH47J?H3$gXtJZc7=r{1z-1LnJA6{%*BDBG$Wz8>Z)&r8*>3*#+wICA
zX#bTtq$P&|Gjs1h624<%${4NYm4q+&aquoui|$nP=N}&59+qx$sTY7E&eDYb3~CGJ
z`@Tp}=WuWESF%#ylX5npU9u?7D!-G@Y9pt~0Xq4rxgv%mDLCQG^ZZ2ifNb$QbEQ;@
zCb0vg4avX>TWKw~E0Q&E?_G%HK>)}d@0H4Gz>^$f%y%5?1nG*};Zl#&b7@*qs#&il
zmE{SRfmTw_C8Etq=stGW598Yl8X?GRS(GmwS*C-@TvfAE-z{_#f(GN^TWcRYun5An
zO>qe{sL5zs(@H?6{{r>rS?Am5h%O@$ylBLo>F5*&Yp#W+TyQjQPf0b1aJB@BqaF3y
zU(OQz6ND6b(zc*~V=~gwRBL;?zQ61?1&Wrhzz#G5|7vfGj9mVTC>boB_tXo!40WOv
zqsbbeEx>Z5)kg)a8<|AGwm-+#EUzw8gvy#;0-t_?lTZHkh}BNCvG*Q6>Pzu3`n`eQ
z&%mzEdt2f+l?=UZGj(NWUhEj=2;jNf?|XC-yp|!2Y+`C!YJnIn5{DIB+%BS4f~xA3
z&jkxNwJr#N`k9@zrw0T62FH%x4W9Q-th(V?cPrOwE3Wmy+|Kblq2G2+a#-iNgT(q+
zg+eP=f}%cP{x9mjDMk~Z+xBbQwr$(CZQJgip0;h<oVIP--P5*hocVKdo=$Re@8hjh
z>ZNw-sj_RO_S$Qu%_rppTFTBozVk$%({F7Ve6(de=lP_BWRPTmbE%&`@4flLa!(^(
zL#KF{VK?DHE|vmQk%niJRN%^7QyjP9rjszim0Aw1p2lKy{UQu57~xg-;MBhEdEcdV
zz?+<*@7)&g0V$|LV3f8<!wPKkzq#AI5Q7<2=>U$8x&lL8@twnvSFU$@lr1J=DKz%u
zUImuA;*nZ@zZ127hLL@ng$8)J3DkHy#!)l}6bbY)=_Cw1uts&Bge^iM58^QH13}CA
zLw38rzGSPEBUUz!N;Q4ML7!hfoTTMsFL{nu;z5{OKd8;NDxWs#Y_we5@=JrrOz>r|
zwwydd^RqLPZEo?oilWvBvmJu6?oGZt1k4pynPQXJsq(`xwm`&-@^R%r0+&y@HD@z~
zbMI+;fP|Wrf<x$?rbxk4AUk!Q!-&Yq+SFNhXN=XF(}ag(AZv^y<-EO(mFcoN7YQUT
zj$(f;m@NJ^wE=Ngd@igO-UYJ6%f<lI9WSk0&+d97e1+A%ZoGJQgJvun%LVh*t|7n@
zweTW7sP{{zsuI<=39vh}1!8fSTUf#8Q)Bd}y(^fxyQGg@l#dI%>TI*Dr&tFkf&63|
zolOs+2PH}!L>xmoLU+kQo)og+)@eJ4al_Py*vWXXTbK!6yC3B7>SWbRShbG9%HHMz
zPc~ZtudAZaVGw}4*a52ZP<TMxGD<EBH^JmyrKO}sO%&|fy|`lmRp~c27!pd+3E@h9
zwcynw7?I)`768CR&Y>WqJ&3I&(>l<XjQ9F&mUAxHd7uk_$B-#M71tilI7c(fg9y(_
z8ud_#LH`5dQhTUa7((<s$90*^t>f>J!y8puYJuf2y!&ks#$rGt*9;r~($QuSsimZ$
ze10VTB3zv%;%GzPLK&S$;@~D1kLGpi7gMI*fSyLq;PZpI6V9uUcPEmzVK=G8VJh*0
z9z{CxBCb}YP5R4c$p!N-UWnUi_P_<u$ve=H&j?vn>#rskqxMETFX148;N1XQspRE%
z%v#TGIl{cvJx;&oqSIE1BhbBP-wKti1vIW=(&S8N_~^sG-oFDE3_k$C`NY3(GBHWp
zgTRyzJhJEKL;spW$7<Q&wlku9Su{yo#|i?Pd#NI8cX&+8Fsgo{T&+h+8O53)9}-&e
zBRtP+mKBYK%v!JSq`EDzY>@$9Xm3CjbZH%_4?ec<;1-KC@|E;e`b9`@Ohkg1h^0~o
zwL?6C^-a|VvzWlUNL6Ybj9{Q<-wk*#;3t0|5oer;t)(mNz)=Y!y_3TUpr+sNDQG1?
zbtdpX<!z({P%z5FL&l-6;|fkCZ3pLxNioi}kkbg5GU!TN)i2N7;2#T%2HHMEwL!Hx
zMJ4~~_^WPr4=1;OgXDBm18eivXP}qXk8Lv|>Nb$sZSQzV@c>{c9={K+rWb06Ymn8^
zWdY=0fvE~bpwR-N+`TY|Ms)=`!;j*9K@IExm)0xmPO=@Uu@$T&cbWE@_~I74xWD2q
zpsVo|LIoymL&l5%bSc>6{#S;<DdI`8mxkZ<Cw~UHcWme>QF<co(&EM(Vhr8W9>I!s
zlO`O+5mK+2v6R|w)8Gl$QtoE;M0dgC46K4%kz96_U}ZHJ$+Ak7QuO?x^#$%`=<Ylv
zqUm7s?qtr6*Ia_}nTrb?o$Ur2v)AlMWW6^T2{21C%lwLzBuwJ>?yh8Bepx&$8nZ+5
zwRUx+tw8|wW+Wc&xsE$Kc9^zv>M`qP(`V4jW5}jaz?8})g)EYd51jq)02$NIgW(-R
z;wUmjN#DeBQvPvOWCGJlD1-(z(6DvtK#|K7A);sL{P>UmrvP2`G-NR7%7x1Qb{>oi
zM1M>_2Q|;qyWCgn>dorkS}`tg9}&ACZ<~YgbP1t}Tm|VkFN-$mti%GyF3&z?`iLj~
zxM|cj!C@+nItPtxj?DPk9Y!8V)>FZy>@yc9_OZGCzsw+_UCq^90Cv#GD<_&5PrsHi
zG1aas<Xmu?-%~llfI5ID5bLX}4*gmgnO;ZB$APQz06S8$(6D>bp9e#uF97Q!*3nZc
z$T>;K-p2XQouJ?&<opxl$=eq3U(h`-YCOCGwm?UK=*sPxVaCg}C0$XQ=y?OvK#YyG
zQ}VN=r!JX1?%CjSmbO4EbJi8z)lw-&h`7a&kA1yDV76a=ighgZ^F~<jfnA|zgd4Sf
z-P-SifjCN35D!N6WsAl><)Y0RWw5}cYS0qs6Ji}}!f|uVee>9HL1(RrM$G4bM>WN_
zll00U694kou@#*!Mi1q$1ht>e`W9+unRj_jj?fVDuTyJuQ%1p=px#V)B_H7w#Q5SU
zFqw0X*uP-4<3g+ghM~eQWI8Pay>)=JZUpy@_OlBg^Zs1+-o?~p<D!-VNDo4&d~NmO
z6i$v4wS!UtIpzD<;F8O^1?^IyMyE0(jtQ-N0}rm34Mb}A9eFBgGv;~{LvIxDR;Krh
zViBEM6<8w4Yn(3$bxfp1TxGlN4)r1`!+~%hj04anp^rt0IAOVM?0))U^%<C>Rd)JV
zx!FHBc*L^4x>Nb3+9cVFud8VKb$6W8*4QXJP$DvaN5ns*um}3+Y`*;PRAS1ZmW_cZ
z=2u}N>F54KJ_Eq1;d9M;WM6by5l@JOklo&QVohlEg5F&2uM+^FCAHA2xnGKbjQ&A)
zjls>h1#q_%IQcT2Lnv5+wK++qtMs0DU?_x|bINdW9#o}-x!{5HN`y%MiQdcF<Jsk?
zLFxNx*0s?AsAP=Wq&EKQ{6=(-C1~<qBF#Z=yatgxm|CLod$vZxL08uAOm6WDLe0B1
zguKyX4?hS$-&zmFe8(r<IHGi%HxBQO*db<TwX6WKbtlx|a*Rk1{)2P3Y}K92CyvwO
zp=a;-RK2~h%;1WUJDU{AOY`7lrUwya0!?^KcB8^?g-`a2+L<4?kpStPz0InrU6<5v
zDiJ5(ISd~0kX!<Gfcuc4pB$8wtP~!yZ8FGg?5nHafGeQr<Cffko;Pd$WQjKVynQ(y
zWH$t&cO&*N)GSY(3uT)ozH*~b2PyrSeUBFp_cvHjtkAHvHZ%4UPsR6sPFQI$DiNEz
zs}}r9z_lDM4fc13WW%=HA=0|-zM^9=3`&_`6vWBb_O=I^qESsPP#XypB_bhoxZd5<
zNmkyAlfWiezd5jom&7AmXSFl@R>{KhO5Mfh-_g7pI|`<cW4}T3lUf`U);|TIc&gz=
zWfymm=`TB@`KOyCeQq(nYwn*p1MHcCZ`U83swce09(~@a${X)DBP7-9_pki;zWI(>
zRD_xzAc-@c(}oTs9Vrrx!>--keY@s0-L&%E%u0G=OvRcQz73oMeT>xZ9)YqMkU#aL
z#R+$=iN02!A_A4a9cDF=m7T_OQog(9LWHcEU*8L5KilEC?B8#c2NuM~*^Qj@TUZBq
z65~MBu*LSmL5q2k7&_KL3&or;>M&ed0dgy>P_8TC!%*6SFH)N=Y&j^_<_eoY1#n#|
zHA<V+!RrN`7b>7Al#V1K?mDY%xN<X~Ae$D+tPO9OrE3o%(V~izj{T<;Y@eaV-*aLl
zw(DJH)=aqzKS{W@R$*VH-l8kRX^&+h&v#Q9Y-@cO=?w)KuUiglA@%t!n**&@08=wW
z$Nq|kKL_qS{9G3c^(Ghrk(Qcu_}i^(u=2Ff>af(q279dGeX&5%f@CV-3bd^(@_laP
z{yR=y>I$}K6D~g~W8YE|LbuRg@u@r`esTr4_<Myi1#muz<#}~h-DdmWRZBCgPvL+@
z4Yk6u`Xc4_6Z<IBU;LV1w(1<dPwGWQZEh9k3zmJ(;DGX9s6*y<7$J_+^~kd++q>GK
zUKi|KZdo)QjVe1v0xGifl5IHKL(PgvZ^!L~rh+b7a3={2pvVhg1aG#Wz1ZF7<4143
zfAK^RJIc(^+xoGaccPq{p?}dpN~KNI6Tu6MSV}q83O~Wp9EK4GM0P9D7G6kOy&6ke
zTudPmEOY-}r+B`5i%?wEgL#K?Qn*H*(`@Z9Gn~Ii5T*rnE(Wik!-w-f^d$wPW|uqO
zn;n)H!%|o7b1^Tw^1H6>u;!`ufhMwF@PfBkm33j7FmlR>H7uA4aMl<_rJ`;!0k*Va
z7Hc7{&rrbs{%Zr07vnlJ8KYgH%9b2uLiiRI19l$y0s+gG1U+4-z44hMR<vXpGty2r
zjS2f;$cNMnIP<GV=B4dKy<m+UsZw8JwhzzkgWmCfA~F=4TKaCF8oVrZq>O~+LvPHh
z;q*oJEDq83D7*qm&!wc|*B$m?)q|xv{=nth6$h99e1A1%S5g%j_;)GQGDjQ2RvGn3
zP)p!LzY5T7No<F()h4%#d%T2TDY?9A7b4h#H90G#pQ?5G`u-(M{s=}wR^~|p3B+{G
z?}F00h@h&6?W+e+lo{X-j$pfN5Zc;zHlX0mK}UXQrAs_Yv@X>S(eQGRQc$n*O?I6U
zpXfB4U(ZEBD4;Uk8YTF@8iCWVn$q)^gz2+_jxC*SFiihY?v^r!hGg_-*>o#k+hiWM
z|C1W}KP|R`;&3zPA==>`7*jC(Mmr+!BloI6n_S>?<UfLND=pTGhP?eX4m52Vuh2}>
zzvtDCMn~BW(^HGM#H&Q99E#6bHk6sZE9=r;XexX|mE;{?vSIxw0n9yB2e=W^R2t$(
z5#jJSvK42X_?KfB{>HHVL*B#FS`CJg!cYr6YdpLQgd-|V`Y6e2SbX9`KvGG}4-Cu?
zzg3!V_c2MevPhRp_;E#Ovhx)3j{32=ufLS^Qr7?Pr(&%bl3F1e$|mrL9}6BH)9HVn
zt$$?jUQYl3^x9#s_Dpf6|5+9*?nBK0TcN+40iOzr0kBe`|4gOc60wiLH0-#I@{8J$
zeJh4BJCGl-loMjGzg`!OjhXZ;>oLnIQTUGg`LUF6_Skw73f8%`O>x&@4kf1PQAa8q
z{2r4Mx^|9FCKZCDs;>Zx*Je;d0)y)j!{?Fx1b}(!_OA-%iOJC4xm(l->Wee!Qm1`N
z&#{3eXpKSB78|@xZZ6V=pL;Eh&>h;1;3ER-hm^pC_ZhGo?c~gj^ADC_U_`(k)`3I*
z>JDyfAo!Z6@(XYIK<aeoe?8ic5klGU>9tlgUmZCplL-iDz~c(2eQ-sv{VUh)8vt@$
zY@WVrwk&2|9nWfr(nziXgEH4%-6LeXr7o{=<23I(yN3ohuDx1U;Tp@uUmDr%kWh#)
zm_fc>;OuHK(%zghVh1`(0J7iMx9lw@j1A-rx~t~W<JtubH$uC5nEDCEW)wdZeAnTM
zL8Kd&_ecIkAKaW%oIEYBtj6R7h#j~ARg;#G<q8%51F#Ru8pDLw@yB%!pPbJFxVug;
z1@$oV=Ka+|$b=TLCctuwpCp+-{iMvBDR(G<P|y$gw@#yBTQ_#Oqg)F!&V(my&Jb2O
z2eV_v4-Nef0db3b04#yR_se1o^~ubrcx<v0I_gKSsGjunE0#AJE6-_aToY@|&=Cc6
z|H8JrC?q<KuJb=V*a(pZ*0VbzgpK@o&V#{kRfY>3{?cmp6Y;PQf<o}CUac=qKW!#t
zaOsP$*Ww6A9J}p$8$RnBIR@-FyzyE`%24JzKdG=Rdyh{I2?{MpUTUSOUR>vALT|=_
zC?F|(=)2%$kZrDPmy_Jxb~=RZFh3vd79IcnLjgMoYUJLhR_1_CX2YR&Q777QvKI>9
zal23ddt4!^DRy)xt4v52TH?UIyS3pEV24(lr^}gTCD8eM+!Y4>wK*oe`wzyFgF;Sn
z`jq7xPQMkq;_pSNK<cjP>tIKsE;$BFzf$ur-gLu3jk&k+PGJX1-?%x6@veBv8-Nh%
z;v_6a#m<XAZ`2$>O@9KP@BDeG{@wp9K&|$V@7M7ZorhPcJ$1&khtLC$u&=WZPFwK9
z3yYlof!h2*QE!s+G&g)(F-ZC^#-{?vfdk8UBee5y0;QM(vNMgtG`TBgFoF0HTp@Z2
zqV%5D3uwsP@0de(G<>W(al{~>m}6%TN_8EGV8+{_!$H||aX+Ex{hU3`ITRA7t#}47
z3b4Pi85zfsg}ZfEA5hCjyB~y5IFH&S;K%MJ6-g%+!jS#g#3G1zhG4``^-Y^u+Hue%
zmrTKX#V6__fb%Xxn=<$9%}xBPCJXqjy-LcIWAEUzgZjw*3;3)~t;QhKL7m*<7JC}R
zq7Vypbp&*jEXDlBhdOAdj?F#70{CWdGaH&sugzt_O$jFIV!2LP=f?Q6lvlgD_XutF
zrgys5xRdhfvG_iB_Q+-#*^<^PY<oe&l57h~5Ap?k^QGv#(94Jj7ZxH)H{h+1@rQJV
z5^Ht%-`%F{+W^YmNpTu0C+fl7miiEa`M$1=ZpSjgKYgq1AgO$nlL(uZnr$|Q4PXla
z-*$o&3_XBAqU8o~DLFRVev>$?2hrcXHgbzVj-%jvXv$dXkFqaMJ1rVHH4X9q;j)cB
zf@=%r74{+RPDsZk9dR8Q=Z5k|IOzJ9yS4z&t5@AjihgOMC`*N$?CkE!^Xj8I&L`FQ
zHkllPVZwA)jYFf%;%lgjU4R~DKgU;U@nOw^v(5y%jkb?ZpmBz|k&Eb#r&y7;61%>K
z354Id>dl7r<8nuD@Z?6EtcU3Qo+dJ|E%$}>rV{7Wj&9L7G5VAEa(@T5)tq(yn?k%F
zD)6;<0H_o-LQu$}I7R!E#Ey5yE#aF^!(*CAlZsLd5Mwhw(Tf*|WFHGh6+v143hDrT
zCl>^P8MMI=3Sy$p#!O=c4y!4}PjbG8)|^&W`}irQp2+5N$=n?uqKB)1<W)<iQDWK6
zBPVc4-sT9a9o1Js-HSnP6Au6&*v@n7qjq2ShLY<jEj_RJY3po_xr7L}Zk-Qzgg#7>
zxLJT0kbHr~ybV=U4{%h%h2+rekzy_-Dj&$QSHh<T-|T|afNmoDs8MWcW<d%+l6hwd
zhmgT(wU%1Db|+qop$|D{etgCU5J8ZG=KtCQ5<;!>Upx2$dB;8xE$^Vf1d{9Pl+cgz
zc+?~<pzLq2@YD7Ct(fhOf)b|t<2dFDbiahwySnwEC8T{Nxoh{={M(t9f|6kSb!aH#
z)SpjUE{{Jx8Ds)}m_)^K5?n>=J)iD?E}}UwY`aq+xrp`}+9PhxxmY#1v8rf$(5*n|
zAjicGD9l@k^q=2jgnc1y!65bBnV%^<M3uow!lbnj-S*H{7q;hq;%Zjb5Zu1RK;Yhq
z?SKO8r-g4@ZBr1*5GnGu*fW8H>EU*hKK>lSD3v}%)>jN3)fG3X)(P*HY0a3ZEE*;P
z{<|~xL?B~ShK@UMLbag=G|V3Q-Ds<sz-DiXzwvjJqYP6e1)a}eTWEP%U-wg}uP{3C
ztr(UG5z<8>ZB<CxfPI+~dki5SZY_a?Q}EPh{1?ROe#b#@`Ee(tUvIg4|0{jJ{iOQg
z91}tP1Kw>0x&)=$&OO@OZUCYTBmbECNx{a+J>^{(5rd>BVI1>Dvv;@&I+JM4RVJib
z>Z$(p+YC*YaKwr4f$zTKgxuJ_9xn1iY`pR6KZK_|k^$?l<tud`BEujI>eMlj1|l4|
z^m`CS9d+Rjzz?#w`D%0Nn56(#yx#Z_p(zCWa_Qt)@IK`J&H36gxUeL}m3BFIZhP5i
zYJ1;zlqmRD`S+TaW^bmbBd{mF(ccg^-qow}8nFPTEaC0f%Ly4<O+>K(83{SAKYa3h
z$6ZMv7SkpHMDnT3C;fuyhP6KWRCmePacvNU#*^>!-Ar$+ctJ68w89`%LA7)rH1ooa
zBZi$7Uv^u%2Rzs7`|1dr?Q*(giF+?HYv0z#7ATzK*q;rKXJG10lrH`P0K!V_+AU4b
zK_^?sAi!t>;lAbLgz=a8{4Tdjd@Qc>*kBu+ih5lpu@}9&=%qGsw0{YeCe8F{8y_c=
zX-24rw~<{|^qG>F<g*&63zWUV%&cHZLR+Tmd();9@YxH_o$`0)!RvHHPl=>DZlkT{
zHeKtQJbFsK5}2|}%EJ-{ts5rfDq$QW9%%RB-WctRQM)fXR#{z!yDSDAEO~OSphBbv
zhBJzMj+!RO(E4U|x6GRaO3pD1Iuk~Qw$mnv%x<~Q_-gd$_=%8AoUpC;>Gw+2jh8%a
zE$fQE3{EUKAxH09b}wxACvCSdWkV+~01x>HMGtFbx!M_+*v@F~tWN+roedCFGA2R4
z8Phrtq$#4Q9qTTW8H1?Q@$6X$?H&fv60+wIsX9Rn;VSvqrpuV%2#qHxk{lB#(r)}D
zDVspYoB(U|yu^l)1&Zik=^b7!ezs^tuL3-equ`j#Xd01iosVWeei<x$yg%o;^~&TP
z9}-KYK@dVm)WBrc3oLX}fc?xPrfJW|47xTK+B*G#YR`d`s+;7eSN6x%qOhCipZ%Y>
z`YDM5`m9Cfs6Ir<tC)t~l1uRtm+{h@XnmXhh_F40WG>ssykzngd*IXHb)6WVWFSZd
zX-wY?8HOHW;%TkaEqdeFd21}qI(RLP&WnYt(YQi=!e8rH5SBoOIL}n@?Lky@F%6i`
zFEoWc2p+fV%5pQF--04%%0Q-A3zPnz|C~qYn0O#l5RzmIKR<{BArfL&vk6ySSY3~X
z$XqohyP#W&)B194@JUqGP!RmWe3y8jY6h{;>U@5DYaJYr6Ok3+r8j#gx6!;dNog63
zoU}Tq9(Hv)6jT(c4on~*fL)GT>(oc@tmNUp&t0{^2ZeozM7HTrd~Q72dvIT>QhCgx
zqGw^0UR>=4nr%!9=c{za{$X^`u&4P|p^E7b1KpTm`v*W?+EK9$Kc{}r;?NfWv?WVo
zoyA)1sfuF-CeH83#1U-_$WVGqov<sAeKS+b-sCad7b4pHLY?oIL=Ybio><BByRJVS
zR-?JuS!E)Ore`f<$4SBUdLfMJB$8CK-}sCp4P$}_*5GqzYwwUw6sT2I+}ghi<YcT{
z4r@QXaVU0r1WeKaxv%+<QfonIqmEGJp=#fcEgiHS$C9MC_a1!{2(pd78-&uKl0Or;
z-hg2vWM<fOE66<>zdg91^_TR4(#5Z2d*02X&^5m1w2l3*EU1bhw!7VhJvd=skxTd*
z3nY~2VwE|vMP5GW6uCn>Mp7>L?;&2Lc`*rn|6hy_l0Vlf4UdNajqFQiVh~f#0Q?3@
z{Ll45HHu0vJULS#?7Vz~NLz+L&GaqKfzE^a=7E*n(+0n!WDue#U-*X(513e;_!I1$
z*}|vgfuPU|b;*nwC*;kprlZHxa?KPUbet0>34*px=?8mvkd@ij&09*~X8T+BTH3@n
z&b<@96sy-iBVkKq7oL$)SD?-3%9C;M0AV90aoW$L2nmtb`5t6+S2l{VH4WVjszUzX
zS8Ea;A~bhjp^G9v`1);Bnf7F+bZo6O>-;R>6ia&$8a{p+4cLASRJK<I70klSGmhE-
z`oSR(h7Rf5E(WIXGm;JJlUg@H*<#22(Gd+Us*E@39+udQL?#y5a7lhC^C&tK^T@!`
zp*6|P0bBA6in2z#Su%%G)75Y_XP9I|pmRk?@%Y#2I%Wft4HZm5aV5l%MPopuUo+lP
z=3}+AnMNAUDz>W+#}9%np_#J=2lk6fMY>UE)EJ@K00i+}RHv9I4g>bMZS{AsM01NP
zB0H|j>Ex>M6!0c_#``K4Z3UPo-1=b2PaI&~gI~Ze?ly_?XZgfK@RmzXlXAY{z;Sr*
zlH3QrUZOADn-K9z8Lf&MK`)?0!{0)C58)wDD{n2-la*2|;kN@jHiI3Z&@X*6RPD=0
z$*PV{$s|x8MQn)uW2H>U^mrKU(tek;ri&Xmb8UR4)i0sv<HnDc<wFbXjq<*l_y&U!
z`DTP%DBK1MYiA*vq}1UCyOrIiYA3o0^~71L7o=N_A~RvJP;sZqS6$)3Eoq?T*>1Nv
z5rz0<g#)XnE%E{e_4n7wXzbq^f*J?bwfIBz$Re^yXv}x4_V0_Gm+UQw6l*W`)z*?1
z`+b<(l%q`)jzIl?j`>u^u|TCHM}DVsmg8)ox-Cm@<C-jlkHY&=FQF;n+k>YV5`hp)
zxN?=e`!^)#v#h?x?IFXK&M0P{f|_o4EnCXmk95ls8>H4>=sMx7Xev+{ohxss*gSCp
z&a6sAUNi)?5SXnZq~e-^g5>y<iRBu$aCMkYArBXFP?-iTcfC^kQ$uLKwhG_}q~hvU
zG=&R1RV@Ngt{()nPjvNw>+?tN%3StkW;UV~VQm>W*Tptgc8R?VgoFZR9auMkbC{82
zBB#k^aTe<AA<tU7#DSVZg<f+L%Kv^skZh!LPW@xj2HdHzg9&7LosMp>Unrkgn;tw~
zl7&?TpN<vJ*`LNCtRwtkxniCIU*jzOBSHL2#7R@4@L?F|4=odK)!D6B#^XV%h4H7`
zsr20J=s>LY%^523^b@o^^FxKijSI(osO_wuPM^i@RHyeq`>!Q}rCJiQ_PmK;%eE32
zMsFcEm(D%|y)1O=cRkl4J&(aX*T|JyGb8z8kPDgH?8ft5EtWWgD!$pTd$Mj8ktF@s
zRw}bTU8nKJeuh5wpQ3M18{pL$e~j@?9Nh<l9FyTj*lfZC!ma_&hg2F+)G_;;)mMM?
zwUSttqu{0}p|}0kymg$Mx@|<~tG2X2$Z!kj@1!Fa9z(jl@0la<;9a8F=pAptJDC)&
z^Ms-NZ^|Tx-yIQi$aEF4d)oebU2i{Z!nx{7#g6toqvc`B0@c>qh#U8aP5D4_ocDK%
z$%~;x8dRopTE_|zYK=8|vJ>&Du6X|8`APyi>LU--rDg}+>jtNZzxyreeXoaiqtAFv
zUqhYS*^o7y0#T-0{;7u*UX7P{v#OJ~Q(k(|aO>f@%Fl|8=;<;ct4W=jFJJ9;otmS-
zWIE6F<Qdm|ET`TWHorNV%}&D^s;a9CGwg^}D6Fv1^I33<;QAhM6Qe}BPs03^Gmm9{
zfjaFwi3E3y*h|%xglIhDnaC5%ohm<kAtUb1tnZ$2)}Geo$UCyN7L6e>=9XAXCisv7
zDeVpKlMO1;%xHBH$03rxgqYX1ym`##ES%Bvoty7tsrKoyx|O_@^$<>@KbxN%|NDue
z-{so~KHirq1`wkcqG9U##c}3j_@^KdCq?~gS@hphc<AXTV|hQuMOQr$9t@9gF(a+a
zyRqHbMcQ>_Yd|$g_&v7y4u+v)+aOJVy9-*7f<L-y&(=}^;&V-Y#nK1=<pyr0O|Kn=
z_!md#{_*c@wXBCfB&Q+?=yFH^c^+Wh^cM#zaOeT+Ce1GdlyuAalz%pMdm*1{jjo1z
z`tye49DXZ<(tezVD+)xCQu$$pFP{m8lp;6D$`CnNr0l5R=l=J9B>ihGAK1<QQlItL
zIK69UT68uXOl;IF&v~ON)J{$A-#hW53)37shqlf6&YjS2H8UbT*L(AOx;eh@9V-8X
z<-Wl4*4Ryn_oLjPl^T}<ch!W1V_K`ev@r0>?=d+7H;6IfesW!^S+F7QKb`yDm_>S{
zW|ZEfjl~st5$qD(v-NH2#(HTbOZ(LBRX>W(K*f@>9hVEASNDGR1jS5-06+(b_yng1
z(G#Kj^%>>Fn@HzjFRdsCfD`TtzWqK;8>}Oyq&%qklX4kIpQ89L=$}%}F4wMQ<-;=f
zIZop|F1xK??I1#BD_`FIng_MZdKCXmVsCX>Px*hLIDDG93qKLD|NP@E7d!iacExze
zT;##7O(g>vi$$UKA~?|jPW!Eoc(8K+l*{QMLw+Q#*r7(v_&-;^Ane^{y3C@FU{*~f
zeio$8QL320s?*TY=^21~ME_|85<+aGeDo*j1$~=6Pb0KKyV@ZPUSFuFE0zdexF6G<
zibFOvOj#eE+j>F0vxFC*BMR&>Ul`5T)Uabc^#!3(1}r*pT2*eTdDiv6FkH}`oo;i+
z?!5+F(}mC=jdJ+U24<Cb_e9bEse83p{8m?QH$VjMW@P(Os1y!BQD2uJbZY<gExXW$
z!xs62vi&1bt*}14@3F8ZKT_Xsv?4>ZIeKl|Y?L=bUTWNVNAXKG_OIy+_xs?~HPx>Z
z==L*Yn2&K38}z|pZ_wiIY0S&qEZK>oxYMnIftm!0EFf6f_|FQzvtml?*9MJ=;^X%S
zqPv7h!YNnwOwHN!gr*HPB`)1>jwzFa-t3dg0ZIw9gQ%(pdZIlK`(sCvQlG$Afej{R
zMpb73!dWN^54$FpLtl}rE7WxdsKk9YZx?3^8zHq2g+UtQozoL)YGRRa-#8yiD*|^Q
z;FX+T*Ufgt**Q$CStpiQnI4`XXO6qd51I)BZ|^h#Q>mc@0*J<7qUUx!m@h&Zjn%rr
z{&#H%YAB02J4ZS^qn{ha8I^lx_~N37%bXFch_xl7^mcurJ+yE}F)Zuz7_8vDQ~|bn
zpoF+HJ;&!Jo6a@wl-;O?Se5tIk8LXi`qbv1-AJc1%+5vs1@o^0YRLDae3OU5%(IjF
z@WxI*)4~o2aBQkS^iP_39w|2Af(bUVOH7;J|1>x?`U(h`8kdpSKyR=U@UBTQBu;;E
z=@k?~jNO~h)01STCo<JT+8?GYccP!;$rU>9R`=f$uxfLeRXF=a7eRr3h;L;^c=$nC
z;O}qYiA`PLWm~J|OCA{u_8SZ&a7yfE|0>@&Li$%f8T7^F?9h_Pd(Bh4k;=jF?mS*;
zedhbAYd4o|rQ}8%rzujZ)-=l{V3B0vI8eA);*EB)q+$8HzAJ9!DmT)Vp;Vp&e>=rC
z+qHdeRgYFhlAe^lwl`xb?`2@M0zeI6qF}V&O*y3pWBkL<<K@1c9ry*({?4QwejYKF
zTxxd153FZ?z;s7ZoyQ>&YOoG`^)RvO@&axMs(g{P{VYb4fWmX*X_x3X856g7@g-Y5
zf|&Y)(SuX6Da9cPoC_b{fiG$g*SGp+ZtO((bR({o-n}zgv4PMJgAGkxgKz4Asa<~p
zSa&2glml)~yBY-k6X}1l2^JHW`2GC1x+0RUZFMuFg6eU?v}3-)UV9{LA(~w9PD0ps
znPSzlF=H<>w3xIyRvIRv);C6KZ7+-8RQ5q4&CV&I_<0tiu+56{ixSB5jaZXJ-M8>a
zV8Ay#FOu~z^Rk~2fR)?rVWbX|i~l8=L6B-#x`taRrJD%XnF~4#)JP^%gCDW;7L<ks
zexuZRIU}5_l6qe(EdiuxyQkp`=CZg9`BbC;Oc;z?j2##8HjL`FB!hv{`Lsla^XdOe
zfH@^=Mx20%5u}KG0Z(jHFQn`HqcD&&5k`AY#DrbT65i)WU7|iO0cY`5lRS%Evl?VO
z$vjgc!CN@EnMr(@AePdN{b(-!=&O?!J>^#biD?7*k<$KxG3UdG?0Mdq&y=FhbI}f6
zf>l+(;+%ju#i)7Lgtph_XwrW5RIb$O$D0;us3>*;06Fs)QJgnqI<|~d<Wb)i@Nx=q
zq3P!<qu&;s$ia18QuE$SzVbrIo&<lU`Irlj$~#YE8j;E%6gkKVAEj_lckWIA3v&wF
z58Vah2>u1b65oSM+c;qqhYW0Ml_*Lv8d6URCM5`cIg>HbYkcvG44{(y8r5BZNS}Au
zf-+)G5nSv>&E4I!Mm5Sjee=^Mp4bA3S<-6O<NOEH+oGK>$x!$rL=VS~2#4>ZO8Kjm
zdQse(vRopMCZ{=hcbj;(9MWtg>=`4Et30r<yEB~iksU06)SQy$RXIOuOU`O*ya1YJ
z5U23aJWB9k7bD)KyC8;YMElXdtL6)RQ^S-8^I`1r#trjhbBI5f{d*}OHKFzH?J(1u
zCqu+rTxh8P(<@UkT#?1j&^`PWw1F`e_ZIepJaZ!kS3Njq-y%zzGQ&It0Xm{fSef<R
z+L|Jd(*cw$B1N)-4S_ds@*aMs0`bz<ZGC|=hrdJ^lY2!sy)Ns@v|ynFW?LV!n}&aa
zPpx>T(^~{}0i_~~Pux*AR{a7om|vOKT({CZsz$y0mf!eNaeKcIUkt{<FtHk~u_Ime
zX}E8@?0`6GIJ$zY<mO0y|KQ|@`1mlchZA`REVM19D6WtJ9Re%GRyv;_ry6f?Qw$r#
zI@~~>bir%bUkueShynz%0x3WasEaV}QM=_K=5`X^!vP~31hqrGBHlOzu?_I6A}wO=
z*0P)<HdfSy6pV!U#b<YUD0b?CO+>aYD1R(9<udcdMX(GTRhk`ZX=$`O6l6=|imLhf
zkBs$%S>c$j(}hUMRLpxmNJ}e<0KHP=o7)N?I`6Y#1@E^c4W!c3D677-oB?DD0l@-_
z-$nS=4Oo$mQOF0KBSHbJk>K%1R0mTLvpGHI<MO$2HRX^wzG@%uOXB`0<-vQ>R%XKq
zl_|C_?5WZi_r1URHctNu(1l3dQC@W<Rkbm(FY2~7h*vE|7Ts=DMYU5+W#Ivq2r0+d
zbjMg6I^C?G@#8#=KMzbQ@vdSpi^p8jFYp(p!Ybg8P97Aub~TcXv3Z1b%XvN(8Ozmn
zFNnce2K<{8-1lBT7akzpIA1)Q?X%E}qaVf5I+w59gBKuIF}gaTB%Et~C@~h@8;mhi
z@NwI{mCP(4oIeN-?E?{60cqN&NVRqrcl34GR1zhSz!F$N()G@V%c7_^1Wo?Xj~k{E
zu6tezFJG)PP{L8gGuU@<Dt-E2()8w;7tAx#MEjRA(pyixjMa`)9%2{);7-yOY$!1p
zYEH+w5dbAZ;UN{sKbCh}dty6H?R<I*uOeWQH`Zi(DS?%&91D;z`%DklP0Ylpy<9Xs
z&ca~$cL^{FZLTOc`~q{d3-q_?&(=@>z_=AuPekt}Za;Xa7~yiy`cjlrPUh7lb_iPQ
zxW&$IJX|wMft7oMrgDG!8T!1@E|TOqa7QA`Z6f_s&5`>2h?YGeVIEc*zJ;#w5^EC9
ziXF;VhB!#a%VtwOi2YclV)AfZi3wh_7L*V*FU*m8`@^bIx{l{FV|JjUs->fYetF)f
zGP3by<lJ>_*}tqXK3-AK{KE?qzscUBNyhmT)@NweJ+o0Dj{wsX?cdi^5&ybK$cn$y
zxyJMl={V@{NT1^{^ZcP}?a$7Y?R$)yiC5qKuf7M#4z{Lh%jb8SaKy-9is*;NTSoE6
z3o^h1Z@=kO^ksx&S`QV5+hiFJ_v9oPctDr&;3&oZp^#A+B~lcEy`T%EyC#Uc?^_f8
z7)vDqOXQa*=D|&0k6u<u2aWZe^{N`3Py$_ry;LksttcK2TE?ipIP$Q{u7Tm~C5`-3
z9@nVa`y@}y^jZ(vmCYj4nuv!hCg|$NfQ_sB18cZ(jf07kw~P*QN)sUZOyk7_w%UfD
ziDxLQXmsJ;RtPXYme#8bZ?O+*HDRC(2ksQBky@`@XzRP{4eiBgjc*xjb~|9ZQK+&A
zEAGw>8Zljn+L3I?{q@x@QrW3UYZxiwZ@1HytagIzkbr;sIEkRz74U=`R+XZvJMZrF
z<nni-+H3`_L<yU|)0Mk}7V?G_v4@O)pQ~v(rq5Kg@>kwQ1j%}yugrmObECoCi6f%Q
zQWkVFx$70r6Rmp8_YyKvbw0So9ZC#4yCO+Jxi2;cz`%W{_$Ey@r~WlFeO}#{zz3b&
zLl{V4SkKX;8?`1m1|bmAg8YBN$?s|N*oU$)L~yX>HU_qd^8Cg#9ZnKB+Xp|WG|aRE
z`1s4RXM-mMx=t#*l&>z)@y@%{uTc&z*qNg?|2fm(_LO47!brH~&qGtmaDn0s=6Il^
zawLeb51c=B0*^9~iY+Fup)DwuC3f@kAW-&bULU-92v^K#kYy6cxnqW(G_cl;^=^->
zjL*Yitm7AkEdIUH0Ho0oX)wbpfRtRDN^VHmXc(*}GU`)FoC@!M&`G^es&>xUfO|Rr
zwbutv4;MJb-M?6^I}eV$!<h0JI{DG{fcqk02z^#XfB0y-BwSljSm$0B0vf~d`J#Km
zJjOb=i>TKn%=;rrb1(AJ?qLbXF;c?#{7FpX!=-|U$YzjQVv6VZ2JUUpMlxdnJiA4e
zP5$M(Eomp^vRYc}5m(~$@wxQ%>(dTq!-G4mS!Pw<rQ+m%D{O;IhLWbf=+g2SMJKmj
z8k5aWhO1=e-orf@|JU}wx%3Q%XhvBK4fmd-#%w;zcsg~HaH;6kS>I>_8!6FGf*+K>
zQN2;&-@R)x)KyQ=32<QDjId^KOW!W_pu9d6^oET9oGg5s$^ZwXW>yuq7W8v}UPj_j
zIlg#Sn_im^6DG5~Dd2dzU$=g*%f5aPj5#6ECU|bDIQ4YJ(F=Adv_UaMFT!>B`DII?
zqIH%~O$1!&Bc4>m!=MADuY~&bc2iXL!pn|)B{=fs&BS8kP#P@GS6r!s_QcHXHyz;1
zS;h~$pN799HZ_DpU=kE7$Qv}o`r2AwxXPq{me1tusGQFBa?p#!{x+e;$J!)v=qsZX
zl{k?jHEV52BWRBHn6nmk;9zcE>p|_Eek-beu}akSAkq0!AG>p#h764CN+Z@5dC78`
z;>-qF%6yX7;hT?WDJ9~!&?j(FtNcqCs`X^U^h*CgDNiBo?9gvn9sMH0a^~09w#fdx
zA$LxvrWWTfBk$-WibxTQCuj!~%`C3q7ZC5^Ea2O+%Ox91zc66l)Uv2Zv9%Ba6}M^e
zpwEa(^*wj)p{ryH7d3LBGCb)LSHbGAiN{uSaB0gBhchMv_RP$CBC2&`X=Fp?nrUn=
zfxY4jJWQQqCzfyxhu`T4eHj%Z;kFpii4I(|V+Fp!-BpcTXdhfo_wPh+#IMq-drpf`
zKZqn<<E-l|0_FHRF~3XYNzvW4H(g~bcDlzcByY=?n;bC!WRY@s?3e=&R`fB?vCqEt
zfhyj?s&m}=!m2+HuqUb4i#D=x8Lj+x9y`Wwi}xUROTm*DJGpGr3)Q?s1yJ0*RQ7Gk
zV*Y%7R$iM%F+2&1x}2VZDBDGUE2zIx<io4ke-LA4vG@s(3ADga^|@!5OjI)UzukAD
z8`VJnm<S1(hi;!XhyHaZaohL}z@#+8)kGSpt8{B;Lf2m_iMjjaw2}dGI~fi8T#d31
z3e}m7euMamb(w<?oR^I?H@T`xfuta+e89Y8UR@|5K`(N&r&#QMXuJ;jci+<;AtR@u
zqIP3gVUScq!%8kYVI^Dbi>Va3WOP>q2_~kYYn&5i()EEju%#6D3Ap3y=8Z91N3amR
zwP`=Izf_JIfDQ$NEL8z&E|s4wU#YWN<5t1U4nfAKi^W`uQ3e=--cz^hwUM%QAr&@d
zU<9pQ`uRo>+gZOizgHgWDHzMh4`Zrr_0h^5aM6e<MEit`PM{tqW)_^mB9Mrj6I#FO
zy;s}8hz6=?qSMLw5j7KP>2Z>qfnQynI}^cD9@%W2rWNPVAlq~?)bfM&P(R$6=3AqW
zg5A3(7E?x{vs+xq`w45t$C_GfX?KC>p#<|u5IHcQ^DPBlHM&;`Wfy0fhdH}JK2sE1
z)&(X+1t(vV&d+hjmC#)g9yA0to=TH*PPigQd1?@3L{UQ~ip+>T`AFkdT>6#SwFH{X
z$l?Rka06Hr1kI71y_=R((9G_XFy&de_rQpp%hx4y5u^yOvTs#mQWdVSq)Z7_2?#Y4
z8WMQ%6TNZIxooxq3usnVA7xQkc)QdKb3tT1v!2U4Ts+Aav-?{SSXXJ_Zac<*6dDlw
zn9hbKA1$wPub9EP^~TUiZHpBkiWA;vJgLPei5^;+$R$e1iee;h{vA*2I~v?hsR#wG
z*Q7hUPjmrVg|4rpOj)+}B~2}cnzZ}OqtC1Me15vFQ&_B|mkmt+$x+Op<dS_{1Zb_F
zvFwFKqWrg&1C|W*0~;?s@fY=!HXq^DG>~2Wv`okh;5SH$)X@5`Glml68;dX|rGx4j
zm^ZA*tgJ>!^;%}o<{vHkUeLnoPUT1cAktgygXH)CX&PbPPQ=wplO5)~B^lG{T>M!G
zJ6Nz~mkp<V{q>C=l0yHe38X;(gF9<6p9zseYyuSP&DcTBwtK}d-N$s?b)4<Q&CQVT
z_h!znkWQwJR(u@pm&B)%Vw2asmI7tLC&CVvA6JBj@-fti<R(oIO8mCjVcF<_XUP(z
zckZjAeKkMJ&Pmhq=Lm$AC%tlTh%;I2p?G#T;U>Nvcd^137M8$U8hwDnDf6NU1$V=+
zIKH^NO9JG)uL@1FtLe|NZU^M~p$KVq-M)ed?#b}IrW%OJbp4^}No=hsQ1Ha@oy09<
z2Jx<SyB1omjdDe}HIu+c2*Hs1?_@NB+Dypr)~G-GrrTKijb}0lv6?P1H^XEZXqzpY
zwnlj`lXv6LcU@c2e@mY%_H{IRm7KOBw*z`7HGyd5eX-oig;|c$li?|(g7Q<mOnI$`
z1O^b8)K1RL%t%x`Y8IR|R<R@Ns_mq_n^cfXD*0uDd-n0)#P5^S^kr<K^_k5CQvwwp
z@~SEMfXt4v*VxJi8`p2jc*{Mc8u@9v*D(-iJ-_~jlba!+H_1+3ZRYa-RVS5GvaH(9
zTCIBDz~M#;M<2GQfNQ}-hLn2)6%yC_<r|NMg-C6GpazkC_(#?$ndq4=suyU64Wr&<
zL|y7*P|bx+seu~YoW^S`m#q3v*d^=2yPF2Po_79Y^Z23uPqJ&jQ^dwS?#2Qi^V#Gs
zu-49S>LETG$8njRpx@wMSV<fa3t<XldnVqs#ABWYCdXyZ`rum?D7!q{=Xzr6C@Qa>
z$rHnUj8==>uuo#~nrZst5#Ca#(UILXw08FGcZB{Yd7V?Eqq63JcXM)^=|TLt31F`x
z%6E1GSS`c9Aaeq`Fk|hr)=Ju#pC%L2i=NS+I>C;GO{kPJe+_bv@w;ED%{3JfHNtfF
zf6NYQ?4gpMXKSyKzk;c_166svClBKAmyYt`Bvhi)>DuzrXq=BFo~!;CuGLD6T6Z0x
z<vdb5ZCbaPl3Yl3EzVVJp?0+PCtvDHj#i*EmWjrGJB=5^G>4My_LO&d?sHl+)&<2$
zruRX745|wa8yrZ3m8_PA^r^<7E;?9DKQv6_=3*zJ%(i_%uZ=%aXw+mlj%o8xpE&Bm
zi7RDZy3vbqZ_La^@^u;b-6y6?$Q?rqGW&p-LYMCLT20jGB;S{x$hatyBLW+vdWwi;
zEOT_Ujp4}13S6<Ep70G=at!*%s%2%(w&8TXtPb+;N|pk#K;&$xu--MO*s;5z9Syjf
zg>DC^<v<~Z47(=G&i<VXg4g8D?o=a@gJqenO#uWy`TEp#rd|pgISz-Hpm`Y&D4uHK
zZN9%A@1lWxho-8`Xy*a?9u9r{4<>a!SW$YsEu%sM&YE_BQQg8neYkhThm>$S-W7}g
zA^1*-1-unfYPL!7r5SVg99?6XHz)PMH>^Cjvy2e^9jZjSRgOare)KqX>r~FvNESY2
zJP;-Y?nYEU+@RFfIQiHUZ5BWMgL1-~6s9X!p*G6c5#2<^fN6*MAjCoT05D}MTB2)J
zWN|QKv>>mO$hXg!_Ps^_*LS9TZjRq4aP24^T;*$Apgk+rjoZtWgm1gFGb<Kfjr6@8
zmd6LYt4i>Km4M%j^76GmqX{paeL&*vqr=R6YNQy`2p+#v->fYGf61u)e$i_*VOka0
z%7=e8-rd3iML5@wYv^w?HNyVLGX;;A%H>ztx%>&+NigwRB!)WeH{?LZzWP`D|L>tE
zN%Y6RD%?+STnkRrYa7%8)&+o}kFHwJv6_QjcvMd9KOw3JO99pADuwOMry<6p=ETK?
zPM;1`oXaZtx!nge=6V+$=&QX2Y8S2bt6#0CE*dEw#g3RH{wFBr20SwbYtY~;r$<~6
zK^1#sszq8!oh;c+6m_c<lg*;ZmH~u&EKBhvu@>|_e2w`zjEbL)y3X6atlkLDY!e#M
z=397b;S5j`^MW4OPGMylzzzIQ#1CZS@YJ=*7uS$<TDE?1LFfpYI)_V{6S#~q+;atE
z?2C%Zov|JyUDHT9WhVHZ@$}xVI5J4O_4m?7?mQQ`m0-uJq|HkI!Z~p0?o=>+E6=Yr
zwJg{mB~VDh1IKS*g0Ftu#`6NFL0>kmY3GThznO#LGr3G$)6|)`1~qO*ZYN$_WTttX
z#x!^e5a~sA(gP180ff8zR)5EX2$pD<7Mt5nH{-pvw_I0lFool4MwQ@epiaLjapkdm
zWH|q=L1sOi*(~6bznnPD;Zk4s9j9>U?uPc#*>w*7DHPeZj-rGbt~<n1!1g!n{C^Nm
zO$jyrqex(FA}E7fZ|V1>qct<r>0jI^lQlPyO8o7kh`g#vpEPXa7JWy{EMr1s=r717
z-~0Mz1CGpzAL0s@{vRI7|BUt?eM8u!2a8#Lj$N3(v{45-4E)Lr@4FmduUPB}%q5;G
zxDF5Io-U*v<DulDN6)s$`w&%hK09K!Xv3%%mZJd_7S+z@_T`lnsu~uu67+rTt*rBk
zE`;zr`r#e-uo1nwFMI~UD&_2|H;lgC9S76|7r=siaQ7}LttW0A|IB-};`&+75@4O4
zQjSoOTXUTM%zoPR7qrf6yJXSV{8&nq6|<*p43z$}di!!`*wUtw6Ktd0)roAi^GU(E
z_EfGG^AEJbdFF&x@^I6mO)p{a73N+{#{)t=?y5KRC=QA{mZB1~V@pxKbG0sC)OFt{
z611ybO9WnHRWo@EFvRcG2J_iVkP=lHLE={mbCdO%Cmt|ZXR0kuhJ@ON#OO4u@O2$D
z(%*t$s9E}-5G<dV%_+bu1dFF%UhCj|{tob*GomG?HD5b|;K)7K-vXKu+!{f`B)&0!
z=B5_!?DTXXBT7_E{A#*i<a`%LpeD!fs+Wz`sac_qTKt-;AFux|)AR7^pI?LjAja)S
z2T^Q!9E%&g6af}xwVA~~zBQV*<r(5V&RS3vMe<T4-iLZ;I+Yi<u^-gWBe<UFy`DT^
zt`;oq_I3`tQZ0ztU&=z%npgU3TUJ@p5`Fy8t@t)z)9*yQ-IGGjYqtF}nMPBdWL0Ms
z`3!V!f{bxKqb?3_@(Ctg+CSbAtE)LHP}$iJ=mL4r{8{&@&R}%sU!F9}NO+LmsOduu
z|0y&Cj@oM4yLQD|X<*61mOA<=C?b~3HSSwsj(JeF>5Y9kcB4iOcwbdjN%s}s6Ne;%
z&$BDm2s|NERlS<Gy;KDt*0TA#K$p#|!h9=8ghg%p|1Bt2N$tZ!$@IFfRtg#a#}N47
zjFHqO$fB4(buB8bFiw1qp;ikg?Eg8N=fj<s7(uCI5uQO0a`htSc5*Lp5n_wPA(~>>
z>k=w;c6xmKz%0EIJq2oQIS<iGOu{;XOn_l)&mkZ9tAfGsz{5h~Wnkf^DylxV-h`qg
zrz=cCMP39mM=$t*W0NU*(x4araKc#x0gohGSrFy*#eQh4dzBZxSU)<=a~x^?JHdrH
z)sY~Im5-p4ATh(vyR(>W^o4QzHWc0toZ+1P5`RmePF_!0cE-SIvcROj@h`)#l!a)+
z1j*BU4-9>7%eT=WcZJsx2@kA|;Qmsa=h8Gd9*PVqu09qUIWZ=GjW`TY23BbV=Ja%G
z^}9J*hngpn&R%D;7O!PZf|0ECGte@DEZW&KY;tujmw9RtOd*~7^koPdK7{nSj*t)c
z!VRq3fRHoYAu!G;xL+$uqSzyp{vS+?3~F`U!Yh#?6EyE2O>575dK=lrx+SUs%kBgS
zte}06F37ah?b~Ov2Rl1dv909;bukCcjw}(F*7r%B2zsEFu4~R(+_B)bU8^|miQjjk
zR(;<x)+2#Vq8kn@%qgjbuDMZ2oD0w(v_(b>OkTR9oseAs0FsvzS;gfh0I3-2?;z)g
z!u06l(Ri;P-pbU0-_^t`)7b*kdao}1o1M8xBxI$}lM!shPhgin<jE-6R=4Cx%vF_J
zDNQ?jrE|peGT#XLXzCB!9knYd$$t^|O--WoY`bIIwr$(CZQHii*tR{h#<p$Sw)w5+
zt^FT%4!Sz2^nH?4S1On2QFZMeA+KWl$U+s_VV0!GdkbA6^f>@XkWzHU3aq|tkH_;O
zi;$Je%!;EnzMdof5G>e;Hu>5zZ8{>%rI<FmJC#EKW0pf<HRL^41xS|`$yl`OeHAZ@
zxKT<Uy<sepDqG<9=}foHP;ZBVZ55H^<8Y=53Xq)F{RLQ-C<XXW@J)VG2G&fs;B<(+
zsW9T}dAtMNlLJT}NT2K4C5IyTJ62}TcTT@2T%`v&O++*gN3U%>VoflbyUkfzizavA
zM%0AahDzci+_cUGN?_)Ca>9z&8LaJH(y??Sl$bwzGa2X`6^qKd<tN_2FJf4pKg#`Y
zxq2YYx&sEOS3tz?$IA#6tgbCyouPOW^3UDJb%<NR$zgSQb<mx5lbz7FaDTcB#zAH*
zd~AeqPXgGQL6K{MtFV?><rok<;iI(y@>CfwUlmYrBIQJ7Kqk86+267>MT4fN>eH~k
zb<Fl8ETL2xIPSg??B^u2k$!L)R(WM4eoP3Kf74bVT%&XzIHTJ5gIxn;Yuu~~R}^b}
zk}}hiJ+ilhtAz2IfvwDkuCXZT3amn(4+Lt7J!}x}(vP%3h6}2p%ZRv))B$m#<wGGW
zq-VpR>T!t*4OUW)jlBLOEVq&d`c|G6TZBiEdAz4>o)H@GjH_E{z9k)d`bsyCzIfYi
zzVGc{=XrS;-)2=`VuhWSi}c1wp-QW8@<eM8uQf`HDKqXJvxe{iQ8Q5o%^*SX)THK7
zCEfSMFqxLxR5(;`V-?&&!xoITxgxg^#m}V%MlwuV_u251kh?9XKE?f{C~3;nlU{sd
z%pAqY26Il)e(bt>7(7v?yuB3ZVPdm2AH@&)sbYZ$g=+xqV78MqU>q=Ncq`zXr_IzB
zKcv<sBB72)cXhV9w_D)WdiZ%8`LoN~XJ991%Ebgeq=4Iv7@Zv?F?;EAO#;Pw^AEGr
zYzy40xy6yMG<Ry)G<>1c-P%Kdn>>yDX&$oJZS~5W)`7@uS#e>EU<gy##)08lASKt<
zQy4S@@=@-w3g^nW%;{em(bR+<_%oS}Dh&8X^{n`)zMIG<_{}H*V5jp*LXlzAtV;uT
zg1A?qV%zfbDqcB7-Zr5G@ai}JVg5?xEkZK=9_>a9qc&ofpl6C{Zv629=ZW&P35HXL
z&&Sg-v-0ngXUnaFgqfOJtBqrm^TPIwwJXFGd98uZU@ZQM;tnw}wt80YF-zo`Wix7U
zU3PP&eG2k`NiyO+p)f(xsytgqZbE?V;9qgQ(qF1%>%@mQCa@cn7pMrown+@l2&3Fl
z?I6<63yCje*uPV#l)8Nc>r-rN_o3p5fgC`9W`q|R@{Eoy`~k_K;5$^v)YGe~w5)l;
zPA$}q*Mu?*7UQY|*ZbgQ;CAT~A+3L?_Bvb2a_;RyZ9Y&J3RLLwo$&*wyxd_8-P6Vr
z|M7e1);x>?II*=m)A1Ey3h4~+0?w|xhFK0s>RLWX@;CkCECcOygy|R+kBmA$NyP1O
zDDtGy??d9_To+V-af1ip&S#KQLngEc?To!Obu9_^l!%R5#|H4CHcgjI=gseCSFKA^
zF4T~P^HEw$QX)#92f_exzOMX0?W?Y~x@t_3ovyo{(-vme_Gd4`#-fj%*3GBjd+7_K
zb&HwZ2gb~(mD<bj(m;Cfq``Xg7s5-oLspa=mAH_^3$zpZ`)y{n8v}C_>w#ngs&vl$
zQ}(qejXdd34|PT|ffq@-#w$~CP+3fdr&F~;a4t1mgq|r}Tocyq+BMC{;LO#x%OErm
z_V?)o+|%1h;nDSmc4X;5Vqy20s2tw7mk0Ip9XO_7J+KKGBM7V;`iF3m$)XQZtN2h*
z%yp%WG!pSiXX2Ww9dtk()ZF9KeB<ywB!uD~OitnPJtPR!iNT;;f6-DGo)t*OGmani
zAo{E@UoPV~aG9M0*rn+3#7SeF(C3vOQG3Hyr`jM0)vMvMQVW4eY!ZiX^?^di5Ud@|
zEvE!$JZ`n4idDS6&W``K{7Wpq7c1q-HiG-}^`@w;2v>*aJBgTKZ6NQ{m&%~K(>49o
z<6Tt9Z2~x}3iDI*3*4A@rzl)Mue1qJxLilQEaTMi!u6@GM;r)WW^u(6`ReY^UVHq{
z0yu2IGMbZZI&w51sjXR-!$ir~qF3c<U~$?C25dfpoLWggx{QVT-5aJvnDfoLqIQ{#
z|6}(T{*TON02UF7xlP)bCmCSB&0SrZd((bWbS$@$Ib<ds`@}#p<)v+$;`d&W<2#Zw
z&YvGQ-Iz+X6Zc-`ML(nO^;}H9;GXvVDGhNe{-Mt6zWePQgYr5qykqi(gmyo+-TN#S
zC@F?0kecGC+{}gp8Oq)xGKP~65-6kN^q`QNw3Z}383*8ZcdX2Jv{&>{`B;w=v|+E@
zEe2>nyE@7r8sQ}v-!-YVH^AO#!^SRiqw+wUv<F%aX%2u9U>lPy$ualUY!Vc4TzDt!
z8k&irvd@#0oJ5@4?!caNO){TcQ<AeKKS=vc>3O_8Y4fskY)1Z5n6&4SrYJ?a%umRd
zjxeScWpVE0b+-EzmUn|4S`VfrsV^#cK(7&1_ms({0^PY;Q>OChkI<8y7O=`@wr0kZ
z6gT2(wzkmJb%NyW?-+cD1E|EwOj%Q{Keq<TXQ~RWa5j{~xYQOksPgJWX<Dgc6-T);
zj!TPtH{oxn8#gc{(q$R;qf7EaOl*+Q-&e2rPCF&1Q;E?!s4oOLjjR|>^aa(&jWk^t
zh%S6--+GTpmOOM>9xLBZ@t-8awUCLc4Lnl<!~04uPf?>tkPh``GB!c6O}E5<gdqa{
za7fU`XOIgL)fSDmkl6}_6eT+k9XB6rGNp2gNT!>6*F)E&O@mPDjw$TTT3K6X%g7IN
zG`G)*{dG%>yo|vwgz%TkRC^4S-kJ{%<yclD5KM^_VrO_giW}un<e$p(CsrNc|D$4A
zr)$k*<fahV>KvJzJs{rxf%q=Wa{}JMQl`9`u<OQx0EXbhgAuv^s?!BUG<e<^ceTtl
zsh3lF<pAI)n>qdiWXeC0Ou{0oD-Q+Pv7)SS$28LDd<eh`$%fIcJM%gI*9;a}POhLu
z88au(Frc935z`5WgcHAL+Sro~Juz9{y`X767Q4Ev-ht)o25}<6t}8<iFTmEM<uh4+
zz7HzOviwjP+QC_KY-WuyxjLY6Z2FlNNi+?T?40YyH?`q4rMbmX(`AM~77I=dtN}l%
ztb>{inhztA<UwGv9}_FHnz7gnp33=Ckx9iljqg{7YdAe)r)`YFtScWBHAnZWnk&;)
zd6n$LPb}$k*`MjK+)q(@rZ9c3i1NDn$O%){C**?!&RV`2Syl;8a>xK#+Ocz%^+v|9
zSRG78c#_l&19TimDqNN~-3Jdp6zVQ#vul9`<p#6NA$xWXsF?UkIX&!%d`4`eM4Ki(
zkN~GC#WdKWpg%%P!(`$@N6O=<$6Zi&tTUM%nq^}{&t6^Wx-w?g^$l&n$F1X4R4KC(
zq6d#3lSINIIsAKn56u3d7oAhOi#o>SzZ@#h@i-8?jm4&g?&S)%iDarR5oVKyYj=C;
zy7qM??!51tqr7t~OAkv_1}DkSjmYE=fo;ZZtW7Mu&99wX7w^0UO)DkWTSjl7O=c#A
z+!z8-zk%p`ow4Wy$P+Y3kke-M*MD-2e=cxOZN1@~3h^bL6N09ueR}#<w-*3vzafg*
zp?c_@WYYmwMje=PA)Vd^zk-D;#-lE;UWnK$4)B-Dx|(72y~dtfuP!w^bVX{8MGuj#
zU*L0)6AV#iT?54k|58q&Gkcdo>B^CC6=G+-me!PAyZ*9;o#S#b!GDM>b&^3FTvL!X
zREt2dlD+;ILhzfVviO@q*@0y3(JhsdJv*Lc^y?h<l(2v*o#<)_0G@tG0pD}*`uDcH
zW8H$ZHv5JPC*^J_WrV_kr?%nM5KQ)X4GTfH=#&`2ZA)y-7axkmaRNZy;|cnH?19A>
zqGbFu><yzO!;Zs|kcOX>4+#}M&1nQ{gHy6HYbb6d_LQ1Ybx)WEA{H_v2Ag`BVN?DY
zPdX`egg<rxc9Uh&9S<w9Hqh8o03tw&fvk~y_p)S&`9=d?eAjm$5Epc7!&!8P{V}#6
zMEanGwFHQJiW%&UyA<>gWKpjQ%hT%-xV*E)NPmhkGr^4cm%#cl-RYUvro#{D=FNk(
z_*^@kuBC`YYs4Ht-jmqRTqLuseO(XbM`@2Q=Sz87E<YKH<MJy>j!rayyfy1m-BA)j
zmx2G7b;&!IWB0|{nL-N!RqCT&hL4~va182ewHf)*c=OXVo@H`wIva3A%FLuL;s|&3
z{92YPlGV&$!{|FG+groX$tP2mxqneic%r)8kjFM&OOTVF@9@{l?=h5o%mdt3DD1Bu
zxI%ukmp{Pb$X5}3X0C~<<|(S8kVWwiYTY-Q$;DJxl+gA-W-bBWMlT8|IUooBW|F1?
zKrM)pUywp}4^9^@%{q$l=soB^^rvb|lYr^E^$fZ#m!03Q%C9BVV46i@`HJLd<qF;p
z9f1R*xHMZFcI2@V35T4-%>U>G6wt(P_K>X??dMmy?Gh_W2Yzph4iL#Ouf~WwOL~*@
z5Z=v*I+4q_<R81N$=@vgs&j2>(OG*MYkL960C2{)hy!JGHCp-kXjIPHD7*j$Ah&O1
znVIn`cfuHwscjTJl_-9Z@Gh%PQJ(_i=t5nd?XNFrXq|6~&Uz2YXLH-^0`seWglwLM
z_jA{8>P&kML}Tj8xPY3~tM3@1JRbs;Z1wJD?Pfmt{3qHLIeehQ1l83Ohn^1x*a?5V
zs1ODwQbmm9x_w$|d3?#COHXq6OvsPbY0ofTdaV8=E4S?Fyjagm)LwZ3vDhSVt?$sg
z!;=`An%$THW42<dpbi^u{3eYlVs*82{9{9eeBGHyv#P++w6csG>Duq0_{t3;lUw{E
z*#S%A?SuP8F$1*{D>egZet;D{jiwcf7Koiv#``uFAN>1So=KZS32uk8<iKqVEkh&d
z<l<NmeZBl4OE^4(+0g@HmJPJ5a{-5@4$-8%1F;#FOMSA!%+0A(Mjqt{4%0JLc{>j?
z@MA5Lg5}v>lk1>!G(R3e@whIcGVi0z_IZ{+Tlo~f5`hpjnA$6Duj&D*89cvewILM<
zdfeDug^^(=t<h_(dGv=?J-D2nznJ;Pd&2ZQtfSxlPRFW{+AUnfY_~SHt!gnKCAP#K
ztbSCkt{!_>-fAKUec>UppeHZ@^{$C`vt`GUW#Hc$X&gNro$383%mly)g9B0Vyz~43
zu!!>Z+h0!1a)w1(jq<s#rOUfmzL#h<CkTbmq?54zmkwzB+<?=17*-pK6MS4BZh4rU
zRnq<xl`ImqgiL(+gR>_qPbXVV#H(7dV{U%HKsmI!Y&q5HvD#U*N&b#P(`r{niO;E9
zWR<bo%`{Mu@Kd}65AFx)R~!qn^c)A_Lh+r{*#`+e)5c~+OJ-R7vzc7;hjV}MNITQ#
zNdRT#r@+y+m?J^3a)xm8RP#OL=pn6<L#~Y={+%F+Dkz}T{lxb!GFZ1B*uE1~GpN+b
zRyu;*zVY^i?&Mnjtw}xl_V(;KSnPyfu3kHG>^~o$+^q)_w-?z*>vB!N<8{@i8xg^M
z!5^2Dp)3XiGC470tIWC)^$GlltZ<=E6z*?9!n^Aq6tQzhJW|*@CZrDSl1-8?8+MtE
zc8zcg8bJV-qiKKa!&sd13D^ODv&VY)@St=4Mm8*?jQJg!?gH)9B?gdNu?);sLL|S4
zC+?~Its9R;t|=|vA~xw$=XT|4xl2ksNUGei^*vsiOA+raG)`Of81xq~+qZ2e!qcA4
zw=IX}N1I|&QMF~kI#p1t!4Uu~8hIGeHx8`ZE}$L(Nma#NPhXS{4-rRjtE<Gne415r
z-wS+#h^O>==^zDRW-7=>4RrG_M(#zG^8nH&pq%5#Z=T3t45s>IvU48pd&9gL&3i0D
z-yc!{i_64Pa=hbVVDIBz_>tmMq}f{4sW6MXM6d_9QM|wRnt#1r9H8^R5##E3L)<+P
ziTGuF^}w3)YHH@#Slb&AEMrJ^Mh-lA5yV(g@KCHwI2W{gW*ODS)C7~YQ=I<_dSpB9
zb`(^}*@_d0gfxbnh@u;Us(BrcN3%DFRpn>#x#L|a?dy4kqbm%g94lbl1eqXAX&@gu
zK%l%fX5oOp3x0<%KYlO7t5@3&AW21_uXWSherIPXrV29CX|4ZQoie8e*n5PP-Js^*
z51dfV=xq{|bMJ1>b#|#N7nw-?BPJA5uM{sNbieq1K?*jW@cVV_)BE8%*b7XCkU{Bv
z*sxyx_{_ARS=QeEgD6gJ3GxS6-I<=2_tL21)dbtW^YgyPa1*|v3q9qi6y+0|iH<44
z)i2pLwM$f#OKZ#R<My00VQDAVS@R=#)@F9$wP{5X^uV$Ri)XCJi1yWGDh4Yxa2u1w
zRb6vzGEWp+_s_x}VClXUF(9N6tYK#NXcQ!{i(DL$c?y0@>MdWZW5U$vDs3^DQM{1h
zWZ`uq%8a~{S|NT5+ee>$DBsHdshZ|GYEFI+=LZ{>g9AQ+f0;0%v~NWy+PfPppfN;s
zHQ3Px+$vK5#y=CdCi<yEFUV11x}Jg<8vu5`tS>_ah>D{nNI-1y^fQ*Rj3*C%_k4tv
zS>U*%x@qkpcsbn@?A9Q*pU?80sBmJ5eY#-}WlrU(pGRDFfsJluX1>!TT%bkkM$4LJ
z7R6wZdesY*9~<qggqMBD9$)gs+ObPIpp#E9qq_7lY0{Gl7w2w!cS8#sOCmm;3(aaH
zei*B8<^7Tw00Jj%6#A)*scG@`8;~Pp3UoQ_-);?9;5r^P#)8wj+HOs&Xn>W&oWkTH
zA5d#^MD*r*uT5+>Bv#-mAQumwp0W%2sIVLSjT4@5p*%?NdI$utv%)L_n>f9QAIQ|u
zM(C|>FmKZ8O3lw!)0!TM0)Ht2wlSGZqKwub%9_1jdxof<Lve;{C-r@X;K+;g{h&HW
z)>L9==8k!KctVI-;==pfA1(y4@r~H76B9PQ3$y-7+tGIK^kHTzA|eX5dk?)N?>Yur
zfc4#!^0toE6?LIW;OQf_zzx^hLAExJ`o0fSPMj=`<?pwG4$II={8Me@WzsKm0N09e
zI@s6NJa%9+f<dL=Df2d*WoKA{V^@N|(cGW_KRnM%?Drqy@`z7n-4KA<4`CfLg>5Y(
z3-&PHUWQYZi8UC(=4%ww6Fm?84IFpvY}3C~1d0K30LG#AAv~Tr{5J?#0=@@rDfFWw
zsY$Jhl$D`Qw5<#Y;u?ue4E4g|c(DrqTzjc@!`@STERw5yZ?^mO_y)Fi_M)Yar}byX
zYs|OyX#l_gJQD57nJ?;BBa&+9;^SpCm^uBgqj{&j9*gOxXHkS=q`P%cRZ|&X7|3&^
zwK4L#*_$~na@~I}UitV-5@`7M#PJ;?VFG%k@9IXtf~2gZ=HWw51K&FyZxJ$RlDE;~
zruW3dT>v&NBlO%_R$YOyFrbCBHY}zT_bhu1y67EFCyH+}qX+{<vLNNU9dEx5@2vfy
zj6+Us=j!>aa>PbckRiB7CNoT<AQXj4u7zA48TM-w=V7RZKmq6taiLdbd%+<+rkllN
z1nl3)yo6KeSf;2IlHMGpxBwB9`99ThLXQmuoSEAb%8&Vvh-xPK6Pq7`qF4Eaz>S9p
zS6PT$;Yhb1jG((6(LTXrplryk&duXR`1rP>%#t{9$9x`<0z*JoI=#CI2zVS84Bh;P
zuV0jn00f*f$)Y|c)aZdr74~oO{<c_sbSj2S4g5^4vp`geQ&~r>@D<F2013f>fe!U3
zkN`S3C2T>eiYy!pl)&jSvmwIrXxo!MgMP`aZd&rWk<lIIYRAVIS}RI8EQTv){yTAR
zIMR0*8z;_5B<5a1>GCb{%0ifW5mWiPQhjU@=j!v@RBD%|n3Mf*8v?#QGNGX|%cis;
zt*{6T=MzCo5)#b^x!4g|{2tAjcM!9wd1AZfLc2J3C>Q`bZM?WW2C*;8PsdP&JZBQ{
zO7CvcAj8Kmq_<7-i!bi5M<SwfJZ!ibJ5{Jvu~VeI@Y9E`QrhUq-P^tlB#cgYK1O?0
za*eD7Ctj4&Yn>mw)uFhsS|!g9^`SI`Im@~FwH>~dXvl}x8rTi8muyHuFiRJ7D)<i&
zwn|8uz~MRRhKofR8Sic)%&{0ZEF2qIr+qS7N*ru0ImFtTM&VM@t}ncLm1hW^eJ5Pj
zy|7^_p;G~Y*$sxD7J;>Ew#?1V&Y3A?wCUp@Ll0FEzArAOAS(n@T5W@n&qhFskI>FW
zRz}MNR-3-9^1dV$Dx1}Yfyy2YGk*Mj>Rg-z{E*BdS-?3^Lqa{>PBSk+w&<k(qCi{n
zZwe`ON{6*~tsHgwutYjF&C3O{g#6R!%o*kW*&X<-T=%Tf`O#hNp2uDXGv2Sv=B2n+
zUZ!L@_Xqt=A9`0dP(=Y4IfG{yLbwBaf*7;TmcKL6f=$T|6zl9y%BFIFzOxGkP!JxW
z2=hBa6>x`*H33!kF^K|95x5JjlzSXz6BF;eE;-Py?Yz}HVf;iS^}E+UU?(AApsY>o
ze}UP2>$%<rz)Px5OX2NrY7`etp;3mcb}RqEu?U$te18T{j3HTq*}aIe69;^uIm+(<
z6V}9U$0LsJgY&ybhH3$vgbk|Kz7MyC^n?{PCE;&Oxr8W0U+<53{fb&@o{eMBFVS0c
zQ6E(3M8@S?{+yf*%$=u#ltWH@J8YhUrh}6g-?aQo3d_q|Lonl*k^M$D;D014<flvU
z9`j-TDs6&oQ&8CEb*_SiWn)Jaajg-0wJFgQW48T14`KVDFI=2-RMq|`4@Jy@6aEuO
zjf2GU6DuPNH<R|T&^@264NaZr_b>(x+b7wAJ|xd8mZ(RbzGKFtV9V;YO`btX&Q@xq
z(~Xoj>zHRE5Bl;?Q?otiA{_6N@Mj<i1hYW+cGziHc4_q5jp-}}iTt#pn(xB9a6&e4
zN_A3PXa?v;>+<H04DR-Wf*%aQ*UAax;PV)jZ4T~jT6IuMt)-QF*7vM0ZE4f|A9A2b
zB1WohFGZ9cFI@T6JqO+Mkm>glALBRfdNS5c1qyhn0B6pw0@D-mm_?8i^J}hA1RXkJ
zK$SSW)v<zW!`#2cyhu=_uh1L8<4U19LcI_g{0CZue{B!|hz*2_SCpdn^S%ea#yM-U
z31Ht#N0DQ)RgvM^!G#@lYrm;?xpmzJ`4Dw~A)<+CPt$Es^?#!SZkEC%@r1MQ?m`j?
zaKex}O@7GACZ^|M1REs)sMmrk#-oqw#J7jvQ_m{mMI#(eYxOFdU|WKiUk8M8xL9rh
zc)IxKGGuJF10_pV$T!{C4(xh%&WAc|6vd^eSGpePOPrnp_LCWZCGww^jll~cKt+d~
zA&O6ExOZjmZ-2XV%CaA&JZ%qGZ+-$)xcI1&0~%<fs@)mykVFj+P@UTm1AG?T9ac01
zDS^kdbriTA8xC!<MZfJ!!YrSa&c^ydQkk+VAm?6?eJPTuoNfRG^n5h8usbr=X^1Jp
zu8lv2!Zn*^>lQ93VwHYGGjB4HW8Z%LL+Yf7c=*~reiOMHi+IWzt1fjUmPnwH8J_+9
zHlx+BgH(y*lDYd#t*VMAI^C~-C2&$VA@hJ*w>!b2m);%Ya=Y5pTeW4}d3AQSz&rar
zCMKxCk-Y*HrCAQQl@Xo-2Dxkb%rNJ<HkUi*GARuD@M|$Te*Sbvo3L-Nn`|&gfIQm1
zVvL9)#1j2LESq2IGza@zN7}*I4ZfQwsss_@%<q!nc~VENlR63J*?Ly)Iug;lJ=;q;
z(zW+bn7U0;HywBek|biQ7p@5FErbot2OA25pVgUSS@c!_f)co~FC+GG(P@MQmri|c
zpCg_D9IgWB8=N|B@CfS4$w*$5ooyEEf65zJjk(!JRi~&ri`QoPg)#O7nh=a1(o_^B
zK;Uhzn!L{3DOgP6+AwNZ)}ZrRKZS5a)#;&IDTaFRXr&VaA!Dxi+JV=NVO5Rp$;rRD
zjg*gq2`E8J4bRRVa<hlE6B2_ayjr23j(;)OnWbWez3*VAhn~qZVY@}JgZL?ez>J!^
z*?(-1MlgG@CfGpPw}6Bz%i>4r$F<ei9)EAVr@ma|LHB^&%#-s``HU+HT%c@@p`-Jf
z9HVX%cFRK%KR*dDt9_a=ct95H)lG0i{VeZv+7EEF&h9};2a_{x3Bk~RxqS}xu|*3B
zJKh+>M>*{Ub(>k%U_lPoN|HR6Yst6np%>k#ndNAdxA$iQY`NEnIX)$2LY+}PuRgVJ
zJ)@WcJKz0~-4g2~W(5=ba_bG;C|rKfNj_`@tv;wRLc>w!w^Be%h@jTsID@chl1=Iv
z8pwp2qDO$b!&-Nl5OGrfnVo?HqyT?EJSTAw+PLsj6*b~~T%tSI9S|AsA5g|!!X;TD
z^fH5J%ue^rh!DAQH!{>rZc_!?c<T%!h6lUGhvw+%45rX6(q9DoOi3qYXOegm$-IaU
zBj7(a4Sg0$WDIqFqfL)w7{vHTMB(C~hf#<j@)g|rR0jMD{B8D8ymB5e;P)D0gSPIe
z7WV+1YxE9G3K6ldEX+QUY^i#={|@V>-R||~2FIIk0p34!J!z*do%(11;ZsK<YUx({
zEG>%0o}>gMnF8r)+}BGW)22RXpJsx?^!8xXX=Q)ON!wj86R5*(JJBE>FxTVC4?eEf
zs#Eqd*FvCr@)>{?J4s$)`jDa+S--$+TkzX##_SkeJ;>HWNck@Y!C(6?d5zy2!s(4@
zWTO27+9{9;Od3#RJt5FpojMJrbl9-%Ub)z`Z9CN8&zZ-_&5d|<U=LNq*h5s1*iA=P
zgMf+{u$ZVJ2nkdTE_JB{UeSXEX)fH{vzX@zS#0ULL7jwE!{T==9pcKep)C*#JPic%
znT0?Y9+J>26~tMs96rwGMGAk;z9+EJBzP)>BD`yJ|0=Xo%!BVfge7Eu1}S^<(J$p-
z^i_&kDhR(|0vaE)mfb|Fo}Q7?*frG11hu*ND_o{d@J7s-bDQUJ=EBjr2fAhXfG@;W
zc7m^Pq+zY)rCd8KpfUI_%SMd_tTt~PU)iz_cZj&k{GB!go9|i8_CWd$YH5&?p6^%^
zW$s-!c>oMRw;$CR;>_q3F?lyv81vn}qClx(DAr#rwogpG=cwfacS((D0+{XQvQMl5
z0U-{4PH*o+duI9zgT?o?X;|<CeSXxR&3KF*y4t*QLB^L^U}C!)DuOKmpe7%uLMWQg
zCyEfYisT_=IS+OTmMR^<SeL{R?91Y<+)WCM8>bxYONwl6Ssqmn_Px`&IVS?EBxYAA
z)RMX)CsB1QVE@|=1*F_JyGwr6MXHo<RSH2A6SW|;q{1Jw1<>#DWn9Uj+e9jRIsb>5
zVEOeRb{~l+x?oxXJP8+mO4>fFGlZ46W*3H|p6{c}$N2$HO^A9A4rbUXd}teru!15N
z$1rr#3(Tk9_H5P(;PfHWINxED1F_Lsj;7P03~L=jM~|it%OJaTL0MpzcxV<iAj*E4
z<&33@Vq@_~%(67Xt8F!AuAD>vkgR89@fSUA$NDC%ko}C`eW$)$&hk;YZdSgs!K0~o
zOOFeKB$%h>l7s8p8T&nT_SyyBnfJY<kULTu^{c5g1x|^JWvg=g96*UD7bJ?Jyl5+!
zGj$itj>?9#sx9|NJ8pqO%0eIdIxY^~QFEdJ*zVxD-papVbx1g^&$-hv^p-z<<^zhp
z<%?2WU^_9Qt%qz$NVa|tx{HM&=FHaQO4Fo#8<jx0*^Aun0|4#NZt%-AF5BwjK#rM5
z?laEp%>~{27!EG1rEb6aD)QXCckS3LqG8<xnMSK<f!~0k1mvj^sr$dcm=_;bEz3#u
z3jH&GXT5}-a?U4T<fWKMtV8(g?f7ewH~TGdXcGC@qkg6%6?weWse|j#jcM{s!S?Rs
z^5sv!RPq56uOydIrCsCqv$P1SXSuq*t?l0slluUau^(aqbrYh~+qx$GQ63Qpjso%e
zN0|gE)f<7uhSW^j(Z4;1*BA0DVXZ#}aWv}!ZYuh&ZN>f1MI~aYe`JHP<1+<#z;LUG
zIo$^O`E}DZSGlFj!WwV-D3F%;gX@_Qhr#HD`Eaqq2C*$H_bwUXwW2_a4#?GKBn?qW
znjxP%yyw1H{YnKOa9|9di5E6x@o_xRkUY}EPIn~dXAZhGZ`%4_+GPdds0W?wnNJh+
zD=~ejz)A`cP(uAubjS|;LjGZx>42>eCKYxdwuyj8s!l4Q-}{K4+`7rRS*U(WUQWgE
z_Z*sLxoc&}Z`2R*B7^{{fgS^;9|bAl(Z5ULg&WKP?bGHUDh=W!^#3MKWDKbESvSOV
zy%%ePTjN{$f#xtCu(Udyj<M=&L_V)ep8r)pCNCxZS3Y|P4q~$wLsD!<G-mwf9uvyK
zzaCja|B}^B$txh!QcPj<(lXCjiQ=x&vaQfzb1z7D^Y^Bcl9yTQtN3ZH==Yxe^Ixel
zvVTLIQ2&P3sT-0OS?ea`6_C2oP+XSRB_Jd2{a1dqn|gs}((keK*!xo0&)y2E8d9T^
zI7LE#hy!v1<#m$-k`H?SRkgaRSW37o_OoJMDjeqApEufC6OpX79iiNqQY~26$I@ZS
z;Sjg7t4n&jyx^lzrFAqv!YUTlO$|wFR4(Io^Ql-;(78U*xQ@aI(sQ8>HQbL0KeC}i
z6(5GH16s#}C>A+MR$p1UJ|TW~M|XcSCm`K|fHCj1?xm4sXS7exu!yij@gH^#FST(q
zjyn7YNmB<DN68k$7NHV_6VTQnM^okUW%r)7cVX1J>09nGj{Y_BdNmi9a%cXim)Pp!
znG=4x9^&g_bOn9!fMY8p|2d5H-7x_+!Gl4z%^AY6gPfrQc}bzCtAJ-<gzZmh;B8?c
zEX9-fQeG!tapLV~U-U?K_-<P8nFlzuBJv+^K|;KYMC}NEOXEm=lgRYFrZZCclO`;>
z6x4!>zQ;QQv-Lgo$5*rF;}_=a@imFvSghGnr63r7EM|gz6nnDx&}_w{=8Ecl=A$3+
zcw$4dp~Msh9YXS=k<z5356LX`9K+=6$_VYTpao0Rexf<|@r*Y=$M^jMP>sgzN<(3U
zZ0&;<304y!Wq6;JXz#7Wx=g@BCo3o0YL61)FKWSPv?B1&sEG44e^TmwI=K3lx5L3t
zO4beBjI!;RpuMmv!}V8hzmg*haQj2A&x`0c!8En|I)8mp{GY;#puaXiU-^Cbr(IoE
zsuGFo90uR7L0h@{!=k(w51iF#42I~&T%Bd_)d3v1Y?3gAL*x5Dd%1r`Ti1?Wxs=yM
z`Zt2OUC2XULMd^XLKpYY6F!Y;!(^D&C}=`nW~31U1Nve!=L@5oCq8o}@)uPiK^t@+
zLy$!NL8YU8uK!~agI9xYt!tdE+s3^lkQG#%kNW`YggRWb)90>$k{~kyqmv4*Z$2vt
zDC?^a*_H`b0(q7MDA&5=av6!iF~w!bo1;-$zoB3BGXP4gQTw4%r!#Q2%!YUTA*}ze
zJWJ#tbBNc~+U`HJK%jNMk5sW3^6%Z}P^G5rNDIk<vxMLiC=f|ZhxQ7w6{--!GAi~x
z15XveF1KKb|7l-?9p|_u0kF@@zJ}2BraF@sqt8p27+i4k$7%>*@R5(GsFIcIW#eyy
zPVC3fr}bp2l~0U`hH2>NbeulnXrct^eSNXj4FD*8uuYYYHVb>oY6PHwiaP)WRO}uo
zpyC!lJ{5NW3aGdPP(b+&fC4IR9~4kg+yBogFy<u2q+dyW?nAtFMUt-uTwXr&gL}|B
z?4d(7J@4<{zI<eyr19=A=WWY7L}%KB6Q*GbWJC0cZcW8${52dNCJ+0)<x(|=;z)P@
zTiyTn=p>a{1`znK1A3|2^kVNyX=29zuLtcv)ldqYPC&LJv2ffJ83261p&wl9fnVoQ
zS2R&>vyJE_`24$9?U~(F&3ZW-0A3-%LvgwX+_anwz#^NcZs!eKAqlJJI%f7cjb3Q=
zlG^wYk%%Gko8Qur*5*X{tP4i?jUtR+Ur}w&@Masp@xs8r5vu@TbLmIAE1Y=z;7}1N
z|HCx1^L1_NNv)Y?sNRv4>(=7=7;~?$Bk_P*S6EU<mbb5WjNMD9eG??mUO_jj$>upN
zuPX)-_v#kJGE7j01Q~oC%T3yvMPtP4TfS{{r~Ua#qlx7U##EbryaK>R6D4+K?r`1e
zSmf-)_}a1Ew(_W9wY;N(BEfDP^W4^oo8A|59*LO`=`~ZAjZ>7$^6Y%elOWcv+L=_5
z>KPE6QxjUqU|3QpyIeA+EDR6hqzkP=gb2zNwf@6#<hsz#lac}@Ew}A35BCs7(^(ZO
z?{o?UX<<v9e6<El0w@eq=|;`FbJ}_&kw@x(L(mHn?X;*rHkaM3$t^?CKItvJLG4Y7
zIVBJP$W^-`ob*o3^2g`5mE!#JkG~TDP|#P<VLvf~Fw1<@O0gZLRZuAh%gjtLWVGjz
z_sk?_>~iQ=&wX60IQRpliLd!)DP|I+Hgr*#-u7WDaU7`bt`nCT>QU&|0)daDv=0IV
z!Ru=}S-dt27n($vvsbY=TsBs2L&OA&i;gWFf90@Hy&H9iP8|ox5^7d6nqW--mor0B
z49&2{lz{!3Ns>%dZDk70?7=b}T=4{b3&#8JtOI?Q7>0$b{1@p-bD?3y{hiqxyV@f?
zjx<lB^tleBUP1qXMmqzosr`Nsx!~pqn8NozuTUa07a8Gs3!~dTh@e*}ZGQ?+Og~F$
ztX~m9mQO|>f31p%e~P!`D30))Tbm3)z<spbL!rl`^UO!*oN~D?pHX(TgC18-OM$KM
z=LlFn@q<UW$hGGN+Ki4G3}I}c2&4OW_B?>LP|V==_%Fpmfumu|yI=x+%DOeocjigS
zBpg#It~~t_b_ik;8ER8a<*Eqwg0(B5_B&}X#})vF2+}<0rYU;H0rnYWAESq+#R9w+
z&FOaN_}YEkTMiXhLH-^|_XlnD+RAH+=j0qxy_$2QFJ~h!piBLOcw&S7fPt<9NAWy+
zej?DJd8Uv+qV&>8`IbMt4)MwJPTCL+z7KVkK)4Ntj!y-kA*%Ipw~o{qknvR09qN?o
zhTR*Vo|f|!l?~pmuO9<qM3IoT8v$d@fs(qM+#{vuKSaA&gTvkwb0?<pl)MIlKD`)s
zH*5OaNGcj~`d@@BdS$l&llcky&fG-<eOF{zZ7Xps8@7sEPrg^iS(dyh@pvP3ofQ{<
zdh-wF_v~iI3K`5A;k@huME$zye|Wnq{haQf0z~^d?mk@afJwe+{{0|;w7)Tjvmy~)
zi<cMP`>sK(z~QM;$p)1`%CKnU+4XPmoj3@4RoUHCwW;^LBxmJF37RG*j$IzdCk+GW
zgv3#aQ6?q`q?@)z<!2%P7^w^2y6U_L>Cbc5Gb^liL#tzyE!cVMW-c&<>b9Amt31&W
zNTq1o&Sn*4tcB5t?Ct7hT^Dn=MiQ5giJek4o^AOl-2J;g{=2AdL4Y5O{fLJ8Hp9D%
zX%Xy2S*_>0V`z8zp|LDps#Y*eRQ;-8SNu2?z4U0QJ*E+dd$0t^fo6k=a^TA0oU8oN
zw*9jcLTovNj2|Y0Tbspb{YCxeG_d?$c9S1@WXxvmR!ci)O7hC_qzy9vN)dAdQ^#tK
z%#bOzGO_eIb>Cq^`gL1_E}A(SD*Ei25z!YMNo0jww3=yc)`=;b;5T{7F!CL2Z*VXF
zSo(Y*l!BQQ%nCQO%#e1RbaMw4su`{en`~mDdLYxUUpHphwn|B-Z$kHP%ktv!H1`5k
zu(rC7n(Wh^I1F5a55t`gm0$_;ztYu9ve)hgIlz}N--+%QSzeojwVi8X{EQ(wjfk&~
zIkasZ%rPc5Rbn?&J4~>n<WE%=Lyq5{C!u(>#2?qN-jYn5haYw4P;$qJ+lZu2ZEQs?
zlHX$(6CL>OFe3$MmX<<G3eYSngBItbSylusC_u9;^;=SaW?C6EB?C>fGH6Kwnq{Wb
zk^(f!%Ah6w`=BtyVr9OV{+qAuBBvaxMEvnNO}CsF47AUifnK;qotc~!-vRIb2{GB#
z;`$FVyM%>lnn<Gh9nB#pgYpyM9%C6!2JimUXv-I9kHYy!T_j5ah}1p#N|zX?{R5iw
z-Zk-;cd#TJYcqBn9}0xf>OKNVx@`WxE&0EO@COpk(2wuN+bQfH607%8zP6x+sE~y1
z*&CYHH~re~pn}rVHO<1xDVX=q!T?nlX95e@)}_P@>IFsc2ZGc3D~foL*tcE<DXJpd
z%&+0+8LBT`OUN%T`{1MKKzayl16s6eDPiW@XAZkke9cBU*{gS>GXZn-D<k7G@-@E{
z+(##Gcb=WvZ&*rO?USC)Pm-Y>oo?Tp$qli?$1}1cI;8nAcQ;jpeeoIHLS${WX790v
zjC^gj&TBfy>I+C)<Y3kNifRe}DkPJ|`lpI|LM|z2^1Jv^rP+<f-oe00%$(EpL+bB$
z=bE%GfYGBWlW|(m72d`v=4LlPr(h@nnQ~I2Xk+(1pYMj&&HaV$yOXdGHK4q}0Hb9B
z!ZbI#y*Kk(oSIjXru|nY4gMD2gaE~f$YW36bb6-Yq>@q`bb5=%IFpJddL**v_v;}%
z`So?xmQ)WTRiz&lhLs$@+6Lz~`)7+Eh#<22n9i=(2D`@nzQqI8MZgC@O46fd6&rqy
zo`7tdkx%u9;4O+BF%#4w9zafd6l^d@_~MXj5y-(CenP74N=*9O9v_fde?15AAmK(%
zdL7CsEg^M;{>JmTDM*6EA~VgUUxM-<{_7YfH6w2Ns#($l$`rx!DXMxBN@u@Z(?bEx
zUf*?y51VqP5PsPyB5~q^HR01DB*Gqx=wR_F5>k(jIcyc>mUYt`<2}RqIgxYLST|ay
zp8|?ygwT(5uvh1fy`ChoBf19TYS#yt7iq=Gi2-DY?{QcBOWZy`wZ^ozm=ZF9A6f3h
zcF~{EB`MufNTHc|4yM`#9H@YysxlCRgA#SE%-vbJ$uUj>4>IR>2Z9XRX=ZTW2qirm
z4F<Q@7$)niL>H_Wv~?a<f{liu(67#O<K&{IFeL_5K535bFw6b<Lxj{C?riS8ae`L@
z6@$llyAzqaZEEGM1{;yfddh$<A5N4K;`RyeJe9D*l?~Jz8R^-+%v>l<2bY{tnJAt;
zm-XGPKqX*Ul2b>q+@)sY3pYf;tR%A4G64r3iu1c1)e)AkJk|1Oo<!zxL>O`NS)hD{
zIUZ)qCpMEztKvIAWo~ik*sz$QJ&pswZmU<I3)MR{0Eh}EYnz<*nX5MkK{V2vW&vv4
z-WI`_;y=~`WUDMObmNS*P;IA_#I0=3gGbl;+X{aneFB##28hX{KOWIWWLhE@QpbVP
z7brjDfc2&<$~Pi?hP;Jr?lyB%5uvN&Y!o(JZwW&bSYU2>`LvI;XvROK=QUUFuvwJJ
z(M^v6JLSC3<TTbhvpi#s2y|<n0B!X$d1i87Y81g|(RoTaiyY+HYEKrfl(&lnveQ~f
zh{LYJGvRG3!3DPrWbvPDT!5V}PuEE$Tq<Rz^R<<#OFu~%1AXl}cdDpZ08xs0oiXQ^
z)Z)E@-fltxzw9zh*KcTzO7P+$8Uz8L(G=<&wRKN{L2Xnl#zdTQ?dHfHYQjUp9jQ4E
z<^Th!8rrsfA&gJ%b@`n#y9zP<qgZZuOhkqa002;(&S^t0f)qFnnP;DkxFxunf!#{$
z=?|2(|EUGS_Wd=`d1+B{h$0#Iq=Q7ejASU4XtE^d5-9$BnQgPh-RqwokR>?h0jt{;
zLJkSM*CEnry5hAKM*F>TO#5APhBeO71}53g;S)dS`7n^S=rZgBh*)wpv{fvx36!Fl
z*orN~F1mn=R7?SMP8KS&1e!hdqyesICFUT09#-a0HZy|x>HZavW#C)Pu*&RBhWN_O
zdTslj-tsjw;*39~MRp0~jmP}Thgwy?VGs<lPT7BG=5a1Pe)#<?Bak%nLLy%Y0pXEV
zfqST*a%p15Ugh=pH6Av>{^F98$X>SX^Ox$FbAwsswYvw|I&40p2YMLaDgI6Fp9TrG
zjGYpsx9o-h8FOkHmA#{i8xJNg)>*qR<k0mnqFhtdcb`J>$~BV26iRn`;qx-Sj>5SL
z7fjNtcrD9M6-;va<O7~2k@I>Z#!QEXAg0|Z40F)I44<aQAOHk}#K0a8DFtS>nOl-M
zRP&c!SyWXIGQGBLBbzfP8jDNuQ||m~oGuJ>eJv&ss+2Mr4L2M9o4lJG6i%uRon)u8
zLy#;;1Su((3pnT-n3`ww7TeBrDz2i$LoHb8q&lbf!^z8W*2!ZTS6*{X+72~kf61+y
z(&%OfB1_ssN*kT;RLCfxq8sWgd|2pTet&|<JG<RDC>x`I2@8SfoJ7QJd4dtvgc^8W
zucm<ogalHrM|1}|+N$tRfBjO?L^Mrqif%&{*J(J%qbH|1yy|+Steu)bx(a7LJ|%H5
zOJCLgLy?(-C@|48%`;xwgtL`VlxsoXmyDWqTW#)C6*NPlE#4`-!p<~FL!J_5Bnh(L
z!)V3Of$gfLK6HHD1wF%-4l2_Jv_R$$ks@XC&lAS9FsA}z?`*FS&FR`9d%oUB-#ZiU
zmgKN>4Y3RAo^BX)t+N5$Saey6Uw0fMx+v!hgJr{mIqft60QSweFhfi4Wi10l5|sd`
znc0@qPPSV>0l3^Kg%*4ox%l4x$O)kV#^tkiY^u?x%5l`d7yAdbeymRkwc<Yp_J6IN
zOV7IRzZc+O&iSDm@OH{0Bz8t(PcSD)fZJTD`^?t$ui{$xfAVxdlMy-WwQRUm975&g
zq(eEGAn?y!V=^Oa9NLR7^oi6E*^<exD&35<AF%m@q6-wl*_1F3Yj(F)GuQlX10#G@
zkxNR?^kyHJgi6awUl`n{-yW*y((d{`5Ehd82@&tV3jXI}+A;K<Pha7a@fV!{fIll#
zxmQcmX6~7i69N!C`t^h<%s#apZf>KqTmNoa$sFm~Zz+#>cWEu9)U#x^VInxAG;VlP
z>yVPokQU;Dg;)lsruW5bqScg9_FC`%;x#r&TgF7g9~P$am?fljy2nh+j_9gYb^>ll
zSbY{1G?;<FeTq=lQL*l!J#KE{yS%RME}6CA%mV!7cMq<w;inoPf<4Q|giieSY1pdR
z`$G$l>U?jC1P*0d7#pg((w)AfV$iJ_2ElZ+V->cL<)n|6xSUt+{L`yn!QblC;!Oqm
z^60{Rw-j{e_p8pCS0ck5m!VG3*c}L2$pER4xo+bpM_YBp{zm2+f2w0FMbee}q+!ib
zjNf2l-(qiV3Zv#Z3Bp2{U>@tHTY`d#G_@R*jnWVbOq$X+>XIyLPPMs4{<nCFK`J{6
zmrHjq-}Qy5-0+P)!88Vq2u%<_Ib$;d1`KA6BG&(mpqHVtntByR=CoCuv}Z5m+xiWQ
z_SL<6VFn1^wC5UK=*FV&OVW7uaiZ;WS3hM$)tmCv=ShO9%||fAHrCmNyiKti>LF3|
zt75g$HiPz>j+(cq?y<Ls(KfQKHz-$0D4O1W$2-&~XXE1H2~eFFwLT8q;~%MTN<)NY
z(c@}O0GA%p3h_>yqV&+m98Eju7dX~H=I)lm+bm*<BI|mWZ^p)ec9mMIn&;`9ge+2C
zj08Su?sFS9ip(7$)m|P$dt~XynpIwYWg#S$&py)mY?11SZD!w1Nq@o>wU^>q<w5Z+
zw}amHktqDApPPIc8i~%{0PS=k$OYN)UValiJ29@=hEq0<FwEpAR(;EM*C8OJ=-$jm
z_*@&>^FcW=4dh@bSaw;HFQ-KcE7(-3t|w~cMfmVSe5u@17n_duoi=(<VD#O5ZMTRc
zC>=5D;`juo*Z%}|iQtRi5C)iE+CKDnZ5AzDu6R{T%nq|dE$*{MK||uXGIcXS1g5Q0
zj)$JaFYzIPzjp67n&0y0<cN#ldD&~k*Sfn1B=RAD7))q15det{t%ZASh~9_s4c`^a
z@K^O_<*z?iN2P#$B-QJ|X{ptmN5SXmGRpKF)bOk4@@PblDdKv4rSbeMjcyN<mKBQr
zh>7t&4@G*`pjKk?-uw1Shk+QL#ybV5Pe?yb)$zH)WT(>vIbD)~Mpi8}2FBylpg^iO
z!FZlbe)=?P6tug6>}nf5?j6exnQkpZB+o}z!Fz{aK)SI2`@q*+6c_L>rWv|q?EL=p
zC?bQpPT}9{=7L;fc?u*85GpsaE0y>A_r6Ze(iqVV)|eiON+^jF>=fcKv?bkm-|$}o
z=!nt5Kr&)43}Y(9QNb>G`PWsv0&n<R&1A-$a2g5A(Vywc&axYi+)HW2?qof1Ke?ML
z!`#uHfx18_)lfDYAa=wFzEO+QT3rp%`@P!rz@qrdRD-mza@ou%o|Sc7h;6$Db+Kt;
z-CL95;R{6{vnQNV0re`}XcUt5L<D2}3UhtI14)*0=l87F1((L?_SytbS|<Z8P-4kP
zOoXQNH$qFwxMGltWazSj*tC9xMbl$$o7L9|Nq0&iG=<Y5Le6KN%GOjUD*&^OhV>IH
z8zVLqPA#^nc!vI)JyoY;Nm^(vcTtnMWF%LgnxCB@=iG(FR~Zt`8iLS{<4j+dpmPp=
z2#>aqd}w1Wlx6!!0$A)ub>>?l((Eu24B%%p-X#3Ev}Q@>qsP24UIE${uLIF5dKqaT
z*j@^qh_7<O-}jVt#Lk@n|0D5Db5y!0bC}anL}TNOKNQtAd}S(`Frf=a9M86q0=6Pg
z_GK*6)o^O5^Ji8_Uap_}9(U<~?h^bwQ0VsNTh;p$(EdvFL^}9Z6VeAVZup*3tI*<2
z$nE_eqZ~9WK@q<Xv5uv$4SJ(St0;B~9|bR_$7*;US_h%T!7{M9_1mGlmS_s|hb*~C
zG9#=2^~xn_$*opd>MJD99y`fqS_~*1c08VB4Zq{kW^7n<YWuniJz--rN@gXDIDLXJ
z`KC8&Hb5osZ>A-#@qQ2Mc!X0<Abp0^#OEu__pHzB00|De%U#~_NuWf=fC<MGupw$@
zCz0CmNO1zqm=0hY@&Ewfj|1o$F~HQsZ|_WIiRxv}qXZrNCRprCF<nh{2^u&IUf)m3
zohxt>L;Q|5XXE`^E^o^({w1z$n!Zb6FLlF;eOpR(O|NdqctM<yW5Sv?TxK?MF=lz^
zFQ{|VfjG&$R-4spj2kaX=sS3@MK3xRbPg6y%5$&^{&KByKmknjNpcm|b`kD!FZYzH
zv2h)X*VLd!9}wQxn&E`yTo14+YpQYnWh5BvJQq;IdkMV9hrNflU3Fw`*;pr$CG)*<
zz@+zrKV;}A@zT~4s1wLQ7m#9n<n}724H)D6v=*o@if#Y>S;D#fHfGgDnicr(tdao@
zfNVo>BlFw@uj8M8eW)%9-3EssP|=4{+~R|;l}WGVm5u{0cqf8x$K5Td?|S|OolL(~
zO+9m^XrPn_{l<d7QzgEbj4cpE1c0cx#Bo?p-#nHLOo}Y#7Qo{TT%OqIC0ky>#m=rc
z8V;I$6#co5t?fnh3Dy6Uvrwo6z=#eS15$K~)pk|Hw)o6vz_C|_(D$_WvW+$d4_SnO
zrE51|<?Tn`sJiZ~2|BqN$Mx+QBpxMAf~qUwb$7N&FOOOl&@-(KDP3CB*`MHw;jXEM
z&)y<{MZdrZ8Ro8#8~7maO(CrvvLT!Klu}gOv^OtR?x`Ru?A;D8dC?2d9KV30<xTG^
zt7I|*=E^bX2B6HX^$F&uk_FFF=H&fqMgV0d2r2MsDzr~tVMCz}rONAdc155RB|Wcr
zw08RkW*%+fOTw6)d<E>AK30h0@BaZyK(xOal{g}RIRGF1h;os&TBvmLIo%qR^FgWf
zSuq*U&3c%y95~})0y4R$kL*frHlg5rGTBHh$_n6go-@-UZ$qYz#jOMC{7Yec^c{w=
z%}%!VzGPCbuW$6)(@piP%8VSZGE1h%j8#o&I-X5i?g#guEN%N=*z7keZ}dvGwQDyQ
z*eVmLr9(^cuc$?A@4oaY4$c}&vs-L8TVs6PhwrB#qC)*><NOMfDDxITMHt?Bc-mjV
zs%tr*lV-CmhVI!_x#NQ1l!k8YMa~ZA_)+7qfop=-epiKQlLitaI28pg=UM;>uP<Fu
zz7VkE!_3y=gKcn4yINmN3sNb8GTF@-p*;#CVX>iEcAGX%Gooeqod^)aXsfORTRH@1
zET`m>0V5e_nB>>Fw|wBlGC;*Isp3so<^EgMrQ)+3cY$0kfZm@XZ5Y=|;Zp8aPeJ^I
zP(c}cakVhtxHfCWK1I@k1(~vyxgm$l5R~WsCACHiZTm0#IuEUU<*8D;@D5wfik9|6
zX>I;E;9*Kd7teOfG}6Hs8(r-lz9=VCBk(TR>BeN)>d~0ORb?K_deN2<w&R55K^N6I
zy@---90F!@?DmU^#_jpjU9~dZO`nRr!Oe`3cJY+$P<{vfU|@i$VsOY93dKa>1UoX%
zDS}jTrDam)jId_3hrO3}_0|K8edQge*AYfd<K2|JXk@@Mb?KLF7_ZN~EBybdC7Gk)
zFi2(<v~>~tB^RrJWy11}e4fhkOwKmiGOZd);)N|Xw?UT#`17EQ-e8TNQ{vW@lpZFi
z=63e5wW5GFp>IFPHS5X_6)Aw;Ko%9z1`lXq(8=)glA(;)1?VJ$fgCF2*vo~kyNI=m
zfq01W7ONo4WC|?NvgqsA9PPZ=4I-M^I!FTCQoFOI3dC1TC;2)_<~{{Sv7{U%+l7r1
zxy+1fmNDX_ixmC-Ti6NZ<IYbYkIRNyV|h24eHJ+?(F}K}JakDa+Eb~g9Gy;zK@{}6
zwlidN;@Q&TXt<4PI5_MyVW5w6RA3=rTq29kqVK3R+iI@R$pj@g&vXuG5=M<7X<E`p
z+MEaBx!lZ4R-sUFmG)kv+38&`F-7dB-yuPpXQW{ySk+NPH7E$yd%eF&|6`%A7(%`N
z&J?F2F%kbm?V?W%KT6Sx9@|tkO$~P2Qt((e7;kNLSTwbt;cq-zMj+7-HK{Mu@2wsL
zVz9MJe1Wg>2M8C)foKjdYK3lU-|D>}mHB>D&xEEvl$+o1ewq%FP2nTk$0bSC6Q$=Q
zb0z?1tN`Be)Rx3Tc(g%2C%0;&%{w?Or=cv4Z?%rNV%K+qnt{WYIxrfz9Fm0s7mvX9
z7<zLt(Md=s*B5O36SQ~HK+G{|-{_U5i>Dx=)0`{)GT5sLIvi4%N*e?s>A(*Sa7tgn
zSp{c9y`Z{LwssW>o^{lp;I{e=NqKvHfC)t@arAs)z}SV+nbPs~gftG0C05Ro`z0CL
zO?t3tB!C4}QH9(C0y!WWXm_e`hRVwjsh@2KJ}&BFV8&;~2~6e^rz{^hK%f0OV*<7A
z?cj2zj~8BL(RshTRp~3Yd0lTw21lSF#Uf*@a|;A%_ZX{sm4?j*Hee!7_Iv(*0Rb9B
zSN+H%n9IAL`*KETl|YAsM!cPOt5*PZeVL6Z&)Y5w2q^6u)6R{mC3~xo`<VS$c-OcZ
zszcEcEPMA1Sf4=?d8ejo0>2()=Dq?^(XL9Z@jzkjH|Me&$$_kTB&KaeX$px`;p-qB
z%>@s2_8GATXX#t!^D}jVsZt1s6P?c%e;uHlxg=R%XUp`h2}6g*HJrPMW2{Y4UWVkY
z2$_)M2xH&?o%9!1XzVKRSHV*gLCFN+zQ(Yo)<-#GRsVQ`wVwZIhL#2h70T<N#!Cy#
zzJR;NyZ<hvIJ;Vt9mA>1jH)ANCWuV&i-z54P>OoOBu#X4sL^K<NM#kf{t@9v^1_6h
zX}ADuzt;kj1fo_QEb-e1q->G13=?a1Q2;Bo3}NEs_~%@(0Q;GS%{V1sX<nX;Zu{?d
z0m0QfYGh!TYKdZ^X4_0!M;-ZkJd?(|b&52P8fAdNi=jF$<7H)cI+OgylS_QL5kkRN
zK+5<x{{J37Q*bdCLOs~hlwT5{=r$hhX^??4Cr#5Q&)ov}k>dwOLdb*t`%T-aw_jE}
z@nKWlmp@k(QIQrL3XkWu3FCjC{4A8}o}^ob?SZEBZFv$ip+MIOF&m$TiH#_4k=BmH
zu%e$FKSFd6%js*j&wMFhB<zW$1;?bqqo`F|N+T+Is^4JLoiOGxY_L+ijBqm3mKe4}
zV29OW*pYo*u3Tk?e{x$Tc6&69_4&uTL+*+a#l#aG`fCOxcEWYi0?OI+yi=PdO!iK|
zv_cA_Wa@9BGf_ULoFy$1FTYu;k~KnjT@Z;OS6)X5<S?!H9v~>X!&Px50<#UZmT1lh
z<dogXMYu6Duq1wunsN=7G4EfiE3uE(#F#IFWD?x5f7D@hR{i9%j&c)Es!TbPqPtjI
zdYeJs6FxCa!{7|vK`a(tJRMaa2Dv=K$?L#cqKn5BbTBrgA0CwoLNTRzd<L|(ox(jK
zCTN9Y-CUvc=WNs<>xR=qFC3ybwqqnEoWRB+PR;lqiFl9K3c>Fl3Zi_Dxa;#Lg8Ns7
z6RjSA#Cto!8XLTz+?&CGCe_W3uZw$JVXEe7q6zI8@)>Q>O6E5x>e`g)6Rm38Qi-_G
z!BLt)#xT(ZA$k4N#K!iXT@-P2FpL(dp@Q+1;AHBWu79g_?nHfH2@NG>CR?>)_F0_|
zU?LBRmyEQ1ppW4;bTS52LN{lzHy*f|E0PYh;>t3}9Se!-cmQes?<OS*VTUW$r~Vm?
zm#eTJz*weJQgJs|?I+~$8OgLs*}`!HB~0GQfWD6~L1PEIF~+%&ODPbTw=&6g2Bo_~
zuGED4%uvCVji|Yw(V$Z^02xH$hY_tiz3nysjN{sCOy<mG#EsdHrF{^_@PFI;3(pE$
zO!tSyw$g-tslKaa%iTUsDDBzm5#P8#|F>hr?W>Q5v})^|H)**rD)EZd;(@$f<fRtw
ziNd3_$|JLT6^tAiJw{oG<cYvx-I3_#hlIbv^4%7XnUpD+xss(b%nz6cjxB6b`-ro&
z_x&oC((43EbZE{Bg{l^or&<@i<;Li;HRFpFE>Zl_QldMd8;#3H-_z8#KAR^{hJ9he
z8eg*E8c)qwjvGanJU$n5(;Us#MX}o9eG)-b=Q;uS)?rr)POMr-bf)NpMN_o^I5`X@
z)QwY38Bler?Y_l&e+LN`CCnQ<><IK!`Hw&}G(q)p4QPOJA7cStt#|MO?6n6YQ$vry
z7Hn|LNwfnK|I`MsF*_(Ob!~9V6Ub<@Y;krLxD~K#bTmW18Z{i#LL36+SREg;6K%^N
z9bf$a6vb>0_H-U-Cx81qJ|3o!JR3iEU|cVf*z^{$Ri!YG1>V5&@v9@RqV$q-SmnGI
zO{QQ3j%c+F)VI2rflYr)6%L(8Zqt*X4-9Soh8g~Ed(_K5wlRvq!6CcC^P2P6$?$Eu
zu$nue4$i$JLvpkJwzSWZ2{VL=Ha2rVtG-o4ccD{PVd$Zmn!=F>1=sN4xkAO$E@|m*
zt3~b1Xf7S;*5>9N+x4q0qGC$)Zh<=nAQiAb;^UEfziM;65A>mulN-ZV-^Wa?O9>3S
z%-SFn$F6A=#qJ3eBLb7rje?sO&ia=d7Sr5Ut<5k>_${cuqgF8sJ_t&r->>z5x7evn
zoL^$tL*~SCkgsjqy(7i@G>S}YdszROyO}*WyFR2{^Ool$*wSMW7;eKobP=ikX^{T%
zk$AdOTxKQ8m35V**Yw7;X*=xobEL{jD(czMxzrX$CbzN%y9V(f5rf?a#qW%OIY&=j
zXVm1s9<E%CRTn#CgYdoDW~Fv;nWddyE^E?yKjNp_6+`vsMmITB8}f6)Zd<50p+BWg
z2U3LQRMe9&m+|y0dhay;hDxL=W1tH%()JzmfQbY<X&X($F^mJwKyTma(~+2^2;6=}
zhGagE(+oKz&?EV6plNs$Rd0{Ou2bt|EgoVYNg&l11=C3uoOCab=~$mUuC?|1)5f^;
zZW4UF$}w2|m-SXwZ0Dn~Mz|rXO{jxW>0AiJ9b-ARyVxe2Q9DG&rzpncf9vtt%-l;R
z?LNAwi=3%@ybk;qlo8}DBIokC3y~PMF#M*_6yDJDzCnz-PJ|7h@t^eFySoZm^XsN(
z&YVf|oP20I*4$x?$!a*N8L7b`q@z{IbLp|j8BU8$g;&vG=z5Hn8&Na;Qt6V6{@gc-
z5Pilc02b3ERISfxc2vPU9J$hWzqOdm2W2PX2swd=0N2hjLSR)8Ibn=AlC9#Uw2Z^Y
z{$?N4U?ZOWo0t&x@|=)KF5Tjqj|%!?>*emG&c1<y<@lR~5WlsLsvA-C!KC#Mi+f))
zr($$4oQI_IeL7X})o`Y~zTLZ7Oln@Pg5;qyo^}KT0(>f{qeo`hMKra3z6}>YF6qOV
z(;UJBrY<YKBYa~o-b0gS1P#vuwkqOvD6`Ha+$fn@xR!4son0QoCG%6}nJ{4@{|r$i
zs8+x^QWSt{PU4R!^8?3zz4z%VTfSv@cMWe}n3<Zh@TU~TFGatNVHj)rlp6Sfa(*}G
zy`umC3}iy6{W)MMxS<KULawfy5j+oxV_g4Ead}}mhVLPxhOk%S=b7LAD(7@==oh~c
z;VXRS@_L2sfP#0VVh-48FDLD7OK6`MU`)PpZAPF|Xk?spBxQ}_!rK+1u6i^`w`$ll
z6bs$%zzx@0#&HaFRaOIcE+F3LdnbJ)c<lh5o`}K9o_e3})75)rk+nf-KSpoZeylBP
zNrH)8fYLyiQ9Le<7@IHPiV_*lIWOZ&AXt}-&y5or9nP-<nbP@_c!W~7N~Jjp;;sMK
zsEN7MHQqXSB*CB+Q+@qWb>%1e29u5O#gU|}F7R!sS7vmtpI(|g2|=Bny_EF8JxC%=
zQI!XBnHGIo-#58RtnCeXyo1stqm-#(C#N-bP&r2H-^PuQaTUu1_8N*xprjO}9WO|n
z0*+siGBQa9%_(Xq{R}0gz8XPK_E5azV2ER_UL6c@39t%Dze)70JKxqX-7kkWE8f%H
zA$GRGP@Q*R8>7Sx_Ki;4C$wquI!7akO>Hw-5`c<MQekr(Ex$AeuI`ejbBNXOT`$4Y
zL>2ys_wdOeG&oo9($uALEu$u|&6V=D@YM%$sNm96N6?nMJFLY`o;Tu1Am|V7W3b&2
zIJH3gb5{EZgczVk*B7Vv`oAjLO)97@4hJ2u)+HdSu>A6oc&ff_G3cC@hmsIm)2;cA
zZHx-Nd#1rWE>G3Fst}wvO&Nl4wnF&ICZ8*B=kjdrLlVSuo~Rj>5$RKG-A9VVQ(<=e
zB9HyA(qq6f*r3s0$e+o=?ux4q5>X3l>Ky9nLB=TvvkAsm>5K>Akf4Vx{o%RAVqrV0
z?pgJ?j0snF1GPK=ugmygV2Izi+gO#Urlq#NC?BI@?=NUj&t<jiaKL>Kb}?@wg>zl0
zy3Oj!Y^a8)-WdCVH;7ZEU_A6){TQnFuoa6L#1tt6(*{Gg^1U5EfDC@?buAd!HyGGl
zPLar~j`dk^q4Agyd~1~z|EFlPQvsj*VGjrArU|C&hY_y;&J&nwxYqB>-^4#}ic1kj
zeA3chyL4Tp^#;6buWaIAhuW5*Wq0%sGltC(zzAQ27jPv@LR?e2{r*q6D)MCPUl=Zk
zERFMm-3=c-f6<v?hfGf^P5p2?QAsG=%<fZ?tk)6>Jp5r28ira422tXAm6|akgPm7o
z`+yXS<wg}-Z}w9n*8If`ZMu=tYFR92j7K2AAG6Xxxcb`sGGnG9)qRR96$!0;Mwyzm
zk<%s_O+l{(_zi6q9tY{-?L0Q>Xixp8cYu5Ngo{2RzH5ZF)f;v4)$$G~nE_jJ?5L>S
z{+@n+S$or;0En4yg}A_R)e8f(DM7(B>_P>w-FWRBfF*_wKC2D1{QHhjqwB&2JuAU#
zS36Up7!D4kW-VReolh!FTz8Zb)du9qr|G-e^kJQm!aQUw3I^9eBy7uVLdr;ccF7BT
zE7gCCiZcgYqJOYqG3|s*wtr?E7YRjSK0Qu+M>`1}=k_Q*NTHw=lyCac{!|YnO!dx0
zO;7__o<Ob3B(FkC7e`qtbS$#!SQnYwwq(*LYy0*A=ozKJd9fDBRm1ZH{AV?<%ACU9
zPtHdzWFt!-T!?h^&atQ^3WwQZbx=>MYeQST_768|fgS(=2T!y)J|twQFiq=5s|4Yf
zBX1(E%~^RYPaPiPa2Kfm|L34Zf|9ge3xqa@M`V&6{R#GGP4&JO-~a#tZmV1SHFNF;
zF*#8<=K|WoFnR^%;C0X$-*~#un`jTBpcf*NZ!9Q9{yzD#I}PLpVIp2z5=%Sa(4jFc
zvf<XRv_z$M*y)m@=IuBD0FgbX!IansOaK4?01CVjK$D`M;KX^e#=8Q?4y{7Hdk1ug
z*}>~96ojxqjl%M6;Lpj$(P=?_+kxHq{xC9Lkyiryo+!<P{IPH>+(y+xRFsi{;vMhd
zG>NDFzrzPv!Ha6gAmOU6hq;dUM5D8{b{Q3YlAarJ(5-hP$VcTjnuFU39GY(MY5^-n
zJpW4WyOW4xcJw7k9RBt?(G=(Xe$-w<Xj*2h8x9jZYdEf;f)TYdhmTE1q`E1hw!C^<
zDJ!+BC~3V!*=BT%SqLjY#O5sFN8qvc9g*`*$<G=7&<!7t`W2YG{fzfl0>8;qbDcSH
ziGnhhm?=tVV1_XN9b*r+hJI_nlMN_Q&TLIBg{ToaBS}2I-PxF!c`;?n?Q!zCfw1cm
zPbPrjOUZ=_D_wAnZ7hA)c&mYZ(1WSBS~N6Pt0-bBF5V5%DrOq>v#L#u$;U?t3moLa
zRx?so2Rv}ZLHoFtrN+sn(+<`O2<p42?Y5U!GJAz>c}Qz6)C65f;&GFK?1pFCeXov%
z_D<0fUOZlND)+(M93|oelHS_<kv1AUFi{!8L*^88Xp3}70j#|u=R{(Nx4&n>k~k$K
zs%28*xBUy@+OVfjp<)@zX0tMG_<Z3D?g%ny6-h&j&^Eg8tDn(uCu9Yl-xx;3<QAak
zL;P}GGtw-gc3W!PA`nz+sNHU#k?it^OB_z)OiU2iMzXi^Pb|y`3qe~%u#<bhI;C;i
zU?o`{M8Z7}L%Z_d=qE_=aVlGU&Rvw2^F9f`Hntg=R+mnvAnd(I2H1}hoe}HZP%Cb^
zMoD(4$6#(6!ZdA#%w>FvM4&5vT8M9~?dm|#!JHp^K{h$=lfJ`+nhhqA5Bvb3<AKDB
z<uTx)oJ$PsDM_7?6PO8heNg?SWg%#oX<e?DzD@85Gtgf&SOS8(Zguq3OLZCAT6PWo
z?P$6k(?@;CD{S}#?n7&x`E{(U5+p{#LLt2swYyPYLS_Rr-A)PVEYGuz04m76MaOsW
zs+$sGZ#eW>Ki?JFslI4I-C3ay+~o>G<Kl(0pV$jdf#9?|0@bxArh#m1`AH37NuQA_
zZ;a9xl}Q`Gq@QaMnl!h3Au!Lo2j_rsM>pMyC^PtDgR4!`;hDa<e+(z1QKVq_<%F_h
zYi;s@b_gjlu}>$R5?YtS;>Eyj&$s3Ljt=)*#k>uN%$e#Zpe5N|i<a7f;$RpyUoiuZ
zO|<wdxdqLJB*BDo>>6&(^*{gsIV|9Ld+o56)&}9yfHJ(wOTuTkAA@;rcUrp{PW4go
znzfk4^`87{b4thC1Wyoc%2?x)uVr?#W}CT+0;B1d>(V=0k{^s+_Z2o2c8t`O^Dk-3
zOrVDpi%h+e=A+&EXTZ?me1FSO3sUdf1z_N*`V**C-Ja(;wI`#*W1*Qcw?}L!%DZTj
z`@$RQJ;Kfx1{_2()?8qQm|d}FkOt?I2#sO|D#BCdOL)+D1;P8-F=Ha;PNrIy0IIV!
zW5m7K6uL@mqi@(mY_dupUpoaIvEuPq*4UUw*cz}`aS2^$BiHGC2v_k=d%2%$Z&9se
zdT_nYo!xwYTTj9omzO42U99!7>*;2vf4H>D@lDImN`jCB?g~(aj4FoJ5dXoT?|Xce
z|G+9vNWz+;&){yeAiJJ6NX3r%9upP^Pq*CbP4T@$^^}j(%z(=vgG&-2=fKR#{I&er
zhnQ`XQj(0%``~joCZ>xYdO%A{G~;GB9#q{7gMygRGZ9yvMUpn)UHc+V9YYK*+~T~h
z@4~B;MQbNOP~YRq%appa9za?_R7XdafMt3*&G{Jz(ptZT)e?DKo)|FXP-W!Xd-ady
zds_WiLB?d$-vMj&Lu~4pEqT(P15tO(v(<Y`GbC)}W-poxXD?+Ljt7}J6KCNFA0IQ6
z`okZE4ZAHV$A`zw8UAY(CGknh$xb#?#jeZ{)t7$2Dd}#E*#JBMZ!m{5!%4;CIwsrG
zl)Wcfa06QV2nhHVgP<T{^Eb=ZiQ;mqpepc#9DHUWb$iRvgt&~cbFONZ+M}o-q|19M
zIeH`P-#{-o0d6%~ATqw_Mu~qnEvH8JTcg2gs3ZTnPpsAU5cs2J$8FZ;4Q3pH?Y$?A
zrzR(AF{4N~p0=soGwNbcgBIEhajtXQQ>g32s_)QJ5e}_?0kVPs#1C1A0pp^pH)Xr-
zqS<Meg1U`zv_P@7;w`Wz;~wjbiHb33i?D?=eqG?b!=Oa(l`;1#@qI#%;wh)YTb(%U
z>H1aCtB8GuMoh9ev4gxN_RcAW&C53@7am>Q;QR&$k}j+B8$Q29&Jz7P(WxnI@7l-;
zbAGRBM)m)5<-A)14c;}p`6-bp$2su00J!u-j<zB}-;cZUrXgbHKj4O$*fTK-G*VBX
z(tV18<GeSv_a!KqrjAc1weGEZ8bI<9E}K~)51b5u0009R(c2>-+<uH>{<E4H20BwP
zBO5i{r?B*;$|X>%XTnwNw!gMWsUB=EN#$Gw=b^y^a}^RM??z*5d>4gfMbd?jKze70
zMzP_|xe~eHv(iVc^84IPviwWrP|Ps3b#x4XWZpGn^a#*=F)=uu0tH2w-#9J@|AKVR
zmev7eQjihxX)tEX?3P5c9IjLesOJ}fxNxCkW$S$<@K`&0{Dkv@#ZHLLmrq8Lb*wA=
zn1eE#)GKaaOqy<4;cl{3+n4Uki;aG8Y;#e*YJl{Q#lAq2bGPJ5{kpD8Z-yyakH&3Q
z26!UY=_u>O;+IA~GT=ne&G*REh6trN3f>>sZ4_3|<C-6SwqnHSa4yk2axJDdp`e@2
znT#Z!+-I2-uOy(w{OcnOU@ZmRC10A2A2KH4np@wn#D<z_>z!FViz0JF6xzw^&)I7J
z?+7xQm3xSqDoQ5mL}R(Ei9t11*6ZX|HepHv*<*uWgQHAUvijyW5dk;2c0DU7u@X&<
zB;nf#etPsFu5h`omc-7|`iWMTmd#S)`P9S2lVLy&sf)gdYRtrUlU|_z`}DAl0TW~-
zderEQR=>nd5hq~xL4*$(7^3RCe*7E2xG&m!$XE~dwf!jIVM$g-JsK{R^oT}z8y#lS
zK-6a<lE`dtprOJ2!m{0M7;DR3NV46&O_rfSO)KTusUK~%oE>Y?h_sDUHydn@sa8Cb
z|ECunoWCxHF=ysaB{>MoS&!OhS4O%cgQW#C3;JC}Vagp*p$A7|Aeg%tLrpLd;}}5+
zG8FS2cBHAs2JYpRqjNa*8>Lgx_)Vi%Kn{2U^Ka1}P=(M+V$0F)zEK!PNB<qf@Ts*W
zb@w-oS}gT%TL_rqr*UAZ)A^^phkM5O#X|?&YSiyJflZ`%(SZW8-`Da@3a;188xFi7
zUHAoHZ`gD&M#a1QjF39g{M&oEzc+AlQ>;Xs4+-s@9@}qX<7Jw0zL!$Y2z*>37R3I2
z*w?;xg>})XI;ppS9!~G>;j~H)!EsuRR<*FlN9Ed$a_dbloD^Fd2_fqg1#<NKSaqV>
zSFfA@;Nip|c9E8YqEyT<fFC-$*lmBX=TLZ&J49<mOtcbd)YnK=sk0CPl}MqDa`FeI
znBe7$(jzO^o#D6{1U8|Fcm)LziQOas))n+Nz0P?E_=5q`Bk+~7)d#}`&et7x;QB4p
z{F7Jl4YG|Y$gEJaioqsgAfo3+x)>fvY>pq-cm6ZK0?JYHoW(`K6Rv3Oo!p+U*<#Z&
zZ5=Qjc7}N7?tmk)E&O5p#DBl}82-fXz}OTuBjzjxQ&p_wE#Z|N=3bNSh6x5lg;MNs
zY@<DpxLKeC(MSuWgB435yO`+G-j??QDy2)DU%C;iME;yyc5^>O{Qw=*E^hR8yOiL(
zp^PTfNuLM-XRF*X4fS0Ek`9>LCrncWuh3#A7Pcj7&QZ!7GL85POX(ttENIW%?Rqiu
zp6JS8Lrs9Xb=U1(e`?^p-ic_hEE!y-HSsj-6DIiwzW<U1>!!=tLXQcw4_k;-iVuza
zqLI>xNQw;wr<(1zdGoPFP=OWuyhJmAMHt?QbOR;pf+_~OSyyV_PSqZzp?Cy(movd=
zpJ_K)v6@kOSI0dubJSFq_}@JGfc^h@-9lta&cay|T_=CSJwu>czRY<)^d><b4KAq3
z9T!Yfp^zMg#d@trSkxQ29#0Q&<|sm^)Hq+yhOB)Xo3v*IHzd+6MH6|FjMUIh!)wY9
zBpAl6M0wHdw=t`OLlzUz4D&|%Fwp-X$8Lkvan?x$A5WKQ;CDew+&(rUGT>)>s;dO2
zXV*n^Q8Z3TMDVoIz;owM#=M&dC`7vf@DsWpmABsofLxBt5aSc+3c>E0Eshil(3;Eq
z8y?w9Q~r%q0B;#*q`GVnGI^V>`#ktNt$%h=D#BEqE&m*cP#*G!oVU{tzps-UE0V*p
z%rflXy{wPCxe1o~)j7&1J!?xMBKi?x^3m!JpKk;UR==ZMOftVb*9)}E3TQk4`BB|B
z1^;_4)NuL;pIicr0cHP4Pf{%3^<S}`M8@4QEVY@XdZp$@U`fachnyixGv2tl;+?zk
z!I3?K5K_g-<m=}!qskzoJ42|^n%q;6piPQqb=VWH%&QXwi{^x?ZZRo-5t@e=X3cM$
z?%OH3OiUxq`u|&^G<qxdJ5HI)mluc~TJnZg3TVnNEYm&k$p7!#>U?-%F~CUJnf||y
z=&Gis2t?a{dpvpmP{?<d^5Rku?b%Y?E2Zvq?}bxb!7%lo5G4{jX}Ew~AeJCs$E)!#
z=Ep&nV|jQx!qEh0t}~@zAmHWNawuxu$=Z9}Gd%xC|0)DSSzeHe@6%zNZpy<26*Ihn
zw5ecYs<{@%t$p(M3Dn8#AE?n@#u1gdsozS|xRb}YT#KRSYQFBrnVJ<k>@5P?7ArB_
zg(x1@jG(YFHH+ubHugk)vjDLPkX@7bn_HL-*_&#3w#X7!BY3GY9yoK$o_0CVGePSt
z>4rWeX_6O0-XYAfq@xLqN=hQkcUt;835xn7oY#RrAdW;d)0CMZXWz+RBSjEcV1!xI
zdh-+nx3N%haw9w^tT`E_H@eMXYL<PMe6a|^`~I0eLHUCu)Jcd9UAQ$9*>lA7BMCpC
zk~8;^7i!gm&~5AbLm2+rnv?xMK!Nxpf>|4QuY;Tas7=ac!ae#SL!oxX)@SR8ul581
z7jX?Jp9w=G^Cq+9pvIV5;Oy8;fpKyRI7dD0bGYDLPcb91mS|ztc6&_(BAP$#5yMTt
zO`eL4c~*50mR;mgvL%KQKxgUDN&|?g@F*NvA_OjzFNC`=9`|MD44=l>M16h_duuA6
zR8p4`GNN;LJh3C1Dxmj5_|?r|rvN+vzKT-6l-=r_-{52tc7JX<N^OL7tq>!u-GhH2
z+~GyRH!hfQUeXBDcZVG=cZC+RFk2Z$bLa7e4aYVS-oy4-^W)I?V00J75wCLbKIHr!
zD^+u91du%Z(?*CCw6~RVr*qgEcpqZy=DFP@={z4g2IEGVDm5_`nw%!rFh?y}DG6;+
zy=N5xf-(8cD8Jf-{W&iIDq-)eUn~sz&@+A)qtV_K_f<D=2OLSjB^rdGJ8)A<*ibPT
zCu{b^TylJfsq>~H*4eJEhXD0AxGiNLy459P1`xAAHgB?R-Y+}5l?&NV=Hy!ETqO9Z
z3o=TSA!!Z)QSNT#p007#?~0cfuVtRzNy~{RobW9cccTX&&CK^thFkl1ttWn{Uh=?O
zGLJXBYtz-}vH@PyRXL$dGNl-bABlHoycj!U>Bb`bIV-h;Q%NQcl56m-soo$5yQz<)
z?A#q%f|6S~PyLo5H)YoYu~(kF3T)77-K;RLkjZ?rlOHXPds{ur)|K6Ww86$u^qHjp
zk1Uq`G_j_%8>)VB_~T@I;?8T@HW~!fJc;LOB_S2`h_UraL);PnBHk7+b-a2gDNC=O
zL?XRV`Q%?rh)M=f(^nh1g5))W1~9+su=jCK;V=%PlHg|_s@spD;-H5-?roBM^OwlW
zE?<?{PruTsZL<av%xkf_FN6Jy7<2xnR6Y91iFS=cTRC(*ml@Ni1pDExawMm*XeO^u
zn8R#kCNq#ty?9pO%9-@`a7U=i@<7ZyduAUJ3^KhU-dq~~RogBTjeL^y&kqvfgr7?e
zbCFt#pR8LS<msH(kCTAB60=n6nmV(<RR$8B;J(7#kEV(O+gyKP1%AX3)DoW3)uRwm
zO0Oq4a!q1!>g$n!S`9yIs`Eg@lwVV_%@bfA0i?hB&GXKRYOOd<3VUFPw>d=i@Ck%p
zrmbsqZqU>AAuF$bJ{t>Z7!o%q4v9ZCHG=8nNBn9X-8+PZd}H;~k>$|Pnfs}pEK^E4
z>zX2@*M|Y?SVHH^`kP1idRYHlHAc<T|3NLTR-l-3IM<qF;+GacaN4<ecdFgx+btL7
zsVEoBWM^pdn~>Bq4%de8w&L`k$}m3{Sv%%nIhTbzZqzqhwWLCP&Itox^w(8K6e~M>
zTxW{P8HLsfF5E};ou|cDvY9iLtB8JV>hn;2DAo)1r*79?{FgD+iIYAWe)vTbu;N*s
zJ4{BtgYh%U)dK11puyTEwb!3gjn{1e;ZIW;<Zv))pb6C5EHHAHLAEo5<z0OHOlcV3
z;NokTGl(nc%Nd?ojFC}&1pX#dbkb@V3|IT98Fr*+tw5p42POQbe5}C@3Acq*akm2C
z=E=K?7_H+cVV3^E38@Gf|06T6rlih{i>CuM&~844Q6@J>;ssD}!6NbkY0&F6jP!r$
zHRpIRO}8XeoeOJV@0sPf8q6CBP$q<tbknB-IGt`doj!m(HPi+EC9i1E9nE?r)F$CO
z!nAHYTQjMnp1XVIpQ^OhKPul;ENDX&F~PL%E55@7@=k^s(-vN3-cHbZsrp-jGS9{!
zNn<l5b{k^AN!dRvm2w%}NwoinlP^9)S+9Ioz@P@wGebif;J-igTC@~;I`{Kj<*=Ks
zP}ykAOT*)R6bH05DA&3Qk~PIwX|_MHot^mf<GX6_ZvLItx9CJi>+^z(n$rm?A_{x?
zdI8WXMs>9@K4DNR5(a`JQbXBjvrR4K$(l+Il1U*J46~Ouh1xzr!S1N60_q=er71<k
zz7(VWkDhZTlFdusz((His}k*fq*Zfci|e!F($d2w4X!Cxf=cVZ{?w;+HUm%m-X)#B
zar^rOD96}^X<x3d;PO8}TUZ@;SK)#1qVtj+Xp^U?3CIm^fZz=k2rSbCB*FfJBxdee
zSB(0R!~1J&H`-j+)gL(jKe=BYFXC*yQXAt%{qqM*xWL$Ix11SWOeg$h_!&{+pJTho
z8PFUUb`E;vq^e<bAcq_6!w5BT-dtWGw*fW+3muQOqWnqae=eNT5V_0CNCzBe=T4@@
zQ>c3j?elFlCQvtr3-ufy|3bWDYFhhf7P6rU%A1cZIiWHO4duE=lxIN6`}-w=2q!eP
z$K1dVJI7`)!wex!-|O>(NTsLxf7s$wWM}z27-}cMC9#+UPDb91UJRG8@*aiWFRu3C
zJuZ+}kqa0m{c3B6EccUs+X?Ux9wVufec7jn0eVvO?;cj(H?j-}VWAKp)HPi)+@?lH
z#FUe(`6O24p_BC37Bq)ts|7upHZHVyR60z(p*k24<mtV6LcL5lT;=i7_!xXTQ6(}V
z6W%*<AS;H_V6`Yd(XGJ~r1rwCzRx&tR&C!~a9i$>pBPA3zWhNe1|5GGKe-Z%J&210
z@#-bwaUL6xn532t0@=5DIdw}n4Pj9e2l3<Bfd0LUcCTF@ZOO}e%WJHtA_W(B@REGe
z1Q*ZHgj@W2i@22U{l+{N=AuNONRQ>enyZt68CB0E`QwUvhY^1Bl=Kc%d^}xyM-pP-
zExPhxjXVALb$2(9;_a;fcU=oPu|v#Lav%{UDts~xzcZ7<gTM$YR_)SqnfF-?l~q8A
zzu+3d#M7dd!3#kqt&h5bqRJMVZjI*^RL6^(B7GLV@b_z%ocRAS9B>hn3BL&<mIsKv
z*UjJe=Z(maavY8nl#G2ht~V|Qux5IncHVc3V0jI_S0lQ1{D(i2D$sYVN&q>fhuY-T
zAap*3lAW>fCXJkr@<@~!QO+2<5p8-KTgF}apVx&>*`y%k&&-(4%h9HFrQAHNpC{9Q
zbNgmu|0bR$n~|7&v7t#%eu7CrvUzLuTeWp68RBHWj_OMdFH2BoIG_$hYdG;Rg`r1%
zAr#`<^Y1N&sC1Ur){pr+4Z*s>b}GR4TuqE4<Wb}iA5ksZv&+44$qjVBR(%$9JKL4o
z`K%>|&FYYH!dtJvb$Rx1LMRb<Ke+^bIE0nG&mg~-9wxwM2W*T#yy~`%fJUS#ozPB~
zxmhdrIkC*DNfSI2j+^6~Vwe-a42T<;ersvWf#$%NhW~_9J+72jrYq<;cWWO_bK?m4
zs4=DGmQhpg2Ek1II`@yFDd+!#rY$@4bHkJmW9(iZpSRz$FB5{<h3!FCb%LSvHqxab
z)jy76SI_gA?X11$<EE;|eEh5B|2HS&Pn>ohpa`OBkEvT`I~ZpRRq4Odc!Q5~xr-4x
z^@F3?H8RTYgZN|8Ub-nGc=&0842>UzY8lSHLmR3gL!NUWAR7|qn-WQ4)g=l@>`%fX
zRpR&%;6=(~$+LB=73paIg=H{T$Jzv_ijLZqm`!LFE4ZqL*X0!YJl;iR995^5fw0_f
z8)#~^v%7!UE<?j1A62Wpa8rK+mAA#9VUPN9-*Y2B!bFre=1;aM+>`evklqL2V1v`V
z;NE|}*Jymi0B^O($6cEry*KFJoAqGJ&S@|;(%$)MJ|G^PnY;oaAojB@7#(k>aM)oi
zr@fYKpPlm~xaK+y{5w|TP#ab>BI7VcI&fkDfq8||o0#Ky)wF5pwQp04W@aBkbX4h_
z9Kv{c(;t`z@xba85CnPzlf`^SpXT7;J+MouyPpeLc3qM7*_S#LYSm&9;Tb?z&)N~q
z1gLlI1+hdpI_Kf;1wY~iYnDU~zW^VQ9171raL^VosCi>0?tQ^6&#qPoAzwsEd%4Sg
zQ2v-;;NL^95IIzuk&dolH3S0~PuEuHp1ZD2=4Qe%1NfFxBd|tWB{1NAcHoTJh;~d^
znu=Y7Eu7yF??Q<0<N491KZU%C0Ub+Lr?@K-ZX!a=K6WiS=ZzbQblN_zyEY|21qog2
zF@f7d#c!RH!xLfzU8Z1BFQrr~DW;*X4dSo!s0PoYu3~DP1+91LB?yeon?^tap{x8$
zLqBsj*1p%BEr0fbBK=jo-NOJ=Hvn{E+!LvLK1zj0&^Qjj=_y<(af^K^EY_bT#GGY(
zK--pRZz2h~HQa+kI4JvTX!FQ%uXl}Y{f=M=xU0u6QiM^1GQh#kS#Aq>d?)E%o9^7J
z;e7}OA&C23Te8bi;LkMZFn}txbQ`0v;(}n{YIFfLnKZ-J#K+&<T`>8-J5c;jr~29Z
zUID~w#p|ITEn?ySE521wkX)DN73CjAn8rU5TvSgU@Csrac3h+;<9uS>0Pe)8{U~Vy
z`Gs+_MoDtDYhn?iVnQ#*t!hCBP*w6&c7`K~Llvk`f#><;dY^HOFR|YEfD==<npuyH
zPQGG8OU!C>o_Gp8HD<Vz{LCny76Gx--)&9gWiMPxWAN+%R4R5&rZ}}RFPSJ<s<hw6
zSD7(6y*KIff~-AZ61ahND9ydgElS=#!Yh4sRzs<(O3TU1e<ee3+GfC`kO4(oyqY22
z`~xfb*j-mHT-AjYOuP8F{l$Hb0eMmK5QN?h#3t3<*h%Va8<R2>VUsY<Qy(kkf8ONI
zd=D|w<q}e|8<u-=f>vx>xcKpwX7u0$39k9sGcB0$uBtZ8>Rfy>hHAyk^5jF&|6SO`
zvrIn2#0K&(odkbtHcob&GDn|vmmD{B3pa&6Rp+GafD;uYqe^h$N7Qa-L7~7kbA0l&
z)a+4F@>O01*<Uw&s4eNvbqjR`StKrF!qw{L4(n1qf}6H0)|}3rq<|vkx^dN1TFb3E
zlG9_dP4elMCyFxT+Zf7qc64chYX_Ug$VZp9P2jdT0a?<(VVl$g*X-c{L0<^0!sh!*
zUnPa7Dg=VM7Rm<)lYIpm?thr5uyEzrbkSmYSmJ7J0a4iUyb#@^0s%SRJ(ryJ53B|A
z*M-FwvV?EWyj|Fk!c975LhDBtG|Bw>X%T<Gg!3#>{;&*_FOTOA+x0_h^P3v&Tw~!S
z4|42^Vbh`<&1v>(taxlsg?i5cxc&3)0rWdC6EdAv%`}=y*o<;IV(!(9*n;GZRe0pr
zI881b?XfE^ND#19uas7e%Tw)6UJ$EA2l{MpyrU5FXQ1c`?VT3*I@B1h|Dm8qkZ$`s
z7$0%gsw(m`)$L#hUJ)Q%ffcfhy=0=fXTI2@mR!--$uHsv>p~eme(ui>rg3lohYz<Y
z_#lR9$#X1}dya?kjd`K`MnrGw+%V`H4r!<*4db3}UlIG1Wf9`0s-hcpv{@aj*6N#@
z#ibcObSn3^jPHndQq(GRPoJdXjctKx^?gMb7XK%Ih2S0-uu$x-E1!{CxVh3)?%O&%
zL4%Q@66+Q%?6J1>)EAX3dgd^VDSswS&nrS3qOw90NKl@ER|=ioPRmb)OVYJ>t@?z@
z19XPN^!8_A3?~m9NqCo|s;%pMn7oJRV=jEL7_>uuY67+PS<iN?p^Zu~!TjTg9dN-L
z+A821%4P4iHHImjA6QwVaTaO-gDR#L0tRe@G#&{3=+`AG`m2p3y_|HrX7ZV&2-&1S
zGV0}3da?6ViL*ol?hGjt<KU0|N*-<LnPz>9d=s1btV?X7iiIEK7!nG2D0(eIm^L^}
zEqWqa_J%WS_1b)vXOK6odFS)PJ-wYJr%r(IY8IbDQ*ORzs+7FM72vo|RqwVAJ<+3Z
zxquAZIRWj3+<-W_%?*5(69yU)wPr0S{I-=UOF<BuI|m_QT4x*EVM;yPu0fo0)3q!u
z_h@B`rwuCH^@5<DP)x4CGD$O$;S!{hZpo+Bmw8Z+fgE)Q-R?J&JZoAKe;feRAT1NB
zj3y4-fg{z4wQ~j2-i4AWV{|>0d;q3xocXeR2rh)3_9AB_AW>)W6frf?G4Zf37l3O=
z-pY8rb>WBP+ot?{_1?X;XVo$-N@wukT!9M~*1*v~f6<8H?lO=B^ZBJx@6>@c@#JOc
zJ<QXo`^@o{W>Uk~JZfp&j`YQ~&v|56l;i-zt68)j{PU|;ow>RK?K~5u7_ye5s#?&p
zgp<dE-iWi1b&U1qd>@)^7>*18F!l||rSXa&Iimq{NN-?F?k9J_QzEUhPYME>rXLN`
z)$J+0&^R00!~s1ucr4a}l~jR7Ydg@zKDCef#%INLEf;M#lupv+U9ThRHMf{rZuC)Q
zi7H|jrCX72^|hF^b$IA>FiTL~cy1|#ZMVmKa`8bWsFndlg&B#dg+>r=a$p5bA%{-*
zYMCO2sSO{1%>&vU7z&6)?@IPn#-MgA46Jxm0Ekp@1Qj1*ZFmYI3UDgH-bE3~wP@Q7
z8wgEvf?(@F_O=0{#R-@bH9Ukv3R>w48&FNP-Mk<N;(PKg>Jd7fH9>`10za${MI=NN
ze4vy@L6zWA?ej1!0|5g1?4;Za+~aScr#*zVVMPF&ML4aa=`D5!)g}`tuq!GxE{iI1
z@qpXLBG#_9uom6DmH-k@g|Gnu%&eWtE};%P@Do$VWs?6}oW?_9g%nnIxtuStFQJ_S
z`?R+DuL+X)!R_Q!o1EI&OX>dV&9gLUOO^d{jxZL;0X^z^bl)nMg~<)DCW(eeG*U~#
zM=SjH-~*wWe7lHt@L#857<k)7%d@>sKa(s*ei42<3Mq7hM5+`%u%uAK>05RlucD0T
zqOonb(6;Ux!!CwJJ{}|Y>bJ~))>?-6KACDOZvfhg>^NMRa~5hYbj_={qzXIX$%va$
zCR<%{ECPFFwl$lC^(ATO^=Nn85L_9^UkVUJdojYL+29;*NeAXBx^K_+aC2|1viBiv
z_TZaCmu$Doh5Q3uZggNnuNCfD0h1k{CMCpK>k0s@SQKg!fo4aveuQcFin4ml*3Qad
z>-<SqW2^aqodwN5wu>u?!JW7$)<E5A_Ohr!flKt^ME{uhVL}hBK7n+fLv-3Kr{Co|
zHMq_T2%vOmh??B(QVp|$t!X*P4DW?(@rIgPFOb~xxY83<=AI@O@-9#3+H@x)KH3Vl
zT~T=6Fjm~&j8ij5lEv|r_|!15oAUW>k68<SU~;W%{=8o#mORyz3E5$4xOBkfb5J&0
zOp>}+^3X(_&)zG?!io@WWg^~NC$8`pM;08r9;IV&xzfb8#Hy}+Ak;S32n4sm)O5C}
znt2y46CPfE2Ls@3QLcN~S7)P$BMRTMH(q?M(KV+U?u!sg;dgq5i^8HT4L<0?Zlcq9
zF6TQ?op|}(Aw11-HdTSuM2HA80^hi96Q3fsBazp67dn~>x}vOUaGa+hAzXOlqY>B8
zH6Q?Q$9Yj&0oTUaS4x5ycLo8yl_3EyF=F<+f-^A44>|7Jj(bKWvIzKmsJla&_L#x)
zpHz^m;F|@JB!;EIBoZ!OR6u6Y-k{!{%^F{|Ct?ieit8Y_ZJHacJ32};lHe07hv~J=
zk!cVVSrvj;&xZZ0F$L@W8!Ol(`Y0*lD{rQ0N3kJHp`9Kt99*l4yg?iC^$NP|I=;UC
z&mR$z*ook~1^ZP3o}m=ewkm7+Ogm7VNHd&(2;mZu5pF?%BnR)(MqgoQ6G`%u623Ek
z-C+wvuqB2H7ieiRY4Mf96u;|NtsWsocW0y54Kp$sj#wg&{>><@x(M-M?of%u(q)Ix
zcF0{NN{U0Q1kj5eBoeA@qMhyq`Tm{nRT*4c;DBc~kI*x>Wc>vdLs$OOi*Ahs<<fG6
zE<r<ZOH4!B+m(vz*pJ95i*4gDro=}S3zC^aTyI&=%mSKLZO(7IJ&zq5Ndf7^DsDyG
z5uO(%tgyxdbyJ8tweGL)h1x&weFzVf2ul8e`iZP=<_9j%>Czp-$27&d?*=AAj+%9X
z^v0UBykSe@c-RM>iLSI}@JM%I91KTT17Ly)WfyB#hW`l+3vDCdh=-}TKPhV-kmbXx
z8G&Mb&NFi;WBzEZ##BAI?}GJcsy&HjJL>oQZzM6R3j`|6jun&u0069JfD%fuDsDik
z;lpYus<|8$-5Uh4A_4uAWn4zhHG6);u47=(c4-{pkb=cgCN~b=HE}fV82`o5&z_yE
zUhX5;Ti@n(@Bzc+zggy9ugmE7<e|ehw(3BmpKA=g(WqMSeag5-<N^{=BEZy_tKp~b
z`E0vVTY#kAtYG9_v#XMSsi6<hI_q5Jgje=k9X*Uz#~N<K-c?=+T@L<)Z;%#^gzd86
zN!RDs>)2}(!c~_SJG$s@%P8Q2p$l3&{7B{i%-bIT9iH7O`EFG7NRdyxPMb`13-qS%
zDp7&=qbRVA(^NVxh#`$#d;OOL%LYxeJn>szNG#6A8ArlXv4o4W{YErpch?p7wM!tB
zgt8x;cY;^VyHzG-*}^ED1a>R+wL%)A2kn7SOV;p}K}>uzz}8kyR{OHz?q51}+!)C1
zPs9Qj_ya(Jk33%YtrT8&wW>YpqVQL%Wk@Tus&2krq<v{jCi>b0fArA0!SOjZ4z!w;
zav&{xrjBmOnu||6Xv=rfuwf+7j)#S6J<m13O^Fj1i7jti3KnDLF2S^{Y(NRvc&jj;
zV^aKm)!k}xU3*QBHz{VaW*fYasXCz`OEbUbmC8`~tLY~p8XPsC*};@~2)sU4GKBWW
z@<uRwc&_1#+%aZ`5`Z#MiTb4*&<@zbVQ47l3>OLR;E$a_Y(15=UBr|R8e;%gsg@^#
zSs>4phus2iD5sq%XGr`8Lo^+_ev2sW8Q-?6oo9E5xft>t_wlA|;_LyXilqMYyfRMO
z^Oc)7Nx}$`Cw6PB`O<YmGS9;z?mY6$8SjCx>lNHcRSb$q2c{Q-RSrcmo7EOxBa3*l
zFKO9>c@2GTJ(@89$5C}twW(C-F}o2F+8R+Mws4i;a4C>#kq^+C`nMsTihoIQHHe-N
z1g$*z8Gd+&%mDlLj;Hj+dnw!B0rve?nMa?%ym+K)obPON@;sx#J#*20knz`Mkp?}V
zyxae``6?|uc6IL{0b%qU_}(0N+=6?)X|@)7dX$8dU0+OTO3vpcW2>7=!6f~cn<(CU
z4OM<zauQEmnd~5fQZLn6s}$A=A$!Mx&6}=Z|9-ZE)fEfDP!rr}I)lu4pPhMXSD#L7
zOVii3qF(Z<hW)OOe!tLPN#3fRgYRH7B%ffmos=x!_kiFV<<bDhnrtGa`q5s}<*r9-
z#L)zkP-H%>-TGjm(;`u-zXwaJ2Xu`uT%=#C_y1RrivFXkcb%@O1?hO^^zzuWW?v0Y
zci#2WS9BOgZD#IqkO^YLe8hu}9^p5lxdc*)#J{JBFMf0N=9Ab$MGwjnC$tF^Oq9MP
zl<i+Y*4D#l$fM&>ypcpqetD=lJ@P%_@JSL-pn!fABA@!9yS4v{7+xbU^f^E7;O2qh
zoN05dcWHsl+HE)o5<@%=&?eIO;N{6^d|^1<su(o4qcn#epEmuVi)D+|yeL02ZQ}jo
zTDWTl&?@N`d2UYy2E1O&OTwrH#3DZi`-k>!B3M8Q;X_fPA(wR&s^4@zSbSiAu0qNH
zB=O||JPE9`t4cS#Pk+m>>qkTN&lXo7R_FxUe^*RjQ{PzW$`Kxz%dkQ%ai2iZy+w#;
zMj@12I;pPu<#XOEE$ijcC0KmiQyg>T2EqI61tz%iD;?|YXGXlDOT#peXK>3hC=?U-
zWqLuq!h96Ode^j7Z8XF4N0J`wyjuk0><Z&@{D$U+Zij!}Qgok=J+z;w?degn@H}Ql
zv;oT=mBP$&rzJ=I(+?Gt?$3(Y=}!3Lbj*Z|!rG7ER{`oVM;{<A;FN~t)mi|)#(o~2
zwDtJq+<(%X9Z_aG3U@6+mED*i(a>@CX8jWM17BtTho^Mj6Gw}45A3pElqQ4E3`<0b
zA=Ksh^+HYOQZ`-p$*)c51W5b5IzJqhm39{iVga)+hUcuNc$j}Wp(zspu0KGs&}U-9
zhY9-)bj9S|$NAWF2!!Q#JkOfKIrSOAokgJoKg8L-I5#+h0fJFXj!hf1e{I}2TFJ4V
z`!R|=6*?TNwzL3=4g1Dsp-8;v$;SKy%vl}r)pOT{c#9VF^6NK}cn}+tOX{)V2HzDQ
zVg3QJx27Gjl7&%ZmhfxYXgyL14QK`lqu@-%8Bc;8%2MT#(tK!b^G<pT+#(~UD#~z@
zjobmNGXTIkWlt+4eT7TMStL!FlWktsuSbnLF;j1*T9)^t7P<L94^6S8sr3}s+HmS*
z(f<LRHDbzJMqJQESIVvJz;s)RYQgg@M{D8OUvl7_dpYrQ<<wI}HBI)~mBQDwP(E=}
zc0^JT$_+^XJzPAG)<C}#xO?vDGIXZJ54)*Gi3<|_ys&Tbd{{TRFk;e3H%ApNXEnGT
z{Ky?SxvCrGggOMO#<LJI4L=8AWl?N<2xL6Ew?Mhm{!VZN^~3+be<F$JdsSsU$h7_N
z2FjHCcropu+$kPjzw(Vrq(V^K8iRy{)I|bM4)8k4hhSrId9!9FFujYL;%TY86@(~4
zP-Eoe5NrXU&Sd6Ul`NR|L&|NCe2=u}orY_!6^jba9JuCz70I#H!P|s&?H$*uy$xTN
zILYp)k5g7xI@wp`b+#*@$Cdzq?I^}WG>f-&p(ClKo55;Jv3>+Qm?)C=$)cx#<KSpe
zXJMU6Y<J>Hxei3cQeKYf9MDyxtSy)uQb|g}oqNv%3wDsuP6DL)bo_WjV(k3x3s}*j
z3_$@nYmPUYkzNNwGypx})~;Shi|aeLL^(9EI8QTRiLmohUh~bOUP8>w0dv~VI6*OG
zqy&@WO`D1Us>}j0M#2<ayPdZL7IJsUY37J=0xD-H^9|bw?Y4dH+o&(=Hk@=zR>_b!
zX!_x2O-#`*3GN*wPvAjn0&kh4bg%X#375Z5g|Lr`E?{_^J64_p3F0ZaX5mNI25-Kz
z+W6Zbct7)aI<!_REi^-GM;@J>jwLOpEs=5+#uBcKMQgRP{C{ac-4dnvrDd(f_L*rC
zeTq`F7|6w!1}=yOa8Bs2=rY8@u8K9~=lWiT<MQ7FMfKpOcE0^B*v;i_T@BsG2`sYZ
zSx?Hu%L;By;4=P}=qL+CO-%!jc`fb1Ln0?HP0k<9h3jX-?isn`u+n@{<&NO2<+Icr
zg%ID38H<)kd=rRQ1rq4Gvpo73>N_cxqn9n6U#JGq;YL}et%JrNkp`%u6Y*}~C0LeY
zS5Lfow+H}-=nt)~|K8N=LBN^Pr^{)6?p&>efpTQIm5<%j_IP5g&k<*1|EQg!f>3Pw
zf<8nB<%jhmSr7#n3=>6$NC65>Ja_mxuZ<~vsa-n&05T2bc14*fY0WD9-a=8=!KF3@
zH7)gYirXG%TRza0%x^tj1>dmz>iI^cg}xF!opSRxo5_DIoIRmt>4QaT;flN=nP0?5
zFey9N`O23l1!Q*dd#6)KbWtiF)J0^q5trl{?C%u?KmS*E)faO!WWf<>vAMdBA+O9O
zcStajeNf<qx)}4#%)G15<%npr?bJ58GlyaqK3KfMEg1=HQ+xKXw3A0ko|ojEnNf2~
zM0rFDi)aG1&<NA;*ICuFn~2fpyY<2m_;kz@?gvn_7X=OLl~3<n)nrVjKSG%PasneG
zv7d5#Kc2Z#1aIb9V~&SmrwPr|UNJ|gZD!Z^uPQ4`f%LBiq!_a}H(Z4h#f}F+l%)To
zr;-o$Z=`;dPZQ}N;c<cwYr36nW6r`!jeVppz1*)biw2AWXT1};d^oS4n`3lSRg+x!
zOz5Lw3QH&b1vLYM*th@hk_7$gz|LR3SHZ#vAm;d!luWYkNfdQLhOrq<lWTVH)FDB_
zN7TG-Q3*PJ)JytZ$B}c@&e3Bm4TNgb_M3zQ+V2Q)*Poyt`Q7*f1WfIa{smrnfKd0N
zpt^0q<_=*k7r$fLF2l}dm<hHuaIEOU>*oV-kwhKQNae87!G(HVT7_)ScW9_!e~;4R
zpi&rvP^JdWiHQdbj%|@7{o_RbT<3SQ&ovs<Oj@p8$Pta1e&!9Y6;12Gkp>NMSCd`X
zafIKS;7ixru^N}JXfYF$+n@z)Ip)8_>DBAzFv_vmq&bx7>aOp5=PX!HPeA05VRAJj
zor&IgQ9vv*pJXqzQ-Ojp?29Xsk-$0sR#5%s=tADy<7Eyk&Xe6IDvCMPmA_&1WRj3w
zeAG>QahRoHZp`RS?8~ai(<z(S&=cAAK^3mI9Y^gW!AVfpzS#RM7KW^Ya+P19*1k8~
zp=p;<PtDLULH-I(_f%%`ww|=sf4Ryj%@M3$O12vGX<TeU);>rXtQo8xfWEYh;tEG>
zZ2(Bhmb#kx3nm1cdDH&7TTTzay~(N<*8Bwng{%qeefOAz3b6>JfB^O^vpAbq$F2O+
zOcB*C>LZE4fKC&ZmLFh~7JOC4KUQ6CMGIcAk#;MwtD;a3TDZWJ$El)C(|5Q5JdX|o
z8O$o+ucjQK3d$wjao*F3tK;~;rd#gb@&tvd;7dC<4!;x`mNS+#^f+Z+mZoneN%a47
z*~K#c;a;1U096;7=x<^n6YixghZ;Pkb#Crj69f13Z3enf(P2Pe&X{I{TRDt#ybv~C
znHYpI6w$P&rlpG~&NPdPD*yV}&6B*|dCr-9&w*-2HpaHJm6a<dB$}*(;WkJfA=QXE
z=TxK|oDp+KA*B^Rky;ml2HYfe!3mSuy=Js4=cI$aNAYl;b?hHOjREo9JNu9dEqq?E
zXZ3&25OglFBFC`3n2aIIV$B<;vrg~PP+zAqk&%gbCW3~0gDaB0K67`y@YNqiVz`pq
z6P&vihm@W{I*9mD3A|m!(`CV#vPk?w1N6{h69(uAgm`;lW`kPJj1~>~%DU#!?T$5C
zv(&X?2VTnkAmIQcSq~sFI1ADY<+CccmU9$xyQx#sQl!mpG0f_(XKY%k$c)f(!EO8}
zK&byhjBk)-kX?iyY?SfviL-{q;)?C?F-tk&^T=F@TI`T<BNWH6!j5S=BtZ@57EAXy
z5Uphw(3%wH1L02)B2K>_dn-rQsF!re02v__l-VVJu>z*<*CXs3Ee&`4mSVcKQka=W
zBU45FA(Ub>H=wQRPG_yn_+-hKRJ4R5xzAPR2~`Jaar=I|@*g!pzcuPljXm}CtJ4>K
z?7Lf?0H`x7Ot+X@eMUz#=S0oD-}0!AHKh|TtCfeJ(3xzUjikqALQU|cb-P8~D3cQj
zXUkta^#lhJrgTunX)7=D|L!KwLvU}ZbOkhGpa6#9a@R@?WBNWtOl!!SS40)T`)-SJ
z*|4w#I$~QDXvwixd@f<ZN}GE8@k?U(j_fg0dXFCg<XmvQqv-G*Mudbbsj7<{O<l|P
z8xMY&PVIhWFl5=<w!OOyMjaA0_3)rJxommekFTT7eUdHSWA6PDu_hgq6mN<)fM%Ji
z`-8u5J}&(;#HV4jz=beMAgKyl*u@uWC*5zOIHv;yjRRA|Gx{Q1MAUm`jeKGdI~nas
zoczS;>HP8O&YhvP)OM7_{2iK}>0xub<4q`QckVQFR`16bmd)j62UTe(j%-i2Sbo6z
zp7V*VsVHc3Qfr-lnmvpR`FbH?Gn}Q(SNk0HG!kM9AuutLX8324tEosIho$j?O!}AM
z5g-PaE$|5Vz7-=GMonYg_CY+)N6C?_miwyb@HWZa+cXr`SWjS+bF?Nc3&J#cZDsX}
z1cQql^{;ldyN0nQwXXj;kpGyNOP=cT{(pN;j9LLC;Xi*m_t>})=AvgF^lT@=;|r~W
zMIKL+Fwv&tbY(-tkrbO8QjeiBEiW}p`b5tKT+ay{u3vBBP%L75o=f%&%tQuu*t4?m
zKOiO0p6B1cmhDsU_dFUc)d8jCxF+kt4sD14eWpTW1IVfM>1rXMSk=G9cqs3icA1FK
z7t-H-;Uc>4O~2&L0V-EjWC_t<jv<QO-X_KzxD5?Px-O>Jlnl&NsH0eZD>2EUvbAr)
zBUmb!kyJP}gnf^m%r{q=T}m_VcMNgppjvNL`U+b?K*rbI#jS)m8Z9Yt;&1?=S5HNR
zIrRGxf>iU9T`mHDkL?5IEh2CkM^RDiLo+4CGcqz}n2k9NEp*9hO8moo)G!gF!sX8#
zkHBWKW7Rw|kb{cK7<!t#$c0LXsB%n)uL&6$&292Iw>2UOl1%*^%`~(XP<MOQK->qS
zBf?x3IQP_5d3X(sdt%^hiAURRa|AE2E7}^|9;{v;-KH*0YzdT=FaybzpA!lw#cKTN
z&)Y-XwSej*OzD|Th__?E&)X5V2GqIz%v$Q8?}*JKTGYS*Wp8uLT8;LXrRfWR@@3mJ
z^JovD$aS9{2>f<bh39V>!>gcMkE2j!ZIW6&?5t!54_Ko2*`eH>eM7o2VISasyOm_u
z$@1zdvlybb5_+8WQ?ja(=r3dm81J&P_p#z?^uB-6Kki?@4zobUaG}DGXVk1ewA0_^
zRR1O$IWj*e%i#oioFbvT#T#lj(+xg<&<mx_Wi(Hljnf)C^;~h;X#MDppKYj@Skv=Q
zx)2Td`R4j0xV-HvWNoj9F2YurZO$d{2p#Z%Ja6s-6lXhhWYfiYDaQ0ARlN+X6bMCn
z9g3_X&81)dc281K>N0;BDww5$9rag>oSk3J=p=%vl+f#Oh`?${5Zt+n({7dDUnT=s
zey<B<6TvSD;hTZzRF$@FE0)xKfmNeylcb2ZYCo{!q@Ap`*+gg=H^2baed@Z6?>e~u
zhjPxJg@I|5rLQQ0pFEt;lCb1#v=MzCkJ*f}xFX4R6PVzH?C;wlb*&d|7_9mU_s+t!
zJv}Gj-iA5RId>rLNaG&o*rnJ{QP!-MDu+V6NAC!baKddlT$@qCbh^Ngcor3Uew;YY
zB1bVKU8a?<`8{}*ap>NE*!b9+oHXPs7<&`3EQr;BgrQWIR|-=hCq)+TRZF4u6R&OM
z(}m?fG3XvCW=$*{34~^=y+XPHf3^Q#pP1!bn4|U2hd>6}9Hu7wWUDTpGxz=%=@P4_
z(tdA;!4dn#Q=fm9YY8{wHwMTZS3;Bpd1EkXRc+621tjLRK|1EHF?F&qtSK5;;V1ks
zx8#WRfCJmWvTVF}IBMCFjGB+fJY3{XztUi@d!ag;gedJ}X>y?euMnZ@*>)EWJyQly
z+E&;KdZA)q1-5sh1r0_0RhO~X7w!7`YV;i4S^p8#9o0Buj+<W5AN8)+qLlYTR8UdS
zdTC}9jP0>YlW{K7&PeFV7-Vay_Qyn%{(nktZEz?o(cqS6{`_AgZ6L;#Kp&O~7B)?n
zYwZf=LU{;n)l4f^$X0+@3*GYbcBW43com*eV>BdBb=~sRRvY9}kRPz9@>651pT~hk
zV`wm?c9Xes@MT7^kXasI^8U-ynL+pYn=udZ(Ut2|hYBSTbaqwZB_B>2oXdT+Lyl$?
z_AQ&D#a68heLp$KQ*<^~Za$4llqn&%VrnJZAe0J*u><IYQp1nU<E9my=H2#zq#R*;
zK)1dYl7}{_-;Xc_z6=0)5lrNN{8wmy37d=eVel8SJe1g7&7(m^T%s8fnS|Ofm{$Y_
z9B<RGr8%CwABbTis4Ch?^5&{naTPj@vwu)bG=BfK#8_0-oAOT%%wnJ8H}lNUJ8+;|
zY=y<WU8Dgn!in%@<cv!J#pTb@c9Mlc+Xl#~`;^|P3t<WsT_F$=_(RDuWlzLlZI%y(
zJ^Eei30AGms3B|SlfCS+>U1z`7yKaM2${+!K=m>xj;r2h3V&Z|%9^grR#=0*Vc{A2
z_)L|@v8rd(Qk==Z$8GUI1Zib*Oi6@1{nF=#P*MEBZJ;R;zDc`7xH^zqI_gU;rEeO7
za{50PbC;KSy!zGOT7F7i6Ck$iCcN*^%JGl(zr?HUoS7u4)82J6bQh3f7e5j=TG^Q&
z1*D4YdAEI{n$f9lFx>V)1i`TWCaX<Y<JJxplJ2m$%gw6CL%fyDZMa5+va50-^SsL&
ztmX?aU)Ky$_I5K0a(~26fSg`@NR5Uln)Gu?B-Ue(7@=(6H@+v-ucp!NNoptbU;jNe
z1w60L#_u$QHjlaYWkR*_<KBNIVWtR%@JkWyl*#Ebn1%gy_AJq^g4`!WthP4W%f(>C
z;Z621J=i#%_mFY8Dl#*0hwt2K6eNcbdL#l;gwxX1<EEQFuQodox&J+GiQ0uvXFp6=
z5n%WcZ8o{DB0<~G&Z*FDnfl-s$geQ25}f!Gv;VZVPK!>}96i|YwZH3ubO7n%xX367
z+<$9PAKboicz5E5x&MKo2rcw*3PGPjnL4MN`@?aq?tMC6Ov>oHv!>T$lB3}oH_!J_
zAoU?r=J1#jx*;BBo;PTZgcmf#qW4b--PRQ?){57lD6?_Zi+(tS*Wi2g+w5YZtFM2l
z%1K^H+>Z1MQzjNMzdt`<$%RSCO|mvO4XY@ers;r_W?<qck<jo5NxXGbT|1?+_ftKC
zPu0Y^=;5J|vOESyDJ9Ukr6{aHSJhlR*UrOO2Yao}THQto;VarLJ9vcE>DBSU%WTRa
zSPjcd&hNq$`Thmx<7W5-f~=X`Fi#fup@xE6P}-i?3liyk`tIZW@&hJA8yeXI{iimv
zXTXd05jOo`$zU!AC<{P%zYuE((%-LWz!ipQdB=xNmw2k--F~~3$WH5=S&ls{4tASQ
zJX3c2&w8ki-l%vt>-xG)>$Zwlxw2Ag3Vi0DKweBa3J}YgH!$3lICo;rtC&M&!^b(H
zWyPhcb7Z_RkU*8)A=SgXp0%uVv&7#m5zOtmNT*4gX8Qi4^2bt_N+zbY>H!kO1}Fl|
z^2GEcyDI+QCh@*}EqK*OQ+YXXdC=1JLxxNxGsXqaud0gFb@eo=13T<pJVtKQ>6|M0
z;U2MhHlwFe#4%$<>34BuP#2*0aB5FXYc?cn>)d^AdFST#{$5Q-hJJ0;UlxqyJBA{v
zRCy$&vdxoiOOLyuzg0cXzQ|&SKT4eCSs@E`LSZ8xL*~u7I?VwB<m|taui|v*HCsS8
zln24@)}-1mn#|NIT*Tq{b(@s1cmgO_22XDktYpVfO2wvJc|@6V&s4$fKGW+!t6S<?
zN0zq)-U9L-(cE*ol*GESh4Lzt=sY8F1`}uUubPFZbC1Fm!U;iTN14ZbestY51b0Zp
z!FNA>f!RjSFyFB8rNU(;s;LMtF(@rVz*C<0Fb!;{dmw=KQS`5&)yz4!OR^%3WcnQ!
zpP6gW?#1@6@tg5QmxW#HOHmyojZ7Me*Ifw$P`e==<LFNtPo8gA$HWB~0#?;QSR}la
zp66)O7H|+c5FB(V2&w}&0IE9e;~Tf=|AX%<@HfriXP$D7h!oxGpZY8Uvk9Lc`Qtlc
zc{cXkA*4iLonT`h%xLyAv?-NFuOT}E8l};KRiwhYPJ77)xvZl;Y9`^CZ)r=xxC?cx
zf1%Khw;~-;=EKq}nDl-Wk^p2wb!uO4h@v#XeG?9t#~B~EFP0&BD~OiTaZV)Hnrc&`
z&keW9uG(DP-|LHM!?AbUw+?XRjpamuT6z51@td8drYRn3MXly`np%Hq^GFrmmVe*+
zG1haQO>p;M$>0H%L2jm5pOG-H>aky`9LS;{AH&x>h{}<*w4M)JhOWs#jaQ;}y<$;E
zyA8lFE3xuokGV0Jxg?$Nmm8TU(M5TZ>TUdNe*^AH$j^l&_?+b#VIqzkK20Di%{VzX
zbnYOHyRT%=P5R1|s(})%b$@5ih$S5cu#^~vMMu|0pb{~up1Vs+!73ij*Dn5=OP4QO
z*1~IPT(W6UWdDRkfh6xS1VOap06Kl!<0Wy3Eu_t-#s-z`%663H%G?SgedU@UTL~kz
z<lf}sNIc&h1T<%L<<A_S6=wDur{^c-<*UwxQKG}1Lp;lfW%&mLMu5*C+WTtOkKH$H
zkH(Rat?b!Bv`Y|Thct8a)HdC1cjiq*Nm3cD`#9toPJ0jo=9UHnSISx-d;TTSbMNGz
z6g0@?Se$MU^<a@lHA&1?kSZwns3ydkn1O)-rC41c2k-Qans+0QOo2*MlHinsC-c*U
zY@0dFXRKitF$s%!pMR5P{UGPPfc-*c|ABWcIR@_Lr;$^HZmx^N0U{m=XhNVEU|Bmc
zZOMV}0|PxcId-K9EO>o86+jbVn^C*MFf1<vq}Cl9obxD}#jgBer`4Ltic753m?R9e
zln<y7(7*r?vjAADAhy@l4wb9QL&GHma4!G?rPY;mMlrq{ct(QpB881$*esu`cA|B?
zgI(r^IX)WPJ(%H{fMX3@nRvJck5{$=YbS#-S2D)a6zTu~0RL*s>lzQc>C;`Aj=$j>
z$P+SX{q|;30ADb=1(U|IU_QQj&#P@H+mwm0-abxa#DBS&?X&;`;mNT9^myN_20Q8h
zu^&%}THq-G&+dteIF&8zCA^`bw1h>7%FmITV0a<#qOE>yioZ314Wj8KATWE_6PFt2
zEA1G&D`V|AsiLE^1HN$CR3MkQ{Ty4W<Z=EmTSKLY56a1SNZoWc-6*M3AE4w)73y~;
zK0z_d$3T<Hi@QVlmJy3kU048azjvb6HaH02kM@9OhQ;+w-Jy$#*#XQ_;siDvq-;6~
zaYCJL&&vn+&?AaTa{*hQ&b^hya-osQ5U2`qRWt)_?ApZtL|f5ds*8_!$&V*)&(j@r
ziBy7TF_+sgnDX3oVnnt7kA^i@a=HXY5jHV$x+Ip<HsVyo^WiR{tdx2_h0h92_N2}F
zuWY&GkpErkE%s1)#<ZH@ez*{MeE83@u#w>IKO1BLDGR6=DX9G)BOnl9ch9uHvg1P_
z61=lw#I&BNHIC!2Nm7>1a$77G)(1(1K+SOA%8GZGS16Y;JY^YIi;Kt=jW(bFR?1`&
z-Xi5L3}|i2vL;)gY~?v+)UJQ2aZn2tq5f;nS|H!tE*7R;1SSbB{(_XU%nepljpL2d
z0>u>z+7ay}tpF!QaJD`&;8IXyJZ3NwG;v>-H8%KQ#_(ynG;o^@u1!v}ihtKC%}mcP
z&(9*aw^1+1)ck|ArCPv&`Q}Zj`f|iAZgVhURlzi__^8wO{y~3q<gBOC`#qTAmpm>e
zi8(1hlBS1POz_+-`OI_X6Vr|)fd&W7eZKMK*1JChln9M+-6@d>hHa-)BZ|b0P@1DV
zi2NP3{K9|#<COg;?LFr`#18O$WMb29P0#`M<%o?uo%&QLjk>rjH2rIg?w?>YqNEwI
zZ)JaWCQ)U5N}NY?44B$b>rmEJ-B}JEYf#9*DHgsZd`mVf-?MMN_RiP|5F?md7l>;(
znz{AqK^i|3z#LZs`F^a3xORp4s&6hKbJCr-dKW{vQYa$#G{pW2c}WT|ugTmAgYyo!
z-^0CGs8vLxjYcNG#bQD1V9m$I&QRg?3S?6E{BTD3{SUK&EibMqvM+nTBKZA2_P<c&
z+qO0uR>>g=3Q-2&Zw4eJpYywx9q1DL;-TfS^VaCKCMG~6)rHD)FCjfp!&9)M(oj`$
z?#%rtqZ7*@JO?>rglOe0oK<lnCMDL5_0?g92B>PJmpH;T(jCx>wON&?7eNu%6~bhu
z9!!s<U_npl52}+`N8XP-6AEPcSz`dSG2C-p!1EX3L2J*4<j3;Q=;p&$r7YH!GbZ*}
zUEM9yOW@khXP2l<d{9PwbDoL$6S0+NU)F)FDQF9_UGfj3`zY1t)*y$?l`4f%+og!$
zTZcQG^{Y&DSq1N=?2j7Kz>UK~h&!gh+YBRXEgb)brkFH2>MGVDsB>u6{!3n>DLi{|
z87ZzzxKcLlLLC4tBPZp*OAyNQRmVZAR+dCA-PMsDpAp{0%?^9P#I+vtZtTzz2a{;w
z38s@^qePE;bPn{aUT8c;&+cwOhiY-e5A!rffp`kDolG1GAZI4$vNvPW3Q`gp!;>OM
zb*41ff!HNc{Q7e-iQNI`b%u?9Sj}_nK9xo*+IXNYjk<oh9Zh@ojfwmLAV6Zms(9iJ
z>oK(<A@NSs-s`B2yb-WZp5u|69-8UsQlx42q5kHJSuWbVh&5+S1|Wl3HXo;XJsJ7d
zsO}!|s{g)8*Ew(*stlaTbCv8G^`1&TO3pIV!`MjKlG0n{2pbdCQUVMHUsa-pHsTJ&
zmY8-+o_Lg>@3-8NfSQf-C-MzV(axzCj-jPoSYVa)`So3ilc7<;qSPy$8Ds$dxtVEa
zdW@fO#x9;(_<<cbWhPCV0!u;WMyW}T8D>_j3&a04FpyK4GX!JA!FXBJXv8>WkSEqp
zc~-6z|InvnmKGNsj%UY7*p;an`dN{GfpP5O+}67*6UziH%x{PT+M0Cz52r!meV)IX
zu>8n@d99li@jkCf^ZXTQj<;Ki)5}aHjJ)TTF;bqAwYZmnnuxF@y6;mD6fd&lip(gO
z$7HMaD+eAfZDhBCSleuGHk|ax5CMA{){S{~*BcK}e0Z)7c`QHMBXBNa-$4QBOerlC
z;z{%?Ph2okuI13!WH;NcFq=;HQc%Y2sw`-?L$eQQHt)U}fsucMge7ZA&gV0aGCVWu
zky*1RywUABvarF|2dMnFYtY_8-0FaVx$&Mu6~v)Hk_;6tR2AhvC<WGFa<B&9#ZM@5
zu&PDO>-1ak)5#ALl9V{Fu{CO#o`ZYNOhsz1Nwp*i|Bvg^LN5cEuPYC8J`n+6kO>;E
z)+;N9e~<`cA9ZH7YMP6j>i{qydwsTn0Q;+qX!@&%71v4GYu1aKY^{=@x)sA=Ig%0v
z9PJpjeXA>!`c7Ku&_BZr?n}SP<67Boc@oU*%yZ<!AGgLfRq6x)*ezRpRx9Shd#fXh
zOX>A5{g1O8!(YiaWDLssGAEK_1JHjUl`S-)D&Ot0N+t@OH7p<lX4ex?N^O>qgnwIH
zj61jj$a)jAHNcP2LWeV4ct7E?2Csh-nw6SAvd$GUahn$AAsPj&$1!V}TeyJjzW8!9
zPW?&{b|>}G<|mF%XT@1<b<2CKt`C67xxtw&AY#O_0;>$<E{N;UUko+ZS@L?a3hXoB
zM|`msHUXMqJf-(dxFj{MLzI|gQ(1q8Oy+r5+>h{%@9X{^{rb2sJi!688f~+oVh0T!
z0=oR#DQe6hJn~rIP`;(B&QlQ(qtXZ^Lxy5dfH~uU8<jo&dA!8NqK<^`{+r-DJJhRA
zvA1foU7sqSvMm&*EBj8kBp0<*<Oei(tD!IJkS>92aXy9$;oI7$f`e)3n+x<f{u2zT
zvh8|S_cO~f%>02i!s|t#dHDV!g+)u?x1lD;7H_XEbx}mQHXYhGGaj*XIgkD(Q#h`$
zqD>sTI!)Fd{@j-a!;jAdj~-&ambX+eSh#lx?>=3|27JIh;LP9sa->2zam;1nkwYn?
z#7e^dpCY{lMOtTbRJW_s$!r(pg`ht6j>6v`BZar+2AGGIZ*ekPE|C;49asPW0PI%(
z&gO~4aFD*YSX@HTpKW-2^p9=7vak^l?&5GgqsLVL5knf?Y8<z3g|L!BHWw&_i?PXZ
z$uxu>$i+$R?|HXj><On|Uq&nNs4kcN;Q&Qz)TTyiR)}P;ergIc#CKtRn1b^cokk|g
z8)D5<)o}z1Bf&scAZGDxhu~eIng9CDu`?ts@UDx_^D2jVPehvc>-&eq$fU#z2BfI>
z><1HuandJ29n!Q>+n$^KP(JIX@{}AvMMm&%zH&a<fA6u@eqlll*p4vft@DVORF8r;
ztUKX9ssMA3ckOe2&E^~*r3fn2zt}oKbzLnQ`7I;#TFz$vfD-?1Y6%q~=*XAfh_UR6
zYn4M&Dzy3y-Cm<}4nJ4~<PFB)00OuHRiF|jetjI?9Si=SM&ly~o4*K5vuBfSYHfCR
z*|R)_`OxNRnzNVcO&(1DW+L0_Jf{TTNjXp21K~f?&herH%*u~Um-`W;jpT;(Y;?4%
zA<Ax&OxL0Tk*vmLYcp;iUFBlOzJUIA<29pr?{V2>GNZMFf}nwyTE~`)qaJD99Kp%Y
zU>LelKKu2aiH)f>Icegs4Xq;;bGlWJ%LpEKCiI$KFF+5~jdEv>uJmwqF|!MvnK?>5
zm<;IdefU~Suzc}-WGrr~T!S1m6|L{KRZlj0tsD;|LGfr;0EPzcwKCP*4|aQ;ixPvl
zkk+^UmFKKG_Kck$Y#zNQEK#09cbYe_PF$2?ht?f&xS|wjCO;dBcJ^KqX|KkNcK1|1
zfKwdLha*~;#>U@YZ`}jlD{CBRTdPLaG>LL(?ob~PqRkuFCoW254MIz@i3Lx0)n!5*
z4LB`;pA)m*8mu`4uo+pk)Hkf5AX^C;8eO1=0X5Yov{NcVyj6Zeb|-$VrnFpGYbj7o
zFr&>EZw!Dixd{`BkRW*-`6pq$A-XA|4U~zX?%PUj6Ug4<!%{b)>Ym7-II0m5(kJZH
z2^mHZ>i2q^hAIEQ&g$g1O?>nsPKoYQPc8Xurgck;0jUmT*W0ju83O_#F`ZA)!NZ-|
zCw<RgA(g)AhRB$um<=sNKX*=fTC`Wm^`28zX|m~r8w-RVGRT9}Kv@$z?EzYAw+SV@
zN|JJjWrn%TG~gOJhhETm?VG-|@&uE#n_Jp<^+o==n?qdbI6jf^JubB+dTjU5l4J05
z-P5(lRgpb#r~sh-1`^#Mk;_O%%5=frv!eS&W(^ug`wDJ90Gy_1u==Ndw?a<Nk`7aO
z-`(;!{pICRiuR>c6k-E+UqpFl*`#L`R}teh-8j>!G5LCVnNXG46g2+HfTb)$Y$<Jz
zQ%R@s`%^DF$Bv&tfr<lryueDO?YoK5|8bUudkh=M;BBT8|Bx8zZ5lTCY<8qOwZ^re
z2nrbpR=hMsikvFA3S{~e?4s|Dmh^-KQS*CL0)G&0lVU$B!ssm)`$@JV=j<+nD8_zc
z9>h0vOhKeak_v9`iaN~<kqd4TX^aM(ZeS=b1+Ii*t7|M0PsA<Zu$$yY4!Q;D-&uYJ
zj4hwk{t$T_zlN`Yp#6!56(QD6k@Mqo5fBoK@{*F=FpjfQC`1DVB}#lnG}o?KCC)AN
zI;1#nFLY*nDsbI&7;f6%W=k4Ku$aOp;grWz<vuaWpf8gJjOx%VDfZyzRp_VSS0-I%
zbbdfA#<TSe>f}nVo*Rvn7d#jpnyOy!iN~7~>lsyg<U06J(5S#|eJhDp^bgu_^>!N=
zqGBa5HBN2Z?gDw6OCk~u%6EQoMdFK_u`DA3SJ7_H;6XGcW&ufVbuSX;zk`%MY7=L&
z>vrCZ9WRpZ$`O$zW>1ejl8uXXtmT~*kt?$=EV9A^=q6Xhpox*2@#e@uW~?juItJ|8
zv}2>xvit7}GbFR}WVUeTGe?bqf@nq2Kz0d!|5Wu{Y9<SQ0%PDT=RJuf3_hZo!86Wk
zqY_6F`Yx%4dH>7;E%TASI3?5YM&pxULmK0?Fv?sMx4PYQYj+rL3;T1cv^bW#;YZcA
z<uL5g+8Yl7dPgHJN_rjiK%^}aT!j`}*ti3*Om$T+2&~lfhqs*yIkOe4XKjlKOjuHP
zC>@uav>Y1t-ovOX)cB<c?F(oP7%IkLHR_~NE%mi3w=FZ)Yi+_L>;x9PN~)$8@DuNz
zo%rWvKoJWbzTlykicL^pRBj$*jLzy(l}GLDMfKd=g;1WG*D<pq!Lx28a;-b?q|8$y
zA`EdY64!=qDj~P8H*q-?z~0f`5}5`BYE)eEfFQ5YoO9tm=*u!%SX3P>7f>(bE!jq?
zLJw;Qk?QP$y8g6+!2-!bS0h{I87&^r38}m}c#llONOcloV4uAPB4qXsxYE*zs>kTd
zmnws*^Zzg=?r%Wg-i0|ADt;4RGVj$6B9u7^a>O9CkSyM~wb2(NRwcgfy#9h6FJ{_<
zuBa%zHaMShLFKQ-ob!S?36x+F+A8dB<o4zeSf<}xpFaDispxyu=eU{QbxrPocI$13
zJg#Dr6GJV)$#rn}!2|QFNc>`Rmx#GBU~h%4I@s;Mv@ef}Xk*JKKu$u+(Ze>9sVCJ6
z{{afn^;@#51A7(y&7<|5C_8=x1KG}?h0@bR-S2#y#{%hX=;a(t&IHU2@=VV?o`gxf
zD`m4ZQx%=z^@HqOXf*PoDLIMO8cJ7aXfBF)rw8$_<NPbwe7eX@AOMe(&l1Q?RZ4^m
z@usJ<qo)jO@@N>o5Y^pK4vEOv?7R|@ZxtJ_tDKwBN*A$MhgDp~8$ZijuG%>$`2T6z
zmaJLiWQvM|`4d_m3p#1Y56l=aY#xHi6k~Eq@jBHkbuNFF(gdCk)9!v3Xo*oB1&hhN
zrsovNs<<wE*;7IMU*w$)7|(*+=g0TSLbZ-r$vSQmO6L<lV~KLn4p#z|LRtEAN3}E>
zDSy@&xeudSK#P$nw3ulEJZ?;%!I~-0va+4)RXV3xu6Ob-MTOn`W5^A{sM#~6R9PEP
z$#VFf9()b^|38;eHmJ1*lW=_e9WUhHcqg?f45hY_)BhQB$~|YMQ6ie}p4>qz6YSp$
z#EfoOcQeG9Cil2W!_PTq8|Q!0WRnPBSwe!|U9}sW^HGAeq>1`lXB@vnF#=J9$~elw
ze<iKlJ^d{QnC>tj^II8|b+KT>0X&e(CjN)0H^!u4u}yp{Tuxc^T9TxY+!pVvV{Dm)
z+7a)UOBcvVZ;1ZpzbVo-J<I!t75g<(&#Ebqjrv#~ns$xjlgP9@)}Ii|kQis@yS3Jl
z)C@~RPXcViVXOO$<U-gXG2%DxMD<EC;4mMQ$Hm(CU0G9>FEaxh4j&4fEEU=iO|B`s
zD;i=6auqz^*iu%{!!aIgQbKrh4w`uihAkn?)xk!&xL$T!-dIVu-8mC4b0@l75q+wt
zH-Mc!BB`t8R^5V7rFDUNB;t180y16wI5kPmGj&te-yLKkX*p8WSM3m3aw1*UBX@mZ
zpjrqEPIat?PXQfkl@td=6Ax1nueFOf!rA}Yl<v$2(=QK`xZ*_ooDlTF*)iBj#r~2(
zm&iekSioq6e)uB`4k_%a^(pZ@mlh0qNbQYc+2GW_wSo>gjXGE_HYSYtu|Z82D^g`Z
zTu#Wzx*R4%G2TeRj-26v4RyGYG@BO$DxJ)H7vAX*c6-zIcX^fs_^c!IZwB|9n(~uW
z>SW@iW0rmnv+mihy8RpcsJB!xCo7peo-VHX2tRA-K(j^ReSm3mO8@}F{dOurrLr~T
zVmtYASv>ThRU{ztAK8A!314!vpjK)Ax6VfjZ43V)r2ASBqS&jbPC+N!KhoW2NYzkO
zd8&GMi7g;P1y+JVAbmM(-{@fZL~DbAO`ze9WY58e*`yU7i#c%@3(P4o+2ay83t2u>
z*+0cMo>KJYZj=O%IN}C*nizOJSFVcX6;9-WZ1~)y4{raSG|$?2+<Q?~L&SrjFZ$!0
zR=jmpy)Tf@x|>Nlk)cOytLMv0Kbs0}lDJL#nz0pG_K7&-WMet(Oh+IamVK=fL331`
zK}%|bUGTX8%1;m|{G{SMvW+7ST)IYyuj)Pc`O6b2+1Xkwf4I9mgvgy@3(Nb*u&AiL
zXTTR9jxy9#rbF=utBo`$a__a)e7;lO`ojB{9O3r=d<hf`rtmumTNC~=wLpGumz^G+
zrUTE4$-z0lFy-$eHlA@^*?{BF75kO^Hq5VFB#KJJ7YpuTcrSY$wqBfXn`d}xk##0K
zDCB8MnPtcx%b8ZXWNFtY=AN<g<mBqjMv?c;z?;Q}Ulm=o(Ovnlj2lqhX=X96w1HMW
zgKSb0cha&too^nzF3t!D_nK12mR({7e1Z0;Ww``r`hI?+aa@>ih`t(>|0<gz1apG)
z?c^k{jUAK{CRMpW0b7_^5FF~xv{WCM7X4x8Sq|uBE(bn~p$P@tpQvk9LryCY@6Fu!
z;c9ZT(-m+A&v$f+yL0F6sdIJid(o_{s>N73m}if=-UkQJujShB{PE*NeHHGL0RxEy
z-nd0zZmTbLWRenw-b@1FbD<Z-*)CHb7C2(k$)!(2MKf#V;keahR*D3}op0iaZj5C7
zF=((C^L31<Y>fQQmHpS>p7~NRnKWVA3n6HE=m;&-Vj?%t!cSCF^&)M*ay36D0Ty@=
zWd~vE76L64Xk&)1i6*0S<t3Q_LzEY9Q7(<UT^L~CBnhF)wMo!}3Mw@D)jo2B9S*C5
z`ssmn#?Ko@2nP9NE%oKqxl9mLQ47Ot^;$o@6s{ShFT`KemmH{Y<LuN0F~44i)I^f?
zYM1?JD9{g1R7O>pa???P9l!TSTB?7(`oSGGn`cJ6IS(LXL+BAdHk3t6jr~*GRTzYn
zwy6YEtyZ=!Hgg;NwJxJ7H$PY-ArHxa?ca~A%W22=jOq3qs7;fGS+##|Z5JsCCHgWR
z_#}jAxzzrnjH|fMX3r>l8-`Wk>=N#lltJ}6w!pVQFq97q+1zw=KfKkknpfwUK0Zq!
z9VFTsx!i457X@kR+??v-i1BK7s*}*((fVBJ0T4vy8!2s(_dg2_%2;Dgqpcx?Hh?;8
z=*`b;`v@Ia73`odipyWn+QmqGfy^rDEG)RWnPji3F3tpgH9p<Lu(G53okc+WpUnLi
z|FJh=`fr6?av@@8%h7`~nty)trs*Y(a7g6!g!(t{-d^Uy!G08Gc95M@UKj1QVr$a}
znZsLL^r5_69sd7>jL6Vfq_G=EE6%LXB)6eaq!YUKCT04=6|o9_2iOSQ!D-*6`yk$&
z{{$FKqSapuU*~9{Y7FbP9par2>$hEKAEx}yDoW#!xrztz(x#Y(tpE5R+RXjB=cE&>
zGW*=3soM1;!zTO(Rj`nz{1>1eEHEF1IhGs(84~?ZaT7Ad?Mo_DR-t3>q<unq9D~kQ
z-?nII0$?@Wy`&?^h<nvEhLNXRS(D%ALu%dCU47J}I-|IJNbY;JmGc_lYilU=Q8G{u
zG#=S7leMoKwV4<QySK-+7MlraJ0n~3fjJp&A2g%1Lx2DP0GZQ(JPG)caYkTX!ra!q
zm<3SZ)T*c3`b4;`atT_5N5o=t+8ZS>i~RzVL|A5oH|H(>g1f$?V>5%i{~1e~J?^6;
zx!80w_Ua543uFTje4fIbhx!~<9pDoO2id8Y=!B~<wk{vf6f$WA^ERn|=r0`$@G8Eo
z45`e$qoEc=eXSa0i97XIKYM|eL*ad>0W?A6RyUfYpcOr_<_13vTe=0SBnQYBWsmX@
z+1A_ArX2Z)^m0;L)05B+*aMHsjWY5%xE78_=9VAS5cr?cZhh%&qfx7S(XtgwWTi0X
zO@HIdL<|;3EiT1iwR3rg6fp?8ChQCmRMiZaJ7|7rsnU6a2{F&<>`*tfNlp^ys%i2%
zi)1KQ{R*q(`?$z(+fy-8pZv849u(?PuX!iB;nw<_iSO(M&I{Wp8pXi=w{Qdu^;!M0
ztyrEwlA!RU*np{cq?f91u6LX>PUHQ}D>-UQ`P2$U?OF0TD2Zs10T3>rV6L0_gCx@5
zm`EMW>ZKJJckR{_{+gA$|J9h>gIm^<4J9p8*v)P3biw%Bmr(PYr6N(}p+*!9y&KaZ
z$P62_6#N<lyc`p;Edk0Rw=vjhT{9JZ@1q@i{@bBOMP}~=H;PC=X3oy(8Blx_K|d=u
zcs3E!(8rOq?vbuPfm@`3XkwPk0#IEi3aH50Yki!5)YN12n8pM{jZYTr_HOY`j?FZ9
z7Go!pX<_|9-;Go~+mKk-&AsS1tYmujRMa2ca&Cqo06m953rwEo1FZe|zGlrqDzp8F
zbcSVjfCS3ZG($3TyC5X5gv8(mC4yJkEnVQ}1!Jgj)-UmIaU$ogOI^k;YBZ<SMNp9X
z=n9v3{YBwdwK+ob43?nhqW*!I;b5%I0w+!Mg{BMay#fRQ1qQel;|y|~b}x{a*@Xua
zhGA#`G~W8OK>!S#z!KCbi2Evm$4eZh<OdUmVQ2s}-ukp{k<)mPaX4lwLN;oz<_@g;
zc{WLG4?mU?afUdYGay!;mfip94krw~WT{JzB29H-98MX3>?u*z(3#)>iA7w`qDLME
zD=E>A<~*E>3`sp@THq*q^Y8=fCCcK9i1P{T5`@Z#Li}?(1V$VT*z|KQyKPihQ2|Gg
z(rlDf78F2H<TRTl6-9**6nPCM$wg6NL<Js0NwQH?SWy8-kkV|FRTdOLQL-ky)&`Q(
z1V9jum>}L!O`uSPb$oRi&-YY)cQqpuufmI;M`&q~PZkr2w{MMZwN@jf?%q*D0YVjL
zJdTsQc|{Bb2vwZ&I!^876fhJaR&&VdJGYcjz)*!*&m*Mkp;{MX6-U2}z}_P{yPg~M
zPr9I1xIR_9DacY8Wh6iS`N9U_Tk=dEE5tKdMWrg@)u7B2BhT+!W_sK+hs-%>%}ind
z00001X7k+rm;eYys2~+3^Z)<=002-^K}k*k001~bNlgRo0000001yC30000100IC=
z0000100KBdNlgSO0000001N;C00KYo00000001~bNlgSp0000001i-MWmf?Z00sbL
H00000em=Vu

literal 0
HcmV?d00001

diff --git a/docs/docs/administration/oauth.md b/docs/docs/administration/oauth.md
index 6fcc47d6a4..2ee84970df 100644
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -110,8 +110,44 @@ Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to
 
 ## Example Configuration
 
+<details>
+<summary>Authentik Example</summary>
+
+### Authentik Example
+
 Here's an example of OAuth configured for Authentik:
 
-![OAuth Settings](./img/oauth-settings.png)
+<img src={require('./img/oauth-settings.png').default} title="OAuth settings" />
+
+</details>
+
+<details>
+<summary>Google Example</summary>
+
+### Google Example
+
+Configuration of Authorised redirect URIs (Google Console)
+
+<img src={require('./img/google-example.webp').default} width='50%' title="Authorised redirect URIs" />
+
+Configuration of OAuth in System Settings
+
+| Setting                      | Value                                                                                                  |
+| ---------------------------- | ------------------------------------------------------------------------------------------------------ |
+| Issuer URL                   | [https://accounts.google.com](https://accounts.google.com)                                             |
+| Client ID                    | 7\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***vuls.apps.googleusercontent.com                           |
+| Client Secret                | G\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***OO                                                        |
+| Scope                        | openid email profile                                                                                   |
+| Signing Algorithm            | RS256                                                                                                  |
+| Storage Label Claim          | preferred_username                                                                                     |
+| Storage Quota Claim          | immich_quota                                                                                           |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                                              |
+| Button Text                  | Sign in with Google (optional)                                                                         |
+| Auto Register                | Enabled (optional)                                                                                     |
+| Auto Launch                  | Enabled                                                                                                |
+| Mobile Redirect URI Override | Enabled (required)                                                                                     |
+| Mobile Redirect URI          | [https://demo.immich.app/api/oauth/mobile-redirect](https://demo.immich.app/api/oauth/mobile-redirect) |
+
+</details>
 
 [oidc]: https://openid.net/connect/

From 298370b7bea74c7d9814e53bdcb5540ddfa82cc4 Mon Sep 17 00:00:00 2001
From: Michel Heusschen <59014050+michelheusschen@users.noreply.github.com>
Date: Mon, 27 May 2024 10:19:08 +0200
Subject: [PATCH 10/14] fix(web): validation of number input fields (#9789)

---
 .../settings/setting-buttons-row.svelte       |  2 +-
 .../settings/setting-input-field.spec.ts      | 21 +++++++++++++++++++
 .../settings/setting-input-field.svelte       |  8 ++++---
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/web/src/lib/components/shared-components/settings/setting-buttons-row.svelte b/web/src/lib/components/shared-components/settings/setting-buttons-row.svelte
index 8199db17b2..f479112dee 100644
--- a/web/src/lib/components/shared-components/settings/setting-buttons-row.svelte
+++ b/web/src/lib/components/shared-components/settings/setting-buttons-row.svelte
@@ -27,6 +27,6 @@
 
   <div class="right">
     <Button {disabled} size="sm" color="gray" on:click={() => dispatch('reset', { default: false })}>Reset</Button>
-    <Button {disabled} size="sm" on:click={() => dispatch('save')}>Save</Button>
+    <Button type="submit" {disabled} size="sm" on:click={() => dispatch('save')}>Save</Button>
   </div>
 </div>
diff --git a/web/src/lib/components/shared-components/settings/setting-input-field.spec.ts b/web/src/lib/components/shared-components/settings/setting-input-field.spec.ts
index 7b59affdb3..642492dda5 100644
--- a/web/src/lib/components/shared-components/settings/setting-input-field.spec.ts
+++ b/web/src/lib/components/shared-components/settings/setting-input-field.spec.ts
@@ -27,4 +27,25 @@ describe('SettingInputField component', () => {
     await user.click(document.body);
     expect(numberInput.value).toEqual('100');
   });
+
+  it('allows emptying number inputs while editing', async () => {
+    const { getByRole } = render(SettingInputField, {
+      props: {
+        label: 'test-number-input',
+        inputType: SettingInputFieldType.NUMBER,
+        value: 5,
+      },
+    });
+    const user = userEvent.setup();
+
+    const numberInput = getByRole('spinbutton') as HTMLInputElement;
+    expect(numberInput.value).toEqual('5');
+
+    await user.click(numberInput);
+    await user.keyboard('{Backspace}');
+    expect(numberInput.value).toEqual('');
+
+    await user.click(document.body);
+    expect(numberInput.value).toEqual('0');
+  });
 });
diff --git a/web/src/lib/components/shared-components/settings/setting-input-field.svelte b/web/src/lib/components/shared-components/settings/setting-input-field.svelte
index a92482b178..d3da95ebe1 100644
--- a/web/src/lib/components/shared-components/settings/setting-input-field.svelte
+++ b/web/src/lib/components/shared-components/settings/setting-input-field.svelte
@@ -9,6 +9,7 @@
 
 <script lang="ts">
   import { quintOut } from 'svelte/easing';
+  import type { FormEventHandler } from 'svelte/elements';
   import { fly } from 'svelte/transition';
   import PasswordField from '../password-field.svelte';
 
@@ -25,7 +26,9 @@
   export let isEdited = false;
   export let passwordAutocomplete: string = 'current-password';
 
-  const validateInput = () => {
+  const handleChange: FormEventHandler<HTMLInputElement> = (e) => {
+    value = e.currentTarget.value;
+
     if (inputType === SettingInputFieldType.NUMBER) {
       let newValue = Number(value) || 0;
       if (newValue < min) {
@@ -77,8 +80,7 @@
       {step}
       {required}
       {value}
-      on:input={(e) => (value = e.currentTarget.value)}
-      on:blur={validateInput}
+      on:change={handleChange}
       {disabled}
       {title}
     />

From 351dd647a9bb8c4c192e22832233b76652c452a7 Mon Sep 17 00:00:00 2001
From: Mert <101130780+mertalev@users.noreply.github.com>
Date: Mon, 27 May 2024 12:08:38 -0400
Subject: [PATCH 11/14] feat(server): better video thumbnails (#9784)

---
 server/src/services/media.service.spec.ts | 18 ++++++++++++------
 server/src/utils/media.ts                 | 12 ++++++++----
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/server/src/services/media.service.spec.ts b/server/src/services/media.service.spec.ts
index 9fe0038232..5ff1b135dd 100644
--- a/server/src/services/media.service.spec.ts
+++ b/server/src/services/media.service.spec.ts
@@ -294,11 +294,13 @@ describe(MediaService.name, () => {
         '/original/path.ext',
         'upload/thumbs/user-id/as/se/asset-id-preview.jpeg',
         {
-          inputOptions: ['-ss 00:00:00', '-sws_flags accurate_rnd+bitexact+full_chroma_int'],
+          inputOptions: ['-skip_frame nokey', '-sws_flags accurate_rnd+full_chroma_int'],
           outputOptions: [
+            '-fps_mode vfr',
             '-frames:v 1',
+            '-update 1',
             '-v verbose',
-            '-vf scale=-2:1440:flags=lanczos+accurate_rnd+bitexact+full_chroma_int:out_color_matrix=601:out_range=pc,format=yuv420p',
+            `-vf fps=12,thumbnail=12,select=gt(scene\\,0.1)+gt(n\\,20),scale=-2:1440:flags=lanczos+accurate_rnd+full_chroma_int:out_color_matrix=601:out_range=pc,format=yuv420p`,
           ],
           twoPass: false,
         },
@@ -319,11 +321,13 @@ describe(MediaService.name, () => {
         '/original/path.ext',
         'upload/thumbs/user-id/as/se/asset-id-preview.jpeg',
         {
-          inputOptions: ['-ss 00:00:00', '-sws_flags accurate_rnd+bitexact+full_chroma_int'],
+          inputOptions: ['-skip_frame nokey', '-sws_flags accurate_rnd+full_chroma_int'],
           outputOptions: [
+            '-fps_mode vfr',
             '-frames:v 1',
+            '-update 1',
             '-v verbose',
-            '-vf zscale=t=linear:npl=100,tonemap=hable:desat=0,zscale=p=bt709:t=601:m=bt470bg:range=pc,format=yuv420p',
+            `-vf fps=12,thumbnail=12,select=gt(scene\\,0.1)+gt(n\\,20),zscale=t=linear:npl=100,tonemap=hable:desat=0,zscale=p=bt709:t=601:m=bt470bg:range=pc,format=yuv420p`,
           ],
           twoPass: false,
         },
@@ -346,11 +350,13 @@ describe(MediaService.name, () => {
         '/original/path.ext',
         'upload/thumbs/user-id/as/se/asset-id-preview.jpeg',
         {
-          inputOptions: ['-ss 00:00:00', '-sws_flags accurate_rnd+bitexact+full_chroma_int'],
+          inputOptions: ['-skip_frame nokey', '-sws_flags accurate_rnd+full_chroma_int'],
           outputOptions: [
+            '-fps_mode vfr',
             '-frames:v 1',
+            '-update 1',
             '-v verbose',
-            '-vf zscale=t=linear:npl=100,tonemap=hable:desat=0,zscale=p=bt709:t=601:m=bt470bg:range=pc,format=yuv420p',
+            `-vf fps=12,thumbnail=12,select=gt(scene\\,0.1)+gt(n\\,20),zscale=t=linear:npl=100,tonemap=hable:desat=0,zscale=p=bt709:t=601:m=bt470bg:range=pc,format=yuv420p`,
           ],
           twoPass: false,
         },
diff --git a/server/src/utils/media.ts b/server/src/utils/media.ts
index 5a57f0f0cf..419b7e2d60 100644
--- a/server/src/utils/media.ts
+++ b/server/src/utils/media.ts
@@ -319,10 +319,15 @@ export class BaseHWConfig extends BaseConfig implements VideoCodecHWConfig {
 
 export class ThumbnailConfig extends BaseConfig {
   getBaseInputOptions(): string[] {
-    return ['-ss 00:00:00', '-sws_flags accurate_rnd+bitexact+full_chroma_int'];
+    return ['-skip_frame nokey', '-sws_flags accurate_rnd+full_chroma_int'];
   }
+
   getBaseOutputOptions() {
-    return ['-frames:v 1'];
+    return ['-fps_mode vfr', '-frames:v 1', '-update 1'];
+  }
+
+  getFilterOptions(videoStream: VideoStreamInfo): string[] {
+    return ['fps=12', 'thumbnail=12', `select=gt(scene\\,0.1)+gt(n\\,20)`, ...super.getFilterOptions(videoStream)];
   }
 
   getPresetOptions() {
@@ -338,8 +343,7 @@ export class ThumbnailConfig extends BaseConfig {
   }
 
   getScaling(videoStream: VideoStreamInfo) {
-    let options = super.getScaling(videoStream);
-    options += ':flags=lanczos+accurate_rnd+bitexact+full_chroma_int';
+    let options = super.getScaling(videoStream) + ':flags=lanczos+accurate_rnd+full_chroma_int';
     if (!this.shouldToneMap(videoStream)) {
       options += ':out_color_matrix=601:out_range=pc';
     }

From 21bd20fd75c8ceb38d2e5e7c2aa2ac176a5347ca Mon Sep 17 00:00:00 2001
From: Mert <101130780+mertalev@users.noreply.github.com>
Date: Mon, 27 May 2024 15:18:01 -0400
Subject: [PATCH 12/14] fix(server): nvenc not working when there are no
 filters (#9802)

don't add format=nv12
---
 server/src/utils/media.ts | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/server/src/utils/media.ts b/server/src/utils/media.ts
index 419b7e2d60..b33d4cfdd4 100644
--- a/server/src/utils/media.ts
+++ b/server/src/utils/media.ts
@@ -538,8 +538,6 @@ export class NvencHwDecodeConfig extends NvencSwDecodeConfig {
     options.push(...this.getToneMapping(videoStream));
     if (options.length > 0) {
       options[options.length - 1] += ':format=nv12';
-    } else {
-      options.push('format=nv12');
     }
     return options;
   }
@@ -563,7 +561,7 @@ export class NvencHwDecodeConfig extends NvencSwDecodeConfig {
   }
 
   getInputThreadOptions() {
-    return [`-threads ${this.config.threads <= 0 ? 1 : this.config.threads}`];
+    return [`-threads 1`];
   }
 
   getOutputThreadOptions() {
@@ -653,7 +651,7 @@ export class QsvHwDecodeConfig extends QsvSwDecodeConfig {
       throw new Error('No QSV device found');
     }
 
-    const options = ['-hwaccel qsv', '-hwaccel_output_format qsv', '-async_depth 4', '-threads 1'];
+    const options = ['-hwaccel qsv', '-hwaccel_output_format qsv', '-async_depth 4', ...this.getInputThreadOptions()];
     const hwDevice = this.getPreferredHardwareDevice();
     if (hwDevice) {
       options.push(`-qsv_device ${hwDevice}`);
@@ -698,6 +696,10 @@ export class QsvHwDecodeConfig extends QsvSwDecodeConfig {
       'hwmap=derive_device=qsv:reverse=1,format=qsv',
     ];
   }
+
+  getInputThreadOptions() {
+    return [`-threads 1`];
+  }
 }
 
 export class VAAPIConfig extends BaseHWConfig {

From dca420ef70a6999276cd1e1e67dd1fd02e3e5c05 Mon Sep 17 00:00:00 2001
From: Mert <101130780+mertalev@users.noreply.github.com>
Date: Mon, 27 May 2024 15:20:07 -0400
Subject: [PATCH 13/14] chore: refactor transcode config routing (#9800)

* chore: refactor transcode config

* rename parameter

* handle no /dev/dri

* prefer undefined
---
 server/src/interfaces/media.interface.ts    |   6 +-
 server/src/repositories/media.repository.ts |   6 +-
 server/src/services/media.service.ts        | 148 +++++---------------
 server/src/utils/media.ts                   |  78 ++++++++++-
 4 files changed, 115 insertions(+), 123 deletions(-)

diff --git a/server/src/interfaces/media.interface.ts b/server/src/interfaces/media.interface.ts
index 80beb8c436..11ee525f8a 100644
--- a/server/src/interfaces/media.interface.ts
+++ b/server/src/interfaces/media.interface.ts
@@ -53,7 +53,7 @@ export interface VideoInfo {
   audioStreams: AudioStreamInfo[];
 }
 
-export interface TranscodeOptions {
+export interface TranscodeCommand {
   inputOptions: string[];
   outputOptions: string[];
   twoPass: boolean;
@@ -67,7 +67,7 @@ export interface BitrateDistribution {
 }
 
 export interface VideoCodecSWConfig {
-  getOptions(target: TranscodeTarget, videoStream: VideoStreamInfo, audioStream: AudioStreamInfo): TranscodeOptions;
+  getCommand(target: TranscodeTarget, videoStream: VideoStreamInfo, audioStream: AudioStreamInfo): TranscodeCommand;
 }
 
 export interface VideoCodecHWConfig extends VideoCodecSWConfig {
@@ -83,5 +83,5 @@ export interface IMediaRepository {
 
   // video
   probe(input: string): Promise<VideoInfo>;
-  transcode(input: string, output: string | Writable, options: TranscodeOptions): Promise<void>;
+  transcode(input: string, output: string | Writable, command: TranscodeCommand): Promise<void>;
 }
diff --git a/server/src/repositories/media.repository.ts b/server/src/repositories/media.repository.ts
index 04a9751223..73920820cf 100644
--- a/server/src/repositories/media.repository.ts
+++ b/server/src/repositories/media.repository.ts
@@ -11,7 +11,7 @@ import {
   IMediaRepository,
   ImageDimensions,
   ThumbnailOptions,
-  TranscodeOptions,
+  TranscodeCommand,
   VideoInfo,
 } from 'src/interfaces/media.interface';
 import { Instrumentation } from 'src/utils/instrumentation';
@@ -97,7 +97,7 @@ export class MediaRepository implements IMediaRepository {
     };
   }
 
-  transcode(input: string, output: string | Writable, options: TranscodeOptions): Promise<void> {
+  transcode(input: string, output: string | Writable, options: TranscodeCommand): Promise<void> {
     if (!options.twoPass) {
       return new Promise((resolve, reject) => {
         this.configureFfmpegCall(input, output, options).on('error', reject).on('end', resolve).run();
@@ -150,7 +150,7 @@ export class MediaRepository implements IMediaRepository {
     return { width, height };
   }
 
-  private configureFfmpegCall(input: string, output: string | Writable, options: TranscodeOptions) {
+  private configureFfmpegCall(input: string, output: string | Writable, options: TranscodeCommand) {
     return ffmpeg(input, { niceness: 10 })
       .inputOptions(options.inputOptions)
       .outputOptions(options.outputOptions)
diff --git a/server/src/services/media.service.ts b/server/src/services/media.service.ts
index 7e52fe384c..2ba4b34935 100644
--- a/server/src/services/media.service.ts
+++ b/server/src/services/media.service.ts
@@ -27,25 +27,12 @@ import {
   QueueName,
 } from 'src/interfaces/job.interface';
 import { ILoggerRepository } from 'src/interfaces/logger.interface';
-import { AudioStreamInfo, IMediaRepository, VideoCodecHWConfig, VideoStreamInfo } from 'src/interfaces/media.interface';
+import { AudioStreamInfo, IMediaRepository, VideoStreamInfo } from 'src/interfaces/media.interface';
 import { IMoveRepository } from 'src/interfaces/move.interface';
 import { IPersonRepository } from 'src/interfaces/person.interface';
 import { IStorageRepository } from 'src/interfaces/storage.interface';
 import { ISystemMetadataRepository } from 'src/interfaces/system-metadata.interface';
-import {
-  AV1Config,
-  H264Config,
-  HEVCConfig,
-  NvencHwDecodeConfig,
-  NvencSwDecodeConfig,
-  QsvHwDecodeConfig,
-  QsvSwDecodeConfig,
-  RkmppHwDecodeConfig,
-  RkmppSwDecodeConfig,
-  ThumbnailConfig,
-  VAAPIConfig,
-  VP9Config,
-} from 'src/utils/media';
+import { BaseConfig, ThumbnailConfig } from 'src/utils/media';
 import { mimeTypes } from 'src/utils/mime-types';
 import { usePagination } from 'src/utils/pagination';
 
@@ -53,8 +40,8 @@ import { usePagination } from 'src/utils/pagination';
 export class MediaService {
   private configCore: SystemConfigCore;
   private storageCore: StorageCore;
-  private openCL: boolean | null = null;
-  private devices: string[] | null = null;
+  private maliOpenCL?: boolean;
+  private devices?: string[];
 
   constructor(
     @Inject(IAssetRepository) private assetRepository: IAssetRepository,
@@ -232,8 +219,8 @@ export class MediaService {
           return;
         }
         const mainAudioStream = this.getMainStream(audioStreams);
-        const config = { ...ffmpeg, targetResolution: size.toString() };
-        const options = new ThumbnailConfig(config).getOptions(TranscodeTarget.VIDEO, mainVideoStream, mainAudioStream);
+        const config = ThumbnailConfig.create({ ...ffmpeg, targetResolution: size.toString() });
+        const options = config.getCommand(TranscodeTarget.VIDEO, mainVideoStream, mainAudioStream);
         await this.mediaRepository.transcode(asset.originalPath, path, options);
         break;
       }
@@ -331,8 +318,8 @@ export class MediaService {
       return JobStatus.FAILED;
     }
 
-    const { ffmpeg: config } = await this.configCore.getConfig();
-    const target = this.getTranscodeTarget(config, mainVideoStream, mainAudioStream);
+    const { ffmpeg } = await this.configCore.getConfig();
+    const target = this.getTranscodeTarget(ffmpeg, mainVideoStream, mainAudioStream);
     if (target === TranscodeTarget.NONE) {
       if (asset.encodedVideoPath) {
         this.logger.log(`Transcoded video exists for asset ${asset.id}, but is no longer required. Deleting...`);
@@ -343,30 +330,28 @@ export class MediaService {
       return JobStatus.SKIPPED;
     }
 
-    let transcodeOptions;
+    let command;
     try {
-      transcodeOptions = await this.getCodecConfig(config).then((c) =>
-        c.getOptions(target, mainVideoStream, mainAudioStream),
-      );
+      const config = BaseConfig.create(ffmpeg, await this.getDevices(), await this.hasMaliOpenCL());
+      command = config.getCommand(target, mainVideoStream, mainAudioStream);
     } catch (error) {
       this.logger.error(`An error occurred while configuring transcoding options: ${error}`);
       return JobStatus.FAILED;
     }
 
-    this.logger.log(`Started encoding video ${asset.id} ${JSON.stringify(transcodeOptions)}`);
+    this.logger.log(`Started encoding video ${asset.id} ${JSON.stringify(command)}`);
     try {
-      await this.mediaRepository.transcode(input, output, transcodeOptions);
+      await this.mediaRepository.transcode(input, output, command);
     } catch (error) {
       this.logger.error(error);
-      if (config.accel !== TranscodeHWAccel.DISABLED) {
+      if (ffmpeg.accel !== TranscodeHWAccel.DISABLED) {
         this.logger.error(
-          `Error occurred during transcoding. Retrying with ${config.accel.toUpperCase()} acceleration disabled.`,
+          `Error occurred during transcoding. Retrying with ${ffmpeg.accel.toUpperCase()} acceleration disabled.`,
         );
       }
-      transcodeOptions = await this.getCodecConfig({ ...config, accel: TranscodeHWAccel.DISABLED }).then((c) =>
-        c.getOptions(target, mainVideoStream, mainAudioStream),
-      );
-      await this.mediaRepository.transcode(input, output, transcodeOptions);
+      const config = BaseConfig.create({ ...ffmpeg, accel: TranscodeHWAccel.DISABLED });
+      command = config.getCommand(target, mainVideoStream, mainAudioStream);
+      await this.mediaRepository.transcode(input, output, command);
     }
 
     this.logger.log(`Successfully encoded ${asset.id}`);
@@ -382,10 +367,10 @@ export class MediaService {
 
   private getTranscodeTarget(
     config: SystemConfigFFmpegDto,
-    videoStream: VideoStreamInfo | null,
-    audioStream: AudioStreamInfo | null,
+    videoStream?: VideoStreamInfo,
+    audioStream?: AudioStreamInfo,
   ): TranscodeTarget {
-    if (videoStream == null && audioStream == null) {
+    if (!videoStream && !audioStream) {
       return TranscodeTarget.NONE;
     }
 
@@ -407,8 +392,8 @@ export class MediaService {
     return TranscodeTarget.NONE;
   }
 
-  private isAudioTranscodeRequired(ffmpegConfig: SystemConfigFFmpegDto, stream: AudioStreamInfo | null): boolean {
-    if (stream == null) {
+  private isAudioTranscodeRequired(ffmpegConfig: SystemConfigFFmpegDto, stream?: AudioStreamInfo): boolean {
+    if (!stream) {
       return false;
     }
 
@@ -430,8 +415,8 @@ export class MediaService {
     }
   }
 
-  private isVideoTranscodeRequired(ffmpegConfig: SystemConfigFFmpegDto, stream: VideoStreamInfo | null): boolean {
-    if (stream == null) {
+  private isVideoTranscodeRequired(ffmpegConfig: SystemConfigFFmpegDto, stream?: VideoStreamInfo): boolean {
+    if (!stream) {
       return false;
     }
 
@@ -465,70 +450,6 @@ export class MediaService {
     }
   }
 
-  async getCodecConfig(config: SystemConfigFFmpegDto) {
-    if (config.accel === TranscodeHWAccel.DISABLED) {
-      return this.getSWCodecConfig(config);
-    }
-    return this.getHWCodecConfig(config);
-  }
-
-  private getSWCodecConfig(config: SystemConfigFFmpegDto) {
-    switch (config.targetVideoCodec) {
-      case VideoCodec.H264: {
-        return new H264Config(config);
-      }
-      case VideoCodec.HEVC: {
-        return new HEVCConfig(config);
-      }
-      case VideoCodec.VP9: {
-        return new VP9Config(config);
-      }
-      case VideoCodec.AV1: {
-        return new AV1Config(config);
-      }
-      default: {
-        throw new UnsupportedMediaTypeException(`Codec '${config.targetVideoCodec}' is unsupported`);
-      }
-    }
-  }
-
-  private async getHWCodecConfig(config: SystemConfigFFmpegDto) {
-    let handler: VideoCodecHWConfig;
-    switch (config.accel) {
-      case TranscodeHWAccel.NVENC: {
-        handler = config.accelDecode ? new NvencHwDecodeConfig(config) : new NvencSwDecodeConfig(config);
-        break;
-      }
-      case TranscodeHWAccel.QSV: {
-        handler = config.accelDecode
-          ? new QsvHwDecodeConfig(config, await this.getDevices())
-          : new QsvSwDecodeConfig(config, await this.getDevices());
-        break;
-      }
-      case TranscodeHWAccel.VAAPI: {
-        handler = new VAAPIConfig(config, await this.getDevices());
-        break;
-      }
-      case TranscodeHWAccel.RKMPP: {
-        handler =
-          config.accelDecode && (await this.hasOpenCL())
-            ? new RkmppHwDecodeConfig(config, await this.getDevices())
-            : new RkmppSwDecodeConfig(config, await this.getDevices());
-        break;
-      }
-      default: {
-        throw new UnsupportedMediaTypeException(`${config.accel.toUpperCase()} acceleration is unsupported`);
-      }
-    }
-    if (!handler.getSupportedCodecs().includes(config.targetVideoCodec)) {
-      throw new UnsupportedMediaTypeException(
-        `${config.accel.toUpperCase()} acceleration does not support codec '${config.targetVideoCodec.toUpperCase()}'. Supported codecs: ${handler.getSupportedCodecs()}`,
-      );
-    }
-
-    return handler;
-  }
-
   isSRGB(asset: AssetEntity): boolean {
     const { colorspace, profileDescription, bitsPerSample } = asset.exifInfo ?? {};
     if (colorspace || profileDescription) {
@@ -567,24 +488,29 @@ export class MediaService {
 
   private async getDevices() {
     if (!this.devices) {
-      this.devices = await this.storageRepository.readdir('/dev/dri');
+      try {
+        this.devices = await this.storageRepository.readdir('/dev/dri');
+      } catch {
+        this.logger.debug('No devices found in /dev/dri.');
+        this.devices = [];
+      }
     }
 
     return this.devices;
   }
 
-  private async hasOpenCL() {
-    if (this.openCL === null) {
+  private async hasMaliOpenCL() {
+    if (this.maliOpenCL === undefined) {
       try {
         const maliIcdStat = await this.storageRepository.stat('/etc/OpenCL/vendors/mali.icd');
         const maliDeviceStat = await this.storageRepository.stat('/dev/mali0');
-        this.openCL = maliIcdStat.isFile() && maliDeviceStat.isCharacterDevice();
+        this.maliOpenCL = maliIcdStat.isFile() && maliDeviceStat.isCharacterDevice();
       } catch {
-        this.logger.warn('OpenCL not available for transcoding, using CPU instead.');
-        this.openCL = false;
+        this.logger.debug('OpenCL not available for transcoding, using CPU decoding instead.');
+        this.maliOpenCL = false;
       }
     }
 
-    return this.openCL;
+    return this.maliOpenCL;
   }
 }
diff --git a/server/src/utils/media.ts b/server/src/utils/media.ts
index b33d4cfdd4..29c5a9c14b 100644
--- a/server/src/utils/media.ts
+++ b/server/src/utils/media.ts
@@ -3,22 +3,84 @@ import { SystemConfigFFmpegDto } from 'src/dtos/system-config.dto';
 import {
   AudioStreamInfo,
   BitrateDistribution,
-  TranscodeOptions,
+  TranscodeCommand,
   VideoCodecHWConfig,
   VideoCodecSWConfig,
   VideoStreamInfo,
 } from 'src/interfaces/media.interface';
 
-class BaseConfig implements VideoCodecSWConfig {
-  presets = ['veryslow', 'slower', 'slow', 'medium', 'fast', 'faster', 'veryfast', 'superfast', 'ultrafast'];
-  constructor(protected config: SystemConfigFFmpegDto) {}
+export class BaseConfig implements VideoCodecSWConfig {
+  readonly presets = ['veryslow', 'slower', 'slow', 'medium', 'fast', 'faster', 'veryfast', 'superfast', 'ultrafast'];
+  protected constructor(protected config: SystemConfigFFmpegDto) {}
 
-  getOptions(target: TranscodeTarget, videoStream: VideoStreamInfo, audioStream?: AudioStreamInfo) {
+  static create(config: SystemConfigFFmpegDto, devices: string[] = [], hasMaliOpenCL = false): VideoCodecSWConfig {
+    if (config.accel === TranscodeHWAccel.DISABLED) {
+      return this.getSWCodecConfig(config);
+    }
+    return this.getHWCodecConfig(config, devices, hasMaliOpenCL);
+  }
+
+  private static getSWCodecConfig(config: SystemConfigFFmpegDto) {
+    switch (config.targetVideoCodec) {
+      case VideoCodec.H264: {
+        return new H264Config(config);
+      }
+      case VideoCodec.HEVC: {
+        return new HEVCConfig(config);
+      }
+      case VideoCodec.VP9: {
+        return new VP9Config(config);
+      }
+      case VideoCodec.AV1: {
+        return new AV1Config(config);
+      }
+      default: {
+        throw new Error(`Codec '${config.targetVideoCodec}' is unsupported`);
+      }
+    }
+  }
+
+  private static getHWCodecConfig(config: SystemConfigFFmpegDto, devices: string[] = [], hasMaliOpenCL = false) {
+    let handler: VideoCodecHWConfig;
+    switch (config.accel) {
+      case TranscodeHWAccel.NVENC: {
+        handler = config.accelDecode ? new NvencHwDecodeConfig(config) : new NvencSwDecodeConfig(config);
+        break;
+      }
+      case TranscodeHWAccel.QSV: {
+        handler = config.accelDecode ? new QsvHwDecodeConfig(config, devices) : new QsvSwDecodeConfig(config, devices);
+        break;
+      }
+      case TranscodeHWAccel.VAAPI: {
+        handler = new VAAPIConfig(config, devices);
+        break;
+      }
+      case TranscodeHWAccel.RKMPP: {
+        handler =
+          config.accelDecode && hasMaliOpenCL
+            ? new RkmppHwDecodeConfig(config, devices)
+            : new RkmppSwDecodeConfig(config, devices);
+        break;
+      }
+      default: {
+        throw new Error(`${config.accel.toUpperCase()} acceleration is unsupported`);
+      }
+    }
+    if (!handler.getSupportedCodecs().includes(config.targetVideoCodec)) {
+      throw new Error(
+        `${config.accel.toUpperCase()} acceleration does not support codec '${config.targetVideoCodec.toUpperCase()}'. Supported codecs: ${handler.getSupportedCodecs()}`,
+      );
+    }
+
+    return handler;
+  }
+
+  getCommand(target: TranscodeTarget, videoStream: VideoStreamInfo, audioStream?: AudioStreamInfo) {
     const options = {
       inputOptions: this.getBaseInputOptions(videoStream),
       outputOptions: [...this.getBaseOutputOptions(target, videoStream, audioStream), '-v verbose'],
       twoPass: this.eligibleForTwoPass(),
-    } as TranscodeOptions;
+    } as TranscodeCommand;
     if ([TranscodeTarget.ALL, TranscodeTarget.VIDEO].includes(target)) {
       const filters = this.getFilterOptions(videoStream);
       if (filters.length > 0) {
@@ -318,6 +380,10 @@ export class BaseHWConfig extends BaseConfig implements VideoCodecHWConfig {
 }
 
 export class ThumbnailConfig extends BaseConfig {
+  static create(config: SystemConfigFFmpegDto): VideoCodecSWConfig {
+    return new ThumbnailConfig(config);
+  }
+
   getBaseInputOptions(): string[] {
     return ['-skip_frame nokey', '-sws_flags accurate_rnd+full_chroma_int'];
   }

From 4c7347d653b00f18a6023c144dd655f78d426e3e Mon Sep 17 00:00:00 2001
From: Mert <101130780+mertalev@users.noreply.github.com>
Date: Mon, 27 May 2024 17:04:07 -0400
Subject: [PATCH 14/14] fix: re-add extends section for server in Compose files
 (#9806)

re-add extends section
---
 docker/docker-compose.dev.yml  | 3 +++
 docker/docker-compose.prod.yml | 3 +++
 docker/docker-compose.yml      | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml
index 29cea1a873..1375ad7667 100644
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -9,6 +9,9 @@ services:
     container_name: immich_server
     command: ['/usr/src/app/bin/immich-dev']
     image: immich-server-dev:latest
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
     build:
       context: ../
       dockerfile: server/Dockerfile
diff --git a/docker/docker-compose.prod.yml b/docker/docker-compose.prod.yml
index 6168ea66dd..c19509eb26 100644
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -4,6 +4,9 @@ services:
   immich-server:
     container_name: immich_server
     image: immich-server:latest
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
     build:
       context: ../
       dockerfile: server/Dockerfile
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 2669db5080..62833d323c 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -12,6 +12,9 @@ services:
   immich-server:
     container_name: immich_server
     image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
     volumes:
       - ${UPLOAD_LOCATION}:/usr/src/app/upload
       - /etc/localtime:/etc/localtime:ro