docs: align swagger spec and README with Ombi features and blocklist eligibility (closes #37)

server/routes/dashboard.js

@@ -558,15 +558,18 @@ router.get('/stream', requireAuth, async (req, res) => {
  *     tags: [Dashboard]
  *     summary: Blocklist and re-search
  *     description: |
- *       Admin-only endpoint that removes a queue item from Sonarr/Radarr with blocklist=true
- *       (so the release is not grabbed again), then immediately triggers a new automatic search
- *       for the same episode/movie.
+ *       Removes a queue item from Sonarr/Radarr with blocklist=true (so the release is not grabbed again),
+ *       then immediately triggers a new automatic search for the same episode/movie.
  *
- *       **Authentication:** Requires valid `emby_user` cookie (admin only) and `X-CSRF-Token` header.
+ *       Accessible by admins, or by non-admins who own the item under specific qualifying eligibility conditions:
+ *       - The download has import issues OR
+ *       - The torrent is older than 1 hour and has availability below 100%
+ *
+ *       **Authentication:** Requires valid `emby_user` cookie and `X-CSRF-Token` header.
  *
  *       **Workflow:**
- *       1. Validate user is admin
- *       2. Validate all required fields are present
+ *       1. Validate user and required fields
+ *       2. Check blocklist eligibility (admin status or non-admin qualifying criteria)
  *       3. Delete queue item from Sonarr/Radarr with `removeFromClient=true` and `blocklist=true`
  *       4. Trigger automatic search command:
  *          - Sonarr: EpisodeSearch with episodeIds
@@ -577,18 +580,17 @@ router.get('/stream', requireAuth, async (req, res) => {
  *       - `arrQueueId`: Sonarr/Radarr queue record ID
  *       - `arrType`: Must be "sonarr" or "radarr"
  *       - `arrInstanceUrl`: Base URL of the *arr instance
- *       - `arrInstanceKey`: API key for the *arr instance
+ *       - `arrInstanceKey`: API key for the *arr instance (only required for admins; non-admins resolve via server config)
  *       - `arrContentId`: episodeId (Sonarr) or movieId (Radarr)
  *       - `arrContentType`: Must be "episode" (Sonarr) or "movie" (Radarr)
  *
  *       **Error Responses:**
- *       - 403: Non-admin user attempts access
+ *       - 403: User lacks permissions (admin or qualifying conditions required)
  *       - 400: Missing required fields or invalid arrType
  *       - 502: Failed to communicate with *arr instance
  *
- *       **x-integration-notes:** This endpoint is used from the dashboard UI when an admin
- *       clicks "Blocklist + Re-search" on a failed download. The arr instance credentials
- *       are passed from the download object (which includes them for admin users).
+ *       **x-integration-notes:** This endpoint is used from the dashboard UI when a qualified user or admin
+ *       clicks "Blocklist + Re-search" on a stalled or failed download.
  *     security:
  *       - CookieAuth: []
  *       - CsrfToken: []
@@ -627,13 +629,13 @@ router.get('/stream', requireAuth, async (req, res) => {
  *             example:
  *               error: "Missing required fields"
  *       '403':
- *         description: Admin access required
+ *         description: Permission denied (admin or qualifying conditions required)
  *         content:
  *           application/json:
  *             schema:
  *               $ref: '#/components/schemas/ErrorResponse'
  *             example:
- *               error: "Admin access required"
+ *               error: "Permission denied: admin or qualifying conditions required"
  *       '502':
  *         description: Failed to communicate with *arr instance
  *         content: