diff --git a/README.md b/README.md
index 4e73a9c..16c3ac2 100644
--- a/README.md
+++ b/README.md
@@ -5,8 +5,11 @@ Google Docs realtime editing + repl.it online execution + git
 Work with your team and edit projects in real time and use git to avoid wars
 
 
-
-
-TODO.ts:
-- user last login
-- user psw complexity + most common dict
\ No newline at end of file
+Current features
+
+- basic crud modules
+- db entitied
+- migrations
+- local authentication
+- jwt
+- roles
diff --git a/package-lock.json b/package-lock.json
index caa3cb2..ebb41c8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7761,7 +7761,7 @@
       "dev": true
     },
     "tar": {
-      "version": "6.1.0",
+      "version": "6.1.2",
       "resolved": "https://registry.npmjs.org/tar/-/tar-6.1.0.tgz",
       "integrity": "sha512-DUCttfhsnLCjwoDoFcI+B2iJgYa93vBnDUATYEeRx6sntCTdN01VnqsIuTlALXla/LWooNg0yEGeB+Y8WdFxGA==",
       "requires": {
diff --git a/src/modules/auth/decorators/authuser.decorator.ts b/src/modules/auth/decorators/authuser.decorator.ts
new file mode 100644
index 0000000..1a150e8
--- /dev/null
+++ b/src/modules/auth/decorators/authuser.decorator.ts
@@ -0,0 +1,5 @@
+import { createParamDecorator } from '@nestjs/common';
+
+export const AuthUser = createParamDecorator((data, req) => {
+  return req.user;
+});
\ No newline at end of file
diff --git a/src/modules/projects/controllers/projects.controller.ts b/src/modules/projects/controllers/projects.controller.ts
index 4fe8009..886472b 100644
--- a/src/modules/projects/controllers/projects.controller.ts
+++ b/src/modules/projects/controllers/projects.controller.ts
@@ -7,11 +7,15 @@ import {AuthGuard} from '@nestjs/passport'
 import { JoiValidationPipe } from '../../../pipe/joi-validation.pipe'
 import { ProjectService } from './../services/project/project.service';
 import { projectSchema } from './../../../schemas/project.schema';
+
 import { JwtAuthGuard } from '../../../modules/auth/guards/jwt-auth.guard'
 import { RolesGuard } from '../../../modules/auth/guards/roles.guard'
 import { Public } from '../../../modules/auth/decorators/public.decorator'
 import { Roles } from '../../../modules/auth/decorators/roles.decorator'
 import { Role } from '../../../entities/user.entity'
+
+import { AuthUser } from '../../../modules/auth/decorators/authuser.decorator'
+
 @UseGuards(JwtAuthGuard, RolesGuard)
 @Controller('project')
 export class ProjectsController {
@@ -33,9 +37,12 @@ export class ProjectsController {
     @Roles(Role.DEFAULT)
     @HttpCode(HttpStatus.CREATED)
     @UsePipes(new JoiValidationPipe(projectSchema))
-    async create(@Body() payload: any): Promise<object> {
-        const { name, description, location } = payload
-        let newProduct = await this.projectService.createProject(name, description, location)
+    async create(@Body() payload: any, @AuthUser() user: any): Promise<object> {
+        const {  name, description, location } = payload
+        let owner = "1"
+        console.log(user);
+        
+        let newProduct = await this.projectService.createProject(owner, name, description, location)
 
         return { msg: "created", data: newProduct };
     }
diff --git a/src/modules/projects/services/project/project.service.ts b/src/modules/projects/services/project/project.service.ts
index effad8e..58d5ea9 100644
--- a/src/modules/projects/services/project/project.service.ts
+++ b/src/modules/projects/services/project/project.service.ts
@@ -15,7 +15,7 @@ export class ProjectService {
     ) {
         //this.clientPg.query("SELECT * FROM projects")
     }
-    async createProject(name: string, description: string, location: string): Promise<object> {
+    async createProject(owner: string, name: string, description: string, location: string): Promise<object> {
         let poject = this.projectRepo.create({ name, description, location })
         await this.projectRepo.save(poject)
         return { id: poject.id };
diff --git a/src/modules/users/controllers/users/users.controller.ts b/src/modules/users/controllers/users/users.controller.ts
index c4727c0..4449934 100644
--- a/src/modules/users/controllers/users/users.controller.ts
+++ b/src/modules/users/controllers/users/users.controller.ts
@@ -1,11 +1,21 @@
-import { Controller, Get, Param, Query, Post, Put, Delete, HttpCode, HttpStatus, ParseIntPipe, UsePipes, Body } from '@nestjs/common';
+import { Controller, Get, Param, Query, Post, Put, Delete, HttpCode, HttpStatus, ParseIntPipe, UsePipes, Body, UseGuards } from '@nestjs/common';
 import { JoiValidationPipe } from '../../../../pipe/joi-validation.pipe'
 import { UsersService } from './../../services/users/users.service';
 import { createUserSchema } from './../../../../schemas/user.schema';
 
+
+import { JwtAuthGuard } from '../../../../modules/auth/guards/jwt-auth.guard'
+import { RolesGuard } from '../../../../modules/auth/guards/roles.guard'
+import { Public } from '../../../../modules/auth/decorators/public.decorator'
+import { Roles } from '../../../../modules/auth/decorators/roles.decorator'
+import { Role } from '../../../../entities/user.entity'
+
+@UseGuards(JwtAuthGuard, RolesGuard)
 @Controller('users')
 export class UsersController {
     constructor(private usersService: UsersService) { }
+
+    @Public()
     @Post()
     @HttpCode(HttpStatus.CREATED)
     @UsePipes(new JoiValidationPipe(createUserSchema))
@@ -17,30 +27,33 @@ export class UsersController {
     }
 
 
-    /*@Get(":id")
+    @Get(":id")
     @HttpCode(HttpStatus.FOUND)
+    @Roles(Role.ADMIN)
     async get(@Param("id", ParseIntPipe) id: number): Promise<object> {
-        return { data: await this.languageService.get(id) }
-    }*/
-    /**/
-        @Get()
-        @HttpCode(HttpStatus.FOUND)
-        async list(@Query() params: any): Promise<object> {
-            return { data: await this.usersService.list(params) }
-        }/*
+        return { data: await this.usersService.get(id) }
+    }
+    @Get()
+    @HttpCode(HttpStatus.FOUND)
+    @Roles(Role.ADMIN)
+    async list(@Query() params: any): Promise<object> {
+        return { data: await this.usersService.list(params) }
+    }
         
-        @Put(":id")
-        @HttpCode(HttpStatus.ACCEPTED)
-        async update(@Param("id", ParseIntPipe) id: number, @Body(new JoiValidationPipe(createUserSchema)) payload: any): Promise<object> {
-            return { msg: "updated", data: await this.usersService.update(id, payload) }
-        }
+    @Put(":id")
+    @HttpCode(HttpStatus.ACCEPTED)
+    @Roles(Role.ADMIN)
+    async update(@Param("id", ParseIntPipe) id: number, @Body(new JoiValidationPipe(createUserSchema)) payload: any): Promise<object> {
+        return { msg: "updated", data: await this.usersService.update(id, payload) }
+    }
+    
+    @Delete(":id")
+    @HttpCode(HttpStatus.OK)
+    @Roles(Role.ADMIN)
+    async delete(@Param("id", ParseIntPipe) id: number): Promise<object> {
+        let deleted = await this.usersService.delete(id)
+        return { msg: "deleted" }
+    }
     
-        @Delete(":id")
-        @HttpCode(HttpStatus.OK)
-        async delete(@Param("id", ParseIntPipe) id: number): Promise<object> {
-            let deleted = await this.usersService.delete(id)
-            return { msg: "deleted" }
-        }
-        */
 }
 
diff --git a/src/modules/users/services/users/users.service.ts b/src/modules/users/services/users/users.service.ts
index 9e12721..979900d 100644
--- a/src/modules/users/services/users/users.service.ts
+++ b/src/modules/users/services/users/users.service.ts
@@ -51,7 +51,7 @@ export class UsersService {
             throw new NotFoundException(`no ${this.plural} found`);
         }
         return users;
-    }/*
+    }
     async update(id: number, payload: object): Promise<object> {
         const element = await this.userRepo.findOne(id);
         if (!element) {
@@ -66,5 +66,5 @@ export class UsersService {
             throw new NotFoundException(`${this.singular} with id ${id} not found`);
         }
         return true
-    }*/
+    }
 }