diff --git a/backend/middlewares/AuthenticationMWs.ts b/backend/middlewares/AuthenticationMWs.ts
new file mode 100644
index 00000000..18002990
--- /dev/null
+++ b/backend/middlewares/AuthenticationMWs.ts
@@ -0,0 +1,70 @@
+
+import {UserManager} from "../model/UserManager";
+import {NextFunction, Request, Response} from "express";
+import {BaseMWs} from "./BaseMWs";
+import {Error, ErrorCodes} from "../../common/entities/Error";
+import {UserRoles} from "../../common/entities/User";
+import {Utils} from "../../common/Utils";
+
+export class AuthenticationMWs extends BaseMWs{
+
+    
+    public static authenticate(req:Request, res:Response, next:NextFunction){
+        if (typeof req.session.user === 'undefined') {
+            return super.renderError(res,new Error(ErrorCodes.NOT_AUTHENTICATED));
+        }
+        return next();
+    }
+    
+    public static authorise(role:UserRoles){
+        return (req:Request, res:Response, next:NextFunction) => {
+            if (req.session.user.role < role) {
+                return super.renderError(res, new Error(ErrorCodes.NOT_AUTHORISED));
+            }
+            return next();
+        };
+    }
+    
+    public static inverseAuthenticate(req:Request, res:Response, next:NextFunction){
+        if (typeof req.session.user !== 'undefined') {
+            return super.renderError(res,new Error(ErrorCodes.ALREADY_AUTHENTICATED));
+        }
+        return next();
+    }
+    
+    public static login(req:Request, res:Response, next:NextFunction){
+        //not enough parameter
+       if ((typeof req.body === 'undefined') || (typeof req.body.logincredential === 'undefined') || (typeof req.body.logincredential.username === 'undefined') ||
+            (typeof req.body.logincredential.password === 'undefined')) {
+            return next();
+        }
+
+        //lets find the user
+        UserManager.findOne({
+              username: req.body.logincredential.username
+        }, (err, result) => {
+            if ((err) || (!result)) {
+                return super.renderError(res,new Error(ErrorCodes.CREDENTIAL_NOT_FOUND));
+            }
+
+            //check password
+            if (result.password !== req.body.logincredential.password) {
+                return super.renderError(res,new Error(ErrorCodes.CREDENTIAL_NOT_FOUND));
+            }
+
+            req.session.user = result;
+
+            return next();
+        });
+    }
+
+
+
+    public static renderUser(req:Request, res:Response, next:NextFunction){
+        let user = Utils.clone(req.session.user);
+        delete user.password;
+        super.renderMessage(res,user);
+    }
+    
+
+}
\ No newline at end of file
diff --git a/backend/middlewares/BaseMWs.ts b/backend/middlewares/BaseMWs.ts
index 164e7262..362b33eb 100644
--- a/backend/middlewares/BaseMWs.ts
+++ b/backend/middlewares/BaseMWs.ts
@@ -6,11 +6,16 @@ import {Error} from "../../common/entities/Error";
 export class BaseMWs {
     
     protected static renderMessage<T>(res:Response, content:T){
-        let message = new Message<T> ([],content);
+        let message = new Message<T> (null,content);
         res.json(message);
     }
     protected static renderError(res:Response, error:Error){
-        let message = new Message<any> ([],null);
+        let message = new Message<any> (error,null);
         res.json(message);
     }
+
+    public static renderOK(req:Request, res:Response, next:NextFunction){
+            let message = new Message<string> (null,"ok");
+            res.json(message);
+     }
 }
\ No newline at end of file
diff --git a/backend/middlewares/UserMWs.ts b/backend/middlewares/UserMWs.ts
index 65467149..14fad145 100644
--- a/backend/middlewares/UserMWs.ts
+++ b/backend/middlewares/UserMWs.ts
@@ -3,61 +3,90 @@ import {UserManager} from "../model/UserManager";
 import {NextFunction, Request, Response} from "express";
 import {BaseMWs} from "./BaseMWs";
 import {Error, ErrorCodes} from "../../common/entities/Error";
+import Util = jasmine.Util;
 
 export class UserMWs extends BaseMWs{
 
-    
-    public static authenticate(req:Request, res:Response, next:NextFunction){
-        if (typeof req.session.user === 'undefined') {
-            return super.renderError(res,new Error(ErrorCodes.NOT_AUTHENTICATED));
-        }
-        return next();
-    }
-    
-    public static inverseAuthenticate(req:Request, res:Response, next:NextFunction){
-        if (typeof req.session.user !== 'undefined') {
-            return super.renderError(res,new Error(ErrorCodes.ALREADY_AUTHENTICATED));
-        }
-        return next();
-    }
-    
-    public static login(req:Request, res:Response, next:NextFunction){
-        //not enough parameter
-    /*    if ((typeof req.body === 'undefined') || (typeof req.body.email === 'undefined') ||
-            (typeof req.body.password === 'undefined')) {
+    public static changePassword(req:Request, res:Response, next:NextFunction){
+        if ((typeof req.body === 'undefined') || (typeof req.body.userModReq === 'undefined')
+            || (typeof req.body.userModReq.id === 'undefined')
+            || (typeof req.body.userModReq.oldPassword === 'undefined')
+            || (typeof req.body.userModReq.newPassword === 'undefined')) {
             return next();
-        }*/
-
-        //lets find the user
-        UserManager.findOne({
-          //  email: req.body.email
-        }, function (err, result) {
+        }
+        
+        UserManager.changePassword(req.body.userModReq, (err, result) =>{
             if ((err) || (!result)) {
-    //            res.tpl.error.push('Your email address is not registered!');
-                console.log(err);
-                return next();
+                return super.renderError(res,new Error(ErrorCodes.GENERAL_ERROR));
             }
 
-       /*     //check password
-            if (result.password !== req.body.password) {
-            //    res.tpl.error.push('Wrong password!');
-                return next();
-            }
-*/
-            //login is ok, save id to session
-            req.session.user = result;
+            return next();
+        });
+    }
+    
 
-            //redirect to / so the app can decide where to go next
-        //    return res.redirect('/');
+    public static createUser(req:Request, res:Response, next:NextFunction){
+        if ((typeof req.body === 'undefined') || (typeof req.body.newUser === 'undefined')) {
+            return next();
+        }
+
+        UserManager.createUser(req.body.newUser, (err, result) =>{
+            if ((err) || (!result)) {
+                return super.renderError(res,new Error(ErrorCodes.USER_CREATION_ERROR));
+            }
+
+
+            return next();
+        });
+
+    }
+
+    public static deleteUser(req:Request, res:Response, next:NextFunction){
+        if ((typeof req.body === 'undefined') || (typeof req.body.newUser === 'undefined')
+            || (typeof req.body.userModReq.id === 'undefined')) {
+            return next();
+        }
+
+        UserManager.deleteUser(req.body.userModReq.id, (err, result) =>{
+            if ((err) || (!result)) {
+                return super.renderError(res,new Error(ErrorCodes.GENERAL_ERROR));
+            }
+
+
+            return next();
+        });
+
+    }
+
+    public static changeRole(req:Request, res:Response, next:NextFunction){
+        if ((typeof req.body === 'undefined') || (typeof req.body.userModReq === 'undefined')
+            || (typeof req.body.userModReq.id === 'undefined')
+            || (typeof req.body.userModReq.newRole === 'undefined')) {
+            return next();
+        }
+
+        UserManager.changeRole(req.body.userModReq, (err, result) =>{
+            if ((err) || (!result)) {
+                return super.renderError(res,new Error(ErrorCodes.GENERAL_ERROR));
+            }
 
             return next();
         });
     }
 
 
-    public static renderUser(req:Request, res:Response, next:NextFunction){
-        super.renderMessage(res,req.session.user);
+    public static listUsers(req:Request, res:Response, next:NextFunction){
+        UserManager.find({}, (err, result) =>{
+            if ((err) || (!result)) {
+                return super.renderError(res,new Error(ErrorCodes.GENERAL_ERROR));
+            }
+
+
+            super.renderMessage(res,result);
+        });
     }
     
 
+
+
 }
\ No newline at end of file
diff --git a/backend/middlewares/UserRequestConstrainsMWs.ts b/backend/middlewares/UserRequestConstrainsMWs.ts
new file mode 100644
index 00000000..fcbd288a
--- /dev/null
+++ b/backend/middlewares/UserRequestConstrainsMWs.ts
@@ -0,0 +1,59 @@
+
+import {UserManager} from "../model/UserManager";
+import {NextFunction, Request, Response} from "express";
+import {BaseMWs} from "./BaseMWs";
+import {Error, ErrorCodes} from "../../common/entities/Error";
+import {UserRoles} from "../../common/entities/User";
+
+export class UserRequestConstrainsMWs extends BaseMWs{
+
+
+    public static forceSelfRequest(req:Request, res:Response, next:NextFunction){
+        if ((typeof req.params === 'undefined') || (typeof req.params.id === 'undefined')) {
+            return next();
+        }
+        if(req.session.user.id !== req.params.id){
+            return super.renderError(res,new Error(ErrorCodes.NOT_AUTHORISED));            
+        }
+        
+        return next();
+    }
+
+
+    public static notSelfRequest(req:Request, res:Response, next:NextFunction){
+        if ((typeof req.params === 'undefined') || (typeof req.params.id === 'undefined')) {
+            return next();
+        }
+        
+        if(req.session.user.id === req.params.id){
+            return super.renderError(res,new Error(ErrorCodes.NOT_AUTHORISED));
+        }
+
+        return next();
+    }
+    
+    public static notSelfRequestOr2Admins(req:Request, res:Response, next:NextFunction){
+        if ((typeof req.params === 'undefined') || (typeof req.params.id === 'undefined')) {
+            return next();
+        }
+        
+        if(req.session.user.id !== req.params.id){
+            return next();
+        }
+
+        UserManager.find({minRole:UserRoles.Admin}, (err, result) =>{
+            if ((err) || (!result)) {
+                return super.renderError(res,new Error(ErrorCodes.GENERAL_ERROR));
+            }
+            if(result.length <= 1) {
+                return super.renderError(res, new Error(ErrorCodes.GENERAL_ERROR));
+            }
+            
+        });
+        
+        return next();
+    }
+    
+
+
+}
\ No newline at end of file
diff --git a/backend/model/UserManager.ts b/backend/model/UserManager.ts
index 2330453a..0ef077bd 100644
--- a/backend/model/UserManager.ts
+++ b/backend/model/UserManager.ts
@@ -1,10 +1,31 @@
 import {User} from "../../common/entities/User";
 export class UserManager {
 
-    private static  DummyUser = new User("TestUser","test@test.hu","122345");
+    private static  users = [new User(1,"TestUser","test@test.hu","122345")];
 
     public static findOne(filter,cb:(error: any,result:User) => void){
-        return cb(null, UserManager.DummyUser);
+        return cb(null, UserManager.users[0]);
+    }
+
+    public static find(filter,cb:(error: any,result:Array<User>) => void){
+        return cb(null, UserManager.users);
+    }
+
+    public static createUser(user,cb:(error: any,result:User) => void){
+        UserManager.users.push(user);
+        return cb(null, user);
+    }
+
+    public static deleteUser(id:number,cb:(error: any,result:string) => void){
+        UserManager.users = UserManager.users.filter(u => u.id != id);
+        return cb(null, "ok");
+    }
+    
+    public static changeRole(request:any,cb:(error: any,result:string) => void){
+        return cb(null,"ok");
+    }
+    public static changePassword(request:any,cb:(error: any,result:string) => void){
+        return cb(null,"ok");
     }
 
 }
\ No newline at end of file
diff --git a/backend/routes/AdminRouter.ts b/backend/routes/AdminRouter.ts
new file mode 100644
index 00000000..7c20135f
--- /dev/null
+++ b/backend/routes/AdminRouter.ts
@@ -0,0 +1,33 @@
+///<reference path="../../typings/main.d.ts"/>
+
+import {AuthenticationMWs} from "../middlewares/AuthenticationMWs";
+import {UserRoles} from "../../common/entities/User";
+
+export class AdminRouter{
+    constructor(private app) {
+
+        this.addResetDB();
+        this.addIndexGalery();
+    }
+
+    private addResetDB() {
+        this.app.post("/api/admin/db/reset",
+            AuthenticationMWs.authenticate,
+            AuthenticationMWs.authorise(UserRoles.Admin)
+            //TODO: implement
+        );
+    };
+
+    private addIndexGalery() {
+        this.app.post("/api/admin/gallery/index",
+            AuthenticationMWs.authenticate,
+            AuthenticationMWs.authorise(UserRoles.Admin)
+            //TODO: implement
+        );
+    };
+
+
+
+
+
+}
\ No newline at end of file
diff --git a/backend/routes/GalleryRouter.ts b/backend/routes/GalleryRouter.ts
new file mode 100644
index 00000000..bd0310d6
--- /dev/null
+++ b/backend/routes/GalleryRouter.ts
@@ -0,0 +1,54 @@
+///<reference path="../../typings/main.d.ts"/>
+
+import {AuthenticationMWs} from "../middlewares/AuthenticationMWs";
+
+export class GalleryRouter{
+    constructor(private app){
+
+        this.addDirectoryList();
+        this.addGetImageThumbnail();
+        this.addGetImage();
+
+        this.addSearch();
+        this.addAutoComplete();
+    }
+
+    private addDirectoryList() {
+        this.app.get("/api/gallery/:directory",
+            AuthenticationMWs.authenticate
+            //TODO: implement
+        );
+    };
+
+
+    private addGetImage() {
+        this.app.get("/api/gallery/:directory/:image",
+            AuthenticationMWs.authenticate
+            //TODO: implement
+        );
+    };
+
+    private addGetImageThumbnail() {
+        this.app.get("/api/gallery/:directory/:image/thumbnail",
+            AuthenticationMWs.authenticate
+            //TODO: implement
+        );
+    };
+
+    private addSearch() {
+        this.app.get("/api/gallery/search",
+            AuthenticationMWs.authenticate
+            //TODO: implement
+        );
+    };
+
+    private addAutoComplete() {
+        this.app.get("/api/gallery/autocomplete",
+            AuthenticationMWs.authenticate
+            //TODO: implement
+        );
+    };
+
+
+
+}
\ No newline at end of file
diff --git a/backend/routes/PublicRouter.ts b/backend/routes/PublicRouter.ts
index d84847e5..74b4ec17 100644
--- a/backend/routes/PublicRouter.ts
+++ b/backend/routes/PublicRouter.ts
@@ -2,12 +2,18 @@
 
 
 import * as _express from 'express';
-import * as path from 'path';
+import * as _path from 'path';
 
 export class PublicRouter{
     constructor(private app){
-        this.app.use(_express.static(path.resolve(__dirname, './../../frontend')));
-        this.app.use('/node_modules',_express.static(path.resolve(__dirname, './../../node_modules')));
+        this.app.use(_express.static(_path.resolve(__dirname, './../../frontend')));
+        this.app.use('/node_modules',_express.static(_path.resolve(__dirname, './../../node_modules')));
+
+        var renderIndex = (req: _express.Request, res: _express.Response) => {
+            res.sendFile(_path.resolve(__dirname, './../frontend/index.html'));
+        };
+        this.app.get(['/login',"/gallery"], renderIndex);
+
 
     }
     
diff --git a/backend/routes/SharingRouter.ts b/backend/routes/SharingRouter.ts
new file mode 100644
index 00000000..cf774d0c
--- /dev/null
+++ b/backend/routes/SharingRouter.ts
@@ -0,0 +1,33 @@
+///<reference path="../../typings/main.d.ts"/>
+
+import {AuthenticationMWs} from "../middlewares/AuthenticationMWs";
+import {UserRoles} from "../../common/entities/User";
+
+export class AdminRouter{
+    constructor(private app) {
+
+        this.addGetSharing();
+        this.addUpdateSharing();
+    }
+
+    private addGetSharing() {
+        this.app.get("/api/share/:directory",
+            AuthenticationMWs.authenticate,
+            AuthenticationMWs.authorise(UserRoles.User)
+            //TODO: implement
+        );
+    };
+
+    private addUpdateSharing() {
+        this.app.update("/api/share/:directory",
+            AuthenticationMWs.authenticate,
+            AuthenticationMWs.authorise(UserRoles.User)
+            //TODO: implement
+        );
+    };
+
+
+
+
+
+}
\ No newline at end of file
diff --git a/backend/routes/UserRouter.ts b/backend/routes/UserRouter.ts
index 2f01a093..82cadbad 100644
--- a/backend/routes/UserRouter.ts
+++ b/backend/routes/UserRouter.ts
@@ -1,19 +1,78 @@
 ///<reference path="../../typings/main.d.ts"/>
 
-
-
 import {UserMWs} from "../middlewares/UserMWs";
+import {UserRoles} from "../../common/entities/User";
+import {AuthenticationMWs} from "../middlewares/AuthenticationMWs";
+import {UserRequestConstrainsMWs} from "../middlewares/UserRequestConstrainsMWs";
+
 export class UserRouter{
     constructor(private app){
-        this.initLogin();
+        this.addLogin();
+        this.addChangePassword();
+        
+        
+        this.addCreateUser();
+        this.addDeleteUser();
+        this.addListUsers();
+        this.addChangeRole();
     }
 
-    private initLogin() {
-        this.app.post("/api/login",
-            UserMWs.inverseAuthenticate,
-            UserMWs.login,
-            UserMWs.renderUser
+    private addLogin() {
+        this.app.post("/api/user/login",
+            AuthenticationMWs.inverseAuthenticate,
+            AuthenticationMWs.login,
+            AuthenticationMWs.renderUser
         );
     };
-    
+
+
+    private addChangePassword() {
+        this.app.update("/api/user/:id/password",
+            AuthenticationMWs.authenticate,
+            UserRequestConstrainsMWs.forceSelfRequest,
+            UserMWs.changePassword,
+            UserMWs.renderOK
+        );
+    };
+
+
+    private addCreateUser() {
+        this.app.put("/api/user",
+            AuthenticationMWs.authenticate,
+            AuthenticationMWs.authorise(UserRoles.Admin),
+            UserMWs.createUser,
+            UserMWs.renderOK
+        );
+    };
+
+    private addDeleteUser() {
+        this.app.delete("/api/user/:id",
+            AuthenticationMWs.authenticate,
+            AuthenticationMWs.authorise(UserRoles.Admin),
+            UserRequestConstrainsMWs.notSelfRequest,
+            UserMWs.deleteUser,
+            UserMWs.renderOK
+        );
+    };
+
+
+    private addListUsers() {
+        this.app.post("/api/user/list",
+            AuthenticationMWs.authenticate,
+            AuthenticationMWs.authorise(UserRoles.Admin),
+            UserMWs.listUsers
+        );
+    };
+
+    private addChangeRole() {
+        this.app.update("/api/user/:id/role",
+            AuthenticationMWs.authenticate,
+            AuthenticationMWs.authorise(UserRoles.Admin),
+            UserRequestConstrainsMWs.notSelfRequestOr2Admins,
+            UserMWs.changeRole,
+            UserMWs.renderOK
+        );
+    };
+
+
 }
\ No newline at end of file
diff --git a/backend/server.ts b/backend/server.ts
index bdccc042..f96ec1aa 100644
--- a/backend/server.ts
+++ b/backend/server.ts
@@ -4,9 +4,10 @@ import * as _express from 'express';
 import * as _session from 'express-session';
 import * as _debug from 'debug';
 import * as _http from 'http';
-import * as _path from 'path';
 import {PublicRouter} from "./routes/PublicRouter";
 import {UserRouter} from "./routes/UserRouter";
+import {GalleryRouter} from "./routes/GalleryRouter";
+import {AdminRouter} from "./routes/AdminRouter";
 
 
 export class Server {
@@ -42,12 +43,10 @@ export class Server {
 
         new PublicRouter(this.app);
         new UserRouter(this.app);
+        new GalleryRouter(this.app);
+        new AdminRouter(this.app);
 
-        var renderIndex = (req: _express.Request, res: _express.Response) => {
-            res.sendFile(_path.resolve(__dirname, './../frontend/index.html'));
-        };
-        this.app.get(['/login',"/gallery"], renderIndex);
-
+    
 
 
         // Get port from environment and store in Express.
diff --git a/common/entities/Error.ts b/common/entities/Error.ts
index ed348760..fef54229 100644
--- a/common/entities/Error.ts
+++ b/common/entities/Error.ts
@@ -1,7 +1,16 @@
 
 export enum ErrorCodes{
     NOT_AUTHENTICATED,
-    ALREADY_AUTHENTICATED
+    ALREADY_AUTHENTICATED,
+    NOT_AUTHORISED,
+    CREDENTIAL_NOT_FOUND,
+
+
+    USER_CREATION_ERROR,
+
+
+    GENERAL_ERROR
+    
 }
 
 export class Error{
diff --git a/common/entities/Message.ts b/common/entities/Message.ts
index a1ecc184..b8743bc4 100644
--- a/common/entities/Message.ts
+++ b/common/entities/Message.ts
@@ -1,5 +1,5 @@
 import {Error} from "./Error";
 
 export class Message<T>{
-    constructor(public errors:Array<Error>,public result:T){}
+    constructor(public errors:Error,public result:T){}
 }
\ No newline at end of file
diff --git a/common/entities/PasswordChangeRequest.ts b/common/entities/PasswordChangeRequest.ts
new file mode 100644
index 00000000..dfaa0bf7
--- /dev/null
+++ b/common/entities/PasswordChangeRequest.ts
@@ -0,0 +1,8 @@
+import {UserModificationRequest} from "./UserModificationRequest";
+
+export class PasswordChangeRequest extends UserModificationRequest {
+
+    constructor(id:number, public oldPassword:string, public newPassword:string) {
+        super(id);
+    }
+}
\ No newline at end of file
diff --git a/common/entities/User.ts b/common/entities/User.ts
index 996e33a5..dc93c4e0 100644
--- a/common/entities/User.ts
+++ b/common/entities/User.ts
@@ -1,3 +1,11 @@
+
+export enum UserRoles{
+    Guest = 1,
+    User = 2,
+    Admin = 3,
+    Developer = 4
+}
+
 export class User {
-    constructor(public name?:string,public email?:string, public password?:string){}
+    constructor(public id?:number,public name?:string,public email?:string, public password?:string, public role?:UserRoles){}
 }
\ No newline at end of file
diff --git a/common/entities/UserModificationRequest.ts b/common/entities/UserModificationRequest.ts
new file mode 100644
index 00000000..5582b69f
--- /dev/null
+++ b/common/entities/UserModificationRequest.ts
@@ -0,0 +1,3 @@
+export class UserModificationRequest{
+    constructor(public id:number){}
+}
diff --git a/frontend/app/model/network.service.ts b/frontend/app/model/network.service.ts
index 996fa2c4..acd29bcf 100644
--- a/frontend/app/model/network.service.ts
+++ b/frontend/app/model/network.service.ts
@@ -11,19 +11,36 @@ export class NetworkService{
     constructor(protected _http:Http){
     }
 
-    
-
-    protected postJson(url:string, data:any  = {}){
+    private callJson(method:string, url:string, data:any = {}){
         let body = JSON.stringify({ data });
         let headers = new Headers({ 'Content-Type': 'application/json' });
         let options = new RequestOptions({ headers: headers });
         console.log(this._http.post(this._baseUrl+url, body, options));
-        return this._http.post(this._baseUrl+url, body, options)
+        return this._http['method'](this._baseUrl+url, body, options)
             .toPromise()
             .then(res => <Message<any>> res.json())
             .catch(NetworkService.handleError);
     }
 
+    protected postJson(url:string, data:any  = {}){
+        return this.callJson("post",url,data);
+    }
+
+    protected putJson(url:string, data:any  = {}){
+        return this.callJson("put",url,data);
+    }
+    protected getJson(url:string, data:any  = {}){
+        return this.callJson("get",url,data);
+    }
+
+    protected updateJson(url:string, data:any  = {}){
+        return this.callJson("update",url,data);
+    }
+
+    protected deleteJson(url:string, data:any  = {}){
+        return this.callJson("delete",url,data);
+    }
+
     private static handleError (error: any) {
         // in a real world app, we may send the error to some remote logging infrastructure
         // instead of just logging it to the console
diff --git a/frontend/app/model/user.service.ts b/frontend/app/model/user.service.ts
index 49f660dc..164e1e2b 100644
--- a/frontend/app/model/user.service.ts
+++ b/frontend/app/model/user.service.ts
@@ -16,7 +16,7 @@ export class UserService extends NetworkService{
 
 
     public login(credential:LoginCredential){
-        return this.postJson("/login",credential);
+        return this.postJson("/user/login",credential);
     }