diff --git a/BulkyBookWeb/Areas/Admin/Controllers/OrderController.cs b/BulkyBookWeb/Areas/Admin/Controllers/OrderController.cs
index 0839e37..e1a9421 100644
--- a/BulkyBookWeb/Areas/Admin/Controllers/OrderController.cs
+++ b/BulkyBookWeb/Areas/Admin/Controllers/OrderController.cs
@@ -1,13 +1,16 @@
 using BulkyBook.DataAccess.Repository.IRepository;
 using BulkyBook.Models;
 using BulkyBook.Utility;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
 using System.Linq;
+using System.Security.Claims;
 
 namespace BulkyBookWeb.Areas.Admin.Controllers
 {
     [Area("Admin")]
+    [Authorize]
     public class OrderController : Controller
     {
         private readonly IUnitOfWork _unitOfWork;
@@ -26,8 +29,16 @@ public IActionResult Index()
         public IActionResult GetAll(string status)
         {
             IEnumerable<OrderHeader> orderHeaders;
-            orderHeaders = _unitOfWork.OrderHeader.GetAll(includeProperties: "ApplicationUser");
 
+            if (User.IsInRole(SD.Role_Admin) || User.IsInRole(SD.Role_Employee)) { 
+            orderHeaders = _unitOfWork.OrderHeader.GetAll(includeProperties: "ApplicationUser");
+            }
+            else
+            {
+                var claimsIdentity = (ClaimsIdentity)User.Identity;
+                var claim = claimsIdentity.FindFirst(ClaimTypes.NameIdentifier);
+                orderHeaders = _unitOfWork.OrderHeader.GetAll(u=>u.ApplicationUserId==claim.Value,includeProperties: "ApplicationUser");
+            }
 
             switch (status)
             {