diff --git a/controllers/productController.js b/controllers/productController.js
index 778090a..382e30f 100644
--- a/controllers/productController.js
+++ b/controllers/productController.js
@@ -1,7 +1,101 @@
 const Product = require("../models/productModel");
+const JWT = require("../utilities/jwt");
+const { updateEntity } = require("../utilities/updateEntity");
+const { verifyAuthorization } = require("../utilities/verifyAuthorization");
 
-module.exports.createProduct = async (req, res) => {};
+module.exports.createProduct = async (req, res) => {
+  if (!verifyAuthorization(req.headers, "ADMIN")) {
+    return res.status(403).json({
+      message: "This action is not allowed for your role",
+    });
+  }
+  const product = new Product();
+  updateEntity(product, req.body);
+  await product.save((err, savedProduct) => {
+    if (err) {
+      return res.status(500).json({
+        message: "Something went wrong while saving product",
+      });
+    }
+    return res.status(200).json({
+      message: "Product successfully created",
+      data: savedProduct,
+    });
+  });
+};
 
-module.exports.updateProduct = async (req, res) => {};
+module.exports.getProduct = async (req, res) => {
+  Product.findOne({ _id: req.params.product_id }).exec((err, product) => {
+    if (err) {
+      return res.status(404).json({
+        message: "Product could not be found",
+      });
+    }
+    return res.status(200).json({
+      message: "Product found successfully",
+      data: product,
+    });
+  });
+};
 
-module.exports.deleteProduct = async (req, res) => {};
+module.exports.getProducts = async (req, res) => {
+  const { page = 1, pageSize = 25 } = req.query;
+  Product.find({})
+    .skip((page - 1) * pageSize)
+    .limit(pageSize)
+    .exec((err, products) => {
+      if (err) {
+        return res.status(500).json({
+          message: "Something went wrong while fetching products",
+        });
+      }
+      return res.status(200).json({
+        message: "Products successfully fetched",
+        page,
+        pageSize,
+        data: products,
+      });
+    });
+};
+
+module.exports.updateProduct = async (req, res) => {
+  if (!verifyAuthorization(req.headers, "ADMIN")) {
+    return res.status(403).json({
+      message: "This action is not allowed for your role",
+    });
+  }
+  Product.findOne({ _id: req.params.product_id }).exec(async (err, product) => {
+    if (err) {
+      return res.status(500).json({
+        message: "Something went wrong while updating the product",
+      });
+    }
+    updateEntity(product, req.body);
+    await product.save((err, savedProduct) => {
+      if (err) {
+        return res.status(500).json({
+          message: "Something went wrong while updating the product",
+        });
+      }
+      return res.status(200).json({
+        message: "Product updated successfully",
+        data: savedProduct,
+      });
+    });
+  });
+};
+
+module.exports.deleteProduct = async (req, res) => {
+  if (!verifyAuthorization(req.headers, "ADMIN")) {
+    return res.status(403).json({
+      message: "This action is not allowed for your role",
+    });
+  }
+  const deletedProduct = await Product.findOneAndDelete({
+    _id: req.params.product_id,
+  });
+  return res.status(200).json({
+    message: "Product successfully deleted",
+    data: deletedProduct,
+  });
+};
diff --git a/models/productModel.js b/models/productModel.js
index 8639d81..97071a7 100644
--- a/models/productModel.js
+++ b/models/productModel.js
@@ -22,11 +22,9 @@ const productSchema = mongoose.Schema({
     type: Date,
     default: Date.now,
   },
-  properties: [
-    {
-      type: Object,
-    },
-  ],
+  properties: {
+    type: Object,
+  },
 });
 
 const Product = mongoose.model("Product", productSchema);
diff --git a/routes/prouductRoutes.js b/routes/prouductRoutes.js
index f17aa41..97bd11d 100644
--- a/routes/prouductRoutes.js
+++ b/routes/prouductRoutes.js
@@ -2,10 +2,18 @@ const {
   createProduct,
   deleteProduct,
   updateProduct,
+  getProduct,
+  getProducts,
 } = require("../controllers/productController");
 
 const router = require("express").Router();
 
-router.route("/").post(createProduct).put(updateProduct).delete(deleteProduct);
+router.route("/").get(getProducts).post(createProduct);
+
+router
+  .route("/:product_id")
+  .get(getProduct)
+  .put(updateProduct)
+  .delete(deleteProduct);
 
 module.exports = router;
diff --git a/utilities/verifyAuthorization.js b/utilities/verifyAuthorization.js
new file mode 100644
index 0000000..1f12d99
--- /dev/null
+++ b/utilities/verifyAuthorization.js
@@ -0,0 +1,10 @@
+const JWT = require("./jwt");
+
+module.exports.verifyAuthorization = (headers, requiredRole) => {
+  try {
+    const { role } = JWT.verify(headers.authorization);
+    return role === requiredRole;
+  } catch (error) {
+    return false;
+  }
+};