diff --git a/scripts/client/public/js/admin-product-create.js b/scripts/client/public/js/admin-product-create.js
index 163a6ad4558a380782c120c31a4146bd6c6425b2..3fdf3e675be719e5528c8cad796b9a43144c68c9 100644
--- a/scripts/client/public/js/admin-product-create.js
+++ b/scripts/client/public/js/admin-product-create.js
@@ -1,5 +1,26 @@
 window.onload = function () {
   infoNavbarAdded();
+
+  // Check role
+  var xhttp = new XMLHttpRequest();
+  xhttp.onreadystatechange = function() {
+      if (this.readyState == 4) {
+          if (this.status == 200) {
+              console.log(this.responseText);
+          } else {
+              var errorData = JSON.parse(xhttp.responseText);
+              alert(errorData.message);
+              window.location.href = errorData.location;
+          }
+      }
+  };
+
+  xhttp.open("GET","http://localhost:8000/api/Auth/isAdmin",true);
+  xhttp.setRequestHeader("Accept", "application/json");
+  xhttp.setRequestHeader("Content-Type", "application/json");
+  xhttp.withCredentials = true;
+  xhttp.send();
+
   setDropdownCategory();
 }
 
@@ -31,10 +52,6 @@ let setDropdownCategory = async () => {
         } else {
           alert("Failed to get categories!");
         }
-      } else {
-        var errorData = JSON.parse(xhr.responseText);
-        alert(errorData.message);
-        window.location.href = errorData.location;
       }
     }
   }
diff --git a/scripts/client/public/js/admin-product-edit.js b/scripts/client/public/js/admin-product-edit.js
index 8a469a4ef9ecfba411a880b46fefbe176a156c26..d763e51c93b141bc6bb2db8975ddf31f3f65ea80 100644
--- a/scripts/client/public/js/admin-product-edit.js
+++ b/scripts/client/public/js/admin-product-edit.js
@@ -3,6 +3,27 @@ let id = urlParams.get("id");
 
 window.onload = async () => {
   infoNavbarAdded();
+
+  // Check role
+  var xhttp = new XMLHttpRequest();
+  xhttp.onreadystatechange = function() {
+      if (this.readyState == 4) {
+          if (this.status == 200) {
+              console.log(this.responseText);
+          } else {
+              var errorData = JSON.parse(xhttp.responseText);
+              alert(errorData.message);
+              window.location.href = errorData.location;
+          }
+      }
+  };
+
+  xhttp.open("GET","http://localhost:8000/api/Auth/isAdmin",true);
+  xhttp.setRequestHeader("Accept", "application/json");
+  xhttp.setRequestHeader("Content-Type", "application/json");
+  xhttp.withCredentials = true;
+  xhttp.send();
+  
   getProductById(id);
 };
 
diff --git a/scripts/client/public/js/admin-product.js b/scripts/client/public/js/admin-product.js
index fce6529e4460ef9299825f098babba3cb640f846..40c35971074291ebb6495f06dc3ae98d43185c7d 100644
--- a/scripts/client/public/js/admin-product.js
+++ b/scripts/client/public/js/admin-product.js
@@ -3,6 +3,27 @@ const INITIAL_PAGE = 1;
 
 window.onload = function() {
     infoNavbarAdded();
+
+    // Check role
+    var xhttp = new XMLHttpRequest();
+    xhttp.onreadystatechange = function() {
+        if (this.readyState == 4) {
+            if (this.status == 200) {
+                console.log(this.responseText);
+            } else {
+                var errorData = JSON.parse(xhttp.responseText);
+                alert(errorData.message);
+                window.location.href = errorData.location;
+            }
+        }
+    };
+
+    xhttp.open("GET","http://localhost:8000/api/Auth/isAdmin",true);
+    xhttp.setRequestHeader("Accept", "application/json");
+    xhttp.setRequestHeader("Content-Type", "application/json");
+    xhttp.withCredentials = true;
+    xhttp.send();
+
     getProductsByPage(INITIAL_PAGE);
     setPagination(INITIAL_PAGE);
 }
diff --git a/scripts/client/public/js/admin-user-create.js b/scripts/client/public/js/admin-user-create.js
index e031e35d3175a57fd364585afdd673cf027714f7..3c28d280344d7ed176c017321d53099d405f605b 100644
--- a/scripts/client/public/js/admin-user-create.js
+++ b/scripts/client/public/js/admin-user-create.js
@@ -1,5 +1,25 @@
 window.onload = function () {
   infoNavbarAdded();
+
+  // Check role
+  var xhttp = new XMLHttpRequest();
+  xhttp.onreadystatechange = function() {
+      if (this.readyState == 4) {
+          if (this.status == 200) {
+              console.log(this.responseText);
+          } else {
+              var errorData = JSON.parse(xhttp.responseText);
+              alert(errorData.message);
+              window.location.href = errorData.location;
+          }
+      }
+  };
+
+  xhttp.open("GET","http://localhost:8000/api/Auth/isAdmin",true);
+  xhttp.setRequestHeader("Accept", "application/json");
+  xhttp.setRequestHeader("Content-Type", "application/json");
+  xhttp.withCredentials = true;
+  xhttp.send();
 };
 
 let createUser = async (event) => {
@@ -20,10 +40,6 @@ let createUser = async (event) => {
           let errorMessage = document.getElementById("error-message");
           errorMessage.textContent = res["data"];
         }
-      } else {
-        var errorData = JSON.parse(xhr.responseText);
-        alert(errorData.message);
-        window.location.href = errorData.location;
       }
     }
   };
diff --git a/scripts/client/public/js/admin-user-edit.js b/scripts/client/public/js/admin-user-edit.js
index 55c8a2dbd928f445598448a516d2b322944a63bf..d152a5802067ea94cc67d651142343ccf0cd1ff0 100644
--- a/scripts/client/public/js/admin-user-edit.js
+++ b/scripts/client/public/js/admin-user-edit.js
@@ -3,6 +3,27 @@ let id = urlParams.get("id");
 
 window.onload = function () {
   infoNavbarAdded();
+
+  // Check role
+  var xhttp = new XMLHttpRequest();
+  xhttp.onreadystatechange = function() {
+      if (this.readyState == 4) {
+          if (this.status == 200) {
+              console.log(this.responseText);
+          } else {
+              var errorData = JSON.parse(xhttp.responseText);
+              alert(errorData.message);
+              window.location.href = errorData.location;
+          }
+      }
+  };
+
+  xhttp.open("GET","http://localhost:8000/api/Auth/isAdmin",true);
+  xhttp.setRequestHeader("Accept", "application/json");
+  xhttp.setRequestHeader("Content-Type", "application/json");
+  xhttp.withCredentials = true;
+  xhttp.send();
+  
   getUserById(id);
 };
 
diff --git a/scripts/server/app/controllers/Auth.php b/scripts/server/app/controllers/Auth.php
index 91a1103a9b64e15b4aae71d6e86bfdeb5b6d28bc..c6f616074fcce0d8f8df9553af4e6e7a1a958a1e 100644
--- a/scripts/server/app/controllers/Auth.php
+++ b/scripts/server/app/controllers/Auth.php
@@ -80,5 +80,17 @@ class Auth extends Controller {
     
             $user = $this->model('UserModel')->changeAccountSettings($data);
         }     
-    } 
+    }
+
+    public function isAdmin() {
+        if (isset($_SESSION["role"])) {
+            if ($_SESSION["role"] == 'admin') {
+                json_response_success("success");
+            } else {
+                json_response_fail("not");
+            }
+        } else {
+            json_response_fail("not");
+        }
+    }
 }
\ No newline at end of file
diff --git a/scripts/server/app/core/App.php b/scripts/server/app/core/App.php
index bb107e453c02cf2f29335174f5abef9fcd1d0568..1fef8b21e08ab9444b8c909c5562c0bb1201dafc 100644
--- a/scripts/server/app/core/App.php
+++ b/scripts/server/app/core/App.php
@@ -78,7 +78,7 @@ class App {
                 'showAllcategories'
             ],
             'Auth' => [
-                'info', 'login', 'signup'
+                'info', 'login', 'signup', 'isAdmin'
             ]
         ];        
 
@@ -115,6 +115,9 @@ class App {
             'CategoryController' => [
                 'getAllCategories'
             ],
+            'Auth' => [
+                'isAdmin'
+            ]
         ];
 
         $controllerName = get_class($this->controller);