diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 02eec1043549..11279ebe9280 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -2,8 +2,15 @@
 
 namespace App\Http\Controllers;
 
+use App\Factory\UserFactory;
 use App\Filters\UserFilters;
 use App\Http\Controllers\Traits\VerifiesUserEmail;
+use App\Http\Requests\User\CreateUserRequest;
+use App\Http\Requests\User\DestroyUserRequest;
+use App\Http\Requests\User\EditUserRequest;
+use App\Http\Requests\User\ShowUserRequest;
+use App\Http\Requests\User\StoreUserRequest;
+use App\Http\Requests\User\UpdateUserRequest;
 use App\Models\User;
 use App\Transformers\UserTransformer;
 use App\Utils\Traits\MakesHash;
@@ -47,9 +54,11 @@ class UserController extends BaseController
      *
      * @return \Illuminate\Http\Response
      */
-    public function create()
+    public function create(CreateUserRequest $request)
     {
-        //
+        $user = UserFactory::create();
+
+        return $this->itemResponse($user);
     }
 
     /**
@@ -58,7 +67,7 @@ class UserController extends BaseController
      * @param  \Illuminate\Http\Request  $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(StoreUserRequest $request)
     {
         //
     }
@@ -69,7 +78,7 @@ class UserController extends BaseController
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function show($id)
+    public function show(ShowUserRequest $request)
     {
         //
     }
@@ -80,7 +89,7 @@ class UserController extends BaseController
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function edit($id)
+    public function edit(EditUserRequest $request)
     {
         //
     }
@@ -92,7 +101,7 @@ class UserController extends BaseController
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(UpdateUserRequest $request)
     {
         //
     }
@@ -103,7 +112,7 @@ class UserController extends BaseController
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function destroy($id)
+    public function destroy(DestroyUserRequest $request)
     {
         //
     }
diff --git a/app/Http/Requests/User/CreateUserRequest.php b/app/Http/Requests/User/CreateUserRequest.php
new file mode 100644
index 000000000000..fbd8e99d71aa
--- /dev/null
+++ b/app/Http/Requests/User/CreateUserRequest.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Http\Requests\User;
+
+use App\Http\Requests\Request;
+use App\Models\User;
+
+class CreateUserRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+
+    public function authorize() : bool
+    {
+        return auth()->user()->can('create', User::class);
+    }
+
+}
\ No newline at end of file
diff --git a/app/Http/Requests/User/DestroyUserRequest.php b/app/Http/Requests/User/DestroyUserRequest.php
new file mode 100644
index 000000000000..1edd8c9bbf8e
--- /dev/null
+++ b/app/Http/Requests/User/DestroyUserRequest.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Http\Requests\User;
+
+use App\Http\Requests\Request;
+use App\Models\User;
+
+class DestroyUserRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+
+    public function authorize() : bool
+    {
+        return auth()->user()->can('edit', $this->user);
+    }
+
+}
\ No newline at end of file
diff --git a/app/Http/Requests/User/EditUserRequest.php b/app/Http/Requests/User/EditUserRequest.php
new file mode 100644
index 000000000000..8a18c145a53b
--- /dev/null
+++ b/app/Http/Requests/User/EditUserRequest.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Http\Requests\User;
+
+use App\Http\Requests\Request;
+use App\Models\User;
+
+class EditUserRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+
+    public function authorize()
+    {
+        return auth()->user()->can('edit', $this->user);
+    }
+
+    public function rules()
+    {
+        $rules = [];
+        
+        return $rules;
+    }
+
+
+    public function sanitize()
+    {
+        $input = $this->all();
+
+        //$input['id'] = $this->encodePrimaryKey($input['id']);
+
+        //$this->replace($input);
+
+        return $this->all();
+    }
+
+}
\ No newline at end of file
diff --git a/app/Http/Requests/User/ShowUserRequest.php b/app/Http/Requests/User/ShowUserRequest.php
new file mode 100644
index 000000000000..2f99464f0dfd
--- /dev/null
+++ b/app/Http/Requests/User/ShowUserRequest.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Http\Requests\User;
+
+use App\Http\Requests\Request;
+use App\Models\User;
+
+class ShowUserRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+
+    public function authorize() : bool
+    {
+        return auth()->user()->can('view', $this->user);
+    }
+
+}
\ No newline at end of file
diff --git a/app/Http/Requests/User/StoreUserRequest.php b/app/Http/Requests/User/StoreUserRequest.php
new file mode 100644
index 000000000000..489a0ed05061
--- /dev/null
+++ b/app/Http/Requests/User/StoreUserRequest.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Http\Requests\User;
+
+use App\Http\Requests\Request;
+use App\Models\User;
+
+class StoreUserRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+
+    public function authorize() : bool
+    {
+        return auth()->user()->can('create', User::class);
+    }
+
+
+    public function sanitize()
+    {
+        //do post processing of user request
+    }
+
+    public function messages()
+    {
+
+    }
+
+
+}
\ No newline at end of file
diff --git a/app/Http/Requests/User/UpdateUserRequest.php b/app/Http/Requests/User/UpdateUserRequest.php
new file mode 100644
index 000000000000..ae3ad7e3b4e2
--- /dev/null
+++ b/app/Http/Requests/User/UpdateUserRequest.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Requests\User;
+
+use App\Http\Requests\Request;
+
+class UpdateUserRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+
+    public function authorize() : bool
+    {
+
+        return auth()->user()->can('edit', $this->user);
+
+    }
+
+
+}
\ No newline at end of file
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
new file mode 100644
index 000000000000..4f4da2d84759
--- /dev/null
+++ b/app/Policies/UserPolicy.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Client;
+use App\Models\User;
+
+/**
+ * Class UserPolicy
+ * @package App\Policies
+ */
+class UserPolicy extends EntityPolicy
+{
+	/**
+	 *  Checks if the user has create permissions
+	 *  
+	 * @param  User $user
+	 * @return bool
+	 */
+	public function create(User $user) : bool
+	{
+		return $user->isAdmin() || $user->hasPermission('create_user');
+	}
+
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index eb67cbeaabb2..ee8a9aff8a81 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -5,6 +5,7 @@ namespace App\Providers;
 use App\Models\Client;
 use App\Models\Invoice;
 use App\Models\Product;
+use App\Models\User;
 use App\Policies\ClientPolicy;
 use App\Policies\InvoicePolicy;
 use App\Policies\ProductPolicy;
@@ -23,6 +24,7 @@ class AuthServiceProvider extends ServiceProvider
         Client::class => ClientPolicy::class,
         Product::class => ProductPolicy::class,
         Invoice::class => InvoicePolicy::class,
+        User::class => UserPolicy::class,
     ];
 
     /**