diff --git a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/UserRegistrationController.kt b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/UserRegistrationController.kt
index 5c334f7..e5b69d7 100644
--- a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/UserRegistrationController.kt
+++ b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/UserRegistrationController.kt
@@ -42,9 +42,9 @@ class UserRegistrationController(
     fun registerPost(
         @Valid @ModelAttribute("form") user: UserRegistrationForm,
         result: BindingResult
-    ): String {
+    ): ModelAndView {
         if (!registrationEnabled) {
-            return "registration/registration_disabled"
+            return ModelAndView("registration/registration_disabled", HttpStatus.FORBIDDEN)
         }
 
         if (!user.userName.isBlank() && userRepository.findByUserName(user.userName) != null) {
@@ -56,14 +56,14 @@ class UserRegistrationController(
         }
 
         if (result.hasErrors()) {
-            return "registration/create_account"
+            return ModelAndView("registration/create_account", HttpStatus.BAD_REQUEST)
         }
 
         val newUser = User(userName = user.userName, email = user.email, firstName = user.firstName,
             lastName = user.lastName, enabled = true)
         userRepository.save(newUser)
         eventPublisher.publishEvent(OnEmailVerificationRequestedEvent(newUser))
-        return "registration/verify_email"
+        return ModelAndView("registration/verify_email")
     }
 
     @GetMapping(value = ["/register/activate/"], params = ["token"])
diff --git a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/admin/AdminController.kt b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/admin/AdminController.kt
new file mode 100644
index 0000000..a109e2d
--- /dev/null
+++ b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/admin/AdminController.kt
@@ -0,0 +1,17 @@
+package pl.edu.uj.ii.ksi.mordor.controllers.admin
+
+import org.springframework.security.access.annotation.Secured
+import org.springframework.stereotype.Controller
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.servlet.View
+import org.springframework.web.servlet.view.RedirectView
+import pl.edu.uj.ii.ksi.mordor.persistence.entities.Permission
+
+@Controller
+class AdminController {
+    @Secured(Permission.ACCESS_ADMIN_PANEL_STR)
+    @GetMapping("/admin/")
+    fun adminPage(): View {
+        return RedirectView("/admin/users/")
+    }
+}
diff --git a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/admin/UsersController.kt b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/admin/UsersController.kt
new file mode 100644
index 0000000..3211f1f
--- /dev/null
+++ b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/controllers/admin/UsersController.kt
@@ -0,0 +1,122 @@
+package pl.edu.uj.ii.ksi.mordor.controllers.admin
+
+import javax.validation.Valid
+import org.springframework.data.domain.PageRequest
+import org.springframework.http.HttpStatus
+import org.springframework.security.access.annotation.Secured
+import org.springframework.stereotype.Controller
+import org.springframework.validation.BindingResult
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.ModelAttribute
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.servlet.ModelAndView
+import org.springframework.web.servlet.View
+import org.springframework.web.servlet.view.RedirectView
+import pl.edu.uj.ii.ksi.mordor.exceptions.BadRequestException
+import pl.edu.uj.ii.ksi.mordor.forms.UserForm
+import pl.edu.uj.ii.ksi.mordor.persistence.entities.Permission
+import pl.edu.uj.ii.ksi.mordor.persistence.entities.Role
+import pl.edu.uj.ii.ksi.mordor.persistence.entities.User
+import pl.edu.uj.ii.ksi.mordor.persistence.repositories.UserRepository
+import pl.edu.uj.ii.ksi.mordor.services.UserManagerService
+
+@Controller
+class UsersController(private val userRepository: UserRepository, private val userManagerService: UserManagerService) {
+    companion object {
+        private const val usersPerPage = 100
+    }
+
+    @Secured(Permission.ACCESS_ADMIN_PANEL_STR)
+    @GetMapping("/admin/users/")
+    fun userList(): View {
+        return RedirectView("/admin/users/0/")
+    }
+
+    @Secured(Permission.ACCESS_ADMIN_PANEL_STR)
+    @GetMapping("/admin/users/{num}/")
+    fun userList(@PathVariable("num") pageNumber: Int): ModelAndView {
+        val users = userRepository.findAll(PageRequest.of(pageNumber, usersPerPage))
+        return ModelAndView("admin/user_list", "users", users)
+    }
+
+    @Secured(Permission.MANAGE_USERS_STR)
+    @GetMapping("/admin/user/{id}/")
+    fun userProfile(@PathVariable("id") userId: Long): ModelAndView {
+        val user = userRepository.findById(userId)
+        if (user.isPresent) {
+            val u = user.get()
+            val userForm = UserForm(u.id!!, u.userName, u.email, "", "", u.firstName, u.lastName, u.enabled, u.role)
+            return ModelAndView("admin/user_profile", "user", userForm)
+        } else {
+            throw BadRequestException("No user for id: $userId")
+        }
+    }
+
+    @Secured(Permission.MANAGE_USERS_STR)
+    @PostMapping("/admin/user/{id}/")
+    fun userProfileEdit(
+        @PathVariable("id") userId: Long,
+        @Valid @ModelAttribute("user") form: UserForm,
+        result: BindingResult
+    ): ModelAndView {
+        if (form.id != userId) {
+            throw BadRequestException("User id mismatch")
+        }
+        if (form.password != form.password2) {
+            result.rejectValue("password2", "password2.notMatch", "passwords do not match")
+        }
+        if (result.hasErrors()) {
+            return ModelAndView("admin/user_profile", HttpStatus.BAD_REQUEST)
+        }
+        val user = userRepository.findById(form.id).orElseThrow { BadRequestException("unknown user") }
+        user.email = form.email
+        user.firstName = form.firstName
+        user.lastName = form.lastName
+        user.enabled = form.enabled
+        user.role = form.role
+        if (!form.password.isNullOrBlank()) {
+            user.password = userManagerService.hashPassword(form.password)
+        }
+        userRepository.save(user)
+        return ModelAndView(RedirectView("/admin/users/"))
+    }
+
+    @Secured(Permission.MANAGE_USERS_STR)
+    @PostMapping("/admin/user/{id}/delete/")
+    fun userProfileDelete(
+        @PathVariable("id") userId: Long
+    ): ModelAndView {
+        val user = userRepository.findById(userId).orElseThrow { BadRequestException("unknown user") }
+        userRepository.delete(user)
+        return ModelAndView(RedirectView("/admin/users/"))
+    }
+
+    @Secured(Permission.MANAGE_USERS_STR)
+    @GetMapping("/admin/user/create/")
+    fun userProfileCreate(): ModelAndView {
+        return ModelAndView("admin/user_create", "user", UserForm(null, "", "", "", "", "", "", true, Role.USER))
+    }
+
+    @Secured(Permission.MANAGE_USERS_STR)
+    @PostMapping("/admin/user/create/")
+    fun userProfileCreatePost(@Valid @ModelAttribute("user") form: UserForm, result: BindingResult): ModelAndView {
+        if (!form.userName.isBlank() && userRepository.findByUserName(form.userName) != null) {
+            result.rejectValue("userName", "username.exists", "username unavailable")
+        }
+
+        if (form.email != null && !form.email.isBlank() && userRepository.findByEmail(form.email) != null) {
+            result.rejectValue("email", "email.exists", "email already in use")
+        }
+        if (form.password != form.password2) {
+            result.rejectValue("password2", "password2.notMatch", "passwords do not match")
+        }
+        if (result.hasErrors()) {
+            return ModelAndView("admin/user_create", HttpStatus.BAD_REQUEST)
+        }
+        val user = User(null, form.userName, form.password, form.email,
+            form.firstName, form.lastName, form.enabled, form.role)
+        userRepository.save(user)
+        return ModelAndView(RedirectView("/admin/users/"))
+    }
+}
diff --git a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/forms/UserForm.kt b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/forms/UserForm.kt
new file mode 100644
index 0000000..6380aff
--- /dev/null
+++ b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/forms/UserForm.kt
@@ -0,0 +1,23 @@
+package pl.edu.uj.ii.ksi.mordor.forms
+
+import pl.edu.uj.ii.ksi.mordor.persistence.entities.Role
+
+data class UserForm(
+    val id: Long?,
+
+    val userName: String,
+
+    val email: String?,
+
+    val password: String?,
+
+    val password2: String?,
+
+    val firstName: String?,
+
+    val lastName: String?,
+
+    val enabled: Boolean,
+
+    val role: Role
+)
diff --git a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/persistence/entities/Permission.kt b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/persistence/entities/Permission.kt
index 90e3b4d..5b617e6 100644
--- a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/persistence/entities/Permission.kt
+++ b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/persistence/entities/Permission.kt
@@ -7,6 +7,7 @@ enum class Permission : GrantedAuthority {
     ROLE_UPLOAD,
     ROLE_WRITE,
     ROLE_LIST_HIDDEN_FILES,
+    ROLE_ACCESS_ADMIN_PANEL,
     ROLE_MANAGE_USERS;
 
     companion object {
@@ -14,6 +15,7 @@ enum class Permission : GrantedAuthority {
         const val READ_STR = "ROLE_READ"
         const val UPLOAD_STR = "ROLE_UPLOAD"
         const val WRITE_STR = "ROLE_WRITE"
+        const val ACCESS_ADMIN_PANEL_STR = "ROLE_ACCESS_ADMIN_PANEL"
         const val LIST_HIDDENFILES_STR = "ROLE_LIST_HIDDEN_FILES"
         const val MANAGE_USERS_STR = "ROLE_MANAGE_USERS"
     }
diff --git a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/persistence/entities/Role.kt b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/persistence/entities/Role.kt
index 5556a10..6969eb7 100644
--- a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/persistence/entities/Role.kt
+++ b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/persistence/entities/Role.kt
@@ -3,8 +3,9 @@ package pl.edu.uj.ii.ksi.mordor.persistence.entities
 enum class Role(val permissions: List<Permission>) {
     NOBODY(listOf()),
     USER(listOf(Permission.ROLE_READ, Permission.ROLE_UPLOAD)),
-    MOD(listOf(Permission.ROLE_READ, Permission.ROLE_UPLOAD, Permission.ROLE_WRITE, Permission.ROLE_LIST_HIDDEN_FILES)),
+    MOD(listOf(Permission.ROLE_READ, Permission.ROLE_UPLOAD, Permission.ROLE_WRITE, Permission.ROLE_LIST_HIDDEN_FILES,
+        Permission.ROLE_ACCESS_ADMIN_PANEL)),
     ADMIN(listOf(Permission.ROLE_READ, Permission.ROLE_UPLOAD, Permission.ROLE_WRITE, Permission.ROLE_LIST_HIDDEN_FILES,
-        Permission.ROLE_MANAGE_USERS)),
+        Permission.ROLE_ACCESS_ADMIN_PANEL, Permission.ROLE_MANAGE_USERS)),
     EXTERNAL(listOf())
 }
diff --git a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/services/UserManagerService.kt b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/services/UserManagerService.kt
index 40fe558..98cf1be 100644
--- a/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/services/UserManagerService.kt
+++ b/src/main/kotlin/pl/edu/uj/ii/ksi/mordor/services/UserManagerService.kt
@@ -11,7 +11,7 @@ class UserManagerService(
     private val userRepository: UserRepository,
     private val tokenRepository: EmailVerificationTokenRepository
 ) {
-    private fun hashPassword(password: String): String = "{bcrypt}" + BCryptPasswordEncoder().encode(password)
+    fun hashPassword(password: String): String = "{bcrypt}" + BCryptPasswordEncoder().encode(password)
 
     fun resetPassword(tokenId: String, password: String): Boolean {
         val token = tokenRepository.findByToken(tokenId)
diff --git a/src/main/resources/templates/admin/layout_admin.html b/src/main/resources/templates/admin/layout_admin.html
new file mode 100644
index 0000000..8c6fa26
--- /dev/null
+++ b/src/main/resources/templates/admin/layout_admin.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en" layout:decorate="~{layout}" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Mordor - Admin</title>
+</head>
+<body>
+<div layout:fragment="content">
+    <ul class="nav nav-tabs mb-1">
+        <li class="nav-item">
+            <a class="nav-link"
+               th:classappend="${#httpServletRequest.getRequestURI().startsWith('/admin/user') ? 'active':''}"
+               href="/admin/users/">Users</a>
+        </li>
+    </ul>
+    <div layout:fragment="content-admin">
+        <!--CONTENT-->
+    </div>
+</div>
+</body>
+</html>
diff --git a/src/main/resources/templates/admin/user_create.html b/src/main/resources/templates/admin/user_create.html
new file mode 100644
index 0000000..14707b2
--- /dev/null
+++ b/src/main/resources/templates/admin/user_create.html
@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<html lang="en" layout:decorate="~{admin/layout_admin}" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Create user</title>
+</head>
+<body>
+<div layout:fragment="content-admin">
+    <form th:action="@{/admin/user/create/}" th:object="${user}" method="post" style="display: inline">
+        <div class="form-group">
+            <label for="username">Username:</label>
+            <input type="text" class="form-control" th:field="*{userName}" id="username"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('userName')}" th:errors="*{email}">error</div>
+        </div>
+        <div class="form-group">
+            <label for="email">Email:</label>
+            <input type="text" class="form-control" th:field="*{email}" id="email"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('email')}" th:errors="*{email}">error</div>
+        </div>
+        <div class="form-group">
+            <label for="firstName">First Name:</label>
+            <input type="text" class="form-control" th:field="*{firstName}" id="firstName"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('firstName')}" th:errors="*{firstName}">error
+            </div>
+        </div>
+        <div class="form-group">
+            <label for="lastName">Last Name:</label>
+            <input type="text" class="form-control" th:field="*{lastName}" id="lastName"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('lastName')}" th:errors="*{lastName}">error</div>
+        </div>
+        <div class="form-group">
+            <label for="password">Password:</label>
+            <input type="password" class="form-control" th:field="*{password}" id="password"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('password')}" th:errors="*{password}">error</div>
+        </div>
+        <div class="form-group">
+            <label for="password2">Repeat password:</label>
+            <input type="password" class="form-control" th:field="*{password2}" id="password2"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('password2')}" th:errors="*{password2}">error
+            </div>
+        </div>
+        <div class="form-group">
+            <input type="checkbox" class="form-check-input" th:field="*{enabled}" id="enabled">
+            <label for="enabled" class="form-check-label">Local login enabled</label>
+        </div>
+        <div class="form-group">
+            <label for="role">Role:</label>
+            <select class="form-control" th:field="*{role}" id="role">
+                <option th:each="r : ${T(pl.edu.uj.ii.ksi.mordor.persistence.entities.Role).values()}"
+                        th:value="${r}" th:text="${r.name()}">
+
+                </option>
+            </select>
+        </div>
+        <button type="submit" class="btn btn-primary">Submit</button>
+    </form>
+</div>
+</body>
+</html>
+
diff --git a/src/main/resources/templates/admin/user_list.html b/src/main/resources/templates/admin/user_list.html
new file mode 100644
index 0000000..cf35a36
--- /dev/null
+++ b/src/main/resources/templates/admin/user_list.html
@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html lang="en" layout:decorate="~{admin/layout_admin}" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Users</title>
+</head>
+<body>
+<div layout:fragment="content-admin">
+    <table class="table">
+        <thead>
+        <tr class="table-active">
+            <td scope="col">Id</td>
+            <td scope="col">Username</td>
+            <td scope="col">Email</td>
+            <td scope="col">First name</td>
+            <td scope="col">Last name</td>
+            <td scope="col">Local login</td>
+            <td scope="col">Role</td>
+            <td scope="col"></td>
+        </tr>
+        </thead>
+        <tbody>
+        <tr th:each="user : ${users}">
+            <td scope="row" th:text="${user.id}"></td>
+            <td th:text="${user.userName}"></td>
+            <td th:text="${user.email}"></td>
+            <td th:text="${user.firstName}"></td>
+            <td th:text="${user.lastName}"></td>
+            <td><i class="fas fa-check" th:if="${user.enabled}"></i></td>
+            <td th:text="${user.role.name()}"></td>
+            <td><a class="btn btn-light" href="#" th:href="@{'/admin/user/' + ${user.id} + '/'}"
+                   sec:authorize="hasRole('ROLE_MANAGE_USERS')"><i class="fas fa-edit"></i></a></td>
+        </tr>
+        </tbody>
+    </table>
+    <div th:replace="fragments/pagination :: pagination(${users}, '/admin/users/')">
+    </div>
+    <a sec:authorize="hasRole('ROLE_MANAGE_USERS')" class="btn btn-success"
+       href="#" th:href="@{'/admin/user/create/'}">Add</a>
+</div>
+</body>
+</html>
+
diff --git a/src/main/resources/templates/admin/user_profile.html b/src/main/resources/templates/admin/user_profile.html
new file mode 100644
index 0000000..925ed75
--- /dev/null
+++ b/src/main/resources/templates/admin/user_profile.html
@@ -0,0 +1,84 @@
+<!DOCTYPE html>
+<html lang="en" layout:decorate="~{admin/layout_admin}" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>User profile</title>
+</head>
+<body>
+<div layout:fragment="content-admin">
+    <form th:action="@{'/admin/user/'+ ${user.id} + '/'}" th:object="${user}" method="post" style="display: inline">
+        <input type="hidden" th:field="*{id}">
+        <input type="hidden" th:field="*{userName}">
+        <div class="form-group">
+            <h2 th:text="*{userName}">username</h2>
+        </div>
+        <div class="form-group">
+            <label for="email">Email:</label>
+            <input type="text" class="form-control" th:field="*{email}" id="email"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('email')}" th:errors="*{email}">error</div>
+        </div>
+        <div class="form-group">
+            <label for="firstName">First Name:</label>
+            <input type="text" class="form-control" th:field="*{firstName}" id="firstName"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('firstName')}" th:errors="*{firstName}">error
+            </div>
+        </div>
+        <div class="form-group">
+            <label for="lastName">Last Name:</label>
+            <input type="text" class="form-control" th:field="*{lastName}" id="lastName"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('lastName')}" th:errors="*{lastName}">error</div>
+        </div>
+        <div class="form-group">
+            <label for="password">Password:</label>
+            <input type="password" class="form-control" th:field="*{password}" id="password"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('password')}" th:errors="*{password}">error</div>
+        </div>
+        <div class="form-group">
+            <label for="password2">Repeat password:</label>
+            <input type="password" class="form-control" th:field="*{password2}" id="password2"/>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('password2')}" th:errors="*{password2}">error
+            </div>
+        </div>
+        <div class="form-group">
+            <input type="checkbox" class="form-check-input" th:field="*{enabled}" id="enabled">
+            <label for="enabled" class="form-check-label">Local login enabled</label>
+        </div>
+        <div class="form-group">
+            <label for="role">Role:</label>
+            <select class="form-control" th:field="*{role}" id="role">
+                <option th:each="r : ${T(pl.edu.uj.ii.ksi.mordor.persistence.entities.Role).values()}"
+                        th:value="${r}" th:text="${r.name()}">
+
+                </option>
+            </select>
+        </div>
+        <button type="submit" class="btn btn-primary">Submit</button>
+    </form>
+    <button type="button" class="btn btn-danger" data-toggle="modal" data-target="#confirmDelete">
+        Delete
+    </button>
+    <div class="modal fade" id="confirmDelete" tabindex="-1" role="dialog">
+        <div class="modal-dialog" role="document">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <h5 class="modal-title">Confirm action</h5>
+                    <button type="button" class="close" data-dismiss="modal">
+                        <span>&times;</span>
+                    </button>
+                </div>
+                <div class="modal-body">
+                    Are you sure you want to delete this user?
+                </div>
+                <div class="modal-footer">
+                    <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
+                    <form th:action="@{'/admin/user/'+ ${user.id} + '/delete/'}" method="post" style="display: inline">
+                        <button type="submit" class="btn btn-danger">Delete</button>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+</body>
+</html>
+
diff --git a/src/main/resources/templates/fragments/pagination.html b/src/main/resources/templates/fragments/pagination.html
new file mode 100644
index 0000000..a454a9d
--- /dev/null
+++ b/src/main/resources/templates/fragments/pagination.html
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Pagination</title>
+</head>
+<body>
+<nav aria-label="page-menu" th:fragment="pagination(page, baseurl)">
+    <ul class="pagination" th:if="${page.getTotalPages() > 1}">
+        <li class="page-item" th:classappend="${page.hasPrevious() ? '':'disabled'}">
+            <a th:if="${page.hasPrevious()}" th:href="@{${baseurl} + ${page.getNumber() - 1} + '/'}"
+               class="page-link" href="#">Previous</a>
+            <a th:unless="${page.hasPrevious()}" class="page-link" href="#">Previous</a>
+        </li>
+        <li th:each="i : ${#numbers.sequence(0, page.totalPages - 1)}" class="page-item"
+            th:classappend="${page.getNumber() == i ? 'active':''}">
+            <a class="page-link" href="#" th:href="@{${baseurl} + ${i} + '/'}" th:text="${i}">2</a>
+        </li>
+        <li class="page-item" th:classappend="${page.hasNext() ? '':'disabled'}">
+            <a th:if="${page.hasNext()}" th:href="@{${baseurl} + ${page.getNumber() + 1} + '/'}"
+               class="page-link" href="#">Next</a>
+            <a th:unless="${page.hasNext()}" class="page-link" href="#">Next</a>
+        </li>
+    </ul>
+</nav>
+</body>
+</html>
diff --git a/src/main/resources/templates/layout.html b/src/main/resources/templates/layout.html
index 603b318..1ee851d 100644
--- a/src/main/resources/templates/layout.html
+++ b/src/main/resources/templates/layout.html
@@ -52,16 +52,20 @@
             <!--</div>-->
             <!--</form>-->
             <!--</li>-->
-            <li class="nav-item">
-                <a sec:authorize="!isAuthenticated()" href="/register/" class="btn btn-outline-light my-2 my-sm-0 mr-2"
+            <li class="nav-item" sec:authorize="!isAuthenticated()">
+                <a href="/register/" class="btn btn-outline-light my-2 my-sm-0 mr-2"
                    role="button">Sign up</a>
             </li>
-            <li class="nav-item">
-                <a sec:authorize="!isAuthenticated()" href="/login/" class="btn btn-outline-success my-2 my-sm-0"
+            <li class="nav-item" sec:authorize="!isAuthenticated()">
+                <a href="/login/" class="btn btn-outline-success my-2 my-sm-0"
                    role="button">Login</a>
             </li>
-            <li class="nav-item">
-                <form class="form-inline" sec:authorize="isAuthenticated()" name="logoutForm" th:action="@{/logout/}"
+            <li class="nav-item" sec:authorize="hasRole('ROLE_ACCESS_ADMIN_PANEL')">
+                <a href="/admin/" class="btn btn-outline-primary my-2 my-sm-0 mr-2"
+                   role="button">Admin</a>
+            </li>
+            <li class="nav-item" sec:authorize="isAuthenticated()">
+                <form class="form-inline" name="logoutForm" th:action="@{/logout/}"
                       method="post">
                     <button class="btn btn-outline-light my-2 my-sm-0" type="submit">Logout</button>
                 </form>
diff --git a/src/main/resources/templates/registration/set_password.html b/src/main/resources/templates/registration/set_password.html
index ab07452..07babcf 100644
--- a/src/main/resources/templates/registration/set_password.html
+++ b/src/main/resources/templates/registration/set_password.html
@@ -16,7 +16,7 @@ <h1>Set your password</h1>
         <div class="form-group">
             <label for="password2">Repeat password:</label>
             <input type="password" class="form-control" th:field="*{password2}" id="password2"/>
-            <div class="alert alert-danger" th:if="${#fields.hasErrors('password')}" th:errors="*{password2}">error</div>
+            <div class="alert alert-danger" th:if="${#fields.hasErrors('password2')}" th:errors="*{password2}">error</div>
         </div>
         <input type="hidden" name="token" th:field="*{token}"/>
         <button type="submit" class="btn btn-primary">Submit</button>