diff --git a/commerce/controllers.py b/commerce/controllers.py
index a8a551a..eaba2e2 100644
--- a/commerce/controllers.py
+++ b/commerce/controllers.py
@@ -1,7 +1,6 @@
 import random
 import string
 from typing import List
-
 from django.contrib.auth import get_user_model
 from django.db.models import Q
 from django.shortcuts import get_object_or_404
@@ -175,39 +174,39 @@ def delete_city(request, id: UUID4):
     return 204, {'detail': ''}
 
 
-@order_controller.get('cart', response={
+@order_controller.get('cart', auth=GlobalAuth(), response={
     200: List[ItemOut],
     404: MessageOut
 })
 def view_cart(request):
-    cart_items = Item.objects.filter(user=User.objects.first(), ordered=False)
+    cart_items = Item.objects.filter( user= get_object_or_404(User, id=request.auth['pk']), ordered=False)
 
-    if cart_items:
+    if cart_items :
         return cart_items
 
     return 404, {'detail': 'Your cart is empty, go shop like crazy!'}
 
 
-@order_controller.post('add-to-cart', response={
+@order_controller.post('add-to-cart', auth=GlobalAuth() , response={
     200: MessageOut,
     # 400: MessageOut
 })
 def add_update_cart(request, item_in: ItemCreate):
     try:
-        item = Item.objects.get(product_id=item_in.product_id, user=User.objects.first())
+        item = Item.objects.get(product_id=item_in.product_id,user= get_object_or_404(User, id=request.auth['pk']))
         item.item_qty += 1
         item.save()
     except Item.DoesNotExist:
-        Item.objects.create(**item_in.dict(), user=User.objects.first())
+        Item.objects.create(**item_in.dict(),user= get_object_or_404(User, id=request.auth['pk']))
 
     return 200, {'detail': 'Added to cart successfully'}
 
 
-@order_controller.post('item/{id}/reduce-quantity', response={
+@order_controller.post('item/{id}/reduce-quantity', auth=GlobalAuth(), response={
     200: MessageOut,
 })
 def reduce_item_quantity(request, id: UUID4):
-    item = get_object_or_404(Item, id=id, user=User.objects.first())
+    item = get_object_or_404(Item, id=id,user= get_object_or_404(User, id=request.auth['pk']))
     if item.item_qty <= 1:
         item.delete()
         return 200, {'detail': 'Item deleted!'}
@@ -217,11 +216,11 @@ def reduce_item_quantity(request, id: UUID4):
     return 200, {'detail': 'Item quantity reduced successfully!'}
 
 
-@order_controller.delete('item/{id}', response={
+@order_controller.delete('item/{id}',  auth=GlobalAuth(),response={
     204: MessageOut
 })
 def delete_item(request, id: UUID4):
-    item = get_object_or_404(Item, id=id, user=User.objects.first())
+    item = get_object_or_404(Item, id=id, user= get_object_or_404(User, id=request.auth['pk']))
     item.delete()
 
     return 204, {'detail': 'Item deleted!'}
@@ -233,6 +232,7 @@ def generate_ref_code():
 
 @order_controller.post('create-order', auth=GlobalAuth(), response=MessageOut)
 def create_order(request):
+    
     '''
     * add items and mark (ordered) field as True
     * add ref_number
@@ -241,13 +241,13 @@ def create_order(request):
     '''
 
     order_qs = Order.objects.create(
-        user=User.objects.first(),
+        user= get_object_or_404(User, id=request.auth['pk']),
         status=OrderStatus.objects.get(is_default=True),
         ref_code=generate_ref_code(),
         ordered=False,
     )
 
-    user_items = Item.objects.filter(user=User.objects.first()).filter(ordered=False)
+    user_items = Item.objects.filter(user= get_object_or_404(User, id=request.auth['pk']).filter(ordered=False))
 
     order_qs.items.add(*user_items)
     order_qs.total = order_qs.order_total