Index: app/Http/Middleware/AdminMiddleware.php
===================================================================
--- app/Http/Middleware/AdminMiddleware.php	(revision 752245b09588c6cfdca47775fd64b100543df43d)
+++ app/Http/Middleware/AdminMiddleware.php	(revision 752245b09588c6cfdca47775fd64b100543df43d)
@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class AdminMiddleware
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (!auth()->check() || !auth()->user()->is_admin) {
+            abort(403, 'Unauthorized - Admins only');
+        }
+        return $next($request);
+    }
+}
Index: bootstrap/app.php
===================================================================
--- bootstrap/app.php	(revision dce390db02e353f59768b99ff2f1c79239398b12)
+++ bootstrap/app.php	(revision 752245b09588c6cfdca47775fd64b100543df43d)
@@ -21,4 +21,8 @@
             HandleInertiaRequests::class,
         ]);
+
+        $middleware->alias([
+            'admin' => \App\Http\Middleware\AdminMiddleware::class,
+        ]);
     })
     ->withExceptions(function (Exceptions $exceptions) {
Index: database/seeders/UserSeeder.php
===================================================================
--- database/seeders/UserSeeder.php	(revision dce390db02e353f59768b99ff2f1c79239398b12)
+++ database/seeders/UserSeeder.php	(revision 752245b09588c6cfdca47775fd64b100543df43d)
@@ -20,4 +20,14 @@
             'remember_token' => true,
         ]);
+
+        User::create([
+            'name' => 'Regular User',
+            'email' => 'user@pharmaexport.com',
+            'email_verified_at' => Carbon::now(),
+            'password' => Hash::make('password'),
+            'is_admin' => false,
+            'remember_token' => 10,
+        ]);
+
     }
 }
Index: routes/web.php
===================================================================
--- routes/web.php	(revision dce390db02e353f59768b99ff2f1c79239398b12)
+++ routes/web.php	(revision 752245b09588c6cfdca47775fd64b100543df43d)
@@ -1,7 +1,9 @@
 <?php
 
-namespace App\Http\Controllers;
-
 use Illuminate\Support\Facades\Route;
+use App\Http\Controllers\GenericModelController;
+use App\Http\Controllers\DashboardController;
+use App\Http\Controllers\AuthController;
+use Illuminate\Http\Request;
 
 Route::middleware('guest')->group(function () {
@@ -9,4 +11,5 @@
     Route::post('/login', [AuthController::class, 'storeLogin'])->name('storeLogin');
 });
+
 Route::middleware('auth')->group(function () {
     Route::redirect('/', '/dashboard');
@@ -14,5 +17,25 @@
     Route::post('/logout', [AuthController::class, 'logout'])->name('logout');
 
-    Route::prefix('{model}')->group(function () {
+    Route::prefix('users')->middleware('admin')->group(function () {
+        Route::get('/', function (Request $request) {
+            return app(GenericModelController::class)->index($request, 'users');
+        })->name('generic.index');
+
+        Route::post('/', function (Request $request) {
+            return app(GenericModelController::class)->store($request, 'users');
+        })->name('generic.store');
+
+        Route::put('/{id}', function (Request $request, $id) {
+            return app(GenericModelController::class)->update($request, 'users', $id);
+        })->name('generic.update');
+
+        Route::delete('/{id}', function (Request $request, $id) {
+            return app(GenericModelController::class)->destroy('users', $id);
+        })->name('generic.destroy');
+    });
+
+    Route::prefix('{model}')->where([
+        'model' => '^(?!users$).*$'
+    ])->group(function () {
         Route::get('/', [GenericModelController::class, 'index'])->name('generic.index');
         Route::post('/', [GenericModelController::class, 'store'])->name('generic.store');