diff --git a/app/controllers/spree/admin/products_controller_decorator.rb b/app/controllers/spree/admin/products_controller_decorator.rb
index 3e2fe08..2fba31f 100644
--- a/app/controllers/spree/admin/products_controller_decorator.rb
+++ b/app/controllers/spree/admin/products_controller_decorator.rb
@@ -1,5 +1,7 @@
 Spree::Admin::ProductsController.class_eval do
 
+  belongs_to :supplier
+
   before_filter :get_suppliers, only: [:edit, :update]
   before_filter :supplier_collection, only: [:index]
 
diff --git a/app/controllers/spree/base_controller_decorator.rb b/app/controllers/spree/base_controller_decorator.rb
index e64914f..14b801c 100644
--- a/app/controllers/spree/base_controller_decorator.rb
+++ b/app/controllers/spree/base_controller_decorator.rb
@@ -1,13 +1,23 @@
 Spree::BaseController.class_eval do
-
+  
   prepend_before_filter :redirect_supplier
-
+  before_action :authorize_supplier
+  
   private
-
+  
+  def authorize_supplier
+    if respond_to?(:model_class, true) && model_class
+      record = model_class
+    else
+      record = controller_name.to_sym
+    end
+    authorize! :supplier, record
+    authorize! action, record
+  end
+  
   def redirect_supplier
     if ['/admin', '/admin/authorization_failure'].include?(request.path) && try_spree_current_user.try(:supplier)
       redirect_to '/admin/shipments' and return false
     end
   end
-
-end
+  end
diff --git a/app/models/spree/supplier_ability.rb b/app/models/spree/supplier_ability.rb
index 9cf4ca0..3d9a75a 100644
--- a/app/models/spree/supplier_ability.rb
+++ b/app/models/spree/supplier_ability.rb
@@ -12,7 +12,7 @@ def initialize(user)
         can [:admin, :read, :stock], Spree::Product do |product|
           product.supplier_ids.include?(user.supplier_id)
         end
-        can [:admin, :index], Spree::Product
+        can [:admin, :index, :manage, :create], Spree::Product
         can [:admin, :manage, :read, :ready, :ship], Spree::Shipment, order: { state: 'complete' }, stock_location: { supplier_id: user.supplier_id }
         can [:admin, :create, :update], :stock_items
         can [:admin, :manage], Spree::StockItem, stock_location_id: user.supplier.stock_locations.pluck(:id)