diff --git a/flights-domain/flights-information/src/api/cruds/flight.py b/flights-domain/flights-information/src/api/cruds/flight.py
index 5c8b22a..cb32cc4 100644
--- a/flights-domain/flights-information/src/api/cruds/flight.py
+++ b/flights-domain/flights-information/src/api/cruds/flight.py
@@ -105,8 +105,8 @@ def update_flight(db: Session, update_data, id):
     db_flight = db.query(Flight).filter(Flight.id == id).first()
     if db_flight is None:
         raise KeyError
-    if db_flight.user_id != update_data["user_id"]:
-        raise PermissionError
+    # if db_flight.user_id != update_data["user_id"] and role != "admin":
+    #     raise PermissionError
 
     new_flight = Flight(
         **{
@@ -135,7 +135,8 @@ def update_flight(db: Session, update_data, id):
         raise ValueError("collision")
 
     for key, value in update_data.items():
-        setattr(db_flight, key, value)
+        if key != "user_id":
+            setattr(db_flight, key, value)
     setattr(db_flight, "last_updated", func.now())
 
     db.commit()
diff --git a/gateway/src/api/routes/auth.py b/gateway/src/api/routes/auth.py
index 782f457..9795af9 100644
--- a/gateway/src/api/routes/auth.py
+++ b/gateway/src/api/routes/auth.py
@@ -50,22 +50,19 @@ async def status(req: Request, authorization: Annotated[str | None, Header()] =
 async def checkAuth(
     req: Request,
     authorization: Annotated[str | None, Header()] = None,
-    isAirline=False,
+    roles=["user", "airline", "admin"],
     userId=None,
 ):
     response = await status(req, authorization)
-    if isAirline:
-        if response["role"] == "airline":
-            return response["id"]
-        else:
-            raise HTTPException(
-                status_code=403, detail="You don't have the required permissions."
-            )
-    elif userId:
+    if response["role"] not in roles:
+        raise HTTPException(
+            status_code=403, detail="You don't have the required permissions."
+        )
+    if userId:
         if response["id"] != int(userId):
             raise HTTPException(
                 status_code=403, detail="You don't have the required permissions."
             )
         return None
     else:
-        return response["id"]
+        return response
diff --git a/gateway/src/api/routes/flights.py b/gateway/src/api/routes/flights.py
index 2e98758..782645b 100644
--- a/gateway/src/api/routes/flights.py
+++ b/gateway/src/api/routes/flights.py
@@ -29,9 +29,9 @@ async def create_flight(
     req: Request,
     authorization: Annotated[str | None, Header()] = None,
 ):
-    id = await checkAuth(req, authorization, isAirline=True)
+    authData = await checkAuth(req, authorization, roles=["airline"])
     flight_data = flight.model_dump()
-    flight_data["user_id"] = id
+    flight_data["user_id"] = authData["id"]
     request_id = req.state.request_id
     header = {"x-api-request-id": request_id}
     (response, status, _) = await request(
@@ -66,9 +66,9 @@ async def update_flight(
     req: Request,
     authorization: Annotated[str | None, Header()] = None,
 ):
-    user_id = await checkAuth(req, authorization, isAirline=True)
+    authData = await checkAuth(req, authorization, roles=["airline", "admin"])
     update = flight_update.model_dump()
-    update["user_id"] = user_id
+    update["user_id"] = authData["id"]
     request_id = req.state.request_id
     header = {"x-api-request-id": request_id}
     (response, status, _) = await request(