diff --git a/package-lock.json b/package-lock.json
index be9e409..0769b0b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -510,6 +510,7 @@
       "integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@babel/code-frame": "^7.27.1",
         "@babel/generator": "^7.28.5",
@@ -1147,6 +1148,7 @@
         }
       ],
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=18"
       },
@@ -1190,6 +1192,7 @@
         }
       ],
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=18"
       }
@@ -2043,6 +2046,7 @@
       "integrity": "sha512-DhGl4xMVFGVIyMwswXeyzdL4uXD5OGILGX5N8Y+f6W7LhC1Ze2poSNrkF/fedpVDHEEZ+PHFW0vL14I+mm8K3Q==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@octokit/auth-token": "^6.0.0",
         "@octokit/graphql": "^9.0.3",
@@ -3655,8 +3659,7 @@
       "resolved": "https://registry.npmjs.org/@types/aria-query/-/aria-query-5.0.4.tgz",
       "integrity": "sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==",
       "dev": true,
-      "license": "MIT",
-      "peer": true
+      "license": "MIT"
     },
     "node_modules/@types/babel__core": {
       "version": "7.20.5",
@@ -3757,6 +3760,7 @@
       "integrity": "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "undici-types": "~7.16.0"
       }
@@ -3774,6 +3778,7 @@
       "integrity": "sha512-p/jUvulfgU7oKtj6Xpk8cA2Y1xKTtICGpJYeJXz2YVO2UcvjQgeRMLDGfDeqeRW2Ta+0QNFwcc8X3GH8SxZz6w==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "csstype": "^3.2.2"
       }
@@ -3784,6 +3789,7 @@
       "integrity": "sha512-jp2L/eY6fn+KgVVQAOqYItbF0VY/YApe5Mz2F0aykSO8gx31bYCZyvSeYxCHKvzHG5eZjc+zyaS5BrBWya2+kQ==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "peerDependencies": {
         "@types/react": "^19.2.0"
       }
@@ -3841,6 +3847,7 @@
       "integrity": "sha512-lJi3PfxVmo0AkEY93ecfN+r8SofEqZNGByvHAI3GBLrvt1Cw6H5k1IM02nSzu0RfUafr2EvFSw0wAsZgubNplQ==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@typescript-eslint/scope-manager": "8.47.0",
         "@typescript-eslint/types": "8.47.0",
@@ -4177,6 +4184,7 @@
       "integrity": "sha512-oWtNM89Np+YsQO3ttT5i1Aer/0xbzQzp66NzuJn/U16bB7MnvSzdLKXgk1kkMLYyKSSzA2ajzqMkYheaE9opuQ==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@vitest/utils": "4.0.10",
         "fflate": "^0.8.2",
@@ -4273,6 +4281,7 @@
       "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "bin": {
         "acorn": "bin/acorn"
       },
@@ -4363,7 +4372,6 @@
       "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=10"
       },
@@ -4606,6 +4614,7 @@
         }
       ],
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "baseline-browser-mapping": "^2.8.25",
         "caniuse-lite": "^1.0.30001754",
@@ -5091,6 +5100,7 @@
       "integrity": "sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "env-paths": "^2.2.1",
         "import-fresh": "^3.3.0",
@@ -5371,8 +5381,7 @@
       "resolved": "https://registry.npmjs.org/dom-accessibility-api/-/dom-accessibility-api-0.5.16.tgz",
       "integrity": "sha512-X7BJ2yElsnOJ30pZF4uIIDfBEVgF4XEBxL9Bxhy6dnrm5hkzqmsWHGTiHqRiITNhMyFLyAiWndIJP7Z1NTteDg==",
       "dev": true,
-      "license": "MIT",
-      "peer": true
+      "license": "MIT"
     },
     "node_modules/dot-prop": {
       "version": "5.3.0",
@@ -5779,6 +5788,7 @@
       "integrity": "sha512-BhHmn2yNOFA9H9JmmIVKJmd288g9hrVRDkdoIgRCRuSySRUHH7r/DI6aAXW9T1WwUuY3DFgrcaqB+deURBLR5g==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.8.0",
         "@eslint-community/regexpp": "^4.12.1",
@@ -6696,6 +6706,7 @@
       "resolved": "https://registry.npmjs.org/graphql/-/graphql-16.12.0.tgz",
       "integrity": "sha512-DKKrynuQRne0PNpEbzuEdHlYOMksHSUI8Zc9Unei5gTsMNA2/vMpoMz/yKba50pejK56qj98qM0SjYxAKi13gQ==",
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": "^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0"
       }
@@ -7970,7 +7981,6 @@
       "integrity": "sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "bin": {
         "lz-string": "bin/bin.js"
       }
@@ -8009,6 +8019,7 @@
       "integrity": "sha512-8dD6FusOQSrpv9Z1rdNMdlSgQOIP880DHqnohobOmYLElGEqAL/JvxvuxZO16r4HtjTlfPRDC1hbvxC9dPN2nA==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "bin": {
         "marked": "bin/marked.js"
       },
@@ -10361,6 +10372,7 @@
       "dev": true,
       "inBundle": true,
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=12"
       },
@@ -10962,6 +10974,7 @@
         }
       ],
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "nanoid": "^3.3.11",
         "picocolors": "^1.1.1",
@@ -11010,7 +11023,6 @@
       "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "ansi-regex": "^5.0.1",
         "ansi-styles": "^5.0.0",
@@ -11190,6 +11202,7 @@
       "resolved": "https://registry.npmjs.org/react/-/react-19.2.0.tgz",
       "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==",
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=0.10.0"
       }
@@ -11199,6 +11212,7 @@
       "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz",
       "integrity": "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "scheduler": "^0.27.0"
       },
@@ -11211,8 +11225,7 @@
       "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
       "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==",
       "dev": true,
-      "license": "MIT",
-      "peer": true
+      "license": "MIT"
     },
     "node_modules/react-refresh": {
       "version": "0.18.0",
@@ -11535,6 +11548,7 @@
       "integrity": "sha512-6qGjWccl5yoyugHt3jTgztJ9Y0JVzyH8/Voc/D8PlLat9pwxQYXz7W1Dpnq5h0/G5GCYGUaDSlYcyk3AMh5A6g==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@semantic-release/commit-analyzer": "^13.0.1",
         "@semantic-release/error": "^4.0.0",
@@ -12860,6 +12874,7 @@
       "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=12"
       },
@@ -13033,6 +13048,7 @@
       "integrity": "sha512-ytQKuwgmrrkDTFP4LjR0ToE2nqgy886GpvRSpU0JAnrdBYppuY5rLkRUYPU1yCryb24SsKBTL/hlDQAEFVwtZg==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "esbuild": "~0.25.0",
         "get-tsconfig": "^4.7.5"
@@ -13117,6 +13133,7 @@
       "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
       "dev": true,
       "license": "Apache-2.0",
+      "peer": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -13345,6 +13362,7 @@
       "integrity": "sha512-NL8jTlbo0Tn4dUEXEsUg8KeyG/Lkmc4Fnzb8JXN/Ykm9G4HNImjtABMJgkQoVjOBN/j2WAwDTRytdqJbZsah7w==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "esbuild": "^0.25.0",
         "fdir": "^6.5.0",
@@ -13438,6 +13456,7 @@
       "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=12"
       },
@@ -13451,6 +13470,7 @@
       "integrity": "sha512-2Fqty3MM9CDwOVet/jaQalYlbcjATZwPYGcqpiYQqgQ/dLC7GuHdISKgTYIVF/kaishKxLzleKWWfbSDklyIKg==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@vitest/expect": "4.0.10",
         "@vitest/mocker": "4.0.10",
@@ -13842,6 +13862,7 @@
       "integrity": "sha512-JInaHOamG8pt5+Ey8kGmdcAcg3OL9reK8ltczgHTAwNhMys/6ThXHityHxVV2p3fkw/c+MAvBHFVYHFZDmjMCQ==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "funding": {
         "url": "https://github.com/sponsors/colinhacks"
       }
diff --git a/src/App.tsx b/src/App.tsx
index aa50352..3b74cb9 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -1,24 +1,27 @@
-import { useMemo } from 'react'
+import { useMemo, Suspense } from 'react'
 import { Route, Routes } from 'react-router-dom'
 import { useQuery } from '@apollo/client/react'
 import { AuthProvider } from '#src/contexts/auth/AuthContext'
 import { CartProvider } from '#src/contexts/cart/CartContext'
 import { Layout } from '#src/components/layout/Layout'
+import { LoadingState } from '#src/components/LoadingState'
 import { GET_PRODUCTS } from '#src/graphql/queries'
 import { routes } from '#src/routes'
 import type { ProductsQueryResult } from '#src/types'
 
 function AppRoutes() {
   return (
-    <Routes>
-      {routes.map((route) => (
-        <Route
-          key={route.path}
-          path={route.path}
-          element={<Layout backLink={route.backLink}>{route.element}</Layout>}
-        />
-      ))}
-    </Routes>
+    <Suspense fallback={<LoadingState />}>
+      <Routes>
+        {routes.map((route) => (
+          <Route
+            key={route.path}
+            path={route.path}
+            element={<Layout backLink={route.backLink}>{route.element}</Layout>}
+          />
+        ))}
+      </Routes>
+    </Suspense>
   )
 }
 
diff --git a/src/ProductCard.tsx b/src/ProductCard.tsx
index 13e06f5..3deb5b5 100644
--- a/src/ProductCard.tsx
+++ b/src/ProductCard.tsx
@@ -8,12 +8,15 @@ type ProductCardProps = {
   product: Product
   onAdd: () => void
   isHighlighted: boolean
+  averageRating: number | null
 }
 
-export default function ProductCard({ product, onAdd, isHighlighted }: ProductCardProps) {
-  // Use product.rating from database (which should be kept up to date)
-  const averageRating = product.rating || null
-
+export default function ProductCard({
+  product,
+  onAdd,
+  isHighlighted,
+  averageRating,
+}: ProductCardProps) {
   return (
     <Link
       to={`/product/${product.id}`}
diff --git a/src/ProductsPage.tsx b/src/ProductsPage.tsx
index 397a2eb..810f038 100644
--- a/src/ProductsPage.tsx
+++ b/src/ProductsPage.tsx
@@ -1,22 +1,107 @@
-import { useEffect } from 'react'
+import { useEffect, useMemo, useState, useCallback } from 'react'
 import { useLocation } from 'react-router-dom'
 import { useQuery } from '@apollo/client/react'
 import ProductCard from '#src/ProductCard'
-import { GET_PRODUCTS } from '#src/graphql/queries'
+import { GET_PRODUCTS, GET_REVIEWS_BY_PRODUCT_IDS } from '#src/graphql/queries'
 import type { Product } from '#src/data/products'
 import { LoadingState } from '#src/components/LoadingState'
 import { ErrorMessage } from '#src/components/ErrorMessage'
 import { useCart } from '#src/hooks/useCart'
+import { getAverageRating } from '#src/utils/reviews'
+import { client } from '#src/graphql/client'
 
 type ProductsQueryResult = {
   products: Product[]
 }
 
+type ReviewsByProductIdsResult = {
+  reviewsByProductIds: Array<{
+    id: string
+    productId: string
+    userName: string
+    text: string
+    rating: number
+    createdAt: string
+  }>
+}
+
 export default function ProductsPage() {
   const { addToCart, isHighlighted } = useCart()
   const location = useLocation()
   const { loading, error, data } = useQuery<ProductsQueryResult>(GET_PRODUCTS)
 
+  const products = useMemo(() => data?.products || [], [data?.products])
+
+  // Fetch reviews for all products using a single batch query
+  const [reviewsMap, setReviewsMap] = useState<
+    Record<string, ReviewsByProductIdsResult['reviewsByProductIds']>
+  >({})
+
+  const fetchReviews = useCallback(() => {
+    if (products.length === 0) {
+      return
+    }
+
+    // Fetch all reviews for all products in a single query
+    const productIds = products.map((product) => product.id)
+
+    client
+      .query<ReviewsByProductIdsResult>({
+        query: GET_REVIEWS_BY_PRODUCT_IDS,
+        variables: { productIds },
+        fetchPolicy: 'network-only', // Always fetch fresh data
+      })
+      .then((result) => {
+        if (!result.data) {
+          throw new Error('No data returned')
+        }
+        // Group reviews by productId
+        const map: Record<string, ReviewsByProductIdsResult['reviewsByProductIds']> = {}
+        result.data.reviewsByProductIds.forEach((review) => {
+          if (!map[review.productId]) {
+            map[review.productId] = []
+          }
+          map[review.productId].push(review)
+        })
+        setReviewsMap(map)
+      })
+      .catch(() => {
+        // On error, set empty reviews for all products
+        const map: Record<string, ReviewsByProductIdsResult['reviewsByProductIds']> = {}
+        products.forEach((product) => {
+          map[product.id] = []
+        })
+        setReviewsMap(map)
+      })
+  }, [products])
+
+  useEffect(() => {
+    fetchReviews()
+  }, [fetchReviews])
+
+  // Listen for review added event to refetch reviews
+  useEffect(() => {
+    const handleReviewAdded = () => {
+      fetchReviews()
+    }
+
+    window.addEventListener('reviewAdded', handleReviewAdded)
+
+    return () => {
+      window.removeEventListener('reviewAdded', handleReviewAdded)
+    }
+  }, [fetchReviews])
+
+  // Calculate average ratings for each product
+  const averageRatings = useMemo(() => {
+    const ratings: Record<string, number | null> = {}
+    products.forEach((product) => {
+      const reviews = reviewsMap[product.id] || []
+      ratings[product.id] = getAverageRating(reviews)
+    })
+    return ratings
+  }, [products, reviewsMap])
+
   // Scroll to top when products page loads or location changes
   useEffect(() => {
     window.scrollTo({ top: 0, behavior: 'smooth' })
@@ -25,8 +110,6 @@ export default function ProductsPage() {
   if (loading) return <LoadingState message="Loading products..." />
   if (error) return <ErrorMessage message={`Error loading products: ${error.message}`} />
 
-  const products = data?.products || []
-
   return (
     <section className="flex flex-col gap-10 py-8">
       <div className="max-w-[520px]">
@@ -43,6 +126,7 @@ export default function ProductsPage() {
             product={product}
             onAdd={() => addToCart(product.id)}
             isHighlighted={isHighlighted(product.id)}
+            averageRating={averageRatings[product.id] ?? null}
           />
         ))}
       </div>
diff --git a/src/components/AdminProtectedRoute.tsx b/src/components/AdminProtectedRoute.tsx
new file mode 100644
index 0000000..dbb2df6
--- /dev/null
+++ b/src/components/AdminProtectedRoute.tsx
@@ -0,0 +1,40 @@
+import { Navigate, useLocation } from 'react-router-dom'
+import { useAuth } from '#src/hooks/useAuth'
+import { usePermissions } from '#src/hooks/usePermissions'
+import { LoadingState } from '#src/components/LoadingState'
+import { EmptyState } from '#src/components/EmptyState'
+
+interface AdminProtectedRouteProps {
+  children: React.ReactNode
+}
+
+export function AdminProtectedRoute({ children }: AdminProtectedRouteProps) {
+  const { isAuthenticated, loading } = useAuth()
+  const { hasAdminAccess } = usePermissions()
+  const location = useLocation()
+
+  if (loading) {
+    return <LoadingState />
+  }
+
+  if (!isAuthenticated) {
+    // Redirect to login page, preserving the intended destination
+    return <Navigate to="/login" state={{ from: location }} replace />
+  }
+
+  if (!hasAdminAccess()) {
+    return (
+      <EmptyState
+        title="Access Denied"
+        message="You don't have permission to access this page."
+        actionLabel="Go Home"
+        onAction={() => {
+          window.location.href = '/'
+        }}
+      />
+    )
+  }
+
+  return <>{children}</>
+}
+
diff --git a/src/components/admin/ProductForm.tsx b/src/components/admin/ProductForm.tsx
new file mode 100644
index 0000000..29c6d90
--- /dev/null
+++ b/src/components/admin/ProductForm.tsx
@@ -0,0 +1,188 @@
+import { useState, type FormEvent } from 'react'
+import { useMutation } from '@apollo/client/react'
+import { CREATE_PRODUCT, UPDATE_PRODUCT } from '#src/graphql/queries'
+
+type Product = {
+  id: string
+  name: string
+  category: string
+  price: number
+  image: string
+  description: string
+  badge?: string
+  featured: boolean
+  colors: string[]
+}
+
+type ProductFormProps = {
+  product?: Product | null
+  onCancel: () => void
+  onSuccess: () => void
+}
+
+export default function ProductForm({ product, onCancel, onSuccess }: ProductFormProps) {
+  const [name, setName] = useState(product?.name || '')
+  const [category, setCategory] = useState(product?.category || '')
+  const [price, setPrice] = useState(product?.price.toString() || '')
+  const [image, setImage] = useState(product?.image || '')
+  const [description, setDescription] = useState(product?.description || '')
+  const [badge, setBadge] = useState(product?.badge || '')
+  const [featured, setFeatured] = useState(product?.featured || false)
+  const [colors, setColors] = useState(product?.colors.join(', ') || '')
+
+  const [createProduct, { loading: creating }] = useMutation(CREATE_PRODUCT)
+  const [updateProduct, { loading: updating }] = useMutation(UPDATE_PRODUCT)
+
+  const loading = creating || updating
+
+  const handleSubmit = async (e: FormEvent) => {
+    e.preventDefault()
+
+    const productInput = {
+      name,
+      category,
+      price: parseFloat(price),
+      image,
+      description,
+      badge: badge || undefined,
+      featured,
+      colors: colors
+        .split(',')
+        .map((c) => c.trim())
+        .filter(Boolean),
+    }
+
+    try {
+      if (product) {
+        await updateProduct({
+          variables: {
+            id: product.id,
+            updateProductInput: productInput,
+          },
+        })
+      } else {
+        await createProduct({
+          variables: {
+            createProductInput: productInput,
+          },
+        })
+      }
+      onSuccess()
+    } catch {
+      alert('Failed to save product')
+    }
+  }
+
+  return (
+    <div className="max-w-2xl mx-auto py-8 px-4">
+      <h1 className="text-4xl mb-8 m-0">{product ? 'Edit Product' : 'Create Product'}</h1>
+
+      <form onSubmit={handleSubmit} className="flex flex-col gap-6">
+        <div>
+          <label className="block mb-2 font-semibold">Name</label>
+          <input
+            type="text"
+            value={name}
+            onChange={(e) => setName(e.target.value)}
+            required
+            className="w-full px-4 py-2 border border-slate-200 rounded-lg"
+          />
+        </div>
+
+        <div>
+          <label className="block mb-2 font-semibold">Category</label>
+          <input
+            type="text"
+            value={category}
+            onChange={(e) => setCategory(e.target.value)}
+            required
+            className="w-full px-4 py-2 border border-slate-200 rounded-lg"
+          />
+        </div>
+
+        <div>
+          <label className="block mb-2 font-semibold">Price</label>
+          <input
+            type="number"
+            step="0.01"
+            value={price}
+            onChange={(e) => setPrice(e.target.value)}
+            required
+            className="w-full px-4 py-2 border border-slate-200 rounded-lg"
+          />
+        </div>
+
+        <div>
+          <label className="block mb-2 font-semibold">Image URL</label>
+          <input
+            type="url"
+            value={image}
+            onChange={(e) => setImage(e.target.value)}
+            required
+            className="w-full px-4 py-2 border border-slate-200 rounded-lg"
+          />
+        </div>
+
+        <div>
+          <label className="block mb-2 font-semibold">Description</label>
+          <textarea
+            value={description}
+            onChange={(e) => setDescription(e.target.value)}
+            required
+            rows={4}
+            className="w-full px-4 py-2 border border-slate-200 rounded-lg"
+          />
+        </div>
+
+        <div>
+          <label className="block mb-2 font-semibold">Badge (optional)</label>
+          <input
+            type="text"
+            value={badge}
+            onChange={(e) => setBadge(e.target.value)}
+            className="w-full px-4 py-2 border border-slate-200 rounded-lg"
+          />
+        </div>
+
+        <div>
+          <label className="flex items-center gap-2">
+            <input
+              type="checkbox"
+              checked={featured}
+              onChange={(e) => setFeatured(e.target.checked)}
+            />
+            <span className="font-semibold">Featured</span>
+          </label>
+        </div>
+
+        <div>
+          <label className="block mb-2 font-semibold">Colors (comma-separated)</label>
+          <input
+            type="text"
+            value={colors}
+            onChange={(e) => setColors(e.target.value)}
+            required
+            className="w-full px-4 py-2 border border-slate-200 rounded-lg"
+          />
+        </div>
+
+        <div className="flex gap-4">
+          <button
+            type="submit"
+            disabled={loading}
+            className="rounded-full px-6 py-3.5 text-sm font-semibold cursor-pointer transition-all bg-orange-500 text-white shadow-lg shadow-orange-500/25 hover:-translate-y-0.5 disabled:opacity-50"
+          >
+            {loading ? 'Saving...' : product ? 'Update' : 'Create'}
+          </button>
+          <button
+            type="button"
+            onClick={onCancel}
+            className="rounded-full px-6 py-3.5 text-sm font-semibold cursor-pointer transition-all bg-transparent border border-slate-200 text-slate-900 hover:-translate-y-0.5"
+          >
+            Cancel
+          </button>
+        </div>
+      </form>
+    </div>
+  )
+}
diff --git a/src/components/layout/Layout.tsx b/src/components/layout/Layout.tsx
index 3e54e31..6192d88 100644
--- a/src/components/layout/Layout.tsx
+++ b/src/components/layout/Layout.tsx
@@ -12,10 +12,10 @@ type LayoutProps = {
 
 export function Layout({ children, backLink }: LayoutProps) {
   return (
-    <div className="max-w-[1200px] mx-auto px-5 lg:px-12 py-12 pb-16 flex flex-col gap-12">
+    <div className="max-w-[1200px] mx-auto px-5 lg:px-12 py-12 pb-16 flex flex-col gap-6">
       <Header />
       <CartSidebar />
-      <div className="px-8 py-16 flex flex-col gap-12">
+      <div className="px-8 py-8 flex flex-col gap-12">
         {backLink && <BackLink to={backLink.to} label={backLink.label} />}
         {children}
       </div>
diff --git a/src/components/layout/header/AuthSection.tsx b/src/components/layout/header/AuthSection.tsx
index 518bf16..a9bcbb4 100644
--- a/src/components/layout/header/AuthSection.tsx
+++ b/src/components/layout/header/AuthSection.tsx
@@ -1,14 +1,26 @@
 import { Link } from 'react-router-dom'
 import { useAuth } from '#src/hooks/useAuth'
 import { useCart } from '#src/hooks/useCart'
+import { usePermissions } from '#src/hooks/usePermissions'
 
 export function AuthSection() {
   const { isAuthenticated, user, logout } = useAuth()
   const { isCartOpen, toggleCart } = useCart()
+  const { hasAdminAccess } = usePermissions()
+
+  const canViewAdmin = hasAdminAccess()
 
   if (isAuthenticated) {
     return (
       <>
+        {canViewAdmin && (
+          <Link
+            to="/admin"
+            className="rounded-full px-4 py-2 text-sm font-semibold cursor-pointer transition-all bg-transparent border border-slate-200 text-slate-900 hover:-translate-y-0.5 mr-2"
+          >
+            Admin
+          </Link>
+        )}
         <Link to="/account/orders" className="text-inherit no-underline text-sm mr-2">
           {user?.email}
         </Link>
diff --git a/src/components/layout/header/Header.tsx b/src/components/layout/header/Header.tsx
index 36649fa..b0333e9 100644
--- a/src/components/layout/header/Header.tsx
+++ b/src/components/layout/header/Header.tsx
@@ -13,4 +13,3 @@ export function Header() {
     </div>
   )
 }
-
diff --git a/src/contexts/auth/AuthContext.types.ts b/src/contexts/auth/AuthContext.types.ts
index df65556..adc122f 100644
--- a/src/contexts/auth/AuthContext.types.ts
+++ b/src/contexts/auth/AuthContext.types.ts
@@ -1,8 +1,18 @@
+export type UserPermission =
+  | 'admin:read'
+  | 'products:read'
+  | 'products:write'
+  | 'orders:read'
+  | 'orders:write'
+  | 'permissions:read'
+  | 'permissions:write'
+
 export interface User {
   id: string
   email: string
   firstName: string
   lastName: string
+  permissions?: UserPermission[]
 }
 
 export interface AuthContextType {
diff --git a/src/data/products.ts b/src/data/products.ts
index 5ed3404..74c21a2 100644
--- a/src/data/products.ts
+++ b/src/data/products.ts
@@ -7,6 +7,5 @@ export type Product = {
   description: string
   badge?: string
   featured?: boolean
-  rating: number
   colors: string[]
 }
diff --git a/src/graphql/queries.ts b/src/graphql/queries.ts
index 8a2b609..abffaf7 100644
--- a/src/graphql/queries.ts
+++ b/src/graphql/queries.ts
@@ -114,6 +114,19 @@ export const GET_REVIEWS = gql`
   }
 `
 
+export const GET_REVIEWS_BY_PRODUCT_IDS = gql`
+  query GetReviewsByProductIds($productIds: [ID!]!) {
+    reviewsByProductIds(productIds: $productIds) {
+      id
+      productId
+      text
+      rating
+      userName
+      createdAt
+    }
+  }
+`
+
 export const CREATE_REVIEW = gql`
   mutation CreateReview($createReviewInput: CreateReviewInput!) {
     createReview(createReviewInput: $createReviewInput) {
@@ -132,3 +145,104 @@ export const DELETE_REVIEW = gql`
     deleteReview(id: $id)
   }
 `
+
+export const GET_ADMIN_PRODUCTS = gql`
+  query AdminProducts($category: String) {
+    adminProducts(category: $category) {
+      id
+      name
+      category
+      price
+      image
+      description
+      badge
+      featured
+      colors
+      createdAt
+      updatedAt
+    }
+  }
+`
+
+export const CREATE_PRODUCT = gql`
+  mutation CreateProduct($createProductInput: CreateProductInput!) {
+    createProduct(createProductInput: $createProductInput) {
+      id
+      name
+      category
+      price
+      image
+      description
+      badge
+      featured
+      colors
+      createdAt
+      updatedAt
+    }
+  }
+`
+
+export const UPDATE_PRODUCT = gql`
+  mutation UpdateProduct($id: ID!, $updateProductInput: CreateProductInput!) {
+    updateProduct(id: $id, updateProductInput: $updateProductInput) {
+      id
+      name
+      category
+      price
+      image
+      description
+      badge
+      featured
+      colors
+      createdAt
+      updatedAt
+    }
+  }
+`
+
+export const DELETE_PRODUCT = gql`
+  mutation DeleteProduct($id: ID!) {
+    removeProduct(id: $id)
+  }
+`
+
+export const GET_ADMIN_CHECKOUTS = gql`
+  query AdminCheckouts($status: CheckoutStatus) {
+    adminCheckouts(status: $status) {
+      id
+      status
+      total
+      subtotal
+      tax
+      shipping
+      items {
+        productId
+        name
+        quantity
+        price
+      }
+      shippingAddress {
+        firstName
+        lastName
+        address
+        city
+        state
+        zipCode
+        country
+      }
+      paymentMethod
+      createdAt
+      updatedAt
+    }
+  }
+`
+
+export const UPDATE_CHECKOUT_STATUS = gql`
+  mutation UpdateCheckoutStatus($id: ID!, $status: CheckoutStatus!) {
+    updateCheckoutStatus(id: $id, status: $status) {
+      id
+      status
+      updatedAt
+    }
+  }
+`
diff --git a/src/hooks/usePermissions.ts b/src/hooks/usePermissions.ts
new file mode 100644
index 0000000..290a765
--- /dev/null
+++ b/src/hooks/usePermissions.ts
@@ -0,0 +1,26 @@
+import { useMemo } from 'react'
+import { useAuth } from './useAuth'
+import type { UserPermission } from '../contexts/auth/AuthContext.types'
+import {
+  hasPermission,
+  hasAnyPermission,
+  hasAllPermissions,
+  hasAdminAccess,
+} from '../utils/permissions'
+
+export function usePermissions() {
+  const { user } = useAuth()
+
+  return useMemo(() => {
+    const permissions = user?.permissions || []
+    return {
+      permissions,
+      hasPermission: (permission: UserPermission) => hasPermission(permissions, permission),
+      hasAnyPermission: (permissionList: UserPermission[]) =>
+        hasAnyPermission(permissions, permissionList),
+      hasAllPermissions: (permissionList: UserPermission[]) =>
+        hasAllPermissions(permissions, permissionList),
+      hasAdminAccess: () => hasAdminAccess(permissions),
+    }
+  }, [user?.permissions])
+}
diff --git a/src/pages/AdminDashboardPage.tsx b/src/pages/AdminDashboardPage.tsx
new file mode 100644
index 0000000..558e9a3
--- /dev/null
+++ b/src/pages/AdminDashboardPage.tsx
@@ -0,0 +1,53 @@
+import { Link } from 'react-router-dom'
+import { usePermissions } from '#src/hooks/usePermissions'
+
+export default function AdminDashboardPage() {
+  const { hasPermission } = usePermissions()
+
+  const canManageProducts = hasPermission('products:read') || hasPermission('products:write')
+  const canManageOrders = hasPermission('orders:read') || hasPermission('orders:write')
+
+  return (
+    <div className="max-w-4xl mx-auto py-8 px-4">
+      <h1 className="text-4xl mb-8 m-0">Admin Dashboard</h1>
+
+      <div className="grid grid-cols-1 md:grid-cols-2 gap-6">
+        {canManageProducts && (
+          <Link
+            to="/admin/products"
+            className="bg-white border border-slate-200 rounded-3xl p-8 hover:shadow-lg transition-shadow"
+          >
+            <h2 className="text-2xl mb-4 m-0">Products</h2>
+            <p className="text-slate-600 m-0">
+              Manage products, create new items, and update existing ones.
+            </p>
+            <div className="mt-4 text-orange-500 font-semibold">Manage Products →</div>
+          </Link>
+        )}
+
+        {canManageOrders && (
+          <Link
+            to="/admin/orders"
+            className="bg-white border border-slate-200 rounded-3xl p-8 hover:shadow-lg transition-shadow"
+          >
+            <h2 className="text-2xl mb-4 m-0">Orders</h2>
+            <p className="text-slate-600 m-0">
+              View and manage orders, update statuses, and track fulfillment.
+            </p>
+            <div className="mt-4 text-orange-500 font-semibold">Manage Orders →</div>
+          </Link>
+        )}
+      </div>
+
+      {!canManageProducts && !canManageOrders && (
+        <div className="bg-white border border-slate-200 rounded-3xl p-8 text-center">
+          <p className="text-slate-600 m-0">
+            You don't have access to any admin features. Contact an administrator to request
+            permissions.
+          </p>
+        </div>
+      )}
+    </div>
+  )
+}
+
diff --git a/src/pages/AdminOrdersPage.tsx b/src/pages/AdminOrdersPage.tsx
new file mode 100644
index 0000000..903cd5f
--- /dev/null
+++ b/src/pages/AdminOrdersPage.tsx
@@ -0,0 +1,180 @@
+import { useState } from 'react'
+import { useQuery, useMutation } from '@apollo/client/react'
+import { GET_ADMIN_CHECKOUTS, UPDATE_CHECKOUT_STATUS } from '#src/graphql/queries'
+import { LoadingState } from '#src/components/LoadingState'
+import { ErrorMessage } from '#src/components/ErrorMessage'
+import { usePermissions } from '#src/hooks/usePermissions'
+import { currency } from '#src/utils/constants'
+
+type CheckoutStatus = 'PENDING' | 'PROCESSING' | 'COMPLETED' | 'FAILED' | 'CANCELLED'
+
+type CheckoutItem = {
+  productId: string
+  name: string
+  quantity: number
+  price: number
+}
+
+type Address = {
+  firstName: string
+  lastName: string
+  address: string
+  city: string
+  state: string
+  zipCode: string
+  country: string
+}
+
+type Checkout = {
+  id: string
+  status: CheckoutStatus
+  total: number
+  subtotal: number
+  tax: number
+  shipping: number
+  items: CheckoutItem[]
+  shippingAddress: Address
+  paymentMethod: string
+  createdAt: string
+  updatedAt: string
+}
+
+type CheckoutsQueryResult = {
+  adminCheckouts: Checkout[]
+}
+
+export default function AdminOrdersPage() {
+  const { hasPermission } = usePermissions()
+  const [statusFilter, setStatusFilter] = useState<CheckoutStatus | null>(null)
+  const { loading, error, data, refetch } = useQuery<CheckoutsQueryResult>(GET_ADMIN_CHECKOUTS, {
+    variables: statusFilter ? { status: statusFilter } : {},
+  })
+  const [updateStatus] = useMutation(UPDATE_CHECKOUT_STATUS, {
+    onCompleted: () => refetch(),
+  })
+
+  const canWrite = hasPermission('orders:write')
+
+  if (loading) return <LoadingState message="Loading orders..." />
+  if (error) return <ErrorMessage message={`Error loading orders: ${error.message}`} />
+
+  const checkouts = data?.adminCheckouts || []
+
+  const handleStatusChange = async (id: string, newStatus: CheckoutStatus) => {
+    try {
+      await updateStatus({
+        variables: { id, status: newStatus },
+      })
+    } catch {
+      alert('Failed to update order status')
+    }
+  }
+
+  const statuses: CheckoutStatus[] = ['PENDING', 'PROCESSING', 'COMPLETED', 'FAILED', 'CANCELLED']
+
+  return (
+    <div className="max-w-6xl mx-auto py-8 px-4">
+      <div className="flex justify-between items-center mb-8">
+        <h1 className="text-4xl m-0">Admin Orders</h1>
+        <div>
+          <select
+            value={statusFilter || ''}
+            onChange={(e) => setStatusFilter((e.target.value as CheckoutStatus | null) || null)}
+            className="px-4 py-2 border border-slate-200 rounded-lg"
+          >
+            <option value="">All Statuses</option>
+            {statuses.map((status) => (
+              <option key={status} value={status}>
+                {status}
+              </option>
+            ))}
+          </select>
+        </div>
+      </div>
+
+      <div className="space-y-4">
+        {checkouts.map((checkout) => (
+          <div key={checkout.id} className="bg-white border border-slate-200 rounded-3xl p-6">
+            <div className="flex justify-between items-start mb-4">
+              <div>
+                <h3 className="text-xl m-0">Order #{checkout.id.slice(0, 8)}</h3>
+                <p className="text-slate-600 m-0">
+                  {checkout.shippingAddress.firstName} {checkout.shippingAddress.lastName}
+                </p>
+                <p className="text-slate-600 m-0">
+                  {new Date(checkout.createdAt).toLocaleDateString()}
+                </p>
+              </div>
+              <div className="text-right">
+                <div className="text-2xl font-semibold">{currency.format(checkout.total)}</div>
+                <div className="flex items-center gap-2 mt-2">
+                  <span
+                    className={`px-3 py-1 rounded-full text-sm font-semibold ${
+                      checkout.status === 'COMPLETED'
+                        ? 'bg-green-100 text-green-800'
+                        : checkout.status === 'FAILED'
+                          ? 'bg-red-100 text-red-800'
+                          : checkout.status === 'CANCELLED'
+                            ? 'bg-gray-100 text-gray-800'
+                            : 'bg-yellow-100 text-yellow-800'
+                    }`}
+                  >
+                    {checkout.status}
+                  </span>
+                  {canWrite && (
+                    <select
+                      value={checkout.status}
+                      onChange={(e) =>
+                        handleStatusChange(checkout.id, e.target.value as CheckoutStatus)
+                      }
+                      className="px-3 py-1 border border-slate-200 rounded-lg text-sm"
+                    >
+                      {statuses.map((status) => (
+                        <option key={status} value={status}>
+                          {status}
+                        </option>
+                      ))}
+                    </select>
+                  )}
+                </div>
+              </div>
+            </div>
+
+            <div className="border-t border-slate-200 pt-4 mt-4">
+              <div className="grid grid-cols-2 gap-4 text-sm">
+                <div>
+                  <strong>Items:</strong>
+                  <ul className="list-disc pl-5 mt-1">
+                    {checkout.items.map((item, idx) => (
+                      <li key={idx}>
+                        {item.name} × {item.quantity} -{' '}
+                        {currency.format(item.price * item.quantity)}
+                      </li>
+                    ))}
+                  </ul>
+                </div>
+                <div>
+                  <strong>Shipping Address:</strong>
+                  <p className="m-0 mt-1">
+                    {checkout.shippingAddress.address}
+                    <br />
+                    {checkout.shippingAddress.city}, {checkout.shippingAddress.state}{' '}
+                    {checkout.shippingAddress.zipCode}
+                    <br />
+                    {checkout.shippingAddress.country}
+                  </p>
+                </div>
+              </div>
+            </div>
+          </div>
+        ))}
+
+        {checkouts.length === 0 && (
+          <div className="bg-white border border-slate-200 rounded-3xl p-8 text-center text-slate-500">
+            No orders found
+          </div>
+        )}
+      </div>
+    </div>
+  )
+}
diff --git a/src/pages/AdminProductsPage.tsx b/src/pages/AdminProductsPage.tsx
new file mode 100644
index 0000000..47e8535
--- /dev/null
+++ b/src/pages/AdminProductsPage.tsx
@@ -0,0 +1,139 @@
+import { useState } from 'react'
+import { useQuery, useMutation } from '@apollo/client/react'
+import { GET_ADMIN_PRODUCTS, DELETE_PRODUCT } from '#src/graphql/queries'
+import { LoadingState } from '#src/components/LoadingState'
+import { ErrorMessage } from '#src/components/ErrorMessage'
+import { usePermissions } from '#src/hooks/usePermissions'
+import { currency } from '#src/utils/constants'
+import { Link } from 'react-router-dom'
+import ProductForm from '#src/components/admin/ProductForm'
+
+type Product = {
+  id: string
+  name: string
+  category: string
+  price: number
+  image: string
+  description: string
+  badge?: string
+  featured: boolean
+  colors: string[]
+  createdAt: string
+  updatedAt: string
+}
+
+type ProductsQueryResult = {
+  adminProducts: Product[]
+}
+
+export default function AdminProductsPage() {
+  const { hasPermission } = usePermissions()
+  const [editingProduct, setEditingProduct] = useState<Product | null>(null)
+  const [showCreateForm, setShowCreateForm] = useState(false)
+  const { loading, error, data, refetch } = useQuery<ProductsQueryResult>(GET_ADMIN_PRODUCTS)
+  const [deleteProduct] = useMutation(DELETE_PRODUCT, {
+    onCompleted: () => refetch(),
+  })
+
+  const canWrite = hasPermission('products:write')
+
+  if (loading) return <LoadingState message="Loading products..." />
+  if (error) return <ErrorMessage message={`Error loading products: ${error.message}`} />
+
+  const products = data?.adminProducts || []
+
+  const handleDelete = async (id: string) => {
+    if (!confirm('Are you sure you want to delete this product?')) return
+    try {
+      await deleteProduct({ variables: { id } })
+    } catch {
+      alert('Failed to delete product')
+    }
+  }
+
+  if (showCreateForm || editingProduct) {
+    return (
+      <ProductForm
+        product={editingProduct}
+        onCancel={() => {
+          setEditingProduct(null)
+          setShowCreateForm(false)
+        }}
+        onSuccess={() => {
+          setEditingProduct(null)
+          setShowCreateForm(false)
+          refetch()
+        }}
+      />
+    )
+  }
+
+  return (
+    <div className="max-w-6xl mx-auto py-8 px-4">
+      <div className="flex justify-between items-center mb-8">
+        <h1 className="text-4xl m-0">Admin Products</h1>
+        {canWrite && (
+          <button
+            type="button"
+            className="rounded-full px-6 py-3.5 text-sm font-semibold cursor-pointer transition-all bg-orange-500 text-white shadow-lg shadow-orange-500/25 hover:-translate-y-0.5"
+            onClick={() => setShowCreateForm(true)}
+          >
+            + Create Product
+          </button>
+        )}
+      </div>
+
+      <div className="bg-white border border-slate-200 rounded-3xl overflow-hidden">
+        <table className="w-full">
+          <thead className="bg-slate-50">
+            <tr>
+              <th className="text-left p-4">Name</th>
+              <th className="text-left p-4">Category</th>
+              <th className="text-left p-4">Price</th>
+              <th className="text-left p-4">Featured</th>
+              <th className="text-left p-4">Actions</th>
+            </tr>
+          </thead>
+          <tbody>
+            {products.map((product) => (
+              <tr key={product.id} className="border-t border-slate-200">
+                <td className="p-4">{product.name}</td>
+                <td className="p-4">{product.category}</td>
+                <td className="p-4">{currency.format(product.price)}</td>
+                <td className="p-4">{product.featured ? 'Yes' : 'No'}</td>
+                <td className="p-4">
+                  <div className="flex gap-2">
+                    {canWrite && (
+                      <>
+                        <button
+                          type="button"
+                          className="text-orange-500 hover:underline"
+                          onClick={() => setEditingProduct(product)}
+                        >
+                          Edit
+                        </button>
+                        <button
+                          type="button"
+                          className="text-red-500 hover:underline"
+                          onClick={() => handleDelete(product.id)}
+                        >
+                          Delete
+                        </button>
+                      </>
+                    )}
+                    <Link to={`/product/${product.id}`} className="text-blue-500 hover:underline">
+                      View
+                    </Link>
+                  </div>
+                </td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+        {products.length === 0 && (
+          <div className="p-8 text-center text-slate-500">No products found</div>
+        )}
+      </div>
+    </div>
+  )
+}
diff --git a/src/routes.tsx b/src/routes.tsx
index e3bb05d..b4c0866 100644
--- a/src/routes.tsx
+++ b/src/routes.tsx
@@ -1,4 +1,6 @@
+import { lazy } from 'react'
 import { ProtectedRoute } from '#src/components/ProtectedRoute'
+import { AdminProtectedRoute } from '#src/components/AdminProtectedRoute'
 import { HomePage } from '#src/pages/HomePage'
 import ProductsPage from '#src/ProductsPage'
 import ProductPage from '#src/ProductPage'
@@ -8,6 +10,17 @@ import LoginPage from '#src/LoginPage'
 import RegisterPage from '#src/RegisterPage'
 import UserOrdersPage from '#src/UserOrdersPage'
 
+// Lazy load admin pages
+const AdminDashboardPage = lazy(() =>
+  import('#src/pages/AdminDashboardPage').then((m) => ({ default: m.default })),
+)
+const AdminProductsPage = lazy(() =>
+  import('#src/pages/AdminProductsPage').then((m) => ({ default: m.default })),
+)
+const AdminOrdersPage = lazy(() =>
+  import('#src/pages/AdminOrdersPage').then((m) => ({ default: m.default })),
+)
+
 export const routes = [
   {
     path: '/',
@@ -49,4 +62,31 @@ export const routes = [
     ),
     backLink: { to: '/products', label: '← Back to products' },
   },
+  {
+    path: '/admin',
+    element: (
+      <AdminProtectedRoute>
+        <AdminDashboardPage />
+      </AdminProtectedRoute>
+    ),
+    backLink: { to: '/', label: '← Back to main site' },
+  },
+  {
+    path: '/admin/products',
+    element: (
+      <AdminProtectedRoute>
+        <AdminProductsPage />
+      </AdminProtectedRoute>
+    ),
+    backLink: { to: '/admin', label: '← Back to admin' },
+  },
+  {
+    path: '/admin/orders',
+    element: (
+      <AdminProtectedRoute>
+        <AdminOrdersPage />
+      </AdminProtectedRoute>
+    ),
+    backLink: { to: '/admin', label: '← Back to admin' },
+  },
 ]
diff --git a/src/utils/permissions.ts b/src/utils/permissions.ts
new file mode 100644
index 0000000..21e7029
--- /dev/null
+++ b/src/utils/permissions.ts
@@ -0,0 +1,42 @@
+import type { UserPermission } from '../contexts/auth/AuthContext.types'
+
+/**
+ * Check if user has a specific permission
+ */
+export function hasPermission(
+  userPermissions: UserPermission[] | undefined,
+  permission: UserPermission,
+): boolean {
+  if (!userPermissions) return false
+  return userPermissions.includes(permission)
+}
+
+/**
+ * Check if user has any of the specified permissions
+ */
+export function hasAnyPermission(
+  userPermissions: UserPermission[] | undefined,
+  permissions: UserPermission[],
+): boolean {
+  if (!userPermissions) return false
+  return permissions.some((permission) => userPermissions.includes(permission))
+}
+
+/**
+ * Check if user has all of the specified permissions
+ */
+export function hasAllPermissions(
+  userPermissions: UserPermission[] | undefined,
+  permissions: UserPermission[],
+): boolean {
+  if (!userPermissions) return false
+  return permissions.every((permission) => userPermissions.includes(permission))
+}
+
+/**
+ * Check if user has admin access (requires admin:read permission)
+ */
+export function hasAdminAccess(userPermissions: UserPermission[] | undefined): boolean {
+  if (!userPermissions) return false
+  return hasPermission(userPermissions, 'admin:read')
+}
diff --git a/test/hooks/useCart.test.tsx b/test/hooks/useCart.test.tsx
index af7ddf8..cc9fabc 100644
--- a/test/hooks/useCart.test.tsx
+++ b/test/hooks/useCart.test.tsx
@@ -15,7 +15,6 @@ const mockProducts: Product[] = [
     badge: undefined,
     featured: false,
     colors: ['Red'],
-    rating: 4.5,
   },
 ]