diff --git a/src/main/java/com/example/proyectofinal/controllers/AdminController.java b/src/main/java/com/example/proyectofinal/controllers/AdminController.java
index a55bd1e..0fabce7 100644
--- a/src/main/java/com/example/proyectofinal/controllers/AdminController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/AdminController.java
@@ -37,30 +37,25 @@ public class AdminController {
     @Autowired
     private AlumnoService alumnoService;
 
-    @GetMapping("/admin/alta_admin_nuevo")
-    public String showCreateFormAdmin(Model model, Authentication authentication) {
+    private void checkUserRole(Authentication authentication) {
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         boolean isAdmin = authorities.stream()
                 .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
         if (!isAdmin) {
             throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
         }
-
+    }
+    @GetMapping("/admin/alta_admin_nuevo")
+    public String showCreateFormAdmin(Model model, Authentication authentication) {
+        checkUserRole(authentication);
         model.addAttribute("usuario", new Usuario()); // Add this line
-
         return "admin/usuario/create";
     }
 
     @PostMapping("/admin/alta_admin_nuevo")
     public String saveNewAdmin(@ModelAttribute Usuario usuario, Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         usuario.setRol(usuarioService.getRolById(1));
-
         if(usuarioService.getUserByLogInName(usuario.getNombreLogIn()) == null){
             usuarioService.createUsuario(usuario.getNombreUsuario(), usuario.getNombreLogIn(), usuario.getEmail(), usuario.getPassword(), usuario.getRol().getId());
             return "redirect:/buscador?userCreated=true";
@@ -80,12 +75,7 @@ public class AdminController {
 
     @GetMapping("/admin/editar_usuario")
     public String showUpdateFormAdmin(Model model, Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         List<Usuario> users = usuarioService.findAll();
         model.addAttribute("users", users);
         model.addAttribute("usuario", new Usuario());
@@ -94,12 +84,7 @@ public class AdminController {
     //TODO add confirmation of if the user is a studen and if it is then cahnge the first email in alumno table
     @PostMapping("/admin/update_usuario")
     public String updateUser(@ModelAttribute Usuario usuario, Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Usuario existingUser = usuarioService.findUserById(usuario.getId());
         if (existingUser == null) {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Este usuario no existe");
@@ -150,19 +135,15 @@ public class AdminController {
 
 
     @GetMapping("/admin/user/{id}")
-    public ResponseEntity<Usuario> getUser(@PathVariable Long id) {
+    public ResponseEntity<Usuario> getUser(@PathVariable Long id,Authentication authentication) {
+        checkUserRole(authentication);
         Usuario usuario = usuarioService.findUserById(id);
         return ResponseEntity.ok(usuario);
     }
 
     @GetMapping("/admin/delete_usuario")
     public String showDeleteFormAdmin(Model model, Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         List<Usuario> users = usuarioService.findAll();
         model.addAttribute("users", users);
         model.addAttribute("usuario", new Usuario());
@@ -171,12 +152,7 @@ public class AdminController {
 
     @GetMapping("/admin/delete_usuario/{id}")
     public ResponseEntity<String> deleteUser(@PathVariable Long id, Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Usuario existingUser = usuarioService.findUserById(id);
         if (existingUser == null) {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Este usuario no existe");
@@ -201,19 +177,11 @@ public class AdminController {
 
     @GetMapping("/admin/firstUser")
     public String showAlterUserForm(Model model, Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         String username = authentication.getName();
         Usuario usuario = usuarioService.findByLogInName(username);
         model.addAttribute("usuario", usuario);
         model.addAttribute("newPassword", "");
         return "admin/usuario/first_login_admin";
     }
-
-
-
 }
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java
index 510f3a8..ba05473 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/AlumnoController.java
@@ -36,15 +36,18 @@ public class AlumnoController {
     @Autowired
     UsuarioService usuarioService;
 
-
-    @GetMapping("/admin/alumno/create")
-    public String showCreateForm(Model model, Authentication authentication) {
+    private void checkUserRole(Authentication authentication) {
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         boolean isAdmin = authorities.stream()
                 .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
         if (!isAdmin) {
             throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
         }
+    }
+
+    @GetMapping("/admin/alumno/create")
+    public String showCreateForm(Model model, Authentication authentication) {
+        checkUserRole(authentication);
         Alumno alumno = new Alumno();
         List<Ciclo> ciclos = cicloService.findAll();
         List<Skill> skills = skillService.findAll();
@@ -56,8 +59,10 @@ public class AlumnoController {
 
 
     @PostMapping("/alumno/save")
-    public ResponseEntity<String> saveAlumno(Alumno alumno, @RequestParam("ciclo") Long ciclo, @RequestParam("skills") List<Long> skills, @RequestParam("joinedKeywords") String keywords){
+    public ResponseEntity<String> saveAlumno(Alumno alumno, @RequestParam("ciclo") Long ciclo, @RequestParam("skills") List<Long> skills, @RequestParam("joinedKeywords") String keywords,
+                                             Authentication authentication){
         try{
+            checkUserRole(authentication);
             //For some reason the transef of keywords from html to controllers is not done completely right
             //due to the fact that the first character is always a comma, so we need to remove it
             if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
@@ -98,7 +103,9 @@ public class AlumnoController {
 
 
     @GetMapping("/admin/alumno/update/{id}")
-    public String showUpdateForm(Model model, @PathVariable Long id) {
+    public String showUpdateForm(Model model, @PathVariable Long id,
+                                 Authentication authentication) {
+        checkUserRole(authentication);
         Alumno alumno = alumnoService.findById(id);
         List<Ciclo> ciclos = cicloService.findAll();
         List<Skill> skills = skillService.findAll();
@@ -110,8 +117,9 @@ public class AlumnoController {
 
 
     @PostMapping("/alumno/update")
-    public ResponseEntity<String> updateAlumno(Alumno alumno, @RequestParam("ciclo") Long ciclo, @RequestParam("skills") List<Long> skills,@RequestParam("joinedKeywords") String keywords){
+    public ResponseEntity<String> updateAlumno(Alumno alumno, @RequestParam("ciclo") Long ciclo, @RequestParam("skills") List<Long> skills,@RequestParam("joinedKeywords") String keywords,Authentication authentication){
         try{
+            checkUserRole(authentication);
             if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
                 keywords = keywords.substring(1);
             }
@@ -151,12 +159,7 @@ public class AlumnoController {
 
     @GetMapping("/alumno/delete/{id}")
     public ResponseEntity<String> deleteAlumno(@PathVariable Long id,Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         try{
             Alumno alumno = alumnoService.findById(id);
             String logIn = "alu." + alumno.getNombre() + alumno.getNia().substring(0, 3);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/CicloController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/CicloController.java
index 7e34bff..dce1072 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/CicloController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/CicloController.java
@@ -28,15 +28,18 @@ public class CicloController {
     @Autowired
     private FamiliaService familiaService;
 
-
-    @GetMapping("/admin/ciclo/create")
-    public String showCreateForm(Model model, Authentication authentication) {
+    private void checkUserRole(Authentication authentication) {
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         boolean isAdmin = authorities.stream()
                 .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
         if (!isAdmin) {
             throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
         }
+    }
+
+    @GetMapping("/admin/ciclo/create")
+    public String showCreateForm(Model model, Authentication authentication) {
+        checkUserRole(authentication);
         Ciclo ciclo = new Ciclo();
         List<Familia> familias = familiaService.findAllFamilias();
         Familia familia = new Familia();
@@ -48,8 +51,9 @@ public class CicloController {
 
 
     @PostMapping("/ciclo/save")
-    public ResponseEntity<String> saveCiclo(Ciclo ciclo, @RequestParam("familia") Long familiaId){
+    public ResponseEntity<String> saveCiclo(Ciclo ciclo, @RequestParam("familia") Long familiaId,Authentication authentication){
         try{
+            checkUserRole(authentication);
             Familia familia = familiaService.findById(familiaId);
             ciclo.setFamilia(familia);
             if(cicloService.exists(ciclo) != null){
@@ -67,12 +71,7 @@ public class CicloController {
 
     @GetMapping("/admin/ciclo/update/{id}")
     public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Ciclo ciclo = cicloService.findById(id);
         List<Familia> familias = familiaService.findAllFamilias();
         Familia familia = new Familia();
@@ -84,8 +83,9 @@ public class CicloController {
 
 
     @PostMapping("/ciclo/update")
-    public ResponseEntity<String> updateCiclo(Ciclo ciclo, @RequestParam("familia.id") Long familiaId){
+    public ResponseEntity<String> updateCiclo(Ciclo ciclo, @RequestParam("familia.id") Long familiaId,Authentication authentication){
         try{
+            checkUserRole(authentication);
             Familia familia = familiaService.findById(familiaId);
             ciclo.setFamilia(familia);
             cicloService.save(ciclo);
@@ -98,12 +98,7 @@ public class CicloController {
 
     @GetMapping("/ciclo/delete/{id}")
     public ResponseEntity<String> deleteCiclo(@PathVariable Long id,Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         try{
             cicloService.deleteById(id);
             return new ResponseEntity<>("El ciclo ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/ContactoController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/ContactoController.java
index e071658..8dcb296 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/ContactoController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/ContactoController.java
@@ -31,14 +31,18 @@ public class ContactoController {
     @Autowired
     private EmpresaService empresaService;
 
-    @GetMapping("/admin/contacto/create")
-    public String showCreateForm(Model model, Authentication authentication) {
+    private void checkUserRole(Authentication authentication) {
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         boolean isAdmin = authorities.stream()
                 .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
         if (!isAdmin) {
             throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
         }
+    }
+
+    @GetMapping("/admin/contacto/create")
+    public String showCreateForm(Model model, Authentication authentication) {
+        checkUserRole(authentication);
         Contacto contacto = new Contacto();
         List<Empresa> empresas = empresaService.findAll();
         Empresa empresa = new Empresa();
@@ -50,8 +54,10 @@ public class ContactoController {
 
 
     @PostMapping("/contacto/save")
-    public ResponseEntity<String> saveContacto(Contacto contacto, @RequestParam("empresa.id") Long empresaId){
+    public ResponseEntity<String> saveContacto(Contacto contacto, @RequestParam("empresa.id") Long empresaId,
+                                               Authentication authentication){
         try{
+            checkUserRole(authentication);
             Empresa existingEmpresa = empresaService.findById(empresaId);
             contacto.setEmpresa(existingEmpresa);
             if(contactosService.exists(contacto) != null){
@@ -68,12 +74,7 @@ public class ContactoController {
 
     @GetMapping("/admin/contacto/update/{id}")
     public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Contacto contacto = contactosService.findById(id);
         Empresa empresa = new Empresa();
         List<Empresa> empresas = empresaService.findAll();
@@ -85,8 +86,10 @@ public class ContactoController {
 
 
     @PostMapping("/contacto/update")
-    public ResponseEntity<String> updateContacto(Contacto contacto, @RequestParam("empresa.id") Long empresaId){
+    public ResponseEntity<String> updateContacto(Contacto contacto, @RequestParam("empresa.id") Long empresaId,
+                                                 Authentication authentication){
         try{
+            checkUserRole(authentication);
             Empresa existingEmpresa = empresaService.findById(empresaId);
             if(existingEmpresa != null) {
                 contacto.setEmpresa(existingEmpresa);
@@ -103,12 +106,7 @@ public class ContactoController {
 
     @GetMapping("/contacto/delete/{id}")
     public ResponseEntity<String> deleteContacto(@PathVariable Long id, Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         try{
             contactosService.deleteById(id);
             return new ResponseEntity<>("El contacto ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
index c003930..0c3a815 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
@@ -17,6 +17,8 @@ import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
@@ -44,15 +46,18 @@ public class EmpressaController {
         return "contactos";
     }
 
-
-    @GetMapping("/admin/empresa/create")
-    public String showCreateForm(Model model, Authentication authentication) {
+    private void checkUserRole(Authentication authentication) {
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         boolean isAdmin = authorities.stream()
                 .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
         if (!isAdmin) {
             throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
         }
+    }
+
+    @GetMapping("/admin/empresa/create")
+    public String showCreateForm(Model model, Authentication authentication) {
+        checkUserRole(authentication);
         Empresa empresa = new Empresa();
         Sector sector = new Sector();
         List<Sector> sectores = sectorService.findAll();
@@ -66,12 +71,7 @@ public class EmpressaController {
     @PostMapping("/empresa/save")
     public ResponseEntity<String> saveEmpresa(Empresa empresa, @RequestParam("sector.id") Long sectorId, @RequestParam("joinedKeywords") String keywords, Authentication authentication){
         try{
-            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-            boolean isAdmin = authorities.stream()
-                    .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-            if (!isAdmin) {
-                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-            }
+            checkUserRole(authentication);
             if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
                 keywords = keywords.substring(1);
             }
@@ -92,12 +92,7 @@ public class EmpressaController {
 
     @GetMapping("/admin/empresa/update/{id}")
     public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Empresa empresa = empresaService.findById(id);
         //System.out.println("Retrieved empresa: " + empresa); // Add logging here
         Sector sector = new Sector();
@@ -114,12 +109,7 @@ public class EmpressaController {
     @PostMapping("/empresa/update")
     public ResponseEntity<String> updateEmpresa(Empresa empresa, @RequestParam("sectorId") Long sectorId, @RequestParam("joinedKeywords") String keywords, Authentication authentication){
         try{
-            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-            boolean isAdmin = authorities.stream()
-                    .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-            if (!isAdmin) {
-                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-            }
+            checkUserRole(authentication);
             if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
                 keywords = keywords.substring(1);
             }
@@ -143,12 +133,7 @@ public class EmpressaController {
 
     @GetMapping("/empresa/delete/{id}")
     public ResponseEntity<String> deleteEmpresa(@PathVariable Long id,Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         try{
             empresaService.deleteById(id);
             return new ResponseEntity<>("La empresa ha sido eliminado", HttpStatus.OK);
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/FamiliaController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/FamiliaController.java
index 476ad46..822f4d4 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/FamiliaController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/FamiliaController.java
@@ -22,15 +22,18 @@ public class FamiliaController {
     @Autowired
     private FamiliaService familiaService;
 
-
-    @GetMapping("/admin/familia/create")
-    public String showCreateForm(Model model, Authentication authentication) {
+    private void checkUserRole(Authentication authentication) {
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         boolean isAdmin = authorities.stream()
                 .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
         if (!isAdmin) {
             throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
         }
+    }
+
+    @GetMapping("/admin/familia/create")
+    public String showCreateForm(Model model, Authentication authentication) {
+        checkUserRole(authentication);
         Familia familia = new Familia();
         model.addAttribute("familia", familia);
         return "admin/familia/create";
@@ -38,8 +41,9 @@ public class FamiliaController {
 
 
     @PostMapping("/familia/save")
-    public ResponseEntity<String> saveFamilia(Familia familia){
+    public ResponseEntity<String> saveFamilia(Familia familia,Authentication authentication){
         try{
+            checkUserRole(authentication);
             if(familiaService.findByName(familia.getNombre()) != null){
                 System.out.println("Este familia ya existe en la base de datos");
                 return new ResponseEntity<>("Este familia ya existe en la base de datos", HttpStatus.BAD_REQUEST);
@@ -55,12 +59,7 @@ public class FamiliaController {
 
     @GetMapping("/admin/familia/update/{id}")
     public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Familia familia = familiaService.findById(id);
         model.addAttribute("familia", familia);
         return "admin/familia/update";
@@ -68,8 +67,9 @@ public class FamiliaController {
 
 
     @PostMapping("/familia/update")
-    public ResponseEntity<String> updateFamilia(Familia familia){
+    public ResponseEntity<String> updateFamilia(Familia familia,Authentication authentication){
         try{
+            checkUserRole(authentication);
             familiaService.save(familia);
             return new ResponseEntity<>("La familia ha sido actualizado con exito", HttpStatus.OK);
         }catch (Exception e) {
@@ -80,13 +80,8 @@ public class FamiliaController {
 
     @GetMapping("/familia/delete/{id}")
     public ResponseEntity<String> deleteFamilia(@PathVariable Long id,Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
         try{
+            checkUserRole(authentication);
             familiaService.deleteById(id);
             return new ResponseEntity<>("La familia ha sido eliminado", HttpStatus.OK);
         }catch (Exception e){
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/OfertaController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/OfertaController.java
index ee35a4c..e1666bf 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/OfertaController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/OfertaController.java
@@ -35,14 +35,18 @@ public class OfertaController {
     @Autowired
     private CicloService cicloService;
 
-    @GetMapping("/admin/oferta/create")
-    public String showCreateForm(Model model, Authentication authentication) {
+    private void checkUserRole(Authentication authentication) {
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         boolean isAdmin = authorities.stream()
                 .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
         if (!isAdmin) {
             throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
         }
+    }
+
+    @GetMapping("/admin/oferta/create")
+    public String showCreateForm(Model model, Authentication authentication) {
+        checkUserRole(authentication);
         Oferta oferta = new Oferta();
         List<Ciclo> ciclos = cicloService.findAll();
         List<Skill> skills = skillService.findAll();
@@ -56,8 +60,10 @@ public class OfertaController {
 
 
     @PostMapping("/oferta/save")
-    public ResponseEntity<String> saveOferta(Oferta oferta, @RequestParam("ciclo") Long ciclo, @RequestParam("sucursal") Long sucursal, @RequestParam("skills") List<Long> skills){
+    public ResponseEntity<String> saveOferta(Oferta oferta, @RequestParam("ciclo") Long ciclo, @RequestParam("sucursal") Long sucursal, @RequestParam("skills") List<Long> skills,
+                                             Authentication authentication){
         try{
+            checkUserRole(authentication);
             Ciclo cicloEntity = cicloService.findById(ciclo);
             Sucursal sucursalEntity = sucursalService.findById(sucursal);
             Set<Skill> skillEntities = skillService.findAllByIds(skills);
@@ -80,12 +86,7 @@ public class OfertaController {
 
     @GetMapping("/admin/oferta/update/{id}")
     public String showUpdateForm(Model model, @PathVariable Long id, Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Oferta oferta = ofertaService.findById(id);
         List<Ciclo> ciclos = cicloService.findAll();
         List<Skill> skills = skillService.findAll();
@@ -99,8 +100,10 @@ public class OfertaController {
 
 
     @PostMapping("/oferta/update")
-    public ResponseEntity<String> updateOferta(Oferta oferta, @RequestParam("ciclo") Long ciclo, @RequestParam("sucursal") Long sucursal, @RequestParam("skills") List<Long> skills){
+    public ResponseEntity<String> updateOferta(Oferta oferta, @RequestParam("ciclo") Long ciclo, @RequestParam("sucursal") Long sucursal, @RequestParam("skills") List<Long> skills,
+                                               Authentication authentication){
         try{
+            checkUserRole(authentication);
             Ciclo cicloEntity = cicloService.findById(ciclo);
             Sucursal sucursalEntity = sucursalService.findById(sucursal);
             Set<Skill> skillEntities = skillService.findAllByIds(skills);
@@ -117,23 +120,12 @@ public class OfertaController {
 
     @GetMapping("/oferta/delete/{id}")
     public ResponseEntity<String> deleteOferta(@PathVariable Long id,Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
         try{
+            checkUserRole(authentication);
             ofertaService.deleteById(id);
             return new ResponseEntity<>("La oferta ha sido eliminada", HttpStatus.OK);
         }catch (Exception e){
             return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
         }
     }
-
-    @GetMapping("api/distinct-years")
-    @ResponseBody
-    public List<Integer> getDistinctYears() {
-        return ofertaService.findDistinctYears();
-    }
 }
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SectorController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SectorController.java
index 0834488..ce0f6a6 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SectorController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SectorController.java
@@ -28,6 +28,14 @@ public class SectorController {
     @Autowired
     private SectorService sectorService;
 
+    private void checkUserRole(Authentication authentication) {
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+        boolean isAdmin = authorities.stream()
+                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+        if (!isAdmin) {
+            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+        }
+    }
 
     @GetMapping("sector/{id}")
     public String getEmpressaBySector(@PathVariable Long id, Model model) {
@@ -39,12 +47,7 @@ public class SectorController {
 
     @GetMapping("/admin/sector/create")
     public String showCreateForm(Model model, Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Sector sectores = new Sector();
         model.addAttribute("sector", sectores);
         return "admin/sector/create";
@@ -52,8 +55,9 @@ public class SectorController {
 
 
     @PostMapping("/sector/save")
-    public ResponseEntity<String> saveSector(Sector sector){
+    public ResponseEntity<String> saveSector(Sector sector,Authentication authentication){
         try{
+            checkUserRole(authentication);
             if(sectorService.findByName(sector.getNombre()) != null){
                 System.out.println("Este sector ya existe en la base de datos");
                 return new ResponseEntity<>("Este sector ya existe en la base de datos", HttpStatus.BAD_REQUEST);
@@ -68,12 +72,7 @@ public class SectorController {
 
     @GetMapping("/admin/sector/update/{id}")
     public String showUpdateForm(Model model, @PathVariable Long id, Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Sector sector = sectorService.findById(id);
         model.addAttribute("sector", sector);
         return "admin/sector/update";
@@ -81,8 +80,9 @@ public class SectorController {
 
 
     @PostMapping("/sector/update")
-    public ResponseEntity<String> updateSector(Sector sector){
+    public ResponseEntity<String> updateSector(Sector sector, Authentication authentication){
         try{
+            checkUserRole(authentication);
             sectorService.save(sector);
             return new ResponseEntity<>("El sector ha sido actualizado", HttpStatus.OK);
         }catch (Exception e) {
@@ -93,13 +93,8 @@ public class SectorController {
 
     @GetMapping("/sector/delete/{id}")
     public ResponseEntity<String> deleteSector(@PathVariable Long id,Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
         try{
+            checkUserRole(authentication);
             sectorService.deleteById(id);
             return new ResponseEntity<>("El sector ha sido eliminado", HttpStatus.OK);
         }catch (Exception e){
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SkillController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SkillController.java
index 8aa57d0..4c14947 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SkillController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SkillController.java
@@ -21,15 +21,18 @@ public class SkillController {
     @Autowired
     private SkillService skillService;
 
-
-    @GetMapping("/admin/skill/create")
-    public String showCreateForm(Model model, Authentication authentication) {
+    private void checkUserRole(Authentication authentication) {
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         boolean isAdmin = authorities.stream()
                 .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
         if (!isAdmin) {
             throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
         }
+    }
+
+    @GetMapping("/admin/skill/create")
+    public String showCreateForm(Model model, Authentication authentication) {
+        checkUserRole(authentication);
         Skill skill = new Skill();
         model.addAttribute("skill", skill);
         return "admin/skill/create";
@@ -37,8 +40,9 @@ public class SkillController {
 
 
     @PostMapping("/skill/save")
-    public ResponseEntity<String> saveSkill(Skill skill){
+    public ResponseEntity<String> saveSkill(Skill skill,Authentication authentication){
         try{
+            checkUserRole(authentication);
             if(skillService.findByName(skill.getNombre()) != null){
                 return new ResponseEntity<>("Este skill ya existe en la base de datos", HttpStatus.BAD_REQUEST);
             }else {
@@ -53,12 +57,7 @@ public class SkillController {
 
     @GetMapping("/admin/skill/update/{id}")
     public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Skill skill = skillService.findById(id);
         model.addAttribute("skill", skill);
         return "admin/skill/update";
@@ -66,8 +65,9 @@ public class SkillController {
 
 
     @PostMapping("/skill/update")
-    public ResponseEntity<String> updateSkill(Skill skill){
+    public ResponseEntity<String> updateSkill(Skill skill, Authentication authentication){
         try{
+            checkUserRole(authentication);
             skillService.save(skill);
             return new ResponseEntity<>("El skill fue renovado", HttpStatus.OK);
         }catch (Exception e) {
@@ -78,13 +78,8 @@ public class SkillController {
 
     @GetMapping("/skill/delete/{id}")
     public ResponseEntity<String> deleteSkill(@PathVariable Long id,Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
         try{
+            checkUserRole(authentication);
             skillService.deleteById(id);
             return new ResponseEntity<>("Skill ha sido eliminada", HttpStatus.OK);
         }catch (Exception e){
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
index 95802dd..3343e00 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
@@ -32,14 +32,18 @@ public class SucursalController {
     @Autowired
     private EntityManager entityManager;
 
-    @GetMapping("/admin/sucursal/create")
-    public String showCreateForm(Model model, Authentication authentication) {
+    private void checkUserRole(Authentication authentication) {
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         boolean isAdmin = authorities.stream()
                 .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
         if (!isAdmin) {
             throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
         }
+    }
+
+    @GetMapping("/admin/sucursal/create")
+    public String showCreateForm(Model model, Authentication authentication) {
+        checkUserRole(authentication);
         Sucursal sucursal = new Sucursal();
         Empresa empresa = new Empresa();
         List<Empresa> empresas = empresaService.findAll();
@@ -51,8 +55,10 @@ public class SucursalController {
 
 
     @PostMapping("/sucursal/save")
-    public ResponseEntity<String> saveSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long empresaId, @RequestParam("sedeCentral") boolean sedeCentral){
+    public ResponseEntity<String> saveSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long empresaId, @RequestParam("sedeCentral") boolean sedeCentral,
+                                               Authentication authentication){
         try{
+            checkUserRole(authentication);
             Empresa existingEmpresa = empresaService.findById(empresaId);
             sucursal.setEmpresa(existingEmpresa);
             sucursal.setSedeCentral(sedeCentral);
@@ -78,12 +84,7 @@ public class SucursalController {
 
     @GetMapping("/admin/sucursal/update/{id}")
     public String showUpdateForm(Model model, @PathVariable Long id,Authentication authentication) {
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
+        checkUserRole(authentication);
         Sucursal sucursal = sucursalService.findById(id);
         Empresa empresa = new Empresa();
         List<Empresa> empresas = empresaService.findAll();
@@ -96,8 +97,10 @@ public class SucursalController {
 
 
     @PostMapping("/sucursal/update")
-    public ResponseEntity<String> updateSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long empresaId, @RequestParam("sedeCentral") boolean sedeCentral){
+    public ResponseEntity<String> updateSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long empresaId, @RequestParam("sedeCentral") boolean sedeCentral,
+                                                 Authentication authentication){
         try{
+            checkUserRole(authentication);
             entityManager.detach(sucursal);
             Empresa existingEmpresa = empresaService.findById(empresaId);
             sucursal.setEmpresa(existingEmpresa);
@@ -128,14 +131,8 @@ public class SucursalController {
 
     @GetMapping("/sucursal/delete/{id}")
     public ResponseEntity<String> deleteSucursal(@PathVariable Long id,Authentication authentication){
-        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
-        boolean isAdmin = authorities.stream()
-                .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
-        if (!isAdmin) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
-        }
-//        System.out.println("Attempting to delete Sucursal with ID: " + id);
         try{
+            checkUserRole(authentication);
             sucursalService.deleteById(id);
             return new ResponseEntity<>("Sucursal borrada con exito", HttpStatus.OK);
         }catch (Exception e){