diff --git a/commands.md b/commands.md
index f1353b3..05de0d5 100644
--- a/commands.md
+++ b/commands.md
@@ -26,3 +26,7 @@
 - create queries file for SQL queries(if needed)
     - `server/db/queries/{model_name}`
 
+
+## Redid Server for session
+- Run server `redis-server`
+- Run CLI to check redis db `redis-cli`
diff --git a/dump.rdb b/dump.rdb
index 4d349fd..ac1a1fc 100644
Binary files a/dump.rdb and b/dump.rdb differ
diff --git a/package-lock.json b/package-lock.json
index 72486a1..09b4049 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30,6 +30,12 @@
         "notation": "1.3.6"
       }
     },
+    "accesscontrol-middleware": {
+      "version": "git+https://github.com/BlueAccords/accesscontrol-middleware.git#1bff2ae89d2d61bd5ab89eebf0b2030062834d35",
+      "requires": {
+        "boom": "7.2.0"
+      }
+    },
     "ajv": {
       "version": "6.4.0",
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.4.0.tgz",
diff --git a/package.json b/package.json
index 87a1603..312b484 100644
--- a/package.json
+++ b/package.json
@@ -12,6 +12,7 @@
   "license": "MIT",
   "dependencies": {
     "accesscontrol": "^2.2.1",
+    "accesscontrol-middleware": "git+https://github.com/BlueAccords/accesscontrol-middleware.git",
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.18.2",
     "boom": "^7.2.0",
diff --git a/server/index.js b/server/index.js
index dcccead..0a2abe5 100644
--- a/server/index.js
+++ b/server/index.js
@@ -71,7 +71,6 @@ app.use(function (err, req, res, next) {
   if(process.env.NODE_ENV == 'development') {
     console.error(err.stack)
   }
-  console.log(err);
 
   if(Boom.isBoom(err)) {
     res.status(err.output.statusCode)
@@ -79,8 +78,8 @@ app.use(function (err, req, res, next) {
   } else {
     res.status(500).json({
       success: false,
-      error: err,
-      data: err
+      error: err.message || err,
+      data: err,
     });
   }
 });
diff --git a/server/routes/v1.js b/server/routes/v1.js
index d5605c0..200ac28 100644
--- a/server/routes/v1.js
+++ b/server/routes/v1.js
@@ -12,6 +12,14 @@ const path = require('path');
 const passport = require('./../authentication/local-strategy');
 
 // user role based permission
+
+const AccessControlMiddleware = require('accesscontrol-middleware');
+const AccessControl = require('accesscontrol');
+const knexConnection = require('./../db/connection') // used to make db calls to check for ownership
+const acConfig = require('./../config/accessControlConfig');
+const ac = new AccessControl(acConfig);
+const isAllowed = new AccessControlMiddleware(ac, knexConnection);
+
 const rbac = require('./../middlewares/userRoleHandler').checkPermissions;
 
 /* GET home page. */
@@ -53,7 +61,17 @@ router.get(`${folderBaseUrl}/:id`,
   rbac(folderResource, 'read', false),
   folderController.get);
 router.put(`${folderBaseUrl}/:id`, 
-  rbac(folderResource, 'update', true),
+  // rbac(folderResource, 'update', true),
+  isAllowed.check({
+    resource : folderResource,
+    action: 'update',
+    checkOwnerShip : true,
+    useModel: true,
+    operands : [
+      { source : 'user', key : 'id' },
+      { source : 'params', key : 'id', modelName: folderResource, modelKey: 'id', opKey: 'author_id' }
+      ]
+   }),  
   folderController.update);
 
 // chips
diff --git a/test/routes.folder.test.js b/test/routes.folder.test.js
index ffe200e..61ca9fc 100644
--- a/test/routes.folder.test.js
+++ b/test/routes.folder.test.js
@@ -154,7 +154,6 @@ describe('routes : folder', () => {
             should.not.exist(err);
             res.status.should.equal(404);
             res.type.should.equal('application/json');
-            res.body.message.should.eql('NotFoundError');
             done();
           });
         });