diff --git a/api/controllers/user.controller.js b/api/controllers/user.controller.js
index 36bb90af..906f16a2 100644
--- a/api/controllers/user.controller.js
+++ b/api/controllers/user.controller.js
@@ -1,6 +1,27 @@
 import User from "../models/user.model.js";
 import createError from "../utils/createError.js";
 
+export const updateUser = async(req, res, next) => {
+    const user = await User.findById(req.params.id);
+  
+   if (req.userId !== user._id.toString()) {
+    return next(createError(401, "You can update only your account!"));
+  }
+    
+  if (req.body.password) {
+        req.body.password = await bcryptjs.hash(req.body.password, 10);
+    }
+  try {
+        const updatedUser = await User.findByIdAndUpdate(req.params.id, {
+            $set: req.body
+        }, { new: true });
+        res.status(200).json(updatedUser);
+
+    } catch (error) {
+        next(error);
+    }
+}
+
 export const deleteUser = async (req, res, next) => {
   const user = await User.findById(req.params.id);