diff --git a/src/clj/auto_ap/graphql.clj b/src/clj/auto_ap/graphql.clj
index 94d7882f..a542e1bd 100644
--- a/src/clj/auto_ap/graphql.clj
+++ b/src/clj/auto_ap/graphql.clj
@@ -288,9 +288,14 @@
       (map company-cache (:companies value))
       (map companies/get-by-id (:companies value)))))
 
+(defn can-see-company? [identity company]
+  (or (= "admin" (:role identity))
+      ((set (:companies identity)) (:id company))))
+
 (defn get-company [context args value]
   (->graphql
-   (companies/get-all)))
+   (filter #(can-see-company? (:identity context) %)
+           (companies/get-all))))
 
 (defn join-companies [users]
   (let [companies (by :id (companies/get-all))]
@@ -365,7 +370,8 @@
     m))
                  
 (defn query
-  ([q]
-   (simplify (execute schema q nil nil)))
-  ([q v]
-   (simplify (execute schema q v nil))))
+  ([id q]
+   (query id q nil ))
+  ([id q v]
+   (println id q v)
+   (simplify (execute schema q v {:identity id}))))
diff --git a/src/clj/auto_ap/routes/companies.clj b/src/clj/auto_ap/routes/companies.clj
index 6f56fdd6..866b4130 100644
--- a/src/clj/auto_ap/routes/companies.clj
+++ b/src/clj/auto_ap/routes/companies.clj
@@ -9,7 +9,7 @@
 (defroutes routes
   (wrap-routes
    (context "/companies" []
-            (GET "/" []
+            (GET "/" r 
                  {:status 200
                   :body (pr-str (companies/get-all))
                   :headers {"Content-Type" "application/edn"}})
diff --git a/src/clj/auto_ap/routes/graphql.clj b/src/clj/auto_ap/routes/graphql.clj
index f8f9acd2..66f72ded 100644
--- a/src/clj/auto_ap/routes/graphql.clj
+++ b/src/clj/auto_ap/routes/graphql.clj
@@ -11,11 +11,11 @@
 (defroutes routes
   (wrap-routes
    (context "/graphql" []
-            (GET "/" {:keys [query-params]}
+            (GET "/" {:keys [query-params] :as r}
+
                  (let [variables (some-> (query-params "variables")
                                          edn/read-string)]
-                   (println variables)
                    {:status 200
-                    :body (pr-str (ql/query (query-params "query") variables))
+                    :body (pr-str (ql/query (:identity r) (query-params "query") variables ))
                     :headers {"Content-Type" "application/edn"}})))
    wrap-secure))
diff --git a/src/cljs/auto_ap/subs.cljs b/src/cljs/auto_ap/subs.cljs
index dc051214..0e4b627e 100644
--- a/src/cljs/auto_ap/subs.cljs
+++ b/src/cljs/auto_ap/subs.cljs
@@ -50,8 +50,7 @@
  ::user
  (fn [db]
    (when (:user db)
-     (let [{:strs [name] :as x} (js->clj (.parse js/JSON (base64/decodeString (second (str/split (:user db) #"\.")))))]
-       {:name name}))))
+     (js->clj (.parse js/JSON (base64/decodeString (second (str/split (:user db) #"\.")))) :keywordize-keys true))))
 
 (re-frame/reg-sub
  ::active-page
diff --git a/src/cljs/auto_ap/views/main.cljs b/src/cljs/auto_ap/views/main.cljs
index c1cf540b..6f29ecf3 100644
--- a/src/cljs/auto_ap/views/main.cljs
+++ b/src/cljs/auto_ap/views/main.cljs
@@ -13,18 +13,18 @@
   ({:login :blank
     :check :blank
     :needs-activation :blank
-     :index :left-panel
-     :invoices :left-panel
-     :import-invoices :left-panel
-     :unpaid-invoices :left-panel
-     :paid-invoices :left-panel
+    :index :left-panel
+    :invoices :left-panel
+    :import-invoices :left-panel
+    :unpaid-invoices :left-panel
+    :paid-invoices :left-panel
     :admin :admin-left-panel
     :admin-companies :admin-left-panel
     :admin-users :admin-left-panel
     :admin-excel-import :admin-left-panel
     :admin-vendors :admin-left-panel
     :admin-reminders :admin-left-panel
-     :new-invoice :blank} page :blank))
+    :new-invoice :blank} page :blank))
 
 (defn login-dropdown []
   (let [user (re-frame/subscribe [::subs/user])
@@ -36,8 +36,9 @@
          [:a {:class "navbar-link login" :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} (:name @user)]
          [:div {:class "navbar-dropdown"}
           [:a {:class "navbar-item"} "My profile"]
-          [:a {:class "navbar-item" :href (bidi/path-for routes/routes :admin)
-               :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} "Administration"]
+          (when (= "admin" (:role @user))
+            [:a {:class "navbar-item" :href (bidi/path-for routes/routes :admin)
+                 :on-click (fn [e] (re-frame/dispatch [::events/toggle-menu :account]))} "Administration"])
           [:hr {:class "navbar-divider"}]
           [:a.navbar-item {:on-click (fn [e] (.preventDefault e) (re-frame/dispatch [::events/logout]))} "Logout"]]]
         [:a.navbar-item {:href login-url} "Login"])]]))
@@ -169,7 +170,7 @@
 
         [:p.menu-label "Accounts Payable"]
         [:ul.menu-list
-         [:li.menu-item
+         #_[:li.menu-item
           [:a {:href (bidi/path-for routes/routes :import-invoices) , :class (str "item" (active-when= ap :import-invoices))}
            [:span {:class "icon"}
             [:i {:class "fa fa-star-o"}]]
diff --git a/src/cljs/auto_ap/views/pages/index.cljs b/src/cljs/auto_ap/views/pages/index.cljs
index 1b44f288..8f2b4939 100644
--- a/src/cljs/auto_ap/views/pages/index.cljs
+++ b/src/cljs/auto_ap/views/pages/index.cljs
@@ -4,6 +4,4 @@
 
 (defn index-page []
   [:div
-   [:h1.title "Dashboard"]
-   [:h2.subtitle "To get started, "
-    [:a {:href (bidi/path-for routes/routes :import-invoices)} "Import some invoices"]]])
+   [:h1.title "Dashboard"]])