diff --git a/back_latienda/settings/development.py b/back_latienda/settings/development.py
index 151c75d..3620034 100644
--- a/back_latienda/settings/development.py
+++ b/back_latienda/settings/development.py
@@ -21,7 +21,7 @@ DATABASES = {
     },
 }
 
-MEDIA_ROOT = BASE_DIR + '/media/'
+MEDIA_ROOT = BASE_DIR + '/../media/'
 MEDIA_URL = '/media/'
 
 # JWT SETTINGS
diff --git a/back_latienda/urls.py b/back_latienda/urls.py
index a7acd16..2f63fdb 100644
--- a/back_latienda/urls.py
+++ b/back_latienda/urls.py
@@ -18,7 +18,7 @@ from django.urls import path, include
 from django.conf.urls.static import static
 from django.conf import settings
 
-from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView, TokenVerifyView
+from rest_framework_simplejwt.views import TokenRefreshView, TokenVerifyView
 
 from core import views as core_views
 from products import views as product_views
@@ -28,11 +28,10 @@ from .routers import router
 
 urlpatterns = [
     path('admin/', admin.site.urls),
-    path('api/v1/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
+    path('api/v1/token/', core_views.CustomTokenObtainPairView.as_view(), name='token_obtain_pair'),
     path('api/v1/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path('api/v1/token/verify/', TokenVerifyView.as_view(), name='token_verify'),
     path('api/v1/user/change_password/<int:pk>/', core_views.ChangeUserPasswordView.as_view(), name="change-password"),
-    path('api/v1/user/update/<int:pk>/', core_views.UpdateUserView.as_view(), name="update-user"),
     path('api/v1/load_coops/', core_views.load_coop_managers, name='coop-loader'),
     path('api/v1/load_products/', product_views.load_coop_products, name='product-loader'),
     path('api/v1/search_products/', product_views.product_search, name='product-search'),
diff --git a/core/models.py b/core/models.py
index 6f4da0b..7afba16 100644
--- a/core/models.py
+++ b/core/models.py
@@ -49,7 +49,7 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
 
     email = models.EmailField('Dirección de email', unique=True)
     full_name = models.CharField('Nombre completo', max_length=100, blank=True)
-    role = models.CharField('Rol', choices=ROLES, default=SHOP_USER, max_length=100, blank=True, null=True)
+    role = models.CharField('Rol', choices=ROLES, default=SHOP_USER, max_length=100)
     notify = models.BooleanField('Notificar', default=False, null=True)
     provider = models.CharField('Proveedor', max_length=1000, blank=True, null=True) # red social de registro
     email_verified = models.BooleanField('Email verificado', default=False, null=True)
diff --git a/core/serializers.py b/core/serializers.py
index c60a2ab..5f82e1c 100644
--- a/core/serializers.py
+++ b/core/serializers.py
@@ -1,27 +1,43 @@
+from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
 from rest_framework import serializers
 
 from . import models
 
 
+class CustomTokenObtainPairSerializer(TokenObtainPairSerializer):
+    def validate(self, attrs):
+        # The default result (access/refresh tokens)
+        data = super(CustomTokenObtainPairSerializer, self).validate(attrs)
+
+        # Add extra responses here
+        data['user'] = {}
+        data['user']['id'] = self.user.id
+        data['user']['email'] = self.user.email
+        data['user']['role'] = self.user.role
+        return data
+
+
 class CustomUserSerializer(serializers.ModelSerializer):
-
+    password = serializers.CharField(write_only=True, required=True, style={'input_type': 'password'})
     class Meta:
         model = models.CustomUser
-        fields = ('email', 'full_name', 'role', 'is_active')
-
-
-class CustomUserReadSerializer(serializers.ModelSerializer):
+        fields = ('id', 'email', 'full_name', 'role', 'password', 'is_active', 'notify')
 
+class CustomUserAdminSerializer(serializers.ModelSerializer):
+    password = serializers.CharField(write_only=True, required=False, style={'input_type': 'password'})
     class Meta:
         model = models.CustomUser
-        fields = ('id', 'email', 'full_name', 'role', 'is_active', 'provider', 'notify')
+        fields = ('id', 'email', 'full_name', 'role', 'password', 'is_active', 'notify')
 
+    def update(self, instance, validated_data):
+        for key, value in validated_data.items():
+            instance.__dict__[key] = value
+        if 'password' in validated_data:
+            instance.set_password(validated_data['password'])
+        instance.save()
 
-class CustomUserWriteSerializer(serializers.ModelSerializer):
+        return instance
 
-    class Meta:
-        model = models.CustomUser
-        fields = ('email', 'full_name', 'role', 'password', 'provider')
 
 class CreatorSerializer(serializers.ModelSerializer):
 
diff --git a/core/views.py b/core/views.py
index b54d267..c79ce18 100644
--- a/core/views.py
+++ b/core/views.py
@@ -15,6 +15,7 @@ from rest_framework.response import Response
 from rest_framework.permissions import IsAdminUser, IsAuthenticated
 from rest_framework.generics import UpdateAPIView
 from rest_framework.decorators import api_view, permission_classes
+from rest_framework_simplejwt.views import TokenObtainPairView
 
 from companies.models import Company
 from history.models import HistorySync
@@ -37,22 +38,38 @@ logging.basicConfig(
     )
 
 
+
+
+class CustomTokenObtainPairView(TokenObtainPairView):
+    serializer_class = core_serializers.CustomTokenObtainPairSerializer
+
+
 class CustomUserViewSet(viewsets.ModelViewSet):
 
     model = models.CustomUser
-    # serializer_class = core_serializers.CustomUserSerializer
-    serializer_class = core_serializers.CustomUserReadSerializer
-    write_serializer_class = core_serializers.CustomUserWriteSerializer
     model_name = 'custom_user'
     queryset = models.CustomUser.objects.all()
     permission_classes = [CustomUserPermissions,]
 
+    def get_serializer_class(self):
+        if self.action == 'update' and self.request.user.is_staff is False:
+            return core_serializers.UpdateUserSerializer
+        elif self.request.user.is_staff is True:
+            return core_serializers.CustomUserAdminSerializer
+        return core_serializers.CustomUserSerializer
+
+    def get_permissions(self):
+        if self.action in ['retrieve', 'update', 'partial_update', 'destroy'] and self.request.user.is_anonymous is False:
+            return [YourOwnUserPermissions(), ]        
+        return super(CustomUserViewSet, self).get_permissions()
+
     def create(self, request):
         """
         Create Instance
         """
+        serializer_class = self.get_serializer_class()
         try:
-            serializer = self.write_serializer_class(
+            serializer = serializer_class(
                 data=request.data,
             )
             if serializer.is_valid():
@@ -62,7 +79,7 @@ class CustomUserViewSet(viewsets.ModelViewSet):
                 instance.set_password(password)
                 instance.save()
 
-                return Response(self.serializer_class(
+                return Response(serializer_class(
                     instance, many=False, context={'request': request}).data,
                                 status=status.HTTP_201_CREATED)
             else:
diff --git a/requirements.txt b/requirements.txt
index b13037e..9ed18b0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,3 +10,4 @@ django-cors-headers==3.5.0
 django-taggit-serializer==0.1.7
 django-tagulous==1.1.0
 Pillow==8.1.0
+requests==2.25.1