diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index ac1e0c8..da232a7 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -4,9 +4,19 @@ class SessionsController < ApplicationController
 
   def create
     @user = User.find_by(email: params[:email])
-    if @user && @user.authenticate(params[:password])
-      session[:user_id] = @user.id
+    unless @user
+      redirect_to '/welcome', notice: 'Wrong email address'
+      return
     end
+    unless @user.authenticate(params[:password])
+      redirect_to '/welcome', notice: 'Wrong password'
+      return
+    end
+    if @user.blocked?
+      redirect_to '/welcome', notice: 'You are blocked, please contact support'
+      return
+    end
+    session[:user_id] = @user.id
     redirect_to '/welcome'
   end
 
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index ec02862..841daa0 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,5 @@
 class UsersController < ApplicationController
-  before_action :ensure_admin, only: [:destroy]
+  before_action :ensure_admin, only: [:destroy, :block]
 
   def index
     @users = User.all
@@ -56,4 +56,9 @@ class UsersController < ApplicationController
     User.destroy(params[:id])
     redirect_to '/users'
   end
+
+  def block
+    User.find(params[:id]).update(status: :blocked)
+    redirect_to '/users'
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 9731bb0..a4f75f3 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -2,9 +2,11 @@ class User < ApplicationRecord
   has_secure_password
   has_secure_password :recovery_password, validations: false
   enum role: [:customer, :admin], _default: :customer
+  enum status: [:ready, :blocked], _default: :ready
 
   validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
   validates :role, presence: true
+  validates :status, presence: true
   validates :password, {
     presence: true,
     length: { minimum: 8 },
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index bd6b704..bc5ecb1 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -4,12 +4,18 @@
       <div class='col s3'>
         <%= user.email %>
       </div>
-      <div class='col s3'>
+      <div class='col s2'>
         <%= user.role %>
       </div>
-      <div class='col s3'>
+      <div class='col s2'>
+        <%= user.status %>
+      </div>
+      <div class='col s2'>
         <%= link_to 'Delete', user, method: :delete, class: "btn" %>
       </div>
+      <div class='col s2'>
+        <%= link_to 'Block', "/user/#{user.id}/block", method: :post, class: "btn" %>
+      </div>
     </div>
   <% end %>
 </div>
diff --git a/config/routes.rb b/config/routes.rb
index 6f791c6..e9d2b49 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -8,6 +8,7 @@ Rails.application.routes.draw do
   post 'password_recovery_request', to: 'users#password_recovery_request'
   get 'recover_password/:id/:recovery_password', to: 'users#recover_password_form'
   post 'recover_password', to: 'users#recover_password'
+  post 'user/:id/block', to: 'users#block'
   resources :books
   resources :authors
 end
diff --git a/db/migrate/20210321213901_add_status_to_users.rb b/db/migrate/20210321213901_add_status_to_users.rb
new file mode 100644
index 0000000..d0de06d
--- /dev/null
+++ b/db/migrate/20210321213901_add_status_to_users.rb
@@ -0,0 +1,5 @@
+class AddStatusToUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :users, :status, :integer
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index fb945c3..4a38152 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2021_03_21_135711) do
+ActiveRecord::Schema.define(version: 2021_03_21_213901) do
 
   create_table "authors", force: :cascade do |t|
     t.string "first_name"
@@ -45,6 +45,7 @@ ActiveRecord::Schema.define(version: 2021_03_21_135711) do
     t.datetime "updated_at", precision: 6, null: false
     t.string "recovery_password_digest"
     t.integer "role"
+    t.integer "status"
   end
 
 end
diff --git a/db/seeds.rb b/db/seeds.rb
index 74e1732..5f2ae2a 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -40,16 +40,19 @@ User.create([
   {
     email: 'abc@o2.pl',
     password: 'aaaaaaaa',
-    role: :admin
+    role: :admin,
+    status: :ready
   },
   {
     email: 'abcd@o2.pl',
     password: 'aaaaaaaa',
-    role: :customer
+    role: :customer,
+    status: :ready
   },
   {
     email: 'abcde@o2.pl',
     password: 'aaaaaaaa',
-    role: :customer
+    role: :customer,
+    status: :ready
   },
 ])
\ No newline at end of file
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 5a5c41d..63d46bf 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -5,7 +5,7 @@ RSpec.describe UsersController do
     User.destroy_all
   end
   let(:user1) do
-    User.create(email: 'test1@example.com', password: 'abcde', recovery_password: 'recovery password')
+    User.create(email: 'test1@example.com', password: 'abcdefgh', recovery_password: 'recovery password')
   end
   describe 'get new' do
     subject { get :new }
@@ -15,7 +15,7 @@ RSpec.describe UsersController do
   end
   describe 'get create' do
     subject do
-      get :create, params: {user: {email: 'test2@example.com', password: 'abcde'}}
+      get :create, params: {user: {email: 'test2@example.com', password: 'abcdefgh'}}
     end
     it 'creates a user' do
       subject