diff --git a/src/routes/enfants/enfants.controller.ts b/src/routes/enfants/enfants.controller.ts
index 75799a5..c76dcd5 100644
--- a/src/routes/enfants/enfants.controller.ts
+++ b/src/routes/enfants/enfants.controller.ts
@@ -13,40 +13,56 @@ import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
 import { EnfantsService } from './enfants.service';
 import { CreateEnfantsDto } from './dto/create_enfants.dto';
 import { UpdateEnfantsDto } from './dto/update_enfants.dto';
-import { Users } from 'src/entities/users.entity';
+import { RoleType, Users } from 'src/entities/users.entity';
 import { User } from 'src/common/decorators/user.decorator';
 import { AuthGuard } from 'src/common/guards/auth.guard';
+import { Roles } from 'src/common/decorators/roles.decorator';
+import { RolesGuard } from 'src/common/guards/roles.guard';
 
 @ApiBearerAuth('access-token')
 @ApiTags('Enfants')
-@UseGuards(AuthGuard)
+@UseGuards(AuthGuard, RolesGuard)
 @Controller('enfants')
 export class EnfantsController {
-  constructor(private readonly enfantsService: EnfantsService) {}
+  constructor(private readonly enfantsService: EnfantsService) { }
 
+  @Roles(RoleType.PARENT)
   @Post()
   create(@Body() dto: CreateEnfantsDto, @User() currentUser: Users) {
     return this.enfantsService.create(dto, currentUser);
   }
 
+  @Roles(RoleType.ADMINISTRATEUR, RoleType.GESTIONNAIRE, RoleType.SUPER_ADMIN)
   @Get()
   findAll() {
     return this.enfantsService.findAll();
   }
 
+  @Roles(
+    RoleType.PARENT,
+    RoleType.ADMINISTRATEUR,
+    RoleType.SUPER_ADMIN,
+    RoleType.GESTIONNAIRE
+  )
   @Get(':id')
-  findOne(@Param('id', new ParseUUIDPipe()) id: string) {
-    return this.enfantsService.findOne(id);
+  findOne(
+    @Param('id', new ParseUUIDPipe()) id: string,
+    @User() currentUser: Users
+  ) {
+    return this.enfantsService.findOne(id, currentUser);
   }
 
+  @Roles(RoleType.ADMINISTRATEUR, RoleType.SUPER_ADMIN, RoleType.PARENT)
   @Patch(':id')
   update(
     @Param('id', new ParseUUIDPipe()) id: string,
     @Body() dto: UpdateEnfantsDto,
+    @User() currentUser: Users,
   ) {
-    return this.enfantsService.update(id, dto);
+    return this.enfantsService.update(id, dto, currentUser);
   }
 
+  @Roles(RoleType.SUPER_ADMIN)
   @Delete(':id')
   remove(@Param('id', new ParseUUIDPipe()) id: string) {
     return this.enfantsService.remove(id);
diff --git a/src/routes/enfants/enfants.service.ts b/src/routes/enfants/enfants.service.ts
index fbb31b2..952f2b1 100644
--- a/src/routes/enfants/enfants.service.ts
+++ b/src/routes/enfants/enfants.service.ts
@@ -1,6 +1,7 @@
 import {
   BadRequestException,
   ConflictException,
+  ForbiddenException,
   Injectable,
   NotFoundException,
 } from '@nestjs/common';
@@ -9,7 +10,7 @@ import { Repository } from 'typeorm';
 import { Children, StatutEnfantType } from 'src/entities/children.entity';
 import { Parents } from 'src/entities/parents.entity';
 import { ParentsChildren } from 'src/entities/parents_children.entity';
-import { Users } from 'src/entities/users.entity';
+import { RoleType, Users } from 'src/entities/users.entity';
 import { CreateEnfantsDto } from './dto/create_enfants.dto';
 
 @Injectable()
@@ -21,7 +22,7 @@ export class EnfantsService {
     private readonly parentsRepository: Repository<Parents>,
     @InjectRepository(ParentsChildren)
     private readonly parentsChildrenRepository: Repository<ParentsChildren>,
-  ) {}
+  ) { }
 
   // Création d’un enfant
   async create(dto: CreateEnfantsDto, currentUser: Users): Promise<Children> {
@@ -56,7 +57,7 @@ export class EnfantsService {
     });
     await this.parentsChildrenRepository.save(parentLink);
 
-    return this.findOne(child.id);
+    return this.findOne(child.id, currentUser);
   }
 
   // Liste des enfants
@@ -68,22 +69,41 @@ export class EnfantsService {
   }
 
   // Récupérer un enfant par id
-  async findOne(id: string): Promise<Children> {
+  async findOne(id: string, currentUser: Users): Promise<Children> {
     const child = await this.childrenRepository.findOne({
       where: { id },
       relations: ['parentLinks'],
     });
     if (!child) throw new NotFoundException('Enfant introuvable');
+
+    switch (currentUser.role) {
+      case RoleType.PARENT:
+        if (!child.parentLinks.some(link => link.parentId === currentUser.id)) {
+          throw new ForbiddenException('Cet enfant ne vous appartient pas');
+        }
+        break;
+
+      case RoleType.ADMINISTRATEUR:
+      case RoleType.SUPER_ADMIN:
+      case RoleType.GESTIONNAIRE:
+        // accès complet
+        break;
+
+      default:
+        throw new ForbiddenException('Accès interdit');
+    }
+
     return child;
   }
 
+
   // Mise à jour
-  async update(id: string, dto: Partial<CreateEnfantsDto>): Promise<Children> {
+  async update(id: string, dto: Partial<CreateEnfantsDto>, currentUser: Users): Promise<Children> {
     const child = await this.childrenRepository.findOne({ where: { id } });
     if (!child) throw new NotFoundException('Enfant introuvable');
 
     await this.childrenRepository.update(id, dto);
-    return this.findOne(id);
+    return this.findOne(id, currentUser);
   }
 
   // Suppression