I added a controllers for CRUD operations on Book and Review objects. They use JWT to authenticate and authorize the user and ensure that non-admin users can only operate on their own data.