diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 3651cbe..e642423 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -1,5 +1,5 @@
 class UserPolicy < ApplicationPolicy
-  def index
+  def index?
     user.admin?
   end
 
diff --git a/spec/factories/contests.rb b/spec/factories/contests.rb
new file mode 100644
index 0000000..6070d05
--- /dev/null
+++ b/spec/factories/contests.rb
@@ -0,0 +1,5 @@
+FactoryBot.define do
+  factory :contest do
+    name { Faker::Company.unique.name }
+  end
+end
diff --git a/spec/factories/users.rb b/spec/factories/users.rb
index 11b8127..fc36e24 100644
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -1,7 +1,11 @@
 FactoryBot.define do
   factory :user do
-    username { Faker::Internet.username }
-    email_address { Faker::Internet.email }
-    password { Faker::Internet.password(min_length: 12, max_length: 18) }
+    username { Faker::Internet.unique.username }
+    email_address { Faker::Internet.unique.email }
+    password { Faker::Internet.unique.password(min_length: 12, max_length: 18) }
+  end
+
+  trait :admin do
+    admin { true }
   end
 end
diff --git a/spec/features/contest_spec.rb b/spec/features/contest_spec.rb
index 27fa079..c2b39b2 100644
--- a/spec/features/contest_spec.rb
+++ b/spec/features/contest_spec.rb
@@ -5,10 +5,7 @@ RSpec.feature "Contests", type: :feature do
     let!(:user) { create(:user) }
 
     before do
-      visit '/'
-      fill_in "Email address", with: user.email_address
-      fill_in "Password", with: user.password
-      click_button "Sign in"
+      login(user)
     end
 
     it "should display the username" do
diff --git a/spec/features/login_spec.rb b/spec/features/login_spec.rb
new file mode 100644
index 0000000..682da7f
--- /dev/null
+++ b/spec/features/login_spec.rb
@@ -0,0 +1,34 @@
+require 'rails_helper'
+
+RSpec.feature "Login", type: :feature do
+  context "visiting the login page" do
+    let!(:user) { create(:user) }
+
+    it "should log in the user with the correct credentials" do
+      visit '/'
+      fill_in "Email address", with: user.email_address
+      fill_in "Password", with: user.password
+      click_button "Sign in"
+
+      expect(page).not_to have_content("Login")
+    end
+
+    it "should fail to log in the user with an incorrect email address" do
+      visit '/'
+      fill_in "Email address", with: Faker::Internet.unique.email
+      fill_in "Password", with: user.password
+      click_button "Sign in"
+
+      expect(page).to have_content("Login")
+    end
+
+    it "should fail to log in the user with an incorrect password" do
+      visit '/'
+      fill_in "Email address", with: user.email_address
+      fill_in "Password", with: Faker::Internet.unique.password
+      click_button "Sign in"
+
+      expect(page).to have_content("Login")
+    end
+  end
+end
diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb
new file mode 100644
index 0000000..274ed9e
--- /dev/null
+++ b/spec/features/user_spec.rb
@@ -0,0 +1,63 @@
+require 'rails_helper'
+
+RSpec.feature "Users", type: :feature do
+  context "when the user is a regular user" do
+    let!(:user) { create(:user) }
+    let!(:contest) { create(:contest, user: user) }
+
+    before do
+      login(user)
+    end
+
+    it "should not see a link to all users" do
+      visit root_path
+
+      expect(page).not_to have_content("Users")
+    end
+
+    it "should not be able to see the user list" do
+      visit users_path
+
+      expect(page).not_to have_content("All users")
+    end
+
+    it "should be able to create a new contest" do
+      visit root_path
+
+      click_link "Create a new contest"
+
+      expect(page).to have_content("New jigsaw puzzle competition")
+    end
+
+    it "should be able to open an existing contest" do
+      visit root_path
+
+      expect(page).to have_content(contest.name)
+      find("div.card", text: contest.name).find("a").click()
+
+      expect(page).to have_content("Edit contest")
+    end
+  end
+
+  context "when the user is an admin" do
+    let!(:admin) { create(:user, :admin) }
+    let!(:user) { create(:user) }
+
+    before do
+      login(admin)
+    end
+
+    it "should see a link to all users" do
+      visit root_path
+
+      expect(page).to have_content("Users")
+    end
+
+    it "should be able to see the user list" do
+      visit users_path
+
+      expect(page).to have_content("All users")
+      expect(page).to have_content(user.username)
+    end
+  end
+end
diff --git a/spec/support/helpers.rb b/spec/support/helpers.rb
new file mode 100644
index 0000000..91f59cc
--- /dev/null
+++ b/spec/support/helpers.rb
@@ -0,0 +1,12 @@
+module Helpers
+  def login(user)
+    visit '/'
+    fill_in "Email address", with: user.email_address
+    fill_in "Password", with: user.password
+    click_button "Sign in"
+  end
+end
+
+RSpec.configure do |c|
+  c.include Helpers
+end