Require admin role for admin endpoints

2026-06-03 14:46:29 +01:00
parent 102e906b36
commit a72ee91bd4
1 changed files with 1 additions and 1 deletions
@@ -23,7 +23,7 @@ public class SecurityConfig {
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/auth/**").permitAll()
                        .requestMatchers("/debug/**").permitAll()
-                        .requestMatchers("/admin/**").permitAll()
+                        .requestMatchers("/admin/**").hasRole("ADMIN")
                        .requestMatchers("/api/backend/**").authenticated()
                        .anyRequest().permitAll()
                )