From a72ee91bd48f9b7c4e988f64f341fbede0817c50 Mon Sep 17 00:00:00 2001
From: litoral05 <tiagolitoral05@gmail.com>
Date: Wed, 3 Jun 2026 14:46:29 +0100
Subject: [PATCH] Require admin role for admin endpoints

---
 .../com/litoralregas/backend_gateway/config/SecurityConfig.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/litoralregas/backend_gateway/config/SecurityConfig.java b/src/main/java/com/litoralregas/backend_gateway/config/SecurityConfig.java
index d82be91..766b0a3 100644
--- a/src/main/java/com/litoralregas/backend_gateway/config/SecurityConfig.java
+++ b/src/main/java/com/litoralregas/backend_gateway/config/SecurityConfig.java
@@ -23,7 +23,7 @@ public class SecurityConfig {
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/auth/**").permitAll()
                         .requestMatchers("/debug/**").permitAll()
-                        .requestMatchers("/admin/**").permitAll()
+                        .requestMatchers("/admin/**").hasRole("ADMIN")
                         .requestMatchers("/api/backend/**").authenticated()
                         .anyRequest().permitAll()
                 )