From 216937c6ad1f9b4d358eb4f7fc7d7bcf383a4622 Mon Sep 17 00:00:00 2001
From: Henry <penry.tv@gmail.com>
Date: Mon, 22 Dec 2025 17:49:32 +0100
Subject: [PATCH] fix: fixed access to AdminSettings without being authorize

---
 CouchLog/Components/AdminSettings/Pages/Index.razor         | 4 ++++
 .../Components/AdminSettings/Pages/UserManagement.razor     | 3 +++
 .../AdminSettings/Shared/AdminSettingsLayout.razor          | 6 +++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/CouchLog/Components/AdminSettings/Pages/Index.razor b/CouchLog/Components/AdminSettings/Pages/Index.razor
index e506207..bc6dce5 100644
--- a/CouchLog/Components/AdminSettings/Pages/Index.razor
+++ b/CouchLog/Components/AdminSettings/Pages/Index.razor
@@ -1,5 +1,9 @@
 @page "/AdminSettings"
 
+@using Microsoft.AspNetCore.Authorization
+
+@attribute [Authorize(Roles = "Admin")]
+
 <h3>Index</h3>
 
 @code {
diff --git a/CouchLog/Components/AdminSettings/Pages/UserManagement.razor b/CouchLog/Components/AdminSettings/Pages/UserManagement.razor
index 18fa06d..9e72063 100644
--- a/CouchLog/Components/AdminSettings/Pages/UserManagement.razor
+++ b/CouchLog/Components/AdminSettings/Pages/UserManagement.razor
@@ -5,6 +5,7 @@
 @using Microsoft.AspNetCore.Identity
 @using Microsoft.EntityFrameworkCore
 @using Microsoft.AspNetCore.Components.QuickGrid
+@using Microsoft.AspNetCore.Authorization
 
 @inject ApplicationDbContext CouchLogDB
 @inject UserManager<ApplicationUser> UserManager
@@ -12,6 +13,8 @@
 @inject AuthenticationStateProvider AuthenticationStateProvider
 @inject NavigationManager NavigationManager
 
+@attribute [Authorize(Roles = "Admin")]
+
 <div class="d-flex align-items-center justify-content-between">
     <h3 class="mb-0">UserManagement</h3>
 
diff --git a/CouchLog/Components/AdminSettings/Shared/AdminSettingsLayout.razor b/CouchLog/Components/AdminSettings/Shared/AdminSettingsLayout.razor
index 339c95f..f13c34a 100644
--- a/CouchLog/Components/AdminSettings/Shared/AdminSettingsLayout.razor
+++ b/CouchLog/Components/AdminSettings/Shared/AdminSettingsLayout.razor
@@ -1,6 +1,10 @@
-@inherits LayoutComponentBase
+@using Microsoft.AspNetCore.Authorization
+
+@inherits LayoutComponentBase
 @layout CouchLog.Components.Layout.MainLayout
 
+@attribute [Authorize(Roles = "Admin")]
+
 <h1>Manage CouchLog</h1>
 
 <div>
-- 
2.49.1