diff --git a/backend/email_integration/routes.py b/backend/email_integration/routes.py
index bba89e1..4e57ed3 100644
--- a/backend/email_integration/routes.py
+++ b/backend/email_integration/routes.py
@@ -115,7 +115,9 @@ def _require_admin(handler) -> Optional[dict]:
# ---------------------------------------------------------------------------- GET handlers
def _h_status(handler):
- user = _require_auth(handler)
+ # Email Capture is an admin-only surface (nav-hidden from members); these read
+ # endpoints expose mailbox/sync metadata, so enforce admin server-side too.
+ user = _require_admin(handler)
if not user:
return
snap = _sched.status_snapshot()
@@ -150,7 +152,9 @@ def _h_status(handler):
def _h_list_accounts(handler):
- user = _require_auth(handler)
+ # Admin-only: the mailbox list (addresses, sync state, errors) belongs to the
+ # admin-only Email Capture surface. Enforced server-side, not just nav-hidden.
+ user = _require_admin(handler)
if not user:
return
conn = _conn()
@@ -180,9 +184,6 @@ def _h_list_accounts(handler):
r["matched"] = matched.get(r["id"], 0)
finally:
conn.close()
- # Non-admins only see their own row
- if user.get("role") != "admin":
- rows = [r for r in rows if r["user_id"] == user["user_id"]]
handler.send_json({"accounts": rows})
diff --git a/backend/server.py b/backend/server.py
index 76effa3..0e545fe 100644
--- a/backend/server.py
+++ b/backend/server.py
@@ -3914,6 +3914,11 @@ class CRMHandler(BaseHTTPRequestHandler):
return self.send_json({"data": res})
def handle_list_users(self, user):
+ # The full user directory (names, emails, roles) is admin-only — it is only
+ # consumed by the admin section of Settings. The nav already hides it from
+ # members; this enforces the same boundary server-side.
+ if not require_admin(user):
+ return self.send_error_json("Admin access required", 403)
conn = get_db()
users = rows_to_list(conn.execute(
"SELECT id, username, email, full_name, role, is_active, created_at FROM users ORDER BY full_name"
diff --git a/frontend/index.html b/frontend/index.html
index fb57897..337a415 100644
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -8,7 +8,11 @@
-
+
+