From e0393fe72671482a93c0009f740b024e1cb5403e Mon Sep 17 00:00:00 2001
From: Simon Leary <simon.leary42@proton.me>
Date: Tue, 16 Dec 2025 12:44:47 -0500
Subject: [PATCH 1/3] make sure admin pages are protected

---
 .pre-commit-config.yaml         |  5 +++++
 test/assert-forbidden-used.bash | 21 +++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 test/assert-forbidden-used.bash

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4cb2b061..a6f8fdc4 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -110,3 +110,8 @@ repos:
         language: system
         files: ^resources/.*\.php$
         exclude: ^resources/lib/UnityHTTPD\.php$
+      - id: assert-forbidden-used
+        name: Assert forbidden() is used
+        entry: bash ./test/assert-forbidden-used.bash
+        language: system
+        files: ^webroot/admin/.*\.php$
diff --git a/test/assert-forbidden-used.bash b/test/assert-forbidden-used.bash
new file mode 100644
index 00000000..a179ce97
--- /dev/null
+++ b/test/assert-forbidden-used.bash
@@ -0,0 +1,21 @@
+set -euo pipefail
+trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR
+if [[ $# -lt 1 ]]; then
+    echo "at least one argument required"
+    exit 1
+fi
+
+rc=0
+for file in "$@"; do
+    # --color=never because magit git output log doesn't support it
+    grep_rc=0; grep -q UnityHTTPD::forbidden "$file" || grep_rc=$?
+    case "$grep_rc" in
+        0)
+            : ;; # code is good, do nothing
+        1)
+            echo "UnityHTTPD::forbidden() was not called in file '$file'!"; rc=1 ;;
+        *)
+            echo "grep failed!";  rc=1 ;;
+    esac
+done
+exit "$rc"

From 1ce86f602f8a5f3faf5d933adc5f641137ac5625 Mon Sep 17 00:00:00 2001
From: Simon Leary <simon.leary42@proton.me>
Date: Tue, 16 Dec 2025 12:45:53 -0500
Subject: [PATCH 2/3] add convention

---
 CONTRIBUTING.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d553ae9e..e841dd29 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -22,6 +22,7 @@
   This will enable strict mode and throw an exception rather than returning `false`.
 - `UnityHTTPD`'s user-facing error functionality (ex: `badRequest`) should only be called from `webroot/**/*.php`.
   `resources/**/*.php` should throw exceptions instead.
+- all pages under `webroot/admin/` must check for `$USER->isAdmin()` and call `UnityHTTPD::forbidden()` if not admin.
 
 This repository will automatically check PRs for linting compliance.
 

From efc7455fcf96e7dd861fcdc5d5cb7faa850d6b2c Mon Sep 17 00:00:00 2001
From: Simon Leary <simon.leary42@proton.me>
Date: Tue, 16 Dec 2025 12:46:41 -0500
Subject: [PATCH 3/3] remove old comment

---
 test/assert-forbidden-used.bash | 1 -
 1 file changed, 1 deletion(-)

diff --git a/test/assert-forbidden-used.bash b/test/assert-forbidden-used.bash
index a179ce97..f5c1524b 100644
--- a/test/assert-forbidden-used.bash
+++ b/test/assert-forbidden-used.bash
@@ -7,7 +7,6 @@ fi
 
 rc=0
 for file in "$@"; do
-    # --color=never because magit git output log doesn't support it
     grep_rc=0; grep -q UnityHTTPD::forbidden "$file" || grep_rc=$?
     case "$grep_rc" in
         0)