From 8584d2cf9cbe2b6f61b3e42e55294a8f6a8b3af6 Mon Sep 17 00:00:00 2001
From: "DESKTOP-T0O5CDB\\DESK-555BD" <ivancheahkf@gmail.com>
Date: Tue, 13 Feb 2024 16:48:24 -0700
Subject: [PATCH] Lock down contoller methods for extra fields.

---
 Controllers/HomeController.cs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Controllers/HomeController.cs b/Controllers/HomeController.cs
index 10f7dcd..63ec895 100644
--- a/Controllers/HomeController.cs
+++ b/Controllers/HomeController.cs
@@ -99,6 +99,7 @@ namespace CarCareTracker.Controllers
         {
             return View();
         }
+        [Authorize(Roles = nameof(UserData.IsRootUser))]
         public IActionResult GetExtraFieldsModal(int importMode = 0)
         {
             var recordExtraFields = _extraFieldDataAccess.GetExtraFieldsById(importMode);
@@ -108,6 +109,7 @@ namespace CarCareTracker.Controllers
             }
             return PartialView("_ExtraFields", recordExtraFields);
         }
+        [Authorize(Roles = nameof(UserData.IsRootUser))]
         public IActionResult UpdateExtraFields(RecordExtraField record)
         {
             try