fix

backend/routers/auth.py

@@ -15,6 +15,12 @@ async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(
             detail="Incorrect username or password",
             headers={"WWW-Authenticate": "Bearer"},
         )
+    
+    if not user.is_admin:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Access denied. Only admins can login to the dashboard.",
+        )
     access_token_expires = timedelta(minutes=auth_utils.ACCESS_TOKEN_EXPIRE_MINUTES)
     access_token = auth_utils.create_access_token(
         data={"sub": user.username}, expires_delta=access_token_expires

backend/schemas.py

@@ -19,10 +19,18 @@ class UserUpdate(BaseModel):
     is_active: Optional[bool] = None
     is_admin: Optional[bool] = None
 
+class UserApplicationOut(BaseModel):
+    application: "ApplicationOut"
+    assigned_at: datetime
+
+    class Config:
+        orm_mode = True
+
 class UserOut(UserBase):
     id: int
     created_at: datetime
     updated_at: datetime
+    applications: List[UserApplicationOut] = []
 
     class Config:
         orm_mode = True