fix ux

backend/app/routes/historical.py

@@ -4,20 +4,30 @@ from datetime import date
 
 from flask import Blueprint, jsonify, request
 
+from app.services.auth import get_auth_service
 from app.services.historical_sync import get_historical_sync_service
 from app.utils.serialization import to_plain
 
 historical_blueprint = Blueprint("historical", __name__)
 service = get_historical_sync_service()
+auth_service = get_auth_service()
 
 
 @historical_blueprint.get("/historical/status")
 def historical_status():
+    try:
+        auth_service.require_admin()
+    except PermissionError as exc:
+        return jsonify({"detail": str(exc)}), 403
     return jsonify(to_plain(service.status()))
 
 
 @historical_blueprint.post("/historical/start")
 def historical_start():
+    try:
+        auth_service.require_admin()
+    except PermissionError as exc:
+        return jsonify({"detail": str(exc)}), 403
     payload = request.get_json(silent=True) or {}
     try:
         status = service.start(
@@ -35,6 +45,10 @@ def historical_start():
 
 @historical_blueprint.post("/historical/sync-now")
 def historical_sync_now():
+    try:
+        auth_service.require_admin()
+    except PermissionError as exc:
+        return jsonify({"detail": str(exc)}), 403
     try:
         status = service.start(auto=True)
         return jsonify(to_plain(status))
@@ -44,6 +58,10 @@ def historical_sync_now():
 
 @historical_blueprint.post("/historical/cancel")
 def historical_cancel():
+    try:
+        auth_service.require_admin()
+    except PermissionError as exc:
+        return jsonify({"detail": str(exc)}), 403
     return jsonify(to_plain(service.cancel()))