diff --git a/src/clj/cat/handler.clj b/src/clj/cat/handler.clj
index cf3c80c..6b1120b 100644
--- a/src/clj/cat/handler.clj
+++ b/src/clj/cat/handler.clj
@@ -19,7 +19,7 @@
   (GET "/" req (show-home req))
   (GET "/relations_zeroed" [] (show-relations)))
 
-(defroutes user-routes
+(defroutes user-routes ;; These are protect inside their respective functions
   (POST "/relation_request/:id/status" [id & body :as req] (update-relationrequest-status id body req)) ; STATUS ENUM: (open, accepted, rejected)
   (POST "/request_relation" req (create-relation-request req)))
 
@@ -40,7 +40,8 @@
       middleware/wrap-formats)
   user-routes
   oauth-routes
-  admin-routes
+  (-> admin-routes
+      middleware/wrap-restricted-admin)
   (route/not-found
    (:body
     (error-page {:status 404
@@ -50,4 +51,3 @@
   :start
   (-> app-routes
       middleware/wrap-base))
-
diff --git a/src/clj/cat/middleware.clj b/src/clj/cat/middleware.clj
index ff67da3..c30aa1a 100644
--- a/src/clj/cat/middleware.clj
+++ b/src/clj/cat/middleware.clj
@@ -65,10 +65,10 @@
    {:status 403
     :title  (str "Access to " (:uri request) " is not authorised")}))
 
-(defn wrap-restricted
+(defn wrap-restricted-admin
   "Example of how to wrap a route or handling in an authentication scheme"
   [handler]
-  (restrict handler {:handler  authenticated?
+  (restrict handler {:handler  admin-access
                      :on-error on-auth-error}))
 
 (defn wrap-auth