Add protection rules to the backoffice endpoints

[lnardon]

Add a protection rule to the back-office/admin endpoints so only authorized users can use them.