Ensure only admins can call getDirectories

2025-05-24 00:52:23 -04:00 · 2020-12-24 10:37:49 -06:00 · 2020-12-24 10:37:49 -06:00 · f8c50b40bb
commit f8c50b40bb
parent f8ccc5a01f
1 changed files with 2 additions and 4 deletions
--- a/API/Controllers/LibraryController.cs
+++ b/API/Controllers/LibraryController.cs
@ -42,12 +42,10 @@ namespace API.Controllers
        /// </summary>
        /// <param name="path"></param>
        /// <returns></returns>
+        [Authorize(Policy = "RequireAdminRole")]
        [HttpGet("list")]
        public ActionResult<IEnumerable<string>> GetDirectories(string path)
        {
-            // TODO: We need some sort of validation other than our auth layer
-            _logger.Log(LogLevel.Debug, "Listing Directories for " + path);
-
            if (string.IsNullOrEmpty(path))
            {
                return Ok(Directory.GetLogicalDrives());
@ -57,7 +55,7 @@ namespace API.Controllers

            return Ok(_directoryService.ListDirectory(path));
        }
-
+        
        [HttpGet]
        public async Task<ActionResult<IEnumerable<LibraryDto>>> GetLibraries()
        {