From f8c50b40bbd43ada730b1c1a063856b875a099b1 Mon Sep 17 00:00:00 2001
From: Joseph Milazzo <joseph.v.milazzo@gmail.com>
Date: Thu, 24 Dec 2020 10:37:49 -0600
Subject: [PATCH] Ensure only admins can call getDirectories

---
 API/Controllers/LibraryController.cs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/API/Controllers/LibraryController.cs b/API/Controllers/LibraryController.cs
index 4800a8cbb..42fa27659 100644
--- a/API/Controllers/LibraryController.cs
+++ b/API/Controllers/LibraryController.cs
@@ -42,12 +42,10 @@ namespace API.Controllers
         /// </summary>
         /// <param name="path"></param>
         /// <returns></returns>
+        [Authorize(Policy = "RequireAdminRole")]
         [HttpGet("list")]
         public ActionResult<IEnumerable<string>> GetDirectories(string path)
         {
-            // TODO: We need some sort of validation other than our auth layer
-            _logger.Log(LogLevel.Debug, "Listing Directories for " + path);
-
             if (string.IsNullOrEmpty(path))
             {
                 return Ok(Directory.GetLogicalDrives());
@@ -57,7 +55,7 @@ namespace API.Controllers
 
             return Ok(_directoryService.ListDirectory(path));
         }
-
+        
         [HttpGet]
         public async Task<ActionResult<IEnumerable<LibraryDto>>> GetLibraries()
         {