Cutlery/Kavita
1
0
Fork 0
mirror of https://github.com/Kareadita/Kavita.git synced 2025-06-05 06:35:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Ensure only admins can call getDirectories

Browse Source
This commit is contained in:
Joseph Milazzo 2020-12-24 10:37:49 -06:00
parent f8ccc5a01f
commit f8c50b40bb
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
API/Controllers/LibraryController.cs
View File

@ -42,12 +42,10 @@ namespace API.Controllers
/// </summary> /// </summary>
/// <param name="path"></param> /// <param name="path"></param>
/// <returns></returns> /// <returns></returns>
[Authorize(Policy = "RequireAdminRole")]
[HttpGet("list")] [HttpGet("list")]
public ActionResult<IEnumerable<string>> GetDirectories(string path) public ActionResult<IEnumerable<string>> GetDirectories(string path)
{ {
// TODO: We need some sort of validation other than our auth layer
_logger.Log(LogLevel.Debug, "Listing Directories for " + path);
if (string.IsNullOrEmpty(path)) if (string.IsNullOrEmpty(path))
{ {
return Ok(Directory.GetLogicalDrives()); return Ok(Directory.GetLogicalDrives());