Ensure only admins can call getDirectories

API/Controllers/LibraryController.cs

@@ -42,12 +42,10 @@ namespace API.Controllers
         /// </summary>
         /// <param name="path"></param>
         /// <returns></returns>
+        [Authorize(Policy = "RequireAdminRole")]
         [HttpGet("list")]
         public ActionResult<IEnumerable<string>> GetDirectories(string path)
         {
-            // TODO: We need some sort of validation other than our auth layer
-            _logger.Log(LogLevel.Debug, "Listing Directories for " + path);
-
             if (string.IsNullOrEmpty(path))
             {
                 return Ok(Directory.GetLogicalDrives());
@@ -57,7 +55,7 @@ namespace API.Controllers
 
             return Ok(_directoryService.ListDirectory(path));
         }
-
+        
         [HttpGet]
         public async Task<ActionResult<IEnumerable<LibraryDto>>> GetLibraries()
         {