Limit startScan to admins only

server/subsonic/library_scanning.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/deluan/navidrome/conf"
 	"github.com/deluan/navidrome/log"
+	"github.com/deluan/navidrome/model/request"
 	"github.com/deluan/navidrome/scanner"
 	"github.com/deluan/navidrome/server/subsonic/responses"
 	"github.com/deluan/navidrome/utils"
@@ -37,6 +38,15 @@ func (c *LibraryScanningController) GetScanStatus(w http.ResponseWriter, r *http
 }
 
 func (c *LibraryScanningController) StartScan(w http.ResponseWriter, r *http.Request) (*responses.Subsonic, error) {
+	loggedUser, ok := request.UserFrom(r.Context())
+	if !ok {
+		return nil, newError(responses.ErrorGeneric, "Internal error")
+	}
+
+	if !loggedUser.IsAdmin {
+		return nil, newError(responses.ErrorAuthorizationFail)
+	}
+
 	fullScan := utils.ParamBool(r, "fullScan", false)
 	c.scanner.RescanAll(fullScan)