[Bug]: Jukebox mode cannot be limited on a per-User basis

[ghost]

I confirm that:

• I have searched the existing open AND closed issues to see if an issue already exists for the bug I've encountered
• I'm using the latest version (your issue may have been fixed already)

Version

0.51.0 (fd61b29)

Current Behavior

Once Jukebox mode is turned, any User can make the server machine play music on-site.

Expected Behavior

I expect to be able to limit Jukebox mode on a per-User basis. This could probably be as simple as ruling that only admin users can use Jukebox mode. I dare not share access to my Navidrome server with others, now that Jukebox mode exists, because any user can suddenly make music come out of my living room speakers at any time of day or night.

My guess is that this is just an oversight and that a fix should be pretty easy. Thanks for considering it!

Steps To Reproduce

When I make a new non-admin user and log in as that user, I am able, through my Navidrome client, to make the server play in jukebox mode. That should not be possible.

Environment

- OS: MacOS 10.13.6
- Browser: Safari
- Client: iSub

How Navidrome is installed?

Binary (from downloads page)

Configuration

MusicFolder = '/Volumes/TomThumb/music'
ScanSchedule = '@every 12h'
EnableExternalServices = false
DataFolder = '/Volumes/Humlet/Users/matt/navidrome'
Jukebox.Enabled = true
MPVPath = '/Applications/mpv.app/Contents/MacOS/mpv'

Relevant log output

No response

Anything else?

No response

Code of Conduct

• I agree to follow Navidrome's Code of Conduct

[ms140569]

I really think you have a point here. Question is, how to deal with this. The quick fix would be to only allow admin users to access the Jukebox. That's something I could implement fast. But if we want to have a separate property on the user, like 'jukebox_allowed' we need to have this in the DB, the Create-Users Dialog etc. ...

What's your cut?

[ghost]

I can think of three approaches:

• Only allow admin users to access the jukebox. I think if it's easy and fast to do, we should do it now. The current situation is bad and needs to be fixed immediately. This fix will allow Navidrome users to have guest accounts again.
• Add web interface / db to let the admin check a checkbox to grant some non-admin users jukebox access. This can be done later, when we have time.
• Alternative to the above: add a feature to the config file that allows the admin to list the non-admin users who should be allowed to have jukebox access. This would be easier than the preceding, as no new web interface is required; but it will still require a change in the db.

[deluan]

I think the final state would be to have this as a "permission" granted to each user. I want to add this, not only for the Jukebox but also sharing, but will do this after we have the new UI in place and also after we introduce the Multiple Music folders, where I plan to add the user permissions.

For now, as both of you suggested, we could have a simple config option (Jukebox.AdminOnly?) with default true, that would limit the feature only for admins.

I can put this in place for next release (soon).