You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Once Jukebox mode is turned, any User can make the server machine play music on-site.
Expected Behavior
I expect to be able to limit Jukebox mode on a per-User basis. This could probably be as simple as ruling that only admin users can use Jukebox mode. I dare not share access to my Navidrome server with others, now that Jukebox mode exists, because any user can suddenly make music come out of my living room speakers at any time of day or night.
My guess is that this is just an oversight and that a fix should be pretty easy. Thanks for considering it!
Steps To Reproduce
When I make a new non-admin user and log in as that user, I am able, through my Navidrome client, to make the server play in jukebox mode. That should not be possible.
I really think you have a point here. Question is, how to deal with this. The quick fix would be to only allow admin users to access the Jukebox. That's something I could implement fast. But if we want to have a separate property on the user, like 'jukebox_allowed' we need to have this in the DB, the Create-Users Dialog etc. ...
Only allow admin users to access the jukebox. I think if it's easy and fast to do, we should do it now. The current situation is bad and needs to be fixed immediately. This fix will allow Navidrome users to have guest accounts again.
Add web interface / db to let the admin check a checkbox to grant some non-admin users jukebox access. This can be done later, when we have time.
Alternative to the above: add a feature to the config file that allows the admin to list the non-admin users who should be allowed to have jukebox access. This would be easier than the preceding, as no new web interface is required; but it will still require a change in the db.
I think the final state would be to have this as a "permission" granted to each user. I want to add this, not only for the Jukebox but also sharing, but will do this after we have the new UI in place and also after we introduce the Multiple Music folders, where I plan to add the user permissions.
For now, as both of you suggested, we could have a simple config option (Jukebox.AdminOnly?) with default true, that would limit the feature only for admins.
I confirm that:
Version
0.51.0 (fd61b29)
Current Behavior
Once Jukebox mode is turned, any User can make the server machine play music on-site.
Expected Behavior
I expect to be able to limit Jukebox mode on a per-User basis. This could probably be as simple as ruling that only admin users can use Jukebox mode. I dare not share access to my Navidrome server with others, now that Jukebox mode exists, because any user can suddenly make music come out of my living room speakers at any time of day or night.
My guess is that this is just an oversight and that a fix should be pretty easy. Thanks for considering it!
Steps To Reproduce
When I make a new non-admin user and log in as that user, I am able, through my Navidrome client, to make the server play in jukebox mode. That should not be possible.
Environment
How Navidrome is installed?
Binary (from downloads page)
Configuration
Relevant log output
No response
Anything else?
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: