From 2178a57f8c3a5f4c3fcfefcb090e676e48d76612 Mon Sep 17 00:00:00 2001
From: Deluan <deluan@navidrome.org>
Date: Wed, 3 Dec 2025 19:53:26 -0500
Subject: [PATCH] enforce admin user requirement in context for command
 execution

Signed-off-by: Deluan <deluan@navidrome.org>
---
 cmd/utils.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cmd/utils.go b/cmd/utils.go
index 817a391d0..81d646cf1 100644
--- a/cmd/utils.go
+++ b/cmd/utils.go
@@ -7,14 +7,21 @@ import (
 
 	"github.com/navidrome/navidrome/core/auth"
 	"github.com/navidrome/navidrome/db"
+	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/request"
 	"github.com/navidrome/navidrome/persistence"
 )
 
 func getAdminContext(ctx context.Context) (model.DataStore, context.Context) {
 	sqlDB := db.Db()
 	ds := persistence.New(sqlDB)
-	return ds, auth.WithAdminUser(ctx, ds)
+	ctx = auth.WithAdminUser(ctx, ds)
+	u, _ := request.UserFrom(ctx)
+	if !u.IsAdmin {
+		log.Fatal(ctx, "There must be at least one admin user to run this command.")
+	}
+	return ds, ctx
 }
 
 func getUser(ctx context.Context, id string, ds model.DataStore) (*model.User, error) {