diff --git a/server/app.js b/server/app.js
index 90f21f3..d7dade7 100755
--- a/server/app.js
+++ b/server/app.js
@@ -90,6 +90,21 @@ app.use(basePath, function(req, res, next) {
   if (!req.session || !req.session.user || !req.session.user.username) {
     return res.status(401).send("Unauthorized");
   }    
+
+  if (config.has("restrictions")) {
+    let allowed = config.get("restrictions");
+    if (!Array.isArray(allowed)) {
+      allowed = [ allowed ];
+    }
+    for (let i = 0; i < allowed.length; i++) {
+      if (allowed[i] == req.session.user.username) {
+        return next();
+      }
+    }
+    console.log("Unauthorized (logged in) access by user: " + req.session.user.username);
+    return res.status(401).send("Unauthorized");
+  }
+
   return next();
 });    
 
diff --git a/server/scanner.js b/server/scanner.js
index f6fa682..25e7a49 100644
--- a/server/scanner.js
+++ b/server/scanner.js
@@ -194,7 +194,6 @@ const mkdir = function (_path) {
       }
 
       return new Promise(function (resolve, reject) {
-        console.log("mkdir " + path);
         fs.mkdir(path, function (error) {
           if (error) {
             return reject(error);