Fix admin user unable to close sessions of other users #4746

2025-10-27 11:18:14 +01:00 · 2025-10-13 09:50:01 -05:00 · 2025-10-13 09:50:01 -05:00 · a87ea32715
commit a87ea32715
parent feed827223
1 changed files with 3 additions and 3 deletions
--- a/server/controllers/SessionController.js
+++ b/server/controllers/SessionController.js
@ -339,9 +339,9 @@ class SessionController {
    var playbackSession = this.playbackSessionManager.getSession(req.params.id)
    if (!playbackSession) return res.sendStatus(404)

-    if (playbackSession.userId !== req.user.id) {
-      Logger.error(`[SessionController] User "${req.user.username}" attempting to access session belonging to another user "${req.params.id}"`)
-      return res.sendStatus(404)
+    if (playbackSession.userId !== req.user.id && !req.user.isAdminOrUp) {
+      Logger.error(`[SessionController] Non-admin user "${req.user.username}" attempting to access session belonging to another user "${req.params.id}"`)
+      return res.sendStatus(403)
    }

    req.playbackSession = playbackSession