From ffa1c370fd4b92df15609cd3706b8ebcff930e0d Mon Sep 17 00:00:00 2001
From: Shadowghost <Ghost_of_Stone@web.de>
Date: Wed, 18 Sep 2024 16:10:13 +0200
Subject: [PATCH] Fix permission checks

---
 Emby.Server.Implementations/Session/SessionManager.cs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index 6bcbe3ceba..55e4856692 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1886,7 +1886,7 @@ namespace Emby.Server.Implementations.Session
                 if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
                 {
                     // User cannot control other user's sessions, validate user id.
-                    result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(controllableUserToCheck.Value));
+                    result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(user.Id));
                 }
 
                 result = result.Where(i =>
@@ -1903,7 +1903,10 @@ namespace Emby.Server.Implementations.Session
             {
                 // Request isn't from administrator, limit to "own" sessions.
                 result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(userId));
+            }
 
+            if (!user.HasPermission(PermissionKind.IsAdministrator))
+            {
                 // Don't report acceleration type for non-admin users.
                 result = result.Select(r =>
                 {