Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-07-09 03:04:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix permission checks

Browse Source
This commit is contained in:
Shadowghost 2024-09-18 16:10:13 +02:00
parent 0a982e2bfd
commit ffa1c370fd
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Emby.Server.Implementations/Session/SessionManager.cs
View File

@ -1886,7 +1886,7 @@ namespace Emby.Server.Implementations.Session
if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers)) if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
{ {
// User cannot control other user's sessions, validate user id. // User cannot control other user's sessions, validate user id.
result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(controllableUserToCheck.Value)); result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(user.Id));
} }
result = result.Where(i => result = result.Where(i =>
@ -1903,7 +1903,10 @@ namespace Emby.Server.Implementations.Session
{ {
// Request isn't from administrator, limit to "own" sessions. // Request isn't from administrator, limit to "own" sessions.
result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(userId)); result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(userId));
}
if (!user.HasPermission(PermissionKind.IsAdministrator))
{
// Don't report acceleration type for non-admin users. // Don't report acceleration type for non-admin users.
result = result.Select(r => result = result.Select(r =>
{ {