groove/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-12-06 20:09:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix admin user unable to close sessions of other users #4746
Some checks failed
CodeQL / Analyze (push) Has been cancelled
Details
Build and Push Docker Image / build (push) Has been cancelled
Details
Integration Test / build and test (push) Has been cancelled
Details
Run Unit Tests / Run Unit Tests (push) Has been cancelled
Details

Browse source
This commit is contained in:
advplyr 2025-10-13 09:50:01 -05:00
parent feed827223
commit a87ea32715
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/controllers/SessionController.js
View file

@ -339,9 +339,9 @@ class SessionController {
var playbackSession = this.playbackSessionManager.getSession(req.params.id) var playbackSession = this.playbackSessionManager.getSession(req.params.id)
if (!playbackSession) return res.sendStatus(404) if (!playbackSession) return res.sendStatus(404)
if (playbackSession.userId !== req.user.id) { if (playbackSession.userId !== req.user.id && !req.user.isAdminOrUp) {
Logger.error(`[SessionController] User "${req.user.username}" attempting to access session belonging to another user "${req.params.id}"`) Logger.error(`[SessionController] Non-admin user "${req.user.username}" attempting to access session belonging to another user "${req.params.id}"`)
return res.sendStatus(404) return res.sendStatus(403)
} }
req.playbackSession = playbackSession req.playbackSession = playbackSession