1 files changed, 11 insertions, 64 deletions

diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index 60de66ab0..2f9e9f091 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -1,21 +1,17 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
-using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
-using Jellyfin.Api.Models.SessionDtos;
 using Jellyfin.Data.Enums;
-using Jellyfin.Extensions;
 using MediaBrowser.Common.Api;
-using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Dto;
+using MediaBrowser.Model.Entities;
 using MediaBrowser.Model.Session;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -31,22 +27,18 @@ public class SessionController : BaseJellyfinApiController
 {
     private readonly ISessionManager _sessionManager;
     private readonly IUserManager _userManager;
-    private readonly IDeviceManager _deviceManager;
 
     /// <summary>
     /// Initializes a new instance of the <see cref="SessionController"/> class.
     /// </summary>
     /// <param name="sessionManager">Instance of <see cref="ISessionManager"/> interface.</param>
     /// <param name="userManager">Instance of <see cref="IUserManager"/> interface.</param>
-    /// <param name="deviceManager">Instance of <see cref="IDeviceManager"/> interface.</param>
     public SessionController(
         ISessionManager sessionManager,
-        IUserManager userManager,
-        IDeviceManager deviceManager)
+        IUserManager userManager)
     {
         _sessionManager = sessionManager;
         _userManager = userManager;
-        _deviceManager = deviceManager;
     }
 
     /// <summary>
@@ -56,67 +48,22 @@ public class SessionController : BaseJellyfinApiController
     /// <param name="deviceId">Filter by device Id.</param>
     /// <param name="activeWithinSeconds">Optional. Filter by sessions that were active in the last n seconds.</param>
     /// <response code="200">List of sessions returned.</response>
-    /// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns>
+    /// <returns>An <see cref="IReadOnlyList{SessionInfoDto}"/> with the available sessions.</returns>
     [HttpGet("Sessions")]
     [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    public ActionResult<IEnumerable<SessionInfo>> GetSessions(
+    public ActionResult<IReadOnlyList<SessionInfoDto>> GetSessions(
         [FromQuery] Guid? controllableByUserId,
         [FromQuery] string? deviceId,
         [FromQuery] int? activeWithinSeconds)
     {
-        var result = _sessionManager.Sessions;
-
-        if (!string.IsNullOrEmpty(deviceId))
-        {
-            result = result.Where(i => string.Equals(i.DeviceId, deviceId, StringComparison.OrdinalIgnoreCase));
-        }
-
-        if (!controllableByUserId.IsNullOrEmpty())
-        {
-            result = result.Where(i => i.SupportsRemoteControl);
-
-            var user = _userManager.GetUserById(controllableByUserId.Value);
-            if (user is null)
-            {
-                return NotFound();
-            }
-
-            if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
-            {
-                // User cannot control other user's sessions, validate user id.
-                result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(RequestHelpers.GetUserId(User, controllableByUserId)));
-            }
-
-            if (!user.HasPermission(PermissionKind.EnableSharedDeviceControl))
-            {
-                result = result.Where(i => !i.UserId.IsEmpty());
-            }
-
-            result = result.Where(i =>
-            {
-                if (!string.IsNullOrWhiteSpace(i.DeviceId))
-                {
-                    if (!_deviceManager.CanAccessDevice(user, i.DeviceId))
-                    {
-                        return false;
-                    }
-                }
-
-                return true;
-            });
-        }
-        else if (!User.IsInRole(UserRoles.Administrator))
-        {
-            // Request isn't from administrator, limit to "own" sessions.
-            result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(User.GetUserId()));
-        }
-
-        if (activeWithinSeconds.HasValue && activeWithinSeconds.Value > 0)
-        {
-            var minActiveDate = DateTime.UtcNow.AddSeconds(0 - activeWithinSeconds.Value);
-            result = result.Where(i => i.LastActivityDate >= minActiveDate);
-        }
+        Guid? controllableUserToCheck = controllableByUserId is null ? null : RequestHelpers.GetUserId(User, controllableByUserId);
+        var result = _sessionManager.GetSessions(
+            User.GetUserId(),
+            deviceId,
+            activeWithinSeconds,
+            controllableUserToCheck,
+            User.GetIsApiKey());
 
         return Ok(result);
     }