1 files changed, 22 insertions, 4 deletions

diff --git a/MediaBrowser.Api/Session/SessionsService.cs b/MediaBrowser.Api/Session/SessionsService.cs
index d2881893b..59b8e85c2 100644
--- a/MediaBrowser.Api/Session/SessionsService.cs
+++ b/MediaBrowser.Api/Session/SessionsService.cs
@@ -1,4 +1,5 @@
-using MediaBrowser.Controller.Library;
+using MediaBrowser.Controller.Devices;
+using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
@@ -299,6 +300,7 @@ namespace MediaBrowser.Api.Session
         private readonly IUserManager _userManager;
         private readonly IAuthorizationContext _authContext;
         private readonly IAuthenticationRepository _authRepo;
+        private readonly IDeviceManager _deviceManager;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="SessionsService" /> class.
@@ -307,12 +309,13 @@ namespace MediaBrowser.Api.Session
         /// <param name="userManager">The user manager.</param>
         /// <param name="authContext">The authentication context.</param>
         /// <param name="authRepo">The authentication repo.</param>
-        public SessionsService(ISessionManager sessionManager, IUserManager userManager, IAuthorizationContext authContext, IAuthenticationRepository authRepo)
+        public SessionsService(ISessionManager sessionManager, IUserManager userManager, IAuthorizationContext authContext, IAuthenticationRepository authRepo, IDeviceManager deviceManager)
         {
             _sessionManager = sessionManager;
             _userManager = userManager;
             _authContext = authContext;
             _authRepo = authRepo;
+            _deviceManager = deviceManager;
         }
 
         public void Delete(RevokeKey request)
@@ -373,15 +376,30 @@ namespace MediaBrowser.Api.Session
 
                 var user = _userManager.GetUserById(request.ControllableByUserId.Value);
 
-                if (!user.Configuration.EnableRemoteControlOfOtherUsers)
+                if (!user.Policy.EnableRemoteControlOfOtherUsers)
                 {
                     result = result.Where(i => i.ContainsUser(request.ControllableByUserId.Value));
                 }
 
-                if (!user.Configuration.EnableSharedDeviceControl)
+                if (!user.Policy.EnableSharedDeviceControl)
                 {
                     result = result.Where(i => !i.UserId.HasValue);
                 }
+
+                result = result.Where(i =>
+                {
+                    var deviceId = i.DeviceId;
+
+                    if (!string.IsNullOrWhiteSpace(deviceId))
+                    {
+                        if (!_deviceManager.CanAccessDevice(user.Id.ToString("N"), deviceId))
+                        {
+                            return false;
+                        }
+                    }
+
+                    return true;
+                });
             }
 
             return ToOptimizedResult(result.Select(_sessionManager.GetSessionInfoDto).ToList());