From 163e1ec8ec503c73ae0c0b40e241c59aa08859a5 Mon Sep 17 00:00:00 2001
From: bnematzadeh <vicforbounty@gmail.com>
Date: Sat, 9 Nov 2024 08:47:55 -0700
Subject: [PATCH 1/2] Add admin middleware for reading sessions

---
 server/api/routes.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/api/routes.js b/server/api/routes.js
index 6a8561054f..7265044a76 100644
--- a/server/api/routes.js
+++ b/server/api/routes.js
@@ -487,6 +487,7 @@ function getRoutes(gladys) {
     },
     'get /api/v1/session': {
       authenticated: true,
+      admin: true,
       controller: sessionController.get,
     },
     // light

From e687030497cb7617653974597135799a5d265b6c Mon Sep 17 00:00:00 2001
From: bnematzadeh <vicforbounty@gmail.com>
Date: Mon, 11 Nov 2024 04:28:32 -0700
Subject: [PATCH 2/2] Update session.get.js

---
 server/api/routes.js              | 1 -
 server/lib/session/session.get.js | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/api/routes.js b/server/api/routes.js
index 7265044a76..6a8561054f 100644
--- a/server/api/routes.js
+++ b/server/api/routes.js
@@ -487,7 +487,6 @@ function getRoutes(gladys) {
     },
     'get /api/v1/session': {
       authenticated: true,
-      admin: true,
       controller: sessionController.get,
     },
     // light
diff --git a/server/lib/session/session.get.js b/server/lib/session/session.get.js
index 90fe07e1eb..13307cbbba 100644
--- a/server/lib/session/session.get.js
+++ b/server/lib/session/session.get.js
@@ -37,6 +37,7 @@ async function get(userId, options) {
     order: [[optionsWithDefault.order_by, optionsWithDefault.order_dir]],
     where: {
       revoked: false,
+      user_id: userId,
     },
   });