if user and not has_access(user, session_obj, 'rw'):
            raise APIPermissionException('User {} does not have read-write access to session {}'.format(user, session_uid))