X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=src%2Fmanager.js;h=667fb301ef83d1abffb53b53470a25588f11d10d;hb=5618c8b62b18564ea4262cd089dcf54af72afc10;hp=cae9e74ce734b6fec771f4c9ceb3927c8e1b9028;hpb=085b55f507dedc16016bb491d520c556acd60643;p=websub-hub

diff --git a/src/manager.js b/src/manager.js
index cae9e74..667fb30 100644
--- a/src/manager.js
+++ b/src/manager.js
@@ -53,6 +53,7 @@ class Manager {
 
   /**
    * GET request for root.
+   * @param {http.ClientRequest} req
    * @param {http.ServerResponse} res
    * @param {object} ctx
    */
@@ -576,6 +577,15 @@ class Manager {
     });
     this.logger.debug(_scope, 'got topics', { topics: ctx.topics });
 
+    // Profile users can only see related topics.
+    if (ctx.session && ctx.session.authenticatedProfile) {
+      const profileUrlObj = new URL(ctx.session.authenticatedProfile);
+      ctx.topics = ctx.topics.filter((topic) => {
+        const topicUrlObj = new URL(topic.url);
+        return (topicUrlObj.hostname === profileUrlObj.hostname);
+      });
+    }
+
     res.end(Template.adminOverviewHTML(ctx, this.options));
     this.logger.info(_scope, 'finished', { ...ctx, topics: ctx.topics.length })
   }
@@ -597,8 +607,18 @@ class Manager {
     });
     this.logger.debug(_scope, 'got topic details', { topic: ctx.topic, subscriptions: ctx.subscriptions });
 
+    // Profile users can only see related topics.
+    if (ctx.session && ctx.session.authenticatedProfile) {
+      const profileUrlObj = new URL(ctx.session.authenticatedProfile);
+      const topicUrlObj = new URL(ctx.topic.url);
+      if (topicUrlObj.hostname !== profileUrlObj.hostname) {
+        ctx.topic = null;
+        ctx.subscriptions = [];
+      }
+    }
+
     res.end(Template.adminTopicDetailsHTML(ctx, this.options));
-    this.logger.info(_scope, 'finished', { ...ctx, subscriptions: ctx.subscriptions.length, topic: ctx.topic.id });
+    this.logger.info(_scope, 'finished', { ...ctx, subscriptions: ctx.subscriptions.length, topic: ctx.topic && ctx.topic.id || ctx.topic });
   }