X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=src%2Fmanager.js;h=65444a064c33e202afa195208236cab0527f3bab;hb=83c6ed3b2e4065ee1cab4a1084daaf43a50ec5ff;hp=2aa9abc2b48f5e664e59febe6f360c1497ae1d20;hpb=a4c58b857482dc900fad9498fc0c510dd67cd380;p=websub-hub diff --git a/src/manager.js b/src/manager.js index 2aa9abc..65444a0 100644 --- a/src/manager.js +++ b/src/manager.js @@ -577,6 +577,15 @@ class Manager { }); this.logger.debug(_scope, 'got topics', { topics: ctx.topics }); + // Profile users can only see related topics. + if (ctx.session && ctx.session.authenticatedProfile) { + const profileUrlObj = new URL(ctx.session.authenticatedProfile); + ctx.topics = ctx.topics.filter((topic) => { + const topicUrlObj = new URL(topic.url); + return (topicUrlObj.hostname === profileUrlObj.hostname); + }); + } + res.end(Template.adminOverviewHTML(ctx, this.options)); this.logger.info(_scope, 'finished', { ...ctx, topics: ctx.topics.length }) } @@ -598,8 +607,18 @@ class Manager { }); this.logger.debug(_scope, 'got topic details', { topic: ctx.topic, subscriptions: ctx.subscriptions }); + // Profile users can only see related topics. + if (ctx.session && ctx.session.authenticatedProfile) { + const profileUrlObj = new URL(ctx.session.authenticatedProfile); + const topicUrlObj = new URL(ctx.topic.url); + if (topicUrlObj.hostname !== profileUrlObj.hostname) { + ctx.topic = null; + ctx.subscriptions = []; + } + } + res.end(Template.adminTopicDetailsHTML(ctx, this.options)); - this.logger.info(_scope, 'finished', { ...ctx, subscriptions: ctx.subscriptions.length, topic: ctx.topic.id }); + this.logger.info(_scope, 'finished', { ...ctx, subscriptions: ctx.subscriptions.length, topic: ctx.topic && ctx.topic.id || ctx.topic }); } @@ -773,7 +792,7 @@ class Manager { * @param {object} ctx */ async processTasks(res, ctx) { - const _scope = _fileScope('getTopicDetails'); + const _scope = _fileScope('processTasks'); this.logger.debug(_scope, 'called', { ctx }); // N.B. no await on this