X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=src%2Fmanager.js;h=667fb301ef83d1abffb53b53470a25588f11d10d;hb=d0444b4b0ee8166d911e6b227218d110eb7eddf1;hp=2aa9abc2b48f5e664e59febe6f360c1497ae1d20;hpb=a4c58b857482dc900fad9498fc0c510dd67cd380;p=websub-hub

diff --git a/src/manager.js b/src/manager.js
index 2aa9abc..667fb30 100644
--- a/src/manager.js
+++ b/src/manager.js
@@ -577,6 +577,15 @@ class Manager {
     });
     this.logger.debug(_scope, 'got topics', { topics: ctx.topics });
 
+    // Profile users can only see related topics.
+    if (ctx.session && ctx.session.authenticatedProfile) {
+      const profileUrlObj = new URL(ctx.session.authenticatedProfile);
+      ctx.topics = ctx.topics.filter((topic) => {
+        const topicUrlObj = new URL(topic.url);
+        return (topicUrlObj.hostname === profileUrlObj.hostname);
+      });
+    }
+
     res.end(Template.adminOverviewHTML(ctx, this.options));
     this.logger.info(_scope, 'finished', { ...ctx, topics: ctx.topics.length })
   }
@@ -598,8 +607,18 @@ class Manager {
     });
     this.logger.debug(_scope, 'got topic details', { topic: ctx.topic, subscriptions: ctx.subscriptions });
 
+    // Profile users can only see related topics.
+    if (ctx.session && ctx.session.authenticatedProfile) {
+      const profileUrlObj = new URL(ctx.session.authenticatedProfile);
+      const topicUrlObj = new URL(ctx.topic.url);
+      if (topicUrlObj.hostname !== profileUrlObj.hostname) {
+        ctx.topic = null;
+        ctx.subscriptions = [];
+      }
+    }
+
     res.end(Template.adminTopicDetailsHTML(ctx, this.options));
-    this.logger.info(_scope, 'finished', { ...ctx, subscriptions: ctx.subscriptions.length, topic: ctx.topic.id });
+    this.logger.info(_scope, 'finished', { ...ctx, subscriptions: ctx.subscriptions.length, topic: ctx.topic && ctx.topic.id || ctx.topic });
   }