diff --git a/src/socket.io/meta.js b/src/socket.io/meta.js
index f150102f13..0e59e93849 100644
--- a/src/socket.io/meta.js
+++ b/src/socket.io/meta.js
@@ -5,6 +5,7 @@ const os = require('os');
 const user = require('../user');
 const meta = require('../meta');
 const topics = require('../topics');
+const privileges = require('../privileges');
 
 const SocketMeta = module.exports;
 SocketMeta.rooms = {};
@@ -44,6 +45,20 @@ SocketMeta.rooms.enter = async function (socket, data) {
 		throw new Error('[[error:not-allowed]]');
 	}
 
+	if (data.enter && data.enter.startsWith('topic_')) {
+		const tid = data.enter.split('_').pop();
+		if (!await privileges.topics.can('topics:read', tid, socket.uid)) {
+			throw new Error('[[error:no-privileges]]');
+		}
+	}
+
+	if (data.enter && data.enter.startsWith('category_')) {
+		const cid = data.enter.split('_').pop();
+		if (!await privileges.categories.can('read', cid, socket.uid)) {
+			throw new Error('[[error:no-privileges]]');
+		}
+	}
+
 	leaveCurrentRoom(socket);
 
 	if (data.enter) {