From 5046a847cfc8728a50c6081952a7d2d3ee2131b1 Mon Sep 17 00:00:00 2001 From: Thaum Rystra Date: Wed, 13 May 2020 09:29:29 +0200 Subject: [PATCH] Quality pass over all publications, fixed public documents permission error --- .../server/publications/characterList.js | 30 +++++++++---------- app/imports/server/publications/icons.js | 9 +++--- app/imports/server/publications/index.js | 10 +++---- app/imports/server/publications/library.js | 22 ++++++-------- .../server/publications/singleCharacter.js | 30 ++----------------- 5 files changed, 35 insertions(+), 66 deletions(-) diff --git a/app/imports/server/publications/characterList.js b/app/imports/server/publications/characterList.js index e65536f1..5d8ff969 100644 --- a/app/imports/server/publications/characterList.js +++ b/app/imports/server/publications/characterList.js @@ -1,20 +1,26 @@ -import Creatures from "/imports/api/creature/Creatures.js"; +import Creatures from '/imports/api/creature/Creatures.js'; import Parties from '/imports/api/campaign/Parties.js'; -Meteor.publish("characterList", function(){ +Meteor.publish('characterList', function(){ var userId = this.userId; if (!userId) { - this.ready(); - return; + return []; } + const user = Meteor.user(); + const subs = user && user.subscribedCharacters || []; return [ - Creatures.find( - {$or: [{readers: userId}, {writers: userId}, {owner: userId}], type: "pc"}, - { + Creatures.find({ + $or: [ + {readers: userId}, + {writers: userId}, + {owner: userId}, + {_id: {$in: subs}}, + ], + type: 'pc', + }, { fields: { name: 1, urlName: 1, - race: 1, alignment: 1, gender: 1, readers: 1, @@ -22,16 +28,10 @@ Meteor.publish("characterList", function(){ owner: 1, color: 1, picture: 1, + public: 1, } } ), Parties.find({owner: userId}), ]; }); - -DDPRateLimiter.addRule({ - name: "characterList", - type: "subscription", - userId(){ return true; }, - connectionId(){ return true; }, -}, 8, 5000); diff --git a/app/imports/server/publications/icons.js b/app/imports/server/publications/icons.js index 49f13418..a289fdcf 100644 --- a/app/imports/server/publications/icons.js +++ b/app/imports/server/publications/icons.js @@ -1,11 +1,10 @@ import Icons from '/imports/api/icons/Icons.js'; -Meteor.publish("sampleIcons", function(){ +Meteor.publish('sampleIcons', function(){ return Icons.find({}, {limit: 50}); }); - -Meteor.publish("searchIcons", function(searchValue) { +Meteor.publish('searchIcons', function(searchValue) { // Don't publish anything if there's no search value if (!searchValue) { return []; @@ -15,11 +14,11 @@ Meteor.publish("searchIcons", function(searchValue) { { // relevant documents have a higher score. fields: { - score: { $meta: "textScore" } + score: { $meta: 'textScore' } }, // `score` property specified in the projection fields above. sort: { - score: { $meta: "textScore" } + score: { $meta: 'textScore' } } } ); diff --git a/app/imports/server/publications/index.js b/app/imports/server/publications/index.js index e5e5d827..054aa2ff 100644 --- a/app/imports/server/publications/index.js +++ b/app/imports/server/publications/index.js @@ -1,5 +1,5 @@ -import './characterList.js'; -import './library.js'; -import './singleCharacter.js'; -import './users.js'; -import './icons.js'; +import '/imports/server/publications/characterList.js'; +import '/imports/server/publications/library.js'; +import '/imports/server/publications/singleCharacter.js'; +import '/imports/server/publications/users.js'; +import '/imports/server/publications/icons.js'; diff --git a/app/imports/server/publications/library.js b/app/imports/server/publications/library.js index b98c0648..fde6c846 100644 --- a/app/imports/server/publications/library.js +++ b/app/imports/server/publications/library.js @@ -10,32 +10,28 @@ Meteor.publish('standardLibraries', function(){ }); Meteor.publish('libraries', function(){ + if (!this.userId) return []; const user = Meteor.user(); - const userId = user && user._id; - if (!userId) return []; const subs = user && user.subscribedLibraries || []; return Libraries.find({ $or: [ - {owner: userId}, - {writers: userId}, - {readers: userId}, + {owner: this.userId}, + {writers: this.userId}, + {readers: this.userId}, {_id: {$in: subs}}, ] }); }); Meteor.publish('library', function(libraryId){ - const user = Meteor.user(); - const userId = user && user._id; - if (!userId) return []; - const subs = user && user.subscribedLibraries || []; + if (!this.userId) return []; let libraryCursor = Libraries.find({ _id: libraryId, $or: [ - {owner: userId}, - {writers: userId}, - {readers: userId}, - {_id: {$in: subs}}, + {owner: this.userId}, + {writers: this.userId}, + {readers: this.userId}, + {public: true}, ], }); if (!libraryCursor.count()) return []; diff --git a/app/imports/server/publications/singleCharacter.js b/app/imports/server/publications/singleCharacter.js index 3faf9d2f..3af6372b 100644 --- a/app/imports/server/publications/singleCharacter.js +++ b/app/imports/server/publications/singleCharacter.js @@ -2,14 +2,14 @@ import Creatures from '/imports/api/creature/Creatures.js'; import CreatureProperties from '/imports/api/creature/CreatureProperties.js'; Meteor.publish('singleCharacter', function(charId){ - userId = this.userId; + let userId = this.userId; var char = Creatures.findOne({ _id: charId, $or: [ {readers: userId}, {writers: userId}, {owner: userId}, - {'settings.viewPermission': 'public'}, + {public: true}, ], }); if (char){ @@ -23,29 +23,3 @@ Meteor.publish('singleCharacter', function(charId){ return []; } }); - -DDPRateLimiter.addRule({ - name: 'singleCharacter', - type: 'subscription', - userId: null, - connectionId(){ return true; }, -}, 8, 10000, function(reply, ruleInput){ - if(!reply.allowed){ - logRateError(reply, ruleInput); - } -}); - -Meteor.publish('singleCharacterName', function(charId){ - userId = this.userId; - return Creatures.find({ - _id: charId, - $or: [ - {readers: userId}, - {writers: userId}, - {owner: userId}, - {'settings.viewPermission': 'public'}, - ], - }, { - fields:{'name': 1} - }); -});