Ensured all subscriptions return empty arrays instead of errors or ready
This commit is contained in:
Stefan Zermatten
@@ -1 +1 @@
|
||||
METEOR@1.11
|
||||
METEOR@1.11.1
|
||||
|
||||
@@ -10,7 +10,7 @@ akryum:vue-component@0.15.2
|
||||
akryum:vue-component-dev-client@0.4.7
|
||||
akryum:vue-component-dev-server@0.1.4
|
||||
akryum:vue-router2@0.2.3
|
||||
aldeed:collection2@3.2.0
|
||||
aldeed:collection2@3.2.1
|
||||
aldeed:schema-index@3.0.0
|
||||
allow-deny@1.1.0
|
||||
autoupdate@1.6.0
|
||||
@@ -20,7 +20,7 @@ base64@1.0.12
|
||||
binary-heap@1.0.11
|
||||
blaze@2.3.4
|
||||
blaze-tools@1.0.10
|
||||
boilerplate-generator@1.7.0
|
||||
boilerplate-generator@1.7.1
|
||||
bozhao:link-accounts@2.2.1
|
||||
caching-compiler@1.2.2
|
||||
caching-html-compiler@1.1.3
|
||||
@@ -38,7 +38,7 @@ ddp-rate-limiter@1.0.9
|
||||
ddp-server@2.3.2
|
||||
deps@1.0.12
|
||||
diff-sequence@1.1.1
|
||||
dynamic-import@0.5.2
|
||||
dynamic-import@0.5.3
|
||||
ecmascript@0.14.3
|
||||
ecmascript-runtime@0.7.0
|
||||
ecmascript-runtime-client@0.11.0
|
||||
@@ -73,7 +73,7 @@ meteortesting:browser-tests@1.3.4
|
||||
meteortesting:mocha@1.1.5
|
||||
meteortesting:mocha-core@7.0.1
|
||||
mikowals:batch-insert@1.2.0
|
||||
minifier-css@1.5.2
|
||||
minifier-css@1.5.3
|
||||
minifier-js@2.6.0
|
||||
minimongo@1.6.0
|
||||
mobile-experience@1.1.0
|
||||
@@ -81,14 +81,14 @@ mobile-status-bar@1.1.0
|
||||
modern-browsers@0.1.5
|
||||
modules@0.15.0
|
||||
modules-runtime@0.12.0
|
||||
momentjs:moment@2.27.0
|
||||
momentjs:moment@2.29.1
|
||||
mongo@1.10.0
|
||||
mongo-decimal@0.1.1
|
||||
mongo-dev-server@1.1.0
|
||||
mongo-id@1.0.7
|
||||
npm-bcrypt@0.9.3
|
||||
npm-mongo@3.8.0
|
||||
oauth@1.3.0
|
||||
npm-mongo@3.8.1
|
||||
oauth@1.3.2
|
||||
oauth2@1.3.0
|
||||
observe-sequence@1.0.16
|
||||
ongoworks:speakingurl@9.0.0
|
||||
@@ -111,7 +111,7 @@ reactive-var@1.0.11
|
||||
reload@1.3.0
|
||||
retry@1.1.0
|
||||
routepolicy@1.1.0
|
||||
seba:minifiers-autoprefixer@1.1.2
|
||||
seba:minifiers-autoprefixer@1.2.1
|
||||
service-configuration@1.0.11
|
||||
session@1.2.0
|
||||
sha@1.0.9
|
||||
|
||||
@@ -24,6 +24,6 @@ export function assertEditPermission(creature, userId) {
|
||||
}
|
||||
|
||||
export function assertViewPermission(creature, userId) {
|
||||
creature = getCreature(creature, {owner: 1, writers: 1, public: 1});
|
||||
creature = getCreature(creature, {owner: 1, readers:1, writers: 1, public: 1});
|
||||
viewPermission(creature, userId);
|
||||
}
|
||||
|
||||
@@ -99,7 +99,7 @@ export function assertViewPermission(doc, userId) {
|
||||
return true;
|
||||
} else {
|
||||
throw new Meteor.Error('View permission denied',
|
||||
'You do not have permission to view this character');
|
||||
'You do not have permission to view this document');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ Meteor.publish('characterList', function(){
|
||||
this.autorun(function (){
|
||||
var userId = this.userId;
|
||||
if (!userId) {
|
||||
return this.ready();
|
||||
return [];
|
||||
}
|
||||
const user = Meteor.users.findOne(this.userId, {
|
||||
fields: {subscribedCharacters: 1}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import SimpleSchema from 'simpl-schema';
|
||||
import Creatures from '/imports/api/creature/Creatures.js';
|
||||
import Experiences from '/imports/api/creature/experience/Experiences.js';
|
||||
import { assertViewPermission } from '/imports/api/creature/creaturePermissions.js';
|
||||
|
||||
let schema = new SimpleSchema({
|
||||
creatureId: {
|
||||
@@ -13,6 +14,9 @@ Meteor.publish('experiences', function(creatureId){
|
||||
schema.validate({ creatureId });
|
||||
this.autorun(function (){
|
||||
let userId = this.userId;
|
||||
if (!userId) {
|
||||
return [];
|
||||
}
|
||||
let creatureCursor = Creatures.find({
|
||||
_id: creatureId,
|
||||
$or: [
|
||||
@@ -22,7 +26,11 @@ Meteor.publish('experiences', function(creatureId){
|
||||
{public: true},
|
||||
],
|
||||
});
|
||||
if (!creatureCursor.count()) return this.ready();
|
||||
try {
|
||||
assertViewPermission(creatureCursor.fetch()[0], this.userId);
|
||||
} catch (e){
|
||||
return [];
|
||||
}
|
||||
return [
|
||||
Experiences.find({
|
||||
creatureId,
|
||||
|
||||
@@ -12,10 +12,11 @@ Meteor.publish('standardLibraries', function(){
|
||||
|
||||
Meteor.publish('libraries', function(){
|
||||
this.autorun(function (){
|
||||
if (!this.userId) {
|
||||
return this.ready();
|
||||
let userId = this.userId;
|
||||
if (!userId) {
|
||||
return [];
|
||||
}
|
||||
const user = Meteor.users.findOne(this.userId, {
|
||||
const user = Meteor.users.findOne(userId, {
|
||||
fields: {subscribedLibraries: 1}
|
||||
});
|
||||
const subs = user && user.subscribedLibraries || [];
|
||||
|
||||
@@ -2,6 +2,7 @@ import SimpleSchema from 'simpl-schema';
|
||||
import Creatures from '/imports/api/creature/Creatures.js';
|
||||
import CreatureProperties from '/imports/api/creature/CreatureProperties.js';
|
||||
import CreatureLogs from '/imports/api/creature/log/CreatureLogs.js';
|
||||
import { assertViewPermission } from '/imports/api/creature/creaturePermissions.js';
|
||||
|
||||
let schema = new SimpleSchema({
|
||||
creatureId: {
|
||||
@@ -14,6 +15,9 @@ Meteor.publish('singleCharacter', function(creatureId){
|
||||
schema.validate({ creatureId });
|
||||
this.autorun(function (){
|
||||
let userId = this.userId;
|
||||
if (!userId) {
|
||||
return [];
|
||||
}
|
||||
let creatureCursor = Creatures.find({
|
||||
_id: creatureId,
|
||||
$or: [
|
||||
@@ -23,7 +27,11 @@ Meteor.publish('singleCharacter', function(creatureId){
|
||||
{public: true},
|
||||
],
|
||||
});
|
||||
if (!creatureCursor.count()) return this.ready();
|
||||
try {
|
||||
assertViewPermission(creatureCursor.fetch()[0], userId);
|
||||
} catch (e){
|
||||
return [];
|
||||
}
|
||||
return [
|
||||
creatureCursor,
|
||||
CreatureProperties.find({
|
||||
|
||||
@@ -4,17 +4,18 @@ import CreatureProperties from '/imports/api/creature/CreatureProperties.js';
|
||||
|
||||
Meteor.publish('slotFillers', function(slotId){
|
||||
this.autorun(function (){
|
||||
if (!this.userId) {
|
||||
return this.ready();
|
||||
let userId = this.userId;
|
||||
if (!userId) {
|
||||
return [];
|
||||
}
|
||||
// Get the slot
|
||||
let slot = CreatureProperties.findOne(slotId);
|
||||
if (!slot){
|
||||
return this.ready()
|
||||
return [];
|
||||
}
|
||||
|
||||
// Get all the ids of libraries the user can access
|
||||
const user = Meteor.users.findOne(this.userId, {
|
||||
const user = Meteor.users.findOne(userId, {
|
||||
fields: {subscribedLibraries: 1}
|
||||
});
|
||||
const subs = user && user.subscribedLibraries || [];
|
||||
|
||||
@@ -5,7 +5,7 @@ import Messages from '/imports/api/tabletop/Messages.js';
|
||||
Meteor.publish('tabletops', function(){
|
||||
var userId = this.userId;
|
||||
if (!userId) {
|
||||
return this.ready();
|
||||
return [];
|
||||
}
|
||||
return Tabletops.find({
|
||||
$or: [
|
||||
@@ -18,7 +18,7 @@ Meteor.publish('tabletops', function(){
|
||||
Meteor.publish('tabletop', function(tabletopId){
|
||||
var userId = this.userId;
|
||||
if (!userId) {
|
||||
return this.ready();
|
||||
return [];
|
||||
}
|
||||
this.autorun(function (){
|
||||
let tabletopCursor = Tabletops.find({
|
||||
@@ -30,7 +30,7 @@ Meteor.publish('tabletop', function(tabletopId){
|
||||
});
|
||||
let tabletop = tabletopCursor.fetch()[0];
|
||||
if (!tabletop){
|
||||
return this.ready();
|
||||
return [];
|
||||
}
|
||||
// Warning, this leaks data to users of the same tabletop who may not have
|
||||
// read permission of this specific creature, so publish as few fields as
|
||||
|
||||
Reference in New Issue
Block a user