Improved subscription permissions, should now work as expected for public documents

2020-11-12 10:48:46 +02:00
parent cd84b2562a
commit bd056ab042
3 changed files with 18 additions and 40 deletions
--- a/app/imports/api/sharing/sharingPermissions.js
+++ b/app/imports/api/sharing/sharingPermissions.js
@@ -88,11 +88,11 @@ export function assertDocEditPermission(doc, userId){
 }

 export function assertViewPermission(doc, userId) {
-  assertIdValid(userId);
  assertdocExists(doc);
+  if (doc.public) return true;
+  assertIdValid(userId);
  if (
    doc.owner === userId ||
-    doc.public ||
    _.contains(doc.readers, userId) ||
    _.contains(doc.writers, userId)
  ){
--- a/app/imports/server/publications/library.js
+++ b/app/imports/server/publications/library.js
@@ -1,7 +1,7 @@
 import SimpleSchema from 'simpl-schema';
 import Libraries from '/imports/api/library/Libraries.js';
 import LibraryNodes from '/imports/api/library/LibraryNodes.js';
-
+import { assertViewPermission } from '/imports/api/sharing/sharingPermissions.js';
 const standardLibraryIds = [
  'SRDLibraryGA3XWsd',
 ];
@@ -41,24 +41,13 @@ let libraryIdSchema = new SimpleSchema({
 Meteor.publish('library', function(libraryId){
  libraryIdSchema.validate({libraryId});
  this.autorun(function (){
-    let libraryCursor
-    if (this.userId) {
-      libraryCursor = Libraries.find({
-        _id: libraryId,
-        $or: [
-          {owner: this.userId},
-          {writers: this.userId},
-          {readers: this.userId},
-          {public: true},
-        ],
-      });
-    } else {
-      libraryCursor = Libraries.find({
-        _id: libraryId,
-        public: true,
-      });
-    }
-    if (!libraryCursor.count()) return this.ready();
+    let userId = this.userId;
+    let libraryCursor = Libraries.find({
+      _id: libraryId,
+    });
+    let library = libraryCursor.fetch()[0];
+    try { assertViewPermission(library, userId) }
+    catch(e){ return [] }
    return [
      libraryCursor,
      LibraryNodes.find({
--- a/app/imports/server/publications/singleCharacter.js
+++ b/app/imports/server/publications/singleCharacter.js
@@ -17,27 +17,16 @@ Meteor.publish('singleCharacter', function(creatureId){
  schema.validate({ creatureId });
  this.autorun(function (){
    let userId = this.userId;
-    if (!userId) {
-      return [];
-    }
-    let creatureCursor = Creatures.find({
+    let creatureCursor
+    creatureCursor = Creatures.find({
      _id: creatureId,
-      $or: [
-        {readers: userId},
-        {writers: userId},
-        {owner: userId},
-        {public: true},
-      ],
    });
-    try {
-      let creature = creatureCursor.fetch()[0];
-      assertViewPermission(creature, userId);
-      if (creature.computeVersion !== VERSION){
-        recomputeCreatureById(creatureId)
-      }
-    } catch (e){
-      console.error(e);
-      return [];
+    let creature = creatureCursor.fetch()[0];
+    try { assertViewPermission(creature, userId) }
+    catch(e){ return [] }
+    if (creature.computeVersion !== VERSION){
+      try { recomputeCreatureById(creatureId) }
+      catch(e){ console.error(e) }
    }
    return [
      creatureCursor,