diff options
author | Justin Reynolds <justinr1234@gmail.com> | 2019-08-14 18:59:21 -0500 |
---|---|---|
committer | Justin Reynolds <justinr1234@gmail.com> | 2019-08-15 15:47:32 -0500 |
commit | 977503fa7986967779b3ac17afccf338608bd615 (patch) | |
tree | 17c33ff5a8a1bc3ad8123b200c1a9b277ce6b413 | |
parent | a282384ab058cb6a118a9fa6c822e050607fb8e9 (diff) | |
download | wekan-977503fa7986967779b3ac17afccf338608bd615.tar.gz wekan-977503fa7986967779b3ac17afccf338608bd615.tar.bz2 wekan-977503fa7986967779b3ac17afccf338608bd615.zip |
Fix mismatched queries
-rw-r--r-- | server/publications/boards.js | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/server/publications/boards.js b/server/publications/boards.js index 5037938d..a6ab9983 100644 --- a/server/publications/boards.js +++ b/server/publications/boards.js @@ -3,13 +3,14 @@ // 1. that the user is a member of // 2. the user has starred Meteor.publish('boards', function() { + const userId = this.userId; // Ensure that the user is connected. If it is not, we need to return an empty // array to tell the client to remove the previously published docs. - if (!Match.test(this.userId, String)) return []; + if (!Match.test(userId, String) || !userId) return []; // Defensive programming to verify that starredBoards has the expected // format -- since the field is in the `profile` a user can modify it. - const { starredBoards = [] } = Users.findOne(this.userId).profile || []; + const { starredBoards = [] } = (Users.findOne(userId) || {}).profile || {}; check(starredBoards, [String]); return Boards.find( @@ -20,7 +21,7 @@ Meteor.publish('boards', function() { _id: { $in: starredBoards }, permission: 'public', }, - { members: { $elemMatch: { userId: this.userId, isActive: true } } }, + { members: { $elemMatch: { userId, isActive: true } } }, ], }, { @@ -40,14 +41,15 @@ Meteor.publish('boards', function() { }); Meteor.publish('archivedBoards', function() { - if (!Match.test(this.userId, String)) return []; + const userId = this.userId; + if (!Match.test(userId, String)) return []; return Boards.find( { archived: true, members: { $elemMatch: { - userId: this.userId, + userId, isAdmin: true, }, }, @@ -70,6 +72,13 @@ Meteor.publishRelations('board', function(boardId, isArchived) { check(boardId, String); check(isArchived, Boolean); const thisUserId = this.userId; + const $or = [{ permission: 'public' }]; + + if (thisUserId) { + $or.push({ + members: { $elemMatch: { userId: thisUserId, isActive: true } }, + }); + } this.cursor( Boards.find( @@ -78,10 +87,7 @@ Meteor.publishRelations('board', function(boardId, isArchived) { archived: false, // If the board is not public the user has to be a member of it to see // it. - $or: [ - { permission: 'public' }, - { members: { $elemMatch: { userId: this.userId, isActive: true } } }, - ], + $or, // Sort required to ensure oplog usage }, { limit: 1, sort: { _id: 1 } }, |