Vulcan/server/publish.js

Meteor.publish('currentUser', function() {
  return Meteor.users.find(this.userId);
});
Meteor.publish('allUsers', function() {
  if (this.userId && isAdminById(this.userId)) {
    // if user is admin, publish all fields
    return Meteor.users.find();
  }else{
    // else, filter out sensitive info
    return Meteor.users.find({}, {fields: {
      secret_id: false,
      isAdmin: false,
      emails: false,
      notifications: false,
      'profile.email': false,
      'services.twitter.accessToken': false,
      'services.twitter.accessTokenSecret': false,
      'services.twitter.id': false,
      'services.password': false
    }});
  }
});

Meteor.startup(function(){
  Meteor.users.allow({
      insert: function(userId, doc){
        //TODO
        return true;
      }
    , update: function(userId, docs, fields, modifier){
      console.log("updating");
      console.log(userId);
      console.log(docs);
      console.log('fields: '+fields);
      // console.log(modifier); //uncommenting this crashes everything
      if(isAdminById(userId) || (docs[0]._id && docs[0]._id==userId)){
          return true;
        }
        return false;
      }
    , remove: function(userId, docs){ 
        if(isAdminById(userId) || (docs[0]._id && docs[0]._id==userId)){
          return true;
        }
        return false; 
      }
  });
});

// Posts

Posts = new Meteor.Collection('posts');
// Meteor.publish('posts', function() {
//   return Posts.find({}, {sort: {score: -1}});
// });

Meteor.publish('posts', function(find, options) {
  var collection=Posts.find(find, options);

  // console.log("publishing…");
  // console.log(postsView.find, postsView.sort, postsView.skip, postsView.limit);
  // collectionArray=collection.fetch();
  // console.log('collection.count() '+collection.count());
  // console.log('collection.fetch().length '+collectionArray.length);
  // for(i=0;i<collectionArray.length;i++){
  //   console.log('- '+collectionArray[i].headline);
  // }
  // console.log('\n');

  return collection;
});

// a single post, identified by id
Meteor.publish('post', function(id) {
  return Posts.find(id);
});

// FIXME -- check all docs, not just the first one.
Meteor.startup(function(){
  Posts.allow({
      insert: function(userId, doc){
        if(userId){
          doc.userId = userId;
          return true;
        }
        return false;
      }
    , update: function(userId, docs, fields, modifier){ 
        if(isAdminById(userId) || (docs[0].userId && docs[0].userId===userId)){
          return true;
        }
        throw new Meteor.Error(403, 'You do not have permission to edit this post');
        return false;
      }
    , remove: function(userId, docs){ 
        if(isAdminById(userId) || (docs[0].userId && docs[0].userId===userId)){
          return true;
        }
        throw new Meteor.Error(403, 'You do not have permission to delete this post');
        return false; }
  });
});

// Comments

Comments = new Meteor.Collection('comments');

Meteor.publish('comments', function(query) {
  return Comments.find(query);
});

Meteor.startup(function(){
  Comments.allow({
      insert: function(userId, doc){
        if(userId){
          return true;
        }
        return false;
      }
    , update: function(userId, docs, fields, modifier){
        if(isAdminById(userId) || (docs[0].userId && docs[0].userId==userId)){
          return true;
        }
        throw new Meteor.Error(403, 'You do not have permission to edit this comment');        
        return false;
      }
    , remove: function(userId, docs){ 
        if(isAdminById(userId) || (docs[0].userId && docs[0].userId==userId)){
          return true;
        throw new Meteor.Error(403, 'You do not have permission to delete this comment');
        }
        return false;
      }
  });
});

// Settings

Settings = new Meteor.Collection('settings');

Meteor.publish('settings', function() {
  return Settings.find();
});

Meteor.startup(function(){
  Settings.allow({
      insert: function(userId, docs){ return isAdminById(userId); }
    , update: function(userId, docs, fields, modifier){ return isAdminById(userId); }
    , remove: function(userId, docs){ return isAdminById(userId); }
  });
});


// Notifications

Notifications = new Meteor.Collection('notifications');

Meteor.publish('notifications', function() {
  // only publish notifications belonging to the current user
  return Notifications.find({userId:this._id});
});

Meteor.startup(function(){
  Notifications.allow({
      insert: function(userId, doc){
        if(userId){
          return true;
        }
        return false;
      }
    , update: function(userId, docs, fields, modifier){
        if(isAdminById(userId) || (docs[0].user_id && docs[0].user_id==userId)){
          return true;
        }
        return false;
      }
    , remove: function(userId, docs){ 
        if(isAdminById(userId) || (docs[0].user_id && docs[0].user_id==userId)){
          return true;
        }
        return false;
      }
  });
});

// Categories

Categories = new Meteor.Collection('categories');

Meteor.publish('categories', function() {
  return Categories.find();
});

Meteor.startup(function(){
  Categories.allow({
      insert: function(userId, docs){ return isAdminById(userId); }
    , update: function(userId, docs, fields, modifier){ return isAdminById(userId); }
    , remove: function(userId, docs){ return isAdminById(userId); }
  });
});
switching to 0.5 2012-10-18 14:24:36 +09:00			`Meteor.publish('currentUser', function() {`
Fixed problem with overlapping subscriptions. 2012-10-19 15:53:26 +11:00			`return Meteor.users.find(this.userId);`
switching to 0.5 2012-10-18 14:24:36 +09:00			`});`
			`Meteor.publish('allUsers', function() {`
			`if (this.userId && isAdminById(this.userId)) {`
			`// if user is admin, publish all fields`
now publishing emails when active users is admin 2012-09-18 16:23:33 +09:00			`return Meteor.users.find();`
			`}else{`
switching to 0.5 2012-10-18 14:24:36 +09:00			`// else, filter out sensitive info`
Fixed problem with overlapping subscriptions. 2012-10-19 15:53:26 +11:00			`return Meteor.users.find({}, {fields: {`
improved errors 2012-10-08 10:44:13 +09:00			`secret_id: false,`
			`isAdmin: false,`
			`emails: false,`
			`notifications: false,`
			`'profile.email': false,`
			`'services.twitter.accessToken': false,`
			`'services.twitter.accessTokenSecret': false,`
			`'services.twitter.id': false,`
			`'services.password': false`
			`}});`
now publishing emails when active users is admin 2012-09-18 16:23:33 +09:00			`}`
publishing users 2012-09-06 15:28:58 +09:00			`});`
working on user account edit page 2012-09-19 09:03:25 +09:00
			`Meteor.startup(function(){`
			`Meteor.users.allow({`
			`insert: function(userId, doc){`
			`//TODO`
			`return true;`
			`}`
			`, update: function(userId, docs, fields, modifier){`
switching to 0.5 2012-10-18 14:24:36 +09:00			`console.log("updating");`
			`console.log(userId);`
			`console.log(docs);`
			`console.log('fields: '+fields);`
working on notifications 2012-10-04 13:30:57 +09:00			`// console.log(modifier); //uncommenting this crashes everything`
reworking invite system 2012-10-05 13:59:40 +09:00			`if(isAdminById(userId) \|\| (docs[0]._id && docs[0]._id==userId)){`
added mixpanel 2012-09-24 11:31:45 +09:00			`return true;`
			`}`
			`return false;`
working on user account edit page 2012-09-19 09:03:25 +09:00			`}`
			`, remove: function(userId, docs){`
reworking invite system 2012-10-05 13:59:40 +09:00			`if(isAdminById(userId) \|\| (docs[0]._id && docs[0]._id==userId)){`
added mixpanel 2012-09-24 11:31:45 +09:00			`return true;`
			`}`
working on user account edit page 2012-09-19 09:03:25 +09:00			`return false;`
			`}`
			`});`
			`});`

can post comments 2012-08-22 23:24:33 -04:00			`// Posts`

initial commit 2012-08-22 21:27:22 -04:00			`Posts = new Meteor.Collection('posts');`
working on pagination 2012-10-09 12:02:37 +09:00			`// Meteor.publish('posts', function() {`
			`// return Posts.find({}, {sort: {score: -1}});`
			`// });`
initial commit 2012-08-22 21:27:22 -04:00
Refactored the subscriptions to be all separate. Probably still a bit of work to do to get things up to scratch, but looking good. 2012-10-18 13:07:10 +11:00			`Meteor.publish('posts', function(find, options) {`
			`var collection=Posts.find(find, options);`
fix post rank display 2012-10-09 14:24:06 +09:00
fixed getRank 2012-10-09 15:34:00 +09:00			`// console.log("publishing…");`
			`// console.log(postsView.find, postsView.sort, postsView.skip, postsView.limit);`
			`// collectionArray=collection.fetch();`
			`// console.log('collection.count() '+collection.count());`
			`// console.log('collection.fetch().length '+collectionArray.length);`
			`// for(i=0;i<collectionArray.length;i++){`
			`// console.log('- '+collectionArray[i].headline);`
			`// }`
			`// console.log('\n');`
fix post rank display 2012-10-09 14:24:06 +09:00
working on pagination 2012-10-09 12:02:37 +09:00			`return collection;`
initial commit 2012-08-22 21:27:22 -04:00			`});`
can post comments 2012-08-22 23:24:33 -04:00
Single post has it's own subscription. Works _only_ on the post_page and breaks the other lists right now. 2012-10-18 12:01:17 +11:00			`// a single post, identified by id`
			`Meteor.publish('post', function(id) {`
			`return Posts.find(id);`
			`});`

Fix security a little 2012-09-11 18:52:01 +10:00			`// FIXME -- check all docs, not just the first one.`
can post comments 2012-08-22 23:24:33 -04:00			`Meteor.startup(function(){`
			`Posts.allow({`
publishing users 2012-09-06 15:28:58 +09:00			`insert: function(userId, doc){`
			`if(userId){`
Fix security a little 2012-09-11 18:52:01 +10:00			`doc.userId = userId;`
publishing users 2012-09-06 15:28:58 +09:00			`return true;`
			`}`
			`return false;`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`}`
working on admin account and permissions 2012-09-19 10:05:02 +09:00			`, update: function(userId, docs, fields, modifier){`
fixed typo in userId var 2012-10-11 13:50:17 +09:00			`if(isAdminById(userId) \|\| (docs[0].userId && docs[0].userId===userId)){`
working on edit permissions 2012-09-06 11:09:24 +09:00			`return true;`
			`}`
adding permission check for post and comment edit 2012-10-10 10:48:14 +09:00			`throw new Meteor.Error(403, 'You do not have permission to edit this post');`
working on edit permissions 2012-09-06 11:09:24 +09:00			`return false;`
			`}`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`, remove: function(userId, docs){`
fixed typo in userId var 2012-10-11 13:50:17 +09:00			`if(isAdminById(userId) \|\| (docs[0].userId && docs[0].userId===userId)){`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`return true;`
			`}`
adding permission check for post and comment edit 2012-10-10 10:48:14 +09:00			`throw new Meteor.Error(403, 'You do not have permission to delete this post');`
re-enabling security checks 2012-09-13 11:57:35 +09:00			`return false; }`
can post comments 2012-08-22 23:24:33 -04:00			`});`
			`});`

			`// Comments`

			`Comments = new Meteor.Collection('comments');`

added a way to load a specific comment in the server-side publish method 2012-10-10 11:03:09 +09:00			`Meteor.publish('comments', function(query) {`
			`return Comments.find(query);`
can post comments 2012-08-22 23:24:33 -04:00			`});`

			`Meteor.startup(function(){`
			`Comments.allow({`
publishing users 2012-09-06 15:28:58 +09:00			`insert: function(userId, doc){`
			`if(userId){`
			`return true;`
			`}`
			`return false;`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`}`
			`, update: function(userId, docs, fields, modifier){`
fixed typo in userId var 2012-10-11 13:50:17 +09:00			`if(isAdminById(userId) \|\| (docs[0].userId && docs[0].userId==userId)){`
working on user account edit page 2012-09-19 09:03:25 +09:00			`return true;`
			`}`
adding permission check for post and comment edit 2012-10-10 10:48:14 +09:00			`throw new Meteor.Error(403, 'You do not have permission to edit this comment');`
working on user account edit page 2012-09-19 09:03:25 +09:00			`return false;`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`}`
			`, remove: function(userId, docs){`
fixed typo in userId var 2012-10-11 13:50:17 +09:00			`if(isAdminById(userId) \|\| (docs[0].userId && docs[0].userId==userId)){`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`return true;`
adding permission check for post and comment edit 2012-10-10 10:48:14 +09:00			`throw new Meteor.Error(403, 'You do not have permission to delete this comment');`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`}`
drop client use of isAdmin 2012-09-27 23:18:02 -07:00			`return false;`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`}`
implemented voting 2012-08-30 21:35:48 -04:00			`});`
			`});`

added settings page 2012-09-06 19:42:11 +09:00			`// Settings`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00
added settings page 2012-09-06 19:42:11 +09:00			`Settings = new Meteor.Collection('settings');`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00
added settings page 2012-09-06 19:42:11 +09:00			`Meteor.publish('settings', function() {`
			`return Settings.find();`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`});`

			`Meteor.startup(function(){`
added settings page 2012-09-06 19:42:11 +09:00			`Settings.allow({`
reworking invite system 2012-10-05 13:59:40 +09:00			`insert: function(userId, docs){ return isAdminById(userId); }`
			`, update: function(userId, docs, fields, modifier){ return isAdminById(userId); }`
			`, remove: function(userId, docs){ return isAdminById(userId); }`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`});`
gave notifications its own collection and styled notifcation widget 2012-10-05 10:23:38 +09:00			`});`


			`// Notifications`

			`Notifications = new Meteor.Collection('notifications');`

			`Meteor.publish('notifications', function() {`
added client-side filtering for comments and notifications 2012-10-10 07:28:44 +09:00			`// only publish notifications belonging to the current user`
switching to 0.5 2012-10-18 14:24:36 +09:00			`return Notifications.find({userId:this._id});`
gave notifications its own collection and styled notifcation widget 2012-10-05 10:23:38 +09:00			`});`

			`Meteor.startup(function(){`
			`Notifications.allow({`
			`insert: function(userId, doc){`
			`if(userId){`
			`return true;`
			`}`
			`return false;`
			`}`
			`, update: function(userId, docs, fields, modifier){`
reworking invite system 2012-10-05 13:59:40 +09:00			`if(isAdminById(userId) \|\| (docs[0].user_id && docs[0].user_id==userId)){`
gave notifications its own collection and styled notifcation widget 2012-10-05 10:23:38 +09:00			`return true;`
			`}`
			`return false;`
			`}`
			`, remove: function(userId, docs){`
reworking invite system 2012-10-05 13:59:40 +09:00			`if(isAdminById(userId) \|\| (docs[0].user_id && docs[0].user_id==userId)){`
gave notifications its own collection and styled notifcation widget 2012-10-05 10:23:38 +09:00			`return true;`
			`}`
			`return false;`
			`}`
			`});`
added client-side filtering for comments and notifications 2012-10-10 07:28:44 +09:00			`});`

			`// Categories`

			`Categories = new Meteor.Collection('categories');`

			`Meteor.publish('categories', function() {`
			`return Categories.find();`
			`});`

			`Meteor.startup(function(){`
			`Categories.allow({`
			`insert: function(userId, docs){ return isAdminById(userId); }`
			`, update: function(userId, docs, fields, modifier){ return isAdminById(userId); }`
			`, remove: function(userId, docs){ return isAdminById(userId); }`
			`});`
fixed submit post bug with permissions 2012-09-06 11:34:05 +09:00			`});`