diff --git a/client/helpers/router.js b/client/helpers/router.js index e5c1dfae6..de4e75c7f 100644 --- a/client/helpers/router.js +++ b/client/helpers/router.js @@ -223,9 +223,9 @@ Router.map(function() { this.route('user_profile', { path: '/users/:_id', - // waitOn: function() { - // TODO: subscribe to the correct user - // }, + waitOn: function() { + return Meteor.subscribe('singleUser', this.params._id); + }, data: function() { return { user: Meteor.users.findOne(this.params._id) @@ -237,9 +237,9 @@ Router.map(function() { this.route('user_edit', { path: '/users/:_id/edit', - // waitOn: function() { - // TODO: subscribe to the correct user - // }, + waitOn: function() { + return Meteor.subscribe('singleUser', this.params._id); + }, data: function() { return { user: Meteor.users.findOne(this.params._id) @@ -265,7 +265,16 @@ Router.map(function() { // All Users - this.route('users'); + this.route('users', { + waitOn: function() { + return Meteor.subscribe('allUsers'); + }, + data: function() { + return { + users: Meteor.users.find({}, {sort: {createdAt: -1}}) + } + } + }); // Unsubscribe (from notifications) diff --git a/client/main.js b/client/main.js index 35d3f31fd..7368dd92e 100644 --- a/client/main.js +++ b/client/main.js @@ -4,9 +4,16 @@ Session.set('currentDate', new Date()); Session.set('categorySlug', null); Session.set('singlePostReady', false); +// Subscriptions + +// note: here we only subscribe to subscriptions that we need to be available all the time. +// For subscriptions depending on specific pages, see the router. + +// TODO: add session variable that tracks once all subscriptions here have loaded + // Settings Meteor.subscribe('settings', function(){ - // runs once on site load + // runs once after settings have loaded analyticsInit(); Session.set('settingsLoaded',true); }); @@ -14,9 +21,10 @@ Meteor.subscribe('settings', function(){ // Categories Meteor.subscribe('categories'); -// Users +// Current User +// we need to subscribe to the currentUser subscription because by default, +//Meteor doesn't send all the user properties that we need Meteor.subscribe('currentUser'); -Meteor.subscribe('allUsers'); // Notifications - only load if user is logged in if(Meteor.userId() != null){ @@ -78,15 +86,3 @@ selectPending = function() { return selectPosts({name: 'pending', status: STATUS_PENDING, slug: Session.get('categorySlug')}); } pendingPostsHandle = postListSubscription(selectPending, sortPosts('createdAt'), 10); - -// Comments -// Collection depends on selectedPostId and selectedCommentId session variable - -// Session.set('selectedPostId', null); - -// Meteor.autosubscribe(function() { -// var query = { $or : [ { post : Session.get('selectedPostId') } , { _id : Session.get('selectedCommentId') } ] }; -// Meteor.subscribe('comments', query, function() { -// Session.set('singleCommentReady', true); -// }); -// }); diff --git a/lib/users.js b/lib/users.js index a3c3aaba2..48d1cc91f 100644 --- a/lib/users.js +++ b/lib/users.js @@ -1,6 +1,6 @@ isAdminById=function(userId){ var user = Meteor.users.findOne(userId); - return user && isAdmin(user); + return !!(user && isAdmin(user)); } isAdmin=function(user){ if(!user || typeof user === 'undefined') diff --git a/server/publications.js b/server/publications.js index 8d2c14bd6..9a6a00856 100644 --- a/server/publications.js +++ b/server/publications.js @@ -3,8 +3,15 @@ Meteor.publish('currentUser', function() { return Meteor.users.find(this.userId); }); +Meteor.publish('singleUser', function(userId) { + console.log(isAdminById(this.userId)) + if(!isAdminById(this.userId)) + throw new Meteor.Error("You do not have the rights to view this user profile"); + + return Meteor.users.find(userId); +}); Meteor.publish('allUsers', function() { - if (this.userId && isAdminById(this.userId)) { + if (isAdminById(this.userId)) { // if user is admin, publish all fields return Meteor.users.find(); }else{