From 44751cebc520702719cdd4adccc9e0306734b2ee Mon Sep 17 00:00:00 2001 From: Nick Martin Date: Fri, 15 Jun 2012 13:11:02 -0700 Subject: [PATCH] Clean up users autopublish. Users table suppresses private fields when autopublished. Current user published turned into automatic publish, so the warning about the autopublish package is suppressed. --- packages/accounts/accounts_client.js | 1 - packages/accounts/accounts_common.js | 11 +++++++++-- packages/accounts/accounts_server.js | 15 +++++++++++++-- 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/packages/accounts/accounts_client.js b/packages/accounts/accounts_client.js index d5381eba2a..4e07b08e69 100644 --- a/packages/accounts/accounts_client.js +++ b/packages/accounts/accounts_client.js @@ -33,5 +33,4 @@ }); }; - Meteor.subscribe("currentUser"); })(); diff --git a/packages/accounts/accounts_common.js b/packages/accounts/accounts_common.js index 297949567b..1093d2eee1 100644 --- a/packages/accounts/accounts_common.js +++ b/packages/accounts/accounts_common.js @@ -1,11 +1,18 @@ -Meteor.users = new Meteor.Collection("users"); - if (!Meteor.accounts) { Meteor.accounts = {}; } +// internal login tokens collection. Never published. Meteor.accounts._loginTokens = new Meteor.Collection( "accounts._loginTokens", null /*manager*/, null /*driver*/, true /*preventAutopublish*/); + +// Users table. Don't use the normal autopublish, since we want to hide +// some fields. Code to autopublish this is in accounts_server.js. +Meteor.users = new Meteor.Collection( + "users", + null /*manager*/, + null /*driver*/, + true /*preventAutopublish*/); diff --git a/packages/accounts/accounts_server.js b/packages/accounts/accounts_server.js index 9da172d680..89df66dbea 100644 --- a/packages/accounts/accounts_server.js +++ b/packages/accounts/accounts_server.js @@ -110,15 +110,26 @@ } }); - // Publish a few attributes on the current user object - Meteor.publish("currentUser", function() { + + // Always publish the current user's record to the client. + Meteor.publish(null, function() { if (this.userId()) return Meteor.users.find({_id: this.userId()}, {fields: {services: 0, private: 0}}); else return null; + }, {is_auto: true}); + + // If autopublish is on, also publish everyone else's user record. + Meteor.default_server.onAutopublish(function () { + var handler = function () { + return Meteor.users.find( + {}, {fields: {services: 0, private: 0, emails: 0}}); + }; + Meteor.default_server.publish(null, handler, {is_auto: true}); }); + // Try all of the registered login handlers until one of them doesn't // return `undefined`, meaning it handled this call to `login`. Return // that return value.