github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

Follow-up to 4777e64: fix client-specified _id

Browse Source 
This was a regression in 0.8.1 which caused client-specified `_id` to
always be ignored for collections with at least one allow/deny rule.

Fixes #2097. Fixes #2099.
This commit is contained in:
David Glasser
2014-04-30 23:01:53 -07:00
parent b48266bf74
commit 5e0845a436
3 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
History.md
View File

@@ -3,6 +3,8 @@
* Speed up updates of NPM modules by patching NPM to work around
https://github.com/npm/npm/issues/3265 instead of passing `--force`.
* Fix 0.8.1 regression preventing clients from specifying `_id` on insert.
## v0.8.1
#### Meteor Accounts

29
packages/mongo-livedata/allow_tests.js
View File

@@ -50,7 +50,7 @@ if (Meteor.isServer) {
// totally locked down collection
var lockedDownCollection = defineCollection(
"collection-locked-down", false /*insecure*/);
// resticted collection with same allowed modifications, both with and
// restricted collection with same allowed modifications, both with and
// without the `insecure` package
var restrictedCollectionDefaultSecure = defineCollection(
"collection-restrictedDefaultSecure", false /*insecure*/);
@@ -71,7 +71,9 @@ if (Meteor.isServer) {
return doc.a;
});
var restrictedCollectionForInvalidTransformTest = defineCollection(
"collection-restictedForInvalidTransform", false /*insecure*/);
"collection-restrictedForInvalidTransform", false /*insecure*/);
var restrictedCollectionForClientIdTest = defineCollection(
"collection-restrictedForClientIdTest", false /*insecure*/);
if (needToConfigure) {
restrictedCollectionWithTransform.allow({
@@ -98,6 +100,11 @@ if (Meteor.isServer) {
transform: function (doc) { return doc._id; },
insert: function () { return true; }
});
restrictedCollectionForClientIdTest.allow({
// This test just requires the collection to trigger the restricted
// case.
insert: function () { return true; }
});
// two calls to allow to verify that either validator is sufficient.
var allows = [{
@@ -241,7 +248,7 @@ if (Meteor.isClient) {
// totally locked down collection
var lockedDownCollection = defineCollection("collection-locked-down");
// resticted collection with same allowed modifications, both with and
// restricted collection with same allowed modifications, both with and
// without the `insecure` package
var restrictedCollectionDefaultSecure = defineCollection(
"collection-restrictedDefaultSecure");
@@ -262,7 +269,9 @@ if (Meteor.isClient) {
return doc.a;
});
var restrictedCollectionForInvalidTransformTest = defineCollection(
"collection-restictedForInvalidTransform");
"collection-restrictedForInvalidTransform");
var restrictedCollectionForClientIdTest = defineCollection(
"collection-restrictedForClientIdTest");
// test that if allow is called once then the collection is
// restricted, and that other mutations aren't allowed
@@ -760,6 +769,18 @@ if (Meteor.isClient) {
test.isTrue(err);
}));
}]);
testAsyncMulti(
"collection - restricted collection allows client-side id, " + idGeneration,
[function (test, expect) {
var self = this;
self.id = Random.id();
restrictedCollectionForClientIdTest.insert({_id: self.id}, expect(function (err, res) {
test.isFalse(err);
test.equal(res, self.id);
test.equal(restrictedCollectionForClientIdTest.findOne(self.id),
{_id: self.id});
}));
}]);
}); // end idGeneration loop
} // end if isClient

2
packages/mongo-livedata/collection.js
View File

@@ -700,7 +700,7 @@ Meteor.Collection.prototype._defineMutationMethods = function() {
var validatedMethodName =
'_validated' + method.charAt(0).toUpperCase() + method.slice(1);
args.unshift(this.userId);
generatedId !== null && args.push(generatedId);
method === 'insert' && args.push(generatedId);
return self[validatedMethodName].apply(self, args);
} else if (self._isInsecure()) {
if (generatedId !== null)