Browse files

Follow-up to 4777e64: fix client-specified _id

This was a regression in 0.8.1 which caused client-specified `_id` to
always be ignored for collections with at least one allow/deny rule.

Fixes #2097. Fixes #2099.
  • Loading branch information...
1 parent d1b58e5 commit 1d4004650fd7c4389acc40a573abee2199a55ca9 @glasser glasser committed Apr 30, 2014
Showing with 34 additions and 5 deletions.
  1. +8 −0 History.md
  2. +25 −4 packages/mongo-livedata/allow_tests.js
  3. +1 −1 packages/mongo-livedata/collection.js
View
8 History.md
@@ -1,5 +1,13 @@
## v.NEXT
+
+## v0.8.1.1
+
+* Fix 0.8.1 regression preventing clients from specifying `_id` on insert.
+
+
+## v0.8.1
+
#### Meteor Accounts
* Log out a user's other sessions when they change their password.
View
29 packages/mongo-livedata/allow_tests.js
@@ -50,7 +50,7 @@ if (Meteor.isServer) {
// totally locked down collection
var lockedDownCollection = defineCollection(
"collection-locked-down", false /*insecure*/);
- // resticted collection with same allowed modifications, both with and
+ // restricted collection with same allowed modifications, both with and
// without the `insecure` package
var restrictedCollectionDefaultSecure = defineCollection(
"collection-restrictedDefaultSecure", false /*insecure*/);
@@ -71,7 +71,9 @@ if (Meteor.isServer) {
return doc.a;
});
var restrictedCollectionForInvalidTransformTest = defineCollection(
- "collection-restictedForInvalidTransform", false /*insecure*/);
+ "collection-restrictedForInvalidTransform", false /*insecure*/);
+ var restrictedCollectionForClientIdTest = defineCollection(
+ "collection-restrictedForClientIdTest", false /*insecure*/);
if (needToConfigure) {
restrictedCollectionWithTransform.allow({
@@ -98,6 +100,11 @@ if (Meteor.isServer) {
transform: function (doc) { return doc._id; },
insert: function () { return true; }
});
+ restrictedCollectionForClientIdTest.allow({
+ // This test just requires the collection to trigger the restricted
+ // case.
+ insert: function () { return true; }
+ });
// two calls to allow to verify that either validator is sufficient.
var allows = [{
@@ -241,7 +248,7 @@ if (Meteor.isClient) {
// totally locked down collection
var lockedDownCollection = defineCollection("collection-locked-down");
- // resticted collection with same allowed modifications, both with and
+ // restricted collection with same allowed modifications, both with and
// without the `insecure` package
var restrictedCollectionDefaultSecure = defineCollection(
"collection-restrictedDefaultSecure");
@@ -262,7 +269,9 @@ if (Meteor.isClient) {
return doc.a;
});
var restrictedCollectionForInvalidTransformTest = defineCollection(
- "collection-restictedForInvalidTransform");
+ "collection-restrictedForInvalidTransform");
+ var restrictedCollectionForClientIdTest = defineCollection(
+ "collection-restrictedForClientIdTest");
// test that if allow is called once then the collection is
// restricted, and that other mutations aren't allowed
@@ -760,6 +769,18 @@ if (Meteor.isClient) {
test.isTrue(err);
}));
}]);
+ testAsyncMulti(
+ "collection - restricted collection allows client-side id, " + idGeneration,
+ [function (test, expect) {
+ var self = this;
+ self.id = Random.id();
+ restrictedCollectionForClientIdTest.insert({_id: self.id}, expect(function (err, res) {
+ test.isFalse(err);
+ test.equal(res, self.id);
+ test.equal(restrictedCollectionForClientIdTest.findOne(self.id),
+ {_id: self.id});
+ }));
+ }]);
}); // end idGeneration loop
} // end if isClient
View
2 packages/mongo-livedata/collection.js
@@ -700,7 +700,7 @@ Meteor.Collection.prototype._defineMutationMethods = function() {
var validatedMethodName =
'_validated' + method.charAt(0).toUpperCase() + method.slice(1);
args.unshift(this.userId);
- generatedId !== null && args.push(generatedId);
+ method === 'insert' && args.push(generatedId);
return self[validatedMethodName].apply(self, args);
} else if (self._isInsecure()) {
if (generatedId !== null)

0 comments on commit 1d40046

Please sign in to comment.