Skip to content

Commit

Permalink
Follow-up to 4777e64: fix client-specified _id
Browse files Browse the repository at this point in the history 
This was a regression in 0.8.1 which caused client-specified `_id` to
always be ignored for collections with at least one allow/deny rule.

Fixes #2097. Fixes #2099.
  • Loading branch information
@glasser
glasser committed May 1, 2014
1 parent d1b58e5 commit 1d40046
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 5 deletions.
8 changes: 8 additions & 0 deletions History.md
View file
Original file line number Original file line Diff line number Diff line change
@@ -1,5 +1,13 @@
## v.NEXT ## v.NEXT



## v0.8.1.1

* Fix 0.8.1 regression preventing clients from specifying `_id` on insert.


## v0.8.1

#### Meteor Accounts #### Meteor Accounts


* Log out a user's other sessions when they change their password. * Log out a user's other sessions when they change their password.
Expand Down
29 changes: 25 additions & 4 deletions packages/mongo-livedata/allow_tests.js
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ if (Meteor.isServer) {
// totally locked down collection // totally locked down collection
var lockedDownCollection = defineCollection( var lockedDownCollection = defineCollection(
"collection-locked-down", false /*insecure*/); "collection-locked-down", false /*insecure*/);
// resticted collection with same allowed modifications, both with and // restricted collection with same allowed modifications, both with and
// without the `insecure` package // without the `insecure` package
var restrictedCollectionDefaultSecure = defineCollection( var restrictedCollectionDefaultSecure = defineCollection(
"collection-restrictedDefaultSecure", false /*insecure*/); "collection-restrictedDefaultSecure", false /*insecure*/);
Expand All @@ -71,7 +71,9 @@ if (Meteor.isServer) {
return doc.a; return doc.a;
}); });
var restrictedCollectionForInvalidTransformTest = defineCollection( var restrictedCollectionForInvalidTransformTest = defineCollection(
"collection-restictedForInvalidTransform", false /*insecure*/); "collection-restrictedForInvalidTransform", false /*insecure*/);
var restrictedCollectionForClientIdTest = defineCollection(
"collection-restrictedForClientIdTest", false /*insecure*/);


if (needToConfigure) { if (needToConfigure) {
restrictedCollectionWithTransform.allow({ restrictedCollectionWithTransform.allow({
Expand All @@ -98,6 +100,11 @@ if (Meteor.isServer) {
transform: function (doc) { return doc._id; }, transform: function (doc) { return doc._id; },
insert: function () { return true; } insert: function () { return true; }
}); });
restrictedCollectionForClientIdTest.allow({
// This test just requires the collection to trigger the restricted
// case.
insert: function () { return true; }
});


// two calls to allow to verify that either validator is sufficient. // two calls to allow to verify that either validator is sufficient.
var allows = [{ var allows = [{
Expand Down Expand Up @@ -241,7 +248,7 @@ if (Meteor.isClient) {
// totally locked down collection // totally locked down collection
var lockedDownCollection = defineCollection("collection-locked-down"); var lockedDownCollection = defineCollection("collection-locked-down");


// resticted collection with same allowed modifications, both with and // restricted collection with same allowed modifications, both with and
// without the `insecure` package // without the `insecure` package
var restrictedCollectionDefaultSecure = defineCollection( var restrictedCollectionDefaultSecure = defineCollection(
"collection-restrictedDefaultSecure"); "collection-restrictedDefaultSecure");
Expand All @@ -262,7 +269,9 @@ if (Meteor.isClient) {
return doc.a; return doc.a;
}); });
var restrictedCollectionForInvalidTransformTest = defineCollection( var restrictedCollectionForInvalidTransformTest = defineCollection(
"collection-restictedForInvalidTransform"); "collection-restrictedForInvalidTransform");
var restrictedCollectionForClientIdTest = defineCollection(
"collection-restrictedForClientIdTest");


// test that if allow is called once then the collection is // test that if allow is called once then the collection is
// restricted, and that other mutations aren't allowed // restricted, and that other mutations aren't allowed
Expand Down Expand Up @@ -760,6 +769,18 @@ if (Meteor.isClient) {
test.isTrue(err); test.isTrue(err);
})); }));
}]); }]);
testAsyncMulti(
"collection - restricted collection allows client-side id, " + idGeneration,
[function (test, expect) {
var self = this;
self.id = Random.id();
restrictedCollectionForClientIdTest.insert({_id: self.id}, expect(function (err, res) {
test.isFalse(err);
test.equal(res, self.id);
test.equal(restrictedCollectionForClientIdTest.findOne(self.id),
{_id: self.id});
}));
}]);
}); // end idGeneration loop }); // end idGeneration loop
} // end if isClient } // end if isClient


Expand Down
2 changes: 1 addition & 1 deletion packages/mongo-livedata/collection.js
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -700,7 +700,7 @@ Meteor.Collection.prototype._defineMutationMethods = function() {
var validatedMethodName = var validatedMethodName =
'_validated' + method.charAt(0).toUpperCase() + method.slice(1); '_validated' + method.charAt(0).toUpperCase() + method.slice(1);
args.unshift(this.userId); args.unshift(this.userId);
generatedId !== null && args.push(generatedId); method === 'insert' && args.push(generatedId);
return self[validatedMethodName].apply(self, args); return self[validatedMethodName].apply(self, args);
} else if (self._isInsecure()) { } else if (self._isInsecure()) {
if (generatedId !== null) if (generatedId !== null)
Expand Down

0 comments on commit 1d40046

Please sign in to comment.