Permalink
Browse files

Make insecure into an empty package, detected via weak deps.

  • Loading branch information...
1 parent 37e2cc4 commit cbcafd0c208f8458f1e734f4b23dc405a2ec775b @glasser glasser committed Jul 24, 2013
View
1 packages/insecure/insecure.js
@@ -1 +0,0 @@
-Meteor.Collection.insecure = true;
View
5 packages/insecure/package.js
@@ -2,7 +2,4 @@ Package.describe({
summary: "Allow all database writes by default"
});
-Package.on_use(function (api) {
- api.use(['mongo-livedata']);
- api.add_files(['insecure.js'], 'server');
-});
+// This package is empty; its presence is detected by mongo-livedata.
View
20 packages/mongo-livedata/allow_tests.js
@@ -754,22 +754,28 @@ if (Meteor.isServer) {
});
Tinytest.add("collection - global insecure", function (test) {
- // note: This test alters the global insecure status! This may
- // collide with itself if run multiple times (but is better than
- // the old test which had the same problem)
- var oldGlobalInsecure = Meteor.Collection.insecure;
+ // note: This test alters the global insecure status, by sneakily hacking
+ // the global Package object! This may collide with itself if run multiple
+ // times (but is better than the old test which had the same problem)
+ var insecurePackage = Package.insecure;
- Meteor.Collection.insecure = true;
+ Package.insecure = {};
var collection = new Meteor.Collection(null);
test.equal(collection._isInsecure(), true);
- Meteor.Collection.insecure = false;
+ Package.insecure = undefined;
+ test.equal(collection._isInsecure(), false);
+
+ delete Package.insecure;
test.equal(collection._isInsecure(), false);
collection._insecure = true;
test.equal(collection._isInsecure(), true);
- Meteor.Collection.insecure = oldGlobalInsecure;
+ if (insecurePackage)
+ Package.insecure = insecurePackage;
+ else
+ delete Package.insecure;
});
}
View
10 packages/mongo-livedata/collection.js
@@ -508,10 +508,10 @@ Meteor.Collection.prototype._defineMutationMethods = function() {
// allow/deny semantics. If false, use insecure mode semantics.
self._restricted = false;
- // Insecure mode (default to allowing writes). Defaults to 'undefined'
- // which means use the global Meteor.Collection.insecure. This
- // property can be overriden by tests or packages wishing to change
- // insecure mode behavior of their collections.
+ // Insecure mode (default to allowing writes). Defaults to 'undefined' which
+ // means insecure iff the insecure package is loaded. This property can be
+ // overriden by tests or packages wishing to change insecure mode behavior of
+ // their collections.
self._insecure = undefined;
self._validators = {
@@ -609,7 +609,7 @@ Meteor.Collection.prototype._updateFetch = function (fields) {
Meteor.Collection.prototype._isInsecure = function () {
var self = this;
if (self._insecure === undefined)
- return Meteor.Collection.insecure;
+ return !!Package.insecure;
return self._insecure;
};
View
2 packages/mongo-livedata/package.js
@@ -20,6 +20,8 @@ Package.on_use(function (api) {
['client', 'server']);
api.use('check', ['client', 'server']);
+ api.use('insecure', {weak: true});
+
api.exportSymbol('_MongoLivedataTest', 'server');
api.add_files('mongo_driver.js', 'server');

0 comments on commit cbcafd0

Please sign in to comment.