« All boards page » only displays tables to which the current user has access

2025-04-22 04:57:07 -04:00 · 2021-07-23 10:39:42 +02:00 · 2021-07-23 10:39:42 +02:00 · 789d1d1d1c
commit 789d1d1d1c
parent f7d6ac9401
3 changed files with 73 additions and 9 deletions
--- a/client/components/boards/boardsList.js
+++ b/client/components/boards/boardsList.js
@ -87,16 +87,52 @@ BlazeComponent.extendComponent({

  boards() {
    const query = {
-      archived: false,
-      //type: { $in: ['board','template-container'] },
-      type: 'board',
+      //archived: false,
+      ////type: { $in: ['board','template-container'] },
+      //type: 'board',
+      $and: [
+        { archived: false },
+        { type: 'board' },
+        { $or:[] }
+      ]
    };
-    if (FlowRouter.getRouteName() === 'home')
-      query['members.userId'] = Meteor.userId();
+    if (FlowRouter.getRouteName() === 'home'){
+      query.$and[2].$or.push({'members.userId': Meteor.userId()});
+
+      const currUser = Users.findOne(Meteor.userId());
+
+      // const currUser = Users.findOne(Meteor.userId(), {
+      //   fields: {
+      //     orgs: 1,
+      //     teams: 1,
+      //   },
+      // });
+
+      let orgIdsUserBelongs = currUser.teams !== 'undefined' ? currUser.orgIdsUserBelongs() : '';
+      if(orgIdsUserBelongs && orgIdsUserBelongs != ''){
+        let orgsIds = orgIdsUserBelongs.split(',');
+        // for(let i = 0; i < orgsIds.length; i++){
+        //   query.$and[2].$or.push({'orgs.orgId': orgsIds[i]});
+        // }
+
+        //query.$and[2].$or.push({'orgs': {$elemMatch : {orgId: orgsIds[0]}}});
+        query.$and[2].$or.push({'orgs.orgId': {$in : orgsIds}});
+      }
+
+      let teamIdsUserBelongs = currUser.teams !== 'undefined' ? currUser.teamIdsUserBelongs() : '';
+      if(teamIdsUserBelongs && teamIdsUserBelongs != ''){
+        let teamsIds = teamIdsUserBelongs.split(',');
+        // for(let i = 0; i < teamsIds.length; i++){
+        //   query.$or[2].$or.push({'teams.teamId': teamsIds[i]});
+        // }
+        //query.$and[2].$or.push({'teams': { $elemMatch : {teamId: teamsIds[0]}}});
+        query.$and[2].$or.push({'teams.teamId': {$in : teamsIds}});
+      }
+    }
    else query.permission = 'public';

    return Boards.find(query, {
-      sort: { sort: 1 /* boards default sorting */ },
+      //sort: { sort: 1 /* boards default sorting */ },
    });
  },
  isStarred() {
--- a/server/publications/boards.js
+++ b/server/publications/boards.js
@ -13,6 +13,17 @@ Meteor.publish('boards', function() {
  const { starredBoards = [] } = (Users.findOne(userId) || {}).profile || {};
  check(starredBoards, [String]);

+  let currUser = Users.findOne(userId);
+  let orgIdsUserBelongs = currUser!== 'undefined' && currUser.teams !== 'undefined' ? currUser.orgIdsUserBelongs() : '';
+  let teamIdsUserBelongs = currUser!== 'undefined' && currUser.teams !== 'undefined' ? currUser.teamIdsUserBelongs() : '';
+  let orgsIds = [];
+  let teamsIds = [];
+  if(orgIdsUserBelongs && orgIdsUserBelongs != ''){
+    orgsIds = orgIdsUserBelongs.split(',');
+  }
+  if(teamIdsUserBelongs && teamIdsUserBelongs != ''){
+    teamsIds = teamIdsUserBelongs.split(',');
+  }
  return Boards.find(
    {
      archived: false,
@ -22,6 +33,8 @@ Meteor.publish('boards', function() {
          permission: 'public',
        },
        { members: { $elemMatch: { userId, isActive: true } } },
+        {'orgs.orgId': {$in : orgsIds}},
+        {'teams.teamId': {$in : teamsIds}},
      ],
    },
    {
@ -82,11 +95,22 @@ Meteor.publishRelations('board', function(boardId, isArchived) {
  check(isArchived, Boolean);
  const thisUserId = this.userId;
  const $or = [{ permission: 'public' }];
+  let currUser =  (!Match.test(thisUserId, String) || !thisUserId) ? 'undefined' : Users.findOne(thisUserId);
+  let orgIdsUserBelongs = currUser!== 'undefined' && currUser.teams !== 'undefined' ? currUser.orgIdsUserBelongs() : '';
+  let teamIdsUserBelongs = currUser!== 'undefined' && currUser.teams !== 'undefined' ? currUser.teamIdsUserBelongs() : '';
+  let orgsIds = [];
+  let teamsIds = [];
+  if(orgIdsUserBelongs && orgIdsUserBelongs != ''){
+    orgsIds = orgIdsUserBelongs.split(',');
+  }
+  if(teamIdsUserBelongs && teamIdsUserBelongs != ''){
+    teamsIds = teamIdsUserBelongs.split(',');
+  }

  if (thisUserId) {
-    $or.push({
-      members: { $elemMatch: { userId: thisUserId, isActive: true } },
-    });
+    $or.push({members: { $elemMatch: { userId: thisUserId, isActive: true } }});
+    $or.push({'orgs.orgId': {$in : orgsIds}});
+    $or.push({'teams.teamId': {$in : teamsIds}});
  }

  this.cursor(
--- a/server/publications/users.js
+++ b/server/publications/users.js
@ -23,6 +23,8 @@ Meteor.publish('user-admin', function() {
  return Meteor.users.find(this.userId, {
    fields: {
      isAdmin: 1,
+      teams: 1,
+      orgs: 1,
    },
  });
 });
@ -34,6 +36,8 @@ Meteor.publish('user-authenticationMethod', function(match) {
    {
      fields: {
        authenticationMethod: 1,
+        teams: 1,
+        orgs: 1,
      },
    },
  );