I'm creating and app that will allow people to collaborate, so I've created groups that people can be assigned to. On the Server, to minimize client overhead and for security I'm only publishing data relevant to their group. My code:
Meteor.publish('lists', function() {
var user = Meteor.users.findOne(this.userId);
return Lists.find({group: user.profile.group});
});
I get the user object and filter what is published based on that user's group. In practice, there should be a group ID in their profile. But during testing, I've created users with no group. And I've also created lists that don't have a group.
When I console.log user.profile.group for my test-case I see undefined as expected. Problem is, my .find() query with an undefined selector value is somehow returning all documents that don't have a group. It's like Mongo is telling me "Well, you didn't give us a defined group, so here's all the lists that don't have a group parameter at all!"
What am I doing wrong? I would think .find({selector-key: selector-value}) would only return a cursor if it found data matching the selector key/value?
Guard against the degenerate condition with:
Meteor.publish('lists', function() {
var user = Meteor.users.findOne(this.userId);
if ( user && user.profile && user.profile.group ) return Lists.find({group: user.profile.group});
this.ready();
});