Security: Can I hide subdocument fields in server.publish()?

jesperwe · December 9, 2015, 2:25pm

In a server side publish function there is the .find( {}, { fields: { secret: 0 } } ) feature to remove sensitive info from subscritions.

My questions is: Given a document structure similar to:

    "model": {
        "_id": "<random.id>",
        "units": {
            "<random.id>": {
                "name": "Unit A",
                "user": "<user._id>",
                //...
            },
            "<random.id>": {
                "name": "Unit B",
                "user": "<user._id>",
                //...
            },
            //...
        }
    }

I want to hide something like the model.units.*.user field. Is this possible? What would the syntax be?

m2swed · December 10, 2015, 1:13am

That’s possible but you need to know the ids to so.

.find( { }, { fields: { “model.units.id.user” : 0 } }