Merge pull request #3170 from weseek/master

release v4.2.1

CHANGES.md

@@ -1,6 +1,12 @@
 # CHANGES
 
-## v4.2.0-RC
+
+## v4.2.1-RC
+
+* Fix: Consecutive save operations with HackMD fail
+* Fix: Switching theme to kibela fail
+
+## v4.2.0
 
 ### BREAKING CHANGES
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "growi",
-  "version": "4.2.0-RC",
+  "version": "4.2.1-RC",
   "description": "Team collaboration software using markdown",
   "tags": [
     "wiki",

src/server/models/serializers/page-serializer.js

@@ -7,11 +7,6 @@ function depopulate(page, attributeName) {
   }
 }
 
-function depopulateRevisions(page) {
-  depopulate(page, 'revision');
-  depopulate(page, 'revisionHackmdSynced');
-}
-
 function serializeInsecureUserAttributes(page) {
   if (page.lastUpdateUser != null && page.lastUpdateUser._id != null) {
     page.lastUpdateUser = serializeUserSecurely(page.lastUpdateUser);
@@ -25,7 +20,7 @@ function serializeInsecureUserAttributes(page) {
   return page;
 }
 
-function serializePageSecurely(page, shouldDepopulateRevisions = false) {
+function serializePageSecurely(page, shouldDepopulateRevision = false) {
   let serialized = page;
 
   // invoke toObject if page is a model instance
@@ -33,9 +28,12 @@ function serializePageSecurely(page, shouldDepopulateRevisions = false) {
     serialized = page.toObject();
   }
 
+  // depopulate revisionHackmdSynced
+  depopulate(page, 'revisionHackmdSynced');
+
   // optional depopulation
-  if (shouldDepopulateRevisions) {
-    depopulateRevisions(serialized);
+  if (shouldDepopulateRevision) {
+    depopulate(page, 'revision');
   }
 
   serializeInsecureUserAttributes(serialized);

src/server/routes/apiv3/customize-setting.js

@@ -88,14 +88,10 @@ module.exports = (crowi) => {
 
   const validator = {
     themeAssetPath: [
-      query('themeName').isString().isIn([
-        'default', 'nature', 'mono-blue', 'wood', 'island', 'christmas', 'antarctic', 'future', 'halloween', 'spring',
-      ]),
+      query('themeName').isString(),
     ],
     theme: [
-      body('themeType').isString().isIn([
-        'default', 'nature', 'mono-blue', 'wood', 'island', 'christmas', 'antarctic', 'future', 'halloween', 'spring', 'kibela',
-      ]),
+      body('themeType').isString(),
     ],
     function: [
       body('isEnabledTimeline').isBoolean(),

src/server/routes/apiv3/mongo.js

@@ -14,6 +14,9 @@ const router = express.Router();
  */
 
 module.exports = (crowi) => {
+  const loginRequiredStrictly = require('../../middlewares/login-required')(crowi);
+  const adminRequired = require('../../middlewares/admin-required')(crowi);
+
   /**
    * @swagger
    *
@@ -35,7 +38,7 @@ module.exports = (crowi) => {
    *                    items:
    *                      type: string
    */
-  router.get('/collections', async(req, res) => {
+  router.get('/collections', loginRequiredStrictly, adminRequired, async(req, res) => {
     const listCollectionsResult = await mongoose.connection.db.listCollections().toArray();
     const collections = listCollectionsResult.map(collectionObj => collectionObj.name);