5 years ago · b83c537bf7
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,15 @@
 
				 # CHANGES
			
 
				 
			
 
				-## v4.2.0-RC
			
 
				+## v4.2.2-RC
			
 
				+
			
 
				+* 
			
 
				+
			
 
				+## v4.2.1
			
 
				+
			
 
				+* Fix: Consecutive save operations with HackMD fail
			
 
				+* Fix: Switching theme to kibela fail
			
 
				+
			
 
				+## v4.2.0
			
 
				 
			
 
				 ### BREAKING CHANGES
			
 
				 
			
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 
				 {
			
 
				   "name": "growi",
			
 
				-  "version": "4.2.0-RC",
			
 
				+  "version": "4.2.2-RC",
			
 
				   "description": "Team collaboration software using markdown",
			
 
				   "tags": [
			
 
				     "wiki",
			
--- a/src/server/models/serializers/page-serializer.js
+++ b/src/server/models/serializers/page-serializer.js
@@ -7,11 +7,6 @@ function depopulate(page, attributeName) {
 
				   }
			
 
				 }
			
 
				 
			
 
				-function depopulateRevisions(page) {
			
 
				-  depopulate(page, 'revision');
			
 
				-  depopulate(page, 'revisionHackmdSynced');
			
 
				-}
			
 
				-
			
 
				 function serializeInsecureUserAttributes(page) {
			
 
				   if (page.lastUpdateUser != null && page.lastUpdateUser._id != null) {
			
 
				     page.lastUpdateUser = serializeUserSecurely(page.lastUpdateUser);
			
@@ -25,7 +20,7 @@ function serializeInsecureUserAttributes(page) {
 
				   return page;
			
 
				 }
			
 
				 
			
 
				-function serializePageSecurely(page, shouldDepopulateRevisions = false) {
			
 
				+function serializePageSecurely(page, shouldDepopulateRevision = false) {
			
 
				   let serialized = page;
			
 
				 
			
 
				   // invoke toObject if page is a model instance
			
@@ -33,9 +28,12 @@ function serializePageSecurely(page, shouldDepopulateRevisions = false) {
 
				     serialized = page.toObject();
			
 
				   }
			
 
				 
			
 
				+  // depopulate revisionHackmdSynced
			
 
				+  depopulate(page, 'revisionHackmdSynced');
			
 
				+
			
 
				   // optional depopulation
			
 
				-  if (shouldDepopulateRevisions) {
			
 
				-    depopulateRevisions(serialized);
			
 
				+  if (shouldDepopulateRevision) {
			
 
				+    depopulate(page, 'revision');
			
 
				   }
			
 
				 
			
 
				   serializeInsecureUserAttributes(serialized);
			
--- a/src/server/routes/apiv3/mongo.js
+++ b/src/server/routes/apiv3/mongo.js
@@ -14,6 +14,9 @@ const router = express.Router();
 
				  */
			
 
				 
			
 
				 module.exports = (crowi) => {
			
 
				+  const loginRequiredStrictly = require('../../middlewares/login-required')(crowi);
			
 
				+  const adminRequired = require('../../middlewares/admin-required')(crowi);
			
 
				+
			
 
				   /**
			
 
				    * @swagger
			
 
				    *
			
@@ -35,7 +38,7 @@ module.exports = (crowi) => {
 
				    *                    items:
			
 
				    *                      type: string
			
 
				    */
			
 
				-  router.get('/collections', async(req, res) => {
			
 
				+  router.get('/collections', loginRequiredStrictly, adminRequired, async(req, res) => {
			
 
				     const listCollectionsResult = await mongoose.connection.db.listCollections().toArray();
			
 
				     const collections = listCollectionsResult.map(collectionObj => collectionObj.name);