Security Fix 14: RulesBleed.

Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.

server/publications/rules.js

@@ -2,9 +2,25 @@ import Boards from '/models/boards';
 import Actions from '/models/actions';
 import Triggers from '/models/triggers';
 import Rules from '/models/rules';
+import ReactiveCache from '/imports/reactiveCache';
 
-Meteor.publish('rules', ruleId => {
+Meteor.publish('rules', function(ruleId) {
   check(ruleId, String);
+
+  if (!this.userId) {
+    return this.ready();
+  }
+
+  const rule = ReactiveCache.getRule(ruleId);
+  if (!rule) {
+    return this.ready();
+  }
+
+  const board = ReactiveCache.getBoard(rule.boardId);
+  if (!board || !board.isVisibleBy(this.userId)) {
+    return this.ready();
+  }
+
   const ret = ReactiveCache.getRules(
     {
       _id: ruleId,
@@ -15,22 +31,38 @@ Meteor.publish('rules', ruleId => {
   return ret;
 });
 
-Meteor.publish('allRules', () => {
+Meteor.publish('allRules', function() {
+  if (!this.userId || !ReactiveCache.getUser(this.userId).isAdmin) {
+    return this.ready();
+  }
+
   const ret = ReactiveCache.getRules({}, {}, true);
   return ret;
 });
 
-Meteor.publish('allTriggers', () => {
+Meteor.publish('allTriggers', function() {
+  if (!this.userId || !ReactiveCache.getUser(this.userId).isAdmin) {
+    return this.ready();
+  }
+
   const ret = ReactiveCache.getTriggers({}, {}, true);
   return ret;
 });
 
-Meteor.publish('allActions', () => {
+Meteor.publish('allActions', function() {
+  if (!this.userId || !ReactiveCache.getUser(this.userId).isAdmin) {
+    return this.ready();
+  }
+
   const ret = ReactiveCache.getActions({}, {}, true);
   return ret;
 });
 
-Meteor.publish('rulesReport', () => {
+Meteor.publish('rulesReport', function() {
+  if (!this.userId || !ReactiveCache.getUser(this.userId).isAdmin) {
+    return this.ready();
+  }
+
   const rules = ReactiveCache.getRules({}, {}, true);
   const actionIds = [];
   const triggerIds = [];