From a1667a0d5e41bee22e0c2c588e166e1fa772da73 Mon Sep 17 00:00:00 2001
From: Ruben Vereecken <rubenvereecken@gmail.com>
Date: Thu, 19 Jun 2014 17:24:07 +0200
Subject: [PATCH] efficient fetching of level sessions

---
 server/users/user_handler.coffee | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/users/user_handler.coffee b/server/users/user_handler.coffee
index 571bae538..1a1900c91 100644
--- a/server/users/user_handler.coffee
+++ b/server/users/user_handler.coffee
@@ -238,11 +238,11 @@ UserHandler = class UserHandler extends Handler
   getLevelSessions: (req, res, userID) ->
     query = creator: userID
     isAuthorized = req.user._id+'' is userID or req.user.isAdmin()
-    projection = null
+    projection = {}
     if req.query.project
-      projection = {}
       projection[field] = 1 for field in req.query.project.split(',') when isAuthorized or not (field in LevelSessionHandler.privateProperties)
-    # If no req.query.project, then LevelSessionHandler.formatEntity will remove private properties if needed.
+    else unless isAuthorized
+      projection[field] = 0 for field in LevelSessionHandler.privateProperties
 
     LevelSession.find(query).select(projection).exec (err, documents) =>
       return @sendDatabaseError(res, err) if err