The "Accounts" Meteor publication, if you are a shop admin, sends every customer and guest account to the client upon loading the app in a browser / logging in as an admin. This will be very slow for large shops, and this data is not necessarily needed.
Log in as an admin, and notice in the Meteor console extension that every account document is available in the browser.
Possible Solution
Find all client code that uses Accounts collection data for accounts other than the current user. Rewrite these places to do their own just-in-time subscription, getting only the data they need when they need it. (Or they can use a GraphQL query.)
Then update the "Accounts" publication to publish only the current user's account regardless of roles.
Issue Description
The "Accounts" Meteor publication, if you are a shop admin, sends every customer and guest account to the client upon loading the app in a browser / logging in as an admin. This will be very slow for large shops, and this data is not necessarily needed.
Related, and can be solved at the same time: https://github.com/reactioncommerce/reaction/issues/4277
Steps to Reproduce
Possible Solution
Find all client code that uses
Accounts
collection data for accounts other than the current user. Rewrite these places to do their own just-in-time subscription, getting only the data they need when they need it. (Or they can use a GraphQL query.)Then update the "Accounts" publication to publish only the current user's account regardless of roles.