Filter by a distinguishing field when making publications using meteor

In my publications with meteor.js, I find myself repeating the same style of code and would like a cleaner approach. For example:

I have a users collection that has the distinguishing field school, an identifier that tells me by which school, I should filter what information on the server so that I don't send the wrong school the wrong information. Currently, I

Meteor.publish('schoolDirectory', function (schoolId) { 
        return Meteor.users.find({'profile.school': schoolId}});
});

Where I take in the schoolId on the client, and filter appropriately. I am not sure of the security implications there and have tried switching to a style where I use the authenticated users object to determine the school on the server before publishing any more data like so:

Meteor.publish('schoolDirectory', function () { 
             var currentUser = Meteor.users.findOne({_id: this.userId});
             var schoolId = Schools.findOne({_id: currentUser.profile.school});
            return Meteor.users.find({'profile.school': schoolId}});
    });

This has the issue of not being able to publish data for anonymous users, anyone have any suggestions on how to improve the code base to use this distinguishing field globally ?

I can't see how you can filter field B (school) that relies on field A (user) when there's no information about field A.

What is the purpose of showing schools to anonymous users?

If we take the scenario of displaying information to anonymous users without any related functionality (read-only stuff), then perhaps you should have another publication which only publishes 'public' properties of the school entities.

StackExchange Code Review Q#57947, answer score: 2