数据库查询报错：首个project方法内仅可使用白名单模式

uni-id-users中的password字段是没权限阅读的，以下代码执行时报错首个project方法内仅可使用白名单模式

get(limitNum) {  
    var that = this;  
    db.collection('uni-id-users').aggregate()  
        .project({  
            _id: 1,  
            username: 1,  
            nickname: 1,  
            avatar_file: 1  
        })  
        .lookup({  
            from: "users-bind",  
            let: {  
                user_id: "$_id"  
            },  
            pipeline: $.pipeline().match(_.expr($.eq(['$user_id', '$$user_id']))).done(),  
            as: "user_bind_info"  
        })  
        .unwind({  
            path: "$user_bind_info",  
            preserveNullAndEmptyArrays: true  
        })  
        .lookup({  
            from: "employee",  
            let: {  
                emp_id: "$user_bind_info.emp_id"  
            },  
            pipeline: $.pipeline()  
                .match(_.expr($.eq(['$emp_id', '$$emp_id']))).done(),  
            as: "employee_info"  
        })  
        .end()  
        .then(res => {  
            console.log(res)  
        })  
        .catch(err => {  
            uni.hideLoading();  
            uni.stopPullDownRefresh();  
            uni.showToast({  
                title: err.message,  
                icon: "none"  
            });  
        });  
}