Access denied when trying to insert on Mongo

gabsferreira · May 30, 2024, 2:57pm

I’m going through Meteor University content and getting a permission error when trying to insert data on a Mongo Collection.
Here is the code used to insert:

const saveContact = () => {
    ContactsCollection.insert({ name, email, imageUrl });
    setName("");
    setEmail("");
    setImageUrl("");
  }

And the error I’m getting:
insert failed errorClass {isClientSafe: true, error: 403, reason: 'Access denied', details: undefined, message: 'Access denied [403]', …}

It’s clear to me that it means I don’t have the right permissions to insert, but I’m not sure where to change to fix that.

minhna · May 30, 2024, 3:42pm

I think you need insecure package to make it work. There is another way to update data which is using Meteor method.

copleykj · May 31, 2024, 12:31pm

I’ve seen this issue many times because I believe the content for the university course was probably created before the insecure package was removed as a default package when creating a new project. You can add it manually with meteor add insecure or you can use allow or deny rules for the collection.

There is some contention on the fact that you shouldn’t use allow/deny, these rules can be done easily and properly when using things like simple schema to secure your collections. Something that if you’re using Meteor, you should probably be doing anyway.

gabsferreira · June 3, 2024, 2:52pm

Thanks @minhna and @copleykj

Installing the insecure package solved it. I’ll add the link for this post to the Meteor University course as a possible related issue.

rjdavid · June 3, 2024, 11:59pm

Tutorials about this will benefit a lot of developers

copleykj · June 4, 2024, 1:13am

Would they though? I feel like most have drank the Kool-Aid already, and newcomers will read through the official docs page where it says it’s considered unsafe and they’ll avoid it because that’s the official Meteor stance.