Hi Guys,

I am having an issue with collections. On successful upload of a file with collection fs I get an access denied 403 error on the client. On further inspection I have found that…

  insert: function(userId) {
    // sometimes userId is undefined !!!

Obviously without a userId this method is obliged to return false hence, I believe, the error.

Does anyone know whether userId is sometimes legitimately undefined and how should that be handled?

I’m not sure whether to post this issue to Meteor Collections or Collection-FS? Any help or advice appreciated on this.



With this situation, is there a user logged in at the time of upload?

What I do if I need someone to be logged in to do something in Collection.allow({ }), I do this:


    insert: function(userId) {
        return userId;


If there’s no logged in person, userId is undefined, thus returns false, otherwise returns a value and Collection.insert() is permitted.

I’ve been learning lately, however, to try to stay away from allow/deny and use Meteor.methods() as an alternative to it. Might try that as well.


Sorry, I should have said. Yes there is a logged in user and this insert method callback is called several times in succession. Most of the time a the userId is defined but one of the calls has no userId. The insert is working but I’d like to get to the bottom of whatever is causing the 403 error.


Hyper sorry everyone. UserId was being set. I just missed that there are insert, insert, update calls in succession and I wasn’t picking up the userId argument in the update callback.

Mea culpa!



i agree with @czbaker actions on collections are preferably implemented as methods.