Predefined allow/deny rules for Meteor.users?

I’m wondering why I’m able to update the user.profile without defining Meteor.users.allow rules. I googled and searched the Meteor docs but I can’t find anything about that.
Has anyone an idea about that?

It is user editable by default (not quite sure why, I just know it is). In my app, I am storing information that I don’t want the user to modify in a different key of the user object. (Rather than modifying the standard behavior of meteor and user.profile)

Accounts.onCreateUser(function(options, user) {
  //Keep user profile, if it exists
  user.profile = {};
    user.profile = options.profile; = {};
  return user;

Then I use the “data” key to store whatever I want, and add a meteor method for manipulation of data.

  change_data: function(d){
    for(var i=0; i < d.length; i++)
      check(d[i], String);
      return = do_what_you_want();

Here is some info I found about it (If you didn’t already find this)
Deprication proposal
Common Mistakes

1 Like

I didn’t know the Article. This is very helpful. Thanks.