Predefined allow/deny rules for Meteor.users?


#1

I’m wondering why I’m able to update the user.profile without defining Meteor.users.allow rules. I googled and searched the Meteor docs but I can’t find anything about that.
Has anyone an idea about that?


#2

It is user editable by default (not quite sure why, I just know it is). In my app, I am storing information that I don’t want the user to modify in a different key of the user object. (Rather than modifying the standard behavior of meteor and user.profile)

Accounts.onCreateUser(function(options, user) {
  //Keep user profile, if it exists
  user.profile = {};
  if(options.profile)
    user.profile = options.profile;

  user.data = {};
  return user;
});

Then I use the “data” key to store whatever I want, and add a meteor method for manipulation of data.

Meteor.methods({
  change_data: function(d){
    for(var i=0; i < d.length; i++)
      check(d[i], String);
    if(condition_met)
      return = do_what_you_want();
  }
});

Here is some info I found about it (If you didn’t already find this)
Deprication proposal
Common Mistakes


#3

I didn’t know the Article. This is very helpful. Thanks.