my first time playing with Meteor, and this question probably comes from my lack of understanding the allow/deny concept of Collections.
I have a page that is accessible by the logged in admin, which allows the admin to modify existing users.
To allow use of autoform to edit existing users, I roughly followed the steps listed in both these websites (except for the "allow"/"deny" part) https://github.com/aldeed/meteor-collection2#attach-a-schema-to-meteorusers http://www.stefanhayden.com/blog/2015/05/25/user-profile-edit-with-autoform-and-simpleschema-in-meteor-js/
I end up having a page with a table of users. Each row has an edit button which leads to an Edit autoform, using the following code:
{{#afModal class="btn btn-primary" collection="Meteor.users" operation="update" doc=_id}}
Edit
{{/afModal}}
This successfully opens an edit form, I change some user details, and i click "update", I get a Meteor 403 Access denied error.
This error I somehow solved it by inserting this code:
Meteor.users.allow({
insert: () => true,
update: () => true,
remove: () => true
});
My question is, why do i need to perform this "allow" explicitly for "users", as I have another similar CRUD page setup for a custom collection called "battleships", which worked well with autoform without having to specify these "allow" rules?
Note also I have removed autopublish and insccure packages.
