From 3e761f11bcf5242c11d8e5da06491adf7570c844 Mon Sep 17 00:00:00 2001
From: Ryan Glover <ryan.glover@themeteorchef.com>
Date: Thu, 8 Jan 2015 18:30:10 -0600
Subject: [PATCH] Update example collection to explicitly deny any client side
 operations. Fixes #19. Add allow/deny rules for Meteor.users collection to
 prevent any client side operations. Fixes #7.

---
 collections/example.js | 30 ++++++++++++++++++------------
 collections/users.js   | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 12 deletions(-)
 create mode 100644 collections/users.js

diff --git a/collections/example.js b/collections/example.js
index 5fcf99b..7dd8f6d 100644
--- a/collections/example.js
+++ b/collections/example.js
@@ -5,14 +5,17 @@ Example = new Meteor.Collection('example');
 */
 
 Example.allow({
-  insert: function(userId, doc){
-    // Add your rules here.
+  insert: function(){
+    // Disallow inserts on the client by default.
+    return false;
   },
-  update: function(userId, doc, fields, modifier){
-    // Add your rules here.
+  update: function(){
+    // Disallow updates on the client by default.
+    return false;
   },
-  remove: function(userId, doc){
-    // Add your rules here.
+  remove: function(){
+    // Disallow removes on the client by default.
+    return false;
   }
 });
 
@@ -21,13 +24,16 @@ Example.allow({
 */
 
 Example.deny({
-  insert: function(userId, doc){
-    // Add your rules here.
+  insert: function(){
+    // Deny inserts on the client by default.
+    return true;
   },
-  update: function(userId, doc, fields, modifier){
-    // Add your rules here.
+  update: function(){
+    // Deny updates on the client by default.
+    return true;
   },
-  remove: function(userId, doc){
-    // Add your rules here.
+  remove: function(){
+    // Deny removes on the client by default.
+    return true;
   }
 });
diff --git a/collections/users.js b/collections/users.js
new file mode 100644
index 0000000..1960f10
--- /dev/null
+++ b/collections/users.js
@@ -0,0 +1,37 @@
+/*
+* Allow
+*/
+
+Meteor.users.allow({
+  insert: function(){
+    // Disallow user inserts on the client by default.
+    return false;
+  },
+  update: function(){
+    // Disallow user updates on the client by default.
+    return false;
+  },
+  remove: function(){
+    // Disallow user removes on the client by default.
+    return false;
+  }
+});
+
+/*
+* Deny
+*/
+
+Meteor.users.deny({
+  insert: function(){
+    // Deny user inserts on the client by default.
+    return true;
+  },
+  update: function(){
+    // Deny user updates on the client by default.
+    return true;
+  },
+  remove: function(){
+    // Deny user removes on the client by default.
+    return true;
+  }
+});
-- 
2.0.0