Meteor Method: I keep getting a insert failed:Access Denied error on the Console

Question

I cant figure out why I am getting this error. I have created a Meteor Method. Maybe I just need a second set of eyes and point out my mistake. Im creating a Instant Messaging App, where online users can have one on one chats. As soon as I click on the online user(routing). The console instantly has an

insert failed:access denied.

If I attempt to send a message, This is the error I get.

j…y.Event {originalEvent: Event, type: "submit", timeStamp: 1455207989065, jQuery1112075371492956765: true, which: undefined…} meteor.js:862 insert failed: Access denied meteor.js:862 update failed: Access denied 17799meteor.js:862 insert failed: Access denied

Im really new to Meteor and any help or advice would be very much appreciated.

Here is my HTML

    <template name="chat_page">
    <h2>Type in the box below to send a message!</h2>
    <div class="row">
        <div class="col-md-12">
            <div class="well well-lg">
            {{#each messages}}
            {{> chat_message}}
            {{/each}}
            </div>  
        </div>
    </div>
    <div class="row">
        <div class="col-md-12">
            <form class="js-send-chat">
            <input class="input" type="text" name="chat" placeholder="type a message here...">
            <button class="btn btn-default">send</button>
        </form>
        </div>
    </div>
</template>

<!-- simple template that displays a message -->
<template name="chat_message">
    <div class = "container">
        <div class = "row">
            <img src="/{{profile.avatar}}" class="avatar_img">
            {{username}} said: {{text}}
        </div>
    </div>  
    <br>
</template>

Client Side

Template.chat_page.helpers({
    messages:function(){
      var chat = Chats.findOne({_id:Session.get("chatId")});
      return chat.messages;
    }, 
    other_user:function(){
      return ""
    }, 

  });

 Template.chat_page.events({
  'submit .js-send-chat':function(event){
    console.log(event);
    event.preventDefault();
    var chat = Chats.findOne({_id:Session.get("chatId")});
    if (chat){
      var msgs = chat.messages; 
      if (!msgs){
        msgs = [];
      }
      msgs.push({text: event.target.chat.value});
      event.target.chat.value = "";
      chat.messages = msgs;
      Chats.update(chat._id, chat);
      Meteor.call("sendMessage", chat);
    }
  }
 })

Method

Meteor.methods({
  sendMessage: function (chat) {
    Chats.insert({
      chat: chat,
      createdAt: new Date(),
      username: Meteor.user().profile.username,
      avatar: Meteor.user().profile.avatar,
    });
  },
});

Answer 1

This has happened because you removed insecure package and have not specified any allow/deny for your chat collection and also your meteor method has been written on the client side.

The quick and proper solution would be moving your meteor method to the server side.

Answer 2

Do you still have insecure and autopublish package ?

  Chats.update(chat._id, chat);

This part seems a little weird to me. a basic update to a collection is : Chats.update({_id : chat._id}, {$set : {message : whateverMymsgis }}); Meteor is kind of strict with the update method you will always need to pass the _id to update something.

If you don't have autopublish and insecure packages, have you made all the allow / publish / subcription part to your collections ??

Hope it will help :)