Until now, we simply added the insert and update functionality to our
editPost template. However, anybody can insert and update data if they just type an
insert statement into their browser's console.
To prevent this, we need to properly check for insertion and update rights on the server side before updating the database.
Meteor's collections come with the allow and deny functions, which will be run before every insertion or update to determine whether the action is allowed or not.
The allow rules let us allow certain documents or fields to be updated, whereas the deny rules overwrite any allow rules and definitely deny any action on its collection.
To make this more visible, let's visualize an example where we define ...