failed: Access denied on meteor collection

Question

This Meteor app has the insecure and autopublish removed and accounts-password added.
It uses Accounts.createUser({username: someName, password: somePwrd}); which can be verified on the mongo prompt.

I am trying to Tasks1.insert(params); and getting access denied

I don't know why it get Access denied for update and insert on the browser console. Please tell me why and how to fix it? Thanks

//both.js
Tasks1 = new Mongo.Collection('tasks1');
/////////////////////////////////////////////////////

//server.js
Meteor.publish('tasks1', function(){
  return Tasks1.find({userId: this.userId});
});

Meteor.methods({
  logMeIn: function(credentials) {
    var idPin = credentials[0] + credentials[1];
    Accounts.createUser({username: idPin, password: credentials[1]});
  }
});

Meteor.users.allow({
  insert: function (userId, doc) {
   console.log(userId);
   //var u = Meteor.users.findOne({_id:userId});
  return true;
}
});
/////////////////////////////////////////////////////  

//client.js
Template.login.events({
   'click #logMe': function() {
   var credentials = [$('#id').val(), $('#pin').val()];
   Meteor.call('logMeIn', credentials, function(err, result) {
    if (result) {
      console.log('logged in!');
    }
  });
 }
});
Template.footer.events({
  'click button': function () {
    if ( this.text === "SUBMIT" ) {
      var inputs = document.getElementsByTagName('input');
      for (var i = 0; i < inputs.length; i++) {
       var params = {};
       params[inputs[i].name] = inputs[i].value;
       Tasks1.insert(params);  //<<<<<<----------------------
    }
  }
 }
});

Answer 1

Update: Since you have edited your question and added that Tasks1.insert(params); is getting access denied message, you should add allow rules on Tasks collection and not Meteor.users collection.

Tasks.allow({
    insert: function (userId, doc) {
           return true;
    },
    update: function (userId, doc, fieldNames, modifier) {
           return true;
    },
    remove: function (userId, doc) {
           return true;
    }
});

If Accounts.createUser is working without allow rules on Meteor.users then please remove them as it might allow users to insert/delete others from client itself.

End of update.

Since you removed insecure, you need to add allow/deny rules for inserting, updating or deleting files from a collection.

Meteor.users.allow({
    insert: function (userId, doc) {
           //Normally I would check if (this.userId) to see if the method is called by logged in user or guest
           //you can also add some checks here like user role based check etc.,
           return true;
    },
    update: function (userId, doc, fieldNames, modifier) {
           //similar checks like insert
           return true;
    },
    remove: function (userId, doc) {
           //similar checks like insert
           return true;
    }
});

Check the API documentation for more details.