[primigenus]

At a high level, what you're describing is pretty straightforward to implement. You just publish the data a user has access to read, and you use allow/deny rules to determine which they can write to.

You should take a look at the Roles package: https://github.com/alanning/meteor-roles

I recommend taking another look at Meteor's security because although it's different to other platforms, different doesn't mean inferior. It's actually very powerful and simple once you get the hang of it.

[tracker1]

Cool... as I admitted it's been a long while since I've looked at implementations... last I looked, if you opened your Meteor server to the (html/web) client, the client could do nasty things to your backend database, or you had to implement some complicated and/or not very flexible permissions... I'm glad to see that this has changed.