Centralize all mutations at the model level

This commit uses a new package that I need to document. It tries to
solve the long-standing debate in the Meteor community about
allow/deny rules versus methods (RPC).

This approach gives us both the centralized security rules of
allow/deny and the white-list of allowed mutations similarly to Meteor
methods. The idea to have static mutation descriptions is also
inspired by Facebook's Relay/GraphQL.

This will allow the development of a REST API using the high-level
methods instead of the MongoDB queries to do the mapping between the
HTTP requests and our collections.

models/unsavedEdits.js

@@ -0,0 +1,34 @@
+// This collection shouldn't be manipulated directly by instead throw the
+// `UnsavedEdits` API on the client.
+UnsavedEditCollection = new Mongo.Collection('unsaved-edits');
+
+UnsavedEditCollection.attachSchema(new SimpleSchema({
+  fieldName: {
+    type: String,
+  },
+  docId: {
+    type: String,
+  },
+  value: {
+    type: String,
+  },
+  userId: {
+    type: String,
+  },
+}));
+
+if (Meteor.isServer) {
+  function isAuthor(userId, doc, fieldNames = []) {
+    return userId === doc.userId && fieldNames.indexOf('userId') === -1;
+  }
+  UnsavedEditCollection.allow({
+    insert: isAuthor,
+    update: isAuthor,
+    remove: isAuthor,
+    fetch: ['userId'],
+  });
+}
+
+UnsavedEditCollection.before.insert((userId, doc) => {
+  doc.userId = userId;
+});