Client-side Security....check() always returns true

[timbaas]

Expected behaviour is that Security....check() returns false on client-side.

Code for server and client:

const Users = Meteor.users;
const permissions = ['read','insert','update','remove'];
const collections = [Users,Posts];

Security.permit(permissions).collections(collections).never().allowInClientCode();

Code for client:

console.log(Security.can(user._id).read().for(Users).check()) // logs: true

Tried a lot of different things, but somehow on the Client-side it always returns true.
Server-side it's returning false, as expected.

[timbaas]

Just noticed the "Client/Common Code" section at the very bottom of the docs. I guess this is default behaviour after all.. It would be really nice if the Security....check(); would work on the client-side to hide menu-items and buttons for example.

[aldeed]

This package is no longer being updated or supported by Reaction.