parse-dashboard
parse-dashboard copied to clipboard
parse-community
Allow to restrict script execution to certain object fields
New Feature / Enhancement Checklist
- [x] I am not disclosing a vulnerability.
- [x] I am not just asking a question.
- [x] I have searched through existing issues.
Current Limitation
Script execution can only be restricted per class, not per field.
Feature / Enhancement Description
Allow to restrict script execution to certain fields.
The syntax could be:
<ClassName>$<FieldName>
Not sure which delimiter is best to use. We're already using the $ internally in Parse Server to store a Parse Object pointer in the database with the same syntax of <ClassName>$<FieldName>. And $ is not allowed in a class or field name, so this may be most consistent.
Example Use Case
For example, a purchase transaction in which there is a buyingUser and sellingUser, but only the buyingUser can be flagged:
"apps": [
{
"scripts": [
{
"title": "Flag fraudulent purchase",
"classes": ["Transaction$buyingUser"],
"cloudCodeFunction": "flagUser"
}
]
}
]
Alternatives / Workarounds
The field can be determined server-side with selectedField param, to prohibit the script execution. However, for the dashboard user, it still seems possible to execute a script on a field even thought the server will refuse it.
Thanks for opening this issue!
- 🎉 We are excited about your ideas for improvement!
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
U want to hide it from the context menu or just prevent execution or show some alert that this can't be performed?
I'd hide it, I don't see much use in showing a disabled script when the user has no way to enable it.
If an action was required by the user to enable it, then it may make sense to show it disabled; for example if a script would only be enabled based on certain field values that the user can change. But we don't have such a feature (yet).
