Description
New Feature / Enhancement Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
Current Limitation
Script execution can only be restricted per class, not per field.
Feature / Enhancement Description
Allow to restrict script execution to certain fields.
The syntax could be:
<ClassName>$<FieldName>
Not sure which delimiter is best to use. We're already using the $ internally in Parse Server to store a Parse Object pointer in the database with the same syntax of <ClassName>$<FieldName>. And $ is not allowed in a class or field name, so this may be most consistent.
Example Use Case
For example, a purchase transaction in which there is a buyingUser and sellingUser, but only the buyingUser can be flagged:
"apps": [
{
"scripts": [
{
"title": "Flag fraudulent purchase",
"classes": ["Transaction$buyingUser"],
"cloudCodeFunction": "flagUser"
}
]
}
]
Alternatives / Workarounds
The field can be determined server-side with selectedField param, to prohibit the script execution. However, for the dashboard user, it still seems possible to execute a script on a field even thought the server will refuse it.