Feature #3092
improve the RemoteLaunchOptionResource to validate against complex expressions
0%
History
#1 Updated by Constantin Asofiei about 8 years ago
Branch 1774b adds a new "remotelaunchoption" resource which secures the options which can be specified via the remote launching, for web clients, from a 3rd party app. Currently, there is only an exact match, which checks the bootstrap configuration key against the ACLs. This needs to be enhanced.
From #1774 note 151:
Yes, I think the resource name would be the key as you specify it here.
A useful enhancement would be to expose both the key and value as an expression engine variable so that the rights "allow" expression can reference the value and do a calculation on it. For example, it could check if it matches a regex or that the length is not greater than a certain amount.
Usually we just specify the "allow" expression using a boolean literal (inside a string, but the content is really treated as an expression that is parsed and evaluated).
This is not hard to do. Override AbstractResource.getLibrary() and then return an inner class implementation that exports the variables. Look at DirectoryResource.DirectoryPool for an example.
If this can't be done today, we can add a task for this.