Trigger resource manager manually?

Reply to Trigger resource manager manually? on Thu, 16 Jul 2020 12:17:14 GMT

ThomasD — Thu, 16 Jul 2020 12:17:14 GMT

Though, conceptually it's quite easy.

Add custom link to menu in admin
When link is clicked, it opens an iframe URL in a modular window.
- The URL contains an encrypted payload in the URL parameter.
The receiving back-end then decrypt the payload using a secret key.
The payload contains basic JSON that contains a session key.
- The session key can be verified by POSTin to an Appdrag Endpoint to verify it's still valid (encrypted payload here too).

Since we're encrypting the payload using a secret, no man-in-the-middle can temper with the content and since we're posting only a current session key, the session lifetime can be limited and verified even on the back-end side.

Not what I had in mind for the asset manager though.

Update: You're right, for it to be usable it would need to be it's own library and you'd need to make "custom apps" as mentioned above, available, which I expect you don't have plans for.

Reply to Trigger resource manager manually? on Thu, 16 Jul 2020 11:13:39 GMT

ThomasD — Thu, 16 Jul 2020 11:13:39 GMT

@wassim

I of course meant to use it within the admin, as a custom-admin feature.

Since we're already authenticated, I thought it would make sense to re-use the feature already implemented for managing assets.

I can setup an example to how this would work and we can take it from there.

Reply to Trigger resource manager manually? on Thu, 16 Jul 2020 11:11:30 GMT

Wassim — Thu, 16 Jul 2020 11:11:30 GMT

Hello,
Do you mean the PageBuilder feature available in your frontend?
If yes, this would be a huge security threat as people would be available unauthentified to upload content to your website.

What you can do is create a CloudAPI function and use Cloud Backend inputs (file type) to easily achieve that.