search

Shopify / ui-extensions

MIT License
268 stars 36 forks source link

Ability to query app owned metafields #1138

Open patryk-smc opened 1 year ago

patryk-smc commented 1 year ago

Please list the related package(s)

If this related to specific APIs or components, please list them here

Is your feature request related to a problem? Please describe.

I am looking to keep my app settings secure by storing them in a private metafield owned by the app. This will prevent merchants from viewing ortings without involving the app. Additionally, the metafield should automatically remove itself when the app is uninstalled. It' editing the sets worth noting that useAppMetafields only supports following owner types:

    | 'customer'
    | 'product'
    | 'shop'
    | 'variant'
    | 'company'
    | 'companyLocation'
    | 'cart';

Describe the changes you are looking for

Query app owned metafields

Describe alternatives you’ve considered

Storing settings in shop metafield. This metafield is public and remains after uninstalling the app.

patryk-smc commented 1 year ago

Looks like "New API for app-reserved namespace metafields (read/write)" is on the roadmap for: August 2023

TheSecurityDev commented 11 months ago

Was this ever implemented?

gil-- commented 11 months ago

@TheSecurityDev on the roadmap still. Now showing at Q1 2024 - https://shopify.dev/docs/apps/checkout#product-roadmap.

TheSecurityDev commented 11 months ago

So I'm assuming the latest update where excluding the metafield namespace uses the app-owned namespace by default doesn't apply to extensions. It's really a shame this is taking so long considering it's a pretty important feature for apps that want to disable the extensions if the merchant isn't on a paid plan.

gil-- commented 11 months ago

@TheSecurityDev you over-estimate the competency and free-time of merchants. Just write to a shop metafield and load that via the extension to check if they have a paid plan. Worse case, update it via cron say hourly or daily to ensure it's not manually edited.

TheSecurityDev commented 11 months ago

@TheSecurityDev you over-estimate the competency and free-time of merchants. Just write to a shop metafield and load that via the extension to check if they have a paid plan. Worse case, update it via cron say hourly or daily to ensure it's not manually edited.

That's exactly what I'm doing but it feels like a hack.

FourSeventy commented 6 months ago

It's ridiculous that this wasn't a day 1 feature...