[Request] Lock down user settings (immutable settings)

[aherreraGH]

Need a programmatic way to prevent users from changing anything about the applications/widgets. Maybe based on user roles.

[andersevenrud]

Nice suggestion :+1:

I'm thinking that the solution here would be to add this configuration option:

{
  settings: {
    immutable: true
  }
}

To totally lock it down from the client-side. And then have an option on the server to select which roles that can use the API endpoint.

[andersevenrud]

I've added support for locking down settings client-side in recent commits (you can see links in this thread).

It's now possible to lock down in two ways:

Applying settings to the desktop

Prevents users from applying settings to the Desktop. If this is enabled the default configured settings will always be set in all cases.

{
  desktop: {
    lock: true
  }
}

Setting settings in a namespace

Prevents users from using the registry for certain namespaces

{
  settings: {
    lock: ['osjs/dekstop']
  }
}

I'll write back here when the release goes out :)

[andersevenrud]

You mentioned roles, so I'll add that as well.

[andersevenrud]

Well, I just published with the changes mentioned above FYI.

[aherreraGH]

Thanks, I'll check it out sometime this week or next.

[andersevenrud]

Just some notes if you're upgrading. The configuration tree has changed:

https://github.com/os-js/osjs-client/blob/master/src/config.js

Also, you need to move src/conf/webpack.config.js to src/client FYI because previous release changed the path of that file :)

[aherreraGH]

Good to know, thank you sir!

[andersevenrud]

I've also added support for "blacklist" via login responses as in v2, as well as groups in the application metadata (which will match against groups from a login response) btw :) Though, I need to add support in the Auth adapters as well.