check allowed types depending on prefix

[pieterb]

Was: RfC009

[pieterb]

Tobias Weigel wrote:

So here my guess is, that there will be a way to restrict the metadata keys and/or values for each individual prefix. If a creation request is incompatible, it will be rejected. Is this correct? How will the restrictions be formalized, i.e. how elaborate can this get?

[pieterb]

If this issue is indeed about what Tobias describes, then I'd say we already have this functionality, in the form of Profiles... Maybe we need to create one or more example profiles that enforces certain key-value pairs?

[pieterb]

At the moment, the restrictions need to be programmed as Ruby methods. Each "profile" can implement up to three methods to restrict what happens:

1. create( request, prefix, suffix, values )
2. update( request, prefix, suffix, old_values, new_values )
3. delete( request, prefix, suffix, old_values )

The first two of these can (optionally) modify the value set.

There have been plans to allow our users to write profiles themselves, in JavaScript. This JavaScript would then be executed Server-Side, inside a safe sandbox. I did some tests, running JavaScript inside a sandbox in JRuby, using Rhino. This worked fine, actually, and it's still a viable path to take in the future. See also issue #12.

We could also investigate running user-supplied Ruby-code inside a sandbox.

[TobiasWeigel]

Why do you want to use JavaScript for this?

[pieterb]

Well, there've been long discussions about this, and JavaScript is only one of several options. Two pros of JavaScript are:

• it's a commonly understood language;
• interpreters are designed to handle running potentially hostile/flawed code in a safe sandboxed environment.
  Recently, Ruby's interpreters also got a feature called "safety levels" which might also allow running foreign code in a safe environment.