Be more specific with the widget permissions #1997
Comments
|
I was wondering why we can't do this on the rust side but I believe the reason is that the sdk doesn't actually know that this is a specific element call widget. Seeing the web implementation though, I think we should have some sort of simple ElementCallWidgetPermissions struct on the rust side that we should use for both clients. |
|
Yes its not on the rust side since this is very widget specific (or even client speicifc actually). The methodology should be that users trust their clients. And the client should run the logic for wha they approve. The default should eb to prompt the user. But for EX ios and EX android the client just autoapproves. But all other clients using the rust sdk which are not developed by element might not autoapprove code ec since they dont trust it. But a list of permissions / struct of permissions makes a lot of sense and also fits the rest of the call specific code. I would like to call it |
Sounds good to me 👍 |
|
There is a Draft PR for this: matrix-org/matrix-rust-sdk#2825 |
|
Very nice! 👏 |
Currently we just approve all of them in the permission callback from the rust sdk.
In EW we only approve what the widget is allowed to:
https://github.com/matrix-org/matrix-react-sdk/blob/d405e85cec36cbc2d15e652726008ebfaca9daab/src/stores/widgets/StopGapWidgetDriver.ts#L123-L178
This should also be done on andoid/ios.
The text was updated successfully, but these errors were encountered: