Hi everyone, I have issues setting conditions on dialogs.
I tried with a descriptor with a similar code to the following snippet:
"dialogs": [
{
"url": "/some-endpoint,
"key": "some-key-for-endpoint",
"conditions": [
{
"condition": "user_is_logged_in"
},
{
"condition": "user_is_admin"
}
]
}
]
The issue is that if someone tries to access the dialog directly in the browser, using a url similar to the following: https://my-developer-instance/wiki/plugins/servlet/ac/my-addon-key/some-key-for-endpoint?classifier=json
The response is going to contain several information regarding the dialog including a 'contextJwt" that maliciously could be used to access other endpoints.
I would like to limit that form of access using conditions ( Connect conditions (atlassian.com)) . That strategy worked on generalPages but for some reason on dialogs is not.
Does anyone knows the proper way to limit access on dialogs?