Allow models owned by the group owner to be inserted into group places

As the title says. At the moment there is no way ( AFAIK ) to insert models that the group hasnt created.

Might be a web feature, I’m not sure.

1 Like

This has been suggested before, but the issue was that then people who have group edit permissions can steal your models you didn’t intend to be used by the group. If you want your group places to have access to a model, you should just publish it as a group model. Feel free to post here if there are any complications with that though and we can evolve the feature request.


I can’t do that as I already have the module posted so anyone currently using it won’t work

Is this a private module inserted through InsertService, or one required by AssetId?

required by asset id but needs to be able to be inserted via insertservice

Perhaps the solution then is to allow the group to “take” models so that it would have permission to use them, much like a regular user. Lack of support for this has caused a number of similar issues, so it would be a good idea for groups to have this sort of functionality.

That seems like it would require a lot more work. Perhaps it could allow the insertion of models owned by the group owner if they are free to take?

Wait, you’re unable to insert a model into your group game that’s free to take? I thought it was private. That sounds like a bug.

You haven’t been able to insert free models for ages

Oh, right – it was for security reasons. Now that FilteringEnabled is a thing though, maybe that restriction can be revisited. @ConvexHero what are your thoughts on this? Would FE games be fine without the restriction, should there be some way of whitelisting certain assets for games (whether that be taking the model, group or not, a game config table, or part of the API), or should this be tackled with a larger-scale campaign against 3rd party scripts’ trustworthiness and lack of control?

With FilteringEnabled, and the more relevant setting that prevents client-side inserts (by default), free models could be ok. There actually is a feature for this in the current system. However, it is disabled for most/all places.

There are several questions that will eventually need to be answered. For example, should InsertService always get newest, or a target version? Should the model’s scripts have full read/write access to the full datamodel? For my jaded view, assets could eventually be required to have only “AssetScripts” that have restrictions – devs could have an android-like permission system. (Ideally, not as bad…)

For me, allowing free models in group games is not the solution. Specifically, if an experience relies on some intellectual property, the experience should own that IP at some version. If the IP creator desires a perpetual payment model, we should make this more formal.

Also, auto-updated models are not a viable solution for serious projects in this era. They rely on the account security of random users who may have left years ago.


Can’t you put the model inside a MainModule that says return script.Model and require it?

Make the current asset version ID easily accessible if you have insert permissions for an item and people can use InsertService:LoadAssetVersion() to solve the version issue. The current insert behavior is fine because there is a way to get both the most recent version and a specific version. It just needs to be easier to get the ID of a specific version. A disclaimer should be put on the wiki that warns about how inserting the latest version can be a hole in security though.

I really like the whole AssetScript idea. Those have the potential for far more use cases than just controlling assets that are being used which were made by other devs. Depending on how powerful the permissions system is it might be possible to allow other users to make content for your game in a safe way.

Without a well-defined AssetScript concept, asset versions are less interesting. An asset can impose a time based limit using time or http access.

require caches so that wouldn’t work.

@ConvexHero As for assetscripts, that’s fine, however this isn’t a script being inserted into a random place, this is a script being inserted into a group place whose owner has given permission and has worked with me on this script.

Bump, really need this as the alternative is to upload the model to every group and then push the updates to all of the individual models :frowning: