Allow us to filter InsertService Requests

So, a few people in a Skype group were having a dilemma over InsertService being able to insert admin commands/similar, so I suggested for an event to be fired whenever a client requests for a model to be inserted. I looked at the wiki and apparently there is an event which seems to do this, but since it isn’t documented, I can’t be sure.

Basically, what I’m asking for is something like this:

InsertService.InsertRequested (Callback)
Whenever a client requests to insert a model, this event is fired with these parameters:
Player who requested the insert
AssetId which was requested

The server has to define this, and would have to return ‘true’ to allow the model to be inserted. If the function does not return or returns ‘false’, the request is simply ignored.

Example use of this:

local AllowedAssets = {[1] = true, [2] = true, [3] = true, [4] = true }

function game.InsertService.InsertRequest(player, AssetId) -- Could also be a 'data' table, like MarketplaceService's ProcessReceipt.
if not AllowedAssets[AssetId] then
player:Kick() -- Kick players who try to exploit their way through the system.
return false
end
return true
end

What are your guys opinions on this? I think it could help prevent some kinds of exploits, such as admin commands being inserted in a place when they shouldn’t.

I know people are probably going to say “Well you shouldn’t have bad models that people can use saved to your models in the first place!!”, but it gets pretty difficult do go through 50 pages of models depending on who you are, and it’s not used all the time in my specific places. For instance, I just gave some stuff to SONIC – it’s a FilteringEnabled place, but people insert the admin in his models and then have control of the server.

Make InsertService work server side only.
There’s no reason the client should be making calls to the service. The server should insert the models that the client needs and distribute them.

[quote] Make InsertService work server side only.
There’s no reason the client should be making calls to the service. The server should insert the models that the client needs and distribute them. [/quote]

While that is true, I still think backwards compatibility matters more. With my method, if no function is defined, then all requests are allowed, which is the current behaviour.

InsertService.LegacyMode? Much like they did with disabling loadstring for ScriptServices.

I mean, it’s something. I dont know how many free models out there rely on InsertService.

Pretty sure LoR relies on InsertService to handle characters and whatnot.

On the client or on the server?

Not sure – All I see is that Davidii has a bunch of models that look like they would be inserted with InsertService.

If he’s smart, he’d just insert them all into ReplicatedStorage once when the server starts (or periodically if he’s that anal) and let the clients grab the models from there.
That why new clients dont get new versions of models before other just for joining later.

This is unnecessary because when called from the client, LoadAsset and LoadAssetVersion can only insert models made by ROBLOX or made by the place creator. All other models can’t be inserted. Correct me if I’m wrong.

Yes, but people can insert an admin model that the creator owns, and then edit it to where they’re an admin.

Please just don’t allow :Insert() to be called from the client – it’s dumb to let the client do whatever it wants to with InsertService – especially since that goes against the very principle of FilteringEnabled.

@Seranok. Wrong, i can insert models that is eather 1. Owned by you 2. Owned by roblox 3. Free model (stigma V2 and V3)

What if a model contains a server script to change the callback?

Let’s see a repro for this. Make a place with a single LocalScript that inserts a model using InsertService that is not created by ROBLOX or the place creator.

Why can the client do whatever the hell it wants to do with InsertService anyway? That completely violates and needs to be fixed.

It can’t, it can only insert models created by ROBLOX or created by the place creator. It’s done this way so it doesn’t break skateboards and gear that rely on this functionality.

Ughhh that’s so annoying. I have to get SONIC to delete all of the admin scripts that he has in his inventory (he never gets on so this is going to take a while) to prevent people from inserting admin and giving admin to themselves.