We are wondering about plugin settings and methods that changes field values (e.g. Working with form values â DatoCMS ) and webhooks events / content management API.
For a more specific context, we are using the Word Counter Plugin and which creates and populates a JSON field with properties configured in plugin settings. We want to reconfigure the plugin to remove certain properties from that JSON field that have already been saved in a number of records collections.
Is it possible for a change in plugin settings to propagate changes throughout an entire collection of records all at once?
One assumption is that it can only âtouchâ the item if an editor opens a record type the plugin is configured on and/or publishes the changes but we want to be doubly sure that itâs not possible for a plugin settings change to act on all records and fire more webhook events than we can safely handle. I couldnât find much regarding the relationship between the plugin SDK and the content management API, if any.
Youâre correct, typically speaking, that plugins generally only modify the record theyâre currently on (by directly manipulating its form state).
However, this is NOT a technical limitation or a security boundary, just a typical usage pattern. A plug-in is an embedded iframe that technically can do anything its author wants it to do, e.g., a plugin can call the CMA on its own and bulk-update records that way. Itâs not part of the plugin SDK, but the plugin SDK is just a set of helper utilities, not a security sandbox. Your plugin is a full Javascript app that can do anything that it has the API keys for. If you give the plugin your currentUserAccessToken, then it has the full permissions of the current user, and can do everything they can do (via API call).
I am not sure what your underlying use case here is? If you just want the plugin to show the current word count without writing anything back to a JSON field, you should be able to do that with some small modifications.
If you did want to write to a JSON field but are afraid of firing too many external webhooks through a series of edits in the CMS, youâd have to check its source code (https://github.com/voorhoede/datocms-plugin-word-counter) or ask its developer @devoorhoede for details about that, but my guess is it probably doesnât bulk-edit recordsâŚ
The plugin SDK internally uses a combination of CMA API calls and the ctx context object (example) passed to it from the CMS. Ultimately, itâs a standalone Javascript app embedded in an iframe and passed the ctx from the parent CMS page. The ctx it gets contains both data and methods, like being able to update the recordâs internal form state and forcing a save.
Separately, a plugin developer can also choose to make separate CMA calls with the current userâs access token, and in so doing, can do anything that userâs role can do.
This can be done either with the CMA client, or through raw HTTP fetch() calls to the CMA.