TokenMod bug with Target and IDS Permissions

I've encountered the API bug when using @{target|...} in my ability/macro.  The token is deselected, regardless of the order of the commands.  I read in the help that this is known: WARNING:  Because of a Roll20 bug with @{target|} and the API, you must specify the tokens you want to change using  --ids  when using @{target|}. My macro works fine with --ids, but the DM doesn't want to enable the setting that allows players to use the --ids command.  It seems that the permission for the --ids command is in the wrong place, to me.  I'm wondering if the API script can be modified such that any player can specify a token via --ids, but whose actions will be rejected if the token isn't owned by the player.  I think that would involve moving the check from detecting the -ids command to instead at determining that the requester is a player and checking whether he or she owns the token.  Is this possible?

If a player owns the token, they can just select the token and use a token-mod macro. Is there a particular reason you can't just select the token you want to apply the change to? It's the same number of clicks (or potentially less) than a target command.

When your ability includes the @{target|...} as well, it deselects the token (which I think is a Roll20 bug). Then the TokenMod command no longer uses the selected token as the one to modify (as it has been deselected).  In fact, nothing is selected at that point.   I suppose an alternative is to have another way to identify the token, such as --name or --token, which allows players to specify a token, and only executes if the player owns the token.

See the TokenMod thread... I just wrote up a post on using SelectManager to select the token virtually: {&select @{selected|token_id} }