Feasibility Check - modding or replacing the file upload feature in the composer

Hi all.

I am in the process of deploying Discourse for use by a small community of users with quite stringent security requirements. We want to lock down the security on the forum so that each category can only be seen by a specific group of users, which looks like it can be done from the admin panel, but we also want to secure file uploads the same way (randomly generated URLs aren’t secure enough for our needs). We aren’t using S3 - if we make this file server it’s probably going to be dead simple static files in a filesystem. I floated the idea of using our own private server for uploaded files instead of the service that comes with Discourse, but we don’t want our users to inadvertently degrade security on images so would want users of the web UI to also be using this service to also use this separate file hosting service.

I think this boils down to two options:
(1) Change the API endpoints used by the upload button in the composer so that they point to our server, or
(2) Disable the upload button and replace it with our own doppelgänger plugin, which uploads to our server.
We would also need to add parameters to the web API call, in particular to add a category or equivalent classification to the image.

My question is whether someone knows off the top of their head whether we ought to be able to do this with the existing API, plugin API, etc. Thanks a lot!

Here’s an example of some of that: Discourse Video Upload Plugin with YouTube and Vimeo

There is an access_control_post_id field in the uploads model.

My guess is that if you want fine-grained permissions of uploads you’ll save a lot of time using the S3 code that exists–especially if obscure filenames aren’t enough–you’d essentially need to write an entire permissions system for wherever you’re going to put the stuff. Or maybe I just don’t understand.

1 Like