I am in the process of deploying Discourse for use by a small community of users with quite stringent security requirements. We want to lock down the security on the forum so that each category can only be seen by a specific group of users, which looks like it can be done from the admin panel, but we also want to secure file uploads the same way (randomly generated URLs aren’t secure enough for our needs). We aren’t using S3 - if we make this file server it’s probably going to be dead simple static files in a filesystem. I floated the idea of using our own private server for uploaded files instead of the service that comes with Discourse, but we don’t want our users to inadvertently degrade security on images so would want users of the web UI to also be using this service to also use this separate file hosting service.
I think this boils down to two options:
(1) Change the API endpoints used by the upload button in the composer so that they point to our server, or
(2) Disable the upload button and replace it with our own doppelgänger plugin, which uploads to our server.
We would also need to add parameters to the web API call, in particular to add a category or equivalent classification to the image.
My question is whether someone knows off the top of their head whether we ought to be able to do this with the existing API, plugin API, etc. Thanks a lot!