Granular Security?



  • Want to run something by you and see if it is currently possible or gauge the loe for a plugin. We build software components for a living via our community. We have two major use cases for nodebb:

    • Wide open forum with categories that everyone can post to. Nodebb can handle this now and is #awesome.
    • When we spin up a new project to build some "big software stuff" we want to restrict it to a pool of admins so they can discuss pricing, requirements, timelines, etc. We may have 100's of admins in total but we only want some specific admins (the ones that are involved in this project) to have read/write access.

    My guess is we could use the current security via groups? However, are there API calls for managing groups, members and categories? We have 600K+ members and would be creating 5-25 new categories per day with (in theory) a different group of members for each category.

    Thanks!


  • GNU/Linux Admin

    Unfortunately, our api is read-only, although now that you mention it, a write-enabled API would be a very good next step. Our main focus for this round is optimization and bugfixing (we'll see how well we stick to this), though after that, anything goes.

    When we want to write data, we use web sockets, instead of a REST API. For simplicity's sake, building an API layer on top of the socket method calls is fairly trivial. Perhaps I can have something for you to play around with in a week or two 🙂



  • Thanks @julian! Do you see any scalability issues? I'm assuming we should use mongo instead of redis for this type of volume.


  • GNU/Linux Admin

    @jeffdonthemic said:

    Do you see any scalability issues?

    Honestly? Not really, although I am aware that I may be being wilfully ignorant. NodeBB is used on several big sites with decent DAU/MAU counts, though we're always on the lookout to reduce call times as much as possible.

    A write-enabled API layer atop NodeBB (most likely secured via API) should not introduce much overhead.

    Edit: I'd only be worried about creating that many categories per day (followed by deleting them, I'd imagine?). It could fill up a Redis database, since it's all memory-backed. Something disk-based would alleviate this easily.



  • @julian said:

    Edit: I'd only be worried about creating that many categories per day (followed by deleting them, I'd imagine?). It could fill up a Redis database, since it's all memory-backed. Something disk-based would alleviate this easily.

    Yes... this is what I was thinking as well. Was thinking of moving to mongo.

    Would love to help with a write-enabled API if you get the gears in motion.


  • GNU/Linux Admin

    @jeffdonthemic It's a deal! 😄


Log in to reply
 

Suggested Topics

| |