Open elias-pap opened 2 years ago
There's no limit at the moment. With the self hosted you can do it in code. :)
What would be the idea behind it though? Those are both very abstract notions that don't translate too well to actual usage (storage or otherwise).
I see, thanks for clarifying. Say I had a todo app which contains lists (collections) of todos (items) and I want to limit the number of lists and todos a user could create. What would be the best way to go about this ?
OK, that you can do as collections really map to lists and items really map to items. I just meant that things get more vague in other kinds of applications.
If you want to add this limit though you'd have to implement something on the server. You probably want a cron job that just queries the db daily and notify customers (soft limits) rather than blocking them immediately when they create one? Or maybe you want to block immediately, then you need to modify the collection_create/item_create code to check the count (it's a one liner) and return an error if over the count.
Yeah I agree things can get vague since what kind of usage make sense to restrict depends on the business logic of every app. Putting limits to collection/items server-side could make sense since these notions are decoupled of any particular business logic and they are more tied to the platform itself.
Implementing it in-code is a solution, but is not ideal since the developer would have to maintain their own fork of etebase, right ? Alternatively, it could be configurable. There could be an option to e.g. set global limits on collections and/or items.
I think such an option wouldn't hurt (can be turned off by default or set to a very high limit) and it could be useful for a good percentage of apps out there.
Just limiting with a config is probably fine for your use-case but it's not always fine. E.g. in the case of soft-limit. You also want to let the admin of the etebase instance that something happened and let them do something (e.g. send an email suggesting they upgrade, or helping them out figuring what happened).
I'm not against this suggestion as a config, just saying that there's more to it.
I see. I wonder how easy it would be to have something like a plugin architecture, so each developer can inject their own middleware functions to a request's lifecycle to implement custom things like resource limiting.
ACTUALLY, we already have it and it's possible, lol. I'm just silly, sorry. We do the same for etesync.com!
You just need to add a new permissions class that checks this and limits it (there are a few examples in the repo, because we use permissions for other things too).
Ah that's nice. All right, I can look into it then. Feel free to close this issue if you prefer. Thanks !
I'm happy to include such example permission limiters in the core repo if you want to open a PR for it.
Since this cannot be supported securely client-side, I'd want to ask this question for both the hosted and the OSS (self-hosted) version. Thank you.