We are a rather large student association with about 3300 members. We recently developed a new member management REST API which contains all member information, such as what subdivision they belong to, and allows to authenticate users. We now want to setup a file storage cloud for all of our members.
For this, we want to code a nextcloud app, which does the following:
on each user login:
- authenticate user against our REST API service
- read users subdivisions from REST API and:
2.1 create new nextcloud groups for every new subdivision and create a shared folder for this group
2.2 assign nextcloud groups to logged in user
I.e. what we want to achieve is that user authentication and group association data is read from an external interface. (+ some other helper tasks)
To implement this, we already implemented an authentication proof of concept which allows to authenticate users against our API. We now have the following questions:
- Is it a good idea to do all group tasks (create group, create share, assign group) at user login time? What would be a better approach? At every user login, this process should be repeated as a user might have left a subdivision in the mean time and access to the respective shares should be revoked.
- Which modules do we need to use to: create a new nextcloud group? create a share for this group? assign a possibly new user to a group?
- Does anybody know an existing app/addon which does user authentication / group assignment / share creation where we could base our implementation on?
Thanks all for your help!