Saas with Silverstripe - Handling Themes

Silverstripe Version: 4

Hey guys,

I understand this might be a pretty broad subject, but interested to see if anyone had similar queries and how you tackled them.

Quick background:
I’m using SS framework (not CMS) as the engine for my Saas which allows people to create online shops. My biggest request by far is to allow customers to upload and modify their own templates, which leads me to the questions:

  • Did anyone ever use a system where users can upload themes?
    composer is not an option here, I don’t want to allow shell_exec, exec, etc… to run on the servers

  • How would you go about limiting template functionality?
    ie: I don’t want to allow the template developers to access every property/function of all classes (to build in some fool proofness) but rather, only fields / function available on the API

  • Would you allow the customer/developer upload SS templates or force them to use something like React/Angular and then interact with the API?
    I suspect performance might be quite poor if I go down this route as every page would need to make multiple API calls after page load