My company is building a platform on top of a heavily extended Drupal core. I have multiple customers who will be using separate instances of this system and will want to customize both the theme and the functionality.
I'm trying to design a system to allow them to add themes and modules, some of which might interact with some of my modules, without giving them access to the actual code. (This isn't open source)
The way that Facebook and Ning do this is to have the developer host their own custom code, and have a callback to it. This won't really work for me, as these sites need the ability to be fully customized, so callbacks for specific integration points don't really work.
One option is to set up a sandbox environment where the custom developers only have access to a couple specific directories to build their themes and custom modules. We could then integrate with git to commit these when they're ready and deploy them with the rest of our code into production. The problem with this setup is that developers have to develop remotely and have to use our source control system.
A more typical setup is to allow the developers to download something to build their custom code against. They can develop locally and use whatever source control practices they already have. As we don't want specific point integrations, I don't think this can be a library that runs against a separate server. The alternative is to download our full core Drupal system and develop locally against that, uploading the custom code when it's ready, but then they would have access to all our code and IP.
Thus the predicament, as I don't think there is any way to effectively obfuscate PHP.
Anyone have any brilliant ideas here?
