[xwiki-users] Help needed :o) - Xwiki vs. Twiki

[Sergiu Dumitriu]

Josef Pfleger wrote:
>  > #set($showcomments = false)
>  > #set($showattachments = false)
> 
> That only tells the skin not to render the corresponding HTML, it does 
> not prevent users from posting comments or uploading files to the 
> respective URLs directly!
> Of course, the URLs could be changed to a secret (struts config), but I 
> wouldn't call that security at all.
> 
> Also, this only applies to the albatross skin, I have my own that does 
> not support the 'showcomments' and 'showattachments' settings.
> 
> -Josef
> 
> Ludovic Dubost wrote:
>> You can add
>>
>> #set($showcomments = false)
>> #set($showattachments = false)
>>
>> In a page where you don't want to see the comments/attachments block.
>> To do the same for a space put it in the skin with
>>
>> #if($doc.space=="spacename")
>> #set($showcomments = false)
>> #set($showattachments = false)
>> #end
>>
>> Ludovic
>>
>> Josef Pfleger wrote:
>>
>>> Of course users can still upload files and post comments to the 
>>> respective urls directly, even with 'showattachments' or 'showcomments' 
>>> set to 'no'. These settings just tell the skin not to render the HTML, 
>>> they don't affect any privileges.
>>>
>>> If you want to prohibit commenting, set the according rights (Level 
>>> 'comment') for the page/space. Unfortunately there is no rights level 
>>> for attachments. Attachments are (hard-coded into XWiki's Core) bound to 
>>> the 'edit' rights level.

See http://www.nabble.com/Restricting-Images-to14678172.html#a14678673