[xwiki-users] Restricting Images
Sergiu Dumitriu
sergiu at xwiki.com
Thu Jan 10 00:11:08 CET 2008
Josef Pfleger wrote:
> > You can extend/override the
> > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl class and register
> > it in xwiki.cfg, so that you can add the upload right. Now, if you
> > extend XWikiRightsServiceImpl, you won't need to separate the
> > attachments from the targeted documents.
>
> I have extended the com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl
> class to support an 'attachment' level and used the
> xwiki.authentication.rightsclass parameter in xwiki.cfg. That works,
> thank you!
>
> The only /ugly/ part remaining is my patched
> com.xpn.xwiki.render.macro.ImageMacro. Is there another way to prevent
> users from using external image urls?
Well, if you set the proper rights, users will be able to upload images
only in the space you allow them to. But you cannot prevent smart users
from using images from other sources than attachments, as they can enter
HTML <img> tags.
So, as far as the image macro is concerned, you don't have to patch it
if attachments can only be posted in one space. You can also update the
tinymce files/velocity templates so that the wysiwyg editor displays
only images from a certain place, and the users don't see things they
cannot use, anyway.
Sergiu
More information about the users
mailing list