10 Jan
2008
10 Jan
'08
12:11 a.m.
Josef Pfleger wrote:
Well, if you set the proper rights, users will be able to upload images
only in the space you allow them to. But you cannot prevent smart users
from using images from other sources than attachments, as they can enter
HTML <img> tags.
So, as far as the image macro is concerned, you don't have to patch it
if attachments can only be posted in one space. You can also update the
tinymce files/velocity templates so that the wysiwyg editor displays
only images from a certain place, and the users don't see things they
cannot use, anyway.
Sergiu
You can
extend/override the
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl class and register
it in xwiki.cfg, so that you can add the upload right. Now, if you
extend XWikiRightsServiceImpl, you won't need to separate the
attachments from the targeted documents.
I have extended the com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl
class to support an 'attachment' level and used the
xwiki.authentication.rightsclass parameter in xwiki.cfg. That works,
thank you!
The only /ugly/ part remaining is my patched
com.xpn.xwiki.render.macro.ImageMacro. Is there another way to prevent
users from using external image urls?