#set($showcomments = false)
#set($showattachments = false)
That only tells the skin not to render the corresponding HTML, it does
not prevent users from posting comments or uploading files to the
respective URLs directly!
Of course, the URLs could be changed to a secret (struts config), but I
wouldn't call that security at all.
Also, this only applies to the albatross skin, I have my own that does
not support the 'showcomments' and 'showattachments' settings.
-Josef
Ludovic Dubost wrote:
You can add
#set($showcomments = false)
#set($showattachments = false)
In a page where you don't want to see the comments/attachments block.
To do the same for a space put it in the skin with
#if($doc.space=="spacename")
#set($showcomments = false)
#set($showattachments = false)
#end
Ludovic
Josef Pfleger wrote:
Of course users can still upload files and post
comments to the
respective urls directly, even with 'showattachments' or 'showcomments'
set to 'no'. These settings just tell the skin not to render the HTML,
they don't affect any privileges.
If you want to prohibit commenting, set the according rights (Level
'comment') for the page/space. Unfortunately there is no rights level
for attachments. Attachments are (hard-coded into XWiki's Core) bound to
the 'edit' rights level.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users