[xwiki-users] Restricting Images
For a current project, I would like to limit users in the way they use images. I want to 1) allow all users to edit pages 2) disable file upload for all users except my 'ImageEditors' group (i.e. no attachments) 3) make sure users only use images uploaded by an 'ImageEditors' Unfortunately I found it very difficult to implement aforementioned requirements in XWiki. XWiki does not implement a designated 'attachment' access level, turning off images is not trivial and file upload can not be configured. After creating a user group 'ImageEditors', I created two different spaces, 'Main' and 'Images' and set the space rights for 'Images' to 'view' for all users and to 'edit' for 'ImageEditors'. While all users can still edit 'Main'-space-pages, only 'ImageEditors' can edit 'Images'-space-pages (and thus upload attachments to these pages). To restrict image use, I replaced the com.xpn.xwiki.render.macro.ImageMacro with my own code (external jar) that only renders image tags using attachments from the 'Images' space. For every macro call, it checks if a page with the same name exists in the 'Images' space and renders this (parallel) page's attachment (if found). Since 'Main'-space-page attachments are ignored, only attachments uploaded by 'ImageEditors' are published. Finally, I customized the skin in a way that, in edit mode, images can be conveniently picked from the respective (parallel) 'Images'-space-page and also removed all file upload skin code for non-'ImageEditors'. This works and meets my requirements with the minor flaw that all users can still upload arbitrary files to 'Main'-space-pages when posting to the upload URL directly. ---------- Is there an easier/better/simpler way of accomplishing the above? I'd appreciate any comments. Thank you, Josef
Josef Pfleger wrote:
For a current project, I would like to limit users in the way they use images. I want to
1) allow all users to edit pages 2) disable file upload for all users except my 'ImageEditors' group (i.e. no attachments) 3) make sure users only use images uploaded by an 'ImageEditors'
Unfortunately I found it very difficult to implement aforementioned requirements in XWiki. XWiki does not implement a designated 'attachment' access level, turning off images is not trivial and file upload can not be configured.
After creating a user group 'ImageEditors', I created two different spaces, 'Main' and 'Images' and set the space rights for 'Images' to 'view' for all users and to 'edit' for 'ImageEditors'. While all users can still edit 'Main'-space-pages, only 'ImageEditors' can edit 'Images'-space-pages (and thus upload attachments to these pages).
To restrict image use, I replaced the com.xpn.xwiki.render.macro.ImageMacro with my own code (external jar) that only renders image tags using attachments from the 'Images' space. For every macro call, it checks if a page with the same name exists in the 'Images' space and renders this (parallel) page's attachment (if found). Since 'Main'-space-page attachments are ignored, only attachments uploaded by 'ImageEditors' are published.
Finally, I customized the skin in a way that, in edit mode, images can be conveniently picked from the respective (parallel) 'Images'-space-page and also removed all file upload skin code for non-'ImageEditors'.
This works and meets my requirements with the minor flaw that all users can still upload arbitrary files to 'Main'-space-pages when posting to the upload URL directly.
----------
Is there an easier/better/simpler way of accomplishing the above? I'd appreciate any comments.
You can extend/override the com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl class and register it in xwiki.cfg, so that you can add the upload right. Now, if you extend XWikiRightsServiceImpl, you won't need to separate the attachments from the targeted documents. You've probably done that already, but just to mention it, you can disable the default attachment sections from the interface, like the Attachments entry in the action menu, or the attachments area at the bottom of the default view. You can also delete the attachments*.vm templates from the skin to disable attachment displaying for users who know the "right" URL. Sergiu
You can extend/override the com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl class and register it in xwiki.cfg, so that you can add the upload right. Now, if you extend XWikiRightsServiceImpl, you won't need to separate the attachments from the targeted documents.
I have extended the com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl class to support an 'attachment' level and used the xwiki.authentication.rightsclass parameter in xwiki.cfg. That works, thank you! The only /ugly/ part remaining is my patched com.xpn.xwiki.render.macro.ImageMacro. Is there another way to prevent users from using external image urls?
Josef Pfleger wrote:
You can extend/override the com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl class and register it in xwiki.cfg, so that you can add the upload right. Now, if you extend XWikiRightsServiceImpl, you won't need to separate the attachments from the targeted documents.
I have extended the com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl class to support an 'attachment' level and used the xwiki.authentication.rightsclass parameter in xwiki.cfg. That works, thank you!
The only /ugly/ part remaining is my patched com.xpn.xwiki.render.macro.ImageMacro. Is there another way to prevent users from using external image urls?
Well, if you set the proper rights, users will be able to upload images only in the space you allow them to. But you cannot prevent smart users from using images from other sources than attachments, as they can enter HTML <img> tags. So, as far as the image macro is concerned, you don't have to patch it if attachments can only be posted in one space. You can also update the tinymce files/velocity templates so that the wysiwyg editor displays only images from a certain place, and the users don't see things they cannot use, anyway. Sergiu
Sergiu Dumitriu-2 wrote:
But you cannot prevent smart users from using images from other sources than attachments, as they can enter HTML tags.
Yes I can and I want to. To achieve this, my skin only renders $doc.EscapedContent. -- View this message in context: http://www.nabble.com/Restricting-Images-tp14678172p14724573.html Sent from the XWiki- Users mailing list archive at Nabble.com.
j05ef wrote:
Sergiu Dumitriu-2 wrote:
But you cannot prevent smart users from using images from other sources than attachments, as they can enter HTML tags. Yes I can and I want to. To achieve this, my skin only renders $doc.EscapedContent.
Ah, nice trick. About the ImageMacro, I guess we could use a platform feature that restricts using images only from some spaces. I imagine this in the following way: - there's a setting in xwiki.cfg, like xwiki.render.image.allowedSpaces=Main,Uploads - The Images macro reads this property and checks if the document is in the right space - There could be another configuration that lists not the allowed spaces, but the disabled ones, which would be better in some cases, like xwiki.render.image.disabledSpaces=XWiki,Private I think you have the proper skills to implement this, and it would be nice to share it with the community, so could you make a Jira issue for this (jira.xwiki.org) and give a patch? Thanks, Sergiu
On Jan 10, 2008, at 12:07 PM, Sergiu Dumitriu wrote:
j05ef wrote:
Sergiu Dumitriu-2 wrote:
But you cannot prevent smart users from using images from other sources than attachments, as they can enter HTML tags. Yes I can and I want to. To achieve this, my skin only renders $doc.EscapedContent.
Ah, nice trick.
About the ImageMacro, I guess we could use a platform feature that restricts using images only from some spaces.
I don't understand the need for this in the platform since it looks to me a bit too specific a need (unless I don't understand something). I'd rather we have something more generic that encompasses this use case. I may be mistaken though. -Vincent
I imagine this in the following way:
- there's a setting in xwiki.cfg, like xwiki.render.image.allowedSpaces=Main,Uploads - The Images macro reads this property and checks if the document is in the right space - There could be another configuration that lists not the allowed spaces, but the disabled ones, which would be better in some cases, like xwiki.render.image.disabledSpaces=XWiki,Private
I think you have the proper skills to implement this, and it would be nice to share it with the community, so could you make a Jira issue for this (jira.xwiki.org) and give a patch?
Thanks, Sergiu
participants (4)
-
j05ef -
Josef Pfleger
-
Sergiu Dumitriu -
Vincent Massol