For a current project, I would like to limit users in the way they use images. I want to
1) allow all users to edit pages 2) disable file upload for all users except my 'ImageEditors' group (i.e. no attachments) 3) make sure users only use images uploaded by an 'ImageEditors' Unfortunately I found it very difficult to implement aforementioned requirements in XWiki. XWiki does not implement a designated 'attachment' access level, turning off images is not trivial and file upload can not be configured. After creating a user group 'ImageEditors', I created two different spaces, 'Main' and 'Images' and set the space rights for 'Images' to 'view' for all users and to 'edit' for 'ImageEditors'. While all users can still edit 'Main'-space-pages, only 'ImageEditors' can edit 'Images'-space-pages (and thus upload attachments to these pages). To restrict image use, I replaced the com.xpn.xwiki.render.macro.ImageMacro with my own code (external jar) that only renders image tags using attachments from the 'Images' space. For every macro call, it checks if a page with the same name exists in the 'Images' space and renders this (parallel) page's attachment (if found). Since 'Main'-space-page attachments are ignored, only attachments uploaded by 'ImageEditors' are published. Finally, I customized the skin in a way that, in edit mode, images can be conveniently picked from the respective (parallel) 'Images'-space-page and also removed all file upload skin code for non-'ImageEditors'. This works and meets my requirements with the minor flaw that all users can still upload arbitrary files to 'Main'-space-pages when posting to the upload URL directly. ---------- Is there an easier/better/simpler way of accomplishing the above? I'd appreciate any comments. Thank you, Josef _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
