Josef Pfleger wrote: > > You can extend/override the > > com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl class and register > > it in xwiki.cfg, so that you can add the upload right. Now, if you > > extend XWikiRightsServiceImpl, you won't need to separate the > > attachments from the targeted documents. > > I have extended the com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl > class to support an 'attachment' level and used the > xwiki.authentication.rightsclass parameter in xwiki.cfg. That works, > thank you! > > The only /ugly/ part remaining is my patched > com.xpn.xwiki.render.macro.ImageMacro. Is there another way to prevent > users from using external image urls?
Well, if you set the proper rights, users will be able to upload images only in the space you allow them to. But you cannot prevent smart users from using images from other sources than attachments, as they can enter HTML <img> tags. So, as far as the image macro is concerned, you don't have to patch it if attachments can only be posted in one space. You can also update the tinymce files/velocity templates so that the wysiwyg editor displays only images from a certain place, and the users don't see things they cannot use, anyway. Sergiu _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
