Using the new image upload widget
https://openacs.org/xowiki/en/site_wide_image_upload_widget it is
possible to easily add an image within the content of any object that uses
the Xinha richtext editor.
The user who uploads the image may choose how the image is to be shared (outside of the context of the document itself: e.g. upload an image while creating a wiki page and allow it to appear in the site wide image browser). It can be public, shared with everyone is the subsite, or private. If the image is "private" means it does not inherit permissions from any other object. This means the only person who can see it is the owner, but if the image is uploaded within the context of another object, i.e. an Xowiki page, a link is created between the page and the image and if someone can view the page they will also be able to see the image (it does not make sense to have a sub-page level permissions).
Right now we make this work by creating a special URL /image/${image_id}/private/${xowiki_page_id}/${filename} This generates a unique URL that includes the "viewing context". When this URL is accessed the system is checked to make sure a data link exists, that is, that the image is used "in" the viewing context object, and that the viewing user has permission to see the viewing context object.
Does this sound insane? Does anyone have a better idea of how to implement this.