Last modified: 2007-06-26 04:08:13 UTC
Ideas like this have been bandied about for quite some time, but I didn't see
any bugs open for it, so:
Often wikis will want custom groups. Unfortunately, these groups cannot
currently be assigned easily. Extensions have been created to allow bureaucrats
to assign and remove certain privileges, but there's no generalized way to allow
them to give and remove specific groups.
The ideal would be that in $wgGroupPermissions, the 'userrights' permission
would be changed to an array, so you could set something like
$wgGroupPermissions['bureaucrat']['userrights']['sysop']['add'] = true;.
Better syntax would probably be
$wgGroupPermissions['bureaucrat']['addgroup']['sysop'] = true;
I'm not sure if this syntax is possible, but I've proposed another syntax,
please see http://mail.wikipedia.org/pipermail/wikitech-l/2006-August/037892.html .
Created attachment 2950 [details]
Proposed patch. Please comment. Uses the format I suggested originally,
except I swapped things so it's
$wgGroupPermissions['bureaucrat']['userrights']['add']['sysop']. Maybe the
member functions should have been public User functions, but I don't know if
anything but SpecialUserrights will actually ever use them.
Tested it and it appears to work.
It occurs to me that I didn't consider the whole "remote" aspect, though.
Heh, always fun to look at patches you wrote yourself six months ago. The usage
of $wgGroupPermissions seems odd, but with our SpecialPage permissions it seems
to be the only way to get it to work without either greatly generalizing the
SpecialPage permissions mechanism or writing a whole bunch of duplicate
special-case code for Userrights.
Or make a new specialized array?
Created attachment 3611 [details]
Proposed patch Mk II
Updated version of previous patch. Still needs: error messages for failures;
informative lists of what you can add and why.
(In reply to comment #6)
> Or make a new specialized array?
Users will still need $wgGroupPermissions['userrights'] = something equivalent
to true to be able to access the page at all due to the way we do SpecialPage
restrictions. But to maintain reverse compatibility,
$wgGroupPermissions['userrights'] = true *must* continue to mean "you're
Superman and can do anything you want". So one way or another, this will
require either a reworking of SpecialPage permissions or a non-Boolean value in
Well, you can always keep $wgGroupPermissions['userrights'] = true and define a
new array in DefaultSettings.php for limited permissions. If you have only the
userrights permission, you have access to everything; if you have
$wgGroupPermissions['limiteduserrights'], you go through the permissions in the
Hmm. Of course, silly me. I should have thought of that. Yes, I (or someone
else) should update it to do that. It's only a few lines.
Created attachment 3806 [details]
Here is my variant for this. It makes everything customizable. For backward compatibility, Makesysop still needs to be enabled on Wikimedia wikis (integrating MakesysopStewardForm functionality into UserrightsForm would be the second step).
What advantages/disadvantages does that have over mine? And why does Makesysop still need to be enabled?
Added in r23410.