Last modified: 2014-08-16 10:04:41 UTC
I don't see the point of setting https://github.com/wikimedia/mediawiki-core/blob/c31fbf073e112526236d3afe6ef4dab3d5cd8e6f/includes/DefaultSettings.php#L4459 $wgGroupPermissions['*']['viewmywatchlist'] = true; if we also have this: https://github.com/wikimedia/mediawiki-core/blob/1ea16c08d70152062ba7feef62de8a69b3d08820/includes/specials/SpecialWatchlist.php#L41-L42 // Anons don't get a watchlist $this->requireLogin( 'watchlistanontext' ); Shouldn't $wgGroupPermissions['*']['viewmywatchlist'] = true; be replaced by $wgGroupPermissions['user']['viewmywatchlist'] = true; ?
There seems to be other permissions in the same situation: editmywatchlist, editmyusercss, editmyuserjs, editmyoptions (bug 20151?).
True, these have no effect for anonymous users. But it does allow the possibility of using User::isEveryoneAllowed() in situations where that's advantageous, since it's very likely that outside of OAuth requests all relevant users really will have these permissions.
For context, here is where I noticed removing the permission from would be relevant: https://en.wikipedia.org/w/index.php?title=MediaWiki_talk:Gadgets-definition#GeoNotice The gadget in question modifies [[Special:Watchlist]] but it is intended only for users with access to that page (currently, logged in users), and the Gadgets extension is based on "rights" not "groups" (per bug 12211 comment 4).
The ['*'] implies these are catch-all rights. But instead of dabbling with user rights, I'd like to be able to specify user groups when defining a gadget module, so we can target user classes.