On Fri, 28 Jul 2006 13:14:25 -0700 Brion Vibber brion@pobox.com wrote:
Raquel Rice wrote:
<snip>
If I add a user to "editor" and to "sysop" then disallow "editor" from certain of the functions using $wgGroupPermissions will I be able to disallow those sysop functions from "editor"?
Will "editor" override "sysop" or will "sysop" override "editor"?
Permissions are additive.
Note that setting a particular permission to 'false' for some group just means that membership in the group does not provide that permission; it doesn't take it away if another group the user is in confers the same permission.
Given this scenario:
- group A provides permissions P and Q
- group B provides permissions Q and R
- user Alice in group A
- user Bob in group B
- user Charles in both groups A and B
then:
- Alice has permissions P and Q
- Bob has permissions Q and R
- Charles has permissions P, Q, and R
So, unless you did something very strange with your hook (in most cases a hook for userCan should not be necessary), then a user's being in 'editor' will not cause them to lack any permissions that their being in 'sysop' gives them.
-- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
Thank you Brion. Please bear with me while I ask one more little question. I understand about prmissions being additive, but ... in the above scenario ... what if I change that up a bit:
* group A provides permissions P and Q * group B provides permissions Q and R * group C provides permissions X, Y and Z * user Alice in group A * user Bob in group B * user Charles in groups A, B and C
BUT I don't want Charles to have permission Q ... Can I then specify that group C does not have permission Q?
Changing group C permissions to X, Y, Z and !Q
In real life I am using ...
# Any user can edit talk pages. Only Sysop can edit other pages function fnMyUserCan($title, $user, $action, $result) { if ($action == 'edit') { if (!$title->isTalkPage() && !$user->isSysop()) $result = false; } } $wgHooks['userCan'][] = 'fnMyUserCan'; (taken from: http://www.mediawiki.org/wiki/User:Barrylb/Usercan_Hook )
I want "editor" to be able to edit other pages and to do everything that a "sysop" can do but not be able to (let's say) upload. So I create "editor" with $wgGroupPermissions['editor' ]['upload'] = false; in LocalSettings.php, placing it AFTER the "sysop" permissions.
That should give "editor" all "sysop" permissions except upload. Right?