Raquel Rice wrote:
Thank you Brion. Please bear with me while I ask one more little question. I understand about prmissions being additive, but ... in the above scenario ... what if I change that up a bit:
- group A provides permissions P and Q
- group B provides permissions Q and R
- group C provides permissions X, Y and Z
- user Alice in group A
- user Bob in group B
- user Charles in groups A, B and C
BUT I don't want Charles to have permission Q ... Can I then specify that group C does not have permission Q?
Nope. If you don't want Charles to have permission Q, don't put him in a group which confers permission Q.
# Any user can edit talk pages. Only Sysop can edit other pages function fnMyUserCan($title, $user, $action, $result) { if ($action == 'edit') { if (!$title->isTalkPage() && !$user->isSysop()) $result = false; } }
This is pretty scary-looking. :) Note that User::isSysop is obsolete, predating the modern permissions system.
I think what you probably want is something like:
if ($action == 'edit') { if (!$title->isTalkPage() && !$user->isAllowed('editarticles')) $result = false; }
Then you'd give the 'editarticles' permission and whatever else you wanted to the 'editor' group.
I want "editor" to be able to edit other pages and to do everything that a "sysop" can do but not be able to (let's say) upload. So I create "editor" with $wgGroupPermissions['editor' ]['upload'] = false; in LocalSettings.php, placing it AFTER the "sysop" permissions.
That should give "editor" all "sysop" permissions except upload. Right?
If you want to give 'editor' the permissions from 'sysop', just copy the lines and replace 'sysop' with 'editor', so that 'editor' has all those same permissions.
-- brion vibber (brion @ pobox.com)