Actually each group need to be assigned every needed
rights. There is
nothing like inheritance / cumulation. So one have to:
Anonymous = permission(read)
LoggedIn = permission(read, write)
Sysop = permission(read, write, delete)
Bureaucrat = permission(makesysop)
This way bureaucrat account is only to make sysop.
Actually, I think this is probably like my "cumulative" approach, I
just didn't explain it very well; what I meant is that if a user is
assigned to two groups, they will gain both sets of rights:
* User:A has group "Sysop" -> permission(read, write, delete)
* User:B has groups "Sysop", "Bureaucrat" -> permission(read,
write,
delete) + permission(makesysop)
Or do you mean that a bureaucrat would actually need to log out and
then log in with a different account which could make sysops but not
edit pages?
By the way, any chance that while we're redesigning we can be
consistent with terminology and get rid of this "An Administrator is
someone with Sysop status" nonsense in favour of just calling the
status flag "Admin"? [I know, this isn't as uncontroversial as I'm
making out, it's just a personal bug-bear]
We want 1.4beta to be out by the end of the year and I
personally would
like to get the user right system in 1.4 (as it's a big new feature).
As I am slowly coding it, I will try to keep it as simple as possible
and then we can enhance it with inheritance later in 1.4.x versions .
Agreed.
--
Rowan Collins BSc
[IMSoP]