Hi all,
I have, in my working copy, some changes to CentralAuth which introduce the concept of a global user group. That is, a group attached to a global account, which applies on all wikis.
To use CentralAuth as a guinea pig for core, I've included a "group management" interface, which allows users with the appropriate *global* permissions (local permissions don't count) to edit global group assignments, which are stored in the CentralAuth database. A screenshot of the new interface is available. [1] If this interface is successful, I will consider implementing it in core, to make permissions changes a steward request, not a shell request.
This is a pretty major change, and has very wide-reaching implications, both politically and technically (particularly with respect to performance). Consequently, I'm asking for wide review of my patch, which is available on bug 13773 [2], of my methodology for implementing this change, and of the idea itself.
Known Issues: * It's not currently clear how to delete a group (you unassign all permissions). I'm going to add a 'delete this group' button in the future. * There's not currently a list of all users in a group. I need to add this functionality to Special:GlobalUsers, as well as changing the logging target.
[1] - http://www.mediawiki.org/wiki/Image:Global_Group_Management.png [2] - https://bugzilla.wikimedia.org/show_bug.cgi?id=13773