Roan Kattouw wrote:
Brion Vibber schreef:
It's a bit cleaner in API terms, but I'm
a bit leery of the way the
functions were split up and errors returned with numerically-indexed
arrays (plus I'm still very leery of having a change groups action in
the API at all) so for now I've taken it back out.
Could you be more specific as to how the implementation could be changed
to be of acceptable quality? Also, why don't you want changerights in
the API?
The more privileged operations are in an undermaintained secondary
interface, the more likely we are to have security problems. As such I
should warn that I currently would not accept a ChangeRights api module
at all, no matter how it's implemented.
In theory though, API and UI modules should *both* make clean calls to
backend classes. An ideal API or UI module should never touch the
database, for instance, nor check permissions.
-- brion vibber (brion @
wikimedia.org)