On 05/06/13 15:42, Brad Jorsch wrote:
There's nothing wrong with having a large list of fine-grained rights to grant as long as you format them properly for the user.
In other words, implement another rights-grouping system just as complicated and less clear than the approach currently proposed.
You seem to prefer a new set of user groups. But that doesn't allow restricting the rights to hold as few permissions as possible. And I'm not only considering general-purpose apps, but also bots, whose credentials (token) may not be in the best safe. It should be possible to restrict a program to just read deleted revisions, instead of granting a generic "act as a sysop" scope, being able to read blocks/abusefilters or restoring them. If a program only imports flickr images, it doesn't need reupload or reupload-own. Hey, even restricting a token to editing one specific page would be useful for many bots (ok, we don't need to support _that much_).
Also, having a foo scope different than foo right, just creates confusion.
By the way, did you notice that the Granularity of Permissions table can be the same in both cases, and the only difference is if the apps should ask for the scope (shown as-is to the user, the wiki converts it to rights) or the user rights (and the wiki presents them as scopes to the user) ?