Roan Kattouw wrote:
Remove ApiChangeRights. Duplicates code, doesn't handle current permissions model properly.
Gimme a chance to catch up man ;) This new permissions model has been introduced about a week ago. I agree on the code duplication thing, SpecialUserrights.php needs some more generalization there.
I'll work on improving ApiChangeRights. I just don't think it was necessary to remove the entire module, as no security leaks are introduced (the old model ApiChangeRights uses is more restrictive than the new one). You could also have tried to fix it yourself (although you may not have time for that, I know you're a busy guy), or just drop me a note.
I'd ***much*** rather have it not exist in core than be out of sync with other code.
In general I'm against duplicate code in the API -- that's absolutely the wrong way forward, and doubly so when doing any sort of 'write' or security-related operation.
Instead, existing mixed code should be refactored into clean back- and front-end sections.
-- brion vibber (brion @ wikimedia.org)