Raquel Rice wrote:
I have a user that I would like to have some, but not
all, of the
same rights of sysop. I've created a new user group ... let's say
"editor". I'm also using a "userCanHook" function to limit
certain
functions for users who are not sysop. However, I'd like to allow
"editor" some of the functions which are allowed sysops.
If I add a user to "editor" and to "sysop" then disallow
"editor"
from certain of the functions using $wgGroupPermissions will I be
able to disallow those sysop functions from "editor"?
Will "editor" override "sysop" or will "sysop" override
"editor"?
Permissions are additive.
Note that setting a particular permission to 'false' for some group just means
that membership in the group does not provide that permission; it doesn't take
it away if another group the user is in confers the same permission.
Given this scenario:
* group A provides permissions P and Q
* group B provides permissions Q and R
* user Alice in group A
* user Bob in group B
* user Charles in both groups A and B
then:
* Alice has permissions P and Q
* Bob has permissions Q and R
* Charles has permissions P, Q, and R
So, unless you did something very strange with your hook (in most cases a hook
for userCan should not be necessary), then a user's being in 'editor' will
not
cause them to lack any permissions that their being in 'sysop' gives them.
-- brion vibber (brion @
pobox.com / brion @
wikimedia.org)