On May 17, 2008, at 3:28 PM, DanTMan wrote:
That is against how MediaWiki works.
Every account is part of the user group. And inheritance is done with
true always overriding false. In other words, because a student is a
user even though createaccount is set to false for them, the fact that
they are a user which has createaccount set to true means that they
are
allowed to create an account. You can't force that off. That's not how
MediaWiki's permissions system works, and if the extension is based
off
that bad assumption then it definitely won't go into svn cause that's
the kind of thing that will only work if you hack MediaWiki to work
that
way, and hacks aren't supported.
I could have sworn that it worked in an earlier version of MW, but I
see that setting
$wgGroupPermissions['student'] = false;
behaves just like you say it does. However, it was easy to whip up an
extension to modify this behavior without hacking MW, by hooking at
UserGetRights.
http://www.mediawiki.org/wiki/Extension:RestrictiveRights
Obviously, I wish that was the default - I think admins expect that if
they explicitly turn something off in LocalSettings, it should not be
overridden by something else. But that's just me.
Additionally, it's pointless to try and create an
extension with a
more
limited way to manage permissions based off the Userrights stuff.
Because if someone can use your form, then can just as easily access
the
build in Special:Userrights and edit permissions with what they are
allowed to do. Restricting that within a extension's special page is
pointless because all it gives you is a false sense of security that
doesn't exist.
I'm not going to update the
mediawiki.org page yet, since I figure
it's likely that you will find other problems (unless you're sick of
this and have given up!), but I have a test revision if you're willing
to keep looking at these
http://trimer.tamu.edu/jh/UserRightsList.0.5a1.tgz
I created an global variable that can be set to allow users who do not
have userrights to modify specific subsets of group membership of
users they created. For my setup, I use:
$egUserRightsListChGrp['user'][] = 'student';
Inside the extension, I modify $wgAddGroups and $wgRemoveGroups based
on $egUserRightsListChGrp, but since this is local to the extension,
it does not affect access to Special:Userrights.
I also changed the date handling based on your suggestions, and did
some other stuff to aid independence from mysql. But I don't have any
installations to test those on.
I hope I'm getting closer to addressing your concerns.
JH
<snip>
=====================================
Jim Hu
Associate Professor
Dept. of Biochemistry and Biophysics
2128 TAMU
Texas A&M Univ.
College Station, TX 77843-2128
979-862-4054