A problem with Rotem's implementation is that it allows at most two levels of privilege assignment: one that abides by the permissions whitelists, and one that doesn't. If you want another level, that's impossible.
I still prefer my syntax for deciding assignment rights, namely
$wgUserPermissions['bureaucrat']['addgroup']['sysop'] = true; $wgUserPermissions['bureaucrat']['addgroup']['bureaucrat'] = true; $wgUserPermissions['bureaucrat']['addgroup']['bot'] = true; $wgUserPermissions['bureaucrat']['remgroup']['bot'] = true;
or something to that effect. It's completely flexible, and significantly simpler (if I do say so myself) than Titoxd's. If for one or more groups of the current user 'addgroup' or 'remgroup' is non-false, then Special:Userrights would become available; to determine what groups are available on each side, you'd merge the arrays from all the user's groups (conflict for a key would default to true) on each side and then foreach. The 'userrights' permission would remain, and would have the same function as now. Rotem's 'userrights_remote' would also be present, but his other three would be redundant.
Thoughts?