Simetrical wrote:
A problem with Rotem's implementation is that it allows at most two levels of privilege assignment: one that abides by the permissions whitelists, and one that doesn't. If you want another level, that's impossible.
I still prefer my syntax for deciding assignment rights, namely
$wgUserPermissions['bureaucrat']['addgroup']['sysop'] = true; $wgUserPermissions['bureaucrat']['addgroup']['bureaucrat'] = true; $wgUserPermissions['bureaucrat']['addgroup']['bot'] = true; $wgUserPermissions['bureaucrat']['remgroup']['bot'] = true;
or something to that effect. It's completely flexible, and significantly simpler (if I do say so myself) than Titoxd's. If for one or more groups of the current user 'addgroup' or 'remgroup' is non-false, then Special:Userrights would become available; to determine what groups are available on each side, you'd merge the arrays from all the user's groups (conflict for a key would default to true) on each side and then foreach. The 'userrights' permission would remain, and would have the same function as now. Rotem's 'userrights_remote' would also be present, but his other three would be redundant.
Thoughts?
How about completely rewriting the permissions system? I mean, while you're doing all of this, you might as well do something a bit harder, but better (in wider perspective). The current system can lead to confusion and it has some setbacks (e.g. rights are additive) and the new system would be totally flexible and prone to all variations. If I knew PHP, I'd write it ;)
Filip