On 06/06/13 07:14, Daniel Friesen wrote:
You'll need:
- A list of rights to omit and just automatically grant (minoredit,
etc...).
- A map of rights naming what group they belong to.
- A rule to remove read from the list when the wiki is public and a
hook to let extensions do similar with their rights.
- A map showing how to combine multiple rights into one key eg:
`'editcreateall' => array( 'edit', 'createpage', 'createtalk' )` or perhaps instead a method and hook.
- And some new i18n text for the rights and new keys (frankly it's
good to re-do the i18n anyways, a grant page is best with more informative text like "Edit existing content as me" or "under my name", etc... rather than blindly repeating the right's normal i18n like "Edit pages (edit)")
So that's basically a flat configuration array, a key->value configuration array, a few lines of code with a hook, a tiny bit more code or an array, and some new entries to MessagesEn.php.
Brad, Chris and I discussed this on IRC today. I think we can do something along these lines, with about 1-2 weeks of additional work. I think it will lead to a nicer UI, which definitely should be a goal.
The IRC log is here: https://www.mediawiki.org/wiki/Auth_systems/OAuth/IRC_log_2013-06-06
I'm recommending making these "groups" of rights be both a UI concept and a storage concept, very similar to the existing group feature, rather than storing right grants and somehow bidirectionally mapping them to group grants in the UI layer. That way, future code changes can split rights (e.g. upload -> upload/reupload), and have all the OAuth grants be implicitly updated by changing the group map.
Since we would go crazy trying to talk about both the OAuth feature and the existing user feature as being "groups", Chris suggested using the term "permission" to refer to the fundamental unit of an OAuth grant.
-- Tim Starling