https://bugzilla.wikimedia.org/show_bug.cgi?id=10493
Daniel Friesen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mediawiki-bugs@nadir-seen-f | |ire.com --- Comment #18 from Daniel Friesen <[email protected]> 2012-10-23 03:39:53 UTC --- ...I could see this working fine in core. Might want to do it alongside other improvements to our permissions system. Improve autopromote; Make it less of a hack. And improve it's capabilities. Support extra things like expiry on normal permissions. Consider simplifying group inheritance. Support restricted permission sets for some things. I've seen some use cases for something like a edit or delete capability restricted to a namespace. Consider some sort of individual right grant rather than group membership or some sort of capabilities group. Some of those use cases for restricted rights would be a mess if each of them needed a manual group. Some of these things are actually things that the OAuth use cases have been wanting and we'll need general support for within the software in order to implement in OAuth. For OAuth support some sort of capabilities interface with a User::getCapabilities method and capabilities we attach to an individual user instance. Then OAuth could define a capabilities instance that would use scope rights but ensure they lie within the user's given rights. And likewise it could nest those recursively to properly support refresh tokens granting rights with smaller scopes. Course I don't have time to write up the details or code. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
