"Tim Starling" posted a comment on MediaWiki.r92364.
URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/92364#c27316
Commit summary for MediaWiki.r92364:
First steps for bug 14801: add backend support for per-namespace permissions to
core. This extends $wgGroupPermissions syntax from
$wgGroupPermissions[$group][$right] = bool to
$wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely
backwards compatible; the booleans are still fully supported, and any unset
namespace will default to false.
* User::getRights(), User::isAllowed() and User::getGroupPermissions now
optionally accept a namespace parameter. If not set, it will check whether the
user has the right for all namespaces.
* Anything that uses Title::getUserPermissionsErrorsInternal() automatically
supports per-namespace permissions. This includes
Title::getUserPermissionsErrors and Title::(quick)UserCan.
* Fix tests that set User::mRights
The next step would be to change all User::isAllowed() to Title::quickUserCan
or pass the namespace to User::isAllowed().
Tim Starling's comment:
I think it makes more sense to have per-namespace permissions in a separate
configuration global, with $wgGroupPermissions retaining the old format and
providing a default policy for non-listed namespaces. This is for the reasons
Catrope gave, and also because in the future we might think of other criteria
besides namespaces that we want to include in our permissions system. The
proposed configuration format only supports per-namespace permissions, it
doesn't support time-of-day permissions or per-category permissions or anything
like that.
Bug 14801 could be solved by patching SpecialUndelete to check
$this->mTitleObject->userCan('deletedhistory') etc. instead of just
$wgUser->isAllowed(), and then hooking getUserPermissionsErrors in a small
Wikimedia-specific extension or in a configuration file. I don't think anything
grand is needed. But if we do want to do something grand, we should make sure
we get it right.
_______________________________________________
MediaWiki-CodeReview mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
