List Info

Thread: User Rights
User Rights
user name
 2006-07-28 18:24:15 
I have a user that I would like to have some, but not all,
of the
same rights of sysop.  I've created a new user group ...
let's say
"editor".  I'm also using a
"userCanHook" function to limit certain
functions for users who are not sysop.  However, I'd like
to allow
"editor" some of the functions which are allowed
sysops.

If I add a user to "editor" and to
"sysop" then disallow "editor"
from certain of the functions using $wgGroupPermissions will
I be
able to disallow those sysop functions from
"editor"?  

Will "editor" override "sysop" or
will "sysop" override "editor"?

Does it depend upon which is listed first in
LocalSettings.php?

version: 1.6.7

-- 
Raquel
============================================================
There is only one success; to be able to spend your life in
your own
way, and not to give others absurd maddening claims upon it.
  --Christopher Darlington Morley

_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
User Rights
user name
 2006-07-28 20:14:25 
Raquel Rice wrote:
> I have a user that I would like to have some, but not
all, of the
> same rights of sysop.  I've created a new user group
... let's say
> "editor".  I'm also using a
"userCanHook" function to limit certain
> functions for users who are not sysop.  However, I'd
like to allow
> "editor" some of the functions which are
allowed sysops.
> 
> If I add a user to "editor" and to
"sysop" then disallow "editor"
> from certain of the functions using $wgGroupPermissions
will I be
> able to disallow those sysop functions from
"editor"?  
> 
> Will "editor" override "sysop"
or will "sysop" override "editor"?

Permissions are additive.

Note that setting a particular permission to 'false' for
some group just means
that membership in the group does not provide that
permission; it doesn't take
it away if another group the user is in confers the same
permission.

Given this scenario:
* group A provides permissions P and Q
* group B provides permissions Q and R
* user Alice in group A
* user Bob in group B
* user Charles in both groups A and B

then:
* Alice has permissions P and Q
* Bob has permissions Q and R
* Charles has permissions P, Q, and R

So, unless you did something very strange with your hook (in
most cases a hook
for userCan should not be necessary), then a user's being
in 'editor' will not
cause them to lack any permissions that their being in
'sysop' gives them.

-- brion vibber (brion  pobox.com / brion  wikimedia.org)

_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
User Rights
user name
 2006-07-28 21:17:56 
On Fri, 28 Jul 2006 13:14:25 -0700
Brion Vibber <brionpobox.com> wrote:

> Raquel Rice wrote:
<snip>
> > If I add a user to "editor" and to
"sysop" then disallow
> > "editor" from certain of the functions
using $wgGroupPermissions
> > will I be able to disallow those sysop functions
from "editor"? 
> > 
> > 
> > Will "editor" override
"sysop" or will "sysop" override
> > "editor"?
> 
> Permissions are additive.
> 
> Note that setting a particular permission to 'false'
for some
> group just means that membership in the group does not
provide
> that permission; it doesn't take it away if another
group the user
> is in confers the same permission.
> 
> Given this scenario:
> * group A provides permissions P and Q
> * group B provides permissions Q and R
> * user Alice in group A
> * user Bob in group B
> * user Charles in both groups A and B
> 
> then:
> * Alice has permissions P and Q
> * Bob has permissions Q and R
> * Charles has permissions P, Q, and R
> 
> So, unless you did something very strange with your
hook (in most
> cases a hook for userCan should not be necessary), then
a user's
> being in 'editor' will not cause them to lack any
permissions that
> their being in 'sysop' gives them.
> 
> -- brion vibber (brion  pobox.com / brion 
wikimedia.org)
> 

Thank you Brion.  Please bear with me while I ask one more
little
question.  I understand about prmissions being additive, but
... in
the above scenario ... what if I change that up a bit:

* group A provides permissions P and Q
* group B provides permissions Q and R
* group C provides permissions X, Y and Z
* user Alice in group A
* user Bob in group B
* user Charles in groups A, B and C

BUT I don't want Charles to have permission Q ... Can I
then specify
that group C does not have permission Q?

Changing group C permissions to X, Y, Z and !Q

In real life I am using ...

# Any user can edit talk pages. Only Sysop can edit other
pages
function fnMyUserCan($title, $user, $action, $result)
{
    if ($action == 'edit')
    {
        if (!$title->isTalkPage() &&
!$user->isSysop())
            $result = false;
    }
}
$wgHooks['userCan'][] = 'fnMyUserCan';
(taken from: http://www.mediawiki.org/wiki/User:Barrylb/Usercan_Hook
)

I want "editor" to be able to edit other pages
and to do everything
that a "sysop" can do but not be able to (let's
say) upload.  So I
create "editor" with
$wgGroupPermissions['editor' ]['upload']       
  = false;  in LocalSettings.php, placing it AFTER the
"sysop"
permissions.

That should give "editor" all
"sysop" permissions except upload. 
Right?

-- 
Raquel
============================================================
There is only one success; to be able to spend your life in
your own
way, and not to give others absurd maddening claims upon it.
  --Christopher Darlington Morley

_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
User Rights
user name
 2006-07-28 21:41:38 
Raquel Rice wrote:
> Thank you Brion.  Please bear with me while I ask one
more little
> question.  I understand about prmissions being
additive, but ... in
> the above scenario ... what if I change that up a bit:
> 
> * group A provides permissions P and Q
> * group B provides permissions Q and R
> * group C provides permissions X, Y and Z
> * user Alice in group A
> * user Bob in group B
> * user Charles in groups A, B and C
> 
> BUT I don't want Charles to have permission Q ... Can
I then specify
> that group C does not have permission Q?

Nope. If you don't want Charles to have permission Q,
don't put him in a group
which confers permission Q.

> # Any user can edit talk pages. Only Sysop can edit
other pages
> function fnMyUserCan($title, $user, $action, $result)
> {
>     if ($action == 'edit')
>     {
>         if (!$title->isTalkPage() &&
!$user->isSysop())
>             $result = false;
>     }
> }

This is pretty scary-looking.  Note that
User::isSysop is obsolete, predating
the modern permissions system.

I think what you probably want is something like:

>     if ($action == 'edit')
>     {
>         if (!$title->isTalkPage() &&
!$user->isAllowed('editarticles'))
>             $result = false;
>     }

Then you'd give the 'editarticles' permission and
whatever else you wanted to
the 'editor' group.

> I want "editor" to be able to edit other
pages and to do everything
> that a "sysop" can do but not be able to
(let's say) upload.  So I
> create "editor" with
$wgGroupPermissions['editor' ]['upload']       
>   = false;  in LocalSettings.php, placing it AFTER the
"sysop"
> permissions.
> 
> That should give "editor" all
"sysop" permissions except upload. 
> Right?

If you want to give 'editor' the permissions from
'sysop', just copy the lines
and replace 'sysop' with 'editor', so that 'editor'
has all those same permissions.

-- brion vibber (brion  pobox.com)

_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )