On Tue, 04 Jun 2013 17:35:24 -0700, Chris Steipp <cste...@wikimedia.org>
wrote:
The biggest issue we hit with the permissions was trying to balance
fine granularity and not overwhelming the user with the list of what
was being requested and have them blindly agree to it.
We initially were going to use your patch and limit based on module,
but there were a few places where that seemed too course. But then if
we just used user rights, then to edit a page the user needed to grant
8 (iirc) permissions.
I would certainly welcome discussion on the tradeoffs.
I see no problem with needing to grant 8 permissions for simple things.
There is nothing inherently wrong with listing 8 strings inside of the
scope you ask for.
The only possible issue I can see would be the grant page overloading the
user with a list of permissions. However that is only an issue if that
page is implemented in a lazy way. Just dumping the permissions instead of
properly formatting and grouping them.
For example, assuming the rights "read, edit, autoconfirmed, createpage,
createtalk, deletedhistory, deletedtext" are requested.
The WRONG way to display this would be:
* Read pages (read)
* Edit pages (edit)
* Create pages (which are not discussion pages) (createpage)
* Create discussion pages (createtalk)
* Edit semi-protected pages (autoconfirmed)
* View deleted history entries, without their associated text
(deletedhistory)
* View deleted text and changes between deleted revisions (deletedtext)
This set of permissions can be vastly simplified by grouping, filtering,
and combining permissions.
Firstly on a public wiki read can be dropped from the list. The pages are
public so getting a user's read rights doesn't grant you any new
permissions.
Next autoconfirmed. This one you might just filter out to. Does anyone
know of any situation you'd expect OAuth to let an app "Edit any page I
can edit, but not the semi-protected ones I could usually edit."?
edit, createpage, and createtalk can actually be grouped and combined into
a single entry and group. Likewise deletedhistory and deletedtext can be
combined into one entry in a separate common group.
Like so:
((Grant this app permission to))
## Editing
* Edit existing content and create pages and talkpage as me.
## Administrative
* View deleted history entries, text, and changes.
"Edit existing content and create pages and talkpage as me." is a
combination entry in the list of things being granted. The text varies by
what permissions are being granted.
edit,createpage,createtalk = "Edit existing content and create pages and
talkpage as me."
edit,createpage = "Edit existing content and create pages as me."
edit,createtalk = "Edit existing content and create talkpages as me."
edit = "Edit existing content as me."
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
