On 05/06/13 15:42, Brad Jorsch wrote:
There's nothing wrong with having a large list of fine-grained rights to
grant as long as you format them properly for the user.
In other words, implement another rights-grouping system just as
complicated and less clear than the approach currently proposed.
You seem to prefer a new set of user groups. But that doesn't allow
restricting the rights to hold as few permissions as possible. And I'm
not only considering general-purpose apps, but also bots, whose
credentials (token) may not be in the best safe.
It should be possible to restrict a program to just read deleted
revisions, instead of granting a generic "act as a sysop" scope, being
able to read blocks/abusefilters or restoring them. If a program only
imports flickr images, it doesn't need reupload or reupload-own.
Hey, even restricting a token to editing one specific page would be
useful for many bots (ok, we don't need to support _that much_).
Also, having a foo scope different than foo right, just creates confusion.
By the way, did you notice that the Granularity of Permissions table can
be the same in both cases, and the only difference is if the apps should
ask for the scope (shown as-is to the user, the wiki converts it to
rights) or the user rights (and the wiki presents them as scopes to the
user) ?
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
