Raquel Rice wrote:
Thank you Brion. Please bear with me while I ask one
more little
question. I understand about prmissions being additive, but ... in
the above scenario ... what if I change that up a bit:
* group A provides permissions P and Q
* group B provides permissions Q and R
* group C provides permissions X, Y and Z
* user Alice in group A
* user Bob in group B
* user Charles in groups A, B and C
BUT I don't want Charles to have permission Q ... Can I then specify
that group C does not have permission Q?
Nope. If you don't want Charles to have permission Q, don't put him in a group
which confers permission Q.
# Any user can edit talk pages. Only Sysop can edit
other pages
function fnMyUserCan($title, $user, $action, $result)
{
if ($action == 'edit')
{
if (!$title->isTalkPage() && !$user->isSysop())
$result = false;
}
}
This is pretty scary-looking. :) Note that User::isSysop is obsolete, predating
the modern permissions system.
I think what you probably want is something like:
if ($action == 'edit')
{
if (!$title->isTalkPage() &&
!$user->isAllowed('editarticles'))
$result = false;
}
Then you'd give the 'editarticles' permission and whatever else you wanted to
the 'editor' group.
I want "editor" to be able to edit other
pages and to do everything
that a "sysop" can do but not be able to (let's say) upload. So I
create "editor" with $wgGroupPermissions['editor' ]['upload']
= false; in LocalSettings.php, placing it AFTER the "sysop"
permissions.
That should give "editor" all "sysop" permissions except upload.
Right?
If you want to give 'editor' the permissions from 'sysop', just copy the
lines
and replace 'sysop' with 'editor', so that 'editor' has all those
same permissions.
-- brion vibber (brion @
pobox.com)