Hi all,
I have, in my working copy, some changes to CentralAuth which
introduce the concept of a global user group. That is, a group
attached to a global account, which applies on all wikis.
To use CentralAuth as a guinea pig for core, I've included a "group
management" interface, which allows users with the appropriate
*global* permissions (local permissions don't count) to edit global
group assignments, which are stored in the CentralAuth database. A
screenshot of the new interface is available. [1] If this interface is
successful, I will consider implementing it in core, to make
permissions changes a steward request, not a shell request.
This is a pretty major change, and has very wide-reaching
implications, both politically and technically (particularly with
respect to performance). Consequently, I'm asking for wide review of
my patch, which is available on bug 13773 [2], of my methodology for
implementing this change, and of the idea itself.
Known Issues:
* It's not currently clear how to delete a group (you unassign all
permissions). I'm going to add a 'delete this group' button in the
future.
* There's not currently a list of all users in a group. I need to add
this functionality to Special:GlobalUsers, as well as changing the
logging target.
[1] -
http://www.mediawiki.org/wiki/Image:Global_Group_Management.png
[2] -
https://bugzilla.wikimedia.org/show_bug.cgi?id=13773
--
Andrew Garrett