Page MenuHomePhabricator

Most extensions which add a user right should also add or extend a grant
Open, MediumPublic

Description

OAuth and bot passwords (and maybe other things, now that grants are in core) rely on $wgGrantPermissions to expose access to privileged functionality, but most extensions don't support it. Any extensions that defines a user right which can in some way influence use of the API should also create a grant for that right, or add it to some existing grant.

Related Objects

StatusSubtypeAssignedTask
OpenNone
ResolvedMarcoAurelio
Resolveddemon
Resolvedaude
ResolvedMusikAnimal
ResolvedMusikAnimal
ResolvedAnomie
DeclinedNone
ResolvedJJMC89
ResolvedJJMC89
ResolvedDaimona
DeclinedNone
InvalidNone
ResolvedJJMC89
OpenShubham656jain
ResolvedUrbanecm
ResolvedDiwanshu885
ResolvedDannyS712
DeclinedNone
ResolvedJJMC89
ResolvedJJMC89

Event Timeline

What's the difference between a grant and a user group?

User groups are assigned to users. Grants are assigned to tools. When a tool acts through a user account, it will only have those rights which are available both through the user's groups and the tool's grants.

Tgr triaged this task as Medium priority.Mar 7 2017, 3:38 AM