Editing one's own user JS is a dangerous grant that should only
be given to very highly trusted app. The same is probably true
of CSS as well, even if it's less dangerous.
Editing user JSON, on the other hand, is entirely harmless as long
as the consumers of the JSON are coded reasonably, so grouping it
with JS/CSS editing into a single grant is unhelpful. Make it part
of the editmyoptions grant instead.
This extends an existing grant, which is not great, both in terms
of clarity of the grant (even though user preferences and user JSON
have a very similar role, this grouping is not intuitive) and
user experience with existing access tokens (which seem to grant
the new right but actually don't). It still seems better than
further inflating the number of grant options, though.
Bug: T206438
Change-Id: I14482093f7ce05250398feabbb4d17c0461c04c3
$wgGrantPermissions['editmycssjs']['editmyuserjs'] = true;
$wgGrantPermissions['editmyoptions']['editmyoptions'] = true;
+$wgGrantPermissions['editmyoptions']['editmyuserjson'] = true;
$wgGrantPermissions['editinterface'] = $wgGrantPermissions['editpage'];
$wgGrantPermissions['editinterface']['editinterface'] = true;
"grant-delete": "Delete pages, revisions, and log entries",
"grant-editinterface": "Edit the MediaWiki namespace and sitewide/user JSON",
"grant-editmycssjs": "Edit your user CSS/JSON/JavaScript",
- "grant-editmyoptions": "Edit your user preferences",
+ "grant-editmyoptions": "Edit your user preferences and JSON configuration",
"grant-editmywatchlist": "Edit your watchlist",
"grant-editsiteconfig": "Edit sitewide and user CSS/JS",
"grant-editpage": "Edit existing pages",
dépôts / lhc / web / wiklou.git / commitdiff