Auth systems/OAuth/Design/Grants

From MediaWiki.org
Jump to navigation Jump to search

Grants[edit]

These are bundles of permissions that a user can give to a Consumer, to use on their behalf. The goal is to prevent a user from being overwhelmed by an app asking for lots of individual permission, however they should be fine-grained enough that the user isn't handing out unnecessary permissions to a potentially hostile Consumer.

  • A typical Consumer will have one or more of these "Grants" authorized by the user.
  • These only limit the user's existing permissions to what they will allow the Consumer to also use, so if the user doesn't have the right themselves, then the Consumer will not have the right either.
  • The titles and descriptions will be MediaWiki messages, translated into the user's language.

Potential Grants[edit]

(Very rough draft, please edit!)

  • "Use OAuth" - autoconfirmed, autopatrol, autoreview, editsemiprotected, ipblock-exempt, nominornewtalk, patrolmarks, proxyunbannable, purge, read, skipcaptcha, torunblocked, unblockself, writeapi
    • Intended to be requested by all clients, although this isn't enforced except that they won't have rights to do many basic things.
  • High Volume - bot, apihighlimits, noratelimit, markbotedits
  • Edit Pages - edit, minoredit
  • Edit Protected Pages - [Edit Pages], editprotected
  • Edit My JS/CSS Pages - [Edit Pages], editmyusercss, editmyuserjs
  • Edit Interface - [Edit Pages], editinterface, editusercss?, edituserjs?
  • Create/Move Pages - [Edit Pages], createpage, createtalk, move, move-rootuserpages, move-subpages, suppressredirect
  • Upload - upload, reupload-own
  • Upload (All Rights) - [Upload], reupload, reupload-shared, upload_by_url, movefile
  • Patrol - patrol
  • Rollback - rollback
  • Block Users - block, blockemail
  • View Deleted - browsearchive, deletedhistory, deletedtext
  • Delete Pages - [Edit Page], [View Deleted], delete, bigdelete, deletelogentry, deleterevision, undelete
  • Protect Pages - [Edit Protected], protect
  • View Watchlist - viewmywatchlist
  • Edit Watchlist - editmywatchlist
  • Send Email - sendemail
  • Oversight - hideuser, suppressrevision, suppressionlog

Other core rights[edit]

  • createaccount
  • editmyoptions
  • editmyprivateinfo
  • import
  • importupload
  • mergehistory
  • override-export-depth
  • passwordreset
  • siteadmin
  • unwatchedpages
  • userrights
  • userrights-interwiki
  • viewmyprivateinfo

Other WMF-deployed extensions' rights[edit]

  • abusefilter-hidden-log
  • abusefilter-hide-log
  • abusefilter-log
  • abusefilter-log-detail
  • abusefilter-log-private
  • abusefilter-modify
  • abusefilter-modify-global
  • abusefilter-modify-restricted
  • abusefilter-private
  • abusefilter-revert
  • abusefilter-view
  • abusefilter-view-private
  • aft-administrator
  • aft-editor
  • aft-member
  • aft-monitor
  • aft-oversighter
  • aft-reader
  • autoreview
  • autoreviewrestore
  • centralauth-autoaccount
  • centralauth-lock
  • centralauth-merge
  • centralauth-oversight
  • centralauth-unmerge
  • centralnotice-admin
  • checkuser
  • checkuser-log
  • codereview-add-tag
  • codereview-associate
  • codereview-link-user
  • codereview-post-comment
  • codereview-remove-tag
  • codereview-review-own
  • codereview-set-status
  • codereview-signoff
  • codereview-use
  • collectionsaveascommunitypage
  • collectionsaveasuserpage
  • createclass
  • disableaccount
  • editrestrictedfields
  • ep-addstudent
  • ep-becampus
  • ep-beinstructor
  • ep-beonline
  • ep-bereviewer
  • ep-bulkdelcourses
  • ep-bulkdelorgs
  • ep-campus
  • ep-course
  • ep-enroll
  • ep-instructor
  • ep-online
  • ep-org
  • ep-remarticle
  • ep-remreviewer
  • ep-remstudent
  • ep-token
  • globalblock
  • globalblock-exempt
  • globalblock-whitelist
  • globalgroupmembership
  • globalgrouppermissions
  • hiderevision
  • interwiki
  • listall
  • loginviashell
  • lqt-merge
  • lqt-react
  • lqt-split
  • managednsdomain
  • manageglobalpuppet
  • manageproject
  • markashelpful-admin
  • markashelpful-view
  • moodbar-admin
  • moodbar-delete
  • moodbar-view
  • movestable
  • nuke
  • override-antispoof
  • oversight
  • pagetranslation
  • renameuser
  • repoadmin
  • review
  • skipcaptcha
  • stablesettings
  • tboverride
  • tboverride-account
  • torunblocked
  • transcode-reset
  • transcode-status
  • translate
  • translate-groupreview
  • translate-import
  • translate-manage
  • translate-messagereview
  • translate-sandboxmanage
  • unreviewedpages
  • upwizcampaigns
  • usermerge
  • validate
  • ViewContributionTrackingTester
  • viewedittab
  • viewuserlang
  • vipsscaler-test