From: Gergő Tisza Date: Tue, 9 Oct 2018 06:46:30 +0000 (-0700) Subject: Add editing own JSON to editmyoptions grant X-Git-Tag: 1.34.0-rc.0~3213^2 X-Git-Url: http://git.cyclocoop.org/%7B%7B%20url_for%28%27admin_vote_add%27%29%20%7D%7D?a=commitdiff_plain;h=b93e10646299b6024ac0576a29196d6710710fe6;p=lhc%2Fweb%2Fwiklou.git Add editing own JSON to editmyoptions grant Editing one's own user JS is a dangerous grant that should only be given to very highly trusted app. The same is probably true of CSS as well, even if it's less dangerous. Editing user JSON, on the other hand, is entirely harmless as long as the consumers of the JSON are coded reasonably, so grouping it with JS/CSS editing into a single grant is unhelpful. Make it part of the editmyoptions grant instead. This extends an existing grant, which is not great, both in terms of clarity of the grant (even though user preferences and user JSON have a very similar role, this grouping is not intuitive) and user experience with existing access tokens (which seem to grant the new right but actually don't). It still seems better than further inflating the number of grant options, though. Bug: T206438 Change-Id: I14482093f7ce05250398feabbb4d17c0461c04c3 --- diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index da016d47be..e321e30252 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -5857,6 +5857,7 @@ $wgGrantPermissions['editmycssjs']['editmyuserjson'] = true; $wgGrantPermissions['editmycssjs']['editmyuserjs'] = true; $wgGrantPermissions['editmyoptions']['editmyoptions'] = true; +$wgGrantPermissions['editmyoptions']['editmyuserjson'] = true; $wgGrantPermissions['editinterface'] = $wgGrantPermissions['editpage']; $wgGrantPermissions['editinterface']['editinterface'] = true; diff --git a/languages/i18n/en.json b/languages/i18n/en.json index e7691e4e10..a57373c9ab 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -1300,7 +1300,7 @@ "grant-delete": "Delete pages, revisions, and log entries", "grant-editinterface": "Edit the MediaWiki namespace and sitewide/user JSON", "grant-editmycssjs": "Edit your user CSS/JSON/JavaScript", - "grant-editmyoptions": "Edit your user preferences", + "grant-editmyoptions": "Edit your user preferences and JSON configuration", "grant-editmywatchlist": "Edit your watchlist", "grant-editsiteconfig": "Edit sitewide and user CSS/JS", "grant-editpage": "Edit existing pages",