The RightsControl extension is a new tool which crosses between the Special:Userrights page and the Special:Makesysop, Special:Desysop, Special:Giverollback, and Special:Makebot extensions. It has a controlled interface much like Special:Userrights, but instead of one set permission, it allows certain groups to edit other groups in only limited ways. This basically means that using it a bureaucrat could be given control over only the Rollback, Sysop, and Bureaucrat flags. Furthermore it's possible to restrict some of these to one-way moves. As well as the fact that on special project like the WGEP another level of permissions could be created for those at a higher point in the project.


Setting up LocalSettings.phpEdit

Firstly you need to include one file into the settings with:

require_once( "$IP/extensions/RightsControl/RightsControl.php" );

After that you need to define the permissions:

The first permission to know about is rc-use anyone with this permission is allowed to use the form. Though without any other permissions they'll be able to view it, but they won't be able to change any permissions.

After that there are three types of permissions rc-mk-flag, rc-de-flag, and rc-sr-flag:

  • rc-mk-flag allows a group to add a flag by the name of flag to users.
  • rc-de-flag allows a group to remove a flag by the name of flag from users.
  • rc-sr-flag allows a group to remove a flag by the name of flag from themselves. (ie: A sysop can de-sysop himself but not other users.)

For example, this would give bureaucrats the ability to make sysops, but not remove them, and Sysops could de-sysop themselves:

$wgGroupPermissions['sysop'     ]['rc-use'              ] = true;
$wgGroupPermissions['sysop'     ]['rc-sr-sysop'         ] = true;
$wgGroupPermissions['bureaucrat']['rc-use'              ] = true;
$wgGroupPermissions['bureaucrat']['rc-mk-sysop'         ] = true;

Which brings me to the code which the staff will probably use here. This set of permissions gives bureaucrats the ability to view the form and use it to make and revoke the rollback permission, and to give the sysop and bureaucrat permissions, but not revoke them. (Note that if you have the ability to revoke something but not grant it, or vice versa, the system will notify you in the confirmation that this is a one-way action.) And it allows staff to grant and revoke all the flags that I have seen listed on Special:Listusers, so to the staff it should look much like Special:Userrights, though I would note that unlike userrights, you are always prompted before making a change, you are notified of exactly what permissions you are changing, you are notified of one-way changes, you can't change permissions you don't have the permissions to change, and also instead of being sent back to nothing after making an action you see the rights form again which kinda tells you what the new settings are.

$wgGroupPermissions['bureaucrat']['rc-use'              ] = true;
$wgGroupPermissions['bureaucrat']['rc-mk-rollback'      ] = true;
$wgGroupPermissions['bureaucrat']['rc-de-rollback'      ] = true;
$wgGroupPermissions['bureaucrat']['rc-mk-sysop'         ] = true;
$wgGroupPermissions['bureaucrat']['rc-mk-bureaucrat'    ] = true;