User:Huji/Protection
This page contains the ideas we (I and IAlex) have about how to improve Page Protection feature.
- The phrases 'edit' and 'move' are hard coded in some parts, such as Title::isProtected() and Skin::makeGlobalVariablesScript() while they should be changed to the equivallent item from $wgRestrictionTypes array.
- Some of them (all?) done in r31555.
- The newly added permssion, 'editprotected' , should be implemented in its correct and secure way, to allow different groups of users to edit a protected page without having the right to protecte pages.
- Care should be given to the fact that users with 'editprotected' permission who don't have 'protect' permission shouldn't be allowed to edit a page which is protected with cascading option on; otherwise, they can transculde a second page and actually protect it, without having the right to protect pages.
- Fixed with r32164
- An appropriate error message should be shown when the above senario happens, so the user with 'editprotected' permission would know why he can't edit/save the page.
- Fixed with r32164 - The same message was reused!
- Care should be given to the fact that users with 'editprotected' permission who don't have 'protect' permission shouldn't be allowed to edit a page which is protected with cascading option on; otherwise, they can transculde a second page and actually protect it, without having the right to protect pages.
- The whole protection code should be rewritten in some parts; it still looks like it is treating "groups" rather than "rights".
- The phrase 'sysop' is hardcoded in some places (including documentation) which can be (?) replaced with a better word
- (As we ended up with some nested IF clauses in our preliminary patches, we think that perhaps) some conditional clauses can be moved to a separate method, instead of being hard-coded over and over again.