Author: mike.lifeguard+bugs
Description:
To force stewards to make global group changes only from Meta instead of any wiki, please change the code to allow assigning 'globalgrouppermissions' as a local steward right instead of a global one. Currently it is forced to be a global right. This may be due to security concerns of which I am unaware, however stewards can now make changes to global group membership from anywhere, but they should only be made on Meta.
/extensions/CentralAuth/SpecialGlobalGroupPermissions.php
42 ## Permission MUST be gained from global rights.
43 return $globalUser->hasGlobalPermission( 'globalgrouppermissions' );
As well, the same for 'globalgroupmembership' and whatever the "edit wiki sets" right is called (I forget) if they are forced to be global rights as well (I couldn't immediately tell from the source code) for the same reason - membership in global groups should be changed and changing wiki sets should be done only from Meta.
Version: unspecified
Severity: enhancement
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=29435
https://bugzilla.wikimedia.org/show_bug.cgi?id=43916