I am currently trying to use this with OAuth connection. The user which the OAuth belong to is an admin user. I've tested other API functions as editpage which just work but whatever I do, I always receive the response of that my "user" doesn't seem to have the rights to edit another users group. I've tried changing the OAuth permissions to all and I've noticed in identify that my OAuth connection does have the userright permission.
Testuser is a user with zero group connections.
$userEditToken = json_decode($client->makeOAuthCall($accessToken,$apiUrl . "?action=query&format=json&meta=tokens&type=userrights"))->query->tokens->userrightstoken;
$userInfo = $client->makeOAuthCall(
$accessToken,
$apiUrl,
true,
[
"action" => "userrights",
"format" => "json",
"user" => "Testuser",
"add" => "bureaucrat",
"token" => $userEditToken,
]
);
The response is
string(67) "{"userrights":{"user":"Testuser","userid":5,"added":[],"removed":[]}}"
Which seems to indicate that my OAuth application doesn't have the permissions to change that user even though identify returns the permission "userrights".
Am I missing something?