aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorAdam Frisby2007-10-21 22:15:41 +0000
committerAdam Frisby2007-10-21 22:15:41 +0000
commit7f2ec02802cabc98e93ac872999933b6e5be48e5 (patch)
tree9a3fd985e02939a090fdf4ffaa9e7b1af25a8173
parentfix line ending mixing. Probably should put some (diff)
downloadopensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.zip
opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.tar.gz
opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.tar.bz2
opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.tar.xz
* Disabled TCP Remoting Channel Security for InterRegion communication, as it appears we are not implementing this correctly. (need to set up certificates first)
* Documented ACL class
-rw-r--r--OpenSim/Framework/General/PolicyManager/ACL.cs480
-rw-r--r--OpenSim/Region/Communications/OGS1/OGS1GridServices.cs2
-rw-r--r--OpenSim/Region/Environment/PermissionManager.cs653
3 files changed, 585 insertions, 550 deletions
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs
index 53c1b2d..8dffe7b 100644
--- a/OpenSim/Framework/General/PolicyManager/ACL.cs
+++ b/OpenSim/Framework/General/PolicyManager/ACL.cs
@@ -1,223 +1,257 @@
1using System; 1/*
2using System.Collections.Generic; 2* Copyright (c) Contributors, http://opensimulator.org/
3using System.Text; 3* See CONTRIBUTORS.TXT for a full list of copyright holders.
4 4*
5namespace OpenSim.Framework.PolicyManager 5* Redistribution and use in source and binary forms, with or without
6{ 6* modification, are permitted provided that the following conditions are met:
7 #region ACL Core Class 7* * Redistributions of source code must retain the above copyright
8 /// <summary> 8* notice, this list of conditions and the following disclaimer.
9 /// Access Control List Engine 9* * Redistributions in binary form must reproduce the above copyright
10 /// </summary> 10* notice, this list of conditions and the following disclaimer in the
11 public class ACL 11* documentation and/or other materials provided with the distribution.
12 { 12* * Neither the name of the OpenSim Project nor the
13 Dictionary<string, Role> Roles = new Dictionary<string, Role>(); 13* names of its contributors may be used to endorse or promote products
14 Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); 14* derived from this software without specific prior written permission.
15 15*
16 public ACL AddRole(Role role) 16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY
17 { 17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 if (Roles.ContainsKey(role.Name)) 18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 throw new AlreadyContainsRoleException(role); 19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20 20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 Roles.Add(role.Name, role); 21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 return this; 23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 } 24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 public ACL AddResource(Resource resource) 26*
27 { 27*/
28 Resources.Add(resource.Name, resource); 28using System;
29 29using System.Collections.Generic;
30 return this; 30using System.Text;
31 } 31
32 32namespace OpenSim.Framework.PolicyManager
33 public Permission HasPermission(string role, string resource) 33{
34 { 34 // ACL Class
35 if (!Roles.ContainsKey(role)) 35 // Modelled after the structure of the Zend ACL Framework Library
36 throw new KeyNotFoundException(); 36 // with one key difference - the tree will search for all matching
37 37 // permissions rather than just the first. Deny permissions will
38 if (!Resources.ContainsKey(resource)) 38 // override all others.
39 throw new KeyNotFoundException(); 39
40 40
41 return Roles[role].RequestPermission(resource); 41 #region ACL Core Class
42 } 42 /// <summary>
43 43 /// Access Control List Engine
44 public ACL GrantPermission(string role, string resource) 44 /// </summary>
45 { 45 public class ACL
46 if (!Roles.ContainsKey(role)) 46 {
47 throw new KeyNotFoundException(); 47 Dictionary<string, Role> Roles = new Dictionary<string, Role>();
48 48 Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
49 if (!Resources.ContainsKey(resource)) 49
50 throw new KeyNotFoundException(); 50 public ACL AddRole(Role role)
51 51 {
52 Roles[role].GivePermission(resource, Permission.Allow); 52 if (Roles.ContainsKey(role.Name))
53 53 throw new AlreadyContainsRoleException(role);
54 return this; 54
55 } 55 Roles.Add(role.Name, role);
56 56
57 public ACL DenyPermission(string role, string resource) 57 return this;
58 { 58 }
59 if (!Roles.ContainsKey(role)) 59
60 throw new KeyNotFoundException(); 60 public ACL AddResource(Resource resource)
61 61 {
62 if (!Resources.ContainsKey(resource)) 62 Resources.Add(resource.Name, resource);
63 throw new KeyNotFoundException(); 63
64 64 return this;
65 Roles[role].GivePermission(resource, Permission.Deny); 65 }
66 66
67 return this; 67 public Permission HasPermission(string role, string resource)
68 } 68 {
69 69 if (!Roles.ContainsKey(role))
70 public ACL ResetPermission(string role, string resource) 70 throw new KeyNotFoundException();
71 { 71
72 if (!Roles.ContainsKey(role)) 72 if (!Resources.ContainsKey(resource))
73 throw new KeyNotFoundException(); 73 throw new KeyNotFoundException();
74 74
75 if (!Resources.ContainsKey(resource)) 75 return Roles[role].RequestPermission(resource);
76 throw new KeyNotFoundException(); 76 }
77 77
78 Roles[role].GivePermission(resource, Permission.None); 78 public ACL GrantPermission(string role, string resource)
79 79 {
80 return this; 80 if (!Roles.ContainsKey(role))
81 } 81 throw new KeyNotFoundException();
82 } 82
83 #endregion 83 if (!Resources.ContainsKey(resource))
84 84 throw new KeyNotFoundException();
85 #region Exceptions 85
86 /// <summary> 86 Roles[role].GivePermission(resource, Permission.Allow);
87 /// Thrown when an ACL attempts to add a duplicate role. 87
88 /// </summary> 88 return this;
89 public class AlreadyContainsRoleException : Exception 89 }
90 { 90
91 protected Role m_role; 91 public ACL DenyPermission(string role, string resource)
92 92 {
93 public Role ErrorRole 93 if (!Roles.ContainsKey(role))
94 { 94 throw new KeyNotFoundException();
95 get { return m_role; } 95
96 } 96 if (!Resources.ContainsKey(resource))
97 97 throw new KeyNotFoundException();
98 public AlreadyContainsRoleException(Role role) 98
99 { 99 Roles[role].GivePermission(resource, Permission.Deny);
100 m_role = role; 100
101 } 101 return this;
102 102 }
103 public override string ToString() 103
104 { 104 public ACL ResetPermission(string role, string resource)
105 return "This ACL already contains a role called '" + m_role.Name + "'."; 105 {
106 } 106 if (!Roles.ContainsKey(role))
107 } 107 throw new KeyNotFoundException();
108 #endregion 108
109 109 if (!Resources.ContainsKey(resource))
110 #region Roles and Resources 110 throw new KeyNotFoundException();
111 111
112 /// <summary> 112 Roles[role].GivePermission(resource, Permission.None);
113 /// Does this Role have permission to access a specified Resource? 113
114 /// </summary> 114 return this;
115 public enum Permission { Deny, None, Allow }; 115 }
116 116 }
117 /// <summary> 117 #endregion
118 /// A role class, for use with Users or Groups 118
119 /// </summary> 119 #region Exceptions
120 public class Role 120 /// <summary>
121 { 121 /// Thrown when an ACL attempts to add a duplicate role.
122 private string m_name; 122 /// </summary>
123 private Role[] m_parents; 123 public class AlreadyContainsRoleException : Exception
124 private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); 124 {
125 125 protected Role m_role;
126 public string Name 126
127 { 127 public Role ErrorRole
128 get { return m_name; } 128 {
129 } 129 get { return m_role; }
130 130 }
131 public Permission RequestPermission(string resource) 131
132 { 132 public AlreadyContainsRoleException(Role role)
133 return RequestPermission(resource, Permission.None); 133 {
134 } 134 m_role = role;
135 135 }
136 public Permission RequestPermission(string resource, Permission current) 136
137 { 137 public override string ToString()
138 // Deny permissions always override any others 138 {
139 if (current == Permission.Deny) 139 return "This ACL already contains a role called '" + m_role.Name + "'.";
140 return current; 140 }
141 141 }
142 Permission temp = Permission.None; 142 #endregion
143 143
144 // Pickup non-None permissions 144 #region Roles and Resources
145 if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) 145
146 temp = m_resources[resource]; 146 /// <summary>
147 147 /// Does this Role have permission to access a specified Resource?
148 if (m_parents != null) 148 /// </summary>
149 { 149 public enum Permission { Deny, None, Allow };
150 foreach (Role parent in m_parents) 150
151 { 151 /// <summary>
152 temp = parent.RequestPermission(resource, temp); 152 /// A role class, for use with Users or Groups
153 } 153 /// </summary>
154 } 154 public class Role
155 155 {
156 return temp; 156 private string m_name;
157 } 157 private Role[] m_parents;
158 158 private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
159 public void GivePermission(string resource, Permission perm) 159
160 { 160 public string Name
161 m_resources[resource] = perm; 161 {
162 } 162 get { return m_name; }
163 163 }
164 public Role(string name) 164
165 { 165 public Permission RequestPermission(string resource)
166 m_name = name; 166 {
167 m_parents = null; 167 return RequestPermission(resource, Permission.None);
168 } 168 }
169 169
170 public Role(string name, Role[] parents) 170 public Permission RequestPermission(string resource, Permission current)
171 { 171 {
172 m_name = name; 172 // Deny permissions always override any others
173 m_parents = parents; 173 if (current == Permission.Deny)
174 } 174 return current;
175 } 175
176 176 Permission temp = Permission.None;
177 public class Resource 177
178 { 178 // Pickup non-None permissions
179 private string m_name; 179 if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
180 180 temp = m_resources[resource];
181 public string Name 181
182 { 182 if (m_parents != null)
183 get { return m_name; } 183 {
184 } 184 foreach (Role parent in m_parents)
185 185 {
186 public Resource(string name) 186 temp = parent.RequestPermission(resource, temp);
187 { 187 }
188 m_name = name; 188 }
189 } 189
190 } 190 return temp;
191 191 }
192 #endregion 192
193 193 public void GivePermission(string resource, Permission perm)
194 #region Tests 194 {
195 195 m_resources[resource] = perm;
196 class ACLTester 196 }
197 { 197
198 public ACLTester() 198 public Role(string name)
199 { 199 {
200 ACL acl = new ACL(); 200 m_name = name;
201 201 m_parents = null;
202 Role Guests = new Role("Guests"); 202 }
203 acl.AddRole(Guests); 203
204 204 public Role(string name, Role[] parents)
205 Role[] parents = new Role[0]; 205 {
206 parents[0] = Guests; 206 m_name = name;
207 207 m_parents = parents;
208 Role JoeGuest = new Role("JoeGuest", parents); 208 }
209 acl.AddRole(JoeGuest); 209 }
210 210
211 Resource CanBuild = new Resource("CanBuild"); 211 public class Resource
212 acl.AddResource(CanBuild); 212 {
213 213 private string m_name;
214 214
215 acl.GrantPermission("Guests", "CanBuild"); 215 public string Name
216 216 {
217 acl.HasPermission("JoeGuest", "CanBuild"); 217 get { return m_name; }
218 218 }
219 } 219
220 } 220 public Resource(string name)
221 221 {
222 #endregion 222 m_name = name;
223} 223 }
224 }
225
226 #endregion
227
228 #region Tests
229
230 class ACLTester
231 {
232 public ACLTester()
233 {
234 ACL acl = new ACL();
235
236 Role Guests = new Role("Guests");
237 acl.AddRole(Guests);
238
239 Role[] parents = new Role[0];
240 parents[0] = Guests;
241
242 Role JoeGuest = new Role("JoeGuest", parents);
243 acl.AddRole(JoeGuest);
244
245 Resource CanBuild = new Resource("CanBuild");
246 acl.AddResource(CanBuild);
247
248
249 acl.GrantPermission("Guests", "CanBuild");
250
251 acl.HasPermission("JoeGuest", "CanBuild");
252
253 }
254 }
255
256 #endregion
257}
diff --git a/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs b/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs
index 1a9584a..cc56078 100644
--- a/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs
+++ b/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs
@@ -327,7 +327,7 @@ namespace OpenSim.Region.Communications.OGS1
327 private void StartRemoting() 327 private void StartRemoting()
328 { 328 {
329 TcpChannel ch = new TcpChannel(this.serversInfo.RemotingListenerPort); 329 TcpChannel ch = new TcpChannel(this.serversInfo.RemotingListenerPort);
330 ChannelServices.RegisterChannel(ch, true); 330 ChannelServices.RegisterChannel(ch, false); // Disabled security as Mono doesnt support this.
331 331
332 WellKnownServiceTypeEntry wellType = new WellKnownServiceTypeEntry(typeof(OGS1InterRegionRemoting), "InterRegions", WellKnownObjectMode.Singleton); 332 WellKnownServiceTypeEntry wellType = new WellKnownServiceTypeEntry(typeof(OGS1InterRegionRemoting), "InterRegions", WellKnownObjectMode.Singleton);
333 RemotingConfiguration.RegisterWellKnownServiceType(wellType); 333 RemotingConfiguration.RegisterWellKnownServiceType(wellType);
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs
index d32ac0b..c40012d 100644
--- a/OpenSim/Region/Environment/PermissionManager.cs
+++ b/OpenSim/Region/Environment/PermissionManager.cs
@@ -1,327 +1,328 @@
1/* 1/*
2* Copyright (c) Contributors, http://opensimulator.org/ 2* Copyright (c) Contributors, http://opensimulator.org/
3* See CONTRIBUTORS.TXT for a full list of copyright holders. 3* See CONTRIBUTORS.TXT for a full list of copyright holders.
4* 4*
5* Redistribution and use in source and binary forms, with or without 5* Redistribution and use in source and binary forms, with or without
6* modification, are permitted provided that the following conditions are met: 6* modification, are permitted provided that the following conditions are met:
7* * Redistributions of source code must retain the above copyright 7* * Redistributions of source code must retain the above copyright
8* notice, this list of conditions and the following disclaimer. 8* notice, this list of conditions and the following disclaimer.
9* * Redistributions in binary form must reproduce the above copyright 9* * Redistributions in binary form must reproduce the above copyright
10* notice, this list of conditions and the following disclaimer in the 10* notice, this list of conditions and the following disclaimer in the
11* documentation and/or other materials provided with the distribution. 11* documentation and/or other materials provided with the distribution.
12* * Neither the name of the OpenSim Project nor the 12* * Neither the name of the OpenSim Project nor the
13* names of its contributors may be used to endorse or promote products 13* names of its contributors may be used to endorse or promote products
14* derived from this software without specific prior written permission. 14* derived from this software without specific prior written permission.
15* 15*
16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY 16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY
17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY 19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26* 26*
27*/ 27*/
28 28
29using libsecondlife; 29using libsecondlife;
30using OpenSim.Region.Environment.LandManagement; 30using OpenSim.Region.Environment.LandManagement;
31using OpenSim.Region.Environment.Scenes; 31using OpenSim.Region.Environment.Scenes;
32 32using OpenSim.Framework.PolicyManager;
33namespace OpenSim.Region.Environment 33
34{ 34namespace OpenSim.Region.Environment
35 public class PermissionManager 35{
36 { 36 public class PermissionManager
37 protected Scene m_scene; 37 {
38 38 protected Scene m_scene;
39 // Bypasses the permissions engine (always returns OK) 39
40 // disable in any production environment 40 // Bypasses the permissions engine (always returns OK)
41 // TODO: Change this to false when permissions are a desired default 41 // disable in any production environment
42 // TODO: Move to configuration option. 42 // TODO: Change this to false when permissions are a desired default
43 private bool m_bypassPermissions = true; 43 // TODO: Move to configuration option.
44 44 private bool m_bypassPermissions = true;
45 public bool BypassPermissions 45
46 { 46 public bool BypassPermissions
47 get { return m_bypassPermissions; } 47 {
48 set { m_bypassPermissions = value; } 48 get { return m_bypassPermissions; }
49 } 49 set { m_bypassPermissions = value; }
50 50 }
51 51
52 public PermissionManager(Scene scene) 52
53 { 53 public PermissionManager(Scene scene)
54 m_scene = scene; 54 {
55 } 55 m_scene = scene;
56 56 }
57 protected virtual void SendPermissionError(LLUUID user, string reason) 57
58 { 58 protected virtual void SendPermissionError(LLUUID user, string reason)
59 m_scene.EventManager.TriggerPermissionError(user, reason); 59 {
60 } 60 m_scene.EventManager.TriggerPermissionError(user, reason);
61 61 }
62 protected virtual bool IsAdministrator(LLUUID user) 62
63 { 63 protected virtual bool IsAdministrator(LLUUID user)
64 if (m_bypassPermissions) 64 {
65 { 65 if (m_bypassPermissions)
66 return true; 66 {
67 } 67 return true;
68 68 }
69 return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; 69
70 } 70 return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
71 71 }
72 protected virtual bool IsEstateManager(LLUUID user) 72
73 { 73 protected virtual bool IsEstateManager(LLUUID user)
74 if (m_bypassPermissions) 74 {
75 { 75 if (m_bypassPermissions)
76 return true; 76 {
77 } 77 return true;
78 78 }
79 return false; 79
80 } 80 return false;
81 81 }
82 protected virtual bool IsGridUser(LLUUID user) 82
83 { 83 protected virtual bool IsGridUser(LLUUID user)
84 return true; 84 {
85 } 85 return true;
86 86 }
87 protected virtual bool IsGuest(LLUUID user) 87
88 { 88 protected virtual bool IsGuest(LLUUID user)
89 return false; 89 {
90 } 90 return false;
91 91 }
92 public virtual bool CanRezObject(LLUUID user, LLVector3 position) 92
93 { 93 public virtual bool CanRezObject(LLUUID user, LLVector3 position)
94 bool permission = false; 94 {
95 95 bool permission = false;
96 string reason = "Insufficient permission"; 96
97 97 string reason = "Insufficient permission";
98 if (IsAdministrator(user)) 98
99 { 99 if (IsAdministrator(user))
100 permission = true; 100 {
101 } 101 permission = true;
102 else 102 }
103 { 103 else
104 reason = "Not an administrator"; 104 {
105 } 105 reason = "Not an administrator";
106 106 }
107 if (GenericParcelPermission(user, position)) 107
108 { 108 if (GenericParcelPermission(user, position))
109 permission = true; 109 {
110 } 110 permission = true;
111 else 111 }
112 { 112 else
113 reason = "Not the parcel owner"; 113 {
114 } 114 reason = "Not the parcel owner";
115 115 }
116 if (!permission) 116
117 SendPermissionError(user, reason); 117 if (!permission)
118 118 SendPermissionError(user, reason);
119 return permission; 119
120 } 120 return permission;
121 121 }
122 #region Object Permissions 122
123 123 #region Object Permissions
124 protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId) 124
125 { 125 protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId)
126 // Default: deny 126 {
127 bool permission = false; 127 // Default: deny
128 128 bool permission = false;
129 if (!m_scene.Entities.ContainsKey(objId)) 129
130 { 130 if (!m_scene.Entities.ContainsKey(objId))
131 return false; 131 {
132 } 132 return false;
133 133 }
134 // If it's not an object, we cant edit it. 134
135 if (!(m_scene.Entities[objId] is SceneObjectGroup)) 135 // If it's not an object, we cant edit it.
136 { 136 if (!(m_scene.Entities[objId] is SceneObjectGroup))
137 return false; 137 {
138 } 138 return false;
139 139 }
140 SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId]; 140
141 LLUUID taskOwner = null; 141 SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId];
142 142 LLUUID taskOwner = null;
143 // Object owners should be able to edit their own content 143
144 if (user == taskOwner) 144 // Object owners should be able to edit their own content
145 permission = true; 145 if (user == taskOwner)
146 146 permission = true;
147 // Users should be able to edit what is over their land. 147
148 if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID == 148 // Users should be able to edit what is over their land.
149 user) 149 if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID ==
150 permission = true; 150 user)
151 151 permission = true;
152 // Estate users should be able to edit anything in the sim 152
153 if (IsEstateManager(user)) 153 // Estate users should be able to edit anything in the sim
154 permission = true; 154 if (IsEstateManager(user))
155 155 permission = true;
156 // Admin objects should not be editable by the above 156
157 if (IsAdministrator(taskOwner)) 157 // Admin objects should not be editable by the above
158 permission = false; 158 if (IsAdministrator(taskOwner))
159 159 permission = false;
160 // Admin should be able to edit anything in the sim (including admin objects) 160
161 if (IsAdministrator(user)) 161 // Admin should be able to edit anything in the sim (including admin objects)
162 permission = true; 162 if (IsAdministrator(user))
163 163 permission = true;
164 return permission; 164
165 } 165 return permission;
166 166 }
167 /// <summary> 167
168 /// Permissions check - can user delete an object? 168 /// <summary>
169 /// </summary> 169 /// Permissions check - can user delete an object?
170 /// <param name="user">User attempting the delete</param> 170 /// </summary>
171 /// <param name="obj">Target object</param> 171 /// <param name="user">User attempting the delete</param>
172 /// <returns>Has permission?</returns> 172 /// <param name="obj">Target object</param>
173 public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) 173 /// <returns>Has permission?</returns>
174 { 174 public virtual bool CanDeRezObject(LLUUID user, LLUUID obj)
175 return GenericObjectPermission(user, obj); 175 {
176 } 176 return GenericObjectPermission(user, obj);
177 177 }
178 public virtual bool CanEditObject(LLUUID user, LLUUID obj) 178
179 { 179 public virtual bool CanEditObject(LLUUID user, LLUUID obj)
180 return GenericObjectPermission(user, obj); 180 {
181 } 181 return GenericObjectPermission(user, obj);
182 182 }
183 public virtual bool CanReturnObject(LLUUID user, LLUUID obj) 183
184 { 184 public virtual bool CanReturnObject(LLUUID user, LLUUID obj)
185 return GenericObjectPermission(user, obj); 185 {
186 } 186 return GenericObjectPermission(user, obj);
187 187 }
188 #endregion 188
189 189 #endregion
190 #region Communication Permissions 190
191 191 #region Communication Permissions
192 public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) 192
193 { 193 public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target)
194 bool permission = false; 194 {
195 string reason = "Only registered users may communicate with another account."; 195 bool permission = false;
196 196 string reason = "Only registered users may communicate with another account.";
197 if (IsGridUser(user)) 197
198 permission = true; 198 if (IsGridUser(user))
199 199 permission = true;
200 if (!IsGridUser(user)) 200
201 { 201 if (!IsGridUser(user))
202 permission = false; 202 {
203 reason = "The person that you are messaging is not a registered user."; 203 permission = false;
204 } 204 reason = "The person that you are messaging is not a registered user.";
205 if (IsAdministrator(user)) 205 }
206 permission = true; 206 if (IsAdministrator(user))
207 207 permission = true;
208 if (IsEstateManager(user)) 208
209 permission = true; 209 if (IsEstateManager(user))
210 210 permission = true;
211 if (!permission) 211
212 SendPermissionError(user, reason); 212 if (!permission)
213 213 SendPermissionError(user, reason);
214 return permission; 214
215 } 215 return permission;
216 216 }
217 public virtual bool CanInstantMessage(LLUUID user, LLUUID target) 217
218 { 218 public virtual bool CanInstantMessage(LLUUID user, LLUUID target)
219 return GenericCommunicationPermission(user, target); 219 {
220 } 220 return GenericCommunicationPermission(user, target);
221 221 }
222 public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) 222
223 { 223 public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target)
224 return GenericCommunicationPermission(user, target); 224 {
225 } 225 return GenericCommunicationPermission(user, target);
226 226 }
227 #endregion 227
228 228 #endregion
229 public virtual bool CanEditScript(LLUUID user, LLUUID script) 229
230 { 230 public virtual bool CanEditScript(LLUUID user, LLUUID script)
231 return IsAdministrator(user); 231 {
232 } 232 return IsAdministrator(user);
233 233 }
234 public virtual bool CanRunScript(LLUUID user, LLUUID script) 234
235 { 235 public virtual bool CanRunScript(LLUUID user, LLUUID script)
236 return IsAdministrator(user); 236 {
237 } 237 return IsAdministrator(user);
238 238 }
239 public virtual bool CanTerraform(LLUUID user, LLVector3 position) 239
240 { 240 public virtual bool CanTerraform(LLUUID user, LLVector3 position)
241 bool permission = false; 241 {
242 242 bool permission = false;
243 // Estate override 243
244 if (GenericEstatePermission(user)) 244 // Estate override
245 permission = true; 245 if (GenericEstatePermission(user))
246 246 permission = true;
247 // Land owner can terraform too 247
248 if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) 248 // Land owner can terraform too
249 permission = true; 249 if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y)))
250 250 permission = true;
251 if (!permission) 251
252 SendPermissionError(user, "Not authorized to terraform at this location."); 252 if (!permission)
253 253 SendPermissionError(user, "Not authorized to terraform at this location.");
254 return permission; 254
255 } 255 return permission;
256 256 }
257 #region Estate Permissions 257
258 258 #region Estate Permissions
259 protected virtual bool GenericEstatePermission(LLUUID user) 259
260 { 260 protected virtual bool GenericEstatePermission(LLUUID user)
261 // Default: deny 261 {
262 bool permission = false; 262 // Default: deny
263 263 bool permission = false;
264 // Estate admins should be able to use estate tools 264
265 if (IsEstateManager(user)) 265 // Estate admins should be able to use estate tools
266 permission = true; 266 if (IsEstateManager(user))
267 267 permission = true;
268 // Administrators always have permission 268
269 if (IsAdministrator(user)) 269 // Administrators always have permission
270 permission = true; 270 if (IsAdministrator(user))
271 271 permission = true;
272 return permission; 272
273 } 273 return permission;
274 274 }
275 public virtual bool CanEditEstateTerrain(LLUUID user) 275
276 { 276 public virtual bool CanEditEstateTerrain(LLUUID user)
277 return GenericEstatePermission(user); 277 {
278 } 278 return GenericEstatePermission(user);
279 279 }
280 #endregion 280
281 281 #endregion
282 #region Parcel Permissions 282
283 283 #region Parcel Permissions
284 protected virtual bool GenericParcelPermission(LLUUID user, Land parcel) 284
285 { 285 protected virtual bool GenericParcelPermission(LLUUID user, Land parcel)
286 bool permission = false; 286 {
287 287 bool permission = false;
288 if (parcel.landData.ownerID == user) 288
289 permission = true; 289 if (parcel.landData.ownerID == user)
290 290 permission = true;
291 if (parcel.landData.isGroupOwned) 291
292 { 292 if (parcel.landData.isGroupOwned)
293 // TODO: Need to do some extra checks here. Requires group code. 293 {
294 } 294 // TODO: Need to do some extra checks here. Requires group code.
295 295 }
296 if (IsEstateManager(user)) 296
297 permission = true; 297 if (IsEstateManager(user))
298 298 permission = true;
299 if (IsAdministrator(user)) 299
300 permission = true; 300 if (IsAdministrator(user))
301 301 permission = true;
302 return permission; 302
303 } 303 return permission;
304 304 }
305 protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) 305
306 { 306 protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
307 return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); 307 {
308 } 308 return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y));
309 309 }
310 public virtual bool CanEditParcel(LLUUID user, Land parcel) 310
311 { 311 public virtual bool CanEditParcel(LLUUID user, Land parcel)
312 return GenericParcelPermission(user, parcel); 312 {
313 } 313 return GenericParcelPermission(user, parcel);
314 314 }
315 public virtual bool CanSellParcel(LLUUID user, Land parcel) 315
316 { 316 public virtual bool CanSellParcel(LLUUID user, Land parcel)
317 return GenericParcelPermission(user, parcel); 317 {
318 } 318 return GenericParcelPermission(user, parcel);
319 319 }
320 public virtual bool CanAbandonParcel(LLUUID user, Land parcel) 320
321 { 321 public virtual bool CanAbandonParcel(LLUUID user, Land parcel)
322 return GenericParcelPermission(user, parcel); 322 {
323 } 323 return GenericParcelPermission(user, parcel);
324 324 }
325 #endregion 325
326 } 326 #endregion
327} 327 }
328}