aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorMelanie Thielker2009-06-09 08:15:34 +0000
committerMelanie Thielker2009-06-09 08:15:34 +0000
commit9c726fb178ce329e44fca9bca79a858f8a9ff4ae (patch)
tree042d781206ca828c44df463446e801c29e724dd8
parentFrom: Alan Webb <alan_webb@us.ibm.com> (diff)
downloadopensim-SC-9c726fb178ce329e44fca9bca79a858f8a9ff4ae.zip
opensim-SC-9c726fb178ce329e44fca9bca79a858f8a9ff4ae.tar.gz
opensim-SC-9c726fb178ce329e44fca9bca79a858f8a9ff4ae.tar.bz2
opensim-SC-9c726fb178ce329e44fca9bca79a858f8a9ff4ae.tar.xz
Thank you Snoopy, for a patch that implements group permissions.
Applied with changes: - removed spammy debug message - corrected tab formatting
-rw-r--r--OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs377
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.Inventory.cs27
2 files changed, 264 insertions, 140 deletions
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
index 9298380..036c4b8 100644
--- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
@@ -36,6 +36,56 @@ using OpenSim.Framework.Communications.Cache;
36using OpenSim.Region.Framework.Interfaces; 36using OpenSim.Region.Framework.Interfaces;
37using OpenSim.Region.Framework.Scenes; 37using OpenSim.Region.Framework.Scenes;
38 38
39// Temporary fix of wrong GroupPowers constants in OpenMetaverse library
40enum GroupPowers : long
41 {
42 None = 0,
43 LandEjectAndFreeze = 1,
44 Invite = 2,
45 ReturnGroupSet = 2,
46 Eject = 4,
47 ReturnNonGroup = 4,
48 ChangeOptions = 8,
49 LandGardening = 8,
50 CreateRole = 16,
51 DeedObject = 16,
52 ModerateChat = 32,
53 DeleteRole = 32,
54 RoleProperties = 64,
55 ObjectManipulate = 64,
56 ObjectSetForSale = 128,
57 AssignMemberLimited = 128,
58 AssignMember = 256,
59 Accountable = 256,
60 RemoveMember = 512,
61 SendNotices = 1024,
62 ChangeActions = 1024,
63 ChangeIdentity = 2048,
64 ReceiveNotices = 2048,
65 StartProposal = 4096,
66 LandDeed = 4096,
67 VoteOnProposal = 8192,
68 LandRelease = 8192,
69 LandSetSale = 16384,
70 LandDivideJoin = 32768,
71 ReturnGroupOwned = 65536,
72 JoinChat = 65536,
73 FindPlaces = 131072,
74 LandChangeIdentity = 262144,
75 SetLandingPoint = 524288,
76 ChangeMedia = 1048576,
77 LandEdit = 2097152,
78 LandOptions = 4194304,
79 AllowEditLand = 8388608,
80 AllowFly = 16777216,
81 AllowRez = 33554432,
82 AllowLandmark = 67108864,
83 AllowVoiceChat = 134217728,
84 AllowSetHome = 268435456,
85 LandManageAllowed = 536870912,
86 LandManageBanned = 1073741824
87 }
88
39namespace OpenSim.Region.CoreModules.World.Permissions 89namespace OpenSim.Region.CoreModules.World.Permissions
40{ 90{
41 public class PermissionsModule : IRegionModule 91 public class PermissionsModule : IRegionModule
@@ -62,7 +112,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
62 All, 112 All,
63 Administrators 113 Administrators
64 }; 114 };
65 115
66 #endregion 116 #endregion
67 117
68 #region Bypass Permissions / Debug Permissions Stuff 118 #region Bypass Permissions / Debug Permissions Stuff
@@ -192,38 +242,38 @@ namespace OpenSim.Region.CoreModules.World.Permissions
192 HandleDebugPermissions); 242 HandleDebugPermissions);
193 243
194 244
195 string grant = myConfig.GetString("GrantLSL",""); 245 string grant = myConfig.GetString("GrantLSL","");
196 if(grant.Length > 0) { 246 if(grant.Length > 0) {
197 foreach (string uuidl in grant.Split(',')) { 247 foreach (string uuidl in grant.Split(',')) {
198 string uuid = uuidl.Trim(" \t".ToCharArray()); 248 string uuid = uuidl.Trim(" \t".ToCharArray());
199 GrantLSL.Add(uuid, true); 249 GrantLSL.Add(uuid, true);
200 } 250 }
201 } 251 }
202 252
203 grant = myConfig.GetString("GrantCS",""); 253 grant = myConfig.GetString("GrantCS","");
204 if(grant.Length > 0) { 254 if(grant.Length > 0) {
205 foreach (string uuidl in grant.Split(',')) { 255 foreach (string uuidl in grant.Split(',')) {
206 string uuid = uuidl.Trim(" \t".ToCharArray()); 256 string uuid = uuidl.Trim(" \t".ToCharArray());
207 GrantCS.Add(uuid, true); 257 GrantCS.Add(uuid, true);
208 } 258 }
209 } 259 }
210 260
211 grant = myConfig.GetString("GrantVB",""); 261 grant = myConfig.GetString("GrantVB","");
212 if(grant.Length > 0) { 262 if(grant.Length > 0) {
213 foreach (string uuidl in grant.Split(',')) { 263 foreach (string uuidl in grant.Split(',')) {
214 string uuid = uuidl.Trim(" \t".ToCharArray()); 264 string uuid = uuidl.Trim(" \t".ToCharArray());
215 GrantVB.Add(uuid, true); 265 GrantVB.Add(uuid, true);
216 } 266 }
217 } 267 }
218 268
219 grant = myConfig.GetString("GrantJS",""); 269 grant = myConfig.GetString("GrantJS","");
220 if(grant.Length > 0) { 270 if(grant.Length > 0) {
221 foreach (string uuidl in grant.Split(',')) { 271 foreach (string uuidl in grant.Split(',')) {
222 string uuid = uuidl.Trim(" \t".ToCharArray()); 272 string uuid = uuidl.Trim(" \t".ToCharArray());
223 GrantJS.Add(uuid, true); 273 GrantJS.Add(uuid, true);
224 } 274 }
225 } 275 }
226 276
227 } 277 }
228 278
229 public void HandleBypassPermissions(string module, string[] args) 279 public void HandleBypassPermissions(string module, string[] args)
@@ -328,7 +378,17 @@ namespace OpenSim.Region.CoreModules.World.Permissions
328 if (m_debugPermissions) 378 if (m_debugPermissions)
329 m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); 379 m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
330 } 380 }
331 381
382 // Checks if the given group is active and if the user is a group member
383 // with the powers requested (powers = 0 for no powers check)
384 protected bool IsGroupMember(UUID groupID, UUID userID, ulong powers)
385 {
386 IClientAPI client = m_scene.GetScenePresence(userID).ControllingClient;
387
388 return ((groupID == client.ActiveGroupId) && (client.ActiveGroupPowers != 0) &&
389 ((powers == 0) || ((client.ActiveGroupPowers & powers) == powers)));
390 }
391
332 /// <summary> 392 /// <summary>
333 /// Parse a user set configuration setting 393 /// Parse a user set configuration setting
334 /// </summary> 394 /// </summary>
@@ -371,6 +431,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions
371 /// <returns></returns> 431 /// <returns></returns>
372 protected bool IsAdministrator(UUID user) 432 protected bool IsAdministrator(UUID user)
373 { 433 {
434 if (user == UUID.Zero) return false;
435
374 if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero) 436 if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero)
375 { 437 {
376 if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user)) 438 if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user))
@@ -391,10 +453,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
391 if (profile.UserProfile.GodLevel >= 200) 453 if (profile.UserProfile.GodLevel >= 200)
392 return true; 454 return true;
393 } 455 }
394 //else
395 //{
396 // m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for administrator check", user);
397 //}
398 } 456 }
399 457
400 return false; 458 return false;
@@ -402,6 +460,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions
402 460
403 protected bool IsEstateManager(UUID user) 461 protected bool IsEstateManager(UUID user)
404 { 462 {
463 if (user == UUID.Zero) return false;
464
405 return m_scene.RegionInfo.EstateSettings.IsEstateManager(user); 465 return m_scene.RegionInfo.EstateSettings.IsEstateManager(user);
406 } 466 }
407#endregion 467#endregion
@@ -473,57 +533,39 @@ namespace OpenSim.Region.CoreModules.World.Permissions
473 objectOwnerMask |= (uint)PrimFlags.ObjectYouOwner | (uint)PrimFlags.ObjectAnyOwner | (uint)PrimFlags.ObjectOwnerModify; 533 objectOwnerMask |= (uint)PrimFlags.ObjectYouOwner | (uint)PrimFlags.ObjectAnyOwner | (uint)PrimFlags.ObjectOwnerModify;
474 534
475 // Customize the GroupMask 535 // Customize the GroupMask
476 // uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags); 536 uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags);
477 537
478 // Customize the EveryoneMask 538 // Customize the EveryoneMask
479 uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); 539 uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags);
480 540
481
482 // Hack to allow collaboration until Groups and Group Permissions are implemented
483 if ((objectEveryoneMask & (uint)PrimFlags.ObjectMove) != 0)
484 objectEveryoneMask |= (uint)PrimFlags.ObjectModify;
485
486 if (m_bypassPermissions) 541 if (m_bypassPermissions)
487 return objectOwnerMask; 542 return objectOwnerMask;
488 543
489 // Object owners should be able to edit their own content 544 // Object owners should be able to edit their own content
490 if (user == objectOwner) 545 if (user == objectOwner)
491 {
492 return objectOwnerMask; 546 return objectOwnerMask;
493 }
494
495 //// Users should be able to edit what is over their land.
496 //ILandObject parcel = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
497 //if (parcel != null && parcel.landData.OwnerID == user && m_ParcelOwnerIsGod)
498 // return objectOwnerMask;
499
500 //// Admin objects should not be editable by the above
501 //if (IsAdministrator(objectOwner))
502 // return objectEveryoneMask;
503 547
504 // Estate users should be able to edit anything in the sim 548 // Estate users should be able to edit anything in the sim
505 if (IsEstateManager(user) && m_RegionOwnerIsGod && (!IsAdministrator(objectOwner))) 549 if (IsEstateManager(user) && m_RegionOwnerIsGod && !IsAdministrator(objectOwner))
506 return objectOwnerMask; 550 return objectOwnerMask;
507 551
508 // Admin should be able to edit anything in the sim (including admin objects) 552 // Admin should be able to edit anything in the sim (including admin objects)
509 if (IsAdministrator(user)) 553 if (IsAdministrator(user))
510 return objectOwnerMask; 554 return objectOwnerMask;
511 555
512 // Users should be able to edit what is over their land. 556 // Users should be able to edit what is over their land.
513 ILandObject parcel = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y); 557 ILandObject parcel = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
514 if (parcel != null && parcel.landData.OwnerID == user && m_ParcelOwnerIsGod) 558 if (parcel != null && parcel.landData.OwnerID == user && m_ParcelOwnerIsGod)
515 { 559 {
516 uint responseMask = objectOwnerMask;
517
518 // Admin objects should not be editable by the above 560 // Admin objects should not be editable by the above
519 if (IsAdministrator(objectOwner)) 561 if (!IsAdministrator(objectOwner))
520 { 562 return objectOwnerMask;
521 responseMask = objectEveryoneMask;
522 }
523
524 return responseMask;
525 } 563 }
526 564
565 // Group permissions
566 if ( ( task.GroupID != UUID.Zero) && IsGroupMember(task.GroupID, user, 0) )
567 return objectGroupMask;
568
527 return objectEveryoneMask; 569 return objectEveryoneMask;
528 } 570 }
529 571
@@ -607,6 +649,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
607 permission = false; 649 permission = false;
608 } 650 }
609 651
652 // Group members should be able to edit group objects
653 if ( (group.GroupID != UUID.Zero) && ((m_scene.GetSceneObjectPart(objId).GroupMask & (uint)PermissionMask.Modify) != 0) && IsGroupMember(group.GroupID, currentUser, 0) )
654 {
655 // Return immediately, so that the administrator can shares group objects
656 return true;
657 }
658
610 // Users should be able to edit what is over their land. 659 // Users should be able to edit what is over their land.
611 ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y); 660 ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y);
612 if ((parcel != null) && (parcel.landData.OwnerID == currentUser)) 661 if ((parcel != null) && (parcel.landData.OwnerID == currentUser))
@@ -673,7 +722,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
673 return permission; 722 return permission;
674 } 723 }
675 724
676 protected bool GenericParcelPermission(UUID user, ILandObject parcel) 725 protected bool GenericParcelPermission(UUID user, ILandObject parcel, ulong groupPowers)
677 { 726 {
678 bool permission = false; 727 bool permission = false;
679 728
@@ -682,9 +731,9 @@ namespace OpenSim.Region.CoreModules.World.Permissions
682 permission = true; 731 permission = true;
683 } 732 }
684 733
685 if (parcel.landData.IsGroupOwned) 734 if( ( parcel.landData.GroupID != UUID.Zero) && IsGroupMember(parcel.landData.GroupID, user, groupPowers) )
686 { 735 {
687 // TODO: Need to do some extra checks here. Requires group code. 736 permission = true;
688 } 737 }
689 738
690 if (IsEstateManager(user)) 739 if (IsEstateManager(user))
@@ -699,12 +748,39 @@ namespace OpenSim.Region.CoreModules.World.Permissions
699 748
700 return permission; 749 return permission;
701 } 750 }
751
752 protected bool GenericParcelOwnerPermission(UUID user, ILandObject parcel, ulong groupPowers)
753 {
754 bool permission = false;
755
756 if (parcel.landData.OwnerID == user)
757 {
758 permission = true;
759 }
760
761 if( parcel.landData.IsGroupOwned && IsGroupMember(parcel.landData.GroupID, user, groupPowers) )
762 {
763 permission = true;
764 }
765
766 if (IsEstateManager(user))
767 {
768 permission = true;
769 }
702 770
703 protected bool GenericParcelPermission(UUID user, Vector3 pos) 771 if (IsAdministrator(user))
772 {
773 permission = true;
774 }
775
776 return permission;
777 }
778
779 protected bool GenericParcelPermission(UUID user, Vector3 pos, ulong groupPowers)
704 { 780 {
705 ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y); 781 ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
706 if (parcel == null) return false; 782 if (parcel == null) return false;
707 return GenericParcelPermission(user, parcel); 783 return GenericParcelPermission(user, parcel, groupPowers);
708 } 784 }
709#endregion 785#endregion
710 786
@@ -713,8 +789,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions
713 { 789 {
714 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 790 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
715 if (m_bypassPermissions) return m_bypassPermissionsValue; 791 if (m_bypassPermissions) return m_bypassPermissionsValue;
716 792
717 return GenericParcelPermission(user, parcel); 793 return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandRelease);
718 } 794 }
719 795
720 private bool CanReclaimParcel(UUID user, ILandObject parcel, Scene scene) 796 private bool CanReclaimParcel(UUID user, ILandObject parcel, Scene scene)
@@ -722,7 +798,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
722 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 798 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
723 if (m_bypassPermissions) return m_bypassPermissionsValue; 799 if (m_bypassPermissions) return m_bypassPermissionsValue;
724 800
725 return GenericParcelPermission(user, parcel); 801 return GenericParcelOwnerPermission(user, parcel, 0);
726 } 802 }
727 803
728 private bool CanDeedParcel(UUID user, ILandObject parcel, Scene scene) 804 private bool CanDeedParcel(UUID user, ILandObject parcel, Scene scene)
@@ -736,10 +812,10 @@ namespace OpenSim.Region.CoreModules.World.Permissions
736 ScenePresence sp = scene.GetScenePresence(user); 812 ScenePresence sp = scene.GetScenePresence(user);
737 IClientAPI client = sp.ControllingClient; 813 IClientAPI client = sp.ControllingClient;
738 814
739 if ((client.GetGroupPowers(parcel.landData.GroupID) & (long)GroupPowers.LandDeed) == 0) 815 if ((client.GetGroupPowers(parcel.landData.GroupID) & (ulong)GroupPowers.LandDeed) == 0)
740 return false; 816 return false;
741 817
742 return GenericParcelPermission(user, parcel); 818 return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandDeed);
743 } 819 }
744 820
745 private bool IsGod(UUID user, Scene scene) 821 private bool IsGod(UUID user, Scene scene)
@@ -760,17 +836,23 @@ namespace OpenSim.Region.CoreModules.World.Permissions
760 //They can't even edit the object 836 //They can't even edit the object
761 return false; 837 return false;
762 } 838 }
763 839
764 SceneObjectPart part = scene.GetSceneObjectPart(objectID); 840 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
765 if (part == null) 841 if (part == null)
766 return false; 842 return false;
767 843
768 if ((part.OwnerMask & PERM_COPY) == 0) 844 if (part.OwnerID == owner)
769 return false; 845 return ((part.OwnerMask & PERM_COPY) != 0);
770 846
771 if ((part.ParentGroup.GetEffectivePermissions() & PERM_COPY) == 0) 847 if (part.GroupID != UUID.Zero)
772 return false; 848 {
849 if ((part.OwnerID == UUID.Zero) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
850 return false;
773 851
852 if ((part.GroupMask & PERM_COPY) == 0)
853 return false;
854 }
855
774 //If they can rez, they can duplicate 856 //If they can rez, they can duplicate
775 return CanRezObject(objectCount, owner, objectPosition, scene); 857 return CanRezObject(objectCount, owner, objectPosition, scene);
776 } 858 }
@@ -807,11 +889,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
807 part = m_scene.GetSceneObjectPart(objectID); 889 part = m_scene.GetSceneObjectPart(objectID);
808 } 890 }
809 891
810 // TODO: add group support!
811 //
812 if (part.OwnerID != editorID)
813 return false;
814
815 return GenericObjectPermission(editorID, objectID, false); 892 return GenericObjectPermission(editorID, objectID, false);
816 } 893 }
817 894
@@ -820,7 +897,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
820 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 897 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
821 if (m_bypassPermissions) return m_bypassPermissionsValue; 898 if (m_bypassPermissions) return m_bypassPermissionsValue;
822 899
823 return GenericParcelPermission(user, parcel); 900 return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandDivideJoin);
824 } 901 }
825 902
826 /// <summary> 903 /// <summary>
@@ -901,10 +978,19 @@ namespace OpenSim.Region.CoreModules.World.Permissions
901 return false; 978 return false;
902 979
903 if (part.OwnerID != user) 980 if (part.OwnerID != user)
904 return false; 981 {
982 if (part.GroupID == UUID.Zero)
983 return false;
905 984
906 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) 985 if( !IsGroupMember(part.GroupID, user, 0) )
986 return false;
987
988 if ((part.GroupMask & (uint)PermissionMask.Modify) == 0)
989 return false;
990 } else {
991 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
907 return false; 992 return false;
993 }
908 994
909 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); 995 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
910 996
@@ -912,7 +998,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
912 return false; 998 return false;
913 999
914 if (ti.OwnerID != user) 1000 if (ti.OwnerID != user)
1001 {
1002 if (ti.GroupID == UUID.Zero)
1003 return false;
1004
1005 if( !IsGroupMember(ti.GroupID, user, 0) )
915 return false; 1006 return false;
1007 }
916 1008
917 // Require full perms 1009 // Require full perms
918 if ((ti.CurrentPermissions & 1010 if ((ti.CurrentPermissions &
@@ -1084,8 +1176,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1084 return true; 1176 return true;
1085 } 1177 }
1086 1178
1087 //TODO: check for group rights
1088
1089 if (!m_scene.Entities.ContainsKey(objectID)) 1179 if (!m_scene.Entities.ContainsKey(objectID))
1090 { 1180 {
1091 return false; 1181 return false;
@@ -1098,7 +1188,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1098 } 1188 }
1099 1189
1100 1190
1101 if (GenericParcelPermission(task.OwnerID, newPoint)) 1191 if (GenericParcelPermission(task.OwnerID, newPoint, 0))
1102 { 1192 {
1103 return true; 1193 return true;
1104 } 1194 }
@@ -1129,14 +1219,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1129 (int)Parcel.ParcelFlags.CreateObjects) 1219 (int)Parcel.ParcelFlags.CreateObjects)
1130 permission = true; 1220 permission = true;
1131 1221
1132 //TODO: check for group rights
1133
1134 if (IsAdministrator(owner)) 1222 if (IsAdministrator(owner))
1135 { 1223 {
1136 permission = true; 1224 permission = true;
1137 } 1225 }
1138 1226
1139 if (GenericParcelPermission(owner, objectPosition)) 1227 // Powers are zero, because GroupPowers.AllowRez is not a precondition for rezzing objects
1228 if (GenericParcelPermission(owner, objectPosition, 0))
1140 { 1229 {
1141 permission = true; 1230 permission = true;
1142 } 1231 }
@@ -1166,7 +1255,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1166 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1255 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1167 if (m_bypassPermissions) return m_bypassPermissionsValue; 1256 if (m_bypassPermissions) return m_bypassPermissionsValue;
1168 1257
1169 return GenericParcelPermission(user, parcel); 1258 return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandSetSale);
1170 } 1259 }
1171 1260
1172 private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene) 1261 private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene)
@@ -1182,7 +1271,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1182 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1271 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1183 if (m_bypassPermissions) return m_bypassPermissionsValue; 1272 if (m_bypassPermissions) return m_bypassPermissionsValue;
1184 1273
1185 bool permission = GenericObjectPermission(userID, objectID,false); 1274 bool permission = GenericObjectPermission(userID, objectID, false);
1186 if (!permission) 1275 if (!permission)
1187 { 1276 {
1188 if (!m_scene.Entities.ContainsKey(objectID)) 1277 if (!m_scene.Entities.ContainsKey(objectID))
@@ -1249,7 +1338,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1249 return true; 1338 return true;
1250 1339
1251 // Land owner can terraform too 1340 // Land owner can terraform too
1252 if (parcel != null && GenericParcelPermission(user, parcel)) 1341 if (parcel != null && GenericParcelPermission(user, parcel, (ulong)GroupPowers.AllowEditLand))
1253 return true; 1342 return true;
1254 1343
1255 return false; 1344 return false;
@@ -1316,20 +1405,35 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1316 1405
1317 if (part == null) 1406 if (part == null)
1318 return false; 1407 return false;
1319 1408
1320 if (part.OwnerID != user) 1409 if (part.OwnerID != user)
1410 {
1411 if (part.GroupID == UUID.Zero)
1321 return false; 1412 return false;
1322 1413
1323 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) 1414 if( !IsGroupMember(part.GroupID, user, 0) )
1324 return false; 1415 return false;
1416
1417 if ((part.GroupMask & (uint)PermissionMask.Modify) == 0)
1418 return false;
1419 } else {
1420 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1421 return false;
1422 }
1325 1423
1326 TaskInventoryItem ti = part.Inventory.GetInventoryItem(script); 1424 TaskInventoryItem ti = part.Inventory.GetInventoryItem(script);
1327 1425
1328 if (ti == null) 1426 if (ti == null)
1329 return false; 1427 return false;
1330 1428
1331 if (ti.OwnerID != user) 1429 if (ti.OwnerID != user)
1332 return false; 1430 {
1431 if (ti.GroupID == UUID.Zero)
1432 return false;
1433
1434 if( !IsGroupMember(ti.GroupID, user, 0) )
1435 return false;
1436 }
1333 1437
1334 // Require full perms 1438 // Require full perms
1335 if ((ti.CurrentPermissions & 1439 if ((ti.CurrentPermissions &
@@ -1394,9 +1498,15 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1394 1498
1395 if (part == null) 1499 if (part == null)
1396 return false; 1500 return false;
1397 1501
1398 if (part.OwnerID != user) 1502 if (part.OwnerID != user)
1399 return false; 1503 {
1504 if (part.GroupID == UUID.Zero)
1505 return false;
1506
1507 if( !IsGroupMember(part.GroupID, user, 0) )
1508 return false;
1509 }
1400 1510
1401 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) 1511 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1402 return false; 1512 return false;
@@ -1407,7 +1517,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1407 return false; 1517 return false;
1408 1518
1409 if (ti.OwnerID != user) 1519 if (ti.OwnerID != user)
1410 return false; 1520 {
1521 if (ti.GroupID == UUID.Zero)
1522 return false;
1523
1524 if( !IsGroupMember(ti.GroupID, user, 0) )
1525 return false;
1526 }
1411 1527
1412 // Notecards are always readable unless no copy 1528 // Notecards are always readable unless no copy
1413 // 1529 //
@@ -1420,7 +1536,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1420 return true; 1536 return true;
1421 } 1537 }
1422 1538
1423 #endregion 1539 #endregion
1424 1540
1425 private bool CanLinkObject(UUID userID, UUID objectID) 1541 private bool CanLinkObject(UUID userID, UUID objectID)
1426 { 1542 {
@@ -1589,7 +1705,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1589 if (parcel.landData.OwnerID != client.AgentId) 1705 if (parcel.landData.OwnerID != client.AgentId)
1590 return false; 1706 return false;
1591 } 1707 }
1592 break; 1708 return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnGroupOwned);
1593 case (uint)ObjectReturnType.Group: 1709 case (uint)ObjectReturnType.Group:
1594 if (parcel.landData.OwnerID != client.AgentId) 1710 if (parcel.landData.OwnerID != client.AgentId)
1595 { 1711 {
@@ -1613,45 +1729,44 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1613 return true; 1729 return true;
1614 } 1730 }
1615 } 1731 }
1616 break; 1732 return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnGroupSet);
1617 case (uint)ObjectReturnType.Other: 1733 case (uint)ObjectReturnType.Other:
1618 if ((powers & (long)GroupPowers.ReturnNonGroup) != 0) 1734 if ((powers & (long)GroupPowers.ReturnNonGroup) != 0)
1619 return true; 1735 return true;
1620 break; 1736 return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnNonGroup);
1621 case (uint)ObjectReturnType.List: 1737 case (uint)ObjectReturnType.List:
1622 break; 1738 break;
1623 } 1739 }
1624 1740
1625 return GenericParcelPermission(client.AgentId, parcel); 1741 return GenericParcelOwnerPermission(client.AgentId, parcel, 0);
1742 // Is it correct to be less restrictive for lists of objects to be returned?
1626 } 1743 }
1627 1744
1628 private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) { 1745 private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) {
1629 //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); 1746 //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType);
1630 switch(scriptType) { 1747 switch(scriptType) {
1631 case 0: 1748 case 0:
1632 if(GrantLSL.Count == 0 || GrantLSL.ContainsKey(ownerUUID.ToString())) { 1749 if(GrantLSL.Count == 0 || GrantLSL.ContainsKey(ownerUUID.ToString())) {
1633 return(true); 1750 return(true);
1634 } 1751 }
1635 break; 1752 break;
1636 case 1: 1753 case 1:
1637 if(GrantCS.Count == 0 || GrantCS.ContainsKey(ownerUUID.ToString())) { 1754 if(GrantCS.Count == 0 || GrantCS.ContainsKey(ownerUUID.ToString())) {
1638 return(true); 1755 return(true);
1639 } 1756 }
1640 break; 1757 break;
1641 case 2: 1758 case 2:
1642 if(GrantVB.Count == 0 || GrantVB.ContainsKey(ownerUUID.ToString())) { 1759 if(GrantVB.Count == 0 || GrantVB.ContainsKey(ownerUUID.ToString())) {
1643 return(true); 1760 return(true);
1644 } 1761 }
1645 break; 1762 break;
1646 case 3: 1763 case 3:
1647 if(GrantJS.Count == 0 || GrantJS.ContainsKey(ownerUUID.ToString())) { 1764 if(GrantJS.Count == 0 || GrantJS.ContainsKey(ownerUUID.ToString())) {
1648 return(true); 1765 return(true);
1649 } 1766 }
1650 break; 1767 break;
1651 } 1768 }
1652 return(false); 1769 return(false);
1653 } 1770 }
1654
1655
1656 } 1771 }
1657} 1772}
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index 6efcaa7..a2a7392 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -1526,10 +1526,14 @@ namespace OpenSim.Region.Framework.Scenes
1526 return; 1526 return;
1527 1527
1528 if (part.OwnerID != remoteClient.AgentId) 1528 if (part.OwnerID != remoteClient.AgentId)
1529 return; 1529 {
1530 1530 // Group permissions
1531 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) 1531 if ( (part.GroupID == UUID.Zero) || (remoteClient.GetGroupPowers(part.GroupID) == 0) || ((part.GroupMask & (uint)PermissionMask.Modify) == 0) )
1532 return; 1532 return;
1533 } else {
1534 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1535 return;
1536 }
1533 1537
1534 if (!Permissions.CanCreateObjectInventory( 1538 if (!Permissions.CanCreateObjectInventory(
1535 itemBase.InvType, part.UUID, remoteClient.AgentId)) 1539 itemBase.InvType, part.UUID, remoteClient.AgentId))
@@ -1598,13 +1602,18 @@ namespace OpenSim.Region.Framework.Scenes
1598 destId); 1602 destId);
1599 return; 1603 return;
1600 } 1604 }
1601 1605
1602 // Must own the object, and have modify rights 1606 // Must own the object, and have modify rights
1603 if (srcPart.OwnerID != destPart.OwnerID) 1607 if (srcPart.OwnerID != destPart.OwnerID)
1604 return; 1608 {
1605 1609 // Group permissions
1606 if ((destPart.OwnerMask & (uint)PermissionMask.Modify) == 0) 1610 if ( (destPart.GroupID == UUID.Zero) || (destPart.GroupID != srcPart.GroupID) ||
1607 return; 1611 ((destPart.GroupMask & (uint)PermissionMask.Modify) == 0) )
1612 return;
1613 } else {
1614 if ((destPart.OwnerMask & (uint)PermissionMask.Modify) == 0)
1615 return;
1616 }
1608 1617
1609 if (destPart.ScriptAccessPin != pin) 1618 if (destPart.ScriptAccessPin != pin)
1610 { 1619 {