aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJustin Clarke Casey2008-11-14 18:43:40 +0000
committerJustin Clarke Casey2008-11-14 18:43:40 +0000
commite3770cfee6e3ae0ad05b5be2f96f10779b39c454 (patch)
treee748ceb78fec5d15297cfaf9d2b75b0f959e3781
parentTry to make the test pass again (diff)
downloadopensim-SC-e3770cfee6e3ae0ad05b5be2f96f10779b39c454.zip
opensim-SC-e3770cfee6e3ae0ad05b5be2f96f10779b39c454.tar.gz
opensim-SC-e3770cfee6e3ae0ad05b5be2f96f10779b39c454.tar.bz2
opensim-SC-e3770cfee6e3ae0ad05b5be2f96f10779b39c454.tar.xz
* Allow new script creation to be locked down to only gods if specified in OpenSim.ini
* This doesn't allow complete script lockdown of a sim, many avenues (copying, editing) are still uncloseable at the moment * Default remains to allow all users to create scripts (subject to existing permissions if enabled)
-rw-r--r--OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs67
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs5
-rw-r--r--bin/OpenSim.ini.example9
3 files changed, 68 insertions, 13 deletions
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
index 7f567e5..7135a21 100644
--- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
@@ -43,9 +43,10 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
43{ 43{
44 public class PermissionsModule : IRegionModule, ICommandableModule 44 public class PermissionsModule : IRegionModule, ICommandableModule
45 { 45 {
46 protected Scene m_scene;
47 private readonly Commander m_commander = new Commander("Permissions");
48 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); 46 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
47
48 protected Scene m_scene;
49 private readonly Commander m_commander = new Commander("Permissions");
49 50
50 #region Constants 51 #region Constants
51 // These are here for testing. They will be taken out 52 // These are here for testing. They will be taken out
@@ -55,9 +56,18 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
55 //private uint PERM_MODIFY = (uint)16384; 56 //private uint PERM_MODIFY = (uint)16384;
56 private uint PERM_MOVE = (uint)524288; 57 private uint PERM_MOVE = (uint)524288;
57 //private uint PERM_TRANS = (uint)8192; 58 //private uint PERM_TRANS = (uint)8192;
58 private uint PERM_LOCKED = (uint)540672; 59 private uint PERM_LOCKED = (uint)540672;
59 60
60 #endregion 61 /// <value>
62 /// Different user set names that come in from the configuration file.
63 /// </value>
64 enum UserSet
65 {
66 All,
67 Administrators
68 };
69
70 #endregion
61 71
62 #region Bypass Permissions / Debug Permissions Stuff 72 #region Bypass Permissions / Debug Permissions Stuff
63 73
@@ -69,6 +79,11 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
69 private bool m_allowGridGods = false; 79 private bool m_allowGridGods = false;
70 private bool m_RegionOwnerIsGod = false; 80 private bool m_RegionOwnerIsGod = false;
71 private bool m_ParcelOwnerIsGod = false; 81 private bool m_ParcelOwnerIsGod = false;
82
83 /// <value>
84 /// The set of users that are allowed to create scripts.
85 /// </value>
86 private UserSet m_allowedScriptCreators = UserSet.All;
72 87
73 #endregion 88 #endregion
74 89
@@ -79,7 +94,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
79 get { throw new System.NotImplementedException(); } 94 get { throw new System.NotImplementedException(); }
80 } 95 }
81 96
82
83 private void InterfaceDebugPermissions(Object[] args) 97 private void InterfaceDebugPermissions(Object[] args)
84 { 98 {
85 if ((bool)args[0] == true) 99 if ((bool)args[0] == true)
@@ -147,6 +161,27 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
147 m_propagatePermissions = myConfig.GetBoolean("propagate_permissions", true); 161 m_propagatePermissions = myConfig.GetBoolean("propagate_permissions", true);
148 m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true); 162 m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
149 m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true); 163 m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
164
165 string allowedScriptCreators = myConfig.GetString("allowed_script_creators", UserSet.All.ToString());
166
167 // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term
168 // this should disappear.
169 if ("gods" == allowedScriptCreators.ToLower())
170 allowedScriptCreators = UserSet.Administrators.ToString();
171
172 // Doing it this was so that we can do a case insensitive conversion
173 try
174 {
175 m_allowedScriptCreators = (UserSet)Enum.Parse(typeof(UserSet), allowedScriptCreators, true);
176 }
177 catch
178 {
179 m_log.ErrorFormat(
180 "[PERMISSIONS]: {0} is not a valid allowed_script_creators value, setting to {1}",
181 allowedScriptCreators, m_allowedScriptCreators);
182 }
183
184 m_log.DebugFormat("[PERMISSIONS]: m_allowedScriptCreators {0}", m_allowedScriptCreators);
150 185
151 if (m_bypassPermissions) 186 if (m_bypassPermissions)
152 m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks"); 187 m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks");
@@ -243,6 +278,11 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
243 m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); 278 m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
244 } 279 }
245 280
281 /// <summary>
282 /// Is the given user an administrator (in other words, a god)?
283 /// </summary>
284 /// <param name="user"></param>
285 /// <returns></returns>
246 protected bool IsAdministrator(UUID user) 286 protected bool IsAdministrator(UUID user)
247 { 287 {
248 if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero) 288 if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero)
@@ -250,11 +290,13 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
250 if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user)) 290 if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user))
251 return true; 291 return true;
252 } 292 }
293
253 if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero) 294 if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero)
254 { 295 {
255 if (m_scene.RegionInfo.EstateSettings.EstateOwner == user) 296 if (m_scene.RegionInfo.EstateSettings.EstateOwner == user)
256 return true; 297 return true;
257 } 298 }
299
258 if (m_allowGridGods) 300 if (m_allowGridGods)
259 { 301 {
260 CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user); 302 CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
@@ -1232,11 +1274,15 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
1232 /// <returns></returns> 1274 /// <returns></returns>
1233 public bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID) 1275 public bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID)
1234 { 1276 {
1235 //m_log.Debug("[PERMISSIONS]: CanCreateObjectInventory called"); 1277 m_log.Debug("[PERMISSIONS]: CanCreateObjectInventory called");
1236 1278
1237 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1279 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1238 if (m_bypassPermissions) return m_bypassPermissionsValue; 1280 if (m_bypassPermissions) return m_bypassPermissionsValue;
1239 1281
1282 if ((int)InventoryType.LSL == invType)
1283 if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
1284 return false;
1285
1240 return true; 1286 return true;
1241 } 1287 }
1242 1288
@@ -1248,11 +1294,15 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
1248 /// <returns></returns> 1294 /// <returns></returns>
1249 public bool CanCreateUserInventory(int invType, UUID userID) 1295 public bool CanCreateUserInventory(int invType, UUID userID)
1250 { 1296 {
1251 //m_log.Debug("[PERMISSIONS]: CanCreateAvatarInventory called"); 1297 m_log.Debug("[PERMISSIONS]: CanCreateAvatarInventory called");
1252 1298
1253 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1299 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1254 if (m_bypassPermissions) return m_bypassPermissionsValue; 1300 if (m_bypassPermissions) return m_bypassPermissionsValue;
1255 1301
1302 if ((int)InventoryType.LSL == invType)
1303 if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
1304 return false;
1305
1256 return true; 1306 return true;
1257 } 1307 }
1258 1308
@@ -1306,5 +1356,4 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
1306 return true; 1356 return true;
1307 } 1357 }
1308 } 1358 }
1309
1310} 1359}
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index 8cac070..72a8dc5 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -736,7 +736,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
736 return m_ScriptEngine.World.GetSimulatorVersion(); 736 return m_ScriptEngine.World.GetSimulatorVersion();
737 } 737 }
738 738
739
740 //for testing purposes only 739 //for testing purposes only
741 public void osSetParcelMediaTime(double time) 740 public void osSetParcelMediaTime(double time)
742 { 741 {
@@ -750,9 +749,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
750 749
751 World.ParcelMediaSetTime((float)time); 750 World.ParcelMediaSetTime((float)time);
752 } 751 }
753 752
754
755
756 public Hashtable osParseJSON(string JSON) 753 public Hashtable osParseJSON(string JSON)
757 { 754 {
758 CheckThreatLevel(ThreatLevel.None, "osParseJSON"); 755 CheckThreatLevel(ThreatLevel.None, "osParseJSON");
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index a19c4d2..7b61790 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -123,6 +123,15 @@
123 ;region_owner_is_god = true 123 ;region_owner_is_god = true
124 ;parcel_owner_is_god = true 124 ;parcel_owner_is_god = true
125 125
126 ; Control user types that are allowed to create new scripts
127 ; Only enforced if serviceside_object_permissions is true
128 ;
129 ; Current possible values are
130 ; all - anyone can create scripts (subject to normal permissions)
131 ; gods - only administrators can create scripts (as long as allow_grid_gods is true)
132 ; Default value is all
133 ; allowed_script_creators = all
134
126 ; ## 135 ; ##
127 ; ## SCRIPT ENGINE 136 ; ## SCRIPT ENGINE
128 ; ## 137 ; ##