diff options
author | Justin Clarke Casey | 2008-11-14 18:43:40 +0000 |
---|---|---|
committer | Justin Clarke Casey | 2008-11-14 18:43:40 +0000 |
commit | e3770cfee6e3ae0ad05b5be2f96f10779b39c454 (patch) | |
tree | e748ceb78fec5d15297cfaf9d2b75b0f959e3781 | |
parent | Try to make the test pass again (diff) | |
download | opensim-SC-e3770cfee6e3ae0ad05b5be2f96f10779b39c454.zip opensim-SC-e3770cfee6e3ae0ad05b5be2f96f10779b39c454.tar.gz opensim-SC-e3770cfee6e3ae0ad05b5be2f96f10779b39c454.tar.bz2 opensim-SC-e3770cfee6e3ae0ad05b5be2f96f10779b39c454.tar.xz |
* Allow new script creation to be locked down to only gods if specified in OpenSim.ini
* This doesn't allow complete script lockdown of a sim, many avenues (copying, editing) are still uncloseable at the moment
* Default remains to allow all users to create scripts (subject to existing permissions if enabled)
-rw-r--r-- | OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs | 67 | ||||
-rw-r--r-- | OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | 5 | ||||
-rw-r--r-- | bin/OpenSim.ini.example | 9 |
3 files changed, 68 insertions, 13 deletions
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs index 7f567e5..7135a21 100644 --- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs | |||
@@ -43,9 +43,10 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
43 | { | 43 | { |
44 | public class PermissionsModule : IRegionModule, ICommandableModule | 44 | public class PermissionsModule : IRegionModule, ICommandableModule |
45 | { | 45 | { |
46 | protected Scene m_scene; | ||
47 | private readonly Commander m_commander = new Commander("Permissions"); | ||
48 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | 46 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); |
47 | |||
48 | protected Scene m_scene; | ||
49 | private readonly Commander m_commander = new Commander("Permissions"); | ||
49 | 50 | ||
50 | #region Constants | 51 | #region Constants |
51 | // These are here for testing. They will be taken out | 52 | // These are here for testing. They will be taken out |
@@ -55,9 +56,18 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
55 | //private uint PERM_MODIFY = (uint)16384; | 56 | //private uint PERM_MODIFY = (uint)16384; |
56 | private uint PERM_MOVE = (uint)524288; | 57 | private uint PERM_MOVE = (uint)524288; |
57 | //private uint PERM_TRANS = (uint)8192; | 58 | //private uint PERM_TRANS = (uint)8192; |
58 | private uint PERM_LOCKED = (uint)540672; | 59 | private uint PERM_LOCKED = (uint)540672; |
59 | 60 | ||
60 | #endregion | 61 | /// <value> |
62 | /// Different user set names that come in from the configuration file. | ||
63 | /// </value> | ||
64 | enum UserSet | ||
65 | { | ||
66 | All, | ||
67 | Administrators | ||
68 | }; | ||
69 | |||
70 | #endregion | ||
61 | 71 | ||
62 | #region Bypass Permissions / Debug Permissions Stuff | 72 | #region Bypass Permissions / Debug Permissions Stuff |
63 | 73 | ||
@@ -69,6 +79,11 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
69 | private bool m_allowGridGods = false; | 79 | private bool m_allowGridGods = false; |
70 | private bool m_RegionOwnerIsGod = false; | 80 | private bool m_RegionOwnerIsGod = false; |
71 | private bool m_ParcelOwnerIsGod = false; | 81 | private bool m_ParcelOwnerIsGod = false; |
82 | |||
83 | /// <value> | ||
84 | /// The set of users that are allowed to create scripts. | ||
85 | /// </value> | ||
86 | private UserSet m_allowedScriptCreators = UserSet.All; | ||
72 | 87 | ||
73 | #endregion | 88 | #endregion |
74 | 89 | ||
@@ -79,7 +94,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
79 | get { throw new System.NotImplementedException(); } | 94 | get { throw new System.NotImplementedException(); } |
80 | } | 95 | } |
81 | 96 | ||
82 | |||
83 | private void InterfaceDebugPermissions(Object[] args) | 97 | private void InterfaceDebugPermissions(Object[] args) |
84 | { | 98 | { |
85 | if ((bool)args[0] == true) | 99 | if ((bool)args[0] == true) |
@@ -147,6 +161,27 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
147 | m_propagatePermissions = myConfig.GetBoolean("propagate_permissions", true); | 161 | m_propagatePermissions = myConfig.GetBoolean("propagate_permissions", true); |
148 | m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true); | 162 | m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true); |
149 | m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true); | 163 | m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true); |
164 | |||
165 | string allowedScriptCreators = myConfig.GetString("allowed_script_creators", UserSet.All.ToString()); | ||
166 | |||
167 | // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term | ||
168 | // this should disappear. | ||
169 | if ("gods" == allowedScriptCreators.ToLower()) | ||
170 | allowedScriptCreators = UserSet.Administrators.ToString(); | ||
171 | |||
172 | // Doing it this was so that we can do a case insensitive conversion | ||
173 | try | ||
174 | { | ||
175 | m_allowedScriptCreators = (UserSet)Enum.Parse(typeof(UserSet), allowedScriptCreators, true); | ||
176 | } | ||
177 | catch | ||
178 | { | ||
179 | m_log.ErrorFormat( | ||
180 | "[PERMISSIONS]: {0} is not a valid allowed_script_creators value, setting to {1}", | ||
181 | allowedScriptCreators, m_allowedScriptCreators); | ||
182 | } | ||
183 | |||
184 | m_log.DebugFormat("[PERMISSIONS]: m_allowedScriptCreators {0}", m_allowedScriptCreators); | ||
150 | 185 | ||
151 | if (m_bypassPermissions) | 186 | if (m_bypassPermissions) |
152 | m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks"); | 187 | m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks"); |
@@ -243,6 +278,11 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
243 | m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); | 278 | m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); |
244 | } | 279 | } |
245 | 280 | ||
281 | /// <summary> | ||
282 | /// Is the given user an administrator (in other words, a god)? | ||
283 | /// </summary> | ||
284 | /// <param name="user"></param> | ||
285 | /// <returns></returns> | ||
246 | protected bool IsAdministrator(UUID user) | 286 | protected bool IsAdministrator(UUID user) |
247 | { | 287 | { |
248 | if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero) | 288 | if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero) |
@@ -250,11 +290,13 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
250 | if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user)) | 290 | if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user)) |
251 | return true; | 291 | return true; |
252 | } | 292 | } |
293 | |||
253 | if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero) | 294 | if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero) |
254 | { | 295 | { |
255 | if (m_scene.RegionInfo.EstateSettings.EstateOwner == user) | 296 | if (m_scene.RegionInfo.EstateSettings.EstateOwner == user) |
256 | return true; | 297 | return true; |
257 | } | 298 | } |
299 | |||
258 | if (m_allowGridGods) | 300 | if (m_allowGridGods) |
259 | { | 301 | { |
260 | CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user); | 302 | CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user); |
@@ -1232,11 +1274,15 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
1232 | /// <returns></returns> | 1274 | /// <returns></returns> |
1233 | public bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID) | 1275 | public bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID) |
1234 | { | 1276 | { |
1235 | //m_log.Debug("[PERMISSIONS]: CanCreateObjectInventory called"); | 1277 | m_log.Debug("[PERMISSIONS]: CanCreateObjectInventory called"); |
1236 | 1278 | ||
1237 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1279 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1238 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1280 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1239 | 1281 | ||
1282 | if ((int)InventoryType.LSL == invType) | ||
1283 | if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID)) | ||
1284 | return false; | ||
1285 | |||
1240 | return true; | 1286 | return true; |
1241 | } | 1287 | } |
1242 | 1288 | ||
@@ -1248,11 +1294,15 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
1248 | /// <returns></returns> | 1294 | /// <returns></returns> |
1249 | public bool CanCreateUserInventory(int invType, UUID userID) | 1295 | public bool CanCreateUserInventory(int invType, UUID userID) |
1250 | { | 1296 | { |
1251 | //m_log.Debug("[PERMISSIONS]: CanCreateAvatarInventory called"); | 1297 | m_log.Debug("[PERMISSIONS]: CanCreateAvatarInventory called"); |
1252 | 1298 | ||
1253 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1299 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1254 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1300 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1255 | 1301 | ||
1302 | if ((int)InventoryType.LSL == invType) | ||
1303 | if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID)) | ||
1304 | return false; | ||
1305 | |||
1256 | return true; | 1306 | return true; |
1257 | } | 1307 | } |
1258 | 1308 | ||
@@ -1306,5 +1356,4 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
1306 | return true; | 1356 | return true; |
1307 | } | 1357 | } |
1308 | } | 1358 | } |
1309 | |||
1310 | } | 1359 | } |
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index 8cac070..72a8dc5 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | |||
@@ -736,7 +736,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
736 | return m_ScriptEngine.World.GetSimulatorVersion(); | 736 | return m_ScriptEngine.World.GetSimulatorVersion(); |
737 | } | 737 | } |
738 | 738 | ||
739 | |||
740 | //for testing purposes only | 739 | //for testing purposes only |
741 | public void osSetParcelMediaTime(double time) | 740 | public void osSetParcelMediaTime(double time) |
742 | { | 741 | { |
@@ -750,9 +749,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api | |||
750 | 749 | ||
751 | World.ParcelMediaSetTime((float)time); | 750 | World.ParcelMediaSetTime((float)time); |
752 | } | 751 | } |
753 | 752 | ||
754 | |||
755 | |||
756 | public Hashtable osParseJSON(string JSON) | 753 | public Hashtable osParseJSON(string JSON) |
757 | { | 754 | { |
758 | CheckThreatLevel(ThreatLevel.None, "osParseJSON"); | 755 | CheckThreatLevel(ThreatLevel.None, "osParseJSON"); |
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index a19c4d2..7b61790 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example | |||
@@ -123,6 +123,15 @@ | |||
123 | ;region_owner_is_god = true | 123 | ;region_owner_is_god = true |
124 | ;parcel_owner_is_god = true | 124 | ;parcel_owner_is_god = true |
125 | 125 | ||
126 | ; Control user types that are allowed to create new scripts | ||
127 | ; Only enforced if serviceside_object_permissions is true | ||
128 | ; | ||
129 | ; Current possible values are | ||
130 | ; all - anyone can create scripts (subject to normal permissions) | ||
131 | ; gods - only administrators can create scripts (as long as allow_grid_gods is true) | ||
132 | ; Default value is all | ||
133 | ; allowed_script_creators = all | ||
134 | |||
126 | ; ## | 135 | ; ## |
127 | ; ## SCRIPT ENGINE | 136 | ; ## SCRIPT ENGINE |
128 | ; ## | 137 | ; ## |