aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorUbitUmarov2017-01-18 22:25:49 +0000
committerUbitUmarov2017-01-18 22:25:49 +0000
commit1ff7e3499620417f3f1e8173200bec2624d99f1a (patch)
treef2057e99ea360e216e953ceb0d1a8f3eab96e555
parentenforce effective perms hierarchy (diff)
downloadopensim-SC-1ff7e3499620417f3f1e8173200bec2624d99f1a.zip
opensim-SC-1ff7e3499620417f3f1e8173200bec2624d99f1a.tar.gz
opensim-SC-1ff7e3499620417f3f1e8173200bec2624d99f1a.tar.bz2
opensim-SC-1ff7e3499620417f3f1e8173200bec2624d99f1a.tar.xz
a few more changes on Permissions module
-rw-r--r--OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs170
1 files changed, 80 insertions, 90 deletions
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
index 6e8ca55..d70cf61 100644
--- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
@@ -882,9 +882,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
882 if (group == null) 882 if (group == null)
883 return 0; 883 return 0;
884 884
885 if (IsAdministrator(currentUser))
886 return (uint)PermissionMask.AllEffective;
887
888 SceneObjectPart root = group.RootPart; 885 SceneObjectPart root = group.RootPart;
889 if (root == null) 886 if (root == null)
890 return 0; 887 return 0;
@@ -892,6 +889,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
892 UUID objectOwner = group.OwnerID; 889 UUID objectOwner = group.OwnerID;
893 bool locked = denyOnLocked && ((root.OwnerMask & PERM_LOCKED) == 0); 890 bool locked = denyOnLocked && ((root.OwnerMask & PERM_LOCKED) == 0);
894 891
892 if (IsAdministrator(currentUser))
893 {
894 // do lock on admin owned objects
895 if(locked && currentUser == objectOwner)
896 return (uint)(PermissionMask.AllEffective & ~PermissionMask.Modify);
897 return (uint)PermissionMask.AllEffective;
898 }
899
895 uint lockmask = (uint)PermissionMask.AllEffective; 900 uint lockmask = (uint)PermissionMask.AllEffective;
896 if(locked) 901 if(locked)
897 lockmask &= ~(uint)PermissionMask.Modify; 902 lockmask &= ~(uint)PermissionMask.Modify;
@@ -1185,7 +1190,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1185 return IsAdministrator(user); 1190 return IsAdministrator(user);
1186 } 1191 }
1187 1192
1188 private bool CanDuplicateObject(int objectCount, UUID objectID, UUID owner, Scene scene, Vector3 objectPosition) 1193 private bool CanDuplicateObject(int objectCount, UUID objectID, UUID userID, Scene scene, Vector3 objectPosition)
1189 { 1194 {
1190 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1195 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1191 if (m_bypassPermissions) return m_bypassPermissionsValue; 1196 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -1194,15 +1199,18 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1194 if (sog == null) 1199 if (sog == null)
1195 return false; 1200 return false;
1196 1201
1197 uint perms = GetObjectPermissions(owner, sog, false); 1202 uint perms = GetObjectPermissions(userID, sog, false);
1198 if((perms & (uint)PermissionMask.Copy) == 0) 1203 if((perms & (uint)PermissionMask.Copy) == 0)
1199 return false; 1204 return false;
1200 1205
1206 if(sog.OwnerID != userID && sog.OwnerID != sog.GroupID && (perms & (uint)PermissionMask.Transfer) == 0)
1207 return false;
1208
1201 //If they can rez, they can duplicate 1209 //If they can rez, they can duplicate
1202 return CanRezObject(objectCount, owner, objectPosition, scene); 1210 return CanRezObject(objectCount, userID, objectPosition, scene);
1203 } 1211 }
1204 1212
1205 private bool CanDeleteObject(UUID objectID, UUID deleter, Scene scene) 1213 private bool CanDeleteObject(UUID objectID, UUID userID, Scene scene)
1206 { 1214 {
1207 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1215 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1208 if (m_bypassPermissions) return m_bypassPermissionsValue; 1216 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -1211,13 +1219,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1211 if (sog == null) 1219 if (sog == null)
1212 return false; 1220 return false;
1213 1221
1214 uint perms = GetObjectPermissions(deleter, sog, false); 1222 // ignoring locked. viewers should warn and ask for confirmation
1223 uint perms = GetObjectPermissions(userID, sog, false);
1215 if((perms & (uint)PermissionMask.Modify) == 0) 1224 if((perms & (uint)PermissionMask.Modify) == 0)
1216 return false; 1225 return false;
1217 return true; 1226 return true;
1218 } 1227 }
1219 1228
1220 private bool CanEditObject(UUID objectID, UUID editorID, Scene scene) 1229 private bool CanEditObject(UUID objectID, UUID userID, Scene scene)
1221 { 1230 {
1222 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1231 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1223 if (m_bypassPermissions) return m_bypassPermissionsValue; 1232 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -1226,13 +1235,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1226 if (sog == null) 1235 if (sog == null)
1227 return false; 1236 return false;
1228 1237
1229 uint perms = GetObjectPermissions(editorID, sog, true); 1238 uint perms = GetObjectPermissions(userID, sog, true);
1230 if((perms & (uint)PermissionMask.Modify) == 0) 1239 if((perms & (uint)PermissionMask.Modify) == 0)
1231 return false; 1240 return false;
1232 return true; 1241 return true;
1233 } 1242 }
1234 1243
1235 private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene) 1244 private bool CanEditObjectInventory(UUID objectID, UUID userID, Scene scene)
1236 { 1245 {
1237 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1246 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1238 if (m_bypassPermissions) return m_bypassPermissionsValue; 1247 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -1241,18 +1250,18 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1241 if (sog == null) 1250 if (sog == null)
1242 return false; 1251 return false;
1243 1252
1244 uint perms = GetObjectPermissions(editorID, sog, true); 1253 uint perms = GetObjectPermissions(userID, sog, true);
1245 if((perms & (uint)PermissionMask.Modify) == 0) 1254 if((perms & (uint)PermissionMask.Modify) == 0)
1246 return false; 1255 return false;
1247 return true; 1256 return true;
1248 } 1257 }
1249 1258
1250 private bool CanEditParcelProperties(UUID user, ILandObject parcel, GroupPowers p, Scene scene, bool allowManager) 1259 private bool CanEditParcelProperties(UUID userID, ILandObject parcel, GroupPowers p, Scene scene, bool allowManager)
1251 { 1260 {
1252 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1261 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1253 if (m_bypassPermissions) return m_bypassPermissionsValue; 1262 if (m_bypassPermissions) return m_bypassPermissionsValue;
1254 1263
1255 return GenericParcelOwnerPermission(user, parcel, (ulong)p, false); 1264 return GenericParcelOwnerPermission(userID, parcel, (ulong)p, false);
1256 } 1265 }
1257 1266
1258 /// <summary> 1267 /// <summary>
@@ -1263,18 +1272,18 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1263 /// <param name="user"></param> 1272 /// <param name="user"></param>
1264 /// <param name="scene"></param> 1273 /// <param name="scene"></param>
1265 /// <returns></returns> 1274 /// <returns></returns>
1266 private bool CanEditScript(UUID script, UUID objectID, UUID user, Scene scene) 1275 private bool CanEditScript(UUID script, UUID objectID, UUID userID, Scene scene)
1267 { 1276 {
1268 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1277 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1269 if (m_bypassPermissions) return m_bypassPermissionsValue; 1278 if (m_bypassPermissions) return m_bypassPermissionsValue;
1270 1279
1271 if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(user)) 1280 if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(userID))
1272 return false; 1281 return false;
1273 1282
1274 // Ordinarily, if you can view it, you can edit it 1283 // Ordinarily, if you can view it, you can edit it
1275 // There is no viewing a no mod script 1284 // There is no viewing a no mod script
1276 // 1285 //
1277 return CanViewScript(script, objectID, user, scene); 1286 return CanViewScript(script, objectID, userID, scene);
1278 } 1287 }
1279 1288
1280 /// <summary> 1289 /// <summary>
@@ -1316,7 +1325,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1316 } 1325 }
1317 else // Prim inventory 1326 else // Prim inventory
1318 { 1327 {
1319 SceneObjectGroup sog = scene.GetGroupByPrim(objectID); 1328 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
1329 if (part == null)
1330 return false;
1331
1332 SceneObjectGroup sog = part.ParentGroup;
1320 if (sog == null) 1333 if (sog == null)
1321 return false; 1334 return false;
1322 1335
@@ -1325,10 +1338,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1325 if((perms & (uint)PermissionMask.Modify) == 0) 1338 if((perms & (uint)PermissionMask.Modify) == 0)
1326 return false; 1339 return false;
1327 1340
1328 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
1329 if (part == null)
1330 return false;
1331
1332 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); 1341 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
1333 if (ti == null) 1342 if (ti == null)
1334 return false; 1343 return false;
@@ -1426,7 +1435,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1426 uint perms = GetObjectPermissions(moverID, sog, true); 1435 uint perms = GetObjectPermissions(moverID, sog, true);
1427 if((perms & (uint)PermissionMask.Move) == 0) 1436 if((perms & (uint)PermissionMask.Move) == 0)
1428 return false; 1437 return false;
1429 // admins exception ? if needed then should be done at GetObjectPermissions
1430 return true; 1438 return true;
1431 } 1439 }
1432 1440
@@ -1435,7 +1443,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1435 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1443 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1436 if (m_bypassPermissions) return m_bypassPermissionsValue; 1444 if (m_bypassPermissions) return m_bypassPermissionsValue;
1437 1445
1438
1439 // allow outide region?? 1446 // allow outide region??
1440 if (newPoint.X < -1f || newPoint.Y < -1f) 1447 if (newPoint.X < -1f || newPoint.Y < -1f)
1441 return true; 1448 return true;
@@ -1656,12 +1663,23 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1656 return IsGroupMember(groupID, userID, (ulong)GroupPowers.ObjectSetForSale); 1663 return IsGroupMember(groupID, userID, (ulong)GroupPowers.ObjectSetForSale);
1657 } 1664 }
1658 1665
1659 private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene) 1666 private bool CanTakeObject(UUID objectID, UUID userID, Scene scene)
1660 { 1667 {
1661 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1668 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1662 if (m_bypassPermissions) return m_bypassPermissionsValue; 1669 if (m_bypassPermissions) return m_bypassPermissionsValue;
1663 1670
1664 return GenericObjectPermission(stealer,objectID, false); 1671 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
1672 if (sog == null)
1673 return false;
1674
1675 // ignore locked, viewers shell ask for confirmation
1676 uint perms = GetObjectPermissions(userID, sog, false);
1677 if((perms & (uint)PermissionMask.Modify) == 0)
1678 return false;
1679
1680 if (sog.OwnerID != userID && ((perms & (uint)PermissionMask.Transfer) == 0))
1681 return false;
1682 return true;
1665 } 1683 }
1666 1684
1667 private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene) 1685 private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene)
@@ -1669,44 +1687,17 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1669 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1687 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1670 if (m_bypassPermissions) return m_bypassPermissionsValue; 1688 if (m_bypassPermissions) return m_bypassPermissionsValue;
1671 1689
1672 bool permission = GenericObjectPermission(userID, objectID, false); 1690 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
1673 1691 if (sog == null)
1674 SceneObjectGroup so = (SceneObjectGroup)m_scene.Entities[objectID]; 1692 return false;
1675
1676 if (!permission)
1677 {
1678 if (!m_scene.Entities.ContainsKey(objectID))
1679 {
1680 return false;
1681 }
1682
1683 // If it's not an object, we cant edit it.
1684 if (!(m_scene.Entities[objectID] is SceneObjectGroup))
1685 {
1686 return false;
1687 }
1688
1689 // UUID taskOwner = null;
1690 // Added this because at this point in time it wouldn't be wise for
1691 // the administrator object permissions to take effect.
1692 // UUID objectOwner = task.OwnerID;
1693
1694 if ((so.RootPart.EveryoneMask & PERM_COPY) != 0)
1695 permission = true;
1696 }
1697 1693
1698 if (so.OwnerID != userID) 1694 uint perms = GetObjectPermissions(userID, sog, true);
1699 { 1695 if((perms & (uint)PermissionMask.Copy) == 0)
1700 if ((so.GetEffectivePermissions() & (PERM_COPY | PERM_TRANS)) != (PERM_COPY | PERM_TRANS)) 1696 return false;
1701 permission = false;
1702 }
1703 else
1704 {
1705 if ((so.GetEffectivePermissions() & PERM_COPY) != PERM_COPY)
1706 permission = false;
1707 }
1708 1697
1709 return permission; 1698 if(sog.OwnerID != userID && sog.OwnerID != sog.GroupID && (perms & (uint)PermissionMask.Transfer) == 0)
1699 return false;
1700 return true;
1710 } 1701 }
1711 1702
1712 private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene) 1703 private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene)
@@ -1792,26 +1783,16 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1792 else // Prim inventory 1783 else // Prim inventory
1793 { 1784 {
1794 SceneObjectPart part = scene.GetSceneObjectPart(objectID); 1785 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
1795
1796 if (part == null) 1786 if (part == null)
1797 return false; 1787 return false;
1798 1788
1799 if (part.OwnerID != user) 1789 SceneObjectGroup sog = part.ParentGroup;
1800 { 1790 if (sog == null)
1801 if (part.GroupID == UUID.Zero) 1791 return false;
1802 return false;
1803
1804 if (!IsGroupMember(part.GroupID, user, 0))
1805 return false;
1806 1792
1807 if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) 1793 uint perms = GetObjectPermissions(user, sog, true);
1808 return false; 1794 if((perms & (uint)PermissionMask.Modify) == 0)
1809 } 1795 return false;
1810 else
1811 {
1812 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1813 return false;
1814 }
1815 1796
1816 TaskInventoryItem ti = part.Inventory.GetInventoryItem(script); 1797 TaskInventoryItem ti = part.Inventory.GetInventoryItem(script);
1817 1798
@@ -1876,20 +1857,15 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1876 else // Prim inventory 1857 else // Prim inventory
1877 { 1858 {
1878 SceneObjectPart part = scene.GetSceneObjectPart(objectID); 1859 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
1879
1880 if (part == null) 1860 if (part == null)
1881 return false; 1861 return false;
1882 1862
1883 if (part.OwnerID != user) 1863 SceneObjectGroup sog = part.ParentGroup;
1884 { 1864 if (sog == null)
1885 if (part.GroupID == UUID.Zero) 1865 return false;
1886 return false;
1887
1888 if (!IsGroupMember(part.GroupID, user, 0))
1889 return false;
1890 }
1891 1866
1892 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) 1867 uint perms = GetObjectPermissions(user, sog, true);
1868 if((perms & (uint)PermissionMask.Modify) == 0)
1893 return false; 1869 return false;
1894 1870
1895 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); 1871 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
@@ -1924,7 +1900,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1924 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1900 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1925 if (m_bypassPermissions) return m_bypassPermissionsValue; 1901 if (m_bypassPermissions) return m_bypassPermissionsValue;
1926 1902
1927 return GenericObjectPermission(userID, objectID, false); 1903 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
1904 if (sog == null)
1905 return false;
1906
1907 uint perms = GetObjectPermissions(userID, sog, true);
1908 if((perms & (uint)PermissionMask.Modify) == 0)
1909 return false;
1910 return true;
1928 } 1911 }
1929 1912
1930 private bool CanDelinkObject(UUID userID, UUID objectID) 1913 private bool CanDelinkObject(UUID userID, UUID objectID)
@@ -1932,7 +1915,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1932 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1915 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1933 if (m_bypassPermissions) return m_bypassPermissionsValue; 1916 if (m_bypassPermissions) return m_bypassPermissionsValue;
1934 1917
1935 return GenericObjectPermission(userID, objectID, false); 1918 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
1919 if (sog == null)
1920 return false;
1921
1922 uint perms = GetObjectPermissions(userID, sog, true);
1923 if((perms & (uint)PermissionMask.Modify) == 0)
1924 return false;
1925 return true;
1936 } 1926 }
1937 1927
1938 private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene) 1928 private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene)