diff options
author | UbitUmarov | 2017-01-18 22:25:49 +0000 |
---|---|---|
committer | UbitUmarov | 2017-01-18 22:25:49 +0000 |
commit | 1ff7e3499620417f3f1e8173200bec2624d99f1a (patch) | |
tree | f2057e99ea360e216e953ceb0d1a8f3eab96e555 | |
parent | enforce effective perms hierarchy (diff) | |
download | opensim-SC-1ff7e3499620417f3f1e8173200bec2624d99f1a.zip opensim-SC-1ff7e3499620417f3f1e8173200bec2624d99f1a.tar.gz opensim-SC-1ff7e3499620417f3f1e8173200bec2624d99f1a.tar.bz2 opensim-SC-1ff7e3499620417f3f1e8173200bec2624d99f1a.tar.xz |
a few more changes on Permissions module
-rw-r--r-- | OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | 170 |
1 files changed, 80 insertions, 90 deletions
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 6e8ca55..d70cf61 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | |||
@@ -882,9 +882,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
882 | if (group == null) | 882 | if (group == null) |
883 | return 0; | 883 | return 0; |
884 | 884 | ||
885 | if (IsAdministrator(currentUser)) | ||
886 | return (uint)PermissionMask.AllEffective; | ||
887 | |||
888 | SceneObjectPart root = group.RootPart; | 885 | SceneObjectPart root = group.RootPart; |
889 | if (root == null) | 886 | if (root == null) |
890 | return 0; | 887 | return 0; |
@@ -892,6 +889,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
892 | UUID objectOwner = group.OwnerID; | 889 | UUID objectOwner = group.OwnerID; |
893 | bool locked = denyOnLocked && ((root.OwnerMask & PERM_LOCKED) == 0); | 890 | bool locked = denyOnLocked && ((root.OwnerMask & PERM_LOCKED) == 0); |
894 | 891 | ||
892 | if (IsAdministrator(currentUser)) | ||
893 | { | ||
894 | // do lock on admin owned objects | ||
895 | if(locked && currentUser == objectOwner) | ||
896 | return (uint)(PermissionMask.AllEffective & ~PermissionMask.Modify); | ||
897 | return (uint)PermissionMask.AllEffective; | ||
898 | } | ||
899 | |||
895 | uint lockmask = (uint)PermissionMask.AllEffective; | 900 | uint lockmask = (uint)PermissionMask.AllEffective; |
896 | if(locked) | 901 | if(locked) |
897 | lockmask &= ~(uint)PermissionMask.Modify; | 902 | lockmask &= ~(uint)PermissionMask.Modify; |
@@ -1185,7 +1190,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1185 | return IsAdministrator(user); | 1190 | return IsAdministrator(user); |
1186 | } | 1191 | } |
1187 | 1192 | ||
1188 | private bool CanDuplicateObject(int objectCount, UUID objectID, UUID owner, Scene scene, Vector3 objectPosition) | 1193 | private bool CanDuplicateObject(int objectCount, UUID objectID, UUID userID, Scene scene, Vector3 objectPosition) |
1189 | { | 1194 | { |
1190 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1195 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1191 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1196 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
@@ -1194,15 +1199,18 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1194 | if (sog == null) | 1199 | if (sog == null) |
1195 | return false; | 1200 | return false; |
1196 | 1201 | ||
1197 | uint perms = GetObjectPermissions(owner, sog, false); | 1202 | uint perms = GetObjectPermissions(userID, sog, false); |
1198 | if((perms & (uint)PermissionMask.Copy) == 0) | 1203 | if((perms & (uint)PermissionMask.Copy) == 0) |
1199 | return false; | 1204 | return false; |
1200 | 1205 | ||
1206 | if(sog.OwnerID != userID && sog.OwnerID != sog.GroupID && (perms & (uint)PermissionMask.Transfer) == 0) | ||
1207 | return false; | ||
1208 | |||
1201 | //If they can rez, they can duplicate | 1209 | //If they can rez, they can duplicate |
1202 | return CanRezObject(objectCount, owner, objectPosition, scene); | 1210 | return CanRezObject(objectCount, userID, objectPosition, scene); |
1203 | } | 1211 | } |
1204 | 1212 | ||
1205 | private bool CanDeleteObject(UUID objectID, UUID deleter, Scene scene) | 1213 | private bool CanDeleteObject(UUID objectID, UUID userID, Scene scene) |
1206 | { | 1214 | { |
1207 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1215 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1208 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1216 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
@@ -1211,13 +1219,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1211 | if (sog == null) | 1219 | if (sog == null) |
1212 | return false; | 1220 | return false; |
1213 | 1221 | ||
1214 | uint perms = GetObjectPermissions(deleter, sog, false); | 1222 | // ignoring locked. viewers should warn and ask for confirmation |
1223 | uint perms = GetObjectPermissions(userID, sog, false); | ||
1215 | if((perms & (uint)PermissionMask.Modify) == 0) | 1224 | if((perms & (uint)PermissionMask.Modify) == 0) |
1216 | return false; | 1225 | return false; |
1217 | return true; | 1226 | return true; |
1218 | } | 1227 | } |
1219 | 1228 | ||
1220 | private bool CanEditObject(UUID objectID, UUID editorID, Scene scene) | 1229 | private bool CanEditObject(UUID objectID, UUID userID, Scene scene) |
1221 | { | 1230 | { |
1222 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1231 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1223 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1232 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
@@ -1226,13 +1235,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1226 | if (sog == null) | 1235 | if (sog == null) |
1227 | return false; | 1236 | return false; |
1228 | 1237 | ||
1229 | uint perms = GetObjectPermissions(editorID, sog, true); | 1238 | uint perms = GetObjectPermissions(userID, sog, true); |
1230 | if((perms & (uint)PermissionMask.Modify) == 0) | 1239 | if((perms & (uint)PermissionMask.Modify) == 0) |
1231 | return false; | 1240 | return false; |
1232 | return true; | 1241 | return true; |
1233 | } | 1242 | } |
1234 | 1243 | ||
1235 | private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene) | 1244 | private bool CanEditObjectInventory(UUID objectID, UUID userID, Scene scene) |
1236 | { | 1245 | { |
1237 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1246 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1238 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1247 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
@@ -1241,18 +1250,18 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1241 | if (sog == null) | 1250 | if (sog == null) |
1242 | return false; | 1251 | return false; |
1243 | 1252 | ||
1244 | uint perms = GetObjectPermissions(editorID, sog, true); | 1253 | uint perms = GetObjectPermissions(userID, sog, true); |
1245 | if((perms & (uint)PermissionMask.Modify) == 0) | 1254 | if((perms & (uint)PermissionMask.Modify) == 0) |
1246 | return false; | 1255 | return false; |
1247 | return true; | 1256 | return true; |
1248 | } | 1257 | } |
1249 | 1258 | ||
1250 | private bool CanEditParcelProperties(UUID user, ILandObject parcel, GroupPowers p, Scene scene, bool allowManager) | 1259 | private bool CanEditParcelProperties(UUID userID, ILandObject parcel, GroupPowers p, Scene scene, bool allowManager) |
1251 | { | 1260 | { |
1252 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1261 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1253 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1262 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1254 | 1263 | ||
1255 | return GenericParcelOwnerPermission(user, parcel, (ulong)p, false); | 1264 | return GenericParcelOwnerPermission(userID, parcel, (ulong)p, false); |
1256 | } | 1265 | } |
1257 | 1266 | ||
1258 | /// <summary> | 1267 | /// <summary> |
@@ -1263,18 +1272,18 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1263 | /// <param name="user"></param> | 1272 | /// <param name="user"></param> |
1264 | /// <param name="scene"></param> | 1273 | /// <param name="scene"></param> |
1265 | /// <returns></returns> | 1274 | /// <returns></returns> |
1266 | private bool CanEditScript(UUID script, UUID objectID, UUID user, Scene scene) | 1275 | private bool CanEditScript(UUID script, UUID objectID, UUID userID, Scene scene) |
1267 | { | 1276 | { |
1268 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1277 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1269 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1278 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1270 | 1279 | ||
1271 | if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(user)) | 1280 | if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(userID)) |
1272 | return false; | 1281 | return false; |
1273 | 1282 | ||
1274 | // Ordinarily, if you can view it, you can edit it | 1283 | // Ordinarily, if you can view it, you can edit it |
1275 | // There is no viewing a no mod script | 1284 | // There is no viewing a no mod script |
1276 | // | 1285 | // |
1277 | return CanViewScript(script, objectID, user, scene); | 1286 | return CanViewScript(script, objectID, userID, scene); |
1278 | } | 1287 | } |
1279 | 1288 | ||
1280 | /// <summary> | 1289 | /// <summary> |
@@ -1316,7 +1325,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1316 | } | 1325 | } |
1317 | else // Prim inventory | 1326 | else // Prim inventory |
1318 | { | 1327 | { |
1319 | SceneObjectGroup sog = scene.GetGroupByPrim(objectID); | 1328 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); |
1329 | if (part == null) | ||
1330 | return false; | ||
1331 | |||
1332 | SceneObjectGroup sog = part.ParentGroup; | ||
1320 | if (sog == null) | 1333 | if (sog == null) |
1321 | return false; | 1334 | return false; |
1322 | 1335 | ||
@@ -1325,10 +1338,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1325 | if((perms & (uint)PermissionMask.Modify) == 0) | 1338 | if((perms & (uint)PermissionMask.Modify) == 0) |
1326 | return false; | 1339 | return false; |
1327 | 1340 | ||
1328 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); | ||
1329 | if (part == null) | ||
1330 | return false; | ||
1331 | |||
1332 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); | 1341 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); |
1333 | if (ti == null) | 1342 | if (ti == null) |
1334 | return false; | 1343 | return false; |
@@ -1426,7 +1435,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1426 | uint perms = GetObjectPermissions(moverID, sog, true); | 1435 | uint perms = GetObjectPermissions(moverID, sog, true); |
1427 | if((perms & (uint)PermissionMask.Move) == 0) | 1436 | if((perms & (uint)PermissionMask.Move) == 0) |
1428 | return false; | 1437 | return false; |
1429 | // admins exception ? if needed then should be done at GetObjectPermissions | ||
1430 | return true; | 1438 | return true; |
1431 | } | 1439 | } |
1432 | 1440 | ||
@@ -1435,7 +1443,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1435 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1443 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1436 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1444 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1437 | 1445 | ||
1438 | |||
1439 | // allow outide region?? | 1446 | // allow outide region?? |
1440 | if (newPoint.X < -1f || newPoint.Y < -1f) | 1447 | if (newPoint.X < -1f || newPoint.Y < -1f) |
1441 | return true; | 1448 | return true; |
@@ -1656,12 +1663,23 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1656 | return IsGroupMember(groupID, userID, (ulong)GroupPowers.ObjectSetForSale); | 1663 | return IsGroupMember(groupID, userID, (ulong)GroupPowers.ObjectSetForSale); |
1657 | } | 1664 | } |
1658 | 1665 | ||
1659 | private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene) | 1666 | private bool CanTakeObject(UUID objectID, UUID userID, Scene scene) |
1660 | { | 1667 | { |
1661 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1668 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1662 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1669 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1663 | 1670 | ||
1664 | return GenericObjectPermission(stealer,objectID, false); | 1671 | SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID); |
1672 | if (sog == null) | ||
1673 | return false; | ||
1674 | |||
1675 | // ignore locked, viewers shell ask for confirmation | ||
1676 | uint perms = GetObjectPermissions(userID, sog, false); | ||
1677 | if((perms & (uint)PermissionMask.Modify) == 0) | ||
1678 | return false; | ||
1679 | |||
1680 | if (sog.OwnerID != userID && ((perms & (uint)PermissionMask.Transfer) == 0)) | ||
1681 | return false; | ||
1682 | return true; | ||
1665 | } | 1683 | } |
1666 | 1684 | ||
1667 | private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene) | 1685 | private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene) |
@@ -1669,44 +1687,17 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1669 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1687 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1670 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1688 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1671 | 1689 | ||
1672 | bool permission = GenericObjectPermission(userID, objectID, false); | 1690 | SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID); |
1673 | 1691 | if (sog == null) | |
1674 | SceneObjectGroup so = (SceneObjectGroup)m_scene.Entities[objectID]; | 1692 | return false; |
1675 | |||
1676 | if (!permission) | ||
1677 | { | ||
1678 | if (!m_scene.Entities.ContainsKey(objectID)) | ||
1679 | { | ||
1680 | return false; | ||
1681 | } | ||
1682 | |||
1683 | // If it's not an object, we cant edit it. | ||
1684 | if (!(m_scene.Entities[objectID] is SceneObjectGroup)) | ||
1685 | { | ||
1686 | return false; | ||
1687 | } | ||
1688 | |||
1689 | // UUID taskOwner = null; | ||
1690 | // Added this because at this point in time it wouldn't be wise for | ||
1691 | // the administrator object permissions to take effect. | ||
1692 | // UUID objectOwner = task.OwnerID; | ||
1693 | |||
1694 | if ((so.RootPart.EveryoneMask & PERM_COPY) != 0) | ||
1695 | permission = true; | ||
1696 | } | ||
1697 | 1693 | ||
1698 | if (so.OwnerID != userID) | 1694 | uint perms = GetObjectPermissions(userID, sog, true); |
1699 | { | 1695 | if((perms & (uint)PermissionMask.Copy) == 0) |
1700 | if ((so.GetEffectivePermissions() & (PERM_COPY | PERM_TRANS)) != (PERM_COPY | PERM_TRANS)) | 1696 | return false; |
1701 | permission = false; | ||
1702 | } | ||
1703 | else | ||
1704 | { | ||
1705 | if ((so.GetEffectivePermissions() & PERM_COPY) != PERM_COPY) | ||
1706 | permission = false; | ||
1707 | } | ||
1708 | 1697 | ||
1709 | return permission; | 1698 | if(sog.OwnerID != userID && sog.OwnerID != sog.GroupID && (perms & (uint)PermissionMask.Transfer) == 0) |
1699 | return false; | ||
1700 | return true; | ||
1710 | } | 1701 | } |
1711 | 1702 | ||
1712 | private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene) | 1703 | private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene) |
@@ -1792,26 +1783,16 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1792 | else // Prim inventory | 1783 | else // Prim inventory |
1793 | { | 1784 | { |
1794 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); | 1785 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); |
1795 | |||
1796 | if (part == null) | 1786 | if (part == null) |
1797 | return false; | 1787 | return false; |
1798 | 1788 | ||
1799 | if (part.OwnerID != user) | 1789 | SceneObjectGroup sog = part.ParentGroup; |
1800 | { | 1790 | if (sog == null) |
1801 | if (part.GroupID == UUID.Zero) | 1791 | return false; |
1802 | return false; | ||
1803 | |||
1804 | if (!IsGroupMember(part.GroupID, user, 0)) | ||
1805 | return false; | ||
1806 | 1792 | ||
1807 | if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) | 1793 | uint perms = GetObjectPermissions(user, sog, true); |
1808 | return false; | 1794 | if((perms & (uint)PermissionMask.Modify) == 0) |
1809 | } | 1795 | return false; |
1810 | else | ||
1811 | { | ||
1812 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | ||
1813 | return false; | ||
1814 | } | ||
1815 | 1796 | ||
1816 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(script); | 1797 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(script); |
1817 | 1798 | ||
@@ -1876,20 +1857,15 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1876 | else // Prim inventory | 1857 | else // Prim inventory |
1877 | { | 1858 | { |
1878 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); | 1859 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); |
1879 | |||
1880 | if (part == null) | 1860 | if (part == null) |
1881 | return false; | 1861 | return false; |
1882 | 1862 | ||
1883 | if (part.OwnerID != user) | 1863 | SceneObjectGroup sog = part.ParentGroup; |
1884 | { | 1864 | if (sog == null) |
1885 | if (part.GroupID == UUID.Zero) | 1865 | return false; |
1886 | return false; | ||
1887 | |||
1888 | if (!IsGroupMember(part.GroupID, user, 0)) | ||
1889 | return false; | ||
1890 | } | ||
1891 | 1866 | ||
1892 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | 1867 | uint perms = GetObjectPermissions(user, sog, true); |
1868 | if((perms & (uint)PermissionMask.Modify) == 0) | ||
1893 | return false; | 1869 | return false; |
1894 | 1870 | ||
1895 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); | 1871 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); |
@@ -1924,7 +1900,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1924 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1900 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1925 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1901 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1926 | 1902 | ||
1927 | return GenericObjectPermission(userID, objectID, false); | 1903 | SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID); |
1904 | if (sog == null) | ||
1905 | return false; | ||
1906 | |||
1907 | uint perms = GetObjectPermissions(userID, sog, true); | ||
1908 | if((perms & (uint)PermissionMask.Modify) == 0) | ||
1909 | return false; | ||
1910 | return true; | ||
1928 | } | 1911 | } |
1929 | 1912 | ||
1930 | private bool CanDelinkObject(UUID userID, UUID objectID) | 1913 | private bool CanDelinkObject(UUID userID, UUID objectID) |
@@ -1932,7 +1915,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1932 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1915 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1933 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1916 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1934 | 1917 | ||
1935 | return GenericObjectPermission(userID, objectID, false); | 1918 | SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID); |
1919 | if (sog == null) | ||
1920 | return false; | ||
1921 | |||
1922 | uint perms = GetObjectPermissions(userID, sog, true); | ||
1923 | if((perms & (uint)PermissionMask.Modify) == 0) | ||
1924 | return false; | ||
1925 | return true; | ||
1936 | } | 1926 | } |
1937 | 1927 | ||
1938 | private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene) | 1928 | private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene) |