aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorMelanie Thielker2017-01-05 14:17:00 +0000
committerMelanie Thielker2017-01-05 14:17:00 +0000
commitf4a51116f63ac9641f3df254fbf8001c771903df (patch)
treea4b92c471efb75ba9d9230d7852123e7b5bf9d18
parentCreate all tables ad InnoDB by default (diff)
downloadopensim-SC-f4a51116f63ac9641f3df254fbf8001c771903df.zip
opensim-SC-f4a51116f63ac9641f3df254fbf8001c771903df.tar.gz
opensim-SC-f4a51116f63ac9641f3df254fbf8001c771903df.tar.bz2
opensim-SC-f4a51116f63ac9641f3df254fbf8001c771903df.tar.xz
Fix some permissions checks in groups
The code checked the permissions of a person being added to a role rather than those of the person doing the adding. Also, limited permission role removal wasn't implemented.
-rw-r--r--OpenSim/Addons/Groups/Service/GroupsService.cs19
1 files changed, 16 insertions, 3 deletions
diff --git a/OpenSim/Addons/Groups/Service/GroupsService.cs b/OpenSim/Addons/Groups/Service/GroupsService.cs
index ae0518c..710b00a 100644
--- a/OpenSim/Addons/Groups/Service/GroupsService.cs
+++ b/OpenSim/Addons/Groups/Service/GroupsService.cs
@@ -496,7 +496,7 @@ namespace OpenSim.Groups
496 if (!unlimited && limited) 496 if (!unlimited && limited)
497 { 497 {
498 // check whether person's has this role 498 // check whether person's has this role
499 RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID); 499 RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, RequestingAgentID);
500 if (rolemembership == null) 500 if (rolemembership == null)
501 { 501 {
502 m_log.DebugFormat("[Groups]: ({0}) Attempt at assigning {1} to role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID); 502 m_log.DebugFormat("[Groups]: ({0}) Attempt at assigning {1} to role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID);
@@ -516,13 +516,26 @@ namespace OpenSim.Groups
516 return false; 516 return false;
517 517
518 // check permissions 518 // check permissions
519 bool limited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMemberLimited);
519 bool unlimited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMember) || IsOwner(RequestingAgentID, GroupID); 520 bool unlimited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMember) || IsOwner(RequestingAgentID, GroupID);
520 if (!unlimited) 521 if (!limited && !unlimited)
521 { 522 {
522 m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of lack of permission", RequestingAgentID, AgentID, RoleID); 523 m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of lack of permission", RequestingAgentID, AgentID, RoleID);
523 return false; 524 return false;
524 } 525 }
525 526
527 // AssignMemberLimited means that the person can assign another person to the same roles that she has in the group
528 if (!unlimited && limited)
529 {
530 // check whether person's has this role
531 RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, RequestingAgentID);
532 if (rolemembership == null)
533 {
534 m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID);
535 return false;
536 }
537 }
538
526 RoleMembershipData rolemember = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID); 539 RoleMembershipData rolemember = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID);
527 540
528 if (rolemember == null) 541 if (rolemember == null)
@@ -812,7 +825,7 @@ namespace OpenSim.Groups
812 if (RoleID != UUID.Zero) 825 if (RoleID != UUID.Zero)
813 _AddAgentToGroupRole(RequestingAgentID, AgentID, GroupID, RoleID); 826 _AddAgentToGroupRole(RequestingAgentID, AgentID, GroupID, RoleID);
814 827
815 // Make thit this active group 828 // Make this the active group
816 PrincipalData pdata = new PrincipalData(); 829 PrincipalData pdata = new PrincipalData();
817 pdata.PrincipalID = AgentID; 830 pdata.PrincipalID = AgentID;
818 pdata.ActiveGroupID = GroupID; 831 pdata.ActiveGroupID = GroupID;