diff options
author | Melanie Thielker | 2017-01-05 14:17:00 +0000 |
---|---|---|
committer | Melanie Thielker | 2017-01-05 14:17:00 +0000 |
commit | f4a51116f63ac9641f3df254fbf8001c771903df (patch) | |
tree | a4b92c471efb75ba9d9230d7852123e7b5bf9d18 /OpenSim/Addons/Groups/Service | |
parent | Create all tables ad InnoDB by default (diff) | |
download | opensim-SC-f4a51116f63ac9641f3df254fbf8001c771903df.zip opensim-SC-f4a51116f63ac9641f3df254fbf8001c771903df.tar.gz opensim-SC-f4a51116f63ac9641f3df254fbf8001c771903df.tar.bz2 opensim-SC-f4a51116f63ac9641f3df254fbf8001c771903df.tar.xz |
Fix some permissions checks in groups
The code checked the permissions of a person being added to a role
rather than those of the person doing the adding. Also, limited
permission role removal wasn't implemented.
Diffstat (limited to 'OpenSim/Addons/Groups/Service')
-rw-r--r-- | OpenSim/Addons/Groups/Service/GroupsService.cs | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/OpenSim/Addons/Groups/Service/GroupsService.cs b/OpenSim/Addons/Groups/Service/GroupsService.cs index ae0518c..710b00a 100644 --- a/OpenSim/Addons/Groups/Service/GroupsService.cs +++ b/OpenSim/Addons/Groups/Service/GroupsService.cs | |||
@@ -496,7 +496,7 @@ namespace OpenSim.Groups | |||
496 | if (!unlimited && limited) | 496 | if (!unlimited && limited) |
497 | { | 497 | { |
498 | // check whether person's has this role | 498 | // check whether person's has this role |
499 | RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID); | 499 | RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, RequestingAgentID); |
500 | if (rolemembership == null) | 500 | if (rolemembership == null) |
501 | { | 501 | { |
502 | m_log.DebugFormat("[Groups]: ({0}) Attempt at assigning {1} to role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID); | 502 | m_log.DebugFormat("[Groups]: ({0}) Attempt at assigning {1} to role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID); |
@@ -516,13 +516,26 @@ namespace OpenSim.Groups | |||
516 | return false; | 516 | return false; |
517 | 517 | ||
518 | // check permissions | 518 | // check permissions |
519 | bool limited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMemberLimited); | ||
519 | bool unlimited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMember) || IsOwner(RequestingAgentID, GroupID); | 520 | bool unlimited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMember) || IsOwner(RequestingAgentID, GroupID); |
520 | if (!unlimited) | 521 | if (!limited && !unlimited) |
521 | { | 522 | { |
522 | m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of lack of permission", RequestingAgentID, AgentID, RoleID); | 523 | m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of lack of permission", RequestingAgentID, AgentID, RoleID); |
523 | return false; | 524 | return false; |
524 | } | 525 | } |
525 | 526 | ||
527 | // AssignMemberLimited means that the person can assign another person to the same roles that she has in the group | ||
528 | if (!unlimited && limited) | ||
529 | { | ||
530 | // check whether person's has this role | ||
531 | RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, RequestingAgentID); | ||
532 | if (rolemembership == null) | ||
533 | { | ||
534 | m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID); | ||
535 | return false; | ||
536 | } | ||
537 | } | ||
538 | |||
526 | RoleMembershipData rolemember = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID); | 539 | RoleMembershipData rolemember = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID); |
527 | 540 | ||
528 | if (rolemember == null) | 541 | if (rolemember == null) |
@@ -812,7 +825,7 @@ namespace OpenSim.Groups | |||
812 | if (RoleID != UUID.Zero) | 825 | if (RoleID != UUID.Zero) |
813 | _AddAgentToGroupRole(RequestingAgentID, AgentID, GroupID, RoleID); | 826 | _AddAgentToGroupRole(RequestingAgentID, AgentID, GroupID, RoleID); |
814 | 827 | ||
815 | // Make thit this active group | 828 | // Make this the active group |
816 | PrincipalData pdata = new PrincipalData(); | 829 | PrincipalData pdata = new PrincipalData(); |
817 | pdata.PrincipalID = AgentID; | 830 | pdata.PrincipalID = AgentID; |
818 | pdata.ActiveGroupID = GroupID; | 831 | pdata.ActiveGroupID = GroupID; |