aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/Environment/Modules/World/Permissions
diff options
context:
space:
mode:
authormingchen2008-05-13 16:22:57 +0000
committermingchen2008-05-13 16:22:57 +0000
commit32785921d0a4a074b92da0f4ec322cf451a4642f (patch)
treeae93cc8fb09a5d7b991e323617e3324042e30a8d /OpenSim/Region/Environment/Modules/World/Permissions
parent* Remove old historical grid inventory code (diff)
downloadopensim-SC-32785921d0a4a074b92da0f4ec322cf451a4642f.zip
opensim-SC-32785921d0a4a074b92da0f4ec322cf451a4642f.tar.gz
opensim-SC-32785921d0a4a074b92da0f4ec322cf451a4642f.tar.bz2
opensim-SC-32785921d0a4a074b92da0f4ec322cf451a4642f.tar.xz
*Complete redo of the permissions module
*Removed hardcoded permissions checks *Added permissions checks where needed
Diffstat (limited to 'OpenSim/Region/Environment/Modules/World/Permissions')
-rw-r--r--OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs818
1 files changed, 479 insertions, 339 deletions
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
index 4e31ae6..cead2d8 100644
--- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
@@ -27,16 +27,23 @@
27 27
28using libsecondlife; 28using libsecondlife;
29using Nini.Config; 29using Nini.Config;
30 30using System;
31using System.Reflection;
32using log4net;
31using OpenSim.Region.Environment.Interfaces; 33using OpenSim.Region.Environment.Interfaces;
34using OpenSim.Region.Environment.Modules.Framework;
35using OpenSim.Region.Environment.Modules.Framework.InterfaceCommander;
32using OpenSim.Region.Environment.Scenes; 36using OpenSim.Region.Environment.Scenes;
33 37
34namespace OpenSim.Region.Environment.Modules.World.Permissions 38namespace OpenSim.Region.Environment.Modules.World.Permissions
35{ 39{
36 public class PermissionsModule : IRegionModule, IScenePermissions 40 public class PermissionsModule : IRegionModule, IScenePermissions, ICommandableModule
37 { 41 {
38 protected Scene m_scene; 42 protected Scene m_scene;
43 private readonly Commander m_commander = new Commander("Permissions");
44 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
39 45
46 #region Constants
40 // These are here for testing. They will be taken out 47 // These are here for testing. They will be taken out
41 48
42 //private uint PERM_ALL = (uint)2147483647; 49 //private uint PERM_ALL = (uint)2147483647;
@@ -45,16 +52,89 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
45 private uint PERM_MOVE = (uint)524288; 52 private uint PERM_MOVE = (uint)524288;
46 //private uint PERM_TRANS = (uint)8192; 53 //private uint PERM_TRANS = (uint)8192;
47 private uint PERM_LOCKED = (uint)540672; 54 private uint PERM_LOCKED = (uint)540672;
48 55
56 #endregion
57
58 #region Bypass Permissions / Debug Permissions Stuff
59
49 // Bypasses the permissions engine 60 // Bypasses the permissions engine
50 private bool m_bypassPermissions = false; 61 private bool m_bypassPermissions = false;
51 62 private bool m_bypassPermissionsValue = true;
63 private bool m_debugPermissions = false;
52 public bool BypassPermissions 64 public bool BypassPermissions
53 { 65 {
54 get { return m_bypassPermissions; } 66 get { return m_bypassPermissions; }
55 set { m_bypassPermissions = value; } 67 set { m_bypassPermissions = value; }
56 } 68 }
57 69
70 public bool BypassPermissionsValue
71 {
72 get { return m_bypassPermissionsValue; }
73 set { m_bypassPermissionsValue = value; }
74 }
75
76 public bool DebugPermissions
77 {
78 get { return m_debugPermissions; }
79 set { m_debugPermissions = value; }
80 }
81 #endregion
82
83 #region ICommandableModule Members
84
85 public ICommander CommandInterface
86 {
87 get { throw new System.NotImplementedException(); }
88 }
89
90
91 private void InterfaceDebugPermissions(Object[] args)
92 {
93 if ((bool)args[0] == true)
94 {
95 m_debugPermissions = true;
96 m_log.Info("[PERMISSIONS]: Permissions Debugging Enabled.");
97 }
98 else
99 {
100 m_debugPermissions = false;
101 m_log.Info("[PERMISSIONS]: Permissions Debugging Disabled.");
102 }
103 }
104
105 private void InterfaceBypassPermissions(Object[] args)
106 {
107 if ((bool)args[0] == true)
108 {
109 m_log.Info("[PERMISSIONS]: Permissions Bypass Enabled.");
110 m_bypassPermissionsValue = (bool)args[1];
111 }
112 else
113 {
114 m_bypassPermissions = false;
115 m_log.Info("[PERMISSIONS]: Permissions Bypass Disabled. Normal Operation.");
116 }
117 }
118
119 /// <summary>
120 /// Processes commandline input. Do not call directly.
121 /// </summary>
122 /// <param name="args">Commandline arguments</param>
123 private void EventManager_OnPluginConsole(string[] args)
124 {
125 if (args[0] == "permissions")
126 {
127 string[] tmpArgs = new string[args.Length - 2];
128 int i;
129 for (i = 2; i < args.Length; i++)
130 tmpArgs[i - 2] = args[i];
131
132 m_commander.ProcessConsoleCommand(args[1], tmpArgs);
133 }
134 }
135
136 #endregion
137
58 #region IRegionModule Members 138 #region IRegionModule Members
59 139
60 public void Initialise(Scene scene, IConfigSource config) 140 public void Initialise(Scene scene, IConfigSource config)
@@ -67,29 +147,52 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
67 147
68 m_scene.RegisterModuleInterface<IScenePermissions>(this); 148 m_scene.RegisterModuleInterface<IScenePermissions>(this);
69 149
70 //Register External Permission Checks! 150 //Register functions with Scene External Checks!
71 m_scene.ExternalChecks.addCheckAbandonParcel(this.CanAbandonParcel); 151 m_scene.ExternalChecks.addCheckAbandonParcel(CanAbandonParcel); //FULLY IMPLEMENTED
72 m_scene.ExternalChecks.addCheckCopyObject(this.CanCopyObject); 152 m_scene.ExternalChecks.addCheckBeGodLike(CanBeGodLike); //FULLY IMPLEMENTED
73 m_scene.ExternalChecks.addCheckDeRezObject(this.CanDeRezObject); 153 m_scene.ExternalChecks.addCheckDuplicateObject(CanDuplicateObject); //FULLY IMPLEMENTED
74 m_scene.ExternalChecks.addCheckEditEstateTerrain(this.CanEditEstateTerrain); 154 m_scene.ExternalChecks.addCheckDeleteObject(CanDeleteObject); //MAYBE FULLY IMPLEMENTED
75 m_scene.ExternalChecks.addCheckEditObject(this.CanEditObject); 155 m_scene.ExternalChecks.addCheckEditObject(CanEditObject);//MAYBE FULLY IMPLEMENTED
76 m_scene.ExternalChecks.addCheckEditParcel(this.CanEditParcel); 156 m_scene.ExternalChecks.addCheckEditParcel(CanEditParcel); //FULLY IMPLEMENTED
77 m_scene.ExternalChecks.addCheckEditScript(this.CanEditScript); 157 m_scene.ExternalChecks.addCheckEditScript(CanEditScript); //NOT YET IMPLEMENTED
78 m_scene.ExternalChecks.addCheckInstantMessage(this.CanInstantMessage); 158 m_scene.ExternalChecks.addCheckInstantMessage(CanInstantMessage); //FULLY IMPLEMENTED
79 m_scene.ExternalChecks.addCheckInventoryTransfer(this.CanInventoryTransfer); 159 m_scene.ExternalChecks.addCheckInventoryTransfer(CanInventoryTransfer); //NOT YET IMPLEMENTED
80 m_scene.ExternalChecks.addCheckMoveObject(this.CanEditObjectPosition); 160 m_scene.ExternalChecks.addCheckIssueEstateCommand(CanIssueEstateCommand); //FULLY IMPLEMENTED
81 m_scene.ExternalChecks.addCheckRestartSim(this.CanRestartSim); 161 m_scene.ExternalChecks.addCheckMoveObject(CanMoveObject); //HOPEFULLY FULLY IMPLEMENTED
82 m_scene.ExternalChecks.addCheckReturnObject(this.CanReturnObject); 162 m_scene.ExternalChecks.addCheckObjectEntry(CanObjectEntry); //FULLY IMPLEMENTED
83 m_scene.ExternalChecks.addCheckRezObject(this.CanRezObject); 163 m_scene.ExternalChecks.addCheckReturnObject(CanReturnObject); //NOT YET IMPLEMENTED
84 m_scene.ExternalChecks.addCheckBeGodLike(this.CanBeGodLike); 164 m_scene.ExternalChecks.addCheckRezObject(CanRezObject); //HOPEFULLY FULLY IMPLEMENTED
85 m_scene.ExternalChecks.addCheckRunConsoleCommand(this.CanRunConsoleCommand); 165 m_scene.ExternalChecks.addCheckRunConsoleCommand(CanRunConsoleCommand); //FULLY IMPLEMENTED
86 m_scene.ExternalChecks.addCheckRunScript(this.CanRunScript); 166 m_scene.ExternalChecks.addCheckRunScript(CanRunScript); //NOT YET IMPLEMENTED
87 m_scene.ExternalChecks.addCheckSellParcel(this.CanSellParcel); 167 m_scene.ExternalChecks.addCheckSellParcel(CanSellParcel); //FULLY IMPLEMENTED
88 //m_scene.ExternalChecks.addCheckTakeObject; -- NOT YET IMPLEMENTED 168 m_scene.ExternalChecks.addCheckTakeObject(CanTakeObject); //FULLY IMPLEMENTED
89 m_scene.ExternalChecks.addCheckTerraformLandCommand(this.CanTerraform); 169 m_scene.ExternalChecks.addCheckTakeCopyObject(CanTakeCopyObject); //FULLY IMPLEMENTED
170 m_scene.ExternalChecks.addCheckTerraformLand(CanTerraformLand); //FULL IMPLEMENTED (POINT ONLY!!! NOT AREA!!!)
171 m_scene.ExternalChecks.addCheckViewScript(CanViewScript); //NOT YET IMPLEMENTED
172
173 //NEEDED PERMS:
174 //CanLinkObject
175 //CanDelinkObject
176 //CanBuyLand
177
178
179 //Register Debug Commands
180 Command bypassCommand = new Command("bypass", InterfaceBypassPermissions, "Force the permissions a specific way to test permissions");
181 bypassCommand.AddArgument("enable_bypass_perms", "true to enable bypassing all perms", "Boolean");
182 bypassCommand.AddArgument("bypass_perms_value", "true/false: true will ignore all perms; false will restrict everything", "Boolean");
183
184 m_commander.RegisterCommand("bypass", bypassCommand);
185
186 Command debugCommand = new Command("debug", InterfaceDebugPermissions, "Force the permissions a specific way to test permissions");
187 debugCommand.AddArgument("enable_debug_perms", "true to enable debugging to console all perms", "Boolean");
188
189 m_commander.RegisterCommand("debug", debugCommand);
190 m_scene.RegisterModuleCommander("CommanderPermissions", m_commander);
90 191
192 m_scene.EventManager.OnPluginConsole += new EventManager.OnPluginConsoleDelegate(EventManager_OnPluginConsole);
91 } 193 }
92 194
195
93 public void PostInitialise() 196 public void PostInitialise()
94 { 197 {
95 } 198 }
@@ -110,18 +213,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
110 213
111 #endregion 214 #endregion
112 215
216 #region Helper Functions
113 protected void SendPermissionError(LLUUID user, string reason) 217 protected void SendPermissionError(LLUUID user, string reason)
114 { 218 {
115 m_scene.EventManager.TriggerPermissionError(user, reason); 219 m_scene.EventManager.TriggerPermissionError(user, reason);
116 } 220 }
221 protected void DebugPermissionInformation(string permissionCalled)
222 {
223 if(m_debugPermissions)
224 m_log.Info("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
225 }
117 226
118 protected bool IsAdministrator(LLUUID user) 227 protected bool IsAdministrator(LLUUID user)
119 { 228 {
120 if (m_bypassPermissions)
121 {
122 return true;
123 }
124
125 // If there is no master avatar, return false 229 // If there is no master avatar, return false
126 if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero) 230 if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero)
127 { 231 {
@@ -133,117 +237,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
133 237
134 protected bool IsEstateManager(LLUUID user) 238 protected bool IsEstateManager(LLUUID user)
135 { 239 {
136 if (m_bypassPermissions)
137 {
138 return true;
139 }
140
141 if (user != LLUUID.Zero) 240 if (user != LLUUID.Zero)
142 { 241 {
143 LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers; 242 LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers;
144 for (int i = 0; i < estatemanagers.Length; i++) 243 foreach(LLUUID estatemanager in estatemanagers)
145 { 244 {
146 if (estatemanagers[i] == user) 245 if (estatemanager == user)
147 return true; 246 return true;
148 } 247 }
149 } 248 }
150 249
151 return false; 250 return false;
152 } 251 }
153 252#endregion
154 protected bool IsGridUser(LLUUID user)
155 {
156 return true;
157 }
158
159 protected bool IsGuest(LLUUID user)
160 {
161 return false;
162 }
163
164 public bool CanRezObject(int objectCount, LLUUID user, LLVector3 position,Scene scene)
165 {
166 bool permission = false;
167
168
169
170 string reason = "Insufficient permission";
171
172 ILandObject land = m_scene.LandChannel.GetLandObject(position.X, position.Y);
173 if (land == null) return false;
174
175 if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) ==
176 (int)Parcel.ParcelFlags.CreateObjects)
177 permission = true;
178
179 //TODO: check for group rights
180
181 if (IsAdministrator(user))
182 {
183 permission = true;
184 }
185 else
186 {
187 reason = "Not an administrator";
188 }
189
190 if (GenericParcelPermission(user, position))
191 {
192 permission = true;
193 }
194 else
195 {
196 reason = "Not the parcel owner";
197 }
198
199 if (!permission)
200 SendPermissionError(user, reason);
201
202 return permission;
203 }
204
205 /// <see cref="Opensim.Region.Environment.Interfaces.IScenePermissions></see>
206 public bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos)
207 {
208 if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f))
209 {
210 return true;
211 }
212
213 ILandObject land1 = m_scene.LandChannel.GetLandObject(oldPos.X, oldPos.Y);
214 ILandObject land2 = m_scene.LandChannel.GetLandObject(newPos.X, newPos.Y);
215
216 if (land1 == null || land2 == null)
217 {
218 return false;
219 }
220 if (land2 == null)
221 {
222 // need this for crossing borders
223 return true;
224 }
225
226 if (land1.landData.globalID == land2.landData.globalID)
227 {
228 return true;
229 }
230
231 if ((land2.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0)
232 {
233 return true;
234 }
235
236 //TODO: check for group rights
237
238 if (GenericParcelPermission(user, newPos))
239 {
240 return true;
241 }
242
243 SendPermissionError(user, "Not allowed to move objects in this parcel!");
244
245 return false;
246 }
247 253
248 #region Object Permissions 254 #region Object Permissions
249 255
@@ -427,302 +433,436 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
427 return permission; 433 return permission;
428 } 434 }
429 435
430 /// <see cref="Opensim.Region.Environment.Interfaces.IScenePermissions></see> 436
431 public bool CanDeRezObject(LLUUID obj,LLUUID user, Scene scene) 437 #endregion
438
439 #region Generic Permissions
440 protected bool GenericCommunicationPermission(LLUUID user, LLUUID target)
432 { 441 {
433 return GenericObjectPermission(user, obj); 442 bool permission = false;
443 string reason = "Only registered users may communicate with another account.";
444
445
446 if (IsAdministrator(user))
447 permission = true;
448
449 if (IsEstateManager(user))
450 permission = true;
451
452 if (!permission)
453 SendPermissionError(user, reason);
454
455 return permission;
434 } 456 }
435 457
436 public bool CanEditObject(LLUUID obj, LLUUID user, Scene scene) 458 public bool GenericEstatePermission(LLUUID user)
437 { 459 {
438 return GenericObjectPermission(user, obj); 460 // Default: deny
461 bool permission = false;
462
463 // Estate admins should be able to use estate tools
464 if (IsEstateManager(user))
465 permission = true;
466
467 // Administrators always have permission
468 if (IsAdministrator(user))
469 permission = true;
470
471 return permission;
439 } 472 }
440 473
441 public bool CanEditObjectPosition(LLUUID obj, LLUUID user, Scene scene) 474 protected bool GenericParcelPermission(LLUUID user, ILandObject parcel)
442 { 475 {
443 bool permission = GenericObjectPermission(user, obj); 476 bool permission = false;
444 if (!permission)
445 {
446 if (!m_scene.Entities.ContainsKey(obj))
447 {
448 return false;
449 }
450 477
451 // The client 478 if (parcel.landData.ownerID == user)
452 // may request to edit linked parts, and therefore, it needs 479 {
453 // to also check for SceneObjectPart 480 permission = true;
481 }
454 482
455 // If it's not an object, we cant edit it. 483 if (parcel.landData.isGroupOwned)
456 if ((!(m_scene.Entities[obj] is SceneObjectGroup))) 484 {
457 { 485 // TODO: Need to do some extra checks here. Requires group code.
458 return false; 486 }
459 }
460 487
488 if (IsEstateManager(user))
489 {
490 permission = true;
491 }
461 492
462 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; 493 if (IsAdministrator(user))
494 {
495 permission = true;
496 }
463 497
498 return permission;
499 }
464 500
465 LLUUID taskOwner = null; 501 protected bool GenericParcelPermission(LLUUID user, LLVector3 pos)
466 // Added this because at this point in time it wouldn't be wise for 502 {
467 // the administrator object permissions to take effect. 503 ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
468 LLUUID objectOwner = task.OwnerID; 504 if (parcel == null) return false;
505 return GenericParcelPermission(user, parcel);
506 }
507#endregion
508
509 #region Permission Checks
510 private bool CanAbandonParcel(LLUUID user, ILandObject parcel, Scene scene)
511 {
512 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
513 if (m_bypassPermissions) return m_bypassPermissionsValue;
469 514
470 // Anyone can move 515 return GenericParcelPermission(user, parcel);
471 if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0) 516 }
472 permission = true;
473 517
474 // Locked 518 private bool CanBeGodLike(LLUUID user, Scene scene)
475 if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0) 519 {
476 permission = false; 520 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
521 if (m_bypassPermissions) return m_bypassPermissionsValue;
477 522
523 return IsAdministrator(user);
478 } 524 }
479 else 525
526 private bool CanDuplicateObject(int objectCount, LLUUID objectID, LLUUID owner, Scene scene, LLVector3 objectPosition)
480 { 527 {
481 bool locked = false; 528 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
482 if (!m_scene.Entities.ContainsKey(obj)) 529 if (m_bypassPermissions) return m_bypassPermissionsValue;
483 {
484 return false;
485 }
486 530
487 // If it's not an object, we cant edit it. 531 if (!GenericObjectPermission(owner, objectID))
488 if ((!(m_scene.Entities[obj] is SceneObjectGroup)))
489 { 532 {
533 //They can't even edit the object
490 return false; 534 return false;
491 } 535 }
536 //If they can rez, they can duplicate
537 return CanRezObject(objectCount, owner, objectPosition, scene);
538 }
492 539
540 private bool CanDeleteObject(LLUUID objectID, LLUUID deleter, Scene scene)
541 {
542 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
543 if (m_bypassPermissions) return m_bypassPermissionsValue;
493 544
494 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[obj]; 545 return GenericObjectPermission(objectID, deleter);
546 }
495 547
496 LLUUID objectOwner = group.OwnerID; 548 private bool CanEditObject(LLUUID objectID, LLUUID editorID, Scene scene)
497 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); 549 {
550 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
551 if (m_bypassPermissions) return m_bypassPermissionsValue;
498 552
499 553
500 // This is an exception to the generic object permission. 554 return GenericObjectPermission(editorID, objectID);
501 // Administrators who lock their objects should not be able to move them, 555 }
502 // however generic object permission should return true.
503 // This keeps locked objects from being affected by random click + drag actions by accident
504 // and allows the administrator to grab or delete a locked object.
505 556
506 // Administrators and estate managers are still able to click+grab locked objects not 557 private bool CanEditParcel(LLUUID user, ILandObject parcel, Scene scene)
507 // owned by them in the scene 558 {
508 // This is by design. 559 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
560 if (m_bypassPermissions) return m_bypassPermissionsValue;
509 561
510 if (locked && (user == objectOwner)) 562 return GenericParcelPermission(user, parcel);
511 return false;
512 } 563 }
513 return permission;
514 }
515 564
516 public bool CanCopyObject(int objectCount, LLUUID obj, LLUUID user, Scene scene, LLVector3 objectPosition) 565 private bool CanEditScript(LLUUID script, LLUUID user, Scene scene)
517 {
518 bool permission = GenericObjectPermission(user, obj);
519 if (permission)
520 { 566 {
521 if (!m_scene.Entities.ContainsKey(obj)) 567 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
522 { 568 if (m_bypassPermissions) return m_bypassPermissionsValue;
523 return false;
524 }
525 569
526 // If it's not an object, we cant edit it. 570 return true;
527 if (!(m_scene.Entities[obj] is SceneObjectGroup)) 571 }
528 {
529 return false;
530 }
531 572
532 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; 573 private bool CanInstantMessage(LLUUID user, LLUUID target, Scene startScene)
533 LLUUID taskOwner = null; 574 {
534 // Added this because at this point in time it wouldn't be wise for 575 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
535 // the administrator object permissions to take effect. 576 if (m_bypassPermissions) return m_bypassPermissionsValue;
536 LLUUID objectOwner = task.OwnerID; 577
578
579 return GenericCommunicationPermission(user, target);
580 }
537 581
582 private bool CanInventoryTransfer(LLUUID user, LLUUID target, Scene startScene)
583 {
584 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
585 if (m_bypassPermissions) return m_bypassPermissionsValue;
538 586
539 if ((task.RootPart.EveryoneMask & PERM_COPY) != 0) 587 return GenericCommunicationPermission(user, target);
540 permission = true;
541 } 588 }
542 return permission;
543 }
544 589
545 public bool CanReturnObject(LLUUID obj, LLUUID user, Scene scene) 590 private bool CanIssueEstateCommand(LLUUID user, Scene requestFromScene)
546 { 591 {
547 return GenericObjectPermission(user, obj); 592 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
548 } 593 if (m_bypassPermissions) return m_bypassPermissionsValue;
549 594
550 #endregion 595 return GenericEstatePermission(user);
596 }
551 597
552 #region Communication Permissions 598 private bool CanMoveObject(LLUUID objectID, LLUUID moverID, Scene scene)
599 {
600 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
601 if (m_bypassPermissions) return m_bypassPermissionsValue;
553 602
554 protected bool GenericCommunicationPermission(LLUUID user, LLUUID target) 603 bool permission = GenericObjectPermission(moverID, objectID);
555 { 604 if (!permission)
556 bool permission = false; 605 {
557 string reason = "Only registered users may communicate with another account."; 606 if (!m_scene.Entities.ContainsKey(objectID))
607 {
608 return false;
609 }
558 610
559 if (IsGridUser(user)) 611 // The client
560 permission = true; 612 // may request to edit linked parts, and therefore, it needs
613 // to also check for SceneObjectPart
561 614
562 if (!IsGridUser(user)) 615 // If it's not an object, we cant edit it.
563 { 616 if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
564 permission = false; 617 {
565 reason = "The person that you are messaging is not a registered user."; 618 return false;
566 } 619 }
567 if (IsAdministrator(user))
568 permission = true;
569 620
570 if (IsEstateManager(user))
571 permission = true;
572 621
573 if (!permission) 622 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
574 SendPermissionError(user, reason);
575 623
576 return permission;
577 }
578 624
579 public bool CanInstantMessage(LLUUID user, LLUUID target, Scene scene) 625 LLUUID taskOwner = null;
580 { 626 // Added this because at this point in time it wouldn't be wise for
581 return GenericCommunicationPermission(user, target); 627 // the administrator object permissions to take effect.
582 } 628 LLUUID objectOwner = task.OwnerID;
583 629
584 public bool CanInventoryTransfer(LLUUID user, LLUUID target, Scene scene) 630 // Anyone can move
585 { 631 if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
586 return GenericCommunicationPermission(user, target); 632 permission = true;
587 }
588 633
589 #endregion 634 // Locked
635 if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
636 permission = false;
590 637
591 public bool CanEditScript(LLUUID script, LLUUID user, Scene scene) 638 }
592 { 639 else
593 return IsAdministrator(user); 640 {
594 } 641 bool locked = false;
642 if (!m_scene.Entities.ContainsKey(objectID))
643 {
644 return false;
645 }
595 646
596 public bool CanRunScript(LLUUID script, LLUUID user, Scene scene) 647 // If it's not an object, we cant edit it.
597 { 648 if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
598 return IsAdministrator(user); 649 {
599 } 650 return false;
651 }
600 652
601 public bool CanRunConsoleCommand(LLUUID user, Scene scene)
602 {
603 return IsAdministrator(user);
604 }
605 653
606 public bool CanTerraform(LLUUID user, LLVector3 position, Scene scene) 654 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objectID];
607 {
608 bool permission = false;
609 655
610 // Estate override 656 LLUUID objectOwner = group.OwnerID;
611 if (GenericEstatePermission(user)) 657 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
612 permission = true;
613 658
614 float X = position.X;
615 float Y = position.Y;
616
617 if (X > 255)
618 X = 255;
619 if (Y > 255)
620 Y = 255;
621 if (X < 0)
622 X = 0;
623 if (Y < 0)
624 Y = 0;
625
626 // Land owner can terraform too
627 ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y);
628 if (parcel != null && GenericParcelPermission(user, parcel))
629 permission = true;
630 659
631 if (!permission) 660 // This is an exception to the generic object permission.
632 SendPermissionError(user, "Not authorized to terraform at this location."); 661 // Administrators who lock their objects should not be able to move them,
662 // however generic object permission should return true.
663 // This keeps locked objects from being affected by random click + drag actions by accident
664 // and allows the administrator to grab or delete a locked object.
633 665
634 return permission; 666 // Administrators and estate managers are still able to click+grab locked objects not
635 } 667 // owned by them in the scene
668 // This is by design.
636 669
637 #region Estate Permissions 670 if (locked && (moverID == objectOwner))
671 return false;
672 }
673 return permission;
674 }
638 675
639 public bool GenericEstatePermission(LLUUID user) 676 private bool CanObjectEntry(LLUUID objectID, LLVector3 newPoint, Scene scene)
640 { 677 {
641 // Default: deny 678 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
642 bool permission = false; 679 if (m_bypassPermissions) return m_bypassPermissionsValue;
643 680
644 // Estate admins should be able to use estate tools 681 if ((newPoint.X > 257f || newPoint.X < -1f || newPoint.Y > 257f || newPoint.Y < -1f))
645 if (IsEstateManager(user)) 682 {
646 permission = true; 683 return true;
684 }
647 685
648 // Administrators always have permission 686 ILandObject land = m_scene.LandChannel.GetLandObject(newPoint.X, newPoint.Y);
649 if (IsAdministrator(user))
650 permission = true;
651 687
652 return permission; 688 if (land == null)
653 } 689 {
690 return false;
691 }
654 692
655 public bool CanEditEstateTerrain(LLUUID user, Scene scene) 693 if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0)
656 { 694 {
657 return GenericEstatePermission(user); 695 return true;
658 } 696 }
659 697
660 public bool CanRestartSim(LLUUID user, Scene scene) 698 //TODO: check for group rights
661 {
662 // Since this is potentially going on a grid...
663 699
664 return GenericEstatePermission(user); 700 if (!m_scene.Entities.ContainsKey(objectID))
665 //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; 701 {
666 } 702 return false;
703 }
667 704
668 public bool CanBeGodLike(LLUUID user, Scene scene) 705 // If it's not an object, we cant edit it.
669 { 706 if (!(m_scene.Entities[objectID] is SceneObjectGroup))
670 return GenericEstatePermission(user); 707 {
671 } 708 return false;
709 }
672 710
673 #endregion 711 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
674 712
675 #region Parcel Permissions 713 if (GenericParcelPermission(task.OwnerID, newPoint))
714 {
715 return true;
716 }
676 717
677 protected bool GenericParcelPermission(LLUUID user, ILandObject parcel) 718 //Otherwise, false!
678 { 719 return false;
679 bool permission = false; 720 }
680 721
681 if (parcel.landData.ownerID == user) 722 private bool CanReturnObject(LLUUID objectID, LLUUID returnerID, Scene scene)
682 { 723 {
683 permission = true; 724 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
725 if (m_bypassPermissions) return m_bypassPermissionsValue;
726
727 return GenericObjectPermission(returnerID, objectID);
684 } 728 }
685 729
686 if (parcel.landData.isGroupOwned) 730 private bool CanRezObject(int objectCount, LLUUID owner, LLVector3 objectPosition, Scene scene)
687 { 731 {
688 // TODO: Need to do some extra checks here. Requires group code. 732 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
733 if (m_bypassPermissions) return m_bypassPermissionsValue;
734
735 bool permission = false;
736
737 ILandObject land = m_scene.LandChannel.GetLandObject(objectPosition.X, objectPosition.Y);
738 if (land == null) return false;
739
740 if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) ==
741 (int)Parcel.ParcelFlags.CreateObjects)
742 permission = true;
743
744 //TODO: check for group rights
745
746 if (IsAdministrator(owner))
747 {
748 permission = true;
749 }
750
751 if (GenericParcelPermission(owner, objectPosition))
752 {
753 permission = true;
754 }
755
756 return permission;
689 } 757 }
690 758
691 if (IsEstateManager(user)) 759 private bool CanRunConsoleCommand(LLUUID user, Scene requestFromScene)
692 { 760 {
693 permission = true; 761 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
762 if (m_bypassPermissions) return m_bypassPermissionsValue;
763
764
765 return IsAdministrator(user);
694 } 766 }
695 767
696 if (IsAdministrator(user)) 768 private bool CanRunScript(LLUUID script, LLUUID user, Scene scene)
697 { 769 {
698 permission = true; 770 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
771 if (m_bypassPermissions) return m_bypassPermissionsValue;
772
773 return true;
699 } 774 }
700 775
701 return permission; 776 private bool CanSellParcel(LLUUID user, ILandObject parcel, Scene scene)
702 } 777 {
778 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
779 if (m_bypassPermissions) return m_bypassPermissionsValue;
703 780
704 protected bool GenericParcelPermission(LLUUID user, LLVector3 pos) 781 return GenericParcelPermission(user, parcel);
705 { 782 }
706 ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
707 if (parcel == null) return false;
708 return GenericParcelPermission(user, parcel);
709 }
710 783
711 public bool CanEditParcel(LLUUID user, ILandObject parcel, Scene scene) 784 private bool CanTakeObject(LLUUID objectID, LLUUID stealer, Scene scene)
712 { 785 {
713 return GenericParcelPermission(user, parcel); 786 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
714 } 787 if (m_bypassPermissions) return m_bypassPermissionsValue;
715 788
716 public bool CanSellParcel(LLUUID user, ILandObject parcel, Scene scene) 789 return GenericObjectPermission(stealer,objectID);
717 { 790 }
718 return GenericParcelPermission(user, parcel);
719 }
720 791
721 public bool CanAbandonParcel(LLUUID user, ILandObject parcel, Scene scene) 792 private bool CanTakeCopyObject(LLUUID objectID, LLUUID userID, Scene inScene)
722 { 793 {
723 return GenericParcelPermission(user, parcel); 794 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
724 } 795 if (m_bypassPermissions) return m_bypassPermissionsValue;
796
797 bool permission = GenericObjectPermission(userID, objectID);
798 if (permission)
799 {
800 if (!m_scene.Entities.ContainsKey(objectID))
801 {
802 return false;
803 }
804
805 // If it's not an object, we cant edit it.
806 if (!(m_scene.Entities[objectID] is SceneObjectGroup))
807 {
808 return false;
809 }
810
811 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
812 LLUUID taskOwner = null;
813 // Added this because at this point in time it wouldn't be wise for
814 // the administrator object permissions to take effect.
815 LLUUID objectOwner = task.OwnerID;
816
817
818 if ((task.RootPart.EveryoneMask & PERM_COPY) != 0)
819 permission = true;
820 }
821 return permission;
822 }
823
824 private bool CanTerraformLand(LLUUID user, LLVector3 position, Scene requestFromScene)
825 {
826 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
827 if (m_bypassPermissions) return m_bypassPermissionsValue;
828
829 bool permission = false;
830
831 // Estate override
832 if (GenericEstatePermission(user))
833 permission = true;
725 834
835 float X = position.X;
836 float Y = position.Y;
837
838 if (X > 255)
839 X = 255;
840 if (Y > 255)
841 Y = 255;
842 if (X < 0)
843 X = 0;
844 if (Y < 0)
845 Y = 0;
846
847 // Land owner can terraform too
848 ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y);
849 if (parcel != null && GenericParcelPermission(user, parcel))
850 permission = true;
851
852
853 return permission;
854 }
855
856 private bool CanViewScript(LLUUID script, LLUUID user, Scene scene)
857 {
858 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
859 if (m_bypassPermissions) return m_bypassPermissionsValue;
860
861 return true;
862 }
726 #endregion 863 #endregion
864
865
727 } 866 }
867
728} 868}