diff options
author | mingchen | 2008-05-13 16:22:57 +0000 |
---|---|---|
committer | mingchen | 2008-05-13 16:22:57 +0000 |
commit | 32785921d0a4a074b92da0f4ec322cf451a4642f (patch) | |
tree | ae93cc8fb09a5d7b991e323617e3324042e30a8d /OpenSim/Region/Environment/Modules/World/Permissions | |
parent | * Remove old historical grid inventory code (diff) | |
download | opensim-SC-32785921d0a4a074b92da0f4ec322cf451a4642f.zip opensim-SC-32785921d0a4a074b92da0f4ec322cf451a4642f.tar.gz opensim-SC-32785921d0a4a074b92da0f4ec322cf451a4642f.tar.bz2 opensim-SC-32785921d0a4a074b92da0f4ec322cf451a4642f.tar.xz |
*Complete redo of the permissions module
*Removed hardcoded permissions checks
*Added permissions checks where needed
Diffstat (limited to 'OpenSim/Region/Environment/Modules/World/Permissions')
-rw-r--r-- | OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs | 818 |
1 files changed, 479 insertions, 339 deletions
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs index 4e31ae6..cead2d8 100644 --- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs | |||
@@ -27,16 +27,23 @@ | |||
27 | 27 | ||
28 | using libsecondlife; | 28 | using libsecondlife; |
29 | using Nini.Config; | 29 | using Nini.Config; |
30 | 30 | using System; | |
31 | using System.Reflection; | ||
32 | using log4net; | ||
31 | using OpenSim.Region.Environment.Interfaces; | 33 | using OpenSim.Region.Environment.Interfaces; |
34 | using OpenSim.Region.Environment.Modules.Framework; | ||
35 | using OpenSim.Region.Environment.Modules.Framework.InterfaceCommander; | ||
32 | using OpenSim.Region.Environment.Scenes; | 36 | using OpenSim.Region.Environment.Scenes; |
33 | 37 | ||
34 | namespace OpenSim.Region.Environment.Modules.World.Permissions | 38 | namespace OpenSim.Region.Environment.Modules.World.Permissions |
35 | { | 39 | { |
36 | public class PermissionsModule : IRegionModule, IScenePermissions | 40 | public class PermissionsModule : IRegionModule, IScenePermissions, ICommandableModule |
37 | { | 41 | { |
38 | protected Scene m_scene; | 42 | protected Scene m_scene; |
43 | private readonly Commander m_commander = new Commander("Permissions"); | ||
44 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | ||
39 | 45 | ||
46 | #region Constants | ||
40 | // These are here for testing. They will be taken out | 47 | // These are here for testing. They will be taken out |
41 | 48 | ||
42 | //private uint PERM_ALL = (uint)2147483647; | 49 | //private uint PERM_ALL = (uint)2147483647; |
@@ -45,16 +52,89 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
45 | private uint PERM_MOVE = (uint)524288; | 52 | private uint PERM_MOVE = (uint)524288; |
46 | //private uint PERM_TRANS = (uint)8192; | 53 | //private uint PERM_TRANS = (uint)8192; |
47 | private uint PERM_LOCKED = (uint)540672; | 54 | private uint PERM_LOCKED = (uint)540672; |
48 | 55 | ||
56 | #endregion | ||
57 | |||
58 | #region Bypass Permissions / Debug Permissions Stuff | ||
59 | |||
49 | // Bypasses the permissions engine | 60 | // Bypasses the permissions engine |
50 | private bool m_bypassPermissions = false; | 61 | private bool m_bypassPermissions = false; |
51 | 62 | private bool m_bypassPermissionsValue = true; | |
63 | private bool m_debugPermissions = false; | ||
52 | public bool BypassPermissions | 64 | public bool BypassPermissions |
53 | { | 65 | { |
54 | get { return m_bypassPermissions; } | 66 | get { return m_bypassPermissions; } |
55 | set { m_bypassPermissions = value; } | 67 | set { m_bypassPermissions = value; } |
56 | } | 68 | } |
57 | 69 | ||
70 | public bool BypassPermissionsValue | ||
71 | { | ||
72 | get { return m_bypassPermissionsValue; } | ||
73 | set { m_bypassPermissionsValue = value; } | ||
74 | } | ||
75 | |||
76 | public bool DebugPermissions | ||
77 | { | ||
78 | get { return m_debugPermissions; } | ||
79 | set { m_debugPermissions = value; } | ||
80 | } | ||
81 | #endregion | ||
82 | |||
83 | #region ICommandableModule Members | ||
84 | |||
85 | public ICommander CommandInterface | ||
86 | { | ||
87 | get { throw new System.NotImplementedException(); } | ||
88 | } | ||
89 | |||
90 | |||
91 | private void InterfaceDebugPermissions(Object[] args) | ||
92 | { | ||
93 | if ((bool)args[0] == true) | ||
94 | { | ||
95 | m_debugPermissions = true; | ||
96 | m_log.Info("[PERMISSIONS]: Permissions Debugging Enabled."); | ||
97 | } | ||
98 | else | ||
99 | { | ||
100 | m_debugPermissions = false; | ||
101 | m_log.Info("[PERMISSIONS]: Permissions Debugging Disabled."); | ||
102 | } | ||
103 | } | ||
104 | |||
105 | private void InterfaceBypassPermissions(Object[] args) | ||
106 | { | ||
107 | if ((bool)args[0] == true) | ||
108 | { | ||
109 | m_log.Info("[PERMISSIONS]: Permissions Bypass Enabled."); | ||
110 | m_bypassPermissionsValue = (bool)args[1]; | ||
111 | } | ||
112 | else | ||
113 | { | ||
114 | m_bypassPermissions = false; | ||
115 | m_log.Info("[PERMISSIONS]: Permissions Bypass Disabled. Normal Operation."); | ||
116 | } | ||
117 | } | ||
118 | |||
119 | /// <summary> | ||
120 | /// Processes commandline input. Do not call directly. | ||
121 | /// </summary> | ||
122 | /// <param name="args">Commandline arguments</param> | ||
123 | private void EventManager_OnPluginConsole(string[] args) | ||
124 | { | ||
125 | if (args[0] == "permissions") | ||
126 | { | ||
127 | string[] tmpArgs = new string[args.Length - 2]; | ||
128 | int i; | ||
129 | for (i = 2; i < args.Length; i++) | ||
130 | tmpArgs[i - 2] = args[i]; | ||
131 | |||
132 | m_commander.ProcessConsoleCommand(args[1], tmpArgs); | ||
133 | } | ||
134 | } | ||
135 | |||
136 | #endregion | ||
137 | |||
58 | #region IRegionModule Members | 138 | #region IRegionModule Members |
59 | 139 | ||
60 | public void Initialise(Scene scene, IConfigSource config) | 140 | public void Initialise(Scene scene, IConfigSource config) |
@@ -67,29 +147,52 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
67 | 147 | ||
68 | m_scene.RegisterModuleInterface<IScenePermissions>(this); | 148 | m_scene.RegisterModuleInterface<IScenePermissions>(this); |
69 | 149 | ||
70 | //Register External Permission Checks! | 150 | //Register functions with Scene External Checks! |
71 | m_scene.ExternalChecks.addCheckAbandonParcel(this.CanAbandonParcel); | 151 | m_scene.ExternalChecks.addCheckAbandonParcel(CanAbandonParcel); //FULLY IMPLEMENTED |
72 | m_scene.ExternalChecks.addCheckCopyObject(this.CanCopyObject); | 152 | m_scene.ExternalChecks.addCheckBeGodLike(CanBeGodLike); //FULLY IMPLEMENTED |
73 | m_scene.ExternalChecks.addCheckDeRezObject(this.CanDeRezObject); | 153 | m_scene.ExternalChecks.addCheckDuplicateObject(CanDuplicateObject); //FULLY IMPLEMENTED |
74 | m_scene.ExternalChecks.addCheckEditEstateTerrain(this.CanEditEstateTerrain); | 154 | m_scene.ExternalChecks.addCheckDeleteObject(CanDeleteObject); //MAYBE FULLY IMPLEMENTED |
75 | m_scene.ExternalChecks.addCheckEditObject(this.CanEditObject); | 155 | m_scene.ExternalChecks.addCheckEditObject(CanEditObject);//MAYBE FULLY IMPLEMENTED |
76 | m_scene.ExternalChecks.addCheckEditParcel(this.CanEditParcel); | 156 | m_scene.ExternalChecks.addCheckEditParcel(CanEditParcel); //FULLY IMPLEMENTED |
77 | m_scene.ExternalChecks.addCheckEditScript(this.CanEditScript); | 157 | m_scene.ExternalChecks.addCheckEditScript(CanEditScript); //NOT YET IMPLEMENTED |
78 | m_scene.ExternalChecks.addCheckInstantMessage(this.CanInstantMessage); | 158 | m_scene.ExternalChecks.addCheckInstantMessage(CanInstantMessage); //FULLY IMPLEMENTED |
79 | m_scene.ExternalChecks.addCheckInventoryTransfer(this.CanInventoryTransfer); | 159 | m_scene.ExternalChecks.addCheckInventoryTransfer(CanInventoryTransfer); //NOT YET IMPLEMENTED |
80 | m_scene.ExternalChecks.addCheckMoveObject(this.CanEditObjectPosition); | 160 | m_scene.ExternalChecks.addCheckIssueEstateCommand(CanIssueEstateCommand); //FULLY IMPLEMENTED |
81 | m_scene.ExternalChecks.addCheckRestartSim(this.CanRestartSim); | 161 | m_scene.ExternalChecks.addCheckMoveObject(CanMoveObject); //HOPEFULLY FULLY IMPLEMENTED |
82 | m_scene.ExternalChecks.addCheckReturnObject(this.CanReturnObject); | 162 | m_scene.ExternalChecks.addCheckObjectEntry(CanObjectEntry); //FULLY IMPLEMENTED |
83 | m_scene.ExternalChecks.addCheckRezObject(this.CanRezObject); | 163 | m_scene.ExternalChecks.addCheckReturnObject(CanReturnObject); //NOT YET IMPLEMENTED |
84 | m_scene.ExternalChecks.addCheckBeGodLike(this.CanBeGodLike); | 164 | m_scene.ExternalChecks.addCheckRezObject(CanRezObject); //HOPEFULLY FULLY IMPLEMENTED |
85 | m_scene.ExternalChecks.addCheckRunConsoleCommand(this.CanRunConsoleCommand); | 165 | m_scene.ExternalChecks.addCheckRunConsoleCommand(CanRunConsoleCommand); //FULLY IMPLEMENTED |
86 | m_scene.ExternalChecks.addCheckRunScript(this.CanRunScript); | 166 | m_scene.ExternalChecks.addCheckRunScript(CanRunScript); //NOT YET IMPLEMENTED |
87 | m_scene.ExternalChecks.addCheckSellParcel(this.CanSellParcel); | 167 | m_scene.ExternalChecks.addCheckSellParcel(CanSellParcel); //FULLY IMPLEMENTED |
88 | //m_scene.ExternalChecks.addCheckTakeObject; -- NOT YET IMPLEMENTED | 168 | m_scene.ExternalChecks.addCheckTakeObject(CanTakeObject); //FULLY IMPLEMENTED |
89 | m_scene.ExternalChecks.addCheckTerraformLandCommand(this.CanTerraform); | 169 | m_scene.ExternalChecks.addCheckTakeCopyObject(CanTakeCopyObject); //FULLY IMPLEMENTED |
170 | m_scene.ExternalChecks.addCheckTerraformLand(CanTerraformLand); //FULL IMPLEMENTED (POINT ONLY!!! NOT AREA!!!) | ||
171 | m_scene.ExternalChecks.addCheckViewScript(CanViewScript); //NOT YET IMPLEMENTED | ||
172 | |||
173 | //NEEDED PERMS: | ||
174 | //CanLinkObject | ||
175 | //CanDelinkObject | ||
176 | //CanBuyLand | ||
177 | |||
178 | |||
179 | //Register Debug Commands | ||
180 | Command bypassCommand = new Command("bypass", InterfaceBypassPermissions, "Force the permissions a specific way to test permissions"); | ||
181 | bypassCommand.AddArgument("enable_bypass_perms", "true to enable bypassing all perms", "Boolean"); | ||
182 | bypassCommand.AddArgument("bypass_perms_value", "true/false: true will ignore all perms; false will restrict everything", "Boolean"); | ||
183 | |||
184 | m_commander.RegisterCommand("bypass", bypassCommand); | ||
185 | |||
186 | Command debugCommand = new Command("debug", InterfaceDebugPermissions, "Force the permissions a specific way to test permissions"); | ||
187 | debugCommand.AddArgument("enable_debug_perms", "true to enable debugging to console all perms", "Boolean"); | ||
188 | |||
189 | m_commander.RegisterCommand("debug", debugCommand); | ||
190 | m_scene.RegisterModuleCommander("CommanderPermissions", m_commander); | ||
90 | 191 | ||
192 | m_scene.EventManager.OnPluginConsole += new EventManager.OnPluginConsoleDelegate(EventManager_OnPluginConsole); | ||
91 | } | 193 | } |
92 | 194 | ||
195 | |||
93 | public void PostInitialise() | 196 | public void PostInitialise() |
94 | { | 197 | { |
95 | } | 198 | } |
@@ -110,18 +213,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
110 | 213 | ||
111 | #endregion | 214 | #endregion |
112 | 215 | ||
216 | #region Helper Functions | ||
113 | protected void SendPermissionError(LLUUID user, string reason) | 217 | protected void SendPermissionError(LLUUID user, string reason) |
114 | { | 218 | { |
115 | m_scene.EventManager.TriggerPermissionError(user, reason); | 219 | m_scene.EventManager.TriggerPermissionError(user, reason); |
116 | } | 220 | } |
221 | protected void DebugPermissionInformation(string permissionCalled) | ||
222 | { | ||
223 | if(m_debugPermissions) | ||
224 | m_log.Info("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); | ||
225 | } | ||
117 | 226 | ||
118 | protected bool IsAdministrator(LLUUID user) | 227 | protected bool IsAdministrator(LLUUID user) |
119 | { | 228 | { |
120 | if (m_bypassPermissions) | ||
121 | { | ||
122 | return true; | ||
123 | } | ||
124 | |||
125 | // If there is no master avatar, return false | 229 | // If there is no master avatar, return false |
126 | if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero) | 230 | if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero) |
127 | { | 231 | { |
@@ -133,117 +237,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
133 | 237 | ||
134 | protected bool IsEstateManager(LLUUID user) | 238 | protected bool IsEstateManager(LLUUID user) |
135 | { | 239 | { |
136 | if (m_bypassPermissions) | ||
137 | { | ||
138 | return true; | ||
139 | } | ||
140 | |||
141 | if (user != LLUUID.Zero) | 240 | if (user != LLUUID.Zero) |
142 | { | 241 | { |
143 | LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers; | 242 | LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers; |
144 | for (int i = 0; i < estatemanagers.Length; i++) | 243 | foreach(LLUUID estatemanager in estatemanagers) |
145 | { | 244 | { |
146 | if (estatemanagers[i] == user) | 245 | if (estatemanager == user) |
147 | return true; | 246 | return true; |
148 | } | 247 | } |
149 | } | 248 | } |
150 | 249 | ||
151 | return false; | 250 | return false; |
152 | } | 251 | } |
153 | 252 | #endregion | |
154 | protected bool IsGridUser(LLUUID user) | ||
155 | { | ||
156 | return true; | ||
157 | } | ||
158 | |||
159 | protected bool IsGuest(LLUUID user) | ||
160 | { | ||
161 | return false; | ||
162 | } | ||
163 | |||
164 | public bool CanRezObject(int objectCount, LLUUID user, LLVector3 position,Scene scene) | ||
165 | { | ||
166 | bool permission = false; | ||
167 | |||
168 | |||
169 | |||
170 | string reason = "Insufficient permission"; | ||
171 | |||
172 | ILandObject land = m_scene.LandChannel.GetLandObject(position.X, position.Y); | ||
173 | if (land == null) return false; | ||
174 | |||
175 | if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) == | ||
176 | (int)Parcel.ParcelFlags.CreateObjects) | ||
177 | permission = true; | ||
178 | |||
179 | //TODO: check for group rights | ||
180 | |||
181 | if (IsAdministrator(user)) | ||
182 | { | ||
183 | permission = true; | ||
184 | } | ||
185 | else | ||
186 | { | ||
187 | reason = "Not an administrator"; | ||
188 | } | ||
189 | |||
190 | if (GenericParcelPermission(user, position)) | ||
191 | { | ||
192 | permission = true; | ||
193 | } | ||
194 | else | ||
195 | { | ||
196 | reason = "Not the parcel owner"; | ||
197 | } | ||
198 | |||
199 | if (!permission) | ||
200 | SendPermissionError(user, reason); | ||
201 | |||
202 | return permission; | ||
203 | } | ||
204 | |||
205 | /// <see cref="Opensim.Region.Environment.Interfaces.IScenePermissions></see> | ||
206 | public bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos) | ||
207 | { | ||
208 | if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f)) | ||
209 | { | ||
210 | return true; | ||
211 | } | ||
212 | |||
213 | ILandObject land1 = m_scene.LandChannel.GetLandObject(oldPos.X, oldPos.Y); | ||
214 | ILandObject land2 = m_scene.LandChannel.GetLandObject(newPos.X, newPos.Y); | ||
215 | |||
216 | if (land1 == null || land2 == null) | ||
217 | { | ||
218 | return false; | ||
219 | } | ||
220 | if (land2 == null) | ||
221 | { | ||
222 | // need this for crossing borders | ||
223 | return true; | ||
224 | } | ||
225 | |||
226 | if (land1.landData.globalID == land2.landData.globalID) | ||
227 | { | ||
228 | return true; | ||
229 | } | ||
230 | |||
231 | if ((land2.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0) | ||
232 | { | ||
233 | return true; | ||
234 | } | ||
235 | |||
236 | //TODO: check for group rights | ||
237 | |||
238 | if (GenericParcelPermission(user, newPos)) | ||
239 | { | ||
240 | return true; | ||
241 | } | ||
242 | |||
243 | SendPermissionError(user, "Not allowed to move objects in this parcel!"); | ||
244 | |||
245 | return false; | ||
246 | } | ||
247 | 253 | ||
248 | #region Object Permissions | 254 | #region Object Permissions |
249 | 255 | ||
@@ -427,302 +433,436 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions | |||
427 | return permission; | 433 | return permission; |
428 | } | 434 | } |
429 | 435 | ||
430 | /// <see cref="Opensim.Region.Environment.Interfaces.IScenePermissions></see> | 436 | |
431 | public bool CanDeRezObject(LLUUID obj,LLUUID user, Scene scene) | 437 | #endregion |
438 | |||
439 | #region Generic Permissions | ||
440 | protected bool GenericCommunicationPermission(LLUUID user, LLUUID target) | ||
432 | { | 441 | { |
433 | return GenericObjectPermission(user, obj); | 442 | bool permission = false; |
443 | string reason = "Only registered users may communicate with another account."; | ||
444 | |||
445 | |||
446 | if (IsAdministrator(user)) | ||
447 | permission = true; | ||
448 | |||
449 | if (IsEstateManager(user)) | ||
450 | permission = true; | ||
451 | |||
452 | if (!permission) | ||
453 | SendPermissionError(user, reason); | ||
454 | |||
455 | return permission; | ||
434 | } | 456 | } |
435 | 457 | ||
436 | public bool CanEditObject(LLUUID obj, LLUUID user, Scene scene) | 458 | public bool GenericEstatePermission(LLUUID user) |
437 | { | 459 | { |
438 | return GenericObjectPermission(user, obj); | 460 | // Default: deny |
461 | bool permission = false; | ||
462 | |||
463 | // Estate admins should be able to use estate tools | ||
464 | if (IsEstateManager(user)) | ||
465 | permission = true; | ||
466 | |||
467 | // Administrators always have permission | ||
468 | if (IsAdministrator(user)) | ||
469 | permission = true; | ||
470 | |||
471 | return permission; | ||
439 | } | 472 | } |
440 | 473 | ||
441 | public bool CanEditObjectPosition(LLUUID obj, LLUUID user, Scene scene) | 474 | protected bool GenericParcelPermission(LLUUID user, ILandObject parcel) |
442 | { | 475 | { |
443 | bool permission = GenericObjectPermission(user, obj); | 476 | bool permission = false; |
444 | if (!permission) | ||
445 | { | ||
446 | if (!m_scene.Entities.ContainsKey(obj)) | ||
447 | { | ||
448 | return false; | ||
449 | } | ||
450 | 477 | ||
451 | // The client | 478 | if (parcel.landData.ownerID == user) |
452 | // may request to edit linked parts, and therefore, it needs | 479 | { |
453 | // to also check for SceneObjectPart | 480 | permission = true; |
481 | } | ||
454 | 482 | ||
455 | // If it's not an object, we cant edit it. | 483 | if (parcel.landData.isGroupOwned) |
456 | if ((!(m_scene.Entities[obj] is SceneObjectGroup))) | 484 | { |
457 | { | 485 | // TODO: Need to do some extra checks here. Requires group code. |
458 | return false; | 486 | } |
459 | } | ||
460 | 487 | ||
488 | if (IsEstateManager(user)) | ||
489 | { | ||
490 | permission = true; | ||
491 | } | ||
461 | 492 | ||
462 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; | 493 | if (IsAdministrator(user)) |
494 | { | ||
495 | permission = true; | ||
496 | } | ||
463 | 497 | ||
498 | return permission; | ||
499 | } | ||
464 | 500 | ||
465 | LLUUID taskOwner = null; | 501 | protected bool GenericParcelPermission(LLUUID user, LLVector3 pos) |
466 | // Added this because at this point in time it wouldn't be wise for | 502 | { |
467 | // the administrator object permissions to take effect. | 503 | ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y); |
468 | LLUUID objectOwner = task.OwnerID; | 504 | if (parcel == null) return false; |
505 | return GenericParcelPermission(user, parcel); | ||
506 | } | ||
507 | #endregion | ||
508 | |||
509 | #region Permission Checks | ||
510 | private bool CanAbandonParcel(LLUUID user, ILandObject parcel, Scene scene) | ||
511 | { | ||
512 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
513 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
469 | 514 | ||
470 | // Anyone can move | 515 | return GenericParcelPermission(user, parcel); |
471 | if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0) | 516 | } |
472 | permission = true; | ||
473 | 517 | ||
474 | // Locked | 518 | private bool CanBeGodLike(LLUUID user, Scene scene) |
475 | if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0) | 519 | { |
476 | permission = false; | 520 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
521 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
477 | 522 | ||
523 | return IsAdministrator(user); | ||
478 | } | 524 | } |
479 | else | 525 | |
526 | private bool CanDuplicateObject(int objectCount, LLUUID objectID, LLUUID owner, Scene scene, LLVector3 objectPosition) | ||
480 | { | 527 | { |
481 | bool locked = false; | 528 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
482 | if (!m_scene.Entities.ContainsKey(obj)) | 529 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
483 | { | ||
484 | return false; | ||
485 | } | ||
486 | 530 | ||
487 | // If it's not an object, we cant edit it. | 531 | if (!GenericObjectPermission(owner, objectID)) |
488 | if ((!(m_scene.Entities[obj] is SceneObjectGroup))) | ||
489 | { | 532 | { |
533 | //They can't even edit the object | ||
490 | return false; | 534 | return false; |
491 | } | 535 | } |
536 | //If they can rez, they can duplicate | ||
537 | return CanRezObject(objectCount, owner, objectPosition, scene); | ||
538 | } | ||
492 | 539 | ||
540 | private bool CanDeleteObject(LLUUID objectID, LLUUID deleter, Scene scene) | ||
541 | { | ||
542 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
543 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
493 | 544 | ||
494 | SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[obj]; | 545 | return GenericObjectPermission(objectID, deleter); |
546 | } | ||
495 | 547 | ||
496 | LLUUID objectOwner = group.OwnerID; | 548 | private bool CanEditObject(LLUUID objectID, LLUUID editorID, Scene scene) |
497 | locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); | 549 | { |
550 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
551 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
498 | 552 | ||
499 | 553 | ||
500 | // This is an exception to the generic object permission. | 554 | return GenericObjectPermission(editorID, objectID); |
501 | // Administrators who lock their objects should not be able to move them, | 555 | } |
502 | // however generic object permission should return true. | ||
503 | // This keeps locked objects from being affected by random click + drag actions by accident | ||
504 | // and allows the administrator to grab or delete a locked object. | ||
505 | 556 | ||
506 | // Administrators and estate managers are still able to click+grab locked objects not | 557 | private bool CanEditParcel(LLUUID user, ILandObject parcel, Scene scene) |
507 | // owned by them in the scene | 558 | { |
508 | // This is by design. | 559 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
560 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
509 | 561 | ||
510 | if (locked && (user == objectOwner)) | 562 | return GenericParcelPermission(user, parcel); |
511 | return false; | ||
512 | } | 563 | } |
513 | return permission; | ||
514 | } | ||
515 | 564 | ||
516 | public bool CanCopyObject(int objectCount, LLUUID obj, LLUUID user, Scene scene, LLVector3 objectPosition) | 565 | private bool CanEditScript(LLUUID script, LLUUID user, Scene scene) |
517 | { | ||
518 | bool permission = GenericObjectPermission(user, obj); | ||
519 | if (permission) | ||
520 | { | 566 | { |
521 | if (!m_scene.Entities.ContainsKey(obj)) | 567 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
522 | { | 568 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
523 | return false; | ||
524 | } | ||
525 | 569 | ||
526 | // If it's not an object, we cant edit it. | 570 | return true; |
527 | if (!(m_scene.Entities[obj] is SceneObjectGroup)) | 571 | } |
528 | { | ||
529 | return false; | ||
530 | } | ||
531 | 572 | ||
532 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; | 573 | private bool CanInstantMessage(LLUUID user, LLUUID target, Scene startScene) |
533 | LLUUID taskOwner = null; | 574 | { |
534 | // Added this because at this point in time it wouldn't be wise for | 575 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
535 | // the administrator object permissions to take effect. | 576 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
536 | LLUUID objectOwner = task.OwnerID; | 577 | |
578 | |||
579 | return GenericCommunicationPermission(user, target); | ||
580 | } | ||
537 | 581 | ||
582 | private bool CanInventoryTransfer(LLUUID user, LLUUID target, Scene startScene) | ||
583 | { | ||
584 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
585 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
538 | 586 | ||
539 | if ((task.RootPart.EveryoneMask & PERM_COPY) != 0) | 587 | return GenericCommunicationPermission(user, target); |
540 | permission = true; | ||
541 | } | 588 | } |
542 | return permission; | ||
543 | } | ||
544 | 589 | ||
545 | public bool CanReturnObject(LLUUID obj, LLUUID user, Scene scene) | 590 | private bool CanIssueEstateCommand(LLUUID user, Scene requestFromScene) |
546 | { | 591 | { |
547 | return GenericObjectPermission(user, obj); | 592 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
548 | } | 593 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
549 | 594 | ||
550 | #endregion | 595 | return GenericEstatePermission(user); |
596 | } | ||
551 | 597 | ||
552 | #region Communication Permissions | 598 | private bool CanMoveObject(LLUUID objectID, LLUUID moverID, Scene scene) |
599 | { | ||
600 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
601 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
553 | 602 | ||
554 | protected bool GenericCommunicationPermission(LLUUID user, LLUUID target) | 603 | bool permission = GenericObjectPermission(moverID, objectID); |
555 | { | 604 | if (!permission) |
556 | bool permission = false; | 605 | { |
557 | string reason = "Only registered users may communicate with another account."; | 606 | if (!m_scene.Entities.ContainsKey(objectID)) |
607 | { | ||
608 | return false; | ||
609 | } | ||
558 | 610 | ||
559 | if (IsGridUser(user)) | 611 | // The client |
560 | permission = true; | 612 | // may request to edit linked parts, and therefore, it needs |
613 | // to also check for SceneObjectPart | ||
561 | 614 | ||
562 | if (!IsGridUser(user)) | 615 | // If it's not an object, we cant edit it. |
563 | { | 616 | if ((!(m_scene.Entities[objectID] is SceneObjectGroup))) |
564 | permission = false; | 617 | { |
565 | reason = "The person that you are messaging is not a registered user."; | 618 | return false; |
566 | } | 619 | } |
567 | if (IsAdministrator(user)) | ||
568 | permission = true; | ||
569 | 620 | ||
570 | if (IsEstateManager(user)) | ||
571 | permission = true; | ||
572 | 621 | ||
573 | if (!permission) | 622 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID]; |
574 | SendPermissionError(user, reason); | ||
575 | 623 | ||
576 | return permission; | ||
577 | } | ||
578 | 624 | ||
579 | public bool CanInstantMessage(LLUUID user, LLUUID target, Scene scene) | 625 | LLUUID taskOwner = null; |
580 | { | 626 | // Added this because at this point in time it wouldn't be wise for |
581 | return GenericCommunicationPermission(user, target); | 627 | // the administrator object permissions to take effect. |
582 | } | 628 | LLUUID objectOwner = task.OwnerID; |
583 | 629 | ||
584 | public bool CanInventoryTransfer(LLUUID user, LLUUID target, Scene scene) | 630 | // Anyone can move |
585 | { | 631 | if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0) |
586 | return GenericCommunicationPermission(user, target); | 632 | permission = true; |
587 | } | ||
588 | 633 | ||
589 | #endregion | 634 | // Locked |
635 | if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0) | ||
636 | permission = false; | ||
590 | 637 | ||
591 | public bool CanEditScript(LLUUID script, LLUUID user, Scene scene) | 638 | } |
592 | { | 639 | else |
593 | return IsAdministrator(user); | 640 | { |
594 | } | 641 | bool locked = false; |
642 | if (!m_scene.Entities.ContainsKey(objectID)) | ||
643 | { | ||
644 | return false; | ||
645 | } | ||
595 | 646 | ||
596 | public bool CanRunScript(LLUUID script, LLUUID user, Scene scene) | 647 | // If it's not an object, we cant edit it. |
597 | { | 648 | if ((!(m_scene.Entities[objectID] is SceneObjectGroup))) |
598 | return IsAdministrator(user); | 649 | { |
599 | } | 650 | return false; |
651 | } | ||
600 | 652 | ||
601 | public bool CanRunConsoleCommand(LLUUID user, Scene scene) | ||
602 | { | ||
603 | return IsAdministrator(user); | ||
604 | } | ||
605 | 653 | ||
606 | public bool CanTerraform(LLUUID user, LLVector3 position, Scene scene) | 654 | SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objectID]; |
607 | { | ||
608 | bool permission = false; | ||
609 | 655 | ||
610 | // Estate override | 656 | LLUUID objectOwner = group.OwnerID; |
611 | if (GenericEstatePermission(user)) | 657 | locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); |
612 | permission = true; | ||
613 | 658 | ||
614 | float X = position.X; | ||
615 | float Y = position.Y; | ||
616 | |||
617 | if (X > 255) | ||
618 | X = 255; | ||
619 | if (Y > 255) | ||
620 | Y = 255; | ||
621 | if (X < 0) | ||
622 | X = 0; | ||
623 | if (Y < 0) | ||
624 | Y = 0; | ||
625 | |||
626 | // Land owner can terraform too | ||
627 | ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y); | ||
628 | if (parcel != null && GenericParcelPermission(user, parcel)) | ||
629 | permission = true; | ||
630 | 659 | ||
631 | if (!permission) | 660 | // This is an exception to the generic object permission. |
632 | SendPermissionError(user, "Not authorized to terraform at this location."); | 661 | // Administrators who lock their objects should not be able to move them, |
662 | // however generic object permission should return true. | ||
663 | // This keeps locked objects from being affected by random click + drag actions by accident | ||
664 | // and allows the administrator to grab or delete a locked object. | ||
633 | 665 | ||
634 | return permission; | 666 | // Administrators and estate managers are still able to click+grab locked objects not |
635 | } | 667 | // owned by them in the scene |
668 | // This is by design. | ||
636 | 669 | ||
637 | #region Estate Permissions | 670 | if (locked && (moverID == objectOwner)) |
671 | return false; | ||
672 | } | ||
673 | return permission; | ||
674 | } | ||
638 | 675 | ||
639 | public bool GenericEstatePermission(LLUUID user) | 676 | private bool CanObjectEntry(LLUUID objectID, LLVector3 newPoint, Scene scene) |
640 | { | 677 | { |
641 | // Default: deny | 678 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
642 | bool permission = false; | 679 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
643 | 680 | ||
644 | // Estate admins should be able to use estate tools | 681 | if ((newPoint.X > 257f || newPoint.X < -1f || newPoint.Y > 257f || newPoint.Y < -1f)) |
645 | if (IsEstateManager(user)) | 682 | { |
646 | permission = true; | 683 | return true; |
684 | } | ||
647 | 685 | ||
648 | // Administrators always have permission | 686 | ILandObject land = m_scene.LandChannel.GetLandObject(newPoint.X, newPoint.Y); |
649 | if (IsAdministrator(user)) | ||
650 | permission = true; | ||
651 | 687 | ||
652 | return permission; | 688 | if (land == null) |
653 | } | 689 | { |
690 | return false; | ||
691 | } | ||
654 | 692 | ||
655 | public bool CanEditEstateTerrain(LLUUID user, Scene scene) | 693 | if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0) |
656 | { | 694 | { |
657 | return GenericEstatePermission(user); | 695 | return true; |
658 | } | 696 | } |
659 | 697 | ||
660 | public bool CanRestartSim(LLUUID user, Scene scene) | 698 | //TODO: check for group rights |
661 | { | ||
662 | // Since this is potentially going on a grid... | ||
663 | 699 | ||
664 | return GenericEstatePermission(user); | 700 | if (!m_scene.Entities.ContainsKey(objectID)) |
665 | //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; | 701 | { |
666 | } | 702 | return false; |
703 | } | ||
667 | 704 | ||
668 | public bool CanBeGodLike(LLUUID user, Scene scene) | 705 | // If it's not an object, we cant edit it. |
669 | { | 706 | if (!(m_scene.Entities[objectID] is SceneObjectGroup)) |
670 | return GenericEstatePermission(user); | 707 | { |
671 | } | 708 | return false; |
709 | } | ||
672 | 710 | ||
673 | #endregion | 711 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID]; |
674 | 712 | ||
675 | #region Parcel Permissions | 713 | if (GenericParcelPermission(task.OwnerID, newPoint)) |
714 | { | ||
715 | return true; | ||
716 | } | ||
676 | 717 | ||
677 | protected bool GenericParcelPermission(LLUUID user, ILandObject parcel) | 718 | //Otherwise, false! |
678 | { | 719 | return false; |
679 | bool permission = false; | 720 | } |
680 | 721 | ||
681 | if (parcel.landData.ownerID == user) | 722 | private bool CanReturnObject(LLUUID objectID, LLUUID returnerID, Scene scene) |
682 | { | 723 | { |
683 | permission = true; | 724 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
725 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
726 | |||
727 | return GenericObjectPermission(returnerID, objectID); | ||
684 | } | 728 | } |
685 | 729 | ||
686 | if (parcel.landData.isGroupOwned) | 730 | private bool CanRezObject(int objectCount, LLUUID owner, LLVector3 objectPosition, Scene scene) |
687 | { | 731 | { |
688 | // TODO: Need to do some extra checks here. Requires group code. | 732 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
733 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
734 | |||
735 | bool permission = false; | ||
736 | |||
737 | ILandObject land = m_scene.LandChannel.GetLandObject(objectPosition.X, objectPosition.Y); | ||
738 | if (land == null) return false; | ||
739 | |||
740 | if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) == | ||
741 | (int)Parcel.ParcelFlags.CreateObjects) | ||
742 | permission = true; | ||
743 | |||
744 | //TODO: check for group rights | ||
745 | |||
746 | if (IsAdministrator(owner)) | ||
747 | { | ||
748 | permission = true; | ||
749 | } | ||
750 | |||
751 | if (GenericParcelPermission(owner, objectPosition)) | ||
752 | { | ||
753 | permission = true; | ||
754 | } | ||
755 | |||
756 | return permission; | ||
689 | } | 757 | } |
690 | 758 | ||
691 | if (IsEstateManager(user)) | 759 | private bool CanRunConsoleCommand(LLUUID user, Scene requestFromScene) |
692 | { | 760 | { |
693 | permission = true; | 761 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
762 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
763 | |||
764 | |||
765 | return IsAdministrator(user); | ||
694 | } | 766 | } |
695 | 767 | ||
696 | if (IsAdministrator(user)) | 768 | private bool CanRunScript(LLUUID script, LLUUID user, Scene scene) |
697 | { | 769 | { |
698 | permission = true; | 770 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
771 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
772 | |||
773 | return true; | ||
699 | } | 774 | } |
700 | 775 | ||
701 | return permission; | 776 | private bool CanSellParcel(LLUUID user, ILandObject parcel, Scene scene) |
702 | } | 777 | { |
778 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
779 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
703 | 780 | ||
704 | protected bool GenericParcelPermission(LLUUID user, LLVector3 pos) | 781 | return GenericParcelPermission(user, parcel); |
705 | { | 782 | } |
706 | ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y); | ||
707 | if (parcel == null) return false; | ||
708 | return GenericParcelPermission(user, parcel); | ||
709 | } | ||
710 | 783 | ||
711 | public bool CanEditParcel(LLUUID user, ILandObject parcel, Scene scene) | 784 | private bool CanTakeObject(LLUUID objectID, LLUUID stealer, Scene scene) |
712 | { | 785 | { |
713 | return GenericParcelPermission(user, parcel); | 786 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
714 | } | 787 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
715 | 788 | ||
716 | public bool CanSellParcel(LLUUID user, ILandObject parcel, Scene scene) | 789 | return GenericObjectPermission(stealer,objectID); |
717 | { | 790 | } |
718 | return GenericParcelPermission(user, parcel); | ||
719 | } | ||
720 | 791 | ||
721 | public bool CanAbandonParcel(LLUUID user, ILandObject parcel, Scene scene) | 792 | private bool CanTakeCopyObject(LLUUID objectID, LLUUID userID, Scene inScene) |
722 | { | 793 | { |
723 | return GenericParcelPermission(user, parcel); | 794 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
724 | } | 795 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
796 | |||
797 | bool permission = GenericObjectPermission(userID, objectID); | ||
798 | if (permission) | ||
799 | { | ||
800 | if (!m_scene.Entities.ContainsKey(objectID)) | ||
801 | { | ||
802 | return false; | ||
803 | } | ||
804 | |||
805 | // If it's not an object, we cant edit it. | ||
806 | if (!(m_scene.Entities[objectID] is SceneObjectGroup)) | ||
807 | { | ||
808 | return false; | ||
809 | } | ||
810 | |||
811 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID]; | ||
812 | LLUUID taskOwner = null; | ||
813 | // Added this because at this point in time it wouldn't be wise for | ||
814 | // the administrator object permissions to take effect. | ||
815 | LLUUID objectOwner = task.OwnerID; | ||
816 | |||
817 | |||
818 | if ((task.RootPart.EveryoneMask & PERM_COPY) != 0) | ||
819 | permission = true; | ||
820 | } | ||
821 | return permission; | ||
822 | } | ||
823 | |||
824 | private bool CanTerraformLand(LLUUID user, LLVector3 position, Scene requestFromScene) | ||
825 | { | ||
826 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
827 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
828 | |||
829 | bool permission = false; | ||
830 | |||
831 | // Estate override | ||
832 | if (GenericEstatePermission(user)) | ||
833 | permission = true; | ||
725 | 834 | ||
835 | float X = position.X; | ||
836 | float Y = position.Y; | ||
837 | |||
838 | if (X > 255) | ||
839 | X = 255; | ||
840 | if (Y > 255) | ||
841 | Y = 255; | ||
842 | if (X < 0) | ||
843 | X = 0; | ||
844 | if (Y < 0) | ||
845 | Y = 0; | ||
846 | |||
847 | // Land owner can terraform too | ||
848 | ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y); | ||
849 | if (parcel != null && GenericParcelPermission(user, parcel)) | ||
850 | permission = true; | ||
851 | |||
852 | |||
853 | return permission; | ||
854 | } | ||
855 | |||
856 | private bool CanViewScript(LLUUID script, LLUUID user, Scene scene) | ||
857 | { | ||
858 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
859 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
860 | |||
861 | return true; | ||
862 | } | ||
726 | #endregion | 863 | #endregion |
864 | |||
865 | |||
727 | } | 866 | } |
867 | |||
728 | } | 868 | } |