* Refactor: Break out permissions code into a separate region PermissionsModule

author: Justin Clarke Casey 2008-05-05 20:14:53 +0000
committer: Justin Clarke Casey 2008-05-05 20:14:53 +0000
commit: 9655cf280779021e6241a08f8610cad9b982763f (patch)
tree: 82ef6d74969e4b64971d64a6a18e4488729167a8 /OpenSim/Region/Environment/PermissionManager.cs
parent: * Just some tidy up and documentation before I make my first ever attempt to ... (diff)
download: opensim-SC-9655cf280779021e6241a08f8610cad9b982763f.zip
opensim-SC-9655cf280779021e6241a08f8610cad9b982763f.tar.gz
opensim-SC-9655cf280779021e6241a08f8610cad9b982763f.tar.bz2
opensim-SC-9655cf280779021e6241a08f8610cad9b982763f.tar.xz
1 files changed, 0 insertions, 694 deletions
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs
deleted file mode 100644
index fd8387b..0000000
--- a/OpenSim/Region/Environment/PermissionManager.cs
+++ /dev/null
@@ -1,694 +0,0 @@
-/*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *     * Redistributions of source code must retain the above copyright
- *       notice, this list of conditions and the following disclaimer.
- *     * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *     * Neither the name of the OpenSim Project nor the
- *       names of its contributors may be used to endorse or promote products
- *       derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-using libsecondlife;
-using OpenSim.Region.Environment.Interfaces;
-using OpenSim.Region.Environment.Scenes;
-namespace OpenSim.Region.Environment
-{
-    public class PermissionManager
-    {
-        protected Scene m_scene;
-        // These are here for testing.  They will be taken out
-        
-        //private uint PERM_ALL = (uint)2147483647;
-        private uint PERM_COPY = (uint)32768;
-        //private uint PERM_MODIFY = (uint)16384;
-        private uint PERM_MOVE = (uint)524288;
-        //private uint PERM_TRANS = (uint)8192;
-        private uint PERM_LOCKED = (uint)540672;
-        // Bypasses the permissions engine (always returns OK)
-        // disable in any production environment
-        // TODO: Change this to false when permissions are a desired default
-        // TODO: Move to configuration option.
-        private bool m_bypassPermissions = true;
-        public bool BypassPermissions
-        {
-            get { return m_bypassPermissions; }
-            set { m_bypassPermissions = value; }
-        }
-        public PermissionManager()
-        {
-        }
-        public PermissionManager(Scene scene)
-        {
-            m_scene = scene;
-        }
-        public void Initialise(Scene scene)
-        {
-            m_scene = scene;
-        }
-        protected virtual void SendPermissionError(LLUUID user, string reason)
-        {
-            m_scene.EventManager.TriggerPermissionError(user, reason);
-        }
-        protected virtual bool IsAdministrator(LLUUID user)
-        {
-            if (m_bypassPermissions)
-            {
-                return true;
-            }
-            // If there is no master avatar, return false
-            if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero)
-            {
-                return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
-            }
-            return false;
-        }
-        public virtual bool IsEstateManager(LLUUID user)
-        {
-            if (m_bypassPermissions)
-            {
-                return true;
-            }
-            if (user != LLUUID.Zero)
-            {
-                LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers;
-                for (int i = 0; i < estatemanagers.Length; i++)
-                {
-                    if (estatemanagers[i] == user)
-                        return true;
-                }
-            }
-            return false;
-        }
-        protected virtual bool IsGridUser(LLUUID user)
-        {
-            return true;
-        }
-        protected virtual bool IsGuest(LLUUID user)
-        {
-            return false;
-        }
-        public virtual bool CanRezObject(LLUUID user, LLVector3 position)
-        {
-            bool permission = false;
-            string reason = "Insufficient permission";
-            ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y);
-            if (land == null) return false;
-            if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) ==
-                (int)Parcel.ParcelFlags.CreateObjects)
-                permission = true;
-            //TODO: check for group rights
-            if (IsAdministrator(user))
-            {
-                permission = true;
-            }
-            else
-            {
-                reason = "Not an administrator";
-            }
-            if (GenericParcelPermission(user, position))
-            {
-                permission = true;
-            }
-            else
-            {
-                reason = "Not the parcel owner";
-            }
-            if (!permission)
-                SendPermissionError(user, reason);
-            return permission;
-        }
-        /// <summary>
-        /// Permissions check - can user enter an object?
-        /// </summary>
-        /// <param name="user">User attempting move an object</param>
-        /// <param name="oldPos">Source object-position</param>
-        /// <param name="newPos">Target object-position</param>
-        /// <returns>Has permission?</returns>
-        public virtual bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos)
-        {
-            
-            if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f))
-            {
-                return true;
-            }
-            ILandObject land1 = m_scene.LandChannel.getLandObject(oldPos.X, oldPos.Y);
-            ILandObject land2 = m_scene.LandChannel.getLandObject(newPos.X, newPos.Y);
-            if (land1 == null || land2 == null)
-            {
-                return false;
-            }
-            if (land2 == null)
-            {
-                // need this for crossing borders
-                return true;
-            }
-            if (land1.landData.globalID == land2.landData.globalID)
-            {
-                return true;
-            }
-            if ((land2.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0)
-            {
-                return true;
-            }
-            //TODO: check for group rights
-            if (GenericParcelPermission(user, newPos))
-            {
-                return true;
-            }
-            SendPermissionError(user, "Not allowed to move objects in this parcel!");
-            return false;
-        }
-        #region Object Permissions
-        public virtual uint GenerateClientFlags(LLUUID user, LLUUID objID)
-        {
-            // Here's the way this works, 
-            // ObjectFlags and Permission flags are two different enumerations
-            // ObjectFlags, however, tells the client to change what it will allow the user to do.
-            // So, that means that all of the permissions type ObjectFlags are /temporary/ and only 
-            // supposed to be set when customizing the objectflags for the client.  
-            // These temporary objectflags get computed and added in this function based on the 
-            // Permission mask that's appropriate!
-            // Outside of this method, they should never be added to objectflags!
-            // -teravus
-                        SceneObjectPart task=m_scene.GetSceneObjectPart(objID);
-            
-            // this shouldn't ever happen..     return no permissions/objectflags.
-            if (task == null)
-                return (uint)0;
-                        uint objflags = task.GetEffectiveObjectFlags();
-                        LLUUID objectOwner = task.OwnerID;
-            // Remove any of the objectFlags that are temporary.  These will get added back if appropriate 
-            // in the next bit of code
-            objflags &= (uint)
-                ~(LLObject.ObjectFlags.ObjectCopy | // Tells client you can copy the object
-                  LLObject.ObjectFlags.ObjectModify | // tells client you can modify the object
-                  LLObject.ObjectFlags.ObjectMove |   // tells client that you can move the object (only, no mod)
-                  LLObject.ObjectFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
-                  LLObject.ObjectFlags.ObjectYouOwner | // Tells client that you're the owner of the object
-                  LLObject.ObjectFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
-                    );
-            // Creating the three ObjectFlags options for this method to choose from.
-            // Customize the OwnerMask
-            uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags);
-            objectOwnerMask |= (uint)LLObject.ObjectFlags.ObjectYouOwner;
-            // Customize the GroupMask
-            uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags);
-            // Customize the EveryoneMask
-            uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags);
-            // Hack to allow collaboration until Groups and Group Permissions are implemented
-            if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0)
-                objectEveryoneMask |= (uint)LLObject.ObjectFlags.ObjectModify;
-            if (m_bypassPermissions)
-                return objectOwnerMask;
-            // Object owners should be able to edit their own content
-            if (user == objectOwner)
-            {
-                return objectOwnerMask;
-            }
-            // Users should be able to edit what is over their land.
-            ILandObject parcel = m_scene.LandChannel.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
-            if (parcel != null && parcel.landData.ownerID == user)
-                return objectOwnerMask;
-            // Admin objects should not be editable by the above
-            if (IsAdministrator(objectOwner))
-                return objectEveryoneMask;
-            // Estate users should be able to edit anything in the sim
-            if (IsEstateManager(user))
-                return objectOwnerMask;
-            // Admin should be able to edit anything in the sim (including admin objects)
-            if (IsAdministrator(user))
-                return objectOwnerMask;
-            return objectEveryoneMask;
-        }
-        private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
-        {
-            // We are adding the temporary objectflags to the object's objectflags based on the 
-            // permission flag given.  These change the F flags on the client.
-            if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)
-            {
-                objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectCopy;
-            }
-            if ((setPermissionMask & (uint)PermissionMask.Move) != 0)
-            {
-                objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectMove;
-            }
-            if ((setPermissionMask & (uint)PermissionMask.Modify) != 0)
-            {
-                objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectModify;
-            }
-            if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0)
-            {
-                objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectTransfer;
-            }
-            return objectFlagsMask;
-        }
-        protected virtual bool GenericObjectPermission(LLUUID currentUser, LLUUID objId)
-        {
-            // Default: deny
-            bool permission = false;
-            bool locked = false;
-            if (!m_scene.Entities.ContainsKey(objId))
-            {
-                return false;
-            }
-            // If it's not an object, we cant edit it.
-            if ((!(m_scene.Entities[objId] is SceneObjectGroup)))
-            {
-                return false;
-            }
-            SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
-            LLUUID objectOwner = group.OwnerID;
-            locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
-            // People shouldn't be able to do anything with locked objects, except the Administrator
-            // The 'set permissions' runs through a different permission check, so when an object owner 
-            // sets an object locked, the only thing that they can do is unlock it.
-            //
-            // Nobody but the object owner can set permissions on an object
-            //
-            if (locked && (!IsAdministrator(currentUser)))
-            {
-                return false;
-            }
-            // Object owners should be able to edit their own content
-            if (currentUser == objectOwner)
-            {
-                permission = true;
-            }
-            // Users should be able to edit what is over their land.
-            ILandObject parcel = m_scene.LandChannel.getLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y);
-            if ((parcel != null) && (parcel.landData.ownerID == currentUser))
-            {
-                permission = true;
-            }
-            // Estate users should be able to edit anything in the sim
-            if (IsEstateManager(currentUser))
-            {
-                permission = true;
-            }
-            // Admin objects should not be editable by the above
-            if (IsAdministrator(objectOwner))
-            {
-                permission = false;
-            }
-            // Admin should be able to edit anything in the sim (including admin objects)
-            if (IsAdministrator(currentUser))
-            {
-                permission = true;
-            }
-            return permission;
-        }
-        /// <summary>
-        /// Permissions check - can user delete an object?
-        /// </summary>
-        /// <param name="user">User attempting the delete</param>
-        /// <param name="obj">Target object</param>
-        /// <returns>Has permission?</returns>
-        public virtual bool CanDeRezObject(LLUUID user, LLUUID obj)
-        {
-            return GenericObjectPermission(user, obj);
-        }
-        public virtual bool CanEditObject(LLUUID user, LLUUID obj)
-        {
-            return GenericObjectPermission(user, obj);
-        }
-        public virtual bool CanEditObjectPosition(LLUUID user, LLUUID obj)
-        {
-            bool permission = GenericObjectPermission(user, obj);
-            if (!permission)
-            {
-                if (!m_scene.Entities.ContainsKey(obj))
-                {
-                    return false;
-                }
-                // The client 
-                // may request to edit linked parts, and therefore, it needs 
-                // to also check for SceneObjectPart
-                // If it's not an object, we cant edit it.
-                if ((!(m_scene.Entities[obj] is SceneObjectGroup)))
-                {
-                    return false;
-                }
-                SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj];
-                LLUUID taskOwner = null;
-                // Added this because at this point in time it wouldn't be wise for 
-                // the administrator object permissions to take effect.
-                LLUUID objectOwner = task.OwnerID;
-                // Anyone can move
-                if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
-                    permission = true;
-                // Locked
-                if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
-                    permission = false;
-            }
-            else
-            {
-                bool locked = false;
-                if (!m_scene.Entities.ContainsKey(obj))
-                {
-                    return false;
-                }
-                // If it's not an object, we cant edit it.
-                if ((!(m_scene.Entities[obj] is SceneObjectGroup)))
-                {
-                    return false;
-                }
-                SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[obj];
-                LLUUID objectOwner = group.OwnerID;
-                locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
-                // This is an exception to the generic object permission.
-                // Administrators who lock their objects should not be able to move them, 
-                // however generic object permission should return true.
-                // This keeps locked objects from being affected by random click + drag actions by accident
-                // and allows the administrator to grab or delete a locked object.
-                // Administrators and estate managers are still able to click+grab locked objects not 
-                // owned by them in the scene
-                // This is by design.
-                if (locked && (user == objectOwner))
-                    return false;
-            }
-            return permission;
-        }
-        public virtual bool CanCopyObject(LLUUID user, LLUUID obj)
-        {
-            bool permission = GenericObjectPermission(user, obj);
-            if (!permission)
-            {
-                if (!m_scene.Entities.ContainsKey(obj))
-                {
-                    return false;
-                }
-                // If it's not an object, we cant edit it.
-                if (!(m_scene.Entities[obj] is SceneObjectGroup))
-                {
-                    return false;
-                }
-                SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj];
-                LLUUID taskOwner = null;
-                // Added this because at this point in time it wouldn't be wise for 
-                // the administrator object permissions to take effect.
-                LLUUID objectOwner = task.OwnerID;
-                if ((task.RootPart.EveryoneMask & PERM_COPY) != 0)
-                    permission = true;
-            }
-            return permission;
-        }
-        public virtual bool CanReturnObject(LLUUID user, LLUUID obj)
-        {
-            return GenericObjectPermission(user, obj);
-        }
-        #endregion
-        #region Communication Permissions
-        public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target)
-        {
-            bool permission = false;
-            string reason = "Only registered users may communicate with another account.";
-            if (IsGridUser(user))
-                permission = true;
-            if (!IsGridUser(user))
-            {
-                permission = false;
-                reason = "The person that you are messaging is not a registered user.";
-            }
-            if (IsAdministrator(user))
-                permission = true;
-            if (IsEstateManager(user))
-                permission = true;
-            if (!permission)
-                SendPermissionError(user, reason);
-            return permission;
-        }
-        public virtual bool CanInstantMessage(LLUUID user, LLUUID target)
-        {
-            return GenericCommunicationPermission(user, target);
-        }
-        public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target)
-        {
-            return GenericCommunicationPermission(user, target);
-        }
-        #endregion
-        public virtual bool CanEditScript(LLUUID user, LLUUID script)
-        {
-            return IsAdministrator(user);
-        }
-        public virtual bool CanRunScript(LLUUID user, LLUUID script)
-        {
-            return IsAdministrator(user);
-        }
-        public virtual bool CanRunConsoleCommand(LLUUID user)
-        {
-            return IsAdministrator(user);
-        }
-        public virtual bool CanTerraform(LLUUID user, LLVector3 position)
-        {
-            bool permission = false;
-            // Estate override
-            if (GenericEstatePermission(user))
-                permission = true;
-            float X = position.X;
-            float Y = position.Y;
-            if (X > 255)
-                X = 255;
-            if (Y > 255)
-                Y = 255;
-            if (X < 0)
-                X = 0;
-            if (Y < 0)
-                Y = 0;
-            // Land owner can terraform too
-            ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y);
-            if (parcel != null && GenericParcelPermission(user, parcel))
-                permission = true;
-            if (!permission)
-                SendPermissionError(user, "Not authorized to terraform at this location.");
-            return permission;
-        }
-        #region Estate Permissions
-        public virtual bool GenericEstatePermission(LLUUID user)
-        {
-            // Default: deny
-            bool permission = false;
-            // Estate admins should be able to use estate tools
-            if (IsEstateManager(user))
-                permission = true;
-            // Administrators always have permission
-            if (IsAdministrator(user))
-                permission = true;
-            return permission;
-        }
-        public virtual bool CanEditEstateTerrain(LLUUID user)
-        {
-            return GenericEstatePermission(user);
-        }
-        public virtual bool CanRestartSim(LLUUID user)
-        {
-            // Since this is potentially going on a grid...    
-            return GenericEstatePermission(user);
-            //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
-        }
-        #endregion
-        #region Parcel Permissions
-        protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel)
-        {
-            bool permission = false;
-            if (parcel.landData.ownerID == user)
-            {
-                permission = true;
-            }
-            if (parcel.landData.isGroupOwned)
-            {
-                // TODO: Need to do some extra checks here. Requires group code.
-            }
-            if (IsEstateManager(user))
-            {
-                permission = true;
-            }
-            if (IsAdministrator(user))
-            {
-                permission = true;
-            }
-            return permission;
-        }
-        protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
-        {
-            ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y);
-            if (parcel == null) return false;
-            return GenericParcelPermission(user, parcel);
-        }
-        public virtual bool CanEditParcel(LLUUID user, ILandObject parcel)
-        {
-            return GenericParcelPermission(user, parcel);
-        }
-        public virtual bool CanSellParcel(LLUUID user, ILandObject parcel)
-        {
-            return GenericParcelPermission(user, parcel);
-        }
-        public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel)
-        {
-            return GenericParcelPermission(user, parcel);
-        }
-        #endregion
-    }
-}
author	Justin Clarke Casey	2008-05-05 20:14:53 +0000
committer	Justin Clarke Casey	2008-05-05 20:14:53 +0000
commit	9655cf280779021e6241a08f8610cad9b982763f (patch)
tree	82ef6d74969e4b64971d64a6a18e4488729167a8 /OpenSim/Region/Environment/PermissionManager.cs
parent	* Just some tidy up and documentation before I make my first ever attempt to ... (diff)
download	opensim-SC-9655cf280779021e6241a08f8610cad9b982763f.zip opensim-SC-9655cf280779021e6241a08f8610cad9b982763f.tar.gz opensim-SC-9655cf280779021e6241a08f8610cad9b982763f.tar.bz2 opensim-SC-9655cf280779021e6241a08f8610cad9b982763f.tar.xz

diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs deleted file mode 100644 index fd8387b..0000000 --- a/OpenSim/Region/Environment/PermissionManager.cs +++ /dev/null
@@ -1,694 +0,0 @@
1	/*
2	* Copyright (c) Contributors, http://opensimulator.org/
3	* See CONTRIBUTORS.TXT for a full list of copyright holders.
4	*
5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions are met:
7	* * Redistributions of source code must retain the above copyright
8	* notice, this list of conditions and the following disclaimer.
9	* * Redistributions in binary form must reproduce the above copyright
10	* notice, this list of conditions and the following disclaimer in the
11	* documentation and/or other materials provided with the distribution.
12	* * Neither the name of the OpenSim Project nor the
13	* names of its contributors may be used to endorse or promote products
14	* derived from this software without specific prior written permission.
15	*
16	* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
17	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19	* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23	* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26	*/
27
28	using libsecondlife;
29	using OpenSim.Region.Environment.Interfaces;
30	using OpenSim.Region.Environment.Scenes;
31
32	namespace OpenSim.Region.Environment
33	{
34	public class PermissionManager
35	{
36	protected Scene m_scene;
37
38	// These are here for testing. They will be taken out
39
40	//private uint PERM_ALL = (uint)2147483647;
41	private uint PERM_COPY = (uint)32768;
42	//private uint PERM_MODIFY = (uint)16384;
43	private uint PERM_MOVE = (uint)524288;
44	//private uint PERM_TRANS = (uint)8192;
45	private uint PERM_LOCKED = (uint)540672;
46	// Bypasses the permissions engine (always returns OK)
47	// disable in any production environment
48	// TODO: Change this to false when permissions are a desired default
49	// TODO: Move to configuration option.
50	private bool m_bypassPermissions = true;
51
52	public bool BypassPermissions
53	{
54	get { return m_bypassPermissions; }
55	set { m_bypassPermissions = value; }
56	}
57
58	public PermissionManager()
59	{
60	}
61
62	public PermissionManager(Scene scene)
63	{
64	m_scene = scene;
65	}
66
67	public void Initialise(Scene scene)
68	{
69	m_scene = scene;
70	}
71
72	protected virtual void SendPermissionError(LLUUID user, string reason)
73	{
74	m_scene.EventManager.TriggerPermissionError(user, reason);
75	}
76
77	protected virtual bool IsAdministrator(LLUUID user)
78	{
79	if (m_bypassPermissions)
80	{
81	return true;
82	}
83
84	// If there is no master avatar, return false
85	if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero)
86	{
87	return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
88	}
89
90	return false;
91	}
92
93	public virtual bool IsEstateManager(LLUUID user)
94	{
95	if (m_bypassPermissions)
96	{
97	return true;
98	}
99
100	if (user != LLUUID.Zero)
101	{
102	LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers;
103	for (int i = 0; i < estatemanagers.Length; i++)
104	{
105	if (estatemanagers[i] == user)
106	return true;
107	}
108	}
109
110	return false;
111	}
112
113	protected virtual bool IsGridUser(LLUUID user)
114	{
115	return true;
116	}
117
118	protected virtual bool IsGuest(LLUUID user)
119	{
120	return false;
121	}
122
123	public virtual bool CanRezObject(LLUUID user, LLVector3 position)
124	{
125	bool permission = false;
126
127	string reason = "Insufficient permission";
128
129	ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y);
130	if (land == null) return false;
131
132	if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) ==
133	(int)Parcel.ParcelFlags.CreateObjects)
134	permission = true;
135
136	//TODO: check for group rights
137
138	if (IsAdministrator(user))
139	{
140	permission = true;
141	}
142	else
143	{
144	reason = "Not an administrator";
145	}
146
147	if (GenericParcelPermission(user, position))
148	{
149	permission = true;
150	}
151	else
152	{
153	reason = "Not the parcel owner";
154	}
155
156	if (!permission)
157	SendPermissionError(user, reason);
158
159	return permission;
160	}
161
162	/// <summary>
163	/// Permissions check - can user enter an object?
164	/// </summary>
165	/// <param name="user">User attempting move an object</param>
166	/// <param name="oldPos">Source object-position</param>
167	/// <param name="newPos">Target object-position</param>
168	/// <returns>Has permission?</returns>
169	public virtual bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos)
170	{
171
172
173	if ((newPos.X > 257f \|\| newPos.X < -1f \|\| newPos.Y > 257f \|\| newPos.Y < -1f))
174	{
175	return true;
176	}
177
178	ILandObject land1 = m_scene.LandChannel.getLandObject(oldPos.X, oldPos.Y);
179	ILandObject land2 = m_scene.LandChannel.getLandObject(newPos.X, newPos.Y);
180
181	if (land1 == null \|\| land2 == null)
182	{
183	return false;
184	}
185	if (land2 == null)
186	{
187	// need this for crossing borders
188	return true;
189	}
190
191	if (land1.landData.globalID == land2.landData.globalID)
192	{
193	return true;
194	}
195
196	if ((land2.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0)
197	{
198	return true;
199	}
200
201	//TODO: check for group rights
202
203	if (GenericParcelPermission(user, newPos))
204	{
205	return true;
206	}
207
208	SendPermissionError(user, "Not allowed to move objects in this parcel!");
209
210	return false;
211	}
212
213	#region Object Permissions
214
215	public virtual uint GenerateClientFlags(LLUUID user, LLUUID objID)
216	{
217
218	// Here's the way this works,
219	// ObjectFlags and Permission flags are two different enumerations
220	// ObjectFlags, however, tells the client to change what it will allow the user to do.
221	// So, that means that all of the permissions type ObjectFlags are /temporary/ and only
222	// supposed to be set when customizing the objectflags for the client.
223
224	// These temporary objectflags get computed and added in this function based on the
225	// Permission mask that's appropriate!
226	// Outside of this method, they should never be added to objectflags!
227	// -teravus
228
229	SceneObjectPart task=m_scene.GetSceneObjectPart(objID);
230
231	// this shouldn't ever happen.. return no permissions/objectflags.
232	if (task == null)
233	return (uint)0;
234
235	uint objflags = task.GetEffectiveObjectFlags();
236	LLUUID objectOwner = task.OwnerID;
237
238
239	// Remove any of the objectFlags that are temporary. These will get added back if appropriate
240	// in the next bit of code
241
242	objflags &= (uint)
243	~(LLObject.ObjectFlags.ObjectCopy \| // Tells client you can copy the object
244	LLObject.ObjectFlags.ObjectModify \| // tells client you can modify the object
245	LLObject.ObjectFlags.ObjectMove \| // tells client that you can move the object (only, no mod)
246	LLObject.ObjectFlags.ObjectTransfer \| // tells the client that you can /take/ the object if you don't own it
247	LLObject.ObjectFlags.ObjectYouOwner \| // Tells client that you're the owner of the object
248	LLObject.ObjectFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
249	);
250
251	// Creating the three ObjectFlags options for this method to choose from.
252	// Customize the OwnerMask
253	uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags);
254	objectOwnerMask \|= (uint)LLObject.ObjectFlags.ObjectYouOwner;
255
256	// Customize the GroupMask
257	uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags);
258
259	// Customize the EveryoneMask
260	uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags);
261
262
263	// Hack to allow collaboration until Groups and Group Permissions are implemented
264	if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0)
265	objectEveryoneMask \|= (uint)LLObject.ObjectFlags.ObjectModify;
266
267	if (m_bypassPermissions)
268	return objectOwnerMask;
269
270	// Object owners should be able to edit their own content
271	if (user == objectOwner)
272	{
273	return objectOwnerMask;
274	}
275
276	// Users should be able to edit what is over their land.
277	ILandObject parcel = m_scene.LandChannel.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
278	if (parcel != null && parcel.landData.ownerID == user)
279	return objectOwnerMask;
280
281	// Admin objects should not be editable by the above
282	if (IsAdministrator(objectOwner))
283	return objectEveryoneMask;
284
285	// Estate users should be able to edit anything in the sim
286	if (IsEstateManager(user))
287	return objectOwnerMask;
288
289
290
291	// Admin should be able to edit anything in the sim (including admin objects)
292	if (IsAdministrator(user))
293	return objectOwnerMask;
294
295
296	return objectEveryoneMask;
297	}
298
299
300
301	private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
302	{
303	// We are adding the temporary objectflags to the object's objectflags based on the
304	// permission flag given. These change the F flags on the client.
305
306	if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)
307	{
308	objectFlagsMask \|= (uint)LLObject.ObjectFlags.ObjectCopy;
309	}
310
311	if ((setPermissionMask & (uint)PermissionMask.Move) != 0)
312	{
313	objectFlagsMask \|= (uint)LLObject.ObjectFlags.ObjectMove;
314	}
315
316	if ((setPermissionMask & (uint)PermissionMask.Modify) != 0)
317	{
318	objectFlagsMask \|= (uint)LLObject.ObjectFlags.ObjectModify;
319	}
320
321	if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0)
322	{
323	objectFlagsMask \|= (uint)LLObject.ObjectFlags.ObjectTransfer;
324	}
325
326	return objectFlagsMask;
327	}
328
329	protected virtual bool GenericObjectPermission(LLUUID currentUser, LLUUID objId)
330	{
331	// Default: deny
332	bool permission = false;
333	bool locked = false;
334
335	if (!m_scene.Entities.ContainsKey(objId))
336	{
337	return false;
338	}
339
340	// If it's not an object, we cant edit it.
341	if ((!(m_scene.Entities[objId] is SceneObjectGroup)))
342	{
343	return false;
344	}
345
346
347	SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
348
349	LLUUID objectOwner = group.OwnerID;
350	locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
351
352	// People shouldn't be able to do anything with locked objects, except the Administrator
353	// The 'set permissions' runs through a different permission check, so when an object owner
354	// sets an object locked, the only thing that they can do is unlock it.
355	//
356	// Nobody but the object owner can set permissions on an object
357	//
358
359	if (locked && (!IsAdministrator(currentUser)))
360	{
361	return false;
362	}
363
364	// Object owners should be able to edit their own content
365	if (currentUser == objectOwner)
366	{
367	permission = true;
368	}
369
370	// Users should be able to edit what is over their land.
371	ILandObject parcel = m_scene.LandChannel.getLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y);
372	if ((parcel != null) && (parcel.landData.ownerID == currentUser))
373	{
374	permission = true;
375	}
376
377	// Estate users should be able to edit anything in the sim
378	if (IsEstateManager(currentUser))
379	{
380	permission = true;
381	}
382
383	// Admin objects should not be editable by the above
384	if (IsAdministrator(objectOwner))
385	{
386	permission = false;
387	}
388
389	// Admin should be able to edit anything in the sim (including admin objects)
390	if (IsAdministrator(currentUser))
391	{
392	permission = true;
393	}
394
395	return permission;
396	}
397
398	/// <summary>
399	/// Permissions check - can user delete an object?
400	/// </summary>
401	/// <param name="user">User attempting the delete</param>
402	/// <param name="obj">Target object</param>
403	/// <returns>Has permission?</returns>
404	public virtual bool CanDeRezObject(LLUUID user, LLUUID obj)
405	{
406	return GenericObjectPermission(user, obj);
407	}
408
409	public virtual bool CanEditObject(LLUUID user, LLUUID obj)
410	{
411	return GenericObjectPermission(user, obj);
412	}
413
414	public virtual bool CanEditObjectPosition(LLUUID user, LLUUID obj)
415	{
416	bool permission = GenericObjectPermission(user, obj);
417	if (!permission)
418	{
419	if (!m_scene.Entities.ContainsKey(obj))
420	{
421	return false;
422	}
423
424	// The client
425	// may request to edit linked parts, and therefore, it needs
426	// to also check for SceneObjectPart
427
428	// If it's not an object, we cant edit it.
429	if ((!(m_scene.Entities[obj] is SceneObjectGroup)))
430	{
431	return false;
432	}
433
434
435	SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj];
436
437
438	LLUUID taskOwner = null;
439	// Added this because at this point in time it wouldn't be wise for
440	// the administrator object permissions to take effect.
441	LLUUID objectOwner = task.OwnerID;
442
443	// Anyone can move
444	if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
445	permission = true;
446
447	// Locked
448	if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
449	permission = false;
450
451	}
452	else
453	{
454	bool locked = false;
455	if (!m_scene.Entities.ContainsKey(obj))
456	{
457	return false;
458	}
459
460	// If it's not an object, we cant edit it.
461	if ((!(m_scene.Entities[obj] is SceneObjectGroup)))
462	{
463	return false;
464	}
465
466
467	SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[obj];
468
469	LLUUID objectOwner = group.OwnerID;
470	locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
471
472
473	// This is an exception to the generic object permission.
474	// Administrators who lock their objects should not be able to move them,
475	// however generic object permission should return true.
476	// This keeps locked objects from being affected by random click + drag actions by accident
477	// and allows the administrator to grab or delete a locked object.
478
479	// Administrators and estate managers are still able to click+grab locked objects not
480	// owned by them in the scene
481	// This is by design.
482
483	if (locked && (user == objectOwner))
484	return false;
485	}
486	return permission;
487	}
488
489	public virtual bool CanCopyObject(LLUUID user, LLUUID obj)
490	{
491	bool permission = GenericObjectPermission(user, obj);
492	if (!permission)
493	{
494	if (!m_scene.Entities.ContainsKey(obj))
495	{
496	return false;
497	}
498
499	// If it's not an object, we cant edit it.
500	if (!(m_scene.Entities[obj] is SceneObjectGroup))
501	{
502	return false;
503	}
504
505	SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj];
506	LLUUID taskOwner = null;
507	// Added this because at this point in time it wouldn't be wise for
508	// the administrator object permissions to take effect.
509	LLUUID objectOwner = task.OwnerID;
510	if ((task.RootPart.EveryoneMask & PERM_COPY) != 0)
511	permission = true;
512	}
513	return permission;
514	}
515
516	public virtual bool CanReturnObject(LLUUID user, LLUUID obj)
517	{
518	return GenericObjectPermission(user, obj);
519	}
520
521	#endregion
522
523	#region Communication Permissions
524
525	public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target)
526	{
527	bool permission = false;
528	string reason = "Only registered users may communicate with another account.";
529
530	if (IsGridUser(user))
531	permission = true;
532
533	if (!IsGridUser(user))
534	{
535	permission = false;
536	reason = "The person that you are messaging is not a registered user.";
537	}
538	if (IsAdministrator(user))
539	permission = true;
540
541	if (IsEstateManager(user))
542	permission = true;
543
544	if (!permission)
545	SendPermissionError(user, reason);
546
547	return permission;
548	}
549
550	public virtual bool CanInstantMessage(LLUUID user, LLUUID target)
551	{
552	return GenericCommunicationPermission(user, target);
553	}
554
555	public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target)
556	{
557	return GenericCommunicationPermission(user, target);
558	}
559
560	#endregion
561
562	public virtual bool CanEditScript(LLUUID user, LLUUID script)
563	{
564	return IsAdministrator(user);
565	}
566
567	public virtual bool CanRunScript(LLUUID user, LLUUID script)
568	{
569	return IsAdministrator(user);
570	}
571
572	public virtual bool CanRunConsoleCommand(LLUUID user)
573	{
574	return IsAdministrator(user);
575	}
576
577	public virtual bool CanTerraform(LLUUID user, LLVector3 position)
578	{
579	bool permission = false;
580
581	// Estate override
582	if (GenericEstatePermission(user))
583	permission = true;
584
585	float X = position.X;
586	float Y = position.Y;
587
588	if (X > 255)
589	X = 255;
590	if (Y > 255)
591	Y = 255;
592	if (X < 0)
593	X = 0;
594	if (Y < 0)
595	Y = 0;
596
597	// Land owner can terraform too
598	ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y);
599	if (parcel != null && GenericParcelPermission(user, parcel))
600	permission = true;
601
602	if (!permission)
603	SendPermissionError(user, "Not authorized to terraform at this location.");
604
605	return permission;
606	}
607
608	#region Estate Permissions
609
610	public virtual bool GenericEstatePermission(LLUUID user)
611	{
612	// Default: deny
613	bool permission = false;
614
615	// Estate admins should be able to use estate tools
616	if (IsEstateManager(user))
617	permission = true;
618
619	// Administrators always have permission
620	if (IsAdministrator(user))
621	permission = true;
622
623	return permission;
624	}
625
626	public virtual bool CanEditEstateTerrain(LLUUID user)
627	{
628	return GenericEstatePermission(user);
629	}
630
631	public virtual bool CanRestartSim(LLUUID user)
632	{
633	// Since this is potentially going on a grid...
634
635	return GenericEstatePermission(user);
636	//return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
637	}
638
639	#endregion
640
641	#region Parcel Permissions
642
643	protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel)
644	{
645	bool permission = false;
646
647	if (parcel.landData.ownerID == user)
648	{
649	permission = true;
650	}
651
652	if (parcel.landData.isGroupOwned)
653	{
654	// TODO: Need to do some extra checks here. Requires group code.
655	}
656
657	if (IsEstateManager(user))
658	{
659	permission = true;
660	}
661
662	if (IsAdministrator(user))
663	{
664	permission = true;
665	}
666
667	return permission;
668	}
669
670	protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
671	{
672	ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y);
673	if (parcel == null) return false;
674	return GenericParcelPermission(user, parcel);
675	}
676
677	public virtual bool CanEditParcel(LLUUID user, ILandObject parcel)
678	{
679	return GenericParcelPermission(user, parcel);
680	}
681
682	public virtual bool CanSellParcel(LLUUID user, ILandObject parcel)
683	{
684	return GenericParcelPermission(user, parcel);
685	}
686
687	public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel)
688	{
689	return GenericParcelPermission(user, parcel);
690	}
691
692	#endregion
693	}
694	}