diff options
author | Sean Dague | 2007-10-22 15:39:02 +0000 |
---|---|---|
committer | Sean Dague | 2007-10-22 15:39:02 +0000 |
commit | c5ea70bf93c47b60f2534854932d564f8811a98a (patch) | |
tree | dc533eff741aab7f9aea58a6d9289206bfea8268 /OpenSim/Region/Environment/PermissionManager.cs | |
parent | revert r2162 as it completely clobbered all the work on (diff) | |
download | opensim-SC-c5ea70bf93c47b60f2534854932d564f8811a98a.zip opensim-SC-c5ea70bf93c47b60f2534854932d564f8811a98a.tar.gz opensim-SC-c5ea70bf93c47b60f2534854932d564f8811a98a.tar.bz2 opensim-SC-c5ea70bf93c47b60f2534854932d564f8811a98a.tar.xz |
nice catch by chi11ken that I was setting the wrong property
Diffstat (limited to 'OpenSim/Region/Environment/PermissionManager.cs')
-rw-r--r-- | OpenSim/Region/Environment/PermissionManager.cs | 654 |
1 files changed, 327 insertions, 327 deletions
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs index c40012d..ab2ad8d 100644 --- a/OpenSim/Region/Environment/PermissionManager.cs +++ b/OpenSim/Region/Environment/PermissionManager.cs | |||
@@ -1,328 +1,328 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (c) Contributors, http://opensimulator.org/ | 2 | * Copyright (c) Contributors, http://opensimulator.org/ |
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | 3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions are met: | 6 | * modification, are permitted provided that the following conditions are met: |
7 | * * Redistributions of source code must retain the above copyright | 7 | * * Redistributions of source code must retain the above copyright |
8 | * notice, this list of conditions and the following disclaimer. | 8 | * notice, this list of conditions and the following disclaimer. |
9 | * * Redistributions in binary form must reproduce the above copyright | 9 | * * Redistributions in binary form must reproduce the above copyright |
10 | * notice, this list of conditions and the following disclaimer in the | 10 | * notice, this list of conditions and the following disclaimer in the |
11 | * documentation and/or other materials provided with the distribution. | 11 | * documentation and/or other materials provided with the distribution. |
12 | * * Neither the name of the OpenSim Project nor the | 12 | * * Neither the name of the OpenSim Project nor the |
13 | * names of its contributors may be used to endorse or promote products | 13 | * names of its contributors may be used to endorse or promote products |
14 | * derived from this software without specific prior written permission. | 14 | * derived from this software without specific prior written permission. |
15 | * | 15 | * |
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY | 16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY |
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | 19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY |
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | * | 26 | * |
27 | */ | 27 | */ |
28 | 28 | ||
29 | using libsecondlife; | 29 | using libsecondlife; |
30 | using OpenSim.Region.Environment.LandManagement; | 30 | using OpenSim.Region.Environment.LandManagement; |
31 | using OpenSim.Region.Environment.Scenes; | 31 | using OpenSim.Region.Environment.Scenes; |
32 | using OpenSim.Framework.PolicyManager; | 32 | using OpenSim.Framework.PolicyManager; |
33 | 33 | ||
34 | namespace OpenSim.Region.Environment | 34 | namespace OpenSim.Region.Environment |
35 | { | 35 | { |
36 | public class PermissionManager | 36 | public class PermissionManager |
37 | { | 37 | { |
38 | protected Scene m_scene; | 38 | protected Scene m_scene; |
39 | 39 | ||
40 | // Bypasses the permissions engine (always returns OK) | 40 | // Bypasses the permissions engine (always returns OK) |
41 | // disable in any production environment | 41 | // disable in any production environment |
42 | // TODO: Change this to false when permissions are a desired default | 42 | // TODO: Change this to false when permissions are a desired default |
43 | // TODO: Move to configuration option. | 43 | // TODO: Move to configuration option. |
44 | private bool m_bypassPermissions = true; | 44 | private bool m_bypassPermissions = true; |
45 | 45 | ||
46 | public bool BypassPermissions | 46 | public bool BypassPermissions |
47 | { | 47 | { |
48 | get { return m_bypassPermissions; } | 48 | get { return m_bypassPermissions; } |
49 | set { m_bypassPermissions = value; } | 49 | set { m_bypassPermissions = value; } |
50 | } | 50 | } |
51 | 51 | ||
52 | 52 | ||
53 | public PermissionManager(Scene scene) | 53 | public PermissionManager(Scene scene) |
54 | { | 54 | { |
55 | m_scene = scene; | 55 | m_scene = scene; |
56 | } | 56 | } |
57 | 57 | ||
58 | protected virtual void SendPermissionError(LLUUID user, string reason) | 58 | protected virtual void SendPermissionError(LLUUID user, string reason) |
59 | { | 59 | { |
60 | m_scene.EventManager.TriggerPermissionError(user, reason); | 60 | m_scene.EventManager.TriggerPermissionError(user, reason); |
61 | } | 61 | } |
62 | 62 | ||
63 | protected virtual bool IsAdministrator(LLUUID user) | 63 | protected virtual bool IsAdministrator(LLUUID user) |
64 | { | 64 | { |
65 | if (m_bypassPermissions) | 65 | if (m_bypassPermissions) |
66 | { | 66 | { |
67 | return true; | 67 | return true; |
68 | } | 68 | } |
69 | 69 | ||
70 | return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; | 70 | return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; |
71 | } | 71 | } |
72 | 72 | ||
73 | protected virtual bool IsEstateManager(LLUUID user) | 73 | protected virtual bool IsEstateManager(LLUUID user) |
74 | { | 74 | { |
75 | if (m_bypassPermissions) | 75 | if (m_bypassPermissions) |
76 | { | 76 | { |
77 | return true; | 77 | return true; |
78 | } | 78 | } |
79 | 79 | ||
80 | return false; | 80 | return false; |
81 | } | 81 | } |
82 | 82 | ||
83 | protected virtual bool IsGridUser(LLUUID user) | 83 | protected virtual bool IsGridUser(LLUUID user) |
84 | { | 84 | { |
85 | return true; | 85 | return true; |
86 | } | 86 | } |
87 | 87 | ||
88 | protected virtual bool IsGuest(LLUUID user) | 88 | protected virtual bool IsGuest(LLUUID user) |
89 | { | 89 | { |
90 | return false; | 90 | return false; |
91 | } | 91 | } |
92 | 92 | ||
93 | public virtual bool CanRezObject(LLUUID user, LLVector3 position) | 93 | public virtual bool CanRezObject(LLUUID user, LLVector3 position) |
94 | { | 94 | { |
95 | bool permission = false; | 95 | bool permission = false; |
96 | 96 | ||
97 | string reason = "Insufficient permission"; | 97 | string reason = "Insufficient permission"; |
98 | 98 | ||
99 | if (IsAdministrator(user)) | 99 | if (IsAdministrator(user)) |
100 | { | 100 | { |
101 | permission = true; | 101 | permission = true; |
102 | } | 102 | } |
103 | else | 103 | else |
104 | { | 104 | { |
105 | reason = "Not an administrator"; | 105 | reason = "Not an administrator"; |
106 | } | 106 | } |
107 | 107 | ||
108 | if (GenericParcelPermission(user, position)) | 108 | if (GenericParcelPermission(user, position)) |
109 | { | 109 | { |
110 | permission = true; | 110 | permission = true; |
111 | } | 111 | } |
112 | else | 112 | else |
113 | { | 113 | { |
114 | reason = "Not the parcel owner"; | 114 | reason = "Not the parcel owner"; |
115 | } | 115 | } |
116 | 116 | ||
117 | if (!permission) | 117 | if (!permission) |
118 | SendPermissionError(user, reason); | 118 | SendPermissionError(user, reason); |
119 | 119 | ||
120 | return permission; | 120 | return permission; |
121 | } | 121 | } |
122 | 122 | ||
123 | #region Object Permissions | 123 | #region Object Permissions |
124 | 124 | ||
125 | protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId) | 125 | protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId) |
126 | { | 126 | { |
127 | // Default: deny | 127 | // Default: deny |
128 | bool permission = false; | 128 | bool permission = false; |
129 | 129 | ||
130 | if (!m_scene.Entities.ContainsKey(objId)) | 130 | if (!m_scene.Entities.ContainsKey(objId)) |
131 | { | 131 | { |
132 | return false; | 132 | return false; |
133 | } | 133 | } |
134 | 134 | ||
135 | // If it's not an object, we cant edit it. | 135 | // If it's not an object, we cant edit it. |
136 | if (!(m_scene.Entities[objId] is SceneObjectGroup)) | 136 | if (!(m_scene.Entities[objId] is SceneObjectGroup)) |
137 | { | 137 | { |
138 | return false; | 138 | return false; |
139 | } | 139 | } |
140 | 140 | ||
141 | SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId]; | 141 | SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId]; |
142 | LLUUID taskOwner = null; | 142 | LLUUID taskOwner = null; |
143 | 143 | ||
144 | // Object owners should be able to edit their own content | 144 | // Object owners should be able to edit their own content |
145 | if (user == taskOwner) | 145 | if (user == taskOwner) |
146 | permission = true; | 146 | permission = true; |
147 | 147 | ||
148 | // Users should be able to edit what is over their land. | 148 | // Users should be able to edit what is over their land. |
149 | if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID == | 149 | if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID == |
150 | user) | 150 | user) |
151 | permission = true; | 151 | permission = true; |
152 | 152 | ||
153 | // Estate users should be able to edit anything in the sim | 153 | // Estate users should be able to edit anything in the sim |
154 | if (IsEstateManager(user)) | 154 | if (IsEstateManager(user)) |
155 | permission = true; | 155 | permission = true; |
156 | 156 | ||
157 | // Admin objects should not be editable by the above | 157 | // Admin objects should not be editable by the above |
158 | if (IsAdministrator(taskOwner)) | 158 | if (IsAdministrator(taskOwner)) |
159 | permission = false; | 159 | permission = false; |
160 | 160 | ||
161 | // Admin should be able to edit anything in the sim (including admin objects) | 161 | // Admin should be able to edit anything in the sim (including admin objects) |
162 | if (IsAdministrator(user)) | 162 | if (IsAdministrator(user)) |
163 | permission = true; | 163 | permission = true; |
164 | 164 | ||
165 | return permission; | 165 | return permission; |
166 | } | 166 | } |
167 | 167 | ||
168 | /// <summary> | 168 | /// <summary> |
169 | /// Permissions check - can user delete an object? | 169 | /// Permissions check - can user delete an object? |
170 | /// </summary> | 170 | /// </summary> |
171 | /// <param name="user">User attempting the delete</param> | 171 | /// <param name="user">User attempting the delete</param> |
172 | /// <param name="obj">Target object</param> | 172 | /// <param name="obj">Target object</param> |
173 | /// <returns>Has permission?</returns> | 173 | /// <returns>Has permission?</returns> |
174 | public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) | 174 | public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) |
175 | { | 175 | { |
176 | return GenericObjectPermission(user, obj); | 176 | return GenericObjectPermission(user, obj); |
177 | } | 177 | } |
178 | 178 | ||
179 | public virtual bool CanEditObject(LLUUID user, LLUUID obj) | 179 | public virtual bool CanEditObject(LLUUID user, LLUUID obj) |
180 | { | 180 | { |
181 | return GenericObjectPermission(user, obj); | 181 | return GenericObjectPermission(user, obj); |
182 | } | 182 | } |
183 | 183 | ||
184 | public virtual bool CanReturnObject(LLUUID user, LLUUID obj) | 184 | public virtual bool CanReturnObject(LLUUID user, LLUUID obj) |
185 | { | 185 | { |
186 | return GenericObjectPermission(user, obj); | 186 | return GenericObjectPermission(user, obj); |
187 | } | 187 | } |
188 | 188 | ||
189 | #endregion | 189 | #endregion |
190 | 190 | ||
191 | #region Communication Permissions | 191 | #region Communication Permissions |
192 | 192 | ||
193 | public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) | 193 | public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) |
194 | { | 194 | { |
195 | bool permission = false; | 195 | bool permission = false; |
196 | string reason = "Only registered users may communicate with another account."; | 196 | string reason = "Only registered users may communicate with another account."; |
197 | 197 | ||
198 | if (IsGridUser(user)) | 198 | if (IsGridUser(user)) |
199 | permission = true; | 199 | permission = true; |
200 | 200 | ||
201 | if (!IsGridUser(user)) | 201 | if (!IsGridUser(user)) |
202 | { | 202 | { |
203 | permission = false; | 203 | permission = false; |
204 | reason = "The person that you are messaging is not a registered user."; | 204 | reason = "The person that you are messaging is not a registered user."; |
205 | } | 205 | } |
206 | if (IsAdministrator(user)) | 206 | if (IsAdministrator(user)) |
207 | permission = true; | 207 | permission = true; |
208 | 208 | ||
209 | if (IsEstateManager(user)) | 209 | if (IsEstateManager(user)) |
210 | permission = true; | 210 | permission = true; |
211 | 211 | ||
212 | if (!permission) | 212 | if (!permission) |
213 | SendPermissionError(user, reason); | 213 | SendPermissionError(user, reason); |
214 | 214 | ||
215 | return permission; | 215 | return permission; |
216 | } | 216 | } |
217 | 217 | ||
218 | public virtual bool CanInstantMessage(LLUUID user, LLUUID target) | 218 | public virtual bool CanInstantMessage(LLUUID user, LLUUID target) |
219 | { | 219 | { |
220 | return GenericCommunicationPermission(user, target); | 220 | return GenericCommunicationPermission(user, target); |
221 | } | 221 | } |
222 | 222 | ||
223 | public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) | 223 | public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) |
224 | { | 224 | { |
225 | return GenericCommunicationPermission(user, target); | 225 | return GenericCommunicationPermission(user, target); |
226 | } | 226 | } |
227 | 227 | ||
228 | #endregion | 228 | #endregion |
229 | 229 | ||
230 | public virtual bool CanEditScript(LLUUID user, LLUUID script) | 230 | public virtual bool CanEditScript(LLUUID user, LLUUID script) |
231 | { | 231 | { |
232 | return IsAdministrator(user); | 232 | return IsAdministrator(user); |
233 | } | 233 | } |
234 | 234 | ||
235 | public virtual bool CanRunScript(LLUUID user, LLUUID script) | 235 | public virtual bool CanRunScript(LLUUID user, LLUUID script) |
236 | { | 236 | { |
237 | return IsAdministrator(user); | 237 | return IsAdministrator(user); |
238 | } | 238 | } |
239 | 239 | ||
240 | public virtual bool CanTerraform(LLUUID user, LLVector3 position) | 240 | public virtual bool CanTerraform(LLUUID user, LLVector3 position) |
241 | { | 241 | { |
242 | bool permission = false; | 242 | bool permission = false; |
243 | 243 | ||
244 | // Estate override | 244 | // Estate override |
245 | if (GenericEstatePermission(user)) | 245 | if (GenericEstatePermission(user)) |
246 | permission = true; | 246 | permission = true; |
247 | 247 | ||
248 | // Land owner can terraform too | 248 | // Land owner can terraform too |
249 | if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) | 249 | if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) |
250 | permission = true; | 250 | permission = true; |
251 | 251 | ||
252 | if (!permission) | 252 | if (!permission) |
253 | SendPermissionError(user, "Not authorized to terraform at this location."); | 253 | SendPermissionError(user, "Not authorized to terraform at this location."); |
254 | 254 | ||
255 | return permission; | 255 | return permission; |
256 | } | 256 | } |
257 | 257 | ||
258 | #region Estate Permissions | 258 | #region Estate Permissions |
259 | 259 | ||
260 | protected virtual bool GenericEstatePermission(LLUUID user) | 260 | protected virtual bool GenericEstatePermission(LLUUID user) |
261 | { | 261 | { |
262 | // Default: deny | 262 | // Default: deny |
263 | bool permission = false; | 263 | bool permission = false; |
264 | 264 | ||
265 | // Estate admins should be able to use estate tools | 265 | // Estate admins should be able to use estate tools |
266 | if (IsEstateManager(user)) | 266 | if (IsEstateManager(user)) |
267 | permission = true; | 267 | permission = true; |
268 | 268 | ||
269 | // Administrators always have permission | 269 | // Administrators always have permission |
270 | if (IsAdministrator(user)) | 270 | if (IsAdministrator(user)) |
271 | permission = true; | 271 | permission = true; |
272 | 272 | ||
273 | return permission; | 273 | return permission; |
274 | } | 274 | } |
275 | 275 | ||
276 | public virtual bool CanEditEstateTerrain(LLUUID user) | 276 | public virtual bool CanEditEstateTerrain(LLUUID user) |
277 | { | 277 | { |
278 | return GenericEstatePermission(user); | 278 | return GenericEstatePermission(user); |
279 | } | 279 | } |
280 | 280 | ||
281 | #endregion | 281 | #endregion |
282 | 282 | ||
283 | #region Parcel Permissions | 283 | #region Parcel Permissions |
284 | 284 | ||
285 | protected virtual bool GenericParcelPermission(LLUUID user, Land parcel) | 285 | protected virtual bool GenericParcelPermission(LLUUID user, Land parcel) |
286 | { | 286 | { |
287 | bool permission = false; | 287 | bool permission = false; |
288 | 288 | ||
289 | if (parcel.landData.ownerID == user) | 289 | if (parcel.landData.ownerID == user) |
290 | permission = true; | 290 | permission = true; |
291 | 291 | ||
292 | if (parcel.landData.isGroupOwned) | 292 | if (parcel.landData.isGroupOwned) |
293 | { | 293 | { |
294 | // TODO: Need to do some extra checks here. Requires group code. | 294 | // TODO: Need to do some extra checks here. Requires group code. |
295 | } | 295 | } |
296 | 296 | ||
297 | if (IsEstateManager(user)) | 297 | if (IsEstateManager(user)) |
298 | permission = true; | 298 | permission = true; |
299 | 299 | ||
300 | if (IsAdministrator(user)) | 300 | if (IsAdministrator(user)) |
301 | permission = true; | 301 | permission = true; |
302 | 302 | ||
303 | return permission; | 303 | return permission; |
304 | } | 304 | } |
305 | 305 | ||
306 | protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) | 306 | protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) |
307 | { | 307 | { |
308 | return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); | 308 | return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); |
309 | } | 309 | } |
310 | 310 | ||
311 | public virtual bool CanEditParcel(LLUUID user, Land parcel) | 311 | public virtual bool CanEditParcel(LLUUID user, Land parcel) |
312 | { | 312 | { |
313 | return GenericParcelPermission(user, parcel); | 313 | return GenericParcelPermission(user, parcel); |
314 | } | 314 | } |
315 | 315 | ||
316 | public virtual bool CanSellParcel(LLUUID user, Land parcel) | 316 | public virtual bool CanSellParcel(LLUUID user, Land parcel) |
317 | { | 317 | { |
318 | return GenericParcelPermission(user, parcel); | 318 | return GenericParcelPermission(user, parcel); |
319 | } | 319 | } |
320 | 320 | ||
321 | public virtual bool CanAbandonParcel(LLUUID user, Land parcel) | 321 | public virtual bool CanAbandonParcel(LLUUID user, Land parcel) |
322 | { | 322 | { |
323 | return GenericParcelPermission(user, parcel); | 323 | return GenericParcelPermission(user, parcel); |
324 | } | 324 | } |
325 | 325 | ||
326 | #endregion | 326 | #endregion |
327 | } | 327 | } |
328 | } | 328 | } |