add OSSL option PermissionErrortoOwner (true or false). if true ossl functions permission errors will only be sent to prim owner, defaul false: send all around

author: UbitUmarov 2019-10-16 00:08:45 +0100
committer: UbitUmarov 2019-10-16 00:08:45 +0100
commit: d79d7e228a059e40a9334c9e2ec4c81075443f83 (patch)
tree: 14e2d3ef3e7515f1e285cdd3ef66925ccd6039b0 /OpenSim/Region/ScriptEngine/Shared/Api
parent: change coments on osslEnable.ini and remove list of functions always suported; (diff)
download: opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.zip
opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.gz
opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.bz2
opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.xz
1 files changed, 101 insertions, 93 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index f0f6781..4abd2f1 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -146,6 +146,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
        protected ISoundModule m_SoundModule = null;
        internal IConfig m_osslconfig;
        internal TimeZoneInfo PSTTimeZone = null;
+        internal bool m_PermissionErrortoOwner = false;
        public void Initialize(
            IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item)
@@ -167,10 +168,10 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
                // m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED");
            }
-            m_ScriptDelayFactor =
+            m_PermissionErrortoOwner = m_osslconfig.GetBoolean("PermissionErrorToOwner", m_PermissionErrortoOwner);
-                    m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
-            m_ScriptDistanceFactor =
+            m_ScriptDelayFactor =  m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
-                    m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);
+            m_ScriptDistanceFactor = m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);
            string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow");
            switch (risk)
@@ -286,7 +287,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
        {
            m_host.AddScriptLPS(1);
            if (!m_OSFunctionsEnabled)
-                OSSLError("permission denied.  All OS functions are disabled."); // throws
+                OSSLError("permission denied. All unsafe OSSL funtions disabled"); // throws
        }
        // Returns if the function is allowed. Throws a script exception if not allowed.
@@ -294,17 +295,24 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
        {
            m_host.AddScriptLPS(1);
            if (!m_OSFunctionsEnabled)
-                OSSLError(String.Format("{0} permission denied.  All OS functions are disabled.", function)); // throws
+            {
+                if (m_PermissionErrortoOwner)
+                    throw new ScriptException("(OWNER)OSSL Permission Error: All unsafe OSSL funtions disabled");
+                else
+                    throw new ScriptException("OSSL Permission Error: All unsafe OSSL funtions disabled");
+            }
            string reasonWhyNot = CheckThreatLevelTest(level, function);
            if (!String.IsNullOrEmpty(reasonWhyNot))
            {
-                OSSLError(reasonWhyNot);
+                if (m_PermissionErrortoOwner)
+                    throw new ScriptException("(OWNER)OSSL Permission Error: " + reasonWhyNot);
+                else
+                    throw new ScriptException("OSSL Permission Error: " + reasonWhyNot);
            }
        }
+            // Check to see if function is allowed. Returns an empty string if function permitted
-        // Check to see if function is allowed. Returns an empty string if function permitted
+            //     or a string explaining why this function can't be used.
-        //     or a string explaining why this function can't be used.
        private string CheckThreatLevelTest(ThreatLevel level, string function)
        {
            if (!m_FunctionPerms.ContainsKey(function))
@@ -386,107 +394,107 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            {
                // Allow / disallow by threat level
                if (level > m_MaxThreatLevel)
-                    return
+                    return String.Empty;
-                        String.Format(
+                return String.Format(
                            "{0} permission denied.  Allowed threat level is {1} but function threat level is {2}.",
                            function, m_MaxThreatLevel, level);
            }
-            else
-            {
-                if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero))
-                {
-                    // Not anyone. Do detailed checks
-                    if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
-                    {
-                        // prim owner is in the list of allowed owners
-                        return String.Empty;
-                    }
-                    UUID ownerID = m_item.OwnerID;
+            if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0)
+                return String.Format("{0} disabled in region configuration", function);
-                    //OSSL only may be used if object is in the same group as the parcel
+            if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed
-                    if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
+                return String.Empty;
-                    {
-                        ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
-                        if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
+            if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
-                        {
+            {
-                            return String.Empty;
+                // prim owner is in the list of allowed owners
-                        }
+                return String.Empty;
-                    }
+            }
-                    //Only Parcelowners may use the function
+            UUID ownerID = m_item.OwnerID;
-                    if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
-                    {
-                        ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
-                        if (land.LandData.OwnerID == ownerID)
+            //Only Parcelowners may use the function
-                        {
+            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
-                            return String.Empty;
+            {
-                        }
+                ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
-                    }
-                    //Only Estate Managers may use the function
-                    if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
-                    {
-                        //Only Estate Managers may use the function
-                        if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
-                        {
-                            return String.Empty;
-                        }
-                    }
-                    //Only regionowners may use the function
+                if (land.LandData.OwnerID == ownerID)
-                    if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
+                {
-                    {
+                    return String.Empty;
-                        if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
+                }
-                        {
+            }
-                            return String.Empty;
-                        }
-                    }
+            //OSSL only may be used if object is in the same group as the parcel
+            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
+            {
+                ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
-                    //Only grid gods may use the function
+                if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
-                    if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))
+                {
-                    {
+                    return String.Empty;
-                        if (World.Permissions.IsGridGod(ownerID))
+                }
-                        {
+            }
-                            return String.Empty;
-                        }
-                    }
-                    //Any god may use the function
+            //Only Estate Managers may use the function
-                    if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))
+            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
-                    {
+            {
-                        if (World.Permissions.IsAdministrator(ownerID))
+                //Only Estate Managers may use the function
-                        {
+                if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
-                            return String.Empty;
+                {
-                        }
+                    return String.Empty;
-                    }
+                }
+            }
-                    //Only active gods may use the function
+            //Only regionowners may use the function
-                    if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))
+            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
-                    {
+            {
-                        ScenePresence sp = World.GetScenePresence(ownerID);
+                if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
-                        if (sp != null && !sp.IsDeleted && sp.IsGod)
+                {
-                        {
+                    return String.Empty;
-                            return String.Empty;
+                }
-                        }
+            }
-                    }
-                    if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))
+            //Only grid gods may use the function
-                        return(
+            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))
-                            String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
+            {
-                            function));
+                if (World.Permissions.IsGridGod(ownerID))
+                {
+                    return String.Empty;
+                }
+            }
-                    if (m_item.CreatorID != ownerID)
+            //Any god may use the function
-                    {
+            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))
-                        if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
+            {
-                            return String.Format("{0} permission denied. Script permissions error.", function);
+                if (World.Permissions.IsAdministrator(ownerID))
+                {
+                    return String.Empty;
+                }
+            }
-                    }
+            //Only active gods may use the function
+            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))
+            {
+                ScenePresence sp = World.GetScenePresence(ownerID);
+                if (sp != null && !sp.IsDeleted && sp.IsGod)
+                {
+                    return String.Empty;
                }
            }
+            if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))
+                return(
+                    String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
+                    function));
+            if (m_item.CreatorID != ownerID)
+            {
+                if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
+                    return String.Format("{0} permission denied. Script creator is not prim owner.", function);
+            }
            return String.Empty;
        }
author	UbitUmarov	2019-10-16 00:08:45 +0100
committer	UbitUmarov	2019-10-16 00:08:45 +0100
commit	d79d7e228a059e40a9334c9e2ec4c81075443f83 (patch)
tree	14e2d3ef3e7515f1e285cdd3ef66925ccd6039b0 /OpenSim/Region/ScriptEngine/Shared/Api
parent	change coments on osslEnable.ini and remove list of functions always suported; (diff)
download	opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.zip opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.gz opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.bz2 opensim-SC-d79d7e228a059e40a9334c9e2ec4c81075443f83.tar.xz

diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index f0f6781..4abd2f1 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -146,6 +146,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
146	protected ISoundModule m_SoundModule = null;	146	protected ISoundModule m_SoundModule = null;
147	internal IConfig m_osslconfig;	147	internal IConfig m_osslconfig;
148	internal TimeZoneInfo PSTTimeZone = null;	148	internal TimeZoneInfo PSTTimeZone = null;
		149	internal bool m_PermissionErrortoOwner = false;
149		150
150	public void Initialize(	151	public void Initialize(
151	IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item)	152	IScriptEngine scriptEngine, SceneObjectPart host, TaskInventoryItem item)
@@ -167,10 +168,10 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
167	// m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED");	168	// m_log.Warn("[OSSL] OSSL FUNCTIONS ENABLED");
168	}	169	}
169		170
170	m_ScriptDelayFactor =	171	m_PermissionErrortoOwner = m_osslconfig.GetBoolean("PermissionErrorToOwner", m_PermissionErrortoOwner);
171	m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);	172
172	m_ScriptDistanceFactor =	173	m_ScriptDelayFactor = m_ScriptEngine.Config.GetFloat("ScriptDelayFactor", 1.0f);
173	m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);	174	m_ScriptDistanceFactor = m_ScriptEngine.Config.GetFloat("ScriptDistanceLimitFactor", 1.0f);
174		175
175	string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow");	176	string risk = m_osslconfig.GetString("OSFunctionThreatLevel", "VeryLow");
176	switch (risk)	177	switch (risk)
@@ -286,7 +287,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
286	{	287	{
287	m_host.AddScriptLPS(1);	288	m_host.AddScriptLPS(1);
288	if (!m_OSFunctionsEnabled)	289	if (!m_OSFunctionsEnabled)
289	OSSLError("permission denied. All OS functions are disabled."); // throws	290	OSSLError("permission denied. All unsafe OSSL funtions disabled"); // throws
290	}	291	}
291		292
292	// Returns if the function is allowed. Throws a script exception if not allowed.	293	// Returns if the function is allowed. Throws a script exception if not allowed.
@@ -294,17 +295,24 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
294	{	295	{
295	m_host.AddScriptLPS(1);	296	m_host.AddScriptLPS(1);
296	if (!m_OSFunctionsEnabled)	297	if (!m_OSFunctionsEnabled)
297	OSSLError(String.Format("{0} permission denied. All OS functions are disabled.", function)); // throws	298	{
		299	if (m_PermissionErrortoOwner)
		300	throw new ScriptException("(OWNER)OSSL Permission Error: All unsafe OSSL funtions disabled");
		301	else
		302	throw new ScriptException("OSSL Permission Error: All unsafe OSSL funtions disabled");
		303	}
298		304
299	string reasonWhyNot = CheckThreatLevelTest(level, function);	305	string reasonWhyNot = CheckThreatLevelTest(level, function);
300	if (!String.IsNullOrEmpty(reasonWhyNot))	306	if (!String.IsNullOrEmpty(reasonWhyNot))
301	{	307	{
302	OSSLError(reasonWhyNot);	308	if (m_PermissionErrortoOwner)
		309	throw new ScriptException("(OWNER)OSSL Permission Error: " + reasonWhyNot);
		310	else
		311	throw new ScriptException("OSSL Permission Error: " + reasonWhyNot);
303	}	312	}
304	}	313	}
305		314	// Check to see if function is allowed. Returns an empty string if function permitted
306	// Check to see if function is allowed. Returns an empty string if function permitted	315	// or a string explaining why this function can't be used.
307	// or a string explaining why this function can't be used.
308	private string CheckThreatLevelTest(ThreatLevel level, string function)	316	private string CheckThreatLevelTest(ThreatLevel level, string function)
309	{	317	{
310	if (!m_FunctionPerms.ContainsKey(function))	318	if (!m_FunctionPerms.ContainsKey(function))
@@ -386,107 +394,107 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
386	{	394	{
387	// Allow / disallow by threat level	395	// Allow / disallow by threat level
388	if (level > m_MaxThreatLevel)	396	if (level > m_MaxThreatLevel)
389	return	397	return String.Empty;
390	String.Format(	398	return String.Format(
391	"{0} permission denied. Allowed threat level is {1} but function threat level is {2}.",	399	"{0} permission denied. Allowed threat level is {1} but function threat level is {2}.",
392	function, m_MaxThreatLevel, level);	400	function, m_MaxThreatLevel, level);
393	}	401	}
394	else
395	{
396	if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero))
397	{
398	// Not anyone. Do detailed checks
399	if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
400	{
401	// prim owner is in the list of allowed owners
402	return String.Empty;
403	}
404		402
405	UUID ownerID = m_item.OwnerID;	403	if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0)
		404	return String.Format("{0} disabled in region configuration", function);
406		405
407	//OSSL only may be used if object is in the same group as the parcel	406	if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed
408	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))	407	return String.Empty;
409	{
410	ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
411		408
412	if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)	409	if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
413	{	410	{
414	return String.Empty;	411	// prim owner is in the list of allowed owners
415	}	412	return String.Empty;
416	}	413	}
417		414
418	//Only Parcelowners may use the function	415	UUID ownerID = m_item.OwnerID;
419	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
420	{
421	ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
422		416
423	if (land.LandData.OwnerID == ownerID)	417	//Only Parcelowners may use the function
424	{	418	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
425	return String.Empty;	419	{
426	}	420	ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
427	}
428
429	//Only Estate Managers may use the function
430	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
431	{
432	//Only Estate Managers may use the function
433	if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
434	{
435	return String.Empty;
436	}
437	}
438		421
439	//Only regionowners may use the function	422	if (land.LandData.OwnerID == ownerID)
440	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))	423	{
441	{	424	return String.Empty;
442	if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)	425	}
443	{	426	}
444	return String.Empty;
445	}
446	}
447		427
		428	//OSSL only may be used if object is in the same group as the parcel
		429	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
		430	{
		431	ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
448		432
449	//Only grid gods may use the function	433	if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
450	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))	434	{
451	{	435	return String.Empty;
452	if (World.Permissions.IsGridGod(ownerID))	436	}
453	{	437	}
454	return String.Empty;
455	}
456	}
457		438
458	//Any god may use the function	439	//Only Estate Managers may use the function
459	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))	440	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
460	{	441	{
461	if (World.Permissions.IsAdministrator(ownerID))	442	//Only Estate Managers may use the function
462	{	443	if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
463	return String.Empty;	444	{
464	}	445	return String.Empty;
465	}	446	}
		447	}
466		448
467	//Only active gods may use the function	449	//Only regionowners may use the function
468	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))	450	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
469	{	451	{
470	ScenePresence sp = World.GetScenePresence(ownerID);	452	if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
471	if (sp != null && !sp.IsDeleted && sp.IsGod)	453	{
472	{	454	return String.Empty;
473	return String.Empty;	455	}
474	}	456	}
475	}
476		457
477	if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))	458	//Only grid gods may use the function
478	return(	459	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))
479	String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",	460	{
480	function));	461	if (World.Permissions.IsGridGod(ownerID))
		462	{
		463	return String.Empty;
		464	}
		465	}
481		466
482	if (m_item.CreatorID != ownerID)	467	//Any god may use the function
483	{	468	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))
484	if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0)	469	{
485	return String.Format("{0} permission denied. Script permissions error.", function);	470	if (World.Permissions.IsAdministrator(ownerID))
		471	{
		472	return String.Empty;
		473	}
		474	}
486		475
487	}	476	//Only active gods may use the function
		477	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))
		478	{
		479	ScenePresence sp = World.GetScenePresence(ownerID);
		480	if (sp != null && !sp.IsDeleted && sp.IsGod)
		481	{
		482	return String.Empty;
488	}	483	}
489	}	484	}
		485
		486	if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))
		487	return(
		488	String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
		489	function));
		490
		491	if (m_item.CreatorID != ownerID)
		492	{
		493	if ((m_item.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
		494	return String.Format("{0} permission denied. Script creator is not prim owner.", function);
		495
		496	}
		497
490	return String.Empty;	498	return String.Empty;
491	}	499	}
492		500