diff options
author | Diva Canto | 2012-09-20 15:49:22 -0700 |
---|---|---|
committer | Diva Canto | 2012-09-20 15:49:22 -0700 |
commit | 3089b6d824f1d4eb25ba12c5fd037153fdc92e1e (patch) | |
tree | f70c7a399cf2e2af599f25798a6b3c3b3d3f89d6 /OpenSim/Services | |
parent | Correctly override and call base OpenSimTestCase.SetUp() method in GridConnec... (diff) | |
download | opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.zip opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.tar.gz opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.tar.bz2 opensim-SC-3089b6d824f1d4eb25ba12c5fd037153fdc92e1e.tar.xz |
More HG2.0: Added permission policies in HGAsset Service based on asset types. The policies are given in the config. This is only half of the story. The other half, pertaining to exports/imports made by the sim, will be done next.
Diffstat (limited to 'OpenSim/Services')
-rw-r--r-- | OpenSim/Services/HypergridService/HGAssetService.cs | 79 |
1 files changed, 76 insertions, 3 deletions
diff --git a/OpenSim/Services/HypergridService/HGAssetService.cs b/OpenSim/Services/HypergridService/HGAssetService.cs index db98166..d6541c4 100644 --- a/OpenSim/Services/HypergridService/HGAssetService.cs +++ b/OpenSim/Services/HypergridService/HGAssetService.cs | |||
@@ -58,6 +58,9 @@ namespace OpenSim.Services.HypergridService | |||
58 | 58 | ||
59 | private UserAccountCache m_Cache; | 59 | private UserAccountCache m_Cache; |
60 | 60 | ||
61 | private bool[] m_DisallowGET, m_DisallowPOST; | ||
62 | private string[] m_AssetTypeNames; | ||
63 | |||
61 | public HGAssetService(IConfigSource config, string configName) : base(config, configName) | 64 | public HGAssetService(IConfigSource config, string configName) : base(config, configName) |
62 | { | 65 | { |
63 | m_log.Debug("[HGAsset Service]: Starting"); | 66 | m_log.Debug("[HGAsset Service]: Starting"); |
@@ -80,6 +83,34 @@ namespace OpenSim.Services.HypergridService | |||
80 | m_HomeURL = assetConfig.GetString("HomeURI", m_HomeURL); | 83 | m_HomeURL = assetConfig.GetString("HomeURI", m_HomeURL); |
81 | 84 | ||
82 | m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); | 85 | m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); |
86 | |||
87 | // Permissions | ||
88 | Type enumType = typeof(AssetType); | ||
89 | m_AssetTypeNames = Enum.GetNames(enumType); | ||
90 | for (int i = 0; i < m_AssetTypeNames.Length; i++) | ||
91 | m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower(); | ||
92 | int n = Enum.GetValues(enumType).Length; | ||
93 | m_DisallowGET = new bool[n]; | ||
94 | m_DisallowPOST = new bool[n]; | ||
95 | |||
96 | LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET); | ||
97 | LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST); | ||
98 | |||
99 | } | ||
100 | |||
101 | private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray) | ||
102 | { | ||
103 | string perms = assetConfig.GetString(variable, String.Empty); | ||
104 | string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries); | ||
105 | foreach (string s in parts) | ||
106 | { | ||
107 | int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower()); | ||
108 | if (index >= 0) | ||
109 | bitArray[index] = true; | ||
110 | else | ||
111 | m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s); | ||
112 | } | ||
113 | |||
83 | } | 114 | } |
84 | 115 | ||
85 | #region IAssetService overrides | 116 | #region IAssetService overrides |
@@ -90,6 +121,9 @@ namespace OpenSim.Services.HypergridService | |||
90 | if (asset == null) | 121 | if (asset == null) |
91 | return null; | 122 | return null; |
92 | 123 | ||
124 | if (!AllowedGet(asset.Type)) | ||
125 | return null; | ||
126 | |||
93 | if (asset.Metadata.Type == (sbyte)AssetType.Object) | 127 | if (asset.Metadata.Type == (sbyte)AssetType.Object) |
94 | asset.Data = AdjustIdentifiers(asset.Data); ; | 128 | asset.Data = AdjustIdentifiers(asset.Data); ; |
95 | 129 | ||
@@ -112,16 +146,27 @@ namespace OpenSim.Services.HypergridService | |||
112 | 146 | ||
113 | public override byte[] GetData(string id) | 147 | public override byte[] GetData(string id) |
114 | { | 148 | { |
115 | byte[] data = base.GetData(id); | 149 | AssetBase asset = Get(id); |
116 | 150 | ||
117 | if (data == null) | 151 | if (asset == null) |
118 | return null; | 152 | return null; |
119 | 153 | ||
120 | return AdjustIdentifiers(data); | 154 | if (!AllowedGet(asset.Type)) |
155 | return null; | ||
156 | |||
157 | return asset.Data; | ||
121 | } | 158 | } |
122 | 159 | ||
123 | //public virtual bool Get(string id, Object sender, AssetRetrieved handler) | 160 | //public virtual bool Get(string id, Object sender, AssetRetrieved handler) |
124 | 161 | ||
162 | public override string Store(AssetBase asset) | ||
163 | { | ||
164 | if (!AllowedPost(asset.Type)) | ||
165 | return UUID.Zero.ToString(); | ||
166 | |||
167 | return base.Store(asset); | ||
168 | } | ||
169 | |||
125 | public override bool Delete(string id) | 170 | public override bool Delete(string id) |
126 | { | 171 | { |
127 | // NOGO | 172 | // NOGO |
@@ -130,6 +175,34 @@ namespace OpenSim.Services.HypergridService | |||
130 | 175 | ||
131 | #endregion | 176 | #endregion |
132 | 177 | ||
178 | protected bool AllowedGet(sbyte type) | ||
179 | { | ||
180 | string assetTypeName = ((AssetType)type).ToString(); | ||
181 | |||
182 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
183 | if (index >= 0 && m_DisallowGET[index]) | ||
184 | { | ||
185 | m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName); | ||
186 | return false; | ||
187 | } | ||
188 | |||
189 | return true; | ||
190 | } | ||
191 | |||
192 | protected bool AllowedPost(sbyte type) | ||
193 | { | ||
194 | string assetTypeName = ((AssetType)type).ToString(); | ||
195 | |||
196 | int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower()); | ||
197 | if (index >= 0 && m_DisallowPOST[index]) | ||
198 | { | ||
199 | m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName); | ||
200 | return false; | ||
201 | } | ||
202 | |||
203 | return true; | ||
204 | } | ||
205 | |||
133 | protected void AdjustIdentifiers(AssetMetadata meta) | 206 | protected void AdjustIdentifiers(AssetMetadata meta) |
134 | { | 207 | { |
135 | if (meta == null || m_Cache == null) | 208 | if (meta == null || m_Cache == null) |