diff options
author | Adam Frisby | 2007-10-21 22:15:41 +0000 |
---|---|---|
committer | Adam Frisby | 2007-10-21 22:15:41 +0000 |
commit | 7f2ec02802cabc98e93ac872999933b6e5be48e5 (patch) | |
tree | 9a3fd985e02939a090fdf4ffaa9e7b1af25a8173 /OpenSim | |
parent | fix line ending mixing. Probably should put some (diff) | |
download | opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.zip opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.tar.gz opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.tar.bz2 opensim-SC-7f2ec02802cabc98e93ac872999933b6e5be48e5.tar.xz |
* Disabled TCP Remoting Channel Security for InterRegion communication, as it appears we are not implementing this correctly. (need to set up certificates first)
* Documented ACL class
Diffstat (limited to 'OpenSim')
-rw-r--r-- | OpenSim/Framework/General/PolicyManager/ACL.cs | 480 | ||||
-rw-r--r-- | OpenSim/Region/Communications/OGS1/OGS1GridServices.cs | 2 | ||||
-rw-r--r-- | OpenSim/Region/Environment/PermissionManager.cs | 653 |
3 files changed, 585 insertions, 550 deletions
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs index 53c1b2d..8dffe7b 100644 --- a/OpenSim/Framework/General/PolicyManager/ACL.cs +++ b/OpenSim/Framework/General/PolicyManager/ACL.cs | |||
@@ -1,223 +1,257 @@ | |||
1 | using System; | 1 | /* |
2 | using System.Collections.Generic; | 2 | * Copyright (c) Contributors, http://opensimulator.org/ |
3 | using System.Text; | 3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. |
4 | 4 | * | |
5 | namespace OpenSim.Framework.PolicyManager | 5 | * Redistribution and use in source and binary forms, with or without |
6 | { | 6 | * modification, are permitted provided that the following conditions are met: |
7 | #region ACL Core Class | 7 | * * Redistributions of source code must retain the above copyright |
8 | /// <summary> | 8 | * notice, this list of conditions and the following disclaimer. |
9 | /// Access Control List Engine | 9 | * * Redistributions in binary form must reproduce the above copyright |
10 | /// </summary> | 10 | * notice, this list of conditions and the following disclaimer in the |
11 | public class ACL | 11 | * documentation and/or other materials provided with the distribution. |
12 | { | 12 | * * Neither the name of the OpenSim Project nor the |
13 | Dictionary<string, Role> Roles = new Dictionary<string, Role>(); | 13 | * names of its contributors may be used to endorse or promote products |
14 | Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); | 14 | * derived from this software without specific prior written permission. |
15 | 15 | * | |
16 | public ACL AddRole(Role role) | 16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY |
17 | { | 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
18 | if (Roles.ContainsKey(role.Name)) | 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
19 | throw new AlreadyContainsRoleException(role); | 19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY |
20 | 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
21 | Roles.Add(role.Name, role); | 21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
22 | 22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | |
23 | return this; | 23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 | } | 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
25 | 25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
26 | public ACL AddResource(Resource resource) | 26 | * |
27 | { | 27 | */ |
28 | Resources.Add(resource.Name, resource); | 28 | using System; |
29 | 29 | using System.Collections.Generic; | |
30 | return this; | 30 | using System.Text; |
31 | } | 31 | |
32 | 32 | namespace OpenSim.Framework.PolicyManager | |
33 | public Permission HasPermission(string role, string resource) | 33 | { |
34 | { | 34 | // ACL Class |
35 | if (!Roles.ContainsKey(role)) | 35 | // Modelled after the structure of the Zend ACL Framework Library |
36 | throw new KeyNotFoundException(); | 36 | // with one key difference - the tree will search for all matching |
37 | 37 | // permissions rather than just the first. Deny permissions will | |
38 | if (!Resources.ContainsKey(resource)) | 38 | // override all others. |
39 | throw new KeyNotFoundException(); | 39 | |
40 | 40 | ||
41 | return Roles[role].RequestPermission(resource); | 41 | #region ACL Core Class |
42 | } | 42 | /// <summary> |
43 | 43 | /// Access Control List Engine | |
44 | public ACL GrantPermission(string role, string resource) | 44 | /// </summary> |
45 | { | 45 | public class ACL |
46 | if (!Roles.ContainsKey(role)) | 46 | { |
47 | throw new KeyNotFoundException(); | 47 | Dictionary<string, Role> Roles = new Dictionary<string, Role>(); |
48 | 48 | Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); | |
49 | if (!Resources.ContainsKey(resource)) | 49 | |
50 | throw new KeyNotFoundException(); | 50 | public ACL AddRole(Role role) |
51 | 51 | { | |
52 | Roles[role].GivePermission(resource, Permission.Allow); | 52 | if (Roles.ContainsKey(role.Name)) |
53 | 53 | throw new AlreadyContainsRoleException(role); | |
54 | return this; | 54 | |
55 | } | 55 | Roles.Add(role.Name, role); |
56 | 56 | ||
57 | public ACL DenyPermission(string role, string resource) | 57 | return this; |
58 | { | 58 | } |
59 | if (!Roles.ContainsKey(role)) | 59 | |
60 | throw new KeyNotFoundException(); | 60 | public ACL AddResource(Resource resource) |
61 | 61 | { | |
62 | if (!Resources.ContainsKey(resource)) | 62 | Resources.Add(resource.Name, resource); |
63 | throw new KeyNotFoundException(); | 63 | |
64 | 64 | return this; | |
65 | Roles[role].GivePermission(resource, Permission.Deny); | 65 | } |
66 | 66 | ||
67 | return this; | 67 | public Permission HasPermission(string role, string resource) |
68 | } | 68 | { |
69 | 69 | if (!Roles.ContainsKey(role)) | |
70 | public ACL ResetPermission(string role, string resource) | 70 | throw new KeyNotFoundException(); |
71 | { | 71 | |
72 | if (!Roles.ContainsKey(role)) | 72 | if (!Resources.ContainsKey(resource)) |
73 | throw new KeyNotFoundException(); | 73 | throw new KeyNotFoundException(); |
74 | 74 | ||
75 | if (!Resources.ContainsKey(resource)) | 75 | return Roles[role].RequestPermission(resource); |
76 | throw new KeyNotFoundException(); | 76 | } |
77 | 77 | ||
78 | Roles[role].GivePermission(resource, Permission.None); | 78 | public ACL GrantPermission(string role, string resource) |
79 | 79 | { | |
80 | return this; | 80 | if (!Roles.ContainsKey(role)) |
81 | } | 81 | throw new KeyNotFoundException(); |
82 | } | 82 | |
83 | #endregion | 83 | if (!Resources.ContainsKey(resource)) |
84 | 84 | throw new KeyNotFoundException(); | |
85 | #region Exceptions | 85 | |
86 | /// <summary> | 86 | Roles[role].GivePermission(resource, Permission.Allow); |
87 | /// Thrown when an ACL attempts to add a duplicate role. | 87 | |
88 | /// </summary> | 88 | return this; |
89 | public class AlreadyContainsRoleException : Exception | 89 | } |
90 | { | 90 | |
91 | protected Role m_role; | 91 | public ACL DenyPermission(string role, string resource) |
92 | 92 | { | |
93 | public Role ErrorRole | 93 | if (!Roles.ContainsKey(role)) |
94 | { | 94 | throw new KeyNotFoundException(); |
95 | get { return m_role; } | 95 | |
96 | } | 96 | if (!Resources.ContainsKey(resource)) |
97 | 97 | throw new KeyNotFoundException(); | |
98 | public AlreadyContainsRoleException(Role role) | 98 | |
99 | { | 99 | Roles[role].GivePermission(resource, Permission.Deny); |
100 | m_role = role; | 100 | |
101 | } | 101 | return this; |
102 | 102 | } | |
103 | public override string ToString() | 103 | |
104 | { | 104 | public ACL ResetPermission(string role, string resource) |
105 | return "This ACL already contains a role called '" + m_role.Name + "'."; | 105 | { |
106 | } | 106 | if (!Roles.ContainsKey(role)) |
107 | } | 107 | throw new KeyNotFoundException(); |
108 | #endregion | 108 | |
109 | 109 | if (!Resources.ContainsKey(resource)) | |
110 | #region Roles and Resources | 110 | throw new KeyNotFoundException(); |
111 | 111 | ||
112 | /// <summary> | 112 | Roles[role].GivePermission(resource, Permission.None); |
113 | /// Does this Role have permission to access a specified Resource? | 113 | |
114 | /// </summary> | 114 | return this; |
115 | public enum Permission { Deny, None, Allow }; | 115 | } |
116 | 116 | } | |
117 | /// <summary> | 117 | #endregion |
118 | /// A role class, for use with Users or Groups | 118 | |
119 | /// </summary> | 119 | #region Exceptions |
120 | public class Role | 120 | /// <summary> |
121 | { | 121 | /// Thrown when an ACL attempts to add a duplicate role. |
122 | private string m_name; | 122 | /// </summary> |
123 | private Role[] m_parents; | 123 | public class AlreadyContainsRoleException : Exception |
124 | private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); | 124 | { |
125 | 125 | protected Role m_role; | |
126 | public string Name | 126 | |
127 | { | 127 | public Role ErrorRole |
128 | get { return m_name; } | 128 | { |
129 | } | 129 | get { return m_role; } |
130 | 130 | } | |
131 | public Permission RequestPermission(string resource) | 131 | |
132 | { | 132 | public AlreadyContainsRoleException(Role role) |
133 | return RequestPermission(resource, Permission.None); | 133 | { |
134 | } | 134 | m_role = role; |
135 | 135 | } | |
136 | public Permission RequestPermission(string resource, Permission current) | 136 | |
137 | { | 137 | public override string ToString() |
138 | // Deny permissions always override any others | 138 | { |
139 | if (current == Permission.Deny) | 139 | return "This ACL already contains a role called '" + m_role.Name + "'."; |
140 | return current; | 140 | } |
141 | 141 | } | |
142 | Permission temp = Permission.None; | 142 | #endregion |
143 | 143 | ||
144 | // Pickup non-None permissions | 144 | #region Roles and Resources |
145 | if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) | 145 | |
146 | temp = m_resources[resource]; | 146 | /// <summary> |
147 | 147 | /// Does this Role have permission to access a specified Resource? | |
148 | if (m_parents != null) | 148 | /// </summary> |
149 | { | 149 | public enum Permission { Deny, None, Allow }; |
150 | foreach (Role parent in m_parents) | 150 | |
151 | { | 151 | /// <summary> |
152 | temp = parent.RequestPermission(resource, temp); | 152 | /// A role class, for use with Users or Groups |
153 | } | 153 | /// </summary> |
154 | } | 154 | public class Role |
155 | 155 | { | |
156 | return temp; | 156 | private string m_name; |
157 | } | 157 | private Role[] m_parents; |
158 | 158 | private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); | |
159 | public void GivePermission(string resource, Permission perm) | 159 | |
160 | { | 160 | public string Name |
161 | m_resources[resource] = perm; | 161 | { |
162 | } | 162 | get { return m_name; } |
163 | 163 | } | |
164 | public Role(string name) | 164 | |
165 | { | 165 | public Permission RequestPermission(string resource) |
166 | m_name = name; | 166 | { |
167 | m_parents = null; | 167 | return RequestPermission(resource, Permission.None); |
168 | } | 168 | } |
169 | 169 | ||
170 | public Role(string name, Role[] parents) | 170 | public Permission RequestPermission(string resource, Permission current) |
171 | { | 171 | { |
172 | m_name = name; | 172 | // Deny permissions always override any others |
173 | m_parents = parents; | 173 | if (current == Permission.Deny) |
174 | } | 174 | return current; |
175 | } | 175 | |
176 | 176 | Permission temp = Permission.None; | |
177 | public class Resource | 177 | |
178 | { | 178 | // Pickup non-None permissions |
179 | private string m_name; | 179 | if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) |
180 | 180 | temp = m_resources[resource]; | |
181 | public string Name | 181 | |
182 | { | 182 | if (m_parents != null) |
183 | get { return m_name; } | 183 | { |
184 | } | 184 | foreach (Role parent in m_parents) |
185 | 185 | { | |
186 | public Resource(string name) | 186 | temp = parent.RequestPermission(resource, temp); |
187 | { | 187 | } |
188 | m_name = name; | 188 | } |
189 | } | 189 | |
190 | } | 190 | return temp; |
191 | 191 | } | |
192 | #endregion | 192 | |
193 | 193 | public void GivePermission(string resource, Permission perm) | |
194 | #region Tests | 194 | { |
195 | 195 | m_resources[resource] = perm; | |
196 | class ACLTester | 196 | } |
197 | { | 197 | |
198 | public ACLTester() | 198 | public Role(string name) |
199 | { | 199 | { |
200 | ACL acl = new ACL(); | 200 | m_name = name; |
201 | 201 | m_parents = null; | |
202 | Role Guests = new Role("Guests"); | 202 | } |
203 | acl.AddRole(Guests); | 203 | |
204 | 204 | public Role(string name, Role[] parents) | |
205 | Role[] parents = new Role[0]; | 205 | { |
206 | parents[0] = Guests; | 206 | m_name = name; |
207 | 207 | m_parents = parents; | |
208 | Role JoeGuest = new Role("JoeGuest", parents); | 208 | } |
209 | acl.AddRole(JoeGuest); | 209 | } |
210 | 210 | ||
211 | Resource CanBuild = new Resource("CanBuild"); | 211 | public class Resource |
212 | acl.AddResource(CanBuild); | 212 | { |
213 | 213 | private string m_name; | |
214 | 214 | ||
215 | acl.GrantPermission("Guests", "CanBuild"); | 215 | public string Name |
216 | 216 | { | |
217 | acl.HasPermission("JoeGuest", "CanBuild"); | 217 | get { return m_name; } |
218 | 218 | } | |
219 | } | 219 | |
220 | } | 220 | public Resource(string name) |
221 | 221 | { | |
222 | #endregion | 222 | m_name = name; |
223 | } | 223 | } |
224 | } | ||
225 | |||
226 | #endregion | ||
227 | |||
228 | #region Tests | ||
229 | |||
230 | class ACLTester | ||
231 | { | ||
232 | public ACLTester() | ||
233 | { | ||
234 | ACL acl = new ACL(); | ||
235 | |||
236 | Role Guests = new Role("Guests"); | ||
237 | acl.AddRole(Guests); | ||
238 | |||
239 | Role[] parents = new Role[0]; | ||
240 | parents[0] = Guests; | ||
241 | |||
242 | Role JoeGuest = new Role("JoeGuest", parents); | ||
243 | acl.AddRole(JoeGuest); | ||
244 | |||
245 | Resource CanBuild = new Resource("CanBuild"); | ||
246 | acl.AddResource(CanBuild); | ||
247 | |||
248 | |||
249 | acl.GrantPermission("Guests", "CanBuild"); | ||
250 | |||
251 | acl.HasPermission("JoeGuest", "CanBuild"); | ||
252 | |||
253 | } | ||
254 | } | ||
255 | |||
256 | #endregion | ||
257 | } | ||
diff --git a/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs b/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs index 1a9584a..cc56078 100644 --- a/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs +++ b/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs | |||
@@ -327,7 +327,7 @@ namespace OpenSim.Region.Communications.OGS1 | |||
327 | private void StartRemoting() | 327 | private void StartRemoting() |
328 | { | 328 | { |
329 | TcpChannel ch = new TcpChannel(this.serversInfo.RemotingListenerPort); | 329 | TcpChannel ch = new TcpChannel(this.serversInfo.RemotingListenerPort); |
330 | ChannelServices.RegisterChannel(ch, true); | 330 | ChannelServices.RegisterChannel(ch, false); // Disabled security as Mono doesnt support this. |
331 | 331 | ||
332 | WellKnownServiceTypeEntry wellType = new WellKnownServiceTypeEntry(typeof(OGS1InterRegionRemoting), "InterRegions", WellKnownObjectMode.Singleton); | 332 | WellKnownServiceTypeEntry wellType = new WellKnownServiceTypeEntry(typeof(OGS1InterRegionRemoting), "InterRegions", WellKnownObjectMode.Singleton); |
333 | RemotingConfiguration.RegisterWellKnownServiceType(wellType); | 333 | RemotingConfiguration.RegisterWellKnownServiceType(wellType); |
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs index d32ac0b..c40012d 100644 --- a/OpenSim/Region/Environment/PermissionManager.cs +++ b/OpenSim/Region/Environment/PermissionManager.cs | |||
@@ -1,327 +1,328 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (c) Contributors, http://opensimulator.org/ | 2 | * Copyright (c) Contributors, http://opensimulator.org/ |
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | 3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions are met: | 6 | * modification, are permitted provided that the following conditions are met: |
7 | * * Redistributions of source code must retain the above copyright | 7 | * * Redistributions of source code must retain the above copyright |
8 | * notice, this list of conditions and the following disclaimer. | 8 | * notice, this list of conditions and the following disclaimer. |
9 | * * Redistributions in binary form must reproduce the above copyright | 9 | * * Redistributions in binary form must reproduce the above copyright |
10 | * notice, this list of conditions and the following disclaimer in the | 10 | * notice, this list of conditions and the following disclaimer in the |
11 | * documentation and/or other materials provided with the distribution. | 11 | * documentation and/or other materials provided with the distribution. |
12 | * * Neither the name of the OpenSim Project nor the | 12 | * * Neither the name of the OpenSim Project nor the |
13 | * names of its contributors may be used to endorse or promote products | 13 | * names of its contributors may be used to endorse or promote products |
14 | * derived from this software without specific prior written permission. | 14 | * derived from this software without specific prior written permission. |
15 | * | 15 | * |
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY | 16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY |
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | 19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY |
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | * | 26 | * |
27 | */ | 27 | */ |
28 | 28 | ||
29 | using libsecondlife; | 29 | using libsecondlife; |
30 | using OpenSim.Region.Environment.LandManagement; | 30 | using OpenSim.Region.Environment.LandManagement; |
31 | using OpenSim.Region.Environment.Scenes; | 31 | using OpenSim.Region.Environment.Scenes; |
32 | 32 | using OpenSim.Framework.PolicyManager; | |
33 | namespace OpenSim.Region.Environment | 33 | |
34 | { | 34 | namespace OpenSim.Region.Environment |
35 | public class PermissionManager | 35 | { |
36 | { | 36 | public class PermissionManager |
37 | protected Scene m_scene; | 37 | { |
38 | 38 | protected Scene m_scene; | |
39 | // Bypasses the permissions engine (always returns OK) | 39 | |
40 | // disable in any production environment | 40 | // Bypasses the permissions engine (always returns OK) |
41 | // TODO: Change this to false when permissions are a desired default | 41 | // disable in any production environment |
42 | // TODO: Move to configuration option. | 42 | // TODO: Change this to false when permissions are a desired default |
43 | private bool m_bypassPermissions = true; | 43 | // TODO: Move to configuration option. |
44 | 44 | private bool m_bypassPermissions = true; | |
45 | public bool BypassPermissions | 45 | |
46 | { | 46 | public bool BypassPermissions |
47 | get { return m_bypassPermissions; } | 47 | { |
48 | set { m_bypassPermissions = value; } | 48 | get { return m_bypassPermissions; } |
49 | } | 49 | set { m_bypassPermissions = value; } |
50 | 50 | } | |
51 | 51 | ||
52 | public PermissionManager(Scene scene) | 52 | |
53 | { | 53 | public PermissionManager(Scene scene) |
54 | m_scene = scene; | 54 | { |
55 | } | 55 | m_scene = scene; |
56 | 56 | } | |
57 | protected virtual void SendPermissionError(LLUUID user, string reason) | 57 | |
58 | { | 58 | protected virtual void SendPermissionError(LLUUID user, string reason) |
59 | m_scene.EventManager.TriggerPermissionError(user, reason); | 59 | { |
60 | } | 60 | m_scene.EventManager.TriggerPermissionError(user, reason); |
61 | 61 | } | |
62 | protected virtual bool IsAdministrator(LLUUID user) | 62 | |
63 | { | 63 | protected virtual bool IsAdministrator(LLUUID user) |
64 | if (m_bypassPermissions) | 64 | { |
65 | { | 65 | if (m_bypassPermissions) |
66 | return true; | 66 | { |
67 | } | 67 | return true; |
68 | 68 | } | |
69 | return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; | 69 | |
70 | } | 70 | return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; |
71 | 71 | } | |
72 | protected virtual bool IsEstateManager(LLUUID user) | 72 | |
73 | { | 73 | protected virtual bool IsEstateManager(LLUUID user) |
74 | if (m_bypassPermissions) | 74 | { |
75 | { | 75 | if (m_bypassPermissions) |
76 | return true; | 76 | { |
77 | } | 77 | return true; |
78 | 78 | } | |
79 | return false; | 79 | |
80 | } | 80 | return false; |
81 | 81 | } | |
82 | protected virtual bool IsGridUser(LLUUID user) | 82 | |
83 | { | 83 | protected virtual bool IsGridUser(LLUUID user) |
84 | return true; | 84 | { |
85 | } | 85 | return true; |
86 | 86 | } | |
87 | protected virtual bool IsGuest(LLUUID user) | 87 | |
88 | { | 88 | protected virtual bool IsGuest(LLUUID user) |
89 | return false; | 89 | { |
90 | } | 90 | return false; |
91 | 91 | } | |
92 | public virtual bool CanRezObject(LLUUID user, LLVector3 position) | 92 | |
93 | { | 93 | public virtual bool CanRezObject(LLUUID user, LLVector3 position) |
94 | bool permission = false; | 94 | { |
95 | 95 | bool permission = false; | |
96 | string reason = "Insufficient permission"; | 96 | |
97 | 97 | string reason = "Insufficient permission"; | |
98 | if (IsAdministrator(user)) | 98 | |
99 | { | 99 | if (IsAdministrator(user)) |
100 | permission = true; | 100 | { |
101 | } | 101 | permission = true; |
102 | else | 102 | } |
103 | { | 103 | else |
104 | reason = "Not an administrator"; | 104 | { |
105 | } | 105 | reason = "Not an administrator"; |
106 | 106 | } | |
107 | if (GenericParcelPermission(user, position)) | 107 | |
108 | { | 108 | if (GenericParcelPermission(user, position)) |
109 | permission = true; | 109 | { |
110 | } | 110 | permission = true; |
111 | else | 111 | } |
112 | { | 112 | else |
113 | reason = "Not the parcel owner"; | 113 | { |
114 | } | 114 | reason = "Not the parcel owner"; |
115 | 115 | } | |
116 | if (!permission) | 116 | |
117 | SendPermissionError(user, reason); | 117 | if (!permission) |
118 | 118 | SendPermissionError(user, reason); | |
119 | return permission; | 119 | |
120 | } | 120 | return permission; |
121 | 121 | } | |
122 | #region Object Permissions | 122 | |
123 | 123 | #region Object Permissions | |
124 | protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId) | 124 | |
125 | { | 125 | protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId) |
126 | // Default: deny | 126 | { |
127 | bool permission = false; | 127 | // Default: deny |
128 | 128 | bool permission = false; | |
129 | if (!m_scene.Entities.ContainsKey(objId)) | 129 | |
130 | { | 130 | if (!m_scene.Entities.ContainsKey(objId)) |
131 | return false; | 131 | { |
132 | } | 132 | return false; |
133 | 133 | } | |
134 | // If it's not an object, we cant edit it. | 134 | |
135 | if (!(m_scene.Entities[objId] is SceneObjectGroup)) | 135 | // If it's not an object, we cant edit it. |
136 | { | 136 | if (!(m_scene.Entities[objId] is SceneObjectGroup)) |
137 | return false; | 137 | { |
138 | } | 138 | return false; |
139 | 139 | } | |
140 | SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId]; | 140 | |
141 | LLUUID taskOwner = null; | 141 | SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId]; |
142 | 142 | LLUUID taskOwner = null; | |
143 | // Object owners should be able to edit their own content | 143 | |
144 | if (user == taskOwner) | 144 | // Object owners should be able to edit their own content |
145 | permission = true; | 145 | if (user == taskOwner) |
146 | 146 | permission = true; | |
147 | // Users should be able to edit what is over their land. | 147 | |
148 | if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID == | 148 | // Users should be able to edit what is over their land. |
149 | user) | 149 | if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID == |
150 | permission = true; | 150 | user) |
151 | 151 | permission = true; | |
152 | // Estate users should be able to edit anything in the sim | 152 | |
153 | if (IsEstateManager(user)) | 153 | // Estate users should be able to edit anything in the sim |
154 | permission = true; | 154 | if (IsEstateManager(user)) |
155 | 155 | permission = true; | |
156 | // Admin objects should not be editable by the above | 156 | |
157 | if (IsAdministrator(taskOwner)) | 157 | // Admin objects should not be editable by the above |
158 | permission = false; | 158 | if (IsAdministrator(taskOwner)) |
159 | 159 | permission = false; | |
160 | // Admin should be able to edit anything in the sim (including admin objects) | 160 | |
161 | if (IsAdministrator(user)) | 161 | // Admin should be able to edit anything in the sim (including admin objects) |
162 | permission = true; | 162 | if (IsAdministrator(user)) |
163 | 163 | permission = true; | |
164 | return permission; | 164 | |
165 | } | 165 | return permission; |
166 | 166 | } | |
167 | /// <summary> | 167 | |
168 | /// Permissions check - can user delete an object? | 168 | /// <summary> |
169 | /// </summary> | 169 | /// Permissions check - can user delete an object? |
170 | /// <param name="user">User attempting the delete</param> | 170 | /// </summary> |
171 | /// <param name="obj">Target object</param> | 171 | /// <param name="user">User attempting the delete</param> |
172 | /// <returns>Has permission?</returns> | 172 | /// <param name="obj">Target object</param> |
173 | public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) | 173 | /// <returns>Has permission?</returns> |
174 | { | 174 | public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) |
175 | return GenericObjectPermission(user, obj); | 175 | { |
176 | } | 176 | return GenericObjectPermission(user, obj); |
177 | 177 | } | |
178 | public virtual bool CanEditObject(LLUUID user, LLUUID obj) | 178 | |
179 | { | 179 | public virtual bool CanEditObject(LLUUID user, LLUUID obj) |
180 | return GenericObjectPermission(user, obj); | 180 | { |
181 | } | 181 | return GenericObjectPermission(user, obj); |
182 | 182 | } | |
183 | public virtual bool CanReturnObject(LLUUID user, LLUUID obj) | 183 | |
184 | { | 184 | public virtual bool CanReturnObject(LLUUID user, LLUUID obj) |
185 | return GenericObjectPermission(user, obj); | 185 | { |
186 | } | 186 | return GenericObjectPermission(user, obj); |
187 | 187 | } | |
188 | #endregion | 188 | |
189 | 189 | #endregion | |
190 | #region Communication Permissions | 190 | |
191 | 191 | #region Communication Permissions | |
192 | public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) | 192 | |
193 | { | 193 | public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) |
194 | bool permission = false; | 194 | { |
195 | string reason = "Only registered users may communicate with another account."; | 195 | bool permission = false; |
196 | 196 | string reason = "Only registered users may communicate with another account."; | |
197 | if (IsGridUser(user)) | 197 | |
198 | permission = true; | 198 | if (IsGridUser(user)) |
199 | 199 | permission = true; | |
200 | if (!IsGridUser(user)) | 200 | |
201 | { | 201 | if (!IsGridUser(user)) |
202 | permission = false; | 202 | { |
203 | reason = "The person that you are messaging is not a registered user."; | 203 | permission = false; |
204 | } | 204 | reason = "The person that you are messaging is not a registered user."; |
205 | if (IsAdministrator(user)) | 205 | } |
206 | permission = true; | 206 | if (IsAdministrator(user)) |
207 | 207 | permission = true; | |
208 | if (IsEstateManager(user)) | 208 | |
209 | permission = true; | 209 | if (IsEstateManager(user)) |
210 | 210 | permission = true; | |
211 | if (!permission) | 211 | |
212 | SendPermissionError(user, reason); | 212 | if (!permission) |
213 | 213 | SendPermissionError(user, reason); | |
214 | return permission; | 214 | |
215 | } | 215 | return permission; |
216 | 216 | } | |
217 | public virtual bool CanInstantMessage(LLUUID user, LLUUID target) | 217 | |
218 | { | 218 | public virtual bool CanInstantMessage(LLUUID user, LLUUID target) |
219 | return GenericCommunicationPermission(user, target); | 219 | { |
220 | } | 220 | return GenericCommunicationPermission(user, target); |
221 | 221 | } | |
222 | public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) | 222 | |
223 | { | 223 | public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) |
224 | return GenericCommunicationPermission(user, target); | 224 | { |
225 | } | 225 | return GenericCommunicationPermission(user, target); |
226 | 226 | } | |
227 | #endregion | 227 | |
228 | 228 | #endregion | |
229 | public virtual bool CanEditScript(LLUUID user, LLUUID script) | 229 | |
230 | { | 230 | public virtual bool CanEditScript(LLUUID user, LLUUID script) |
231 | return IsAdministrator(user); | 231 | { |
232 | } | 232 | return IsAdministrator(user); |
233 | 233 | } | |
234 | public virtual bool CanRunScript(LLUUID user, LLUUID script) | 234 | |
235 | { | 235 | public virtual bool CanRunScript(LLUUID user, LLUUID script) |
236 | return IsAdministrator(user); | 236 | { |
237 | } | 237 | return IsAdministrator(user); |
238 | 238 | } | |
239 | public virtual bool CanTerraform(LLUUID user, LLVector3 position) | 239 | |
240 | { | 240 | public virtual bool CanTerraform(LLUUID user, LLVector3 position) |
241 | bool permission = false; | 241 | { |
242 | 242 | bool permission = false; | |
243 | // Estate override | 243 | |
244 | if (GenericEstatePermission(user)) | 244 | // Estate override |
245 | permission = true; | 245 | if (GenericEstatePermission(user)) |
246 | 246 | permission = true; | |
247 | // Land owner can terraform too | 247 | |
248 | if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) | 248 | // Land owner can terraform too |
249 | permission = true; | 249 | if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) |
250 | 250 | permission = true; | |
251 | if (!permission) | 251 | |
252 | SendPermissionError(user, "Not authorized to terraform at this location."); | 252 | if (!permission) |
253 | 253 | SendPermissionError(user, "Not authorized to terraform at this location."); | |
254 | return permission; | 254 | |
255 | } | 255 | return permission; |
256 | 256 | } | |
257 | #region Estate Permissions | 257 | |
258 | 258 | #region Estate Permissions | |
259 | protected virtual bool GenericEstatePermission(LLUUID user) | 259 | |
260 | { | 260 | protected virtual bool GenericEstatePermission(LLUUID user) |
261 | // Default: deny | 261 | { |
262 | bool permission = false; | 262 | // Default: deny |
263 | 263 | bool permission = false; | |
264 | // Estate admins should be able to use estate tools | 264 | |
265 | if (IsEstateManager(user)) | 265 | // Estate admins should be able to use estate tools |
266 | permission = true; | 266 | if (IsEstateManager(user)) |
267 | 267 | permission = true; | |
268 | // Administrators always have permission | 268 | |
269 | if (IsAdministrator(user)) | 269 | // Administrators always have permission |
270 | permission = true; | 270 | if (IsAdministrator(user)) |
271 | 271 | permission = true; | |
272 | return permission; | 272 | |
273 | } | 273 | return permission; |
274 | 274 | } | |
275 | public virtual bool CanEditEstateTerrain(LLUUID user) | 275 | |
276 | { | 276 | public virtual bool CanEditEstateTerrain(LLUUID user) |
277 | return GenericEstatePermission(user); | 277 | { |
278 | } | 278 | return GenericEstatePermission(user); |
279 | 279 | } | |
280 | #endregion | 280 | |
281 | 281 | #endregion | |
282 | #region Parcel Permissions | 282 | |
283 | 283 | #region Parcel Permissions | |
284 | protected virtual bool GenericParcelPermission(LLUUID user, Land parcel) | 284 | |
285 | { | 285 | protected virtual bool GenericParcelPermission(LLUUID user, Land parcel) |
286 | bool permission = false; | 286 | { |
287 | 287 | bool permission = false; | |
288 | if (parcel.landData.ownerID == user) | 288 | |
289 | permission = true; | 289 | if (parcel.landData.ownerID == user) |
290 | 290 | permission = true; | |
291 | if (parcel.landData.isGroupOwned) | 291 | |
292 | { | 292 | if (parcel.landData.isGroupOwned) |
293 | // TODO: Need to do some extra checks here. Requires group code. | 293 | { |
294 | } | 294 | // TODO: Need to do some extra checks here. Requires group code. |
295 | 295 | } | |
296 | if (IsEstateManager(user)) | 296 | |
297 | permission = true; | 297 | if (IsEstateManager(user)) |
298 | 298 | permission = true; | |
299 | if (IsAdministrator(user)) | 299 | |
300 | permission = true; | 300 | if (IsAdministrator(user)) |
301 | 301 | permission = true; | |
302 | return permission; | 302 | |
303 | } | 303 | return permission; |
304 | 304 | } | |
305 | protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) | 305 | |
306 | { | 306 | protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) |
307 | return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); | 307 | { |
308 | } | 308 | return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); |
309 | 309 | } | |
310 | public virtual bool CanEditParcel(LLUUID user, Land parcel) | 310 | |
311 | { | 311 | public virtual bool CanEditParcel(LLUUID user, Land parcel) |
312 | return GenericParcelPermission(user, parcel); | 312 | { |
313 | } | 313 | return GenericParcelPermission(user, parcel); |
314 | 314 | } | |
315 | public virtual bool CanSellParcel(LLUUID user, Land parcel) | 315 | |
316 | { | 316 | public virtual bool CanSellParcel(LLUUID user, Land parcel) |
317 | return GenericParcelPermission(user, parcel); | 317 | { |
318 | } | 318 | return GenericParcelPermission(user, parcel); |
319 | 319 | } | |
320 | public virtual bool CanAbandonParcel(LLUUID user, Land parcel) | 320 | |
321 | { | 321 | public virtual bool CanAbandonParcel(LLUUID user, Land parcel) |
322 | return GenericParcelPermission(user, parcel); | 322 | { |
323 | } | 323 | return GenericParcelPermission(user, parcel); |
324 | 324 | } | |
325 | #endregion | 325 | |
326 | } | 326 | #endregion |
327 | } | 327 | } |
328 | } | ||