diff options
author | Justin Clark-Casey (justincc) | 2010-04-19 21:02:36 +0100 |
---|---|---|
committer | Justin Clark-Casey (justincc) | 2010-05-26 21:12:56 +0100 |
commit | d6e1333810b41407378a534a720128b498e0aada (patch) | |
tree | fa3cd62cc573cbffb41fb5ccff37e22c65c464d7 /OpenSim | |
parent | check group membership and powers with the groups module rather than just the... (diff) | |
download | opensim-SC-d6e1333810b41407378a534a720128b498e0aada.zip opensim-SC-d6e1333810b41407378a534a720128b498e0aada.tar.gz opensim-SC-d6e1333810b41407378a534a720128b498e0aada.tar.bz2 opensim-SC-d6e1333810b41407378a534a720128b498e0aada.tar.xz |
If a transfer request is received for a task inventory item asset, then route the permissions request through the existing CanEditScript() and CanEditNotecard() methods.
This implements the 'share with group' flag for notecards and scripts in prim inventory since the PermissionsModule checks group membership and permissions.
Other than that, the code in PermissionsModule duplicates the checks in LLClientView so there should be no change other than allowing group members to edit embedded notecards and scripts.
For all other asset types, the permission checking code in LLClientView continues to be used, pending refactoring of suitable permissions code
This means that 'share with group' will not yet work for prim inventory items other than notecards and scripts
Diffstat (limited to 'OpenSim')
-rw-r--r-- | OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs | 99 | ||||
-rw-r--r-- | OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | 17 |
2 files changed, 91 insertions, 25 deletions
diff --git a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs index bd0c146..c9ef173 100644 --- a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs +++ b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs | |||
@@ -7053,32 +7053,89 @@ namespace OpenSim.Region.ClientStack.LindenUDP | |||
7053 | taskID = new UUID(transfer.TransferInfo.Params, 48); | 7053 | taskID = new UUID(transfer.TransferInfo.Params, 48); |
7054 | UUID itemID = new UUID(transfer.TransferInfo.Params, 64); | 7054 | UUID itemID = new UUID(transfer.TransferInfo.Params, 64); |
7055 | UUID requestID = new UUID(transfer.TransferInfo.Params, 80); | 7055 | UUID requestID = new UUID(transfer.TransferInfo.Params, 80); |
7056 | |||
7057 | // m_log.DebugFormat( | ||
7058 | // "[CLIENT]: Got request for asset {0} from item {1} in prim {2} by {3}", | ||
7059 | // requestID, itemID, taskID, Name); | ||
7060 | |||
7056 | if (!(((Scene)m_scene).Permissions.BypassPermissions())) | 7061 | if (!(((Scene)m_scene).Permissions.BypassPermissions())) |
7057 | { | 7062 | { |
7058 | if (taskID != UUID.Zero) // Prim | 7063 | if (taskID != UUID.Zero) // Prim |
7059 | { | 7064 | { |
7060 | SceneObjectPart part = ((Scene)m_scene).GetSceneObjectPart(taskID); | 7065 | SceneObjectPart part = ((Scene)m_scene).GetSceneObjectPart(taskID); |
7061 | if (part == null) | 7066 | if (part == null) |
7067 | { | ||
7068 | m_log.WarnFormat( | ||
7069 | "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but prim does not exist", | ||
7070 | Name, requestID, itemID, taskID); | ||
7062 | return true; | 7071 | return true; |
7072 | } | ||
7063 | 7073 | ||
7064 | if (part.OwnerID != AgentId) | 7074 | TaskInventoryItem tii = part.Inventory.GetInventoryItem(itemID); |
7065 | return true; | 7075 | if (tii == null) |
7066 | 7076 | { | |
7067 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | 7077 | m_log.WarnFormat( |
7068 | return true; | 7078 | "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but item does not exist", |
7069 | 7079 | Name, requestID, itemID, taskID); | |
7070 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(itemID); | ||
7071 | if (ti == null) | ||
7072 | return true; | ||
7073 | |||
7074 | if (ti.OwnerID != AgentId) | ||
7075 | return true; | ||
7076 | |||
7077 | if ((ti.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) | ||
7078 | return true; | ||
7079 | |||
7080 | if (ti.AssetID != requestID) | ||
7081 | return true; | 7080 | return true; |
7081 | } | ||
7082 | |||
7083 | if (tii.Type == (int)AssetType.LSLText) | ||
7084 | { | ||
7085 | if (!((Scene)m_scene).Permissions.CanEditScript(itemID, taskID, AgentId)) | ||
7086 | return true; | ||
7087 | } | ||
7088 | else if (tii.Type == (int)AssetType.Notecard) | ||
7089 | { | ||
7090 | if (!((Scene)m_scene).Permissions.CanEditNotecard(itemID, taskID, AgentId)) | ||
7091 | return true; | ||
7092 | } | ||
7093 | else | ||
7094 | { | ||
7095 | // TODO: Change this code to allow items other than notecards and scripts to be successfully | ||
7096 | // shared with group. In fact, all this permissions checking should move to an IPermissionsModule | ||
7097 | if (part.OwnerID != AgentId) | ||
7098 | { | ||
7099 | m_log.WarnFormat( | ||
7100 | "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but the prim is owned by {4}", | ||
7101 | Name, requestID, itemID, taskID, part.OwnerID); | ||
7102 | return true; | ||
7103 | } | ||
7104 | |||
7105 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | ||
7106 | { | ||
7107 | m_log.WarnFormat( | ||
7108 | "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but modify permissions are not set", | ||
7109 | Name, requestID, itemID, taskID); | ||
7110 | return true; | ||
7111 | } | ||
7112 | |||
7113 | if (tii.OwnerID != AgentId) | ||
7114 | { | ||
7115 | m_log.WarnFormat( | ||
7116 | "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but the item is owned by {4}", | ||
7117 | Name, requestID, itemID, taskID, tii.OwnerID); | ||
7118 | return true; | ||
7119 | } | ||
7120 | |||
7121 | if (( | ||
7122 | tii.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) | ||
7123 | != ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) | ||
7124 | { | ||
7125 | m_log.WarnFormat( | ||
7126 | "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but item permissions are not modify/copy/transfer", | ||
7127 | Name, requestID, itemID, taskID); | ||
7128 | return true; | ||
7129 | } | ||
7130 | |||
7131 | if (tii.AssetID != requestID) | ||
7132 | { | ||
7133 | m_log.WarnFormat( | ||
7134 | "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but this does not match item's asset {4}", | ||
7135 | Name, requestID, itemID, taskID, tii.AssetID); | ||
7136 | return true; | ||
7137 | } | ||
7138 | } | ||
7082 | } | 7139 | } |
7083 | else // Agent | 7140 | else // Agent |
7084 | { | 7141 | { |
@@ -7114,7 +7171,12 @@ namespace OpenSim.Region.ClientStack.LindenUDP | |||
7114 | } | 7171 | } |
7115 | 7172 | ||
7116 | if (assetRequestItem.AssetID != requestID) | 7173 | if (assetRequestItem.AssetID != requestID) |
7174 | { | ||
7175 | m_log.WarnFormat( | ||
7176 | "[CLIENT]: {0} requested asset {1} from item {2} but this does not match item's asset {3}", | ||
7177 | Name, requestID, itemID, assetRequestItem.AssetID); | ||
7117 | return true; | 7178 | return true; |
7179 | } | ||
7118 | } | 7180 | } |
7119 | } | 7181 | } |
7120 | } | 7182 | } |
@@ -11310,8 +11372,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP | |||
11310 | // } | 11372 | // } |
11311 | } | 11373 | } |
11312 | 11374 | ||
11313 | //check to see if asset is in local cache, if not we need to request it from asset server. | 11375 | // m_log.DebugFormat("[CLIENT]: {0} requesting asset {1}", Name, requestID); |
11314 | //m_log.Debug("asset request " + requestID); | ||
11315 | 11376 | ||
11316 | m_assetService.Get(requestID.ToString(), transferRequest, AssetReceived); | 11377 | m_assetService.Get(requestID.ToString(), transferRequest, AssetReceived); |
11317 | 11378 | ||
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index db900df..a972ca6 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | |||
@@ -1063,7 +1063,9 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1063 | 1063 | ||
1064 | if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) | 1064 | if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) |
1065 | return false; | 1065 | return false; |
1066 | } else { | 1066 | } |
1067 | else | ||
1068 | { | ||
1067 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | 1069 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) |
1068 | return false; | 1070 | return false; |
1069 | } | 1071 | } |
@@ -1079,7 +1081,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1079 | return false; | 1081 | return false; |
1080 | 1082 | ||
1081 | if (!IsGroupMember(ti.GroupID, user, 0)) | 1083 | if (!IsGroupMember(ti.GroupID, user, 0)) |
1082 | return false; | 1084 | return false; |
1083 | } | 1085 | } |
1084 | 1086 | ||
1085 | // Require full perms | 1087 | // Require full perms |
@@ -1483,14 +1485,16 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1483 | if (part.OwnerID != user) | 1485 | if (part.OwnerID != user) |
1484 | { | 1486 | { |
1485 | if (part.GroupID == UUID.Zero) | 1487 | if (part.GroupID == UUID.Zero) |
1486 | return false; | 1488 | return false; |
1487 | 1489 | ||
1488 | if (!IsGroupMember(part.GroupID, user, 0)) | 1490 | if (!IsGroupMember(part.GroupID, user, 0)) |
1489 | return false; | 1491 | return false; |
1490 | 1492 | ||
1491 | if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) | 1493 | if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) |
1492 | return false; | 1494 | return false; |
1493 | } else { | 1495 | } |
1496 | else | ||
1497 | { | ||
1494 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | 1498 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) |
1495 | return false; | 1499 | return false; |
1496 | } | 1500 | } |
@@ -1806,7 +1810,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1806 | // Is it correct to be less restrictive for lists of objects to be returned? | 1810 | // Is it correct to be less restrictive for lists of objects to be returned? |
1807 | } | 1811 | } |
1808 | 1812 | ||
1809 | private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) { | 1813 | private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) |
1814 | { | ||
1810 | //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); | 1815 | //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); |
1811 | switch (scriptType) { | 1816 | switch (scriptType) { |
1812 | case 0: | 1817 | case 0: |
@@ -1840,4 +1845,4 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1840 | return(false); | 1845 | return(false); |
1841 | } | 1846 | } |
1842 | } | 1847 | } |
1843 | } | 1848 | } \ No newline at end of file |