diff options
Diffstat (limited to 'OpenSim/Region/CoreModules/World')
-rw-r--r-- | OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | 213 |
1 files changed, 116 insertions, 97 deletions
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 8fcf44f..094da2b 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | |||
@@ -479,7 +479,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
479 | 479 | ||
480 | return false; | 480 | return false; |
481 | } | 481 | } |
482 | 482 | /* | |
483 | private bool CheckGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask) | 483 | private bool CheckGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask) |
484 | { | 484 | { |
485 | if(sp == null || sp.ControllingClient == null) | 485 | if(sp == null || sp.ControllingClient == null) |
@@ -504,7 +504,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
504 | 504 | ||
505 | return (grpPowers & powersMask) != 0; | 505 | return (grpPowers & powersMask) != 0; |
506 | } | 506 | } |
507 | 507 | */ | |
508 | /// <summary> | 508 | /// <summary> |
509 | /// Parse a user set configuration setting | 509 | /// Parse a user set configuration setting |
510 | /// </summary> | 510 | /// </summary> |
@@ -631,96 +631,148 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
631 | 631 | ||
632 | #region Object Permissions | 632 | #region Object Permissions |
633 | #pragma warning disable 0612 | 633 | #pragma warning disable 0612 |
634 | const uint NOT_DEFAULT_FLAGS = (uint)~( | 634 | const uint DEFAULT_FLAGS = (uint)~( |
635 | PrimFlags.ObjectCopy | // Tells client you can copy the object | 635 | PrimFlags.ObjectCopy | // Tells client you can copy the object |
636 | PrimFlags.ObjectModify | // tells client you can modify the object | 636 | PrimFlags.ObjectModify | // tells client you can modify the object |
637 | PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod) | 637 | PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod) |
638 | PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it | 638 | PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it |
639 | PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object | 639 | PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object |
640 | PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object | 640 | PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object |
641 | PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object | 641 | PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object |
642 | ); | 642 | ); |
643 | |||
644 | const uint NOT_DEFAULT_FLAGS = (uint)~( | ||
645 | PrimFlags.ObjectCopy | // Tells client you can copy the object | ||
646 | PrimFlags.ObjectModify | // tells client you can modify the object | ||
647 | PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod) | ||
648 | PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it | ||
649 | PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object | ||
650 | PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object | ||
651 | PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object | ||
652 | ); | ||
643 | #pragma warning restore 0612 | 653 | #pragma warning restore 0612 |
644 | 654 | ||
645 | const uint EXTRAOWNERMASK = (uint)( | 655 | const uint EXTRAOWNERMASK = (uint)( |
656 | PrimFlags.ObjectYouOwner | | ||
657 | PrimFlags.ObjectAnyOwner | ||
658 | ); | ||
659 | |||
660 | const uint EXTRAGODMASK = (uint)( | ||
646 | PrimFlags.ObjectYouOwner | | 661 | PrimFlags.ObjectYouOwner | |
647 | PrimFlags.ObjectAnyOwner | | 662 | PrimFlags.ObjectAnyOwner | |
648 | PrimFlags.ObjectOwnerModify | 663 | PrimFlags.ObjectOwnerModify | |
664 | PrimFlags.ObjectModify | | ||
665 | PrimFlags.ObjectMove | ||
649 | ); | 666 | ); |
650 | 667 | ||
651 | public uint GenerateClientFlags(ScenePresence sp, uint curEffectivePerms, UUID objID) | 668 | public uint GenerateClientFlags(ScenePresence sp, uint curEffectivePerms, UUID objID) |
652 | { | 669 | { |
653 | // ObjectFlags and Permission flags are two different enumerations | 670 | if(sp == null || curEffectivePerms == 0) |
654 | // ObjectFlags, tells the client what it will allow the user to do. | 671 | return (uint)0; |
655 | 672 | ||
656 | SceneObjectPart task = m_scene.GetSceneObjectPart(objID); | 673 | SceneObjectPart task = m_scene.GetSceneObjectPart(objID); |
657 | 674 | ||
658 | // this shouldn't ever happen.. return no permissions/objectflags. | 675 | // this shouldn't ever happen.. return no permissions/objectflags. |
659 | if (task == null) | 676 | if (task == null) |
660 | return (uint)0; | 677 | return (uint)0; |
661 | |||
662 | if(curEffectivePerms == 0) | ||
663 | return 0; | ||
664 | 678 | ||
665 | // Remove any of the objectFlags that are temporary. These will get added back if appropriate | 679 | // Remove any of the objectFlags that are temporary. These will get added back if appropriate |
666 | // in the next bit of code | ||
667 | uint objflags = curEffectivePerms & NOT_DEFAULT_FLAGS ; | 680 | uint objflags = curEffectivePerms & NOT_DEFAULT_FLAGS ; |
668 | 681 | ||
669 | // get a relevant class for current presence on task | 682 | uint returnMask; |
670 | PermissionClass permissionClass = GetPermissionClass(sp, task); | ||
671 | 683 | ||
672 | // handle acording | 684 | // gods have owner rights with Modify and Move always on |
673 | uint returnMask = 0; | 685 | if(sp.IsGod) |
674 | switch (permissionClass) | ||
675 | { | 686 | { |
676 | case PermissionClass.Owner: | 687 | returnMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); |
677 | // Customize the OwnerMask | 688 | returnMask |= EXTRAGODMASK; |
678 | // on next line EveryoneMask possible is redundant | 689 | return returnMask; |
679 | // but then it should also be on GroupMask | 690 | } |
680 | returnMask = ApplyObjectModifyMasks(task.OwnerMask | task.EveryoneMask, objflags); | 691 | |
681 | returnMask |= EXTRAOWNERMASK; | 692 | //bypass option == owner rights |
682 | break; | 693 | if (m_bypassPermissions) |
694 | { | ||
695 | returnMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); | ||
696 | returnMask |= EXTRAOWNERMASK; | ||
697 | if((returnMask & (uint)PrimFlags.ObjectModify) != 0) | ||
698 | returnMask |= (uint)PrimFlags.ObjectOwnerModify; | ||
699 | return returnMask; | ||
700 | } | ||
701 | |||
702 | UUID taskOwnerID = task.OwnerID; | ||
703 | UUID spID = sp.UUID; | ||
683 | 704 | ||
684 | case PermissionClass.Group: | 705 | // owner |
685 | // Customize the GroupMask | 706 | if (spID == taskOwnerID) |
686 | if(task.GroupID == task.OwnerID) | 707 | { |
708 | returnMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); | ||
709 | returnMask |= EXTRAOWNERMASK; | ||
710 | if((returnMask & (uint)PrimFlags.ObjectModify) != 0) | ||
711 | returnMask |= (uint)PrimFlags.ObjectOwnerModify; | ||
712 | return returnMask; | ||
713 | } | ||
714 | |||
715 | // if not god or owner, do attachments as everyone | ||
716 | if(task.ParentGroup.IsAttachment) | ||
717 | { | ||
718 | returnMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); | ||
719 | if (taskOwnerID != UUID.Zero) | ||
720 | returnMask |= (uint)PrimFlags.ObjectAnyOwner; | ||
721 | return returnMask; | ||
722 | } | ||
723 | |||
724 | // if friends with rights then owner | ||
725 | if (IsFriendWithPerms(spID, taskOwnerID)) | ||
726 | { | ||
727 | returnMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); | ||
728 | returnMask |= EXTRAOWNERMASK; | ||
729 | if((returnMask & (uint)PrimFlags.ObjectModify) != 0) | ||
730 | returnMask |= (uint)PrimFlags.ObjectOwnerModify; | ||
731 | return returnMask; | ||
732 | } | ||
733 | |||
734 | // group owned or shared ? | ||
735 | UUID taskGroupID = task.GroupID; | ||
736 | IClientAPI client = sp.ControllingClient; | ||
737 | if(taskGroupID != UUID.Zero && client != null && client.IsGroupMember(taskGroupID)) | ||
738 | { | ||
739 | if(taskGroupID == taskOwnerID) | ||
740 | { | ||
741 | // object is owned by group, owner rights and group role powers do apply | ||
742 | if((client.GetGroupPowers(taskGroupID) & (ulong)GroupPowers.ObjectManipulate) != 0) | ||
743 | // instead forcing active group can be safeguard againts casual mistakes ?? | ||
744 | //if(CheckActiveGroupPowers(sp, task.GroupID, (ulong)GroupPowers.ObjectManipulate)) | ||
687 | { | 745 | { |
688 | // object is owned by group, owner rights do apply | 746 | returnMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); |
689 | // we are not limiting to group owned parcel so this work anywhere | 747 | returnMask |= |
690 | if(CheckGroupPowers(sp, task.GroupID, (ulong)GroupPowers.ObjectManipulate)) | 748 | (uint)PrimFlags.ObjectGroupOwned | |
691 | // instead forcing active group can be safeguard againts casual mistakes ?? | 749 | (uint)PrimFlags.ObjectAnyOwner; |
692 | //if(CheckActiveGroupPowers(sp, task.GroupID, (ulong)GroupPowers.ObjectManipulate)) | 750 | if((returnMask & (uint)PrimFlags.ObjectModify) != 0) |
693 | { | 751 | returnMask |= (uint)PrimFlags.ObjectOwnerModify; |
694 | returnMask = ApplyObjectModifyMasks(task.OwnerMask | task.EveryoneMask, objflags); | 752 | return returnMask; |
695 | returnMask |= | ||
696 | (uint)PrimFlags.ObjectGroupOwned | | ||
697 | (uint)PrimFlags.ObjectAnyOwner; | ||
698 | if((returnMask & (uint)PrimFlags.ObjectModify) != 0) | ||
699 | returnMask |= (uint)PrimFlags.ObjectOwnerModify; | ||
700 | } | ||
701 | else | ||
702 | { | ||
703 | // no special rights | ||
704 | returnMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); | ||
705 | returnMask |= (uint)PrimFlags.ObjectAnyOwner; | ||
706 | } | ||
707 | } | 753 | } |
708 | else | 754 | else |
709 | { | 755 | { |
710 | // not group owned, group sharing rights apply | 756 | // no special rights |
711 | returnMask = ApplyObjectModifyMasks(task.GroupMask | task.EveryoneMask, objflags); | 757 | returnMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); |
712 | if (task.OwnerID != UUID.Zero) | 758 | returnMask |= (uint)PrimFlags.ObjectAnyOwner; |
713 | returnMask |= (uint)PrimFlags.ObjectAnyOwner; | 759 | return returnMask; |
714 | } | 760 | } |
715 | break; | 761 | } |
716 | 762 | else | |
717 | case PermissionClass.Everyone: | 763 | { |
718 | default: | 764 | // group sharing |
719 | returnMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); | 765 | returnMask = ApplyObjectModifyMasks(task.GroupMask, objflags); |
720 | if (task.OwnerID != UUID.Zero) | 766 | if (taskOwnerID != UUID.Zero) |
721 | returnMask |= (uint)PrimFlags.ObjectAnyOwner; | 767 | returnMask |= (uint)PrimFlags.ObjectAnyOwner; |
722 | break; | 768 | return returnMask; |
769 | } | ||
723 | } | 770 | } |
771 | |||
772 | // fallback is everyone rights | ||
773 | returnMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); | ||
774 | if (taskOwnerID != UUID.Zero) | ||
775 | returnMask |= (uint)PrimFlags.ObjectAnyOwner; | ||
724 | return returnMask; | 776 | return returnMask; |
725 | } | 777 | } |
726 | 778 | ||
@@ -752,39 +804,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
752 | return objectFlagsMask; | 804 | return objectFlagsMask; |
753 | } | 805 | } |
754 | 806 | ||
755 | private PermissionClass GetPermissionClass(ScenePresence sp, SceneObjectPart obj) | ||
756 | { | ||
757 | if (obj == null || sp == null) | ||
758 | return PermissionClass.Everyone; | ||
759 | |||
760 | if (m_bypassPermissions) | ||
761 | return PermissionClass.Owner; | ||
762 | |||
763 | |||
764 | if (sp.IsGod) | ||
765 | return PermissionClass.Owner; | ||
766 | |||
767 | UUID user = sp.UUID; | ||
768 | |||
769 | // Object owners should be able to edit their own content | ||
770 | UUID objectOwner = obj.OwnerID; | ||
771 | if (user == objectOwner) | ||
772 | return PermissionClass.Owner; | ||
773 | |||
774 | if(!obj.ParentGroup.IsAttachment) | ||
775 | { | ||
776 | if (IsFriendWithPerms(user, objectOwner) ) | ||
777 | return PermissionClass.Owner; | ||
778 | |||
779 | // Group permissions | ||
780 | // in future group membership must leave llclentViewer, but for now it is there. | ||
781 | if (obj.GroupID != UUID.Zero && sp.ControllingClient != null && sp.ControllingClient.IsGroupMember(obj.GroupID)) | ||
782 | return PermissionClass.Group; | ||
783 | } | ||
784 | |||
785 | return PermissionClass.Everyone; | ||
786 | } | ||
787 | |||
788 | // OARs need this method that handles offline users | 807 | // OARs need this method that handles offline users |
789 | public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj) | 808 | public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj) |
790 | { | 809 | { |