diff options
Diffstat (limited to 'OpenSim/Region/CoreModules')
-rw-r--r-- | OpenSim/Region/CoreModules/ServiceConnectorsOut/Interregion/LocalInterregionComms.cs | 2 | ||||
-rw-r--r-- | OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | 125 |
2 files changed, 112 insertions, 15 deletions
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Interregion/LocalInterregionComms.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Interregion/LocalInterregionComms.cs index d68c683..0730f8b 100644 --- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Interregion/LocalInterregionComms.cs +++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Interregion/LocalInterregionComms.cs | |||
@@ -260,7 +260,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Interregion | |||
260 | { | 260 | { |
261 | if (s.RegionInfo.RegionHandle == regionHandle) | 261 | if (s.RegionInfo.RegionHandle == regionHandle) |
262 | { | 262 | { |
263 | //m_log.Debug("[LOCAL COMMS]: Found region to SendCreateObject"); | 263 | // m_log.Debug("[LOCAL COMMS]: Found region to SendCreateObject"); |
264 | if (isLocalCall) | 264 | if (isLocalCall) |
265 | { | 265 | { |
266 | // We need to make a local copy of the object | 266 | // We need to make a local copy of the object |
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 212cfee..e11e23a 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | |||
@@ -145,7 +145,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
145 | private Dictionary<string, bool> GrantVB = new Dictionary<string, bool>(); | 145 | private Dictionary<string, bool> GrantVB = new Dictionary<string, bool>(); |
146 | private Dictionary<string, bool> GrantJS = new Dictionary<string, bool>(); | 146 | private Dictionary<string, bool> GrantJS = new Dictionary<string, bool>(); |
147 | private Dictionary<string, bool> GrantYP = new Dictionary<string, bool>(); | 147 | private Dictionary<string, bool> GrantYP = new Dictionary<string, bool>(); |
148 | private IFriendsModule m_friendsModule = null; | 148 | private IFriendsModule m_friendsModule; |
149 | private IGroupsModule m_groupsModule; | ||
149 | 150 | ||
150 | #endregion | 151 | #endregion |
151 | 152 | ||
@@ -369,9 +370,12 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
369 | m_friendsModule = m_scene.RequestModuleInterface<IFriendsModule>(); | 370 | m_friendsModule = m_scene.RequestModuleInterface<IFriendsModule>(); |
370 | 371 | ||
371 | if (m_friendsModule == null) | 372 | if (m_friendsModule == null) |
372 | m_log.Error("[PERMISSIONS]: Friends module not found, friend permissions will not work"); | 373 | m_log.Warn("[PERMISSIONS]: Friends module not found, friend permissions will not work"); |
373 | else | 374 | |
374 | m_log.Info("[PERMISSIONS]: Friends module found, friend permissions enabled"); | 375 | m_groupsModule = m_scene.RequestModuleInterface<IGroupsModule>(); |
376 | |||
377 | if (m_groupsModule == null) | ||
378 | m_log.Warn("[PERMISSIONS]: Groups module not found, group permissions will not work"); | ||
375 | } | 379 | } |
376 | 380 | ||
377 | public void Close() | 381 | public void Close() |
@@ -406,15 +410,34 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
406 | // with the powers requested (powers = 0 for no powers check) | 410 | // with the powers requested (powers = 0 for no powers check) |
407 | protected bool IsGroupMember(UUID groupID, UUID userID, ulong powers) | 411 | protected bool IsGroupMember(UUID groupID, UUID userID, ulong powers) |
408 | { | 412 | { |
413 | //DateTime t1 = DateTime.Now; | ||
414 | bool result = false; | ||
415 | |||
409 | ScenePresence sp = m_scene.GetScenePresence(userID); | 416 | ScenePresence sp = m_scene.GetScenePresence(userID); |
410 | if (sp != null) | 417 | if (sp != null) |
411 | { | 418 | { |
412 | IClientAPI client = sp.ControllingClient; | 419 | IClientAPI client = sp.ControllingClient; |
413 | 420 | ||
414 | return ((groupID == client.ActiveGroupId) && (client.ActiveGroupPowers != 0) && | 421 | result = ((groupID == client.ActiveGroupId) && (client.ActiveGroupPowers != 0) && |
415 | ((powers == 0) || ((client.ActiveGroupPowers & powers) == powers))); | 422 | ((powers == 0) || ((client.ActiveGroupPowers & powers) == powers))); |
416 | } | 423 | } |
417 | return false; | 424 | |
425 | /* | ||
426 | if (null != m_groupsModule) | ||
427 | { | ||
428 | GroupMembershipData gmd = m_groupsModule.GetMembershipData(groupID, userID); | ||
429 | |||
430 | if (gmd != null) | ||
431 | { | ||
432 | if (((gmd.GroupPowers != 0) && powers == 0) || (gmd.GroupPowers & powers) == powers) | ||
433 | result = true; | ||
434 | } | ||
435 | } | ||
436 | */ | ||
437 | |||
438 | //m_log.DebugFormat("[PERMISSIONS]: Group member check took {0}", (DateTime.Now - t1).TotalMilliseconds); | ||
439 | |||
440 | return result; | ||
418 | } | 441 | } |
419 | 442 | ||
420 | /// <summary> | 443 | /// <summary> |
@@ -704,8 +727,17 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
704 | permission = false; | 727 | permission = false; |
705 | } | 728 | } |
706 | 729 | ||
730 | // m_log.DebugFormat( | ||
731 | // "[PERMISSIONS]: group.GroupID = {0}, part.GroupMask = {1}, isGroupMember = {2} for {3}", | ||
732 | // group.GroupID, | ||
733 | // m_scene.GetSceneObjectPart(objId).GroupMask, | ||
734 | // IsGroupMember(group.GroupID, currentUser, 0), | ||
735 | // currentUser); | ||
736 | |||
707 | // Group members should be able to edit group objects | 737 | // Group members should be able to edit group objects |
708 | if ((group.GroupID != UUID.Zero) && ((m_scene.GetSceneObjectPart(objId).GroupMask & (uint)PermissionMask.Modify) != 0) && IsGroupMember(group.GroupID, currentUser, 0)) | 738 | if ((group.GroupID != UUID.Zero) |
739 | && ((m_scene.GetSceneObjectPart(objId).GroupMask & (uint)PermissionMask.Modify) != 0) | ||
740 | && IsGroupMember(group.GroupID, currentUser, 0)) | ||
709 | { | 741 | { |
710 | // Return immediately, so that the administrator can shares group objects | 742 | // Return immediately, so that the administrator can shares group objects |
711 | return true; | 743 | return true; |
@@ -940,7 +972,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
940 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 972 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
941 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 973 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
942 | 974 | ||
943 | |||
944 | return GenericObjectPermission(editorID, objectID, false); | 975 | return GenericObjectPermission(editorID, objectID, false); |
945 | } | 976 | } |
946 | 977 | ||
@@ -1047,7 +1078,9 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1047 | 1078 | ||
1048 | if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) | 1079 | if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) |
1049 | return false; | 1080 | return false; |
1050 | } else { | 1081 | } |
1082 | else | ||
1083 | { | ||
1051 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | 1084 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) |
1052 | return false; | 1085 | return false; |
1053 | } | 1086 | } |
@@ -1063,7 +1096,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1063 | return false; | 1096 | return false; |
1064 | 1097 | ||
1065 | if (!IsGroupMember(ti.GroupID, user, 0)) | 1098 | if (!IsGroupMember(ti.GroupID, user, 0)) |
1066 | return false; | 1099 | return false; |
1067 | } | 1100 | } |
1068 | 1101 | ||
1069 | // Require full perms | 1102 | // Require full perms |
@@ -1470,14 +1503,16 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1470 | if (part.OwnerID != user) | 1503 | if (part.OwnerID != user) |
1471 | { | 1504 | { |
1472 | if (part.GroupID == UUID.Zero) | 1505 | if (part.GroupID == UUID.Zero) |
1473 | return false; | 1506 | return false; |
1474 | 1507 | ||
1475 | if (!IsGroupMember(part.GroupID, user, 0)) | 1508 | if (!IsGroupMember(part.GroupID, user, 0)) |
1476 | return false; | 1509 | return false; |
1477 | 1510 | ||
1478 | if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) | 1511 | if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) |
1479 | return false; | 1512 | return false; |
1480 | } else { | 1513 | } |
1514 | else | ||
1515 | { | ||
1481 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | 1516 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) |
1482 | return false; | 1517 | return false; |
1483 | } | 1518 | } |
@@ -1732,7 +1767,69 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1732 | return GenericObjectPermission(agentID, prim, false); | 1767 | return GenericObjectPermission(agentID, prim, false); |
1733 | } | 1768 | } |
1734 | 1769 | ||
1735 | private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) { | 1770 | private bool CanUseObjectReturn(ILandObject parcel, uint type, IClientAPI client, List<SceneObjectGroup> retlist, Scene scene) |
1771 | { | ||
1772 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1773 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1774 | |||
1775 | long powers = 0; | ||
1776 | if (parcel.LandData.GroupID != UUID.Zero) | ||
1777 | client.GetGroupPowers(parcel.LandData.GroupID); | ||
1778 | |||
1779 | switch (type) | ||
1780 | { | ||
1781 | case (uint)ObjectReturnType.Owner: | ||
1782 | // Don't let group members return owner's objects, ever | ||
1783 | // | ||
1784 | if (parcel.LandData.IsGroupOwned) | ||
1785 | { | ||
1786 | if ((powers & (long)GroupPowers.ReturnGroupOwned) != 0) | ||
1787 | return true; | ||
1788 | } | ||
1789 | else | ||
1790 | { | ||
1791 | if (parcel.LandData.OwnerID != client.AgentId) | ||
1792 | return false; | ||
1793 | } | ||
1794 | return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnGroupOwned); | ||
1795 | case (uint)ObjectReturnType.Group: | ||
1796 | if (parcel.LandData.OwnerID != client.AgentId) | ||
1797 | { | ||
1798 | // If permissionis granted through a group... | ||
1799 | // | ||
1800 | if ((powers & (long)GroupPowers.ReturnGroupSet) != 0) | ||
1801 | { | ||
1802 | foreach (SceneObjectGroup g in new List<SceneObjectGroup>(retlist)) | ||
1803 | { | ||
1804 | // check for and remove group owned objects unless | ||
1805 | // the user also has permissions to return those | ||
1806 | // | ||
1807 | if (g.OwnerID == g.GroupID && | ||
1808 | ((powers & (long)GroupPowers.ReturnGroupOwned) == 0)) | ||
1809 | { | ||
1810 | retlist.Remove(g); | ||
1811 | } | ||
1812 | } | ||
1813 | // And allow the operation | ||
1814 | // | ||
1815 | return true; | ||
1816 | } | ||
1817 | } | ||
1818 | return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnGroupSet); | ||
1819 | case (uint)ObjectReturnType.Other: | ||
1820 | if ((powers & (long)GroupPowers.ReturnNonGroup) != 0) | ||
1821 | return true; | ||
1822 | return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnNonGroup); | ||
1823 | case (uint)ObjectReturnType.List: | ||
1824 | break; | ||
1825 | } | ||
1826 | |||
1827 | return GenericParcelOwnerPermission(client.AgentId, parcel, 0); | ||
1828 | // Is it correct to be less restrictive for lists of objects to be returned? | ||
1829 | } | ||
1830 | |||
1831 | private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) | ||
1832 | { | ||
1736 | //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); | 1833 | //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); |
1737 | switch (scriptType) { | 1834 | switch (scriptType) { |
1738 | case 0: | 1835 | case 0: |