diff options
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Region/Environment/PermissionManager.cs | 610 |
1 files changed, 305 insertions, 305 deletions
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs index 110a130..cb455f4 100644 --- a/OpenSim/Region/Environment/PermissionManager.cs +++ b/OpenSim/Region/Environment/PermissionManager.cs | |||
@@ -1,305 +1,305 @@ | |||
1 | using System.Collections.Generic; | 1 | using System.Collections.Generic; |
2 | using OpenSim.Framework; | 2 | using OpenSim.Framework; |
3 | using OpenSim.Framework.Types; | 3 | using OpenSim.Framework.Types; |
4 | using OpenSim.Framework.Communications; | 4 | using OpenSim.Framework.Communications; |
5 | using OpenSim.Framework.Servers; | 5 | using OpenSim.Framework.Servers; |
6 | using OpenSim.Region.Capabilities; | 6 | using OpenSim.Region.Capabilities; |
7 | using OpenSim.Region.Environment.Scenes; | 7 | using OpenSim.Region.Environment.Scenes; |
8 | using OpenSim.Region.Environment.LandManagement; | 8 | using OpenSim.Region.Environment.LandManagement; |
9 | 9 | ||
10 | using libsecondlife; | 10 | using libsecondlife; |
11 | 11 | ||
12 | namespace OpenSim.Region.Environment | 12 | namespace OpenSim.Region.Environment |
13 | { | 13 | { |
14 | public class PermissionManager | 14 | public class PermissionManager |
15 | { | 15 | { |
16 | protected Scene m_scene; | 16 | protected Scene m_scene; |
17 | 17 | ||
18 | // Bypasses the permissions engine (always returns OK) | 18 | // Bypasses the permissions engine (always returns OK) |
19 | // disable in any production environment | 19 | // disable in any production environment |
20 | // TODO: Change this to false when permissions are a desired default | 20 | // TODO: Change this to false when permissions are a desired default |
21 | // TODO: Move to configuration option. | 21 | // TODO: Move to configuration option. |
22 | private bool m_bypassPermissions = true; | 22 | private bool m_bypassPermissions = true; |
23 | public bool BypassPermissions | 23 | public bool BypassPermissions |
24 | { | 24 | { |
25 | get { return m_bypassPermissions; } | 25 | get { return m_bypassPermissions; } |
26 | set { m_bypassPermissions = value; } | 26 | set { m_bypassPermissions = value; } |
27 | } | 27 | } |
28 | 28 | ||
29 | 29 | ||
30 | public PermissionManager(Scene scene) | 30 | public PermissionManager(Scene scene) |
31 | { | 31 | { |
32 | m_scene = scene; | 32 | m_scene = scene; |
33 | } | 33 | } |
34 | 34 | ||
35 | protected virtual void SendPermissionError(LLUUID user, string reason) | 35 | protected virtual void SendPermissionError(LLUUID user, string reason) |
36 | { | 36 | { |
37 | m_scene.EventManager.TriggerPermissionError(user, reason); | 37 | m_scene.EventManager.TriggerPermissionError(user, reason); |
38 | } | 38 | } |
39 | 39 | ||
40 | protected virtual bool IsAdministrator(LLUUID user) | 40 | protected virtual bool IsAdministrator(LLUUID user) |
41 | { | 41 | { |
42 | if (m_bypassPermissions) | 42 | if (m_bypassPermissions) |
43 | { | 43 | { |
44 | return true; | 44 | return true; |
45 | } | 45 | } |
46 | 46 | ||
47 | return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; | 47 | return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; |
48 | } | 48 | } |
49 | 49 | ||
50 | protected virtual bool IsEstateManager(LLUUID user) | 50 | protected virtual bool IsEstateManager(LLUUID user) |
51 | { | 51 | { |
52 | if (m_bypassPermissions) | 52 | if (m_bypassPermissions) |
53 | { | 53 | { |
54 | return true; | 54 | return true; |
55 | } | 55 | } |
56 | 56 | ||
57 | return false; | 57 | return false; |
58 | } | 58 | } |
59 | 59 | ||
60 | protected virtual bool IsGridUser(LLUUID user) | 60 | protected virtual bool IsGridUser(LLUUID user) |
61 | { | 61 | { |
62 | return true; | 62 | return true; |
63 | } | 63 | } |
64 | 64 | ||
65 | protected virtual bool IsGuest(LLUUID user) | 65 | protected virtual bool IsGuest(LLUUID user) |
66 | { | 66 | { |
67 | return false; | 67 | return false; |
68 | } | 68 | } |
69 | 69 | ||
70 | public virtual bool CanRezObject(LLUUID user, LLVector3 position) | 70 | public virtual bool CanRezObject(LLUUID user, LLVector3 position) |
71 | { | 71 | { |
72 | bool permission = false; | 72 | bool permission = false; |
73 | 73 | ||
74 | string reason = "Insufficient permission"; | 74 | string reason = "Insufficient permission"; |
75 | 75 | ||
76 | if (IsAdministrator(user)) | 76 | if (IsAdministrator(user)) |
77 | { | 77 | { |
78 | permission = true; | 78 | permission = true; |
79 | } | 79 | } |
80 | else | 80 | else |
81 | { | 81 | { |
82 | reason = "Not an administrator"; | 82 | reason = "Not an administrator"; |
83 | } | 83 | } |
84 | 84 | ||
85 | if (GenericParcelPermission(user, position)) | 85 | if (GenericParcelPermission(user, position)) |
86 | { | 86 | { |
87 | permission = true; | 87 | permission = true; |
88 | } | 88 | } |
89 | else | 89 | else |
90 | { | 90 | { |
91 | reason = "Not the parcel owner"; | 91 | reason = "Not the parcel owner"; |
92 | } | 92 | } |
93 | 93 | ||
94 | if (!permission) | 94 | if (!permission) |
95 | SendPermissionError(user, reason); | 95 | SendPermissionError(user, reason); |
96 | 96 | ||
97 | return permission; | 97 | return permission; |
98 | } | 98 | } |
99 | 99 | ||
100 | #region Object Permissions | 100 | #region Object Permissions |
101 | 101 | ||
102 | protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId) | 102 | protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId) |
103 | { | 103 | { |
104 | // Default: deny | 104 | // Default: deny |
105 | bool permission = false; | 105 | bool permission = false; |
106 | 106 | ||
107 | if( !m_scene.Entities.ContainsKey( objId )) | 107 | if( !m_scene.Entities.ContainsKey( objId )) |
108 | { | 108 | { |
109 | return false; | 109 | return false; |
110 | } | 110 | } |
111 | 111 | ||
112 | // If it's not an object, we cant edit it. | 112 | // If it's not an object, we cant edit it. |
113 | if (!(m_scene.Entities[objId] is SceneObjectGroup)) | 113 | if (!(m_scene.Entities[objId] is SceneObjectGroup)) |
114 | { | 114 | { |
115 | return false; | 115 | return false; |
116 | } | 116 | } |
117 | 117 | ||
118 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objId]; | 118 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objId]; |
119 | LLUUID taskOwner = null; | 119 | LLUUID taskOwner = null; |
120 | 120 | ||
121 | // Object owners should be able to edit their own content | 121 | // Object owners should be able to edit their own content |
122 | if (user == taskOwner) | 122 | if (user == taskOwner) |
123 | permission = true; | 123 | permission = true; |
124 | 124 | ||
125 | // Users should be able to edit what is over their land. | 125 | // Users should be able to edit what is over their land. |
126 | if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID == user) | 126 | if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID == user) |
127 | permission = true; | 127 | permission = true; |
128 | 128 | ||
129 | // Estate users should be able to edit anything in the sim | 129 | // Estate users should be able to edit anything in the sim |
130 | if (IsEstateManager(user)) | 130 | if (IsEstateManager(user)) |
131 | permission = true; | 131 | permission = true; |
132 | 132 | ||
133 | // Admin objects should not be editable by the above | 133 | // Admin objects should not be editable by the above |
134 | if (IsAdministrator(taskOwner)) | 134 | if (IsAdministrator(taskOwner)) |
135 | permission = false; | 135 | permission = false; |
136 | 136 | ||
137 | // Admin should be able to edit anything in the sim (including admin objects) | 137 | // Admin should be able to edit anything in the sim (including admin objects) |
138 | if (IsAdministrator(user)) | 138 | if (IsAdministrator(user)) |
139 | permission = true; | 139 | permission = true; |
140 | 140 | ||
141 | return permission; | 141 | return permission; |
142 | } | 142 | } |
143 | 143 | ||
144 | /// <summary> | 144 | /// <summary> |
145 | /// Permissions check - can user delete an object? | 145 | /// Permissions check - can user delete an object? |
146 | /// </summary> | 146 | /// </summary> |
147 | /// <param name="user">User attempting the delete</param> | 147 | /// <param name="user">User attempting the delete</param> |
148 | /// <param name="obj">Target object</param> | 148 | /// <param name="obj">Target object</param> |
149 | /// <returns>Has permission?</returns> | 149 | /// <returns>Has permission?</returns> |
150 | public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) | 150 | public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) |
151 | { | 151 | { |
152 | return GenericObjectPermission(user, obj); | 152 | return GenericObjectPermission(user, obj); |
153 | } | 153 | } |
154 | 154 | ||
155 | public virtual bool CanEditObject(LLUUID user, LLUUID obj) | 155 | public virtual bool CanEditObject(LLUUID user, LLUUID obj) |
156 | { | 156 | { |
157 | return GenericObjectPermission(user, obj); | 157 | return GenericObjectPermission(user, obj); |
158 | } | 158 | } |
159 | 159 | ||
160 | public virtual bool CanReturnObject(LLUUID user, LLUUID obj) | 160 | public virtual bool CanReturnObject(LLUUID user, LLUUID obj) |
161 | { | 161 | { |
162 | return GenericObjectPermission(user, obj); | 162 | return GenericObjectPermission(user, obj); |
163 | } | 163 | } |
164 | 164 | ||
165 | #endregion | 165 | #endregion |
166 | 166 | ||
167 | #region Communication Permissions | 167 | #region Communication Permissions |
168 | 168 | ||
169 | public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) | 169 | public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) |
170 | { | 170 | { |
171 | bool permission = false; | 171 | bool permission = false; |
172 | string reason = "Only registered users may communicate with another account."; | 172 | string reason = "Only registered users may communicate with another account."; |
173 | 173 | ||
174 | if (IsGridUser(user)) | 174 | if (IsGridUser(user)) |
175 | permission = true; | 175 | permission = true; |
176 | 176 | ||
177 | if (!IsGridUser(user)) | 177 | if (!IsGridUser(user)) |
178 | { | 178 | { |
179 | permission = false; | 179 | permission = false; |
180 | reason = "The person that you are messaging is not a registered user."; | 180 | reason = "The person that you are messaging is not a registered user."; |
181 | } | 181 | } |
182 | if (IsAdministrator(user)) | 182 | if (IsAdministrator(user)) |
183 | permission = true; | 183 | permission = true; |
184 | 184 | ||
185 | if (IsEstateManager(user)) | 185 | if (IsEstateManager(user)) |
186 | permission = true; | 186 | permission = true; |
187 | 187 | ||
188 | if (!permission) | 188 | if (!permission) |
189 | SendPermissionError(user, reason); | 189 | SendPermissionError(user, reason); |
190 | 190 | ||
191 | return permission; | 191 | return permission; |
192 | } | 192 | } |
193 | 193 | ||
194 | public virtual bool CanInstantMessage(LLUUID user, LLUUID target) | 194 | public virtual bool CanInstantMessage(LLUUID user, LLUUID target) |
195 | { | 195 | { |
196 | return GenericCommunicationPermission(user, target); | 196 | return GenericCommunicationPermission(user, target); |
197 | } | 197 | } |
198 | 198 | ||
199 | public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) | 199 | public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) |
200 | { | 200 | { |
201 | return GenericCommunicationPermission(user, target); | 201 | return GenericCommunicationPermission(user, target); |
202 | } | 202 | } |
203 | 203 | ||
204 | #endregion | 204 | #endregion |
205 | 205 | ||
206 | public virtual bool CanEditScript(LLUUID user, LLUUID script) | 206 | public virtual bool CanEditScript(LLUUID user, LLUUID script) |
207 | { | 207 | { |
208 | return IsAdministrator(user); | 208 | return IsAdministrator(user); |
209 | } | 209 | } |
210 | 210 | ||
211 | public virtual bool CanRunScript(LLUUID user, LLUUID script) | 211 | public virtual bool CanRunScript(LLUUID user, LLUUID script) |
212 | { | 212 | { |
213 | return IsAdministrator(user); | 213 | return IsAdministrator(user); |
214 | } | 214 | } |
215 | 215 | ||
216 | public virtual bool CanTerraform(LLUUID user, LLVector3 position) | 216 | public virtual bool CanTerraform(LLUUID user, LLVector3 position) |
217 | { | 217 | { |
218 | bool permission = false; | 218 | bool permission = false; |
219 | 219 | ||
220 | // Estate override | 220 | // Estate override |
221 | if (GenericEstatePermission(user)) | 221 | if (GenericEstatePermission(user)) |
222 | permission = true; | 222 | permission = true; |
223 | 223 | ||
224 | // Land owner can terraform too | 224 | // Land owner can terraform too |
225 | if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) | 225 | if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) |
226 | permission = true; | 226 | permission = true; |
227 | 227 | ||
228 | if (!permission) | 228 | if (!permission) |
229 | SendPermissionError(user, "Not authorized to terraform at this location."); | 229 | SendPermissionError(user, "Not authorized to terraform at this location."); |
230 | 230 | ||
231 | return permission; | 231 | return permission; |
232 | } | 232 | } |
233 | 233 | ||
234 | #region Estate Permissions | 234 | #region Estate Permissions |
235 | 235 | ||
236 | protected virtual bool GenericEstatePermission(LLUUID user) | 236 | protected virtual bool GenericEstatePermission(LLUUID user) |
237 | { | 237 | { |
238 | // Default: deny | 238 | // Default: deny |
239 | bool permission = false; | 239 | bool permission = false; |
240 | 240 | ||
241 | // Estate admins should be able to use estate tools | 241 | // Estate admins should be able to use estate tools |
242 | if (IsEstateManager(user)) | 242 | if (IsEstateManager(user)) |
243 | permission = true; | 243 | permission = true; |
244 | 244 | ||
245 | // Administrators always have permission | 245 | // Administrators always have permission |
246 | if (IsAdministrator(user)) | 246 | if (IsAdministrator(user)) |
247 | permission = true; | 247 | permission = true; |
248 | 248 | ||
249 | return permission; | 249 | return permission; |
250 | } | 250 | } |
251 | 251 | ||
252 | public virtual bool CanEditEstateTerrain(LLUUID user) | 252 | public virtual bool CanEditEstateTerrain(LLUUID user) |
253 | { | 253 | { |
254 | return GenericEstatePermission(user); | 254 | return GenericEstatePermission(user); |
255 | } | 255 | } |
256 | 256 | ||
257 | #endregion | 257 | #endregion |
258 | 258 | ||
259 | #region Parcel Permissions | 259 | #region Parcel Permissions |
260 | 260 | ||
261 | protected virtual bool GenericParcelPermission(LLUUID user, Land parcel) | 261 | protected virtual bool GenericParcelPermission(LLUUID user, Land parcel) |
262 | { | 262 | { |
263 | bool permission = false; | 263 | bool permission = false; |
264 | 264 | ||
265 | if (parcel.landData.ownerID == user) | 265 | if (parcel.landData.ownerID == user) |
266 | permission = true; | 266 | permission = true; |
267 | 267 | ||
268 | if (parcel.landData.isGroupOwned) | 268 | if (parcel.landData.isGroupOwned) |
269 | { | 269 | { |
270 | // TODO: Need to do some extra checks here. Requires group code. | 270 | // TODO: Need to do some extra checks here. Requires group code. |
271 | } | 271 | } |
272 | 272 | ||
273 | if(IsEstateManager(user)) | 273 | if(IsEstateManager(user)) |
274 | permission = true; | 274 | permission = true; |
275 | 275 | ||
276 | if (IsAdministrator(user)) | 276 | if (IsAdministrator(user)) |
277 | permission = true; | 277 | permission = true; |
278 | 278 | ||
279 | return permission; | 279 | return permission; |
280 | } | 280 | } |
281 | 281 | ||
282 | protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) | 282 | protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) |
283 | { | 283 | { |
284 | return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); | 284 | return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); |
285 | } | 285 | } |
286 | 286 | ||
287 | public virtual bool CanEditParcel(LLUUID user, Land parcel) | 287 | public virtual bool CanEditParcel(LLUUID user, Land parcel) |
288 | { | 288 | { |
289 | return GenericParcelPermission(user, parcel); | 289 | return GenericParcelPermission(user, parcel); |
290 | } | 290 | } |
291 | 291 | ||
292 | public virtual bool CanSellParcel(LLUUID user, Land parcel) | 292 | public virtual bool CanSellParcel(LLUUID user, Land parcel) |
293 | { | 293 | { |
294 | return GenericParcelPermission(user, parcel); | 294 | return GenericParcelPermission(user, parcel); |
295 | } | 295 | } |
296 | 296 | ||
297 | public virtual bool CanAbandonParcel(LLUUID user, Land parcel) | 297 | public virtual bool CanAbandonParcel(LLUUID user, Land parcel) |
298 | { | 298 | { |
299 | return GenericParcelPermission(user, parcel); | 299 | return GenericParcelPermission(user, parcel); |
300 | } | 300 | } |
301 | 301 | ||
302 | #endregion | 302 | #endregion |
303 | 303 | ||
304 | } | 304 | } |
305 | } | 305 | } |