2 files changed, 121 insertions, 72 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
index abaec43..b260062 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
@@ -12899,8 +12899,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
        public LSL_Key llRequestSimulatorData(string simulator, int data)
        {
-            IOSSL_Api ossl = (IOSSL_Api)m_ScriptEngine.GetApi(m_item.ItemID, "OSSL");
            try
            {
                m_host.AddScriptLPS(1);
@@ -12980,8 +12978,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
                            reply = "UNKNOWN";
                        break;
                    case ScriptBaseClass.DATA_SIM_RELEASE:
-                        if (ossl != null)
-                            ossl.CheckThreatLevel(ThreatLevel.High, "llRequestSimulatorData");
                        reply = "OpenSim";
                        break;
                    default:
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index 4abd2f1..d1f4ae6 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -112,18 +112,31 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
    //            modification of user data, or allows the compromise of
    //            sensitive data by design.
+    // flags functions threat control
+    public enum AllowedControlFlags : int
+    {
+        NONE                = 0,
+        PARCEL_OWNER        = 1,
+        PARCEL_GROUP_MEMBER = 1 << 1,
+        ESTATE_MANAGER      = 1 << 2,
+        ESTATE_OWNER        = 1 << 3,
+        ACTIVE_GOD          = 1 << 4,
+        GOD                 = 1 << 5,
+        GRID_GOD            = 1 << 6,
+        // internal
+        THREATLEVEL         = 1 << 28,
+        OWNERUUID           = 1 << 29,
+        CREATORUUID         = 1 << 30,
+        //int thingie       = 1 << 31,
+        ALL = 0x0FFFFFFF
+    }
    class FunctionPerms
    {
        public List<UUID> AllowedCreators;
        public List<UUID> AllowedOwners;
-        public List<string> AllowedOwnerClasses;
+        public AllowedControlFlags AllowedControl = AllowedControlFlags.NONE;
-        public FunctionPerms()
-        {
-            AllowedCreators = new List<UUID>();
-            AllowedOwners = new List<UUID>();
-            AllowedOwnerClasses = new List<string>();
-        }
    }
    [Serializable]
@@ -311,102 +324,141 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
                    throw new ScriptException("OSSL Permission Error: " + reasonWhyNot);
            }
        }
-            // Check to see if function is allowed. Returns an empty string if function permitted
-            //     or a string explaining why this function can't be used.
+        // Check to see if function is allowed. Returns an empty string if function permitted
+        //     or a string explaining why this function can't be used.
        private string CheckThreatLevelTest(ThreatLevel level, string function)
        {
-            if (!m_FunctionPerms.ContainsKey(function))
+            FunctionPerms perms;
+            if (!m_FunctionPerms.TryGetValue(function, out perms))
            {
-                FunctionPerms perms = new FunctionPerms();
+                perms = new FunctionPerms();
                m_FunctionPerms[function] = perms;
                string ownerPerm = m_osslconfig.GetString("Allow_" + function, "");
                string creatorPerm = m_osslconfig.GetString("Creators_" + function, "");
-                if (ownerPerm == "" && creatorPerm == "")
+                if (string.IsNullOrWhiteSpace(ownerPerm) && string.IsNullOrWhiteSpace(creatorPerm))
                {
-                    // Default behavior
+                    // Default Threat level check
-                    perms.AllowedOwners = null;
+                    perms.AllowedControl = AllowedControlFlags.THREATLEVEL;
-                    perms.AllowedCreators = null;
-                    perms.AllowedOwnerClasses = null;
                }
                else
                {
-                    bool allowed;
+                    if (bool.TryParse(ownerPerm, out bool allowed))
-                    if (bool.TryParse(ownerPerm, out allowed))
                    {
                        // Boolean given
                        if (allowed)
                        {
                            // Allow globally
-                            perms.AllowedOwners.Add(UUID.Zero);
+                            perms.AllowedControl = AllowedControlFlags.ALL;
                        }
+                        // false is fallback 
                    }
                    else
                    {
-                        string[] ids = ownerPerm.Split(new char[] {','});
+                        string[] ids;
-                        foreach (string id in ids)
+                        if (!string.IsNullOrWhiteSpace(ownerPerm))
                        {
-                            string current = id.Trim();
+                            ids = ownerPerm.Split(new char[] {','});
-                            if (current.ToUpper() == "PARCEL_GROUP_MEMBER" || current.ToUpper() == "PARCEL_OWNER" || current.ToUpper() == "ESTATE_MANAGER" || current.ToUpper() == "ESTATE_OWNER" || current.ToUpper() == "ACTIVE_GOD" || current.ToUpper() == "GRID_GOD" || current.ToUpper() == "GOD")
+                            foreach (string id in ids)
-                            {
-                                if (!perms.AllowedOwnerClasses.Contains(current))
-                                    perms.AllowedOwnerClasses.Add(current.ToUpper());
-                            }
-                            else
                            {
-                                UUID uuid;
+                                string current = id.Trim();
+                                current = current.ToUpper();
-                                if (UUID.TryParse(current, out uuid))
+                                switch(current)
                                {
-                                    if (uuid != UUID.Zero)
+                                    case "":
-                                        perms.AllowedOwners.Add(uuid);
+                                        break;
+                                    case "PARCEL_OWNER":
+                                        perms.AllowedControl |= AllowedControlFlags.PARCEL_OWNER;
+                                        break;
+                                    case "PARCEL_GROUP_MEMBER":
+                                        perms.AllowedControl |= AllowedControlFlags.PARCEL_GROUP_MEMBER;
+                                        break;
+                                    case "ESTATE_MANAGER":
+                                        perms.AllowedControl |= AllowedControlFlags.ESTATE_MANAGER;
+                                        break;
+                                    case "ESTATE_OWNER":
+                                        perms.AllowedControl |= AllowedControlFlags.ESTATE_OWNER;
+                                        break;
+                                    case "ACTIVE_GOD":
+                                        perms.AllowedControl |= AllowedControlFlags.ACTIVE_GOD;
+                                        break;
+                                    case "GOD":
+                                        perms.AllowedControl |= AllowedControlFlags.GOD;
+                                        break;
+                                    case "GRID_GOD":
+                                        perms.AllowedControl |= AllowedControlFlags.GRID_GOD;
+                                        break;
+                                    default:
+                                    {
+                                        if (UUID.TryParse(current, out UUID uuid))
+                                        {
+                                            if (uuid != UUID.Zero)
+                                            {
+                                                if (perms.AllowedOwners == null)
+                                                    perms.AllowedOwners = new List<UUID>();
+                                                perms.AllowedControl |= AllowedControlFlags.OWNERUUID;
+                                                perms.AllowedOwners.Add(uuid);
+                                            }
+                                        }
+                                        else
+                                        {
+                                            m_log.WarnFormat("[OSSLENABLE]: error parsing line {0}", ownerPerm);
+                                        }
+                                        break;
+                                    }
                                }
                            }
                        }
-                        ids = creatorPerm.Split(new char[] {','});
+                        if (!string.IsNullOrWhiteSpace(creatorPerm))
-                        foreach (string id in ids)
                        {
-                            string current = id.Trim();
+                            ids = creatorPerm.Split(new char[] {','});
-                            UUID uuid;
+                            foreach (string id in ids)
-                            if (UUID.TryParse(current, out uuid))
                            {
-                                if (uuid != UUID.Zero)
+                                string current = id.Trim();
-                                    perms.AllowedCreators.Add(uuid);
+                                if (UUID.TryParse(current, out UUID uuid))
+                                {
+                                    if (uuid != UUID.Zero)
+                                    {
+                                        if (perms.AllowedCreators == null)
+                                            perms.AllowedCreators = new List<UUID>();
+                                        perms.AllowedControl |= AllowedControlFlags.CREATORUUID;
+                                        perms.AllowedCreators.Add(uuid);
+                                    }
+                                }
+                                else
+                                {
+                                    m_log.WarnFormat("[OSSLENABLE]: error parsing line {0}", creatorPerm);
+                                }
                            }
                        }
+                        // both empty fallback as disabled
                    }
                }
            }
-            // If the list is null, then the value was true / undefined
+            AllowedControlFlags functionControl = perms.AllowedControl;
-            // Threat level governs permissions in this case
-            //
+            if (functionControl == AllowedControlFlags.THREATLEVEL)
-            // If the list is non-null, then it is a list of UUIDs allowed
-            // to use that particular function. False causes an empty
-            // list and therefore means "no one"
-            //
-            // To allow use by anyone, the list contains UUID.Zero
-            //
-            if (m_FunctionPerms[function].AllowedOwners == null)
            {
                // Allow / disallow by threat level
-                if (level > m_MaxThreatLevel)
+                if (level <= m_MaxThreatLevel)
                    return String.Empty;
                return String.Format(
                            "{0} permission denied.  Allowed threat level is {1} but function threat level is {2}.",
                            function, m_MaxThreatLevel, level);
            }
-            if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0)
+            if (functionControl == 0)
                return String.Format("{0} disabled in region configuration", function);
-            if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed
+            if (functionControl == AllowedControlFlags.ALL)
                return String.Empty;
-            if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
+            if (((functionControl & AllowedControlFlags.OWNERUUID) != 0) && perms.AllowedOwners.Contains(m_host.OwnerID))
            {
                // prim owner is in the list of allowed owners
                return String.Empty;
@@ -414,11 +466,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            UUID ownerID = m_item.OwnerID;
-            //Only Parcelowners may use the function
+            if ((functionControl & AllowedControlFlags.PARCEL_OWNER) != 0)
-            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
            {
                ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
                if (land.LandData.OwnerID == ownerID)
                {
                    return String.Empty;
@@ -426,10 +476,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            }
            //OSSL only may be used if object is in the same group as the parcel
-            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
+            if ((functionControl & AllowedControlFlags.PARCEL_GROUP_MEMBER) != 0)
            {
                ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
                if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
                {
                    return String.Empty;
@@ -437,7 +486,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            }
            //Only Estate Managers may use the function
-            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
+            if ((functionControl & AllowedControlFlags.ESTATE_MANAGER) != 0)
            {
                //Only Estate Managers may use the function
                if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
@@ -447,7 +496,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            }
            //Only regionowners may use the function
-            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
+            if ((functionControl & AllowedControlFlags.ESTATE_OWNER) != 0)
            {
                if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
                {
@@ -456,7 +505,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            }
            //Only grid gods may use the function
-            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))
+            if ((functionControl & AllowedControlFlags.GRID_GOD) != 0)
            {
                if (World.Permissions.IsGridGod(ownerID))
                {
@@ -465,7 +514,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            }
            //Any god may use the function
-            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))
+            if ((functionControl & AllowedControlFlags.GOD) != 0)
            {
                if (World.Permissions.IsAdministrator(ownerID))
                {
@@ -474,7 +523,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            }
            //Only active gods may use the function
-            if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))
+            if ((functionControl & AllowedControlFlags.ACTIVE_GOD) != 0)
            {
                ScenePresence sp = World.GetScenePresence(ownerID);
                if (sp != null && !sp.IsDeleted && sp.IsGod)
@@ -483,7 +532,11 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
                }
            }
-            if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))
+            // else if no creators its denied
+            if((functionControl & AllowedControlFlags.CREATORUUID) == 0)
+                return String.Format("{0} permission denied.", function);
+            if (!perms.AllowedCreators.Contains(m_item.CreatorID))
                return(
                    String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
                    function));

diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs index abaec43..b260062 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/LSL_Api.cs
@@ -12899,8 +12899,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
12899		12899
12900	public LSL_Key llRequestSimulatorData(string simulator, int data)	12900	public LSL_Key llRequestSimulatorData(string simulator, int data)
12901	{	12901	{
12902	IOSSL_Api ossl = (IOSSL_Api)m_ScriptEngine.GetApi(m_item.ItemID, "OSSL");
12903
12904	try	12902	try
12905	{	12903	{
12906	m_host.AddScriptLPS(1);	12904	m_host.AddScriptLPS(1);
@@ -12980,8 +12978,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
12980	reply = "UNKNOWN";	12978	reply = "UNKNOWN";
12981	break;	12979	break;
12982	case ScriptBaseClass.DATA_SIM_RELEASE:	12980	case ScriptBaseClass.DATA_SIM_RELEASE:
12983	if (ossl != null)
12984	ossl.CheckThreatLevel(ThreatLevel.High, "llRequestSimulatorData");
12985	reply = "OpenSim";	12981	reply = "OpenSim";
12986	break;	12982	break;
12987	default:	12983	default:


diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index 4abd2f1..d1f4ae6 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -112,18 +112,31 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
112	// modification of user data, or allows the compromise of	112	// modification of user data, or allows the compromise of
113	// sensitive data by design.	113	// sensitive data by design.
114		114
		115	// flags functions threat control
		116	public enum AllowedControlFlags : int
		117	{
		118	NONE = 0,
		119	PARCEL_OWNER = 1,
		120	PARCEL_GROUP_MEMBER = 1 << 1,
		121	ESTATE_MANAGER = 1 << 2,
		122	ESTATE_OWNER = 1 << 3,
		123	ACTIVE_GOD = 1 << 4,
		124	GOD = 1 << 5,
		125	GRID_GOD = 1 << 6,
		126
		127	// internal
		128	THREATLEVEL = 1 << 28,
		129	OWNERUUID = 1 << 29,
		130	CREATORUUID = 1 << 30,
		131	//int thingie = 1 << 31,
		132	ALL = 0x0FFFFFFF
		133	}
		134
115	class FunctionPerms	135	class FunctionPerms
116	{	136	{
117	public List<UUID> AllowedCreators;	137	public List<UUID> AllowedCreators;
118	public List<UUID> AllowedOwners;	138	public List<UUID> AllowedOwners;
119	public List<string> AllowedOwnerClasses;	139	public AllowedControlFlags AllowedControl = AllowedControlFlags.NONE;
120
121	public FunctionPerms()
122	{
123	AllowedCreators = new List<UUID>();
124	AllowedOwners = new List<UUID>();
125	AllowedOwnerClasses = new List<string>();
126	}
127	}	140	}
128		141
129	[Serializable]	142	[Serializable]
@@ -311,102 +324,141 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
311	throw new ScriptException("OSSL Permission Error: " + reasonWhyNot);	324	throw new ScriptException("OSSL Permission Error: " + reasonWhyNot);
312	}	325	}
313	}	326	}
314	// Check to see if function is allowed. Returns an empty string if function permitted	327
315	// or a string explaining why this function can't be used.	328	// Check to see if function is allowed. Returns an empty string if function permitted
		329	// or a string explaining why this function can't be used.
316	private string CheckThreatLevelTest(ThreatLevel level, string function)	330	private string CheckThreatLevelTest(ThreatLevel level, string function)
317	{	331	{
318	if (!m_FunctionPerms.ContainsKey(function))	332	FunctionPerms perms;
		333	if (!m_FunctionPerms.TryGetValue(function, out perms))
319	{	334	{
320	FunctionPerms perms = new FunctionPerms();	335	perms = new FunctionPerms();
321	m_FunctionPerms[function] = perms;	336	m_FunctionPerms[function] = perms;
322		337
323	string ownerPerm = m_osslconfig.GetString("Allow_" + function, "");	338	string ownerPerm = m_osslconfig.GetString("Allow_" + function, "");
324	string creatorPerm = m_osslconfig.GetString("Creators_" + function, "");	339	string creatorPerm = m_osslconfig.GetString("Creators_" + function, "");
325	if (ownerPerm == "" && creatorPerm == "")	340	if (string.IsNullOrWhiteSpace(ownerPerm) && string.IsNullOrWhiteSpace(creatorPerm))
326	{	341	{
327	// Default behavior	342	// Default Threat level check
328	perms.AllowedOwners = null;	343	perms.AllowedControl = AllowedControlFlags.THREATLEVEL;
329	perms.AllowedCreators = null;
330	perms.AllowedOwnerClasses = null;
331	}	344	}
332	else	345	else
333	{	346	{
334	bool allowed;	347	if (bool.TryParse(ownerPerm, out bool allowed))
335
336	if (bool.TryParse(ownerPerm, out allowed))
337	{	348	{
338	// Boolean given	349	// Boolean given
339	if (allowed)	350	if (allowed)
340	{	351	{
341	// Allow globally	352	// Allow globally
342	perms.AllowedOwners.Add(UUID.Zero);	353	perms.AllowedControl = AllowedControlFlags.ALL;
343	}	354	}
		355	// false is fallback
344	}	356	}
345	else	357	else
346	{	358	{
347	string[] ids = ownerPerm.Split(new char[] {','});	359	string[] ids;
348	foreach (string id in ids)	360	if (!string.IsNullOrWhiteSpace(ownerPerm))
349	{	361	{
350	string current = id.Trim();	362	ids = ownerPerm.Split(new char[] {','});
351	if (current.ToUpper() == "PARCEL_GROUP_MEMBER" \|\| current.ToUpper() == "PARCEL_OWNER" \|\| current.ToUpper() == "ESTATE_MANAGER" \|\| current.ToUpper() == "ESTATE_OWNER" \|\| current.ToUpper() == "ACTIVE_GOD" \|\| current.ToUpper() == "GRID_GOD" \|\| current.ToUpper() == "GOD")	363	foreach (string id in ids)
352	{
353	if (!perms.AllowedOwnerClasses.Contains(current))
354	perms.AllowedOwnerClasses.Add(current.ToUpper());
355	}
356	else
357	{	364	{
358	UUID uuid;	365	string current = id.Trim();
359		366	current = current.ToUpper();
360	if (UUID.TryParse(current, out uuid))	367	switch(current)
361	{	368	{
362	if (uuid != UUID.Zero)	369	case "":
363	perms.AllowedOwners.Add(uuid);	370	break;
		371	case "PARCEL_OWNER":
		372	perms.AllowedControl \|= AllowedControlFlags.PARCEL_OWNER;
		373	break;
		374	case "PARCEL_GROUP_MEMBER":
		375	perms.AllowedControl \|= AllowedControlFlags.PARCEL_GROUP_MEMBER;
		376	break;
		377	case "ESTATE_MANAGER":
		378	perms.AllowedControl \|= AllowedControlFlags.ESTATE_MANAGER;
		379	break;
		380	case "ESTATE_OWNER":
		381	perms.AllowedControl \|= AllowedControlFlags.ESTATE_OWNER;
		382	break;
		383	case "ACTIVE_GOD":
		384	perms.AllowedControl \|= AllowedControlFlags.ACTIVE_GOD;
		385	break;
		386	case "GOD":
		387	perms.AllowedControl \|= AllowedControlFlags.GOD;
		388	break;
		389	case "GRID_GOD":
		390	perms.AllowedControl \|= AllowedControlFlags.GRID_GOD;
		391	break;
		392	default:
		393	{
		394	if (UUID.TryParse(current, out UUID uuid))
		395	{
		396	if (uuid != UUID.Zero)
		397	{
		398	if (perms.AllowedOwners == null)
		399	perms.AllowedOwners = new List<UUID>();
		400	perms.AllowedControl \|= AllowedControlFlags.OWNERUUID;
		401	perms.AllowedOwners.Add(uuid);
		402	}
		403	}
		404	else
		405	{
		406	m_log.WarnFormat("[OSSLENABLE]: error parsing line {0}", ownerPerm);
		407	}
		408
		409	break;
		410	}
364	}	411	}
365	}	412	}
366	}	413	}
367		414
368	ids = creatorPerm.Split(new char[] {','});	415	if (!string.IsNullOrWhiteSpace(creatorPerm))
369	foreach (string id in ids)
370	{	416	{
371	string current = id.Trim();	417	ids = creatorPerm.Split(new char[] {','});
372	UUID uuid;	418	foreach (string id in ids)
373
374	if (UUID.TryParse(current, out uuid))
375	{	419	{
376	if (uuid != UUID.Zero)	420	string current = id.Trim();
377	perms.AllowedCreators.Add(uuid);	421	if (UUID.TryParse(current, out UUID uuid))
		422	{
		423	if (uuid != UUID.Zero)
		424	{
		425	if (perms.AllowedCreators == null)
		426	perms.AllowedCreators = new List<UUID>();
		427	perms.AllowedControl \|= AllowedControlFlags.CREATORUUID;
		428	perms.AllowedCreators.Add(uuid);
		429	}
		430	}
		431	else
		432	{
		433	m_log.WarnFormat("[OSSLENABLE]: error parsing line {0}", creatorPerm);
		434	}
378	}	435	}
379	}	436	}
		437	// both empty fallback as disabled
380	}	438	}
381	}	439	}
382	}	440	}
383		441
384	// If the list is null, then the value was true / undefined	442	AllowedControlFlags functionControl = perms.AllowedControl;
385	// Threat level governs permissions in this case	443
386	//	444	if (functionControl == AllowedControlFlags.THREATLEVEL)
387	// If the list is non-null, then it is a list of UUIDs allowed
388	// to use that particular function. False causes an empty
389	// list and therefore means "no one"
390	//
391	// To allow use by anyone, the list contains UUID.Zero
392	//
393	if (m_FunctionPerms[function].AllowedOwners == null)
394	{	445	{
395	// Allow / disallow by threat level	446	// Allow / disallow by threat level
396	if (level > m_MaxThreatLevel)	447	if (level <= m_MaxThreatLevel)
397	return String.Empty;	448	return String.Empty;
		449
398	return String.Format(	450	return String.Format(
399	"{0} permission denied. Allowed threat level is {1} but function threat level is {2}.",	451	"{0} permission denied. Allowed threat level is {1} but function threat level is {2}.",
400	function, m_MaxThreatLevel, level);	452	function, m_MaxThreatLevel, level);
401	}	453	}
402		454
403	if(m_FunctionPerms[function].AllowedOwners.Count == 0 && m_FunctionPerms[function].AllowedCreators.Count == 0)	455	if (functionControl == 0)
404	return String.Format("{0} disabled in region configuration", function);	456	return String.Format("{0} disabled in region configuration", function);
405		457
406	if (m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero)) // always allowed	458	if (functionControl == AllowedControlFlags.ALL)
407	return String.Empty;	459	return String.Empty;
408		460
409	if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))	461	if (((functionControl & AllowedControlFlags.OWNERUUID) != 0) && perms.AllowedOwners.Contains(m_host.OwnerID))
410	{	462	{
411	// prim owner is in the list of allowed owners	463	// prim owner is in the list of allowed owners
412	return String.Empty;	464	return String.Empty;
@@ -414,11 +466,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
414		466
415	UUID ownerID = m_item.OwnerID;	467	UUID ownerID = m_item.OwnerID;
416		468
417	//Only Parcelowners may use the function	469	if ((functionControl & AllowedControlFlags.PARCEL_OWNER) != 0)
418	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
419	{	470	{
420	ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);	471	ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
421
422	if (land.LandData.OwnerID == ownerID)	472	if (land.LandData.OwnerID == ownerID)
423	{	473	{
424	return String.Empty;	474	return String.Empty;
@@ -426,10 +476,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
426	}	476	}
427		477
428	//OSSL only may be used if object is in the same group as the parcel	478	//OSSL only may be used if object is in the same group as the parcel
429	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))	479	if ((functionControl & AllowedControlFlags.PARCEL_GROUP_MEMBER) != 0)
430	{	480	{
431	ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);	481	ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition);
432
433	if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)	482	if (land.LandData.GroupID == m_item.GroupID && land.LandData.GroupID != UUID.Zero)
434	{	483	{
435	return String.Empty;	484	return String.Empty;
@@ -437,7 +486,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
437	}	486	}
438		487
439	//Only Estate Managers may use the function	488	//Only Estate Managers may use the function
440	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))	489	if ((functionControl & AllowedControlFlags.ESTATE_MANAGER) != 0)
441	{	490	{
442	//Only Estate Managers may use the function	491	//Only Estate Managers may use the function
443	if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)	492	if (World.RegionInfo.EstateSettings.IsEstateManagerOrOwner(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
@@ -447,7 +496,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
447	}	496	}
448		497
449	//Only regionowners may use the function	498	//Only regionowners may use the function
450	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))	499	if ((functionControl & AllowedControlFlags.ESTATE_OWNER) != 0)
451	{	500	{
452	if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)	501	if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
453	{	502	{
@@ -456,7 +505,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
456	}	505	}
457		506
458	//Only grid gods may use the function	507	//Only grid gods may use the function
459	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GRID_GOD"))	508	if ((functionControl & AllowedControlFlags.GRID_GOD) != 0)
460	{	509	{
461	if (World.Permissions.IsGridGod(ownerID))	510	if (World.Permissions.IsGridGod(ownerID))
462	{	511	{
@@ -465,7 +514,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
465	}	514	}
466		515
467	//Any god may use the function	516	//Any god may use the function
468	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("GOD"))	517	if ((functionControl & AllowedControlFlags.GOD) != 0)
469	{	518	{
470	if (World.Permissions.IsAdministrator(ownerID))	519	if (World.Permissions.IsAdministrator(ownerID))
471	{	520	{
@@ -474,7 +523,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
474	}	523	}
475		524
476	//Only active gods may use the function	525	//Only active gods may use the function
477	if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ACTIVE_GOD"))	526	if ((functionControl & AllowedControlFlags.ACTIVE_GOD) != 0)
478	{	527	{
479	ScenePresence sp = World.GetScenePresence(ownerID);	528	ScenePresence sp = World.GetScenePresence(ownerID);
480	if (sp != null && !sp.IsDeleted && sp.IsGod)	529	if (sp != null && !sp.IsDeleted && sp.IsGod)
@@ -483,7 +532,11 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
483	}	532	}
484	}	533	}
485		534
486	if (!m_FunctionPerms[function].AllowedCreators.Contains(m_item.CreatorID))	535	// else if no creators its denied
		536	if((functionControl & AllowedControlFlags.CREATORUUID) == 0)
		537	return String.Format("{0} permission denied.", function);
		538
		539	if (!perms.AllowedCreators.Contains(m_item.CreatorID))
487	return(	540	return(
488	String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",	541	String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
489	function));	542	function));