aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
Diffstat (limited to 'OpenSim')
-rw-r--r--OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs285
1 files changed, 133 insertions, 152 deletions
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
index 3264071..da4b826 100644
--- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
@@ -497,32 +497,20 @@ namespace OpenSim.Region.CoreModules.World.Permissions
497 return false; 497 return false;
498 } 498 }
499 499
500/* 500 protected bool GroupMemberPowers(UUID groupID, ScenePresence sp, ref ulong powers)
501 private bool CheckGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask)
502 { 501 {
503 if(sp == null || sp.ControllingClient == null) 502 powers = 0;
503 IClientAPI client = sp.ControllingClient;
504 if (client == null)
504 return false; 505 return false;
505
506 ulong grpPowers = sp.ControllingClient.GetGroupPowers(groupID);
507
508 return (grpPowers & powersMask) != 0;
509 }
510 506
511 private bool CheckActiveGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask) 507 if(!client.IsGroupMember(groupID))
512 {
513 if(sp == null || sp.ControllingClient == null)
514 return false;
515
516 if(sp.ControllingClient.ActiveGroupId != groupID)
517 return false; 508 return false;
518 // activeGroupPowers only get current selected role powers, at least with xmlgroups. 509
519 // lets get any role avoiding the extra burden of user also having to change role 510 powers = client.GetGroupPowers(groupID);
520 // ulong grpPowers = sp.ControllingClient.ActiveGroupPowers(groupID); 511 return true;
521 ulong grpPowers = sp.ControllingClient.GetGroupPowers(groupID);
522
523 return (grpPowers & powersMask) != 0;
524 } 512 }
525*/ 513
526 /// <summary> 514 /// <summary>
527 /// Parse a user set configuration setting 515 /// Parse a user set configuration setting
528 /// </summary> 516 /// </summary>
@@ -693,6 +681,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
693 PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object 681 PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object
694 ); 682 );
695 683
684 const uint LOCKED_GOD_FLAGS = (uint)(
685 PrimFlags.ObjectCopy | // Tells client you can copy the object
686 PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
687 PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object
688 PrimFlags.ObjectAnyOwner // Tells client that someone owns the object
689 );
690
696 public uint GenerateClientFlags(SceneObjectPart task, ScenePresence sp, uint curEffectivePerms) 691 public uint GenerateClientFlags(SceneObjectPart task, ScenePresence sp, uint curEffectivePerms)
697 { 692 {
698 if(sp == null || task == null || curEffectivePerms == 0) 693 if(sp == null || task == null || curEffectivePerms == 0)
@@ -703,21 +698,25 @@ namespace OpenSim.Region.CoreModules.World.Permissions
703 698
704 uint returnMask; 699 uint returnMask;
705 700
706 // gods have owner rights with Modify and Move always on
707 if(sp.IsGod)
708 {
709// returnMask = ApplyObjectModifyMasks(task.OwnerMask, objflags, true);
710// returnMask |= EXTRAGODMASK;
711// return returnMask;
712 return objflags | GOD_FLAGS;
713 }
714 701
715 SceneObjectGroup grp = task.ParentGroup; 702 SceneObjectGroup grp = task.ParentGroup;
716 if(grp == null) 703 if(grp == null)
717 return 0; 704 return 0;
718 705
706 UUID taskOwnerID = task.OwnerID;
707 UUID spID = sp.UUID;
708
719 bool unlocked = (grp.RootPart.OwnerMask & (uint)PermissionMask.Move) != 0; 709 bool unlocked = (grp.RootPart.OwnerMask & (uint)PermissionMask.Move) != 0;
720 710
711 if(sp.IsGod)
712 {
713 // do locked on objects owned by admin
714 if(!unlocked && spID == taskOwnerID)
715 return objflags | LOCKED_GOD_FLAGS;
716 else
717 return objflags | GOD_FLAGS;
718 }
719
721 //bypass option == owner rights 720 //bypass option == owner rights
722 if (m_bypassPermissions) 721 if (m_bypassPermissions)
723 { 722 {
@@ -728,9 +727,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
728 return returnMask; 727 return returnMask;
729 } 728 }
730 729
731 UUID taskOwnerID = task.OwnerID;
732 UUID spID = sp.UUID;
733
734 // owner 730 // owner
735 if (spID == taskOwnerID) 731 if (spID == taskOwnerID)
736 { 732 {
@@ -765,12 +761,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
765 761
766 // group owned or shared ? 762 // group owned or shared ?
767 IClientAPI client = sp.ControllingClient; 763 IClientAPI client = sp.ControllingClient;
768 if(taskGroupID != UUID.Zero && client != null && client.IsGroupMember(taskGroupID)) 764 ulong powers = 0;
765 if(taskGroupID != UUID.Zero && GroupMemberPowers(taskGroupID, sp, ref powers))
769 { 766 {
770 if(groupdOwned) 767 if(groupdOwned)
771 { 768 {
772 // object is owned by group, check role powers 769 // object is owned by group, check role powers
773 if((client.GetGroupPowers(taskGroupID) & (ulong)GroupPowers.ObjectManipulate) != 0) 770 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
774 { 771 {
775 returnMask = ApplyObjectModifyMasks(grp.EffectiveOwnerPerms, objflags, unlocked); 772 returnMask = ApplyObjectModifyMasks(grp.EffectiveOwnerPerms, objflags, unlocked);
776 returnMask |= 773 returnMask |=
@@ -838,7 +835,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
838 return objectFlagsMask; 835 return objectFlagsMask;
839 } 836 }
840 837
841 // OARs need this method that handles offline users 838 // OARs still need this method that handles offline users
842 public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj) 839 public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj)
843 { 840 {
844 if (obj == null) 841 if (obj == null)
@@ -869,14 +866,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
869 return PermissionClass.Everyone; 866 return PermissionClass.Everyone;
870 } 867 }
871 868
872 /// <summary>
873 /// General permissions checks for any operation involving an object. These supplement more specific checks
874 /// implemented by callers.
875 /// </summary>
876 /// <param name="currentUser"></param>
877 /// <param name="objId">This is a scene object group UUID</param>
878 /// <param name="denyOnLocked"></param>
879 /// <returns></returns>
880 protected uint GetObjectPermissions(UUID currentUser, SceneObjectGroup group, bool denyOnLocked) 869 protected uint GetObjectPermissions(UUID currentUser, SceneObjectGroup group, bool denyOnLocked)
881 { 870 {
882 if (group == null) 871 if (group == null)
@@ -893,13 +882,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
893 { 882 {
894 // do lock on admin owned objects 883 // do lock on admin owned objects
895 if(locked && currentUser == objectOwner) 884 if(locked && currentUser == objectOwner)
896 return (uint)(PermissionMask.AllEffective & ~PermissionMask.Modify); 885 return (uint)(PermissionMask.AllEffective & ~(PermissionMask.Modify | PermissionMask.Move));
897 return (uint)PermissionMask.AllEffective; 886 return (uint)PermissionMask.AllEffective;
898 } 887 }
899 888
900 uint lockmask = (uint)PermissionMask.AllEffective; 889 uint lockmask = (uint)PermissionMask.AllEffective;
901 if(locked) 890 if(locked)
902 lockmask &= ~(uint)PermissionMask.Modify; 891 lockmask &= ~(uint)(PermissionMask.Modify | PermissionMask.Move);
903 892
904 if (currentUser == objectOwner) 893 if (currentUser == objectOwner)
905 return group.EffectiveOwnerPerms & lockmask; 894 return group.EffectiveOwnerPerms & lockmask;
@@ -928,7 +917,59 @@ namespace OpenSim.Region.CoreModules.World.Permissions
928 return group.EffectiveEveryOnePerms & lockmask; 917 return group.EffectiveEveryOnePerms & lockmask;
929 } 918 }
930 919
931 private uint GetItemPermissions(TaskInventoryItem ti, UUID userID, bool notEveryone) 920 protected uint GetObjectPermissions(ScenePresence sp, SceneObjectGroup group, bool denyOnLocked)
921 {
922 if (sp == null || sp.IsDeleted || group == null || group.IsDeleted)
923 return 0;
924
925 SceneObjectPart root = group.RootPart;
926 if (root == null)
927 return 0;
928
929 UUID spID = sp.UUID;
930 UUID objectOwner = group.OwnerID;
931
932 bool locked = denyOnLocked && ((root.OwnerMask & PERM_LOCKED) == 0);
933
934 if (sp.IsGod)
935 {
936 if(locked && spID == objectOwner)
937 return (uint)(PermissionMask.AllEffective & ~(PermissionMask.Modify | PermissionMask.Move));
938 return (uint)PermissionMask.AllEffective;
939 }
940
941 uint lockmask = (uint)PermissionMask.AllEffective;
942 if(locked)
943 lockmask &= ~(uint)(PermissionMask.Modify | PermissionMask.Move);
944
945 if (spID == objectOwner)
946 return group.EffectiveOwnerPerms & lockmask;
947
948 if (group.IsAttachment)
949 return 0;
950
951 if (IsFriendWithPerms(spID, objectOwner))
952 return group.EffectiveOwnerPerms & lockmask;
953
954 UUID sogGroupID = group.GroupID;
955 if (sogGroupID != UUID.Zero)
956 {
957 ulong powers = 0;
958 if(GroupMemberPowers(sogGroupID, sp, ref powers))
959 {
960 if(sogGroupID == objectOwner)
961 {
962 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
963 return group.EffectiveOwnerPerms & lockmask;
964 }
965 return group.EffectiveGroupOrEveryOnePerms & lockmask;
966 }
967 }
968
969 return group.EffectiveEveryOnePerms & lockmask;
970 }
971
972 private uint GetObjectItemPermissions(UUID userID, TaskInventoryItem ti, bool notEveryone)
932 { 973 {
933 UUID tiOwnerID = ti.OwnerID; 974 UUID tiOwnerID = ti.OwnerID;
934 if(tiOwnerID == userID) 975 if(tiOwnerID == userID)
@@ -962,107 +1003,41 @@ namespace OpenSim.Region.CoreModules.World.Permissions
962 return ti.EveryonePermissions; 1003 return ti.EveryonePermissions;
963 } 1004 }
964 1005
965 /// <summary> 1006 private uint GetObjectItemPermissions(ScenePresence sp, TaskInventoryItem ti, bool notEveryone)
966 /// General permissions checks for any operation involving an object. These supplement more specific checks
967 /// implemented by callers.
968 /// </summary>
969 /// <param name="currentUser"></param>
970 /// <param name="objId">This is a scene object group UUID</param>
971 /// <param name="denyOnLocked"></param>
972 /// <returns></returns>
973 protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
974 { 1007 {
975 // Default: deny 1008 UUID tiOwnerID = ti.OwnerID;
976 bool permission = false; 1009 UUID spID = sp.UUID;
977 bool locked = false;
978
979 SceneObjectPart part = m_scene.GetSceneObjectPart(objId);
980
981 if (part == null)
982 return false;
983
984 SceneObjectGroup group = part.ParentGroup;
985
986 UUID objectOwner = group.OwnerID;
987 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
988
989 // People shouldn't be able to do anything with locked objects, except the Administrator
990 // The 'set permissions' runs through a different permission check, so when an object owner
991 // sets an object locked, the only thing that they can do is unlock it.
992 //
993 // Nobody but the object owner can set permissions on an object
994 //
995 if (locked && (!IsAdministrator(currentUser)) && denyOnLocked)
996 {
997 return false;
998 }
999
1000 // Object owners should be able to edit their own content
1001 if (currentUser == objectOwner)
1002 {
1003 // there is no way that later code can change this back to false
1004 // so just return true immediately and short circuit the more
1005 // expensive group checks
1006 return true;
1007
1008 //permission = true;
1009 }
1010 else if (group.IsAttachment)
1011 {
1012 permission = false;
1013 }
1014
1015// m_log.DebugFormat(
1016// "[PERMISSIONS]: group.GroupID = {0}, part.GroupMask = {1}, isGroupMember = {2} for {3}",
1017// group.GroupID,
1018// m_scene.GetSceneObjectPart(objId).GroupMask,
1019// IsGroupMember(group.GroupID, currentUser, 0),
1020// currentUser);
1021
1022 // Group members should be able to edit group objects
1023 if ((group.GroupID != UUID.Zero)
1024 && ((m_scene.GetSceneObjectPart(objId).GroupMask & (uint)PermissionMask.Modify) != 0)
1025 && IsGroupMember(group.GroupID, currentUser, 0))
1026 {
1027 // Return immediately, so that the administrator can shares group objects
1028 return true;
1029 }
1030
1031 // Friends with benefits should be able to edit the objects too
1032 if (IsFriendWithPerms(currentUser, objectOwner))
1033 {
1034 // Return immediately, so that the administrator can share objects with friends
1035 return true;
1036 }
1037
1038 // Users should be able to edit what is over their land.
1039 ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y);
1040 if ((parcel != null) && (parcel.LandData.OwnerID == currentUser))
1041 {
1042 permission = true;
1043 }
1044 1010
1045 // Estate users should be able to edit anything in the sim 1011 if(tiOwnerID == spID)
1046 if (IsEstateManager(currentUser)) 1012 return ti.CurrentPermissions;
1047 { 1013
1048 permission = true; 1014 // ??
1049 } 1015 if (IsFriendWithPerms(spID, tiOwnerID))
1016 return ti.CurrentPermissions;
1050 1017
1051 // Admin objects should not be editable by the above 1018 UUID tiGroupID = ti.GroupID;
1052 if (IsAdministrator(objectOwner)) 1019 if(tiGroupID != UUID.Zero)
1053 { 1020 {
1054 permission = false; 1021 ulong powers = 0;
1022 if(GroupMemberPowers(tiGroupID, spID, ref powers))
1023 {
1024 if(tiGroupID == ti.OwnerID)
1025 {
1026 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
1027 return ti.CurrentPermissions;
1028 }
1029 uint p = ti.GroupPermissions;
1030 if(!notEveryone)
1031 p |= ti.EveryonePermissions;
1032 return p;
1033 }
1055 } 1034 }
1056 1035
1057 // Admin should be able to edit anything in the sim (including admin objects) 1036 if(notEveryone)
1058 if (IsAdministrator(currentUser)) 1037 return 0;
1059 {
1060 permission = true;
1061 }
1062 1038
1063 return permission; 1039 return ti.EveryonePermissions;
1064 } 1040 }
1065
1066 #endregion 1041 #endregion
1067 1042
1068 #region Generic Permissions 1043 #region Generic Permissions
@@ -1541,12 +1516,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1541 return false; 1516 return false;
1542 1517
1543 IClientAPI client = sp.ControllingClient; 1518 IClientAPI client = sp.ControllingClient;
1544 1519 uint perms;
1545 foreach (SceneObjectGroup g in new List<SceneObjectGroup>(objects)) 1520 foreach (SceneObjectGroup g in new List<SceneObjectGroup>(objects))
1546 { 1521 {
1547 // Any user can return their own objects at any time 1522 perms = GetObjectPermissions(sp, g, false);
1548 // 1523 if((perms & (uint)PermissionMask.Modify) == 0) //??
1549 if (GenericObjectPermission(user, g.UUID, false))
1550 continue; 1524 continue;
1551 1525
1552 // This is a short cut for efficiency. If land is non-null, 1526 // This is a short cut for efficiency. If land is non-null,
@@ -2122,19 +2096,19 @@ namespace OpenSim.Region.CoreModules.World.Permissions
2122 return true; 2096 return true;
2123 } 2097 }
2124 2098
2125 private bool CanResetScript(UUID prim, UUID script, UUID agentID, Scene scene) 2099 private bool CanResetScript(UUID primID, UUID script, UUID agentID, Scene scene)
2126 { 2100 {
2127 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2101 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
2128 if (m_bypassPermissions) return m_bypassPermissionsValue; 2102 if (m_bypassPermissions) return m_bypassPermissionsValue;
2129 2103
2130 SceneObjectPart part = m_scene.GetSceneObjectPart(prim); 2104 SceneObjectGroup sog = m_scene.GetGroupByPrim(primID);
2131 2105 if (sog == null)
2132 // If we selected a sub-prim to reset, prim won't represent the object, but only a part. 2106 return false;
2133 // We have to check the permissions of the object, though.
2134 if (part.ParentID != 0) prim = part.ParentUUID;
2135 2107
2136 // You can reset the scripts in any object you can edit 2108 uint perms = GetObjectPermissions(agentID, sog, false);
2137 return GenericObjectPermission(agentID, prim, false); 2109 if((perms & (uint)PermissionMask.Modify) == 0) // ??
2110 return false;
2111 return true;
2138 } 2112 }
2139 2113
2140 private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) 2114 private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene)
@@ -2195,7 +2169,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
2195// "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}", 2169// "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}",
2196// agentID, primID, face, me.ControlPermissions); 2170// agentID, primID, face, me.ControlPermissions);
2197 2171
2198 return GenericObjectPermission(agentID, part.ParentGroup.UUID, true); 2172 SceneObjectGroup sog = part.ParentGroup;
2173 if (sog == null)
2174 return false;
2175
2176 uint perms = GetObjectPermissions(agentID, sog, false);
2177 if((perms & (uint)PermissionMask.Modify) == 0)
2178 return false;
2179 return true;
2199 } 2180 }
2200 2181
2201 private bool CanInteractWithPrimMedia(UUID agentID, UUID primID, int face) 2182 private bool CanInteractWithPrimMedia(UUID agentID, UUID primID, int face)