diff options
Diffstat (limited to 'OpenSim')
-rw-r--r-- | OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | 285 |
1 files changed, 133 insertions, 152 deletions
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 3264071..da4b826 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | |||
@@ -497,32 +497,20 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
497 | return false; | 497 | return false; |
498 | } | 498 | } |
499 | 499 | ||
500 | /* | 500 | protected bool GroupMemberPowers(UUID groupID, ScenePresence sp, ref ulong powers) |
501 | private bool CheckGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask) | ||
502 | { | 501 | { |
503 | if(sp == null || sp.ControllingClient == null) | 502 | powers = 0; |
503 | IClientAPI client = sp.ControllingClient; | ||
504 | if (client == null) | ||
504 | return false; | 505 | return false; |
505 | |||
506 | ulong grpPowers = sp.ControllingClient.GetGroupPowers(groupID); | ||
507 | |||
508 | return (grpPowers & powersMask) != 0; | ||
509 | } | ||
510 | 506 | ||
511 | private bool CheckActiveGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask) | 507 | if(!client.IsGroupMember(groupID)) |
512 | { | ||
513 | if(sp == null || sp.ControllingClient == null) | ||
514 | return false; | ||
515 | |||
516 | if(sp.ControllingClient.ActiveGroupId != groupID) | ||
517 | return false; | 508 | return false; |
518 | // activeGroupPowers only get current selected role powers, at least with xmlgroups. | 509 | |
519 | // lets get any role avoiding the extra burden of user also having to change role | 510 | powers = client.GetGroupPowers(groupID); |
520 | // ulong grpPowers = sp.ControllingClient.ActiveGroupPowers(groupID); | 511 | return true; |
521 | ulong grpPowers = sp.ControllingClient.GetGroupPowers(groupID); | ||
522 | |||
523 | return (grpPowers & powersMask) != 0; | ||
524 | } | 512 | } |
525 | */ | 513 | |
526 | /// <summary> | 514 | /// <summary> |
527 | /// Parse a user set configuration setting | 515 | /// Parse a user set configuration setting |
528 | /// </summary> | 516 | /// </summary> |
@@ -693,6 +681,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
693 | PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object | 681 | PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object |
694 | ); | 682 | ); |
695 | 683 | ||
684 | const uint LOCKED_GOD_FLAGS = (uint)( | ||
685 | PrimFlags.ObjectCopy | // Tells client you can copy the object | ||
686 | PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it | ||
687 | PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object | ||
688 | PrimFlags.ObjectAnyOwner // Tells client that someone owns the object | ||
689 | ); | ||
690 | |||
696 | public uint GenerateClientFlags(SceneObjectPart task, ScenePresence sp, uint curEffectivePerms) | 691 | public uint GenerateClientFlags(SceneObjectPart task, ScenePresence sp, uint curEffectivePerms) |
697 | { | 692 | { |
698 | if(sp == null || task == null || curEffectivePerms == 0) | 693 | if(sp == null || task == null || curEffectivePerms == 0) |
@@ -703,21 +698,25 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
703 | 698 | ||
704 | uint returnMask; | 699 | uint returnMask; |
705 | 700 | ||
706 | // gods have owner rights with Modify and Move always on | ||
707 | if(sp.IsGod) | ||
708 | { | ||
709 | // returnMask = ApplyObjectModifyMasks(task.OwnerMask, objflags, true); | ||
710 | // returnMask |= EXTRAGODMASK; | ||
711 | // return returnMask; | ||
712 | return objflags | GOD_FLAGS; | ||
713 | } | ||
714 | 701 | ||
715 | SceneObjectGroup grp = task.ParentGroup; | 702 | SceneObjectGroup grp = task.ParentGroup; |
716 | if(grp == null) | 703 | if(grp == null) |
717 | return 0; | 704 | return 0; |
718 | 705 | ||
706 | UUID taskOwnerID = task.OwnerID; | ||
707 | UUID spID = sp.UUID; | ||
708 | |||
719 | bool unlocked = (grp.RootPart.OwnerMask & (uint)PermissionMask.Move) != 0; | 709 | bool unlocked = (grp.RootPart.OwnerMask & (uint)PermissionMask.Move) != 0; |
720 | 710 | ||
711 | if(sp.IsGod) | ||
712 | { | ||
713 | // do locked on objects owned by admin | ||
714 | if(!unlocked && spID == taskOwnerID) | ||
715 | return objflags | LOCKED_GOD_FLAGS; | ||
716 | else | ||
717 | return objflags | GOD_FLAGS; | ||
718 | } | ||
719 | |||
721 | //bypass option == owner rights | 720 | //bypass option == owner rights |
722 | if (m_bypassPermissions) | 721 | if (m_bypassPermissions) |
723 | { | 722 | { |
@@ -728,9 +727,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
728 | return returnMask; | 727 | return returnMask; |
729 | } | 728 | } |
730 | 729 | ||
731 | UUID taskOwnerID = task.OwnerID; | ||
732 | UUID spID = sp.UUID; | ||
733 | |||
734 | // owner | 730 | // owner |
735 | if (spID == taskOwnerID) | 731 | if (spID == taskOwnerID) |
736 | { | 732 | { |
@@ -765,12 +761,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
765 | 761 | ||
766 | // group owned or shared ? | 762 | // group owned or shared ? |
767 | IClientAPI client = sp.ControllingClient; | 763 | IClientAPI client = sp.ControllingClient; |
768 | if(taskGroupID != UUID.Zero && client != null && client.IsGroupMember(taskGroupID)) | 764 | ulong powers = 0; |
765 | if(taskGroupID != UUID.Zero && GroupMemberPowers(taskGroupID, sp, ref powers)) | ||
769 | { | 766 | { |
770 | if(groupdOwned) | 767 | if(groupdOwned) |
771 | { | 768 | { |
772 | // object is owned by group, check role powers | 769 | // object is owned by group, check role powers |
773 | if((client.GetGroupPowers(taskGroupID) & (ulong)GroupPowers.ObjectManipulate) != 0) | 770 | if((powers & (ulong)GroupPowers.ObjectManipulate) != 0) |
774 | { | 771 | { |
775 | returnMask = ApplyObjectModifyMasks(grp.EffectiveOwnerPerms, objflags, unlocked); | 772 | returnMask = ApplyObjectModifyMasks(grp.EffectiveOwnerPerms, objflags, unlocked); |
776 | returnMask |= | 773 | returnMask |= |
@@ -838,7 +835,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
838 | return objectFlagsMask; | 835 | return objectFlagsMask; |
839 | } | 836 | } |
840 | 837 | ||
841 | // OARs need this method that handles offline users | 838 | // OARs still need this method that handles offline users |
842 | public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj) | 839 | public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj) |
843 | { | 840 | { |
844 | if (obj == null) | 841 | if (obj == null) |
@@ -869,14 +866,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
869 | return PermissionClass.Everyone; | 866 | return PermissionClass.Everyone; |
870 | } | 867 | } |
871 | 868 | ||
872 | /// <summary> | ||
873 | /// General permissions checks for any operation involving an object. These supplement more specific checks | ||
874 | /// implemented by callers. | ||
875 | /// </summary> | ||
876 | /// <param name="currentUser"></param> | ||
877 | /// <param name="objId">This is a scene object group UUID</param> | ||
878 | /// <param name="denyOnLocked"></param> | ||
879 | /// <returns></returns> | ||
880 | protected uint GetObjectPermissions(UUID currentUser, SceneObjectGroup group, bool denyOnLocked) | 869 | protected uint GetObjectPermissions(UUID currentUser, SceneObjectGroup group, bool denyOnLocked) |
881 | { | 870 | { |
882 | if (group == null) | 871 | if (group == null) |
@@ -893,13 +882,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
893 | { | 882 | { |
894 | // do lock on admin owned objects | 883 | // do lock on admin owned objects |
895 | if(locked && currentUser == objectOwner) | 884 | if(locked && currentUser == objectOwner) |
896 | return (uint)(PermissionMask.AllEffective & ~PermissionMask.Modify); | 885 | return (uint)(PermissionMask.AllEffective & ~(PermissionMask.Modify | PermissionMask.Move)); |
897 | return (uint)PermissionMask.AllEffective; | 886 | return (uint)PermissionMask.AllEffective; |
898 | } | 887 | } |
899 | 888 | ||
900 | uint lockmask = (uint)PermissionMask.AllEffective; | 889 | uint lockmask = (uint)PermissionMask.AllEffective; |
901 | if(locked) | 890 | if(locked) |
902 | lockmask &= ~(uint)PermissionMask.Modify; | 891 | lockmask &= ~(uint)(PermissionMask.Modify | PermissionMask.Move); |
903 | 892 | ||
904 | if (currentUser == objectOwner) | 893 | if (currentUser == objectOwner) |
905 | return group.EffectiveOwnerPerms & lockmask; | 894 | return group.EffectiveOwnerPerms & lockmask; |
@@ -928,7 +917,59 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
928 | return group.EffectiveEveryOnePerms & lockmask; | 917 | return group.EffectiveEveryOnePerms & lockmask; |
929 | } | 918 | } |
930 | 919 | ||
931 | private uint GetItemPermissions(TaskInventoryItem ti, UUID userID, bool notEveryone) | 920 | protected uint GetObjectPermissions(ScenePresence sp, SceneObjectGroup group, bool denyOnLocked) |
921 | { | ||
922 | if (sp == null || sp.IsDeleted || group == null || group.IsDeleted) | ||
923 | return 0; | ||
924 | |||
925 | SceneObjectPart root = group.RootPart; | ||
926 | if (root == null) | ||
927 | return 0; | ||
928 | |||
929 | UUID spID = sp.UUID; | ||
930 | UUID objectOwner = group.OwnerID; | ||
931 | |||
932 | bool locked = denyOnLocked && ((root.OwnerMask & PERM_LOCKED) == 0); | ||
933 | |||
934 | if (sp.IsGod) | ||
935 | { | ||
936 | if(locked && spID == objectOwner) | ||
937 | return (uint)(PermissionMask.AllEffective & ~(PermissionMask.Modify | PermissionMask.Move)); | ||
938 | return (uint)PermissionMask.AllEffective; | ||
939 | } | ||
940 | |||
941 | uint lockmask = (uint)PermissionMask.AllEffective; | ||
942 | if(locked) | ||
943 | lockmask &= ~(uint)(PermissionMask.Modify | PermissionMask.Move); | ||
944 | |||
945 | if (spID == objectOwner) | ||
946 | return group.EffectiveOwnerPerms & lockmask; | ||
947 | |||
948 | if (group.IsAttachment) | ||
949 | return 0; | ||
950 | |||
951 | if (IsFriendWithPerms(spID, objectOwner)) | ||
952 | return group.EffectiveOwnerPerms & lockmask; | ||
953 | |||
954 | UUID sogGroupID = group.GroupID; | ||
955 | if (sogGroupID != UUID.Zero) | ||
956 | { | ||
957 | ulong powers = 0; | ||
958 | if(GroupMemberPowers(sogGroupID, sp, ref powers)) | ||
959 | { | ||
960 | if(sogGroupID == objectOwner) | ||
961 | { | ||
962 | if((powers & (ulong)GroupPowers.ObjectManipulate) != 0) | ||
963 | return group.EffectiveOwnerPerms & lockmask; | ||
964 | } | ||
965 | return group.EffectiveGroupOrEveryOnePerms & lockmask; | ||
966 | } | ||
967 | } | ||
968 | |||
969 | return group.EffectiveEveryOnePerms & lockmask; | ||
970 | } | ||
971 | |||
972 | private uint GetObjectItemPermissions(UUID userID, TaskInventoryItem ti, bool notEveryone) | ||
932 | { | 973 | { |
933 | UUID tiOwnerID = ti.OwnerID; | 974 | UUID tiOwnerID = ti.OwnerID; |
934 | if(tiOwnerID == userID) | 975 | if(tiOwnerID == userID) |
@@ -962,107 +1003,41 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
962 | return ti.EveryonePermissions; | 1003 | return ti.EveryonePermissions; |
963 | } | 1004 | } |
964 | 1005 | ||
965 | /// <summary> | 1006 | private uint GetObjectItemPermissions(ScenePresence sp, TaskInventoryItem ti, bool notEveryone) |
966 | /// General permissions checks for any operation involving an object. These supplement more specific checks | ||
967 | /// implemented by callers. | ||
968 | /// </summary> | ||
969 | /// <param name="currentUser"></param> | ||
970 | /// <param name="objId">This is a scene object group UUID</param> | ||
971 | /// <param name="denyOnLocked"></param> | ||
972 | /// <returns></returns> | ||
973 | protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked) | ||
974 | { | 1007 | { |
975 | // Default: deny | 1008 | UUID tiOwnerID = ti.OwnerID; |
976 | bool permission = false; | 1009 | UUID spID = sp.UUID; |
977 | bool locked = false; | ||
978 | |||
979 | SceneObjectPart part = m_scene.GetSceneObjectPart(objId); | ||
980 | |||
981 | if (part == null) | ||
982 | return false; | ||
983 | |||
984 | SceneObjectGroup group = part.ParentGroup; | ||
985 | |||
986 | UUID objectOwner = group.OwnerID; | ||
987 | locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); | ||
988 | |||
989 | // People shouldn't be able to do anything with locked objects, except the Administrator | ||
990 | // The 'set permissions' runs through a different permission check, so when an object owner | ||
991 | // sets an object locked, the only thing that they can do is unlock it. | ||
992 | // | ||
993 | // Nobody but the object owner can set permissions on an object | ||
994 | // | ||
995 | if (locked && (!IsAdministrator(currentUser)) && denyOnLocked) | ||
996 | { | ||
997 | return false; | ||
998 | } | ||
999 | |||
1000 | // Object owners should be able to edit their own content | ||
1001 | if (currentUser == objectOwner) | ||
1002 | { | ||
1003 | // there is no way that later code can change this back to false | ||
1004 | // so just return true immediately and short circuit the more | ||
1005 | // expensive group checks | ||
1006 | return true; | ||
1007 | |||
1008 | //permission = true; | ||
1009 | } | ||
1010 | else if (group.IsAttachment) | ||
1011 | { | ||
1012 | permission = false; | ||
1013 | } | ||
1014 | |||
1015 | // m_log.DebugFormat( | ||
1016 | // "[PERMISSIONS]: group.GroupID = {0}, part.GroupMask = {1}, isGroupMember = {2} for {3}", | ||
1017 | // group.GroupID, | ||
1018 | // m_scene.GetSceneObjectPart(objId).GroupMask, | ||
1019 | // IsGroupMember(group.GroupID, currentUser, 0), | ||
1020 | // currentUser); | ||
1021 | |||
1022 | // Group members should be able to edit group objects | ||
1023 | if ((group.GroupID != UUID.Zero) | ||
1024 | && ((m_scene.GetSceneObjectPart(objId).GroupMask & (uint)PermissionMask.Modify) != 0) | ||
1025 | && IsGroupMember(group.GroupID, currentUser, 0)) | ||
1026 | { | ||
1027 | // Return immediately, so that the administrator can shares group objects | ||
1028 | return true; | ||
1029 | } | ||
1030 | |||
1031 | // Friends with benefits should be able to edit the objects too | ||
1032 | if (IsFriendWithPerms(currentUser, objectOwner)) | ||
1033 | { | ||
1034 | // Return immediately, so that the administrator can share objects with friends | ||
1035 | return true; | ||
1036 | } | ||
1037 | |||
1038 | // Users should be able to edit what is over their land. | ||
1039 | ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y); | ||
1040 | if ((parcel != null) && (parcel.LandData.OwnerID == currentUser)) | ||
1041 | { | ||
1042 | permission = true; | ||
1043 | } | ||
1044 | 1010 | ||
1045 | // Estate users should be able to edit anything in the sim | 1011 | if(tiOwnerID == spID) |
1046 | if (IsEstateManager(currentUser)) | 1012 | return ti.CurrentPermissions; |
1047 | { | 1013 | |
1048 | permission = true; | 1014 | // ?? |
1049 | } | 1015 | if (IsFriendWithPerms(spID, tiOwnerID)) |
1016 | return ti.CurrentPermissions; | ||
1050 | 1017 | ||
1051 | // Admin objects should not be editable by the above | 1018 | UUID tiGroupID = ti.GroupID; |
1052 | if (IsAdministrator(objectOwner)) | 1019 | if(tiGroupID != UUID.Zero) |
1053 | { | 1020 | { |
1054 | permission = false; | 1021 | ulong powers = 0; |
1022 | if(GroupMemberPowers(tiGroupID, spID, ref powers)) | ||
1023 | { | ||
1024 | if(tiGroupID == ti.OwnerID) | ||
1025 | { | ||
1026 | if((powers & (ulong)GroupPowers.ObjectManipulate) != 0) | ||
1027 | return ti.CurrentPermissions; | ||
1028 | } | ||
1029 | uint p = ti.GroupPermissions; | ||
1030 | if(!notEveryone) | ||
1031 | p |= ti.EveryonePermissions; | ||
1032 | return p; | ||
1033 | } | ||
1055 | } | 1034 | } |
1056 | 1035 | ||
1057 | // Admin should be able to edit anything in the sim (including admin objects) | 1036 | if(notEveryone) |
1058 | if (IsAdministrator(currentUser)) | 1037 | return 0; |
1059 | { | ||
1060 | permission = true; | ||
1061 | } | ||
1062 | 1038 | ||
1063 | return permission; | 1039 | return ti.EveryonePermissions; |
1064 | } | 1040 | } |
1065 | |||
1066 | #endregion | 1041 | #endregion |
1067 | 1042 | ||
1068 | #region Generic Permissions | 1043 | #region Generic Permissions |
@@ -1541,12 +1516,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1541 | return false; | 1516 | return false; |
1542 | 1517 | ||
1543 | IClientAPI client = sp.ControllingClient; | 1518 | IClientAPI client = sp.ControllingClient; |
1544 | 1519 | uint perms; | |
1545 | foreach (SceneObjectGroup g in new List<SceneObjectGroup>(objects)) | 1520 | foreach (SceneObjectGroup g in new List<SceneObjectGroup>(objects)) |
1546 | { | 1521 | { |
1547 | // Any user can return their own objects at any time | 1522 | perms = GetObjectPermissions(sp, g, false); |
1548 | // | 1523 | if((perms & (uint)PermissionMask.Modify) == 0) //?? |
1549 | if (GenericObjectPermission(user, g.UUID, false)) | ||
1550 | continue; | 1524 | continue; |
1551 | 1525 | ||
1552 | // This is a short cut for efficiency. If land is non-null, | 1526 | // This is a short cut for efficiency. If land is non-null, |
@@ -2122,19 +2096,19 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
2122 | return true; | 2096 | return true; |
2123 | } | 2097 | } |
2124 | 2098 | ||
2125 | private bool CanResetScript(UUID prim, UUID script, UUID agentID, Scene scene) | 2099 | private bool CanResetScript(UUID primID, UUID script, UUID agentID, Scene scene) |
2126 | { | 2100 | { |
2127 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 2101 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
2128 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 2102 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
2129 | 2103 | ||
2130 | SceneObjectPart part = m_scene.GetSceneObjectPart(prim); | 2104 | SceneObjectGroup sog = m_scene.GetGroupByPrim(primID); |
2131 | 2105 | if (sog == null) | |
2132 | // If we selected a sub-prim to reset, prim won't represent the object, but only a part. | 2106 | return false; |
2133 | // We have to check the permissions of the object, though. | ||
2134 | if (part.ParentID != 0) prim = part.ParentUUID; | ||
2135 | 2107 | ||
2136 | // You can reset the scripts in any object you can edit | 2108 | uint perms = GetObjectPermissions(agentID, sog, false); |
2137 | return GenericObjectPermission(agentID, prim, false); | 2109 | if((perms & (uint)PermissionMask.Modify) == 0) // ?? |
2110 | return false; | ||
2111 | return true; | ||
2138 | } | 2112 | } |
2139 | 2113 | ||
2140 | private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) | 2114 | private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) |
@@ -2195,7 +2169,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
2195 | // "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}", | 2169 | // "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}", |
2196 | // agentID, primID, face, me.ControlPermissions); | 2170 | // agentID, primID, face, me.ControlPermissions); |
2197 | 2171 | ||
2198 | return GenericObjectPermission(agentID, part.ParentGroup.UUID, true); | 2172 | SceneObjectGroup sog = part.ParentGroup; |
2173 | if (sog == null) | ||
2174 | return false; | ||
2175 | |||
2176 | uint perms = GetObjectPermissions(agentID, sog, false); | ||
2177 | if((perms & (uint)PermissionMask.Modify) == 0) | ||
2178 | return false; | ||
2179 | return true; | ||
2199 | } | 2180 | } |
2200 | 2181 | ||
2201 | private bool CanInteractWithPrimMedia(UUID agentID, UUID primID, int face) | 2182 | private bool CanInteractWithPrimMedia(UUID agentID, UUID primID, int face) |