From dcfeb95e98ca7b002170a5916f556f54f300678c Mon Sep 17 00:00:00 2001
From: Diva Canto
Date: Sat, 3 Aug 2013 20:13:44 -0700
Subject: HG: If OutboundPermission is set to false, let's enforce stricter
 permissions by not allowing objects to be taken to inventory.

---
 .../InventoryAccess/HGInventoryAccessModule.cs     | 31 ++++++++++++++++++++++
 OpenSim/Region/Framework/Scenes/Scene.Inventory.cs |  3 +++
 2 files changed, 34 insertions(+)

diff --git a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs
index 8f9800f..978c288 100644
--- a/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs
+++ b/OpenSim/Region/CoreModules/Framework/InventoryAccess/HGInventoryAccessModule.cs
@@ -62,6 +62,8 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
         private string m_ThisGatekeeper;
         private bool m_RestrictInventoryAccessAbroad;
 
+        private bool m_bypassPermissions = true;
+
 //        private bool m_Initialized = false;
 
         #region INonSharedRegionModule
@@ -100,6 +102,10 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
                     }
                     else
                         m_log.Warn("[HG INVENTORY ACCESS MODULE]: HGInventoryAccessModule configs not found. ProfileServerURI not set!");
+
+                    m_bypassPermissions = !Util.GetConfigVarFromSections<bool>(source, "serverside_object_permissions",
+                                            new string[] { "Startup", "Permissions" }, true); 
+
                 }
             }
         }
@@ -114,6 +120,11 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
             scene.EventManager.OnNewInventoryItemUploadComplete += UploadInventoryItem;
             scene.EventManager.OnTeleportStart += TeleportStart;
             scene.EventManager.OnTeleportFail += TeleportFail;
+
+            // We're fgoing to enforce some stricter permissions if Outbound is false
+            scene.Permissions.OnTakeObject += CanTakeObject;
+            scene.Permissions.OnTakeCopyObject += CanTakeObject;
+
         }
 
         #endregion
@@ -417,5 +428,25 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess
         }
 
         #endregion
+
+        #region Permissions
+
+        private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene)
+        {
+            if (m_bypassPermissions) return true;
+
+            if (!m_OutboundPermission && !UserManagementModule.IsLocalGridUser(stealer))
+            {
+                SceneObjectGroup sog = null;
+                if (m_Scene.TryGetSceneObjectGroup(objectID, out sog) && sog.OwnerID == stealer)
+                    return true;
+
+                return false;
+            }
+
+            return true;
+        }
+
+        #endregion
     }
 }
\ No newline at end of file
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index 58fa18c..2d1a3ef 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -2068,7 +2068,10 @@ namespace OpenSim.Region.Framework.Scenes
             {
                 // If we don't have permission, stop right here
                 if (!permissionToTakeCopy)
+                {
+                    remoteClient.SendAlertMessage("You don't have permission to take the object");
                     return;
+                }
 
                 permissionToTake = true;
                 // Don't delete
-- 
cgit v1.1