From e3770cfee6e3ae0ad05b5be2f96f10779b39c454 Mon Sep 17 00:00:00 2001
From: Justin Clarke Casey
Date: Fri, 14 Nov 2008 18:43:40 +0000
Subject: * Allow new script creation to be locked down to only gods if
specified in OpenSim.ini * This doesn't allow complete script lockdown of a
sim, many avenues (copying, editing) are still uncloseable at the moment *
Default remains to allow all users to create scripts (subject to existing
permissions if enabled)
---
.../Modules/World/Permissions/PermissionsModule.cs | 67 +++++++++++++++++++---
.../Shared/Api/Implementation/OSSL_Api.cs | 5 +-
bin/OpenSim.ini.example | 9 +++
3 files changed, 68 insertions(+), 13 deletions(-)
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
index 7f567e5..7135a21 100644
--- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
@@ -43,9 +43,10 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
{
public class PermissionsModule : IRegionModule, ICommandableModule
{
- protected Scene m_scene;
- private readonly Commander m_commander = new Commander("Permissions");
private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+ protected Scene m_scene;
+ private readonly Commander m_commander = new Commander("Permissions");
#region Constants
// These are here for testing. They will be taken out
@@ -55,9 +56,18 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
//private uint PERM_MODIFY = (uint)16384;
private uint PERM_MOVE = (uint)524288;
//private uint PERM_TRANS = (uint)8192;
- private uint PERM_LOCKED = (uint)540672;
-
- #endregion
+ private uint PERM_LOCKED = (uint)540672;
+
+ ///
+ /// Different user set names that come in from the configuration file.
+ ///
+ enum UserSet
+ {
+ All,
+ Administrators
+ };
+
+ #endregion
#region Bypass Permissions / Debug Permissions Stuff
@@ -69,6 +79,11 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
private bool m_allowGridGods = false;
private bool m_RegionOwnerIsGod = false;
private bool m_ParcelOwnerIsGod = false;
+
+ ///
+ /// The set of users that are allowed to create scripts.
+ ///
+ private UserSet m_allowedScriptCreators = UserSet.All;
#endregion
@@ -79,7 +94,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
get { throw new System.NotImplementedException(); }
}
-
private void InterfaceDebugPermissions(Object[] args)
{
if ((bool)args[0] == true)
@@ -147,6 +161,27 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
m_propagatePermissions = myConfig.GetBoolean("propagate_permissions", true);
m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
+
+ string allowedScriptCreators = myConfig.GetString("allowed_script_creators", UserSet.All.ToString());
+
+ // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term
+ // this should disappear.
+ if ("gods" == allowedScriptCreators.ToLower())
+ allowedScriptCreators = UserSet.Administrators.ToString();
+
+ // Doing it this was so that we can do a case insensitive conversion
+ try
+ {
+ m_allowedScriptCreators = (UserSet)Enum.Parse(typeof(UserSet), allowedScriptCreators, true);
+ }
+ catch
+ {
+ m_log.ErrorFormat(
+ "[PERMISSIONS]: {0} is not a valid allowed_script_creators value, setting to {1}",
+ allowedScriptCreators, m_allowedScriptCreators);
+ }
+
+ m_log.DebugFormat("[PERMISSIONS]: m_allowedScriptCreators {0}", m_allowedScriptCreators);
if (m_bypassPermissions)
m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks");
@@ -243,6 +278,11 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
}
+ ///
+ /// Is the given user an administrator (in other words, a god)?
+ ///
+ ///
+ ///
protected bool IsAdministrator(UUID user)
{
if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero)
@@ -250,11 +290,13 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user))
return true;
}
+
if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero)
{
if (m_scene.RegionInfo.EstateSettings.EstateOwner == user)
return true;
}
+
if (m_allowGridGods)
{
CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
@@ -1232,11 +1274,15 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
///
public bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID)
{
- //m_log.Debug("[PERMISSIONS]: CanCreateObjectInventory called");
+ m_log.Debug("[PERMISSIONS]: CanCreateObjectInventory called");
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue;
+ if ((int)InventoryType.LSL == invType)
+ if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
+ return false;
+
return true;
}
@@ -1248,11 +1294,15 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
///
public bool CanCreateUserInventory(int invType, UUID userID)
{
- //m_log.Debug("[PERMISSIONS]: CanCreateAvatarInventory called");
+ m_log.Debug("[PERMISSIONS]: CanCreateAvatarInventory called");
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue;
+ if ((int)InventoryType.LSL == invType)
+ if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
+ return false;
+
return true;
}
@@ -1306,5 +1356,4 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return true;
}
}
-
}
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index 8cac070..72a8dc5 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -736,7 +736,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
return m_ScriptEngine.World.GetSimulatorVersion();
}
-
//for testing purposes only
public void osSetParcelMediaTime(double time)
{
@@ -750,9 +749,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
World.ParcelMediaSetTime((float)time);
}
-
-
-
+
public Hashtable osParseJSON(string JSON)
{
CheckThreatLevel(ThreatLevel.None, "osParseJSON");
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index a19c4d2..7b61790 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -123,6 +123,15 @@
;region_owner_is_god = true
;parcel_owner_is_god = true
+ ; Control user types that are allowed to create new scripts
+ ; Only enforced if serviceside_object_permissions is true
+ ;
+ ; Current possible values are
+ ; all - anyone can create scripts (subject to normal permissions)
+ ; gods - only administrators can create scripts (as long as allow_grid_gods is true)
+ ; Default value is all
+ ; allowed_script_creators = all
+
; ##
; ## SCRIPT ENGINE
; ##
--
cgit v1.1