From 9655cf280779021e6241a08f8610cad9b982763f Mon Sep 17 00:00:00 2001 From: Justin Clarke Casey Date: Mon, 5 May 2008 20:14:53 +0000 Subject: * Refactor: Break out permissions code into a separate region PermissionsModule --- .../Modules/World/Estate/EstateManagementModule.cs | 4 +- .../Modules/World/Permissions/PermissionsModule.cs | 698 +++++++++++++++++++++ .../Modules/World/Terrain/TerrainModule.cs | 2 +- 3 files changed, 701 insertions(+), 3 deletions(-) create mode 100644 OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs (limited to 'OpenSim/Region/Environment/Modules/World') diff --git a/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs b/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs index 403ab5b..ebe0357 100644 --- a/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs @@ -205,7 +205,7 @@ namespace OpenSim.Region.Environment.Modules.World.Estate // This needs to be updated for SuperEstateOwnerUser.. a non existing user in the estatesettings.xml // So make sure you really trust your region owners. because they can add other estate manaagers to your other estates - if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.PermissionsMngr.BypassPermissions) + if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.Permissions.BypassPermissions) { m_scene.RegionInfo.EstateSettings.AddEstateManager(user); remote_client.sendEstateManagersList(invoice); @@ -219,7 +219,7 @@ namespace OpenSim.Region.Environment.Modules.World.Estate case 512: // This needs to be updated for SuperEstateOwnerUser.. a non existing user in the estatesettings.xml // So make sure you really trust your region owners. because they can add other estate manaagers to your other estates - if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.PermissionsMngr.BypassPermissions) + if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.Permissions.BypassPermissions) { m_scene.RegionInfo.EstateSettings.RemoveEstateManager(user); remote_client.sendEstateManagersList(invoice); diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs new file mode 100644 index 0000000..de02702 --- /dev/null +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs @@ -0,0 +1,698 @@ +/* + * Copyright (c) Contributors, http://opensimulator.org/ + * See CONTRIBUTORS.TXT for a full list of copyright holders. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the OpenSim Project nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +using libsecondlife; +using Nini.Config; + +using OpenSim.Region.Environment.Interfaces; +using OpenSim.Region.Environment.Scenes; + +namespace OpenSim.Region.Environment.Modules.World.Permissions +{ + public class PermissionsModule : IRegionModule, IScenePermissions + { + protected Scene m_scene; + + // These are here for testing. They will be taken out + + //private uint PERM_ALL = (uint)2147483647; + private uint PERM_COPY = (uint)32768; + //private uint PERM_MODIFY = (uint)16384; + private uint PERM_MOVE = (uint)524288; + //private uint PERM_TRANS = (uint)8192; + private uint PERM_LOCKED = (uint)540672; + + // Bypasses the permissions engine + private bool m_bypassPermissions = false; + + public bool BypassPermissions + { + get { return m_bypassPermissions; } + set { m_bypassPermissions = value; } + } + + #region IRegionModule Members + + public void Initialise(Scene scene, IConfigSource config) + { + m_scene = scene; + + // FIXME: Possibly move all permissions related stuff to its own section + IConfig myConfig = config.Configs["Startup"]; + + m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", false); + + m_scene.RegisterModuleInterface(this); + } + + public void PostInitialise() + { + } + + public void Close() + { + } + + public string Name + { + get { return "PermissionsModule"; } + } + + public bool IsSharedModule + { + get { return false; } + } + + #endregion + + protected virtual void SendPermissionError(LLUUID user, string reason) + { + m_scene.EventManager.TriggerPermissionError(user, reason); + } + + protected virtual bool IsAdministrator(LLUUID user) + { + if (m_bypassPermissions) + { + return true; + } + + // If there is no master avatar, return false + if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero) + { + return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; + } + + return false; + } + + public virtual bool IsEstateManager(LLUUID user) + { + if (m_bypassPermissions) + { + return true; + } + + if (user != LLUUID.Zero) + { + LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers; + for (int i = 0; i < estatemanagers.Length; i++) + { + if (estatemanagers[i] == user) + return true; + } + } + + return false; + } + + protected virtual bool IsGridUser(LLUUID user) + { + return true; + } + + protected virtual bool IsGuest(LLUUID user) + { + return false; + } + + public virtual bool CanRezObject(LLUUID user, LLVector3 position) + { + bool permission = false; + + string reason = "Insufficient permission"; + + ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y); + if (land == null) return false; + + if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) == + (int)Parcel.ParcelFlags.CreateObjects) + permission = true; + + //TODO: check for group rights + + if (IsAdministrator(user)) + { + permission = true; + } + else + { + reason = "Not an administrator"; + } + + if (GenericParcelPermission(user, position)) + { + permission = true; + } + else + { + reason = "Not the parcel owner"; + } + + if (!permission) + SendPermissionError(user, reason); + + return permission; + } + + /// 255) + X = 255; + if (Y > 255) + Y = 255; + if (X < 0) + X = 0; + if (Y < 0) + Y = 0; + + // Land owner can terraform too + ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y); + if (parcel != null && GenericParcelPermission(user, parcel)) + permission = true; + + if (!permission) + SendPermissionError(user, "Not authorized to terraform at this location."); + + return permission; + } + + #region Estate Permissions + + public virtual bool GenericEstatePermission(LLUUID user) + { + // Default: deny + bool permission = false; + + // Estate admins should be able to use estate tools + if (IsEstateManager(user)) + permission = true; + + // Administrators always have permission + if (IsAdministrator(user)) + permission = true; + + return permission; + } + + public virtual bool CanEditEstateTerrain(LLUUID user) + { + return GenericEstatePermission(user); + } + + public virtual bool CanRestartSim(LLUUID user) + { + // Since this is potentially going on a grid... + + return GenericEstatePermission(user); + //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; + } + + #endregion + + #region Parcel Permissions + + protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel) + { + bool permission = false; + + if (parcel.landData.ownerID == user) + { + permission = true; + } + + if (parcel.landData.isGroupOwned) + { + // TODO: Need to do some extra checks here. Requires group code. + } + + if (IsEstateManager(user)) + { + permission = true; + } + + if (IsAdministrator(user)) + { + permission = true; + } + + return permission; + } + + protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) + { + ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y); + if (parcel == null) return false; + return GenericParcelPermission(user, parcel); + } + + public virtual bool CanEditParcel(LLUUID user, ILandObject parcel) + { + return GenericParcelPermission(user, parcel); + } + + public virtual bool CanSellParcel(LLUUID user, ILandObject parcel) + { + return GenericParcelPermission(user, parcel); + } + + public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel) + { + return GenericParcelPermission(user, parcel); + } + + #endregion + } +} diff --git a/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs b/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs index 240ba65..91a28e4 100644 --- a/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs @@ -449,7 +449,7 @@ namespace OpenSim.Region.Environment.Modules.World.Terrain float south, float east, IClientAPI remoteClient) { // Not a good permissions check, if in area mode, need to check the entire area. - if (m_scene.PermissionsMngr.CanTerraform(remoteClient.AgentId, new LLVector3(north, west, 0))) + if (m_scene.Permissions.CanTerraform(remoteClient.AgentId, new LLVector3(north, west, 0))) { if (north == south && east == west) { -- cgit v1.1