From 48672c7fd601ca2462ea91c4c09928c3a668e640 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Mon, 22 Sep 2008 22:33:00 +0000 Subject: Move script and notecard open perms checks from ClientView to the perms module --- .../Region/ClientStack/LindenUDP/LLClientView.cs | 24 +++- .../Modules/World/Permissions/PermissionsModule.cs | 129 ++++++++++++++++++++- 2 files changed, 149 insertions(+), 4 deletions(-) (limited to 'OpenSim/Region') diff --git a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs index c649493..6915b3a 100644 --- a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs +++ b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs @@ -4835,6 +4835,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP case PacketType.TransferRequest: //Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request"); TransferRequestPacket transfer = (TransferRequestPacket)Pack; +System.Console.WriteLine("Transfer request, source {0}", transfer.TransferInfo.SourceType); // Validate inventory transfers // Has to be done here, because AssetCache can't do it // @@ -4890,8 +4891,27 @@ namespace OpenSim.Region.ClientStack.LindenUDP return; } - if ((assetRequestItem.CurrentPermissions & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) - break; + // At this point, we need to apply perms + // only to notecards and scripts. All + // other asset types are always available + // + if (assetRequestItem.AssetType == 10) + { + if (!((Scene)m_scene).ExternalChecks.ExternalChecksCanViewScript(itemID, UUID.Zero, AgentId)) + { + SendAgentAlertMessage("Insufficient permissions to view script", false); + break; + } + } + else if (assetRequestItem.AssetType == 7) + { + if (!((Scene)m_scene).ExternalChecks.ExternalChecksCanViewNotecard(itemID, UUID.Zero, AgentId)) + { + SendAgentAlertMessage("Insufficient permissions to view notecard", false); + break; + } + } + if (assetRequestItem.AssetID != requestID) break; } diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs index 7b940f5..ff5ba18 100644 --- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs @@ -952,7 +952,77 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); if (m_bypassPermissions) return m_bypassPermissionsValue; - return false; + if (objectID == UUID.Zero) // User inventory + { + CachedUserInfo userInfo = + scene.CommsManager.UserProfileCacheService.GetUserDetails(user); + if (userInfo == null) + return false; + + if (userInfo.RootFolder == null) + return false; + + InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(script); + if (assetRequestItem == null) // Library item + { + assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(script); + + if (assetRequestItem != null) // Implicitly readable + return true; + } + + // SL is rather harebrained here. In SL, a script you + // have mod/copy no trans is readable. This subverts + // permissions, but is used in some products, most + // notably Hippo door plugin and HippoRent 5 networked + // prim counter. + // To enable this broken SL-ism, remove Transfer from + // the below expressions. + // Trying to improve on SL perms by making a script + // readable only if it's really full perms + // + if ((assetRequestItem.CurrentPermissions & + ((uint)PermissionMask.Modify | + (uint)PermissionMask.Copy | + (uint)PermissionMask.Transfer)) != + ((uint)PermissionMask.Modify | + (uint)PermissionMask.Copy | + (uint)PermissionMask.Transfer)) + return false; + } + else // Prim inventory + { + SceneObjectPart part = scene.GetSceneObjectPart(objectID); + + if (part == null) + return false; + + if (part.OwnerID != user) + return false; + + if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) + return false; + + TaskInventoryItem ti = part.GetInventoryItem(script); + + if (ti == null) + return false; + + if (ti.OwnerID != user) + return false; + + // Require full perms + if ((ti.CurrentPermissions & + ((uint)PermissionMask.Modify | + (uint)PermissionMask.Copy | + (uint)PermissionMask.Transfer)) != + ((uint)PermissionMask.Modify | + (uint)PermissionMask.Copy | + (uint)PermissionMask.Transfer)) + return false; + } + + return true; } private bool CanViewNotecard(UUID notecard, UUID objectID, UUID user, Scene scene) @@ -960,7 +1030,62 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); if (m_bypassPermissions) return m_bypassPermissionsValue; - return false; + if (objectID == UUID.Zero) // User inventory + { + CachedUserInfo userInfo = + scene.CommsManager.UserProfileCacheService.GetUserDetails(user); + if (userInfo == null) + return false; + + if (userInfo.RootFolder == null) + return false; + + InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard); + if (assetRequestItem == null) // Library item + { + assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard); + + if (assetRequestItem != null) // Implicitly readable + return true; + } + + // Notecards are always readable unless no copy + // + if ((assetRequestItem.CurrentPermissions & + (uint)PermissionMask.Copy) != + (uint)PermissionMask.Copy) + return false; + } + else // Prim inventory + { + SceneObjectPart part = scene.GetSceneObjectPart(objectID); + + if (part == null) + return false; + + if (part.OwnerID != user) + return false; + + if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) + return false; + + TaskInventoryItem ti = part.GetInventoryItem(notecard); + + if (ti == null) + return false; + + if (ti.OwnerID != user) + return false; + + // Notecards are always readable unless no copy + // + if ((ti.CurrentPermissions & + (uint)PermissionMask.Copy) != + (uint)PermissionMask.Copy) + return false; + } + + return true; } #endregion -- cgit v1.1