diff options
author | Adam Frisby | 2007-08-15 14:10:26 +0000 |
---|---|---|
committer | Adam Frisby | 2007-08-15 14:10:26 +0000 |
commit | 5699bb2e64766da634ca4be34bc2d8eab991f2e1 (patch) | |
tree | cf471be738a0ac69cf6a7a17b0a53183a7bfe68f | |
parent | Partial fix for the permissions on edited notecards/scripts (now you might st... (diff) | |
download | opensim-SC_OLD-5699bb2e64766da634ca4be34bc2d8eab991f2e1.zip opensim-SC_OLD-5699bb2e64766da634ca4be34bc2d8eab991f2e1.tar.gz opensim-SC_OLD-5699bb2e64766da634ca4be34bc2d8eab991f2e1.tar.bz2 opensim-SC_OLD-5699bb2e64766da634ca4be34bc2d8eab991f2e1.tar.xz |
* Permissions! - You can now only perform certain functions (such as editing other peoples objects) if you have permission to do so.
* Moved OnPermissionError to EventManager - now triggers a standard blue alert.
* Terraforming now requires permission via the permissions manager. [Defaults to admin-only]
* Permissions manager is now substantiated in Scene
* Buttload of new permissions added.
* Estate manager operations now require various levels of permission to operate
* OGS1 now produces 'summary reports' for a commsManager of each scene it maintains connections for. Reduces grid network traffic for ping checks.
* Added new "permissions true" / "permissions false" console command to enable or disable permissions.
-rw-r--r-- | OpenSim/Region/Application/OpenSimMain.cs | 11 | ||||
-rw-r--r-- | OpenSim/Region/Communications/OGS1/OGS1GridServices.cs | 10 | ||||
-rw-r--r-- | OpenSim/Region/Environment/EstateManager.cs | 48 | ||||
-rw-r--r-- | OpenSim/Region/Environment/PermissionManager.cs | 119 | ||||
-rw-r--r-- | OpenSim/Region/Environment/Scenes/Scene.PacketHandlers.cs | 42 | ||||
-rw-r--r-- | OpenSim/Region/Environment/Scenes/Scene.cs | 16 | ||||
-rw-r--r-- | OpenSim/Region/Environment/Scenes/SceneEvents.cs | 9 |
7 files changed, 208 insertions, 47 deletions
diff --git a/OpenSim/Region/Application/OpenSimMain.cs b/OpenSim/Region/Application/OpenSimMain.cs index 887db67..9f95e01 100644 --- a/OpenSim/Region/Application/OpenSimMain.cs +++ b/OpenSim/Region/Application/OpenSimMain.cs | |||
@@ -320,6 +320,17 @@ namespace OpenSim | |||
320 | } | 320 | } |
321 | break; | 321 | break; |
322 | 322 | ||
323 | case "permissions": | ||
324 | // Treats each user as a super-admin when disabled | ||
325 | foreach (Scene scene in m_localScenes) | ||
326 | { | ||
327 | if (Convert.ToBoolean(cmdparams[0])) | ||
328 | scene.PermissionsMngr.EnablePermissions(); | ||
329 | else | ||
330 | scene.PermissionsMngr.DisablePermissions(); | ||
331 | } | ||
332 | break; | ||
333 | |||
323 | case "backup": | 334 | case "backup": |
324 | foreach (Scene scene in m_localScenes) | 335 | foreach (Scene scene in m_localScenes) |
325 | { | 336 | { |
diff --git a/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs b/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs index 32b0cfc..071ad0f 100644 --- a/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs +++ b/OpenSim/Region/Communications/OGS1/OGS1GridServices.cs | |||
@@ -260,6 +260,16 @@ namespace OpenSim.Region.Communications.OGS1 | |||
260 | Hashtable respData = new Hashtable(); | 260 | Hashtable respData = new Hashtable(); |
261 | respData["online"] = "true"; | 261 | respData["online"] = "true"; |
262 | 262 | ||
263 | foreach (ulong region in this.listeners.Keys) | ||
264 | { | ||
265 | Hashtable regData = new Hashtable(); | ||
266 | RegionInfo reg = regions[region]; | ||
267 | regData["status"] = "active"; | ||
268 | regData["handle"] = region.ToString(); | ||
269 | |||
270 | respData[reg.SimUUID.ToStringHyphenated()] = regData; | ||
271 | } | ||
272 | |||
263 | response.Value = respData; | 273 | response.Value = respData; |
264 | 274 | ||
265 | return response; | 275 | return response; |
diff --git a/OpenSim/Region/Environment/EstateManager.cs b/OpenSim/Region/Environment/EstateManager.cs index 83bfbb4..447a22c 100644 --- a/OpenSim/Region/Environment/EstateManager.cs +++ b/OpenSim/Region/Environment/EstateManager.cs | |||
@@ -147,35 +147,37 @@ namespace OpenSim.Region.Environment | |||
147 | 147 | ||
148 | public void handleEstateOwnerMessage(EstateOwnerMessagePacket packet, IClientAPI remote_client) | 148 | public void handleEstateOwnerMessage(EstateOwnerMessagePacket packet, IClientAPI remote_client) |
149 | { | 149 | { |
150 | if (remote_client.AgentId == m_regInfo.MasterAvatarAssignedUUID) | 150 | switch (Helpers.FieldToUTF8String(packet.MethodData.Method)) |
151 | { | 151 | { |
152 | switch (Helpers.FieldToUTF8String(packet.MethodData.Method)) | 152 | case "getinfo": |
153 | { | 153 | this.sendRegionInfoPacketToAll(); |
154 | case "getinfo": | 154 | break; |
155 | this.sendRegionInfoPacketToAll(); | 155 | case "setregioninfo": |
156 | break; | 156 | if (m_scene.PermissionsMngr.CanEditEstateTerrain(remote_client.AgentId)) |
157 | case "setregioninfo": | ||
158 | estateSetRegionInfoHandler(packet); | 157 | estateSetRegionInfoHandler(packet); |
159 | break; | 158 | break; |
160 | case "texturebase": | 159 | case "texturebase": |
160 | if (m_scene.PermissionsMngr.CanEditEstateTerrain(remote_client.AgentId)) | ||
161 | estateTextureBaseHandler(packet); | 161 | estateTextureBaseHandler(packet); |
162 | break; | 162 | break; |
163 | case "texturedetail": | 163 | case "texturedetail": |
164 | if (m_scene.PermissionsMngr.CanEditEstateTerrain(remote_client.AgentId)) | ||
164 | estateTextureDetailHandler(packet); | 165 | estateTextureDetailHandler(packet); |
165 | break; | 166 | break; |
166 | case "textureheights": | 167 | case "textureheights": |
168 | if (m_scene.PermissionsMngr.CanEditEstateTerrain(remote_client.AgentId)) | ||
167 | estateTextureHeightsHandler(packet); | 169 | estateTextureHeightsHandler(packet); |
168 | break; | 170 | break; |
169 | case "texturecommit": | 171 | case "texturecommit": |
170 | sendRegionHandshakeToAll(); | 172 | sendRegionHandshakeToAll(); |
171 | break; | 173 | break; |
172 | case "setregionterrain": | 174 | case "setregionterrain": |
175 | if (m_scene.PermissionsMngr.CanEditEstateTerrain(remote_client.AgentId)) | ||
173 | estateSetRegionTerrainHandler(packet); | 176 | estateSetRegionTerrainHandler(packet); |
174 | break; | 177 | break; |
175 | default: | 178 | default: |
176 | MainLog.Instance.Error("EstateOwnerMessage: Unknown method requested\n" + packet.ToString()); | 179 | MainLog.Instance.Error("EstateOwnerMessage: Unknown method requested\n" + packet.ToString()); |
177 | break; | 180 | break; |
178 | } | ||
179 | } | 181 | } |
180 | } | 182 | } |
181 | 183 | ||
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs index 0758566..2698d3f 100644 --- a/OpenSim/Region/Environment/PermissionManager.cs +++ b/OpenSim/Region/Environment/PermissionManager.cs | |||
@@ -15,35 +15,79 @@ namespace OpenSim.Region.Environment | |||
15 | { | 15 | { |
16 | protected Scene m_scene; | 16 | protected Scene m_scene; |
17 | 17 | ||
18 | // Bypasses the permissions engine (always returns OK) | ||
19 | // disable in any production environment | ||
20 | // TODO: Change this to false when permissions are a desired default | ||
21 | // TODO: Move to configuration option. | ||
22 | private bool bypassPermissions = true; | ||
23 | |||
18 | public PermissionManager(Scene scene) | 24 | public PermissionManager(Scene scene) |
19 | { | 25 | { |
20 | m_scene = scene; | 26 | m_scene = scene; |
21 | } | 27 | } |
22 | 28 | ||
23 | public delegate void OnPermissionErrorDelegate(LLUUID user, string reason); | 29 | public void DisablePermissions() |
24 | public event OnPermissionErrorDelegate OnPermissionError; | 30 | { |
31 | bypassPermissions = true; | ||
32 | } | ||
33 | |||
34 | public void EnablePermissions() | ||
35 | { | ||
36 | bypassPermissions = false; | ||
37 | } | ||
25 | 38 | ||
26 | protected virtual void SendPermissionError(LLUUID user, string reason) | 39 | protected virtual void SendPermissionError(LLUUID user, string reason) |
27 | { | 40 | { |
28 | if (OnPermissionError != null) | 41 | m_scene.EventManager.TriggerPermissionError(user, reason); |
29 | OnPermissionError(user, reason); | ||
30 | } | 42 | } |
31 | 43 | ||
32 | protected virtual bool IsAdministrator(LLUUID user) | 44 | protected virtual bool IsAdministrator(LLUUID user) |
33 | { | 45 | { |
46 | if (bypassPermissions) | ||
47 | return bypassPermissions; | ||
48 | |||
34 | return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; | 49 | return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; |
35 | } | 50 | } |
36 | 51 | ||
37 | protected virtual bool IsEstateManager(LLUUID user) | 52 | protected virtual bool IsEstateManager(LLUUID user) |
38 | { | 53 | { |
54 | if (bypassPermissions) | ||
55 | return bypassPermissions; | ||
56 | |||
39 | return false; | 57 | return false; |
40 | } | 58 | } |
41 | 59 | ||
42 | public virtual bool CanRezObject(LLUUID user, LLVector3 position) | 60 | protected virtual bool IsGridUser(LLUUID user) |
43 | { | 61 | { |
44 | return true; | 62 | return true; |
45 | } | 63 | } |
46 | 64 | ||
65 | protected virtual bool IsGuest(LLUUID user) | ||
66 | { | ||
67 | return false; | ||
68 | } | ||
69 | |||
70 | public virtual bool CanRezObject(LLUUID user, LLVector3 position) | ||
71 | { | ||
72 | bool permission = false; | ||
73 | |||
74 | string reason = "Insufficient permission"; | ||
75 | |||
76 | if (IsAdministrator(user)) | ||
77 | permission = true; | ||
78 | else | ||
79 | reason = "Not an administrator"; | ||
80 | |||
81 | if (GenericParcelPermission(user, position)) | ||
82 | permission = true; | ||
83 | else | ||
84 | reason = "Not the parcel owner"; | ||
85 | |||
86 | if (!permission) | ||
87 | SendPermissionError(user, reason); | ||
88 | |||
89 | return true; | ||
90 | } | ||
47 | 91 | ||
48 | #region Object Permissions | 92 | #region Object Permissions |
49 | 93 | ||
@@ -105,19 +149,71 @@ namespace OpenSim.Region.Environment | |||
105 | 149 | ||
106 | #endregion | 150 | #endregion |
107 | 151 | ||
152 | #region Communication Permissions | ||
153 | |||
154 | public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) | ||
155 | { | ||
156 | bool permission = false; | ||
157 | string reason = "Only registered users may communicate with another account."; | ||
158 | |||
159 | if (IsGridUser(user)) | ||
160 | permission = true; | ||
161 | |||
162 | if (!IsGridUser(user)) | ||
163 | { | ||
164 | permission = false; | ||
165 | reason = "The person that you are messaging is not a registered user."; | ||
166 | } | ||
167 | if (IsAdministrator(user)) | ||
168 | permission = true; | ||
169 | |||
170 | if (IsEstateManager(user)) | ||
171 | permission = true; | ||
172 | |||
173 | if (!permission) | ||
174 | SendPermissionError(user, reason); | ||
175 | |||
176 | return permission; | ||
177 | } | ||
178 | |||
179 | public virtual bool CanInstantMessage(LLUUID user, LLUUID target) | ||
180 | { | ||
181 | return GenericCommunicationPermission(user, target); | ||
182 | } | ||
183 | |||
184 | public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) | ||
185 | { | ||
186 | return GenericCommunicationPermission(user, target); | ||
187 | } | ||
188 | |||
189 | #endregion | ||
190 | |||
108 | public virtual bool CanEditScript(LLUUID user, LLUUID script) | 191 | public virtual bool CanEditScript(LLUUID user, LLUUID script) |
109 | { | 192 | { |
110 | return false; | 193 | return IsAdministrator(user); |
111 | } | 194 | } |
112 | 195 | ||
113 | public virtual bool CanRunScript(LLUUID user, LLUUID script) | 196 | public virtual bool CanRunScript(LLUUID user, LLUUID script) |
114 | { | 197 | { |
115 | return false; | 198 | return IsAdministrator(user); |
116 | } | 199 | } |
117 | 200 | ||
118 | public virtual bool CanTerraform(LLUUID user, LLUUID position) | 201 | public virtual bool CanTerraform(LLUUID user, LLVector3 position) |
119 | { | 202 | { |
120 | return false; | 203 | bool permission = false; |
204 | |||
205 | // Estate override | ||
206 | if (GenericEstatePermission(user)) | ||
207 | permission = true; | ||
208 | |||
209 | // Land owner can terraform too | ||
210 | if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) | ||
211 | permission = true; | ||
212 | |||
213 | if (!permission) | ||
214 | SendPermissionError(user, "Not authorized to terraform at this location."); | ||
215 | |||
216 | return permission; | ||
121 | } | 217 | } |
122 | 218 | ||
123 | #region Estate Permissions | 219 | #region Estate Permissions |
@@ -168,6 +264,11 @@ namespace OpenSim.Region.Environment | |||
168 | return permission; | 264 | return permission; |
169 | } | 265 | } |
170 | 266 | ||
267 | protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) | ||
268 | { | ||
269 | return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); | ||
270 | } | ||
271 | |||
171 | public virtual bool CanEditParcel(LLUUID user, Land parcel) | 272 | public virtual bool CanEditParcel(LLUUID user, Land parcel) |
172 | { | 273 | { |
173 | return GenericParcelPermission(user, parcel); | 274 | return GenericParcelPermission(user, parcel); |
diff --git a/OpenSim/Region/Environment/Scenes/Scene.PacketHandlers.cs b/OpenSim/Region/Environment/Scenes/Scene.PacketHandlers.cs index bba0138..cca8998 100644 --- a/OpenSim/Region/Environment/Scenes/Scene.PacketHandlers.cs +++ b/OpenSim/Region/Environment/Scenes/Scene.PacketHandlers.cs | |||
@@ -50,6 +50,12 @@ namespace OpenSim.Region.Environment.Scenes | |||
50 | /// <param name="west">Distance from the west border where the cursor is located</param> | 50 | /// <param name="west">Distance from the west border where the cursor is located</param> |
51 | public void ModifyTerrain(float height, float seconds, byte brushsize, byte action, float north, float west, IClientAPI remoteUser) | 51 | public void ModifyTerrain(float height, float seconds, byte brushsize, byte action, float north, float west, IClientAPI remoteUser) |
52 | { | 52 | { |
53 | // Do a permissions check before allowing terraforming. | ||
54 | // random users are now no longer allowed to terraform | ||
55 | // if permissions are enabled. | ||
56 | if (!PermissionsMngr.CanTerraform(remoteUser.AgentId, new LLVector3(north, west, 0))) | ||
57 | return; | ||
58 | |||
53 | // Shiny. | 59 | // Shiny. |
54 | double size = (double)(1 << brushsize); | 60 | double size = (double)(1 << brushsize); |
55 | 61 | ||
@@ -240,15 +246,18 @@ namespace OpenSim.Region.Environment.Scenes | |||
240 | } | 246 | } |
241 | if (selectedEnt != null) | 247 | if (selectedEnt != null) |
242 | { | 248 | { |
243 | List<ScenePresence> avatars = this.RequestAvatarList(); | 249 | if (PermissionsMngr.CanDeRezObject(simClient.AgentId, selectedEnt.m_uuid)) |
244 | foreach (ScenePresence avatar in avatars) | ||
245 | { | ||
246 | avatar.ControllingClient.SendKillObject(this.m_regionHandle, selectedEnt.LocalId); | ||
247 | } | ||
248 | |||
249 | lock (Entities) | ||
250 | { | 250 | { |
251 | Entities.Remove(selectedEnt.m_uuid); | 251 | List<ScenePresence> avatars = this.RequestAvatarList(); |
252 | foreach (ScenePresence avatar in avatars) | ||
253 | { | ||
254 | avatar.ControllingClient.SendKillObject(this.m_regionHandle, selectedEnt.LocalId); | ||
255 | } | ||
256 | |||
257 | lock (Entities) | ||
258 | { | ||
259 | Entities.Remove(selectedEnt.m_uuid); | ||
260 | } | ||
252 | } | 261 | } |
253 | } | 262 | } |
254 | } | 263 | } |
@@ -501,16 +510,19 @@ namespace OpenSim.Region.Environment.Scenes | |||
501 | 510 | ||
502 | public void MoveObject(LLUUID objectID, LLVector3 offset, LLVector3 pos, IClientAPI remoteClient) | 511 | public void MoveObject(LLUUID objectID, LLVector3 offset, LLVector3 pos, IClientAPI remoteClient) |
503 | { | 512 | { |
504 | bool hasPrim = false; | 513 | if (PermissionsMngr.CanEditObject(remoteClient.AgentId, objectID)) |
505 | foreach (EntityBase ent in Entities.Values) | ||
506 | { | 514 | { |
507 | if (ent is SceneObjectGroup) | 515 | bool hasPrim = false; |
516 | foreach (EntityBase ent in Entities.Values) | ||
508 | { | 517 | { |
509 | hasPrim = ((SceneObjectGroup)ent).HasChildPrim(objectID); | 518 | if (ent is SceneObjectGroup) |
510 | if (hasPrim != false) | ||
511 | { | 519 | { |
512 | ((SceneObjectGroup)ent).GrabMovement(offset, pos, remoteClient); | 520 | hasPrim = ((SceneObjectGroup)ent).HasChildPrim(objectID); |
513 | break; | 521 | if (hasPrim != false) |
522 | { | ||
523 | ((SceneObjectGroup)ent).GrabMovement(offset, pos, remoteClient); | ||
524 | break; | ||
525 | } | ||
514 | } | 526 | } |
515 | } | 527 | } |
516 | } | 528 | } |
diff --git a/OpenSim/Region/Environment/Scenes/Scene.cs b/OpenSim/Region/Environment/Scenes/Scene.cs index 6c87c5d..0fa3ab7 100644 --- a/OpenSim/Region/Environment/Scenes/Scene.cs +++ b/OpenSim/Region/Environment/Scenes/Scene.cs | |||
@@ -110,6 +110,13 @@ namespace OpenSim.Region.Environment.Scenes | |||
110 | get { return m_scriptManager; } | 110 | get { return m_scriptManager; } |
111 | } | 111 | } |
112 | 112 | ||
113 | private PermissionManager m_permissionManager; | ||
114 | |||
115 | public PermissionManager PermissionsMngr | ||
116 | { | ||
117 | get { return m_permissionManager; } | ||
118 | } | ||
119 | |||
113 | public Dictionary<LLUUID, SceneObjectGroup> Objects | 120 | public Dictionary<LLUUID, SceneObjectGroup> Objects |
114 | { | 121 | { |
115 | get { return Prims; } | 122 | get { return Prims; } |
@@ -143,10 +150,13 @@ namespace OpenSim.Region.Environment.Scenes | |||
143 | m_estateManager = new EstateManager(this, m_regInfo); | 150 | m_estateManager = new EstateManager(this, m_regInfo); |
144 | m_scriptManager = new ScriptManager(this); | 151 | m_scriptManager = new ScriptManager(this); |
145 | m_eventManager = new EventManager(); | 152 | m_eventManager = new EventManager(); |
153 | m_permissionManager = new PermissionManager(this); | ||
146 | 154 | ||
147 | m_eventManager.OnParcelPrimCountAdd += | 155 | m_eventManager.OnParcelPrimCountAdd += |
148 | m_LandManager.addPrimToLandPrimCounts; | 156 | m_LandManager.addPrimToLandPrimCounts; |
149 | 157 | ||
158 | m_eventManager.OnPermissionError += SendPermissionAlert; | ||
159 | |||
150 | MainLog.Instance.Verbose("Creating new entitities instance"); | 160 | MainLog.Instance.Verbose("Creating new entitities instance"); |
151 | Entities = new Dictionary<LLUUID, EntityBase>(); | 161 | Entities = new Dictionary<LLUUID, EntityBase>(); |
152 | Avatars = new Dictionary<LLUUID, ScenePresence>(); | 162 | Avatars = new Dictionary<LLUUID, ScenePresence>(); |
@@ -966,6 +976,12 @@ namespace OpenSim.Region.Environment.Scenes | |||
966 | #endregion | 976 | #endregion |
967 | 977 | ||
968 | #region Alert Methods | 978 | #region Alert Methods |
979 | |||
980 | void SendPermissionAlert(LLUUID user, string reason) | ||
981 | { | ||
982 | SendAlertToUser(user, reason, false); | ||
983 | } | ||
984 | |||
969 | public void SendGeneralAlert(string message) | 985 | public void SendGeneralAlert(string message) |
970 | { | 986 | { |
971 | foreach (ScenePresence presence in this.Avatars.Values) | 987 | foreach (ScenePresence presence in this.Avatars.Values) |
diff --git a/OpenSim/Region/Environment/Scenes/SceneEvents.cs b/OpenSim/Region/Environment/Scenes/SceneEvents.cs index cb5a967..050207c 100644 --- a/OpenSim/Region/Environment/Scenes/SceneEvents.cs +++ b/OpenSim/Region/Environment/Scenes/SceneEvents.cs | |||
@@ -33,7 +33,16 @@ namespace OpenSim.Region.Environment.Scenes | |||
33 | public event OnShutdownDelegate OnShutdown; | 33 | public event OnShutdownDelegate OnShutdown; |
34 | 34 | ||
35 | public delegate void ObjectGrabDelegate(uint localID, LLVector3 offsetPos, IClientAPI remoteClient); | 35 | public delegate void ObjectGrabDelegate(uint localID, LLVector3 offsetPos, IClientAPI remoteClient); |
36 | public delegate void OnPermissionErrorDelegate(LLUUID user, string reason); | ||
36 | public event ObjectGrabDelegate OnObjectGrab; | 37 | public event ObjectGrabDelegate OnObjectGrab; |
38 | public event OnPermissionErrorDelegate OnPermissionError; | ||
39 | |||
40 | |||
41 | public void TriggerPermissionError(LLUUID user, string reason) | ||
42 | { | ||
43 | if (OnPermissionError != null) | ||
44 | OnPermissionError(user, reason); | ||
45 | } | ||
37 | 46 | ||
38 | public void TriggerOnScriptConsole(string[] args) | 47 | public void TriggerOnScriptConsole(string[] args) |
39 | { | 48 | { |