diff options
author | UbitUmarov | 2017-01-17 14:30:20 +0000 |
---|---|---|
committer | UbitUmarov | 2017-01-17 14:30:20 +0000 |
commit | 06bca0388f303067c592e59d38c4bd885d1baa51 (patch) | |
tree | f0d6c9a8599d23a55c7836849c2ca12787feac61 | |
parent | add more calls to effective permissions aggregation, some paths may still be ... (diff) | |
download | opensim-SC_OLD-06bca0388f303067c592e59d38c4bd885d1baa51.zip opensim-SC_OLD-06bca0388f303067c592e59d38c4bd885d1baa51.tar.gz opensim-SC_OLD-06bca0388f303067c592e59d38c4bd885d1baa51.tar.bz2 opensim-SC_OLD-06bca0388f303067c592e59d38c4bd885d1baa51.tar.xz |
Permissions module: add GetObjectPermissions() that should replace GenericObjectPermission
-rw-r--r-- | OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | 78 |
1 files changed, 77 insertions, 1 deletions
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index dcf0c00..57288dc 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | |||
@@ -76,7 +76,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
76 | //private uint PERM_MODIFY = (uint)16384; | 76 | //private uint PERM_MODIFY = (uint)16384; |
77 | private uint PERM_MOVE = (uint)524288; | 77 | private uint PERM_MOVE = (uint)524288; |
78 | private uint PERM_TRANS = (uint)8192; | 78 | private uint PERM_TRANS = (uint)8192; |
79 | private uint PERM_LOCKED = (uint)540672; | 79 | // private uint PERM_LOCKED = (uint)540672; |
80 | private uint PERM_LOCKED = (uint)524288; // same as move | ||
80 | 81 | ||
81 | /// <value> | 82 | /// <value> |
82 | /// Different user set names that come in from the configuration file. | 83 | /// Different user set names that come in from the configuration file. |
@@ -479,6 +480,23 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
479 | 480 | ||
480 | return false; | 481 | return false; |
481 | } | 482 | } |
483 | |||
484 | protected bool GroupMemberPowers(UUID groupID, UUID userID, ref ulong powers) | ||
485 | { | ||
486 | powers = 0; | ||
487 | if (null == GroupsModule) | ||
488 | return false; | ||
489 | |||
490 | GroupMembershipData gmd = GroupsModule.GetMembershipData(groupID, userID); | ||
491 | |||
492 | if (gmd != null) | ||
493 | { | ||
494 | powers = gmd.GroupPowers; | ||
495 | return true; | ||
496 | } | ||
497 | return false; | ||
498 | } | ||
499 | |||
482 | /* | 500 | /* |
483 | private bool CheckGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask) | 501 | private bool CheckGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask) |
484 | { | 502 | { |
@@ -863,6 +881,64 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
863 | /// <param name="objId">This is a scene object group UUID</param> | 881 | /// <param name="objId">This is a scene object group UUID</param> |
864 | /// <param name="denyOnLocked"></param> | 882 | /// <param name="denyOnLocked"></param> |
865 | /// <returns></returns> | 883 | /// <returns></returns> |
884 | protected uint GetObjectPermissions(UUID currentUser, UUID objId, bool denyOnLocked) | ||
885 | { | ||
886 | SceneObjectPart part = m_scene.GetSceneObjectPart(objId); | ||
887 | if (part == null) | ||
888 | return 0; | ||
889 | |||
890 | // Admin should be able to edit anything in the sim (including admin objects) | ||
891 | if (IsAdministrator(currentUser)) | ||
892 | return (uint)PermissionMask.AllEffective; | ||
893 | |||
894 | SceneObjectGroup group = part.ParentGroup; | ||
895 | SceneObjectPart root = group.RootPart; | ||
896 | if (root == null) | ||
897 | return 0; | ||
898 | |||
899 | UUID objectOwner = group.OwnerID; | ||
900 | bool locked = denyOnLocked && ((root.OwnerMask & PERM_LOCKED) == 0); | ||
901 | |||
902 | uint lockmask = (uint)PermissionMask.AllEffective; | ||
903 | if(locked) | ||
904 | lockmask = (uint)PermissionMask.Move; | ||
905 | |||
906 | if (currentUser == objectOwner) | ||
907 | return group.EffectiveOwnerPerms & lockmask; | ||
908 | |||
909 | if (group.IsAttachment) | ||
910 | return 0; | ||
911 | |||
912 | // Friends with benefits should be able to edit the objects too | ||
913 | if (IsFriendWithPerms(currentUser, objectOwner)) | ||
914 | return group.EffectiveOwnerPerms & lockmask; | ||
915 | |||
916 | UUID sogGroupID = group.GroupID; | ||
917 | if (sogGroupID != UUID.Zero) | ||
918 | { | ||
919 | ulong powers = 0; | ||
920 | if(GroupMemberPowers(sogGroupID, currentUser, ref powers)) | ||
921 | { | ||
922 | if(sogGroupID == objectOwner) | ||
923 | { | ||
924 | if((powers & (ulong)GroupPowers.ObjectManipulate) != 0) | ||
925 | return group.EffectiveOwnerPerms & lockmask; | ||
926 | } | ||
927 | return group.EffectiveGroupOrEveryOnePerms & lockmask; | ||
928 | } | ||
929 | } | ||
930 | |||
931 | return group.EffectiveEveryOnePerms & lockmask; | ||
932 | } | ||
933 | |||
934 | /// <summary> | ||
935 | /// General permissions checks for any operation involving an object. These supplement more specific checks | ||
936 | /// implemented by callers. | ||
937 | /// </summary> | ||
938 | /// <param name="currentUser"></param> | ||
939 | /// <param name="objId">This is a scene object group UUID</param> | ||
940 | /// <param name="denyOnLocked"></param> | ||
941 | /// <returns></returns> | ||
866 | protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked) | 942 | protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked) |
867 | { | 943 | { |
868 | // Default: deny | 944 | // Default: deny |