Fix some permissions checks in groups

The code checked the permissions of a person being added to a role rather than those of the person doing the adding. Also, limited permission role removal wasn't implemented.
author: Melanie Thielker 2017-01-05 14:17:00 +0000
committer: Melanie Thielker 2017-01-05 14:17:00 +0000
commit: f4a51116f63ac9641f3df254fbf8001c771903df (patch)
tree: a4b92c471efb75ba9d9230d7852123e7b5bf9d18 /OpenSim/Addons
parent: Create all tables ad InnoDB by default (diff)
download: opensim-SC_OLD-f4a51116f63ac9641f3df254fbf8001c771903df.zip
opensim-SC_OLD-f4a51116f63ac9641f3df254fbf8001c771903df.tar.gz
opensim-SC_OLD-f4a51116f63ac9641f3df254fbf8001c771903df.tar.bz2
opensim-SC_OLD-f4a51116f63ac9641f3df254fbf8001c771903df.tar.xz
1 files changed, 16 insertions, 3 deletions
diff --git a/OpenSim/Addons/Groups/Service/GroupsService.cs b/OpenSim/Addons/Groups/Service/GroupsService.cs
index ae0518c..710b00a 100644
--- a/OpenSim/Addons/Groups/Service/GroupsService.cs
+++ b/OpenSim/Addons/Groups/Service/GroupsService.cs
@@ -496,7 +496,7 @@ namespace OpenSim.Groups
            if (!unlimited && limited)
            {
                // check whether person's has this role
-                RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID);
+                RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, RequestingAgentID);
                if (rolemembership == null)
                {
                    m_log.DebugFormat("[Groups]: ({0}) Attempt at assigning {1} to role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID);
@@ -516,13 +516,26 @@ namespace OpenSim.Groups
                return false;
            // check permissions
+            bool limited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMemberLimited);
            bool unlimited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMember) || IsOwner(RequestingAgentID, GroupID);
-            if (!unlimited)
+            if (!limited && !unlimited)
            {
                m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of lack of permission", RequestingAgentID, AgentID, RoleID);
                return false;
            }
+            // AssignMemberLimited means that the person can assign another person to the same roles that she has in the group
+            if (!unlimited && limited)
+            {
+                // check whether person's has this role
+                RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, RequestingAgentID);
+                if (rolemembership == null)
+                {
+                    m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID);
+                    return false;
+                }
+            }
            RoleMembershipData rolemember = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID);
            if (rolemember == null)
@@ -812,7 +825,7 @@ namespace OpenSim.Groups
            if (RoleID != UUID.Zero)
                _AddAgentToGroupRole(RequestingAgentID, AgentID, GroupID, RoleID);
-            // Make thit this active group
+            // Make this the active group
            PrincipalData pdata = new PrincipalData();
            pdata.PrincipalID = AgentID;
            pdata.ActiveGroupID = GroupID;
author	Melanie Thielker	2017-01-05 14:17:00 +0000
committer	Melanie Thielker	2017-01-05 14:17:00 +0000
commit	f4a51116f63ac9641f3df254fbf8001c771903df (patch)
tree	a4b92c471efb75ba9d9230d7852123e7b5bf9d18 /OpenSim/Addons
parent	Create all tables ad InnoDB by default (diff)
download	opensim-SC_OLD-f4a51116f63ac9641f3df254fbf8001c771903df.zip opensim-SC_OLD-f4a51116f63ac9641f3df254fbf8001c771903df.tar.gz opensim-SC_OLD-f4a51116f63ac9641f3df254fbf8001c771903df.tar.bz2 opensim-SC_OLD-f4a51116f63ac9641f3df254fbf8001c771903df.tar.xz