When creating an OAR, optionally exclude objects according to their permissions

author: Oren Hurvitz 2011-09-11 20:52:35 +0300
committer: Justin Clark-Casey (justincc) 2011-09-12 20:09:24 +0100
commit: 7f318277f141a73207ec64f8521ba410a5743215 (patch)
tree: 89849beca9ee1db46db00993b571e363355b4628 /OpenSim/Region/CoreModules/World/Archiver
parent: minor: put <remarks> tags around some method doc (diff)
download: opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.zip
opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.tar.gz
opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.tar.bz2
opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.tar.xz
2 files changed, 104 insertions, 3 deletions
diff --git a/OpenSim/Region/CoreModules/World/Archiver/ArchiveWriteRequestPreparation.cs b/OpenSim/Region/CoreModules/World/Archiver/ArchiveWriteRequestPreparation.cs
index 10a83ee..b895afe 100644
--- a/OpenSim/Region/CoreModules/World/Archiver/ArchiveWriteRequestPreparation.cs
+++ b/OpenSim/Region/CoreModules/World/Archiver/ArchiveWriteRequestPreparation.cs
@@ -127,6 +127,12 @@ namespace OpenSim.Region.CoreModules.World.Archiver
    
                EntityBase[] entities = m_scene.GetEntities();
                List<SceneObjectGroup> sceneObjects = new List<SceneObjectGroup>();
+                string checkPermissions = null;
+                int numObjectsSkippedPermissions = 0;
+                Object temp;
+                if (options.TryGetValue("checkPermissions", out temp))
+                    checkPermissions = (string)temp;
         
                // Filter entities so that we only have scene objects.
                // FIXME: Would be nicer to have this as a proper list in SceneGraph, since lots of methods
@@ -136,9 +142,19 @@ namespace OpenSim.Region.CoreModules.World.Archiver
                    if (entity is SceneObjectGroup)
                    {
                        SceneObjectGroup sceneObject = (SceneObjectGroup)entity;
-                        
                        if (!sceneObject.IsDeleted && !sceneObject.IsAttachment)
-                            sceneObjects.Add((SceneObjectGroup)entity);
+                        {
+                            if (!CanUserArchiveObject(m_scene.RegionInfo.EstateSettings.EstateOwner, sceneObject, checkPermissions))
+                            {
+                                // The user isn't allowed to copy/transfer this object, so it will not be included in the OAR.
+                                ++numObjectsSkippedPermissions;
+                            }
+                            else
+                            {
+                                sceneObjects.Add(sceneObject);
+                            }
+                        }
                    }
                }
@@ -159,7 +175,14 @@ namespace OpenSim.Region.CoreModules.World.Archiver
                {
                    m_log.DebugFormat("[ARCHIVER]: Not saving assets since --noassets was specified");
                }
-                
+                if (numObjectsSkippedPermissions > 0)
+                {
+                    m_log.DebugFormat(
+                        "[ARCHIVER]: {0} scene objects skipped due to lack of permissions",
+                        numObjectsSkippedPermissions);
+                }
                // Make sure that we also request terrain texture assets
                RegionSettings regionSettings = m_scene.RegionInfo.RegionSettings;
    
@@ -211,6 +234,83 @@ namespace OpenSim.Region.CoreModules.World.Archiver
        }
        /// <summary>
+        /// Checks whether the user has permission to export an object group to an OAR.
+        /// </summary>
+        /// <param name="user">The user</param>
+        /// <param name="objGroup">The object group</param>
+        /// <param name="checkPermissions">Which permissions to check: "C" = Copy, "T" = Transfer</param>
+        /// <returns>Whether the user is allowed to export the object to an OAR</returns>
+        private bool CanUserArchiveObject(UUID user, SceneObjectGroup objGroup, string checkPermissions)
+        {
+            if (checkPermissions == null)
+                return true;
+            IPermissionsModule module = m_scene.RequestModuleInterface<IPermissionsModule>();
+            if (module == null)
+                return true;    // this shouldn't happen
+            // Check whether the user is permitted to export all of the parts in the SOG. If any
+            // part can't be exported then the entire SOG can't be exported.
+            bool permitted = true;
+            //int primNumber = 1;
+            foreach (SceneObjectPart obj in objGroup.Parts)
+            {
+                uint perm;
+                PermissionClass permissionClass = module.GetPermissionClass(user, obj);
+                switch (permissionClass)
+                {
+                    case PermissionClass.Owner:
+                        perm = obj.BaseMask;
+                        break;
+                    case PermissionClass.Group:
+                        perm = obj.GroupMask | obj.EveryoneMask;
+                        break;
+                    case PermissionClass.Everyone:
+                    default:
+                        perm = obj.EveryoneMask;
+                        break;
+                }
+                bool canCopy = (perm & (uint)PermissionMask.Copy) != 0;
+                bool canTransfer = (perm & (uint)PermissionMask.Transfer) != 0;
+                // Special case: if Everyone can copy the object then this implies it can also be
+                // Transferred.
+                // However, if the user is the Owner then we don't check EveryoneMask, because it seems that the mask
+                // always (incorrectly) includes the Copy bit set in this case. But that's a mistake: the viewer
+                // does NOT show that the object has Everyone-Copy permissions, and doesn't allow it to be copied.
+                if (permissionClass != PermissionClass.Owner)
+                {
+                    canTransfer |= (obj.EveryoneMask & (uint)PermissionMask.Copy) != 0;
+                }
+                bool partPermitted = true;
+                if (checkPermissions.Contains("C") && !canCopy)
+                    partPermitted = false;
+                if (checkPermissions.Contains("T") && !canTransfer)
+                    partPermitted = false;
+                //string name = (objGroup.PrimCount == 1) ? objGroup.Name : string.Format("{0} ({1}/{2})", obj.Name, primNumber, objGroup.PrimCount);
+                //m_log.DebugFormat("[ARCHIVER]: Object permissions: {0}: Base={1:X4}, Owner={2:X4}, Everyone={3:X4}, permissionClass={4}, checkPermissions={5}, canCopy={6}, canTransfer={7}, permitted={8}",
+                //    name, obj.BaseMask, obj.OwnerMask, obj.EveryoneMask,
+                //    permissionClass, checkPermissions, canCopy, canTransfer, permitted);
+                if (!partPermitted)
+                {
+                    permitted = false;
+                    break;
+                }
+                //++primNumber;
+            }
+            return permitted;
+        }
+        /// <summary>
        /// Create the control file for the most up to date archive
        /// </summary>
        /// <returns></returns>
diff --git a/OpenSim/Region/CoreModules/World/Archiver/ArchiverModule.cs b/OpenSim/Region/CoreModules/World/Archiver/ArchiverModule.cs
index 08eb80c..f44a3ba 100644
--- a/OpenSim/Region/CoreModules/World/Archiver/ArchiverModule.cs
+++ b/OpenSim/Region/CoreModules/World/Archiver/ArchiverModule.cs
@@ -128,6 +128,7 @@ namespace OpenSim.Region.CoreModules.World.Archiver
 //            ops.Add("v|version=", delegate(string v) { options["version"] = v; });
            ops.Add("p|profile=", delegate(string v) { options["profile"] = v; });
            ops.Add("noassets", delegate(string v) { options["noassets"] = v != null; });
+            ops.Add("perm=", delegate(string v) { options["checkPermissions"] = v; });
            List<string> mainParams = ops.Parse(cmdparams);
author	Oren Hurvitz	2011-09-11 20:52:35 +0300
committer	Justin Clark-Casey (justincc)	2011-09-12 20:09:24 +0100
commit	7f318277f141a73207ec64f8521ba410a5743215 (patch)
tree	89849beca9ee1db46db00993b571e363355b4628 /OpenSim/Region/CoreModules/World/Archiver
parent	minor: put <remarks> tags around some method doc (diff)
download	opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.zip opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.tar.gz opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.tar.bz2 opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.tar.xz

diff --git a/OpenSim/Region/CoreModules/World/Archiver/ArchiveWriteRequestPreparation.cs b/OpenSim/Region/CoreModules/World/Archiver/ArchiveWriteRequestPreparation.cs index 10a83ee..b895afe 100644 --- a/OpenSim/Region/CoreModules/World/Archiver/ArchiveWriteRequestPreparation.cs +++ b/OpenSim/Region/CoreModules/World/Archiver/ArchiveWriteRequestPreparation.cs
@@ -127,6 +127,12 @@ namespace OpenSim.Region.CoreModules.World.Archiver
127		127
128	EntityBase[] entities = m_scene.GetEntities();	128	EntityBase[] entities = m_scene.GetEntities();
129	List<SceneObjectGroup> sceneObjects = new List<SceneObjectGroup>();	129	List<SceneObjectGroup> sceneObjects = new List<SceneObjectGroup>();
		130
		131	string checkPermissions = null;
		132	int numObjectsSkippedPermissions = 0;
		133	Object temp;
		134	if (options.TryGetValue("checkPermissions", out temp))
		135	checkPermissions = (string)temp;
130		136
131	// Filter entities so that we only have scene objects.	137	// Filter entities so that we only have scene objects.
132	// FIXME: Would be nicer to have this as a proper list in SceneGraph, since lots of methods	138	// FIXME: Would be nicer to have this as a proper list in SceneGraph, since lots of methods
@@ -136,9 +142,19 @@ namespace OpenSim.Region.CoreModules.World.Archiver
136	if (entity is SceneObjectGroup)	142	if (entity is SceneObjectGroup)
137	{	143	{
138	SceneObjectGroup sceneObject = (SceneObjectGroup)entity;	144	SceneObjectGroup sceneObject = (SceneObjectGroup)entity;
139		145
140	if (!sceneObject.IsDeleted && !sceneObject.IsAttachment)	146	if (!sceneObject.IsDeleted && !sceneObject.IsAttachment)
141	sceneObjects.Add((SceneObjectGroup)entity);	147	{
		148	if (!CanUserArchiveObject(m_scene.RegionInfo.EstateSettings.EstateOwner, sceneObject, checkPermissions))
		149	{
		150	// The user isn't allowed to copy/transfer this object, so it will not be included in the OAR.
		151	++numObjectsSkippedPermissions;
		152	}
		153	else
		154	{
		155	sceneObjects.Add(sceneObject);
		156	}
		157	}
142	}	158	}
143	}	159	}
144		160
@@ -159,7 +175,14 @@ namespace OpenSim.Region.CoreModules.World.Archiver
159	{	175	{
160	m_log.DebugFormat("[ARCHIVER]: Not saving assets since --noassets was specified");	176	m_log.DebugFormat("[ARCHIVER]: Not saving assets since --noassets was specified");
161	}	177	}
162		178
		179	if (numObjectsSkippedPermissions > 0)
		180	{
		181	m_log.DebugFormat(
		182	"[ARCHIVER]: {0} scene objects skipped due to lack of permissions",
		183	numObjectsSkippedPermissions);
		184	}
		185
163	// Make sure that we also request terrain texture assets	186	// Make sure that we also request terrain texture assets
164	RegionSettings regionSettings = m_scene.RegionInfo.RegionSettings;	187	RegionSettings regionSettings = m_scene.RegionInfo.RegionSettings;
165		188
@@ -211,6 +234,83 @@ namespace OpenSim.Region.CoreModules.World.Archiver
211	}	234	}
212		235
213	/// <summary>	236	/// <summary>
		237	/// Checks whether the user has permission to export an object group to an OAR.
		238	/// </summary>
		239	/// <param name="user">The user</param>
		240	/// <param name="objGroup">The object group</param>
		241	/// <param name="checkPermissions">Which permissions to check: "C" = Copy, "T" = Transfer</param>
		242	/// <returns>Whether the user is allowed to export the object to an OAR</returns>
		243	private bool CanUserArchiveObject(UUID user, SceneObjectGroup objGroup, string checkPermissions)
		244	{
		245	if (checkPermissions == null)
		246	return true;
		247
		248	IPermissionsModule module = m_scene.RequestModuleInterface<IPermissionsModule>();
		249	if (module == null)
		250	return true; // this shouldn't happen
		251
		252	// Check whether the user is permitted to export all of the parts in the SOG. If any
		253	// part can't be exported then the entire SOG can't be exported.
		254
		255	bool permitted = true;
		256	//int primNumber = 1;
		257
		258	foreach (SceneObjectPart obj in objGroup.Parts)
		259	{
		260	uint perm;
		261	PermissionClass permissionClass = module.GetPermissionClass(user, obj);
		262	switch (permissionClass)
		263	{
		264	case PermissionClass.Owner:
		265	perm = obj.BaseMask;
		266	break;
		267	case PermissionClass.Group:
		268	perm = obj.GroupMask \| obj.EveryoneMask;
		269	break;
		270	case PermissionClass.Everyone:
		271	default:
		272	perm = obj.EveryoneMask;
		273	break;
		274	}
		275
		276	bool canCopy = (perm & (uint)PermissionMask.Copy) != 0;
		277	bool canTransfer = (perm & (uint)PermissionMask.Transfer) != 0;
		278
		279	// Special case: if Everyone can copy the object then this implies it can also be
		280	// Transferred.
		281	// However, if the user is the Owner then we don't check EveryoneMask, because it seems that the mask
		282	// always (incorrectly) includes the Copy bit set in this case. But that's a mistake: the viewer
		283	// does NOT show that the object has Everyone-Copy permissions, and doesn't allow it to be copied.
		284	if (permissionClass != PermissionClass.Owner)
		285	{
		286	canTransfer \|= (obj.EveryoneMask & (uint)PermissionMask.Copy) != 0;
		287	}
		288
		289
		290	bool partPermitted = true;
		291	if (checkPermissions.Contains("C") && !canCopy)
		292	partPermitted = false;
		293	if (checkPermissions.Contains("T") && !canTransfer)
		294	partPermitted = false;
		295
		296	//string name = (objGroup.PrimCount == 1) ? objGroup.Name : string.Format("{0} ({1}/{2})", obj.Name, primNumber, objGroup.PrimCount);
		297	//m_log.DebugFormat("[ARCHIVER]: Object permissions: {0}: Base={1:X4}, Owner={2:X4}, Everyone={3:X4}, permissionClass={4}, checkPermissions={5}, canCopy={6}, canTransfer={7}, permitted={8}",
		298	// name, obj.BaseMask, obj.OwnerMask, obj.EveryoneMask,
		299	// permissionClass, checkPermissions, canCopy, canTransfer, permitted);
		300
		301	if (!partPermitted)
		302	{
		303	permitted = false;
		304	break;
		305	}
		306
		307	//++primNumber;
		308	}
		309
		310	return permitted;
		311	}
		312
		313	/// <summary>
214	/// Create the control file for the most up to date archive	314	/// Create the control file for the most up to date archive
215	/// </summary>	315	/// </summary>
216	/// <returns></returns>	316	/// <returns></returns>


diff --git a/OpenSim/Region/CoreModules/World/Archiver/ArchiverModule.cs b/OpenSim/Region/CoreModules/World/Archiver/ArchiverModule.cs index 08eb80c..f44a3ba 100644 --- a/OpenSim/Region/CoreModules/World/Archiver/ArchiverModule.cs +++ b/OpenSim/Region/CoreModules/World/Archiver/ArchiverModule.cs
@@ -128,6 +128,7 @@ namespace OpenSim.Region.CoreModules.World.Archiver
128	// ops.Add("v\|version=", delegate(string v) { options["version"] = v; });	128	// ops.Add("v\|version=", delegate(string v) { options["version"] = v; });
129	ops.Add("p\|profile=", delegate(string v) { options["profile"] = v; });	129	ops.Add("p\|profile=", delegate(string v) { options["profile"] = v; });
130	ops.Add("noassets", delegate(string v) { options["noassets"] = v != null; });	130	ops.Add("noassets", delegate(string v) { options["noassets"] = v != null; });
		131	ops.Add("perm=", delegate(string v) { options["checkPermissions"] = v; });
131		132
132	List<string> mainParams = ops.Parse(cmdparams);	133	List<string> mainParams = ops.Parse(cmdparams);
133		134