diff options
author | Oren Hurvitz | 2011-09-11 20:52:35 +0300 |
---|---|---|
committer | Justin Clark-Casey (justincc) | 2011-09-12 20:09:24 +0100 |
commit | 7f318277f141a73207ec64f8521ba410a5743215 (patch) | |
tree | 89849beca9ee1db46db00993b571e363355b4628 /OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | |
parent | minor: put <remarks> tags around some method doc (diff) | |
download | opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.zip opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.tar.gz opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.tar.bz2 opensim-SC_OLD-7f318277f141a73207ec64f8521ba410a5743215.tar.xz |
When creating an OAR, optionally exclude objects according to their permissions
Diffstat (limited to 'OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs')
-rw-r--r-- | OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | 89 |
1 files changed, 52 insertions, 37 deletions
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index b9bd9a4..3b661ed 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | |||
@@ -39,7 +39,7 @@ using OpenSim.Services.Interfaces; | |||
39 | 39 | ||
40 | namespace OpenSim.Region.CoreModules.World.Permissions | 40 | namespace OpenSim.Region.CoreModules.World.Permissions |
41 | { | 41 | { |
42 | public class PermissionsModule : IRegionModule | 42 | public class PermissionsModule : IRegionModule, IPermissionsModule |
43 | { | 43 | { |
44 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | 44 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); |
45 | 45 | ||
@@ -150,6 +150,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
150 | else | 150 | else |
151 | m_log.Debug("[PERMISSIONS]: Enabling all region service permission checks"); | 151 | m_log.Debug("[PERMISSIONS]: Enabling all region service permission checks"); |
152 | 152 | ||
153 | scene.RegisterModuleInterface<IPermissionsModule>(this); | ||
154 | |||
153 | //Register functions with Scene External Checks! | 155 | //Register functions with Scene External Checks! |
154 | m_scene.Permissions.OnBypassPermissions += BypassPermissions; | 156 | m_scene.Permissions.OnBypassPermissions += BypassPermissions; |
155 | m_scene.Permissions.OnSetBypassPermissions += SetBypassPermissions; | 157 | m_scene.Permissions.OnSetBypassPermissions += SetBypassPermissions; |
@@ -574,46 +576,18 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
574 | if (objectOwner != UUID.Zero) | 576 | if (objectOwner != UUID.Zero) |
575 | objectEveryoneMask |= (uint)PrimFlags.ObjectAnyOwner; | 577 | objectEveryoneMask |= (uint)PrimFlags.ObjectAnyOwner; |
576 | 578 | ||
577 | if (m_bypassPermissions) | 579 | PermissionClass permissionClass = GetPermissionClass(user, task); |
578 | return objectOwnerMask; | ||
579 | |||
580 | // Object owners should be able to edit their own content | ||
581 | if (user == objectOwner) | ||
582 | return objectOwnerMask; | ||
583 | |||
584 | if (IsFriendWithPerms(user, objectOwner)) | ||
585 | { | ||
586 | return objectOwnerMask; | ||
587 | } | ||
588 | // Estate users should be able to edit anything in the sim if RegionOwnerIsGod is set | ||
589 | if (m_RegionOwnerIsGod && IsEstateManager(user) && !IsAdministrator(objectOwner)) | ||
590 | { | ||
591 | return objectOwnerMask; | ||
592 | } | ||
593 | |||
594 | // Admin should be able to edit anything in the sim (including admin objects) | ||
595 | if (IsAdministrator(user)) | ||
596 | { | ||
597 | return objectOwnerMask; | ||
598 | } | ||
599 | 580 | ||
600 | // Users should be able to edit what is over their land. | 581 | switch (permissionClass) |
601 | Vector3 taskPos = task.AbsolutePosition; | ||
602 | ILandObject parcel = m_scene.LandChannel.GetLandObject(taskPos.X, taskPos.Y); | ||
603 | if (parcel != null && parcel.LandData.OwnerID == user && m_ParcelOwnerIsGod) | ||
604 | { | 582 | { |
605 | // Admin objects should not be editable by the above | 583 | case PermissionClass.Owner: |
606 | if (!IsAdministrator(objectOwner)) | ||
607 | { | ||
608 | return objectOwnerMask; | 584 | return objectOwnerMask; |
609 | } | 585 | case PermissionClass.Group: |
586 | return objectGroupMask | objectEveryoneMask; | ||
587 | case PermissionClass.Everyone: | ||
588 | default: | ||
589 | return objectEveryoneMask; | ||
610 | } | 590 | } |
611 | |||
612 | // Group permissions | ||
613 | if ((task.GroupID != UUID.Zero) && IsGroupMember(task.GroupID, user, 0)) | ||
614 | return objectGroupMask | objectEveryoneMask; | ||
615 | |||
616 | return objectEveryoneMask; | ||
617 | } | 591 | } |
618 | 592 | ||
619 | private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask) | 593 | private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask) |
@@ -644,6 +618,47 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
644 | return objectFlagsMask; | 618 | return objectFlagsMask; |
645 | } | 619 | } |
646 | 620 | ||
621 | public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj) | ||
622 | { | ||
623 | if (obj == null) | ||
624 | return PermissionClass.Everyone; | ||
625 | |||
626 | if (m_bypassPermissions) | ||
627 | return PermissionClass.Owner; | ||
628 | |||
629 | // Object owners should be able to edit their own content | ||
630 | UUID objectOwner = obj.OwnerID; | ||
631 | if (user == objectOwner) | ||
632 | return PermissionClass.Owner; | ||
633 | |||
634 | if (IsFriendWithPerms(user, objectOwner)) | ||
635 | return PermissionClass.Owner; | ||
636 | |||
637 | // Estate users should be able to edit anything in the sim if RegionOwnerIsGod is set | ||
638 | if (m_RegionOwnerIsGod && IsEstateManager(user) && !IsAdministrator(objectOwner)) | ||
639 | return PermissionClass.Owner; | ||
640 | |||
641 | // Admin should be able to edit anything in the sim (including admin objects) | ||
642 | if (IsAdministrator(user)) | ||
643 | return PermissionClass.Owner; | ||
644 | |||
645 | // Users should be able to edit what is over their land. | ||
646 | Vector3 taskPos = obj.AbsolutePosition; | ||
647 | ILandObject parcel = m_scene.LandChannel.GetLandObject(taskPos.X, taskPos.Y); | ||
648 | if (parcel != null && parcel.LandData.OwnerID == user && m_ParcelOwnerIsGod) | ||
649 | { | ||
650 | // Admin objects should not be editable by the above | ||
651 | if (!IsAdministrator(objectOwner)) | ||
652 | return PermissionClass.Owner; | ||
653 | } | ||
654 | |||
655 | // Group permissions | ||
656 | if ((obj.GroupID != UUID.Zero) && IsGroupMember(obj.GroupID, user, 0)) | ||
657 | return PermissionClass.Group; | ||
658 | |||
659 | return PermissionClass.Everyone; | ||
660 | } | ||
661 | |||
647 | /// <summary> | 662 | /// <summary> |
648 | /// General permissions checks for any operation involving an object. These supplement more specific checks | 663 | /// General permissions checks for any operation involving an object. These supplement more specific checks |
649 | /// implemented by callers. | 664 | /// implemented by callers. |