aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/CoreModules/World/Permissions
diff options
context:
space:
mode:
authoronefang2019-05-19 21:24:15 +1000
committeronefang2019-05-19 21:24:15 +1000
commit5e4d6cab00cb29cd088ab7b62ab13aff103b64cb (patch)
treea9fbc62df9eb2d1d9ba2698d8552eae71eca20d8 /OpenSim/Region/CoreModules/World/Permissions
parentAdd a build script. (diff)
downloadopensim-SC_OLD-5e4d6cab00cb29cd088ab7b62ab13aff103b64cb.zip
opensim-SC_OLD-5e4d6cab00cb29cd088ab7b62ab13aff103b64cb.tar.gz
opensim-SC_OLD-5e4d6cab00cb29cd088ab7b62ab13aff103b64cb.tar.bz2
opensim-SC_OLD-5e4d6cab00cb29cd088ab7b62ab13aff103b64cb.tar.xz
Dump OpenSim 0.9.0.1 into it's own branch.
Diffstat (limited to 'OpenSim/Region/CoreModules/World/Permissions')
-rw-r--r--OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs2054
1 files changed, 1357 insertions, 697 deletions
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
index 780ec69..45c1c56 100644
--- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
@@ -43,12 +43,13 @@ using PermissionMask = OpenSim.Framework.PermissionMask;
43 43
44namespace OpenSim.Region.CoreModules.World.Permissions 44namespace OpenSim.Region.CoreModules.World.Permissions
45{ 45{
46 [Extension(Path = "/OpenSim/RegionModules", NodeName = "RegionModule", Id = "PermissionsModule")] 46 [Extension(Path = "/OpenSim/RegionModules", NodeName = "RegionModule", Id = "DefaultPermissionsModule")]
47 public class PermissionsModule : INonSharedRegionModule, IPermissionsModule 47 public class DefaultPermissionsModule : INonSharedRegionModule, IPermissionsModule
48 { 48 {
49 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); 49 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
50 50
51 protected Scene m_scene; 51 protected Scene m_scene;
52 protected ScenePermissions scenePermissions;
52 protected bool m_Enabled; 53 protected bool m_Enabled;
53 54
54 private InventoryFolderImpl m_libraryRootFolder; 55 private InventoryFolderImpl m_libraryRootFolder;
@@ -69,15 +70,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
69 } 70 }
70 71
71 #region Constants 72 #region Constants
72 // These are here for testing. They will be taken out
73
74 //private uint PERM_ALL = (uint)2147483647;
75 private uint PERM_COPY = (uint)32768;
76 //private uint PERM_MODIFY = (uint)16384;
77 private uint PERM_MOVE = (uint)524288;
78 private uint PERM_TRANS = (uint)8192;
79 private uint PERM_LOCKED = (uint)540672;
80
81 /// <value> 73 /// <value>
82 /// Different user set names that come in from the configuration file. 74 /// Different user set names that come in from the configuration file.
83 /// </value> 75 /// </value>
@@ -96,12 +88,12 @@ namespace OpenSim.Region.CoreModules.World.Permissions
96 private bool m_bypassPermissionsValue = true; 88 private bool m_bypassPermissionsValue = true;
97 private bool m_propagatePermissions = false; 89 private bool m_propagatePermissions = false;
98 private bool m_debugPermissions = false; 90 private bool m_debugPermissions = false;
99 private bool m_allowGridGods = false; 91 private bool m_allowGridAdmins = false;
100 private bool m_RegionOwnerIsGod = false; 92 private bool m_RegionOwnerIsAdmin = false;
101 private bool m_RegionManagerIsGod = false; 93 private bool m_RegionManagerIsAdmin = false;
102 private bool m_ParcelOwnerIsGod = false; 94 private bool m_forceGridAdminsOnly;
103 95 private bool m_forceAdminModeAlwaysOn;
104 private bool m_SimpleBuildPermissions = false; 96 private bool m_allowAdminActionsWithoutGodMode;
105 97
106 /// <value> 98 /// <value>
107 /// The set of users that are allowed to create scripts. This is only active if permissions are not being 99 /// The set of users that are allowed to create scripts. This is only active if permissions are not being
@@ -110,17 +102,17 @@ namespace OpenSim.Region.CoreModules.World.Permissions
110 private UserSet m_allowedScriptCreators = UserSet.All; 102 private UserSet m_allowedScriptCreators = UserSet.All;
111 103
112 /// <value> 104 /// <value>
113 /// The set of users that are allowed to edit (save) scripts. This is only active if 105 /// The set of users that are allowed to edit (save) scripts. This is only active if
114 /// permissions are not being bypassed. This overrides normal permissions.- 106 /// permissions are not being bypassed. This overrides normal permissions.-
115 /// </value> 107 /// </value>
116 private UserSet m_allowedScriptEditors = UserSet.All; 108 private UserSet m_allowedScriptEditors = UserSet.All;
117 109
118 private Dictionary<string, bool> GrantLSL = new Dictionary<string, bool>(); 110 private Dictionary<string, bool> GrantLSL = new Dictionary<string, bool>();
119 private Dictionary<string, bool> GrantCS = new Dictionary<string, bool>(); 111 private Dictionary<string, bool> GrantCS = new Dictionary<string, bool>();
120 private Dictionary<string, bool> GrantVB = new Dictionary<string, bool>(); 112 private Dictionary<string, bool> GrantVB = new Dictionary<string, bool>();
121 private Dictionary<string, bool> GrantJS = new Dictionary<string, bool>(); 113 private Dictionary<string, bool> GrantJS = new Dictionary<string, bool>();
122 private Dictionary<string, bool> GrantYP = new Dictionary<string, bool>(); 114 private Dictionary<string, bool> GrantYP = new Dictionary<string, bool>();
123 115
124 private IFriendsModule m_friendsModule; 116 private IFriendsModule m_friendsModule;
125 private IFriendsModule FriendsModule 117 private IFriendsModule FriendsModule
126 { 118 {
@@ -168,21 +160,25 @@ namespace OpenSim.Region.CoreModules.World.Permissions
168 160
169 m_Enabled = true; 161 m_Enabled = true;
170 162
171 m_allowGridGods = Util.GetConfigVarFromSections<bool>(config, "allow_grid_gods", 163 string[] sections = new string[] { "Startup", "Permissions" };
172 new string[] { "Startup", "Permissions" }, false); 164
173 m_bypassPermissions = !Util.GetConfigVarFromSections<bool>(config, "serverside_object_permissions", 165 m_allowGridAdmins = Util.GetConfigVarFromSections<bool>(config, "allow_grid_gods", sections, false);
174 new string[] { "Startup", "Permissions" }, true); 166 m_bypassPermissions = !Util.GetConfigVarFromSections<bool>(config, "serverside_object_permissions", sections, true);
175 m_propagatePermissions = Util.GetConfigVarFromSections<bool>(config, "propagate_permissions", 167 m_propagatePermissions = Util.GetConfigVarFromSections<bool>(config, "propagate_permissions", sections, true);
176 new string[] { "Startup", "Permissions" }, true); 168
177 m_RegionOwnerIsGod = Util.GetConfigVarFromSections<bool>(config, "region_owner_is_god", 169 m_forceGridAdminsOnly = Util.GetConfigVarFromSections<bool>(config, "force_grid_gods_only", sections, false);
178 new string[] { "Startup", "Permissions" }, true); 170 if(!m_forceGridAdminsOnly)
179 m_RegionManagerIsGod = Util.GetConfigVarFromSections<bool>(config, "region_manager_is_god", 171 {
180 new string[] { "Startup", "Permissions" }, false); 172 m_RegionOwnerIsAdmin = Util.GetConfigVarFromSections<bool>(config, "region_owner_is_god",sections, true);
181 m_ParcelOwnerIsGod = Util.GetConfigVarFromSections<bool>(config, "parcel_owner_is_god", 173 m_RegionManagerIsAdmin = Util.GetConfigVarFromSections<bool>(config, "region_manager_is_god",sections, false);
182 new string[] { "Startup", "Permissions" }, true); 174 }
183 175 else
184 m_SimpleBuildPermissions = Util.GetConfigVarFromSections<bool>(config, "simple_build_permissions", 176 m_allowGridAdmins = true;
185 new string[] { "Startup", "Permissions" }, false); 177
178 m_forceAdminModeAlwaysOn = Util.GetConfigVarFromSections<bool>(config, "automatic_gods", sections, false);
179 m_allowAdminActionsWithoutGodMode = Util.GetConfigVarFromSections<bool>(config, "implicit_gods", sections, false);
180 if(m_allowAdminActionsWithoutGodMode)
181 m_forceAdminModeAlwaysOn = false;
186 182
187 m_allowedScriptCreators 183 m_allowedScriptCreators
188 = ParseUserSetConfigSetting(config, "allowed_script_creators", m_allowedScriptCreators); 184 = ParseUserSetConfigSetting(config, "allowed_script_creators", m_allowedScriptCreators);
@@ -206,7 +202,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
206 } 202 }
207 203
208 grant = Util.GetConfigVarFromSections<string>(config, "GrantCS", 204 grant = Util.GetConfigVarFromSections<string>(config, "GrantCS",
209 new string[] { "Startup", "Permissions" }, string.Empty); 205 new string[] { "Startup", "Permissions" }, string.Empty);
210 if (grant.Length > 0) 206 if (grant.Length > 0)
211 { 207 {
212 foreach (string uuidl in grant.Split(',')) 208 foreach (string uuidl in grant.Split(','))
@@ -258,61 +254,79 @@ namespace OpenSim.Region.CoreModules.World.Permissions
258 m_scene = scene; 254 m_scene = scene;
259 255
260 scene.RegisterModuleInterface<IPermissionsModule>(this); 256 scene.RegisterModuleInterface<IPermissionsModule>(this);
257 scenePermissions = m_scene.Permissions;
261 258
262 //Register functions with Scene External Checks! 259 //Register functions with Scene External Checks!
263 m_scene.Permissions.OnBypassPermissions += BypassPermissions; 260 scenePermissions.OnBypassPermissions += BypassPermissions;
264 m_scene.Permissions.OnSetBypassPermissions += SetBypassPermissions; 261 scenePermissions.OnSetBypassPermissions += SetBypassPermissions;
265 m_scene.Permissions.OnPropagatePermissions += PropagatePermissions; 262 scenePermissions.OnPropagatePermissions += PropagatePermissions;
266 m_scene.Permissions.OnGenerateClientFlags += GenerateClientFlags; 263
267 m_scene.Permissions.OnAbandonParcel += CanAbandonParcel; 264 scenePermissions.OnIsGridGod += IsGridAdministrator;
268 m_scene.Permissions.OnReclaimParcel += CanReclaimParcel; 265 scenePermissions.OnIsAdministrator += IsAdministrator;
269 m_scene.Permissions.OnDeedParcel += CanDeedParcel; 266 scenePermissions.OnIsEstateManager += IsEstateManager;
270 m_scene.Permissions.OnDeedObject += CanDeedObject; 267
271 m_scene.Permissions.OnIsGod += IsGod; 268 scenePermissions.OnGenerateClientFlags += GenerateClientFlags;
272 m_scene.Permissions.OnIsGridGod += IsGridGod; 269
273 m_scene.Permissions.OnIsAdministrator += IsAdministrator; 270 scenePermissions.OnIssueEstateCommand += CanIssueEstateCommand;
274 m_scene.Permissions.OnDuplicateObject += CanDuplicateObject; 271 scenePermissions.OnRunConsoleCommand += CanRunConsoleCommand;
275 m_scene.Permissions.OnDeleteObject += CanDeleteObject; 272
276 m_scene.Permissions.OnEditObject += CanEditObject; 273 scenePermissions.OnTeleport += CanTeleport;
277 m_scene.Permissions.OnEditParcelProperties += CanEditParcelProperties; 274
278 m_scene.Permissions.OnInstantMessage += CanInstantMessage; 275 scenePermissions.OnInstantMessage += CanInstantMessage;
279 m_scene.Permissions.OnInventoryTransfer += CanInventoryTransfer; 276
280 m_scene.Permissions.OnIssueEstateCommand += CanIssueEstateCommand; 277 scenePermissions.OnAbandonParcel += CanAbandonParcel;
281 m_scene.Permissions.OnMoveObject += CanMoveObject; 278 scenePermissions.OnReclaimParcel += CanReclaimParcel;
282 m_scene.Permissions.OnObjectEntry += CanObjectEntry; 279 scenePermissions.OnDeedParcel += CanDeedParcel;
283 m_scene.Permissions.OnReturnObjects += CanReturnObjects; 280 scenePermissions.OnSellParcel += CanSellParcel;
284 m_scene.Permissions.OnRezObject += CanRezObject; 281 scenePermissions.OnEditParcelProperties += CanEditParcelProperties;
285 m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand; 282 scenePermissions.OnTerraformLand += CanTerraformLand;
286 m_scene.Permissions.OnRunScript += CanRunScript; 283 scenePermissions.OnBuyLand += CanBuyLand;
287 m_scene.Permissions.OnCompileScript += CanCompileScript; 284
288 m_scene.Permissions.OnSellParcel += CanSellParcel; 285 scenePermissions.OnReturnObjects += CanReturnObjects;
289 m_scene.Permissions.OnTakeObject += CanTakeObject; 286
290 m_scene.Permissions.OnTakeCopyObject += CanTakeCopyObject; 287 scenePermissions.OnRezObject += CanRezObject;
291 m_scene.Permissions.OnTerraformLand += CanTerraformLand; 288 scenePermissions.OnObjectEntry += CanObjectEntry;
292 m_scene.Permissions.OnLinkObject += CanLinkObject; 289 scenePermissions.OnObjectEnterWithScripts += OnObjectEnterWithScripts;
293 m_scene.Permissions.OnDelinkObject += CanDelinkObject; 290
294 m_scene.Permissions.OnBuyLand += CanBuyLand; 291 scenePermissions.OnDuplicateObject += CanDuplicateObject;
295 292 scenePermissions.OnDeleteObjectByIDs += CanDeleteObjectByIDs;
296 m_scene.Permissions.OnViewNotecard += CanViewNotecard; 293 scenePermissions.OnDeleteObject += CanDeleteObject;
297 m_scene.Permissions.OnViewScript += CanViewScript; 294 scenePermissions.OnEditObjectByIDs += CanEditObjectByIDs;
298 m_scene.Permissions.OnEditNotecard += CanEditNotecard; 295 scenePermissions.OnEditObject += CanEditObject;
299 m_scene.Permissions.OnEditScript += CanEditScript; 296 scenePermissions.OnEditObjectPerms += CanEditObjectPerms;
300 297 scenePermissions.OnInventoryTransfer += CanInventoryTransfer;
301 m_scene.Permissions.OnCreateObjectInventory += CanCreateObjectInventory; 298 scenePermissions.OnMoveObject += CanMoveObject;
302 m_scene.Permissions.OnEditObjectInventory += CanEditObjectInventory; 299 scenePermissions.OnTakeObject += CanTakeObject;
303 m_scene.Permissions.OnCopyObjectInventory += CanCopyObjectInventory; 300 scenePermissions.OnTakeCopyObject += CanTakeCopyObject;
304 m_scene.Permissions.OnDeleteObjectInventory += CanDeleteObjectInventory; 301 scenePermissions.OnLinkObject += CanLinkObject;
305 m_scene.Permissions.OnResetScript += CanResetScript; 302 scenePermissions.OnDelinkObject += CanDelinkObject;
303 scenePermissions.OnDeedObject += CanDeedObject;
304 scenePermissions.OnSellGroupObject += CanSellGroupObject;
305 scenePermissions.OnSellObjectByUserID += CanSellObjectByUserID;
306 scenePermissions.OnSellObject += CanSellObject;
306 307
307 m_scene.Permissions.OnCreateUserInventory += CanCreateUserInventory; 308 scenePermissions.OnCreateObjectInventory += CanCreateObjectInventory;
308 m_scene.Permissions.OnCopyUserInventory += CanCopyUserInventory; 309 scenePermissions.OnEditObjectInventory += CanEditObjectInventory;
309 m_scene.Permissions.OnEditUserInventory += CanEditUserInventory; 310 scenePermissions.OnCopyObjectInventory += CanCopyObjectInventory;
310 m_scene.Permissions.OnDeleteUserInventory += CanDeleteUserInventory; 311 scenePermissions.OnDeleteObjectInventory += CanDeleteObjectInventory;
312 scenePermissions.OnDoObjectInvToObjectInv += CanDoObjectInvToObjectInv;
313 scenePermissions.OnDropInObjectInv += CanDropInObjectInv;
314
315 scenePermissions.OnViewNotecard += CanViewNotecard;
316 scenePermissions.OnViewScript += CanViewScript;
317 scenePermissions.OnEditNotecard += CanEditNotecard;
318 scenePermissions.OnEditScript += CanEditScript;
319 scenePermissions.OnResetScript += CanResetScript;
320 scenePermissions.OnRunScript += CanRunScript;
321 scenePermissions.OnCompileScript += CanCompileScript;
311 322
312 m_scene.Permissions.OnTeleport += CanTeleport; 323 scenePermissions.OnCreateUserInventory += CanCreateUserInventory;
313 324 scenePermissions.OnCopyUserInventory += CanCopyUserInventory;
314 m_scene.Permissions.OnControlPrimMedia += CanControlPrimMedia; 325 scenePermissions.OnEditUserInventory += CanEditUserInventory;
315 m_scene.Permissions.OnInteractWithPrimMedia += CanInteractWithPrimMedia; 326 scenePermissions.OnDeleteUserInventory += CanDeleteUserInventory;
327
328 scenePermissions.OnControlPrimMedia += CanControlPrimMedia;
329 scenePermissions.OnInteractWithPrimMedia += CanInteractWithPrimMedia;
316 330
317 m_scene.AddCommand("Users", this, "bypass permissions", 331 m_scene.AddCommand("Users", this, "bypass permissions",
318 "bypass permissions <true / false>", 332 "bypass permissions <true / false>",
@@ -327,8 +341,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions
327 m_scene.AddCommand("Debug", this, "debug permissions", 341 m_scene.AddCommand("Debug", this, "debug permissions",
328 "debug permissions <true / false>", 342 "debug permissions <true / false>",
329 "Turn on permissions debugging", 343 "Turn on permissions debugging",
330 HandleDebugPermissions); 344 HandleDebugPermissions);
331 345
332 } 346 }
333 347
334 public void RegionLoaded(Scene scene) 348 public void RegionLoaded(Scene scene)
@@ -341,6 +355,79 @@ namespace OpenSim.Region.CoreModules.World.Permissions
341 return; 355 return;
342 356
343 m_scene.UnregisterModuleInterface<IPermissionsModule>(this); 357 m_scene.UnregisterModuleInterface<IPermissionsModule>(this);
358
359 scenePermissions.OnBypassPermissions -= BypassPermissions;
360 scenePermissions.OnSetBypassPermissions -= SetBypassPermissions;
361 scenePermissions.OnPropagatePermissions -= PropagatePermissions;
362
363 scenePermissions.OnIsGridGod -= IsGridAdministrator;
364 scenePermissions.OnIsAdministrator -= IsAdministrator;
365 scenePermissions.OnIsEstateManager -= IsEstateManager;
366
367 scenePermissions.OnGenerateClientFlags -= GenerateClientFlags;
368
369 scenePermissions.OnIssueEstateCommand -= CanIssueEstateCommand;
370 scenePermissions.OnRunConsoleCommand -= CanRunConsoleCommand;
371
372 scenePermissions.OnTeleport -= CanTeleport;
373
374 scenePermissions.OnInstantMessage -= CanInstantMessage;
375
376 scenePermissions.OnAbandonParcel -= CanAbandonParcel;
377 scenePermissions.OnReclaimParcel -= CanReclaimParcel;
378 scenePermissions.OnDeedParcel -= CanDeedParcel;
379 scenePermissions.OnSellParcel -= CanSellParcel;
380 scenePermissions.OnEditParcelProperties -= CanEditParcelProperties;
381 scenePermissions.OnTerraformLand -= CanTerraformLand;
382 scenePermissions.OnBuyLand -= CanBuyLand;
383
384 scenePermissions.OnRezObject -= CanRezObject;
385 scenePermissions.OnObjectEntry -= CanObjectEntry;
386 scenePermissions.OnObjectEnterWithScripts -= OnObjectEnterWithScripts;
387
388 scenePermissions.OnReturnObjects -= CanReturnObjects;
389
390 scenePermissions.OnDuplicateObject -= CanDuplicateObject;
391 scenePermissions.OnDeleteObjectByIDs -= CanDeleteObjectByIDs;
392 scenePermissions.OnDeleteObject -= CanDeleteObject;
393 scenePermissions.OnEditObjectByIDs -= CanEditObjectByIDs;
394 scenePermissions.OnEditObject -= CanEditObject;
395 scenePermissions.OnEditObjectPerms -= CanEditObjectPerms;
396 scenePermissions.OnInventoryTransfer -= CanInventoryTransfer;
397 scenePermissions.OnMoveObject -= CanMoveObject;
398 scenePermissions.OnTakeObject -= CanTakeObject;
399 scenePermissions.OnTakeCopyObject -= CanTakeCopyObject;
400 scenePermissions.OnLinkObject -= CanLinkObject;
401 scenePermissions.OnDelinkObject -= CanDelinkObject;
402 scenePermissions.OnDeedObject -= CanDeedObject;
403
404 scenePermissions.OnSellGroupObject -= CanSellGroupObject;
405 scenePermissions.OnSellObjectByUserID -= CanSellObjectByUserID;
406 scenePermissions.OnSellObject -= CanSellObject;
407
408 scenePermissions.OnCreateObjectInventory -= CanCreateObjectInventory;
409 scenePermissions.OnEditObjectInventory -= CanEditObjectInventory;
410 scenePermissions.OnCopyObjectInventory -= CanCopyObjectInventory;
411 scenePermissions.OnDeleteObjectInventory -= CanDeleteObjectInventory;
412 scenePermissions.OnDoObjectInvToObjectInv -= CanDoObjectInvToObjectInv;
413 scenePermissions.OnDropInObjectInv -= CanDropInObjectInv;
414
415 scenePermissions.OnViewNotecard -= CanViewNotecard;
416 scenePermissions.OnViewScript -= CanViewScript;
417 scenePermissions.OnEditNotecard -= CanEditNotecard;
418 scenePermissions.OnEditScript -= CanEditScript;
419 scenePermissions.OnResetScript -= CanResetScript;
420 scenePermissions.OnRunScript -= CanRunScript;
421 scenePermissions.OnCompileScript -= CanCompileScript;
422
423 scenePermissions.OnCreateUserInventory -= CanCreateUserInventory;
424 scenePermissions.OnCopyUserInventory -= CanCopyUserInventory;
425 scenePermissions.OnEditUserInventory -= CanEditUserInventory;
426 scenePermissions.OnDeleteUserInventory -= CanDeleteUserInventory;
427
428 scenePermissions.OnControlPrimMedia -= CanControlPrimMedia;
429 scenePermissions.OnInteractWithPrimMedia -= CanInteractWithPrimMedia;
430
344 } 431 }
345 432
346 public void Close() 433 public void Close()
@@ -349,7 +436,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
349 436
350 public string Name 437 public string Name
351 { 438 {
352 get { return "PermissionsModule"; } 439 get { return "DefaultPermissionsModule"; }
353 } 440 }
354 441
355 public Type ReplaceableInterface 442 public Type ReplaceableInterface
@@ -439,7 +526,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
439 { 526 {
440 m_scene.EventManager.TriggerPermissionError(user, reason); 527 m_scene.EventManager.TriggerPermissionError(user, reason);
441 } 528 }
442 529
443 protected void DebugPermissionInformation(string permissionCalled) 530 protected void DebugPermissionInformation(string permissionCalled)
444 { 531 {
445 if (m_debugPermissions) 532 if (m_debugPermissions)
@@ -469,7 +556,37 @@ namespace OpenSim.Region.CoreModules.World.Permissions
469 556
470 return false; 557 return false;
471 } 558 }
472 559
560 protected bool GroupMemberPowers(UUID groupID, UUID userID, ref ulong powers)
561 {
562 powers = 0;
563 if (null == GroupsModule)
564 return false;
565
566 GroupMembershipData gmd = GroupsModule.GetMembershipData(groupID, userID);
567
568 if (gmd != null)
569 {
570 powers = gmd.GroupPowers;
571 return true;
572 }
573 return false;
574 }
575
576 protected bool GroupMemberPowers(UUID groupID, ScenePresence sp, ref ulong powers)
577 {
578 powers = 0;
579 IClientAPI client = sp.ControllingClient;
580 if (client == null)
581 return false;
582
583 if(!client.IsGroupMember(groupID))
584 return false;
585
586 powers = client.GetGroupPowers(groupID);
587 return true;
588 }
589
473 /// <summary> 590 /// <summary>
474 /// Parse a user set configuration setting 591 /// Parse a user set configuration setting
475 /// </summary> 592 /// </summary>
@@ -481,28 +598,28 @@ namespace OpenSim.Region.CoreModules.World.Permissions
481 { 598 {
482 UserSet userSet = defaultValue; 599 UserSet userSet = defaultValue;
483 600
484 string rawSetting = Util.GetConfigVarFromSections<string>(config, settingName, 601 string rawSetting = Util.GetConfigVarFromSections<string>(config, settingName,
485 new string[] {"Startup", "Permissions"}, defaultValue.ToString()); 602 new string[] {"Startup", "Permissions"}, defaultValue.ToString());
486 603
487 // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term 604 // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term
488 // this should disappear. 605 // this should disappear.
489 if ("gods" == rawSetting.ToLower()) 606 if ("gods" == rawSetting.ToLower())
490 rawSetting = UserSet.Administrators.ToString(); 607 rawSetting = UserSet.Administrators.ToString();
491 608
492 // Doing it this was so that we can do a case insensitive conversion 609 // Doing it this was so that we can do a case insensitive conversion
493 try 610 try
494 { 611 {
495 userSet = (UserSet)Enum.Parse(typeof(UserSet), rawSetting, true); 612 userSet = (UserSet)Enum.Parse(typeof(UserSet), rawSetting, true);
496 } 613 }
497 catch 614 catch
498 { 615 {
499 m_log.ErrorFormat( 616 m_log.ErrorFormat(
500 "[PERMISSIONS]: {0} is not a valid {1} value, setting to {2}", 617 "[PERMISSIONS]: {0} is not a valid {1} value, setting to {2}",
501 rawSetting, settingName, userSet); 618 rawSetting, settingName, userSet);
502 } 619 }
503 620
504 m_log.DebugFormat("[PERMISSIONS]: {0} {1}", settingName, userSet); 621 m_log.DebugFormat("[PERMISSIONS]: {0} {1}", settingName, userSet);
505 622
506 return userSet; 623 return userSet;
507 } 624 }
508 625
@@ -516,13 +633,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
516 if (user == UUID.Zero) 633 if (user == UUID.Zero)
517 return false; 634 return false;
518 635
519 if (m_scene.RegionInfo.EstateSettings.EstateOwner == user && m_RegionOwnerIsGod) 636 if (m_RegionOwnerIsAdmin && m_scene.RegionInfo.EstateSettings.EstateOwner == user)
520 return true; 637 return true;
521 638
522 if (IsEstateManager(user) && m_RegionManagerIsGod) 639 if (m_RegionManagerIsAdmin && IsEstateManager(user))
523 return true; 640 return true;
524 641
525 if (IsGridGod(user, null)) 642 if (IsGridAdministrator(user))
526 return true; 643 return true;
527 644
528 return false; 645 return false;
@@ -534,18 +651,19 @@ namespace OpenSim.Region.CoreModules.World.Permissions
534 /// <param name="user">The user</param> 651 /// <param name="user">The user</param>
535 /// <param name="scene">Unused, can be null</param> 652 /// <param name="scene">Unused, can be null</param>
536 /// <returns></returns> 653 /// <returns></returns>
537 protected bool IsGridGod(UUID user, Scene scene) 654 protected bool IsGridAdministrator(UUID user)
538 { 655 {
539 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 656 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
540 if (m_bypassPermissions) return m_bypassPermissionsValue; 657 if (m_bypassPermissions) return m_bypassPermissionsValue;
541 658
542 if (user == UUID.Zero) return false; 659 if (user == UUID.Zero)
660 return false;
543 661
544 if (m_allowGridGods) 662 if (m_allowGridAdmins)
545 { 663 {
546 ScenePresence sp = m_scene.GetScenePresence(user); 664 ScenePresence sp = m_scene.GetScenePresence(user);
547 if (sp != null) 665 if (sp != null)
548 return (sp.UserLevel >= 200); 666 return (sp.GodController.UserLevel >= 200);
549 667
550 UserAccount account = m_scene.UserAccountService.GetUserAccount(m_scene.RegionInfo.ScopeID, user); 668 UserAccount account = m_scene.UserAccountService.GetUserAccount(m_scene.RegionInfo.ScopeID, user);
551 if (account != null) 669 if (account != null)
@@ -556,11 +674,11 @@ namespace OpenSim.Region.CoreModules.World.Permissions
556 } 674 }
557 675
558 protected bool IsFriendWithPerms(UUID user, UUID objectOwner) 676 protected bool IsFriendWithPerms(UUID user, UUID objectOwner)
559 { 677 {
560 if (user == UUID.Zero) 678 if (FriendsModule == null)
561 return false; 679 return false;
562 680
563 if (FriendsModule == null) 681 if (user == UUID.Zero)
564 return false; 682 return false;
565 683
566 int friendPerms = FriendsModule.GetRightsGrantedByFriend(user, objectOwner); 684 int friendPerms = FriendsModule.GetRightsGrantedByFriend(user, objectOwner);
@@ -570,7 +688,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
570 protected bool IsEstateManager(UUID user) 688 protected bool IsEstateManager(UUID user)
571 { 689 {
572 if (user == UUID.Zero) return false; 690 if (user == UUID.Zero) return false;
573 691
574 return m_scene.RegionInfo.EstateSettings.IsEstateManagerOrOwner(user); 692 return m_scene.RegionInfo.EstateSettings.IsEstateManagerOrOwner(user);
575 } 693 }
576 694
@@ -596,75 +714,178 @@ namespace OpenSim.Region.CoreModules.World.Permissions
596 714
597 #region Object Permissions 715 #region Object Permissions
598 716
599 public uint GenerateClientFlags(UUID user, UUID objID) 717 const uint DEFAULT_FLAGS = (uint)(
600 { 718 PrimFlags.ObjectCopy | // Tells client you can copy the object
601 // Here's the way this works, 719 PrimFlags.ObjectModify | // tells client you can modify the object
602 // ObjectFlags and Permission flags are two different enumerations 720 PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod)
603 // ObjectFlags, however, tells the client to change what it will allow the user to do. 721 PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
604 // So, that means that all of the permissions type ObjectFlags are /temporary/ and only 722 PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object
605 // supposed to be set when customizing the objectflags for the client. 723 PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object
724 PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object
725 );
726
727 const uint NOT_DEFAULT_FLAGS = (uint)~(
728 PrimFlags.ObjectCopy | // Tells client you can copy the object
729 PrimFlags.ObjectModify | // tells client you can modify the object
730 PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod)
731 PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
732 PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object
733 PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object
734 PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object
735 );
736
737 const uint EXTRAOWNERMASK = (uint)(
738 PrimFlags.ObjectYouOwner |
739 PrimFlags.ObjectAnyOwner
740 );
741
742 const uint EXTRAGODMASK = (uint)(
743 PrimFlags.ObjectYouOwner |
744 PrimFlags.ObjectAnyOwner |
745 PrimFlags.ObjectOwnerModify |
746 PrimFlags.ObjectModify |
747 PrimFlags.ObjectMove
748 );
749
750 const uint GOD_FLAGS = (uint)(
751 PrimFlags.ObjectCopy | // Tells client you can copy the object
752 PrimFlags.ObjectModify | // tells client you can modify the object
753 PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod)
754 PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
755 PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object
756 PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object
757 PrimFlags.ObjectOwnerModify // Tells client that you're the owner of the object
758 );
759
760 const uint LOCKED_GOD_FLAGS = (uint)(
761 PrimFlags.ObjectCopy | // Tells client you can copy the object
762 PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
763 PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object
764 PrimFlags.ObjectAnyOwner // Tells client that someone owns the object
765 );
766
767 const uint SHAREDMASK = (uint)(
768 PermissionMask.Move |
769 PermissionMask.Modify |
770 PermissionMask.Copy
771 );
772
773 public uint GenerateClientFlags(SceneObjectPart task, ScenePresence sp, uint curEffectivePerms)
774 {
775 if(sp == null || task == null || curEffectivePerms == 0)
776 return 0;
606 777
607 // These temporary objectflags get computed and added in this function based on the 778 // Remove any of the objectFlags that are temporary. These will get added back if appropriate
608 // Permission mask that's appropriate! 779 uint objflags = curEffectivePerms & NOT_DEFAULT_FLAGS ;
609 // Outside of this method, they should never be added to objectflags!
610 // -teravus
611 780
612 SceneObjectPart task = m_scene.GetSceneObjectPart(objID); 781 uint returnMask;
613 782
614 // this shouldn't ever happen.. return no permissions/objectflags. 783 SceneObjectGroup grp = task.ParentGroup;
615 if (task == null) 784 if(grp == null)
616 return (uint)0; 785 return 0;
617 786
618 uint objflags = task.GetEffectiveObjectFlags(); 787 UUID taskOwnerID = task.OwnerID;
619 UUID objectOwner = task.OwnerID; 788 UUID spID = sp.UUID;
620 789
790 bool unlocked = (grp.RootPart.OwnerMask & (uint)PermissionMask.Move) != 0;
621 791
622 // Remove any of the objectFlags that are temporary. These will get added back if appropriate 792 if(sp.IsGod)
623 // in the next bit of code 793 {
624 794 // do locked on objects owned by admin
625 // libomv will moan about PrimFlags.ObjectYouOfficer being 795 if(!unlocked && spID == taskOwnerID)
626 // deprecated 796 return objflags | LOCKED_GOD_FLAGS;
627#pragma warning disable 0612 797 else
628 objflags &= (uint) 798 return objflags | GOD_FLAGS;
629 ~(PrimFlags.ObjectCopy | // Tells client you can copy the object 799 }
630 PrimFlags.ObjectModify | // tells client you can modify the object 800
631 PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod) 801 //bypass option == owner rights
632 PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it 802 if (m_bypassPermissions)
633 PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object 803 {
634 PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object 804 returnMask = ApplyObjectModifyMasks(task.OwnerMask, objflags, true); //??
635 PrimFlags.ObjectOwnerModify | // Tells client that you're the owner of the object 805 returnMask |= EXTRAOWNERMASK;
636 PrimFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set 806 if((returnMask & (uint)PrimFlags.ObjectModify) != 0)
637 ); 807 returnMask |= (uint)PrimFlags.ObjectOwnerModify;
638#pragma warning restore 0612 808 return returnMask;
639 809 }
640 // Creating the three ObjectFlags options for this method to choose from. 810
641 // Customize the OwnerMask 811 // owner
642 uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); 812 if (spID == taskOwnerID)
643 objectOwnerMask |= (uint)PrimFlags.ObjectYouOwner | (uint)PrimFlags.ObjectAnyOwner | (uint)PrimFlags.ObjectOwnerModify; 813 {
644 814 returnMask = ApplyObjectModifyMasks(grp.EffectiveOwnerPerms, objflags, unlocked);
645 // Customize the GroupMask 815 returnMask |= EXTRAOWNERMASK;
646 uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags); 816 if((returnMask & (uint)PrimFlags.ObjectModify) != 0)
647 817 returnMask |= (uint)PrimFlags.ObjectOwnerModify;
648 // Customize the EveryoneMask 818 return returnMask;
649 uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); 819 }
650 if (objectOwner != UUID.Zero) 820
651 objectEveryoneMask |= (uint)PrimFlags.ObjectAnyOwner; 821 // if not god or owner, do attachments as everyone
652 822 if(task.ParentGroup.IsAttachment)
653 PermissionClass permissionClass = GetPermissionClass(user, task); 823 {
654 824 returnMask = ApplyObjectModifyMasks(grp.EffectiveEveryOnePerms, objflags, unlocked);
655 switch (permissionClass) 825 if (taskOwnerID != UUID.Zero)
826 returnMask |= (uint)PrimFlags.ObjectAnyOwner;
827 return returnMask;
828 }
829
830 UUID taskGroupID = task.GroupID;
831 bool notGroupdOwned = taskOwnerID != taskGroupID;
832
833 // if friends with rights then owner
834 if (notGroupdOwned && IsFriendWithPerms(spID, taskOwnerID))
835 {
836 returnMask = ApplyObjectModifyMasks(grp.EffectiveOwnerPerms, objflags, unlocked);
837 returnMask |= EXTRAOWNERMASK;
838 if((returnMask & (uint)PrimFlags.ObjectModify) != 0)
839 returnMask |= (uint)PrimFlags.ObjectOwnerModify;
840 return returnMask;
841 }
842
843 // group owned or shared ?
844 IClientAPI client = sp.ControllingClient;
845 ulong powers = 0;
846 if(taskGroupID != UUID.Zero && GroupMemberPowers(taskGroupID, sp, ref powers))
656 { 847 {
657 case PermissionClass.Owner: 848 if(notGroupdOwned)
658 return objectOwnerMask; 849 {
659 case PermissionClass.Group: 850 // group sharing or everyone
660 return objectGroupMask | objectEveryoneMask; 851 returnMask = ApplyObjectModifyMasks(grp.EffectiveGroupOrEveryOnePerms, objflags, unlocked);
661 case PermissionClass.Everyone: 852 if (taskOwnerID != UUID.Zero)
662 default: 853 returnMask |= (uint)PrimFlags.ObjectAnyOwner;
663 return objectEveryoneMask; 854 return returnMask;
855 }
856
857 // object is owned by group, check role powers
858 if((powers & (ulong)GroupPowers.ObjectManipulate) == 0)
859 {
860 // group sharing or everyone
861 returnMask = ApplyObjectModifyMasks(grp.EffectiveGroupOrEveryOnePerms, objflags, unlocked);
862 returnMask |=
863 (uint)PrimFlags.ObjectGroupOwned |
864 (uint)PrimFlags.ObjectAnyOwner;
865 return returnMask;
866 }
867
868 // we may have copy without transfer
869 uint grpEffectiveOwnerPerms = grp.EffectiveOwnerPerms;
870 if((grpEffectiveOwnerPerms & (uint)PermissionMask.Transfer) == 0)
871 grpEffectiveOwnerPerms &= ~(uint)PermissionMask.Copy;
872 returnMask = ApplyObjectModifyMasks(grpEffectiveOwnerPerms, objflags, unlocked);
873 returnMask |=
874 (uint)PrimFlags.ObjectGroupOwned |
875 (uint)PrimFlags.ObjectYouOwner;
876 if((returnMask & (uint)PrimFlags.ObjectModify) != 0)
877 returnMask |= (uint)PrimFlags.ObjectOwnerModify;
878 return returnMask;
664 } 879 }
880
881 // fallback is everyone rights
882 returnMask = ApplyObjectModifyMasks(grp.EffectiveEveryOnePerms, objflags, unlocked);
883 if (taskOwnerID != UUID.Zero)
884 returnMask |= (uint)PrimFlags.ObjectAnyOwner;
885 return returnMask;
665 } 886 }
666 887
667 private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask) 888 private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask, bool unlocked)
668 { 889 {
669 // We are adding the temporary objectflags to the object's objectflags based on the 890 // We are adding the temporary objectflags to the object's objectflags based on the
670 // permission flag given. These change the F flags on the client. 891 // permission flag given. These change the F flags on the client.
@@ -674,14 +895,17 @@ namespace OpenSim.Region.CoreModules.World.Permissions
674 objectFlagsMask |= (uint)PrimFlags.ObjectCopy; 895 objectFlagsMask |= (uint)PrimFlags.ObjectCopy;
675 } 896 }
676 897
677 if ((setPermissionMask & (uint)PermissionMask.Move) != 0) 898 if (unlocked)
678 { 899 {
679 objectFlagsMask |= (uint)PrimFlags.ObjectMove; 900 if ((setPermissionMask & (uint)PermissionMask.Move) != 0)
680 } 901 {
902 objectFlagsMask |= (uint)PrimFlags.ObjectMove;
903 }
681 904
682 if ((setPermissionMask & (uint)PermissionMask.Modify) != 0) 905 if ((setPermissionMask & (uint)PermissionMask.Modify) != 0)
683 { 906 {
684 objectFlagsMask |= (uint)PrimFlags.ObjectModify; 907 objectFlagsMask |= (uint)PrimFlags.ObjectModify;
908 }
685 } 909 }
686 910
687 if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0) 911 if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0)
@@ -692,6 +916,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
692 return objectFlagsMask; 916 return objectFlagsMask;
693 } 917 }
694 918
919 // OARs still need this method that handles offline users
695 public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj) 920 public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj)
696 { 921 {
697 if (obj == null) 922 if (obj == null)
@@ -705,135 +930,199 @@ namespace OpenSim.Region.CoreModules.World.Permissions
705 if (user == objectOwner) 930 if (user == objectOwner)
706 return PermissionClass.Owner; 931 return PermissionClass.Owner;
707 932
708 if (IsFriendWithPerms(user, objectOwner))
709 return PermissionClass.Owner;
710
711 // Estate users should be able to edit anything in the sim if RegionOwnerIsGod is set
712 if (m_RegionOwnerIsGod && IsEstateManager(user) && !IsAdministrator(objectOwner))
713 return PermissionClass.Owner;
714
715 // Admin should be able to edit anything in the sim (including admin objects) 933 // Admin should be able to edit anything in the sim (including admin objects)
716 if (IsAdministrator(user)) 934 if (IsAdministrator(user))
717 return PermissionClass.Owner; 935 return PermissionClass.Owner;
718 936
719 // Users should be able to edit what is over their land. 937 if(!obj.ParentGroup.IsAttachment)
720 Vector3 taskPos = obj.AbsolutePosition;
721 ILandObject parcel = m_scene.LandChannel.GetLandObject(taskPos.X, taskPos.Y);
722 if (parcel != null && parcel.LandData.OwnerID == user && m_ParcelOwnerIsGod)
723 { 938 {
724 // Admin objects should not be editable by the above 939 if (IsFriendWithPerms(user, objectOwner) )
725 if (!IsAdministrator(objectOwner))
726 return PermissionClass.Owner; 940 return PermissionClass.Owner;
727 }
728 941
729 // Group permissions 942 // Group permissions
730 if ((obj.GroupID != UUID.Zero) && IsGroupMember(obj.GroupID, user, 0)) 943 if (obj.GroupID != UUID.Zero && IsGroupMember(obj.GroupID, user, 0))
731 return PermissionClass.Group; 944 return PermissionClass.Group;
945 }
732 946
733 return PermissionClass.Everyone; 947 return PermissionClass.Everyone;
734 } 948 }
735 949
736 /// <summary> 950 // get effective object permissions using user UUID. User rights will be fixed
737 /// General permissions checks for any operation involving an object. These supplement more specific checks 951 protected uint GetObjectPermissions(UUID currentUser, SceneObjectGroup group, bool denyOnLocked)
738 /// implemented by callers.
739 /// </summary>
740 /// <param name="currentUser"></param>
741 /// <param name="objId">This is a scene object group UUID</param>
742 /// <param name="denyOnLocked"></param>
743 /// <returns></returns>
744 protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
745 { 952 {
746 // Default: deny 953 if (group == null)
747 bool permission = false; 954 return 0;
748 bool locked = false;
749
750 SceneObjectPart part = m_scene.GetSceneObjectPart(objId);
751 955
752 if (part == null) 956 SceneObjectPart root = group.RootPart;
753 return false; 957 if (root == null)
754 958 return 0;
755 SceneObjectGroup group = part.ParentGroup;
756 959
757 UUID objectOwner = group.OwnerID; 960 UUID objectOwner = group.OwnerID;
758 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); 961 bool locked = denyOnLocked && ((root.OwnerMask & (uint)PermissionMask.Move) == 0);
759 962
760 // People shouldn't be able to do anything with locked objects, except the Administrator 963 if (IsAdministrator(currentUser))
761 // The 'set permissions' runs through a different permission check, so when an object owner
762 // sets an object locked, the only thing that they can do is unlock it.
763 //
764 // Nobody but the object owner can set permissions on an object
765 //
766 if (locked && (!IsAdministrator(currentUser)) && denyOnLocked)
767 { 964 {
768 return false; 965 // do lock on admin owned objects
966 if(locked && currentUser == objectOwner)
967 return (uint)(PermissionMask.AllEffective & ~(PermissionMask.Modify | PermissionMask.Move));
968 return (uint)PermissionMask.AllEffective;
769 } 969 }
770 970
771 // Object owners should be able to edit their own content 971 uint lockmask = (uint)PermissionMask.AllEffective;
972 if(locked)
973 lockmask &= ~(uint)(PermissionMask.Modify | PermissionMask.Move);
974
772 if (currentUser == objectOwner) 975 if (currentUser == objectOwner)
976 return group.EffectiveOwnerPerms & lockmask;
977
978 if (group.IsAttachment)
979 return 0;
980
981 UUID sogGroupID = group.GroupID;
982 bool notgroudOwned = sogGroupID != objectOwner;
983
984 if (notgroudOwned && IsFriendWithPerms(currentUser, objectOwner))
985 return group.EffectiveOwnerPerms & lockmask;
986
987 ulong powers = 0;
988 if (sogGroupID != UUID.Zero && GroupMemberPowers(sogGroupID, currentUser, ref powers))
773 { 989 {
774 // there is no way that later code can change this back to false 990 if(notgroudOwned)
775 // so just return true immediately and short circuit the more 991 return group.EffectiveGroupOrEveryOnePerms & lockmask;
776 // expensive group checks 992
777 return true; 993 if((powers & (ulong)GroupPowers.ObjectManipulate) == 0)
778 994 return group.EffectiveGroupOrEveryOnePerms & lockmask;
779 //permission = true; 995
996 uint grpEffectiveOwnerPerms = group.EffectiveOwnerPerms & lockmask;
997 if((grpEffectiveOwnerPerms & (uint)PermissionMask.Transfer) == 0)
998 grpEffectiveOwnerPerms &= ~(uint)PermissionMask.Copy;
999 return grpEffectiveOwnerPerms;
780 } 1000 }
781 else if (group.IsAttachment) 1001
1002 return group.EffectiveEveryOnePerms & lockmask;
1003 }
1004
1005 // get effective object permissions using present presence. So some may depend on requested rights (ie God)
1006 protected uint GetObjectPermissions(ScenePresence sp, SceneObjectGroup group, bool denyOnLocked)
1007 {
1008 if (sp == null || sp.IsDeleted || group == null || group.IsDeleted)
1009 return 0;
1010
1011 SceneObjectPart root = group.RootPart;
1012 if (root == null)
1013 return 0;
1014
1015 UUID spID = sp.UUID;
1016 UUID objectOwner = group.OwnerID;
1017
1018 bool locked = denyOnLocked && ((root.OwnerMask & (uint)PermissionMask.Move) == 0);
1019
1020 if (sp.IsGod)
782 { 1021 {
783 permission = false; 1022 if(locked && spID == objectOwner)
1023 return (uint)(PermissionMask.AllEffective & ~(PermissionMask.Modify | PermissionMask.Move));
1024 return (uint)PermissionMask.AllEffective;
784 } 1025 }
785 1026
786// m_log.DebugFormat( 1027 uint lockmask = (uint)PermissionMask.AllEffective;
787// "[PERMISSIONS]: group.GroupID = {0}, part.GroupMask = {1}, isGroupMember = {2} for {3}", 1028 if(locked)
788// group.GroupID, 1029 lockmask &= ~(uint)(PermissionMask.Modify | PermissionMask.Move);
789// m_scene.GetSceneObjectPart(objId).GroupMask, 1030
790// IsGroupMember(group.GroupID, currentUser, 0), 1031 if (spID == objectOwner)
791// currentUser); 1032 return group.EffectiveOwnerPerms & lockmask;
792 1033
793 // Group members should be able to edit group objects 1034 if (group.IsAttachment)
794 if ((group.GroupID != UUID.Zero) 1035 return 0;
795 && ((m_scene.GetSceneObjectPart(objId).GroupMask & (uint)PermissionMask.Modify) != 0) 1036
796 && IsGroupMember(group.GroupID, currentUser, 0)) 1037 UUID sogGroupID = group.GroupID;
797 { 1038 bool notgroudOwned = sogGroupID != objectOwner;
798 // Return immediately, so that the administrator can shares group objects
799 return true;
800 }
801 1039
802 // Friends with benefits should be able to edit the objects too 1040 if (notgroudOwned && IsFriendWithPerms(spID, objectOwner))
803 if (IsFriendWithPerms(currentUser, objectOwner)) 1041 return group.EffectiveOwnerPerms & lockmask;
804 {
805 // Return immediately, so that the administrator can share objects with friends
806 return true;
807 }
808
809 // Users should be able to edit what is over their land.
810 ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y);
811 if ((parcel != null) && (parcel.LandData.OwnerID == currentUser))
812 {
813 permission = true;
814 }
815 1042
816 // Estate users should be able to edit anything in the sim 1043 ulong powers = 0;
817 if (IsEstateManager(currentUser)) 1044 if (sogGroupID != UUID.Zero && GroupMemberPowers(sogGroupID, sp, ref powers))
818 { 1045 {
819 permission = true; 1046 if(notgroudOwned)
1047 return group.EffectiveGroupOrEveryOnePerms & lockmask;
1048
1049 if((powers & (ulong)GroupPowers.ObjectManipulate) == 0)
1050 return group.EffectiveGroupOrEveryOnePerms & lockmask;
1051
1052 uint grpEffectiveOwnerPerms = group.EffectiveOwnerPerms & lockmask;
1053 if((grpEffectiveOwnerPerms & (uint)PermissionMask.Transfer) == 0)
1054 grpEffectiveOwnerPerms &= ~(uint)PermissionMask.Copy;
1055 return grpEffectiveOwnerPerms;
820 } 1056 }
821 1057
822 // Admin objects should not be editable by the above 1058 return group.EffectiveEveryOnePerms & lockmask;
823 if (IsAdministrator(objectOwner)) 1059 }
1060
1061 private uint GetObjectItemPermissions(UUID userID, TaskInventoryItem ti)
1062 {
1063 UUID tiOwnerID = ti.OwnerID;
1064 if(tiOwnerID == userID)
1065 return ti.CurrentPermissions;
1066
1067 if(IsAdministrator(userID))
1068 return (uint)PermissionMask.AllEffective;
1069 // ??
1070 if (IsFriendWithPerms(userID, tiOwnerID))
1071 return ti.CurrentPermissions;
1072
1073 UUID tiGroupID = ti.GroupID;
1074 if(tiGroupID != UUID.Zero)
824 { 1075 {
825 permission = false; 1076 ulong powers = 0;
1077 if(GroupMemberPowers(tiGroupID, userID, ref powers))
1078 {
1079 if(tiGroupID == ti.OwnerID)
1080 {
1081 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
1082 return ti.CurrentPermissions;
1083 }
1084 return ti.GroupPermissions;
1085 }
826 } 1086 }
827 1087
828 // Admin should be able to edit anything in the sim (including admin objects) 1088 return 0;
829 if (IsAdministrator(currentUser)) 1089 }
1090
1091 private uint GetObjectItemPermissions(ScenePresence sp, TaskInventoryItem ti, bool notEveryone)
1092 {
1093 UUID tiOwnerID = ti.OwnerID;
1094 UUID spID = sp.UUID;
1095
1096 if(tiOwnerID == spID)
1097 return ti.CurrentPermissions;
1098
1099 // ??
1100 if (IsFriendWithPerms(spID, tiOwnerID))
1101 return ti.CurrentPermissions;
1102
1103 UUID tiGroupID = ti.GroupID;
1104 if(tiGroupID != UUID.Zero)
830 { 1105 {
831 permission = true; 1106 ulong powers = 0;
1107 if(GroupMemberPowers(tiGroupID, spID, ref powers))
1108 {
1109 if(tiGroupID == ti.OwnerID)
1110 {
1111 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
1112 return ti.CurrentPermissions;
1113 }
1114 uint p = ti.GroupPermissions;
1115 if(!notEveryone)
1116 p |= ti.EveryonePermissions;
1117 return p;
1118 }
832 } 1119 }
833 1120
834 return permission; 1121 if(notEveryone)
835 } 1122 return 0;
836 1123
1124 return ti.EveryonePermissions;
1125 }
837 #endregion 1126 #endregion
838 1127
839 #region Generic Permissions 1128 #region Generic Permissions
@@ -858,97 +1147,45 @@ namespace OpenSim.Region.CoreModules.World.Permissions
858 1147
859 public bool GenericEstatePermission(UUID user) 1148 public bool GenericEstatePermission(UUID user)
860 { 1149 {
861 // Default: deny
862 bool permission = false;
863
864 // Estate admins should be able to use estate tools 1150 // Estate admins should be able to use estate tools
865 if (IsEstateManager(user)) 1151 if (IsEstateManager(user))
866 permission = true; 1152 return true;
867 1153
868 // Administrators always have permission 1154 // Administrators always have permission
869 if (IsAdministrator(user)) 1155 if (IsAdministrator(user))
870 permission = true; 1156 return true;
871 1157
872 return permission; 1158 return false;
873 } 1159 }
874 1160
875 protected bool GenericParcelPermission(UUID user, ILandObject parcel, ulong groupPowers)
876 {
877 bool permission = false;
878
879 if (parcel.LandData.OwnerID == user)
880 {
881 permission = true;
882 }
883
884 if ((parcel.LandData.GroupID != UUID.Zero) && IsGroupMember(parcel.LandData.GroupID, user, groupPowers))
885 {
886 permission = true;
887 }
888
889 if (IsEstateManager(user))
890 {
891 permission = true;
892 }
893
894 if (IsAdministrator(user))
895 {
896 permission = true;
897 }
898
899 if (m_SimpleBuildPermissions &&
900 (parcel.LandData.Flags & (uint)ParcelFlags.UseAccessList) == 0 && parcel.IsInLandAccessList(user))
901 permission = true;
902
903 return permission;
904 }
905
906 protected bool GenericParcelOwnerPermission(UUID user, ILandObject parcel, ulong groupPowers, bool allowEstateManager) 1161 protected bool GenericParcelOwnerPermission(UUID user, ILandObject parcel, ulong groupPowers, bool allowEstateManager)
907 { 1162 {
908 if (parcel.LandData.OwnerID == user) 1163 if (parcel.LandData.OwnerID == user)
909 {
910 // Returning immediately so that group deeded objects on group deeded land don't trigger a NRE on
911 // the subsequent redundant checks when using lParcelMediaCommandList()
912 // See http://opensimulator.org/mantis/view.php?id=3999 for more details
913 return true; 1164 return true;
914 }
915 1165
916 if (parcel.LandData.IsGroupOwned && IsGroupMember(parcel.LandData.GroupID, user, groupPowers)) 1166 if (parcel.LandData.IsGroupOwned && IsGroupMember(parcel.LandData.GroupID, user, groupPowers))
917 {
918 return true; 1167 return true;
919 } 1168
920
921 if (allowEstateManager && IsEstateManager(user)) 1169 if (allowEstateManager && IsEstateManager(user))
922 {
923 return true; 1170 return true;
924 }
925 1171
926 if (IsAdministrator(user)) 1172 if (IsAdministrator(user))
927 {
928 return true; 1173 return true;
929 }
930 1174
931 return false; 1175 return false;
932 } 1176 }
933
934 protected bool GenericParcelPermission(UUID user, Vector3 pos, ulong groupPowers)
935 {
936 ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
937 if (parcel == null) return false;
938 return GenericParcelPermission(user, parcel, groupPowers);
939 }
940#endregion 1177#endregion
941 1178
942 #region Permission Checks 1179 #region Permission Checks
943 private bool CanAbandonParcel(UUID user, ILandObject parcel, Scene scene) 1180 private bool CanAbandonParcel(UUID user, ILandObject parcel)
944 { 1181 {
945 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1182 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
946 if (m_bypassPermissions) return m_bypassPermissionsValue; 1183 if (m_bypassPermissions) return m_bypassPermissionsValue;
947 1184
948 return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandRelease, false); 1185 return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandRelease, false);
949 } 1186 }
950 1187
951 private bool CanReclaimParcel(UUID user, ILandObject parcel, Scene scene) 1188 private bool CanReclaimParcel(UUID user, ILandObject parcel)
952 { 1189 {
953 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1190 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
954 if (m_bypassPermissions) return m_bypassPermissionsValue; 1191 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -956,108 +1193,252 @@ namespace OpenSim.Region.CoreModules.World.Permissions
956 return GenericParcelOwnerPermission(user, parcel, 0,true); 1193 return GenericParcelOwnerPermission(user, parcel, 0,true);
957 } 1194 }
958 1195
959 private bool CanDeedParcel(UUID user, ILandObject parcel, Scene scene) 1196 private bool CanDeedParcel(UUID user, ILandObject parcel)
960 { 1197 {
961 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1198 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
962 if (m_bypassPermissions) return m_bypassPermissionsValue; 1199 if (m_bypassPermissions) return m_bypassPermissionsValue;
963 1200
1201 if(parcel.LandData.GroupID == UUID.Zero)
1202 return false;
1203
1204 if (IsAdministrator(user))
1205 return true;
1206
964 if (parcel.LandData.OwnerID != user) // Only the owner can deed! 1207 if (parcel.LandData.OwnerID != user) // Only the owner can deed!
965 return false; 1208 return false;
966 1209
967 ScenePresence sp = scene.GetScenePresence(user); 1210 ScenePresence sp = m_scene.GetScenePresence(user);
968 IClientAPI client = sp.ControllingClient; 1211 if(sp == null)
1212 return false;
969 1213
1214 IClientAPI client = sp.ControllingClient;
970 if ((client.GetGroupPowers(parcel.LandData.GroupID) & (ulong)GroupPowers.LandDeed) == 0) 1215 if ((client.GetGroupPowers(parcel.LandData.GroupID) & (ulong)GroupPowers.LandDeed) == 0)
971 return false; 1216 return false;
972 1217
973 return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandDeed, false); 1218 return true;
974 } 1219 }
975 1220
976 private bool CanDeedObject(UUID user, UUID group, Scene scene) 1221 private bool CanDeedObject(ScenePresence sp, SceneObjectGroup sog, UUID targetGroupID)
977 { 1222 {
978 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1223 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
979 if (m_bypassPermissions) return m_bypassPermissionsValue; 1224 if (m_bypassPermissions) return m_bypassPermissionsValue;
980 1225
981 ScenePresence sp = scene.GetScenePresence(user); 1226 if(sog == null || sog.IsDeleted || sp == null || sp.IsDeleted || targetGroupID == UUID.Zero)
982 IClientAPI client = sp.ControllingClient; 1227 return false;
1228
1229 // object has group already?
1230 if(sog.GroupID != targetGroupID)
1231 return false;
1232
1233 // is effectivelly shared?
1234 if(sog.EffectiveGroupPerms == 0)
1235 return false;
1236
1237 if(sp.IsGod)
1238 return true;
1239
1240 // owned by requester?
1241 if(sog.OwnerID != sp.UUID)
1242 return false;
1243
1244 // owner can transfer?
1245 if((sog.EffectiveOwnerPerms & (uint)PermissionMask.Transfer) == 0)
1246 return false;
1247
1248 // group member ?
1249 ulong powers = 0;
1250 if(!GroupMemberPowers(targetGroupID, sp, ref powers))
1251 return false;
983 1252
984 if ((client.GetGroupPowers(group) & (ulong)GroupPowers.DeedObject) == 0) 1253 // has group rights?
1254 if ((powers & (ulong)GroupPowers.DeedObject) == 0)
985 return false; 1255 return false;
986 1256
987 return true; 1257 return true;
988 } 1258 }
989 1259
990 private bool IsGod(UUID user, Scene scene) 1260 private bool CanDuplicateObject(SceneObjectGroup sog, ScenePresence sp)
991 { 1261 {
992 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1262 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
993 if (m_bypassPermissions) return m_bypassPermissionsValue; 1263 if (m_bypassPermissions) return m_bypassPermissionsValue;
994 1264
995 return IsAdministrator(user); 1265 if (sog == null || sog.IsDeleted || sp == null || sp.IsDeleted)
1266 return false;
1267
1268 uint perms = GetObjectPermissions(sp, sog, false);
1269 if((perms & (uint)PermissionMask.Copy) == 0)
1270 return false;
1271
1272 if(sog.OwnerID != sp.UUID && (perms & (uint)PermissionMask.Transfer) == 0)
1273 return false;
1274
1275 //If they can rez, they can duplicate
1276 return CanRezObject(0, sp.UUID, sog.AbsolutePosition);
996 } 1277 }
997 1278
998 private bool CanDuplicateObject(int objectCount, UUID objectID, UUID owner, Scene scene, Vector3 objectPosition) 1279 private bool CanDeleteObject(SceneObjectGroup sog, ScenePresence sp)
999 { 1280 {
1281 // ignoring locked. viewers should warn and ask for confirmation
1282
1000 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1283 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1001 if (m_bypassPermissions) return m_bypassPermissionsValue; 1284 if (m_bypassPermissions) return m_bypassPermissionsValue;
1002 1285
1003 if (!GenericObjectPermission(owner, objectID, true)) 1286 if (sog == null || sog.IsDeleted || sp == null || sp.IsDeleted)
1004 {
1005 //They can't even edit the object
1006 return false; 1287 return false;
1007 } 1288
1008 1289 if(sog.IsAttachment)
1009 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
1010 if (part == null)
1011 return false; 1290 return false;
1012 1291
1013 if (part.OwnerID == owner) 1292 UUID sogOwnerID = sog.OwnerID;
1293 UUID spID = sp.UUID;
1294
1295 if(sogOwnerID == spID)
1296 return true;
1297
1298 if (sp.IsGod)
1299 return true;
1300
1301 if (IsFriendWithPerms(sog.UUID, sogOwnerID))
1302 return true;
1303
1304 UUID sogGroupID = sog.GroupID;
1305 if (sogGroupID != UUID.Zero)
1014 { 1306 {
1015 if ((part.OwnerMask & PERM_COPY) == 0) 1307 ulong powers = 0;
1016 return false; 1308 if(GroupMemberPowers(sogGroupID, sp, ref powers))
1309 {
1310 if(sogGroupID == sogOwnerID)
1311 {
1312 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
1313 return true;
1314 }
1315 return (sog.EffectiveGroupPerms & (uint)PermissionMask.Modify) != 0;
1316 }
1017 } 1317 }
1018 else if (part.GroupID != UUID.Zero) 1318 return false;
1019 { 1319 }
1020 if ((part.OwnerID == part.GroupID) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
1021 return false;
1022 1320
1023 if ((part.GroupMask & PERM_COPY) == 0) 1321 private bool CanDeleteObjectByIDs(UUID objectID, UUID userID)
1024 return false; 1322 {
1323 // ignoring locked. viewers should warn and ask for confirmation
1324
1325 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1326 if (m_bypassPermissions) return m_bypassPermissionsValue;
1327
1328 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
1329 if (sog == null)
1330 return false;
1331
1332 if(sog.IsAttachment)
1333 return false;
1334
1335 UUID sogOwnerID = sog.OwnerID;
1336
1337 if(sogOwnerID == userID)
1338 return true;
1339
1340 if (IsAdministrator(userID))
1341 return true;
1342
1343 if (IsFriendWithPerms(objectID, sogOwnerID))
1344 return true;
1345
1346 UUID sogGroupID = sog.GroupID;
1347 if (sogGroupID != UUID.Zero)
1348 {
1349 ulong powers = 0;
1350 if(GroupMemberPowers(sogGroupID, userID, ref powers))
1351 {
1352 if(sogGroupID == sogOwnerID)
1353 {
1354 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
1355 return true;
1356 }
1357 return (sog.EffectiveGroupPerms & (uint)PermissionMask.Modify) != 0;
1358 }
1025 } 1359 }
1026 1360 return false;
1027 //If they can rez, they can duplicate 1361 }
1028 return CanRezObject(objectCount, owner, objectPosition, scene); 1362
1363 private bool CanEditObjectByIDs(UUID objectID, UUID userID)
1364 {
1365 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1366 if (m_bypassPermissions) return m_bypassPermissionsValue;
1367
1368 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
1369 if (sog == null)
1370 return false;
1371
1372 uint perms = GetObjectPermissions(userID, sog, true);
1373 if((perms & (uint)PermissionMask.Modify) == 0)
1374 return false;
1375 return true;
1029 } 1376 }
1030 1377
1031 private bool CanDeleteObject(UUID objectID, UUID deleter, Scene scene) 1378 private bool CanEditObject(SceneObjectGroup sog, ScenePresence sp)
1032 { 1379 {
1033 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1380 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1034 if (m_bypassPermissions) return m_bypassPermissionsValue; 1381 if (m_bypassPermissions) return m_bypassPermissionsValue;
1035 1382
1036 return GenericObjectPermission(deleter, objectID, false); 1383 if(sog == null || sog.IsDeleted || sp == null || sp.IsDeleted)
1384 return false;
1385
1386 uint perms = GetObjectPermissions(sp, sog, true);
1387 if((perms & (uint)PermissionMask.Modify) == 0)
1388 return false;
1389 return true;
1037 } 1390 }
1038 1391
1039 private bool CanEditObject(UUID objectID, UUID editorID, Scene scene) 1392 private bool CanEditObjectPerms(SceneObjectGroup sog, UUID userID)
1040 { 1393 {
1041 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1394 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1042 if (m_bypassPermissions) return m_bypassPermissionsValue; 1395 if (m_bypassPermissions) return m_bypassPermissionsValue;
1043 1396
1044 return GenericObjectPermission(editorID, objectID, false); 1397 if (sog == null)
1398 return false;
1399
1400 if(sog.OwnerID == userID || IsAdministrator(userID))
1401 return true;
1402
1403 UUID sogGroupID = sog.GroupID;
1404 if(sogGroupID == UUID.Zero || sogGroupID != sog.OwnerID)
1405 return false;
1406
1407 uint perms = sog.EffectiveOwnerPerms;
1408 if((perms & (uint)PermissionMask.Modify) == 0)
1409 return false;
1410
1411 ulong powers = 0;
1412 if(GroupMemberPowers(sogGroupID, userID, ref powers))
1413 {
1414 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
1415 return true;
1416 }
1417
1418 return false;
1045 } 1419 }
1046 1420
1047 private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene) 1421 private bool CanEditObjectInventory(UUID objectID, UUID userID)
1048 { 1422 {
1049 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1423 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1050 if (m_bypassPermissions) return m_bypassPermissionsValue; 1424 if (m_bypassPermissions) return m_bypassPermissionsValue;
1051 1425
1052 return GenericObjectPermission(editorID, objectID, false); 1426 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
1427 if (sog == null)
1428 return false;
1429
1430 uint perms = GetObjectPermissions(userID, sog, true);
1431 if((perms & (uint)PermissionMask.Modify) == 0)
1432 return false;
1433 return true;
1053 } 1434 }
1054 1435
1055 private bool CanEditParcelProperties(UUID user, ILandObject parcel, GroupPowers p, Scene scene) 1436 private bool CanEditParcelProperties(UUID userID, ILandObject parcel, GroupPowers p, bool allowManager)
1056 { 1437 {
1057 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1438 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1058 if (m_bypassPermissions) return m_bypassPermissionsValue; 1439 if (m_bypassPermissions) return m_bypassPermissionsValue;
1059 1440
1060 return GenericParcelOwnerPermission(user, parcel, (ulong)p, false); 1441 return GenericParcelOwnerPermission(userID, parcel, (ulong)p, false);
1061 } 1442 }
1062 1443
1063 /// <summary> 1444 /// <summary>
@@ -1068,18 +1449,18 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1068 /// <param name="user"></param> 1449 /// <param name="user"></param>
1069 /// <param name="scene"></param> 1450 /// <param name="scene"></param>
1070 /// <returns></returns> 1451 /// <returns></returns>
1071 private bool CanEditScript(UUID script, UUID objectID, UUID user, Scene scene) 1452 private bool CanEditScript(UUID script, UUID objectID, UUID userID)
1072 { 1453 {
1073 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1454 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1074 if (m_bypassPermissions) return m_bypassPermissionsValue; 1455 if (m_bypassPermissions) return m_bypassPermissionsValue;
1075 1456
1076 if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(user)) 1457 if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(userID))
1077 return false; 1458 return false;
1078 1459
1079 // Ordinarily, if you can view it, you can edit it 1460 // Ordinarily, if you can view it, you can edit it
1080 // There is no viewing a no mod script 1461 // There is no viewing a no mod script
1081 // 1462 //
1082 return CanViewScript(script, objectID, user, scene); 1463 return CanViewScript(script, objectID, userID);
1083 } 1464 }
1084 1465
1085 /// <summary> 1466 /// <summary>
@@ -1090,7 +1471,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1090 /// <param name="user"></param> 1471 /// <param name="user"></param>
1091 /// <param name="scene"></param> 1472 /// <param name="scene"></param>
1092 /// <returns></returns> 1473 /// <returns></returns>
1093 private bool CanEditNotecard(UUID notecard, UUID objectID, UUID user, Scene scene) 1474 private bool CanEditNotecard(UUID notecard, UUID objectID, UUID user)
1094 { 1475 {
1095 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1476 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1096 if (m_bypassPermissions) return m_bypassPermissionsValue; 1477 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -1098,8 +1479,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1098 if (objectID == UUID.Zero) // User inventory 1479 if (objectID == UUID.Zero) // User inventory
1099 { 1480 {
1100 IInventoryService invService = m_scene.InventoryService; 1481 IInventoryService invService = m_scene.InventoryService;
1101 InventoryItemBase assetRequestItem = new InventoryItemBase(notecard, user); 1482 InventoryItemBase assetRequestItem = invService.GetItem(user, notecard);
1102 assetRequestItem = invService.GetItem(assetRequestItem);
1103 if (assetRequestItem == null && LibraryRootFolder != null) // Library item 1483 if (assetRequestItem == null && LibraryRootFolder != null) // Library item
1104 { 1484 {
1105 assetRequestItem = LibraryRootFolder.FindItem(notecard); 1485 assetRequestItem = LibraryRootFolder.FindItem(notecard);
@@ -1122,69 +1502,68 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1122 } 1502 }
1123 else // Prim inventory 1503 else // Prim inventory
1124 { 1504 {
1125 SceneObjectPart part = scene.GetSceneObjectPart(objectID); 1505 SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
1126
1127 if (part == null) 1506 if (part == null)
1128 return false; 1507 return false;
1129 1508
1130 if (part.OwnerID != user) 1509 SceneObjectGroup sog = part.ParentGroup;
1131 { 1510 if (sog == null)
1132 if (part.GroupID == UUID.Zero) 1511 return false;
1133 return false;
1134 1512
1135 if (!IsGroupMember(part.GroupID, user, 0)) 1513 // check object mod right
1136 return false; 1514 uint perms = GetObjectPermissions(user, sog, true);
1137 1515 if((perms & (uint)PermissionMask.Modify) == 0)
1138 if ((part.GroupMask & (uint)PermissionMask.Modify) == 0)
1139 return false;
1140 }
1141 else
1142 {
1143 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1144 return false; 1516 return false;
1145 }
1146 1517
1147 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); 1518 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
1148
1149 if (ti == null) 1519 if (ti == null)
1150 return false; 1520 return false;
1151 1521
1152 if (ti.OwnerID != user) 1522 if (ti.OwnerID != user)
1153 { 1523 {
1154 if (ti.GroupID == UUID.Zero) 1524 UUID tiGroupID = ti.GroupID;
1525 if (tiGroupID == UUID.Zero)
1155 return false; 1526 return false;
1156 1527
1157 if (!IsGroupMember(ti.GroupID, user, 0)) 1528 ulong powers = 0;
1529 if(!GroupMemberPowers(tiGroupID, user, ref powers))
1158 return false; 1530 return false;
1531
1532 if(tiGroupID == ti.OwnerID && (powers & (ulong)GroupPowers.ObjectManipulate) != 0)
1533 {
1534 if ((ti.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy)) ==
1535 ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy))
1536 return true;
1537 }
1538 if ((ti.GroupPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy)) ==
1539 ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy))
1540 return true;
1541 return false;
1159 } 1542 }
1160 1543
1161 // Require full perms 1544 // Require full perms
1162 if ((ti.CurrentPermissions & 1545 if ((ti.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy)) !=
1163 ((uint)PermissionMask.Modify | 1546 ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy))
1164 (uint)PermissionMask.Copy)) !=
1165 ((uint)PermissionMask.Modify |
1166 (uint)PermissionMask.Copy))
1167 return false; 1547 return false;
1168 } 1548 }
1169
1170 return true; 1549 return true;
1171 } 1550 }
1172 1551
1173 private bool CanInstantMessage(UUID user, UUID target, Scene startScene) 1552 private bool CanInstantMessage(UUID user, UUID target)
1174 { 1553 {
1175 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1554 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1176 if (m_bypassPermissions) return m_bypassPermissionsValue; 1555 if (m_bypassPermissions) return m_bypassPermissionsValue;
1177 1556
1178 // If the sender is an object, check owner instead 1557 // If the sender is an object, check owner instead
1179 // 1558 //
1180 SceneObjectPart part = startScene.GetSceneObjectPart(user); 1559 SceneObjectPart part = m_scene.GetSceneObjectPart(user);
1181 if (part != null) 1560 if (part != null)
1182 user = part.OwnerID; 1561 user = part.OwnerID;
1183 1562
1184 return GenericCommunicationPermission(user, target); 1563 return GenericCommunicationPermission(user, target);
1185 } 1564 }
1186 1565
1187 private bool CanInventoryTransfer(UUID user, UUID target, Scene startScene) 1566 private bool CanInventoryTransfer(UUID user, UUID target)
1188 { 1567 {
1189 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1568 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1190 if (m_bypassPermissions) return m_bypassPermissionsValue; 1569 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -1192,7 +1571,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1192 return GenericCommunicationPermission(user, target); 1571 return GenericCommunicationPermission(user, target);
1193 } 1572 }
1194 1573
1195 private bool CanIssueEstateCommand(UUID user, Scene requestFromScene, bool ownerCommand) 1574 private bool CanIssueEstateCommand(UUID user, bool ownerCommand)
1196 { 1575 {
1197 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1576 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1198 if (m_bypassPermissions) return m_bypassPermissionsValue; 1577 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -1200,174 +1579,161 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1200 if (IsAdministrator(user)) 1579 if (IsAdministrator(user))
1201 return true; 1580 return true;
1202 1581
1203 if (m_scene.RegionInfo.EstateSettings.IsEstateOwner(user))
1204 return true;
1205
1206 if (ownerCommand) 1582 if (ownerCommand)
1207 return false; 1583 return m_scene.RegionInfo.EstateSettings.IsEstateOwner(user);
1208 1584
1209 return GenericEstatePermission(user); 1585 return IsEstateManager(user);
1210 } 1586 }
1211 1587
1212 private bool CanMoveObject(UUID objectID, UUID moverID, Scene scene) 1588 private bool CanMoveObject(SceneObjectGroup sog, ScenePresence sp)
1213 { 1589 {
1214 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1590 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1591
1592 if(sog == null || sog.IsDeleted || sp == null || sp.IsDeleted)
1593 return false;
1594
1215 if (m_bypassPermissions) 1595 if (m_bypassPermissions)
1216 { 1596 {
1217 SceneObjectPart part = scene.GetSceneObjectPart(objectID); 1597 if (sog.OwnerID != sp.UUID && sog.IsAttachment)
1218 if (part.OwnerID != moverID) 1598 return false;
1219 {
1220 if (!part.ParentGroup.IsDeleted)
1221 {
1222 if (part.ParentGroup.IsAttachment)
1223 return false;
1224 }
1225 }
1226 return m_bypassPermissionsValue; 1599 return m_bypassPermissionsValue;
1227 } 1600 }
1228 1601
1229 bool permission = GenericObjectPermission(moverID, objectID, true); 1602 uint perms = GetObjectPermissions(sp, sog, true);
1230 if (!permission) 1603 if((perms & (uint)PermissionMask.Move) == 0)
1231 { 1604 return false;
1232 if (!m_scene.Entities.ContainsKey(objectID)) 1605 return true;
1233 { 1606 }
1234 return false;
1235 }
1236 1607
1237 // The client 1608 private bool CanObjectEntry(SceneObjectGroup sog, bool enteringRegion, Vector3 newPoint)
1238 // may request to edit linked parts, and therefore, it needs 1609 {
1239 // to also check for SceneObjectPart 1610 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1240 1611
1241 // If it's not an object, we cant edit it. 1612 float newX = newPoint.X;
1242 if ((!(m_scene.Entities[objectID] is SceneObjectGroup))) 1613 float newY = newPoint.Y;
1243 {
1244 return false;
1245 }
1246 1614
1615 // allow outside region this is needed for crossings
1616 if (newX < -1f || newX > (m_scene.RegionInfo.RegionSizeX + 1.0f) ||
1617 newY < -1f || newY > (m_scene.RegionInfo.RegionSizeY + 1.0f) )
1618 return true;
1247 1619
1248 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID]; 1620 if(sog == null || sog.IsDeleted)
1621 return false;
1249 1622
1623 if (m_bypassPermissions)
1624 return m_bypassPermissionsValue;
1250 1625
1251 // UUID taskOwner = null; 1626 ILandObject parcel = m_scene.LandChannel.GetLandObject(newX, newY);
1252 // Added this because at this point in time it wouldn't be wise for 1627 if (parcel == null)
1253 // the administrator object permissions to take effect. 1628 return false;
1254 // UUID objectOwner = task.OwnerID;
1255 1629
1256 // Anyone can move 1630 if ((parcel.LandData.Flags & ((int)ParcelFlags.AllowAPrimitiveEntry)) != 0)
1257 if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0) 1631 return true;
1258 permission = true;
1259 1632
1260 // Locked 1633 if (!enteringRegion)
1261 if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
1262 permission = false;
1263 }
1264 else
1265 { 1634 {
1266 bool locked = false; 1635 Vector3 oldPoint = sog.AbsolutePosition;
1267 if (!m_scene.Entities.ContainsKey(objectID)) 1636 ILandObject fromparcel = m_scene.LandChannel.GetLandObject(oldPoint.X, oldPoint.Y);
1268 { 1637 if (fromparcel != null && fromparcel.Equals(parcel)) // it already entered parcel ????
1269 return false; 1638 return true;
1270 } 1639 }
1271
1272 // If it's not an object, we cant edit it.
1273 if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
1274 {
1275 return false;
1276 }
1277 1640
1278 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objectID]; 1641 UUID userID = sog.OwnerID;
1642 LandData landdata = parcel.LandData;
1279 1643
1280 UUID objectOwner = group.OwnerID; 1644 if (landdata.OwnerID == userID)
1281 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); 1645 return true;
1282 1646
1283 // This is an exception to the generic object permission. 1647 if (IsAdministrator(userID))
1284 // Administrators who lock their objects should not be able to move them, 1648 return true;
1285 // however generic object permission should return true.
1286 // This keeps locked objects from being affected by random click + drag actions by accident
1287 // and allows the administrator to grab or delete a locked object.
1288 1649
1289 // Administrators and estate managers are still able to click+grab locked objects not 1650 UUID landGroupID = landdata.GroupID;
1290 // owned by them in the scene 1651 if (landGroupID != UUID.Zero)
1291 // This is by design. 1652 {
1653 if ((parcel.LandData.Flags & ((int)ParcelFlags.AllowGroupObjectEntry)) != 0)
1654 return IsGroupMember(landGroupID, userID, 0);
1292 1655
1293 if (locked && (moverID == objectOwner)) 1656 if (landdata.IsGroupOwned && IsGroupMember(landGroupID, userID, (ulong)GroupPowers.AllowRez))
1294 return false; 1657 return true;
1295 } 1658 }
1296 return permission; 1659
1660 //Otherwise, false!
1661 return false;
1297 } 1662 }
1298 1663
1299 private bool CanObjectEntry(UUID objectID, bool enteringRegion, Vector3 newPoint, Scene scene) 1664 private bool OnObjectEnterWithScripts(SceneObjectGroup sog, ILandObject parcel)
1300 { 1665 {
1301 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1666 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1302 if (m_bypassPermissions) return m_bypassPermissionsValue;
1303 1667
1304 if ((newPoint.X > 257f || newPoint.X < -1f || newPoint.Y > 257f || newPoint.Y < -1f)) 1668 if(sog == null || sog.IsDeleted)
1305 { 1669 return false;
1306 return true;
1307 }
1308 1670
1309 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID]; 1671 if (m_bypassPermissions)
1672 return m_bypassPermissionsValue;
1310 1673
1311 ILandObject land = m_scene.LandChannel.GetLandObject(newPoint.X, newPoint.Y); 1674 if (parcel == null)
1675 return true;
1312 1676
1313 if (!enteringRegion) 1677 int checkflags = ((int)ParcelFlags.AllowAPrimitiveEntry);
1314 { 1678 bool scripts = (sog.ScriptCount() > 0);
1315 ILandObject fromland = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y); 1679 if(scripts)
1680 checkflags |= ((int)ParcelFlags.AllowOtherScripts);
1316 1681
1317 if (fromland == land) // Not entering 1682 if ((parcel.LandData.Flags & checkflags) == checkflags)
1318 return true; 1683 return true;
1319 }
1320 1684
1321 if (land == null) 1685 UUID userID = sog.OwnerID;
1322 { 1686 LandData landdata = parcel.LandData;
1323 return false;
1324 }
1325 1687
1326 if ((land.LandData.Flags & ((int)ParcelFlags.AllowAPrimitiveEntry)) != 0) 1688 if (landdata.OwnerID == userID)
1327 {
1328 return true; 1689 return true;
1329 }
1330 1690
1331 if (!m_scene.Entities.ContainsKey(objectID)) 1691 if (IsAdministrator(userID))
1332 { 1692 return true;
1333 return false;
1334 }
1335 1693
1336 // If it's not an object, we cant edit it. 1694 UUID landGroupID = landdata.GroupID;
1337 if (!(m_scene.Entities[objectID] is SceneObjectGroup)) 1695 if (landGroupID != UUID.Zero)
1338 { 1696 {
1339 return false; 1697 checkflags = (int)ParcelFlags.AllowGroupObjectEntry;
1340 } 1698 if(scripts)
1699 checkflags |= ((int)ParcelFlags.AllowGroupScripts);
1341 1700
1701 if ((parcel.LandData.Flags & checkflags) == checkflags)
1702 return IsGroupMember(landGroupID, userID, 0);
1342 1703
1343 if (GenericParcelPermission(task.OwnerID, newPoint, 0)) 1704 if (landdata.IsGroupOwned && IsGroupMember(landGroupID, userID, (ulong)GroupPowers.AllowRez))
1344 { 1705 return true;
1345 return true;
1346 } 1706 }
1347 1707
1348 //Otherwise, false! 1708 //Otherwise, false!
1349 return false; 1709 return false;
1350 } 1710 }
1351 1711
1352 private bool CanReturnObjects(ILandObject land, UUID user, List<SceneObjectGroup> objects, Scene scene) 1712 private bool CanReturnObjects(ILandObject land, ScenePresence sp, List<SceneObjectGroup> objects)
1353 { 1713 {
1354 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1714 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1355 if (m_bypassPermissions) return m_bypassPermissionsValue; 1715 if (m_bypassPermissions) return m_bypassPermissionsValue;
1356 1716
1357 GroupPowers powers; 1717 if(sp == null)
1358 ILandObject l; 1718 return true; // assuming that in this case rights are as owner
1359 1719
1360 ScenePresence sp = scene.GetScenePresence(user); 1720 UUID userID = sp.UUID;
1361 if (sp == null) 1721 bool isPrivUser = sp.IsGod || IsEstateManager(userID);
1362 return false;
1363 1722
1364 IClientAPI client = sp.ControllingClient; 1723 IClientAPI client = sp.ControllingClient;
1365 1724
1725 ulong powers = 0;
1726 ILandObject l;
1727
1366 foreach (SceneObjectGroup g in new List<SceneObjectGroup>(objects)) 1728 foreach (SceneObjectGroup g in new List<SceneObjectGroup>(objects))
1367 { 1729 {
1368 // Any user can return their own objects at any time 1730 if(g.IsAttachment)
1369 // 1731 {
1370 if (GenericObjectPermission(user, g.UUID, false)) 1732 objects.Remove(g);
1733 continue;
1734 }
1735
1736 if (isPrivUser || g.OwnerID == userID)
1371 continue; 1737 continue;
1372 1738
1373 // This is a short cut for efficiency. If land is non-null, 1739 // This is a short cut for efficiency. If land is non-null,
@@ -1381,39 +1747,40 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1381 else 1747 else
1382 { 1748 {
1383 Vector3 pos = g.AbsolutePosition; 1749 Vector3 pos = g.AbsolutePosition;
1384 1750 l = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
1385 l = scene.LandChannel.GetLandObject(pos.X, pos.Y);
1386 } 1751 }
1387 1752
1388 // If it's not over any land, then we can't do a thing 1753 // If it's not over any land, then we can't do a thing
1389 if (l == null) 1754 if (l == null || l.LandData == null)
1390 { 1755 {
1391 objects.Remove(g); 1756 objects.Remove(g);
1392 continue; 1757 continue;
1393 } 1758 }
1394 1759
1760 LandData ldata = l.LandData;
1395 // If we own the land outright, then allow 1761 // If we own the land outright, then allow
1396 // 1762 //
1397 if (l.LandData.OwnerID == user) 1763 if (ldata.OwnerID == userID)
1398 continue; 1764 continue;
1399 1765
1400 // Group voodoo 1766 // Group voodoo
1401 // 1767 //
1402 if (l.LandData.IsGroupOwned) 1768 if (ldata.IsGroupOwned)
1403 { 1769 {
1404 powers = (GroupPowers)client.GetGroupPowers(l.LandData.GroupID); 1770 UUID lGroupID = ldata.GroupID;
1405 // Not a group member, or no rights at all 1771 // Not a group member, or no rights at all
1406 // 1772 //
1407 if (powers == (GroupPowers)0) 1773 powers = client.GetGroupPowers(lGroupID);
1774 if(powers == 0)
1408 { 1775 {
1409 objects.Remove(g); 1776 objects.Remove(g);
1410 continue; 1777 continue;
1411 } 1778 }
1412 1779
1413 // Group deeded object? 1780 // Group deeded object?
1414 // 1781 //
1415 if (g.OwnerID == l.LandData.GroupID && 1782 if (g.OwnerID == lGroupID &&
1416 (powers & GroupPowers.ReturnGroupOwned) == (GroupPowers)0) 1783 (powers & (ulong)GroupPowers.ReturnGroupOwned) == 0)
1417 { 1784 {
1418 objects.Remove(g); 1785 objects.Remove(g);
1419 continue; 1786 continue;
@@ -1421,14 +1788,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1421 1788
1422 // Group set object? 1789 // Group set object?
1423 // 1790 //
1424 if (g.GroupID == l.LandData.GroupID && 1791 if (g.GroupID == lGroupID &&
1425 (powers & GroupPowers.ReturnGroupSet) == (GroupPowers)0) 1792 (powers & (ulong)GroupPowers.ReturnGroupSet) == 0)
1426 { 1793 {
1427 objects.Remove(g); 1794 objects.Remove(g);
1428 continue; 1795 continue;
1429 } 1796 }
1430 1797
1431 if ((powers & GroupPowers.ReturnNonGroup) == (GroupPowers)0) 1798 if ((powers & (ulong)GroupPowers.ReturnNonGroup) == 0)
1432 { 1799 {
1433 objects.Remove(g); 1800 objects.Remove(g);
1434 continue; 1801 continue;
@@ -1451,41 +1818,41 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1451 return true; 1818 return true;
1452 } 1819 }
1453 1820
1454 private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene) 1821 private bool CanRezObject(int objectCount, UUID userID, Vector3 objectPosition)
1455 { 1822 {
1456 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1823 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1457 if (m_bypassPermissions) return m_bypassPermissionsValue; 1824 if (m_bypassPermissions)
1825 return m_bypassPermissionsValue;
1458 1826
1459// m_log.DebugFormat("[PERMISSIONS MODULE]: Checking rez object at {0} in {1}", objectPosition, m_scene.Name); 1827// m_log.DebugFormat("[PERMISSIONS MODULE]: Checking rez object at {0} in {1}", objectPosition, m_scene.Name);
1460 1828
1461 ILandObject parcel = m_scene.LandChannel.GetLandObject(objectPosition.X, objectPosition.Y); 1829 ILandObject parcel = m_scene.LandChannel.GetLandObject(objectPosition.X, objectPosition.Y);
1462 if (parcel == null) 1830 if (parcel == null || parcel.LandData == null)
1463 return false; 1831 return false;
1464 1832
1465 if ((parcel.LandData.Flags & (uint)ParcelFlags.CreateObjects) != 0) 1833 LandData landdata = parcel.LandData;
1466 { 1834 if ((userID == landdata.OwnerID))
1467 return true;
1468 }
1469 else if ((owner == parcel.LandData.OwnerID) || IsAdministrator(owner))
1470 {
1471 return true; 1835 return true;
1472 } 1836
1473 else if (((parcel.LandData.Flags & (uint)ParcelFlags.CreateGroupObjects) != 0) 1837 if ((landdata.Flags & (uint)ParcelFlags.CreateObjects) != 0)
1474 && (parcel.LandData.GroupID != UUID.Zero) && IsGroupMember(parcel.LandData.GroupID, owner, 0))
1475 {
1476 return true; 1838 return true;
1477 } 1839
1478 else if (parcel.LandData.GroupID != UUID.Zero && IsGroupMember(parcel.LandData.GroupID, owner, (ulong)GroupPowers.AllowRez)) 1840 if(IsAdministrator(userID))
1479 {
1480 return true; 1841 return true;
1481 } 1842
1482 else 1843 if(landdata.GroupID != UUID.Zero)
1483 { 1844 {
1484 return false; 1845 if ((landdata.Flags & (uint)ParcelFlags.CreateGroupObjects) != 0)
1846 return IsGroupMember(landdata.GroupID, userID, 0);
1847
1848 if (landdata.IsGroupOwned && IsGroupMember(landdata.GroupID, userID, (ulong)GroupPowers.AllowRez))
1849 return true;
1485 } 1850 }
1851
1852 return false;
1486 } 1853 }
1487 1854
1488 private bool CanRunConsoleCommand(UUID user, Scene requestFromScene) 1855 private bool CanRunConsoleCommand(UUID user)
1489 { 1856 {
1490 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1857 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1491 if (m_bypassPermissions) return m_bypassPermissionsValue; 1858 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -1494,82 +1861,214 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1494 return IsAdministrator(user); 1861 return IsAdministrator(user);
1495 } 1862 }
1496 1863
1497 private bool CanRunScript(UUID script, UUID objectID, UUID user, Scene scene) 1864 private bool CanRunScript(TaskInventoryItem scriptitem, SceneObjectPart part)
1498 { 1865 {
1499 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1866 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1500 if (m_bypassPermissions) return m_bypassPermissionsValue; 1867 if (m_bypassPermissions) return m_bypassPermissionsValue;
1501 1868
1502 return true; 1869 if(scriptitem == null || part == null)
1870 return false;
1871
1872 SceneObjectGroup sog = part.ParentGroup;
1873 if(sog == null)
1874 return false;
1875
1876 Vector3 pos = sog.AbsolutePosition;
1877 ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
1878 if (parcel == null)
1879 return false;
1880
1881 LandData ldata = parcel.LandData;
1882 if(ldata == null)
1883 return false;
1884
1885 uint lflags = ldata.Flags;
1886
1887 if ((lflags & (uint)ParcelFlags.AllowOtherScripts) != 0)
1888 return true;
1889
1890 if ((part.OwnerID == ldata.OwnerID))
1891 return true;
1892
1893 if (((lflags & (uint)ParcelFlags.AllowGroupScripts) != 0)
1894 && (ldata.GroupID != UUID.Zero) && (ldata.GroupID == part.GroupID))
1895 return true;
1896
1897 return GenericEstatePermission(part.OwnerID);
1503 } 1898 }
1504 1899
1505 private bool CanSellParcel(UUID user, ILandObject parcel, Scene scene) 1900 private bool CanSellParcel(UUID user, ILandObject parcel)
1506 { 1901 {
1507 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1902 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1508 if (m_bypassPermissions) return m_bypassPermissionsValue; 1903 if (m_bypassPermissions) return m_bypassPermissionsValue;
1509 1904
1510 return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandSetSale, false); 1905 return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandSetSale, true);
1511 } 1906 }
1512 1907
1513 private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene) 1908 private bool CanSellGroupObject(UUID userID, UUID groupID)
1514 { 1909 {
1515 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1910 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1516 if (m_bypassPermissions) return m_bypassPermissionsValue; 1911 if (m_bypassPermissions) return m_bypassPermissionsValue;
1517 1912
1518 return GenericObjectPermission(stealer,objectID, false); 1913 return IsGroupMember(groupID, userID, (ulong)GroupPowers.ObjectSetForSale);
1519 } 1914 }
1520 1915
1521 private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene) 1916 private bool CanSellObjectByUserID(SceneObjectGroup sog, UUID userID, byte saleType)
1522 { 1917 {
1523 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 1918 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1524 if (m_bypassPermissions) return m_bypassPermissionsValue; 1919 if (m_bypassPermissions) return m_bypassPermissionsValue;
1525 1920
1526 bool permission = GenericObjectPermission(userID, objectID, false); 1921 if (sog == null || sog.IsDeleted || userID == UUID.Zero)
1922 return false;
1527 1923
1528 SceneObjectGroup so = (SceneObjectGroup)m_scene.Entities[objectID]; 1924 // sell is not a attachment op
1925 if(sog.IsAttachment)
1926 return false;
1529 1927
1530 if (!permission) 1928 if(IsAdministrator(userID))
1531 { 1929 return true;
1532 if (!m_scene.Entities.ContainsKey(objectID))
1533 {
1534 return false;
1535 }
1536 1930
1537 // If it's not an object, we cant edit it. 1931 uint sogEffectiveOwnerPerms = sog.EffectiveOwnerPerms;
1538 if (!(m_scene.Entities[objectID] is SceneObjectGroup)) 1932 if((sogEffectiveOwnerPerms & (uint)PermissionMask.Transfer) == 0)
1539 { 1933 return false;
1540 return false;
1541 }
1542 1934
1543 // UUID taskOwner = null; 1935 if(saleType == (byte)SaleType.Copy &&
1544 // Added this because at this point in time it wouldn't be wise for 1936 (sogEffectiveOwnerPerms & (uint)PermissionMask.Copy) == 0)
1545 // the administrator object permissions to take effect. 1937 return false;
1546 // UUID objectOwner = task.OwnerID;
1547 1938
1548 if ((so.RootPart.EveryoneMask & PERM_COPY) != 0) 1939 UUID sogOwnerID = sog.OwnerID;
1549 permission = true; 1940
1550 } 1941 if(sogOwnerID == userID)
1942 return true;
1943
1944 // else only group owned can be sold by members with powers
1945 UUID sogGroupID = sog.GroupID;
1946 if(sog.OwnerID != sogGroupID || sogGroupID == UUID.Zero)
1947 return false;
1948
1949 return IsGroupMember(sogGroupID, userID, (ulong)GroupPowers.ObjectSetForSale);
1950 }
1951
1952 private bool CanSellObject(SceneObjectGroup sog, ScenePresence sp, byte saleType)
1953 {
1954 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1955 if (m_bypassPermissions) return m_bypassPermissionsValue;
1551 1956
1552 if (so.OwnerID != userID) 1957 if (sog == null || sog.IsDeleted || sp == null || sp.IsDeleted)
1958 return false;
1959
1960 // sell is not a attachment op
1961 if(sog.IsAttachment)
1962 return false;
1963
1964 if(sp.IsGod)
1965 return true;
1966
1967 uint sogEffectiveOwnerPerms = sog.EffectiveOwnerPerms;
1968 if((sogEffectiveOwnerPerms & (uint)PermissionMask.Transfer) == 0)
1969 return false;
1970
1971 if(saleType == (byte)SaleType.Copy &&
1972 (sogEffectiveOwnerPerms & (uint)PermissionMask.Copy) == 0)
1973 return false;
1974
1975 UUID userID = sp.UUID;
1976 UUID sogOwnerID = sog.OwnerID;
1977
1978 if(sogOwnerID == userID)
1979 return true;
1980
1981 // else only group owned can be sold by members with powers
1982 UUID sogGroupID = sog.GroupID;
1983 if(sog.OwnerID != sogGroupID || sogGroupID == UUID.Zero)
1984 return false;
1985
1986 ulong powers = 0;
1987 if(!GroupMemberPowers(sogGroupID, sp, ref powers))
1988 return false;
1989
1990 if((powers & (ulong)GroupPowers.ObjectSetForSale) == 0)
1991 return false;
1992
1993 return true;
1994 }
1995
1996 private bool CanTakeObject(SceneObjectGroup sog, ScenePresence sp)
1997 {
1998 // ignore locked, viewers shell ask for confirmation
1999 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
2000 if (m_bypassPermissions) return m_bypassPermissionsValue;
2001
2002 if (sog == null || sog.IsDeleted || sp == null || sp.IsDeleted)
2003 return false;
2004
2005 // take is not a attachment op
2006 if(sog.IsAttachment)
2007 return false;
2008
2009 UUID sogOwnerID = sog.OwnerID;
2010 UUID spID = sp.UUID;
2011
2012 if(sogOwnerID == spID)
2013 return true;
2014
2015 if (sp.IsGod)
2016 return true;
2017
2018 if((sog.EffectiveOwnerPerms & (uint)PermissionMask.Transfer) == 0)
2019 return false;
2020
2021 if (IsFriendWithPerms(sog.UUID, sogOwnerID))
2022 return true;
2023
2024 UUID sogGroupID = sog.GroupID;
2025 if (sogGroupID != UUID.Zero)
1553 { 2026 {
1554 if ((so.GetEffectivePermissions() & (PERM_COPY | PERM_TRANS)) != (PERM_COPY | PERM_TRANS)) 2027 ulong powers = 0;
1555 permission = false; 2028 if(GroupMemberPowers(sogGroupID, sp, ref powers))
2029 {
2030 if(sogGroupID == sogOwnerID)
2031 {
2032 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
2033 return true;
2034 }
2035 return (sog.EffectiveGroupPerms & (uint)PermissionMask.Modify) != 0;
2036 }
1556 } 2037 }
1557 else 2038 return false;
2039 }
2040
2041 private bool CanTakeCopyObject(SceneObjectGroup sog, ScenePresence sp)
2042 {
2043 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
2044 if (m_bypassPermissions) return m_bypassPermissionsValue;
2045
2046 if (sog == null || sog.IsDeleted || sp == null || sp.IsDeleted)
2047 return false;
2048
2049 // refuse on attachments
2050 if(sog.IsAttachment && !sp.IsGod)
2051 return false;
2052
2053 uint perms = GetObjectPermissions(sp, sog, true);
2054 if((perms & (uint)PermissionMask.Copy) == 0)
1558 { 2055 {
1559 if ((so.GetEffectivePermissions() & PERM_COPY) != PERM_COPY) 2056 sp.ControllingClient.SendAgentAlertMessage("Copying this item has been denied by the permissions system", false);
1560 permission = false; 2057 return false;
1561 } 2058 }
1562 2059
1563 return permission; 2060 if(sog.OwnerID != sp.UUID && (perms & (uint)PermissionMask.Transfer) == 0)
2061 return false;
2062 return true;
1564 } 2063 }
1565 2064
1566 private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene) 2065 private bool CanTerraformLand(UUID userID, Vector3 position)
1567 { 2066 {
1568 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2067 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1569 if (m_bypassPermissions) return m_bypassPermissionsValue; 2068 if (m_bypassPermissions) return m_bypassPermissionsValue;
1570 2069
1571 // Estate override 2070 // Estate override
1572 if (GenericEstatePermission(user)) 2071 if (GenericEstatePermission(userID))
1573 return true; 2072 return true;
1574 2073
1575 float X = position.X; 2074 float X = position.X;
@@ -1587,13 +2086,19 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1587 ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y); 2086 ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y);
1588 if (parcel == null) 2087 if (parcel == null)
1589 return false; 2088 return false;
1590 2089
1591 // Others allowed to terraform? 2090 LandData landdata = parcel.LandData;
1592 if ((parcel.LandData.Flags & ((int)ParcelFlags.AllowTerraform)) != 0) 2091 if (landdata == null)
2092 return false;
2093
2094 if ((landdata.Flags & ((int)ParcelFlags.AllowTerraform)) != 0)
1593 return true; 2095 return true;
1594 2096
1595 // Land owner can terraform too 2097 if(landdata.OwnerID == userID)
1596 if (parcel != null && GenericParcelPermission(user, parcel, (ulong)GroupPowers.AllowEditLand)) 2098 return true;
2099
2100 if (landdata.IsGroupOwned && parcel.LandData.GroupID != UUID.Zero &&
2101 IsGroupMember(landdata.GroupID, userID, (ulong)GroupPowers.AllowEditLand))
1597 return true; 2102 return true;
1598 2103
1599 return false; 2104 return false;
@@ -1607,16 +2112,19 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1607 /// <param name="user"></param> 2112 /// <param name="user"></param>
1608 /// <param name="scene"></param> 2113 /// <param name="scene"></param>
1609 /// <returns></returns> 2114 /// <returns></returns>
1610 private bool CanViewScript(UUID script, UUID objectID, UUID user, Scene scene) 2115 private bool CanViewScript(UUID script, UUID objectID, UUID userID)
1611 { 2116 {
1612 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2117 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1613 if (m_bypassPermissions) return m_bypassPermissionsValue; 2118 if (m_bypassPermissions) return m_bypassPermissionsValue;
1614 2119
2120 // A god is a god is a god
2121 if (IsAdministrator(userID))
2122 return true;
2123
1615 if (objectID == UUID.Zero) // User inventory 2124 if (objectID == UUID.Zero) // User inventory
1616 { 2125 {
1617 IInventoryService invService = m_scene.InventoryService; 2126 IInventoryService invService = m_scene.InventoryService;
1618 InventoryItemBase assetRequestItem = new InventoryItemBase(script, user); 2127 InventoryItemBase assetRequestItem = invService.GetItem(userID, script);
1619 assetRequestItem = invService.GetItem(assetRequestItem);
1620 if (assetRequestItem == null && LibraryRootFolder != null) // Library item 2128 if (assetRequestItem == null && LibraryRootFolder != null) // Library item
1621 { 2129 {
1622 assetRequestItem = LibraryRootFolder.FindItem(script); 2130 assetRequestItem = LibraryRootFolder.FindItem(script);
@@ -1636,60 +2144,53 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1636 // readable only if it's really full perms 2144 // readable only if it's really full perms
1637 // 2145 //
1638 if ((assetRequestItem.CurrentPermissions & 2146 if ((assetRequestItem.CurrentPermissions &
2147/*
1639 ((uint)PermissionMask.Modify | 2148 ((uint)PermissionMask.Modify |
1640 (uint)PermissionMask.Copy | 2149 (uint)PermissionMask.Copy |
1641 (uint)PermissionMask.Transfer)) != 2150 (uint)PermissionMask.Transfer)) !=
1642 ((uint)PermissionMask.Modify | 2151 ((uint)PermissionMask.Modify |
1643 (uint)PermissionMask.Copy | 2152 (uint)PermissionMask.Copy |
1644 (uint)PermissionMask.Transfer)) 2153 (uint)PermissionMask.Transfer))
2154*/
2155 (uint)(PermissionMask.Modify | PermissionMask.Copy)) !=
2156 (uint)(PermissionMask.Modify | PermissionMask.Copy))
1645 return false; 2157 return false;
1646 } 2158 }
1647 else // Prim inventory 2159 else // Prim inventory
1648 { 2160 {
1649 SceneObjectPart part = scene.GetSceneObjectPart(objectID); 2161 SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
1650
1651 if (part == null) 2162 if (part == null)
1652 return false; 2163 return false;
1653
1654 if (part.OwnerID != user)
1655 {
1656 if (part.GroupID == UUID.Zero)
1657 return false;
1658 2164
1659 if (!IsGroupMember(part.GroupID, user, 0)) 2165 SceneObjectGroup sog = part.ParentGroup;
1660 return false; 2166 if (sog == null)
1661 2167 return false;
1662 if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) 2168
1663 return false; 2169 uint perms = GetObjectPermissions(userID, sog, true);
1664 } 2170 if((perms & (uint)PermissionMask.Modify) == 0)
1665 else 2171 return false;
1666 {
1667 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1668 return false;
1669 }
1670 2172
1671 TaskInventoryItem ti = part.Inventory.GetInventoryItem(script); 2173 TaskInventoryItem ti = part.Inventory.GetInventoryItem(script);
1672 2174
1673 if (ti == null) 2175// if (ti == null || ti.InvType != (int)InventoryType.LSL)
2176 if (ti == null) // legacy may not have type
1674 return false; 2177 return false;
1675 2178
1676 if (ti.OwnerID != user) 2179 uint itperms = GetObjectItemPermissions(userID, ti);
1677 {
1678 if (ti.GroupID == UUID.Zero)
1679 return false;
1680
1681 if (!IsGroupMember(ti.GroupID, user, 0))
1682 return false;
1683 }
1684 2180
1685 // Require full perms 2181 // Require full perms
1686 if ((ti.CurrentPermissions & 2182
1687 ((uint)PermissionMask.Modify | 2183 if ((itperms &
2184/*
2185 ((uint)(PermissionMask.Modify |
1688 (uint)PermissionMask.Copy | 2186 (uint)PermissionMask.Copy |
1689 (uint)PermissionMask.Transfer)) != 2187 (uint)PermissionMask.Transfer)) !=
1690 ((uint)PermissionMask.Modify | 2188 ((uint)PermissionMask.Modify |
1691 (uint)PermissionMask.Copy | 2189 (uint)PermissionMask.Copy |
1692 (uint)PermissionMask.Transfer)) 2190 (uint)PermissionMask.Transfer))
2191*/
2192 (uint)(PermissionMask.Modify | PermissionMask.Copy)) !=
2193 (uint)(PermissionMask.Modify | PermissionMask.Copy))
1693 return false; 2194 return false;
1694 } 2195 }
1695 2196
@@ -1704,16 +2205,19 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1704 /// <param name="user"></param> 2205 /// <param name="user"></param>
1705 /// <param name="scene"></param> 2206 /// <param name="scene"></param>
1706 /// <returns></returns> 2207 /// <returns></returns>
1707 private bool CanViewNotecard(UUID notecard, UUID objectID, UUID user, Scene scene) 2208 private bool CanViewNotecard(UUID notecard, UUID objectID, UUID userID)
1708 { 2209 {
1709 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2210 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1710 if (m_bypassPermissions) return m_bypassPermissionsValue; 2211 if (m_bypassPermissions) return m_bypassPermissionsValue;
1711 2212
2213 // A god is a god is a god
2214 if (IsAdministrator(userID))
2215 return true;
2216
1712 if (objectID == UUID.Zero) // User inventory 2217 if (objectID == UUID.Zero) // User inventory
1713 { 2218 {
1714 IInventoryService invService = m_scene.InventoryService; 2219 IInventoryService invService = m_scene.InventoryService;
1715 InventoryItemBase assetRequestItem = new InventoryItemBase(notecard, user); 2220 InventoryItemBase assetRequestItem = invService.GetItem(userID, notecard);
1716 assetRequestItem = invService.GetItem(assetRequestItem);
1717 if (assetRequestItem == null && LibraryRootFolder != null) // Library item 2221 if (assetRequestItem == null && LibraryRootFolder != null) // Library item
1718 { 2222 {
1719 assetRequestItem = LibraryRootFolder.FindItem(notecard); 2223 assetRequestItem = LibraryRootFolder.FindItem(notecard);
@@ -1731,40 +2235,29 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1731 } 2235 }
1732 else // Prim inventory 2236 else // Prim inventory
1733 { 2237 {
1734 SceneObjectPart part = scene.GetSceneObjectPart(objectID); 2238 SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
1735
1736 if (part == null) 2239 if (part == null)
1737 return false; 2240 return false;
1738
1739 if (part.OwnerID != user)
1740 {
1741 if (part.GroupID == UUID.Zero)
1742 return false;
1743
1744 if (!IsGroupMember(part.GroupID, user, 0))
1745 return false;
1746 }
1747 2241
1748 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) 2242 SceneObjectGroup sog = part.ParentGroup;
2243 if (sog == null)
2244 return false;
2245
2246 uint perms = GetObjectPermissions(userID, sog, true);
2247 if((perms & (uint)PermissionMask.Modify) == 0)
1749 return false; 2248 return false;
1750 2249
1751 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); 2250 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
1752 2251
2252// if (ti == null || ti.InvType != (int)InventoryType.Notecard)
1753 if (ti == null) 2253 if (ti == null)
1754 return false; 2254 return false;
1755 2255
1756 if (ti.OwnerID != user) 2256 uint itperms = GetObjectItemPermissions(userID, ti);
1757 {
1758 if (ti.GroupID == UUID.Zero)
1759 return false;
1760
1761 if (!IsGroupMember(ti.GroupID, user, 0))
1762 return false;
1763 }
1764 2257
1765 // Notecards are always readable unless no copy 2258 // Notecards are always readable unless no copy
1766 // 2259 //
1767 if ((ti.CurrentPermissions & 2260 if ((itperms &
1768 (uint)PermissionMask.Copy) != 2261 (uint)PermissionMask.Copy) !=
1769 (uint)PermissionMask.Copy) 2262 (uint)PermissionMask.Copy)
1770 return false; 2263 return false;
@@ -1780,7 +2273,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1780 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2273 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1781 if (m_bypassPermissions) return m_bypassPermissionsValue; 2274 if (m_bypassPermissions) return m_bypassPermissionsValue;
1782 2275
1783 return GenericObjectPermission(userID, objectID, false); 2276 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
2277 if (sog == null)
2278 return false;
2279
2280 uint perms = GetObjectPermissions(userID, sog, true);
2281 if((perms & (uint)PermissionMask.Modify) == 0)
2282 return false;
2283 return true;
1784 } 2284 }
1785 2285
1786 private bool CanDelinkObject(UUID userID, UUID objectID) 2286 private bool CanDelinkObject(UUID userID, UUID objectID)
@@ -1788,10 +2288,17 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1788 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2288 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1789 if (m_bypassPermissions) return m_bypassPermissionsValue; 2289 if (m_bypassPermissions) return m_bypassPermissionsValue;
1790 2290
1791 return GenericObjectPermission(userID, objectID, false); 2291 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
2292 if (sog == null)
2293 return false;
2294
2295 uint perms = GetObjectPermissions(userID, sog, true);
2296 if((perms & (uint)PermissionMask.Modify) == 0)
2297 return false;
2298 return true;
1792 } 2299 }
1793 2300
1794 private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene) 2301 private bool CanBuyLand(UUID userID, ILandObject parcel)
1795 { 2302 {
1796 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2303 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1797 if (m_bypassPermissions) return m_bypassPermissionsValue; 2304 if (m_bypassPermissions) return m_bypassPermissionsValue;
@@ -1804,6 +2311,138 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1804 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2311 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1805 if (m_bypassPermissions) return m_bypassPermissionsValue; 2312 if (m_bypassPermissions) return m_bypassPermissionsValue;
1806 2313
2314 SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
2315 if (part == null)
2316 return false;
2317
2318 SceneObjectGroup sog = part.ParentGroup;
2319 if (sog == null)
2320 return false;
2321
2322 if(sog.OwnerID == userID || IsAdministrator(userID))
2323 return true;
2324
2325 if(sog.IsAttachment)
2326 return false;
2327
2328 UUID sogGroupID = sog.GroupID;
2329
2330 if(sogGroupID == UUID.Zero || sogGroupID != sog.OwnerID)
2331 return false;
2332
2333 TaskInventoryItem ti = part.Inventory.GetInventoryItem(itemID);
2334 if(ti == null)
2335 return false;
2336
2337 ulong powers = 0;
2338 if(GroupMemberPowers(sogGroupID, userID, ref powers))
2339 {
2340 if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
2341 return true;
2342
2343 if((ti.EveryonePermissions & (uint)PermissionMask.Copy) != 0)
2344 return true;
2345 }
2346 return false;
2347 }
2348
2349 // object inventory to object inventory item drag and drop
2350 private bool CanDoObjectInvToObjectInv(TaskInventoryItem item, SceneObjectPart sourcePart, SceneObjectPart destPart)
2351 {
2352 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
2353
2354 if (sourcePart == null || destPart == null || item == null)
2355 return false;
2356
2357 if (m_bypassPermissions)
2358 return m_bypassPermissionsValue;
2359
2360 SceneObjectGroup srcsog = sourcePart.ParentGroup;
2361 SceneObjectGroup destsog = destPart.ParentGroup;
2362 if (srcsog == null || destsog == null)
2363 return false;
2364
2365 // dest is locked
2366 if((destsog.EffectiveOwnerPerms & (uint)PermissionMask.Move) == 0)
2367 return false;
2368
2369 uint itperms = item.CurrentPermissions;
2370
2371 // if item is no copy the source is modifed
2372 if((itperms & (uint)PermissionMask.Copy) == 0 && (srcsog.EffectiveOwnerPerms & (uint)PermissionMask.Modify) == 0)
2373 return false;
2374
2375 UUID srcOwner = srcsog.OwnerID;
2376 UUID destOwner = destsog.OwnerID;
2377 bool notSameOwner = srcOwner != destOwner;
2378
2379 if(notSameOwner)
2380 {
2381 if((itperms & (uint)PermissionMask.Transfer) == 0)
2382 return false;
2383
2384 // scripts can't be droped
2385 if(item.InvType == (int)InventoryType.LSL)
2386 return false;
2387
2388 if((destsog.RootPart.GetEffectiveObjectFlags() & (uint)PrimFlags.AllowInventoryDrop) == 0)
2389 return false;
2390 }
2391 else
2392 {
2393 if((destsog.RootPart.GetEffectiveObjectFlags() & (uint)PrimFlags.AllowInventoryDrop) == 0 &&
2394 (destsog.EffectiveOwnerPerms & (uint)PermissionMask.Modify) == 0)
2395 return false;
2396 }
2397
2398 return true;
2399 }
2400
2401 private bool CanDropInObjectInv(InventoryItemBase item, ScenePresence sp, SceneObjectPart destPart)
2402 {
2403 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
2404
2405 if (sp == null || sp.IsDeleted || destPart == null || item == null)
2406 return false;
2407
2408 SceneObjectGroup destsog = destPart.ParentGroup;
2409 if (destsog == null || destsog.IsDeleted)
2410 return false;
2411
2412 if (m_bypassPermissions)
2413 return m_bypassPermissionsValue;
2414
2415 if(sp.IsGod)
2416 return true;
2417
2418 // dest is locked
2419 if((destsog.EffectiveOwnerPerms & (uint)PermissionMask.Move) == 0)
2420 return false;
2421
2422 UUID destOwner = destsog.OwnerID;
2423 UUID spID = sp.UUID;
2424 bool spNotOwner = spID != destOwner;
2425
2426 // scripts can't be droped
2427 if(spNotOwner && item.InvType == (int)InventoryType.LSL)
2428 return false;
2429
2430 if(spNotOwner || item.Owner != destOwner)
2431 {
2432 // no copy item will be moved if it has transfer
2433 uint itperms = item.CurrentPermissions;
2434 if((itperms & (uint)PermissionMask.Transfer) == 0)
2435 return false;
2436 }
2437
2438 // allowdrop is a root part thing and does bypass modify rights
2439 if((destsog.RootPart.GetEffectiveObjectFlags() & (uint)PrimFlags.AllowInventoryDrop) != 0)
2440 return true;
2441
2442 uint perms = GetObjectPermissions(spID, destsog, true);
2443 if((perms & (uint)PermissionMask.Modify) == 0)
2444 return false;
2445
1807 return true; 2446 return true;
1808 } 2447 }
1809 2448
@@ -1812,6 +2451,23 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1812 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2451 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1813 if (m_bypassPermissions) return m_bypassPermissionsValue; 2452 if (m_bypassPermissions) return m_bypassPermissionsValue;
1814 2453
2454 SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
2455 if (part == null)
2456 return false;
2457
2458 SceneObjectGroup sog = part.ParentGroup;
2459 if (sog == null)
2460 return false;
2461
2462 uint perms = GetObjectPermissions(userID, sog, true);
2463 if((perms & (uint)PermissionMask.Modify) == 0)
2464 return false;
2465
2466 TaskInventoryItem ti = part.Inventory.GetInventoryItem(itemID);
2467 if(ti == null)
2468 return false;
2469
2470 //TODO item perm ?
1815 return true; 2471 return true;
1816 } 2472 }
1817 2473
@@ -1828,31 +2484,28 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1828 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2484 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1829 if (m_bypassPermissions) return m_bypassPermissionsValue; 2485 if (m_bypassPermissions) return m_bypassPermissionsValue;
1830 2486
1831 SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
1832 ScenePresence p = m_scene.GetScenePresence(userID); 2487 ScenePresence p = m_scene.GetScenePresence(userID);
1833 2488
1834 if (part == null || p == null) 2489 if (p == null)
2490 return false;
2491
2492 SceneObjectGroup sog = m_scene.GetGroupByPrim(objectID);
2493 if (sog == null)
2494 return false;
2495
2496 uint perms = GetObjectPermissions(userID, sog, true);
2497 if((perms & (uint)PermissionMask.Modify) == 0)
1835 return false; 2498 return false;
1836 2499
1837 if (!IsAdministrator(userID)) 2500 if ((int)InventoryType.LSL == invType)
1838 { 2501 {
1839 if (part.OwnerID != userID) 2502 if (m_allowedScriptCreators == UserSet.Administrators)
1840 { 2503 return false;
1841 // Group permissions
1842 if ((part.GroupID == UUID.Zero) || (p.ControllingClient.GetGroupPowers(part.GroupID) == 0) || ((part.GroupMask & (uint)PermissionMask.Modify) == 0))
1843 return false;
1844 } else {
1845 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1846 return false;
1847 }
1848 if ((int)InventoryType.LSL == invType)
1849 if (m_allowedScriptCreators == UserSet.Administrators)
1850 return false;
1851 } 2504 }
1852 2505
1853 return true; 2506 return true;
1854 } 2507 }
1855 2508
1856 /// <summary> 2509 /// <summary>
1857 /// Check whether the specified user is allowed to create the given inventory type in their inventory. 2510 /// Check whether the specified user is allowed to create the given inventory type in their inventory.
1858 /// </summary> 2511 /// </summary>
@@ -1867,10 +2520,10 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1867 if ((int)InventoryType.LSL == invType) 2520 if ((int)InventoryType.LSL == invType)
1868 if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID)) 2521 if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
1869 return false; 2522 return false;
1870 2523
1871 return true; 2524 return true;
1872 } 2525 }
1873 2526
1874 /// <summary> 2527 /// <summary>
1875 /// Check whether the specified user is allowed to copy the given inventory type in their inventory. 2528 /// Check whether the specified user is allowed to copy the given inventory type in their inventory.
1876 /// </summary> 2529 /// </summary>
@@ -1884,7 +2537,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1884 2537
1885 return true; 2538 return true;
1886 } 2539 }
1887 2540
1888 /// <summary> 2541 /// <summary>
1889 /// Check whether the specified user is allowed to edit the given inventory item within their own inventory. 2542 /// Check whether the specified user is allowed to edit the given inventory item within their own inventory.
1890 /// </summary> 2543 /// </summary>
@@ -1898,7 +2551,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1898 2551
1899 return true; 2552 return true;
1900 } 2553 }
1901 2554
1902 /// <summary> 2555 /// <summary>
1903 /// Check whether the specified user is allowed to delete the given inventory item from their own inventory. 2556 /// Check whether the specified user is allowed to delete the given inventory item from their own inventory.
1904 /// </summary> 2557 /// </summary>
@@ -1921,22 +2574,22 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1921 return true; 2574 return true;
1922 } 2575 }
1923 2576
1924 private bool CanResetScript(UUID prim, UUID script, UUID agentID, Scene scene) 2577 private bool CanResetScript(UUID primID, UUID script, UUID agentID)
1925 { 2578 {
1926 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); 2579 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1927 if (m_bypassPermissions) return m_bypassPermissionsValue; 2580 if (m_bypassPermissions) return m_bypassPermissionsValue;
1928 2581
1929 SceneObjectPart part = m_scene.GetSceneObjectPart(prim); 2582 SceneObjectGroup sog = m_scene.GetGroupByPrim(primID);
1930 2583 if (sog == null)
1931 // If we selected a sub-prim to reset, prim won't represent the object, but only a part. 2584 return false;
1932 // We have to check the permissions of the object, though.
1933 if (part.ParentID != 0) prim = part.ParentUUID;
1934 2585
1935 // You can reset the scripts in any object you can edit 2586 uint perms = GetObjectPermissions(agentID, sog, false);
1936 return GenericObjectPermission(agentID, prim, false); 2587 if((perms & (uint)PermissionMask.Modify) == 0) // ??
2588 return false;
2589 return true;
1937 } 2590 }
1938 2591
1939 private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) 2592 private bool CanCompileScript(UUID ownerUUID, int scriptType)
1940 { 2593 {
1941 //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); 2594 //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType);
1942 switch (scriptType) { 2595 switch (scriptType) {
@@ -1970,64 +2623,71 @@ namespace OpenSim.Region.CoreModules.World.Permissions
1970 } 2623 }
1971 return(false); 2624 return(false);
1972 } 2625 }
1973 2626
1974 private bool CanControlPrimMedia(UUID agentID, UUID primID, int face) 2627 private bool CanControlPrimMedia(UUID agentID, UUID primID, int face)
1975 { 2628 {
1976// m_log.DebugFormat( 2629// m_log.DebugFormat(
1977// "[PERMISSONS]: Performing CanControlPrimMedia check with agentID {0}, primID {1}, face {2}", 2630// "[PERMISSONS]: Performing CanControlPrimMedia check with agentID {0}, primID {1}, face {2}",
1978// agentID, primID, face); 2631// agentID, primID, face);
1979 2632
1980 if (null == MoapModule) 2633 if (null == MoapModule)
1981 return false; 2634 return false;
1982 2635
1983 SceneObjectPart part = m_scene.GetSceneObjectPart(primID); 2636 SceneObjectPart part = m_scene.GetSceneObjectPart(primID);
1984 if (null == part) 2637 if (null == part)
1985 return false; 2638 return false;
1986 2639
1987 MediaEntry me = MoapModule.GetMediaEntry(part, face); 2640 MediaEntry me = MoapModule.GetMediaEntry(part, face);
1988 2641
1989 // If there is no existing media entry then it can be controlled (in this context, created). 2642 // If there is no existing media entry then it can be controlled (in this context, created).
1990 if (null == me) 2643 if (null == me)
1991 return true; 2644 return true;
1992 2645
1993// m_log.DebugFormat( 2646// m_log.DebugFormat(
1994// "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}", 2647// "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}",
1995// agentID, primID, face, me.ControlPermissions); 2648// agentID, primID, face, me.ControlPermissions);
1996 2649
1997 return GenericObjectPermission(agentID, part.ParentGroup.UUID, true); 2650 SceneObjectGroup sog = part.ParentGroup;
2651 if (sog == null)
2652 return false;
2653
2654 uint perms = GetObjectPermissions(agentID, sog, false);
2655 if((perms & (uint)PermissionMask.Modify) == 0)
2656 return false;
2657 return true;
1998 } 2658 }
1999 2659
2000 private bool CanInteractWithPrimMedia(UUID agentID, UUID primID, int face) 2660 private bool CanInteractWithPrimMedia(UUID agentID, UUID primID, int face)
2001 { 2661 {
2002// m_log.DebugFormat( 2662// m_log.DebugFormat(
2003// "[PERMISSONS]: Performing CanInteractWithPrimMedia check with agentID {0}, primID {1}, face {2}", 2663// "[PERMISSONS]: Performing CanInteractWithPrimMedia check with agentID {0}, primID {1}, face {2}",
2004// agentID, primID, face); 2664// agentID, primID, face);
2005 2665
2006 if (null == MoapModule) 2666 if (null == MoapModule)
2007 return false; 2667 return false;
2008 2668
2009 SceneObjectPart part = m_scene.GetSceneObjectPart(primID); 2669 SceneObjectPart part = m_scene.GetSceneObjectPart(primID);
2010 if (null == part) 2670 if (null == part)
2011 return false; 2671 return false;
2012 2672
2013 MediaEntry me = MoapModule.GetMediaEntry(part, face); 2673 MediaEntry me = MoapModule.GetMediaEntry(part, face);
2014 2674
2015 // If there is no existing media entry then it can be controlled (in this context, created). 2675 // If there is no existing media entry then it can be controlled (in this context, created).
2016 if (null == me) 2676 if (null == me)
2017 return true; 2677 return true;
2018 2678
2019// m_log.DebugFormat( 2679// m_log.DebugFormat(
2020// "[PERMISSIONS]: Checking CanInteractWithPrimMedia for {0} on {1} face {2} with interact permissions {3}", 2680// "[PERMISSIONS]: Checking CanInteractWithPrimMedia for {0} on {1} face {2} with interact permissions {3}",
2021// agentID, primID, face, me.InteractPermissions); 2681// agentID, primID, face, me.InteractPermissions);
2022 2682
2023 return GenericPrimMediaPermission(part, agentID, me.InteractPermissions); 2683 return GenericPrimMediaPermission(part, agentID, me.InteractPermissions);
2024 } 2684 }
2025 2685
2026 private bool GenericPrimMediaPermission(SceneObjectPart part, UUID agentID, MediaPermission perms) 2686 private bool GenericPrimMediaPermission(SceneObjectPart part, UUID agentID, MediaPermission perms)
2027 { 2687 {
2028// if (IsAdministrator(agentID)) 2688// if (IsAdministrator(agentID))
2029// return true; 2689// return true;
2030 2690
2031 if ((perms & MediaPermission.Anyone) == MediaPermission.Anyone) 2691 if ((perms & MediaPermission.Anyone) == MediaPermission.Anyone)
2032 return true; 2692 return true;
2033 2693
@@ -2036,13 +2696,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
2036 if (agentID == part.OwnerID) 2696 if (agentID == part.OwnerID)
2037 return true; 2697 return true;
2038 } 2698 }
2039 2699
2040 if ((perms & MediaPermission.Group) == MediaPermission.Group) 2700 if ((perms & MediaPermission.Group) == MediaPermission.Group)
2041 { 2701 {
2042 if (IsGroupMember(part.GroupID, agentID, 0)) 2702 if (IsGroupMember(part.GroupID, agentID, 0))
2043 return true; 2703 return true;
2044 } 2704 }
2045 2705
2046 return false; 2706 return false;
2047 } 2707 }
2048 } 2708 }
generated by cgit v1.1 at 2024-07-01 09:50:34 +0000