diff options
author | Dr Scofield | 2009-02-10 13:10:57 +0000 |
---|---|---|
committer | Dr Scofield | 2009-02-10 13:10:57 +0000 |
commit | 180be7de07014aa33bc6066f12a0819b731c1c9d (patch) | |
tree | 3aa13af3cda4b808fa9453655875327699b61311 /OpenSim/Region/Environment/Modules/World/Permissions | |
parent | Stopgap measure: To use gridlaunch, or GUI, start opensim with (diff) | |
download | opensim-SC_OLD-180be7de07014aa33bc6066f12a0819b731c1c9d.zip opensim-SC_OLD-180be7de07014aa33bc6066f12a0819b731c1c9d.tar.gz opensim-SC_OLD-180be7de07014aa33bc6066f12a0819b731c1c9d.tar.bz2 opensim-SC_OLD-180be7de07014aa33bc6066f12a0819b731c1c9d.tar.xz |
this is step 2 of 2 of the OpenSim.Region.Environment refactor.
NOTHING has been deleted or moved off to forge at this point. what
has happened is that OpenSim.Region.Environment.Modules has been split
in two:
- OpenSim.Region.CoreModules: all those modules that are either
directly or indirectly referenced from other OpenSim packages, or
that provide functionality that the OpenSim developer community
considers core functionality:
CoreModules/Agent/AssetTransaction
CoreModules/Agent/Capabilities
CoreModules/Agent/TextureDownload
CoreModules/Agent/TextureSender
CoreModules/Agent/TextureSender/Tests
CoreModules/Agent/Xfer
CoreModules/Avatar/AvatarFactory
CoreModules/Avatar/Chat/ChatModule
CoreModules/Avatar/Combat
CoreModules/Avatar/Currency/SampleMoney
CoreModules/Avatar/Dialog
CoreModules/Avatar/Friends
CoreModules/Avatar/Gestures
CoreModules/Avatar/Groups
CoreModules/Avatar/InstantMessage
CoreModules/Avatar/Inventory
CoreModules/Avatar/Inventory/Archiver
CoreModules/Avatar/Inventory/Transfer
CoreModules/Avatar/Lure
CoreModules/Avatar/ObjectCaps
CoreModules/Avatar/Profiles
CoreModules/Communications/Local
CoreModules/Communications/REST
CoreModules/Framework/EventQueue
CoreModules/Framework/InterfaceCommander
CoreModules/Hypergrid
CoreModules/InterGrid
CoreModules/Scripting/DynamicTexture
CoreModules/Scripting/EMailModules
CoreModules/Scripting/HttpRequest
CoreModules/Scripting/LoadImageURL
CoreModules/Scripting/VectorRender
CoreModules/Scripting/WorldComm
CoreModules/Scripting/XMLRPC
CoreModules/World/Archiver
CoreModules/World/Archiver/Tests
CoreModules/World/Estate
CoreModules/World/Land
CoreModules/World/Permissions
CoreModules/World/Serialiser
CoreModules/World/Sound
CoreModules/World/Sun
CoreModules/World/Terrain
CoreModules/World/Terrain/DefaultEffects
CoreModules/World/Terrain/DefaultEffects/bin
CoreModules/World/Terrain/DefaultEffects/bin/Debug
CoreModules/World/Terrain/Effects
CoreModules/World/Terrain/FileLoaders
CoreModules/World/Terrain/FloodBrushes
CoreModules/World/Terrain/PaintBrushes
CoreModules/World/Terrain/Tests
CoreModules/World/Vegetation
CoreModules/World/Wind
CoreModules/World/WorldMap
- OpenSim.Region.OptionalModules: all those modules that are not core
modules:
OptionalModules/Avatar/Chat/IRC-stuff
OptionalModules/Avatar/Concierge
OptionalModules/Avatar/Voice/AsterixVoice
OptionalModules/Avatar/Voice/SIPVoice
OptionalModules/ContentManagementSystem
OptionalModules/Grid/Interregion
OptionalModules/Python
OptionalModules/SvnSerialiser
OptionalModules/World/NPC
OptionalModules/World/TreePopulator
Diffstat (limited to 'OpenSim/Region/Environment/Modules/World/Permissions')
-rw-r--r-- | OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs | 1498 |
1 files changed, 0 insertions, 1498 deletions
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs deleted file mode 100644 index 8838e39..0000000 --- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs +++ /dev/null | |||
@@ -1,1498 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSim Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using OpenMetaverse; | ||
29 | using Nini.Config; | ||
30 | using System; | ||
31 | using System.Collections; | ||
32 | using System.Collections.Generic; | ||
33 | using System.Reflection; | ||
34 | using log4net; | ||
35 | using OpenSim; | ||
36 | using OpenSim.Framework; | ||
37 | using OpenSim.Region.Framework.Interfaces; | ||
38 | using OpenSim.Region.Framework.Scenes; | ||
39 | using OpenSim.Region.Environment.Modules.Framework; | ||
40 | using OpenSim.Framework.Communications.Cache; | ||
41 | |||
42 | namespace OpenSim.Region.Environment.Modules.World.Permissions | ||
43 | { | ||
44 | public class PermissionsModule : IRegionModule | ||
45 | { | ||
46 | private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); | ||
47 | |||
48 | protected Scene m_scene; | ||
49 | |||
50 | #region Constants | ||
51 | // These are here for testing. They will be taken out | ||
52 | |||
53 | //private uint PERM_ALL = (uint)2147483647; | ||
54 | private uint PERM_COPY = (uint)32768; | ||
55 | //private uint PERM_MODIFY = (uint)16384; | ||
56 | private uint PERM_MOVE = (uint)524288; | ||
57 | //private uint PERM_TRANS = (uint)8192; | ||
58 | private uint PERM_LOCKED = (uint)540672; | ||
59 | |||
60 | /// <value> | ||
61 | /// Different user set names that come in from the configuration file. | ||
62 | /// </value> | ||
63 | enum UserSet | ||
64 | { | ||
65 | All, | ||
66 | Administrators | ||
67 | }; | ||
68 | |||
69 | #endregion | ||
70 | |||
71 | #region Bypass Permissions / Debug Permissions Stuff | ||
72 | |||
73 | // Bypasses the permissions engine | ||
74 | private bool m_bypassPermissions = true; | ||
75 | private bool m_bypassPermissionsValue = true; | ||
76 | private bool m_propagatePermissions = false; | ||
77 | private bool m_debugPermissions = false; | ||
78 | private bool m_allowGridGods = false; | ||
79 | private bool m_RegionOwnerIsGod = false; | ||
80 | private bool m_ParcelOwnerIsGod = false; | ||
81 | |||
82 | /// <value> | ||
83 | /// The set of users that are allowed to create scripts. This is only active if permissions are not being | ||
84 | /// bypassed. This overrides normal permissions. | ||
85 | /// </value> | ||
86 | private UserSet m_allowedScriptCreators = UserSet.All; | ||
87 | |||
88 | /// <value> | ||
89 | /// The set of users that are allowed to edit (save) scripts. This is only active if | ||
90 | /// permissions are not being bypassed. This overrides normal permissions.- | ||
91 | /// </value> | ||
92 | private UserSet m_allowedScriptEditors = UserSet.All; | ||
93 | |||
94 | #endregion | ||
95 | |||
96 | #region IRegionModule Members | ||
97 | |||
98 | public void Initialise(Scene scene, IConfigSource config) | ||
99 | { | ||
100 | m_scene = scene; | ||
101 | |||
102 | IConfig myConfig = config.Configs["Startup"]; | ||
103 | |||
104 | string permissionModules = myConfig.GetString("permissionmodules", "DefaultPermissionsModule"); | ||
105 | |||
106 | List<string> modules=new List<string>(permissionModules.Split(',')); | ||
107 | |||
108 | if (!modules.Contains("DefaultPermissionsModule")) | ||
109 | return; | ||
110 | |||
111 | m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false); | ||
112 | m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true); | ||
113 | m_propagatePermissions = myConfig.GetBoolean("propagate_permissions", true); | ||
114 | m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true); | ||
115 | m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true); | ||
116 | |||
117 | m_allowedScriptCreators | ||
118 | = ParseUserSetConfigSetting(myConfig, "allowed_script_creators", m_allowedScriptCreators); | ||
119 | m_allowedScriptEditors | ||
120 | = ParseUserSetConfigSetting(myConfig, "allowed_script_editors", m_allowedScriptEditors); | ||
121 | |||
122 | if (m_bypassPermissions) | ||
123 | m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks"); | ||
124 | else | ||
125 | m_log.Debug("[PERMISSIONS]: Enabling all region service permission checks"); | ||
126 | |||
127 | //Register functions with Scene External Checks! | ||
128 | m_scene.Permissions.AddBypassPermissionsHandler(BypassPermissions); //FULLY IMPLEMENTED | ||
129 | m_scene.Permissions.AddSetBypassPermissionsHandler(SetBypassPermissions); //FULLY IMPLEMENTED | ||
130 | m_scene.Permissions.AddPropagatePermissionsHandler(PropagatePermissions); //FULLY IMPLEMENTED | ||
131 | m_scene.Permissions.AddGenerateClientFlagsHandler(GenerateClientFlags); //NOT YET FULLY IMPLEMENTED | ||
132 | m_scene.Permissions.AddAbandonParcelHandler(CanAbandonParcel); //FULLY IMPLEMENTED | ||
133 | m_scene.Permissions.AddReclaimParcelHandler(CanReclaimParcel); //FULLY IMPLEMENTED | ||
134 | m_scene.Permissions.AddIsGodHandler(IsGod); //FULLY IMPLEMENTED | ||
135 | m_scene.Permissions.AddDuplicateObjectHandler(CanDuplicateObject); //FULLY IMPLEMENTED | ||
136 | m_scene.Permissions.AddDeleteObjectHandler(CanDeleteObject); //MAYBE FULLY IMPLEMENTED | ||
137 | m_scene.Permissions.AddEditObjectHandler(CanEditObject);//MAYBE FULLY IMPLEMENTED | ||
138 | m_scene.Permissions.AddEditParcelHandler(CanEditParcel); //FULLY IMPLEMENTED | ||
139 | m_scene.Permissions.AddInstantMessageHandler(CanInstantMessage); //FULLY IMPLEMENTED | ||
140 | m_scene.Permissions.AddInventoryTransferHandler(CanInventoryTransfer); //NOT YET IMPLEMENTED | ||
141 | m_scene.Permissions.AddIssueEstateCommandHandler(CanIssueEstateCommand); //FULLY IMPLEMENTED | ||
142 | m_scene.Permissions.AddMoveObjectHandler(CanMoveObject); //HOPEFULLY FULLY IMPLEMENTED | ||
143 | m_scene.Permissions.AddObjectEntryHandler(CanObjectEntry); //FULLY IMPLEMENTED | ||
144 | m_scene.Permissions.AddReturnObjectHandler(CanReturnObject); //NOT YET IMPLEMENTED | ||
145 | m_scene.Permissions.AddRezObjectHandler(CanRezObject); //HOPEFULLY FULLY IMPLEMENTED | ||
146 | m_scene.Permissions.AddRunConsoleCommandHandler(CanRunConsoleCommand); //FULLY IMPLEMENTED | ||
147 | m_scene.Permissions.AddRunScriptHandler(CanRunScript); //NOT YET IMPLEMENTED | ||
148 | m_scene.Permissions.AddSellParcelHandler(CanSellParcel); //FULLY IMPLEMENTED | ||
149 | m_scene.Permissions.AddTakeObjectHandler(CanTakeObject); //FULLY IMPLEMENTED | ||
150 | m_scene.Permissions.AddTakeCopyObjectHandler(CanTakeCopyObject); //FULLY IMPLEMENTED | ||
151 | m_scene.Permissions.AddTerraformLandHandler(CanTerraformLand); //FULL IMPLEMENTED (POINT ONLY!!! NOT AREA!!!) | ||
152 | m_scene.Permissions.AddCanLinkObjectHandler(CanLinkObject); //NOT YET IMPLEMENTED | ||
153 | m_scene.Permissions.AddCanDelinkObjectHandler(CanDelinkObject); //NOT YET IMPLEMENTED | ||
154 | m_scene.Permissions.AddCanBuyLandHandler(CanBuyLand); //NOT YET IMPLEMENTED | ||
155 | |||
156 | m_scene.Permissions.AddViewNotecardHandler(CanViewNotecard); //NOT YET IMPLEMENTED | ||
157 | m_scene.Permissions.AddViewScriptHandler(CanViewScript); //NOT YET IMPLEMENTED | ||
158 | m_scene.Permissions.AddEditNotecardHandler(CanEditNotecard); //NOT YET IMPLEMENTED | ||
159 | m_scene.Permissions.AddEditScriptHandler(CanEditScript); //NOT YET IMPLEMENTED | ||
160 | |||
161 | m_scene.Permissions.AddCanCreateObjectInventoryHandler(CanCreateObjectInventory); //NOT IMPLEMENTED HERE | ||
162 | m_scene.Permissions.AddEditObjectInventoryHandler(CanEditObjectInventory);//MAYBE FULLY IMPLEMENTED | ||
163 | m_scene.Permissions.AddCanCopyObjectInventoryHandler(CanCopyObjectInventory); //NOT YET IMPLEMENTED | ||
164 | m_scene.Permissions.AddCanDeleteObjectInventoryHandler(CanDeleteObjectInventory); //NOT YET IMPLEMENTED | ||
165 | m_scene.Permissions.AddResetScriptHandler(CanResetScript); | ||
166 | |||
167 | m_scene.Permissions.AddCanCreateUserInventoryHandler(CanCreateUserInventory); //NOT YET IMPLEMENTED | ||
168 | m_scene.Permissions.AddCanCopyUserInventoryHandler(CanCopyUserInventory); //NOT YET IMPLEMENTED | ||
169 | m_scene.Permissions.AddCanEditUserInventoryHandler(CanEditUserInventory); //NOT YET IMPLEMENTED | ||
170 | m_scene.Permissions.AddCanDeleteUserInventoryHandler(CanDeleteUserInventory); //NOT YET IMPLEMENTED | ||
171 | |||
172 | m_scene.Permissions.AddCanTeleportHandler(CanTeleport); //NOT YET IMPLEMENTED | ||
173 | |||
174 | m_scene.AddCommand("permissions", "bypass permissions", | ||
175 | "bypass permissions <true / false>", | ||
176 | "Bypass permission checks", | ||
177 | HandleBypassPermissions); | ||
178 | |||
179 | m_scene.AddCommand("permissions", "force permissions", | ||
180 | "force permissions <true / false>", | ||
181 | "Force permissions on or off", | ||
182 | HandleForcePermissions); | ||
183 | |||
184 | m_scene.AddCommand("permissions", "debug permissions", | ||
185 | "debug permissions <true / false>", | ||
186 | "Enable permissions debugging", | ||
187 | HandleDebugPermissions); | ||
188 | } | ||
189 | |||
190 | public void HandleBypassPermissions(string module, string[] args) | ||
191 | { | ||
192 | if (m_scene.ConsoleScene() != null && | ||
193 | m_scene.ConsoleScene() != m_scene) | ||
194 | { | ||
195 | return; | ||
196 | } | ||
197 | |||
198 | if (args.Length > 2) | ||
199 | { | ||
200 | bool val; | ||
201 | |||
202 | if (!bool.TryParse(args[2], out val)) | ||
203 | return; | ||
204 | |||
205 | m_bypassPermissions = val; | ||
206 | |||
207 | m_log.InfoFormat( | ||
208 | "[PERMISSIONS]: Set permissions bypass to {0} for {1}", | ||
209 | m_bypassPermissions, m_scene.RegionInfo.RegionName); | ||
210 | } | ||
211 | } | ||
212 | |||
213 | public void HandleForcePermissions(string module, string[] args) | ||
214 | { | ||
215 | if (m_scene.ConsoleScene() != null && | ||
216 | m_scene.ConsoleScene() != m_scene) | ||
217 | { | ||
218 | return; | ||
219 | } | ||
220 | |||
221 | if (!m_bypassPermissions) | ||
222 | { | ||
223 | m_log.Error("[PERMISSIONS] Permissions can't be forced unless they are bypassed first"); | ||
224 | return; | ||
225 | } | ||
226 | |||
227 | if (args.Length > 2) | ||
228 | { | ||
229 | bool val; | ||
230 | |||
231 | if (!bool.TryParse(args[2], out val)) | ||
232 | return; | ||
233 | |||
234 | m_bypassPermissionsValue = val; | ||
235 | |||
236 | m_log.InfoFormat("[PERMISSIONS] Forced permissions to {0} in {1}", m_bypassPermissionsValue, m_scene.RegionInfo.RegionName); | ||
237 | } | ||
238 | } | ||
239 | |||
240 | public void HandleDebugPermissions(string module, string[] args) | ||
241 | { | ||
242 | if (m_scene.ConsoleScene() != null && | ||
243 | m_scene.ConsoleScene() != m_scene) | ||
244 | { | ||
245 | return; | ||
246 | } | ||
247 | |||
248 | if (args.Length > 2) | ||
249 | { | ||
250 | bool val; | ||
251 | |||
252 | if (!bool.TryParse(args[2], out val)) | ||
253 | return; | ||
254 | |||
255 | m_debugPermissions = val; | ||
256 | |||
257 | m_log.InfoFormat("[PERMISSIONS] Set permissions debugging to {0} in {1}", m_debugPermissions, m_scene.RegionInfo.RegionName); | ||
258 | } | ||
259 | } | ||
260 | |||
261 | public void PostInitialise() | ||
262 | { | ||
263 | } | ||
264 | |||
265 | public void Close() | ||
266 | { | ||
267 | } | ||
268 | |||
269 | public string Name | ||
270 | { | ||
271 | get { return "PermissionsModule"; } | ||
272 | } | ||
273 | |||
274 | public bool IsSharedModule | ||
275 | { | ||
276 | get { return false; } | ||
277 | } | ||
278 | |||
279 | #endregion | ||
280 | |||
281 | #region Helper Functions | ||
282 | protected void SendPermissionError(UUID user, string reason) | ||
283 | { | ||
284 | m_scene.EventManager.TriggerPermissionError(user, reason); | ||
285 | } | ||
286 | |||
287 | protected void DebugPermissionInformation(string permissionCalled) | ||
288 | { | ||
289 | if (m_debugPermissions) | ||
290 | m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); | ||
291 | } | ||
292 | |||
293 | /// <summary> | ||
294 | /// Parse a user set configuration setting | ||
295 | /// </summary> | ||
296 | /// <param name="config"></param> | ||
297 | /// <param name="settingName"></param> | ||
298 | /// <param name="defaultValue">The default value for this attribute</param> | ||
299 | /// <returns>The parsed value</returns> | ||
300 | private static UserSet ParseUserSetConfigSetting(IConfig config, string settingName, UserSet defaultValue) | ||
301 | { | ||
302 | UserSet userSet = defaultValue; | ||
303 | |||
304 | string rawSetting = config.GetString(settingName, defaultValue.ToString()); | ||
305 | |||
306 | // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term | ||
307 | // this should disappear. | ||
308 | if ("gods" == rawSetting.ToLower()) | ||
309 | rawSetting = UserSet.Administrators.ToString(); | ||
310 | |||
311 | // Doing it this was so that we can do a case insensitive conversion | ||
312 | try | ||
313 | { | ||
314 | userSet = (UserSet)Enum.Parse(typeof(UserSet), rawSetting, true); | ||
315 | } | ||
316 | catch | ||
317 | { | ||
318 | m_log.ErrorFormat( | ||
319 | "[PERMISSIONS]: {0} is not a valid {1} value, setting to {2}", | ||
320 | rawSetting, settingName, userSet); | ||
321 | } | ||
322 | |||
323 | m_log.DebugFormat("[PERMISSIONS]: {0} {1}", settingName, userSet); | ||
324 | |||
325 | return userSet; | ||
326 | } | ||
327 | |||
328 | /// <summary> | ||
329 | /// Is the given user an administrator (in other words, a god)? | ||
330 | /// </summary> | ||
331 | /// <param name="user"></param> | ||
332 | /// <returns></returns> | ||
333 | protected bool IsAdministrator(UUID user) | ||
334 | { | ||
335 | if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero) | ||
336 | { | ||
337 | if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user)) | ||
338 | return true; | ||
339 | } | ||
340 | |||
341 | if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero) | ||
342 | { | ||
343 | if (m_scene.RegionInfo.EstateSettings.EstateOwner == user) | ||
344 | return true; | ||
345 | } | ||
346 | |||
347 | if (m_allowGridGods) | ||
348 | { | ||
349 | CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user); | ||
350 | if (profile != null && profile.UserProfile != null) | ||
351 | { | ||
352 | if (profile.UserProfile.GodLevel >= 200) | ||
353 | return true; | ||
354 | } | ||
355 | else | ||
356 | { | ||
357 | m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for administrator check", user); | ||
358 | } | ||
359 | } | ||
360 | |||
361 | return false; | ||
362 | } | ||
363 | |||
364 | protected bool IsEstateManager(UUID user) | ||
365 | { | ||
366 | return m_scene.RegionInfo.EstateSettings.IsEstateManager(user); | ||
367 | } | ||
368 | #endregion | ||
369 | |||
370 | public bool PropagatePermissions() | ||
371 | { | ||
372 | if (m_bypassPermissions) | ||
373 | return false; | ||
374 | |||
375 | return m_propagatePermissions; | ||
376 | } | ||
377 | |||
378 | public bool BypassPermissions() | ||
379 | { | ||
380 | return m_bypassPermissions; | ||
381 | } | ||
382 | |||
383 | public void SetBypassPermissions(bool value) | ||
384 | { | ||
385 | m_bypassPermissions=value; | ||
386 | } | ||
387 | |||
388 | #region Object Permissions | ||
389 | |||
390 | public uint GenerateClientFlags(UUID user, UUID objID) | ||
391 | { | ||
392 | // Here's the way this works, | ||
393 | // ObjectFlags and Permission flags are two different enumerations | ||
394 | // ObjectFlags, however, tells the client to change what it will allow the user to do. | ||
395 | // So, that means that all of the permissions type ObjectFlags are /temporary/ and only | ||
396 | // supposed to be set when customizing the objectflags for the client. | ||
397 | |||
398 | // These temporary objectflags get computed and added in this function based on the | ||
399 | // Permission mask that's appropriate! | ||
400 | // Outside of this method, they should never be added to objectflags! | ||
401 | // -teravus | ||
402 | |||
403 | SceneObjectPart task = m_scene.GetSceneObjectPart(objID); | ||
404 | |||
405 | // this shouldn't ever happen.. return no permissions/objectflags. | ||
406 | if (task == null) | ||
407 | return (uint)0; | ||
408 | |||
409 | uint objflags = task.GetEffectiveObjectFlags(); | ||
410 | UUID objectOwner = task.OwnerID; | ||
411 | |||
412 | |||
413 | // Remove any of the objectFlags that are temporary. These will get added back if appropriate | ||
414 | // in the next bit of code | ||
415 | |||
416 | // libomv will moan about PrimFlags.ObjectYouOfficer being | ||
417 | // deprecated | ||
418 | #pragma warning disable 0612 | ||
419 | objflags &= (uint) | ||
420 | ~(PrimFlags.ObjectCopy | // Tells client you can copy the object | ||
421 | PrimFlags.ObjectModify | // tells client you can modify the object | ||
422 | PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod) | ||
423 | PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it | ||
424 | PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object | ||
425 | PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object | ||
426 | PrimFlags.ObjectOwnerModify | // Tells client that you're the owner of the object | ||
427 | PrimFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set | ||
428 | ); | ||
429 | #pragma warning restore 0612 | ||
430 | |||
431 | // Creating the three ObjectFlags options for this method to choose from. | ||
432 | // Customize the OwnerMask | ||
433 | uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); | ||
434 | objectOwnerMask |= (uint)PrimFlags.ObjectYouOwner | (uint)PrimFlags.ObjectAnyOwner | (uint)PrimFlags.ObjectOwnerModify; | ||
435 | |||
436 | // Customize the GroupMask | ||
437 | // uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags); | ||
438 | |||
439 | // Customize the EveryoneMask | ||
440 | uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); | ||
441 | |||
442 | |||
443 | // Hack to allow collaboration until Groups and Group Permissions are implemented | ||
444 | if ((objectEveryoneMask & (uint)PrimFlags.ObjectMove) != 0) | ||
445 | objectEveryoneMask |= (uint)PrimFlags.ObjectModify; | ||
446 | |||
447 | if (m_bypassPermissions) | ||
448 | return objectOwnerMask; | ||
449 | |||
450 | // Object owners should be able to edit their own content | ||
451 | if (user == objectOwner) | ||
452 | { | ||
453 | return objectOwnerMask; | ||
454 | } | ||
455 | |||
456 | // Users should be able to edit what is over their land. | ||
457 | ILandObject parcel = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y); | ||
458 | if (parcel != null && parcel.landData.OwnerID == user && m_ParcelOwnerIsGod) | ||
459 | return objectOwnerMask; | ||
460 | |||
461 | // Admin objects should not be editable by the above | ||
462 | if (IsAdministrator(objectOwner)) | ||
463 | return objectEveryoneMask; | ||
464 | |||
465 | // Estate users should be able to edit anything in the sim | ||
466 | if (IsEstateManager(user) && m_RegionOwnerIsGod) | ||
467 | return objectOwnerMask; | ||
468 | |||
469 | // Admin should be able to edit anything in the sim (including admin objects) | ||
470 | if (IsAdministrator(user)) | ||
471 | return objectOwnerMask; | ||
472 | |||
473 | |||
474 | return objectEveryoneMask; | ||
475 | } | ||
476 | |||
477 | private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask) | ||
478 | { | ||
479 | // We are adding the temporary objectflags to the object's objectflags based on the | ||
480 | // permission flag given. These change the F flags on the client. | ||
481 | |||
482 | if ((setPermissionMask & (uint)PermissionMask.Copy) != 0) | ||
483 | { | ||
484 | objectFlagsMask |= (uint)PrimFlags.ObjectCopy; | ||
485 | } | ||
486 | |||
487 | if ((setPermissionMask & (uint)PermissionMask.Move) != 0) | ||
488 | { | ||
489 | objectFlagsMask |= (uint)PrimFlags.ObjectMove; | ||
490 | } | ||
491 | |||
492 | if ((setPermissionMask & (uint)PermissionMask.Modify) != 0) | ||
493 | { | ||
494 | objectFlagsMask |= (uint)PrimFlags.ObjectModify; | ||
495 | } | ||
496 | |||
497 | if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0) | ||
498 | { | ||
499 | objectFlagsMask |= (uint)PrimFlags.ObjectTransfer; | ||
500 | } | ||
501 | |||
502 | return objectFlagsMask; | ||
503 | } | ||
504 | |||
505 | /// <summary> | ||
506 | /// General permissions checks for any operation involving an object. These supplement more specific checks | ||
507 | /// implemented by callers. | ||
508 | /// </summary> | ||
509 | /// <param name="currentUser"></param> | ||
510 | /// <param name="objId"></param> | ||
511 | /// <param name="denyOnLocked"></param> | ||
512 | /// <returns></returns> | ||
513 | protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked) | ||
514 | { | ||
515 | // Default: deny | ||
516 | bool permission = false; | ||
517 | bool locked = false; | ||
518 | |||
519 | if (!m_scene.Entities.ContainsKey(objId)) | ||
520 | { | ||
521 | return false; | ||
522 | } | ||
523 | |||
524 | // If it's not an object, we cant edit it. | ||
525 | if ((!(m_scene.Entities[objId] is SceneObjectGroup))) | ||
526 | { | ||
527 | return false; | ||
528 | } | ||
529 | |||
530 | SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; | ||
531 | |||
532 | UUID objectOwner = group.OwnerID; | ||
533 | locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); | ||
534 | |||
535 | // People shouldn't be able to do anything with locked objects, except the Administrator | ||
536 | // The 'set permissions' runs through a different permission check, so when an object owner | ||
537 | // sets an object locked, the only thing that they can do is unlock it. | ||
538 | // | ||
539 | // Nobody but the object owner can set permissions on an object | ||
540 | // | ||
541 | |||
542 | if (locked && (!IsAdministrator(currentUser)) && denyOnLocked) | ||
543 | { | ||
544 | return false; | ||
545 | } | ||
546 | |||
547 | // Object owners should be able to edit their own content | ||
548 | if (currentUser == objectOwner) | ||
549 | { | ||
550 | permission = true; | ||
551 | } | ||
552 | else if (group.IsAttachment) | ||
553 | { | ||
554 | permission = false; | ||
555 | } | ||
556 | |||
557 | // Users should be able to edit what is over their land. | ||
558 | ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y); | ||
559 | if ((parcel != null) && (parcel.landData.OwnerID == currentUser)) | ||
560 | { | ||
561 | permission = true; | ||
562 | } | ||
563 | |||
564 | // Estate users should be able to edit anything in the sim | ||
565 | if (IsEstateManager(currentUser)) | ||
566 | { | ||
567 | permission = true; | ||
568 | } | ||
569 | |||
570 | // Admin objects should not be editable by the above | ||
571 | if (IsAdministrator(objectOwner)) | ||
572 | { | ||
573 | permission = false; | ||
574 | } | ||
575 | |||
576 | // Admin should be able to edit anything in the sim (including admin objects) | ||
577 | if (IsAdministrator(currentUser)) | ||
578 | { | ||
579 | permission = true; | ||
580 | } | ||
581 | |||
582 | return permission; | ||
583 | } | ||
584 | |||
585 | #endregion | ||
586 | |||
587 | #region Generic Permissions | ||
588 | protected bool GenericCommunicationPermission(UUID user, UUID target) | ||
589 | { | ||
590 | // Setting this to true so that cool stuff can happen until we define what determines Generic Communication Permission | ||
591 | bool permission = true; | ||
592 | string reason = "Only registered users may communicate with another account."; | ||
593 | |||
594 | // Uhh, we need to finish this before we enable it.. because it's blocking all sorts of goodies and features | ||
595 | if (IsAdministrator(user)) | ||
596 | permission = true; | ||
597 | |||
598 | if (IsEstateManager(user)) | ||
599 | permission = true; | ||
600 | |||
601 | if (!permission) | ||
602 | SendPermissionError(user, reason); | ||
603 | |||
604 | return permission; | ||
605 | } | ||
606 | |||
607 | public bool GenericEstatePermission(UUID user) | ||
608 | { | ||
609 | // Default: deny | ||
610 | bool permission = false; | ||
611 | |||
612 | // Estate admins should be able to use estate tools | ||
613 | if (IsEstateManager(user)) | ||
614 | permission = true; | ||
615 | |||
616 | // Administrators always have permission | ||
617 | if (IsAdministrator(user)) | ||
618 | permission = true; | ||
619 | |||
620 | return permission; | ||
621 | } | ||
622 | |||
623 | protected bool GenericParcelPermission(UUID user, ILandObject parcel) | ||
624 | { | ||
625 | bool permission = false; | ||
626 | |||
627 | if (parcel.landData.OwnerID == user) | ||
628 | { | ||
629 | permission = true; | ||
630 | } | ||
631 | |||
632 | if (parcel.landData.IsGroupOwned) | ||
633 | { | ||
634 | // TODO: Need to do some extra checks here. Requires group code. | ||
635 | } | ||
636 | |||
637 | if (IsEstateManager(user)) | ||
638 | { | ||
639 | permission = true; | ||
640 | } | ||
641 | |||
642 | if (IsAdministrator(user)) | ||
643 | { | ||
644 | permission = true; | ||
645 | } | ||
646 | |||
647 | return permission; | ||
648 | } | ||
649 | |||
650 | protected bool GenericParcelPermission(UUID user, Vector3 pos) | ||
651 | { | ||
652 | ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y); | ||
653 | if (parcel == null) return false; | ||
654 | return GenericParcelPermission(user, parcel); | ||
655 | } | ||
656 | #endregion | ||
657 | |||
658 | #region Permission Checks | ||
659 | private bool CanAbandonParcel(UUID user, ILandObject parcel, Scene scene) | ||
660 | { | ||
661 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
662 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
663 | |||
664 | return GenericParcelPermission(user, parcel); | ||
665 | } | ||
666 | |||
667 | private bool CanReclaimParcel(UUID user, ILandObject parcel, Scene scene) | ||
668 | { | ||
669 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
670 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
671 | |||
672 | return GenericParcelPermission(user, parcel); | ||
673 | } | ||
674 | |||
675 | private bool IsGod(UUID user, Scene scene) | ||
676 | { | ||
677 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
678 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
679 | |||
680 | return IsAdministrator(user); | ||
681 | } | ||
682 | |||
683 | private bool CanDuplicateObject(int objectCount, UUID objectID, UUID owner, Scene scene, Vector3 objectPosition) | ||
684 | { | ||
685 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
686 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
687 | |||
688 | if (!GenericObjectPermission(owner, objectID, true)) | ||
689 | { | ||
690 | //They can't even edit the object | ||
691 | return false; | ||
692 | } | ||
693 | |||
694 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); | ||
695 | if (part == null) | ||
696 | return false; | ||
697 | |||
698 | if ((part.OwnerMask & PERM_COPY) == 0) | ||
699 | return false; | ||
700 | |||
701 | if ((part.ParentGroup.GetEffectivePermissions() & PERM_COPY) == 0) | ||
702 | return false; | ||
703 | |||
704 | //If they can rez, they can duplicate | ||
705 | return CanRezObject(objectCount, owner, objectPosition, scene); | ||
706 | } | ||
707 | |||
708 | private bool CanDeleteObject(UUID objectID, UUID deleter, Scene scene) | ||
709 | { | ||
710 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
711 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
712 | |||
713 | return GenericObjectPermission(deleter, objectID, false); | ||
714 | } | ||
715 | |||
716 | private bool CanEditObject(UUID objectID, UUID editorID, Scene scene) | ||
717 | { | ||
718 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
719 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
720 | |||
721 | |||
722 | return GenericObjectPermission(editorID, objectID, false); | ||
723 | } | ||
724 | |||
725 | private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene) | ||
726 | { | ||
727 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
728 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
729 | |||
730 | SceneObjectPart part = m_scene.GetSceneObjectPart(objectID); | ||
731 | |||
732 | // If we selected a sub-prim to edit, the objectID won't represent the object, but only a part. | ||
733 | // We have to check the permissions of the group, though. | ||
734 | if (part.ParentID != 0) | ||
735 | { | ||
736 | objectID = part.ParentUUID; | ||
737 | part = m_scene.GetSceneObjectPart(objectID); | ||
738 | } | ||
739 | |||
740 | // TODO: add group support! | ||
741 | // | ||
742 | if (part.OwnerID != editorID) | ||
743 | return false; | ||
744 | |||
745 | return GenericObjectPermission(editorID, objectID, false); | ||
746 | } | ||
747 | |||
748 | private bool CanEditParcel(UUID user, ILandObject parcel, Scene scene) | ||
749 | { | ||
750 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
751 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
752 | |||
753 | return GenericParcelPermission(user, parcel); | ||
754 | } | ||
755 | |||
756 | /// <summary> | ||
757 | /// Check whether the specified user can edit the given script | ||
758 | /// </summary> | ||
759 | /// <param name="script"></param> | ||
760 | /// <param name="objectID"></param> | ||
761 | /// <param name="user"></param> | ||
762 | /// <param name="scene"></param> | ||
763 | /// <returns></returns> | ||
764 | private bool CanEditScript(UUID script, UUID objectID, UUID user, Scene scene) | ||
765 | { | ||
766 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
767 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
768 | |||
769 | if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(user)) | ||
770 | return false; | ||
771 | |||
772 | // Ordinarily, if you can view it, you can edit it | ||
773 | // There is no viewing a no mod script | ||
774 | // | ||
775 | return CanViewScript(script, objectID, user, scene); | ||
776 | } | ||
777 | |||
778 | /// <summary> | ||
779 | /// Check whether the specified user can edit the given notecard | ||
780 | /// </summary> | ||
781 | /// <param name="notecard"></param> | ||
782 | /// <param name="objectID"></param> | ||
783 | /// <param name="user"></param> | ||
784 | /// <param name="scene"></param> | ||
785 | /// <returns></returns> | ||
786 | private bool CanEditNotecard(UUID notecard, UUID objectID, UUID user, Scene scene) | ||
787 | { | ||
788 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
789 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
790 | |||
791 | if (objectID == UUID.Zero) // User inventory | ||
792 | { | ||
793 | CachedUserInfo userInfo = | ||
794 | scene.CommsManager.UserProfileCacheService.GetUserDetails(user); | ||
795 | |||
796 | if (userInfo == null) | ||
797 | { | ||
798 | m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user); | ||
799 | return false; | ||
800 | } | ||
801 | |||
802 | if (userInfo.RootFolder == null) | ||
803 | return false; | ||
804 | |||
805 | InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard); | ||
806 | if (assetRequestItem == null) // Library item | ||
807 | { | ||
808 | assetRequestItem = scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard); | ||
809 | |||
810 | if (assetRequestItem != null) // Implicitly readable | ||
811 | return true; | ||
812 | } | ||
813 | |||
814 | // Notecards must be both mod and copy to be saveable | ||
815 | // This is because of they're not copy, you can't read | ||
816 | // them, and if they're not mod, well, then they're | ||
817 | // not mod. Duh. | ||
818 | // | ||
819 | if ((assetRequestItem.CurrentPermissions & | ||
820 | ((uint)PermissionMask.Modify | | ||
821 | (uint)PermissionMask.Copy)) != | ||
822 | ((uint)PermissionMask.Modify | | ||
823 | (uint)PermissionMask.Copy)) | ||
824 | return false; | ||
825 | } | ||
826 | else // Prim inventory | ||
827 | { | ||
828 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); | ||
829 | |||
830 | if (part == null) | ||
831 | return false; | ||
832 | |||
833 | if (part.OwnerID != user) | ||
834 | return false; | ||
835 | |||
836 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | ||
837 | return false; | ||
838 | |||
839 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); | ||
840 | |||
841 | if (ti == null) | ||
842 | return false; | ||
843 | |||
844 | if (ti.OwnerID != user) | ||
845 | return false; | ||
846 | |||
847 | // Require full perms | ||
848 | if ((ti.CurrentPermissions & | ||
849 | ((uint)PermissionMask.Modify | | ||
850 | (uint)PermissionMask.Copy)) != | ||
851 | ((uint)PermissionMask.Modify | | ||
852 | (uint)PermissionMask.Copy)) | ||
853 | return false; | ||
854 | } | ||
855 | |||
856 | return true; | ||
857 | } | ||
858 | |||
859 | private bool CanInstantMessage(UUID user, UUID target, Scene startScene) | ||
860 | { | ||
861 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
862 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
863 | |||
864 | // If the sender is an object, check owner instead | ||
865 | // | ||
866 | SceneObjectPart part = startScene.GetSceneObjectPart(user); | ||
867 | if (part != null) | ||
868 | user = part.OwnerID; | ||
869 | |||
870 | return GenericCommunicationPermission(user, target); | ||
871 | } | ||
872 | |||
873 | private bool CanInventoryTransfer(UUID user, UUID target, Scene startScene) | ||
874 | { | ||
875 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
876 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
877 | |||
878 | return GenericCommunicationPermission(user, target); | ||
879 | } | ||
880 | |||
881 | private bool CanIssueEstateCommand(UUID user, Scene requestFromScene, bool ownerCommand) | ||
882 | { | ||
883 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
884 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
885 | |||
886 | if (IsAdministrator(user)) | ||
887 | return true; | ||
888 | |||
889 | if (m_scene.RegionInfo.EstateSettings.IsEstateOwner(user)) | ||
890 | return true; | ||
891 | |||
892 | if (ownerCommand) | ||
893 | return false; | ||
894 | |||
895 | return GenericEstatePermission(user); | ||
896 | } | ||
897 | |||
898 | private bool CanMoveObject(UUID objectID, UUID moverID, Scene scene) | ||
899 | { | ||
900 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
901 | if (m_bypassPermissions) | ||
902 | { | ||
903 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); | ||
904 | if (part.OwnerID != moverID) | ||
905 | { | ||
906 | if (part.ParentGroup != null && !part.ParentGroup.IsDeleted) | ||
907 | { | ||
908 | if (part.ParentGroup.IsAttachment) | ||
909 | return false; | ||
910 | } | ||
911 | } | ||
912 | return m_bypassPermissionsValue; | ||
913 | } | ||
914 | |||
915 | bool permission = GenericObjectPermission(moverID, objectID, true); | ||
916 | if (!permission) | ||
917 | { | ||
918 | if (!m_scene.Entities.ContainsKey(objectID)) | ||
919 | { | ||
920 | return false; | ||
921 | } | ||
922 | |||
923 | // The client | ||
924 | // may request to edit linked parts, and therefore, it needs | ||
925 | // to also check for SceneObjectPart | ||
926 | |||
927 | // If it's not an object, we cant edit it. | ||
928 | if ((!(m_scene.Entities[objectID] is SceneObjectGroup))) | ||
929 | { | ||
930 | return false; | ||
931 | } | ||
932 | |||
933 | |||
934 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID]; | ||
935 | |||
936 | |||
937 | // UUID taskOwner = null; | ||
938 | // Added this because at this point in time it wouldn't be wise for | ||
939 | // the administrator object permissions to take effect. | ||
940 | // UUID objectOwner = task.OwnerID; | ||
941 | |||
942 | // Anyone can move | ||
943 | if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0) | ||
944 | permission = true; | ||
945 | |||
946 | // Locked | ||
947 | if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0) | ||
948 | permission = false; | ||
949 | } | ||
950 | else | ||
951 | { | ||
952 | bool locked = false; | ||
953 | if (!m_scene.Entities.ContainsKey(objectID)) | ||
954 | { | ||
955 | return false; | ||
956 | } | ||
957 | |||
958 | // If it's not an object, we cant edit it. | ||
959 | if ((!(m_scene.Entities[objectID] is SceneObjectGroup))) | ||
960 | { | ||
961 | return false; | ||
962 | } | ||
963 | |||
964 | SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objectID]; | ||
965 | |||
966 | UUID objectOwner = group.OwnerID; | ||
967 | locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); | ||
968 | |||
969 | // This is an exception to the generic object permission. | ||
970 | // Administrators who lock their objects should not be able to move them, | ||
971 | // however generic object permission should return true. | ||
972 | // This keeps locked objects from being affected by random click + drag actions by accident | ||
973 | // and allows the administrator to grab or delete a locked object. | ||
974 | |||
975 | // Administrators and estate managers are still able to click+grab locked objects not | ||
976 | // owned by them in the scene | ||
977 | // This is by design. | ||
978 | |||
979 | if (locked && (moverID == objectOwner)) | ||
980 | return false; | ||
981 | } | ||
982 | return permission; | ||
983 | } | ||
984 | |||
985 | private bool CanObjectEntry(UUID objectID, bool enteringRegion, Vector3 newPoint, Scene scene) | ||
986 | { | ||
987 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
988 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
989 | |||
990 | if ((newPoint.X > 257f || newPoint.X < -1f || newPoint.Y > 257f || newPoint.Y < -1f)) | ||
991 | { | ||
992 | return true; | ||
993 | } | ||
994 | |||
995 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID]; | ||
996 | |||
997 | ILandObject land = m_scene.LandChannel.GetLandObject(newPoint.X, newPoint.Y); | ||
998 | |||
999 | if (!enteringRegion) | ||
1000 | { | ||
1001 | ILandObject fromland = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y); | ||
1002 | |||
1003 | if (fromland == land) // Not entering | ||
1004 | return true; | ||
1005 | } | ||
1006 | |||
1007 | if (land == null) | ||
1008 | { | ||
1009 | return false; | ||
1010 | } | ||
1011 | |||
1012 | if ((land.landData.Flags & ((int)Parcel.ParcelFlags.AllowAPrimitiveEntry)) != 0) | ||
1013 | { | ||
1014 | return true; | ||
1015 | } | ||
1016 | |||
1017 | //TODO: check for group rights | ||
1018 | |||
1019 | if (!m_scene.Entities.ContainsKey(objectID)) | ||
1020 | { | ||
1021 | return false; | ||
1022 | } | ||
1023 | |||
1024 | // If it's not an object, we cant edit it. | ||
1025 | if (!(m_scene.Entities[objectID] is SceneObjectGroup)) | ||
1026 | { | ||
1027 | return false; | ||
1028 | } | ||
1029 | |||
1030 | |||
1031 | if (GenericParcelPermission(task.OwnerID, newPoint)) | ||
1032 | { | ||
1033 | return true; | ||
1034 | } | ||
1035 | |||
1036 | //Otherwise, false! | ||
1037 | return false; | ||
1038 | } | ||
1039 | |||
1040 | private bool CanReturnObject(UUID objectID, UUID returnerID, Scene scene) | ||
1041 | { | ||
1042 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1043 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1044 | |||
1045 | return GenericObjectPermission(returnerID, objectID, false); | ||
1046 | } | ||
1047 | |||
1048 | private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene) | ||
1049 | { | ||
1050 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1051 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1052 | |||
1053 | bool permission = false; | ||
1054 | |||
1055 | ILandObject land = m_scene.LandChannel.GetLandObject(objectPosition.X, objectPosition.Y); | ||
1056 | if (land == null) return false; | ||
1057 | |||
1058 | if ((land.landData.Flags & ((int)Parcel.ParcelFlags.CreateObjects)) == | ||
1059 | (int)Parcel.ParcelFlags.CreateObjects) | ||
1060 | permission = true; | ||
1061 | |||
1062 | //TODO: check for group rights | ||
1063 | |||
1064 | if (IsAdministrator(owner)) | ||
1065 | { | ||
1066 | permission = true; | ||
1067 | } | ||
1068 | |||
1069 | if (GenericParcelPermission(owner, objectPosition)) | ||
1070 | { | ||
1071 | permission = true; | ||
1072 | } | ||
1073 | |||
1074 | return permission; | ||
1075 | } | ||
1076 | |||
1077 | private bool CanRunConsoleCommand(UUID user, Scene requestFromScene) | ||
1078 | { | ||
1079 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1080 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1081 | |||
1082 | |||
1083 | return IsAdministrator(user); | ||
1084 | } | ||
1085 | |||
1086 | private bool CanRunScript(UUID script, UUID objectID, UUID user, Scene scene) | ||
1087 | { | ||
1088 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1089 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1090 | |||
1091 | return true; | ||
1092 | } | ||
1093 | |||
1094 | private bool CanSellParcel(UUID user, ILandObject parcel, Scene scene) | ||
1095 | { | ||
1096 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1097 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1098 | |||
1099 | return GenericParcelPermission(user, parcel); | ||
1100 | } | ||
1101 | |||
1102 | private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene) | ||
1103 | { | ||
1104 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1105 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1106 | |||
1107 | return GenericObjectPermission(stealer,objectID, false); | ||
1108 | } | ||
1109 | |||
1110 | private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene) | ||
1111 | { | ||
1112 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1113 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1114 | |||
1115 | bool permission = GenericObjectPermission(userID, objectID,false); | ||
1116 | if (!permission) | ||
1117 | { | ||
1118 | if (!m_scene.Entities.ContainsKey(objectID)) | ||
1119 | { | ||
1120 | return false; | ||
1121 | } | ||
1122 | |||
1123 | // If it's not an object, we cant edit it. | ||
1124 | if (!(m_scene.Entities[objectID] is SceneObjectGroup)) | ||
1125 | { | ||
1126 | return false; | ||
1127 | } | ||
1128 | |||
1129 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID]; | ||
1130 | // UUID taskOwner = null; | ||
1131 | // Added this because at this point in time it wouldn't be wise for | ||
1132 | // the administrator object permissions to take effect. | ||
1133 | // UUID objectOwner = task.OwnerID; | ||
1134 | |||
1135 | if ((task.RootPart.EveryoneMask & PERM_COPY) != 0) | ||
1136 | permission = true; | ||
1137 | |||
1138 | if ((task.GetEffectivePermissions() & PERM_COPY) == 0) | ||
1139 | permission = false; | ||
1140 | } | ||
1141 | else | ||
1142 | { | ||
1143 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID]; | ||
1144 | |||
1145 | if ((task.GetEffectivePermissions() & PERM_COPY) == 0) | ||
1146 | permission = false; | ||
1147 | } | ||
1148 | |||
1149 | return permission; | ||
1150 | } | ||
1151 | |||
1152 | private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene) | ||
1153 | { | ||
1154 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1155 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1156 | |||
1157 | // Estate override | ||
1158 | if (GenericEstatePermission(user)) | ||
1159 | return true; | ||
1160 | |||
1161 | float X = position.X; | ||
1162 | float Y = position.Y; | ||
1163 | |||
1164 | if (X > 255) | ||
1165 | X = 255; | ||
1166 | if (Y > 255) | ||
1167 | Y = 255; | ||
1168 | if (X < 0) | ||
1169 | X = 0; | ||
1170 | if (Y < 0) | ||
1171 | Y = 0; | ||
1172 | |||
1173 | ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y); | ||
1174 | if (parcel == null) | ||
1175 | return false; | ||
1176 | |||
1177 | // Others allowed to terraform? | ||
1178 | if ((parcel.landData.Flags & ((int)Parcel.ParcelFlags.AllowTerraform)) != 0) | ||
1179 | return true; | ||
1180 | |||
1181 | // Land owner can terraform too | ||
1182 | if (parcel != null && GenericParcelPermission(user, parcel)) | ||
1183 | return true; | ||
1184 | |||
1185 | return false; | ||
1186 | } | ||
1187 | |||
1188 | /// <summary> | ||
1189 | /// Check whether the specified user can view the given script | ||
1190 | /// </summary> | ||
1191 | /// <param name="script"></param> | ||
1192 | /// <param name="objectID"></param> | ||
1193 | /// <param name="user"></param> | ||
1194 | /// <param name="scene"></param> | ||
1195 | /// <returns></returns> | ||
1196 | private bool CanViewScript(UUID script, UUID objectID, UUID user, Scene scene) | ||
1197 | { | ||
1198 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1199 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1200 | |||
1201 | if (objectID == UUID.Zero) // User inventory | ||
1202 | { | ||
1203 | CachedUserInfo userInfo = | ||
1204 | scene.CommsManager.UserProfileCacheService.GetUserDetails(user); | ||
1205 | |||
1206 | if (userInfo == null) | ||
1207 | { | ||
1208 | m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for administrator check", user); | ||
1209 | return false; | ||
1210 | } | ||
1211 | |||
1212 | if (userInfo.RootFolder == null) | ||
1213 | return false; | ||
1214 | |||
1215 | InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(script); | ||
1216 | if (assetRequestItem == null) // Library item | ||
1217 | { | ||
1218 | assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(script); | ||
1219 | |||
1220 | if (assetRequestItem != null) // Implicitly readable | ||
1221 | return true; | ||
1222 | } | ||
1223 | |||
1224 | // SL is rather harebrained here. In SL, a script you | ||
1225 | // have mod/copy no trans is readable. This subverts | ||
1226 | // permissions, but is used in some products, most | ||
1227 | // notably Hippo door plugin and HippoRent 5 networked | ||
1228 | // prim counter. | ||
1229 | // To enable this broken SL-ism, remove Transfer from | ||
1230 | // the below expressions. | ||
1231 | // Trying to improve on SL perms by making a script | ||
1232 | // readable only if it's really full perms | ||
1233 | // | ||
1234 | if ((assetRequestItem.CurrentPermissions & | ||
1235 | ((uint)PermissionMask.Modify | | ||
1236 | (uint)PermissionMask.Copy | | ||
1237 | (uint)PermissionMask.Transfer)) != | ||
1238 | ((uint)PermissionMask.Modify | | ||
1239 | (uint)PermissionMask.Copy | | ||
1240 | (uint)PermissionMask.Transfer)) | ||
1241 | return false; | ||
1242 | } | ||
1243 | else // Prim inventory | ||
1244 | { | ||
1245 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); | ||
1246 | |||
1247 | if (part == null) | ||
1248 | return false; | ||
1249 | |||
1250 | if (part.OwnerID != user) | ||
1251 | return false; | ||
1252 | |||
1253 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | ||
1254 | return false; | ||
1255 | |||
1256 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(script); | ||
1257 | |||
1258 | if (ti == null) | ||
1259 | return false; | ||
1260 | |||
1261 | if (ti.OwnerID != user) | ||
1262 | return false; | ||
1263 | |||
1264 | // Require full perms | ||
1265 | if ((ti.CurrentPermissions & | ||
1266 | ((uint)PermissionMask.Modify | | ||
1267 | (uint)PermissionMask.Copy | | ||
1268 | (uint)PermissionMask.Transfer)) != | ||
1269 | ((uint)PermissionMask.Modify | | ||
1270 | (uint)PermissionMask.Copy | | ||
1271 | (uint)PermissionMask.Transfer)) | ||
1272 | return false; | ||
1273 | } | ||
1274 | |||
1275 | return true; | ||
1276 | } | ||
1277 | |||
1278 | /// <summary> | ||
1279 | /// Check whether the specified user can view the given notecard | ||
1280 | /// </summary> | ||
1281 | /// <param name="script"></param> | ||
1282 | /// <param name="objectID"></param> | ||
1283 | /// <param name="user"></param> | ||
1284 | /// <param name="scene"></param> | ||
1285 | /// <returns></returns> | ||
1286 | private bool CanViewNotecard(UUID notecard, UUID objectID, UUID user, Scene scene) | ||
1287 | { | ||
1288 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1289 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1290 | |||
1291 | if (objectID == UUID.Zero) // User inventory | ||
1292 | { | ||
1293 | CachedUserInfo userInfo = | ||
1294 | scene.CommsManager.UserProfileCacheService.GetUserDetails(user); | ||
1295 | |||
1296 | if (userInfo == null) | ||
1297 | { | ||
1298 | m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for view notecard check", user); | ||
1299 | return false; | ||
1300 | } | ||
1301 | |||
1302 | if (userInfo.RootFolder == null) | ||
1303 | return false; | ||
1304 | |||
1305 | InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard); | ||
1306 | if (assetRequestItem == null) // Library item | ||
1307 | { | ||
1308 | assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard); | ||
1309 | |||
1310 | if (assetRequestItem != null) // Implicitly readable | ||
1311 | return true; | ||
1312 | } | ||
1313 | |||
1314 | // Notecards are always readable unless no copy | ||
1315 | // | ||
1316 | if ((assetRequestItem.CurrentPermissions & | ||
1317 | (uint)PermissionMask.Copy) != | ||
1318 | (uint)PermissionMask.Copy) | ||
1319 | return false; | ||
1320 | } | ||
1321 | else // Prim inventory | ||
1322 | { | ||
1323 | SceneObjectPart part = scene.GetSceneObjectPart(objectID); | ||
1324 | |||
1325 | if (part == null) | ||
1326 | return false; | ||
1327 | |||
1328 | if (part.OwnerID != user) | ||
1329 | return false; | ||
1330 | |||
1331 | if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) | ||
1332 | return false; | ||
1333 | |||
1334 | TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); | ||
1335 | |||
1336 | if (ti == null) | ||
1337 | return false; | ||
1338 | |||
1339 | if (ti.OwnerID != user) | ||
1340 | return false; | ||
1341 | |||
1342 | // Notecards are always readable unless no copy | ||
1343 | // | ||
1344 | if ((ti.CurrentPermissions & | ||
1345 | (uint)PermissionMask.Copy) != | ||
1346 | (uint)PermissionMask.Copy) | ||
1347 | return false; | ||
1348 | } | ||
1349 | |||
1350 | return true; | ||
1351 | } | ||
1352 | |||
1353 | #endregion | ||
1354 | |||
1355 | private bool CanLinkObject(UUID userID, UUID objectID) | ||
1356 | { | ||
1357 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1358 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1359 | |||
1360 | return true; | ||
1361 | } | ||
1362 | |||
1363 | private bool CanDelinkObject(UUID userID, UUID objectID) | ||
1364 | { | ||
1365 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1366 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1367 | |||
1368 | return true; | ||
1369 | } | ||
1370 | |||
1371 | private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene) | ||
1372 | { | ||
1373 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1374 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1375 | |||
1376 | return true; | ||
1377 | } | ||
1378 | |||
1379 | private bool CanCopyObjectInventory(UUID itemID, UUID objectID, UUID userID) | ||
1380 | { | ||
1381 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1382 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1383 | |||
1384 | return true; | ||
1385 | } | ||
1386 | |||
1387 | private bool CanDeleteObjectInventory(UUID itemID, UUID objectID, UUID userID) | ||
1388 | { | ||
1389 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1390 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1391 | |||
1392 | return true; | ||
1393 | } | ||
1394 | |||
1395 | /// <summary> | ||
1396 | /// Check whether the specified user is allowed to directly create the given inventory type in a prim's | ||
1397 | /// inventory (e.g. the New Script button in the 1.21 Linden Lab client). | ||
1398 | /// </summary> | ||
1399 | /// <param name="invType"></param> | ||
1400 | /// <param name="objectID"></param> | ||
1401 | /// <param name="userID"></param> | ||
1402 | /// <returns></returns> | ||
1403 | private bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID) | ||
1404 | { | ||
1405 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1406 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1407 | |||
1408 | if ((int)InventoryType.LSL == invType) | ||
1409 | if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID)) | ||
1410 | return false; | ||
1411 | |||
1412 | return true; | ||
1413 | } | ||
1414 | |||
1415 | /// <summary> | ||
1416 | /// Check whether the specified user is allowed to create the given inventory type in their inventory. | ||
1417 | /// </summary> | ||
1418 | /// <param name="invType"></param> | ||
1419 | /// <param name="userID"></param> | ||
1420 | /// <returns></returns> | ||
1421 | private bool CanCreateUserInventory(int invType, UUID userID) | ||
1422 | { | ||
1423 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1424 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1425 | |||
1426 | if ((int)InventoryType.LSL == invType) | ||
1427 | if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID)) | ||
1428 | return false; | ||
1429 | |||
1430 | return true; | ||
1431 | } | ||
1432 | |||
1433 | /// <summary> | ||
1434 | /// Check whether the specified user is allowed to copy the given inventory type in their inventory. | ||
1435 | /// </summary> | ||
1436 | /// <param name="itemID"></param> | ||
1437 | /// <param name="userID"></param> | ||
1438 | /// <returns></returns> | ||
1439 | private bool CanCopyUserInventory(UUID itemID, UUID userID) | ||
1440 | { | ||
1441 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1442 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1443 | |||
1444 | return true; | ||
1445 | } | ||
1446 | |||
1447 | /// <summary> | ||
1448 | /// Check whether the specified user is allowed to edit the given inventory item within their own inventory. | ||
1449 | /// </summary> | ||
1450 | /// <param name="itemID"></param> | ||
1451 | /// <param name="userID"></param> | ||
1452 | /// <returns></returns> | ||
1453 | private bool CanEditUserInventory(UUID itemID, UUID userID) | ||
1454 | { | ||
1455 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1456 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1457 | |||
1458 | return true; | ||
1459 | } | ||
1460 | |||
1461 | /// <summary> | ||
1462 | /// Check whether the specified user is allowed to delete the given inventory item from their own inventory. | ||
1463 | /// </summary> | ||
1464 | /// <param name="itemID"></param> | ||
1465 | /// <param name="userID"></param> | ||
1466 | /// <returns></returns> | ||
1467 | private bool CanDeleteUserInventory(UUID itemID, UUID userID) | ||
1468 | { | ||
1469 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1470 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1471 | |||
1472 | return true; | ||
1473 | } | ||
1474 | |||
1475 | private bool CanTeleport(UUID userID) | ||
1476 | { | ||
1477 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1478 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1479 | |||
1480 | return true; | ||
1481 | } | ||
1482 | |||
1483 | private bool CanResetScript(UUID prim, UUID script, UUID agentID, Scene scene) | ||
1484 | { | ||
1485 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1486 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1487 | |||
1488 | SceneObjectPart part = m_scene.GetSceneObjectPart(prim); | ||
1489 | |||
1490 | // If we selected a sub-prim to reset, prim won't represent the object, but only a part. | ||
1491 | // We have to check the permissions of the object, though. | ||
1492 | if (part.ParentID != 0) prim = part.ParentUUID; | ||
1493 | |||
1494 | // You can reset the scripts in any object you can edit | ||
1495 | return GenericObjectPermission(agentID, prim, false); | ||
1496 | } | ||
1497 | } | ||
1498 | } | ||