aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/Environment/Modules/World/Permissions
diff options
context:
space:
mode:
authorDr Scofield2009-02-10 13:10:57 +0000
committerDr Scofield2009-02-10 13:10:57 +0000
commit180be7de07014aa33bc6066f12a0819b731c1c9d (patch)
tree3aa13af3cda4b808fa9453655875327699b61311 /OpenSim/Region/Environment/Modules/World/Permissions
parentStopgap measure: To use gridlaunch, or GUI, start opensim with (diff)
downloadopensim-SC_OLD-180be7de07014aa33bc6066f12a0819b731c1c9d.zip
opensim-SC_OLD-180be7de07014aa33bc6066f12a0819b731c1c9d.tar.gz
opensim-SC_OLD-180be7de07014aa33bc6066f12a0819b731c1c9d.tar.bz2
opensim-SC_OLD-180be7de07014aa33bc6066f12a0819b731c1c9d.tar.xz
this is step 2 of 2 of the OpenSim.Region.Environment refactor.
NOTHING has been deleted or moved off to forge at this point. what has happened is that OpenSim.Region.Environment.Modules has been split in two: - OpenSim.Region.CoreModules: all those modules that are either directly or indirectly referenced from other OpenSim packages, or that provide functionality that the OpenSim developer community considers core functionality: CoreModules/Agent/AssetTransaction CoreModules/Agent/Capabilities CoreModules/Agent/TextureDownload CoreModules/Agent/TextureSender CoreModules/Agent/TextureSender/Tests CoreModules/Agent/Xfer CoreModules/Avatar/AvatarFactory CoreModules/Avatar/Chat/ChatModule CoreModules/Avatar/Combat CoreModules/Avatar/Currency/SampleMoney CoreModules/Avatar/Dialog CoreModules/Avatar/Friends CoreModules/Avatar/Gestures CoreModules/Avatar/Groups CoreModules/Avatar/InstantMessage CoreModules/Avatar/Inventory CoreModules/Avatar/Inventory/Archiver CoreModules/Avatar/Inventory/Transfer CoreModules/Avatar/Lure CoreModules/Avatar/ObjectCaps CoreModules/Avatar/Profiles CoreModules/Communications/Local CoreModules/Communications/REST CoreModules/Framework/EventQueue CoreModules/Framework/InterfaceCommander CoreModules/Hypergrid CoreModules/InterGrid CoreModules/Scripting/DynamicTexture CoreModules/Scripting/EMailModules CoreModules/Scripting/HttpRequest CoreModules/Scripting/LoadImageURL CoreModules/Scripting/VectorRender CoreModules/Scripting/WorldComm CoreModules/Scripting/XMLRPC CoreModules/World/Archiver CoreModules/World/Archiver/Tests CoreModules/World/Estate CoreModules/World/Land CoreModules/World/Permissions CoreModules/World/Serialiser CoreModules/World/Sound CoreModules/World/Sun CoreModules/World/Terrain CoreModules/World/Terrain/DefaultEffects CoreModules/World/Terrain/DefaultEffects/bin CoreModules/World/Terrain/DefaultEffects/bin/Debug CoreModules/World/Terrain/Effects CoreModules/World/Terrain/FileLoaders CoreModules/World/Terrain/FloodBrushes CoreModules/World/Terrain/PaintBrushes CoreModules/World/Terrain/Tests CoreModules/World/Vegetation CoreModules/World/Wind CoreModules/World/WorldMap - OpenSim.Region.OptionalModules: all those modules that are not core modules: OptionalModules/Avatar/Chat/IRC-stuff OptionalModules/Avatar/Concierge OptionalModules/Avatar/Voice/AsterixVoice OptionalModules/Avatar/Voice/SIPVoice OptionalModules/ContentManagementSystem OptionalModules/Grid/Interregion OptionalModules/Python OptionalModules/SvnSerialiser OptionalModules/World/NPC OptionalModules/World/TreePopulator
Diffstat (limited to 'OpenSim/Region/Environment/Modules/World/Permissions')
-rw-r--r--OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs1498
1 files changed, 0 insertions, 1498 deletions
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
deleted file mode 100644
index 8838e39..0000000
--- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
+++ /dev/null
@@ -1,1498 +0,0 @@
1/*
2 * Copyright (c) Contributors, http://opensimulator.org/
3 * See CONTRIBUTORS.TXT for a full list of copyright holders.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * * Neither the name of the OpenSim Project nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28using OpenMetaverse;
29using Nini.Config;
30using System;
31using System.Collections;
32using System.Collections.Generic;
33using System.Reflection;
34using log4net;
35using OpenSim;
36using OpenSim.Framework;
37using OpenSim.Region.Framework.Interfaces;
38using OpenSim.Region.Framework.Scenes;
39using OpenSim.Region.Environment.Modules.Framework;
40using OpenSim.Framework.Communications.Cache;
41
42namespace OpenSim.Region.Environment.Modules.World.Permissions
43{
44 public class PermissionsModule : IRegionModule
45 {
46 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
47
48 protected Scene m_scene;
49
50 #region Constants
51 // These are here for testing. They will be taken out
52
53 //private uint PERM_ALL = (uint)2147483647;
54 private uint PERM_COPY = (uint)32768;
55 //private uint PERM_MODIFY = (uint)16384;
56 private uint PERM_MOVE = (uint)524288;
57 //private uint PERM_TRANS = (uint)8192;
58 private uint PERM_LOCKED = (uint)540672;
59
60 /// <value>
61 /// Different user set names that come in from the configuration file.
62 /// </value>
63 enum UserSet
64 {
65 All,
66 Administrators
67 };
68
69 #endregion
70
71 #region Bypass Permissions / Debug Permissions Stuff
72
73 // Bypasses the permissions engine
74 private bool m_bypassPermissions = true;
75 private bool m_bypassPermissionsValue = true;
76 private bool m_propagatePermissions = false;
77 private bool m_debugPermissions = false;
78 private bool m_allowGridGods = false;
79 private bool m_RegionOwnerIsGod = false;
80 private bool m_ParcelOwnerIsGod = false;
81
82 /// <value>
83 /// The set of users that are allowed to create scripts. This is only active if permissions are not being
84 /// bypassed. This overrides normal permissions.
85 /// </value>
86 private UserSet m_allowedScriptCreators = UserSet.All;
87
88 /// <value>
89 /// The set of users that are allowed to edit (save) scripts. This is only active if
90 /// permissions are not being bypassed. This overrides normal permissions.-
91 /// </value>
92 private UserSet m_allowedScriptEditors = UserSet.All;
93
94 #endregion
95
96 #region IRegionModule Members
97
98 public void Initialise(Scene scene, IConfigSource config)
99 {
100 m_scene = scene;
101
102 IConfig myConfig = config.Configs["Startup"];
103
104 string permissionModules = myConfig.GetString("permissionmodules", "DefaultPermissionsModule");
105
106 List<string> modules=new List<string>(permissionModules.Split(','));
107
108 if (!modules.Contains("DefaultPermissionsModule"))
109 return;
110
111 m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false);
112 m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true);
113 m_propagatePermissions = myConfig.GetBoolean("propagate_permissions", true);
114 m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
115 m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
116
117 m_allowedScriptCreators
118 = ParseUserSetConfigSetting(myConfig, "allowed_script_creators", m_allowedScriptCreators);
119 m_allowedScriptEditors
120 = ParseUserSetConfigSetting(myConfig, "allowed_script_editors", m_allowedScriptEditors);
121
122 if (m_bypassPermissions)
123 m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks");
124 else
125 m_log.Debug("[PERMISSIONS]: Enabling all region service permission checks");
126
127 //Register functions with Scene External Checks!
128 m_scene.Permissions.AddBypassPermissionsHandler(BypassPermissions); //FULLY IMPLEMENTED
129 m_scene.Permissions.AddSetBypassPermissionsHandler(SetBypassPermissions); //FULLY IMPLEMENTED
130 m_scene.Permissions.AddPropagatePermissionsHandler(PropagatePermissions); //FULLY IMPLEMENTED
131 m_scene.Permissions.AddGenerateClientFlagsHandler(GenerateClientFlags); //NOT YET FULLY IMPLEMENTED
132 m_scene.Permissions.AddAbandonParcelHandler(CanAbandonParcel); //FULLY IMPLEMENTED
133 m_scene.Permissions.AddReclaimParcelHandler(CanReclaimParcel); //FULLY IMPLEMENTED
134 m_scene.Permissions.AddIsGodHandler(IsGod); //FULLY IMPLEMENTED
135 m_scene.Permissions.AddDuplicateObjectHandler(CanDuplicateObject); //FULLY IMPLEMENTED
136 m_scene.Permissions.AddDeleteObjectHandler(CanDeleteObject); //MAYBE FULLY IMPLEMENTED
137 m_scene.Permissions.AddEditObjectHandler(CanEditObject);//MAYBE FULLY IMPLEMENTED
138 m_scene.Permissions.AddEditParcelHandler(CanEditParcel); //FULLY IMPLEMENTED
139 m_scene.Permissions.AddInstantMessageHandler(CanInstantMessage); //FULLY IMPLEMENTED
140 m_scene.Permissions.AddInventoryTransferHandler(CanInventoryTransfer); //NOT YET IMPLEMENTED
141 m_scene.Permissions.AddIssueEstateCommandHandler(CanIssueEstateCommand); //FULLY IMPLEMENTED
142 m_scene.Permissions.AddMoveObjectHandler(CanMoveObject); //HOPEFULLY FULLY IMPLEMENTED
143 m_scene.Permissions.AddObjectEntryHandler(CanObjectEntry); //FULLY IMPLEMENTED
144 m_scene.Permissions.AddReturnObjectHandler(CanReturnObject); //NOT YET IMPLEMENTED
145 m_scene.Permissions.AddRezObjectHandler(CanRezObject); //HOPEFULLY FULLY IMPLEMENTED
146 m_scene.Permissions.AddRunConsoleCommandHandler(CanRunConsoleCommand); //FULLY IMPLEMENTED
147 m_scene.Permissions.AddRunScriptHandler(CanRunScript); //NOT YET IMPLEMENTED
148 m_scene.Permissions.AddSellParcelHandler(CanSellParcel); //FULLY IMPLEMENTED
149 m_scene.Permissions.AddTakeObjectHandler(CanTakeObject); //FULLY IMPLEMENTED
150 m_scene.Permissions.AddTakeCopyObjectHandler(CanTakeCopyObject); //FULLY IMPLEMENTED
151 m_scene.Permissions.AddTerraformLandHandler(CanTerraformLand); //FULL IMPLEMENTED (POINT ONLY!!! NOT AREA!!!)
152 m_scene.Permissions.AddCanLinkObjectHandler(CanLinkObject); //NOT YET IMPLEMENTED
153 m_scene.Permissions.AddCanDelinkObjectHandler(CanDelinkObject); //NOT YET IMPLEMENTED
154 m_scene.Permissions.AddCanBuyLandHandler(CanBuyLand); //NOT YET IMPLEMENTED
155
156 m_scene.Permissions.AddViewNotecardHandler(CanViewNotecard); //NOT YET IMPLEMENTED
157 m_scene.Permissions.AddViewScriptHandler(CanViewScript); //NOT YET IMPLEMENTED
158 m_scene.Permissions.AddEditNotecardHandler(CanEditNotecard); //NOT YET IMPLEMENTED
159 m_scene.Permissions.AddEditScriptHandler(CanEditScript); //NOT YET IMPLEMENTED
160
161 m_scene.Permissions.AddCanCreateObjectInventoryHandler(CanCreateObjectInventory); //NOT IMPLEMENTED HERE
162 m_scene.Permissions.AddEditObjectInventoryHandler(CanEditObjectInventory);//MAYBE FULLY IMPLEMENTED
163 m_scene.Permissions.AddCanCopyObjectInventoryHandler(CanCopyObjectInventory); //NOT YET IMPLEMENTED
164 m_scene.Permissions.AddCanDeleteObjectInventoryHandler(CanDeleteObjectInventory); //NOT YET IMPLEMENTED
165 m_scene.Permissions.AddResetScriptHandler(CanResetScript);
166
167 m_scene.Permissions.AddCanCreateUserInventoryHandler(CanCreateUserInventory); //NOT YET IMPLEMENTED
168 m_scene.Permissions.AddCanCopyUserInventoryHandler(CanCopyUserInventory); //NOT YET IMPLEMENTED
169 m_scene.Permissions.AddCanEditUserInventoryHandler(CanEditUserInventory); //NOT YET IMPLEMENTED
170 m_scene.Permissions.AddCanDeleteUserInventoryHandler(CanDeleteUserInventory); //NOT YET IMPLEMENTED
171
172 m_scene.Permissions.AddCanTeleportHandler(CanTeleport); //NOT YET IMPLEMENTED
173
174 m_scene.AddCommand("permissions", "bypass permissions",
175 "bypass permissions <true / false>",
176 "Bypass permission checks",
177 HandleBypassPermissions);
178
179 m_scene.AddCommand("permissions", "force permissions",
180 "force permissions <true / false>",
181 "Force permissions on or off",
182 HandleForcePermissions);
183
184 m_scene.AddCommand("permissions", "debug permissions",
185 "debug permissions <true / false>",
186 "Enable permissions debugging",
187 HandleDebugPermissions);
188 }
189
190 public void HandleBypassPermissions(string module, string[] args)
191 {
192 if (m_scene.ConsoleScene() != null &&
193 m_scene.ConsoleScene() != m_scene)
194 {
195 return;
196 }
197
198 if (args.Length > 2)
199 {
200 bool val;
201
202 if (!bool.TryParse(args[2], out val))
203 return;
204
205 m_bypassPermissions = val;
206
207 m_log.InfoFormat(
208 "[PERMISSIONS]: Set permissions bypass to {0} for {1}",
209 m_bypassPermissions, m_scene.RegionInfo.RegionName);
210 }
211 }
212
213 public void HandleForcePermissions(string module, string[] args)
214 {
215 if (m_scene.ConsoleScene() != null &&
216 m_scene.ConsoleScene() != m_scene)
217 {
218 return;
219 }
220
221 if (!m_bypassPermissions)
222 {
223 m_log.Error("[PERMISSIONS] Permissions can't be forced unless they are bypassed first");
224 return;
225 }
226
227 if (args.Length > 2)
228 {
229 bool val;
230
231 if (!bool.TryParse(args[2], out val))
232 return;
233
234 m_bypassPermissionsValue = val;
235
236 m_log.InfoFormat("[PERMISSIONS] Forced permissions to {0} in {1}", m_bypassPermissionsValue, m_scene.RegionInfo.RegionName);
237 }
238 }
239
240 public void HandleDebugPermissions(string module, string[] args)
241 {
242 if (m_scene.ConsoleScene() != null &&
243 m_scene.ConsoleScene() != m_scene)
244 {
245 return;
246 }
247
248 if (args.Length > 2)
249 {
250 bool val;
251
252 if (!bool.TryParse(args[2], out val))
253 return;
254
255 m_debugPermissions = val;
256
257 m_log.InfoFormat("[PERMISSIONS] Set permissions debugging to {0} in {1}", m_debugPermissions, m_scene.RegionInfo.RegionName);
258 }
259 }
260
261 public void PostInitialise()
262 {
263 }
264
265 public void Close()
266 {
267 }
268
269 public string Name
270 {
271 get { return "PermissionsModule"; }
272 }
273
274 public bool IsSharedModule
275 {
276 get { return false; }
277 }
278
279 #endregion
280
281 #region Helper Functions
282 protected void SendPermissionError(UUID user, string reason)
283 {
284 m_scene.EventManager.TriggerPermissionError(user, reason);
285 }
286
287 protected void DebugPermissionInformation(string permissionCalled)
288 {
289 if (m_debugPermissions)
290 m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
291 }
292
293 /// <summary>
294 /// Parse a user set configuration setting
295 /// </summary>
296 /// <param name="config"></param>
297 /// <param name="settingName"></param>
298 /// <param name="defaultValue">The default value for this attribute</param>
299 /// <returns>The parsed value</returns>
300 private static UserSet ParseUserSetConfigSetting(IConfig config, string settingName, UserSet defaultValue)
301 {
302 UserSet userSet = defaultValue;
303
304 string rawSetting = config.GetString(settingName, defaultValue.ToString());
305
306 // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term
307 // this should disappear.
308 if ("gods" == rawSetting.ToLower())
309 rawSetting = UserSet.Administrators.ToString();
310
311 // Doing it this was so that we can do a case insensitive conversion
312 try
313 {
314 userSet = (UserSet)Enum.Parse(typeof(UserSet), rawSetting, true);
315 }
316 catch
317 {
318 m_log.ErrorFormat(
319 "[PERMISSIONS]: {0} is not a valid {1} value, setting to {2}",
320 rawSetting, settingName, userSet);
321 }
322
323 m_log.DebugFormat("[PERMISSIONS]: {0} {1}", settingName, userSet);
324
325 return userSet;
326 }
327
328 /// <summary>
329 /// Is the given user an administrator (in other words, a god)?
330 /// </summary>
331 /// <param name="user"></param>
332 /// <returns></returns>
333 protected bool IsAdministrator(UUID user)
334 {
335 if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero)
336 {
337 if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user))
338 return true;
339 }
340
341 if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero)
342 {
343 if (m_scene.RegionInfo.EstateSettings.EstateOwner == user)
344 return true;
345 }
346
347 if (m_allowGridGods)
348 {
349 CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
350 if (profile != null && profile.UserProfile != null)
351 {
352 if (profile.UserProfile.GodLevel >= 200)
353 return true;
354 }
355 else
356 {
357 m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for administrator check", user);
358 }
359 }
360
361 return false;
362 }
363
364 protected bool IsEstateManager(UUID user)
365 {
366 return m_scene.RegionInfo.EstateSettings.IsEstateManager(user);
367 }
368#endregion
369
370 public bool PropagatePermissions()
371 {
372 if (m_bypassPermissions)
373 return false;
374
375 return m_propagatePermissions;
376 }
377
378 public bool BypassPermissions()
379 {
380 return m_bypassPermissions;
381 }
382
383 public void SetBypassPermissions(bool value)
384 {
385 m_bypassPermissions=value;
386 }
387
388 #region Object Permissions
389
390 public uint GenerateClientFlags(UUID user, UUID objID)
391 {
392 // Here's the way this works,
393 // ObjectFlags and Permission flags are two different enumerations
394 // ObjectFlags, however, tells the client to change what it will allow the user to do.
395 // So, that means that all of the permissions type ObjectFlags are /temporary/ and only
396 // supposed to be set when customizing the objectflags for the client.
397
398 // These temporary objectflags get computed and added in this function based on the
399 // Permission mask that's appropriate!
400 // Outside of this method, they should never be added to objectflags!
401 // -teravus
402
403 SceneObjectPart task = m_scene.GetSceneObjectPart(objID);
404
405 // this shouldn't ever happen.. return no permissions/objectflags.
406 if (task == null)
407 return (uint)0;
408
409 uint objflags = task.GetEffectiveObjectFlags();
410 UUID objectOwner = task.OwnerID;
411
412
413 // Remove any of the objectFlags that are temporary. These will get added back if appropriate
414 // in the next bit of code
415
416 // libomv will moan about PrimFlags.ObjectYouOfficer being
417 // deprecated
418 #pragma warning disable 0612
419 objflags &= (uint)
420 ~(PrimFlags.ObjectCopy | // Tells client you can copy the object
421 PrimFlags.ObjectModify | // tells client you can modify the object
422 PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod)
423 PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
424 PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object
425 PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object
426 PrimFlags.ObjectOwnerModify | // Tells client that you're the owner of the object
427 PrimFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
428 );
429 #pragma warning restore 0612
430
431 // Creating the three ObjectFlags options for this method to choose from.
432 // Customize the OwnerMask
433 uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags);
434 objectOwnerMask |= (uint)PrimFlags.ObjectYouOwner | (uint)PrimFlags.ObjectAnyOwner | (uint)PrimFlags.ObjectOwnerModify;
435
436 // Customize the GroupMask
437 // uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags);
438
439 // Customize the EveryoneMask
440 uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags);
441
442
443 // Hack to allow collaboration until Groups and Group Permissions are implemented
444 if ((objectEveryoneMask & (uint)PrimFlags.ObjectMove) != 0)
445 objectEveryoneMask |= (uint)PrimFlags.ObjectModify;
446
447 if (m_bypassPermissions)
448 return objectOwnerMask;
449
450 // Object owners should be able to edit their own content
451 if (user == objectOwner)
452 {
453 return objectOwnerMask;
454 }
455
456 // Users should be able to edit what is over their land.
457 ILandObject parcel = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
458 if (parcel != null && parcel.landData.OwnerID == user && m_ParcelOwnerIsGod)
459 return objectOwnerMask;
460
461 // Admin objects should not be editable by the above
462 if (IsAdministrator(objectOwner))
463 return objectEveryoneMask;
464
465 // Estate users should be able to edit anything in the sim
466 if (IsEstateManager(user) && m_RegionOwnerIsGod)
467 return objectOwnerMask;
468
469 // Admin should be able to edit anything in the sim (including admin objects)
470 if (IsAdministrator(user))
471 return objectOwnerMask;
472
473
474 return objectEveryoneMask;
475 }
476
477 private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
478 {
479 // We are adding the temporary objectflags to the object's objectflags based on the
480 // permission flag given. These change the F flags on the client.
481
482 if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)
483 {
484 objectFlagsMask |= (uint)PrimFlags.ObjectCopy;
485 }
486
487 if ((setPermissionMask & (uint)PermissionMask.Move) != 0)
488 {
489 objectFlagsMask |= (uint)PrimFlags.ObjectMove;
490 }
491
492 if ((setPermissionMask & (uint)PermissionMask.Modify) != 0)
493 {
494 objectFlagsMask |= (uint)PrimFlags.ObjectModify;
495 }
496
497 if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0)
498 {
499 objectFlagsMask |= (uint)PrimFlags.ObjectTransfer;
500 }
501
502 return objectFlagsMask;
503 }
504
505 /// <summary>
506 /// General permissions checks for any operation involving an object. These supplement more specific checks
507 /// implemented by callers.
508 /// </summary>
509 /// <param name="currentUser"></param>
510 /// <param name="objId"></param>
511 /// <param name="denyOnLocked"></param>
512 /// <returns></returns>
513 protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
514 {
515 // Default: deny
516 bool permission = false;
517 bool locked = false;
518
519 if (!m_scene.Entities.ContainsKey(objId))
520 {
521 return false;
522 }
523
524 // If it's not an object, we cant edit it.
525 if ((!(m_scene.Entities[objId] is SceneObjectGroup)))
526 {
527 return false;
528 }
529
530 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
531
532 UUID objectOwner = group.OwnerID;
533 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
534
535 // People shouldn't be able to do anything with locked objects, except the Administrator
536 // The 'set permissions' runs through a different permission check, so when an object owner
537 // sets an object locked, the only thing that they can do is unlock it.
538 //
539 // Nobody but the object owner can set permissions on an object
540 //
541
542 if (locked && (!IsAdministrator(currentUser)) && denyOnLocked)
543 {
544 return false;
545 }
546
547 // Object owners should be able to edit their own content
548 if (currentUser == objectOwner)
549 {
550 permission = true;
551 }
552 else if (group.IsAttachment)
553 {
554 permission = false;
555 }
556
557 // Users should be able to edit what is over their land.
558 ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y);
559 if ((parcel != null) && (parcel.landData.OwnerID == currentUser))
560 {
561 permission = true;
562 }
563
564 // Estate users should be able to edit anything in the sim
565 if (IsEstateManager(currentUser))
566 {
567 permission = true;
568 }
569
570 // Admin objects should not be editable by the above
571 if (IsAdministrator(objectOwner))
572 {
573 permission = false;
574 }
575
576 // Admin should be able to edit anything in the sim (including admin objects)
577 if (IsAdministrator(currentUser))
578 {
579 permission = true;
580 }
581
582 return permission;
583 }
584
585 #endregion
586
587 #region Generic Permissions
588 protected bool GenericCommunicationPermission(UUID user, UUID target)
589 {
590 // Setting this to true so that cool stuff can happen until we define what determines Generic Communication Permission
591 bool permission = true;
592 string reason = "Only registered users may communicate with another account.";
593
594 // Uhh, we need to finish this before we enable it.. because it's blocking all sorts of goodies and features
595 if (IsAdministrator(user))
596 permission = true;
597
598 if (IsEstateManager(user))
599 permission = true;
600
601 if (!permission)
602 SendPermissionError(user, reason);
603
604 return permission;
605 }
606
607 public bool GenericEstatePermission(UUID user)
608 {
609 // Default: deny
610 bool permission = false;
611
612 // Estate admins should be able to use estate tools
613 if (IsEstateManager(user))
614 permission = true;
615
616 // Administrators always have permission
617 if (IsAdministrator(user))
618 permission = true;
619
620 return permission;
621 }
622
623 protected bool GenericParcelPermission(UUID user, ILandObject parcel)
624 {
625 bool permission = false;
626
627 if (parcel.landData.OwnerID == user)
628 {
629 permission = true;
630 }
631
632 if (parcel.landData.IsGroupOwned)
633 {
634 // TODO: Need to do some extra checks here. Requires group code.
635 }
636
637 if (IsEstateManager(user))
638 {
639 permission = true;
640 }
641
642 if (IsAdministrator(user))
643 {
644 permission = true;
645 }
646
647 return permission;
648 }
649
650 protected bool GenericParcelPermission(UUID user, Vector3 pos)
651 {
652 ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
653 if (parcel == null) return false;
654 return GenericParcelPermission(user, parcel);
655 }
656#endregion
657
658 #region Permission Checks
659 private bool CanAbandonParcel(UUID user, ILandObject parcel, Scene scene)
660 {
661 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
662 if (m_bypassPermissions) return m_bypassPermissionsValue;
663
664 return GenericParcelPermission(user, parcel);
665 }
666
667 private bool CanReclaimParcel(UUID user, ILandObject parcel, Scene scene)
668 {
669 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
670 if (m_bypassPermissions) return m_bypassPermissionsValue;
671
672 return GenericParcelPermission(user, parcel);
673 }
674
675 private bool IsGod(UUID user, Scene scene)
676 {
677 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
678 if (m_bypassPermissions) return m_bypassPermissionsValue;
679
680 return IsAdministrator(user);
681 }
682
683 private bool CanDuplicateObject(int objectCount, UUID objectID, UUID owner, Scene scene, Vector3 objectPosition)
684 {
685 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
686 if (m_bypassPermissions) return m_bypassPermissionsValue;
687
688 if (!GenericObjectPermission(owner, objectID, true))
689 {
690 //They can't even edit the object
691 return false;
692 }
693
694 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
695 if (part == null)
696 return false;
697
698 if ((part.OwnerMask & PERM_COPY) == 0)
699 return false;
700
701 if ((part.ParentGroup.GetEffectivePermissions() & PERM_COPY) == 0)
702 return false;
703
704 //If they can rez, they can duplicate
705 return CanRezObject(objectCount, owner, objectPosition, scene);
706 }
707
708 private bool CanDeleteObject(UUID objectID, UUID deleter, Scene scene)
709 {
710 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
711 if (m_bypassPermissions) return m_bypassPermissionsValue;
712
713 return GenericObjectPermission(deleter, objectID, false);
714 }
715
716 private bool CanEditObject(UUID objectID, UUID editorID, Scene scene)
717 {
718 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
719 if (m_bypassPermissions) return m_bypassPermissionsValue;
720
721
722 return GenericObjectPermission(editorID, objectID, false);
723 }
724
725 private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene)
726 {
727 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
728 if (m_bypassPermissions) return m_bypassPermissionsValue;
729
730 SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
731
732 // If we selected a sub-prim to edit, the objectID won't represent the object, but only a part.
733 // We have to check the permissions of the group, though.
734 if (part.ParentID != 0)
735 {
736 objectID = part.ParentUUID;
737 part = m_scene.GetSceneObjectPart(objectID);
738 }
739
740 // TODO: add group support!
741 //
742 if (part.OwnerID != editorID)
743 return false;
744
745 return GenericObjectPermission(editorID, objectID, false);
746 }
747
748 private bool CanEditParcel(UUID user, ILandObject parcel, Scene scene)
749 {
750 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
751 if (m_bypassPermissions) return m_bypassPermissionsValue;
752
753 return GenericParcelPermission(user, parcel);
754 }
755
756 /// <summary>
757 /// Check whether the specified user can edit the given script
758 /// </summary>
759 /// <param name="script"></param>
760 /// <param name="objectID"></param>
761 /// <param name="user"></param>
762 /// <param name="scene"></param>
763 /// <returns></returns>
764 private bool CanEditScript(UUID script, UUID objectID, UUID user, Scene scene)
765 {
766 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
767 if (m_bypassPermissions) return m_bypassPermissionsValue;
768
769 if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(user))
770 return false;
771
772 // Ordinarily, if you can view it, you can edit it
773 // There is no viewing a no mod script
774 //
775 return CanViewScript(script, objectID, user, scene);
776 }
777
778 /// <summary>
779 /// Check whether the specified user can edit the given notecard
780 /// </summary>
781 /// <param name="notecard"></param>
782 /// <param name="objectID"></param>
783 /// <param name="user"></param>
784 /// <param name="scene"></param>
785 /// <returns></returns>
786 private bool CanEditNotecard(UUID notecard, UUID objectID, UUID user, Scene scene)
787 {
788 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
789 if (m_bypassPermissions) return m_bypassPermissionsValue;
790
791 if (objectID == UUID.Zero) // User inventory
792 {
793 CachedUserInfo userInfo =
794 scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
795
796 if (userInfo == null)
797 {
798 m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user);
799 return false;
800 }
801
802 if (userInfo.RootFolder == null)
803 return false;
804
805 InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard);
806 if (assetRequestItem == null) // Library item
807 {
808 assetRequestItem = scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard);
809
810 if (assetRequestItem != null) // Implicitly readable
811 return true;
812 }
813
814 // Notecards must be both mod and copy to be saveable
815 // This is because of they're not copy, you can't read
816 // them, and if they're not mod, well, then they're
817 // not mod. Duh.
818 //
819 if ((assetRequestItem.CurrentPermissions &
820 ((uint)PermissionMask.Modify |
821 (uint)PermissionMask.Copy)) !=
822 ((uint)PermissionMask.Modify |
823 (uint)PermissionMask.Copy))
824 return false;
825 }
826 else // Prim inventory
827 {
828 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
829
830 if (part == null)
831 return false;
832
833 if (part.OwnerID != user)
834 return false;
835
836 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
837 return false;
838
839 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
840
841 if (ti == null)
842 return false;
843
844 if (ti.OwnerID != user)
845 return false;
846
847 // Require full perms
848 if ((ti.CurrentPermissions &
849 ((uint)PermissionMask.Modify |
850 (uint)PermissionMask.Copy)) !=
851 ((uint)PermissionMask.Modify |
852 (uint)PermissionMask.Copy))
853 return false;
854 }
855
856 return true;
857 }
858
859 private bool CanInstantMessage(UUID user, UUID target, Scene startScene)
860 {
861 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
862 if (m_bypassPermissions) return m_bypassPermissionsValue;
863
864 // If the sender is an object, check owner instead
865 //
866 SceneObjectPart part = startScene.GetSceneObjectPart(user);
867 if (part != null)
868 user = part.OwnerID;
869
870 return GenericCommunicationPermission(user, target);
871 }
872
873 private bool CanInventoryTransfer(UUID user, UUID target, Scene startScene)
874 {
875 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
876 if (m_bypassPermissions) return m_bypassPermissionsValue;
877
878 return GenericCommunicationPermission(user, target);
879 }
880
881 private bool CanIssueEstateCommand(UUID user, Scene requestFromScene, bool ownerCommand)
882 {
883 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
884 if (m_bypassPermissions) return m_bypassPermissionsValue;
885
886 if (IsAdministrator(user))
887 return true;
888
889 if (m_scene.RegionInfo.EstateSettings.IsEstateOwner(user))
890 return true;
891
892 if (ownerCommand)
893 return false;
894
895 return GenericEstatePermission(user);
896 }
897
898 private bool CanMoveObject(UUID objectID, UUID moverID, Scene scene)
899 {
900 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
901 if (m_bypassPermissions)
902 {
903 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
904 if (part.OwnerID != moverID)
905 {
906 if (part.ParentGroup != null && !part.ParentGroup.IsDeleted)
907 {
908 if (part.ParentGroup.IsAttachment)
909 return false;
910 }
911 }
912 return m_bypassPermissionsValue;
913 }
914
915 bool permission = GenericObjectPermission(moverID, objectID, true);
916 if (!permission)
917 {
918 if (!m_scene.Entities.ContainsKey(objectID))
919 {
920 return false;
921 }
922
923 // The client
924 // may request to edit linked parts, and therefore, it needs
925 // to also check for SceneObjectPart
926
927 // If it's not an object, we cant edit it.
928 if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
929 {
930 return false;
931 }
932
933
934 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
935
936
937 // UUID taskOwner = null;
938 // Added this because at this point in time it wouldn't be wise for
939 // the administrator object permissions to take effect.
940 // UUID objectOwner = task.OwnerID;
941
942 // Anyone can move
943 if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
944 permission = true;
945
946 // Locked
947 if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
948 permission = false;
949 }
950 else
951 {
952 bool locked = false;
953 if (!m_scene.Entities.ContainsKey(objectID))
954 {
955 return false;
956 }
957
958 // If it's not an object, we cant edit it.
959 if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
960 {
961 return false;
962 }
963
964 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objectID];
965
966 UUID objectOwner = group.OwnerID;
967 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
968
969 // This is an exception to the generic object permission.
970 // Administrators who lock their objects should not be able to move them,
971 // however generic object permission should return true.
972 // This keeps locked objects from being affected by random click + drag actions by accident
973 // and allows the administrator to grab or delete a locked object.
974
975 // Administrators and estate managers are still able to click+grab locked objects not
976 // owned by them in the scene
977 // This is by design.
978
979 if (locked && (moverID == objectOwner))
980 return false;
981 }
982 return permission;
983 }
984
985 private bool CanObjectEntry(UUID objectID, bool enteringRegion, Vector3 newPoint, Scene scene)
986 {
987 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
988 if (m_bypassPermissions) return m_bypassPermissionsValue;
989
990 if ((newPoint.X > 257f || newPoint.X < -1f || newPoint.Y > 257f || newPoint.Y < -1f))
991 {
992 return true;
993 }
994
995 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
996
997 ILandObject land = m_scene.LandChannel.GetLandObject(newPoint.X, newPoint.Y);
998
999 if (!enteringRegion)
1000 {
1001 ILandObject fromland = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
1002
1003 if (fromland == land) // Not entering
1004 return true;
1005 }
1006
1007 if (land == null)
1008 {
1009 return false;
1010 }
1011
1012 if ((land.landData.Flags & ((int)Parcel.ParcelFlags.AllowAPrimitiveEntry)) != 0)
1013 {
1014 return true;
1015 }
1016
1017 //TODO: check for group rights
1018
1019 if (!m_scene.Entities.ContainsKey(objectID))
1020 {
1021 return false;
1022 }
1023
1024 // If it's not an object, we cant edit it.
1025 if (!(m_scene.Entities[objectID] is SceneObjectGroup))
1026 {
1027 return false;
1028 }
1029
1030
1031 if (GenericParcelPermission(task.OwnerID, newPoint))
1032 {
1033 return true;
1034 }
1035
1036 //Otherwise, false!
1037 return false;
1038 }
1039
1040 private bool CanReturnObject(UUID objectID, UUID returnerID, Scene scene)
1041 {
1042 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1043 if (m_bypassPermissions) return m_bypassPermissionsValue;
1044
1045 return GenericObjectPermission(returnerID, objectID, false);
1046 }
1047
1048 private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene)
1049 {
1050 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1051 if (m_bypassPermissions) return m_bypassPermissionsValue;
1052
1053 bool permission = false;
1054
1055 ILandObject land = m_scene.LandChannel.GetLandObject(objectPosition.X, objectPosition.Y);
1056 if (land == null) return false;
1057
1058 if ((land.landData.Flags & ((int)Parcel.ParcelFlags.CreateObjects)) ==
1059 (int)Parcel.ParcelFlags.CreateObjects)
1060 permission = true;
1061
1062 //TODO: check for group rights
1063
1064 if (IsAdministrator(owner))
1065 {
1066 permission = true;
1067 }
1068
1069 if (GenericParcelPermission(owner, objectPosition))
1070 {
1071 permission = true;
1072 }
1073
1074 return permission;
1075 }
1076
1077 private bool CanRunConsoleCommand(UUID user, Scene requestFromScene)
1078 {
1079 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1080 if (m_bypassPermissions) return m_bypassPermissionsValue;
1081
1082
1083 return IsAdministrator(user);
1084 }
1085
1086 private bool CanRunScript(UUID script, UUID objectID, UUID user, Scene scene)
1087 {
1088 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1089 if (m_bypassPermissions) return m_bypassPermissionsValue;
1090
1091 return true;
1092 }
1093
1094 private bool CanSellParcel(UUID user, ILandObject parcel, Scene scene)
1095 {
1096 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1097 if (m_bypassPermissions) return m_bypassPermissionsValue;
1098
1099 return GenericParcelPermission(user, parcel);
1100 }
1101
1102 private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene)
1103 {
1104 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1105 if (m_bypassPermissions) return m_bypassPermissionsValue;
1106
1107 return GenericObjectPermission(stealer,objectID, false);
1108 }
1109
1110 private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene)
1111 {
1112 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1113 if (m_bypassPermissions) return m_bypassPermissionsValue;
1114
1115 bool permission = GenericObjectPermission(userID, objectID,false);
1116 if (!permission)
1117 {
1118 if (!m_scene.Entities.ContainsKey(objectID))
1119 {
1120 return false;
1121 }
1122
1123 // If it's not an object, we cant edit it.
1124 if (!(m_scene.Entities[objectID] is SceneObjectGroup))
1125 {
1126 return false;
1127 }
1128
1129 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
1130 // UUID taskOwner = null;
1131 // Added this because at this point in time it wouldn't be wise for
1132 // the administrator object permissions to take effect.
1133 // UUID objectOwner = task.OwnerID;
1134
1135 if ((task.RootPart.EveryoneMask & PERM_COPY) != 0)
1136 permission = true;
1137
1138 if ((task.GetEffectivePermissions() & PERM_COPY) == 0)
1139 permission = false;
1140 }
1141 else
1142 {
1143 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
1144
1145 if ((task.GetEffectivePermissions() & PERM_COPY) == 0)
1146 permission = false;
1147 }
1148
1149 return permission;
1150 }
1151
1152 private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene)
1153 {
1154 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1155 if (m_bypassPermissions) return m_bypassPermissionsValue;
1156
1157 // Estate override
1158 if (GenericEstatePermission(user))
1159 return true;
1160
1161 float X = position.X;
1162 float Y = position.Y;
1163
1164 if (X > 255)
1165 X = 255;
1166 if (Y > 255)
1167 Y = 255;
1168 if (X < 0)
1169 X = 0;
1170 if (Y < 0)
1171 Y = 0;
1172
1173 ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y);
1174 if (parcel == null)
1175 return false;
1176
1177 // Others allowed to terraform?
1178 if ((parcel.landData.Flags & ((int)Parcel.ParcelFlags.AllowTerraform)) != 0)
1179 return true;
1180
1181 // Land owner can terraform too
1182 if (parcel != null && GenericParcelPermission(user, parcel))
1183 return true;
1184
1185 return false;
1186 }
1187
1188 /// <summary>
1189 /// Check whether the specified user can view the given script
1190 /// </summary>
1191 /// <param name="script"></param>
1192 /// <param name="objectID"></param>
1193 /// <param name="user"></param>
1194 /// <param name="scene"></param>
1195 /// <returns></returns>
1196 private bool CanViewScript(UUID script, UUID objectID, UUID user, Scene scene)
1197 {
1198 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1199 if (m_bypassPermissions) return m_bypassPermissionsValue;
1200
1201 if (objectID == UUID.Zero) // User inventory
1202 {
1203 CachedUserInfo userInfo =
1204 scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
1205
1206 if (userInfo == null)
1207 {
1208 m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for administrator check", user);
1209 return false;
1210 }
1211
1212 if (userInfo.RootFolder == null)
1213 return false;
1214
1215 InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(script);
1216 if (assetRequestItem == null) // Library item
1217 {
1218 assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(script);
1219
1220 if (assetRequestItem != null) // Implicitly readable
1221 return true;
1222 }
1223
1224 // SL is rather harebrained here. In SL, a script you
1225 // have mod/copy no trans is readable. This subverts
1226 // permissions, but is used in some products, most
1227 // notably Hippo door plugin and HippoRent 5 networked
1228 // prim counter.
1229 // To enable this broken SL-ism, remove Transfer from
1230 // the below expressions.
1231 // Trying to improve on SL perms by making a script
1232 // readable only if it's really full perms
1233 //
1234 if ((assetRequestItem.CurrentPermissions &
1235 ((uint)PermissionMask.Modify |
1236 (uint)PermissionMask.Copy |
1237 (uint)PermissionMask.Transfer)) !=
1238 ((uint)PermissionMask.Modify |
1239 (uint)PermissionMask.Copy |
1240 (uint)PermissionMask.Transfer))
1241 return false;
1242 }
1243 else // Prim inventory
1244 {
1245 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
1246
1247 if (part == null)
1248 return false;
1249
1250 if (part.OwnerID != user)
1251 return false;
1252
1253 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1254 return false;
1255
1256 TaskInventoryItem ti = part.Inventory.GetInventoryItem(script);
1257
1258 if (ti == null)
1259 return false;
1260
1261 if (ti.OwnerID != user)
1262 return false;
1263
1264 // Require full perms
1265 if ((ti.CurrentPermissions &
1266 ((uint)PermissionMask.Modify |
1267 (uint)PermissionMask.Copy |
1268 (uint)PermissionMask.Transfer)) !=
1269 ((uint)PermissionMask.Modify |
1270 (uint)PermissionMask.Copy |
1271 (uint)PermissionMask.Transfer))
1272 return false;
1273 }
1274
1275 return true;
1276 }
1277
1278 /// <summary>
1279 /// Check whether the specified user can view the given notecard
1280 /// </summary>
1281 /// <param name="script"></param>
1282 /// <param name="objectID"></param>
1283 /// <param name="user"></param>
1284 /// <param name="scene"></param>
1285 /// <returns></returns>
1286 private bool CanViewNotecard(UUID notecard, UUID objectID, UUID user, Scene scene)
1287 {
1288 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1289 if (m_bypassPermissions) return m_bypassPermissionsValue;
1290
1291 if (objectID == UUID.Zero) // User inventory
1292 {
1293 CachedUserInfo userInfo =
1294 scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
1295
1296 if (userInfo == null)
1297 {
1298 m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for view notecard check", user);
1299 return false;
1300 }
1301
1302 if (userInfo.RootFolder == null)
1303 return false;
1304
1305 InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard);
1306 if (assetRequestItem == null) // Library item
1307 {
1308 assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard);
1309
1310 if (assetRequestItem != null) // Implicitly readable
1311 return true;
1312 }
1313
1314 // Notecards are always readable unless no copy
1315 //
1316 if ((assetRequestItem.CurrentPermissions &
1317 (uint)PermissionMask.Copy) !=
1318 (uint)PermissionMask.Copy)
1319 return false;
1320 }
1321 else // Prim inventory
1322 {
1323 SceneObjectPart part = scene.GetSceneObjectPart(objectID);
1324
1325 if (part == null)
1326 return false;
1327
1328 if (part.OwnerID != user)
1329 return false;
1330
1331 if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
1332 return false;
1333
1334 TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
1335
1336 if (ti == null)
1337 return false;
1338
1339 if (ti.OwnerID != user)
1340 return false;
1341
1342 // Notecards are always readable unless no copy
1343 //
1344 if ((ti.CurrentPermissions &
1345 (uint)PermissionMask.Copy) !=
1346 (uint)PermissionMask.Copy)
1347 return false;
1348 }
1349
1350 return true;
1351 }
1352
1353 #endregion
1354
1355 private bool CanLinkObject(UUID userID, UUID objectID)
1356 {
1357 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1358 if (m_bypassPermissions) return m_bypassPermissionsValue;
1359
1360 return true;
1361 }
1362
1363 private bool CanDelinkObject(UUID userID, UUID objectID)
1364 {
1365 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1366 if (m_bypassPermissions) return m_bypassPermissionsValue;
1367
1368 return true;
1369 }
1370
1371 private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene)
1372 {
1373 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1374 if (m_bypassPermissions) return m_bypassPermissionsValue;
1375
1376 return true;
1377 }
1378
1379 private bool CanCopyObjectInventory(UUID itemID, UUID objectID, UUID userID)
1380 {
1381 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1382 if (m_bypassPermissions) return m_bypassPermissionsValue;
1383
1384 return true;
1385 }
1386
1387 private bool CanDeleteObjectInventory(UUID itemID, UUID objectID, UUID userID)
1388 {
1389 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1390 if (m_bypassPermissions) return m_bypassPermissionsValue;
1391
1392 return true;
1393 }
1394
1395 /// <summary>
1396 /// Check whether the specified user is allowed to directly create the given inventory type in a prim's
1397 /// inventory (e.g. the New Script button in the 1.21 Linden Lab client).
1398 /// </summary>
1399 /// <param name="invType"></param>
1400 /// <param name="objectID"></param>
1401 /// <param name="userID"></param>
1402 /// <returns></returns>
1403 private bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID)
1404 {
1405 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1406 if (m_bypassPermissions) return m_bypassPermissionsValue;
1407
1408 if ((int)InventoryType.LSL == invType)
1409 if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
1410 return false;
1411
1412 return true;
1413 }
1414
1415 /// <summary>
1416 /// Check whether the specified user is allowed to create the given inventory type in their inventory.
1417 /// </summary>
1418 /// <param name="invType"></param>
1419 /// <param name="userID"></param>
1420 /// <returns></returns>
1421 private bool CanCreateUserInventory(int invType, UUID userID)
1422 {
1423 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1424 if (m_bypassPermissions) return m_bypassPermissionsValue;
1425
1426 if ((int)InventoryType.LSL == invType)
1427 if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
1428 return false;
1429
1430 return true;
1431 }
1432
1433 /// <summary>
1434 /// Check whether the specified user is allowed to copy the given inventory type in their inventory.
1435 /// </summary>
1436 /// <param name="itemID"></param>
1437 /// <param name="userID"></param>
1438 /// <returns></returns>
1439 private bool CanCopyUserInventory(UUID itemID, UUID userID)
1440 {
1441 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1442 if (m_bypassPermissions) return m_bypassPermissionsValue;
1443
1444 return true;
1445 }
1446
1447 /// <summary>
1448 /// Check whether the specified user is allowed to edit the given inventory item within their own inventory.
1449 /// </summary>
1450 /// <param name="itemID"></param>
1451 /// <param name="userID"></param>
1452 /// <returns></returns>
1453 private bool CanEditUserInventory(UUID itemID, UUID userID)
1454 {
1455 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1456 if (m_bypassPermissions) return m_bypassPermissionsValue;
1457
1458 return true;
1459 }
1460
1461 /// <summary>
1462 /// Check whether the specified user is allowed to delete the given inventory item from their own inventory.
1463 /// </summary>
1464 /// <param name="itemID"></param>
1465 /// <param name="userID"></param>
1466 /// <returns></returns>
1467 private bool CanDeleteUserInventory(UUID itemID, UUID userID)
1468 {
1469 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1470 if (m_bypassPermissions) return m_bypassPermissionsValue;
1471
1472 return true;
1473 }
1474
1475 private bool CanTeleport(UUID userID)
1476 {
1477 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1478 if (m_bypassPermissions) return m_bypassPermissionsValue;
1479
1480 return true;
1481 }
1482
1483 private bool CanResetScript(UUID prim, UUID script, UUID agentID, Scene scene)
1484 {
1485 DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
1486 if (m_bypassPermissions) return m_bypassPermissionsValue;
1487
1488 SceneObjectPart part = m_scene.GetSceneObjectPart(prim);
1489
1490 // If we selected a sub-prim to reset, prim won't represent the object, but only a part.
1491 // We have to check the permissions of the object, though.
1492 if (part.ParentID != 0) prim = part.ParentUUID;
1493
1494 // You can reset the scripts in any object you can edit
1495 return GenericObjectPermission(agentID, prim, false);
1496 }
1497 }
1498}