diff options
author | Justin Clarke Casey | 2008-05-05 20:14:53 +0000 |
---|---|---|
committer | Justin Clarke Casey | 2008-05-05 20:14:53 +0000 |
commit | 9655cf280779021e6241a08f8610cad9b982763f (patch) | |
tree | 82ef6d74969e4b64971d64a6a18e4488729167a8 /OpenSim/Region/Environment/Modules | |
parent | * Just some tidy up and documentation before I make my first ever attempt to ... (diff) | |
download | opensim-SC_OLD-9655cf280779021e6241a08f8610cad9b982763f.zip opensim-SC_OLD-9655cf280779021e6241a08f8610cad9b982763f.tar.gz opensim-SC_OLD-9655cf280779021e6241a08f8610cad9b982763f.tar.bz2 opensim-SC_OLD-9655cf280779021e6241a08f8610cad9b982763f.tar.xz |
* Refactor: Break out permissions code into a separate region PermissionsModule
Diffstat (limited to 'OpenSim/Region/Environment/Modules')
4 files changed, 701 insertions, 7 deletions
diff --git a/OpenSim/Region/Environment/Modules/Agent/Xfer/XferModule.cs b/OpenSim/Region/Environment/Modules/Agent/Xfer/XferModule.cs index 8e90d17..c7ee233 100644 --- a/OpenSim/Region/Environment/Modules/Agent/Xfer/XferModule.cs +++ b/OpenSim/Region/Environment/Modules/Agent/Xfer/XferModule.cs | |||
@@ -41,10 +41,6 @@ namespace OpenSim.Region.Environment.Modules.Agent.Xfer | |||
41 | public Dictionary<string, byte[]> NewFiles = new Dictionary<string, byte[]>(); | 41 | public Dictionary<string, byte[]> NewFiles = new Dictionary<string, byte[]>(); |
42 | public Dictionary<ulong, XferDownLoad> Transfers = new Dictionary<ulong, XferDownLoad>(); | 42 | public Dictionary<ulong, XferDownLoad> Transfers = new Dictionary<ulong, XferDownLoad>(); |
43 | 43 | ||
44 | public XferModule() | ||
45 | { | ||
46 | } | ||
47 | |||
48 | #region IRegionModule Members | 44 | #region IRegionModule Members |
49 | 45 | ||
50 | public void Initialise(Scene scene, IConfigSource config) | 46 | public void Initialise(Scene scene, IConfigSource config) |
diff --git a/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs b/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs index 403ab5b..ebe0357 100644 --- a/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs | |||
@@ -205,7 +205,7 @@ namespace OpenSim.Region.Environment.Modules.World.Estate | |||
205 | 205 | ||
206 | // This needs to be updated for SuperEstateOwnerUser.. a non existing user in the estatesettings.xml | 206 | // This needs to be updated for SuperEstateOwnerUser.. a non existing user in the estatesettings.xml |
207 | // So make sure you really trust your region owners. because they can add other estate manaagers to your other estates | 207 | // So make sure you really trust your region owners. because they can add other estate manaagers to your other estates |
208 | if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.PermissionsMngr.BypassPermissions) | 208 | if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.Permissions.BypassPermissions) |
209 | { | 209 | { |
210 | m_scene.RegionInfo.EstateSettings.AddEstateManager(user); | 210 | m_scene.RegionInfo.EstateSettings.AddEstateManager(user); |
211 | remote_client.sendEstateManagersList(invoice); | 211 | remote_client.sendEstateManagersList(invoice); |
@@ -219,7 +219,7 @@ namespace OpenSim.Region.Environment.Modules.World.Estate | |||
219 | case 512: | 219 | case 512: |
220 | // This needs to be updated for SuperEstateOwnerUser.. a non existing user in the estatesettings.xml | 220 | // This needs to be updated for SuperEstateOwnerUser.. a non existing user in the estatesettings.xml |
221 | // So make sure you really trust your region owners. because they can add other estate manaagers to your other estates | 221 | // So make sure you really trust your region owners. because they can add other estate manaagers to your other estates |
222 | if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.PermissionsMngr.BypassPermissions) | 222 | if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.Permissions.BypassPermissions) |
223 | { | 223 | { |
224 | m_scene.RegionInfo.EstateSettings.RemoveEstateManager(user); | 224 | m_scene.RegionInfo.EstateSettings.RemoveEstateManager(user); |
225 | remote_client.sendEstateManagersList(invoice); | 225 | remote_client.sendEstateManagersList(invoice); |
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs new file mode 100644 index 0000000..de02702 --- /dev/null +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs | |||
@@ -0,0 +1,698 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSim Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using libsecondlife; | ||
29 | using Nini.Config; | ||
30 | |||
31 | using OpenSim.Region.Environment.Interfaces; | ||
32 | using OpenSim.Region.Environment.Scenes; | ||
33 | |||
34 | namespace OpenSim.Region.Environment.Modules.World.Permissions | ||
35 | { | ||
36 | public class PermissionsModule : IRegionModule, IScenePermissions | ||
37 | { | ||
38 | protected Scene m_scene; | ||
39 | |||
40 | // These are here for testing. They will be taken out | ||
41 | |||
42 | //private uint PERM_ALL = (uint)2147483647; | ||
43 | private uint PERM_COPY = (uint)32768; | ||
44 | //private uint PERM_MODIFY = (uint)16384; | ||
45 | private uint PERM_MOVE = (uint)524288; | ||
46 | //private uint PERM_TRANS = (uint)8192; | ||
47 | private uint PERM_LOCKED = (uint)540672; | ||
48 | |||
49 | // Bypasses the permissions engine | ||
50 | private bool m_bypassPermissions = false; | ||
51 | |||
52 | public bool BypassPermissions | ||
53 | { | ||
54 | get { return m_bypassPermissions; } | ||
55 | set { m_bypassPermissions = value; } | ||
56 | } | ||
57 | |||
58 | #region IRegionModule Members | ||
59 | |||
60 | public void Initialise(Scene scene, IConfigSource config) | ||
61 | { | ||
62 | m_scene = scene; | ||
63 | |||
64 | // FIXME: Possibly move all permissions related stuff to its own section | ||
65 | IConfig myConfig = config.Configs["Startup"]; | ||
66 | |||
67 | m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", false); | ||
68 | |||
69 | m_scene.RegisterModuleInterface<IScenePermissions>(this); | ||
70 | } | ||
71 | |||
72 | public void PostInitialise() | ||
73 | { | ||
74 | } | ||
75 | |||
76 | public void Close() | ||
77 | { | ||
78 | } | ||
79 | |||
80 | public string Name | ||
81 | { | ||
82 | get { return "PermissionsModule"; } | ||
83 | } | ||
84 | |||
85 | public bool IsSharedModule | ||
86 | { | ||
87 | get { return false; } | ||
88 | } | ||
89 | |||
90 | #endregion | ||
91 | |||
92 | protected virtual void SendPermissionError(LLUUID user, string reason) | ||
93 | { | ||
94 | m_scene.EventManager.TriggerPermissionError(user, reason); | ||
95 | } | ||
96 | |||
97 | protected virtual bool IsAdministrator(LLUUID user) | ||
98 | { | ||
99 | if (m_bypassPermissions) | ||
100 | { | ||
101 | return true; | ||
102 | } | ||
103 | |||
104 | // If there is no master avatar, return false | ||
105 | if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero) | ||
106 | { | ||
107 | return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; | ||
108 | } | ||
109 | |||
110 | return false; | ||
111 | } | ||
112 | |||
113 | public virtual bool IsEstateManager(LLUUID user) | ||
114 | { | ||
115 | if (m_bypassPermissions) | ||
116 | { | ||
117 | return true; | ||
118 | } | ||
119 | |||
120 | if (user != LLUUID.Zero) | ||
121 | { | ||
122 | LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers; | ||
123 | for (int i = 0; i < estatemanagers.Length; i++) | ||
124 | { | ||
125 | if (estatemanagers[i] == user) | ||
126 | return true; | ||
127 | } | ||
128 | } | ||
129 | |||
130 | return false; | ||
131 | } | ||
132 | |||
133 | protected virtual bool IsGridUser(LLUUID user) | ||
134 | { | ||
135 | return true; | ||
136 | } | ||
137 | |||
138 | protected virtual bool IsGuest(LLUUID user) | ||
139 | { | ||
140 | return false; | ||
141 | } | ||
142 | |||
143 | public virtual bool CanRezObject(LLUUID user, LLVector3 position) | ||
144 | { | ||
145 | bool permission = false; | ||
146 | |||
147 | string reason = "Insufficient permission"; | ||
148 | |||
149 | ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y); | ||
150 | if (land == null) return false; | ||
151 | |||
152 | if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) == | ||
153 | (int)Parcel.ParcelFlags.CreateObjects) | ||
154 | permission = true; | ||
155 | |||
156 | //TODO: check for group rights | ||
157 | |||
158 | if (IsAdministrator(user)) | ||
159 | { | ||
160 | permission = true; | ||
161 | } | ||
162 | else | ||
163 | { | ||
164 | reason = "Not an administrator"; | ||
165 | } | ||
166 | |||
167 | if (GenericParcelPermission(user, position)) | ||
168 | { | ||
169 | permission = true; | ||
170 | } | ||
171 | else | ||
172 | { | ||
173 | reason = "Not the parcel owner"; | ||
174 | } | ||
175 | |||
176 | if (!permission) | ||
177 | SendPermissionError(user, reason); | ||
178 | |||
179 | return permission; | ||
180 | } | ||
181 | |||
182 | /// <see cref="Opensim.Region.Environment.Interfaces.IScenePermissions></see> | ||
183 | public virtual bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos) | ||
184 | { | ||
185 | if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f)) | ||
186 | { | ||
187 | return true; | ||
188 | } | ||
189 | |||
190 | ILandObject land1 = m_scene.LandChannel.getLandObject(oldPos.X, oldPos.Y); | ||
191 | ILandObject land2 = m_scene.LandChannel.getLandObject(newPos.X, newPos.Y); | ||
192 | |||
193 | if (land1 == null || land2 == null) | ||
194 | { | ||
195 | return false; | ||
196 | } | ||
197 | if (land2 == null) | ||
198 | { | ||
199 | // need this for crossing borders | ||
200 | return true; | ||
201 | } | ||
202 | |||
203 | if (land1.landData.globalID == land2.landData.globalID) | ||
204 | { | ||
205 | return true; | ||
206 | } | ||
207 | |||
208 | if ((land2.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0) | ||
209 | { | ||
210 | return true; | ||
211 | } | ||
212 | |||
213 | //TODO: check for group rights | ||
214 | |||
215 | if (GenericParcelPermission(user, newPos)) | ||
216 | { | ||
217 | return true; | ||
218 | } | ||
219 | |||
220 | SendPermissionError(user, "Not allowed to move objects in this parcel!"); | ||
221 | |||
222 | return false; | ||
223 | } | ||
224 | |||
225 | #region Object Permissions | ||
226 | |||
227 | public virtual uint GenerateClientFlags(LLUUID user, LLUUID objID) | ||
228 | { | ||
229 | // Here's the way this works, | ||
230 | // ObjectFlags and Permission flags are two different enumerations | ||
231 | // ObjectFlags, however, tells the client to change what it will allow the user to do. | ||
232 | // So, that means that all of the permissions type ObjectFlags are /temporary/ and only | ||
233 | // supposed to be set when customizing the objectflags for the client. | ||
234 | |||
235 | // These temporary objectflags get computed and added in this function based on the | ||
236 | // Permission mask that's appropriate! | ||
237 | // Outside of this method, they should never be added to objectflags! | ||
238 | // -teravus | ||
239 | |||
240 | SceneObjectPart task=m_scene.GetSceneObjectPart(objID); | ||
241 | |||
242 | // this shouldn't ever happen.. return no permissions/objectflags. | ||
243 | if (task == null) | ||
244 | return (uint)0; | ||
245 | |||
246 | uint objflags = task.GetEffectiveObjectFlags(); | ||
247 | LLUUID objectOwner = task.OwnerID; | ||
248 | |||
249 | |||
250 | // Remove any of the objectFlags that are temporary. These will get added back if appropriate | ||
251 | // in the next bit of code | ||
252 | |||
253 | objflags &= (uint) | ||
254 | ~(LLObject.ObjectFlags.ObjectCopy | // Tells client you can copy the object | ||
255 | LLObject.ObjectFlags.ObjectModify | // tells client you can modify the object | ||
256 | LLObject.ObjectFlags.ObjectMove | // tells client that you can move the object (only, no mod) | ||
257 | LLObject.ObjectFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it | ||
258 | LLObject.ObjectFlags.ObjectYouOwner | // Tells client that you're the owner of the object | ||
259 | LLObject.ObjectFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set | ||
260 | ); | ||
261 | |||
262 | // Creating the three ObjectFlags options for this method to choose from. | ||
263 | // Customize the OwnerMask | ||
264 | uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); | ||
265 | objectOwnerMask |= (uint)LLObject.ObjectFlags.ObjectYouOwner; | ||
266 | |||
267 | // Customize the GroupMask | ||
268 | uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags); | ||
269 | |||
270 | // Customize the EveryoneMask | ||
271 | uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); | ||
272 | |||
273 | |||
274 | // Hack to allow collaboration until Groups and Group Permissions are implemented | ||
275 | if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0) | ||
276 | objectEveryoneMask |= (uint)LLObject.ObjectFlags.ObjectModify; | ||
277 | |||
278 | if (m_bypassPermissions) | ||
279 | return objectOwnerMask; | ||
280 | |||
281 | // Object owners should be able to edit their own content | ||
282 | if (user == objectOwner) | ||
283 | { | ||
284 | return objectOwnerMask; | ||
285 | } | ||
286 | |||
287 | // Users should be able to edit what is over their land. | ||
288 | ILandObject parcel = m_scene.LandChannel.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y); | ||
289 | if (parcel != null && parcel.landData.ownerID == user) | ||
290 | return objectOwnerMask; | ||
291 | |||
292 | // Admin objects should not be editable by the above | ||
293 | if (IsAdministrator(objectOwner)) | ||
294 | return objectEveryoneMask; | ||
295 | |||
296 | // Estate users should be able to edit anything in the sim | ||
297 | if (IsEstateManager(user)) | ||
298 | return objectOwnerMask; | ||
299 | |||
300 | |||
301 | |||
302 | // Admin should be able to edit anything in the sim (including admin objects) | ||
303 | if (IsAdministrator(user)) | ||
304 | return objectOwnerMask; | ||
305 | |||
306 | |||
307 | return objectEveryoneMask; | ||
308 | } | ||
309 | |||
310 | private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask) | ||
311 | { | ||
312 | // We are adding the temporary objectflags to the object's objectflags based on the | ||
313 | // permission flag given. These change the F flags on the client. | ||
314 | |||
315 | if ((setPermissionMask & (uint)PermissionMask.Copy) != 0) | ||
316 | { | ||
317 | objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectCopy; | ||
318 | } | ||
319 | |||
320 | if ((setPermissionMask & (uint)PermissionMask.Move) != 0) | ||
321 | { | ||
322 | objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectMove; | ||
323 | } | ||
324 | |||
325 | if ((setPermissionMask & (uint)PermissionMask.Modify) != 0) | ||
326 | { | ||
327 | objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectModify; | ||
328 | } | ||
329 | |||
330 | if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0) | ||
331 | { | ||
332 | objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectTransfer; | ||
333 | } | ||
334 | |||
335 | return objectFlagsMask; | ||
336 | } | ||
337 | |||
338 | protected virtual bool GenericObjectPermission(LLUUID currentUser, LLUUID objId) | ||
339 | { | ||
340 | // Default: deny | ||
341 | bool permission = false; | ||
342 | bool locked = false; | ||
343 | |||
344 | if (!m_scene.Entities.ContainsKey(objId)) | ||
345 | { | ||
346 | return false; | ||
347 | } | ||
348 | |||
349 | // If it's not an object, we cant edit it. | ||
350 | if ((!(m_scene.Entities[objId] is SceneObjectGroup))) | ||
351 | { | ||
352 | return false; | ||
353 | } | ||
354 | |||
355 | |||
356 | SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; | ||
357 | |||
358 | LLUUID objectOwner = group.OwnerID; | ||
359 | locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); | ||
360 | |||
361 | // People shouldn't be able to do anything with locked objects, except the Administrator | ||
362 | // The 'set permissions' runs through a different permission check, so when an object owner | ||
363 | // sets an object locked, the only thing that they can do is unlock it. | ||
364 | // | ||
365 | // Nobody but the object owner can set permissions on an object | ||
366 | // | ||
367 | |||
368 | if (locked && (!IsAdministrator(currentUser))) | ||
369 | { | ||
370 | return false; | ||
371 | } | ||
372 | |||
373 | // Object owners should be able to edit their own content | ||
374 | if (currentUser == objectOwner) | ||
375 | { | ||
376 | permission = true; | ||
377 | } | ||
378 | |||
379 | // Users should be able to edit what is over their land. | ||
380 | ILandObject parcel = m_scene.LandChannel.getLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y); | ||
381 | if ((parcel != null) && (parcel.landData.ownerID == currentUser)) | ||
382 | { | ||
383 | permission = true; | ||
384 | } | ||
385 | |||
386 | // Estate users should be able to edit anything in the sim | ||
387 | if (IsEstateManager(currentUser)) | ||
388 | { | ||
389 | permission = true; | ||
390 | } | ||
391 | |||
392 | // Admin objects should not be editable by the above | ||
393 | if (IsAdministrator(objectOwner)) | ||
394 | { | ||
395 | permission = false; | ||
396 | } | ||
397 | |||
398 | // Admin should be able to edit anything in the sim (including admin objects) | ||
399 | if (IsAdministrator(currentUser)) | ||
400 | { | ||
401 | permission = true; | ||
402 | } | ||
403 | |||
404 | return permission; | ||
405 | } | ||
406 | |||
407 | /// <see cref="Opensim.Region.Environment.Interfaces.IScenePermissions></see> | ||
408 | public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) | ||
409 | { | ||
410 | return GenericObjectPermission(user, obj); | ||
411 | } | ||
412 | |||
413 | public virtual bool CanEditObject(LLUUID user, LLUUID obj) | ||
414 | { | ||
415 | return GenericObjectPermission(user, obj); | ||
416 | } | ||
417 | |||
418 | public virtual bool CanEditObjectPosition(LLUUID user, LLUUID obj) | ||
419 | { | ||
420 | bool permission = GenericObjectPermission(user, obj); | ||
421 | if (!permission) | ||
422 | { | ||
423 | if (!m_scene.Entities.ContainsKey(obj)) | ||
424 | { | ||
425 | return false; | ||
426 | } | ||
427 | |||
428 | // The client | ||
429 | // may request to edit linked parts, and therefore, it needs | ||
430 | // to also check for SceneObjectPart | ||
431 | |||
432 | // If it's not an object, we cant edit it. | ||
433 | if ((!(m_scene.Entities[obj] is SceneObjectGroup))) | ||
434 | { | ||
435 | return false; | ||
436 | } | ||
437 | |||
438 | |||
439 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; | ||
440 | |||
441 | |||
442 | LLUUID taskOwner = null; | ||
443 | // Added this because at this point in time it wouldn't be wise for | ||
444 | // the administrator object permissions to take effect. | ||
445 | LLUUID objectOwner = task.OwnerID; | ||
446 | |||
447 | // Anyone can move | ||
448 | if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0) | ||
449 | permission = true; | ||
450 | |||
451 | // Locked | ||
452 | if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0) | ||
453 | permission = false; | ||
454 | |||
455 | } | ||
456 | else | ||
457 | { | ||
458 | bool locked = false; | ||
459 | if (!m_scene.Entities.ContainsKey(obj)) | ||
460 | { | ||
461 | return false; | ||
462 | } | ||
463 | |||
464 | // If it's not an object, we cant edit it. | ||
465 | if ((!(m_scene.Entities[obj] is SceneObjectGroup))) | ||
466 | { | ||
467 | return false; | ||
468 | } | ||
469 | |||
470 | |||
471 | SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[obj]; | ||
472 | |||
473 | LLUUID objectOwner = group.OwnerID; | ||
474 | locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); | ||
475 | |||
476 | |||
477 | // This is an exception to the generic object permission. | ||
478 | // Administrators who lock their objects should not be able to move them, | ||
479 | // however generic object permission should return true. | ||
480 | // This keeps locked objects from being affected by random click + drag actions by accident | ||
481 | // and allows the administrator to grab or delete a locked object. | ||
482 | |||
483 | // Administrators and estate managers are still able to click+grab locked objects not | ||
484 | // owned by them in the scene | ||
485 | // This is by design. | ||
486 | |||
487 | if (locked && (user == objectOwner)) | ||
488 | return false; | ||
489 | } | ||
490 | return permission; | ||
491 | } | ||
492 | |||
493 | public virtual bool CanCopyObject(LLUUID user, LLUUID obj) | ||
494 | { | ||
495 | bool permission = GenericObjectPermission(user, obj); | ||
496 | if (!permission) | ||
497 | { | ||
498 | if (!m_scene.Entities.ContainsKey(obj)) | ||
499 | { | ||
500 | return false; | ||
501 | } | ||
502 | |||
503 | // If it's not an object, we cant edit it. | ||
504 | if (!(m_scene.Entities[obj] is SceneObjectGroup)) | ||
505 | { | ||
506 | return false; | ||
507 | } | ||
508 | |||
509 | SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; | ||
510 | LLUUID taskOwner = null; | ||
511 | // Added this because at this point in time it wouldn't be wise for | ||
512 | // the administrator object permissions to take effect. | ||
513 | LLUUID objectOwner = task.OwnerID; | ||
514 | if ((task.RootPart.EveryoneMask & PERM_COPY) != 0) | ||
515 | permission = true; | ||
516 | } | ||
517 | return permission; | ||
518 | } | ||
519 | |||
520 | public virtual bool CanReturnObject(LLUUID user, LLUUID obj) | ||
521 | { | ||
522 | return GenericObjectPermission(user, obj); | ||
523 | } | ||
524 | |||
525 | #endregion | ||
526 | |||
527 | #region Communication Permissions | ||
528 | |||
529 | protected virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) | ||
530 | { | ||
531 | bool permission = false; | ||
532 | string reason = "Only registered users may communicate with another account."; | ||
533 | |||
534 | if (IsGridUser(user)) | ||
535 | permission = true; | ||
536 | |||
537 | if (!IsGridUser(user)) | ||
538 | { | ||
539 | permission = false; | ||
540 | reason = "The person that you are messaging is not a registered user."; | ||
541 | } | ||
542 | if (IsAdministrator(user)) | ||
543 | permission = true; | ||
544 | |||
545 | if (IsEstateManager(user)) | ||
546 | permission = true; | ||
547 | |||
548 | if (!permission) | ||
549 | SendPermissionError(user, reason); | ||
550 | |||
551 | return permission; | ||
552 | } | ||
553 | |||
554 | public virtual bool CanInstantMessage(LLUUID user, LLUUID target) | ||
555 | { | ||
556 | return GenericCommunicationPermission(user, target); | ||
557 | } | ||
558 | |||
559 | public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) | ||
560 | { | ||
561 | return GenericCommunicationPermission(user, target); | ||
562 | } | ||
563 | |||
564 | #endregion | ||
565 | |||
566 | public virtual bool CanEditScript(LLUUID user, LLUUID script) | ||
567 | { | ||
568 | return IsAdministrator(user); | ||
569 | } | ||
570 | |||
571 | public virtual bool CanRunScript(LLUUID user, LLUUID script) | ||
572 | { | ||
573 | return IsAdministrator(user); | ||
574 | } | ||
575 | |||
576 | public virtual bool CanRunConsoleCommand(LLUUID user) | ||
577 | { | ||
578 | return IsAdministrator(user); | ||
579 | } | ||
580 | |||
581 | public virtual bool CanTerraform(LLUUID user, LLVector3 position) | ||
582 | { | ||
583 | bool permission = false; | ||
584 | |||
585 | // Estate override | ||
586 | if (GenericEstatePermission(user)) | ||
587 | permission = true; | ||
588 | |||
589 | float X = position.X; | ||
590 | float Y = position.Y; | ||
591 | |||
592 | if (X > 255) | ||
593 | X = 255; | ||
594 | if (Y > 255) | ||
595 | Y = 255; | ||
596 | if (X < 0) | ||
597 | X = 0; | ||
598 | if (Y < 0) | ||
599 | Y = 0; | ||
600 | |||
601 | // Land owner can terraform too | ||
602 | ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y); | ||
603 | if (parcel != null && GenericParcelPermission(user, parcel)) | ||
604 | permission = true; | ||
605 | |||
606 | if (!permission) | ||
607 | SendPermissionError(user, "Not authorized to terraform at this location."); | ||
608 | |||
609 | return permission; | ||
610 | } | ||
611 | |||
612 | #region Estate Permissions | ||
613 | |||
614 | public virtual bool GenericEstatePermission(LLUUID user) | ||
615 | { | ||
616 | // Default: deny | ||
617 | bool permission = false; | ||
618 | |||
619 | // Estate admins should be able to use estate tools | ||
620 | if (IsEstateManager(user)) | ||
621 | permission = true; | ||
622 | |||
623 | // Administrators always have permission | ||
624 | if (IsAdministrator(user)) | ||
625 | permission = true; | ||
626 | |||
627 | return permission; | ||
628 | } | ||
629 | |||
630 | public virtual bool CanEditEstateTerrain(LLUUID user) | ||
631 | { | ||
632 | return GenericEstatePermission(user); | ||
633 | } | ||
634 | |||
635 | public virtual bool CanRestartSim(LLUUID user) | ||
636 | { | ||
637 | // Since this is potentially going on a grid... | ||
638 | |||
639 | return GenericEstatePermission(user); | ||
640 | //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; | ||
641 | } | ||
642 | |||
643 | #endregion | ||
644 | |||
645 | #region Parcel Permissions | ||
646 | |||
647 | protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel) | ||
648 | { | ||
649 | bool permission = false; | ||
650 | |||
651 | if (parcel.landData.ownerID == user) | ||
652 | { | ||
653 | permission = true; | ||
654 | } | ||
655 | |||
656 | if (parcel.landData.isGroupOwned) | ||
657 | { | ||
658 | // TODO: Need to do some extra checks here. Requires group code. | ||
659 | } | ||
660 | |||
661 | if (IsEstateManager(user)) | ||
662 | { | ||
663 | permission = true; | ||
664 | } | ||
665 | |||
666 | if (IsAdministrator(user)) | ||
667 | { | ||
668 | permission = true; | ||
669 | } | ||
670 | |||
671 | return permission; | ||
672 | } | ||
673 | |||
674 | protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) | ||
675 | { | ||
676 | ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y); | ||
677 | if (parcel == null) return false; | ||
678 | return GenericParcelPermission(user, parcel); | ||
679 | } | ||
680 | |||
681 | public virtual bool CanEditParcel(LLUUID user, ILandObject parcel) | ||
682 | { | ||
683 | return GenericParcelPermission(user, parcel); | ||
684 | } | ||
685 | |||
686 | public virtual bool CanSellParcel(LLUUID user, ILandObject parcel) | ||
687 | { | ||
688 | return GenericParcelPermission(user, parcel); | ||
689 | } | ||
690 | |||
691 | public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel) | ||
692 | { | ||
693 | return GenericParcelPermission(user, parcel); | ||
694 | } | ||
695 | |||
696 | #endregion | ||
697 | } | ||
698 | } | ||
diff --git a/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs b/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs index 240ba65..91a28e4 100644 --- a/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs | |||
@@ -449,7 +449,7 @@ namespace OpenSim.Region.Environment.Modules.World.Terrain | |||
449 | float south, float east, IClientAPI remoteClient) | 449 | float south, float east, IClientAPI remoteClient) |
450 | { | 450 | { |
451 | // Not a good permissions check, if in area mode, need to check the entire area. | 451 | // Not a good permissions check, if in area mode, need to check the entire area. |
452 | if (m_scene.PermissionsMngr.CanTerraform(remoteClient.AgentId, new LLVector3(north, west, 0))) | 452 | if (m_scene.Permissions.CanTerraform(remoteClient.AgentId, new LLVector3(north, west, 0))) |
453 | { | 453 | { |
454 | if (north == south && east == west) | 454 | if (north == south && east == west) |
455 | { | 455 | { |