Changes osFunction permissions again. Allow_ with a list of UUIDs now again

refers to prim OWNERS. A new option set, Creators_, is added to allow selection by script creator. For existing installs, this means no functional change. The warning from my prior commit doesn't apply anymore.
author: Melanie Thielker 2010-05-30 15:46:54 +0200
committer: Melanie 2010-05-30 14:42:58 +0100
commit: f1a1d7a5211a250aeb4ed540562be0c79f051e4b (patch)
tree: d3f61dec6e974dd8397086a4d51b71b5b91bfae2 /OpenSim/Region
parent: Changes OSSL Api permissions for the case of UUID list. In 0.6.9, the UUIDs (diff)
download: opensim-SC_OLD-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.zip
opensim-SC_OLD-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.gz
opensim-SC_OLD-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.bz2
opensim-SC_OLD-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.xz
1 files changed, 51 insertions, 16 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index 5b634e0..7ada738 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -105,6 +105,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
    //            modification of user data, or allows the compromise of
    //            sensitive data by design.
+    class FunctionPerms
+    {
+        public List<UUID> AllowedCreators;
+        public List<UUID> AllowedOwners;
+        public FunctionPerms()
+        {
+            AllowedCreators = new List<UUID>();
+            AllowedOwners = new List<UUID>();
+        }
+    }
    [Serializable]
    public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi
    {
@@ -117,7 +129,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
        internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow;
        internal float m_ScriptDelayFactor = 1.0f;
        internal float m_ScriptDistanceFactor = 1.0f;
-        internal Dictionary<string, List<UUID> > m_FunctionPerms = new Dictionary<string, List<UUID> >();
+        internal Dictionary<string, FunctionPerms > m_FunctionPerms = new Dictionary<string, FunctionPerms >();
        public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID)
        {
@@ -217,31 +229,46 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            if (!m_FunctionPerms.ContainsKey(function))
            {
-                string perm = m_ScriptEngine.Config.GetString("Allow_" + function, "");
+                FunctionPerms perms = new FunctionPerms();
-                if (perm == "")
+                m_FunctionPerms[function] = perms;
+                string ownerPerm = m_ScriptEngine.Config.GetString("Allow_" + function, "");
+                string creatorPerm = m_ScriptEngine.Config.GetString("Creators_" + function, "");
+                if (ownerPerm == "" && creatorPerm == "")
                {
-                    m_FunctionPerms[function] = null; // a null value is default
+                    // Default behavior
+                    perms.AllowedOwners = null;
+                    perms.AllowedCreators = null;
                }
                else
                {
                    bool allowed;
-                    if (bool.TryParse(perm, out allowed))
+                    if (bool.TryParse(ownerPerm, out allowed))
                    {
                        // Boolean given
                        if (allowed)
                        {
-                            m_FunctionPerms[function] = new List<UUID>();
+                            // Allow globally
-                            m_FunctionPerms[function].Add(UUID.Zero);
+                            perms.AllowedOwners.Add(UUID.Zero);
                        }
-                        else
-                            m_FunctionPerms[function] = new List<UUID>(); // Empty list = none
                    }
                    else
                    {
-                        m_FunctionPerms[function] = new List<UUID>();
+                        string[] ids = ownerPerm.Split(new char[] {','});
+                        foreach (string id in ids)
+                        {
+                            string current = id.Trim();
+                            UUID uuid;
+                            if (UUID.TryParse(current, out uuid))
+                            {
+                                if (uuid != UUID.Zero)
+                                    perms.AllowedOwners.Add(uuid);
+                            }
+                        }
-                        string[] ids = perm.Split(new char[] {','});
+                        ids = creatorPerm.Split(new char[] {','});
                        foreach (string id in ids)
                        {
                            string current = id.Trim();
@@ -250,7 +277,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
                            if (UUID.TryParse(current, out uuid))
                            {
                                if (uuid != UUID.Zero)
-                                    m_FunctionPerms[function].Add(uuid);
+                                    perms.AllowedCreators.Add(uuid);
                            }
                        }
                    }
@@ -266,8 +293,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            //
            // To allow use by anyone, the list contains UUID.Zero
            //
-            if (m_FunctionPerms[function] == null) // No list = true
+            if (m_FunctionPerms[function].AllowedOwners == null)
            {
+                // Allow / disallow by threat level
                if (level > m_MaxThreatLevel)
                    OSSLError(
                        String.Format(
@@ -276,8 +304,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
            }
            else
            {
-                if (!m_FunctionPerms[function].Contains(UUID.Zero))
+                if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero))
                {
+                    // Not anyone. Do detailed checks
+                    if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
+                    {
+                        // prim owner is in the list of allowed owners
+                        return;
+                    }
                    TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID);
                    if (ti == null)
                    {
@@ -285,9 +320,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
                            String.Format("{0} permission error. Can't find script in prim inventory.",
                            function));
                    }
-                    if (!m_FunctionPerms[function].Contains(ti.CreatorID))
+                    if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID))
                        OSSLError(
-                            String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.",
+                            String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
                            function));
                    if (ti.CreatorID != ti.OwnerID)
                    {
author	Melanie Thielker	2010-05-30 15:46:54 +0200
committer	Melanie	2010-05-30 14:42:58 +0100
commit	f1a1d7a5211a250aeb4ed540562be0c79f051e4b (patch)
tree	d3f61dec6e974dd8397086a4d51b71b5b91bfae2 /OpenSim/Region
parent	Changes OSSL Api permissions for the case of UUID list. In 0.6.9, the UUIDs (diff)
download	opensim-SC_OLD-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.zip opensim-SC_OLD-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.gz opensim-SC_OLD-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.bz2 opensim-SC_OLD-f1a1d7a5211a250aeb4ed540562be0c79f051e4b.tar.xz