1 files changed, 41 insertions, 52 deletions
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs
index bb0a756..47e29a3 100644
--- a/OpenSim/Region/Environment/PermissionManager.cs
+++ b/OpenSim/Region/Environment/PermissionManager.cs
@@ -42,6 +42,7 @@ namespace OpenSim.Region.Environment
        private uint PERM_MODIFY = (uint) 16384;
        private uint PERM_MOVE = (uint) 524288;
        private uint PERM_TRANS = (uint) 8192;
+        private uint PERM_LOCKED = (uint) 540672;
        // Bypasses the permissions engine (always returns OK)
        // disable in any production environment
        // TODO: Change this to false when permissions are a desired default
@@ -201,28 +202,25 @@ namespace OpenSim.Region.Environment
            // Remove any of the objectFlags that are temporary.  These will get added back if appropriate 
            // in the next bit of code
-            objflags &= (uint)LLObject.ObjectFlags.ObjectCopy; // Tells client you can copy the object
+            objflags &= ~(uint)LLObject.ObjectFlags.ObjectCopy; // Tells client you can copy the object
-            objflags &= (uint)LLObject.ObjectFlags.ObjectModify; // tells client you can modify the object
+            objflags &= ~(uint)LLObject.ObjectFlags.ObjectModify; // tells client you can modify the object
-            objflags &= (uint)LLObject.ObjectFlags.ObjectMove; // tells client that you can move the object (only, no mod)
+            objflags &= ~(uint)LLObject.ObjectFlags.ObjectMove; // tells client that you can move the object (only, no mod)
-            objflags &= (uint)LLObject.ObjectFlags.ObjectTransfer; // tells the client that you can /take/ the object if you don't own it
+            objflags &= ~(uint)LLObject.ObjectFlags.ObjectTransfer; // tells the client that you can /take/ the object if you don't own it
-            objflags &= (uint)LLObject.ObjectFlags.ObjectYouOwner; // Tells client that you're the owner of the object
+            objflags &= ~(uint)LLObject.ObjectFlags.ObjectYouOwner; // Tells client that you're the owner of the object
-            objflags &= (uint)LLObject.ObjectFlags.ObjectYouOfficer; // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
+            objflags &= ~(uint)LLObject.ObjectFlags.ObjectYouOfficer; // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
            // Creating the three ObjectFlags options for this method to choose from.
-            bool tasklocked = task.GetLocked(); // more debug needed to apply this, so we're going to set this to false for now
+            // Customize the OwnerMask
-            tasklocked = false;
+            uint objectOwnerMask = ApplyObjectModifyMasks(task.RootPart.OwnerMask, objflags);
-            uint objectOwnerMask = ApplyObjectModifyMasks(task.RootPart.OwnerMask, objflags, tasklocked);
-            objectOwnerMask = AddBackBrokenObjectProperties(task.RootPart, objectOwnerMask);
            objectOwnerMask |= (uint)LLObject.ObjectFlags.ObjectYouOwner;
-            uint objectGroupMask = ApplyObjectModifyMasks(task.RootPart.GroupMask, objflags, tasklocked);
+            // Customize the GroupMask
-            objectGroupMask = AddBackBrokenObjectProperties(task.RootPart,objectGroupMask);
+            uint objectGroupMask = ApplyObjectModifyMasks(task.RootPart.GroupMask, objflags);
+            
-            uint objectEveryoneMask = ApplyObjectModifyMasks(task.RootPart.EveryoneMask, objflags, tasklocked);
+            // Customize the EveryoneMask
-            objectEveryoneMask = AddBackBrokenObjectProperties(task.RootPart,objectEveryoneMask);
+            uint objectEveryoneMask = ApplyObjectModifyMasks(task.RootPart.EveryoneMask, objflags);
+           
            // Hack to allow collaboration until Groups and Group Permissions are implemented
            if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0)
@@ -259,44 +257,14 @@ namespace OpenSim.Region.Environment
            return objectEveryoneMask;
        }
-        private uint AddBackBrokenObjectProperties(SceneObjectPart task, uint objectmask)
+        
-        {
-            if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Physics) != 0)
-                objectmask |= (uint)LLObject.ObjectFlags.Physics;
-            if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Scripted) != 0)
-                objectmask |= (uint)LLObject.ObjectFlags.Scripted;
-            if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.TemporaryOnRez) != 0)
-                objectmask |= (uint)LLObject.ObjectFlags.TemporaryOnRez;
-            if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Phantom) != 0)
-                objectmask |= (uint)LLObject.ObjectFlags.Phantom;
-            if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Touch) != 0)
-                objectmask |= (uint)LLObject.ObjectFlags.Touch;
-            if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Scripted) != 0)
-                objectmask |= (uint)LLObject.ObjectFlags.Scripted;
-            if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.AllowInventoryDrop) != 0)
-                objectmask |= (uint)LLObject.ObjectFlags.AllowInventoryDrop;
-            if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.CastShadows) != 0)
-                objectmask |= (uint)LLObject.ObjectFlags.CastShadows;
-            return objectmask;
-        }
+        private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
-        private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask, bool locked)
        {
            // We are adding the temporary objectflags to the object's objectflags based on the 
            // permission flag given.  These change the F flags on the client.
-            if (!locked)
+           
-            {
                if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)
                {
                    objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectCopy;
@@ -316,14 +284,15 @@ namespace OpenSim.Region.Environment
                {
                    objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectTransfer;
                }
-            }
+            
            return objectFlagsMask;
        }
+        
        protected virtual bool GenericObjectPermission(LLUUID currentUser, LLUUID objId)
        {
            // Default: deny
            bool permission = false;
+            bool locked = false;
            if (!m_scene.Entities.ContainsKey(objId))
            {
@@ -340,6 +309,19 @@ namespace OpenSim.Region.Environment
            SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
           
            LLUUID objectOwner = group.OwnerID;
+            locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
+            
+            // People shouldn't be able to do anything with locked objects, except the Administrator
+            // The 'set permissions' runs through a different permission check, so when an object owner 
+            // sets an object locked, the only thing that they can do is unlock it.
+            //
+            // Nobody but the object owner can set permissions on an object
+            //
+            if (locked && (!IsAdministrator(currentUser)))
+            {
+                return false;
+            }
            // Object owners should be able to edit their own content
            if (currentUser == objectOwner)
@@ -419,8 +401,15 @@ namespace OpenSim.Region.Environment
                // Added this because at this point in time it wouldn't be wise for 
                // the administrator object permissions to take effect.
                LLUUID objectOwner = task.OwnerID;
+                
+                // Anyone can move
                if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
                    permission = true;
+                // Locked
+                if ((task.RootPart.OwnerMask & PERM_LOCKED) != 0)
+                    permission = false;
            }
            return permission;
        }

diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs index bb0a756..47e29a3 100644 --- a/OpenSim/Region/Environment/PermissionManager.cs +++ b/OpenSim/Region/Environment/PermissionManager.cs
@@ -42,6 +42,7 @@ namespace OpenSim.Region.Environment
42	private uint PERM_MODIFY = (uint) 16384;	42	private uint PERM_MODIFY = (uint) 16384;
43	private uint PERM_MOVE = (uint) 524288;	43	private uint PERM_MOVE = (uint) 524288;
44	private uint PERM_TRANS = (uint) 8192;	44	private uint PERM_TRANS = (uint) 8192;
		45	private uint PERM_LOCKED = (uint) 540672;
45	// Bypasses the permissions engine (always returns OK)	46	// Bypasses the permissions engine (always returns OK)
46	// disable in any production environment	47	// disable in any production environment
47	// TODO: Change this to false when permissions are a desired default	48	// TODO: Change this to false when permissions are a desired default
@@ -201,28 +202,25 @@ namespace OpenSim.Region.Environment
201	// Remove any of the objectFlags that are temporary. These will get added back if appropriate	202	// Remove any of the objectFlags that are temporary. These will get added back if appropriate
202	// in the next bit of code	203	// in the next bit of code
203		204
204	objflags &= (uint)LLObject.ObjectFlags.ObjectCopy; // Tells client you can copy the object	205	objflags &= ~(uint)LLObject.ObjectFlags.ObjectCopy; // Tells client you can copy the object
205	objflags &= (uint)LLObject.ObjectFlags.ObjectModify; // tells client you can modify the object	206	objflags &= ~(uint)LLObject.ObjectFlags.ObjectModify; // tells client you can modify the object
206	objflags &= (uint)LLObject.ObjectFlags.ObjectMove; // tells client that you can move the object (only, no mod)	207	objflags &= ~(uint)LLObject.ObjectFlags.ObjectMove; // tells client that you can move the object (only, no mod)
207	objflags &= (uint)LLObject.ObjectFlags.ObjectTransfer; // tells the client that you can /take/ the object if you don't own it	208	objflags &= ~(uint)LLObject.ObjectFlags.ObjectTransfer; // tells the client that you can /take/ the object if you don't own it
208	objflags &= (uint)LLObject.ObjectFlags.ObjectYouOwner; // Tells client that you're the owner of the object	209	objflags &= ~(uint)LLObject.ObjectFlags.ObjectYouOwner; // Tells client that you're the owner of the object
209	objflags &= (uint)LLObject.ObjectFlags.ObjectYouOfficer; // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set	210	objflags &= ~(uint)LLObject.ObjectFlags.ObjectYouOfficer; // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
210		211
211		212
212	// Creating the three ObjectFlags options for this method to choose from.	213	// Creating the three ObjectFlags options for this method to choose from.
213	bool tasklocked = task.GetLocked(); // more debug needed to apply this, so we're going to set this to false for now	214	// Customize the OwnerMask
214	tasklocked = false;	215	uint objectOwnerMask = ApplyObjectModifyMasks(task.RootPart.OwnerMask, objflags);
215
216	uint objectOwnerMask = ApplyObjectModifyMasks(task.RootPart.OwnerMask, objflags, tasklocked);
217	objectOwnerMask = AddBackBrokenObjectProperties(task.RootPart, objectOwnerMask);
218
219	objectOwnerMask \|= (uint)LLObject.ObjectFlags.ObjectYouOwner;	216	objectOwnerMask \|= (uint)LLObject.ObjectFlags.ObjectYouOwner;
220		217
221	uint objectGroupMask = ApplyObjectModifyMasks(task.RootPart.GroupMask, objflags, tasklocked);	218	// Customize the GroupMask
222	objectGroupMask = AddBackBrokenObjectProperties(task.RootPart,objectGroupMask);	219	uint objectGroupMask = ApplyObjectModifyMasks(task.RootPart.GroupMask, objflags);
223		220
224	uint objectEveryoneMask = ApplyObjectModifyMasks(task.RootPart.EveryoneMask, objflags, tasklocked);	221	// Customize the EveryoneMask
225	objectEveryoneMask = AddBackBrokenObjectProperties(task.RootPart,objectEveryoneMask);	222	uint objectEveryoneMask = ApplyObjectModifyMasks(task.RootPart.EveryoneMask, objflags);
		223
226		224
227	// Hack to allow collaboration until Groups and Group Permissions are implemented	225	// Hack to allow collaboration until Groups and Group Permissions are implemented
228	if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0)	226	if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0)
@@ -259,44 +257,14 @@ namespace OpenSim.Region.Environment
259		257
260	return objectEveryoneMask;	258	return objectEveryoneMask;
261	}	259	}
262	private uint AddBackBrokenObjectProperties(SceneObjectPart task, uint objectmask)	260
263	{
264	if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Physics) != 0)
265	objectmask \|= (uint)LLObject.ObjectFlags.Physics;
266
267	if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Scripted) != 0)
268	objectmask \|= (uint)LLObject.ObjectFlags.Scripted;
269
270	if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.TemporaryOnRez) != 0)
271	objectmask \|= (uint)LLObject.ObjectFlags.TemporaryOnRez;
272		261
273	if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Phantom) != 0)
274	objectmask \|= (uint)LLObject.ObjectFlags.Phantom;
275
276	if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Touch) != 0)
277	objectmask \|= (uint)LLObject.ObjectFlags.Touch;
278
279	if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.Scripted) != 0)
280	objectmask \|= (uint)LLObject.ObjectFlags.Scripted;
281
282	if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.AllowInventoryDrop) != 0)
283	objectmask \|= (uint)LLObject.ObjectFlags.AllowInventoryDrop;
284
285
286	if ((task.ObjectFlags & (uint)LLObject.ObjectFlags.CastShadows) != 0)
287	objectmask \|= (uint)LLObject.ObjectFlags.CastShadows;
288
289	return objectmask;
290	}
291		262
292		263	private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
293	private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask, bool locked)
294	{	264	{
295	// We are adding the temporary objectflags to the object's objectflags based on the	265	// We are adding the temporary objectflags to the object's objectflags based on the
296	// permission flag given. These change the F flags on the client.	266	// permission flag given. These change the F flags on the client.
297	if (!locked)	267
298	{
299
300	if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)	268	if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)
301	{	269	{
302	objectFlagsMask \|= (uint)LLObject.ObjectFlags.ObjectCopy;	270	objectFlagsMask \|= (uint)LLObject.ObjectFlags.ObjectCopy;
@@ -316,14 +284,15 @@ namespace OpenSim.Region.Environment
316	{	284	{
317	objectFlagsMask \|= (uint)LLObject.ObjectFlags.ObjectTransfer;	285	objectFlagsMask \|= (uint)LLObject.ObjectFlags.ObjectTransfer;
318	}	286	}
319	}	287
320	return objectFlagsMask;	288	return objectFlagsMask;
321	}	289	}
322		290
323	protected virtual bool GenericObjectPermission(LLUUID currentUser, LLUUID objId)	291	protected virtual bool GenericObjectPermission(LLUUID currentUser, LLUUID objId)
324	{	292	{
325	// Default: deny	293	// Default: deny
326	bool permission = false;	294	bool permission = false;
		295	bool locked = false;
327		296
328	if (!m_scene.Entities.ContainsKey(objId))	297	if (!m_scene.Entities.ContainsKey(objId))
329	{	298	{
@@ -340,6 +309,19 @@ namespace OpenSim.Region.Environment
340	SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];	309	SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
341		310
342	LLUUID objectOwner = group.OwnerID;	311	LLUUID objectOwner = group.OwnerID;
		312	locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
		313
		314	// People shouldn't be able to do anything with locked objects, except the Administrator
		315	// The 'set permissions' runs through a different permission check, so when an object owner
		316	// sets an object locked, the only thing that they can do is unlock it.
		317	//
		318	// Nobody but the object owner can set permissions on an object
		319	//
		320
		321	if (locked && (!IsAdministrator(currentUser)))
		322	{
		323	return false;
		324	}
343		325
344	// Object owners should be able to edit their own content	326	// Object owners should be able to edit their own content
345	if (currentUser == objectOwner)	327	if (currentUser == objectOwner)
@@ -419,8 +401,15 @@ namespace OpenSim.Region.Environment
419	// Added this because at this point in time it wouldn't be wise for	401	// Added this because at this point in time it wouldn't be wise for
420	// the administrator object permissions to take effect.	402	// the administrator object permissions to take effect.
421	LLUUID objectOwner = task.OwnerID;	403	LLUUID objectOwner = task.OwnerID;
		404
		405	// Anyone can move
422	if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)	406	if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
423	permission = true;	407	permission = true;
		408
		409	// Locked
		410	if ((task.RootPart.OwnerMask & PERM_LOCKED) != 0)
		411	permission = false;
		412
424	}	413	}
425	return permission;	414	return permission;
426	}	415	}