aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/Environment/PermissionManager.cs
diff options
context:
space:
mode:
Diffstat (limited to 'OpenSim/Region/Environment/PermissionManager.cs')
-rw-r--r--OpenSim/Region/Environment/PermissionManager.cs361
1 files changed, 178 insertions, 183 deletions
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs
index fd8387b..b2829a1 100644
--- a/OpenSim/Region/Environment/PermissionManager.cs
+++ b/OpenSim/Region/Environment/PermissionManager.cs
@@ -33,27 +33,21 @@ namespace OpenSim.Region.Environment
33{ 33{
34 public class PermissionManager 34 public class PermissionManager
35 { 35 {
36 // Bypasses the permissions engine (always returns OK)
37 // disable in any production environment
38 // TODO: Change this to false when permissions are a desired default
39 // TODO: Move to configuration option.
40 private bool m_bypassPermissions = true;
36 protected Scene m_scene; 41 protected Scene m_scene;
37 42
38 // These are here for testing. They will be taken out 43 // These are here for testing. They will be taken out
39
40 //private uint PERM_ALL = (uint)2147483647; 44 //private uint PERM_ALL = (uint)2147483647;
41 private uint PERM_COPY = (uint)32768; 45 private uint PERM_COPY = 32768;
42 //private uint PERM_MODIFY = (uint)16384; 46 //private uint PERM_MODIFY = (uint)16384;
43 private uint PERM_MOVE = (uint)524288;
44 //private uint PERM_TRANS = (uint)8192; 47 //private uint PERM_TRANS = (uint)8192;
45 private uint PERM_LOCKED = (uint)540672; 48 private uint PERM_LOCKED = 540672;
46 // Bypasses the permissions engine (always returns OK) 49 private uint PERM_MOVE = 524288;
47 // disable in any production environment
48 // TODO: Change this to false when permissions are a desired default
49 // TODO: Move to configuration option.
50 private bool m_bypassPermissions = true;
51 50
52 public bool BypassPermissions
53 {
54 get { return m_bypassPermissions; }
55 set { m_bypassPermissions = value; }
56 }
57 51
58 public PermissionManager() 52 public PermissionManager()
59 { 53 {
@@ -64,6 +58,12 @@ namespace OpenSim.Region.Environment
64 m_scene = scene; 58 m_scene = scene;
65 } 59 }
66 60
61 public bool BypassPermissions
62 {
63 get { return m_bypassPermissions; }
64 set { m_bypassPermissions = value; }
65 }
66
67 public void Initialise(Scene scene) 67 public void Initialise(Scene scene)
68 { 68 {
69 m_scene = scene; 69 m_scene = scene;
@@ -129,8 +129,8 @@ namespace OpenSim.Region.Environment
129 ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y); 129 ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y);
130 if (land == null) return false; 130 if (land == null) return false;
131 131
132 if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) == 132 if ((land.landData.landFlags & ((int) Parcel.ParcelFlags.CreateObjects)) ==
133 (int)Parcel.ParcelFlags.CreateObjects) 133 (int) Parcel.ParcelFlags.CreateObjects)
134 permission = true; 134 permission = true;
135 135
136 //TODO: check for group rights 136 //TODO: check for group rights
@@ -168,8 +168,6 @@ namespace OpenSim.Region.Environment
168 /// <returns>Has permission?</returns> 168 /// <returns>Has permission?</returns>
169 public virtual bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos) 169 public virtual bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos)
170 { 170 {
171
172
173 if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f)) 171 if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f))
174 { 172 {
175 return true; 173 return true;
@@ -193,7 +191,7 @@ namespace OpenSim.Region.Environment
193 return true; 191 return true;
194 } 192 }
195 193
196 if ((land2.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0) 194 if ((land2.landData.landFlags & ((int) Parcel.ParcelFlags.AllowAllObjectEntry)) != 0)
197 { 195 {
198 return true; 196 return true;
199 } 197 }
@@ -210,11 +208,142 @@ namespace OpenSim.Region.Environment
210 return false; 208 return false;
211 } 209 }
212 210
211 public virtual bool CanEditScript(LLUUID user, LLUUID script)
212 {
213 return IsAdministrator(user);
214 }
215
216 public virtual bool CanRunScript(LLUUID user, LLUUID script)
217 {
218 return IsAdministrator(user);
219 }
220
221 public virtual bool CanRunConsoleCommand(LLUUID user)
222 {
223 return IsAdministrator(user);
224 }
225
226 public virtual bool CanTerraform(LLUUID user, LLVector3 position)
227 {
228 bool permission = false;
229
230 // Estate override
231 if (GenericEstatePermission(user))
232 permission = true;
233
234 float X = position.X;
235 float Y = position.Y;
236
237 if (X > 255)
238 X = 255;
239 if (Y > 255)
240 Y = 255;
241 if (X < 0)
242 X = 0;
243 if (Y < 0)
244 Y = 0;
245
246 // Land owner can terraform too
247 ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y);
248 if (parcel != null && GenericParcelPermission(user, parcel))
249 permission = true;
250
251 if (!permission)
252 SendPermissionError(user, "Not authorized to terraform at this location.");
253
254 return permission;
255 }
256
257 #region Estate Permissions
258
259 public virtual bool GenericEstatePermission(LLUUID user)
260 {
261 // Default: deny
262 bool permission = false;
263
264 // Estate admins should be able to use estate tools
265 if (IsEstateManager(user))
266 permission = true;
267
268 // Administrators always have permission
269 if (IsAdministrator(user))
270 permission = true;
271
272 return permission;
273 }
274
275 public virtual bool CanEditEstateTerrain(LLUUID user)
276 {
277 return GenericEstatePermission(user);
278 }
279
280 public virtual bool CanRestartSim(LLUUID user)
281 {
282 // Since this is potentially going on a grid...
283
284 return GenericEstatePermission(user);
285 //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
286 }
287
288 #endregion
289
290 #region Parcel Permissions
291
292 protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel)
293 {
294 bool permission = false;
295
296 if (parcel.landData.ownerID == user)
297 {
298 permission = true;
299 }
300
301 if (parcel.landData.isGroupOwned)
302 {
303 // TODO: Need to do some extra checks here. Requires group code.
304 }
305
306 if (IsEstateManager(user))
307 {
308 permission = true;
309 }
310
311 if (IsAdministrator(user))
312 {
313 permission = true;
314 }
315
316 return permission;
317 }
318
319 protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
320 {
321 ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y);
322 if (parcel == null) return false;
323 return GenericParcelPermission(user, parcel);
324 }
325
326 public virtual bool CanEditParcel(LLUUID user, ILandObject parcel)
327 {
328 return GenericParcelPermission(user, parcel);
329 }
330
331 public virtual bool CanSellParcel(LLUUID user, ILandObject parcel)
332 {
333 return GenericParcelPermission(user, parcel);
334 }
335
336 public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel)
337 {
338 return GenericParcelPermission(user, parcel);
339 }
340
341 #endregion
342
213 #region Object Permissions 343 #region Object Permissions
214 344
215 public virtual uint GenerateClientFlags(LLUUID user, LLUUID objID) 345 public virtual uint GenerateClientFlags(LLUUID user, LLUUID objID)
216 { 346 {
217
218 // Here's the way this works, 347 // Here's the way this works,
219 // ObjectFlags and Permission flags are two different enumerations 348 // ObjectFlags and Permission flags are two different enumerations
220 // ObjectFlags, however, tells the client to change what it will allow the user to do. 349 // ObjectFlags, however, tells the client to change what it will allow the user to do.
@@ -226,32 +355,33 @@ namespace OpenSim.Region.Environment
226 // Outside of this method, they should never be added to objectflags! 355 // Outside of this method, they should never be added to objectflags!
227 // -teravus 356 // -teravus
228 357
229 SceneObjectPart task=m_scene.GetSceneObjectPart(objID); 358 SceneObjectPart task = m_scene.GetSceneObjectPart(objID);
230 359
231 // this shouldn't ever happen.. return no permissions/objectflags. 360 // this shouldn't ever happen.. return no permissions/objectflags.
232 if (task == null) 361 if (task == null)
233 return (uint)0; 362 return 0;
234 363
235 uint objflags = task.GetEffectiveObjectFlags(); 364 uint objflags = task.GetEffectiveObjectFlags();
236 LLUUID objectOwner = task.OwnerID; 365 LLUUID objectOwner = task.OwnerID;
237 366
238 367
239 // Remove any of the objectFlags that are temporary. These will get added back if appropriate 368 // Remove any of the objectFlags that are temporary. These will get added back if appropriate
240 // in the next bit of code 369 // in the next bit of code
241 370
242 objflags &= (uint) 371 objflags &= (uint)
243 ~(LLObject.ObjectFlags.ObjectCopy | // Tells client you can copy the object 372 ~(LLObject.ObjectFlags.ObjectCopy | // Tells client you can copy the object
244 LLObject.ObjectFlags.ObjectModify | // tells client you can modify the object 373 LLObject.ObjectFlags.ObjectModify | // tells client you can modify the object
245 LLObject.ObjectFlags.ObjectMove | // tells client that you can move the object (only, no mod) 374 LLObject.ObjectFlags.ObjectMove | // tells client that you can move the object (only, no mod)
246 LLObject.ObjectFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it 375 LLObject.ObjectFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
247 LLObject.ObjectFlags.ObjectYouOwner | // Tells client that you're the owner of the object 376 LLObject.ObjectFlags.ObjectYouOwner | // Tells client that you're the owner of the object
248 LLObject.ObjectFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set 377 LLObject.ObjectFlags.ObjectYouOfficer
249 ); 378 // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
379 );
250 380
251 // Creating the three ObjectFlags options for this method to choose from. 381 // Creating the three ObjectFlags options for this method to choose from.
252 // Customize the OwnerMask 382 // Customize the OwnerMask
253 uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); 383 uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags);
254 objectOwnerMask |= (uint)LLObject.ObjectFlags.ObjectYouOwner; 384 objectOwnerMask |= (uint) LLObject.ObjectFlags.ObjectYouOwner;
255 385
256 // Customize the GroupMask 386 // Customize the GroupMask
257 uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags); 387 uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags);
@@ -261,8 +391,8 @@ namespace OpenSim.Region.Environment
261 391
262 392
263 // Hack to allow collaboration until Groups and Group Permissions are implemented 393 // Hack to allow collaboration until Groups and Group Permissions are implemented
264 if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0) 394 if ((objectEveryoneMask & (uint) LLObject.ObjectFlags.ObjectMove) != 0)
265 objectEveryoneMask |= (uint)LLObject.ObjectFlags.ObjectModify; 395 objectEveryoneMask |= (uint) LLObject.ObjectFlags.ObjectModify;
266 396
267 if (m_bypassPermissions) 397 if (m_bypassPermissions)
268 return objectOwnerMask; 398 return objectOwnerMask;
@@ -287,7 +417,6 @@ namespace OpenSim.Region.Environment
287 return objectOwnerMask; 417 return objectOwnerMask;
288 418
289 419
290
291 // Admin should be able to edit anything in the sim (including admin objects) 420 // Admin should be able to edit anything in the sim (including admin objects)
292 if (IsAdministrator(user)) 421 if (IsAdministrator(user))
293 return objectOwnerMask; 422 return objectOwnerMask;
@@ -297,30 +426,29 @@ namespace OpenSim.Region.Environment
297 } 426 }
298 427
299 428
300
301 private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask) 429 private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
302 { 430 {
303 // We are adding the temporary objectflags to the object's objectflags based on the 431 // We are adding the temporary objectflags to the object's objectflags based on the
304 // permission flag given. These change the F flags on the client. 432 // permission flag given. These change the F flags on the client.
305 433
306 if ((setPermissionMask & (uint)PermissionMask.Copy) != 0) 434 if ((setPermissionMask & (uint) PermissionMask.Copy) != 0)
307 { 435 {
308 objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectCopy; 436 objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectCopy;
309 } 437 }
310 438
311 if ((setPermissionMask & (uint)PermissionMask.Move) != 0) 439 if ((setPermissionMask & (uint) PermissionMask.Move) != 0)
312 { 440 {
313 objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectMove; 441 objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectMove;
314 } 442 }
315 443
316 if ((setPermissionMask & (uint)PermissionMask.Modify) != 0) 444 if ((setPermissionMask & (uint) PermissionMask.Modify) != 0)
317 { 445 {
318 objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectModify; 446 objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectModify;
319 } 447 }
320 448
321 if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0) 449 if ((setPermissionMask & (uint) PermissionMask.Transfer) != 0)
322 { 450 {
323 objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectTransfer; 451 objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectTransfer;
324 } 452 }
325 453
326 return objectFlagsMask; 454 return objectFlagsMask;
@@ -344,7 +472,7 @@ namespace OpenSim.Region.Environment
344 } 472 }
345 473
346 474
347 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; 475 SceneObjectGroup group = (SceneObjectGroup) m_scene.Entities[objId];
348 476
349 LLUUID objectOwner = group.OwnerID; 477 LLUUID objectOwner = group.OwnerID;
350 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); 478 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
@@ -432,7 +560,7 @@ namespace OpenSim.Region.Environment
432 } 560 }
433 561
434 562
435 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; 563 SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[obj];
436 564
437 565
438 LLUUID taskOwner = null; 566 LLUUID taskOwner = null;
@@ -447,7 +575,6 @@ namespace OpenSim.Region.Environment
447 // Locked 575 // Locked
448 if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0) 576 if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
449 permission = false; 577 permission = false;
450
451 } 578 }
452 else 579 else
453 { 580 {
@@ -464,7 +591,7 @@ namespace OpenSim.Region.Environment
464 } 591 }
465 592
466 593
467 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[obj]; 594 SceneObjectGroup group = (SceneObjectGroup) m_scene.Entities[obj];
468 595
469 LLUUID objectOwner = group.OwnerID; 596 LLUUID objectOwner = group.OwnerID;
470 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); 597 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
@@ -502,7 +629,7 @@ namespace OpenSim.Region.Environment
502 return false; 629 return false;
503 } 630 }
504 631
505 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; 632 SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[obj];
506 LLUUID taskOwner = null; 633 LLUUID taskOwner = null;
507 // Added this because at this point in time it wouldn't be wise for 634 // Added this because at this point in time it wouldn't be wise for
508 // the administrator object permissions to take effect. 635 // the administrator object permissions to take effect.
@@ -558,137 +685,5 @@ namespace OpenSim.Region.Environment
558 } 685 }
559 686
560 #endregion 687 #endregion
561
562 public virtual bool CanEditScript(LLUUID user, LLUUID script)
563 {
564 return IsAdministrator(user);
565 }
566
567 public virtual bool CanRunScript(LLUUID user, LLUUID script)
568 {
569 return IsAdministrator(user);
570 }
571
572 public virtual bool CanRunConsoleCommand(LLUUID user)
573 {
574 return IsAdministrator(user);
575 }
576
577 public virtual bool CanTerraform(LLUUID user, LLVector3 position)
578 {
579 bool permission = false;
580
581 // Estate override
582 if (GenericEstatePermission(user))
583 permission = true;
584
585 float X = position.X;
586 float Y = position.Y;
587
588 if (X > 255)
589 X = 255;
590 if (Y > 255)
591 Y = 255;
592 if (X < 0)
593 X = 0;
594 if (Y < 0)
595 Y = 0;
596
597 // Land owner can terraform too
598 ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y);
599 if (parcel != null && GenericParcelPermission(user, parcel))
600 permission = true;
601
602 if (!permission)
603 SendPermissionError(user, "Not authorized to terraform at this location.");
604
605 return permission;
606 }
607
608 #region Estate Permissions
609
610 public virtual bool GenericEstatePermission(LLUUID user)
611 {
612 // Default: deny
613 bool permission = false;
614
615 // Estate admins should be able to use estate tools
616 if (IsEstateManager(user))
617 permission = true;
618
619 // Administrators always have permission
620 if (IsAdministrator(user))
621 permission = true;
622
623 return permission;
624 }
625
626 public virtual bool CanEditEstateTerrain(LLUUID user)
627 {
628 return GenericEstatePermission(user);
629 }
630
631 public virtual bool CanRestartSim(LLUUID user)
632 {
633 // Since this is potentially going on a grid...
634
635 return GenericEstatePermission(user);
636 //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
637 }
638
639 #endregion
640
641 #region Parcel Permissions
642
643 protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel)
644 {
645 bool permission = false;
646
647 if (parcel.landData.ownerID == user)
648 {
649 permission = true;
650 }
651
652 if (parcel.landData.isGroupOwned)
653 {
654 // TODO: Need to do some extra checks here. Requires group code.
655 }
656
657 if (IsEstateManager(user))
658 {
659 permission = true;
660 }
661
662 if (IsAdministrator(user))
663 {
664 permission = true;
665 }
666
667 return permission;
668 }
669
670 protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
671 {
672 ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y);
673 if (parcel == null) return false;
674 return GenericParcelPermission(user, parcel);
675 }
676
677 public virtual bool CanEditParcel(LLUUID user, ILandObject parcel)
678 {
679 return GenericParcelPermission(user, parcel);
680 }
681
682 public virtual bool CanSellParcel(LLUUID user, ILandObject parcel)
683 {
684 return GenericParcelPermission(user, parcel);
685 }
686
687 public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel)
688 {
689 return GenericParcelPermission(user, parcel);
690 }
691
692 #endregion
693 } 688 }
694} 689} \ No newline at end of file
generated by cgit v1.1 at 2024-07-01 08:39:32 +0000