aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region/Environment/PermissionManager.cs
diff options
context:
space:
mode:
Diffstat (limited to 'OpenSim/Region/Environment/PermissionManager.cs')
-rw-r--r--OpenSim/Region/Environment/PermissionManager.cs361
1 files changed, 183 insertions, 178 deletions
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs
index b2829a1..fd8387b 100644
--- a/OpenSim/Region/Environment/PermissionManager.cs
+++ b/OpenSim/Region/Environment/PermissionManager.cs
@@ -33,21 +33,27 @@ namespace OpenSim.Region.Environment
33{ 33{
34 public class PermissionManager 34 public class PermissionManager
35 { 35 {
36 // Bypasses the permissions engine (always returns OK)
37 // disable in any production environment
38 // TODO: Change this to false when permissions are a desired default
39 // TODO: Move to configuration option.
40 private bool m_bypassPermissions = true;
41 protected Scene m_scene; 36 protected Scene m_scene;
42 37
43 // These are here for testing. They will be taken out 38 // These are here for testing. They will be taken out
39
44 //private uint PERM_ALL = (uint)2147483647; 40 //private uint PERM_ALL = (uint)2147483647;
45 private uint PERM_COPY = 32768; 41 private uint PERM_COPY = (uint)32768;
46 //private uint PERM_MODIFY = (uint)16384; 42 //private uint PERM_MODIFY = (uint)16384;
43 private uint PERM_MOVE = (uint)524288;
47 //private uint PERM_TRANS = (uint)8192; 44 //private uint PERM_TRANS = (uint)8192;
48 private uint PERM_LOCKED = 540672; 45 private uint PERM_LOCKED = (uint)540672;
49 private uint PERM_MOVE = 524288; 46 // Bypasses the permissions engine (always returns OK)
47 // disable in any production environment
48 // TODO: Change this to false when permissions are a desired default
49 // TODO: Move to configuration option.
50 private bool m_bypassPermissions = true;
50 51
52 public bool BypassPermissions
53 {
54 get { return m_bypassPermissions; }
55 set { m_bypassPermissions = value; }
56 }
51 57
52 public PermissionManager() 58 public PermissionManager()
53 { 59 {
@@ -58,12 +64,6 @@ namespace OpenSim.Region.Environment
58 m_scene = scene; 64 m_scene = scene;
59 } 65 }
60 66
61 public bool BypassPermissions
62 {
63 get { return m_bypassPermissions; }
64 set { m_bypassPermissions = value; }
65 }
66
67 public void Initialise(Scene scene) 67 public void Initialise(Scene scene)
68 { 68 {
69 m_scene = scene; 69 m_scene = scene;
@@ -129,8 +129,8 @@ namespace OpenSim.Region.Environment
129 ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y); 129 ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y);
130 if (land == null) return false; 130 if (land == null) return false;
131 131
132 if ((land.landData.landFlags & ((int) Parcel.ParcelFlags.CreateObjects)) == 132 if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) ==
133 (int) Parcel.ParcelFlags.CreateObjects) 133 (int)Parcel.ParcelFlags.CreateObjects)
134 permission = true; 134 permission = true;
135 135
136 //TODO: check for group rights 136 //TODO: check for group rights
@@ -168,6 +168,8 @@ namespace OpenSim.Region.Environment
168 /// <returns>Has permission?</returns> 168 /// <returns>Has permission?</returns>
169 public virtual bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos) 169 public virtual bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos)
170 { 170 {
171
172
171 if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f)) 173 if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f))
172 { 174 {
173 return true; 175 return true;
@@ -191,7 +193,7 @@ namespace OpenSim.Region.Environment
191 return true; 193 return true;
192 } 194 }
193 195
194 if ((land2.landData.landFlags & ((int) Parcel.ParcelFlags.AllowAllObjectEntry)) != 0) 196 if ((land2.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0)
195 { 197 {
196 return true; 198 return true;
197 } 199 }
@@ -208,142 +210,11 @@ namespace OpenSim.Region.Environment
208 return false; 210 return false;
209 } 211 }
210 212
211 public virtual bool CanEditScript(LLUUID user, LLUUID script)
212 {
213 return IsAdministrator(user);
214 }
215
216 public virtual bool CanRunScript(LLUUID user, LLUUID script)
217 {
218 return IsAdministrator(user);
219 }
220
221 public virtual bool CanRunConsoleCommand(LLUUID user)
222 {
223 return IsAdministrator(user);
224 }
225
226 public virtual bool CanTerraform(LLUUID user, LLVector3 position)
227 {
228 bool permission = false;
229
230 // Estate override
231 if (GenericEstatePermission(user))
232 permission = true;
233
234 float X = position.X;
235 float Y = position.Y;
236
237 if (X > 255)
238 X = 255;
239 if (Y > 255)
240 Y = 255;
241 if (X < 0)
242 X = 0;
243 if (Y < 0)
244 Y = 0;
245
246 // Land owner can terraform too
247 ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y);
248 if (parcel != null && GenericParcelPermission(user, parcel))
249 permission = true;
250
251 if (!permission)
252 SendPermissionError(user, "Not authorized to terraform at this location.");
253
254 return permission;
255 }
256
257 #region Estate Permissions
258
259 public virtual bool GenericEstatePermission(LLUUID user)
260 {
261 // Default: deny
262 bool permission = false;
263
264 // Estate admins should be able to use estate tools
265 if (IsEstateManager(user))
266 permission = true;
267
268 // Administrators always have permission
269 if (IsAdministrator(user))
270 permission = true;
271
272 return permission;
273 }
274
275 public virtual bool CanEditEstateTerrain(LLUUID user)
276 {
277 return GenericEstatePermission(user);
278 }
279
280 public virtual bool CanRestartSim(LLUUID user)
281 {
282 // Since this is potentially going on a grid...
283
284 return GenericEstatePermission(user);
285 //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
286 }
287
288 #endregion
289
290 #region Parcel Permissions
291
292 protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel)
293 {
294 bool permission = false;
295
296 if (parcel.landData.ownerID == user)
297 {
298 permission = true;
299 }
300
301 if (parcel.landData.isGroupOwned)
302 {
303 // TODO: Need to do some extra checks here. Requires group code.
304 }
305
306 if (IsEstateManager(user))
307 {
308 permission = true;
309 }
310
311 if (IsAdministrator(user))
312 {
313 permission = true;
314 }
315
316 return permission;
317 }
318
319 protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
320 {
321 ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y);
322 if (parcel == null) return false;
323 return GenericParcelPermission(user, parcel);
324 }
325
326 public virtual bool CanEditParcel(LLUUID user, ILandObject parcel)
327 {
328 return GenericParcelPermission(user, parcel);
329 }
330
331 public virtual bool CanSellParcel(LLUUID user, ILandObject parcel)
332 {
333 return GenericParcelPermission(user, parcel);
334 }
335
336 public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel)
337 {
338 return GenericParcelPermission(user, parcel);
339 }
340
341 #endregion
342
343 #region Object Permissions 213 #region Object Permissions
344 214
345 public virtual uint GenerateClientFlags(LLUUID user, LLUUID objID) 215 public virtual uint GenerateClientFlags(LLUUID user, LLUUID objID)
346 { 216 {
217
347 // Here's the way this works, 218 // Here's the way this works,
348 // ObjectFlags and Permission flags are two different enumerations 219 // ObjectFlags and Permission flags are two different enumerations
349 // ObjectFlags, however, tells the client to change what it will allow the user to do. 220 // ObjectFlags, however, tells the client to change what it will allow the user to do.
@@ -355,33 +226,32 @@ namespace OpenSim.Region.Environment
355 // Outside of this method, they should never be added to objectflags! 226 // Outside of this method, they should never be added to objectflags!
356 // -teravus 227 // -teravus
357 228
358 SceneObjectPart task = m_scene.GetSceneObjectPart(objID); 229 SceneObjectPart task=m_scene.GetSceneObjectPart(objID);
359 230
360 // this shouldn't ever happen.. return no permissions/objectflags. 231 // this shouldn't ever happen.. return no permissions/objectflags.
361 if (task == null) 232 if (task == null)
362 return 0; 233 return (uint)0;
363 234
364 uint objflags = task.GetEffectiveObjectFlags(); 235 uint objflags = task.GetEffectiveObjectFlags();
365 LLUUID objectOwner = task.OwnerID; 236 LLUUID objectOwner = task.OwnerID;
366 237
367 238
368 // Remove any of the objectFlags that are temporary. These will get added back if appropriate 239 // Remove any of the objectFlags that are temporary. These will get added back if appropriate
369 // in the next bit of code 240 // in the next bit of code
370 241
371 objflags &= (uint) 242 objflags &= (uint)
372 ~(LLObject.ObjectFlags.ObjectCopy | // Tells client you can copy the object 243 ~(LLObject.ObjectFlags.ObjectCopy | // Tells client you can copy the object
373 LLObject.ObjectFlags.ObjectModify | // tells client you can modify the object 244 LLObject.ObjectFlags.ObjectModify | // tells client you can modify the object
374 LLObject.ObjectFlags.ObjectMove | // tells client that you can move the object (only, no mod) 245 LLObject.ObjectFlags.ObjectMove | // tells client that you can move the object (only, no mod)
375 LLObject.ObjectFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it 246 LLObject.ObjectFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
376 LLObject.ObjectFlags.ObjectYouOwner | // Tells client that you're the owner of the object 247 LLObject.ObjectFlags.ObjectYouOwner | // Tells client that you're the owner of the object
377 LLObject.ObjectFlags.ObjectYouOfficer 248 LLObject.ObjectFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
378 // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set 249 );
379 );
380 250
381 // Creating the three ObjectFlags options for this method to choose from. 251 // Creating the three ObjectFlags options for this method to choose from.
382 // Customize the OwnerMask 252 // Customize the OwnerMask
383 uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); 253 uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags);
384 objectOwnerMask |= (uint) LLObject.ObjectFlags.ObjectYouOwner; 254 objectOwnerMask |= (uint)LLObject.ObjectFlags.ObjectYouOwner;
385 255
386 // Customize the GroupMask 256 // Customize the GroupMask
387 uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags); 257 uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags);
@@ -391,8 +261,8 @@ namespace OpenSim.Region.Environment
391 261
392 262
393 // Hack to allow collaboration until Groups and Group Permissions are implemented 263 // Hack to allow collaboration until Groups and Group Permissions are implemented
394 if ((objectEveryoneMask & (uint) LLObject.ObjectFlags.ObjectMove) != 0) 264 if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0)
395 objectEveryoneMask |= (uint) LLObject.ObjectFlags.ObjectModify; 265 objectEveryoneMask |= (uint)LLObject.ObjectFlags.ObjectModify;
396 266
397 if (m_bypassPermissions) 267 if (m_bypassPermissions)
398 return objectOwnerMask; 268 return objectOwnerMask;
@@ -417,6 +287,7 @@ namespace OpenSim.Region.Environment
417 return objectOwnerMask; 287 return objectOwnerMask;
418 288
419 289
290
420 // Admin should be able to edit anything in the sim (including admin objects) 291 // Admin should be able to edit anything in the sim (including admin objects)
421 if (IsAdministrator(user)) 292 if (IsAdministrator(user))
422 return objectOwnerMask; 293 return objectOwnerMask;
@@ -426,29 +297,30 @@ namespace OpenSim.Region.Environment
426 } 297 }
427 298
428 299
300
429 private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask) 301 private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
430 { 302 {
431 // We are adding the temporary objectflags to the object's objectflags based on the 303 // We are adding the temporary objectflags to the object's objectflags based on the
432 // permission flag given. These change the F flags on the client. 304 // permission flag given. These change the F flags on the client.
433 305
434 if ((setPermissionMask & (uint) PermissionMask.Copy) != 0) 306 if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)
435 { 307 {
436 objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectCopy; 308 objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectCopy;
437 } 309 }
438 310
439 if ((setPermissionMask & (uint) PermissionMask.Move) != 0) 311 if ((setPermissionMask & (uint)PermissionMask.Move) != 0)
440 { 312 {
441 objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectMove; 313 objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectMove;
442 } 314 }
443 315
444 if ((setPermissionMask & (uint) PermissionMask.Modify) != 0) 316 if ((setPermissionMask & (uint)PermissionMask.Modify) != 0)
445 { 317 {
446 objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectModify; 318 objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectModify;
447 } 319 }
448 320
449 if ((setPermissionMask & (uint) PermissionMask.Transfer) != 0) 321 if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0)
450 { 322 {
451 objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectTransfer; 323 objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectTransfer;
452 } 324 }
453 325
454 return objectFlagsMask; 326 return objectFlagsMask;
@@ -472,7 +344,7 @@ namespace OpenSim.Region.Environment
472 } 344 }
473 345
474 346
475 SceneObjectGroup group = (SceneObjectGroup) m_scene.Entities[objId]; 347 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
476 348
477 LLUUID objectOwner = group.OwnerID; 349 LLUUID objectOwner = group.OwnerID;
478 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); 350 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
@@ -560,7 +432,7 @@ namespace OpenSim.Region.Environment
560 } 432 }
561 433
562 434
563 SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[obj]; 435 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj];
564 436
565 437
566 LLUUID taskOwner = null; 438 LLUUID taskOwner = null;
@@ -575,6 +447,7 @@ namespace OpenSim.Region.Environment
575 // Locked 447 // Locked
576 if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0) 448 if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
577 permission = false; 449 permission = false;
450
578 } 451 }
579 else 452 else
580 { 453 {
@@ -591,7 +464,7 @@ namespace OpenSim.Region.Environment
591 } 464 }
592 465
593 466
594 SceneObjectGroup group = (SceneObjectGroup) m_scene.Entities[obj]; 467 SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[obj];
595 468
596 LLUUID objectOwner = group.OwnerID; 469 LLUUID objectOwner = group.OwnerID;
597 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); 470 locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
@@ -629,7 +502,7 @@ namespace OpenSim.Region.Environment
629 return false; 502 return false;
630 } 503 }
631 504
632 SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[obj]; 505 SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj];
633 LLUUID taskOwner = null; 506 LLUUID taskOwner = null;
634 // Added this because at this point in time it wouldn't be wise for 507 // Added this because at this point in time it wouldn't be wise for
635 // the administrator object permissions to take effect. 508 // the administrator object permissions to take effect.
@@ -685,5 +558,137 @@ namespace OpenSim.Region.Environment
685 } 558 }
686 559
687 #endregion 560 #endregion
561
562 public virtual bool CanEditScript(LLUUID user, LLUUID script)
563 {
564 return IsAdministrator(user);
565 }
566
567 public virtual bool CanRunScript(LLUUID user, LLUUID script)
568 {
569 return IsAdministrator(user);
570 }
571
572 public virtual bool CanRunConsoleCommand(LLUUID user)
573 {
574 return IsAdministrator(user);
575 }
576
577 public virtual bool CanTerraform(LLUUID user, LLVector3 position)
578 {
579 bool permission = false;
580
581 // Estate override
582 if (GenericEstatePermission(user))
583 permission = true;
584
585 float X = position.X;
586 float Y = position.Y;
587
588 if (X > 255)
589 X = 255;
590 if (Y > 255)
591 Y = 255;
592 if (X < 0)
593 X = 0;
594 if (Y < 0)
595 Y = 0;
596
597 // Land owner can terraform too
598 ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y);
599 if (parcel != null && GenericParcelPermission(user, parcel))
600 permission = true;
601
602 if (!permission)
603 SendPermissionError(user, "Not authorized to terraform at this location.");
604
605 return permission;
606 }
607
608 #region Estate Permissions
609
610 public virtual bool GenericEstatePermission(LLUUID user)
611 {
612 // Default: deny
613 bool permission = false;
614
615 // Estate admins should be able to use estate tools
616 if (IsEstateManager(user))
617 permission = true;
618
619 // Administrators always have permission
620 if (IsAdministrator(user))
621 permission = true;
622
623 return permission;
624 }
625
626 public virtual bool CanEditEstateTerrain(LLUUID user)
627 {
628 return GenericEstatePermission(user);
629 }
630
631 public virtual bool CanRestartSim(LLUUID user)
632 {
633 // Since this is potentially going on a grid...
634
635 return GenericEstatePermission(user);
636 //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
637 }
638
639 #endregion
640
641 #region Parcel Permissions
642
643 protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel)
644 {
645 bool permission = false;
646
647 if (parcel.landData.ownerID == user)
648 {
649 permission = true;
650 }
651
652 if (parcel.landData.isGroupOwned)
653 {
654 // TODO: Need to do some extra checks here. Requires group code.
655 }
656
657 if (IsEstateManager(user))
658 {
659 permission = true;
660 }
661
662 if (IsAdministrator(user))
663 {
664 permission = true;
665 }
666
667 return permission;
668 }
669
670 protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
671 {
672 ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y);
673 if (parcel == null) return false;
674 return GenericParcelPermission(user, parcel);
675 }
676
677 public virtual bool CanEditParcel(LLUUID user, ILandObject parcel)
678 {
679 return GenericParcelPermission(user, parcel);
680 }
681
682 public virtual bool CanSellParcel(LLUUID user, ILandObject parcel)
683 {
684 return GenericParcelPermission(user, parcel);
685 }
686
687 public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel)
688 {
689 return GenericParcelPermission(user, parcel);
690 }
691
692 #endregion
688 } 693 }
689} \ No newline at end of file 694}
generated by cgit v1.1 at 2024-06-28 23:33:50 +0000