| Commit message (Collapse) | Author | Files | Lines |
|---|
|
allowed_script_creators.
* This allows one to override normal OpenSim permissions and prevent non-gods from editing any scripts. This allows edit ability
to be rescinded after it has been given, and prevents the security hole where a single script with liberal perms would allow code changes.
* The default setting remains the existing one of never overruling normal edit permissions.
* These two settings may be enough to stop non-gods entering artbirary script code in a closed grid/standalone configuration.
|
|
ready for reuse
|
|
OpenSim.ini
* This doesn't allow complete script lockdown of a sim, many avenues (copying, editing) are still uncloseable at the moment
* Default remains to allow all users to create scripts (subject to existing permissions if enabled)
|
|
inventory drop. Also adds a new flags, "propagate_permissions" to
OpenSim.ini to control that feature.
|
|
two revisions ago, since it sounds like this was our agreed position from some time back
* Make the default also false (to match what is in OpenSim.ini.example)
|
|
* Switch default for serverside_object_permissions from false to true - it seems more natural that we enforce permissions by default rather than not!
* Add some explanation in OpenSim.ini.example for serverside_object_permissions
|
|
kindly by sean) --- lesson learned: just running a "make test" is not
sufficient, you need to precede it by a "make clean".
|
|
This patch makes llAllowInventoryDrop work with the permissions module
enabled. Changes include:
- Enabled PropagatePermissions when permissions module serverside perms
is on
- change ownership of item when item is dropped into an object.
Ownership changes to the owner of the object the item is dropped into
- propagation of permissions if the permissions module enabled (eg
next-owner mask applied)
- CHANGED_ALLOWED_DROP is now passed to the change script event if an
item was allowed to be dropped into the object only because
llAllowInventoryDrop is enabled (instead of CHANGED_INVENTORY being
passed).
- Sets object flags correctly when llAllowInventoryDrop is called so
clients are notified immediately of the change in state. Am not
sure that calling aggregateScriptEvents is the right way to do it,
but it works and seems to be the only way without making further
changes to update LocalFlags
|
|
bonus points)
public bool ExternalChecksCanCreateUserInventory(int invType, UUID userID)
public bool ExternalChecksCanCopyUserInventory(UUID itemID, UUID userID)
public bool ExternalChecksCanCopyUserInventory(UUID itemID, UUID userID)
public bool ExternalChecksCanDeleteUserInventory(UUID itemID, UUID userID)
|
|
public bool ExternalChecksCanCreateAvatarInventory(int invType, UUID userID)
public bool ExternalChecksCanCopyAvatarInventory(UUID itemID, UUID userID)
public bool ExternalChecksCanCopyAvatarInventory(UUID itemID, UUID userID)
public bool ExternalChecksCanDeleteAvatarInventory(UUID itemID, UUID userID)
to ExternalChecks to handle avatar inventory checks (as opposed to object inv checks).
* opensim-dev e-mail to follow concerning this shortly
|
|
task inventory and agent inventory
|
|
* Intension is to provide a way to lock down script creation to administrators/gods only
* Defaults will remain as they are at the moment
|
|
* Some rearrangement within sections
* Indenting section contents
* Also, correct indentation levels in PermissionsModule
|
|
SOP.IsAttachment
|
|
there are some circumstances in which not finding a user is not an error
|
|
* Implmements llModifyLand() and a check for the "Allow others to terraform flag"
* Thanks tglion!
|
|
|
|
Implementation of llModifyLand() and There is a bug on
permission-check of land-terraforming: x an y-coordinates
are interchanged on function-call ExternalChecksCanTerraformLand.
Correct: x is west, and y is north. 2) Missing check of
"Other allow to terraform-flag" (Parcel.ParcelFlags.AllowTerraform)
|
|
|
|
|
|
it was meant to. No functional changes, just better code
|
|
perms module
|
|
|
|
|
|
to have different permissions on inventory and object
edits. This may be needed by the viewer on public grids
|
|
|
|
* This is a HUGE OMG update and will definitely have unknown side effects.. so this is really only for the strong hearted at this point. Regular people should let the dust settle.
* This has been tested to work with most basic functions. However.. make sure you back up 'everything' before using this. It's that big!
* Essentially we're back at square 1 in the testing phase.. so lets identify things that broke.
|
|
|
|
Griefer protection! When running without serverside permissions, let only
the owner edit attachments. Having everyone able to do it just isn't right.
|
|
Allow the sim owner to add estate managers to any estate on the sim
|
|
|
|
and the permissions module
|
|
|
|
|
|
fetch fails.
|
|
|
|
|
|
hierarchical rights structure. MasterAvatar: Owner of the region server
(may be null), net gods (users with GodLevel 200), Estate owner
(from database). Look at Opensim.ini.example to enable net gods.
Estate owner will default to master avatar.
|
|
|
|
estate owner user the ability to add and remove estate managers,
and have EM rights outside of that.
|
|
as the region master avatar, unless it's LLUUID.Zero (the default).
|
|
HAZARDOUS if it modifies the simulator, NON_HAZARDOUS if it does a command that doesn't modify the simulator but does a background command such as a forced backup, and STATISTICAL if it returns debug or more information.
*This is useful for implementing a protection system from unwanted script execution or for application modules needing to know what a command does.
|
|
the properties a bit to be more consistant with other objects (having things
like .Name .Description, etc).
|
|
Makes the estate dialog fully functional. Implements all client facing functionality. Moves estate data from estate_settings.xml, which is used to provide defaults, to the region data store. Creates one estate for each region, and places the region in it. Converts all region bans to estate bans.
|
|
Changes the permissions module to make scripts permissive only when intended
Adds security checks to asset transfers to prevent hacked clients fron
requesting script sources.
Adds security checks to llClientView to verify all aspects of ownership
and permissions for inventory based script retrieval.
|
|
|
|
* might help to diagnose mantis 1712
|
|
not break trunk.
|
|
|
|
Adds handlers for the reclaim land functionality,
plus all needed permissions checks.
|
