From 664dd58cd9a8318c14fc3e3a3950c3e29cf97ba8 Mon Sep 17 00:00:00 2001
From: Melanie Thielker
Date: Sun, 14 Jun 2009 21:44:34 +0000
Subject: Fixes Mantis #3793 . Committing thomax/Snoopy's patch to allow
 deeding of objects, with changes: - Set OwnerID = GroupID for deeded objects.
 - Close a security loophole that would have allowed a user with deed rights
 in a group to deed ANY object to that group, even if it's not owned by them
 and/or not set to that group - Set LastOwnerID correctly. Handle objects vs.
 prims correctly.

---
 .../CoreModules/World/Permissions/PermissionsModule.cs  | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'OpenSim/Region/CoreModules/World')

diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
index d786df8..380104d 100644
--- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
@@ -184,6 +184,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
             m_scene.Permissions.OnAbandonParcel += CanAbandonParcel;
             m_scene.Permissions.OnReclaimParcel += CanReclaimParcel;
             m_scene.Permissions.OnDeedParcel += CanDeedParcel;
+            m_scene.Permissions.OnDeedObject += CanDeedObject;
             m_scene.Permissions.OnIsGod += IsGod;
             m_scene.Permissions.OnDuplicateObject += CanDuplicateObject;
             m_scene.Permissions.OnDeleteObject += CanDeleteObject; //MAYBE FULLY IMPLEMENTED
@@ -818,6 +819,20 @@ namespace OpenSim.Region.CoreModules.World.Permissions
             return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandDeed);
         }
 
+        private bool CanDeedObject(UUID user, UUID group, Scene scene)
+        {
+            DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
+            if (m_bypassPermissions) return m_bypassPermissionsValue;
+
+            ScenePresence sp = scene.GetScenePresence(user);
+            IClientAPI client = sp.ControllingClient;
+
+            if((client.GetGroupPowers(group) & (ulong)GroupPowers.DeedObject) == 0)
+                return false;
+
+            return true;
+        }
+
         private bool IsGod(UUID user, Scene scene)
         {
             DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
@@ -846,7 +861,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
 
             if (part.GroupID != UUID.Zero)
             {
-                if ((part.OwnerID == UUID.Zero) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
+                if ((part.OwnerID == part.GroupID) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
                     return false;
 
                 if ((part.GroupMask & PERM_COPY) == 0)
-- 
cgit v1.1