From 20a9bf08f51351e1e0a9de94f184ff56cd572665 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Thu, 1 May 2008 18:04:42 +0000 Subject: * Rolled back a few changes. --- OpenSim/Region/Environment/PermissionManager.cs | 361 ++++++++++++------------ 1 file changed, 183 insertions(+), 178 deletions(-) (limited to 'OpenSim/Region/Environment/PermissionManager.cs') diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs index b2829a1..fd8387b 100644 --- a/OpenSim/Region/Environment/PermissionManager.cs +++ b/OpenSim/Region/Environment/PermissionManager.cs @@ -33,21 +33,27 @@ namespace OpenSim.Region.Environment { public class PermissionManager { - // Bypasses the permissions engine (always returns OK) - // disable in any production environment - // TODO: Change this to false when permissions are a desired default - // TODO: Move to configuration option. - private bool m_bypassPermissions = true; protected Scene m_scene; // These are here for testing. They will be taken out + //private uint PERM_ALL = (uint)2147483647; - private uint PERM_COPY = 32768; + private uint PERM_COPY = (uint)32768; //private uint PERM_MODIFY = (uint)16384; + private uint PERM_MOVE = (uint)524288; //private uint PERM_TRANS = (uint)8192; - private uint PERM_LOCKED = 540672; - private uint PERM_MOVE = 524288; + private uint PERM_LOCKED = (uint)540672; + // Bypasses the permissions engine (always returns OK) + // disable in any production environment + // TODO: Change this to false when permissions are a desired default + // TODO: Move to configuration option. + private bool m_bypassPermissions = true; + public bool BypassPermissions + { + get { return m_bypassPermissions; } + set { m_bypassPermissions = value; } + } public PermissionManager() { @@ -58,12 +64,6 @@ namespace OpenSim.Region.Environment m_scene = scene; } - public bool BypassPermissions - { - get { return m_bypassPermissions; } - set { m_bypassPermissions = value; } - } - public void Initialise(Scene scene) { m_scene = scene; @@ -129,8 +129,8 @@ namespace OpenSim.Region.Environment ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y); if (land == null) return false; - if ((land.landData.landFlags & ((int) Parcel.ParcelFlags.CreateObjects)) == - (int) Parcel.ParcelFlags.CreateObjects) + if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) == + (int)Parcel.ParcelFlags.CreateObjects) permission = true; //TODO: check for group rights @@ -168,6 +168,8 @@ namespace OpenSim.Region.Environment /// Has permission? public virtual bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos) { + + if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f)) { return true; @@ -191,7 +193,7 @@ namespace OpenSim.Region.Environment return true; } - if ((land2.landData.landFlags & ((int) Parcel.ParcelFlags.AllowAllObjectEntry)) != 0) + if ((land2.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0) { return true; } @@ -208,142 +210,11 @@ namespace OpenSim.Region.Environment return false; } - public virtual bool CanEditScript(LLUUID user, LLUUID script) - { - return IsAdministrator(user); - } - - public virtual bool CanRunScript(LLUUID user, LLUUID script) - { - return IsAdministrator(user); - } - - public virtual bool CanRunConsoleCommand(LLUUID user) - { - return IsAdministrator(user); - } - - public virtual bool CanTerraform(LLUUID user, LLVector3 position) - { - bool permission = false; - - // Estate override - if (GenericEstatePermission(user)) - permission = true; - - float X = position.X; - float Y = position.Y; - - if (X > 255) - X = 255; - if (Y > 255) - Y = 255; - if (X < 0) - X = 0; - if (Y < 0) - Y = 0; - - // Land owner can terraform too - ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y); - if (parcel != null && GenericParcelPermission(user, parcel)) - permission = true; - - if (!permission) - SendPermissionError(user, "Not authorized to terraform at this location."); - - return permission; - } - - #region Estate Permissions - - public virtual bool GenericEstatePermission(LLUUID user) - { - // Default: deny - bool permission = false; - - // Estate admins should be able to use estate tools - if (IsEstateManager(user)) - permission = true; - - // Administrators always have permission - if (IsAdministrator(user)) - permission = true; - - return permission; - } - - public virtual bool CanEditEstateTerrain(LLUUID user) - { - return GenericEstatePermission(user); - } - - public virtual bool CanRestartSim(LLUUID user) - { - // Since this is potentially going on a grid... - - return GenericEstatePermission(user); - //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; - } - - #endregion - - #region Parcel Permissions - - protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel) - { - bool permission = false; - - if (parcel.landData.ownerID == user) - { - permission = true; - } - - if (parcel.landData.isGroupOwned) - { - // TODO: Need to do some extra checks here. Requires group code. - } - - if (IsEstateManager(user)) - { - permission = true; - } - - if (IsAdministrator(user)) - { - permission = true; - } - - return permission; - } - - protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) - { - ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y); - if (parcel == null) return false; - return GenericParcelPermission(user, parcel); - } - - public virtual bool CanEditParcel(LLUUID user, ILandObject parcel) - { - return GenericParcelPermission(user, parcel); - } - - public virtual bool CanSellParcel(LLUUID user, ILandObject parcel) - { - return GenericParcelPermission(user, parcel); - } - - public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel) - { - return GenericParcelPermission(user, parcel); - } - - #endregion - #region Object Permissions public virtual uint GenerateClientFlags(LLUUID user, LLUUID objID) { + // Here's the way this works, // ObjectFlags and Permission flags are two different enumerations // ObjectFlags, however, tells the client to change what it will allow the user to do. @@ -355,33 +226,32 @@ namespace OpenSim.Region.Environment // Outside of this method, they should never be added to objectflags! // -teravus - SceneObjectPart task = m_scene.GetSceneObjectPart(objID); - + SceneObjectPart task=m_scene.GetSceneObjectPart(objID); + // this shouldn't ever happen.. return no permissions/objectflags. if (task == null) - return 0; + return (uint)0; - uint objflags = task.GetEffectiveObjectFlags(); - LLUUID objectOwner = task.OwnerID; + uint objflags = task.GetEffectiveObjectFlags(); + LLUUID objectOwner = task.OwnerID; // Remove any of the objectFlags that are temporary. These will get added back if appropriate // in the next bit of code objflags &= (uint) - ~(LLObject.ObjectFlags.ObjectCopy | // Tells client you can copy the object - LLObject.ObjectFlags.ObjectModify | // tells client you can modify the object - LLObject.ObjectFlags.ObjectMove | // tells client that you can move the object (only, no mod) - LLObject.ObjectFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it - LLObject.ObjectFlags.ObjectYouOwner | // Tells client that you're the owner of the object - LLObject.ObjectFlags.ObjectYouOfficer - // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set - ); + ~(LLObject.ObjectFlags.ObjectCopy | // Tells client you can copy the object + LLObject.ObjectFlags.ObjectModify | // tells client you can modify the object + LLObject.ObjectFlags.ObjectMove | // tells client that you can move the object (only, no mod) + LLObject.ObjectFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it + LLObject.ObjectFlags.ObjectYouOwner | // Tells client that you're the owner of the object + LLObject.ObjectFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set + ); // Creating the three ObjectFlags options for this method to choose from. // Customize the OwnerMask uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); - objectOwnerMask |= (uint) LLObject.ObjectFlags.ObjectYouOwner; + objectOwnerMask |= (uint)LLObject.ObjectFlags.ObjectYouOwner; // Customize the GroupMask uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags); @@ -391,8 +261,8 @@ namespace OpenSim.Region.Environment // Hack to allow collaboration until Groups and Group Permissions are implemented - if ((objectEveryoneMask & (uint) LLObject.ObjectFlags.ObjectMove) != 0) - objectEveryoneMask |= (uint) LLObject.ObjectFlags.ObjectModify; + if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0) + objectEveryoneMask |= (uint)LLObject.ObjectFlags.ObjectModify; if (m_bypassPermissions) return objectOwnerMask; @@ -417,6 +287,7 @@ namespace OpenSim.Region.Environment return objectOwnerMask; + // Admin should be able to edit anything in the sim (including admin objects) if (IsAdministrator(user)) return objectOwnerMask; @@ -426,29 +297,30 @@ namespace OpenSim.Region.Environment } + private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask) { // We are adding the temporary objectflags to the object's objectflags based on the // permission flag given. These change the F flags on the client. - if ((setPermissionMask & (uint) PermissionMask.Copy) != 0) + if ((setPermissionMask & (uint)PermissionMask.Copy) != 0) { - objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectCopy; + objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectCopy; } - if ((setPermissionMask & (uint) PermissionMask.Move) != 0) + if ((setPermissionMask & (uint)PermissionMask.Move) != 0) { - objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectMove; + objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectMove; } - if ((setPermissionMask & (uint) PermissionMask.Modify) != 0) + if ((setPermissionMask & (uint)PermissionMask.Modify) != 0) { - objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectModify; + objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectModify; } - if ((setPermissionMask & (uint) PermissionMask.Transfer) != 0) + if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0) { - objectFlagsMask |= (uint) LLObject.ObjectFlags.ObjectTransfer; + objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectTransfer; } return objectFlagsMask; @@ -472,7 +344,7 @@ namespace OpenSim.Region.Environment } - SceneObjectGroup group = (SceneObjectGroup) m_scene.Entities[objId]; + SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; LLUUID objectOwner = group.OwnerID; locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); @@ -560,7 +432,7 @@ namespace OpenSim.Region.Environment } - SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[obj]; + SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; LLUUID taskOwner = null; @@ -575,6 +447,7 @@ namespace OpenSim.Region.Environment // Locked if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0) permission = false; + } else { @@ -591,7 +464,7 @@ namespace OpenSim.Region.Environment } - SceneObjectGroup group = (SceneObjectGroup) m_scene.Entities[obj]; + SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[obj]; LLUUID objectOwner = group.OwnerID; locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); @@ -629,7 +502,7 @@ namespace OpenSim.Region.Environment return false; } - SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[obj]; + SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; LLUUID taskOwner = null; // Added this because at this point in time it wouldn't be wise for // the administrator object permissions to take effect. @@ -685,5 +558,137 @@ namespace OpenSim.Region.Environment } #endregion + + public virtual bool CanEditScript(LLUUID user, LLUUID script) + { + return IsAdministrator(user); + } + + public virtual bool CanRunScript(LLUUID user, LLUUID script) + { + return IsAdministrator(user); + } + + public virtual bool CanRunConsoleCommand(LLUUID user) + { + return IsAdministrator(user); + } + + public virtual bool CanTerraform(LLUUID user, LLVector3 position) + { + bool permission = false; + + // Estate override + if (GenericEstatePermission(user)) + permission = true; + + float X = position.X; + float Y = position.Y; + + if (X > 255) + X = 255; + if (Y > 255) + Y = 255; + if (X < 0) + X = 0; + if (Y < 0) + Y = 0; + + // Land owner can terraform too + ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y); + if (parcel != null && GenericParcelPermission(user, parcel)) + permission = true; + + if (!permission) + SendPermissionError(user, "Not authorized to terraform at this location."); + + return permission; + } + + #region Estate Permissions + + public virtual bool GenericEstatePermission(LLUUID user) + { + // Default: deny + bool permission = false; + + // Estate admins should be able to use estate tools + if (IsEstateManager(user)) + permission = true; + + // Administrators always have permission + if (IsAdministrator(user)) + permission = true; + + return permission; + } + + public virtual bool CanEditEstateTerrain(LLUUID user) + { + return GenericEstatePermission(user); + } + + public virtual bool CanRestartSim(LLUUID user) + { + // Since this is potentially going on a grid... + + return GenericEstatePermission(user); + //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; + } + + #endregion + + #region Parcel Permissions + + protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel) + { + bool permission = false; + + if (parcel.landData.ownerID == user) + { + permission = true; + } + + if (parcel.landData.isGroupOwned) + { + // TODO: Need to do some extra checks here. Requires group code. + } + + if (IsEstateManager(user)) + { + permission = true; + } + + if (IsAdministrator(user)) + { + permission = true; + } + + return permission; + } + + protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) + { + ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y); + if (parcel == null) return false; + return GenericParcelPermission(user, parcel); + } + + public virtual bool CanEditParcel(LLUUID user, ILandObject parcel) + { + return GenericParcelPermission(user, parcel); + } + + public virtual bool CanSellParcel(LLUUID user, ILandObject parcel) + { + return GenericParcelPermission(user, parcel); + } + + public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel) + { + return GenericParcelPermission(user, parcel); + } + + #endregion } -} \ No newline at end of file +} -- cgit v1.1