From 664dd58cd9a8318c14fc3e3a3950c3e29cf97ba8 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Sun, 14 Jun 2009 21:44:34 +0000 Subject: Fixes Mantis #3793 . Committing thomax/Snoopy's patch to allow deeding of objects, with changes: - Set OwnerID = GroupID for deeded objects. - Close a security loophole that would have allowed a user with deed rights in a group to deed ANY object to that group, even if it's not owned by them and/or not set to that group - Set LastOwnerID correctly. Handle objects vs. prims correctly. --- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 42 +++++++++++++++++++--- .../Region/Framework/Scenes/Scene.Permissions.cs | 17 +++++++++ 2 files changed, 54 insertions(+), 5 deletions(-) (limited to 'OpenSim/Region/Framework/Scenes') diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 8e3c688..1a40a0d 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -2682,16 +2682,48 @@ namespace OpenSim.Region.Framework.Scenes void ObjectOwner(IClientAPI remoteClient, UUID ownerID, UUID groupID, List localIDs) { if (!Permissions.IsGod(remoteClient.AgentId)) - return; + { + if (ownerID != UUID.Zero) + return; + + if (!Permissions.CanDeedObject(remoteClient.AgentId, groupID)) + return; + } + + List groups = new List(); foreach (uint localID in localIDs) { SceneObjectPart part = GetSceneObjectPart(localID); - if (part != null && part.ParentGroup != null) + if (!groups.Contains(part.ParentGroup)) + groups.Add(part.ParentGroup); + } + + foreach (SceneObjectGroup sog in groups) + { + if (ownerID != null) { - part.ParentGroup.SetOwnerId(ownerID); - part.Inventory.ChangeInventoryOwner(ownerID); - part.ParentGroup.SetGroup(groupID, remoteClient); + sog.SetOwnerId(ownerID); + sog.SetGroup(groupID, remoteClient); + + foreach (SceneObjectPart child in sog.Children.Values) + child.Inventory.ChangeInventoryOwner(ownerID); + } + else + { + if (!Permissions.CanEditObject(sog.UUID, remoteClient.AgentId)) + continue; + + if (sog.GroupID != groupID) + continue; + + foreach (SceneObjectPart child in sog.Children.Values) + { + child.LastOwnerID = child.OwnerID; + child.Inventory.ChangeInventoryOwner(groupID); + } + + sog.SetOwnerId(groupID); } } } diff --git a/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs b/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs index d0da618..226ec15 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs @@ -69,6 +69,7 @@ namespace OpenSim.Region.Framework.Scenes public delegate bool AbandonParcelHandler(UUID user, ILandObject parcel, Scene scene); public delegate bool ReclaimParcelHandler(UUID user, ILandObject parcel, Scene scene); public delegate bool DeedParcelHandler(UUID user, ILandObject parcel, Scene scene); + public delegate bool DeedObjectHandler(UUID user, UUID group, Scene scene); public delegate bool BuyLandHandler(UUID user, ILandObject parcel, Scene scene); public delegate bool LinkObjectHandler(UUID user, UUID objectID); public delegate bool DelinkObjectHandler(UUID user, UUID objectID); @@ -127,6 +128,7 @@ namespace OpenSim.Region.Framework.Scenes public event AbandonParcelHandler OnAbandonParcel; public event ReclaimParcelHandler OnReclaimParcel; public event DeedParcelHandler OnDeedParcel; + public event DeedObjectHandler OnDeedObject; public event BuyLandHandler OnBuyLand; public event LinkObjectHandler OnLinkObject; public event DelinkObjectHandler OnDelinkObject; @@ -735,6 +737,21 @@ namespace OpenSim.Region.Framework.Scenes return true; } + public bool CanDeedObject(UUID user, UUID group) + { + DeedObjectHandler handler = OnDeedObject; + if (handler != null) + { + Delegate[] list = handler.GetInvocationList(); + foreach (DeedObjectHandler h in list) + { + if (h(user, group, m_scene) == false) + return false; + } + } + return true; + } + public bool CanBuyLand(UUID user, ILandObject parcel) { BuyLandHandler handler = OnBuyLand; -- cgit v1.1