From 9655cf280779021e6241a08f8610cad9b982763f Mon Sep 17 00:00:00 2001 From: Justin Clarke Casey Date: Mon, 5 May 2008 20:14:53 +0000 Subject: * Refactor: Break out permissions code into a separate region PermissionsModule --- OpenSim/Grid/ScriptServer/FakeScene.cs | 4 +- OpenSim/Region/Application/OpenSimMain.cs | 13 +- .../Region/ClientStack/LindenUDP/LLClientView.cs | 26 +- .../Region/ClientStack/RegionApplicationBase.cs | 9 +- .../Environment/Interfaces/IScenePermissions.cs | 103 +++ .../Environment/Modules/Agent/Xfer/XferModule.cs | 4 - .../Modules/World/Estate/EstateManagementModule.cs | 4 +- .../Modules/World/Permissions/PermissionsModule.cs | 698 +++++++++++++++++++++ .../Modules/World/Terrain/TerrainModule.cs | 2 +- OpenSim/Region/Environment/PermissionManager.cs | 694 -------------------- OpenSim/Region/Environment/Scenes/InnerScene.cs | 42 +- .../Region/Environment/Scenes/Scene.Inventory.cs | 12 +- .../Environment/Scenes/Scene.PacketHandlers.cs | 4 +- OpenSim/Region/Environment/Scenes/Scene.cs | 34 +- OpenSim/Region/Environment/Scenes/SceneManager.cs | 2 +- .../Region/Environment/Scenes/SceneObjectGroup.cs | 2 +- OpenSim/Region/Environment/Scenes/ScenePresence.cs | 2 +- .../ScriptEngine/Common/LSL_BuiltIn_Commands.cs | 8 +- .../ScriptEngine/Common/OSSL_BuilIn_Commands.cs | 6 +- 19 files changed, 882 insertions(+), 787 deletions(-) create mode 100644 OpenSim/Region/Environment/Interfaces/IScenePermissions.cs create mode 100644 OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs delete mode 100644 OpenSim/Region/Environment/PermissionManager.cs (limited to 'OpenSim') diff --git a/OpenSim/Grid/ScriptServer/FakeScene.cs b/OpenSim/Grid/ScriptServer/FakeScene.cs index 480050d..ffabfb5 100644 --- a/OpenSim/Grid/ScriptServer/FakeScene.cs +++ b/OpenSim/Grid/ScriptServer/FakeScene.cs @@ -36,12 +36,12 @@ namespace OpenSim.Grid.ScriptServer { public class FakeScene: Scene { - public FakeScene(RegionInfo regInfo, AgentCircuitManager authen, PermissionManager permissionManager, + public FakeScene(RegionInfo regInfo, AgentCircuitManager authen, CommunicationsManager commsMan, SceneCommunicationService sceneGridService, AssetCache assetCach, StorageManager storeManager, BaseHttpServer httpServer, ModuleLoader moduleLoader, bool dumpAssetsToFile, bool physicalPrim, bool sendTasksToChild) : base( - regInfo, authen, permissionManager, commsMan, sceneGridService, assetCach, storeManager, httpServer, + regInfo, authen, commsMan, sceneGridService, assetCach, storeManager, httpServer, moduleLoader, dumpAssetsToFile, physicalPrim, sendTasksToChild) { } diff --git a/OpenSim/Region/Application/OpenSimMain.cs b/OpenSim/Region/Application/OpenSimMain.cs index 43f7375..a25f3c0 100644 --- a/OpenSim/Region/Application/OpenSimMain.cs +++ b/OpenSim/Region/Application/OpenSimMain.cs @@ -74,7 +74,6 @@ namespace OpenSim protected List m_regionData = new List(); protected bool m_physicalPrim; - protected bool m_permissions = false; protected bool m_standaloneAuthenticate = false; protected string m_standaloneWelcomeMessage = null; @@ -263,9 +262,7 @@ namespace OpenSim m_physicalPrim = startupConfig.GetBoolean("physical_prim", true); m_see_into_region_from_neighbor = startupConfig.GetBoolean("see_into_this_sim_from_neighbor", true); - - m_permissions = startupConfig.GetBoolean("serverside_object_permissions", false); - + m_storageDll = startupConfig.GetString("storage_plugin", "OpenSim.Data.SQLite.dll"); if (m_storageDll == "OpenSim.DataStore.MonoSqlite.dll") { @@ -490,7 +487,7 @@ namespace OpenSim } IClientNetworkServer clientServer; - Scene scene = SetupScene(regionInfo, proxyOffset, out clientServer, m_permissions); + Scene scene = SetupScene(regionInfo, proxyOffset, out clientServer); m_log.Info("[MODULES]: Loading Region's modules"); @@ -530,9 +527,6 @@ namespace OpenSim // and has to happen before the region is registered with the grid. scene.CreateTerrainTexture(true); scene.RegisterRegionWithGrid(); - - //Server side object editing permissions checking - scene.PermissionsMngr.BypassPermissions = !m_permissions; // We need to do this after we've initialized the scripting engines. scene.StartScripts(); @@ -565,10 +559,9 @@ namespace OpenSim protected override Scene CreateScene(RegionInfo regionInfo, StorageManager storageManager, AgentCircuitManager circuitManager) { - PermissionManager permissionManager = new PermissionManager(); SceneCommunicationService sceneGridService = new SceneCommunicationService(m_commsManager); return - new Scene(regionInfo, circuitManager, permissionManager, m_commsManager, sceneGridService, m_assetCache, + new Scene(regionInfo, circuitManager, m_commsManager, sceneGridService, m_assetCache, storageManager, m_httpServer, m_moduleLoader, m_dumpAssetsToFile, m_physicalPrim, m_see_into_region_from_neighbor); } diff --git a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs index f2271fb..f7d6f9e 100644 --- a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs +++ b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs @@ -4956,13 +4956,13 @@ namespace OpenSim.Region.ClientStack.LindenUDP { case "getinfo": - if (((Scene)m_scene).PermissionsMngr.GenericEstatePermission(this.AgentId)) + if (((Scene)m_scene).Permissions.GenericEstatePermission(this.AgentId)) { OnDetailedEstateDataRequest(this, messagePacket.MethodData.Invoice); } break; case "setregioninfo": - if (((Scene)m_scene).PermissionsMngr.CanEditEstateTerrain(this.AgentId)) + if (((Scene)m_scene).Permissions.CanEditEstateTerrain(this.AgentId)) { OnSetEstateFlagsRequest(convertParamStringToBool(messagePacket.ParamList[0].Parameter),convertParamStringToBool(messagePacket.ParamList[1].Parameter), convertParamStringToBool(messagePacket.ParamList[2].Parameter), !convertParamStringToBool(messagePacket.ParamList[3].Parameter), @@ -4975,7 +4975,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP break; case "texturebase": - if (((Scene)m_scene).PermissionsMngr.CanEditEstateTerrain(this.AgentId)) + if (((Scene)m_scene).Permissions.CanEditEstateTerrain(this.AgentId)) { foreach (EstateOwnerMessagePacket.ParamListBlock block in messagePacket.ParamList) { @@ -4990,7 +4990,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP } break; case "texturedetail": - if (((Scene)m_scene).PermissionsMngr.CanEditEstateTerrain(this.AgentId)) + if (((Scene)m_scene).Permissions.CanEditEstateTerrain(this.AgentId)) { foreach (EstateOwnerMessagePacket.ParamListBlock block in messagePacket.ParamList) { @@ -5008,7 +5008,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP break; case "textureheights": - if (((Scene)m_scene).PermissionsMngr.CanEditEstateTerrain(this.AgentId)) + if (((Scene)m_scene).Permissions.CanEditEstateTerrain(this.AgentId)) { foreach (EstateOwnerMessagePacket.ParamListBlock block in messagePacket.ParamList) { @@ -5029,7 +5029,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP OnCommitEstateTerrainTextureRequest(this); break; case "setregionterrain": - if (((Scene)m_scene).PermissionsMngr.CanEditEstateTerrain(this.AgentId)) + if (((Scene)m_scene).Permissions.CanEditEstateTerrain(this.AgentId)) { if (messagePacket.ParamList.Length != 9) { @@ -5064,7 +5064,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP break; case "restart": - if (((Scene)m_scene).PermissionsMngr.CanRestartSim(this.AgentId)) + if (((Scene)m_scene).Permissions.CanRestartSim(this.AgentId)) { // There's only 1 block in the estateResetSim.. and that's the number of seconds till restart. foreach (EstateOwnerMessagePacket.ParamListBlock block in messagePacket.ParamList) @@ -5078,7 +5078,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP } break; case "estatechangecovenantid": - if (((Scene)m_scene).PermissionsMngr.CanEditEstateTerrain(this.AgentId)) + if (((Scene)m_scene).Permissions.CanEditEstateTerrain(this.AgentId)) { foreach (EstateOwnerMessagePacket.ParamListBlock block in messagePacket.ParamList) { @@ -5088,7 +5088,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP } break; case "estateaccessdelta": // Estate access delta manages the banlist and allow list too. - if (((Scene)m_scene).PermissionsMngr.GenericEstatePermission(this.AgentId)) + if (((Scene)m_scene).Permissions.GenericEstatePermission(this.AgentId)) { int estateAccessType = Convert.ToInt16(Helpers.FieldToUTF8String(messagePacket.ParamList[1].Parameter)); OnUpdateEstateAccessDeltaRequest(this, messagePacket.MethodData.Invoice,estateAccessType,new LLUUID(Helpers.FieldToUTF8String(messagePacket.ParamList[2].Parameter))); @@ -5096,7 +5096,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP } break; case "simulatormessage": - if (((Scene)m_scene).PermissionsMngr.GenericEstatePermission(this.AgentId)) + if (((Scene)m_scene).Permissions.GenericEstatePermission(this.AgentId)) { LLUUID invoice = messagePacket.MethodData.Invoice; LLUUID SenderID = new LLUUID(Helpers.FieldToUTF8String(messagePacket.ParamList[2].Parameter)); @@ -5107,7 +5107,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP } break; case "instantmessage": - if (((Scene)m_scene).PermissionsMngr.GenericEstatePermission(this.AgentId)) + if (((Scene)m_scene).Permissions.GenericEstatePermission(this.AgentId)) { LLUUID invoice = messagePacket.MethodData.Invoice; LLUUID SenderID = new LLUUID(Helpers.FieldToUTF8String(messagePacket.ParamList[2].Parameter)); @@ -5118,7 +5118,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP } break; case "setregiondebug": - if (((Scene)m_scene).PermissionsMngr.GenericEstatePermission(this.AgentId)) + if (((Scene)m_scene).Permissions.GenericEstatePermission(this.AgentId)) { LLUUID invoice = messagePacket.MethodData.Invoice; LLUUID SenderID = messagePacket.AgentData.AgentID; @@ -5130,7 +5130,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP } break; case "teleporthomeuser": - if (((Scene)m_scene).PermissionsMngr.GenericEstatePermission(this.AgentId)) + if (((Scene)m_scene).Permissions.GenericEstatePermission(this.AgentId)) { LLUUID invoice = messagePacket.MethodData.Invoice; LLUUID SenderID = messagePacket.AgentData.AgentID; diff --git a/OpenSim/Region/ClientStack/RegionApplicationBase.cs b/OpenSim/Region/ClientStack/RegionApplicationBase.cs index ba0b9b4..1dcab20 100644 --- a/OpenSim/Region/ClientStack/RegionApplicationBase.cs +++ b/OpenSim/Region/ClientStack/RegionApplicationBase.cs @@ -107,12 +107,12 @@ namespace OpenSim.Region.ClientStack return physicsPluginManager.GetPhysicsScene(engine, meshEngine); } - protected Scene SetupScene(RegionInfo regionInfo, out IClientNetworkServer clientServer, bool m_permissions) + protected Scene SetupScene(RegionInfo regionInfo, out IClientNetworkServer clientServer) { - return SetupScene(regionInfo, 0, out clientServer, m_permissions); + return SetupScene(regionInfo, 0, out clientServer); } - protected Scene SetupScene(RegionInfo regionInfo, int proxyOffset, out IClientNetworkServer clientServer, bool m_permissions) + protected Scene SetupScene(RegionInfo regionInfo, int proxyOffset, out IClientNetworkServer clientServer) { AgentCircuitManager circuitManager = new AgentCircuitManager(); IPAddress listenIP = regionInfo.InternalEndPoint.Address; @@ -162,8 +162,9 @@ namespace OpenSim.Region.ClientStack scene.RegionInfo.MasterAvatarAssignedUUID = LLUUID.Zero; } - scene.LoadPrimsFromStorage(m_permissions, regionInfo.originRegionID); + scene.LoadPrimsFromStorage(regionInfo.originRegionID); scene.StartTimer(); + return scene; } diff --git a/OpenSim/Region/Environment/Interfaces/IScenePermissions.cs b/OpenSim/Region/Environment/Interfaces/IScenePermissions.cs new file mode 100644 index 0000000..ad8e139 --- /dev/null +++ b/OpenSim/Region/Environment/Interfaces/IScenePermissions.cs @@ -0,0 +1,103 @@ +/* + * Copyright (c) Contributors, http://opensimulator.org/ + * See CONTRIBUTORS.TXT for a full list of copyright holders. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the OpenSim Project nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +using libsecondlife; + +namespace OpenSim.Region.Environment.Interfaces +{ + public interface IScenePermissions + { + bool BypassPermissions { get; set; } + + #region Object Permissions + + bool CanRezObject(LLUUID user, LLVector3 position); + + /// + /// Permissions check - can user delete an object? + /// + /// User attempting the delete + /// Target object + /// Has permission? + bool CanDeRezObject(LLUUID user, LLUUID obj); + + bool CanCopyObject(LLUUID user, LLUUID obj); + + bool CanEditObject(LLUUID user, LLUUID obj); + + bool CanEditObjectPosition(LLUUID user, LLUUID obj); + + /// + /// Permissions check - can user enter an object? + /// + /// User attempting move an object + /// Source object-position + /// Target object-position + /// Has permission? + bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos); + + bool CanReturnObject(LLUUID user, LLUUID obj); + + #endregion + + #region Uncategorized permissions + + bool CanInstantMessage(LLUUID user, LLUUID target); + + bool CanInventoryTransfer(LLUUID user, LLUUID target); + + bool CanEditScript(LLUUID user, LLUUID script); + + bool CanRunScript(LLUUID user, LLUUID script); + + bool CanRunConsoleCommand(LLUUID user); + + bool CanTerraform(LLUUID user, LLVector3 position); + + #endregion + + #region Estate Permissions + + bool IsEstateManager(LLUUID user); + + bool GenericEstatePermission(LLUUID user); + + bool CanEditEstateTerrain(LLUUID user); + + bool CanRestartSim(LLUUID user); + + bool CanEditParcel(LLUUID user, ILandObject parcel); + + bool CanSellParcel(LLUUID user, ILandObject parcel); + + bool CanAbandonParcel(LLUUID user, ILandObject parcel); + + #endregion + + uint GenerateClientFlags(LLUUID user, LLUUID objID); + } +} diff --git a/OpenSim/Region/Environment/Modules/Agent/Xfer/XferModule.cs b/OpenSim/Region/Environment/Modules/Agent/Xfer/XferModule.cs index 8e90d17..c7ee233 100644 --- a/OpenSim/Region/Environment/Modules/Agent/Xfer/XferModule.cs +++ b/OpenSim/Region/Environment/Modules/Agent/Xfer/XferModule.cs @@ -41,10 +41,6 @@ namespace OpenSim.Region.Environment.Modules.Agent.Xfer public Dictionary NewFiles = new Dictionary(); public Dictionary Transfers = new Dictionary(); - public XferModule() - { - } - #region IRegionModule Members public void Initialise(Scene scene, IConfigSource config) diff --git a/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs b/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs index 403ab5b..ebe0357 100644 --- a/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Estate/EstateManagementModule.cs @@ -205,7 +205,7 @@ namespace OpenSim.Region.Environment.Modules.World.Estate // This needs to be updated for SuperEstateOwnerUser.. a non existing user in the estatesettings.xml // So make sure you really trust your region owners. because they can add other estate manaagers to your other estates - if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.PermissionsMngr.BypassPermissions) + if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.Permissions.BypassPermissions) { m_scene.RegionInfo.EstateSettings.AddEstateManager(user); remote_client.sendEstateManagersList(invoice); @@ -219,7 +219,7 @@ namespace OpenSim.Region.Environment.Modules.World.Estate case 512: // This needs to be updated for SuperEstateOwnerUser.. a non existing user in the estatesettings.xml // So make sure you really trust your region owners. because they can add other estate manaagers to your other estates - if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.PermissionsMngr.BypassPermissions) + if (remote_client.AgentId == m_scene.RegionInfo.MasterAvatarAssignedUUID || m_scene.Permissions.BypassPermissions) { m_scene.RegionInfo.EstateSettings.RemoveEstateManager(user); remote_client.sendEstateManagersList(invoice); diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs new file mode 100644 index 0000000..de02702 --- /dev/null +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs @@ -0,0 +1,698 @@ +/* + * Copyright (c) Contributors, http://opensimulator.org/ + * See CONTRIBUTORS.TXT for a full list of copyright holders. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the OpenSim Project nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +using libsecondlife; +using Nini.Config; + +using OpenSim.Region.Environment.Interfaces; +using OpenSim.Region.Environment.Scenes; + +namespace OpenSim.Region.Environment.Modules.World.Permissions +{ + public class PermissionsModule : IRegionModule, IScenePermissions + { + protected Scene m_scene; + + // These are here for testing. They will be taken out + + //private uint PERM_ALL = (uint)2147483647; + private uint PERM_COPY = (uint)32768; + //private uint PERM_MODIFY = (uint)16384; + private uint PERM_MOVE = (uint)524288; + //private uint PERM_TRANS = (uint)8192; + private uint PERM_LOCKED = (uint)540672; + + // Bypasses the permissions engine + private bool m_bypassPermissions = false; + + public bool BypassPermissions + { + get { return m_bypassPermissions; } + set { m_bypassPermissions = value; } + } + + #region IRegionModule Members + + public void Initialise(Scene scene, IConfigSource config) + { + m_scene = scene; + + // FIXME: Possibly move all permissions related stuff to its own section + IConfig myConfig = config.Configs["Startup"]; + + m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", false); + + m_scene.RegisterModuleInterface(this); + } + + public void PostInitialise() + { + } + + public void Close() + { + } + + public string Name + { + get { return "PermissionsModule"; } + } + + public bool IsSharedModule + { + get { return false; } + } + + #endregion + + protected virtual void SendPermissionError(LLUUID user, string reason) + { + m_scene.EventManager.TriggerPermissionError(user, reason); + } + + protected virtual bool IsAdministrator(LLUUID user) + { + if (m_bypassPermissions) + { + return true; + } + + // If there is no master avatar, return false + if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero) + { + return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; + } + + return false; + } + + public virtual bool IsEstateManager(LLUUID user) + { + if (m_bypassPermissions) + { + return true; + } + + if (user != LLUUID.Zero) + { + LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers; + for (int i = 0; i < estatemanagers.Length; i++) + { + if (estatemanagers[i] == user) + return true; + } + } + + return false; + } + + protected virtual bool IsGridUser(LLUUID user) + { + return true; + } + + protected virtual bool IsGuest(LLUUID user) + { + return false; + } + + public virtual bool CanRezObject(LLUUID user, LLVector3 position) + { + bool permission = false; + + string reason = "Insufficient permission"; + + ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y); + if (land == null) return false; + + if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) == + (int)Parcel.ParcelFlags.CreateObjects) + permission = true; + + //TODO: check for group rights + + if (IsAdministrator(user)) + { + permission = true; + } + else + { + reason = "Not an administrator"; + } + + if (GenericParcelPermission(user, position)) + { + permission = true; + } + else + { + reason = "Not the parcel owner"; + } + + if (!permission) + SendPermissionError(user, reason); + + return permission; + } + + /// 255) + X = 255; + if (Y > 255) + Y = 255; + if (X < 0) + X = 0; + if (Y < 0) + Y = 0; + + // Land owner can terraform too + ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y); + if (parcel != null && GenericParcelPermission(user, parcel)) + permission = true; + + if (!permission) + SendPermissionError(user, "Not authorized to terraform at this location."); + + return permission; + } + + #region Estate Permissions + + public virtual bool GenericEstatePermission(LLUUID user) + { + // Default: deny + bool permission = false; + + // Estate admins should be able to use estate tools + if (IsEstateManager(user)) + permission = true; + + // Administrators always have permission + if (IsAdministrator(user)) + permission = true; + + return permission; + } + + public virtual bool CanEditEstateTerrain(LLUUID user) + { + return GenericEstatePermission(user); + } + + public virtual bool CanRestartSim(LLUUID user) + { + // Since this is potentially going on a grid... + + return GenericEstatePermission(user); + //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; + } + + #endregion + + #region Parcel Permissions + + protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel) + { + bool permission = false; + + if (parcel.landData.ownerID == user) + { + permission = true; + } + + if (parcel.landData.isGroupOwned) + { + // TODO: Need to do some extra checks here. Requires group code. + } + + if (IsEstateManager(user)) + { + permission = true; + } + + if (IsAdministrator(user)) + { + permission = true; + } + + return permission; + } + + protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) + { + ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y); + if (parcel == null) return false; + return GenericParcelPermission(user, parcel); + } + + public virtual bool CanEditParcel(LLUUID user, ILandObject parcel) + { + return GenericParcelPermission(user, parcel); + } + + public virtual bool CanSellParcel(LLUUID user, ILandObject parcel) + { + return GenericParcelPermission(user, parcel); + } + + public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel) + { + return GenericParcelPermission(user, parcel); + } + + #endregion + } +} diff --git a/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs b/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs index 240ba65..91a28e4 100644 --- a/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Terrain/TerrainModule.cs @@ -449,7 +449,7 @@ namespace OpenSim.Region.Environment.Modules.World.Terrain float south, float east, IClientAPI remoteClient) { // Not a good permissions check, if in area mode, need to check the entire area. - if (m_scene.PermissionsMngr.CanTerraform(remoteClient.AgentId, new LLVector3(north, west, 0))) + if (m_scene.Permissions.CanTerraform(remoteClient.AgentId, new LLVector3(north, west, 0))) { if (north == south && east == west) { diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs deleted file mode 100644 index fd8387b..0000000 --- a/OpenSim/Region/Environment/PermissionManager.cs +++ /dev/null @@ -1,694 +0,0 @@ -/* - * Copyright (c) Contributors, http://opensimulator.org/ - * See CONTRIBUTORS.TXT for a full list of copyright holders. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * * Neither the name of the OpenSim Project nor the - * names of its contributors may be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -using libsecondlife; -using OpenSim.Region.Environment.Interfaces; -using OpenSim.Region.Environment.Scenes; - -namespace OpenSim.Region.Environment -{ - public class PermissionManager - { - protected Scene m_scene; - - // These are here for testing. They will be taken out - - //private uint PERM_ALL = (uint)2147483647; - private uint PERM_COPY = (uint)32768; - //private uint PERM_MODIFY = (uint)16384; - private uint PERM_MOVE = (uint)524288; - //private uint PERM_TRANS = (uint)8192; - private uint PERM_LOCKED = (uint)540672; - // Bypasses the permissions engine (always returns OK) - // disable in any production environment - // TODO: Change this to false when permissions are a desired default - // TODO: Move to configuration option. - private bool m_bypassPermissions = true; - - public bool BypassPermissions - { - get { return m_bypassPermissions; } - set { m_bypassPermissions = value; } - } - - public PermissionManager() - { - } - - public PermissionManager(Scene scene) - { - m_scene = scene; - } - - public void Initialise(Scene scene) - { - m_scene = scene; - } - - protected virtual void SendPermissionError(LLUUID user, string reason) - { - m_scene.EventManager.TriggerPermissionError(user, reason); - } - - protected virtual bool IsAdministrator(LLUUID user) - { - if (m_bypassPermissions) - { - return true; - } - - // If there is no master avatar, return false - if (m_scene.RegionInfo.MasterAvatarAssignedUUID != LLUUID.Zero) - { - return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; - } - - return false; - } - - public virtual bool IsEstateManager(LLUUID user) - { - if (m_bypassPermissions) - { - return true; - } - - if (user != LLUUID.Zero) - { - LLUUID[] estatemanagers = m_scene.RegionInfo.EstateSettings.estateManagers; - for (int i = 0; i < estatemanagers.Length; i++) - { - if (estatemanagers[i] == user) - return true; - } - } - - return false; - } - - protected virtual bool IsGridUser(LLUUID user) - { - return true; - } - - protected virtual bool IsGuest(LLUUID user) - { - return false; - } - - public virtual bool CanRezObject(LLUUID user, LLVector3 position) - { - bool permission = false; - - string reason = "Insufficient permission"; - - ILandObject land = m_scene.LandChannel.getLandObject(position.X, position.Y); - if (land == null) return false; - - if ((land.landData.landFlags & ((int)Parcel.ParcelFlags.CreateObjects)) == - (int)Parcel.ParcelFlags.CreateObjects) - permission = true; - - //TODO: check for group rights - - if (IsAdministrator(user)) - { - permission = true; - } - else - { - reason = "Not an administrator"; - } - - if (GenericParcelPermission(user, position)) - { - permission = true; - } - else - { - reason = "Not the parcel owner"; - } - - if (!permission) - SendPermissionError(user, reason); - - return permission; - } - - /// - /// Permissions check - can user enter an object? - /// - /// User attempting move an object - /// Source object-position - /// Target object-position - /// Has permission? - public virtual bool CanObjectEntry(LLUUID user, LLVector3 oldPos, LLVector3 newPos) - { - - - if ((newPos.X > 257f || newPos.X < -1f || newPos.Y > 257f || newPos.Y < -1f)) - { - return true; - } - - ILandObject land1 = m_scene.LandChannel.getLandObject(oldPos.X, oldPos.Y); - ILandObject land2 = m_scene.LandChannel.getLandObject(newPos.X, newPos.Y); - - if (land1 == null || land2 == null) - { - return false; - } - if (land2 == null) - { - // need this for crossing borders - return true; - } - - if (land1.landData.globalID == land2.landData.globalID) - { - return true; - } - - if ((land2.landData.landFlags & ((int)Parcel.ParcelFlags.AllowAllObjectEntry)) != 0) - { - return true; - } - - //TODO: check for group rights - - if (GenericParcelPermission(user, newPos)) - { - return true; - } - - SendPermissionError(user, "Not allowed to move objects in this parcel!"); - - return false; - } - - #region Object Permissions - - public virtual uint GenerateClientFlags(LLUUID user, LLUUID objID) - { - - // Here's the way this works, - // ObjectFlags and Permission flags are two different enumerations - // ObjectFlags, however, tells the client to change what it will allow the user to do. - // So, that means that all of the permissions type ObjectFlags are /temporary/ and only - // supposed to be set when customizing the objectflags for the client. - - // These temporary objectflags get computed and added in this function based on the - // Permission mask that's appropriate! - // Outside of this method, they should never be added to objectflags! - // -teravus - - SceneObjectPart task=m_scene.GetSceneObjectPart(objID); - - // this shouldn't ever happen.. return no permissions/objectflags. - if (task == null) - return (uint)0; - - uint objflags = task.GetEffectiveObjectFlags(); - LLUUID objectOwner = task.OwnerID; - - - // Remove any of the objectFlags that are temporary. These will get added back if appropriate - // in the next bit of code - - objflags &= (uint) - ~(LLObject.ObjectFlags.ObjectCopy | // Tells client you can copy the object - LLObject.ObjectFlags.ObjectModify | // tells client you can modify the object - LLObject.ObjectFlags.ObjectMove | // tells client that you can move the object (only, no mod) - LLObject.ObjectFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it - LLObject.ObjectFlags.ObjectYouOwner | // Tells client that you're the owner of the object - LLObject.ObjectFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set - ); - - // Creating the three ObjectFlags options for this method to choose from. - // Customize the OwnerMask - uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags); - objectOwnerMask |= (uint)LLObject.ObjectFlags.ObjectYouOwner; - - // Customize the GroupMask - uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags); - - // Customize the EveryoneMask - uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags); - - - // Hack to allow collaboration until Groups and Group Permissions are implemented - if ((objectEveryoneMask & (uint)LLObject.ObjectFlags.ObjectMove) != 0) - objectEveryoneMask |= (uint)LLObject.ObjectFlags.ObjectModify; - - if (m_bypassPermissions) - return objectOwnerMask; - - // Object owners should be able to edit their own content - if (user == objectOwner) - { - return objectOwnerMask; - } - - // Users should be able to edit what is over their land. - ILandObject parcel = m_scene.LandChannel.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y); - if (parcel != null && parcel.landData.ownerID == user) - return objectOwnerMask; - - // Admin objects should not be editable by the above - if (IsAdministrator(objectOwner)) - return objectEveryoneMask; - - // Estate users should be able to edit anything in the sim - if (IsEstateManager(user)) - return objectOwnerMask; - - - - // Admin should be able to edit anything in the sim (including admin objects) - if (IsAdministrator(user)) - return objectOwnerMask; - - - return objectEveryoneMask; - } - - - - private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask) - { - // We are adding the temporary objectflags to the object's objectflags based on the - // permission flag given. These change the F flags on the client. - - if ((setPermissionMask & (uint)PermissionMask.Copy) != 0) - { - objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectCopy; - } - - if ((setPermissionMask & (uint)PermissionMask.Move) != 0) - { - objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectMove; - } - - if ((setPermissionMask & (uint)PermissionMask.Modify) != 0) - { - objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectModify; - } - - if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0) - { - objectFlagsMask |= (uint)LLObject.ObjectFlags.ObjectTransfer; - } - - return objectFlagsMask; - } - - protected virtual bool GenericObjectPermission(LLUUID currentUser, LLUUID objId) - { - // Default: deny - bool permission = false; - bool locked = false; - - if (!m_scene.Entities.ContainsKey(objId)) - { - return false; - } - - // If it's not an object, we cant edit it. - if ((!(m_scene.Entities[objId] is SceneObjectGroup))) - { - return false; - } - - - SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; - - LLUUID objectOwner = group.OwnerID; - locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); - - // People shouldn't be able to do anything with locked objects, except the Administrator - // The 'set permissions' runs through a different permission check, so when an object owner - // sets an object locked, the only thing that they can do is unlock it. - // - // Nobody but the object owner can set permissions on an object - // - - if (locked && (!IsAdministrator(currentUser))) - { - return false; - } - - // Object owners should be able to edit their own content - if (currentUser == objectOwner) - { - permission = true; - } - - // Users should be able to edit what is over their land. - ILandObject parcel = m_scene.LandChannel.getLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y); - if ((parcel != null) && (parcel.landData.ownerID == currentUser)) - { - permission = true; - } - - // Estate users should be able to edit anything in the sim - if (IsEstateManager(currentUser)) - { - permission = true; - } - - // Admin objects should not be editable by the above - if (IsAdministrator(objectOwner)) - { - permission = false; - } - - // Admin should be able to edit anything in the sim (including admin objects) - if (IsAdministrator(currentUser)) - { - permission = true; - } - - return permission; - } - - /// - /// Permissions check - can user delete an object? - /// - /// User attempting the delete - /// Target object - /// Has permission? - public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) - { - return GenericObjectPermission(user, obj); - } - - public virtual bool CanEditObject(LLUUID user, LLUUID obj) - { - return GenericObjectPermission(user, obj); - } - - public virtual bool CanEditObjectPosition(LLUUID user, LLUUID obj) - { - bool permission = GenericObjectPermission(user, obj); - if (!permission) - { - if (!m_scene.Entities.ContainsKey(obj)) - { - return false; - } - - // The client - // may request to edit linked parts, and therefore, it needs - // to also check for SceneObjectPart - - // If it's not an object, we cant edit it. - if ((!(m_scene.Entities[obj] is SceneObjectGroup))) - { - return false; - } - - - SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; - - - LLUUID taskOwner = null; - // Added this because at this point in time it wouldn't be wise for - // the administrator object permissions to take effect. - LLUUID objectOwner = task.OwnerID; - - // Anyone can move - if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0) - permission = true; - - // Locked - if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0) - permission = false; - - } - else - { - bool locked = false; - if (!m_scene.Entities.ContainsKey(obj)) - { - return false; - } - - // If it's not an object, we cant edit it. - if ((!(m_scene.Entities[obj] is SceneObjectGroup))) - { - return false; - } - - - SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[obj]; - - LLUUID objectOwner = group.OwnerID; - locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0); - - - // This is an exception to the generic object permission. - // Administrators who lock their objects should not be able to move them, - // however generic object permission should return true. - // This keeps locked objects from being affected by random click + drag actions by accident - // and allows the administrator to grab or delete a locked object. - - // Administrators and estate managers are still able to click+grab locked objects not - // owned by them in the scene - // This is by design. - - if (locked && (user == objectOwner)) - return false; - } - return permission; - } - - public virtual bool CanCopyObject(LLUUID user, LLUUID obj) - { - bool permission = GenericObjectPermission(user, obj); - if (!permission) - { - if (!m_scene.Entities.ContainsKey(obj)) - { - return false; - } - - // If it's not an object, we cant edit it. - if (!(m_scene.Entities[obj] is SceneObjectGroup)) - { - return false; - } - - SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[obj]; - LLUUID taskOwner = null; - // Added this because at this point in time it wouldn't be wise for - // the administrator object permissions to take effect. - LLUUID objectOwner = task.OwnerID; - if ((task.RootPart.EveryoneMask & PERM_COPY) != 0) - permission = true; - } - return permission; - } - - public virtual bool CanReturnObject(LLUUID user, LLUUID obj) - { - return GenericObjectPermission(user, obj); - } - - #endregion - - #region Communication Permissions - - public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target) - { - bool permission = false; - string reason = "Only registered users may communicate with another account."; - - if (IsGridUser(user)) - permission = true; - - if (!IsGridUser(user)) - { - permission = false; - reason = "The person that you are messaging is not a registered user."; - } - if (IsAdministrator(user)) - permission = true; - - if (IsEstateManager(user)) - permission = true; - - if (!permission) - SendPermissionError(user, reason); - - return permission; - } - - public virtual bool CanInstantMessage(LLUUID user, LLUUID target) - { - return GenericCommunicationPermission(user, target); - } - - public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target) - { - return GenericCommunicationPermission(user, target); - } - - #endregion - - public virtual bool CanEditScript(LLUUID user, LLUUID script) - { - return IsAdministrator(user); - } - - public virtual bool CanRunScript(LLUUID user, LLUUID script) - { - return IsAdministrator(user); - } - - public virtual bool CanRunConsoleCommand(LLUUID user) - { - return IsAdministrator(user); - } - - public virtual bool CanTerraform(LLUUID user, LLVector3 position) - { - bool permission = false; - - // Estate override - if (GenericEstatePermission(user)) - permission = true; - - float X = position.X; - float Y = position.Y; - - if (X > 255) - X = 255; - if (Y > 255) - Y = 255; - if (X < 0) - X = 0; - if (Y < 0) - Y = 0; - - // Land owner can terraform too - ILandObject parcel = m_scene.LandChannel.getLandObject(X, Y); - if (parcel != null && GenericParcelPermission(user, parcel)) - permission = true; - - if (!permission) - SendPermissionError(user, "Not authorized to terraform at this location."); - - return permission; - } - - #region Estate Permissions - - public virtual bool GenericEstatePermission(LLUUID user) - { - // Default: deny - bool permission = false; - - // Estate admins should be able to use estate tools - if (IsEstateManager(user)) - permission = true; - - // Administrators always have permission - if (IsAdministrator(user)) - permission = true; - - return permission; - } - - public virtual bool CanEditEstateTerrain(LLUUID user) - { - return GenericEstatePermission(user); - } - - public virtual bool CanRestartSim(LLUUID user) - { - // Since this is potentially going on a grid... - - return GenericEstatePermission(user); - //return m_scene.RegionInfo.MasterAvatarAssignedUUID == user; - } - - #endregion - - #region Parcel Permissions - - protected virtual bool GenericParcelPermission(LLUUID user, ILandObject parcel) - { - bool permission = false; - - if (parcel.landData.ownerID == user) - { - permission = true; - } - - if (parcel.landData.isGroupOwned) - { - // TODO: Need to do some extra checks here. Requires group code. - } - - if (IsEstateManager(user)) - { - permission = true; - } - - if (IsAdministrator(user)) - { - permission = true; - } - - return permission; - } - - protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos) - { - ILandObject parcel = m_scene.LandChannel.getLandObject(pos.X, pos.Y); - if (parcel == null) return false; - return GenericParcelPermission(user, parcel); - } - - public virtual bool CanEditParcel(LLUUID user, ILandObject parcel) - { - return GenericParcelPermission(user, parcel); - } - - public virtual bool CanSellParcel(LLUUID user, ILandObject parcel) - { - return GenericParcelPermission(user, parcel); - } - - public virtual bool CanAbandonParcel(LLUUID user, ILandObject parcel) - { - return GenericParcelPermission(user, parcel); - } - - #endregion - } -} diff --git a/OpenSim/Region/Environment/Scenes/InnerScene.cs b/OpenSim/Region/Environment/Scenes/InnerScene.cs index da286ad..f29e1f3 100644 --- a/OpenSim/Region/Environment/Scenes/InnerScene.cs +++ b/OpenSim/Region/Environment/Scenes/InnerScene.cs @@ -63,7 +63,6 @@ namespace OpenSim.Region.Environment.Scenes protected RegionInfo m_regInfo; protected Scene m_parentScene; - protected PermissionManager PermissionsMngr; protected List m_updateList = new List(); protected int m_numRootAgents = 0; protected int m_numPrim = 0; @@ -79,11 +78,10 @@ namespace OpenSim.Region.Environment.Scenes #endregion - public InnerScene(Scene parent, RegionInfo regInfo, PermissionManager permissionsMngr) + public InnerScene(Scene parent, RegionInfo regInfo) { m_parentScene = parent; m_regInfo = regInfo; - PermissionsMngr = permissionsMngr; QuadTree = new BasicQuadTreeNode(null, "/0/", 0, 0, (short)Constants.RegionSize, (short)Constants.RegionSize); QuadTree.Subdivide(); QuadTree.Subdivide(); @@ -1031,7 +1029,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(localID); if (group != null) { - if (PermissionsMngr.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) + if (m_parentScene.Permissions.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) { group.Resize(scale, localID); } @@ -1042,7 +1040,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(localID); if (group != null) { - if (PermissionsMngr.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) + if (m_parentScene.Permissions.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) { group.GroupResize(scale, localID); } @@ -1078,7 +1076,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(localID); if (group != null) { - if (PermissionsMngr.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) + if (m_parentScene.Permissions.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) { group.UpdateSingleRotation(rot, localID); } @@ -1096,7 +1094,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(localID); if (group != null) { - if (PermissionsMngr.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) + if (m_parentScene.Permissions.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) { group.UpdateGroupRotation(rot); } @@ -1115,7 +1113,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(localID); if (group != null) { - if (PermissionsMngr.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) + if (m_parentScene.Permissions.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) { group.UpdateGroupRotation(pos, rot); } @@ -1128,12 +1126,12 @@ namespace OpenSim.Region.Environment.Scenes if (group != null) { LLVector3 oldPos = group.AbsolutePosition; - if (!PermissionsMngr.CanObjectEntry(remoteClient.AgentId, oldPos, pos) && !group.RootPart.m_IsAttachment) + if (!m_parentScene.Permissions.CanObjectEntry(remoteClient.AgentId, oldPos, pos) && !group.RootPart.m_IsAttachment) { group.SendGroupTerseUpdate(); return; } - if (PermissionsMngr.CanEditObjectPosition(remoteClient.AgentId, group.UUID) || group.RootPart.m_IsAttachment) + if (m_parentScene.Permissions.CanEditObjectPosition(remoteClient.AgentId, group.UUID) || group.RootPart.m_IsAttachment) { group.UpdateSinglePosition(pos, localID); } @@ -1159,12 +1157,12 @@ namespace OpenSim.Region.Environment.Scenes } else { - if (!PermissionsMngr.CanObjectEntry(remoteClient.AgentId, oldPos, pos) && !group.RootPart.m_IsAttachment) + if (!m_parentScene.Permissions.CanObjectEntry(remoteClient.AgentId, oldPos, pos) && !group.RootPart.m_IsAttachment) { group.SendGroupTerseUpdate(); return; } - if (PermissionsMngr.CanEditObjectPosition(remoteClient.AgentId, group.UUID) || group.RootPart.m_IsAttachment) + if (m_parentScene.Permissions.CanEditObjectPosition(remoteClient.AgentId, group.UUID) || group.RootPart.m_IsAttachment) { group.UpdateGroupPosition(pos); } @@ -1183,7 +1181,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(localID); if (group != null) { - if (PermissionsMngr.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) + if (m_parentScene.Permissions.CanEditObjectPosition(remoteClient.AgentId, group.UUID)) { group.UpdateTextureEntry(localID, texture); } @@ -1201,7 +1199,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(localID); if (group != null) { - if (PermissionsMngr.CanEditObject(remoteClient.AgentId, group.UUID)) + if (m_parentScene.Permissions.CanEditObject(remoteClient.AgentId, group.UUID)) { group.UpdatePrimFlags(localID, (ushort)packet.Type, true, packet.ToBytes()); } @@ -1213,7 +1211,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(objectID); if (group != null) { - if (PermissionsMngr.CanEditObjectPosition(remoteClient.AgentId, group.UUID))// && PermissionsMngr.) + if (m_parentScene.Permissions.CanEditObjectPosition(remoteClient.AgentId, group.UUID))// && PermissionsMngr.) { group.GrabMovement(offset, pos, remoteClient); } @@ -1235,7 +1233,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(primLocalID); if (group != null) { - if (PermissionsMngr.CanEditObject(remoteClient.AgentId, group.UUID)) + if (m_parentScene.Permissions.CanEditObject(remoteClient.AgentId, group.UUID)) { group.SetPartName(Util.CleanString(name), primLocalID); } @@ -1252,7 +1250,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(primLocalID); if (group != null) { - if (PermissionsMngr.CanEditObject(remoteClient.AgentId, group.UUID)) + if (m_parentScene.Permissions.CanEditObject(remoteClient.AgentId, group.UUID)) { group.SetPartDescription(Util.CleanString(description), primLocalID); } @@ -1265,7 +1263,7 @@ namespace OpenSim.Region.Environment.Scenes if (group != null) { - if (PermissionsMngr.CanEditObject(agentID, group.UUID)) + if (m_parentScene.Permissions.CanEditObject(agentID, group.UUID)) { group.UpdateExtraParam(primLocalID, type, inUse, data); } @@ -1282,7 +1280,7 @@ namespace OpenSim.Region.Environment.Scenes SceneObjectGroup group = GetGroupByPrim(primLocalID); if (group != null) { - if (PermissionsMngr.CanEditObjectPosition(agentID, group.GetPartsFullID(primLocalID))) + if (m_parentScene.Permissions.CanEditObjectPosition(agentID, group.GetPartsFullID(primLocalID))) { group.UpdateShape(shapeBlock, primLocalID); } @@ -1448,11 +1446,11 @@ namespace OpenSim.Region.Environment.Scenes // * Asset/DRM permission bit "modify" is enabled //use CanEditObjectPosition - if (IncludeInSearch && PermissionsMngr.CanEditObject(user, objid)) + if (IncludeInSearch && m_parentScene.Permissions.CanEditObject(user, objid)) { obj.AddFlag(LLObject.ObjectFlags.JointWheel); } - else if (!IncludeInSearch && PermissionsMngr.CanEditObjectPosition(user, objid)) + else if (!IncludeInSearch && m_parentScene.Permissions.CanEditObjectPosition(user, objid)) { obj.RemFlag(LLObject.ObjectFlags.JointWheel); } @@ -1485,7 +1483,7 @@ namespace OpenSim.Region.Environment.Scenes if (originPrim != null) { - if (PermissionsMngr.CanCopyObject(AgentID, originPrim.UUID)) + if (m_parentScene.Permissions.CanCopyObject(AgentID, originPrim.UUID)) { SceneObjectGroup copy = originPrim.Copy(AgentID, GroupID); copy.AbsolutePosition = copy.AbsolutePosition + offset; diff --git a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs index ee52a66..65e6fd8 100644 --- a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs @@ -73,7 +73,7 @@ namespace OpenSim.Region.Environment.Scenes remoteClient.SendInventoryItemCreateUpdate(item); int userlevel = 0; - if (PermissionsMngr.IsEstateManager(remoteClient.AgentId)) + if (Permissions.IsEstateManager(remoteClient.AgentId)) { userlevel = 1; } @@ -784,7 +784,7 @@ namespace OpenSim.Region.Environment.Scenes } // bool permission; -// permission = PermissionsMngr.CanCopyObject(remoteClient.AgentId, +// permission = Permissions.CanCopyObject(remoteClient.AgentId, // ((SceneObjectGroup) selectedEnt).UUID); // Pending resolving upstream problems with permissions, we just won't allow anybody who is not the owner @@ -988,12 +988,12 @@ namespace OpenSim.Region.Environment.Scenes bool permission; if (DeRezPacket.AgentBlock.Destination == 1) { // Take Copy - permission = PermissionsMngr.CanCopyObject(remoteClient.AgentId, + permission = Permissions.CanCopyObject(remoteClient.AgentId, ((SceneObjectGroup) selectedEnt).UUID); } else { // Take - permission = PermissionsMngr.CanDeRezObject(remoteClient.AgentId, + permission = Permissions.CanDeRezObject(remoteClient.AgentId, ((SceneObjectGroup) selectedEnt).UUID); } @@ -1267,7 +1267,7 @@ namespace OpenSim.Region.Environment.Scenes RayStart, RayEnd, RayTargetID, new LLQuaternion(0, 0, 0, 1), BypassRayCast, bRayEndIsIntersection,true,scale, false); - if (!PermissionsMngr.CanRezObject(remoteClient.AgentId, pos) && !attachment) + if (!Permissions.CanRezObject(remoteClient.AgentId, pos) && !attachment) { return null; } @@ -1361,7 +1361,7 @@ namespace OpenSim.Region.Environment.Scenes { LLUUID ownerID = item.OwnerID; - if (!PermissionsMngr.CanRezObject(ownerID, pos)) + if (!Permissions.CanRezObject(ownerID, pos)) { return null; } diff --git a/OpenSim/Region/Environment/Scenes/Scene.PacketHandlers.cs b/OpenSim/Region/Environment/Scenes/Scene.PacketHandlers.cs index b4a581d..350990e 100644 --- a/OpenSim/Region/Environment/Scenes/Scene.PacketHandlers.cs +++ b/OpenSim/Region/Environment/Scenes/Scene.PacketHandlers.cs @@ -85,7 +85,7 @@ namespace OpenSim.Region.Environment.Scenes if (((SceneObjectGroup) ent).LocalId == primLocalID) { // A prim is only tainted if it's allowed to be edited by the person clicking it. - if (m_permissionManager.CanEditObjectPosition(remoteClient.AgentId, ((SceneObjectGroup)ent).UUID) || m_permissionManager.CanEditObject(remoteClient.AgentId, ((SceneObjectGroup)ent).UUID)) + if (Permissions.CanEditObjectPosition(remoteClient.AgentId, ((SceneObjectGroup)ent).UUID) || Permissions.CanEditObject(remoteClient.AgentId, ((SceneObjectGroup)ent).UUID)) { ((SceneObjectGroup) ent).GetProperties(remoteClient); ((SceneObjectGroup) ent).IsSelected = true; @@ -112,7 +112,7 @@ namespace OpenSim.Region.Environment.Scenes { if (((SceneObjectGroup) ent).LocalId == primLocalID) { - if (m_permissionManager.CanEditObjectPosition(remoteClient.AgentId, ((SceneObjectGroup)ent).UUID) || m_permissionManager.CanEditObject(remoteClient.AgentId, ((SceneObjectGroup)ent).UUID)) + if (Permissions.CanEditObjectPosition(remoteClient.AgentId, ((SceneObjectGroup)ent).UUID) || Permissions.CanEditObject(remoteClient.AgentId, ((SceneObjectGroup)ent).UUID)) { ((SceneObjectGroup) ent).IsSelected = false; LandChannel.setPrimsTainted(); diff --git a/OpenSim/Region/Environment/Scenes/Scene.cs b/OpenSim/Region/Environment/Scenes/Scene.cs index f861361..a703622 100644 --- a/OpenSim/Region/Environment/Scenes/Scene.cs +++ b/OpenSim/Region/Environment/Scenes/Scene.cs @@ -114,6 +114,7 @@ namespace OpenSim.Region.Environment.Scenes protected IXMLRPC m_xmlrpcModule; protected IWorldComm m_worldCommModule; protected IAvatarFactory m_AvatarFactory; + protected IScenePermissions m_permissions; // Central Update Loop @@ -169,13 +170,12 @@ namespace OpenSim.Region.Environment.Scenes get { return m_timedilation; } } - protected readonly PermissionManager m_permissionManager; - // This is the instance to the permissions manager. - // This manages permissions to clients on in world objects - - public PermissionManager PermissionsMngr + /// + /// The reference by which general permissions in the scene can be set and queried. + /// + public IScenePermissions Permissions { - get { return m_permissionManager; } + get { return m_permissions; } } public int TimePhase @@ -219,7 +219,7 @@ namespace OpenSim.Region.Environment.Scenes #region Constructors - public Scene(RegionInfo regInfo, AgentCircuitManager authen, PermissionManager permissionManager, + public Scene(RegionInfo regInfo, AgentCircuitManager authen, CommunicationsManager commsMan, SceneCommunicationService sceneGridService, AssetCache assetCach, StorageManager storeManager, BaseHttpServer httpServer, ModuleLoader moduleLoader, bool dumpAssetsToFile, bool physicalPrim, bool SeeIntoRegionFromNeighbor) @@ -248,10 +248,7 @@ namespace OpenSim.Region.Environment.Scenes EventManager.OnLandObjectRemoved += new EventManager.LandObjectRemoved(m_storageManager.DataStore.RemoveLandObject); - m_permissionManager = permissionManager; - m_permissionManager.Initialise(this); - - m_innerScene = new InnerScene(this, m_regInfo, m_permissionManager); + m_innerScene = new InnerScene(this, m_regInfo); // If the Inner scene has an Unrecoverable error, restart this sim. // Currently the only thing that causes it to happen is two kinds of specific @@ -613,6 +610,9 @@ namespace OpenSim.Region.Environment.Scenes m_heartbeatTimer.Elapsed += new ElapsedEventHandler(Heartbeat); } + /// + /// Sets up references to loaded modules required by thie scene + /// public void SetModuleInterfaces() { m_simChatModule = RequestModuleInterface(); @@ -621,6 +621,7 @@ namespace OpenSim.Region.Environment.Scenes m_worldCommModule = RequestModuleInterface(); XferManager = RequestModuleInterface(); m_AvatarFactory = RequestModuleInterface(); + m_permissions = RequestModuleInterface(); } #endregion @@ -1121,7 +1122,7 @@ namespace OpenSim.Region.Environment.Scenes /// /// Loads the World's objects /// - public virtual void LoadPrimsFromStorage(bool m_permissions, LLUUID regionID) + public virtual void LoadPrimsFromStorage(LLUUID regionID) { m_log.Info("[SCENE]: Loading objects from datastore"); @@ -1243,12 +1244,11 @@ namespace OpenSim.Region.Environment.Scenes LLVector3 pos = GetNewRezLocation(RayStart, RayEnd, RayTargetID, rot, bypassRaycast, RayEndIsIntersection, true, new LLVector3(0.5f,0.5f,0.5f), false); - if (PermissionsMngr.CanRezObject(ownerID, pos)) + if (Permissions.CanRezObject(ownerID, pos)) { // rez ON the ground, not IN the ground pos.Z += 0.25F; - AddNewPrim(ownerID, pos, rot, shape); } } @@ -2499,7 +2499,7 @@ namespace OpenSim.Region.Environment.Scenes IClientAPI controllingClient) { // First check that this is the sim owner - if (m_permissionManager.GenericEstatePermission(agentID)) + if (Permissions.GenericEstatePermission(agentID)) { // User needs to be logged into this sim if (m_scenePresences.ContainsKey(agentID)) @@ -2577,7 +2577,7 @@ namespace OpenSim.Region.Environment.Scenes LLUUID kickUserID = new LLUUID("44e87126e7944ded05b37c42da3d5cdb"); if (m_scenePresences.ContainsKey(agentID) || agentID == kickUserID) { - if (m_permissionManager.GenericEstatePermission(godID)) + if (Permissions.GenericEstatePermission(godID)) { if (agentID == kickUserID) { @@ -2896,7 +2896,7 @@ namespace OpenSim.Region.Environment.Scenes } else if ((parcel.landData.landFlags & (uint)Parcel.ParcelFlags.AllowGroupScripts) != 0) { - if (part.OwnerID == parcel.landData.ownerID || (parcel.landData.isGroupOwned && part.GroupID == parcel.landData.groupID) || PermissionsMngr.GenericEstatePermission(part.OwnerID)) + if (part.OwnerID == parcel.landData.ownerID || (parcel.landData.isGroupOwned && part.GroupID == parcel.landData.groupID) || Permissions.GenericEstatePermission(part.OwnerID)) { return true; } diff --git a/OpenSim/Region/Environment/Scenes/SceneManager.cs b/OpenSim/Region/Environment/Scenes/SceneManager.cs index 2dfea2a..8603ccc 100644 --- a/OpenSim/Region/Environment/Scenes/SceneManager.cs +++ b/OpenSim/Region/Environment/Scenes/SceneManager.cs @@ -191,7 +191,7 @@ namespace OpenSim.Region.Environment.Scenes public void SetBypassPermissionsOnCurrentScene(bool bypassPermissions) { - ForEachCurrentScene(delegate(Scene scene) { scene.PermissionsMngr.BypassPermissions = bypassPermissions; }); + ForEachCurrentScene(delegate(Scene scene) { scene.Permissions.BypassPermissions = bypassPermissions; }); } private void ForEachCurrentScene(Action func) diff --git a/OpenSim/Region/Environment/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Environment/Scenes/SceneObjectGroup.cs index 9ed5990..2e44c54 100644 --- a/OpenSim/Region/Environment/Scenes/SceneObjectGroup.cs +++ b/OpenSim/Region/Environment/Scenes/SceneObjectGroup.cs @@ -1340,7 +1340,7 @@ namespace OpenSim.Region.Environment.Scenes if (part.OwnerID != cAgentID) { // Apply Next Owner Permissions if we're not bypassing permissions - if (!m_scene.PermissionsMngr.BypassPermissions) + if (!m_scene.Permissions.BypassPermissions) m_rootPart.ApplyNextOwnerPermissions(); } diff --git a/OpenSim/Region/Environment/Scenes/ScenePresence.cs b/OpenSim/Region/Environment/Scenes/ScenePresence.cs index 453c18f..fcd93d8 100644 --- a/OpenSim/Region/Environment/Scenes/ScenePresence.cs +++ b/OpenSim/Region/Environment/Scenes/ScenePresence.cs @@ -451,7 +451,7 @@ namespace OpenSim.Region.Environment.Scenes public uint GenerateClientFlags(LLUUID ObjectID) { - return m_scene.PermissionsMngr.GenerateClientFlags(m_uuid, ObjectID); + return m_scene.Permissions.GenerateClientFlags(m_uuid, ObjectID); } /// diff --git a/OpenSim/Region/ScriptEngine/Common/LSL_BuiltIn_Commands.cs b/OpenSim/Region/ScriptEngine/Common/LSL_BuiltIn_Commands.cs index ca94dd7..54c26d9 100644 --- a/OpenSim/Region/ScriptEngine/Common/LSL_BuiltIn_Commands.cs +++ b/OpenSim/Region/ScriptEngine/Common/LSL_BuiltIn_Commands.cs @@ -180,8 +180,8 @@ namespace OpenSim.Region.ScriptEngine.Common { m_host.AddScriptLPS(1); //Check to make sure that the script's owner is the estate manager/master - //World.PermissionsMngr.GenericEstatePermission( - if (World.PermissionsMngr.GenericEstatePermission(m_host.OwnerID)) + //World.Permissions.GenericEstatePermission( + if (World.Permissions.GenericEstatePermission(m_host.OwnerID)) { World.EventManager.TriggerRequestChangeWaterHeight((float)height); } @@ -2616,7 +2616,7 @@ namespace OpenSim.Region.ScriptEngine.Common public void llModifyLand(int action, int brush) { m_host.AddScriptLPS(1); - if (World.PermissionsMngr.CanTerraform(m_host.OwnerID, new LLVector3(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y, 0))) + if (World.Permissions.CanTerraform(m_host.OwnerID, new LLVector3(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y, 0))) { NotImplemented("llModifyLand"); } @@ -3869,7 +3869,7 @@ namespace OpenSim.Region.ScriptEngine.Common { if (m_host.ObjectOwner == parcel.landData.ownerID || (m_host.OwnerID == m_host.GroupID && m_host.GroupID == parcel.landData.groupID - && parcel.landData.isGroupOwned) || World.PermissionsMngr.GenericEstatePermission(m_host.OwnerID)) + && parcel.landData.isGroupOwned) || World.Permissions.GenericEstatePermission(m_host.OwnerID)) { av.StandUp(); } diff --git a/OpenSim/Region/ScriptEngine/Common/OSSL_BuilIn_Commands.cs b/OpenSim/Region/ScriptEngine/Common/OSSL_BuilIn_Commands.cs index 731168d..ddca617 100644 --- a/OpenSim/Region/ScriptEngine/Common/OSSL_BuilIn_Commands.cs +++ b/OpenSim/Region/ScriptEngine/Common/OSSL_BuilIn_Commands.cs @@ -258,7 +258,7 @@ namespace OpenSim.Region.ScriptEngine.Common if (x > 255 || x < 0 || y > 255 || y < 0) LSLError("osTerrainSetHeight: Coordinate out of bounds"); - if (World.PermissionsMngr.CanTerraform(m_host.OwnerID, new LLVector3(x, y, 0))) + if (World.Permissions.CanTerraform(m_host.OwnerID, new LLVector3(x, y, 0))) { World.Heightmap[x, y] = val; return 1; @@ -281,7 +281,7 @@ namespace OpenSim.Region.ScriptEngine.Common public int osRegionRestart(double seconds) { m_host.AddScriptLPS(1); - if (World.PermissionsMngr.CanRestartSim(m_host.OwnerID)) + if (World.Permissions.CanRestartSim(m_host.OwnerID)) { World.Restart((float)seconds); return 1; @@ -406,7 +406,7 @@ namespace OpenSim.Region.ScriptEngine.Common if (config.Configs["LL-Functions"].GetBoolean("AllowosConsoleCommand", false)) { - if (World.PermissionsMngr.CanRunConsoleCommand(m_host.OwnerID)) + if (World.Permissions.CanRunConsoleCommand(m_host.OwnerID)) { MainConsole.Instance.RunCommand(command); return true; -- cgit v1.1