From c4d741180f0c69db90c8ccb2a06857656e7b1082 Mon Sep 17 00:00:00 2001 From: Melanie Thielker Date: Wed, 8 Oct 2008 02:45:23 +0000 Subject: Add some permissions checks and fixes --- .../Currency/SampleMoney/SampleMoneyModule.cs | 5 +-- .../Region/Environment/Scenes/Scene.Inventory.cs | 27 ++++++++++-- OpenSim/Region/Environment/Scenes/Scene.cs | 49 ++++++++++++++++++++-- .../Scenes/SceneObjectPart.Inventory.cs | 2 +- 4 files changed, 72 insertions(+), 11 deletions(-) (limited to 'OpenSim') diff --git a/OpenSim/Region/Environment/Modules/Avatar/Currency/SampleMoney/SampleMoneyModule.cs b/OpenSim/Region/Environment/Modules/Avatar/Currency/SampleMoney/SampleMoneyModule.cs index ea2fc04..a015c63 100644 --- a/OpenSim/Region/Environment/Modules/Avatar/Currency/SampleMoney/SampleMoneyModule.cs +++ b/OpenSim/Region/Environment/Modules/Avatar/Currency/SampleMoney/SampleMoneyModule.cs @@ -1591,9 +1591,8 @@ namespace OpenSim.Region.Environment.Modules.Avatar.Currency.SampleMoney return; } - doMoneyTransfer(remoteClient.AgentId, part.OwnerID, salePrice, 5000, "Object buy"); - - s.PerformObjectBuy(remoteClient, categoryID, localID, saleType); + if (s.PerformObjectBuy(remoteClient, categoryID, localID, saleType)) + doMoneyTransfer(remoteClient.AgentId, part.OwnerID, salePrice, 5000, "Object buy"); } } diff --git a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs index 204ba39..eb21221 100644 --- a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs @@ -928,6 +928,11 @@ namespace OpenSim.Region.Environment.Scenes return null; } + if ((destAgent != taskItem.OwnerID) && ((taskItem.CurrentPermissions & (uint)PermissionMask.Transfer) == 0)) + { + return null; + } + InventoryItemBase agentItem = new InventoryItemBase(); agentItem.ID = UUID.Random(); @@ -943,7 +948,7 @@ namespace OpenSim.Region.Environment.Scenes if ((destAgent != taskItem.OwnerID) && ExternalChecks.ExternalChecksPropagatePermissions()) { agentItem.BasePermissions = taskItem.NextPermissions; - agentItem.CurrentPermissions = taskItem.NextPermissions; + agentItem.CurrentPermissions = taskItem.NextPermissions | 8; agentItem.NextPermissions = taskItem.NextPermissions; agentItem.EveryOnePermissions = taskItem.EveryonePermissions & taskItem.NextPermissions; } @@ -976,6 +981,9 @@ namespace OpenSim.Region.Environment.Scenes InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId); + if (agentItem == null) + return; + agentItem.Folder = folderId; AddInventoryItem(remoteClient, agentItem); } @@ -1045,6 +1053,10 @@ namespace OpenSim.Region.Environment.Scenes avatarId); } InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(avatarId, part, itemId); + + if (agentItem == null) + return; + agentItem.Folder = folderId; AddInventoryItem(avatarId, agentItem); @@ -1082,6 +1094,11 @@ namespace OpenSim.Region.Environment.Scenes return; } + // Can't transfer this + // + if ((part.OwnerID != destPart.OwnerID) && ((srcTaskItem.CurrentPermissions & (uint)PermissionMask.Transfer) == 0)) + return; + if (part.OwnerID != destPart.OwnerID && (part.GetEffectiveObjectFlags() & (uint)PrimFlags.AllowInventoryDrop) == 0) { // object cannot copy items to an object owned by a different owner @@ -1166,9 +1183,13 @@ namespace OpenSim.Region.Environment.Scenes foreach (UUID itemID in items) { InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(destID, host, itemID); - agentItem.Folder = newFolderID; - AddInventoryItem(destID, agentItem); + if (agentItem != null) + { + agentItem.Folder = newFolderID; + + AddInventoryItem(destID, agentItem); + } } ScenePresence avatar; diff --git a/OpenSim/Region/Environment/Scenes/Scene.cs b/OpenSim/Region/Environment/Scenes/Scene.cs index da6da1e..9328501 100644 --- a/OpenSim/Region/Environment/Scenes/Scene.cs +++ b/OpenSim/Region/Environment/Scenes/Scene.cs @@ -4089,22 +4089,30 @@ namespace OpenSim.Region.Environment.Scenes part.GetProperties(client); } - public void PerformObjectBuy(IClientAPI remoteClient, UUID categoryID, + public bool PerformObjectBuy(IClientAPI remoteClient, UUID categoryID, uint localID, byte saleType) { SceneObjectPart part = GetSceneObjectPart(localID); if (part == null) - return; + return false; if (part.ParentGroup == null) - return; + return false; SceneObjectGroup group = part.ParentGroup; switch (saleType) { case 1: // Sell as original (in-place sale) + uint effectivePerms=group.GetEffectivePermissions(); + + if ((effectivePerms & (uint)PermissionMask.Transfer) == 0) + { + remoteClient.SendAgentAlertMessage("This item doesn't appear to be for sale", false); + return false; + } + group.SetOwnerId(remoteClient.AgentId); group.SetRootPartOwner(part, remoteClient.AgentId, remoteClient.ActiveGroupId); @@ -4138,6 +4146,14 @@ namespace OpenSim.Region.Environment.Scenes if (userInfo != null) { + uint perms=group.GetEffectivePermissions(); + + if ((perms & (uint)PermissionMask.Transfer) == 0) + { + remoteClient.SendAgentAlertMessage("This item doesn't appear to be for sale", false); + return false; + } + AssetBase asset = CreateAsset( group.GetPartName(localID), group.GetPartDescription(localID), @@ -4157,7 +4173,6 @@ namespace OpenSim.Region.Environment.Scenes item.InvType = (int)InventoryType.Object; item.Folder = categoryID; - uint perms=group.GetEffectivePermissions(); uint nextPerms=(perms & 7) << 13; if ((nextPerms & (uint)PermissionMask.Copy) == 0) perms &= ~(uint)PermissionMask.Copy; @@ -4177,16 +4192,42 @@ namespace OpenSim.Region.Environment.Scenes userInfo.AddItem(item); remoteClient.SendInventoryItemCreateUpdate(item); } + else + { + remoteClient.SendAgentAlertMessage("Cannot buy now. Your inventory is unavailable", false); + return false; + } break; case 3: // Sell contents List invList = part.GetInventoryList(); + bool okToSell = true; + + foreach (UUID invID in invList) + { + TaskInventoryItem item = part.GetInventoryItem(invID); + if ((item.CurrentPermissions & + (uint)PermissionMask.Transfer) == 0) + { + okToSell = false; + break; + } + } + + if (!okToSell) + { + remoteClient.SendAgentAlertMessage("This item's inventory doesn't appear to be for sale", false); + return false; + } + if (invList.Count > 0) MoveTaskInventoryItems(remoteClient.AgentId, part.Name, part, invList); break; } + + return true; } public void CleanTempObjects() diff --git a/OpenSim/Region/Environment/Scenes/SceneObjectPart.Inventory.cs b/OpenSim/Region/Environment/Scenes/SceneObjectPart.Inventory.cs index 34e5305..d4346e4 100644 --- a/OpenSim/Region/Environment/Scenes/SceneObjectPart.Inventory.cs +++ b/OpenSim/Region/Environment/Scenes/SceneObjectPart.Inventory.cs @@ -716,7 +716,7 @@ namespace OpenSim.Region.Environment.Scenes foreach (TaskInventoryItem item in m_taskInventory.Values) { - if (item.InvType == 6) + if (item.InvType == 6 && (item.CurrentPermissions & 7) != 0) { if ((item.CurrentPermissions & ((uint)PermissionMask.Copy >> 13)) == 0) item.CurrentPermissions &= ~(uint)PermissionMask.Copy; -- cgit v1.1