From ef601d805ab948caf1ab4dcf4f5ee2ff640be1df Mon Sep 17 00:00:00 2001
From: Justin Clarke Casey
Date: Thu, 13 Nov 2008 18:52:16 +0000
Subject: * First part of a series of patches * Intension is to provide a way
to lock down script creation to administrators/gods only * Defaults will
remain as they are at the moment
---
.../Modules/World/Permissions/PermissionsModule.cs | 29 ++++++++++++++++------
.../Region/Environment/Scenes/Scene.Inventory.cs | 24 +++++++++---------
.../Environment/Scenes/SceneExternalChecks.cs | 4 +--
3 files changed, 36 insertions(+), 21 deletions(-)
(limited to 'OpenSim')
diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
index 5d48cbd..b6b7d4a 100644
--- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
+++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
@@ -142,7 +142,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return;
m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false);
-
m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true);
m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
@@ -236,7 +235,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
protected void DebugPermissionInformation(string permissionCalled)
{
if (m_debugPermissions)
- m_log.Info("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
+ m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
}
protected bool IsAdministrator(UUID user)
@@ -408,6 +407,14 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return objectFlagsMask;
}
+ ///
+ /// General permissions checks for any operation involving an object. These supplement more specific checks
+ /// implemented by callers.
+ ///
+ ///
+ ///
+ ///
+ ///
protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
{
// Default: deny
@@ -425,7 +432,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return false;
}
-
SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
UUID objectOwner = group.OwnerID;
@@ -477,7 +483,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return permission;
}
-
#endregion
#region Generic Permissions
@@ -655,8 +660,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
{
m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user);
return false;
- }
-
+ }
if (userInfo.RootFolder == null)
return false;
@@ -1214,8 +1218,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return true;
}
- public bool CanCreateInventory(uint invType, UUID objectID, UUID userID)
+ ///
+ /// Check whether the specified user is allowed to directly create the given inventory type in a prim's
+ /// inventory (e.g. the New Script button in the 1.21 Linden Lab client). This permission check does not
+ /// apply to existing items that are being dragged in to that prim's inventory.
+ ///
+ ///
+ ///
+ ///
+ ///
+ public bool CanCreateInventory(int invType, UUID objectID, UUID userID)
{
+ m_log.Debug("[PERMISSIONS]: CanCreateInventory called");
+
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue;
diff --git a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
index c6ad94c..0e28b0c 100644
--- a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
@@ -799,11 +799,9 @@ namespace OpenSim.Region.Environment.Scenes
if (agentTransactions != null)
{
agentTransactions.HandleItemCreationFromTransaction(
- remoteClient, transactionID, folderID, callbackID, description,
- name, invType, assetType, wearableType, nextOwnerMask);
+ remoteClient, transactionID, folderID, callbackID, description,
+ name, invType, assetType, wearableType, nextOwnerMask);
}
-
-
}
}
@@ -1002,7 +1000,6 @@ namespace OpenSim.Region.Environment.Scenes
///
public void MoveTaskInventoryItem(IClientAPI remoteClient, UUID folderId, SceneObjectPart part, UUID itemId)
{
-
InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId);
if (agentItem == null)
@@ -1316,17 +1313,17 @@ namespace OpenSim.Region.Environment.Scenes
}
///
- /// Rez a script into a prim's inventory
+ /// Rez a script into a prim's inventory, either ex nihilo or from an existing avatar inventory
///
///
///
///
public void RezScript(IClientAPI remoteClient, InventoryItemBase itemBase, UUID transactionID, uint localID)
{
- UUID itemID=itemBase.ID;
+ UUID itemID = itemBase.ID;
UUID copyID = UUID.Random();
- if (itemID != UUID.Zero)
+ if (itemID != UUID.Zero) // transferred from an avatar inventory to the prim's pinventory
{
CachedUserInfo userInfo = CommsManager.UserProfileCacheService.GetUserDetails(remoteClient.AgentId);
@@ -1378,9 +1375,9 @@ namespace OpenSim.Region.Environment.Scenes
}
}
}
- else // If the itemID is zero then the script has been rezzed directly in an object's inventory
- {
- SceneObjectPart part=GetSceneObjectPart(itemBase.Folder);
+ else // script has been rezzed directly into a prim's inventory
+ {
+ SceneObjectPart part = GetSceneObjectPart(itemBase.Folder);
if (part == null)
return;
@@ -1389,11 +1386,14 @@ namespace OpenSim.Region.Environment.Scenes
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
return;
+
+ if (!ExternalChecks.ExternalChecksCanCreateInventory(itemBase.InvType, part.UUID, remoteClient.AgentId))
+ return;
AssetBase asset = CreateAsset(itemBase.Name, itemBase.Description, (sbyte)itemBase.AssetType, Encoding.ASCII.GetBytes("default\n{\n state_entry()\n {\n llSay(0, \"Script running\");\n }\n}"));
AssetCache.AddAsset(asset);
- TaskInventoryItem taskItem=new TaskInventoryItem();
+ TaskInventoryItem taskItem = new TaskInventoryItem();
taskItem.ResetIDs(itemBase.Folder);
taskItem.ParentID = itemBase.Folder;
diff --git a/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs b/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs
index f8d041a..c5bbcdd 100644
--- a/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs
+++ b/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs
@@ -1070,7 +1070,7 @@ namespace OpenSim.Region.Environment.Scenes
#endregion
- public delegate bool CanCreateInventory(uint invType, UUID objectID, UUID userID);
+ public delegate bool CanCreateInventory(int invType, UUID objectID, UUID userID);
private List CanCreateInventoryCheckFunctions = new List();
public void addCheckCanCreateInventory(CanCreateInventory delegateFunc)
@@ -1085,7 +1085,7 @@ namespace OpenSim.Region.Environment.Scenes
CanCreateInventoryCheckFunctions.Remove(delegateFunc);
}
- public bool ExternalChecksCanCreateInventory(uint invType, UUID objectID, UUID userID)
+ public bool ExternalChecksCanCreateInventory(int invType, UUID objectID, UUID userID)
{
foreach (CanCreateInventory check in CanCreateInventoryCheckFunctions)
{
--
cgit v1.1