1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
using System.Collections.Generic;
using OpenSim.Framework;
using OpenSim.Framework.Types;
using OpenSim.Framework.Communications;
using OpenSim.Framework.Servers;
using OpenSim.Region.Capabilities;
using OpenSim.Region.Environment.Scenes;
using OpenSim.Region.Environment.LandManagement;
using libsecondlife;
namespace OpenSim.Region.Environment
{
public class PermissionManager
{
protected Scene m_scene;
public PermissionManager(Scene scene)
{
m_scene = scene;
}
public delegate void OnPermissionErrorDelegate(LLUUID user, string reason);
public event OnPermissionErrorDelegate OnPermissionError;
protected virtual void SendPermissionError(LLUUID user, string reason)
{
if (OnPermissionError != null)
OnPermissionError(user, reason);
}
protected virtual bool IsAdministrator(LLUUID user)
{
return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
}
protected virtual bool IsEstateManager(LLUUID user)
{
return false;
}
public virtual bool CanRezObject(LLUUID user, LLVector3 position)
{
return true;
}
#region Object Permissions
protected virtual bool GenericObjectPermission(LLUUID user, LLUUID obj)
{
// Default: deny
bool permission = false;
// If it's not an object, we cant edit it.
if (!(m_scene.Entities[obj] is SceneObject))
return false;
SceneObject task = (SceneObject)m_scene.Entities[obj];
LLUUID taskOwner = task.rootPrimitive.OwnerID;
// Object owners should be able to edit their own content
if (user == taskOwner)
permission = true;
// Users should be able to edit what is over their land.
if (m_scene.LandManager.getLandObject(task.Pos.X, task.Pos.Y).landData.ownerID == user)
permission = true;
// Estate users should be able to edit anything in the sim
if (IsEstateManager(user))
permission = true;
// Admin objects should not be editable by the above
if (IsAdministrator(taskOwner))
permission = false;
// Admin should be able to edit anything in the sim (including admin objects)
if (IsAdministrator(user))
permission = true;
return permission;
}
/// <summary>
/// Permissions check - can user delete an object?
/// </summary>
/// <param name="user">User attempting the delete</param>
/// <param name="obj">Target object</param>
/// <returns>Has permission?</returns>
public virtual bool CanDeRezObject(LLUUID user, LLUUID obj)
{
return GenericObjectPermission(user, obj);
}
public virtual bool CanEditObject(LLUUID user, LLUUID obj)
{
return GenericObjectPermission(user, obj);
}
public virtual bool CanReturnObject(LLUUID user, LLUUID obj)
{
return GenericObjectPermission(user, obj);
}
#endregion
public virtual bool CanEditScript(LLUUID user, LLUUID script)
{
return false;
}
public virtual bool CanRunScript(LLUUID user, LLUUID script)
{
return false;
}
public virtual bool CanTerraform(LLUUID user, LLUUID position)
{
return false;
}
#region Estate Permissions
protected virtual bool GenericEstatePermission(LLUUID user)
{
// Default: deny
bool permission = false;
// Estate admins should be able to use estate tools
if (IsEstateManager(user))
permission = true;
// Administrators always have permission
if (IsAdministrator(user))
permission = true;
return permission;
}
public virtual bool CanEditEstateTerrain(LLUUID user)
{
return GenericEstatePermission(user);
}
#endregion
#region Parcel Permissions
protected virtual bool GenericParcelPermission(LLUUID user, Land parcel)
{
bool permission = false;
if (parcel.landData.ownerID == user)
permission = true;
if (parcel.landData.isGroupOwned)
{
// TODO: Need to do some extra checks here. Requires group code.
}
if(IsEstateManager(user))
permission = true;
if (IsAdministrator(user))
permission = true;
return permission;
}
public virtual bool CanEditParcel(LLUUID user, Land parcel)
{
return GenericParcelPermission(user, parcel);
}
public virtual bool CanSellParcel(LLUUID user, Land parcel)
{
return GenericParcelPermission(user, parcel);
}
public virtual bool CanAbandonParcel(LLUUID user, Land parcel)
{
return GenericParcelPermission(user, parcel);
}
#endregion
}
}
|