Permissions module: add GetObjectPermissions() that should replace GenericObjectPermission

httptests
UbitUmarov 2017-01-17 14:30:20 +00:00
parent db2fbf6516
commit 06bca0388f
1 changed files with 77 additions and 1 deletions

View File

@ -76,7 +76,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions
//private uint PERM_MODIFY = (uint)16384; //private uint PERM_MODIFY = (uint)16384;
private uint PERM_MOVE = (uint)524288; private uint PERM_MOVE = (uint)524288;
private uint PERM_TRANS = (uint)8192; private uint PERM_TRANS = (uint)8192;
private uint PERM_LOCKED = (uint)540672; // private uint PERM_LOCKED = (uint)540672;
private uint PERM_LOCKED = (uint)524288; // same as move
/// <value> /// <value>
/// Different user set names that come in from the configuration file. /// Different user set names that come in from the configuration file.
@ -479,6 +480,23 @@ namespace OpenSim.Region.CoreModules.World.Permissions
return false; return false;
} }
protected bool GroupMemberPowers(UUID groupID, UUID userID, ref ulong powers)
{
powers = 0;
if (null == GroupsModule)
return false;
GroupMembershipData gmd = GroupsModule.GetMembershipData(groupID, userID);
if (gmd != null)
{
powers = gmd.GroupPowers;
return true;
}
return false;
}
/* /*
private bool CheckGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask) private bool CheckGroupPowers(ScenePresence sp, UUID groupID, ulong powersMask)
{ {
@ -855,6 +873,64 @@ namespace OpenSim.Region.CoreModules.World.Permissions
return PermissionClass.Everyone; return PermissionClass.Everyone;
} }
/// <summary>
/// General permissions checks for any operation involving an object. These supplement more specific checks
/// implemented by callers.
/// </summary>
/// <param name="currentUser"></param>
/// <param name="objId">This is a scene object group UUID</param>
/// <param name="denyOnLocked"></param>
/// <returns></returns>
protected uint GetObjectPermissions(UUID currentUser, UUID objId, bool denyOnLocked)
{
SceneObjectPart part = m_scene.GetSceneObjectPart(objId);
if (part == null)
return 0;
// Admin should be able to edit anything in the sim (including admin objects)
if (IsAdministrator(currentUser))
return (uint)PermissionMask.AllEffective;
SceneObjectGroup group = part.ParentGroup;
SceneObjectPart root = group.RootPart;
if (root == null)
return 0;
UUID objectOwner = group.OwnerID;
bool locked = denyOnLocked && ((root.OwnerMask & PERM_LOCKED) == 0);
uint lockmask = (uint)PermissionMask.AllEffective;
if(locked)
lockmask = (uint)PermissionMask.Move;
if (currentUser == objectOwner)
return group.EffectiveOwnerPerms & lockmask;
if (group.IsAttachment)
return 0;
// Friends with benefits should be able to edit the objects too
if (IsFriendWithPerms(currentUser, objectOwner))
return group.EffectiveOwnerPerms & lockmask;
UUID sogGroupID = group.GroupID;
if (sogGroupID != UUID.Zero)
{
ulong powers = 0;
if(GroupMemberPowers(sogGroupID, currentUser, ref powers))
{
if(sogGroupID == objectOwner)
{
if((powers & (ulong)GroupPowers.ObjectManipulate) != 0)
return group.EffectiveOwnerPerms & lockmask;
}
return group.EffectiveGroupOrEveryOnePerms & lockmask;
}
}
return group.EffectiveEveryOnePerms & lockmask;
}
/// <summary> /// <summary>
/// General permissions checks for any operation involving an object. These supplement more specific checks /// General permissions checks for any operation involving an object. These supplement more specific checks
/// implemented by callers. /// implemented by callers.