From 2e7f7c41a752f59775dd8353c84725d8f5a6003c Mon Sep 17 00:00:00 2001
From: "Justin Clark-Casey (justincc)" <jjustincc@googlemail.com>
Date: Tue, 27 Aug 2013 00:35:33 +0100
Subject: [PATCH] Also check user authorization if looking to upgrade from a
 child to a root agent.

Relevant if a child agent has been allowed into the region which should not be upgraded to a root agent.
---
 OpenSim/Region/Framework/Scenes/Scene.cs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 9695716789..e0c96c6966 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -3855,6 +3855,19 @@ namespace OpenSim.Region.Framework.Scenes
                     // Let the SP know how we got here. This has a lot of interesting
                     // uses down the line.
                     sp.TeleportFlags = (TPFlags)teleportFlags;
+
+                    // We must carry out a further authorization check if there's an 
+                    // attempt to make a child agent into a root agent, since SeeIntoRegion may have allowed a child
+                    // agent to login to a region where a full avatar would not be allowed.
+                    //
+                    // We determine whether this is a CreateAgent for a future non-child agent by inspecting 
+                    // TeleportFlags, which will be default for a child connection.  This relies on input from the source
+                    // region.
+                    if (sp.TeleportFlags != TPFlags.Default)
+                    {
+                        if (!AuthorizeUser(acd, false, out reason))
+                            return false;
+                    }
     
                     if (sp.IsChildAgent)
                     {