prevent hacked viewers from being able to delete arbitrary items from any

prim. Allow friends with perms and shared group members to move or copy
things out of prims
0.7-release
Melanie Thielker 2010-07-15 20:28:18 +02:00 committed by Diva Canto
parent df55e5295f
commit 2eadd984ab
1 changed files with 18 additions and 3 deletions

View File

@ -915,6 +915,9 @@ namespace OpenSim.Region.Framework.Scenes
SceneObjectGroup group = part.ParentGroup; SceneObjectGroup group = part.ParentGroup;
if (group != null) if (group != null)
{ {
if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId))
return;
TaskInventoryItem item = group.GetInventoryItem(localID, itemID); TaskInventoryItem item = group.GetInventoryItem(localID, itemID);
if (item == null) if (item == null)
return; return;
@ -1054,9 +1057,21 @@ namespace OpenSim.Region.Framework.Scenes
return; return;
} }
// Only owner can copy TaskInventoryItem item = part.Inventory.GetInventoryItem(itemId);
if (remoteClient.AgentId != taskItem.OwnerID) if ((item.CurrentPermissions & (uint)PermissionMask.Copy) == 0)
return; {
// If the item to be moved is no copy, we need to be able to
// edit the prim.
if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId))
return;
}
else
{
// If the item is copiable, then we just need to have perms
// on it. The delete check is a pure rights check
if (!Permissions.CanDeleteObject(part.UUID, remoteClient.AgentId))
return;
}
MoveTaskInventoryItem(remoteClient, folderId, part, itemId); MoveTaskInventoryItem(remoteClient, folderId, part, itemId);
} }