OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

prevent hacked viewers from being able to delete arbitrary items from any 

prim. Allow friends with perms and shared group members to move or copy
things out of prims
0.7-release
Melanie Thielker 2010-07-15 20:28:18 +02:00 committed by Diva Canto
parent df55e5295f
commit 2eadd984ab
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
View File

@ -915,6 +915,9 @@ namespace OpenSim.Region.Framework.Scenes
SceneObjectGroup group = part.ParentGroup; SceneObjectGroup group = part.ParentGroup;
if (group != null) if (group != null)
{ {
if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId))
return;
TaskInventoryItem item = group.GetInventoryItem(localID, itemID); TaskInventoryItem item = group.GetInventoryItem(localID, itemID);
if (item == null) if (item == null)
return; return;
@ -1054,9 +1057,21 @@ namespace OpenSim.Region.Framework.Scenes
return; return;
} }
// Only owner can copy TaskInventoryItem item = part.Inventory.GetInventoryItem(itemId);
if (remoteClient.AgentId != taskItem.OwnerID) if ((item.CurrentPermissions & (uint)PermissionMask.Copy) == 0)
return; {
// If the item to be moved is no copy, we need to be able to
// edit the prim.
if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId))
return;
}
else
{
// If the item is copiable, then we just need to have perms
// on it. The delete check is a pure rights check
if (!Permissions.CanDeleteObject(part.UUID, remoteClient.AgentId))
return;
}
MoveTaskInventoryItem(remoteClient, folderId, part, itemId); MoveTaskInventoryItem(remoteClient, folderId, part, itemId);
} }