prevent hacked viewers from being able to delete arbitrary items from any
prim. Allow friends with perms and shared group members to move or copy things out of prims0.7-release
parent
df55e5295f
commit
2eadd984ab
|
@ -915,6 +915,9 @@ namespace OpenSim.Region.Framework.Scenes
|
||||||
SceneObjectGroup group = part.ParentGroup;
|
SceneObjectGroup group = part.ParentGroup;
|
||||||
if (group != null)
|
if (group != null)
|
||||||
{
|
{
|
||||||
|
if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId))
|
||||||
|
return;
|
||||||
|
|
||||||
TaskInventoryItem item = group.GetInventoryItem(localID, itemID);
|
TaskInventoryItem item = group.GetInventoryItem(localID, itemID);
|
||||||
if (item == null)
|
if (item == null)
|
||||||
return;
|
return;
|
||||||
|
@ -1054,9 +1057,21 @@ namespace OpenSim.Region.Framework.Scenes
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only owner can copy
|
TaskInventoryItem item = part.Inventory.GetInventoryItem(itemId);
|
||||||
if (remoteClient.AgentId != taskItem.OwnerID)
|
if ((item.CurrentPermissions & (uint)PermissionMask.Copy) == 0)
|
||||||
return;
|
{
|
||||||
|
// If the item to be moved is no copy, we need to be able to
|
||||||
|
// edit the prim.
|
||||||
|
if (!Permissions.CanEditObjectInventory(part.UUID, remoteClient.AgentId))
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
// If the item is copiable, then we just need to have perms
|
||||||
|
// on it. The delete check is a pure rights check
|
||||||
|
if (!Permissions.CanDeleteObject(part.UUID, remoteClient.AgentId))
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
MoveTaskInventoryItem(remoteClient, folderId, part, itemId);
|
MoveTaskInventoryItem(remoteClient, folderId, part, itemId);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue