From 41395d544386fbee2d26909a590d4fa9720fdf5f Mon Sep 17 00:00:00 2001 From: Michelle Argus Date: Wed, 26 Oct 2011 15:03:10 +0200 Subject: [PATCH] Added optional owner classes to existing OSSL agent Permissions PARCEL_GROUP, PARCEL_OWNER, ESTATE_MANAGER and REGION_OWNER can be combined with the existing agent uuid option to limit ossl functions to agents and owner classes. Signed-off-by: BlueWall --- .../Shared/Api/Implementation/OSSL_Api.cs | 67 +++++++++++++++++-- bin/OpenSim.ini.example | 7 ++ bin/OpenSimDefaults.ini | 7 ++ 3 files changed, 75 insertions(+), 6 deletions(-) mode change 100644 => 100755 bin/OpenSim.ini.example diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index 52d787db0c..3cfc3c94f1 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs @@ -113,11 +113,13 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api { public List AllowedCreators; public List AllowedOwners; + public List AllowedOwnerClasses; public FunctionPerms() { AllowedCreators = new List(); AllowedOwners = new List(); + AllowedOwnerClasses = new List(); } } @@ -245,6 +247,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api // Default behavior perms.AllowedOwners = null; perms.AllowedCreators = null; + perms.AllowedOwnerClasses = null; } else { @@ -265,12 +268,20 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api foreach (string id in ids) { string current = id.Trim(); - UUID uuid; - - if (UUID.TryParse(current, out uuid)) + if (current.ToUpper() == "PARCEL_GROUP_MEMBER" || current.ToUpper() == "PARCEL_OWNER" || current.ToUpper() == "ESTATE_MANAGER" || current.ToUpper() == "ESTATE_OWNER") { - if (uuid != UUID.Zero) - perms.AllowedOwners.Add(uuid); + if (!perms.AllowedOwnerClasses.Contains(current)) + perms.AllowedOwnerClasses.Add(current.ToUpper()); + } + else + { + UUID uuid; + + if (UUID.TryParse(current, out uuid)) + { + if (uuid != UUID.Zero) + perms.AllowedOwners.Add(uuid); + } } } @@ -326,11 +337,55 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api String.Format("{0} permission error. Can't find script in prim inventory.", function)); } + + UUID ownerID = ti.OwnerID; + + //OSSL only may be used if objet is in the same group as the parcel + if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER")) + { + ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y); + + if (land.LandData.GroupID == ti.GroupID && land.LandData.GroupID != UUID.Zero) + { + return; + } + } + + //Only Parcelowners may use the function + if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER")) + { + ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y); + + if (land.LandData.OwnerID == ownerID) + { + return; + } + } + + //Only Estate Managers may use the function + if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER")) + { + //Only Estate Managers may use the function + if (World.RegionInfo.EstateSettings.IsEstateManager(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID) + { + return; + } + } + + //Only regionowners may use the function + if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER")) + { + if (World.RegionInfo.EstateSettings.EstateOwner == ownerID) + { + return; + } + } + if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID)) OSSLError( String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", function)); - if (ti.CreatorID != ti.OwnerID) + if (ti.CreatorID != ownerID) { if ((ti.CurrentPermissions & (uint)PermissionMask.Modify) != 0) OSSLError( diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example old mode 100644 new mode 100755 index 44da31cb86..80f4c0ed92 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example @@ -617,6 +617,13 @@ ; Comma separated list of UUIDS allows the function for that list of UUIDS ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb + + ; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are + ; - PARCEL_GROUP_MEMBER: allow if objectgroup is the same group as the parcel + ; - PARCEL_OWNER: allow if the objectowner is parcelowner + ; - ESTATE_MANAGER: allow if the object owner is a estate manager + ; - ESTATE_OWNER: allow if objectowner is estateowner + ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ... ; You can also use script creators as the uuid ; Creators_osSetRegionWaterHeight = , ... diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini index 7df4357800..16ce1256aa 100644 --- a/bin/OpenSimDefaults.ini +++ b/bin/OpenSimDefaults.ini @@ -1196,6 +1196,13 @@ ; Comma separated list of UUIDS allows the function for that list of UUIDS ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb + + ; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are + ; - PARCEL_GROUP_MEMBER: allow if objectgroup is the same group as the parcel + ; - PARCEL_OWNER: allow if the objectowner is parcelowner + ; - ESTATE_MANAGER: allow if the object owner is a estate manager + ; - ESTATE_OWNER: allow if objectowner is estateowner + ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ... ; You can also use script creators as the uuid ; Creators_osSetRegionWaterHeight = , ...