Added optional owner classes to existing OSSL agent Permissions

PARCEL_GROUP, PARCEL_OWNER, ESTATE_MANAGER and REGION_OWNER can be combined with the existing agent uuid option to limit ossl functions to agents and owner classes.

Signed-off-by: BlueWall <jamesh@bluewallgroup.com>
remove-scene-viewer
Michelle Argus 2011-10-26 15:03:10 +02:00 committed by BlueWall
parent 9a28e7a4e0
commit 41395d5443
3 changed files with 75 additions and 6 deletions

View File

@ -113,11 +113,13 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{ {
public List<UUID> AllowedCreators; public List<UUID> AllowedCreators;
public List<UUID> AllowedOwners; public List<UUID> AllowedOwners;
public List<string> AllowedOwnerClasses;
public FunctionPerms() public FunctionPerms()
{ {
AllowedCreators = new List<UUID>(); AllowedCreators = new List<UUID>();
AllowedOwners = new List<UUID>(); AllowedOwners = new List<UUID>();
AllowedOwnerClasses = new List<string>();
} }
} }
@ -245,6 +247,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// Default behavior // Default behavior
perms.AllowedOwners = null; perms.AllowedOwners = null;
perms.AllowedCreators = null; perms.AllowedCreators = null;
perms.AllowedOwnerClasses = null;
} }
else else
{ {
@ -265,12 +268,20 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
foreach (string id in ids) foreach (string id in ids)
{ {
string current = id.Trim(); string current = id.Trim();
UUID uuid; if (current.ToUpper() == "PARCEL_GROUP_MEMBER" || current.ToUpper() == "PARCEL_OWNER" || current.ToUpper() == "ESTATE_MANAGER" || current.ToUpper() == "ESTATE_OWNER")
if (UUID.TryParse(current, out uuid))
{ {
if (uuid != UUID.Zero) if (!perms.AllowedOwnerClasses.Contains(current))
perms.AllowedOwners.Add(uuid); perms.AllowedOwnerClasses.Add(current.ToUpper());
}
else
{
UUID uuid;
if (UUID.TryParse(current, out uuid))
{
if (uuid != UUID.Zero)
perms.AllowedOwners.Add(uuid);
}
} }
} }
@ -326,11 +337,55 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
String.Format("{0} permission error. Can't find script in prim inventory.", String.Format("{0} permission error. Can't find script in prim inventory.",
function)); function));
} }
UUID ownerID = ti.OwnerID;
//OSSL only may be used if objet is in the same group as the parcel
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y);
if (land.LandData.GroupID == ti.GroupID && land.LandData.GroupID != UUID.Zero)
{
return;
}
}
//Only Parcelowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y);
if (land.LandData.OwnerID == ownerID)
{
return;
}
}
//Only Estate Managers may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
{
//Only Estate Managers may use the function
if (World.RegionInfo.EstateSettings.IsEstateManager(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
{
return;
}
}
//Only regionowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
{
if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
{
return;
}
}
if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID)) if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID))
OSSLError( OSSLError(
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.", String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
function)); function));
if (ti.CreatorID != ti.OwnerID) if (ti.CreatorID != ownerID)
{ {
if ((ti.CurrentPermissions & (uint)PermissionMask.Modify) != 0) if ((ti.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
OSSLError( OSSLError(

7
bin/OpenSim.ini.example Normal file → Executable file
View File

@ -617,6 +617,13 @@
; Comma separated list of UUIDS allows the function for that list of UUIDS ; Comma separated list of UUIDS allows the function for that list of UUIDS
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are
; - PARCEL_GROUP_MEMBER: allow if objectgroup is the same group as the parcel
; - PARCEL_OWNER: allow if the objectowner is parcelowner
; - ESTATE_MANAGER: allow if the object owner is a estate manager
; - ESTATE_OWNER: allow if objectowner is estateowner
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ...
; You can also use script creators as the uuid ; You can also use script creators as the uuid
; Creators_osSetRegionWaterHeight = <uuid>, ... ; Creators_osSetRegionWaterHeight = <uuid>, ...

View File

@ -1196,6 +1196,13 @@
; Comma separated list of UUIDS allows the function for that list of UUIDS ; Comma separated list of UUIDS allows the function for that list of UUIDS
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are
; - PARCEL_GROUP_MEMBER: allow if objectgroup is the same group as the parcel
; - PARCEL_OWNER: allow if the objectowner is parcelowner
; - ESTATE_MANAGER: allow if the object owner is a estate manager
; - ESTATE_OWNER: allow if objectowner is estateowner
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ...
; You can also use script creators as the uuid ; You can also use script creators as the uuid
; Creators_osSetRegionWaterHeight = <uuid>, ... ; Creators_osSetRegionWaterHeight = <uuid>, ...