Added optional owner classes to existing OSSL agent Permissions

PARCEL_GROUP, PARCEL_OWNER, ESTATE_MANAGER and REGION_OWNER can be combined with the existing agent uuid option to limit ossl functions to agents and owner classes.

Signed-off-by: BlueWall <jamesh@bluewallgroup.com>
remove-scene-viewer
Michelle Argus 2011-10-26 15:03:10 +02:00 committed by BlueWall
parent 9a28e7a4e0
commit 41395d5443
3 changed files with 75 additions and 6 deletions

View File

@ -113,11 +113,13 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{
public List<UUID> AllowedCreators;
public List<UUID> AllowedOwners;
public List<string> AllowedOwnerClasses;
public FunctionPerms()
{
AllowedCreators = new List<UUID>();
AllowedOwners = new List<UUID>();
AllowedOwnerClasses = new List<string>();
}
}
@ -245,6 +247,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// Default behavior
perms.AllowedOwners = null;
perms.AllowedCreators = null;
perms.AllowedOwnerClasses = null;
}
else
{
@ -265,6 +268,13 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
foreach (string id in ids)
{
string current = id.Trim();
if (current.ToUpper() == "PARCEL_GROUP_MEMBER" || current.ToUpper() == "PARCEL_OWNER" || current.ToUpper() == "ESTATE_MANAGER" || current.ToUpper() == "ESTATE_OWNER")
{
if (!perms.AllowedOwnerClasses.Contains(current))
perms.AllowedOwnerClasses.Add(current.ToUpper());
}
else
{
UUID uuid;
if (UUID.TryParse(current, out uuid))
@ -273,6 +283,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
perms.AllowedOwners.Add(uuid);
}
}
}
ids = creatorPerm.Split(new char[] {','});
foreach (string id in ids)
@ -326,11 +337,55 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
String.Format("{0} permission error. Can't find script in prim inventory.",
function));
}
UUID ownerID = ti.OwnerID;
//OSSL only may be used if objet is in the same group as the parcel
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_GROUP_MEMBER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y);
if (land.LandData.GroupID == ti.GroupID && land.LandData.GroupID != UUID.Zero)
{
return;
}
}
//Only Parcelowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("PARCEL_OWNER"))
{
ILandObject land = World.LandChannel.GetLandObject(m_host.AbsolutePosition.X, m_host.AbsolutePosition.Y);
if (land.LandData.OwnerID == ownerID)
{
return;
}
}
//Only Estate Managers may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_MANAGER"))
{
//Only Estate Managers may use the function
if (World.RegionInfo.EstateSettings.IsEstateManager(ownerID) && World.RegionInfo.EstateSettings.EstateOwner != ownerID)
{
return;
}
}
//Only regionowners may use the function
if (m_FunctionPerms[function].AllowedOwnerClasses.Contains("ESTATE_OWNER"))
{
if (World.RegionInfo.EstateSettings.EstateOwner == ownerID)
{
return;
}
}
if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID))
OSSLError(
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
function));
if (ti.CreatorID != ti.OwnerID)
if (ti.CreatorID != ownerID)
{
if ((ti.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
OSSLError(

7
bin/OpenSim.ini.example Normal file → Executable file
View File

@ -618,6 +618,13 @@
; Comma separated list of UUIDS allows the function for that list of UUIDS
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are
; - PARCEL_GROUP_MEMBER: allow if objectgroup is the same group as the parcel
; - PARCEL_OWNER: allow if the objectowner is parcelowner
; - ESTATE_MANAGER: allow if the object owner is a estate manager
; - ESTATE_OWNER: allow if objectowner is estateowner
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ...
; You can also use script creators as the uuid
; Creators_osSetRegionWaterHeight = <uuid>, ...

View File

@ -1197,6 +1197,13 @@
; Comma separated list of UUIDS allows the function for that list of UUIDS
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are
; - PARCEL_GROUP_MEMBER: allow if objectgroup is the same group as the parcel
; - PARCEL_OWNER: allow if the objectowner is parcelowner
; - ESTATE_MANAGER: allow if the object owner is a estate manager
; - ESTATE_OWNER: allow if objectowner is estateowner
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ...
; You can also use script creators as the uuid
; Creators_osSetRegionWaterHeight = <uuid>, ...