Move script and notecard open perms checks from ClientView to the

perms module
0.6.0-stable
Melanie Thielker 2008-09-22 22:33:00 +00:00
parent 878166622b
commit 48672c7fd6
2 changed files with 149 additions and 4 deletions

View File

@ -4835,6 +4835,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP
case PacketType.TransferRequest: case PacketType.TransferRequest:
//Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request"); //Console.WriteLine("ClientView.ProcessPackets.cs:ProcessInPacket() - Got transfer request");
TransferRequestPacket transfer = (TransferRequestPacket)Pack; TransferRequestPacket transfer = (TransferRequestPacket)Pack;
System.Console.WriteLine("Transfer request, source {0}", transfer.TransferInfo.SourceType);
// Validate inventory transfers // Validate inventory transfers
// Has to be done here, because AssetCache can't do it // Has to be done here, because AssetCache can't do it
// //
@ -4890,8 +4891,27 @@ namespace OpenSim.Region.ClientStack.LindenUDP
return; return;
} }
if ((assetRequestItem.CurrentPermissions & ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify| (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) // At this point, we need to apply perms
break; // only to notecards and scripts. All
// other asset types are always available
//
if (assetRequestItem.AssetType == 10)
{
if (!((Scene)m_scene).ExternalChecks.ExternalChecksCanViewScript(itemID, UUID.Zero, AgentId))
{
SendAgentAlertMessage("Insufficient permissions to view script", false);
break;
}
}
else if (assetRequestItem.AssetType == 7)
{
if (!((Scene)m_scene).ExternalChecks.ExternalChecksCanViewNotecard(itemID, UUID.Zero, AgentId))
{
SendAgentAlertMessage("Insufficient permissions to view notecard", false);
break;
}
}
if (assetRequestItem.AssetID != requestID) if (assetRequestItem.AssetID != requestID)
break; break;
} }

View File

@ -952,7 +952,77 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue; if (m_bypassPermissions) return m_bypassPermissionsValue;
return false; if (objectID == UUID.Zero) // User inventory
{
CachedUserInfo userInfo =
scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
if (userInfo == null)
return false;
if (userInfo.RootFolder == null)
return false;
InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(script);
if (assetRequestItem == null) // Library item
{
assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(script);
if (assetRequestItem != null) // Implicitly readable
return true;
}
// SL is rather harebrained here. In SL, a script you
// have mod/copy no trans is readable. This subverts
// permissions, but is used in some products, most
// notably Hippo door plugin and HippoRent 5 networked
// prim counter.
// To enable this broken SL-ism, remove Transfer from
// the below expressions.
// Trying to improve on SL perms by making a script
// readable only if it's really full perms
//
if ((assetRequestItem.CurrentPermissions &
((uint)PermissionMask.Modify |
(uint)PermissionMask.Copy |
(uint)PermissionMask.Transfer)) !=
((uint)PermissionMask.Modify |
(uint)PermissionMask.Copy |
(uint)PermissionMask.Transfer))
return false;
}
else // Prim inventory
{
SceneObjectPart part = scene.GetSceneObjectPart(objectID);
if (part == null)
return false;
if (part.OwnerID != user)
return false;
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
return false;
TaskInventoryItem ti = part.GetInventoryItem(script);
if (ti == null)
return false;
if (ti.OwnerID != user)
return false;
// Require full perms
if ((ti.CurrentPermissions &
((uint)PermissionMask.Modify |
(uint)PermissionMask.Copy |
(uint)PermissionMask.Transfer)) !=
((uint)PermissionMask.Modify |
(uint)PermissionMask.Copy |
(uint)PermissionMask.Transfer))
return false;
}
return true;
} }
private bool CanViewNotecard(UUID notecard, UUID objectID, UUID user, Scene scene) private bool CanViewNotecard(UUID notecard, UUID objectID, UUID user, Scene scene)
@ -960,7 +1030,62 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue; if (m_bypassPermissions) return m_bypassPermissionsValue;
return false; if (objectID == UUID.Zero) // User inventory
{
CachedUserInfo userInfo =
scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
if (userInfo == null)
return false;
if (userInfo.RootFolder == null)
return false;
InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard);
if (assetRequestItem == null) // Library item
{
assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard);
if (assetRequestItem != null) // Implicitly readable
return true;
}
// Notecards are always readable unless no copy
//
if ((assetRequestItem.CurrentPermissions &
(uint)PermissionMask.Copy) !=
(uint)PermissionMask.Copy)
return false;
}
else // Prim inventory
{
SceneObjectPart part = scene.GetSceneObjectPart(objectID);
if (part == null)
return false;
if (part.OwnerID != user)
return false;
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
return false;
TaskInventoryItem ti = part.GetInventoryItem(notecard);
if (ti == null)
return false;
if (ti.OwnerID != user)
return false;
// Notecards are always readable unless no copy
//
if ((ti.CurrentPermissions &
(uint)PermissionMask.Copy) !=
(uint)PermissionMask.Copy)
return false;
}
return true;
} }
#endregion #endregion