OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Disabled TCP Remoting Channel Security for InterRegion communication, as it appears we are not implementing this correctly. (need to set up certificates first) 

* Documented ACL class
afrisby
Adam Frisby 2007-10-21 22:15:41 +00:00
parent 61397a3410
commit 7f2ec02802
3 changed files with 585 additions and 550 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

480
OpenSim/Framework/General/PolicyManager/ACL.cs
View File

@ -1,223 +1,257 @@
using System; /*
using System.Collections.Generic; * Copyright (c) Contributors, http://opensimulator.org/
using System.Text; * See CONTRIBUTORS.TXT for a full list of copyright holders.
*
namespace OpenSim.Framework.PolicyManager * Redistribution and use in source and binary forms, with or without
{ * modification, are permitted provided that the following conditions are met:
#region ACL Core Class * * Redistributions of source code must retain the above copyright
/// <summary> * notice, this list of conditions and the following disclaimer.
/// Access Control List Engine * * Redistributions in binary form must reproduce the above copyright
/// </summary> * notice, this list of conditions and the following disclaimer in the
public class ACL * documentation and/or other materials provided with the distribution.
{ * * Neither the name of the OpenSim Project nor the
Dictionary<string, Role> Roles = new Dictionary<string, Role>(); * names of its contributors may be used to endorse or promote products
Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); * derived from this software without specific prior written permission.
*
public ACL AddRole(Role role) * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY
{ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
if (Roles.ContainsKey(role.Name)) * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
throw new AlreadyContainsRoleException(role); * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
Roles.Add(role.Name, role); * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
return this; * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
} * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
public ACL AddResource(Resource resource) *
{ */
Resources.Add(resource.Name, resource); using System;
using System.Collections.Generic;
return this; using System.Text;
}
namespace OpenSim.Framework.PolicyManager
public Permission HasPermission(string role, string resource) {
{ // ACL Class
if (!Roles.ContainsKey(role)) // Modelled after the structure of the Zend ACL Framework Library
throw new KeyNotFoundException(); // with one key difference - the tree will search for all matching
// permissions rather than just the first. Deny permissions will
if (!Resources.ContainsKey(resource)) // override all others.
throw new KeyNotFoundException();
return Roles[role].RequestPermission(resource); #region ACL Core Class
} /// <summary>
/// Access Control List Engine
public ACL GrantPermission(string role, string resource) /// </summary>
{ public class ACL
if (!Roles.ContainsKey(role)) {
throw new KeyNotFoundException(); Dictionary<string, Role> Roles = new Dictionary<string, Role>();
Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
if (!Resources.ContainsKey(resource))
throw new KeyNotFoundException(); public ACL AddRole(Role role)
{
Roles[role].GivePermission(resource, Permission.Allow); if (Roles.ContainsKey(role.Name))
throw new AlreadyContainsRoleException(role);
return this;
} Roles.Add(role.Name, role);
public ACL DenyPermission(string role, string resource) return this;
{ }
if (!Roles.ContainsKey(role))
throw new KeyNotFoundException(); public ACL AddResource(Resource resource)
{
if (!Resources.ContainsKey(resource)) Resources.Add(resource.Name, resource);
throw new KeyNotFoundException();
return this;
Roles[role].GivePermission(resource, Permission.Deny); }
return this; public Permission HasPermission(string role, string resource)
} {
if (!Roles.ContainsKey(role))
public ACL ResetPermission(string role, string resource) throw new KeyNotFoundException();
{
if (!Roles.ContainsKey(role)) if (!Resources.ContainsKey(resource))
throw new KeyNotFoundException(); throw new KeyNotFoundException();
if (!Resources.ContainsKey(resource)) return Roles[role].RequestPermission(resource);
throw new KeyNotFoundException(); }
Roles[role].GivePermission(resource, Permission.None); public ACL GrantPermission(string role, string resource)
{
return this; if (!Roles.ContainsKey(role))
} throw new KeyNotFoundException();
}
#endregion if (!Resources.ContainsKey(resource))
throw new KeyNotFoundException();
#region Exceptions
/// <summary> Roles[role].GivePermission(resource, Permission.Allow);
/// Thrown when an ACL attempts to add a duplicate role.
/// </summary> return this;
public class AlreadyContainsRoleException : Exception }
{
protected Role m_role; public ACL DenyPermission(string role, string resource)
{
public Role ErrorRole if (!Roles.ContainsKey(role))
{ throw new KeyNotFoundException();
get { return m_role; }
} if (!Resources.ContainsKey(resource))
throw new KeyNotFoundException();
public AlreadyContainsRoleException(Role role)
{ Roles[role].GivePermission(resource, Permission.Deny);
m_role = role;
} return this;
}
public override string ToString()
{ public ACL ResetPermission(string role, string resource)
return "This ACL already contains a role called '" + m_role.Name + "'."; {
} if (!Roles.ContainsKey(role))
} throw new KeyNotFoundException();
#endregion
if (!Resources.ContainsKey(resource))
#region Roles and Resources throw new KeyNotFoundException();
/// <summary> Roles[role].GivePermission(resource, Permission.None);
/// Does this Role have permission to access a specified Resource?
/// </summary> return this;
public enum Permission { Deny, None, Allow }; }
}
/// <summary> #endregion
/// A role class, for use with Users or Groups
/// </summary> #region Exceptions
public class Role /// <summary>
{ /// Thrown when an ACL attempts to add a duplicate role.
private string m_name; /// </summary>
private Role[] m_parents; public class AlreadyContainsRoleException : Exception
private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); {
protected Role m_role;
public string Name
{ public Role ErrorRole
get { return m_name; } {
} get { return m_role; }
}
public Permission RequestPermission(string resource)
{ public AlreadyContainsRoleException(Role role)
return RequestPermission(resource, Permission.None); {
} m_role = role;
}
public Permission RequestPermission(string resource, Permission current)
{ public override string ToString()
// Deny permissions always override any others {
if (current == Permission.Deny) return "This ACL already contains a role called '" + m_role.Name + "'.";
return current; }
}
Permission temp = Permission.None; #endregion
// Pickup non-None permissions #region Roles and Resources
if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
temp = m_resources[resource]; /// <summary>
/// Does this Role have permission to access a specified Resource?
if (m_parents != null) /// </summary>
{ public enum Permission { Deny, None, Allow };
foreach (Role parent in m_parents)
{ /// <summary>
temp = parent.RequestPermission(resource, temp); /// A role class, for use with Users or Groups
} /// </summary>
} public class Role
{
return temp; private string m_name;
} private Role[] m_parents;
private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
public void GivePermission(string resource, Permission perm)
{ public string Name
m_resources[resource] = perm; {
} get { return m_name; }
}
public Role(string name)
{ public Permission RequestPermission(string resource)
m_name = name; {
m_parents = null; return RequestPermission(resource, Permission.None);
} }
public Role(string name, Role[] parents) public Permission RequestPermission(string resource, Permission current)
{ {
m_name = name; // Deny permissions always override any others
m_parents = parents; if (current == Permission.Deny)
} return current;
}
Permission temp = Permission.None;
public class Resource
{ // Pickup non-None permissions
private string m_name; if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
temp = m_resources[resource];
public string Name
{ if (m_parents != null)
get { return m_name; } {
} foreach (Role parent in m_parents)
{
public Resource(string name) temp = parent.RequestPermission(resource, temp);
{ }
m_name = name; }
}
} return temp;
}
#endregion
public void GivePermission(string resource, Permission perm)
#region Tests {
m_resources[resource] = perm;
class ACLTester }
{
public ACLTester() public Role(string name)
{ {
ACL acl = new ACL(); m_name = name;
m_parents = null;
Role Guests = new Role("Guests"); }
acl.AddRole(Guests);
public Role(string name, Role[] parents)
Role[] parents = new Role[0]; {
parents[0] = Guests; m_name = name;
m_parents = parents;
Role JoeGuest = new Role("JoeGuest", parents); }
acl.AddRole(JoeGuest); }
Resource CanBuild = new Resource("CanBuild"); public class Resource
acl.AddResource(CanBuild); {
private string m_name;
acl.GrantPermission("Guests", "CanBuild"); public string Name
{
acl.HasPermission("JoeGuest", "CanBuild"); get { return m_name; }
}
}
} public Resource(string name)
{
#endregion m_name = name;
} }
}
#endregion
#region Tests
class ACLTester
{
public ACLTester()
{
ACL acl = new ACL();
Role Guests = new Role("Guests");
acl.AddRole(Guests);
Role[] parents = new Role[0];
parents[0] = Guests;
Role JoeGuest = new Role("JoeGuest", parents);
acl.AddRole(JoeGuest);
Resource CanBuild = new Resource("CanBuild");
acl.AddResource(CanBuild);
acl.GrantPermission("Guests", "CanBuild");
acl.HasPermission("JoeGuest", "CanBuild");
}
}
#endregion
}

2
OpenSim/Region/Communications/OGS1/OGS1GridServices.cs
View File

@ -327,7 +327,7 @@ namespace OpenSim.Region.Communications.OGS1
private void StartRemoting() private void StartRemoting()
{ {
TcpChannel ch = new TcpChannel(this.serversInfo.RemotingListenerPort); TcpChannel ch = new TcpChannel(this.serversInfo.RemotingListenerPort);
ChannelServices.RegisterChannel(ch, true); ChannelServices.RegisterChannel(ch, false); // Disabled security as Mono doesnt support this.
WellKnownServiceTypeEntry wellType = new WellKnownServiceTypeEntry(typeof(OGS1InterRegionRemoting), "InterRegions", WellKnownObjectMode.Singleton); WellKnownServiceTypeEntry wellType = new WellKnownServiceTypeEntry(typeof(OGS1InterRegionRemoting), "InterRegions", WellKnownObjectMode.Singleton);
RemotingConfiguration.RegisterWellKnownServiceType(wellType); RemotingConfiguration.RegisterWellKnownServiceType(wellType);

653
OpenSim/Region/Environment/PermissionManager.cs
View File

@ -1,327 +1,328 @@
/* /*
* Copyright (c) Contributors, http://opensimulator.org/ * Copyright (c) Contributors, http://opensimulator.org/
* See CONTRIBUTORS.TXT for a full list of copyright holders. * See CONTRIBUTORS.TXT for a full list of copyright holders.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met: * modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer. * notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright * * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the * notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution. * documentation and/or other materials provided with the distribution.
* * Neither the name of the OpenSim Project nor the * * Neither the name of the OpenSim Project nor the
* names of its contributors may be used to endorse or promote products * names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission. * derived from this software without specific prior written permission.
* *
* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* *
*/ */
using libsecondlife; using libsecondlife;
using OpenSim.Region.Environment.LandManagement; using OpenSim.Region.Environment.LandManagement;
using OpenSim.Region.Environment.Scenes; using OpenSim.Region.Environment.Scenes;
using OpenSim.Framework.PolicyManager;
namespace OpenSim.Region.Environment
{ namespace OpenSim.Region.Environment
public class PermissionManager {
{ public class PermissionManager
protected Scene m_scene; {
protected Scene m_scene;
// Bypasses the permissions engine (always returns OK)
// disable in any production environment // Bypasses the permissions engine (always returns OK)
// TODO: Change this to false when permissions are a desired default // disable in any production environment
// TODO: Move to configuration option. // TODO: Change this to false when permissions are a desired default
private bool m_bypassPermissions = true; // TODO: Move to configuration option.
private bool m_bypassPermissions = true;
public bool BypassPermissions
{ public bool BypassPermissions
get { return m_bypassPermissions; } {
set { m_bypassPermissions = value; } get { return m_bypassPermissions; }
} set { m_bypassPermissions = value; }
}
public PermissionManager(Scene scene)
{ public PermissionManager(Scene scene)
m_scene = scene; {
} m_scene = scene;
}
protected virtual void SendPermissionError(LLUUID user, string reason)
{ protected virtual void SendPermissionError(LLUUID user, string reason)
m_scene.EventManager.TriggerPermissionError(user, reason); {
} m_scene.EventManager.TriggerPermissionError(user, reason);
}
protected virtual bool IsAdministrator(LLUUID user)
{ protected virtual bool IsAdministrator(LLUUID user)
if (m_bypassPermissions) {
{ if (m_bypassPermissions)
return true; {
} return true;
}
return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
} return m_scene.RegionInfo.MasterAvatarAssignedUUID == user;
}
protected virtual bool IsEstateManager(LLUUID user)
{ protected virtual bool IsEstateManager(LLUUID user)
if (m_bypassPermissions) {
{ if (m_bypassPermissions)
return true; {
} return true;
}
return false;
} return false;
}
protected virtual bool IsGridUser(LLUUID user)
{ protected virtual bool IsGridUser(LLUUID user)
return true; {
} return true;
}
protected virtual bool IsGuest(LLUUID user)
{ protected virtual bool IsGuest(LLUUID user)
return false; {
} return false;
}
public virtual bool CanRezObject(LLUUID user, LLVector3 position)
{ public virtual bool CanRezObject(LLUUID user, LLVector3 position)
bool permission = false; {
bool permission = false;
string reason = "Insufficient permission";
string reason = "Insufficient permission";
if (IsAdministrator(user))
{ if (IsAdministrator(user))
permission = true; {
} permission = true;
else }
{ else
reason = "Not an administrator"; {
} reason = "Not an administrator";
}
if (GenericParcelPermission(user, position))
{ if (GenericParcelPermission(user, position))
permission = true; {
} permission = true;
else }
{ else
reason = "Not the parcel owner"; {
} reason = "Not the parcel owner";
}
if (!permission)
SendPermissionError(user, reason); if (!permission)
SendPermissionError(user, reason);
return permission;
} return permission;
}
#region Object Permissions
#region Object Permissions
protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId)
{ protected virtual bool GenericObjectPermission(LLUUID user, LLUUID objId)
// Default: deny {
bool permission = false; // Default: deny
bool permission = false;
if (!m_scene.Entities.ContainsKey(objId))
{ if (!m_scene.Entities.ContainsKey(objId))
return false; {
} return false;
}
// If it's not an object, we cant edit it.
if (!(m_scene.Entities[objId] is SceneObjectGroup)) // If it's not an object, we cant edit it.
{ if (!(m_scene.Entities[objId] is SceneObjectGroup))
return false; {
} return false;
}
SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId];
LLUUID taskOwner = null; SceneObjectGroup task = (SceneObjectGroup) m_scene.Entities[objId];
LLUUID taskOwner = null;
// Object owners should be able to edit their own content
if (user == taskOwner) // Object owners should be able to edit their own content
permission = true; if (user == taskOwner)
permission = true;
// Users should be able to edit what is over their land.
if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID == // Users should be able to edit what is over their land.
user) if (m_scene.LandManager.getLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y).landData.ownerID ==
permission = true; user)
permission = true;
// Estate users should be able to edit anything in the sim
if (IsEstateManager(user)) // Estate users should be able to edit anything in the sim
permission = true; if (IsEstateManager(user))
permission = true;
// Admin objects should not be editable by the above
if (IsAdministrator(taskOwner)) // Admin objects should not be editable by the above
permission = false; if (IsAdministrator(taskOwner))
permission = false;
// Admin should be able to edit anything in the sim (including admin objects)
if (IsAdministrator(user)) // Admin should be able to edit anything in the sim (including admin objects)
permission = true; if (IsAdministrator(user))
permission = true;
return permission;
} return permission;
}
/// <summary>
/// Permissions check - can user delete an object? /// <summary>
/// </summary> /// Permissions check - can user delete an object?
/// <param name="user">User attempting the delete</param> /// </summary>
/// <param name="obj">Target object</param> /// <param name="user">User attempting the delete</param>
/// <returns>Has permission?</returns> /// <param name="obj">Target object</param>
public virtual bool CanDeRezObject(LLUUID user, LLUUID obj) /// <returns>Has permission?</returns>
{ public virtual bool CanDeRezObject(LLUUID user, LLUUID obj)
return GenericObjectPermission(user, obj); {
} return GenericObjectPermission(user, obj);
}
public virtual bool CanEditObject(LLUUID user, LLUUID obj)
{ public virtual bool CanEditObject(LLUUID user, LLUUID obj)
return GenericObjectPermission(user, obj); {
} return GenericObjectPermission(user, obj);
}
public virtual bool CanReturnObject(LLUUID user, LLUUID obj)
{ public virtual bool CanReturnObject(LLUUID user, LLUUID obj)
return GenericObjectPermission(user, obj); {
} return GenericObjectPermission(user, obj);
}
#endregion
#endregion
#region Communication Permissions
#region Communication Permissions
public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target)
{ public virtual bool GenericCommunicationPermission(LLUUID user, LLUUID target)
bool permission = false; {
string reason = "Only registered users may communicate with another account."; bool permission = false;
string reason = "Only registered users may communicate with another account.";
if (IsGridUser(user))
permission = true; if (IsGridUser(user))
permission = true;
if (!IsGridUser(user))
{ if (!IsGridUser(user))
permission = false; {
reason = "The person that you are messaging is not a registered user."; permission = false;
} reason = "The person that you are messaging is not a registered user.";
if (IsAdministrator(user)) }
permission = true; if (IsAdministrator(user))
permission = true;
if (IsEstateManager(user))
permission = true; if (IsEstateManager(user))
permission = true;
if (!permission)
SendPermissionError(user, reason); if (!permission)
SendPermissionError(user, reason);
return permission;
} return permission;
}
public virtual bool CanInstantMessage(LLUUID user, LLUUID target)
{ public virtual bool CanInstantMessage(LLUUID user, LLUUID target)
return GenericCommunicationPermission(user, target); {
} return GenericCommunicationPermission(user, target);
}
public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target)
{ public virtual bool CanInventoryTransfer(LLUUID user, LLUUID target)
return GenericCommunicationPermission(user, target); {
} return GenericCommunicationPermission(user, target);
}
#endregion
#endregion
public virtual bool CanEditScript(LLUUID user, LLUUID script)
{ public virtual bool CanEditScript(LLUUID user, LLUUID script)
return IsAdministrator(user); {
} return IsAdministrator(user);
}
public virtual bool CanRunScript(LLUUID user, LLUUID script)
{ public virtual bool CanRunScript(LLUUID user, LLUUID script)
return IsAdministrator(user); {
} return IsAdministrator(user);
}
public virtual bool CanTerraform(LLUUID user, LLVector3 position)
{ public virtual bool CanTerraform(LLUUID user, LLVector3 position)
bool permission = false; {
bool permission = false;
// Estate override
if (GenericEstatePermission(user)) // Estate override
permission = true; if (GenericEstatePermission(user))
permission = true;
// Land owner can terraform too
if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y))) // Land owner can terraform too
permission = true; if (GenericParcelPermission(user, m_scene.LandManager.getLandObject(position.X, position.Y)))
permission = true;
if (!permission)
SendPermissionError(user, "Not authorized to terraform at this location."); if (!permission)
SendPermissionError(user, "Not authorized to terraform at this location.");
return permission;
} return permission;
}
#region Estate Permissions
#region Estate Permissions
protected virtual bool GenericEstatePermission(LLUUID user)
{ protected virtual bool GenericEstatePermission(LLUUID user)
// Default: deny {
bool permission = false; // Default: deny
bool permission = false;
// Estate admins should be able to use estate tools
if (IsEstateManager(user)) // Estate admins should be able to use estate tools
permission = true; if (IsEstateManager(user))
permission = true;
// Administrators always have permission
if (IsAdministrator(user)) // Administrators always have permission
permission = true; if (IsAdministrator(user))
permission = true;
return permission;
} return permission;
}
public virtual bool CanEditEstateTerrain(LLUUID user)
{ public virtual bool CanEditEstateTerrain(LLUUID user)
return GenericEstatePermission(user); {
} return GenericEstatePermission(user);
}
#endregion
#endregion
#region Parcel Permissions
#region Parcel Permissions
protected virtual bool GenericParcelPermission(LLUUID user, Land parcel)
{ protected virtual bool GenericParcelPermission(LLUUID user, Land parcel)
bool permission = false; {
bool permission = false;
if (parcel.landData.ownerID == user)
permission = true; if (parcel.landData.ownerID == user)
permission = true;
if (parcel.landData.isGroupOwned)
{ if (parcel.landData.isGroupOwned)
// TODO: Need to do some extra checks here. Requires group code. {
} // TODO: Need to do some extra checks here. Requires group code.
}
if (IsEstateManager(user))
permission = true; if (IsEstateManager(user))
permission = true;
if (IsAdministrator(user))
permission = true; if (IsAdministrator(user))
permission = true;
return permission;
} return permission;
}
protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
{ protected virtual bool GenericParcelPermission(LLUUID user, LLVector3 pos)
return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y)); {
} return GenericParcelPermission(user, m_scene.LandManager.getLandObject(pos.X, pos.Y));
}
public virtual bool CanEditParcel(LLUUID user, Land parcel)
{ public virtual bool CanEditParcel(LLUUID user, Land parcel)
return GenericParcelPermission(user, parcel); {
} return GenericParcelPermission(user, parcel);
}
public virtual bool CanSellParcel(LLUUID user, Land parcel)
{ public virtual bool CanSellParcel(LLUUID user, Land parcel)
return GenericParcelPermission(user, parcel); {
} return GenericParcelPermission(user, parcel);
}
public virtual bool CanAbandonParcel(LLUUID user, Land parcel)
{ public virtual bool CanAbandonParcel(LLUUID user, Land parcel)
return GenericParcelPermission(user, parcel); {
} return GenericParcelPermission(user, parcel);
}
#endregion
} #endregion
} }
}