OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Permissions module: replace some GenericObjectPermission by GenericObjectPermission on some checks. Note that in some cases behavour is now diferent.

httptests
UbitUmarov 2017-01-18 00:42:08 +00:00
parent 6d784f6306
commit c14d81f538
1 changed files with 53 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs
View File

@ -728,7 +728,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions
return returnMask; return returnMask;
} }
UUID taskOwnerID = task.OwnerID; UUID taskOwnerID = task.OwnerID;
UUID spID = sp.UUID; UUID spID = sp.UUID;
@ -878,16 +877,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
/// <param name="objId">This is a scene object group UUID</param> /// <param name="objId">This is a scene object group UUID</param>
/// <param name="denyOnLocked"></param> /// <param name="denyOnLocked"></param>
/// <returns></returns> /// <returns></returns>
protected uint GetObjectPermissions(UUID currentUser, UUID objId, bool denyOnLocked) protected uint GetObjectPermissions(UUID currentUser, SceneObjectGroup group, bool denyOnLocked)
{ {
SceneObjectPart part = m_scene.GetSceneObjectPart(objId); if (group == null)
if (part == null)
return 0; return 0;
if (IsAdministrator(currentUser)) if (IsAdministrator(currentUser))
return (uint)PermissionMask.AllEffective; return (uint)PermissionMask.AllEffective;
SceneObjectGroup group = part.ParentGroup;
SceneObjectPart root = group.RootPart; SceneObjectPart root = group.RootPart;
if (root == null) if (root == null)
return 0; return 0;
@ -1193,29 +1190,13 @@ namespace OpenSim.Region.CoreModules.World.Permissions
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue; if (m_bypassPermissions) return m_bypassPermissionsValue;
if (!GenericObjectPermission(owner, objectID, true)) SceneObjectGroup sog = scene.GetGroupByPrim(objectID);
{ if (sog == null)
//They can't even edit the object
return false;
}
SceneObjectPart part = scene.GetSceneObjectPart(objectID);
if (part == null)
return false; return false;
if (part.OwnerID == owner) uint perms = GetObjectPermissions(owner, sog, false);
{ if((perms & (uint)PermissionMask.Copy) == 0)
if ((part.OwnerMask & PERM_COPY) == 0) return false;
return false;
}
else if (part.GroupID != UUID.Zero)
{
if ((part.OwnerID == part.GroupID) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
return false;
if ((part.GroupMask & PERM_COPY) == 0)
return false;
}
//If they can rez, they can duplicate //If they can rez, they can duplicate
return CanRezObject(objectCount, owner, objectPosition, scene); return CanRezObject(objectCount, owner, objectPosition, scene);
@ -1226,7 +1207,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue; if (m_bypassPermissions) return m_bypassPermissionsValue;
return GenericObjectPermission(deleter, objectID, false); SceneObjectGroup sog = scene.GetGroupByPrim(objectID);
if (sog == null)
return false;
uint perms = GetObjectPermissions(deleter, sog, false);
if((perms & (uint)PermissionMask.Modify) == 0)
return false;
return true;
} }
private bool CanEditObject(UUID objectID, UUID editorID, Scene scene) private bool CanEditObject(UUID objectID, UUID editorID, Scene scene)
@ -1234,7 +1222,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue; if (m_bypassPermissions) return m_bypassPermissionsValue;
return GenericObjectPermission(editorID, objectID, false); SceneObjectGroup sog = scene.GetGroupByPrim(objectID);
if (sog == null)
return false;
uint perms = GetObjectPermissions(editorID, sog, true);
if((perms & (uint)PermissionMask.Modify) == 0)
return false;
return true;
} }
private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene) private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene)
@ -1242,7 +1237,14 @@ namespace OpenSim.Region.CoreModules.World.Permissions
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue; if (m_bypassPermissions) return m_bypassPermissionsValue;
return GenericObjectPermission(editorID, objectID, false); SceneObjectGroup sog = scene.GetGroupByPrim(objectID);
if (sog == null)
return false;
uint perms = GetObjectPermissions(editorID, sog, true);
if((perms & (uint)PermissionMask.Modify) == 0)
return false;
return true;
} }
private bool CanEditParcelProperties(UUID user, ILandObject parcel, GroupPowers p, Scene scene, bool allowManager) private bool CanEditParcelProperties(UUID user, ILandObject parcel, GroupPowers p, Scene scene, bool allowManager)
@ -1314,30 +1316,19 @@ namespace OpenSim.Region.CoreModules.World.Permissions
} }
else // Prim inventory else // Prim inventory
{ {
SceneObjectPart part = scene.GetSceneObjectPart(objectID); SceneObjectGroup sog = scene.GetGroupByPrim(objectID);
if (sog == null)
return false;
uint perms = GetObjectPermissions(user, sog, true);
if((perms & (uint)PermissionMask.Modify) == 0)
return false;
SceneObjectPart part = scene.GetSceneObjectPart(objectID);
if (part == null) if (part == null)
return false; return false;
if (part.OwnerID != user)
{
if (part.GroupID == UUID.Zero)
return false;
if (!IsGroupMember(part.GroupID, user, 0))
return false;
if ((part.GroupMask & (uint)PermissionMask.Modify) == 0)
return false;
}
else
{
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
return false;
}
TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard); TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
if (ti == null) if (ti == null)
return false; return false;
@ -1351,14 +1342,10 @@ namespace OpenSim.Region.CoreModules.World.Permissions
} }
// Require full perms // Require full perms
if ((ti.CurrentPermissions & if ((ti.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy)) !=
((uint)PermissionMask.Modify | ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy))
(uint)PermissionMask.Copy)) !=
((uint)PermissionMask.Modify |
(uint)PermissionMask.Copy))
return false; return false;
} }
return true; return true;
} }
@ -1407,85 +1394,26 @@ namespace OpenSim.Region.CoreModules.World.Permissions
if (m_bypassPermissions) if (m_bypassPermissions)
{ {
SceneObjectPart part = scene.GetSceneObjectPart(objectID); SceneObjectPart part = scene.GetSceneObjectPart(objectID);
if(part == null)
return false;
if (part.OwnerID != moverID) if (part.OwnerID != moverID)
{ {
if (!part.ParentGroup.IsDeleted) if (part.ParentGroup.IsDeleted || part.ParentGroup.IsAttachment)
{
if (part.ParentGroup.IsAttachment)
return false; return false;
}
} }
return m_bypassPermissionsValue; return m_bypassPermissionsValue;
} }
bool permission = GenericObjectPermission(moverID, objectID, true); SceneObjectGroup sog = scene.GetGroupByPrim(objectID);
if (!permission) if (sog == null)
{ return false;
if (!m_scene.Entities.ContainsKey(objectID))
{
return false;
}
// The client uint perms = GetObjectPermissions(moverID, sog, true);
// may request to edit linked parts, and therefore, it needs if((perms & (uint)PermissionMask.Move) == 0)
// to also check for SceneObjectPart return false;
// admins exception ? if needed then should be done at GetObjectPermissions
// If it's not an object, we cant edit it. return true;
if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
{
return false;
}
SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
// UUID taskOwner = null;
// Added this because at this point in time it wouldn't be wise for
// the administrator object permissions to take effect.
// UUID objectOwner = task.OwnerID;
// Anyone can move
if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
permission = true;
// Locked
if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
permission = false;
}
else
{
bool locked = false;
if (!m_scene.Entities.ContainsKey(objectID))
{
return false;
}
// If it's not an object, we cant edit it.
if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
{
return false;
}
SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objectID];
UUID objectOwner = group.OwnerID;
locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
// This is an exception to the generic object permission.
// Administrators who lock their objects should not be able to move them,
// however generic object permission should return true.
// This keeps locked objects from being affected by random click + drag actions by accident
// and allows the administrator to grab or delete a locked object.
// Administrators and estate managers are still able to click+grab locked objects not
// owned by them in the scene
// This is by design.
if (locked && (moverID == objectOwner))
return false;
}
return permission;
} }
private bool CanObjectEntry(UUID objectID, bool enteringRegion, Vector3 newPoint, Scene scene) private bool CanObjectEntry(UUID objectID, bool enteringRegion, Vector3 newPoint, Scene scene)