diff --git a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs index bd0c1461cc..c9ef173db0 100644 --- a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs +++ b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs @@ -7053,32 +7053,89 @@ namespace OpenSim.Region.ClientStack.LindenUDP taskID = new UUID(transfer.TransferInfo.Params, 48); UUID itemID = new UUID(transfer.TransferInfo.Params, 64); UUID requestID = new UUID(transfer.TransferInfo.Params, 80); + +// m_log.DebugFormat( +// "[CLIENT]: Got request for asset {0} from item {1} in prim {2} by {3}", +// requestID, itemID, taskID, Name); + if (!(((Scene)m_scene).Permissions.BypassPermissions())) { if (taskID != UUID.Zero) // Prim { SceneObjectPart part = ((Scene)m_scene).GetSceneObjectPart(taskID); if (part == null) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but prim does not exist", + Name, requestID, itemID, taskID); return true; + } - if (part.OwnerID != AgentId) - return true; - - if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) - return true; - - TaskInventoryItem ti = part.Inventory.GetInventoryItem(itemID); - if (ti == null) - return true; - - if (ti.OwnerID != AgentId) - return true; - - if ((ti.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) - return true; - - if (ti.AssetID != requestID) + TaskInventoryItem tii = part.Inventory.GetInventoryItem(itemID); + if (tii == null) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but item does not exist", + Name, requestID, itemID, taskID); return true; + } + + if (tii.Type == (int)AssetType.LSLText) + { + if (!((Scene)m_scene).Permissions.CanEditScript(itemID, taskID, AgentId)) + return true; + } + else if (tii.Type == (int)AssetType.Notecard) + { + if (!((Scene)m_scene).Permissions.CanEditNotecard(itemID, taskID, AgentId)) + return true; + } + else + { + // TODO: Change this code to allow items other than notecards and scripts to be successfully + // shared with group. In fact, all this permissions checking should move to an IPermissionsModule + if (part.OwnerID != AgentId) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but the prim is owned by {4}", + Name, requestID, itemID, taskID, part.OwnerID); + return true; + } + + if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but modify permissions are not set", + Name, requestID, itemID, taskID); + return true; + } + + if (tii.OwnerID != AgentId) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but the item is owned by {4}", + Name, requestID, itemID, taskID, tii.OwnerID); + return true; + } + + if (( + tii.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) + != ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but item permissions are not modify/copy/transfer", + Name, requestID, itemID, taskID); + return true; + } + + if (tii.AssetID != requestID) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but this does not match item's asset {4}", + Name, requestID, itemID, taskID, tii.AssetID); + return true; + } + } } else // Agent { @@ -7114,7 +7171,12 @@ namespace OpenSim.Region.ClientStack.LindenUDP } if (assetRequestItem.AssetID != requestID) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} but this does not match item's asset {3}", + Name, requestID, itemID, assetRequestItem.AssetID); return true; + } } } } @@ -11310,8 +11372,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP // } } - //check to see if asset is in local cache, if not we need to request it from asset server. - //m_log.Debug("asset request " + requestID); +// m_log.DebugFormat("[CLIENT]: {0} requesting asset {1}", Name, requestID); m_assetService.Get(requestID.ToString(), transferRequest, AssetReceived); diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index db900dff5b..a972ca6936 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -1063,7 +1063,9 @@ namespace OpenSim.Region.CoreModules.World.Permissions if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) return false; - } else { + } + else + { if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) return false; } @@ -1079,7 +1081,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions return false; if (!IsGroupMember(ti.GroupID, user, 0)) - return false; + return false; } // Require full perms @@ -1483,14 +1485,16 @@ namespace OpenSim.Region.CoreModules.World.Permissions if (part.OwnerID != user) { if (part.GroupID == UUID.Zero) - return false; + return false; if (!IsGroupMember(part.GroupID, user, 0)) return false; if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) return false; - } else { + } + else + { if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) return false; } @@ -1806,7 +1810,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions // Is it correct to be less restrictive for lists of objects to be returned? } - private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) { + private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) + { //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); switch (scriptType) { case 0: @@ -1840,4 +1845,4 @@ namespace OpenSim.Region.CoreModules.World.Permissions return(false); } } -} +} \ No newline at end of file