From d6e1333810b41407378a534a720128b498e0aada Mon Sep 17 00:00:00 2001 From: "Justin Clark-Casey (justincc)" Date: Mon, 19 Apr 2010 21:02:36 +0100 Subject: [PATCH] If a transfer request is received for a task inventory item asset, then route the permissions request through the existing CanEditScript() and CanEditNotecard() methods. This implements the 'share with group' flag for notecards and scripts in prim inventory since the PermissionsModule checks group membership and permissions. Other than that, the code in PermissionsModule duplicates the checks in LLClientView so there should be no change other than allowing group members to edit embedded notecards and scripts. For all other asset types, the permission checking code in LLClientView continues to be used, pending refactoring of suitable permissions code This means that 'share with group' will not yet work for prim inventory items other than notecards and scripts --- .../ClientStack/LindenUDP/LLClientView.cs | 99 +++++++++++++++---- .../World/Permissions/PermissionsModule.cs | 17 ++-- 2 files changed, 91 insertions(+), 25 deletions(-) diff --git a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs index bd0c1461cc..c9ef173db0 100644 --- a/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs +++ b/OpenSim/Region/ClientStack/LindenUDP/LLClientView.cs @@ -7053,32 +7053,89 @@ namespace OpenSim.Region.ClientStack.LindenUDP taskID = new UUID(transfer.TransferInfo.Params, 48); UUID itemID = new UUID(transfer.TransferInfo.Params, 64); UUID requestID = new UUID(transfer.TransferInfo.Params, 80); + +// m_log.DebugFormat( +// "[CLIENT]: Got request for asset {0} from item {1} in prim {2} by {3}", +// requestID, itemID, taskID, Name); + if (!(((Scene)m_scene).Permissions.BypassPermissions())) { if (taskID != UUID.Zero) // Prim { SceneObjectPart part = ((Scene)m_scene).GetSceneObjectPart(taskID); if (part == null) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but prim does not exist", + Name, requestID, itemID, taskID); return true; + } - if (part.OwnerID != AgentId) - return true; - - if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) - return true; - - TaskInventoryItem ti = part.Inventory.GetInventoryItem(itemID); - if (ti == null) - return true; - - if (ti.OwnerID != AgentId) - return true; - - if ((ti.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) - return true; - - if (ti.AssetID != requestID) + TaskInventoryItem tii = part.Inventory.GetInventoryItem(itemID); + if (tii == null) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but item does not exist", + Name, requestID, itemID, taskID); return true; + } + + if (tii.Type == (int)AssetType.LSLText) + { + if (!((Scene)m_scene).Permissions.CanEditScript(itemID, taskID, AgentId)) + return true; + } + else if (tii.Type == (int)AssetType.Notecard) + { + if (!((Scene)m_scene).Permissions.CanEditNotecard(itemID, taskID, AgentId)) + return true; + } + else + { + // TODO: Change this code to allow items other than notecards and scripts to be successfully + // shared with group. In fact, all this permissions checking should move to an IPermissionsModule + if (part.OwnerID != AgentId) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but the prim is owned by {4}", + Name, requestID, itemID, taskID, part.OwnerID); + return true; + } + + if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but modify permissions are not set", + Name, requestID, itemID, taskID); + return true; + } + + if (tii.OwnerID != AgentId) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but the item is owned by {4}", + Name, requestID, itemID, taskID, tii.OwnerID); + return true; + } + + if (( + tii.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) + != ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but item permissions are not modify/copy/transfer", + Name, requestID, itemID, taskID); + return true; + } + + if (tii.AssetID != requestID) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but this does not match item's asset {4}", + Name, requestID, itemID, taskID, tii.AssetID); + return true; + } + } } else // Agent { @@ -7114,7 +7171,12 @@ namespace OpenSim.Region.ClientStack.LindenUDP } if (assetRequestItem.AssetID != requestID) + { + m_log.WarnFormat( + "[CLIENT]: {0} requested asset {1} from item {2} but this does not match item's asset {3}", + Name, requestID, itemID, assetRequestItem.AssetID); return true; + } } } } @@ -11310,8 +11372,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP // } } - //check to see if asset is in local cache, if not we need to request it from asset server. - //m_log.Debug("asset request " + requestID); +// m_log.DebugFormat("[CLIENT]: {0} requesting asset {1}", Name, requestID); m_assetService.Get(requestID.ToString(), transferRequest, AssetReceived); diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index db900dff5b..a972ca6936 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -1063,7 +1063,9 @@ namespace OpenSim.Region.CoreModules.World.Permissions if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) return false; - } else { + } + else + { if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) return false; } @@ -1079,7 +1081,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions return false; if (!IsGroupMember(ti.GroupID, user, 0)) - return false; + return false; } // Require full perms @@ -1483,14 +1485,16 @@ namespace OpenSim.Region.CoreModules.World.Permissions if (part.OwnerID != user) { if (part.GroupID == UUID.Zero) - return false; + return false; if (!IsGroupMember(part.GroupID, user, 0)) return false; if ((part.GroupMask & (uint)PermissionMask.Modify) == 0) return false; - } else { + } + else + { if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) return false; } @@ -1806,7 +1810,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions // Is it correct to be less restrictive for lists of objects to be returned? } - private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) { + private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) + { //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); switch (scriptType) { case 0: @@ -1840,4 +1845,4 @@ namespace OpenSim.Region.CoreModules.World.Permissions return(false); } } -} +} \ No newline at end of file