If a transfer request is received for a task inventory item asset, then route the permissions request through the existing CanEditScript() and CanEditNotecard() methods.

This implements the 'share with group' flag for notecards and scripts in prim inventory since the PermissionsModule checks group membership and permissions.
Other than that, the code in PermissionsModule duplicates the checks in LLClientView so there should be no change other than allowing group members to edit embedded notecards and scripts.
For all other asset types, the permission checking code in LLClientView continues to be used, pending refactoring of suitable permissions code
This means that 'share with group' will not yet work for prim inventory items other than notecards and scripts
0.6.9-post-fixes
Justin Clark-Casey (justincc) 2010-04-19 21:02:36 +01:00
parent 66a833796c
commit d6e1333810
2 changed files with 91 additions and 25 deletions

View File

@ -7053,32 +7053,89 @@ namespace OpenSim.Region.ClientStack.LindenUDP
taskID = new UUID(transfer.TransferInfo.Params, 48);
UUID itemID = new UUID(transfer.TransferInfo.Params, 64);
UUID requestID = new UUID(transfer.TransferInfo.Params, 80);
// m_log.DebugFormat(
// "[CLIENT]: Got request for asset {0} from item {1} in prim {2} by {3}",
// requestID, itemID, taskID, Name);
if (!(((Scene)m_scene).Permissions.BypassPermissions()))
{
if (taskID != UUID.Zero) // Prim
{
SceneObjectPart part = ((Scene)m_scene).GetSceneObjectPart(taskID);
if (part == null)
{
m_log.WarnFormat(
"[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but prim does not exist",
Name, requestID, itemID, taskID);
return true;
}
if (part.OwnerID != AgentId)
TaskInventoryItem tii = part.Inventory.GetInventoryItem(itemID);
if (tii == null)
{
m_log.WarnFormat(
"[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but item does not exist",
Name, requestID, itemID, taskID);
return true;
}
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
return true;
if (tii.Type == (int)AssetType.LSLText)
{
if (!((Scene)m_scene).Permissions.CanEditScript(itemID, taskID, AgentId))
return true;
}
else if (tii.Type == (int)AssetType.Notecard)
{
if (!((Scene)m_scene).Permissions.CanEditNotecard(itemID, taskID, AgentId))
return true;
}
else
{
// TODO: Change this code to allow items other than notecards and scripts to be successfully
// shared with group. In fact, all this permissions checking should move to an IPermissionsModule
if (part.OwnerID != AgentId)
{
m_log.WarnFormat(
"[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but the prim is owned by {4}",
Name, requestID, itemID, taskID, part.OwnerID);
return true;
}
TaskInventoryItem ti = part.Inventory.GetInventoryItem(itemID);
if (ti == null)
return true;
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
{
m_log.WarnFormat(
"[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but modify permissions are not set",
Name, requestID, itemID, taskID);
return true;
}
if (ti.OwnerID != AgentId)
return true;
if (tii.OwnerID != AgentId)
{
m_log.WarnFormat(
"[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but the item is owned by {4}",
Name, requestID, itemID, taskID, tii.OwnerID);
return true;
}
if ((ti.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer)) != ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer))
return true;
if ((
tii.CurrentPermissions & ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer))
!= ((uint)PermissionMask.Modify | (uint)PermissionMask.Copy | (uint)PermissionMask.Transfer))
{
m_log.WarnFormat(
"[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but item permissions are not modify/copy/transfer",
Name, requestID, itemID, taskID);
return true;
}
if (ti.AssetID != requestID)
return true;
if (tii.AssetID != requestID)
{
m_log.WarnFormat(
"[CLIENT]: {0} requested asset {1} from item {2} in prim {3} but this does not match item's asset {4}",
Name, requestID, itemID, taskID, tii.AssetID);
return true;
}
}
}
else // Agent
{
@ -7114,7 +7171,12 @@ namespace OpenSim.Region.ClientStack.LindenUDP
}
if (assetRequestItem.AssetID != requestID)
{
m_log.WarnFormat(
"[CLIENT]: {0} requested asset {1} from item {2} but this does not match item's asset {3}",
Name, requestID, itemID, assetRequestItem.AssetID);
return true;
}
}
}
}
@ -11310,8 +11372,7 @@ namespace OpenSim.Region.ClientStack.LindenUDP
// }
}
//check to see if asset is in local cache, if not we need to request it from asset server.
//m_log.Debug("asset request " + requestID);
// m_log.DebugFormat("[CLIENT]: {0} requesting asset {1}", Name, requestID);
m_assetService.Get(requestID.ToString(), transferRequest, AssetReceived);

View File

@ -1063,7 +1063,9 @@ namespace OpenSim.Region.CoreModules.World.Permissions
if ((part.GroupMask & (uint)PermissionMask.Modify) == 0)
return false;
} else {
}
else
{
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
return false;
}
@ -1079,7 +1081,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions
return false;
if (!IsGroupMember(ti.GroupID, user, 0))
return false;
return false;
}
// Require full perms
@ -1483,14 +1485,16 @@ namespace OpenSim.Region.CoreModules.World.Permissions
if (part.OwnerID != user)
{
if (part.GroupID == UUID.Zero)
return false;
return false;
if (!IsGroupMember(part.GroupID, user, 0))
return false;
if ((part.GroupMask & (uint)PermissionMask.Modify) == 0)
return false;
} else {
}
else
{
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
return false;
}
@ -1806,7 +1810,8 @@ namespace OpenSim.Region.CoreModules.World.Permissions
// Is it correct to be less restrictive for lists of objects to be returned?
}
private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) {
private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene)
{
//m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType);
switch (scriptType) {
case 0: