* Allow new script creation to be locked down to only gods if specified in OpenSim.ini
* This doesn't allow complete script lockdown of a sim, many avenues (copying, editing) are still uncloseable at the moment * Default remains to allow all users to create scripts (subject to existing permissions if enabled)0.6.1-post-fixes
parent
9960637545
commit
e3770cfee6
|
@ -43,9 +43,10 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
{
|
||||
public class PermissionsModule : IRegionModule, ICommandableModule
|
||||
{
|
||||
private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
|
||||
|
||||
protected Scene m_scene;
|
||||
private readonly Commander m_commander = new Commander("Permissions");
|
||||
private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
|
||||
|
||||
#region Constants
|
||||
// These are here for testing. They will be taken out
|
||||
|
@ -57,6 +58,15 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
//private uint PERM_TRANS = (uint)8192;
|
||||
private uint PERM_LOCKED = (uint)540672;
|
||||
|
||||
/// <value>
|
||||
/// Different user set names that come in from the configuration file.
|
||||
/// </value>
|
||||
enum UserSet
|
||||
{
|
||||
All,
|
||||
Administrators
|
||||
};
|
||||
|
||||
#endregion
|
||||
|
||||
#region Bypass Permissions / Debug Permissions Stuff
|
||||
|
@ -70,6 +80,11 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
private bool m_RegionOwnerIsGod = false;
|
||||
private bool m_ParcelOwnerIsGod = false;
|
||||
|
||||
/// <value>
|
||||
/// The set of users that are allowed to create scripts.
|
||||
/// </value>
|
||||
private UserSet m_allowedScriptCreators = UserSet.All;
|
||||
|
||||
#endregion
|
||||
|
||||
#region ICommandableModule Members
|
||||
|
@ -79,7 +94,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
get { throw new System.NotImplementedException(); }
|
||||
}
|
||||
|
||||
|
||||
private void InterfaceDebugPermissions(Object[] args)
|
||||
{
|
||||
if ((bool)args[0] == true)
|
||||
|
@ -148,6 +162,27 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
|
||||
m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
|
||||
|
||||
string allowedScriptCreators = myConfig.GetString("allowed_script_creators", UserSet.All.ToString());
|
||||
|
||||
// Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term
|
||||
// this should disappear.
|
||||
if ("gods" == allowedScriptCreators.ToLower())
|
||||
allowedScriptCreators = UserSet.Administrators.ToString();
|
||||
|
||||
// Doing it this was so that we can do a case insensitive conversion
|
||||
try
|
||||
{
|
||||
m_allowedScriptCreators = (UserSet)Enum.Parse(typeof(UserSet), allowedScriptCreators, true);
|
||||
}
|
||||
catch
|
||||
{
|
||||
m_log.ErrorFormat(
|
||||
"[PERMISSIONS]: {0} is not a valid allowed_script_creators value, setting to {1}",
|
||||
allowedScriptCreators, m_allowedScriptCreators);
|
||||
}
|
||||
|
||||
m_log.DebugFormat("[PERMISSIONS]: m_allowedScriptCreators {0}", m_allowedScriptCreators);
|
||||
|
||||
if (m_bypassPermissions)
|
||||
m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks");
|
||||
else
|
||||
|
@ -243,6 +278,11 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Is the given user an administrator (in other words, a god)?
|
||||
/// </summary>
|
||||
/// <param name="user"></param>
|
||||
/// <returns></returns>
|
||||
protected bool IsAdministrator(UUID user)
|
||||
{
|
||||
if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero)
|
||||
|
@ -250,11 +290,13 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user))
|
||||
return true;
|
||||
}
|
||||
|
||||
if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero)
|
||||
{
|
||||
if (m_scene.RegionInfo.EstateSettings.EstateOwner == user)
|
||||
return true;
|
||||
}
|
||||
|
||||
if (m_allowGridGods)
|
||||
{
|
||||
CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
|
||||
|
@ -1232,11 +1274,15 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
/// <returns></returns>
|
||||
public bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID)
|
||||
{
|
||||
//m_log.Debug("[PERMISSIONS]: CanCreateObjectInventory called");
|
||||
m_log.Debug("[PERMISSIONS]: CanCreateObjectInventory called");
|
||||
|
||||
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
|
||||
if (m_bypassPermissions) return m_bypassPermissionsValue;
|
||||
|
||||
if ((int)InventoryType.LSL == invType)
|
||||
if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -1248,11 +1294,15 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
/// <returns></returns>
|
||||
public bool CanCreateUserInventory(int invType, UUID userID)
|
||||
{
|
||||
//m_log.Debug("[PERMISSIONS]: CanCreateAvatarInventory called");
|
||||
m_log.Debug("[PERMISSIONS]: CanCreateAvatarInventory called");
|
||||
|
||||
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
|
||||
if (m_bypassPermissions) return m_bypassPermissionsValue;
|
||||
|
||||
if ((int)InventoryType.LSL == invType)
|
||||
if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -1306,5 +1356,4 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
|
|||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -736,7 +736,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
|||
return m_ScriptEngine.World.GetSimulatorVersion();
|
||||
}
|
||||
|
||||
|
||||
//for testing purposes only
|
||||
public void osSetParcelMediaTime(double time)
|
||||
{
|
||||
|
@ -751,8 +750,6 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
|||
World.ParcelMediaSetTime((float)time);
|
||||
}
|
||||
|
||||
|
||||
|
||||
public Hashtable osParseJSON(string JSON)
|
||||
{
|
||||
CheckThreatLevel(ThreatLevel.None, "osParseJSON");
|
||||
|
|
|
@ -123,6 +123,15 @@
|
|||
;region_owner_is_god = true
|
||||
;parcel_owner_is_god = true
|
||||
|
||||
; Control user types that are allowed to create new scripts
|
||||
; Only enforced if serviceside_object_permissions is true
|
||||
;
|
||||
; Current possible values are
|
||||
; all - anyone can create scripts (subject to normal permissions)
|
||||
; gods - only administrators can create scripts (as long as allow_grid_gods is true)
|
||||
; Default value is all
|
||||
; allowed_script_creators = all
|
||||
|
||||
; ##
|
||||
; ## SCRIPT ENGINE
|
||||
; ##
|
||||
|
|
Loading…
Reference in New Issue