Improvement over last commit: refactor the asset permissions code, so that it can be used by both the HG Asset Service and the simulator. Also renamed the config vars to something more intuitive
parent
33aa6d172f
commit
e379566e6e
|
@ -0,0 +1,81 @@
|
||||||
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
|
using System.Reflection;
|
||||||
|
|
||||||
|
using Nini.Config;
|
||||||
|
using log4net;
|
||||||
|
|
||||||
|
using OpenMetaverse;
|
||||||
|
|
||||||
|
namespace OpenSim.Framework
|
||||||
|
{
|
||||||
|
public class AssetPermissions
|
||||||
|
{
|
||||||
|
private static readonly ILog m_log =
|
||||||
|
LogManager.GetLogger(
|
||||||
|
MethodBase.GetCurrentMethod().DeclaringType);
|
||||||
|
|
||||||
|
private bool[] m_DisallowExport, m_DisallowImport;
|
||||||
|
private string[] m_AssetTypeNames;
|
||||||
|
|
||||||
|
public AssetPermissions(IConfig config)
|
||||||
|
{
|
||||||
|
Type enumType = typeof(AssetType);
|
||||||
|
m_AssetTypeNames = Enum.GetNames(enumType);
|
||||||
|
for (int i = 0; i < m_AssetTypeNames.Length; i++)
|
||||||
|
m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower();
|
||||||
|
int n = Enum.GetValues(enumType).Length;
|
||||||
|
m_DisallowExport = new bool[n];
|
||||||
|
m_DisallowImport = new bool[n];
|
||||||
|
|
||||||
|
LoadPermsFromConfig(config, "DisallowExport", m_DisallowExport);
|
||||||
|
LoadPermsFromConfig(config, "DisallowImport", m_DisallowImport);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray)
|
||||||
|
{
|
||||||
|
string perms = assetConfig.GetString(variable, String.Empty);
|
||||||
|
string[] parts = perms.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
|
||||||
|
foreach (string s in parts)
|
||||||
|
{
|
||||||
|
int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower());
|
||||||
|
if (index >= 0)
|
||||||
|
bitArray[index] = true;
|
||||||
|
else
|
||||||
|
m_log.WarnFormat("[Asset Permissions]: Invalid AssetType {0}", s);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public bool AllowedExport(sbyte type)
|
||||||
|
{
|
||||||
|
string assetTypeName = ((AssetType)type).ToString();
|
||||||
|
|
||||||
|
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
|
||||||
|
if (index >= 0 && m_DisallowExport[index])
|
||||||
|
{
|
||||||
|
m_log.DebugFormat("[Asset Permissions]: Export denied: configuration does not allow export of AssetType {0}", assetTypeName);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
public bool AllowedImport(sbyte type)
|
||||||
|
{
|
||||||
|
string assetTypeName = ((AssetType)type).ToString();
|
||||||
|
|
||||||
|
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
|
||||||
|
if (index >= 0 && m_DisallowImport[index])
|
||||||
|
{
|
||||||
|
m_log.DebugFormat("[Asset Permissions]: Import denied: configuration does not allow import of AssetType {0}", assetTypeName);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -58,8 +58,7 @@ namespace OpenSim.Services.HypergridService
|
||||||
|
|
||||||
private UserAccountCache m_Cache;
|
private UserAccountCache m_Cache;
|
||||||
|
|
||||||
private bool[] m_DisallowGET, m_DisallowPOST;
|
private AssetPermissions m_AssetPerms;
|
||||||
private string[] m_AssetTypeNames;
|
|
||||||
|
|
||||||
public HGAssetService(IConfigSource config, string configName) : base(config, configName)
|
public HGAssetService(IConfigSource config, string configName) : base(config, configName)
|
||||||
{
|
{
|
||||||
|
@ -85,31 +84,7 @@ namespace OpenSim.Services.HypergridService
|
||||||
m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService);
|
m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService);
|
||||||
|
|
||||||
// Permissions
|
// Permissions
|
||||||
Type enumType = typeof(AssetType);
|
m_AssetPerms = new AssetPermissions(assetConfig);
|
||||||
m_AssetTypeNames = Enum.GetNames(enumType);
|
|
||||||
for (int i = 0; i < m_AssetTypeNames.Length; i++)
|
|
||||||
m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower();
|
|
||||||
int n = Enum.GetValues(enumType).Length;
|
|
||||||
m_DisallowGET = new bool[n];
|
|
||||||
m_DisallowPOST = new bool[n];
|
|
||||||
|
|
||||||
LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET);
|
|
||||||
LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray)
|
|
||||||
{
|
|
||||||
string perms = assetConfig.GetString(variable, String.Empty);
|
|
||||||
string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries);
|
|
||||||
foreach (string s in parts)
|
|
||||||
{
|
|
||||||
int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower());
|
|
||||||
if (index >= 0)
|
|
||||||
bitArray[index] = true;
|
|
||||||
else
|
|
||||||
m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -121,7 +96,7 @@ namespace OpenSim.Services.HypergridService
|
||||||
if (asset == null)
|
if (asset == null)
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
if (!AllowedGet(asset.Type))
|
if (!m_AssetPerms.AllowedExport(asset.Type))
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
if (asset.Metadata.Type == (sbyte)AssetType.Object)
|
if (asset.Metadata.Type == (sbyte)AssetType.Object)
|
||||||
|
@ -151,7 +126,7 @@ namespace OpenSim.Services.HypergridService
|
||||||
if (asset == null)
|
if (asset == null)
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
if (!AllowedGet(asset.Type))
|
if (!m_AssetPerms.AllowedExport(asset.Type))
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
return asset.Data;
|
return asset.Data;
|
||||||
|
@ -161,7 +136,7 @@ namespace OpenSim.Services.HypergridService
|
||||||
|
|
||||||
public override string Store(AssetBase asset)
|
public override string Store(AssetBase asset)
|
||||||
{
|
{
|
||||||
if (!AllowedPost(asset.Type))
|
if (!m_AssetPerms.AllowedImport(asset.Type))
|
||||||
return UUID.Zero.ToString();
|
return UUID.Zero.ToString();
|
||||||
|
|
||||||
return base.Store(asset);
|
return base.Store(asset);
|
||||||
|
@ -175,34 +150,6 @@ namespace OpenSim.Services.HypergridService
|
||||||
|
|
||||||
#endregion
|
#endregion
|
||||||
|
|
||||||
protected bool AllowedGet(sbyte type)
|
|
||||||
{
|
|
||||||
string assetTypeName = ((AssetType)type).ToString();
|
|
||||||
|
|
||||||
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
|
|
||||||
if (index >= 0 && m_DisallowGET[index])
|
|
||||||
{
|
|
||||||
m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected bool AllowedPost(sbyte type)
|
|
||||||
{
|
|
||||||
string assetTypeName = ((AssetType)type).ToString();
|
|
||||||
|
|
||||||
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
|
|
||||||
if (index >= 0 && m_DisallowPOST[index])
|
|
||||||
{
|
|
||||||
m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected void AdjustIdentifiers(AssetMetadata meta)
|
protected void AdjustIdentifiers(AssetMetadata meta)
|
||||||
{
|
{
|
||||||
if (meta == null || m_Cache == null)
|
if (meta == null || m_Cache == null)
|
||||||
|
|
|
@ -437,15 +437,17 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
|
||||||
UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService"
|
UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService"
|
||||||
HomeURI = "http://127.0.0.1:8002"
|
HomeURI = "http://127.0.0.1:8002"
|
||||||
|
|
||||||
;; The asset types that other grids can get from / post to this service.
|
;; The asset types that this service can export to / import from other grids.
|
||||||
|
;; Comma separated.
|
||||||
;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
|
;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
|
||||||
;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
|
;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText,
|
||||||
|
;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
|
||||||
;;
|
;;
|
||||||
;; Leave blank or commented if you don't want to apply any restrictions.
|
;; Leave blank or commented if you don't want to apply any restrictions.
|
||||||
;; A more strict, but still reasonable, policy may be to disallow the exchange
|
;; A more strict, but still reasonable, policy may be to disallow the exchange
|
||||||
;; of scripts, like so:
|
;; of scripts, like so:
|
||||||
; DisallowGET ="LSLText"
|
; DisallowExport ="LSLText"
|
||||||
; DisallowPOST ="LSLBytecode"
|
; DisallowImport ="LSLBytecode"
|
||||||
|
|
||||||
[HGFriendsService]
|
[HGFriendsService]
|
||||||
LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService"
|
LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService"
|
||||||
|
|
|
@ -53,15 +53,17 @@
|
||||||
[HGAssetService]
|
[HGAssetService]
|
||||||
HomeURI = "http://127.0.0.1:9000"
|
HomeURI = "http://127.0.0.1:9000"
|
||||||
|
|
||||||
;; The asset types that other grids can get from / post to this service.
|
;; The asset types that this service can export to / import from other grids.
|
||||||
|
;; Comma separated.
|
||||||
;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
|
;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
|
||||||
;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
|
;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText,
|
||||||
|
;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
|
||||||
;;
|
;;
|
||||||
;; Leave blank or commented if you don't want to apply any restrictions.
|
;; Leave blank or commented if you don't want to apply any restrictions.
|
||||||
;; A more strict, but still reasonable, policy may be to disallow the exchange
|
;; A more strict, but still reasonable, policy may be to disallow the exchange
|
||||||
;; of scripts, like so:
|
;; of scripts, like so:
|
||||||
; DisallowGET ="LSLText"
|
; DisallowExport ="LSLText"
|
||||||
; DisallowPOST ="LSLBytecode"
|
; DisallowImport ="LSLBytecode"
|
||||||
|
|
||||||
|
|
||||||
[HGInventoryAccessModule]
|
[HGInventoryAccessModule]
|
||||||
|
|
Loading…
Reference in New Issue