Improvement over last commit: refactor the asset permissions code, so that it can be used by both the HG Asset Service and the simulator. Also renamed the config vars to something more intuitive

connector_plugin
Diva Canto 2012-09-20 19:50:57 -07:00
parent 33aa6d172f
commit e379566e6e
4 changed files with 98 additions and 66 deletions

View File

@ -0,0 +1,81 @@
using System;
using System.Collections.Generic;
using System.Reflection;
using Nini.Config;
using log4net;
using OpenMetaverse;
namespace OpenSim.Framework
{
public class AssetPermissions
{
private static readonly ILog m_log =
LogManager.GetLogger(
MethodBase.GetCurrentMethod().DeclaringType);
private bool[] m_DisallowExport, m_DisallowImport;
private string[] m_AssetTypeNames;
public AssetPermissions(IConfig config)
{
Type enumType = typeof(AssetType);
m_AssetTypeNames = Enum.GetNames(enumType);
for (int i = 0; i < m_AssetTypeNames.Length; i++)
m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower();
int n = Enum.GetValues(enumType).Length;
m_DisallowExport = new bool[n];
m_DisallowImport = new bool[n];
LoadPermsFromConfig(config, "DisallowExport", m_DisallowExport);
LoadPermsFromConfig(config, "DisallowImport", m_DisallowImport);
}
private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray)
{
string perms = assetConfig.GetString(variable, String.Empty);
string[] parts = perms.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
foreach (string s in parts)
{
int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower());
if (index >= 0)
bitArray[index] = true;
else
m_log.WarnFormat("[Asset Permissions]: Invalid AssetType {0}", s);
}
}
public bool AllowedExport(sbyte type)
{
string assetTypeName = ((AssetType)type).ToString();
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
if (index >= 0 && m_DisallowExport[index])
{
m_log.DebugFormat("[Asset Permissions]: Export denied: configuration does not allow export of AssetType {0}", assetTypeName);
return false;
}
return true;
}
public bool AllowedImport(sbyte type)
{
string assetTypeName = ((AssetType)type).ToString();
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
if (index >= 0 && m_DisallowImport[index])
{
m_log.DebugFormat("[Asset Permissions]: Import denied: configuration does not allow import of AssetType {0}", assetTypeName);
return false;
}
return true;
}
}
}

View File

@ -58,8 +58,7 @@ namespace OpenSim.Services.HypergridService
private UserAccountCache m_Cache; private UserAccountCache m_Cache;
private bool[] m_DisallowGET, m_DisallowPOST; private AssetPermissions m_AssetPerms;
private string[] m_AssetTypeNames;
public HGAssetService(IConfigSource config, string configName) : base(config, configName) public HGAssetService(IConfigSource config, string configName) : base(config, configName)
{ {
@ -85,31 +84,7 @@ namespace OpenSim.Services.HypergridService
m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService); m_Cache = UserAccountCache.CreateUserAccountCache(m_UserAccountService);
// Permissions // Permissions
Type enumType = typeof(AssetType); m_AssetPerms = new AssetPermissions(assetConfig);
m_AssetTypeNames = Enum.GetNames(enumType);
for (int i = 0; i < m_AssetTypeNames.Length; i++)
m_AssetTypeNames[i] = m_AssetTypeNames[i].ToLower();
int n = Enum.GetValues(enumType).Length;
m_DisallowGET = new bool[n];
m_DisallowPOST = new bool[n];
LoadPermsFromConfig(assetConfig, "DisallowGET", m_DisallowGET);
LoadPermsFromConfig(assetConfig, "DisallowPOST", m_DisallowPOST);
}
private void LoadPermsFromConfig(IConfig assetConfig, string variable, bool[] bitArray)
{
string perms = assetConfig.GetString(variable, String.Empty);
string[] parts = perms.Split(new char[] {','}, StringSplitOptions.RemoveEmptyEntries);
foreach (string s in parts)
{
int index = Array.IndexOf(m_AssetTypeNames, s.Trim().ToLower());
if (index >= 0)
bitArray[index] = true;
else
m_log.WarnFormat("[HGAsset Service]: Invalid AssetType {0}", s);
}
} }
@ -121,7 +96,7 @@ namespace OpenSim.Services.HypergridService
if (asset == null) if (asset == null)
return null; return null;
if (!AllowedGet(asset.Type)) if (!m_AssetPerms.AllowedExport(asset.Type))
return null; return null;
if (asset.Metadata.Type == (sbyte)AssetType.Object) if (asset.Metadata.Type == (sbyte)AssetType.Object)
@ -151,7 +126,7 @@ namespace OpenSim.Services.HypergridService
if (asset == null) if (asset == null)
return null; return null;
if (!AllowedGet(asset.Type)) if (!m_AssetPerms.AllowedExport(asset.Type))
return null; return null;
return asset.Data; return asset.Data;
@ -161,7 +136,7 @@ namespace OpenSim.Services.HypergridService
public override string Store(AssetBase asset) public override string Store(AssetBase asset)
{ {
if (!AllowedPost(asset.Type)) if (!m_AssetPerms.AllowedImport(asset.Type))
return UUID.Zero.ToString(); return UUID.Zero.ToString();
return base.Store(asset); return base.Store(asset);
@ -175,34 +150,6 @@ namespace OpenSim.Services.HypergridService
#endregion #endregion
protected bool AllowedGet(sbyte type)
{
string assetTypeName = ((AssetType)type).ToString();
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
if (index >= 0 && m_DisallowGET[index])
{
m_log.DebugFormat("[HGAsset Service]: GET denied: service does not allow export of AssetType {0}", assetTypeName);
return false;
}
return true;
}
protected bool AllowedPost(sbyte type)
{
string assetTypeName = ((AssetType)type).ToString();
int index = Array.IndexOf(m_AssetTypeNames, assetTypeName.ToLower());
if (index >= 0 && m_DisallowPOST[index])
{
m_log.DebugFormat("[HGAsset Service]: POST denied: service does not allow import of AssetType {0}", assetTypeName);
return false;
}
return true;
}
protected void AdjustIdentifiers(AssetMetadata meta) protected void AdjustIdentifiers(AssetMetadata meta)
{ {
if (meta == null || m_Cache == null) if (meta == null || m_Cache == null)

View File

@ -437,15 +437,17 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService" UserAccountsService = "OpenSim.Services.UserAccountService.dll:UserAccountService"
HomeURI = "http://127.0.0.1:8002" HomeURI = "http://127.0.0.1:8002"
;; The asset types that other grids can get from / post to this service. ;; The asset types that this service can export to / import from other grids.
;; Comma separated.
;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText,
;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
;; ;;
;; Leave blank or commented if you don't want to apply any restrictions. ;; Leave blank or commented if you don't want to apply any restrictions.
;; A more strict, but still reasonable, policy may be to disallow the exchange ;; A more strict, but still reasonable, policy may be to disallow the exchange
;; of scripts, like so: ;; of scripts, like so:
; DisallowGET ="LSLText" ; DisallowExport ="LSLText"
; DisallowPOST ="LSLBytecode" ; DisallowImport ="LSLBytecode"
[HGFriendsService] [HGFriendsService]
LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService" LocalServiceModule = "OpenSim.Services.HypergridService.dll:HGFriendsService"

View File

@ -53,15 +53,17 @@
[HGAssetService] [HGAssetService]
HomeURI = "http://127.0.0.1:9000" HomeURI = "http://127.0.0.1:9000"
;; The asset types that other grids can get from / post to this service. ;; The asset types that this service can export to / import from other grids.
;; Comma separated.
;; Valid values are all the asset types in OpenMetaverse.AssetType, namely: ;; Valid values are all the asset types in OpenMetaverse.AssetType, namely:
;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText, LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh ;; Unknown, Texture, Sound, CallingCard, Landmark, Clothing, Object, Notecard, LSLText,
;; LSLBytecode, TextureTGA, Bodypart, SoundWAV, ImageTGA, ImageJPEG, Animation, Gesture, Mesh
;; ;;
;; Leave blank or commented if you don't want to apply any restrictions. ;; Leave blank or commented if you don't want to apply any restrictions.
;; A more strict, but still reasonable, policy may be to disallow the exchange ;; A more strict, but still reasonable, policy may be to disallow the exchange
;; of scripts, like so: ;; of scripts, like so:
; DisallowGET ="LSLText" ; DisallowExport ="LSLText"
; DisallowPOST ="LSLBytecode" ; DisallowImport ="LSLBytecode"
[HGInventoryAccessModule] [HGInventoryAccessModule]