OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* First part of a series of patches 

* Intension is to provide a way to lock down script creation to administrators/gods only
* Defaults will remain as they are at the moment
0.6.1-post-fixes
Justin Clarke Casey 2008-11-13 18:52:16 +00:00
parent 219015d699
commit ef601d805a
4 changed files with 39 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs
View File

@ -142,7 +142,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return;
m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false);
m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true);
m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
@ -236,7 +235,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
protected void DebugPermissionInformation(string permissionCalled)
{
if (m_debugPermissions)
m_log.Info("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
}
protected bool IsAdministrator(UUID user)
@ -408,6 +407,14 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return objectFlagsMask;
}
/// <summary>
/// General permissions checks for any operation involving an object. These supplement more specific checks
/// implemented by callers.
/// </summary>
/// <param name="currentUser"></param>
/// <param name="objId"></param>
/// <param name="denyOnLocked"></param>
/// <returns></returns>
protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
{
// Default: deny
@ -425,7 +432,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return false;
}
SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
UUID objectOwner = group.OwnerID;
@ -477,7 +483,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return permission;
}
#endregion
#region Generic Permissions
@ -655,8 +660,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
{
m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user);
return false;
}
}
if (userInfo.RootFolder == null)
return false;
@ -1214,8 +1218,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions
return true;
}
public bool CanCreateInventory(uint invType, UUID objectID, UUID userID)
/// <summary>
/// Check whether the specified user is allowed to directly create the given inventory type in a prim's
/// inventory (e.g. the New Script button in the 1.21 Linden Lab client). This permission check does not
/// apply to existing items that are being dragged in to that prim's inventory.
/// </summary>
/// <param name="invType"></param>
/// <param name="objectID"></param>
/// <param name="userID"></param>
/// <returns></returns>
public bool CanCreateInventory(int invType, UUID objectID, UUID userID)
{
m_log.Debug("[PERMISSIONS]: CanCreateInventory called");
DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
if (m_bypassPermissions) return m_bypassPermissionsValue;

24
OpenSim/Region/Environment/Scenes/Scene.Inventory.cs
View File

@ -799,11 +799,9 @@ namespace OpenSim.Region.Environment.Scenes
if (agentTransactions != null)
{
agentTransactions.HandleItemCreationFromTransaction(
remoteClient, transactionID, folderID, callbackID, description,
name, invType, assetType, wearableType, nextOwnerMask);
remoteClient, transactionID, folderID, callbackID, description,
name, invType, assetType, wearableType, nextOwnerMask);
}
}
}
@ -1002,7 +1000,6 @@ namespace OpenSim.Region.Environment.Scenes
/// <param name="itemID"></param>
public void MoveTaskInventoryItem(IClientAPI remoteClient, UUID folderId, SceneObjectPart part, UUID itemId)
{
InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId);
if (agentItem == null)
@ -1316,17 +1313,17 @@ namespace OpenSim.Region.Environment.Scenes
}
/// <summary>
/// Rez a script into a prim's inventory
/// Rez a script into a prim's inventory, either ex nihilo or from an existing avatar inventory
/// </summary>
/// <param name="remoteClient"></param>
/// <param name="itemID"> </param>
/// <param name="localID"></param>
public void RezScript(IClientAPI remoteClient, InventoryItemBase itemBase, UUID transactionID, uint localID)
{
UUID itemID=itemBase.ID;
UUID itemID = itemBase.ID;
UUID copyID = UUID.Random();
if (itemID != UUID.Zero)
if (itemID != UUID.Zero) // transferred from an avatar inventory to the prim's pinventory
{
CachedUserInfo userInfo = CommsManager.UserProfileCacheService.GetUserDetails(remoteClient.AgentId);
@ -1378,9 +1375,9 @@ namespace OpenSim.Region.Environment.Scenes
}
}
}
else // If the itemID is zero then the script has been rezzed directly in an object's inventory
{
SceneObjectPart part=GetSceneObjectPart(itemBase.Folder);
else // script has been rezzed directly into a prim's inventory
{
SceneObjectPart part = GetSceneObjectPart(itemBase.Folder);
if (part == null)
return;
@ -1389,11 +1386,14 @@ namespace OpenSim.Region.Environment.Scenes
if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
return;
if (!ExternalChecks.ExternalChecksCanCreateInventory(itemBase.InvType, part.UUID, remoteClient.AgentId))
return;
AssetBase asset = CreateAsset(itemBase.Name, itemBase.Description, (sbyte)itemBase.AssetType, Encoding.ASCII.GetBytes("default\n{\n state_entry()\n {\n llSay(0, \"Script running\");\n }\n}"));
AssetCache.AddAsset(asset);
TaskInventoryItem taskItem=new TaskInventoryItem();
TaskInventoryItem taskItem = new TaskInventoryItem();
taskItem.ResetIDs(itemBase.Folder);
taskItem.ParentID = itemBase.Folder;

4
OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs
View File

@ -1070,7 +1070,7 @@ namespace OpenSim.Region.Environment.Scenes
#endregion
public delegate bool CanCreateInventory(uint invType, UUID objectID, UUID userID);
public delegate bool CanCreateInventory(int invType, UUID objectID, UUID userID);
private List<CanCreateInventory> CanCreateInventoryCheckFunctions = new List<CanCreateInventory>();
public void addCheckCanCreateInventory(CanCreateInventory delegateFunc)
@ -1085,7 +1085,7 @@ namespace OpenSim.Region.Environment.Scenes
CanCreateInventoryCheckFunctions.Remove(delegateFunc);
}
public bool ExternalChecksCanCreateInventory(uint invType, UUID objectID, UUID userID)
public bool ExternalChecksCanCreateInventory(int invType, UUID objectID, UUID userID)
{
foreach (CanCreateInventory check in CanCreateInventoryCheckFunctions)
{

3
bin/OpenSim.ini.example
View File

@ -111,6 +111,7 @@
;permissionmodules = "DefaultPermissionsModule"
serverside_object_permissions = false
allow_grid_gods = false
; This allows somne control over permissions
; please note that this still doesn't duplicate SL, and is not intended to
;region_owner_is_god = true
@ -212,6 +213,7 @@
; user_send_key and user_recv_key, too
messaging_server_url = "http://127.0.0.1:8006"
[ClientStack.LindenUDP]
; This is the multiplier applied to all client throttles for outgoing UDP network data
; If it is set to 1, then we obey the throttle settings as given to us by the client. If it is set to 3, for example, then we
@ -432,6 +434,7 @@
dump-line-size=32
flush-on-error=true
; Uncomment the following for IRC bridge
; experimental, so if it breaks... keep both parts... yada yada
; also, not good error detection when it fails