diff --git a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs index 5d48cbd919..b6b7d4a651 100644 --- a/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/Environment/Modules/World/Permissions/PermissionsModule.cs @@ -142,7 +142,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions return; m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false); - m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true); m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true); m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true); @@ -236,7 +235,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions protected void DebugPermissionInformation(string permissionCalled) { if (m_debugPermissions) - m_log.Info("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); + m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName); } protected bool IsAdministrator(UUID user) @@ -408,6 +407,14 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions return objectFlagsMask; } + /// + /// General permissions checks for any operation involving an object. These supplement more specific checks + /// implemented by callers. + /// + /// + /// + /// + /// protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked) { // Default: deny @@ -425,7 +432,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions return false; } - SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId]; UUID objectOwner = group.OwnerID; @@ -477,7 +483,6 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions return permission; } - #endregion #region Generic Permissions @@ -655,8 +660,7 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions { m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user); return false; - } - + } if (userInfo.RootFolder == null) return false; @@ -1214,8 +1218,19 @@ namespace OpenSim.Region.Environment.Modules.World.Permissions return true; } - public bool CanCreateInventory(uint invType, UUID objectID, UUID userID) + /// + /// Check whether the specified user is allowed to directly create the given inventory type in a prim's + /// inventory (e.g. the New Script button in the 1.21 Linden Lab client). This permission check does not + /// apply to existing items that are being dragged in to that prim's inventory. + /// + /// + /// + /// + /// + public bool CanCreateInventory(int invType, UUID objectID, UUID userID) { + m_log.Debug("[PERMISSIONS]: CanCreateInventory called"); + DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); if (m_bypassPermissions) return m_bypassPermissionsValue; diff --git a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs index c6ad94c1de..0e28b0cb12 100644 --- a/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Environment/Scenes/Scene.Inventory.cs @@ -799,11 +799,9 @@ namespace OpenSim.Region.Environment.Scenes if (agentTransactions != null) { agentTransactions.HandleItemCreationFromTransaction( - remoteClient, transactionID, folderID, callbackID, description, - name, invType, assetType, wearableType, nextOwnerMask); + remoteClient, transactionID, folderID, callbackID, description, + name, invType, assetType, wearableType, nextOwnerMask); } - - } } @@ -1002,7 +1000,6 @@ namespace OpenSim.Region.Environment.Scenes /// public void MoveTaskInventoryItem(IClientAPI remoteClient, UUID folderId, SceneObjectPart part, UUID itemId) { - InventoryItemBase agentItem = CreateAgentInventoryItemFromTask(remoteClient.AgentId, part, itemId); if (agentItem == null) @@ -1316,17 +1313,17 @@ namespace OpenSim.Region.Environment.Scenes } /// - /// Rez a script into a prim's inventory + /// Rez a script into a prim's inventory, either ex nihilo or from an existing avatar inventory /// /// /// /// public void RezScript(IClientAPI remoteClient, InventoryItemBase itemBase, UUID transactionID, uint localID) { - UUID itemID=itemBase.ID; + UUID itemID = itemBase.ID; UUID copyID = UUID.Random(); - if (itemID != UUID.Zero) + if (itemID != UUID.Zero) // transferred from an avatar inventory to the prim's pinventory { CachedUserInfo userInfo = CommsManager.UserProfileCacheService.GetUserDetails(remoteClient.AgentId); @@ -1378,9 +1375,9 @@ namespace OpenSim.Region.Environment.Scenes } } } - else // If the itemID is zero then the script has been rezzed directly in an object's inventory - { - SceneObjectPart part=GetSceneObjectPart(itemBase.Folder); + else // script has been rezzed directly into a prim's inventory + { + SceneObjectPart part = GetSceneObjectPart(itemBase.Folder); if (part == null) return; @@ -1389,11 +1386,14 @@ namespace OpenSim.Region.Environment.Scenes if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0) return; + + if (!ExternalChecks.ExternalChecksCanCreateInventory(itemBase.InvType, part.UUID, remoteClient.AgentId)) + return; AssetBase asset = CreateAsset(itemBase.Name, itemBase.Description, (sbyte)itemBase.AssetType, Encoding.ASCII.GetBytes("default\n{\n state_entry()\n {\n llSay(0, \"Script running\");\n }\n}")); AssetCache.AddAsset(asset); - TaskInventoryItem taskItem=new TaskInventoryItem(); + TaskInventoryItem taskItem = new TaskInventoryItem(); taskItem.ResetIDs(itemBase.Folder); taskItem.ParentID = itemBase.Folder; diff --git a/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs b/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs index f8d041a1f0..c5bbcddf33 100644 --- a/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs +++ b/OpenSim/Region/Environment/Scenes/SceneExternalChecks.cs @@ -1070,7 +1070,7 @@ namespace OpenSim.Region.Environment.Scenes #endregion - public delegate bool CanCreateInventory(uint invType, UUID objectID, UUID userID); + public delegate bool CanCreateInventory(int invType, UUID objectID, UUID userID); private List CanCreateInventoryCheckFunctions = new List(); public void addCheckCanCreateInventory(CanCreateInventory delegateFunc) @@ -1085,7 +1085,7 @@ namespace OpenSim.Region.Environment.Scenes CanCreateInventoryCheckFunctions.Remove(delegateFunc); } - public bool ExternalChecksCanCreateInventory(uint invType, UUID objectID, UUID userID) + public bool ExternalChecksCanCreateInventory(int invType, UUID objectID, UUID userID) { foreach (CanCreateInventory check in CanCreateInventoryCheckFunctions) { diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 7c5c995212..a529a489a4 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example @@ -111,6 +111,7 @@ ;permissionmodules = "DefaultPermissionsModule" serverside_object_permissions = false allow_grid_gods = false + ; This allows somne control over permissions ; please note that this still doesn't duplicate SL, and is not intended to ;region_owner_is_god = true @@ -212,6 +213,7 @@ ; user_send_key and user_recv_key, too messaging_server_url = "http://127.0.0.1:8006" + [ClientStack.LindenUDP] ; This is the multiplier applied to all client throttles for outgoing UDP network data ; If it is set to 1, then we obey the throttle settings as given to us by the client. If it is set to 3, for example, then we @@ -432,6 +434,7 @@ dump-line-size=32 flush-on-error=true + ; Uncomment the following for IRC bridge ; experimental, so if it breaks... keep both parts... yada yada ; also, not good error detection when it fails