OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix some permissions checks in groups 

The code checked the permissions of a person being added to a role
rather than those of the person doing the adding. Also, limited
permission role removal wasn't implemented.
melanie
Melanie Thielker 2017-01-05 14:17:00 +00:00
parent 53fe204eed
commit f4a51116f6
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
OpenSim/Addons/Groups/Service/GroupsService.cs
View File

@ -496,7 +496,7 @@ namespace OpenSim.Groups
if (!unlimited && limited) if (!unlimited && limited)
{ {
// check whether person's has this role // check whether person's has this role
RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID); RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, RequestingAgentID);
if (rolemembership == null) if (rolemembership == null)
{ {
m_log.DebugFormat("[Groups]: ({0}) Attempt at assigning {1} to role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID); m_log.DebugFormat("[Groups]: ({0}) Attempt at assigning {1} to role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID);
@ -516,13 +516,26 @@ namespace OpenSim.Groups
return false; return false;
// check permissions // check permissions
bool limited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMemberLimited);
bool unlimited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMember) || IsOwner(RequestingAgentID, GroupID); bool unlimited = HasPower(RequestingAgentID, GroupID, GroupPowers.AssignMember) || IsOwner(RequestingAgentID, GroupID);
if (!unlimited) if (!limited && !unlimited)
{ {
m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of lack of permission", RequestingAgentID, AgentID, RoleID); m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of lack of permission", RequestingAgentID, AgentID, RoleID);
return false; return false;
} }
// AssignMemberLimited means that the person can assign another person to the same roles that she has in the group
if (!unlimited && limited)
{
// check whether person's has this role
RoleMembershipData rolemembership = m_Database.RetrieveRoleMember(GroupID, RoleID, RequestingAgentID);
if (rolemembership == null)
{
m_log.DebugFormat("[Groups]: ({0}) Attempt at removing {1} from role {2} denied because of limited permission", RequestingAgentID, AgentID, RoleID);
return false;
}
}
RoleMembershipData rolemember = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID); RoleMembershipData rolemember = m_Database.RetrieveRoleMember(GroupID, RoleID, AgentID);
if (rolemember == null) if (rolemember == null)
@ -812,7 +825,7 @@ namespace OpenSim.Groups
if (RoleID != UUID.Zero) if (RoleID != UUID.Zero)
_AddAgentToGroupRole(RequestingAgentID, AgentID, GroupID, RoleID); _AddAgentToGroupRole(RequestingAgentID, AgentID, GroupID, RoleID);
// Make thit this active group // Make this the active group
PrincipalData pdata = new PrincipalData(); PrincipalData pdata = new PrincipalData();
pdata.PrincipalID = AgentID; pdata.PrincipalID = AgentID;
pdata.ActiveGroupID = GroupID; pdata.ActiveGroupID = GroupID;