* SceneObjectPartInventory.cs isn't a particularly good name but it's probably not got a long life
* A proper inventory interface to follow
* Parallel changes for other inventory partial classes to follow at a later date
* This allows one to override normal OpenSim permissions and prevent non-gods from editing any scripts. This allows edit ability
to be rescinded after it has been given, and prevents the security hole where a single script with liberal perms would allow code changes.
* The default setting remains the existing one of never overruling normal edit permissions.
* These two settings may be enough to stop non-gods entering artbirary script code in a closed grid/standalone configuration.
* This doesn't allow complete script lockdown of a sim, many avenues (copying, editing) are still uncloseable at the moment
* Default remains to allow all users to create scripts (subject to existing permissions if enabled)
* Switch default for serverside_object_permissions from false to true - it seems more natural that we enforce permissions by default rather than not!
* Add some explanation in OpenSim.ini.example for serverside_object_permissions
This patch makes llAllowInventoryDrop work with the permissions module
enabled. Changes include:
- Enabled PropagatePermissions when permissions module serverside perms
is on
- change ownership of item when item is dropped into an object.
Ownership changes to the owner of the object the item is dropped into
- propagation of permissions if the permissions module enabled (eg
next-owner mask applied)
- CHANGED_ALLOWED_DROP is now passed to the change script event if an
item was allowed to be dropped into the object only because
llAllowInventoryDrop is enabled (instead of CHANGED_INVENTORY being
passed).
- Sets object flags correctly when llAllowInventoryDrop is called so
clients are notified immediately of the change in state. Am not
sure that calling aggregateScriptEvents is the right way to do it,
but it works and seems to be the only way without making further
changes to update LocalFlags
public bool ExternalChecksCanCreateAvatarInventory(int invType, UUID userID)
public bool ExternalChecksCanCopyAvatarInventory(UUID itemID, UUID userID)
public bool ExternalChecksCanCopyAvatarInventory(UUID itemID, UUID userID)
public bool ExternalChecksCanDeleteAvatarInventory(UUID itemID, UUID userID)
to ExternalChecks to handle avatar inventory checks (as opposed to object inv checks).
* opensim-dev e-mail to follow concerning this shortly
Implementation of llModifyLand() and There is a bug on
permission-check of land-terraforming: x an y-coordinates
are interchanged on function-call ExternalChecksCanTerraformLand.
Correct: x is west, and y is north. 2) Missing check of
"Other allow to terraform-flag" (Parcel.ParcelFlags.AllowTerraform)
* This is a HUGE OMG update and will definitely have unknown side effects.. so this is really only for the strong hearted at this point. Regular people should let the dust settle.
* This has been tested to work with most basic functions. However.. make sure you back up 'everything' before using this. It's that big!
* Essentially we're back at square 1 in the testing phase.. so lets identify things that broke.
hierarchical rights structure. MasterAvatar: Owner of the region server
(may be null), net gods (users with GodLevel 200), Estate owner
(from database). Look at Opensim.ini.example to enable net gods.
Estate owner will default to master avatar.
Makes the estate dialog fully functional. Implements all client facing functionality. Moves estate data from estate_settings.xml, which is used to provide defaults, to the region data store. Creates one estate for each region, and places the region in it. Converts all region bans to estate bans.
Changes the permissions module to make scripts permissive only when intended
Adds security checks to asset transfers to prevent hacked clients fron
requesting script sources.
Adds security checks to llClientView to verify all aspects of ownership
and permissions for inventory based script retrieval.
Melanie Thielker