PermissionsModule.cs 57 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSim Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using OpenMetaverse;
  28. using Nini.Config;
  29. using System;
  30. using System.Collections;
  31. using System.Collections.Generic;
  32. using System.Reflection;
  33. using log4net;
  34. using OpenSim.Framework;
  35. using OpenSim.Region.Environment.Interfaces;
  36. using OpenSim.Region.Environment.Modules.Framework;
  37. using OpenSim.Region.Environment.Modules.Framework.InterfaceCommander;
  38. using OpenSim.Region.Environment.Scenes;
  39. using OpenSim.Framework.Communications.Cache;
  40. namespace OpenSim.Region.Environment.Modules.World.Permissions
  41. {
  42. public class PermissionsModule : IRegionModule, ICommandableModule
  43. {
  44. private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  45. protected Scene m_scene;
  46. private readonly Commander m_commander = new Commander("Permissions");
  47. #region Constants
  48. // These are here for testing. They will be taken out
  49. //private uint PERM_ALL = (uint)2147483647;
  50. private uint PERM_COPY = (uint)32768;
  51. //private uint PERM_MODIFY = (uint)16384;
  52. private uint PERM_MOVE = (uint)524288;
  53. //private uint PERM_TRANS = (uint)8192;
  54. private uint PERM_LOCKED = (uint)540672;
  55. /// <value>
  56. /// Different user set names that come in from the configuration file.
  57. /// </value>
  58. enum UserSet
  59. {
  60. All,
  61. Administrators
  62. };
  63. #endregion
  64. #region Bypass Permissions / Debug Permissions Stuff
  65. // Bypasses the permissions engine
  66. private bool m_bypassPermissions = true;
  67. private bool m_bypassPermissionsValue = true;
  68. private bool m_propagatePermissions = false;
  69. private bool m_debugPermissions = false;
  70. private bool m_allowGridGods = false;
  71. private bool m_RegionOwnerIsGod = false;
  72. private bool m_ParcelOwnerIsGod = false;
  73. /// <value>
  74. /// The set of users that are allowed to create scripts. This is only active if permissions are not being
  75. /// bypassed. This overrides normal permissions.
  76. /// </value>
  77. private UserSet m_allowedScriptCreators = UserSet.All;
  78. /// <value>
  79. /// The set of users that are allowed to edit (save) scripts. This is only active if
  80. /// permissions are not being bypassed. This overrides normal permissions.-
  81. /// </value>
  82. private UserSet m_allowedScriptEditors = UserSet.All;
  83. #endregion
  84. #region ICommandableModule Members
  85. public ICommander CommandInterface
  86. {
  87. get { throw new System.NotImplementedException(); }
  88. }
  89. private void InterfaceDebugPermissions(Object[] args)
  90. {
  91. if ((bool)args[0] == true)
  92. {
  93. m_debugPermissions = true;
  94. m_log.Info("[PERMISSIONS]: Permissions Debugging Enabled.");
  95. }
  96. else
  97. {
  98. m_debugPermissions = false;
  99. m_log.Info("[PERMISSIONS]: Permissions Debugging Disabled.");
  100. }
  101. }
  102. private void InterfaceBypassPermissions(Object[] args)
  103. {
  104. if ((bool)args[0] == true)
  105. {
  106. m_log.Info("[PERMISSIONS]: Permissions Bypass Enabled.");
  107. m_bypassPermissionsValue = (bool)args[1];
  108. }
  109. else
  110. {
  111. m_bypassPermissions = false;
  112. m_log.Info("[PERMISSIONS]: Permissions Bypass Disabled. Normal Operation.");
  113. }
  114. }
  115. /// <summary>
  116. /// Processes commandline input. Do not call directly.
  117. /// </summary>
  118. /// <param name="args">Commandline arguments</param>
  119. private void EventManager_OnPluginConsole(string[] args)
  120. {
  121. if (args[0] == "permissions")
  122. {
  123. string[] tmpArgs = new string[args.Length - 2];
  124. int i;
  125. for (i = 2; i < args.Length; i++)
  126. tmpArgs[i - 2] = args[i];
  127. m_commander.ProcessConsoleCommand(args[1], tmpArgs);
  128. }
  129. }
  130. #endregion
  131. #region IRegionModule Members
  132. public void Initialise(Scene scene, IConfigSource config)
  133. {
  134. m_scene = scene;
  135. IConfig myConfig = config.Configs["Startup"];
  136. string permissionModules = myConfig.GetString("permissionmodules", "DefaultPermissionsModule");
  137. List<string> modules=new List<string>(permissionModules.Split(','));
  138. if (!modules.Contains("DefaultPermissionsModule"))
  139. return;
  140. m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false);
  141. m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true);
  142. m_propagatePermissions = myConfig.GetBoolean("propagate_permissions", true);
  143. m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
  144. m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
  145. m_allowedScriptCreators
  146. = ParseUserSetConfigSetting(myConfig, "allowed_script_creators", m_allowedScriptCreators);
  147. m_allowedScriptEditors
  148. = ParseUserSetConfigSetting(myConfig, "allowed_script_editors", m_allowedScriptEditors);
  149. if (m_bypassPermissions)
  150. m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks");
  151. else
  152. m_log.Debug("[PERMISSIONS]: Enabling all region service permission checks");
  153. //Register functions with Scene External Checks!
  154. m_scene.Permissions.AddBypassPermissionsHandler(BypassPermissions); //FULLY IMPLEMENTED
  155. m_scene.Permissions.AddSetBypassPermissionsHandler(SetBypassPermissions); //FULLY IMPLEMENTED
  156. m_scene.Permissions.AddPropagatePermissionsHandler(PropagatePermissions); //FULLY IMPLEMENTED
  157. m_scene.Permissions.AddGenerateClientFlagsHandler(GenerateClientFlags); //NOT YET FULLY IMPLEMENTED
  158. m_scene.Permissions.AddAbandonParcelHandler(CanAbandonParcel); //FULLY IMPLEMENTED
  159. m_scene.Permissions.AddReclaimParcelHandler(CanReclaimParcel); //FULLY IMPLEMENTED
  160. m_scene.Permissions.AddIsGodHandler(IsGod); //FULLY IMPLEMENTED
  161. m_scene.Permissions.AddDuplicateObjectHandler(CanDuplicateObject); //FULLY IMPLEMENTED
  162. m_scene.Permissions.AddDeleteObjectHandler(CanDeleteObject); //MAYBE FULLY IMPLEMENTED
  163. m_scene.Permissions.AddEditObjectHandler(CanEditObject);//MAYBE FULLY IMPLEMENTED
  164. m_scene.Permissions.AddEditParcelHandler(CanEditParcel); //FULLY IMPLEMENTED
  165. m_scene.Permissions.AddInstantMessageHandler(CanInstantMessage); //FULLY IMPLEMENTED
  166. m_scene.Permissions.AddInventoryTransferHandler(CanInventoryTransfer); //NOT YET IMPLEMENTED
  167. m_scene.Permissions.AddIssueEstateCommandHandler(CanIssueEstateCommand); //FULLY IMPLEMENTED
  168. m_scene.Permissions.AddMoveObjectHandler(CanMoveObject); //HOPEFULLY FULLY IMPLEMENTED
  169. m_scene.Permissions.AddObjectEntryHandler(CanObjectEntry); //FULLY IMPLEMENTED
  170. m_scene.Permissions.AddReturnObjectHandler(CanReturnObject); //NOT YET IMPLEMENTED
  171. m_scene.Permissions.AddRezObjectHandler(CanRezObject); //HOPEFULLY FULLY IMPLEMENTED
  172. m_scene.Permissions.AddRunConsoleCommandHandler(CanRunConsoleCommand); //FULLY IMPLEMENTED
  173. m_scene.Permissions.AddRunScriptHandler(CanRunScript); //NOT YET IMPLEMENTED
  174. m_scene.Permissions.AddSellParcelHandler(CanSellParcel); //FULLY IMPLEMENTED
  175. m_scene.Permissions.AddTakeObjectHandler(CanTakeObject); //FULLY IMPLEMENTED
  176. m_scene.Permissions.AddTakeCopyObjectHandler(CanTakeCopyObject); //FULLY IMPLEMENTED
  177. m_scene.Permissions.AddTerraformLandHandler(CanTerraformLand); //FULL IMPLEMENTED (POINT ONLY!!! NOT AREA!!!)
  178. m_scene.Permissions.AddCanLinkObjectHandler(CanLinkObject); //NOT YET IMPLEMENTED
  179. m_scene.Permissions.AddCanDelinkObjectHandler(CanDelinkObject); //NOT YET IMPLEMENTED
  180. m_scene.Permissions.AddCanBuyLandHandler(CanBuyLand); //NOT YET IMPLEMENTED
  181. m_scene.Permissions.AddViewNotecardHandler(CanViewNotecard); //NOT YET IMPLEMENTED
  182. m_scene.Permissions.AddViewScriptHandler(CanViewScript); //NOT YET IMPLEMENTED
  183. m_scene.Permissions.AddEditNotecardHandler(CanEditNotecard); //NOT YET IMPLEMENTED
  184. m_scene.Permissions.AddEditScriptHandler(CanEditScript); //NOT YET IMPLEMENTED
  185. m_scene.Permissions.AddCanCreateObjectInventoryHandler(CanCreateObjectInventory); //NOT IMPLEMENTED HERE
  186. m_scene.Permissions.AddEditObjectInventoryHandler(CanEditObjectInventory);//MAYBE FULLY IMPLEMENTED
  187. m_scene.Permissions.AddCanCopyObjectInventoryHandler(CanCopyObjectInventory); //NOT YET IMPLEMENTED
  188. m_scene.Permissions.AddCanDeleteObjectInventoryHandler(CanDeleteObjectInventory); //NOT YET IMPLEMENTED
  189. m_scene.Permissions.AddResetScriptHandler(CanResetScript);
  190. m_scene.Permissions.AddCanCreateUserInventoryHandler(CanCreateUserInventory); //NOT YET IMPLEMENTED
  191. m_scene.Permissions.AddCanCopyUserInventoryHandler(CanCopyUserInventory); //NOT YET IMPLEMENTED
  192. m_scene.Permissions.AddCanEditUserInventoryHandler(CanEditUserInventory); //NOT YET IMPLEMENTED
  193. m_scene.Permissions.AddCanDeleteUserInventoryHandler(CanDeleteUserInventory); //NOT YET IMPLEMENTED
  194. m_scene.Permissions.AddCanTeleportHandler(CanTeleport); //NOT YET IMPLEMENTED
  195. //Register Debug Commands
  196. Command bypassCommand = new Command("bypass", CommandIntentions.COMMAND_HAZARDOUS, InterfaceBypassPermissions, "Force the permissions a specific way to test permissions");
  197. bypassCommand.AddArgument("enable_bypass_perms", "true to enable bypassing all perms", "Boolean");
  198. bypassCommand.AddArgument("bypass_perms_value", "true/false: true will ignore all perms; false will restrict everything", "Boolean");
  199. m_commander.RegisterCommand("bypass", bypassCommand);
  200. Command debugCommand = new Command("debug", CommandIntentions.COMMAND_STATISTICAL, InterfaceDebugPermissions, "Force the permissions a specific way to test permissions");
  201. debugCommand.AddArgument("enable_debug_perms", "true to enable debugging to console all perms", "Boolean");
  202. m_commander.RegisterCommand("debug", debugCommand);
  203. m_scene.RegisterModuleCommander("CommanderPermissions", m_commander);
  204. m_scene.EventManager.OnPluginConsole += new EventManager.OnPluginConsoleDelegate(EventManager_OnPluginConsole);
  205. }
  206. public void PostInitialise()
  207. {
  208. }
  209. public void Close()
  210. {
  211. }
  212. public string Name
  213. {
  214. get { return "PermissionsModule"; }
  215. }
  216. public bool IsSharedModule
  217. {
  218. get { return false; }
  219. }
  220. #endregion
  221. #region Helper Functions
  222. protected void SendPermissionError(UUID user, string reason)
  223. {
  224. m_scene.EventManager.TriggerPermissionError(user, reason);
  225. }
  226. protected void DebugPermissionInformation(string permissionCalled)
  227. {
  228. if (m_debugPermissions)
  229. m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
  230. }
  231. /// <summary>
  232. /// Parse a user set configuration setting
  233. /// </summary>
  234. /// <param name="config"></param>
  235. /// <param name="settingName"></param>
  236. /// <param name="defaultValue">The default value for this attribute</param>
  237. /// <returns>The parsed value</returns>
  238. private static UserSet ParseUserSetConfigSetting(IConfig config, string settingName, UserSet defaultValue)
  239. {
  240. UserSet userSet = defaultValue;
  241. string rawSetting = config.GetString(settingName, defaultValue.ToString());
  242. // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term
  243. // this should disappear.
  244. if ("gods" == rawSetting.ToLower())
  245. rawSetting = UserSet.Administrators.ToString();
  246. // Doing it this was so that we can do a case insensitive conversion
  247. try
  248. {
  249. userSet = (UserSet)Enum.Parse(typeof(UserSet), rawSetting, true);
  250. }
  251. catch
  252. {
  253. m_log.ErrorFormat(
  254. "[PERMISSIONS]: {0} is not a valid {1} value, setting to {2}",
  255. rawSetting, settingName, userSet);
  256. }
  257. m_log.DebugFormat("[PERMISSIONS]: {0} {1}", settingName, userSet);
  258. return userSet;
  259. }
  260. /// <summary>
  261. /// Is the given user an administrator (in other words, a god)?
  262. /// </summary>
  263. /// <param name="user"></param>
  264. /// <returns></returns>
  265. protected bool IsAdministrator(UUID user)
  266. {
  267. if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero)
  268. {
  269. if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user))
  270. return true;
  271. }
  272. if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero)
  273. {
  274. if (m_scene.RegionInfo.EstateSettings.EstateOwner == user)
  275. return true;
  276. }
  277. if (m_allowGridGods)
  278. {
  279. CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
  280. if (profile != null && profile.UserProfile != null)
  281. {
  282. if (profile.UserProfile.GodLevel >= 200)
  283. return true;
  284. }
  285. else
  286. {
  287. m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for administrator check", user);
  288. }
  289. }
  290. return false;
  291. }
  292. protected bool IsEstateManager(UUID user)
  293. {
  294. return m_scene.RegionInfo.EstateSettings.IsEstateManager(user);
  295. }
  296. #endregion
  297. public bool PropagatePermissions()
  298. {
  299. if (m_bypassPermissions)
  300. return false;
  301. return m_propagatePermissions;
  302. }
  303. public bool BypassPermissions()
  304. {
  305. return m_bypassPermissions;
  306. }
  307. public void SetBypassPermissions(bool value)
  308. {
  309. m_bypassPermissions=value;
  310. }
  311. #region Object Permissions
  312. public uint GenerateClientFlags(UUID user, UUID objID)
  313. {
  314. // Here's the way this works,
  315. // ObjectFlags and Permission flags are two different enumerations
  316. // ObjectFlags, however, tells the client to change what it will allow the user to do.
  317. // So, that means that all of the permissions type ObjectFlags are /temporary/ and only
  318. // supposed to be set when customizing the objectflags for the client.
  319. // These temporary objectflags get computed and added in this function based on the
  320. // Permission mask that's appropriate!
  321. // Outside of this method, they should never be added to objectflags!
  322. // -teravus
  323. SceneObjectPart task = m_scene.GetSceneObjectPart(objID);
  324. // this shouldn't ever happen.. return no permissions/objectflags.
  325. if (task == null)
  326. return (uint)0;
  327. uint objflags = task.GetEffectiveObjectFlags();
  328. UUID objectOwner = task.OwnerID;
  329. // Remove any of the objectFlags that are temporary. These will get added back if appropriate
  330. // in the next bit of code
  331. // libomv will moan about PrimFlags.ObjectYouOfficer being
  332. // deprecated
  333. #pragma warning disable 0612
  334. objflags &= (uint)
  335. ~(PrimFlags.ObjectCopy | // Tells client you can copy the object
  336. PrimFlags.ObjectModify | // tells client you can modify the object
  337. PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod)
  338. PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
  339. PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object
  340. PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object
  341. PrimFlags.ObjectOwnerModify | // Tells client that you're the owner of the object
  342. PrimFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
  343. );
  344. #pragma warning restore 0612
  345. // Creating the three ObjectFlags options for this method to choose from.
  346. // Customize the OwnerMask
  347. uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags);
  348. objectOwnerMask |= (uint)PrimFlags.ObjectYouOwner | (uint)PrimFlags.ObjectAnyOwner | (uint)PrimFlags.ObjectOwnerModify;
  349. // Customize the GroupMask
  350. // uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags);
  351. // Customize the EveryoneMask
  352. uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags);
  353. // Hack to allow collaboration until Groups and Group Permissions are implemented
  354. if ((objectEveryoneMask & (uint)PrimFlags.ObjectMove) != 0)
  355. objectEveryoneMask |= (uint)PrimFlags.ObjectModify;
  356. if (m_bypassPermissions)
  357. return objectOwnerMask;
  358. // Object owners should be able to edit their own content
  359. if (user == objectOwner)
  360. {
  361. return objectOwnerMask;
  362. }
  363. // Users should be able to edit what is over their land.
  364. ILandObject parcel = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
  365. if (parcel != null && parcel.landData.OwnerID == user && m_ParcelOwnerIsGod)
  366. return objectOwnerMask;
  367. // Admin objects should not be editable by the above
  368. if (IsAdministrator(objectOwner))
  369. return objectEveryoneMask;
  370. // Estate users should be able to edit anything in the sim
  371. if (IsEstateManager(user) && m_RegionOwnerIsGod)
  372. return objectOwnerMask;
  373. // Admin should be able to edit anything in the sim (including admin objects)
  374. if (IsAdministrator(user))
  375. return objectOwnerMask;
  376. return objectEveryoneMask;
  377. }
  378. private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
  379. {
  380. // We are adding the temporary objectflags to the object's objectflags based on the
  381. // permission flag given. These change the F flags on the client.
  382. if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)
  383. {
  384. objectFlagsMask |= (uint)PrimFlags.ObjectCopy;
  385. }
  386. if ((setPermissionMask & (uint)PermissionMask.Move) != 0)
  387. {
  388. objectFlagsMask |= (uint)PrimFlags.ObjectMove;
  389. }
  390. if ((setPermissionMask & (uint)PermissionMask.Modify) != 0)
  391. {
  392. objectFlagsMask |= (uint)PrimFlags.ObjectModify;
  393. }
  394. if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0)
  395. {
  396. objectFlagsMask |= (uint)PrimFlags.ObjectTransfer;
  397. }
  398. return objectFlagsMask;
  399. }
  400. /// <summary>
  401. /// General permissions checks for any operation involving an object. These supplement more specific checks
  402. /// implemented by callers.
  403. /// </summary>
  404. /// <param name="currentUser"></param>
  405. /// <param name="objId"></param>
  406. /// <param name="denyOnLocked"></param>
  407. /// <returns></returns>
  408. protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
  409. {
  410. // Default: deny
  411. bool permission = false;
  412. bool locked = false;
  413. if (!m_scene.Entities.ContainsKey(objId))
  414. {
  415. return false;
  416. }
  417. // If it's not an object, we cant edit it.
  418. if ((!(m_scene.Entities[objId] is SceneObjectGroup)))
  419. {
  420. return false;
  421. }
  422. SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
  423. UUID objectOwner = group.OwnerID;
  424. locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
  425. // People shouldn't be able to do anything with locked objects, except the Administrator
  426. // The 'set permissions' runs through a different permission check, so when an object owner
  427. // sets an object locked, the only thing that they can do is unlock it.
  428. //
  429. // Nobody but the object owner can set permissions on an object
  430. //
  431. if (locked && (!IsAdministrator(currentUser)) && denyOnLocked)
  432. {
  433. return false;
  434. }
  435. // Object owners should be able to edit their own content
  436. if (currentUser == objectOwner)
  437. {
  438. permission = true;
  439. }
  440. else if (group.IsAttachment)
  441. {
  442. permission = false;
  443. }
  444. // Users should be able to edit what is over their land.
  445. ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y);
  446. if ((parcel != null) && (parcel.landData.OwnerID == currentUser))
  447. {
  448. permission = true;
  449. }
  450. // Estate users should be able to edit anything in the sim
  451. if (IsEstateManager(currentUser))
  452. {
  453. permission = true;
  454. }
  455. // Admin objects should not be editable by the above
  456. if (IsAdministrator(objectOwner))
  457. {
  458. permission = false;
  459. }
  460. // Admin should be able to edit anything in the sim (including admin objects)
  461. if (IsAdministrator(currentUser))
  462. {
  463. permission = true;
  464. }
  465. return permission;
  466. }
  467. #endregion
  468. #region Generic Permissions
  469. protected bool GenericCommunicationPermission(UUID user, UUID target)
  470. {
  471. // Setting this to true so that cool stuff can happen until we define what determines Generic Communication Permission
  472. bool permission = true;
  473. string reason = "Only registered users may communicate with another account.";
  474. // Uhh, we need to finish this before we enable it.. because it's blocking all sorts of goodies and features
  475. if (IsAdministrator(user))
  476. permission = true;
  477. if (IsEstateManager(user))
  478. permission = true;
  479. if (!permission)
  480. SendPermissionError(user, reason);
  481. return permission;
  482. }
  483. public bool GenericEstatePermission(UUID user)
  484. {
  485. // Default: deny
  486. bool permission = false;
  487. // Estate admins should be able to use estate tools
  488. if (IsEstateManager(user))
  489. permission = true;
  490. // Administrators always have permission
  491. if (IsAdministrator(user))
  492. permission = true;
  493. return permission;
  494. }
  495. protected bool GenericParcelPermission(UUID user, ILandObject parcel)
  496. {
  497. bool permission = false;
  498. if (parcel.landData.OwnerID == user)
  499. {
  500. permission = true;
  501. }
  502. if (parcel.landData.IsGroupOwned)
  503. {
  504. // TODO: Need to do some extra checks here. Requires group code.
  505. }
  506. if (IsEstateManager(user))
  507. {
  508. permission = true;
  509. }
  510. if (IsAdministrator(user))
  511. {
  512. permission = true;
  513. }
  514. return permission;
  515. }
  516. protected bool GenericParcelPermission(UUID user, Vector3 pos)
  517. {
  518. ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
  519. if (parcel == null) return false;
  520. return GenericParcelPermission(user, parcel);
  521. }
  522. #endregion
  523. #region Permission Checks
  524. private bool CanAbandonParcel(UUID user, ILandObject parcel, Scene scene)
  525. {
  526. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  527. if (m_bypassPermissions) return m_bypassPermissionsValue;
  528. return GenericParcelPermission(user, parcel);
  529. }
  530. private bool CanReclaimParcel(UUID user, ILandObject parcel, Scene scene)
  531. {
  532. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  533. if (m_bypassPermissions) return m_bypassPermissionsValue;
  534. return GenericParcelPermission(user, parcel);
  535. }
  536. private bool IsGod(UUID user, Scene scene)
  537. {
  538. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  539. if (m_bypassPermissions) return m_bypassPermissionsValue;
  540. return IsAdministrator(user);
  541. }
  542. private bool CanDuplicateObject(int objectCount, UUID objectID, UUID owner, Scene scene, Vector3 objectPosition)
  543. {
  544. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  545. if (m_bypassPermissions) return m_bypassPermissionsValue;
  546. if (!GenericObjectPermission(owner, objectID, true))
  547. {
  548. //They can't even edit the object
  549. return false;
  550. }
  551. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  552. if (part == null)
  553. return false;
  554. if ((part.OwnerMask & PERM_COPY) == 0)
  555. return false;
  556. if ((part.ParentGroup.GetEffectivePermissions() & PERM_COPY) == 0)
  557. return false;
  558. //If they can rez, they can duplicate
  559. return CanRezObject(objectCount, owner, objectPosition, scene);
  560. }
  561. private bool CanDeleteObject(UUID objectID, UUID deleter, Scene scene)
  562. {
  563. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  564. if (m_bypassPermissions) return m_bypassPermissionsValue;
  565. return GenericObjectPermission(deleter, objectID, false);
  566. }
  567. private bool CanEditObject(UUID objectID, UUID editorID, Scene scene)
  568. {
  569. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  570. if (m_bypassPermissions) return m_bypassPermissionsValue;
  571. return GenericObjectPermission(editorID, objectID, false);
  572. }
  573. private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene)
  574. {
  575. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  576. if (m_bypassPermissions) return m_bypassPermissionsValue;
  577. SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
  578. // If we selected a sub-prim to edit, the objectID won't represent the object, but only a part.
  579. // We have to check the permissions of the group, though.
  580. if (part.ParentID != 0)
  581. {
  582. objectID = part.ParentUUID;
  583. part = m_scene.GetSceneObjectPart(objectID);
  584. }
  585. // TODO: add group support!
  586. //
  587. if (part.OwnerID != editorID)
  588. return false;
  589. return GenericObjectPermission(editorID, objectID, false);
  590. }
  591. private bool CanEditParcel(UUID user, ILandObject parcel, Scene scene)
  592. {
  593. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  594. if (m_bypassPermissions) return m_bypassPermissionsValue;
  595. return GenericParcelPermission(user, parcel);
  596. }
  597. /// <summary>
  598. /// Check whether the specified user can edit the given script
  599. /// </summary>
  600. /// <param name="script"></param>
  601. /// <param name="objectID"></param>
  602. /// <param name="user"></param>
  603. /// <param name="scene"></param>
  604. /// <returns></returns>
  605. private bool CanEditScript(UUID script, UUID objectID, UUID user, Scene scene)
  606. {
  607. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  608. if (m_bypassPermissions) return m_bypassPermissionsValue;
  609. if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(user))
  610. return false;
  611. // Ordinarily, if you can view it, you can edit it
  612. // There is no viewing a no mod script
  613. //
  614. return CanViewScript(script, objectID, user, scene);
  615. }
  616. /// <summary>
  617. /// Check whether the specified user can edit the given notecard
  618. /// </summary>
  619. /// <param name="notecard"></param>
  620. /// <param name="objectID"></param>
  621. /// <param name="user"></param>
  622. /// <param name="scene"></param>
  623. /// <returns></returns>
  624. private bool CanEditNotecard(UUID notecard, UUID objectID, UUID user, Scene scene)
  625. {
  626. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  627. if (m_bypassPermissions) return m_bypassPermissionsValue;
  628. if (objectID == UUID.Zero) // User inventory
  629. {
  630. CachedUserInfo userInfo =
  631. scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
  632. if (userInfo == null)
  633. {
  634. m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user);
  635. return false;
  636. }
  637. if (userInfo.RootFolder == null)
  638. return false;
  639. InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard);
  640. if (assetRequestItem == null) // Library item
  641. {
  642. assetRequestItem = scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard);
  643. if (assetRequestItem != null) // Implicitly readable
  644. return true;
  645. }
  646. // Notecards must be both mod and copy to be saveable
  647. // This is because of they're not copy, you can't read
  648. // them, and if they're not mod, well, then they're
  649. // not mod. Duh.
  650. //
  651. if ((assetRequestItem.CurrentPermissions &
  652. ((uint)PermissionMask.Modify |
  653. (uint)PermissionMask.Copy)) !=
  654. ((uint)PermissionMask.Modify |
  655. (uint)PermissionMask.Copy))
  656. return false;
  657. }
  658. else // Prim inventory
  659. {
  660. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  661. if (part == null)
  662. return false;
  663. if (part.OwnerID != user)
  664. return false;
  665. if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
  666. return false;
  667. TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
  668. if (ti == null)
  669. return false;
  670. if (ti.OwnerID != user)
  671. return false;
  672. // Require full perms
  673. if ((ti.CurrentPermissions &
  674. ((uint)PermissionMask.Modify |
  675. (uint)PermissionMask.Copy)) !=
  676. ((uint)PermissionMask.Modify |
  677. (uint)PermissionMask.Copy))
  678. return false;
  679. }
  680. return true;
  681. }
  682. private bool CanInstantMessage(UUID user, UUID target, Scene startScene)
  683. {
  684. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  685. if (m_bypassPermissions) return m_bypassPermissionsValue;
  686. return GenericCommunicationPermission(user, target);
  687. }
  688. private bool CanInventoryTransfer(UUID user, UUID target, Scene startScene)
  689. {
  690. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  691. if (m_bypassPermissions) return m_bypassPermissionsValue;
  692. return GenericCommunicationPermission(user, target);
  693. }
  694. private bool CanIssueEstateCommand(UUID user, Scene requestFromScene, bool ownerCommand)
  695. {
  696. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  697. if (m_bypassPermissions) return m_bypassPermissionsValue;
  698. if (IsAdministrator(user))
  699. return true;
  700. if (m_scene.RegionInfo.EstateSettings.IsEstateOwner(user))
  701. return true;
  702. if (ownerCommand)
  703. return false;
  704. return GenericEstatePermission(user);
  705. }
  706. private bool CanMoveObject(UUID objectID, UUID moverID, Scene scene)
  707. {
  708. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  709. if (m_bypassPermissions)
  710. {
  711. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  712. if (part.OwnerID != moverID)
  713. {
  714. if (part.ParentGroup != null && !part.ParentGroup.IsDeleted)
  715. {
  716. if (part.ParentGroup.IsAttachment)
  717. return false;
  718. }
  719. }
  720. return m_bypassPermissionsValue;
  721. }
  722. bool permission = GenericObjectPermission(moverID, objectID, true);
  723. if (!permission)
  724. {
  725. if (!m_scene.Entities.ContainsKey(objectID))
  726. {
  727. return false;
  728. }
  729. // The client
  730. // may request to edit linked parts, and therefore, it needs
  731. // to also check for SceneObjectPart
  732. // If it's not an object, we cant edit it.
  733. if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
  734. {
  735. return false;
  736. }
  737. SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
  738. // UUID taskOwner = null;
  739. // Added this because at this point in time it wouldn't be wise for
  740. // the administrator object permissions to take effect.
  741. // UUID objectOwner = task.OwnerID;
  742. // Anyone can move
  743. if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
  744. permission = true;
  745. // Locked
  746. if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
  747. permission = false;
  748. }
  749. else
  750. {
  751. bool locked = false;
  752. if (!m_scene.Entities.ContainsKey(objectID))
  753. {
  754. return false;
  755. }
  756. // If it's not an object, we cant edit it.
  757. if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
  758. {
  759. return false;
  760. }
  761. SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objectID];
  762. UUID objectOwner = group.OwnerID;
  763. locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
  764. // This is an exception to the generic object permission.
  765. // Administrators who lock their objects should not be able to move them,
  766. // however generic object permission should return true.
  767. // This keeps locked objects from being affected by random click + drag actions by accident
  768. // and allows the administrator to grab or delete a locked object.
  769. // Administrators and estate managers are still able to click+grab locked objects not
  770. // owned by them in the scene
  771. // This is by design.
  772. if (locked && (moverID == objectOwner))
  773. return false;
  774. }
  775. return permission;
  776. }
  777. private bool CanObjectEntry(UUID objectID, bool enteringRegion, Vector3 newPoint, Scene scene)
  778. {
  779. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  780. if (m_bypassPermissions) return m_bypassPermissionsValue;
  781. if ((newPoint.X > 257f || newPoint.X < -1f || newPoint.Y > 257f || newPoint.Y < -1f))
  782. {
  783. return true;
  784. }
  785. SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
  786. ILandObject land = m_scene.LandChannel.GetLandObject(newPoint.X, newPoint.Y);
  787. if (!enteringRegion)
  788. {
  789. ILandObject fromland = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
  790. if (fromland == land) // Not entering
  791. return true;
  792. }
  793. if (land == null)
  794. {
  795. return false;
  796. }
  797. if ((land.landData.Flags & ((int)Parcel.ParcelFlags.AllowAPrimitiveEntry)) != 0)
  798. {
  799. return true;
  800. }
  801. //TODO: check for group rights
  802. if (!m_scene.Entities.ContainsKey(objectID))
  803. {
  804. return false;
  805. }
  806. // If it's not an object, we cant edit it.
  807. if (!(m_scene.Entities[objectID] is SceneObjectGroup))
  808. {
  809. return false;
  810. }
  811. if (GenericParcelPermission(task.OwnerID, newPoint))
  812. {
  813. return true;
  814. }
  815. //Otherwise, false!
  816. return false;
  817. }
  818. private bool CanReturnObject(UUID objectID, UUID returnerID, Scene scene)
  819. {
  820. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  821. if (m_bypassPermissions) return m_bypassPermissionsValue;
  822. return GenericObjectPermission(returnerID, objectID, false);
  823. }
  824. private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene)
  825. {
  826. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  827. if (m_bypassPermissions) return m_bypassPermissionsValue;
  828. bool permission = false;
  829. ILandObject land = m_scene.LandChannel.GetLandObject(objectPosition.X, objectPosition.Y);
  830. if (land == null) return false;
  831. if ((land.landData.Flags & ((int)Parcel.ParcelFlags.CreateObjects)) ==
  832. (int)Parcel.ParcelFlags.CreateObjects)
  833. permission = true;
  834. //TODO: check for group rights
  835. if (IsAdministrator(owner))
  836. {
  837. permission = true;
  838. }
  839. if (GenericParcelPermission(owner, objectPosition))
  840. {
  841. permission = true;
  842. }
  843. return permission;
  844. }
  845. private bool CanRunConsoleCommand(UUID user, Scene requestFromScene)
  846. {
  847. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  848. if (m_bypassPermissions) return m_bypassPermissionsValue;
  849. return IsAdministrator(user);
  850. }
  851. private bool CanRunScript(UUID script, UUID objectID, UUID user, Scene scene)
  852. {
  853. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  854. if (m_bypassPermissions) return m_bypassPermissionsValue;
  855. return true;
  856. }
  857. private bool CanSellParcel(UUID user, ILandObject parcel, Scene scene)
  858. {
  859. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  860. if (m_bypassPermissions) return m_bypassPermissionsValue;
  861. return GenericParcelPermission(user, parcel);
  862. }
  863. private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene)
  864. {
  865. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  866. if (m_bypassPermissions) return m_bypassPermissionsValue;
  867. return GenericObjectPermission(stealer,objectID, false);
  868. }
  869. private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene)
  870. {
  871. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  872. if (m_bypassPermissions) return m_bypassPermissionsValue;
  873. bool permission = GenericObjectPermission(userID, objectID,false);
  874. if (!permission)
  875. {
  876. if (!m_scene.Entities.ContainsKey(objectID))
  877. {
  878. return false;
  879. }
  880. // If it's not an object, we cant edit it.
  881. if (!(m_scene.Entities[objectID] is SceneObjectGroup))
  882. {
  883. return false;
  884. }
  885. SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
  886. // UUID taskOwner = null;
  887. // Added this because at this point in time it wouldn't be wise for
  888. // the administrator object permissions to take effect.
  889. // UUID objectOwner = task.OwnerID;
  890. if ((task.RootPart.EveryoneMask & PERM_COPY) != 0)
  891. permission = true;
  892. if ((task.GetEffectivePermissions() & PERM_COPY) == 0)
  893. permission = false;
  894. }
  895. else
  896. {
  897. SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
  898. if ((task.GetEffectivePermissions() & PERM_COPY) == 0)
  899. permission = false;
  900. }
  901. return permission;
  902. }
  903. private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene)
  904. {
  905. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  906. if (m_bypassPermissions) return m_bypassPermissionsValue;
  907. // Estate override
  908. if (GenericEstatePermission(user))
  909. return true;
  910. float X = position.X;
  911. float Y = position.Y;
  912. if (X > 255)
  913. X = 255;
  914. if (Y > 255)
  915. Y = 255;
  916. if (X < 0)
  917. X = 0;
  918. if (Y < 0)
  919. Y = 0;
  920. ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y);
  921. if (parcel == null)
  922. return false;
  923. // Others allowed to terraform?
  924. if ((parcel.landData.Flags & ((int)Parcel.ParcelFlags.AllowTerraform)) != 0)
  925. return true;
  926. // Land owner can terraform too
  927. if (parcel != null && GenericParcelPermission(user, parcel))
  928. return true;
  929. return false;
  930. }
  931. /// <summary>
  932. /// Check whether the specified user can view the given script
  933. /// </summary>
  934. /// <param name="script"></param>
  935. /// <param name="objectID"></param>
  936. /// <param name="user"></param>
  937. /// <param name="scene"></param>
  938. /// <returns></returns>
  939. private bool CanViewScript(UUID script, UUID objectID, UUID user, Scene scene)
  940. {
  941. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  942. if (m_bypassPermissions) return m_bypassPermissionsValue;
  943. if (objectID == UUID.Zero) // User inventory
  944. {
  945. CachedUserInfo userInfo =
  946. scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
  947. if (userInfo == null)
  948. {
  949. m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for administrator check", user);
  950. return false;
  951. }
  952. if (userInfo.RootFolder == null)
  953. return false;
  954. InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(script);
  955. if (assetRequestItem == null) // Library item
  956. {
  957. assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(script);
  958. if (assetRequestItem != null) // Implicitly readable
  959. return true;
  960. }
  961. // SL is rather harebrained here. In SL, a script you
  962. // have mod/copy no trans is readable. This subverts
  963. // permissions, but is used in some products, most
  964. // notably Hippo door plugin and HippoRent 5 networked
  965. // prim counter.
  966. // To enable this broken SL-ism, remove Transfer from
  967. // the below expressions.
  968. // Trying to improve on SL perms by making a script
  969. // readable only if it's really full perms
  970. //
  971. if ((assetRequestItem.CurrentPermissions &
  972. ((uint)PermissionMask.Modify |
  973. (uint)PermissionMask.Copy |
  974. (uint)PermissionMask.Transfer)) !=
  975. ((uint)PermissionMask.Modify |
  976. (uint)PermissionMask.Copy |
  977. (uint)PermissionMask.Transfer))
  978. return false;
  979. }
  980. else // Prim inventory
  981. {
  982. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  983. if (part == null)
  984. return false;
  985. if (part.OwnerID != user)
  986. return false;
  987. if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
  988. return false;
  989. TaskInventoryItem ti = part.Inventory.GetInventoryItem(script);
  990. if (ti == null)
  991. return false;
  992. if (ti.OwnerID != user)
  993. return false;
  994. // Require full perms
  995. if ((ti.CurrentPermissions &
  996. ((uint)PermissionMask.Modify |
  997. (uint)PermissionMask.Copy |
  998. (uint)PermissionMask.Transfer)) !=
  999. ((uint)PermissionMask.Modify |
  1000. (uint)PermissionMask.Copy |
  1001. (uint)PermissionMask.Transfer))
  1002. return false;
  1003. }
  1004. return true;
  1005. }
  1006. /// <summary>
  1007. /// Check whether the specified user can view the given notecard
  1008. /// </summary>
  1009. /// <param name="script"></param>
  1010. /// <param name="objectID"></param>
  1011. /// <param name="user"></param>
  1012. /// <param name="scene"></param>
  1013. /// <returns></returns>
  1014. private bool CanViewNotecard(UUID notecard, UUID objectID, UUID user, Scene scene)
  1015. {
  1016. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1017. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1018. if (objectID == UUID.Zero) // User inventory
  1019. {
  1020. CachedUserInfo userInfo =
  1021. scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
  1022. if (userInfo == null)
  1023. {
  1024. m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for view notecard check", user);
  1025. return false;
  1026. }
  1027. if (userInfo.RootFolder == null)
  1028. return false;
  1029. InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard);
  1030. if (assetRequestItem == null) // Library item
  1031. {
  1032. assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard);
  1033. if (assetRequestItem != null) // Implicitly readable
  1034. return true;
  1035. }
  1036. // Notecards are always readable unless no copy
  1037. //
  1038. if ((assetRequestItem.CurrentPermissions &
  1039. (uint)PermissionMask.Copy) !=
  1040. (uint)PermissionMask.Copy)
  1041. return false;
  1042. }
  1043. else // Prim inventory
  1044. {
  1045. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  1046. if (part == null)
  1047. return false;
  1048. if (part.OwnerID != user)
  1049. return false;
  1050. if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
  1051. return false;
  1052. TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
  1053. if (ti == null)
  1054. return false;
  1055. if (ti.OwnerID != user)
  1056. return false;
  1057. // Notecards are always readable unless no copy
  1058. //
  1059. if ((ti.CurrentPermissions &
  1060. (uint)PermissionMask.Copy) !=
  1061. (uint)PermissionMask.Copy)
  1062. return false;
  1063. }
  1064. return true;
  1065. }
  1066. #endregion
  1067. private bool CanLinkObject(UUID userID, UUID objectID)
  1068. {
  1069. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1070. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1071. return true;
  1072. }
  1073. private bool CanDelinkObject(UUID userID, UUID objectID)
  1074. {
  1075. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1076. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1077. return true;
  1078. }
  1079. private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene)
  1080. {
  1081. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1082. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1083. return true;
  1084. }
  1085. private bool CanCopyObjectInventory(UUID itemID, UUID objectID, UUID userID)
  1086. {
  1087. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1088. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1089. return true;
  1090. }
  1091. private bool CanDeleteObjectInventory(UUID itemID, UUID objectID, UUID userID)
  1092. {
  1093. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1094. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1095. return true;
  1096. }
  1097. /// <summary>
  1098. /// Check whether the specified user is allowed to directly create the given inventory type in a prim's
  1099. /// inventory (e.g. the New Script button in the 1.21 Linden Lab client).
  1100. /// </summary>
  1101. /// <param name="invType"></param>
  1102. /// <param name="objectID"></param>
  1103. /// <param name="userID"></param>
  1104. /// <returns></returns>
  1105. private bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID)
  1106. {
  1107. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1108. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1109. if ((int)InventoryType.LSL == invType)
  1110. if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
  1111. return false;
  1112. return true;
  1113. }
  1114. /// <summary>
  1115. /// Check whether the specified user is allowed to create the given inventory type in their inventory.
  1116. /// </summary>
  1117. /// <param name="invType"></param>
  1118. /// <param name="userID"></param>
  1119. /// <returns></returns>
  1120. private bool CanCreateUserInventory(int invType, UUID userID)
  1121. {
  1122. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1123. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1124. if ((int)InventoryType.LSL == invType)
  1125. if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
  1126. return false;
  1127. return true;
  1128. }
  1129. /// <summary>
  1130. /// Check whether the specified user is allowed to copy the given inventory type in their inventory.
  1131. /// </summary>
  1132. /// <param name="itemID"></param>
  1133. /// <param name="userID"></param>
  1134. /// <returns></returns>
  1135. private bool CanCopyUserInventory(UUID itemID, UUID userID)
  1136. {
  1137. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1138. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1139. return true;
  1140. }
  1141. /// <summary>
  1142. /// Check whether the specified user is allowed to edit the given inventory item within their own inventory.
  1143. /// </summary>
  1144. /// <param name="itemID"></param>
  1145. /// <param name="userID"></param>
  1146. /// <returns></returns>
  1147. private bool CanEditUserInventory(UUID itemID, UUID userID)
  1148. {
  1149. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1150. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1151. return true;
  1152. }
  1153. /// <summary>
  1154. /// Check whether the specified user is allowed to delete the given inventory item from their own inventory.
  1155. /// </summary>
  1156. /// <param name="itemID"></param>
  1157. /// <param name="userID"></param>
  1158. /// <returns></returns>
  1159. private bool CanDeleteUserInventory(UUID itemID, UUID userID)
  1160. {
  1161. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1162. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1163. return true;
  1164. }
  1165. private bool CanTeleport(UUID userID)
  1166. {
  1167. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1168. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1169. return true;
  1170. }
  1171. private bool CanResetScript(UUID prim, UUID script, UUID agentID, Scene scene)
  1172. {
  1173. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1174. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1175. SceneObjectPart part = m_scene.GetSceneObjectPart(prim);
  1176. // If we selected a sub-prim to reset, prim won't represent the object, but only a part.
  1177. // We have to check the permissions of the object, though.
  1178. if (part.ParentID != 0) prim = part.ParentUUID;
  1179. // You can reset the scripts in any object you can edit
  1180. return GenericObjectPermission(agentID, prim, false);
  1181. }
  1182. }
  1183. }