123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476 |
- /*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the OpenSim Project nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- using OpenMetaverse;
- using Nini.Config;
- using System;
- using System.Collections;
- using System.Collections.Generic;
- using System.Reflection;
- using log4net;
- using OpenSim.Framework;
- using OpenSim.Region.Environment.Interfaces;
- using OpenSim.Region.Environment.Modules.Framework;
- using OpenSim.Region.Environment.Modules.Framework.InterfaceCommander;
- using OpenSim.Region.Environment.Scenes;
- using OpenSim.Framework.Communications.Cache;
- namespace OpenSim.Region.Environment.Modules.World.Permissions
- {
- public class PermissionsModule : IRegionModule, ICommandableModule
- {
- private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
-
- protected Scene m_scene;
- private readonly Commander m_commander = new Commander("Permissions");
- #region Constants
- // These are here for testing. They will be taken out
- //private uint PERM_ALL = (uint)2147483647;
- private uint PERM_COPY = (uint)32768;
- //private uint PERM_MODIFY = (uint)16384;
- private uint PERM_MOVE = (uint)524288;
- //private uint PERM_TRANS = (uint)8192;
- private uint PERM_LOCKED = (uint)540672;
-
- /// <value>
- /// Different user set names that come in from the configuration file.
- /// </value>
- enum UserSet
- {
- All,
- Administrators
- };
-
- #endregion
- #region Bypass Permissions / Debug Permissions Stuff
- // Bypasses the permissions engine
- private bool m_bypassPermissions = true;
- private bool m_bypassPermissionsValue = true;
- private bool m_propagatePermissions = false;
- private bool m_debugPermissions = false;
- private bool m_allowGridGods = false;
- private bool m_RegionOwnerIsGod = false;
- private bool m_ParcelOwnerIsGod = false;
-
- /// <value>
- /// The set of users that are allowed to create scripts. This is only active if permissions are not being
- /// bypassed. This overrides normal permissions.
- /// </value>
- private UserSet m_allowedScriptCreators = UserSet.All;
- /// <value>
- /// The set of users that are allowed to edit (save) scripts. This is only active if
- /// permissions are not being bypassed. This overrides normal permissions.-
- /// </value>
- private UserSet m_allowedScriptEditors = UserSet.All;
- #endregion
- #region ICommandableModule Members
- public ICommander CommandInterface
- {
- get { throw new System.NotImplementedException(); }
- }
- private void InterfaceDebugPermissions(Object[] args)
- {
- if ((bool)args[0] == true)
- {
- m_debugPermissions = true;
- m_log.Info("[PERMISSIONS]: Permissions Debugging Enabled.");
- }
- else
- {
- m_debugPermissions = false;
- m_log.Info("[PERMISSIONS]: Permissions Debugging Disabled.");
- }
- }
- private void InterfaceBypassPermissions(Object[] args)
- {
- if ((bool)args[0] == true)
- {
- m_log.Info("[PERMISSIONS]: Permissions Bypass Enabled.");
- m_bypassPermissionsValue = (bool)args[1];
- }
- else
- {
- m_bypassPermissions = false;
- m_log.Info("[PERMISSIONS]: Permissions Bypass Disabled. Normal Operation.");
- }
- }
- /// <summary>
- /// Processes commandline input. Do not call directly.
- /// </summary>
- /// <param name="args">Commandline arguments</param>
- private void EventManager_OnPluginConsole(string[] args)
- {
- if (args[0] == "permissions")
- {
- string[] tmpArgs = new string[args.Length - 2];
- int i;
- for (i = 2; i < args.Length; i++)
- tmpArgs[i - 2] = args[i];
- m_commander.ProcessConsoleCommand(args[1], tmpArgs);
- }
- }
- #endregion
- #region IRegionModule Members
- public void Initialise(Scene scene, IConfigSource config)
- {
- m_scene = scene;
- IConfig myConfig = config.Configs["Startup"];
- string permissionModules = myConfig.GetString("permissionmodules", "DefaultPermissionsModule");
- List<string> modules=new List<string>(permissionModules.Split(','));
- if (!modules.Contains("DefaultPermissionsModule"))
- return;
- m_allowGridGods = myConfig.GetBoolean("allow_grid_gods", false);
- m_bypassPermissions = !myConfig.GetBoolean("serverside_object_permissions", true);
- m_propagatePermissions = myConfig.GetBoolean("propagate_permissions", true);
- m_RegionOwnerIsGod = myConfig.GetBoolean("region_owner_is_god", true);
- m_ParcelOwnerIsGod = myConfig.GetBoolean("parcel_owner_is_god", true);
-
- m_allowedScriptCreators
- = ParseUserSetConfigSetting(myConfig, "allowed_script_creators", m_allowedScriptCreators);
- m_allowedScriptEditors
- = ParseUserSetConfigSetting(myConfig, "allowed_script_editors", m_allowedScriptEditors);
- if (m_bypassPermissions)
- m_log.Info("[PERMISSIONS]: serviceside_object_permissions = false in ini file so disabling all region service permission checks");
- else
- m_log.Debug("[PERMISSIONS]: Enabling all region service permission checks");
- //Register functions with Scene External Checks!
- m_scene.Permissions.AddBypassPermissionsHandler(BypassPermissions); //FULLY IMPLEMENTED
- m_scene.Permissions.AddSetBypassPermissionsHandler(SetBypassPermissions); //FULLY IMPLEMENTED
- m_scene.Permissions.AddPropagatePermissionsHandler(PropagatePermissions); //FULLY IMPLEMENTED
- m_scene.Permissions.AddGenerateClientFlagsHandler(GenerateClientFlags); //NOT YET FULLY IMPLEMENTED
- m_scene.Permissions.AddAbandonParcelHandler(CanAbandonParcel); //FULLY IMPLEMENTED
- m_scene.Permissions.AddReclaimParcelHandler(CanReclaimParcel); //FULLY IMPLEMENTED
- m_scene.Permissions.AddIsGodHandler(IsGod); //FULLY IMPLEMENTED
- m_scene.Permissions.AddDuplicateObjectHandler(CanDuplicateObject); //FULLY IMPLEMENTED
- m_scene.Permissions.AddDeleteObjectHandler(CanDeleteObject); //MAYBE FULLY IMPLEMENTED
- m_scene.Permissions.AddEditObjectHandler(CanEditObject);//MAYBE FULLY IMPLEMENTED
- m_scene.Permissions.AddEditParcelHandler(CanEditParcel); //FULLY IMPLEMENTED
- m_scene.Permissions.AddInstantMessageHandler(CanInstantMessage); //FULLY IMPLEMENTED
- m_scene.Permissions.AddInventoryTransferHandler(CanInventoryTransfer); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddIssueEstateCommandHandler(CanIssueEstateCommand); //FULLY IMPLEMENTED
- m_scene.Permissions.AddMoveObjectHandler(CanMoveObject); //HOPEFULLY FULLY IMPLEMENTED
- m_scene.Permissions.AddObjectEntryHandler(CanObjectEntry); //FULLY IMPLEMENTED
- m_scene.Permissions.AddReturnObjectHandler(CanReturnObject); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddRezObjectHandler(CanRezObject); //HOPEFULLY FULLY IMPLEMENTED
- m_scene.Permissions.AddRunConsoleCommandHandler(CanRunConsoleCommand); //FULLY IMPLEMENTED
- m_scene.Permissions.AddRunScriptHandler(CanRunScript); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddSellParcelHandler(CanSellParcel); //FULLY IMPLEMENTED
- m_scene.Permissions.AddTakeObjectHandler(CanTakeObject); //FULLY IMPLEMENTED
- m_scene.Permissions.AddTakeCopyObjectHandler(CanTakeCopyObject); //FULLY IMPLEMENTED
- m_scene.Permissions.AddTerraformLandHandler(CanTerraformLand); //FULL IMPLEMENTED (POINT ONLY!!! NOT AREA!!!)
- m_scene.Permissions.AddCanLinkObjectHandler(CanLinkObject); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddCanDelinkObjectHandler(CanDelinkObject); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddCanBuyLandHandler(CanBuyLand); //NOT YET IMPLEMENTED
-
- m_scene.Permissions.AddViewNotecardHandler(CanViewNotecard); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddViewScriptHandler(CanViewScript); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddEditNotecardHandler(CanEditNotecard); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddEditScriptHandler(CanEditScript); //NOT YET IMPLEMENTED
-
- m_scene.Permissions.AddCanCreateObjectInventoryHandler(CanCreateObjectInventory); //NOT IMPLEMENTED HERE
- m_scene.Permissions.AddEditObjectInventoryHandler(CanEditObjectInventory);//MAYBE FULLY IMPLEMENTED
- m_scene.Permissions.AddCanCopyObjectInventoryHandler(CanCopyObjectInventory); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddCanDeleteObjectInventoryHandler(CanDeleteObjectInventory); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddResetScriptHandler(CanResetScript);
-
- m_scene.Permissions.AddCanCreateUserInventoryHandler(CanCreateUserInventory); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddCanCopyUserInventoryHandler(CanCopyUserInventory); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddCanEditUserInventoryHandler(CanEditUserInventory); //NOT YET IMPLEMENTED
- m_scene.Permissions.AddCanDeleteUserInventoryHandler(CanDeleteUserInventory); //NOT YET IMPLEMENTED
-
- m_scene.Permissions.AddCanTeleportHandler(CanTeleport); //NOT YET IMPLEMENTED
- //Register Debug Commands
- Command bypassCommand = new Command("bypass", CommandIntentions.COMMAND_HAZARDOUS, InterfaceBypassPermissions, "Force the permissions a specific way to test permissions");
- bypassCommand.AddArgument("enable_bypass_perms", "true to enable bypassing all perms", "Boolean");
- bypassCommand.AddArgument("bypass_perms_value", "true/false: true will ignore all perms; false will restrict everything", "Boolean");
- m_commander.RegisterCommand("bypass", bypassCommand);
- Command debugCommand = new Command("debug", CommandIntentions.COMMAND_STATISTICAL, InterfaceDebugPermissions, "Force the permissions a specific way to test permissions");
- debugCommand.AddArgument("enable_debug_perms", "true to enable debugging to console all perms", "Boolean");
- m_commander.RegisterCommand("debug", debugCommand);
- m_scene.RegisterModuleCommander("CommanderPermissions", m_commander);
- m_scene.EventManager.OnPluginConsole += new EventManager.OnPluginConsoleDelegate(EventManager_OnPluginConsole);
- }
- public void PostInitialise()
- {
- }
- public void Close()
- {
- }
- public string Name
- {
- get { return "PermissionsModule"; }
- }
- public bool IsSharedModule
- {
- get { return false; }
- }
- #endregion
- #region Helper Functions
- protected void SendPermissionError(UUID user, string reason)
- {
- m_scene.EventManager.TriggerPermissionError(user, reason);
- }
-
- protected void DebugPermissionInformation(string permissionCalled)
- {
- if (m_debugPermissions)
- m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
- }
-
- /// <summary>
- /// Parse a user set configuration setting
- /// </summary>
- /// <param name="config"></param>
- /// <param name="settingName"></param>
- /// <param name="defaultValue">The default value for this attribute</param>
- /// <returns>The parsed value</returns>
- private static UserSet ParseUserSetConfigSetting(IConfig config, string settingName, UserSet defaultValue)
- {
- UserSet userSet = defaultValue;
-
- string rawSetting = config.GetString(settingName, defaultValue.ToString());
-
- // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term
- // this should disappear.
- if ("gods" == rawSetting.ToLower())
- rawSetting = UserSet.Administrators.ToString();
-
- // Doing it this was so that we can do a case insensitive conversion
- try
- {
- userSet = (UserSet)Enum.Parse(typeof(UserSet), rawSetting, true);
- }
- catch
- {
- m_log.ErrorFormat(
- "[PERMISSIONS]: {0} is not a valid {1} value, setting to {2}",
- rawSetting, settingName, userSet);
- }
-
- m_log.DebugFormat("[PERMISSIONS]: {0} {1}", settingName, userSet);
-
- return userSet;
- }
- /// <summary>
- /// Is the given user an administrator (in other words, a god)?
- /// </summary>
- /// <param name="user"></param>
- /// <returns></returns>
- protected bool IsAdministrator(UUID user)
- {
- if (m_scene.RegionInfo.MasterAvatarAssignedUUID != UUID.Zero)
- {
- if (m_RegionOwnerIsGod && (m_scene.RegionInfo.MasterAvatarAssignedUUID == user))
- return true;
- }
-
- if (m_scene.RegionInfo.EstateSettings.EstateOwner != UUID.Zero)
- {
- if (m_scene.RegionInfo.EstateSettings.EstateOwner == user)
- return true;
- }
-
- if (m_allowGridGods)
- {
- CachedUserInfo profile = m_scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
- if (profile != null && profile.UserProfile != null)
- {
- if (profile.UserProfile.GodLevel >= 200)
- return true;
- }
- else
- {
- m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for administrator check", user);
- }
- }
- return false;
- }
- protected bool IsEstateManager(UUID user)
- {
- return m_scene.RegionInfo.EstateSettings.IsEstateManager(user);
- }
- #endregion
- public bool PropagatePermissions()
- {
- if (m_bypassPermissions)
- return false;
- return m_propagatePermissions;
- }
- public bool BypassPermissions()
- {
- return m_bypassPermissions;
- }
- public void SetBypassPermissions(bool value)
- {
- m_bypassPermissions=value;
- }
- #region Object Permissions
- public uint GenerateClientFlags(UUID user, UUID objID)
- {
- // Here's the way this works,
- // ObjectFlags and Permission flags are two different enumerations
- // ObjectFlags, however, tells the client to change what it will allow the user to do.
- // So, that means that all of the permissions type ObjectFlags are /temporary/ and only
- // supposed to be set when customizing the objectflags for the client.
- // These temporary objectflags get computed and added in this function based on the
- // Permission mask that's appropriate!
- // Outside of this method, they should never be added to objectflags!
- // -teravus
- SceneObjectPart task = m_scene.GetSceneObjectPart(objID);
- // this shouldn't ever happen.. return no permissions/objectflags.
- if (task == null)
- return (uint)0;
- uint objflags = task.GetEffectiveObjectFlags();
- UUID objectOwner = task.OwnerID;
- // Remove any of the objectFlags that are temporary. These will get added back if appropriate
- // in the next bit of code
- // libomv will moan about PrimFlags.ObjectYouOfficer being
- // deprecated
- #pragma warning disable 0612
- objflags &= (uint)
- ~(PrimFlags.ObjectCopy | // Tells client you can copy the object
- PrimFlags.ObjectModify | // tells client you can modify the object
- PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod)
- PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
- PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object
- PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object
- PrimFlags.ObjectOwnerModify | // Tells client that you're the owner of the object
- PrimFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
- );
- #pragma warning restore 0612
- // Creating the three ObjectFlags options for this method to choose from.
- // Customize the OwnerMask
- uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags);
- objectOwnerMask |= (uint)PrimFlags.ObjectYouOwner | (uint)PrimFlags.ObjectAnyOwner | (uint)PrimFlags.ObjectOwnerModify;
- // Customize the GroupMask
- // uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags);
- // Customize the EveryoneMask
- uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags);
- // Hack to allow collaboration until Groups and Group Permissions are implemented
- if ((objectEveryoneMask & (uint)PrimFlags.ObjectMove) != 0)
- objectEveryoneMask |= (uint)PrimFlags.ObjectModify;
- if (m_bypassPermissions)
- return objectOwnerMask;
- // Object owners should be able to edit their own content
- if (user == objectOwner)
- {
- return objectOwnerMask;
- }
- // Users should be able to edit what is over their land.
- ILandObject parcel = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
- if (parcel != null && parcel.landData.OwnerID == user && m_ParcelOwnerIsGod)
- return objectOwnerMask;
- // Admin objects should not be editable by the above
- if (IsAdministrator(objectOwner))
- return objectEveryoneMask;
- // Estate users should be able to edit anything in the sim
- if (IsEstateManager(user) && m_RegionOwnerIsGod)
- return objectOwnerMask;
- // Admin should be able to edit anything in the sim (including admin objects)
- if (IsAdministrator(user))
- return objectOwnerMask;
- return objectEveryoneMask;
- }
- private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
- {
- // We are adding the temporary objectflags to the object's objectflags based on the
- // permission flag given. These change the F flags on the client.
- if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)
- {
- objectFlagsMask |= (uint)PrimFlags.ObjectCopy;
- }
- if ((setPermissionMask & (uint)PermissionMask.Move) != 0)
- {
- objectFlagsMask |= (uint)PrimFlags.ObjectMove;
- }
- if ((setPermissionMask & (uint)PermissionMask.Modify) != 0)
- {
- objectFlagsMask |= (uint)PrimFlags.ObjectModify;
- }
- if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0)
- {
- objectFlagsMask |= (uint)PrimFlags.ObjectTransfer;
- }
- return objectFlagsMask;
- }
- /// <summary>
- /// General permissions checks for any operation involving an object. These supplement more specific checks
- /// implemented by callers.
- /// </summary>
- /// <param name="currentUser"></param>
- /// <param name="objId"></param>
- /// <param name="denyOnLocked"></param>
- /// <returns></returns>
- protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
- {
- // Default: deny
- bool permission = false;
- bool locked = false;
- if (!m_scene.Entities.ContainsKey(objId))
- {
- return false;
- }
- // If it's not an object, we cant edit it.
- if ((!(m_scene.Entities[objId] is SceneObjectGroup)))
- {
- return false;
- }
- SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objId];
- UUID objectOwner = group.OwnerID;
- locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
- // People shouldn't be able to do anything with locked objects, except the Administrator
- // The 'set permissions' runs through a different permission check, so when an object owner
- // sets an object locked, the only thing that they can do is unlock it.
- //
- // Nobody but the object owner can set permissions on an object
- //
- if (locked && (!IsAdministrator(currentUser)) && denyOnLocked)
- {
- return false;
- }
- // Object owners should be able to edit their own content
- if (currentUser == objectOwner)
- {
- permission = true;
- }
- else if (group.IsAttachment)
- {
- permission = false;
- }
- // Users should be able to edit what is over their land.
- ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y);
- if ((parcel != null) && (parcel.landData.OwnerID == currentUser))
- {
- permission = true;
- }
- // Estate users should be able to edit anything in the sim
- if (IsEstateManager(currentUser))
- {
- permission = true;
- }
- // Admin objects should not be editable by the above
- if (IsAdministrator(objectOwner))
- {
- permission = false;
- }
- // Admin should be able to edit anything in the sim (including admin objects)
- if (IsAdministrator(currentUser))
- {
- permission = true;
- }
- return permission;
- }
- #endregion
- #region Generic Permissions
- protected bool GenericCommunicationPermission(UUID user, UUID target)
- {
- // Setting this to true so that cool stuff can happen until we define what determines Generic Communication Permission
- bool permission = true;
- string reason = "Only registered users may communicate with another account.";
- // Uhh, we need to finish this before we enable it.. because it's blocking all sorts of goodies and features
- if (IsAdministrator(user))
- permission = true;
- if (IsEstateManager(user))
- permission = true;
- if (!permission)
- SendPermissionError(user, reason);
- return permission;
- }
- public bool GenericEstatePermission(UUID user)
- {
- // Default: deny
- bool permission = false;
- // Estate admins should be able to use estate tools
- if (IsEstateManager(user))
- permission = true;
- // Administrators always have permission
- if (IsAdministrator(user))
- permission = true;
- return permission;
- }
- protected bool GenericParcelPermission(UUID user, ILandObject parcel)
- {
- bool permission = false;
- if (parcel.landData.OwnerID == user)
- {
- permission = true;
- }
- if (parcel.landData.IsGroupOwned)
- {
- // TODO: Need to do some extra checks here. Requires group code.
- }
- if (IsEstateManager(user))
- {
- permission = true;
- }
- if (IsAdministrator(user))
- {
- permission = true;
- }
- return permission;
- }
- protected bool GenericParcelPermission(UUID user, Vector3 pos)
- {
- ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
- if (parcel == null) return false;
- return GenericParcelPermission(user, parcel);
- }
- #endregion
- #region Permission Checks
- private bool CanAbandonParcel(UUID user, ILandObject parcel, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericParcelPermission(user, parcel);
- }
- private bool CanReclaimParcel(UUID user, ILandObject parcel, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericParcelPermission(user, parcel);
- }
- private bool IsGod(UUID user, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return IsAdministrator(user);
- }
- private bool CanDuplicateObject(int objectCount, UUID objectID, UUID owner, Scene scene, Vector3 objectPosition)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- if (!GenericObjectPermission(owner, objectID, true))
- {
- //They can't even edit the object
- return false;
- }
- SceneObjectPart part = scene.GetSceneObjectPart(objectID);
- if (part == null)
- return false;
- if ((part.OwnerMask & PERM_COPY) == 0)
- return false;
- if ((part.ParentGroup.GetEffectivePermissions() & PERM_COPY) == 0)
- return false;
- //If they can rez, they can duplicate
- return CanRezObject(objectCount, owner, objectPosition, scene);
- }
- private bool CanDeleteObject(UUID objectID, UUID deleter, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericObjectPermission(deleter, objectID, false);
- }
- private bool CanEditObject(UUID objectID, UUID editorID, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericObjectPermission(editorID, objectID, false);
- }
- private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
- // If we selected a sub-prim to edit, the objectID won't represent the object, but only a part.
- // We have to check the permissions of the group, though.
- if (part.ParentID != 0)
- {
- objectID = part.ParentUUID;
- part = m_scene.GetSceneObjectPart(objectID);
- }
- // TODO: add group support!
- //
- if (part.OwnerID != editorID)
- return false;
- return GenericObjectPermission(editorID, objectID, false);
- }
- private bool CanEditParcel(UUID user, ILandObject parcel, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericParcelPermission(user, parcel);
- }
- /// <summary>
- /// Check whether the specified user can edit the given script
- /// </summary>
- /// <param name="script"></param>
- /// <param name="objectID"></param>
- /// <param name="user"></param>
- /// <param name="scene"></param>
- /// <returns></returns>
- private bool CanEditScript(UUID script, UUID objectID, UUID user, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
-
- if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(user))
- return false;
-
- // Ordinarily, if you can view it, you can edit it
- // There is no viewing a no mod script
- //
- return CanViewScript(script, objectID, user, scene);
- }
- /// <summary>
- /// Check whether the specified user can edit the given notecard
- /// </summary>
- /// <param name="notecard"></param>
- /// <param name="objectID"></param>
- /// <param name="user"></param>
- /// <param name="scene"></param>
- /// <returns></returns>
- private bool CanEditNotecard(UUID notecard, UUID objectID, UUID user, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- if (objectID == UUID.Zero) // User inventory
- {
- CachedUserInfo userInfo =
- scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
-
- if (userInfo == null)
- {
- m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for edit notecard check", user);
- return false;
- }
- if (userInfo.RootFolder == null)
- return false;
- InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard);
- if (assetRequestItem == null) // Library item
- {
- assetRequestItem = scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard);
- if (assetRequestItem != null) // Implicitly readable
- return true;
- }
- // Notecards must be both mod and copy to be saveable
- // This is because of they're not copy, you can't read
- // them, and if they're not mod, well, then they're
- // not mod. Duh.
- //
- if ((assetRequestItem.CurrentPermissions &
- ((uint)PermissionMask.Modify |
- (uint)PermissionMask.Copy)) !=
- ((uint)PermissionMask.Modify |
- (uint)PermissionMask.Copy))
- return false;
- }
- else // Prim inventory
- {
- SceneObjectPart part = scene.GetSceneObjectPart(objectID);
- if (part == null)
- return false;
- if (part.OwnerID != user)
- return false;
- if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
- return false;
- TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
- if (ti == null)
- return false;
- if (ti.OwnerID != user)
- return false;
- // Require full perms
- if ((ti.CurrentPermissions &
- ((uint)PermissionMask.Modify |
- (uint)PermissionMask.Copy)) !=
- ((uint)PermissionMask.Modify |
- (uint)PermissionMask.Copy))
- return false;
- }
- return true;
- }
- private bool CanInstantMessage(UUID user, UUID target, Scene startScene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericCommunicationPermission(user, target);
- }
- private bool CanInventoryTransfer(UUID user, UUID target, Scene startScene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericCommunicationPermission(user, target);
- }
- private bool CanIssueEstateCommand(UUID user, Scene requestFromScene, bool ownerCommand)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- if (IsAdministrator(user))
- return true;
- if (m_scene.RegionInfo.EstateSettings.IsEstateOwner(user))
- return true;
- if (ownerCommand)
- return false;
- return GenericEstatePermission(user);
- }
- private bool CanMoveObject(UUID objectID, UUID moverID, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions)
- {
- SceneObjectPart part = scene.GetSceneObjectPart(objectID);
- if (part.OwnerID != moverID)
- {
- if (part.ParentGroup != null && !part.ParentGroup.IsDeleted)
- {
- if (part.ParentGroup.IsAttachment)
- return false;
- }
- }
- return m_bypassPermissionsValue;
- }
- bool permission = GenericObjectPermission(moverID, objectID, true);
- if (!permission)
- {
- if (!m_scene.Entities.ContainsKey(objectID))
- {
- return false;
- }
- // The client
- // may request to edit linked parts, and therefore, it needs
- // to also check for SceneObjectPart
- // If it's not an object, we cant edit it.
- if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
- {
- return false;
- }
- SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
- // UUID taskOwner = null;
- // Added this because at this point in time it wouldn't be wise for
- // the administrator object permissions to take effect.
- // UUID objectOwner = task.OwnerID;
- // Anyone can move
- if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
- permission = true;
- // Locked
- if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
- permission = false;
- }
- else
- {
- bool locked = false;
- if (!m_scene.Entities.ContainsKey(objectID))
- {
- return false;
- }
- // If it's not an object, we cant edit it.
- if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
- {
- return false;
- }
- SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objectID];
- UUID objectOwner = group.OwnerID;
- locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
- // This is an exception to the generic object permission.
- // Administrators who lock their objects should not be able to move them,
- // however generic object permission should return true.
- // This keeps locked objects from being affected by random click + drag actions by accident
- // and allows the administrator to grab or delete a locked object.
- // Administrators and estate managers are still able to click+grab locked objects not
- // owned by them in the scene
- // This is by design.
- if (locked && (moverID == objectOwner))
- return false;
- }
- return permission;
- }
- private bool CanObjectEntry(UUID objectID, bool enteringRegion, Vector3 newPoint, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- if ((newPoint.X > 257f || newPoint.X < -1f || newPoint.Y > 257f || newPoint.Y < -1f))
- {
- return true;
- }
- SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
- ILandObject land = m_scene.LandChannel.GetLandObject(newPoint.X, newPoint.Y);
- if (!enteringRegion)
- {
- ILandObject fromland = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
- if (fromland == land) // Not entering
- return true;
- }
- if (land == null)
- {
- return false;
- }
- if ((land.landData.Flags & ((int)Parcel.ParcelFlags.AllowAPrimitiveEntry)) != 0)
- {
- return true;
- }
- //TODO: check for group rights
- if (!m_scene.Entities.ContainsKey(objectID))
- {
- return false;
- }
- // If it's not an object, we cant edit it.
- if (!(m_scene.Entities[objectID] is SceneObjectGroup))
- {
- return false;
- }
- if (GenericParcelPermission(task.OwnerID, newPoint))
- {
- return true;
- }
- //Otherwise, false!
- return false;
- }
- private bool CanReturnObject(UUID objectID, UUID returnerID, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericObjectPermission(returnerID, objectID, false);
- }
- private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- bool permission = false;
- ILandObject land = m_scene.LandChannel.GetLandObject(objectPosition.X, objectPosition.Y);
- if (land == null) return false;
- if ((land.landData.Flags & ((int)Parcel.ParcelFlags.CreateObjects)) ==
- (int)Parcel.ParcelFlags.CreateObjects)
- permission = true;
- //TODO: check for group rights
- if (IsAdministrator(owner))
- {
- permission = true;
- }
- if (GenericParcelPermission(owner, objectPosition))
- {
- permission = true;
- }
- return permission;
- }
- private bool CanRunConsoleCommand(UUID user, Scene requestFromScene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return IsAdministrator(user);
- }
- private bool CanRunScript(UUID script, UUID objectID, UUID user, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
- private bool CanSellParcel(UUID user, ILandObject parcel, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericParcelPermission(user, parcel);
- }
- private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return GenericObjectPermission(stealer,objectID, false);
- }
- private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- bool permission = GenericObjectPermission(userID, objectID,false);
- if (!permission)
- {
- if (!m_scene.Entities.ContainsKey(objectID))
- {
- return false;
- }
- // If it's not an object, we cant edit it.
- if (!(m_scene.Entities[objectID] is SceneObjectGroup))
- {
- return false;
- }
- SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
- // UUID taskOwner = null;
- // Added this because at this point in time it wouldn't be wise for
- // the administrator object permissions to take effect.
- // UUID objectOwner = task.OwnerID;
- if ((task.RootPart.EveryoneMask & PERM_COPY) != 0)
- permission = true;
- if ((task.GetEffectivePermissions() & PERM_COPY) == 0)
- permission = false;
- }
- else
- {
- SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
- if ((task.GetEffectivePermissions() & PERM_COPY) == 0)
- permission = false;
- }
-
- return permission;
- }
- private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- // Estate override
- if (GenericEstatePermission(user))
- return true;
- float X = position.X;
- float Y = position.Y;
- if (X > 255)
- X = 255;
- if (Y > 255)
- Y = 255;
- if (X < 0)
- X = 0;
- if (Y < 0)
- Y = 0;
- ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y);
- if (parcel == null)
- return false;
- // Others allowed to terraform?
- if ((parcel.landData.Flags & ((int)Parcel.ParcelFlags.AllowTerraform)) != 0)
- return true;
- // Land owner can terraform too
- if (parcel != null && GenericParcelPermission(user, parcel))
- return true;
- return false;
- }
- /// <summary>
- /// Check whether the specified user can view the given script
- /// </summary>
- /// <param name="script"></param>
- /// <param name="objectID"></param>
- /// <param name="user"></param>
- /// <param name="scene"></param>
- /// <returns></returns>
- private bool CanViewScript(UUID script, UUID objectID, UUID user, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- if (objectID == UUID.Zero) // User inventory
- {
- CachedUserInfo userInfo =
- scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
-
- if (userInfo == null)
- {
- m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for administrator check", user);
- return false;
- }
- if (userInfo.RootFolder == null)
- return false;
- InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(script);
- if (assetRequestItem == null) // Library item
- {
- assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(script);
- if (assetRequestItem != null) // Implicitly readable
- return true;
- }
- // SL is rather harebrained here. In SL, a script you
- // have mod/copy no trans is readable. This subverts
- // permissions, but is used in some products, most
- // notably Hippo door plugin and HippoRent 5 networked
- // prim counter.
- // To enable this broken SL-ism, remove Transfer from
- // the below expressions.
- // Trying to improve on SL perms by making a script
- // readable only if it's really full perms
- //
- if ((assetRequestItem.CurrentPermissions &
- ((uint)PermissionMask.Modify |
- (uint)PermissionMask.Copy |
- (uint)PermissionMask.Transfer)) !=
- ((uint)PermissionMask.Modify |
- (uint)PermissionMask.Copy |
- (uint)PermissionMask.Transfer))
- return false;
- }
- else // Prim inventory
- {
- SceneObjectPart part = scene.GetSceneObjectPart(objectID);
- if (part == null)
- return false;
- if (part.OwnerID != user)
- return false;
- if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
- return false;
- TaskInventoryItem ti = part.Inventory.GetInventoryItem(script);
- if (ti == null)
- return false;
- if (ti.OwnerID != user)
- return false;
- // Require full perms
- if ((ti.CurrentPermissions &
- ((uint)PermissionMask.Modify |
- (uint)PermissionMask.Copy |
- (uint)PermissionMask.Transfer)) !=
- ((uint)PermissionMask.Modify |
- (uint)PermissionMask.Copy |
- (uint)PermissionMask.Transfer))
- return false;
- }
- return true;
- }
- /// <summary>
- /// Check whether the specified user can view the given notecard
- /// </summary>
- /// <param name="script"></param>
- /// <param name="objectID"></param>
- /// <param name="user"></param>
- /// <param name="scene"></param>
- /// <returns></returns>
- private bool CanViewNotecard(UUID notecard, UUID objectID, UUID user, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- if (objectID == UUID.Zero) // User inventory
- {
- CachedUserInfo userInfo =
- scene.CommsManager.UserProfileCacheService.GetUserDetails(user);
-
- if (userInfo == null)
- {
- m_log.ErrorFormat("[PERMISSIONS]: Could not find user {0} for view notecard check", user);
- return false;
- }
- if (userInfo.RootFolder == null)
- return false;
- InventoryItemBase assetRequestItem = userInfo.RootFolder.FindItem(notecard);
- if (assetRequestItem == null) // Library item
- {
- assetRequestItem = m_scene.CommsManager.UserProfileCacheService.LibraryRoot.FindItem(notecard);
- if (assetRequestItem != null) // Implicitly readable
- return true;
- }
- // Notecards are always readable unless no copy
- //
- if ((assetRequestItem.CurrentPermissions &
- (uint)PermissionMask.Copy) !=
- (uint)PermissionMask.Copy)
- return false;
- }
- else // Prim inventory
- {
- SceneObjectPart part = scene.GetSceneObjectPart(objectID);
- if (part == null)
- return false;
- if (part.OwnerID != user)
- return false;
- if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
- return false;
- TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
- if (ti == null)
- return false;
- if (ti.OwnerID != user)
- return false;
- // Notecards are always readable unless no copy
- //
- if ((ti.CurrentPermissions &
- (uint)PermissionMask.Copy) !=
- (uint)PermissionMask.Copy)
- return false;
- }
- return true;
- }
- #endregion
- private bool CanLinkObject(UUID userID, UUID objectID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
- private bool CanDelinkObject(UUID userID, UUID objectID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
- private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
- private bool CanCopyObjectInventory(UUID itemID, UUID objectID, UUID userID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
- private bool CanDeleteObjectInventory(UUID itemID, UUID objectID, UUID userID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
- /// <summary>
- /// Check whether the specified user is allowed to directly create the given inventory type in a prim's
- /// inventory (e.g. the New Script button in the 1.21 Linden Lab client).
- /// </summary>
- /// <param name="invType"></param>
- /// <param name="objectID"></param>
- /// <param name="userID"></param>
- /// <returns></returns>
- private bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- if ((int)InventoryType.LSL == invType)
- if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
- return false;
-
- return true;
- }
-
- /// <summary>
- /// Check whether the specified user is allowed to create the given inventory type in their inventory.
- /// </summary>
- /// <param name="invType"></param>
- /// <param name="userID"></param>
- /// <returns></returns>
- private bool CanCreateUserInventory(int invType, UUID userID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- if ((int)InventoryType.LSL == invType)
- if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
- return false;
-
- return true;
- }
-
- /// <summary>
- /// Check whether the specified user is allowed to copy the given inventory type in their inventory.
- /// </summary>
- /// <param name="itemID"></param>
- /// <param name="userID"></param>
- /// <returns></returns>
- private bool CanCopyUserInventory(UUID itemID, UUID userID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
-
- /// <summary>
- /// Check whether the specified user is allowed to edit the given inventory item within their own inventory.
- /// </summary>
- /// <param name="itemID"></param>
- /// <param name="userID"></param>
- /// <returns></returns>
- private bool CanEditUserInventory(UUID itemID, UUID userID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
-
- /// <summary>
- /// Check whether the specified user is allowed to delete the given inventory item from their own inventory.
- /// </summary>
- /// <param name="itemID"></param>
- /// <param name="userID"></param>
- /// <returns></returns>
- private bool CanDeleteUserInventory(UUID itemID, UUID userID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
- private bool CanTeleport(UUID userID)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- return true;
- }
- private bool CanResetScript(UUID prim, UUID script, UUID agentID, Scene scene)
- {
- DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
- if (m_bypassPermissions) return m_bypassPermissionsValue;
- SceneObjectPart part = m_scene.GetSceneObjectPart(prim);
- // If we selected a sub-prim to reset, prim won't represent the object, but only a part.
- // We have to check the permissions of the object, though.
- if (part.ParentID != 0) prim = part.ParentUUID;
- // You can reset the scripts in any object you can edit
- return GenericObjectPermission(agentID, prim, false);
- }
- }
- }
|