PermissionsModule.cs 76 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections.Generic;
  29. using System.Reflection;
  30. using log4net;
  31. using Nini.Config;
  32. using OpenMetaverse;
  33. using OpenSim.Framework;
  34. using OpenSim.Region.Framework.Interfaces;
  35. using OpenSim.Region.Framework.Scenes;
  36. using OpenSim.Services.Interfaces;
  37. using Mono.Addins;
  38. using PermissionMask = OpenSim.Framework.PermissionMask;
  39. namespace OpenSim.Region.CoreModules.World.Permissions
  40. {
  41. [Extension(Path = "/OpenSim/RegionModules", NodeName = "RegionModule", Id = "PermissionsModule")]
  42. public class PermissionsModule : INonSharedRegionModule, IPermissionsModule
  43. {
  44. private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  45. protected Scene m_scene;
  46. protected bool m_Enabled;
  47. private InventoryFolderImpl m_libraryRootFolder;
  48. protected InventoryFolderImpl LibraryRootFolder
  49. {
  50. get
  51. {
  52. if (m_libraryRootFolder != null)
  53. return m_libraryRootFolder;
  54. ILibraryService lib = m_scene.RequestModuleInterface<ILibraryService>();
  55. if (lib != null)
  56. {
  57. m_libraryRootFolder = lib.LibraryRootFolder;
  58. }
  59. return m_libraryRootFolder;
  60. }
  61. }
  62. #region Constants
  63. // These are here for testing. They will be taken out
  64. //private uint PERM_ALL = (uint)2147483647;
  65. private uint PERM_COPY = (uint)32768;
  66. //private uint PERM_MODIFY = (uint)16384;
  67. private uint PERM_MOVE = (uint)524288;
  68. private uint PERM_TRANS = (uint)8192;
  69. private uint PERM_LOCKED = (uint)540672;
  70. /// <value>
  71. /// Different user set names that come in from the configuration file.
  72. /// </value>
  73. enum UserSet
  74. {
  75. All,
  76. Administrators
  77. };
  78. #endregion
  79. #region Bypass Permissions / Debug Permissions Stuff
  80. // Bypasses the permissions engine
  81. private bool m_bypassPermissions = true;
  82. private bool m_bypassPermissionsValue = true;
  83. private bool m_propagatePermissions = false;
  84. private bool m_debugPermissions = false;
  85. private bool m_allowGridGods = false;
  86. private bool m_RegionOwnerIsGod = false;
  87. private bool m_RegionManagerIsGod = false;
  88. private bool m_ParcelOwnerIsGod = false;
  89. private bool m_SimpleBuildPermissions = false;
  90. /// <value>
  91. /// The set of users that are allowed to create scripts. This is only active if permissions are not being
  92. /// bypassed. This overrides normal permissions.
  93. /// </value>
  94. private UserSet m_allowedScriptCreators = UserSet.All;
  95. /// <value>
  96. /// The set of users that are allowed to edit (save) scripts. This is only active if
  97. /// permissions are not being bypassed. This overrides normal permissions.-
  98. /// </value>
  99. private UserSet m_allowedScriptEditors = UserSet.All;
  100. private Dictionary<string, bool> GrantLSL = new Dictionary<string, bool>();
  101. private Dictionary<string, bool> GrantCS = new Dictionary<string, bool>();
  102. private Dictionary<string, bool> GrantVB = new Dictionary<string, bool>();
  103. private Dictionary<string, bool> GrantJS = new Dictionary<string, bool>();
  104. private Dictionary<string, bool> GrantYP = new Dictionary<string, bool>();
  105. private IFriendsModule m_friendsModule;
  106. private IFriendsModule FriendsModule
  107. {
  108. get
  109. {
  110. if (m_friendsModule == null)
  111. m_friendsModule = m_scene.RequestModuleInterface<IFriendsModule>();
  112. return m_friendsModule;
  113. }
  114. }
  115. private IGroupsModule m_groupsModule;
  116. private IGroupsModule GroupsModule
  117. {
  118. get
  119. {
  120. if (m_groupsModule == null)
  121. m_groupsModule = m_scene.RequestModuleInterface<IGroupsModule>();
  122. return m_groupsModule;
  123. }
  124. }
  125. private IMoapModule m_moapModule;
  126. private IMoapModule MoapModule
  127. {
  128. get
  129. {
  130. if (m_moapModule == null)
  131. m_moapModule = m_scene.RequestModuleInterface<IMoapModule>();
  132. return m_moapModule;
  133. }
  134. }
  135. #endregion
  136. #region INonSharedRegionModule Members
  137. public void Initialise(IConfigSource config)
  138. {
  139. string permissionModules = Util.GetConfigVarFromSections<string>(config, "permissionmodules",
  140. new string[] { "Startup", "Permissions" }, "DefaultPermissionsModule");
  141. List<string> modules = new List<string>(permissionModules.Split(','));
  142. if (!modules.Contains("DefaultPermissionsModule"))
  143. return;
  144. m_Enabled = true;
  145. m_allowGridGods = Util.GetConfigVarFromSections<bool>(config, "allow_grid_gods",
  146. new string[] { "Startup", "Permissions" }, false);
  147. m_bypassPermissions = !Util.GetConfigVarFromSections<bool>(config, "serverside_object_permissions",
  148. new string[] { "Startup", "Permissions" }, true);
  149. m_propagatePermissions = Util.GetConfigVarFromSections<bool>(config, "propagate_permissions",
  150. new string[] { "Startup", "Permissions" }, true);
  151. m_RegionOwnerIsGod = Util.GetConfigVarFromSections<bool>(config, "region_owner_is_god",
  152. new string[] { "Startup", "Permissions" }, true);
  153. m_RegionManagerIsGod = Util.GetConfigVarFromSections<bool>(config, "region_manager_is_god",
  154. new string[] { "Startup", "Permissions" }, false);
  155. m_ParcelOwnerIsGod = Util.GetConfigVarFromSections<bool>(config, "parcel_owner_is_god",
  156. new string[] { "Startup", "Permissions" }, true);
  157. m_SimpleBuildPermissions = Util.GetConfigVarFromSections<bool>(config, "simple_build_permissions",
  158. new string[] { "Startup", "Permissions" }, false);
  159. m_allowedScriptCreators
  160. = ParseUserSetConfigSetting(config, "allowed_script_creators", m_allowedScriptCreators);
  161. m_allowedScriptEditors
  162. = ParseUserSetConfigSetting(config, "allowed_script_editors", m_allowedScriptEditors);
  163. if (m_bypassPermissions)
  164. m_log.Info("[PERMISSIONS]: serverside_object_permissions = false in ini file so disabling all region service permission checks");
  165. else
  166. m_log.Debug("[PERMISSIONS]: Enabling all region service permission checks");
  167. string grant = Util.GetConfigVarFromSections<string>(config, "GrantLSL",
  168. new string[] { "Startup", "Permissions" }, string.Empty);
  169. if (grant.Length > 0)
  170. {
  171. foreach (string uuidl in grant.Split(','))
  172. {
  173. string uuid = uuidl.Trim(" \t".ToCharArray());
  174. GrantLSL.Add(uuid, true);
  175. }
  176. }
  177. grant = Util.GetConfigVarFromSections<string>(config, "GrantCS",
  178. new string[] { "Startup", "Permissions" }, string.Empty);
  179. if (grant.Length > 0)
  180. {
  181. foreach (string uuidl in grant.Split(','))
  182. {
  183. string uuid = uuidl.Trim(" \t".ToCharArray());
  184. GrantCS.Add(uuid, true);
  185. }
  186. }
  187. grant = Util.GetConfigVarFromSections<string>(config, "GrantVB",
  188. new string[] { "Startup", "Permissions" }, string.Empty);
  189. if (grant.Length > 0)
  190. {
  191. foreach (string uuidl in grant.Split(','))
  192. {
  193. string uuid = uuidl.Trim(" \t".ToCharArray());
  194. GrantVB.Add(uuid, true);
  195. }
  196. }
  197. grant = Util.GetConfigVarFromSections<string>(config, "GrantJS",
  198. new string[] { "Startup", "Permissions" }, string.Empty);
  199. if (grant.Length > 0)
  200. {
  201. foreach (string uuidl in grant.Split(','))
  202. {
  203. string uuid = uuidl.Trim(" \t".ToCharArray());
  204. GrantJS.Add(uuid, true);
  205. }
  206. }
  207. grant = Util.GetConfigVarFromSections<string>(config, "GrantYP",
  208. new string[] { "Startup", "Permissions" }, string.Empty);
  209. if (grant.Length > 0)
  210. {
  211. foreach (string uuidl in grant.Split(','))
  212. {
  213. string uuid = uuidl.Trim(" \t".ToCharArray());
  214. GrantYP.Add(uuid, true);
  215. }
  216. }
  217. }
  218. public void AddRegion(Scene scene)
  219. {
  220. if (!m_Enabled)
  221. return;
  222. m_scene = scene;
  223. scene.RegisterModuleInterface<IPermissionsModule>(this);
  224. //Register functions with Scene External Checks!
  225. m_scene.Permissions.OnBypassPermissions += BypassPermissions;
  226. m_scene.Permissions.OnSetBypassPermissions += SetBypassPermissions;
  227. m_scene.Permissions.OnPropagatePermissions += PropagatePermissions;
  228. m_scene.Permissions.OnGenerateClientFlags += GenerateClientFlags;
  229. m_scene.Permissions.OnAbandonParcel += CanAbandonParcel;
  230. m_scene.Permissions.OnReclaimParcel += CanReclaimParcel;
  231. m_scene.Permissions.OnDeedParcel += CanDeedParcel;
  232. m_scene.Permissions.OnDeedObject += CanDeedObject;
  233. m_scene.Permissions.OnIsGod += IsGod;
  234. m_scene.Permissions.OnIsGridGod += IsGridGod;
  235. m_scene.Permissions.OnIsAdministrator += IsAdministrator;
  236. m_scene.Permissions.OnDuplicateObject += CanDuplicateObject;
  237. m_scene.Permissions.OnDeleteObject += CanDeleteObject;
  238. m_scene.Permissions.OnEditObject += CanEditObject;
  239. m_scene.Permissions.OnEditParcelProperties += CanEditParcelProperties;
  240. m_scene.Permissions.OnInstantMessage += CanInstantMessage;
  241. m_scene.Permissions.OnInventoryTransfer += CanInventoryTransfer;
  242. m_scene.Permissions.OnIssueEstateCommand += CanIssueEstateCommand;
  243. m_scene.Permissions.OnMoveObject += CanMoveObject;
  244. m_scene.Permissions.OnObjectEntry += CanObjectEntry;
  245. m_scene.Permissions.OnReturnObjects += CanReturnObjects;
  246. m_scene.Permissions.OnRezObject += CanRezObject;
  247. m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand;
  248. m_scene.Permissions.OnRunScript += CanRunScript;
  249. m_scene.Permissions.OnCompileScript += CanCompileScript;
  250. m_scene.Permissions.OnSellParcel += CanSellParcel;
  251. m_scene.Permissions.OnTakeObject += CanTakeObject;
  252. m_scene.Permissions.OnTakeCopyObject += CanTakeCopyObject;
  253. m_scene.Permissions.OnTerraformLand += CanTerraformLand;
  254. m_scene.Permissions.OnLinkObject += CanLinkObject;
  255. m_scene.Permissions.OnDelinkObject += CanDelinkObject;
  256. m_scene.Permissions.OnBuyLand += CanBuyLand;
  257. m_scene.Permissions.OnViewNotecard += CanViewNotecard;
  258. m_scene.Permissions.OnViewScript += CanViewScript;
  259. m_scene.Permissions.OnEditNotecard += CanEditNotecard;
  260. m_scene.Permissions.OnEditScript += CanEditScript;
  261. m_scene.Permissions.OnCreateObjectInventory += CanCreateObjectInventory;
  262. m_scene.Permissions.OnEditObjectInventory += CanEditObjectInventory;
  263. m_scene.Permissions.OnCopyObjectInventory += CanCopyObjectInventory;
  264. m_scene.Permissions.OnDeleteObjectInventory += CanDeleteObjectInventory;
  265. m_scene.Permissions.OnResetScript += CanResetScript;
  266. m_scene.Permissions.OnCreateUserInventory += CanCreateUserInventory;
  267. m_scene.Permissions.OnCopyUserInventory += CanCopyUserInventory;
  268. m_scene.Permissions.OnEditUserInventory += CanEditUserInventory;
  269. m_scene.Permissions.OnDeleteUserInventory += CanDeleteUserInventory;
  270. m_scene.Permissions.OnTeleport += CanTeleport;
  271. m_scene.Permissions.OnControlPrimMedia += CanControlPrimMedia;
  272. m_scene.Permissions.OnInteractWithPrimMedia += CanInteractWithPrimMedia;
  273. m_scene.AddCommand("Users", this, "bypass permissions",
  274. "bypass permissions <true / false>",
  275. "Bypass permission checks",
  276. HandleBypassPermissions);
  277. m_scene.AddCommand("Users", this, "force permissions",
  278. "force permissions <true / false>",
  279. "Force permissions on or off",
  280. HandleForcePermissions);
  281. m_scene.AddCommand("Debug", this, "debug permissions",
  282. "debug permissions <true / false>",
  283. "Turn on permissions debugging",
  284. HandleDebugPermissions);
  285. }
  286. public void RegionLoaded(Scene scene)
  287. {
  288. }
  289. public void RemoveRegion(Scene scene)
  290. {
  291. if (!m_Enabled)
  292. return;
  293. m_scene.UnregisterModuleInterface<IPermissionsModule>(this);
  294. }
  295. public void Close()
  296. {
  297. }
  298. public string Name
  299. {
  300. get { return "PermissionsModule"; }
  301. }
  302. public Type ReplaceableInterface
  303. {
  304. get { return null; }
  305. }
  306. #endregion
  307. #region Console command handlers
  308. public void HandleBypassPermissions(string module, string[] args)
  309. {
  310. if (m_scene.ConsoleScene() != null &&
  311. m_scene.ConsoleScene() != m_scene)
  312. {
  313. return;
  314. }
  315. if (args.Length > 2)
  316. {
  317. bool val;
  318. if (!bool.TryParse(args[2], out val))
  319. return;
  320. m_bypassPermissions = val;
  321. m_log.InfoFormat(
  322. "[PERMISSIONS]: Set permissions bypass to {0} for {1}",
  323. m_bypassPermissions, m_scene.RegionInfo.RegionName);
  324. }
  325. }
  326. public void HandleForcePermissions(string module, string[] args)
  327. {
  328. if (m_scene.ConsoleScene() != null &&
  329. m_scene.ConsoleScene() != m_scene)
  330. {
  331. return;
  332. }
  333. if (!m_bypassPermissions)
  334. {
  335. m_log.Error("[PERMISSIONS] Permissions can't be forced unless they are bypassed first");
  336. return;
  337. }
  338. if (args.Length > 2)
  339. {
  340. bool val;
  341. if (!bool.TryParse(args[2], out val))
  342. return;
  343. m_bypassPermissionsValue = val;
  344. m_log.InfoFormat("[PERMISSIONS] Forced permissions to {0} in {1}", m_bypassPermissionsValue, m_scene.RegionInfo.RegionName);
  345. }
  346. }
  347. public void HandleDebugPermissions(string module, string[] args)
  348. {
  349. if (m_scene.ConsoleScene() != null &&
  350. m_scene.ConsoleScene() != m_scene)
  351. {
  352. return;
  353. }
  354. if (args.Length > 2)
  355. {
  356. bool val;
  357. if (!bool.TryParse(args[2], out val))
  358. return;
  359. m_debugPermissions = val;
  360. m_log.InfoFormat("[PERMISSIONS] Set permissions debugging to {0} in {1}", m_debugPermissions, m_scene.RegionInfo.RegionName);
  361. }
  362. }
  363. #endregion
  364. #region Helper Functions
  365. protected void SendPermissionError(UUID user, string reason)
  366. {
  367. m_scene.EventManager.TriggerPermissionError(user, reason);
  368. }
  369. protected void DebugPermissionInformation(string permissionCalled)
  370. {
  371. if (m_debugPermissions)
  372. m_log.Debug("[PERMISSIONS]: " + permissionCalled + " was called from " + m_scene.RegionInfo.RegionName);
  373. }
  374. /// <summary>
  375. /// Checks if the given group is active and if the user is a group member
  376. /// with the powers requested (powers = 0 for no powers check)
  377. /// </summary>
  378. /// <param name="groupID"></param>
  379. /// <param name="userID"></param>
  380. /// <param name="powers"></param>
  381. /// <returns></returns>
  382. protected bool IsGroupMember(UUID groupID, UUID userID, ulong powers)
  383. {
  384. if (null == GroupsModule)
  385. return false;
  386. GroupMembershipData gmd = GroupsModule.GetMembershipData(groupID, userID);
  387. if (gmd != null)
  388. {
  389. if (((gmd.GroupPowers != 0) && powers == 0) || (gmd.GroupPowers & powers) == powers)
  390. return true;
  391. }
  392. return false;
  393. }
  394. /// <summary>
  395. /// Parse a user set configuration setting
  396. /// </summary>
  397. /// <param name="config"></param>
  398. /// <param name="settingName"></param>
  399. /// <param name="defaultValue">The default value for this attribute</param>
  400. /// <returns>The parsed value</returns>
  401. private static UserSet ParseUserSetConfigSetting(IConfigSource config, string settingName, UserSet defaultValue)
  402. {
  403. UserSet userSet = defaultValue;
  404. string rawSetting = Util.GetConfigVarFromSections<string>(config, settingName,
  405. new string[] {"Startup", "Permissions"}, defaultValue.ToString());
  406. // Temporary measure to allow 'gods' to be specified in config for consistency's sake. In the long term
  407. // this should disappear.
  408. if ("gods" == rawSetting.ToLower())
  409. rawSetting = UserSet.Administrators.ToString();
  410. // Doing it this was so that we can do a case insensitive conversion
  411. try
  412. {
  413. userSet = (UserSet)Enum.Parse(typeof(UserSet), rawSetting, true);
  414. }
  415. catch
  416. {
  417. m_log.ErrorFormat(
  418. "[PERMISSIONS]: {0} is not a valid {1} value, setting to {2}",
  419. rawSetting, settingName, userSet);
  420. }
  421. m_log.DebugFormat("[PERMISSIONS]: {0} {1}", settingName, userSet);
  422. return userSet;
  423. }
  424. /// <summary>
  425. /// Is the user regarded as an administrator?
  426. /// </summary>
  427. /// <param name="user"></param>
  428. /// <returns></returns>
  429. protected bool IsAdministrator(UUID user)
  430. {
  431. if (user == UUID.Zero)
  432. return false;
  433. if (m_scene.RegionInfo.EstateSettings.EstateOwner == user && m_RegionOwnerIsGod)
  434. return true;
  435. if (IsEstateManager(user) && m_RegionManagerIsGod)
  436. return true;
  437. if (IsGridGod(user, null))
  438. return true;
  439. return false;
  440. }
  441. /// <summary>
  442. /// Is the given user a God throughout the grid (not just in the current scene)?
  443. /// </summary>
  444. /// <param name="user">The user</param>
  445. /// <param name="scene">Unused, can be null</param>
  446. /// <returns></returns>
  447. protected bool IsGridGod(UUID user, Scene scene)
  448. {
  449. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  450. if (m_bypassPermissions) return m_bypassPermissionsValue;
  451. if (user == UUID.Zero) return false;
  452. if (m_allowGridGods)
  453. {
  454. ScenePresence sp = m_scene.GetScenePresence(user);
  455. if (sp != null)
  456. return (sp.UserLevel >= 200);
  457. UserAccount account = m_scene.UserAccountService.GetUserAccount(m_scene.RegionInfo.ScopeID, user);
  458. if (account != null)
  459. return (account.UserLevel >= 200);
  460. }
  461. return false;
  462. }
  463. protected bool IsFriendWithPerms(UUID user, UUID objectOwner)
  464. {
  465. if (user == UUID.Zero)
  466. return false;
  467. if (FriendsModule == null)
  468. return false;
  469. int friendPerms = FriendsModule.GetRightsGrantedByFriend(user, objectOwner);
  470. return (friendPerms & (int)FriendRights.CanModifyObjects) != 0;
  471. }
  472. protected bool IsEstateManager(UUID user)
  473. {
  474. if (user == UUID.Zero) return false;
  475. return m_scene.RegionInfo.EstateSettings.IsEstateManagerOrOwner(user);
  476. }
  477. #endregion
  478. public bool PropagatePermissions()
  479. {
  480. if (m_bypassPermissions)
  481. return false;
  482. return m_propagatePermissions;
  483. }
  484. public bool BypassPermissions()
  485. {
  486. return m_bypassPermissions;
  487. }
  488. public void SetBypassPermissions(bool value)
  489. {
  490. m_bypassPermissions=value;
  491. }
  492. #region Object Permissions
  493. public uint GenerateClientFlags(UUID user, UUID objID)
  494. {
  495. // Here's the way this works,
  496. // ObjectFlags and Permission flags are two different enumerations
  497. // ObjectFlags, however, tells the client to change what it will allow the user to do.
  498. // So, that means that all of the permissions type ObjectFlags are /temporary/ and only
  499. // supposed to be set when customizing the objectflags for the client.
  500. // These temporary objectflags get computed and added in this function based on the
  501. // Permission mask that's appropriate!
  502. // Outside of this method, they should never be added to objectflags!
  503. // -teravus
  504. SceneObjectPart task = m_scene.GetSceneObjectPart(objID);
  505. // this shouldn't ever happen.. return no permissions/objectflags.
  506. if (task == null)
  507. return (uint)0;
  508. uint objflags = task.GetEffectiveObjectFlags();
  509. UUID objectOwner = task.OwnerID;
  510. // Remove any of the objectFlags that are temporary. These will get added back if appropriate
  511. // in the next bit of code
  512. // libomv will moan about PrimFlags.ObjectYouOfficer being
  513. // deprecated
  514. #pragma warning disable 0612
  515. objflags &= (uint)
  516. ~(PrimFlags.ObjectCopy | // Tells client you can copy the object
  517. PrimFlags.ObjectModify | // tells client you can modify the object
  518. PrimFlags.ObjectMove | // tells client that you can move the object (only, no mod)
  519. PrimFlags.ObjectTransfer | // tells the client that you can /take/ the object if you don't own it
  520. PrimFlags.ObjectYouOwner | // Tells client that you're the owner of the object
  521. PrimFlags.ObjectAnyOwner | // Tells client that someone owns the object
  522. PrimFlags.ObjectOwnerModify | // Tells client that you're the owner of the object
  523. PrimFlags.ObjectYouOfficer // Tells client that you've got group object editing permission. Used when ObjectGroupOwned is set
  524. );
  525. #pragma warning restore 0612
  526. // Creating the three ObjectFlags options for this method to choose from.
  527. // Customize the OwnerMask
  528. uint objectOwnerMask = ApplyObjectModifyMasks(task.OwnerMask, objflags);
  529. objectOwnerMask |= (uint)PrimFlags.ObjectYouOwner | (uint)PrimFlags.ObjectAnyOwner | (uint)PrimFlags.ObjectOwnerModify;
  530. // Customize the GroupMask
  531. uint objectGroupMask = ApplyObjectModifyMasks(task.GroupMask, objflags);
  532. // Customize the EveryoneMask
  533. uint objectEveryoneMask = ApplyObjectModifyMasks(task.EveryoneMask, objflags);
  534. if (objectOwner != UUID.Zero)
  535. objectEveryoneMask |= (uint)PrimFlags.ObjectAnyOwner;
  536. PermissionClass permissionClass = GetPermissionClass(user, task);
  537. switch (permissionClass)
  538. {
  539. case PermissionClass.Owner:
  540. return objectOwnerMask;
  541. case PermissionClass.Group:
  542. return objectGroupMask | objectEveryoneMask;
  543. case PermissionClass.Everyone:
  544. default:
  545. return objectEveryoneMask;
  546. }
  547. }
  548. private uint ApplyObjectModifyMasks(uint setPermissionMask, uint objectFlagsMask)
  549. {
  550. // We are adding the temporary objectflags to the object's objectflags based on the
  551. // permission flag given. These change the F flags on the client.
  552. if ((setPermissionMask & (uint)PermissionMask.Copy) != 0)
  553. {
  554. objectFlagsMask |= (uint)PrimFlags.ObjectCopy;
  555. }
  556. if ((setPermissionMask & (uint)PermissionMask.Move) != 0)
  557. {
  558. objectFlagsMask |= (uint)PrimFlags.ObjectMove;
  559. }
  560. if ((setPermissionMask & (uint)PermissionMask.Modify) != 0)
  561. {
  562. objectFlagsMask |= (uint)PrimFlags.ObjectModify;
  563. }
  564. if ((setPermissionMask & (uint)PermissionMask.Transfer) != 0)
  565. {
  566. objectFlagsMask |= (uint)PrimFlags.ObjectTransfer;
  567. }
  568. return objectFlagsMask;
  569. }
  570. public PermissionClass GetPermissionClass(UUID user, SceneObjectPart obj)
  571. {
  572. if (obj == null)
  573. return PermissionClass.Everyone;
  574. if (m_bypassPermissions)
  575. return PermissionClass.Owner;
  576. // Object owners should be able to edit their own content
  577. UUID objectOwner = obj.OwnerID;
  578. if (user == objectOwner)
  579. return PermissionClass.Owner;
  580. if (IsFriendWithPerms(user, objectOwner))
  581. return PermissionClass.Owner;
  582. // Estate users should be able to edit anything in the sim if RegionOwnerIsGod is set
  583. if (m_RegionOwnerIsGod && IsEstateManager(user) && !IsAdministrator(objectOwner))
  584. return PermissionClass.Owner;
  585. // Admin should be able to edit anything in the sim (including admin objects)
  586. if (IsAdministrator(user))
  587. return PermissionClass.Owner;
  588. // Users should be able to edit what is over their land.
  589. Vector3 taskPos = obj.AbsolutePosition;
  590. ILandObject parcel = m_scene.LandChannel.GetLandObject(taskPos.X, taskPos.Y);
  591. if (parcel != null && parcel.LandData.OwnerID == user && m_ParcelOwnerIsGod)
  592. {
  593. // Admin objects should not be editable by the above
  594. if (!IsAdministrator(objectOwner))
  595. return PermissionClass.Owner;
  596. }
  597. // Group permissions
  598. if ((obj.GroupID != UUID.Zero) && IsGroupMember(obj.GroupID, user, 0))
  599. return PermissionClass.Group;
  600. return PermissionClass.Everyone;
  601. }
  602. /// <summary>
  603. /// General permissions checks for any operation involving an object. These supplement more specific checks
  604. /// implemented by callers.
  605. /// </summary>
  606. /// <param name="currentUser"></param>
  607. /// <param name="objId">This is a scene object group UUID</param>
  608. /// <param name="denyOnLocked"></param>
  609. /// <returns></returns>
  610. protected bool GenericObjectPermission(UUID currentUser, UUID objId, bool denyOnLocked)
  611. {
  612. // Default: deny
  613. bool permission = false;
  614. bool locked = false;
  615. SceneObjectPart part = m_scene.GetSceneObjectPart(objId);
  616. if (part == null)
  617. return false;
  618. SceneObjectGroup group = part.ParentGroup;
  619. UUID objectOwner = group.OwnerID;
  620. locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
  621. // People shouldn't be able to do anything with locked objects, except the Administrator
  622. // The 'set permissions' runs through a different permission check, so when an object owner
  623. // sets an object locked, the only thing that they can do is unlock it.
  624. //
  625. // Nobody but the object owner can set permissions on an object
  626. //
  627. if (locked && (!IsAdministrator(currentUser)) && denyOnLocked)
  628. {
  629. return false;
  630. }
  631. // Object owners should be able to edit their own content
  632. if (currentUser == objectOwner)
  633. {
  634. // there is no way that later code can change this back to false
  635. // so just return true immediately and short circuit the more
  636. // expensive group checks
  637. return true;
  638. //permission = true;
  639. }
  640. else if (group.IsAttachment)
  641. {
  642. permission = false;
  643. }
  644. // m_log.DebugFormat(
  645. // "[PERMISSIONS]: group.GroupID = {0}, part.GroupMask = {1}, isGroupMember = {2} for {3}",
  646. // group.GroupID,
  647. // m_scene.GetSceneObjectPart(objId).GroupMask,
  648. // IsGroupMember(group.GroupID, currentUser, 0),
  649. // currentUser);
  650. // Group members should be able to edit group objects
  651. if ((group.GroupID != UUID.Zero)
  652. && ((m_scene.GetSceneObjectPart(objId).GroupMask & (uint)PermissionMask.Modify) != 0)
  653. && IsGroupMember(group.GroupID, currentUser, 0))
  654. {
  655. // Return immediately, so that the administrator can shares group objects
  656. return true;
  657. }
  658. // Friends with benefits should be able to edit the objects too
  659. if (IsFriendWithPerms(currentUser, objectOwner))
  660. // Return immediately, so that the administrator can share objects with friends
  661. return true;
  662. // Users should be able to edit what is over their land.
  663. ILandObject parcel = m_scene.LandChannel.GetLandObject(group.AbsolutePosition.X, group.AbsolutePosition.Y);
  664. if ((parcel != null) && (parcel.LandData.OwnerID == currentUser))
  665. {
  666. permission = true;
  667. }
  668. // Estate users should be able to edit anything in the sim
  669. if (IsEstateManager(currentUser))
  670. {
  671. permission = true;
  672. }
  673. // Admin objects should not be editable by the above
  674. if (IsAdministrator(objectOwner))
  675. {
  676. permission = false;
  677. }
  678. // Admin should be able to edit anything in the sim (including admin objects)
  679. if (IsAdministrator(currentUser))
  680. {
  681. permission = true;
  682. }
  683. return permission;
  684. }
  685. #endregion
  686. #region Generic Permissions
  687. protected bool GenericCommunicationPermission(UUID user, UUID target)
  688. {
  689. // Setting this to true so that cool stuff can happen until we define what determines Generic Communication Permission
  690. bool permission = true;
  691. string reason = "Only registered users may communicate with another account.";
  692. // Uhh, we need to finish this before we enable it.. because it's blocking all sorts of goodies and features
  693. if (IsAdministrator(user))
  694. permission = true;
  695. if (IsEstateManager(user))
  696. permission = true;
  697. if (!permission)
  698. SendPermissionError(user, reason);
  699. return permission;
  700. }
  701. public bool GenericEstatePermission(UUID user)
  702. {
  703. // Default: deny
  704. bool permission = false;
  705. // Estate admins should be able to use estate tools
  706. if (IsEstateManager(user))
  707. permission = true;
  708. // Administrators always have permission
  709. if (IsAdministrator(user))
  710. permission = true;
  711. return permission;
  712. }
  713. protected bool GenericParcelPermission(UUID user, ILandObject parcel, ulong groupPowers)
  714. {
  715. bool permission = false;
  716. if (parcel.LandData.OwnerID == user)
  717. {
  718. permission = true;
  719. }
  720. if ((parcel.LandData.GroupID != UUID.Zero) && IsGroupMember(parcel.LandData.GroupID, user, groupPowers))
  721. {
  722. permission = true;
  723. }
  724. if (IsEstateManager(user))
  725. {
  726. permission = true;
  727. }
  728. if (IsAdministrator(user))
  729. {
  730. permission = true;
  731. }
  732. if (m_SimpleBuildPermissions &&
  733. (parcel.LandData.Flags & (uint)ParcelFlags.UseAccessList) == 0 && parcel.IsInLandAccessList(user))
  734. permission = true;
  735. return permission;
  736. }
  737. protected bool GenericParcelOwnerPermission(UUID user, ILandObject parcel, ulong groupPowers)
  738. {
  739. if (parcel.LandData.OwnerID == user)
  740. {
  741. // Returning immediately so that group deeded objects on group deeded land don't trigger a NRE on
  742. // the subsequent redundant checks when using lParcelMediaCommandList()
  743. // See http://opensimulator.org/mantis/view.php?id=3999 for more details
  744. return true;
  745. }
  746. if (parcel.LandData.IsGroupOwned && IsGroupMember(parcel.LandData.GroupID, user, groupPowers))
  747. {
  748. return true;
  749. }
  750. if (IsEstateManager(user))
  751. {
  752. return true;
  753. }
  754. if (IsAdministrator(user))
  755. {
  756. return true;
  757. }
  758. return false;
  759. }
  760. protected bool GenericParcelPermission(UUID user, Vector3 pos, ulong groupPowers)
  761. {
  762. ILandObject parcel = m_scene.LandChannel.GetLandObject(pos.X, pos.Y);
  763. if (parcel == null) return false;
  764. return GenericParcelPermission(user, parcel, groupPowers);
  765. }
  766. #endregion
  767. #region Permission Checks
  768. private bool CanAbandonParcel(UUID user, ILandObject parcel, Scene scene)
  769. {
  770. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  771. if (m_bypassPermissions) return m_bypassPermissionsValue;
  772. return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandRelease);
  773. }
  774. private bool CanReclaimParcel(UUID user, ILandObject parcel, Scene scene)
  775. {
  776. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  777. if (m_bypassPermissions) return m_bypassPermissionsValue;
  778. return GenericParcelOwnerPermission(user, parcel, 0);
  779. }
  780. private bool CanDeedParcel(UUID user, ILandObject parcel, Scene scene)
  781. {
  782. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  783. if (m_bypassPermissions) return m_bypassPermissionsValue;
  784. if (parcel.LandData.OwnerID != user) // Only the owner can deed!
  785. return false;
  786. ScenePresence sp = scene.GetScenePresence(user);
  787. IClientAPI client = sp.ControllingClient;
  788. if ((client.GetGroupPowers(parcel.LandData.GroupID) & (ulong)GroupPowers.LandDeed) == 0)
  789. return false;
  790. return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandDeed);
  791. }
  792. private bool CanDeedObject(UUID user, UUID group, Scene scene)
  793. {
  794. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  795. if (m_bypassPermissions) return m_bypassPermissionsValue;
  796. ScenePresence sp = scene.GetScenePresence(user);
  797. IClientAPI client = sp.ControllingClient;
  798. if ((client.GetGroupPowers(group) & (ulong)GroupPowers.DeedObject) == 0)
  799. return false;
  800. return true;
  801. }
  802. private bool IsGod(UUID user, Scene scene)
  803. {
  804. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  805. if (m_bypassPermissions) return m_bypassPermissionsValue;
  806. return IsAdministrator(user);
  807. }
  808. private bool CanDuplicateObject(int objectCount, UUID objectID, UUID owner, Scene scene, Vector3 objectPosition)
  809. {
  810. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  811. if (m_bypassPermissions) return m_bypassPermissionsValue;
  812. if (!GenericObjectPermission(owner, objectID, true))
  813. {
  814. //They can't even edit the object
  815. return false;
  816. }
  817. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  818. if (part == null)
  819. return false;
  820. if (part.OwnerID == owner)
  821. return ((part.OwnerMask & PERM_COPY) != 0);
  822. if (part.GroupID != UUID.Zero)
  823. {
  824. if ((part.OwnerID == part.GroupID) && ((owner != part.LastOwnerID) || ((part.GroupMask & PERM_TRANS) == 0)))
  825. return false;
  826. if ((part.GroupMask & PERM_COPY) == 0)
  827. return false;
  828. }
  829. //If they can rez, they can duplicate
  830. return CanRezObject(objectCount, owner, objectPosition, scene);
  831. }
  832. private bool CanDeleteObject(UUID objectID, UUID deleter, Scene scene)
  833. {
  834. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  835. if (m_bypassPermissions) return m_bypassPermissionsValue;
  836. return GenericObjectPermission(deleter, objectID, false);
  837. }
  838. private bool CanEditObject(UUID objectID, UUID editorID, Scene scene)
  839. {
  840. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  841. if (m_bypassPermissions) return m_bypassPermissionsValue;
  842. return GenericObjectPermission(editorID, objectID, false);
  843. }
  844. private bool CanEditObjectInventory(UUID objectID, UUID editorID, Scene scene)
  845. {
  846. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  847. if (m_bypassPermissions) return m_bypassPermissionsValue;
  848. return GenericObjectPermission(editorID, objectID, false);
  849. }
  850. private bool CanEditParcelProperties(UUID user, ILandObject parcel, GroupPowers p, Scene scene)
  851. {
  852. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  853. if (m_bypassPermissions) return m_bypassPermissionsValue;
  854. return GenericParcelOwnerPermission(user, parcel, (ulong)p);
  855. }
  856. /// <summary>
  857. /// Check whether the specified user can edit the given script
  858. /// </summary>
  859. /// <param name="script"></param>
  860. /// <param name="objectID"></param>
  861. /// <param name="user"></param>
  862. /// <param name="scene"></param>
  863. /// <returns></returns>
  864. private bool CanEditScript(UUID script, UUID objectID, UUID user, Scene scene)
  865. {
  866. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  867. if (m_bypassPermissions) return m_bypassPermissionsValue;
  868. if (m_allowedScriptEditors == UserSet.Administrators && !IsAdministrator(user))
  869. return false;
  870. // Ordinarily, if you can view it, you can edit it
  871. // There is no viewing a no mod script
  872. //
  873. return CanViewScript(script, objectID, user, scene);
  874. }
  875. /// <summary>
  876. /// Check whether the specified user can edit the given notecard
  877. /// </summary>
  878. /// <param name="notecard"></param>
  879. /// <param name="objectID"></param>
  880. /// <param name="user"></param>
  881. /// <param name="scene"></param>
  882. /// <returns></returns>
  883. private bool CanEditNotecard(UUID notecard, UUID objectID, UUID user, Scene scene)
  884. {
  885. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  886. if (m_bypassPermissions) return m_bypassPermissionsValue;
  887. if (objectID == UUID.Zero) // User inventory
  888. {
  889. IInventoryService invService = m_scene.InventoryService;
  890. InventoryItemBase assetRequestItem = new InventoryItemBase(notecard, user);
  891. assetRequestItem = invService.GetItem(assetRequestItem);
  892. if (assetRequestItem == null && LibraryRootFolder != null) // Library item
  893. {
  894. assetRequestItem = LibraryRootFolder.FindItem(notecard);
  895. if (assetRequestItem != null) // Implicitly readable
  896. return true;
  897. }
  898. // Notecards must be both mod and copy to be saveable
  899. // This is because of they're not copy, you can't read
  900. // them, and if they're not mod, well, then they're
  901. // not mod. Duh.
  902. //
  903. if ((assetRequestItem.CurrentPermissions &
  904. ((uint)PermissionMask.Modify |
  905. (uint)PermissionMask.Copy)) !=
  906. ((uint)PermissionMask.Modify |
  907. (uint)PermissionMask.Copy))
  908. return false;
  909. }
  910. else // Prim inventory
  911. {
  912. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  913. if (part == null)
  914. return false;
  915. if (part.OwnerID != user)
  916. {
  917. if (part.GroupID == UUID.Zero)
  918. return false;
  919. if (!IsGroupMember(part.GroupID, user, 0))
  920. return false;
  921. if ((part.GroupMask & (uint)PermissionMask.Modify) == 0)
  922. return false;
  923. }
  924. else
  925. {
  926. if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
  927. return false;
  928. }
  929. TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
  930. if (ti == null)
  931. return false;
  932. if (ti.OwnerID != user)
  933. {
  934. if (ti.GroupID == UUID.Zero)
  935. return false;
  936. if (!IsGroupMember(ti.GroupID, user, 0))
  937. return false;
  938. }
  939. // Require full perms
  940. if ((ti.CurrentPermissions &
  941. ((uint)PermissionMask.Modify |
  942. (uint)PermissionMask.Copy)) !=
  943. ((uint)PermissionMask.Modify |
  944. (uint)PermissionMask.Copy))
  945. return false;
  946. }
  947. return true;
  948. }
  949. private bool CanInstantMessage(UUID user, UUID target, Scene startScene)
  950. {
  951. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  952. if (m_bypassPermissions) return m_bypassPermissionsValue;
  953. // If the sender is an object, check owner instead
  954. //
  955. SceneObjectPart part = startScene.GetSceneObjectPart(user);
  956. if (part != null)
  957. user = part.OwnerID;
  958. return GenericCommunicationPermission(user, target);
  959. }
  960. private bool CanInventoryTransfer(UUID user, UUID target, Scene startScene)
  961. {
  962. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  963. if (m_bypassPermissions) return m_bypassPermissionsValue;
  964. return GenericCommunicationPermission(user, target);
  965. }
  966. private bool CanIssueEstateCommand(UUID user, Scene requestFromScene, bool ownerCommand)
  967. {
  968. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  969. if (m_bypassPermissions) return m_bypassPermissionsValue;
  970. if (IsAdministrator(user))
  971. return true;
  972. if (m_scene.RegionInfo.EstateSettings.IsEstateOwner(user))
  973. return true;
  974. if (ownerCommand)
  975. return false;
  976. return GenericEstatePermission(user);
  977. }
  978. private bool CanMoveObject(UUID objectID, UUID moverID, Scene scene)
  979. {
  980. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  981. if (m_bypassPermissions)
  982. {
  983. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  984. if (part.OwnerID != moverID)
  985. {
  986. if (!part.ParentGroup.IsDeleted)
  987. {
  988. if (part.ParentGroup.IsAttachment)
  989. return false;
  990. }
  991. }
  992. return m_bypassPermissionsValue;
  993. }
  994. bool permission = GenericObjectPermission(moverID, objectID, true);
  995. if (!permission)
  996. {
  997. if (!m_scene.Entities.ContainsKey(objectID))
  998. {
  999. return false;
  1000. }
  1001. // The client
  1002. // may request to edit linked parts, and therefore, it needs
  1003. // to also check for SceneObjectPart
  1004. // If it's not an object, we cant edit it.
  1005. if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
  1006. {
  1007. return false;
  1008. }
  1009. SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
  1010. // UUID taskOwner = null;
  1011. // Added this because at this point in time it wouldn't be wise for
  1012. // the administrator object permissions to take effect.
  1013. // UUID objectOwner = task.OwnerID;
  1014. // Anyone can move
  1015. if ((task.RootPart.EveryoneMask & PERM_MOVE) != 0)
  1016. permission = true;
  1017. // Locked
  1018. if ((task.RootPart.OwnerMask & PERM_LOCKED) == 0)
  1019. permission = false;
  1020. }
  1021. else
  1022. {
  1023. bool locked = false;
  1024. if (!m_scene.Entities.ContainsKey(objectID))
  1025. {
  1026. return false;
  1027. }
  1028. // If it's not an object, we cant edit it.
  1029. if ((!(m_scene.Entities[objectID] is SceneObjectGroup)))
  1030. {
  1031. return false;
  1032. }
  1033. SceneObjectGroup group = (SceneObjectGroup)m_scene.Entities[objectID];
  1034. UUID objectOwner = group.OwnerID;
  1035. locked = ((group.RootPart.OwnerMask & PERM_LOCKED) == 0);
  1036. // This is an exception to the generic object permission.
  1037. // Administrators who lock their objects should not be able to move them,
  1038. // however generic object permission should return true.
  1039. // This keeps locked objects from being affected by random click + drag actions by accident
  1040. // and allows the administrator to grab or delete a locked object.
  1041. // Administrators and estate managers are still able to click+grab locked objects not
  1042. // owned by them in the scene
  1043. // This is by design.
  1044. if (locked && (moverID == objectOwner))
  1045. return false;
  1046. }
  1047. return permission;
  1048. }
  1049. private bool CanObjectEntry(UUID objectID, bool enteringRegion, Vector3 newPoint, Scene scene)
  1050. {
  1051. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1052. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1053. if ((newPoint.X > 257f || newPoint.X < -1f || newPoint.Y > 257f || newPoint.Y < -1f))
  1054. {
  1055. return true;
  1056. }
  1057. SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
  1058. ILandObject land = m_scene.LandChannel.GetLandObject(newPoint.X, newPoint.Y);
  1059. if (!enteringRegion)
  1060. {
  1061. ILandObject fromland = m_scene.LandChannel.GetLandObject(task.AbsolutePosition.X, task.AbsolutePosition.Y);
  1062. if (fromland == land) // Not entering
  1063. return true;
  1064. }
  1065. if (land == null)
  1066. {
  1067. return false;
  1068. }
  1069. if ((land.LandData.Flags & ((int)ParcelFlags.AllowAPrimitiveEntry)) != 0)
  1070. {
  1071. return true;
  1072. }
  1073. if (!m_scene.Entities.ContainsKey(objectID))
  1074. {
  1075. return false;
  1076. }
  1077. // If it's not an object, we cant edit it.
  1078. if (!(m_scene.Entities[objectID] is SceneObjectGroup))
  1079. {
  1080. return false;
  1081. }
  1082. if (GenericParcelPermission(task.OwnerID, newPoint, 0))
  1083. {
  1084. return true;
  1085. }
  1086. //Otherwise, false!
  1087. return false;
  1088. }
  1089. private bool CanReturnObjects(ILandObject land, UUID user, List<SceneObjectGroup> objects, Scene scene)
  1090. {
  1091. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1092. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1093. GroupPowers powers;
  1094. ILandObject l;
  1095. ScenePresence sp = scene.GetScenePresence(user);
  1096. if (sp == null)
  1097. return false;
  1098. IClientAPI client = sp.ControllingClient;
  1099. foreach (SceneObjectGroup g in new List<SceneObjectGroup>(objects))
  1100. {
  1101. // Any user can return their own objects at any time
  1102. //
  1103. if (GenericObjectPermission(user, g.UUID, false))
  1104. continue;
  1105. // This is a short cut for efficiency. If land is non-null,
  1106. // then all objects are on that parcel and we can save
  1107. // ourselves the checking for each prim. Much faster.
  1108. //
  1109. if (land != null)
  1110. {
  1111. l = land;
  1112. }
  1113. else
  1114. {
  1115. Vector3 pos = g.AbsolutePosition;
  1116. l = scene.LandChannel.GetLandObject(pos.X, pos.Y);
  1117. }
  1118. // If it's not over any land, then we can't do a thing
  1119. if (l == null)
  1120. {
  1121. objects.Remove(g);
  1122. continue;
  1123. }
  1124. // If we own the land outright, then allow
  1125. //
  1126. if (l.LandData.OwnerID == user)
  1127. continue;
  1128. // Group voodoo
  1129. //
  1130. if (l.LandData.IsGroupOwned)
  1131. {
  1132. powers = (GroupPowers)client.GetGroupPowers(l.LandData.GroupID);
  1133. // Not a group member, or no rights at all
  1134. //
  1135. if (powers == (GroupPowers)0)
  1136. {
  1137. objects.Remove(g);
  1138. continue;
  1139. }
  1140. // Group deeded object?
  1141. //
  1142. if (g.OwnerID == l.LandData.GroupID &&
  1143. (powers & GroupPowers.ReturnGroupOwned) == (GroupPowers)0)
  1144. {
  1145. objects.Remove(g);
  1146. continue;
  1147. }
  1148. // Group set object?
  1149. //
  1150. if (g.GroupID == l.LandData.GroupID &&
  1151. (powers & GroupPowers.ReturnGroupSet) == (GroupPowers)0)
  1152. {
  1153. objects.Remove(g);
  1154. continue;
  1155. }
  1156. if ((powers & GroupPowers.ReturnNonGroup) == (GroupPowers)0)
  1157. {
  1158. objects.Remove(g);
  1159. continue;
  1160. }
  1161. // So we can remove all objects from this group land.
  1162. // Fine.
  1163. //
  1164. continue;
  1165. }
  1166. // By default, we can't remove
  1167. //
  1168. objects.Remove(g);
  1169. }
  1170. if (objects.Count == 0)
  1171. return false;
  1172. return true;
  1173. }
  1174. private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene)
  1175. {
  1176. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1177. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1178. bool permission = false;
  1179. // m_log.DebugFormat("[PERMISSIONS MODULE]: Checking rez object at {0} in {1}", objectPosition, m_scene.Name);
  1180. ILandObject land = m_scene.LandChannel.GetLandObject(objectPosition.X, objectPosition.Y);
  1181. if (land == null) return false;
  1182. if ((land.LandData.Flags & ((int)ParcelFlags.CreateObjects)) ==
  1183. (int)ParcelFlags.CreateObjects)
  1184. permission = true;
  1185. if (IsAdministrator(owner))
  1186. {
  1187. permission = true;
  1188. }
  1189. // Powers are zero, because GroupPowers.AllowRez is not a precondition for rezzing objects
  1190. if (GenericParcelPermission(owner, objectPosition, 0))
  1191. {
  1192. permission = true;
  1193. }
  1194. return permission;
  1195. }
  1196. private bool CanRunConsoleCommand(UUID user, Scene requestFromScene)
  1197. {
  1198. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1199. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1200. return IsAdministrator(user);
  1201. }
  1202. private bool CanRunScript(UUID script, UUID objectID, UUID user, Scene scene)
  1203. {
  1204. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1205. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1206. return true;
  1207. }
  1208. private bool CanSellParcel(UUID user, ILandObject parcel, Scene scene)
  1209. {
  1210. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1211. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1212. return GenericParcelOwnerPermission(user, parcel, (ulong)GroupPowers.LandSetSale);
  1213. }
  1214. private bool CanTakeObject(UUID objectID, UUID stealer, Scene scene)
  1215. {
  1216. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1217. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1218. return GenericObjectPermission(stealer,objectID, false);
  1219. }
  1220. private bool CanTakeCopyObject(UUID objectID, UUID userID, Scene inScene)
  1221. {
  1222. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1223. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1224. bool permission = GenericObjectPermission(userID, objectID, false);
  1225. if (!permission)
  1226. {
  1227. if (!m_scene.Entities.ContainsKey(objectID))
  1228. {
  1229. return false;
  1230. }
  1231. // If it's not an object, we cant edit it.
  1232. if (!(m_scene.Entities[objectID] is SceneObjectGroup))
  1233. {
  1234. return false;
  1235. }
  1236. SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
  1237. // UUID taskOwner = null;
  1238. // Added this because at this point in time it wouldn't be wise for
  1239. // the administrator object permissions to take effect.
  1240. // UUID objectOwner = task.OwnerID;
  1241. if ((task.RootPart.EveryoneMask & PERM_COPY) != 0)
  1242. permission = true;
  1243. if (task.OwnerID != userID)
  1244. {
  1245. if ((task.GetEffectivePermissions() & (PERM_COPY | PERM_TRANS)) != (PERM_COPY | PERM_TRANS))
  1246. permission = false;
  1247. }
  1248. else
  1249. {
  1250. if ((task.GetEffectivePermissions() & PERM_COPY) != PERM_COPY)
  1251. permission = false;
  1252. }
  1253. }
  1254. else
  1255. {
  1256. SceneObjectGroup task = (SceneObjectGroup)m_scene.Entities[objectID];
  1257. if ((task.GetEffectivePermissions() & (PERM_COPY | PERM_TRANS)) != (PERM_COPY | PERM_TRANS))
  1258. permission = false;
  1259. }
  1260. return permission;
  1261. }
  1262. private bool CanTerraformLand(UUID user, Vector3 position, Scene requestFromScene)
  1263. {
  1264. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1265. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1266. // Estate override
  1267. if (GenericEstatePermission(user))
  1268. return true;
  1269. float X = position.X;
  1270. float Y = position.Y;
  1271. if (X > ((int)m_scene.RegionInfo.RegionSizeX - 1))
  1272. X = ((int)m_scene.RegionInfo.RegionSizeX - 1);
  1273. if (Y > ((int)m_scene.RegionInfo.RegionSizeY - 1))
  1274. Y = ((int)m_scene.RegionInfo.RegionSizeY - 1);
  1275. if (X < 0)
  1276. X = 0;
  1277. if (Y < 0)
  1278. Y = 0;
  1279. ILandObject parcel = m_scene.LandChannel.GetLandObject(X, Y);
  1280. if (parcel == null)
  1281. return false;
  1282. // Others allowed to terraform?
  1283. if ((parcel.LandData.Flags & ((int)ParcelFlags.AllowTerraform)) != 0)
  1284. return true;
  1285. // Land owner can terraform too
  1286. if (parcel != null && GenericParcelPermission(user, parcel, (ulong)GroupPowers.AllowEditLand))
  1287. return true;
  1288. return false;
  1289. }
  1290. /// <summary>
  1291. /// Check whether the specified user can view the given script
  1292. /// </summary>
  1293. /// <param name="script"></param>
  1294. /// <param name="objectID"></param>
  1295. /// <param name="user"></param>
  1296. /// <param name="scene"></param>
  1297. /// <returns></returns>
  1298. private bool CanViewScript(UUID script, UUID objectID, UUID user, Scene scene)
  1299. {
  1300. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1301. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1302. if (objectID == UUID.Zero) // User inventory
  1303. {
  1304. IInventoryService invService = m_scene.InventoryService;
  1305. InventoryItemBase assetRequestItem = new InventoryItemBase(script, user);
  1306. assetRequestItem = invService.GetItem(assetRequestItem);
  1307. if (assetRequestItem == null && LibraryRootFolder != null) // Library item
  1308. {
  1309. assetRequestItem = LibraryRootFolder.FindItem(script);
  1310. if (assetRequestItem != null) // Implicitly readable
  1311. return true;
  1312. }
  1313. // SL is rather harebrained here. In SL, a script you
  1314. // have mod/copy no trans is readable. This subverts
  1315. // permissions, but is used in some products, most
  1316. // notably Hippo door plugin and HippoRent 5 networked
  1317. // prim counter.
  1318. // To enable this broken SL-ism, remove Transfer from
  1319. // the below expressions.
  1320. // Trying to improve on SL perms by making a script
  1321. // readable only if it's really full perms
  1322. //
  1323. if ((assetRequestItem.CurrentPermissions &
  1324. ((uint)PermissionMask.Modify |
  1325. (uint)PermissionMask.Copy |
  1326. (uint)PermissionMask.Transfer)) !=
  1327. ((uint)PermissionMask.Modify |
  1328. (uint)PermissionMask.Copy |
  1329. (uint)PermissionMask.Transfer))
  1330. return false;
  1331. }
  1332. else // Prim inventory
  1333. {
  1334. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  1335. if (part == null)
  1336. return false;
  1337. if (part.OwnerID != user)
  1338. {
  1339. if (part.GroupID == UUID.Zero)
  1340. return false;
  1341. if (!IsGroupMember(part.GroupID, user, 0))
  1342. return false;
  1343. if ((part.GroupMask & (uint)PermissionMask.Modify) == 0)
  1344. return false;
  1345. }
  1346. else
  1347. {
  1348. if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
  1349. return false;
  1350. }
  1351. TaskInventoryItem ti = part.Inventory.GetInventoryItem(script);
  1352. if (ti == null)
  1353. return false;
  1354. if (ti.OwnerID != user)
  1355. {
  1356. if (ti.GroupID == UUID.Zero)
  1357. return false;
  1358. if (!IsGroupMember(ti.GroupID, user, 0))
  1359. return false;
  1360. }
  1361. // Require full perms
  1362. if ((ti.CurrentPermissions &
  1363. ((uint)PermissionMask.Modify |
  1364. (uint)PermissionMask.Copy |
  1365. (uint)PermissionMask.Transfer)) !=
  1366. ((uint)PermissionMask.Modify |
  1367. (uint)PermissionMask.Copy |
  1368. (uint)PermissionMask.Transfer))
  1369. return false;
  1370. }
  1371. return true;
  1372. }
  1373. /// <summary>
  1374. /// Check whether the specified user can view the given notecard
  1375. /// </summary>
  1376. /// <param name="script"></param>
  1377. /// <param name="objectID"></param>
  1378. /// <param name="user"></param>
  1379. /// <param name="scene"></param>
  1380. /// <returns></returns>
  1381. private bool CanViewNotecard(UUID notecard, UUID objectID, UUID user, Scene scene)
  1382. {
  1383. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1384. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1385. if (objectID == UUID.Zero) // User inventory
  1386. {
  1387. IInventoryService invService = m_scene.InventoryService;
  1388. InventoryItemBase assetRequestItem = new InventoryItemBase(notecard, user);
  1389. assetRequestItem = invService.GetItem(assetRequestItem);
  1390. if (assetRequestItem == null && LibraryRootFolder != null) // Library item
  1391. {
  1392. assetRequestItem = LibraryRootFolder.FindItem(notecard);
  1393. if (assetRequestItem != null) // Implicitly readable
  1394. return true;
  1395. }
  1396. // Notecards are always readable unless no copy
  1397. //
  1398. if ((assetRequestItem.CurrentPermissions &
  1399. (uint)PermissionMask.Copy) !=
  1400. (uint)PermissionMask.Copy)
  1401. return false;
  1402. }
  1403. else // Prim inventory
  1404. {
  1405. SceneObjectPart part = scene.GetSceneObjectPart(objectID);
  1406. if (part == null)
  1407. return false;
  1408. if (part.OwnerID != user)
  1409. {
  1410. if (part.GroupID == UUID.Zero)
  1411. return false;
  1412. if (!IsGroupMember(part.GroupID, user, 0))
  1413. return false;
  1414. }
  1415. if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
  1416. return false;
  1417. TaskInventoryItem ti = part.Inventory.GetInventoryItem(notecard);
  1418. if (ti == null)
  1419. return false;
  1420. if (ti.OwnerID != user)
  1421. {
  1422. if (ti.GroupID == UUID.Zero)
  1423. return false;
  1424. if (!IsGroupMember(ti.GroupID, user, 0))
  1425. return false;
  1426. }
  1427. // Notecards are always readable unless no copy
  1428. //
  1429. if ((ti.CurrentPermissions &
  1430. (uint)PermissionMask.Copy) !=
  1431. (uint)PermissionMask.Copy)
  1432. return false;
  1433. }
  1434. return true;
  1435. }
  1436. #endregion
  1437. private bool CanLinkObject(UUID userID, UUID objectID)
  1438. {
  1439. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1440. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1441. return GenericObjectPermission(userID, objectID, false);
  1442. }
  1443. private bool CanDelinkObject(UUID userID, UUID objectID)
  1444. {
  1445. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1446. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1447. return GenericObjectPermission(userID, objectID, false);
  1448. }
  1449. private bool CanBuyLand(UUID userID, ILandObject parcel, Scene scene)
  1450. {
  1451. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1452. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1453. return true;
  1454. }
  1455. private bool CanCopyObjectInventory(UUID itemID, UUID objectID, UUID userID)
  1456. {
  1457. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1458. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1459. return true;
  1460. }
  1461. private bool CanDeleteObjectInventory(UUID itemID, UUID objectID, UUID userID)
  1462. {
  1463. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1464. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1465. return true;
  1466. }
  1467. /// <summary>
  1468. /// Check whether the specified user is allowed to directly create the given inventory type in a prim's
  1469. /// inventory (e.g. the New Script button in the 1.21 Linden Lab client).
  1470. /// </summary>
  1471. /// <param name="invType"></param>
  1472. /// <param name="objectID"></param>
  1473. /// <param name="userID"></param>
  1474. /// <returns></returns>
  1475. private bool CanCreateObjectInventory(int invType, UUID objectID, UUID userID)
  1476. {
  1477. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1478. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1479. SceneObjectPart part = m_scene.GetSceneObjectPart(objectID);
  1480. ScenePresence p = m_scene.GetScenePresence(userID);
  1481. if (part == null || p == null)
  1482. return false;
  1483. if (!IsAdministrator(userID))
  1484. {
  1485. if (part.OwnerID != userID)
  1486. {
  1487. // Group permissions
  1488. if ((part.GroupID == UUID.Zero) || (p.ControllingClient.GetGroupPowers(part.GroupID) == 0) || ((part.GroupMask & (uint)PermissionMask.Modify) == 0))
  1489. return false;
  1490. } else {
  1491. if ((part.OwnerMask & (uint)PermissionMask.Modify) == 0)
  1492. return false;
  1493. }
  1494. if ((int)InventoryType.LSL == invType)
  1495. if (m_allowedScriptCreators == UserSet.Administrators)
  1496. return false;
  1497. }
  1498. return true;
  1499. }
  1500. /// <summary>
  1501. /// Check whether the specified user is allowed to create the given inventory type in their inventory.
  1502. /// </summary>
  1503. /// <param name="invType"></param>
  1504. /// <param name="userID"></param>
  1505. /// <returns></returns>
  1506. private bool CanCreateUserInventory(int invType, UUID userID)
  1507. {
  1508. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1509. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1510. if ((int)InventoryType.LSL == invType)
  1511. if (m_allowedScriptCreators == UserSet.Administrators && !IsAdministrator(userID))
  1512. return false;
  1513. return true;
  1514. }
  1515. /// <summary>
  1516. /// Check whether the specified user is allowed to copy the given inventory type in their inventory.
  1517. /// </summary>
  1518. /// <param name="itemID"></param>
  1519. /// <param name="userID"></param>
  1520. /// <returns></returns>
  1521. private bool CanCopyUserInventory(UUID itemID, UUID userID)
  1522. {
  1523. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1524. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1525. return true;
  1526. }
  1527. /// <summary>
  1528. /// Check whether the specified user is allowed to edit the given inventory item within their own inventory.
  1529. /// </summary>
  1530. /// <param name="itemID"></param>
  1531. /// <param name="userID"></param>
  1532. /// <returns></returns>
  1533. private bool CanEditUserInventory(UUID itemID, UUID userID)
  1534. {
  1535. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1536. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1537. return true;
  1538. }
  1539. /// <summary>
  1540. /// Check whether the specified user is allowed to delete the given inventory item from their own inventory.
  1541. /// </summary>
  1542. /// <param name="itemID"></param>
  1543. /// <param name="userID"></param>
  1544. /// <returns></returns>
  1545. private bool CanDeleteUserInventory(UUID itemID, UUID userID)
  1546. {
  1547. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1548. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1549. return true;
  1550. }
  1551. private bool CanTeleport(UUID userID, Scene scene)
  1552. {
  1553. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1554. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1555. return true;
  1556. }
  1557. private bool CanResetScript(UUID prim, UUID script, UUID agentID, Scene scene)
  1558. {
  1559. DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name);
  1560. if (m_bypassPermissions) return m_bypassPermissionsValue;
  1561. SceneObjectPart part = m_scene.GetSceneObjectPart(prim);
  1562. // If we selected a sub-prim to reset, prim won't represent the object, but only a part.
  1563. // We have to check the permissions of the object, though.
  1564. if (part.ParentID != 0) prim = part.ParentUUID;
  1565. // You can reset the scripts in any object you can edit
  1566. return GenericObjectPermission(agentID, prim, false);
  1567. }
  1568. private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene)
  1569. {
  1570. //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType);
  1571. switch (scriptType) {
  1572. case 0:
  1573. if (GrantLSL.Count == 0 || GrantLSL.ContainsKey(ownerUUID.ToString())) {
  1574. return(true);
  1575. }
  1576. break;
  1577. case 1:
  1578. if (GrantCS.Count == 0 || GrantCS.ContainsKey(ownerUUID.ToString())) {
  1579. return(true);
  1580. }
  1581. break;
  1582. case 2:
  1583. if (GrantVB.Count == 0 || GrantVB.ContainsKey(ownerUUID.ToString())) {
  1584. return(true);
  1585. }
  1586. break;
  1587. case 3:
  1588. if (GrantJS.Count == 0 || GrantJS.ContainsKey(ownerUUID.ToString()))
  1589. {
  1590. return (true);
  1591. }
  1592. break;
  1593. case 4:
  1594. if (GrantYP.Count == 0 || GrantYP.ContainsKey(ownerUUID.ToString()))
  1595. {
  1596. return (true);
  1597. }
  1598. break;
  1599. }
  1600. return(false);
  1601. }
  1602. private bool CanControlPrimMedia(UUID agentID, UUID primID, int face)
  1603. {
  1604. // m_log.DebugFormat(
  1605. // "[PERMISSONS]: Performing CanControlPrimMedia check with agentID {0}, primID {1}, face {2}",
  1606. // agentID, primID, face);
  1607. if (null == MoapModule)
  1608. return false;
  1609. SceneObjectPart part = m_scene.GetSceneObjectPart(primID);
  1610. if (null == part)
  1611. return false;
  1612. MediaEntry me = MoapModule.GetMediaEntry(part, face);
  1613. // If there is no existing media entry then it can be controlled (in this context, created).
  1614. if (null == me)
  1615. return true;
  1616. // m_log.DebugFormat(
  1617. // "[PERMISSIONS]: Checking CanControlPrimMedia for {0} on {1} face {2} with control permissions {3}",
  1618. // agentID, primID, face, me.ControlPermissions);
  1619. return GenericObjectPermission(agentID, part.ParentGroup.UUID, true);
  1620. }
  1621. private bool CanInteractWithPrimMedia(UUID agentID, UUID primID, int face)
  1622. {
  1623. // m_log.DebugFormat(
  1624. // "[PERMISSONS]: Performing CanInteractWithPrimMedia check with agentID {0}, primID {1}, face {2}",
  1625. // agentID, primID, face);
  1626. if (null == MoapModule)
  1627. return false;
  1628. SceneObjectPart part = m_scene.GetSceneObjectPart(primID);
  1629. if (null == part)
  1630. return false;
  1631. MediaEntry me = MoapModule.GetMediaEntry(part, face);
  1632. // If there is no existing media entry then it can be controlled (in this context, created).
  1633. if (null == me)
  1634. return true;
  1635. // m_log.DebugFormat(
  1636. // "[PERMISSIONS]: Checking CanInteractWithPrimMedia for {0} on {1} face {2} with interact permissions {3}",
  1637. // agentID, primID, face, me.InteractPermissions);
  1638. return GenericPrimMediaPermission(part, agentID, me.InteractPermissions);
  1639. }
  1640. private bool GenericPrimMediaPermission(SceneObjectPart part, UUID agentID, MediaPermission perms)
  1641. {
  1642. // if (IsAdministrator(agentID))
  1643. // return true;
  1644. if ((perms & MediaPermission.Anyone) == MediaPermission.Anyone)
  1645. return true;
  1646. if ((perms & MediaPermission.Owner) == MediaPermission.Owner)
  1647. {
  1648. if (agentID == part.OwnerID)
  1649. return true;
  1650. }
  1651. if ((perms & MediaPermission.Group) == MediaPermission.Group)
  1652. {
  1653. if (IsGroupMember(part.GroupID, agentID, 0))
  1654. return true;
  1655. }
  1656. return false;
  1657. }
  1658. }
  1659. }