/** * @file llpermissions.h * @brief Permissions structures for objects. * * $LicenseInfo:firstyear=2002&license=viewergpl$ * * Copyright (c) 2002-2009, Linden Research, Inc. * * Second Life Viewer Source Code * The source code in this file ("Source Code") is provided by Linden Lab * to you under the terms of the GNU General Public License, version 2.0 * ("GPL"), unless you have obtained a separate licensing agreement * ("Other License"), formally executed by you and Linden Lab. Terms of * the GPL can be found in doc/GPL-license.txt in this distribution, or * online at http://secondlifegrid.net/programs/open_source/licensing/gplv2 * * There are special exceptions to the terms and conditions of the GPL as * it is applied to this Source Code. View the full text of the exception * in the file doc/FLOSS-exception.txt in this software distribution, or * online at * http://secondlifegrid.net/programs/open_source/licensing/flossexception * * By copying, modifying or distributing this software, you acknowledge * that you have read and understood your obligations described above, * and agree to abide by those obligations. * * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, * COMPLETENESS OR PERFORMANCE. * $/LicenseInfo$ */ #ifndef LL_LLPERMISSIONS_H #define LL_LLPERMISSIONS_H #include "llpermissionsflags.h" #include "llsd.h" #include "lluuid.h" #include "llxmlnode.h" #include "reflective.h" #include "llinventorytype.h" // prototypes class LLMessageSystem; extern void mask_to_string(U32 mask, char* str); extern std::string mask_to_string(U32 mask); template<class T> class LLMetaClassT; //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Class LLPermissions // // Class which encapsulates object and inventory permissions/ownership/etc. // // Permissions where originally a static state creator/owner and set // of cap bits. Since then, it has grown to include group information, // last owner, masks for different people. The implementation has been // chosen such that a uuid is stored for each current/past owner, and // a bitmask is stored for the base permissions, owner permissions, // group permissions, and everyone else permissions. // // The base permissions represent the most permissive state that the // permissions can possibly be in. Thus, if the base permissions do // not allow copying, no one can ever copy the object. The permissions // also maintain a tree-like hierarchy of permissions, thus, if we // (for sake of discussions) denote more permissive as '>', then this // is invariant: // // base mask >= owner mask >= group mask // >= everyone mask // >= next owner mask // NOTE: the group mask does not effect everyone or next, everyone // does not effect group or next, etc. // // It is considered a fair use right to move or delete any object you // own. Another fair use right is the ability to give away anything // which you cannot copy. One way to look at that is that if you have // a unique item, you can always give that one copy you have to // someone else. // // Most of the bitmask is easy to understand, PERM_COPY means you can // copy !PERM_TRANSFER means you cannot transfer, etc. Given that we // now track the concept of 'next owner' inside of the permissions // object, we can describe some new meta-meaning to the PERM_MODIFY // flag. PERM_MODIFY is usually meant to note if you can change an // item, but since we record next owner permissions, we can interpret // a no-modify object as 'you cannot modify this object and you cannot // make derivative works.' When evaluating functionality, and // comparisons against permissions, keep this concept in mind for // logical consistency. //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ class LLPermissions : public LLReflective { private: LLUUID mCreator; // null if object created by system LLUUID mOwner; // null if object "unowned" (owned by system) LLUUID mLastOwner; // object's last owner LLUUID mGroup; // The group association PermissionMask mMaskBase; // initially permissive, progressively AND restricted by each owner PermissionMask mMaskOwner; // set by owner, applies to owner only, restricts lower permissions PermissionMask mMaskEveryone; // set by owner, applies to everyone else PermissionMask mMaskGroup; // set by owner, applies to group that is associated with permissions PermissionMask mMaskNextOwner; // set by owner, applied to base on transfer. // Usually set in the fixOwnership() method based on current uuid // values. bool mIsGroupOwned; // Correct for fair use - you can never take away the right to // move stuff you own, and you can never take away the right to // transfer something you cannot otherwise copy. void fixFairUse(); // Fix internal consistency for group/agent ownership void fixOwnership(); public: static const LLPermissions DEFAULT; LLPermissions(); // defaults to created by system //~LLPermissions(); // base initialization code void init(const LLUUID& creator, const LLUUID& owner, const LLUUID& last_owner, const LLUUID& group); void initMasks(PermissionMask base, PermissionMask owner, PermissionMask everyone, PermissionMask group, PermissionMask next); // adjust permissions based on inventory type. void initMasks(LLInventoryType::EType type); // // ACCESSORS // // return the agent_id of the agent that created the item const LLUUID& getCreator() const { return mCreator; } // return the agent_id of the owner. returns LLUUID::null if group // owned or public (a really big group). const LLUUID& getOwner() const { return mOwner; } // return the group_id of the group associated with the // object. const LLUUID& getGroup() const { return mGroup; } // return the agent_id of the last agent owner. Only returns // LLUUID::null if there has never been a previous owner (*note: this is apparently not true, say for textures in inventory, it may return LLUUID::null even if there was a previous owner). const LLUUID& getLastOwner() const { return mLastOwner; } U32 getMaskBase() const { return mMaskBase; } U32 getMaskOwner() const { return mMaskOwner; } U32 getMaskGroup() const { return mMaskGroup; } U32 getMaskEveryone() const { return mMaskEveryone; } U32 getMaskNextOwner() const { return mMaskNextOwner; } // return TRUE if the object has any owner bool isOwned() const { return (mOwner.notNull() || mIsGroupOwned); } // return TRUE if group_id is owner. bool isGroupOwned() const { return mIsGroupOwned; } // This API returns TRUE if the object is owned at all, and FALSE // otherwise. If it is owned at all, owner id is filled with // either the owner id or the group id, and the is_group_owned // parameter is appropriately filled. The values of owner_id and // is_group_owned are not changed if the object is not owned. BOOL getOwnership(LLUUID& owner_id, BOOL& is_group_owned) const; // Gets the 'safe' owner. This should never return LLUUID::null. // If no group owned, return the agent owner id normally. // If group owned, return the group id. // If not owned, return a random uuid which should have no power. LLUUID getSafeOwner() const; // return a cheap crc U32 getCRC32() const; // // MANIPULATORS // // Fix hierarchy of permissions, applies appropriate permissions // at each level to ensure that base permissions are respected, // and also ensures that if base cannot transfer, then group and // other cannot copy. void fix(); // All of these methods just do exactly what they say. There is no // permissions checking to see if the operation is allowed, and do // not fix the permissions hierarchy. So please only use these // methods when you are know what you're doing and coding on // behalf of the system - ie, acting as god. void set(const LLPermissions& permissions); void setMaskBase(U32 mask) { mMaskBase = mask; } void setMaskOwner(U32 mask) { mMaskOwner = mask; } void setMaskEveryone(U32 mask) { mMaskEveryone = mask;} void setMaskGroup(U32 mask) { mMaskGroup = mask;} void setMaskNext(U32 mask) { mMaskNextOwner = mask; } // Allow accumulation of permissions. Results in the tightest // permissions possible. In the case of clashing UUIDs, it sets // the ID to LLUUID::null. void accumulate(const LLPermissions& perm); // // CHECKED MANIPULATORS // // These functions return true on success. They return false if // the given agent isn't allowed to make the change. You can pass // LLUUID::null as the agent id if the change is being made by the // simulator itself, not on behalf of any agent - this will always // succeed. Passing in group id of LLUUID:null means no group, and // does not offer special permission to do anything. // saves last owner, sets current owner, and sets the group. // set is_atomic = true means that this permission represents // an atomic permission and not a collection of permissions. // Currently, the only way to have a collection is when an object // has inventory and is then itself rolled up into an inventory // item. BOOL setOwnerAndGroup(const LLUUID& agent, const LLUUID& owner, const LLUUID& group, bool is_atomic); // only call this if you know what you're doing // there are usually perm-bit consequences when the // ownerhsip changes void yesReallySetOwner(const LLUUID& owner, bool group_owned); // Last owner doesn't have much in the way of permissions so it's //not too dangerous to do this. void setLastOwner(const LLUUID& last_owner); // saves last owner, sets owner to uuid null, sets group // owned. group_id must be the group of the object (that's who it // is being deeded to) and the object must be group // modify. Technically, the agent id and group id are not // necessary, but I wanted this function to look like the other // checked manipulators (since that is how it is used.) If the // agent is the system or (group == mGroup and group modify and // owner transfer) then this function will deed the permissions, // set the next owner mask, and return TRUE. Otherwise, no change // is effected, and the function returns FALSE. BOOL deedToGroup(const LLUUID& agent, const LLUUID& group); // Attempt to set or clear the given bitmask. Returns TRUE if you // are allowed to modify the permissions. If you attempt to turn // on bits not allowed by the base bits, the function will return // TRUE, but those bits will not be set. BOOL setBaseBits( const LLUUID& agent, BOOL set, PermissionMask bits); BOOL setOwnerBits( const LLUUID& agent, BOOL set, PermissionMask bits); BOOL setGroupBits( const LLUUID& agent, const LLUUID& group, BOOL set, PermissionMask bits); BOOL setEveryoneBits(const LLUUID& agent, const LLUUID& group, BOOL set, PermissionMask bits); BOOL setNextOwnerBits(const LLUUID& agent, const LLUUID& group, BOOL set, PermissionMask bits); // This is currently only used in the Viewer to handle calling cards // where the creator is actually used to store the target. Use with care. void setCreator(const LLUUID& creator) { mCreator = creator; } // // METHODS // // All the allow* functions return true if the given agent or // group can perform the function. Prefer using this set of // operations to check permissions on an object. These return // true if the given agent or group can perform the function. // They also return true if the object isn't owned, or the // requesting agent is a system agent. See llpermissionsflags.h // for bits. bool allowOperationBy(PermissionBit op, const LLUUID& agent, const LLUUID& group = LLUUID::null) const; inline bool allowModifyBy(const LLUUID &agent_id) const; inline bool allowCopyBy(const LLUUID& agent_id) const; inline bool allowMoveBy(const LLUUID& agent_id) const; inline bool allowModifyBy(const LLUUID &agent_id, const LLUUID& group) const; inline bool allowCopyBy(const LLUUID& agent_id, const LLUUID& group) const; inline bool allowMoveBy(const LLUUID &agent_id, const LLUUID &group) const; // This somewhat specialized function is meant for testing if the // current owner is allowed to transfer to the specified agent id. inline bool allowTransferTo(const LLUUID &agent_id) const; // // DEPRECATED. // // These return true if the given agent can perform the function. // They also return true if the object isn't owned, or the // requesting agent is a system agent. See llpermissionsflags.h // for bits. //BOOL allowDeleteBy(const LLUUID& agent_id) const { return allowModifyBy(agent_id); } //BOOL allowEditBy(const LLUUID& agent_id) const { return allowModifyBy(agent_id); } // saves last owner and sets current owner //BOOL setOwner(const LLUUID& agent, const LLUUID& owner); // This method saves the last owner, sets the current owner to the // one provided, and sets the base mask as indicated. //BOOL setOwner(const LLUUID& agent, const LLUUID& owner, U32 new_base_mask); // Attempt to set or clear the given bitmask. Returns TRUE if you // are allowed to modify the permissions. If you attempt to turn // on bits not allowed by the base bits, the function will return // TRUE, but those bits will not be set. //BOOL setGroupBits( const LLUUID& agent, BOOL set, PermissionMask bits); //BOOL setEveryoneBits(const LLUUID& agent, BOOL set, PermissionMask bits); // // MISC METHODS and OPERATORS // LLSD packMessage() const; void unpackMessage(LLSD perms); // For messaging system support void packMessage(LLMessageSystem* msg) const; void unpackMessage(LLMessageSystem* msg, const char* block, S32 block_num = 0); // Load/save support BOOL importFile(LLFILE* fp); BOOL exportFile(LLFILE* fp) const; BOOL importLegacyStream(std::istream& input_stream); BOOL exportLegacyStream(std::ostream& output_stream) const; bool operator==(const LLPermissions &rhs) const; bool operator!=(const LLPermissions &rhs) const; friend std::ostream& operator<<(std::ostream &s, const LLPermissions &perm); // Reflection. friend class LLMetaClassT<LLPermissions>; virtual const LLMetaClass& getMetaClass() const; }; // Inlines bool LLPermissions::allowModifyBy(const LLUUID& agent, const LLUUID& group) const { return allowOperationBy(PERM_MODIFY, agent, group); } bool LLPermissions::allowCopyBy(const LLUUID& agent, const LLUUID& group) const { return allowOperationBy(PERM_COPY, agent, group); } bool LLPermissions::allowMoveBy(const LLUUID& agent, const LLUUID& group) const { return allowOperationBy(PERM_MOVE, agent, group); } bool LLPermissions::allowModifyBy(const LLUUID& agent) const { return allowOperationBy(PERM_MODIFY, agent, LLUUID::null); } bool LLPermissions::allowCopyBy(const LLUUID& agent) const { return allowOperationBy(PERM_COPY, agent, LLUUID::null); } bool LLPermissions::allowMoveBy(const LLUUID& agent) const { return allowOperationBy(PERM_MOVE, agent, LLUUID::null); } bool LLPermissions::allowTransferTo(const LLUUID &agent_id) const { if (mIsGroupOwned) { return allowOperationBy(PERM_TRANSFER, mGroup, mGroup); } else { return ((mOwner == agent_id) ? TRUE : allowOperationBy(PERM_TRANSFER, mOwner)); } } //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Class LLAggregatePermissions // // Class which encapsulates object and inventory permissions, // ownership, etc. Currently, it only aggregates PERM_COPY, // PERM_MODIFY, and PERM_TRANSFER. // // Usually you will construct an instance and hand the object several // permissions masks to aggregate the copy, modify, and // transferability into a nice trinary value. //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ class LLAggregatePermissions { public: enum EValue { AP_EMPTY = 0x00, AP_NONE = 0x01, AP_SOME = 0x02, AP_ALL = 0x03 }; // construct an empty aggregate permissions LLAggregatePermissions(); // pass in a PERM_COPY, PERM_TRANSFER, etc, and get out a EValue // enumeration describing the current aggregate permissions. EValue getValue(PermissionBit bit) const; // returns the permissions packed into the 6 LSB of a U8: // 00TTMMCC // where TT = transfer, MM = modify, and CC = copy // LSB is to the right U8 getU8() const; // return TRUE is the aggregate permissions are empty, otherwise FALSE. BOOL isEmpty() const ; // pass in a PERM_COPY, PERM_TRANSFER, etc, and an EValue // enumeration to specifically set that value. Not implemented // because I'm not sure it's a useful api. //void setValue(PermissionBit bit, EValue); // Given a mask, aggregate the useful permissions. void aggregate(PermissionMask mask); // Aggregate aggregates void aggregate(const LLAggregatePermissions& ag); // message handling void packMessage(LLMessageSystem* msg, const char* field) const; void unpackMessage(LLMessageSystem* msg, const char* block, const char *field, S32 block_num = 0); static const LLAggregatePermissions empty; friend std::ostream& operator<<(std::ostream &s, const LLAggregatePermissions &perm); protected: enum EPermIndex { PI_COPY = 0, PI_MODIFY = 1, PI_TRANSFER = 2, PI_END = 3, PI_COUNT = 3 }; void aggregateBit(EPermIndex idx, BOOL allowed); void aggregateIndex(EPermIndex idx, U8 bits); static EPermIndex perm2PermIndex(PermissionBit bit); // structure used to store the aggregate so far. U8 mBits[PI_COUNT]; }; // These functions convert between structured data and permissions as // appropriate for serialization. The permissions are a map of things // like 'creator_id', 'owner_id', etc, with the value copied from the // permission object. LLSD ll_create_sd_from_permissions(const LLPermissions& perm); LLPermissions ll_permissions_from_sd(const LLSD& sd_perm); #endif