Merge pull request #152 from HifiExperiments/urls

 add canViewAssetURLs domain permissions

domain-server/resources/describe-settings.json

@@ -1,5 +1,5 @@
 {
-  "version": 2.6,
+  "version": 2.7,
   "settings": [
     {
       "name": "metaverse",
@@ -402,7 +402,7 @@
             },
             {
               "label": "Permissions <a data-toggle='tooltip' data-html='true' title='<p><strong>Domain-Wide User Permissions</strong></p><ul><li><strong>Connect</strong><br />Sets whether a user can connect to the domain.</li><li><strong>Avatar Entities</strong><br />Sets whether a user can use avatar entities on the domain.</li><li><strong>Lock / Unlock</strong><br />Sets whether a user change the &ldquo;locked&rdquo; property of an entity (either from on to off or off to on).</li><li><strong>Rez</strong><br />Sets whether a user can create new entities.</li><li><strong>Rez Temporary</strong><br />Sets whether a user can create new entities with a finite lifetime.</li><li><strong>Write Assets</strong><br />Sets whether a user can make changes to the domain&rsquo;s asset-server assets.</li><li><strong>Ignore Max Capacity</strong><br />Sets whether a user can connect even if the domain has reached or exceeded its maximum allowed agents.</li><li><strong>Replace Content</strong><br>Sets whether a user can replace entire content sets by wiping existing domain content.</li><li><strong>Get and Set Private User Data</strong><br>Sets whether a user can get and set the privateUserData entity property.</li></ul><p>Note that permissions assigned to a specific user will supersede any parameter-level permissions that might otherwise apply to that user. Additionally, if more than one parameter is applicable to a given user, the permissions given to that user will be the sum of all applicable parameters. For example, let&rsquo;s say only localhost users can connect and only logged in users can lock and unlock entities. If a user is both logged in and on localhost then they will be able to both connect and lock/unlock entities.</p>'>?</a>",
-              "span": 12
+              "span": 11
             }
           ],
           "columns": [
@@ -479,6 +479,13 @@
               "type": "checkbox",
               "editable": true,
               "default": false
+            },
+            {
+              "name": "id_can_view_asset_urls",
+              "label": "View Asset URLs",
+              "type": "checkbox",
+              "editable": true,
+              "default": false
             }
           ],
           "non-deletable-row-key": "permissions_id",
@@ -505,6 +512,7 @@
                 "id_can_rez_tmp": true,
                 "id_can_write_to_asset_server": true,
                 "id_can_get_and_set_private_user_data": true,
+                "id_can_view_asset_urls": true,
                 "permissions_id": "localhost"
             },
             {
@@ -633,6 +641,13 @@
               "type": "checkbox",
               "editable": true,
               "default": false
+            },
+            {
+              "name": "id_can_view_asset_urls",
+              "label": "View Asset URLs",
+              "type": "checkbox",
+              "editable": true,
+              "default": false
             }
           ]
         },
@@ -752,6 +767,13 @@
               "type": "checkbox",
               "editable": true,
               "default": false
+            },
+            {
+              "name": "id_can_view_asset_urls",
+              "label": "View Asset URLs",
+              "type": "checkbox",
+              "editable": true,
+              "default": false
             }
           ]
         },
@@ -844,6 +866,13 @@
               "type": "checkbox",
               "editable": true,
               "default": false
+            },
+            {
+              "name": "id_can_view_asset_urls",
+              "label": "View Asset URLs",
+              "type": "checkbox",
+              "editable": true,
+              "default": false
             }
           ]
         },
@@ -936,6 +965,13 @@
               "type": "checkbox",
               "editable": true,
               "default": false
+            },
+            {
+              "name": "id_can_view_asset_urls",
+              "label": "View Asset URLs",
+              "type": "checkbox",
+              "editable": true,
+              "default": false
             }
           ]
         },
@@ -1022,13 +1058,20 @@
               "editable": true,
               "default": false
             },
-              {
-                "name": "id_can_get_and_set_private_user_data",
-                "label": "Get and Set Private User Data",
-                "type": "checkbox",
-                "editable": true,
-                "default": false
-              }
+            {
+              "name": "id_can_get_and_set_private_user_data",
+              "label": "Get and Set Private User Data",
+              "type": "checkbox",
+              "editable": true,
+              "default": false
+            },
+            {
+              "name": "id_can_view_asset_urls",
+              "label": "View Asset URLs",
+              "type": "checkbox",
+              "editable": true,
+              "default": false
+            }
           ]
         },
         {
@@ -1120,6 +1163,13 @@
               "type": "checkbox",
               "editable": true,
               "default": false
+            },
+            {
+              "name": "id_can_view_asset_urls",
+              "label": "View Asset URLs",
+              "type": "checkbox",
+              "editable": true,
+              "default": false
             }
           ]
         },

domain-server/src/DomainGatekeeper.cpp

@@ -353,6 +353,7 @@ void DomainGatekeeper::updateNodePermissions() {
             userPerms.permissions |= NodePermissions::Permission::canReplaceDomainContent;
             userPerms.permissions |= NodePermissions::Permission::canGetAndSetPrivateUserData;
             userPerms.permissions |= NodePermissions::Permission::canRezAvatarEntities;
+            userPerms.permissions |= NodePermissions::Permission::canViewAssetURLs;
         } else {
             // at this point we don't have a sending socket for packets from this node - assume it is the active socket
             // or the public socket if we haven't activated a socket for the node yet
@@ -446,6 +447,7 @@ SharedNodePointer DomainGatekeeper::processAssignmentConnectRequest(const NodeCo
     userPerms.permissions |= NodePermissions::Permission::canReplaceDomainContent;
     userPerms.permissions |= NodePermissions::Permission::canGetAndSetPrivateUserData;
     userPerms.permissions |= NodePermissions::Permission::canRezAvatarEntities;
+    userPerms.permissions |= NodePermissions::Permission::canViewAssetURLs;
     newNode->setPermissions(userPerms);
     return newNode;
 }

domain-server/src/DomainServerSettingsManager.cpp

@@ -547,6 +547,29 @@ void DomainServerSettingsManager::setupConfigMap(const QString& userConfigFilena
 
         // No migration needed to version 2.6.
 
+        if (oldVersion < 2.7) {
+            // Default values for new canViewAssetURLs permission.
+            unpackPermissions();
+            std::list<std::unordered_map<NodePermissionsKey, NodePermissionsPointer>> permissionsSets{
+                _standardAgentPermissions.get(),
+                _agentPermissions.get(),
+                _ipPermissions.get(),
+                _macPermissions.get(),
+                _machineFingerprintPermissions.get(),
+                _groupPermissions.get(),
+                _groupForbiddens.get()
+            };
+            foreach (auto permissionsSet, permissionsSets) {
+                for (auto entry : permissionsSet) {
+                    const auto& userKey = entry.first;
+                    if (permissionsSet[userKey]->can(NodePermissions::Permission::canConnectToDomain)) {
+                        permissionsSet[userKey]->set(NodePermissions::Permission::canViewAssetURLs);
+                    }
+                }
+            }
+            packPermissions();
+        }
+
         // write the current description version to our settings
         *versionVariant = _descriptionVersion;
 

libraries/avatars/src/AvatarData.cpp

@@ -2107,7 +2107,7 @@ const QUrl& AvatarData::getSkeletonModelURL() const {
 }
 
 QString AvatarData::getSkeletonModelURLFromScript() const {
-    if (isMyAvatar() && !isMyAvatarURLProtected()) {
+    if (isMyAvatar() && !isMyAvatarURLProtected() && DependencyManager::get<NodeList>()->getThisNodeCanViewAssetURLs()) {
         return _skeletonModelURL.toString();
     }
 

libraries/avatars/src/ScriptAvatarData.cpp

@@ -13,6 +13,7 @@
 
 #include "ScriptAvatarData.h"
 
+#include <NodeList.h>
 #include <ScriptEngineCast.h>
 #include <ScriptManager.h>
 
@@ -204,7 +205,8 @@ bool ScriptAvatarData::getLookAtSnappingEnabled() const {
 //
 QString ScriptAvatarData::getSkeletonModelURLFromScript() const {
     if (AvatarSharedPointer sharedAvatarData = _avatarData.lock()) {
-        if (sharedAvatarData->isMyAvatar() && !sharedAvatarData->isMyAvatarURLProtected()) {
+        auto nodeList = DependencyManager::get<NodeList>();
+        if (sharedAvatarData->isMyAvatar() && !sharedAvatarData->isMyAvatarURLProtected() && nodeList->getThisNodeCanViewAssetURLs()) {
             return sharedAvatarData->getSkeletonModelURLFromScript();
         }
 

libraries/entities/src/AmbientLightPropertyGroup.cpp

@@ -22,10 +22,12 @@
 const float AmbientLightPropertyGroup::DEFAULT_AMBIENT_LIGHT_INTENSITY = 0.5f;
 
 void AmbientLightPropertyGroup::copyToScriptValue(const EntityPropertyFlags& desiredProperties, ScriptValue& properties,
-    ScriptEngine* engine, bool skipDefaults, EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags) const {
-
+    ScriptEngine* engine, bool skipDefaults, EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags,
+    bool isMyOwnAvatarEntity) const {
+
+    auto nodeList = DependencyManager::get<NodeList>();
     COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE(PROP_AMBIENT_LIGHT_INTENSITY, AmbientLight, ambientLight, AmbientIntensity, ambientIntensity);
-    COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE(PROP_AMBIENT_LIGHT_URL, AmbientLight, ambientLight, AmbientURL, ambientURL);
+    COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE_IF_URL_PERMISSION(PROP_AMBIENT_LIGHT_URL, AmbientLight, ambientLight, AmbientURL, ambientURL);
 }
 
 void AmbientLightPropertyGroup::copyFromScriptValue(const ScriptValue& object, const QSet<QString> &namesSet, bool& _defaultSettings) {

libraries/entities/src/AmbientLightPropertyGroup.h

@@ -43,7 +43,8 @@ class AmbientLightPropertyGroup : public PropertyGroup {
     // EntityItemProperty related helpers
     virtual void copyToScriptValue(const EntityPropertyFlags& desiredProperties, ScriptValue& properties,
                                    ScriptEngine* engine, bool skipDefaults,
-                                   EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags) const override;
+                                   EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags,
+                                   bool isMyOwnAvatarEntity) const override;
     virtual void copyFromScriptValue(const ScriptValue& object, const QSet<QString> &namesSet, bool& _defaultSettings) override;
 
     void merge(const AmbientLightPropertyGroup& other);

libraries/entities/src/AnimationPropertyGroup.cpp

@@ -68,8 +68,10 @@ bool operator!=(const AnimationPropertyGroup& a, const AnimationPropertyGroup& b
  *     maintained when the animation stops playing, <code>false</code> if they aren't.
  */
 void AnimationPropertyGroup::copyToScriptValue(const EntityPropertyFlags& desiredProperties, ScriptValue& properties, ScriptEngine* engine,
-                                               bool skipDefaults, EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags) const {
-    COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE(PROP_ANIMATION_URL, Animation, animation, URL, url);
+                                               bool skipDefaults, EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags,
+                                               bool isMyOwnAvatarEntity) const {
+    auto nodeList = DependencyManager::get<NodeList>();
+    COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE_IF_URL_PERMISSION(PROP_ANIMATION_URL, Animation, animation, URL, url);
     COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE(PROP_ANIMATION_ALLOW_TRANSLATION, Animation, animation, AllowTranslation, allowTranslation);
     COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE(PROP_ANIMATION_FPS, Animation, animation, FPS, fps);
     COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE(PROP_ANIMATION_FRAME_INDEX, Animation, animation, CurrentFrame, currentFrame);

libraries/entities/src/AnimationPropertyGroup.h

@@ -37,7 +37,8 @@ class AnimationPropertyGroup : public PropertyGroup {
     // EntityItemProperty related helpers
     virtual void copyToScriptValue(const EntityPropertyFlags& desiredProperties, ScriptValue& properties,
                                    ScriptEngine* engine, bool skipDefaults,
-                                   EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags) const override;
+                                   EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags,
+                                   bool isMyOwnAvatarEntity) const override;
     virtual void copyFromScriptValue(const ScriptValue& object, const QSet<QString> &namesSet, bool& _defaultSettings) override;
 
     void merge(const AnimationPropertyGroup& other);

libraries/entities/src/BloomPropertyGroup.cpp

@@ -19,7 +19,8 @@
 #include "EntityItemPropertiesMacros.h"
 
 void BloomPropertyGroup::copyToScriptValue(const EntityPropertyFlags& desiredProperties, ScriptValue& properties, ScriptEngine* engine,
-                                           bool skipDefaults, EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags) const {
+                                           bool skipDefaults, EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags,
+                                           bool isMyOwnAvatarEntity) const {
     COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE(PROP_BLOOM_INTENSITY, Bloom, bloom, BloomIntensity, bloomIntensity);
     COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE(PROP_BLOOM_THRESHOLD, Bloom, bloom, BloomThreshold, bloomThreshold);
     COPY_GROUP_PROPERTY_TO_QSCRIPTVALUE(PROP_BLOOM_SIZE, Bloom, bloom, BloomSize, bloomSize);

libraries/entities/src/BloomPropertyGroup.h

@@ -44,7 +44,8 @@ class BloomPropertyGroup : public PropertyGroup {
     // EntityItemProperty related helpers
     virtual void copyToScriptValue(const EntityPropertyFlags& desiredProperties, ScriptValue& properties,
                                    ScriptEngine* engine, bool skipDefaults,
-                                   EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags) const override;
+                                   EntityItemProperties& defaultEntityProperties, bool returnNothingOnEmptyPropertyFlags,
+                                   bool isMyOwnAvatarEntity) const override;
     virtual void copyFromScriptValue(const ScriptValue& object, const QSet<QString> &namesSet, bool& _defaultSettings) override;
 
     void merge(const BloomPropertyGroup& other);