Add permission level for replacing domain content

domain-server/src/DomainGatekeeper.cpp

@@ -269,6 +269,7 @@ void DomainGatekeeper::updateNodePermissions() {
             userPerms.permissions |= NodePermissions::Permission::canRezPermanentEntities;
             userPerms.permissions |= NodePermissions::Permission::canRezTemporaryEntities;
             userPerms.permissions |= NodePermissions::Permission::canWriteToAssetServer;
+            userPerms.permissions |= NodePermissions::Permission::canReplaceDomainContent;
         } else {
             // this node is an agent
             const QHostAddress& addr = node->getLocalSocket().getAddress();
@@ -357,6 +358,7 @@ SharedNodePointer DomainGatekeeper::processAssignmentConnectRequest(const NodeCo
     userPerms.permissions |= NodePermissions::Permission::canRezPermanentEntities;
     userPerms.permissions |= NodePermissions::Permission::canRezTemporaryEntities;
     userPerms.permissions |= NodePermissions::Permission::canWriteToAssetServer;
+    userPerms.permissions |= NodePermissions::Permission::canReplaceDomainContent;
     newNode->setPermissions(userPerms);
     return newNode;
 }

domain-server/src/DomainServerSettingsManager.cpp

@@ -112,6 +112,7 @@ void DomainServerSettingsManager::setupConfigMap(const QStringList& argumentList
         const QString RESTRICTED_ACCESS_SETTINGS_KEYPATH = "security.restricted_access";
         const QString ALLOWED_EDITORS_SETTINGS_KEYPATH = "security.allowed_editors";
         const QString EDITORS_ARE_REZZERS_KEYPATH = "security.editors_are_rezzers";
+        const QString EDITORS_CAN_REPLACE_CONTENT_KEYPATH = "security.editors_can_replace_content";
 
         qDebug() << "Previous domain-server settings version was"
             << QString::number(oldVersion, 'g', 8) << "and the new version is"

libraries/networking/src/LimitedNodeList.cpp

@@ -167,6 +167,10 @@ void LimitedNodeList::setPermissions(const NodePermissions& newPermissions) {
         newPermissions.can(NodePermissions::Permission::canKick)) {
         emit canKickChanged(_permissions.can(NodePermissions::Permission::canKick));
     }
+    if (originalPermissions.can(NodePermissions::Permission::canReplaceDomainContent) !=
+        newPermissions.can(NodePermissions::Permission::canReplaceDomainContent)) {
+        emit canReplaceContentChanged(_permissions.can(NodePermissions::Permission::canReplaceDomainContent));
+    }
 }
 
 void LimitedNodeList::setSocketLocalPort(quint16 socketLocalPort) {

libraries/networking/src/LimitedNodeList.h

@@ -115,7 +115,8 @@ public:
     bool getThisNodeCanRezTmp() const { return _permissions.can(NodePermissions::Permission::canRezTemporaryEntities); }
     bool getThisNodeCanWriteAssets() const { return _permissions.can(NodePermissions::Permission::canWriteToAssetServer); }
     bool getThisNodeCanKick() const { return _permissions.can(NodePermissions::Permission::canKick); }
-
+    bool getThisNodeCanReplaceContent() const { return _permissions.can(NodePermissions::Permission::canReplaceDomainContent); }
+    
     quint16 getSocketLocalPort() const { return _nodeSocket.localPort(); }
     Q_INVOKABLE void setSocketLocalPort(quint16 socketLocalPort);
 
@@ -329,6 +330,7 @@ signals:
     void canRezTmpChanged(bool canRezTmp);
     void canWriteAssetsChanged(bool canWriteAssets);
     void canKickChanged(bool canKick);
+    void canReplaceContentChanged(bool canReplaceContent);
 
 protected slots:
     void connectedForLocalSocketTest();

libraries/networking/src/Node.h

@@ -74,6 +74,7 @@ public:
     bool getCanRezTmp() const { return _permissions.can(NodePermissions::Permission::canRezTemporaryEntities); }
     bool getCanWriteToAssetServer() const { return _permissions.can(NodePermissions::Permission::canWriteToAssetServer); }
     bool getCanKick() const { return _permissions.can(NodePermissions::Permission::canKick); }
+    bool getCanReplaceContent() const { return _permissions.can(NodePermissions::Permission::canReplaceDomainContent); }
 
     void parseIgnoreRequestMessage(QSharedPointer<ReceivedMessage> message);
     void addIgnoredNode(const QUuid& otherNodeID);

libraries/networking/src/NodePermissions.cpp

@@ -45,6 +45,7 @@ NodePermissions::NodePermissions(QMap<QString, QVariant> perms) {
     permissions |= perms["id_can_connect_past_max_capacity"].toBool() ?
         Permission::canConnectPastMaxCapacity : Permission::none;
     permissions |= perms["id_can_kick"].toBool() ? Permission::canKick : Permission::none;
+    permissions |= perms["id_can_replace_content"].toBool() ? Permission::canReplaceDomainContent : Permission::none;
 }
 
 QVariant NodePermissions::toVariant(QHash<QUuid, GroupRank> groupRanks) {
@@ -65,6 +66,7 @@ QVariant NodePermissions::toVariant(QHash<QUuid, GroupRank> groupRanks) {
     values["id_can_write_to_asset_server"] = can(Permission::canWriteToAssetServer);
     values["id_can_connect_past_max_capacity"] = can(Permission::canConnectPastMaxCapacity);
     values["id_can_kick"] = can(Permission::canKick);
+    values["id_can_replace_content"] = can(Permission::canReplaceDomainContent);
     return QVariant(values);
 }
 
@@ -128,6 +130,9 @@ QDebug operator<<(QDebug debug, const NodePermissions& perms) {
     if (perms.can(NodePermissions::Permission::canKick)) {
         debug << " kick";
     }
+    if (perms.can(NodePermissions::Permission::canReplaceDomainContent)) {
+        debug << " can_replace_content";
+    }
     debug.nospace() << "]";
     return debug.nospace();
 }

libraries/networking/src/NodePermissions.h

@@ -77,7 +77,8 @@ public:
         canRezTemporaryEntities = 8,
         canWriteToAssetServer = 16,
         canConnectPastMaxCapacity = 32,
-        canKick = 64
+        canKick = 64,
+        canReplaceDomainContent = 128
     };
     Q_DECLARE_FLAGS(Permissions, Permission)
     Permissions permissions;

libraries/script-engine/src/UsersScriptingInterface.cpp

@@ -19,6 +19,7 @@ UsersScriptingInterface::UsersScriptingInterface() {
     connect(nodeList.data(), &LimitedNodeList::canKickChanged, this, &UsersScriptingInterface::canKickChanged);
     connect(nodeList.data(), &NodeList::ignoreRadiusEnabledChanged, this, &UsersScriptingInterface::ignoreRadiusEnabledChanged);
     connect(nodeList.data(), &NodeList::usernameFromIDReply, this, &UsersScriptingInterface::usernameFromIDReply);
+    connect(nodeList.data(), &NodeList::canReplaceContentChanged, this, &UsersScriptingInterface::canReplaceContentChanged);
 }
 
 void UsersScriptingInterface::ignore(const QUuid& nodeID, bool ignoreEnabled) {
@@ -93,3 +94,6 @@ bool UsersScriptingInterface::getRequestsDomainListData() {
 void UsersScriptingInterface::setRequestsDomainListData(bool isRequesting) {
     DependencyManager::get<NodeList>()->setRequestsDomainListData(isRequesting);
 }
+bool UsersScriptingInterface::getCanReplaceContent() {
+    return DependencyManager::get<NodeList>()->getThisNodeCanReplaceContent();
+}

libraries/script-engine/src/UsersScriptingInterface.h

@@ -25,6 +25,7 @@ class UsersScriptingInterface : public QObject, public Dependency {
 
     Q_PROPERTY(bool canKick READ getCanKick)
     Q_PROPERTY(bool requestsDomainListData READ getRequestsDomainListData WRITE setRequestsDomainListData)
+    Q_PROPERTY(bool canReplaceContent READ getCanReplaceContent)
 
 public:
     UsersScriptingInterface();
@@ -131,6 +132,13 @@ public slots:
     */
     bool getIgnoreRadiusEnabled();
 
+    /**jsdoc
+    * Returns true if the user has permissions to replace domain content sets
+    * @function Users.getCanReplaceContent
+    * @return {bool} true if the user has permissions to replace domain content sets, false if not
+    */
+    bool getCanReplaceContent();
+
 signals:
     void canKickChanged(bool canKick);
     void ignoreRadiusEnabledChanged(bool isEnabled);
@@ -154,6 +162,7 @@ signals:
      * @param {nodeID} NodeID The session ID of the avatar that has disconnected
      */
     void avatarDisconnected(const QUuid& nodeID);
+    void canReplaceContentChanged(bool canReplaceContent);
 
 private:
     bool getRequestsDomainListData();