Don't send avatar entities if don't have permission

2025-04-19 16:44:04 +02:00 · 2021-03-09 11:15:37 +13:00 · 2021-03-09 11:15:37 +13:00 · 283f7d61e2
commit 283f7d61e2
parent 091efaee60
2 changed files with 15 additions and 8 deletions
--- a/assignment-client/src/avatars/AvatarMixerClientData.cpp
+++ b/assignment-client/src/avatars/AvatarMixerClientData.cpp
@ -270,6 +270,7 @@ void AvatarMixerClientData::processSetTraitsMessage(ReceivedMessage& message,
                        instanceVersionRef = -packetTraitVersion;
                    } else {
                        // Don't accept avatar entity data for distribution unless sender has rez permissions on the domain.
+                        // The sender shouldn't be sending avatar entity data, however this provides a back-up.
                        if (sendingNode.getCanRezAvatarEntities()) {
                            _avatar->processTraitInstance(traitType, instanceID, message.read(traitSize));
                        } else {
--- a/interface/src/avatar/MyAvatar.cpp
+++ b/interface/src/avatar/MyAvatar.cpp
@ -1610,6 +1610,8 @@ void MyAvatar::handleChangedAvatarEntityData() {
        return;
    }

+    bool canRezAvatarEntites = DependencyManager::get<NodeList>()->getThisNodeCanRezAvatarEntities();
+
    // We collect changes to AvatarEntities and then handle them all in one spot per frame: handleChangedAvatarEntityData().
    // Basically this is a "transaction pattern" with an extra complication: these changes can come from two
    // "directions" and the "authoritative source" of each direction is different, so we maintain two distinct sets
@ -1696,12 +1698,15 @@ void MyAvatar::handleChangedAvatarEntityData() {
            continue;
        }
        sanitizeAvatarEntityProperties(properties);
-        entityTree->withWriteLock([&] {
-            EntityItemPointer entity = entityTree->addEntity(id, properties);
-            if (entity) {
-                packetSender->queueEditAvatarEntityMessage(entityTree, id);
-            }
-        });
+        if (canRezAvatarEntites) {
+            entityTree->withWriteLock([&] {
+                EntityItemPointer entity = entityTree->addEntity(id, properties);
+                if (entity) {
+                    packetSender->queueEditAvatarEntityMessage(entityTree, id);
+                }
+            });
+        }
+        
    }

    // CHANGE real entities
@ -1719,7 +1724,7 @@ void MyAvatar::handleChangedAvatarEntityData() {
                skip = true;
            }
        });
-        if (!skip) {
+        if (!skip && canRezAvatarEntites) {
            sanitizeAvatarEntityProperties(properties);
            entityTree->withWriteLock([&] {
                if (entityTree->updateEntity(id, properties)) {
@ -4092,7 +4097,8 @@ float MyAvatar::getGravity() {
 void MyAvatar::setSessionUUID(const QUuid& sessionUUID) {
    QUuid oldSessionID = getSessionUUID();
    Avatar::setSessionUUID(sessionUUID);
-    bool sendPackets = !DependencyManager::get<NodeList>()->getSessionUUID().isNull();
+    bool sendPackets = !DependencyManager::get<NodeList>()->getSessionUUID().isNull()
+        && DependencyManager::get<NodeList>()->getThisNodeCanRezAvatarEntities();
    if (!sendPackets) {
        return;
    }