Ignore Entities.addEntity() for avatar entities if don't have permission

libraries/entities/src/EntityScriptingInterface.cpp

@@ -487,6 +487,15 @@ QUuid EntityScriptingInterface::addEntityInternal(const EntityItemProperties& pr
 
     _activityTracking.addedEntityCount++;
 
+    auto nodeList = DependencyManager::get<NodeList>();
+
+    if (entityHostType == entity::HostType::AVATAR && !nodeList->getThisNodeCanRezAvatarEntities()) {
+        qCDebug(entities) << "Ignoring addEntity() because don't have canRezAvatarEntities permission on domain";
+        // Only need to intercept methods that may add an avatar entity because avatar entities are removed from the tree when
+        // user doesn't have canRezAvatarEntities permission.
+        return QUuid();
+    }
+
     EntityItemProperties propertiesWithSimID = properties;
     propertiesWithSimID.setEntityHostType(entityHostType);
     if (entityHostType == entity::HostType::AVATAR) {
@@ -499,7 +508,6 @@ QUuid EntityScriptingInterface::addEntityInternal(const EntityItemProperties& pr
     }
 
     // the created time will be set in EntityTree::addEntity by recordCreationTime()
-    auto nodeList = DependencyManager::get<NodeList>();
     auto sessionID = nodeList->getSessionUUID();
     propertiesWithSimID.setLastEditedBy(sessionID);