From e23251df4ec849d20cdae31a14be212f2e039540 Mon Sep 17 00:00:00 2001 From: David Rowe Date: Mon, 15 Mar 2021 20:25:18 +1300 Subject: [PATCH] Ignore Entities.addEntity() for avatar entities if don't have permission --- libraries/entities/src/EntityScriptingInterface.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libraries/entities/src/EntityScriptingInterface.cpp b/libraries/entities/src/EntityScriptingInterface.cpp index a5bffecb14..fc7dca5f7c 100644 --- a/libraries/entities/src/EntityScriptingInterface.cpp +++ b/libraries/entities/src/EntityScriptingInterface.cpp @@ -487,6 +487,15 @@ QUuid EntityScriptingInterface::addEntityInternal(const EntityItemProperties& pr _activityTracking.addedEntityCount++; + auto nodeList = DependencyManager::get(); + + if (entityHostType == entity::HostType::AVATAR && !nodeList->getThisNodeCanRezAvatarEntities()) { + qCDebug(entities) << "Ignoring addEntity() because don't have canRezAvatarEntities permission on domain"; + // Only need to intercept methods that may add an avatar entity because avatar entities are removed from the tree when + // user doesn't have canRezAvatarEntities permission. + return QUuid(); + } + EntityItemProperties propertiesWithSimID = properties; propertiesWithSimID.setEntityHostType(entityHostType); if (entityHostType == entity::HostType::AVATAR) { @@ -499,7 +508,6 @@ QUuid EntityScriptingInterface::addEntityInternal(const EntityItemProperties& pr } // the created time will be set in EntityTree::addEntity by recordCreationTime() - auto nodeList = DependencyManager::get(); auto sessionID = nodeList->getSessionUUID(); propertiesWithSimID.setLastEditedBy(sessionID);