2 ################################################################################
5 # Description: This trigger script implements additional permissions checking.
6 # The general idea is to open up permissions at the group level
7 # and to control who gets to checkout elements at the folder
8 # level. You do this by making an element named
9 # $permissions_element which contains group names of which
10 # groups have "checkout" permissions in that folder downward.
11 # Author: Andrew@DeFaria.com
12 # Created: Mon Jul 19 10:54:01 PDT 2004
16 # (c) Copyright 2004, Andrew@DeFaria.com, all rights reserved
18 ################################################################################
23 # This will be set in the BEGIN block but by putting them here the become
24 # available for the whole script.
34 # Extract relative path and basename from script name.
35 $0 =~ /(.*)[\/\\](.*)/;
37 $abs_path = (!defined $1) ? "." : File::Spec->rel2abs ($1);
38 $me = (!defined $2) ? $0 : $2;
41 $lib_path = "$abs_path/../lib";
42 $log_path = "$abs_path/../log";
43 $triggers_path = "$abs_path/../triggers";
45 # Add the appropriate path to our modules to @INC array.
46 unshift (@INC, "$lib_path");
51 # Name of permissions element to search for
52 my $permissions_element = ".perms";
54 # Trigger environment variables used
55 my $pname = $ENV{CLEARCASE_PN};
56 my $user = $ENV{CLEARCASE_USER};
57 my $vob = $ENV{CLEARCASE_VOB_PN};
62 $path =~ m/(.*)[\/\\].*/;
67 # Returns the current group owner of the vob. This is the first group listed, not the'
68 # "Additional groups".
72 my @output = `cleartool describe vob:$vob 2>&1`;
76 if (/group AMERIQUEST\\(.*)/) {
84 # Returns the primary group using creds
86 my @output = `"C:\\Program Files\\Rational\\Clearcase\\etc\\utils\\creds.exe" 2>&1`;
90 if (/Primary group: AMERIQUEST\\(\S*).*/) {
95 return "Domain Users";
98 # Parsed the $permissions_element returning a list of permitted groups.
100 my $permissions_element = shift;
102 open PERMISSIONS_ELEMENT, $permissions_element
103 or clearlogmsg "Unable to open $permissions_element - $!\n", exit 1;
105 my @lines = <PERMISSIONS_ELEMENT>;
111 push @tidy_lines, $_;
117 # Compare the two string arrays and return 1 if there are any matches.
122 # Convert two array references to actual arrays
126 foreach my $item1 (@set1) {
127 foreach my $item2 (@set2) {
128 return 1 if $item1 eq $item2;
135 # Returns an array of (AMERIQUEST) group names for the user using creds.
137 my @output = `"C:\\Program Files\\Rational\\Clearcase\\etc\\utils\\creds.exe" 2>&1`;
144 # We should first see the Primary Grou
145 if (/Primary group: AMERIQUEST\\(.*) \(/) {
149 # When we hit the "Groups:" line then what follows is a list of groups
155 # Select only those that are specifically in the AMERIQUEST domain
156 if ($found eq 1 and /\s*AMERIQUEST\\(.*) \(/) {
164 # This routine will check to see if any of the user's groups are in the
165 # $permissions_element(s) by recursing up the directory looking for
166 # $permissions_element(s) then comparing those groups to the user's groups.
170 my @user_groups = @_;
172 # User may be attemptign to Add to Source Control in the current
173 # directory and have permissions to do so. When Add to Source
174 # Control runs it checks out the parent directory. The user
175 # typically will NOT have permissions to check out the parent
176 # directory! So for directory elements first check if the user is
177 # permitted as per $pname/$permissions_element BEFORE traversing up
178 # to the parent directory.
179 my @permitted_groups;
180 my $element_type = $ENV{CLEARCASE_ELTYPE};
182 if ($element_type =~ /directory/i) {
183 if (-e "$pname/$permissions_element") {
184 @permitted_groups = Parse ("$pname/$permissions_element");
185 return 1 if (IsAMember (\@user_groups, \@permitted_groups));
189 # Get parent directory
190 $pname = ParentDir $pname;
193 return 0 if !defined $pname;
195 if (-e "$pname/$permissions_element") {
196 @permitted_groups = Parse ("$pname/$permissions_element");
197 return 1 if (IsAMember (\@user_groups, \@permitted_groups));
200 # Recurse up to parent directory
201 return Permitted ($vob, $pname, @user_groups);
205 my $vob_group_owner = GetGroupOwner $vob;
206 my $group = GetPrimaryGroup;
207 my @user_groups = GetUserGroups;
210 if ($vob_group_owner eq $group) {
211 # Vob group openers are always permitted
213 } elsif ($pname =~ m/$permissions_element$/) {
214 # User trying to check out the $permissions_element!
215 $msg .= "Only members of the vob's initial group owners,\\n";
216 $msg .= "$vob_group_owner, may checkout the $permissions_element element!";
219 } elsif (Permitted ($vob, $pname, @user_groups)) {
222 $msg .= "The userid of $user is not a member of a group who is\\n";
223 $msg .= "permitted to check out elements from the folder\\n";
224 $msg .= ParentDir $pname;
225 $msg .= " of the $vob vob.";