问题
I would like to disable the rmver command in our UCM environment for security reasons. Unfortunately I know that some users use the command and so the request was formulated to disallow rmver only for elements that are "interesting" (in ClearCase terms, meaning have hyperlinks attached, etc.). The reasoning goes along "Why would I not be allowed to delete versions that are of absolutely no use and are not referenced anywhere?"
Even after telling them that the command is very dangerous they are not prepared to disable the command altogether.
Now I looked into the possibilities and found that in a pre-operation trigger script for rmver I do not have many environment variables to work with. The only thing I can think of is parsing CLEARCASE_CMDLINE.
For obvious reasons I would like to avoid that - first I don't deem it meaningful and secondly this variable is not set if a user uses the Windows GUI as far as I know.
Is there a way to disable the rmver command for "interesting" versions but not for versions without meta-data and/or hyperlinks etc.?
Best Regards
回答1:
Is there a way to disable the rmver command for "interesting" versions but not for versions without meta-data and/or hyperlinks
Not easily, but you can at least disable it (through a pre-op trigger) for everybody except some users.
That way, a compromise would be to allow rmver
, but only for a select few, responsible to not use it when "interesting" versions are detected.
The more complex solution would involve to call a script in order to check for label/hyperlink.
See this pre-op trigger for instance:
#############################################################
# PROT_LABEL_VER_CHECK.pl (Perl)
#
# Make sure version cannot be removed if it has a matching
# protected label attached.
#
# Note:
#
# Arguments: pattern_1 [pattern_2..pattern_N]
#
# Author: A Better Solution, Inc.
# email: support@abs-consulting.com
# URL: http://www.abs-consulting.com
# Date: Jan. 29, 2005
############################################################
# History: 01/29/2005 : Created for A Better Solution, Inc.
############################################################
This trigger script PROT_LABEL_VER_CHECK is expected to be called from a pre-op trigger.
Create an element all trigger and apply to specified operations like:
cleartool mkttype -ele -all -pre rmver \
-c "Prevents removal of versions with protected labels attached." \
-exec "{path}\perl {path}\PROT_LABEL_VER_CHECK.pl '^REL_*' '^BLD_*'" PROT_LABEL_VER_CHECK
It use the $XPN = ("$ENV{'CLEARCASE_XPN'}");
in order to access the version being rmnamed.
You can then use fmt_ccase to describe that version for the specific elements you are after.
For instance, for labels:
`$CLEARTOOL desc -fmt \%l "$XPN"`;
You would split the output, and do your check:
$label_line = `$CLEARTOOL desc -fmt \%l "$XPN"`;
chomp ($label_line);
if ($label_line eq "")
{ exit 0; }
($junk, $label_list) = split (/[\(\)]/, $label_line);
$label_list =~ s/\s//g;
@labels = split (/,/, $label_list);
//
foreach $label (@labels)
{
foreach $pattern (@patterns)
{
$pattern =~ s/'//g;
//'
if ($label =~ /$pattern/)
{
$MSG = "Enterprise policy prohibits you from removing this version that has any protected label applied. \n\n$XPN\n\nhas the following labels applied:\n\n$label_line.";
gripe ($MSG, 3);
}
}
}
来源:https://stackoverflow.com/questions/26215182/partly-disallow-rmver-in-ucm