[p4] Restrict creating jobs for general users

P4Shimada perforce-user-forum at forums.perforce.com
Thu May 28 17:45:01 PDT 2015


Posted on behalf of forum user 'P4Shimada'.

Hi,

Here are some more detailed specifics which I hope are helpful to you.

To run the 'p4 job' command in read only mode, it means the following:

- Users cannot use the '-f' force flag jobs
- Users cannot use the '-d' delete flag for jobs
- Users cannot use the '-i' flag for jobs

The '-o' flag which just outputs the contents for the job is fine.

You could decide if you want the users to be able to run the command:

    p4 job jobxxxxx

where it opens the job form but does not allow the user to save any
modification to that form. If that is the case, you need to use a
form-out trigger which basically points to a simple script with
pseudo code like:

   if user is in group 'readjob'
Read/Open original formfile
   if (form does not equal original formfile) then exit with msg
   else exit


Otherwise, a more simple approach is to only allow the '-o' flag for the
'p4 job' command. You could do this with a 'pre-user-job'
command trigger or the broker. If you used the command trigger, the trigger
entry could look like something like this:

Triggers:
    jobs-RO command pre-user-job
"/home/user/triggers/jobs-RO.pl %user% %groups% %args%"

The script could then check the 'groups' variable and if the user
matches the read only jobs group then have it check the command flags and reject
anything that is not '-o'.

If you were using the broker, one approach is to use a command policy for each
job flag that allows edits (See Policy A example). Another approach is to put it
all in a script (See Policy B example) and have the script only allow the
'-o' job flag and execute for any users in the read only job group.

BROKER CONFIG POLICY-A

command: job
{
    user    = testgirl;
    flags = -f;
    action  = reject;
    message = "You can ONLY view jobs!";
}

BROKER CONFIG POLICY-B

command: job
{
    action  = filter;
    execute = ./jobs-RO.pl;
}

Using the simple broker approach example above, the command results would look
like this.

RESULTS

$ p4 job -f testgirl01
You can ONLY view jobs!

$ p4 job -d testgirl01
You can ONLY view jobs!

$ p4 job -i testgirl01
You can ONLY view jobs!



REFERENCES

- Broker Guide
http://www.perforce.com/perforce/doc.current/manuals/p4dist/chapter.broker.html



--
Please click here to see the post in its original format:
  http://forums.perforce.com/index.php?/topic/4109-restrict-creating-jobs-for-general-users



More information about the perforce-user mailing list