Topic
  • 1 reply
  • Latest Post - ‏2012-12-11T18:40:07Z by llandale
SystemAdmin
SystemAdmin
3180 Posts

Pinned topic Change permissions

‏2012-12-10T16:53:29Z |

Hello,

I'm trying to grant permissions based on the current status of a module. I do not want to change the module if it is read-only or if the IV&V lead is assigned. Otherwise the Engineering Lead should assigned accept for Test specs which should be the IV&V Lead. I was wondering if my logic is correct. Thank you. All help is appreciated.

Thank you,
Jim
 

// Generate Lead for current Project
 
/*
*/
 
pragma runLim,0 
//Regular Expression
const Regexp TestSpec = regexp2 ".*[tT][eE][sS][tT].*[sS].*"
 
/**********************************
    permission (recursive)
***********************************/
Permission permission (AccessRec ar) {
  Permission returned = none
  if read(ar)    then returned = returned | read
  if modify(ar)  then returned = returned | modify
  if create(ar)  then returned = returned | create
  if delete(ar)  then returned = returned | delete
  if control(ar) then returned = returned | control
  return returned
}//End permission.
 
/**********************************
        permission (recursive)
***********************************/
string permission (Permission p){
  string returned = ""
  if (p & read    == read   ) returned = returned "R"
  if (p & modify  == modify ) returned = returned "M"
  if (p & create  == create ) returned = returned "C"
  if (p & delete  == delete ) returned = returned "D"
  if (p & control == control) returned = returned "A"
  if (returned    == ""     ) returned = "none"
  return returned
}//End permission.
 
/**********************************
        ReadOnly
***********************************/
bool ReadOnly(Item I)
{
        bool ret = true
        AccessRec ar
        string userG = null
        int cnt = 0
 
        for ar in all I do 
        {
                userG = username(ar) " " permission(permission(ar))
                if(isDefault(ar))
                {
                        if(permission(permission(ar)) != "R")
                        {
                                ret = false
                                break
                        }
                }
                else if(userG != "CTF RMCA")
                {
                        ret = false
                        break
                }
                cnt++
        }
        
        if (cnt < 2) {ret = false}
        
        return ret
}//End ReadOnly.
 
/**********************************
        SetModAccess
***********************************/
void SetModAccess(Item m, Permission psn, string NameUser)
{    
        string err = set(m, psn, NameUser) // Set UserGroup/User. 
        if (!null err){errorBox(fullName(m) "\n" err)}
}//End SetModAccess().
 
/**********************************
        LeadControl
***********************************/
bool LeadControl(Item I)
{
        AccessRec ar
        bool found = false
        
        if(canControl(I) && !ReadOnly(I))
        {
                if(TestSpec fullName(I))
                {
                        for ar in I do
                        {
                                if(username(ar) == "IV&V Lead")
                                {
                                        found = true
                                        break
                                }
                        }
                        
                        if(!found)
                        {
                                // Set UserGroup/User
                                SetModAccess(I, control, "IV&V Lead") // (RMCA).
                                err = setImplied(I, null) // Turn off Propagate access rights.
                                        if (!null err){errorBox(fullName(I) "\n" err)}
                        }
                }
                else
                {
                        for ar in I do
                        {
                                if(username(ar) == "IV&V Lead")
                                {
                                        found = true
                                        break
                                }
                        }
                        
                        if(!found)
                        {
                                        // Set UserGroup/User
                                        SetModAccess(I, control, "Engineering Lead") // (RMCA).
                                        err = setImplied(I, null) // Turn off Propagate access rights.
                                                if (!null err){errorBox(fullName(I) "\n" err)}
                        }
                }
        }
        
        return(found)
}//End LeadControl()
 
/**********************************
        scanModule
***********************************/
void scanModule(Item itm)
{
        LeadControl(itm)
}
 
/*********************************
        scanFolder
**********************************/
void scanFolder(Folder f)
{
        Item itm
 
        for itm in f do
        {
                if (null itm) continue
                if (isDeleted(itm)) continue
 
                if ((type (itm) == "Project") || (type (itm) == "Folder"))
                {
                        scanFolder(folder(itm))
                }
                else if (type (itm) == "Formal")
                {
                        scanModule(itm)
                }
        }
}
 
/************************************
        MAIN
*************************************/
string currFolder = fullName current Folder
 
if (confirm("Assigned Lead for " currFolder "?"))
{
        print currFolder "\n"
        scanFolder(folder currFolder)
 
        // notify the user that the script is complete
        ack "Complete."
}
 
delete TestSpec
Updated on 2014-01-09T01:00:40Z at 2014-01-09T01:00:40Z by iron-man
  • llandale
    llandale
    2979 Posts

    Re: Change permissions

    ‏2012-12-11T18:40:07Z  
    • Seems to me you want to remove the Engineering access when 'found'.
    • Seems to me you need to check if the module hasSpecificAccess(mod, IsSpecific); and if not then set it to Specific and THEN adjust it's access records.
    • Standard full access is 'RMCDA' not 'RMCA'. I think that affects your code.
    • I wonder if you should MAKE a module 'Read Only' once you determine you want it to be.

    -Louie

    • I think you should remove comment '(recursive)' from 'permission()', and add it to 'scanFolder()'
    • Your group names should all be defined as constants at the top of the script.