def ensure_group(): """Create Perforce group git-fusion-group if not already exists.""" users = [] # Keep the order of the users in the same order that P4 insists on # (if the order doesn't match then the group is updated repeatedly). users.append(p4gf_const.P4GF_REVIEWS__ALL_GF) users.append(p4gf_const.P4GF_REVIEWS__NON_GF) users.append(p4gf_util.gf_reviews_user_name()) users.append(p4gf_const.P4GF_USER) args = [p4, NTR("group")] spec = {'Timeout': NTR('unlimited'), 'Users': users} kwargs = {'spec_id': p4gf_const.P4GF_GROUP, 'values': spec} if not p4gf_util.ensure_spec(*args, **kwargs): # We change the list of users in the group from time to time, # so ensure the membership is up to date. users = p4gf_util.first_dict(p4.run('group', '-o', p4gf_const.P4GF_GROUP))['Users'] # Add the gf_reviews_user_name if not already in the group. # This avoids removing already existing reviews users from multiple GF instances. if not p4gf_util.gf_reviews_user_name() in users: users.append(p4gf_util.gf_reviews_user_name()) spec = {'Timeout': NTR('unlimited'), 'Users': users} kwargs = {'spec_id': p4gf_const.P4GF_GROUP, 'values': spec} if p4gf_util.ensure_spec_values(*args, **kwargs): Verbosity.report(Verbosity.INFO , _("Group '{}' updated.").format(p4gf_const.P4GF_GROUP)) else: Verbosity.report(Verbosity.INFO, _("Group '{}' already up to date.") .format(p4gf_const.P4GF_GROUP)) else: Verbosity.report(Verbosity.INFO, _("Group '{}' already up to date.") .format(p4gf_const.P4GF_GROUP)) return False else: Verbosity.report(Verbosity.INFO, _("Group '{}' created.").format(p4gf_const.P4GF_GROUP)) return True
def set_passwd_and_login(created, user, passwd=None): """If creating the user, conditionally prompt for and set the passwd.""" global P4_PASSWD, PROMPT_FOR_PASSWD if created: if PROMPT_FOR_PASSWD: prompt_msg = _("Set one password for Perforce users 'git-fusion-user'" "\nand 'git-fusion-reviews-*'.") # When creating additional Git Fusion instance only the new reviews will be created. # Catch this case and avoid a misleading prompt. if user == p4gf_util.gf_reviews_user_name(): prompt_msg = _("Enter a new password for Perforce user '{user}'.").format( user=user) try: P4_PASSWD = get_passwd(prompt_msg) except KeyboardInterrupt: Verbosity.report( Verbosity.INFO, _("\n Stopping. Passwords not set.")) sys.exit(1) # If we prompted, do so once and use for all the service users, # even if the user enters no password at all. PROMPT_FOR_PASSWD = False if not P4_PASSWD: Verbosity.report( Verbosity.INFO, _("Empty password. Not setting passwords.")) # passwd may be suppressed with --nopasswd option, which also suppresses the prompt. # We always set the passwd for unknown_git - from random passwd=xxx parameter # The global P4_PASSWd for the GF users may not be set (--nopasswd) if P4_PASSWD or passwd: if passwd: set_passwd(user, passwd) else: set_passwd(user, P4_PASSWD) Verbosity.report( Verbosity.INFO, _("Password set for Perforce user '{user}'.") .format(user=user)) r = p4.run_login(user) msg = re.sub(user, "'" + user + "'", r[0]) Verbosity.report(Verbosity.INFO, msg) else: if user in (p4gf_const.P4GF_USER, p4gf_const.P4GF_REVIEWS__NON_GF, p4gf_const.P4GF_REVIEWS__ALL_GF, p4gf_util.gf_reviews_user_name()): if p4_has_login(user) == LOGIN_NEEDS_TICKET: r = p4.run_login(user) msg = re.sub(user, "'" + user + "'", r[0]) Verbosity.report(Verbosity.INFO, msg)
def connect(self): ''' Connect the p4 and p4gf connections. Note: p4gf_reviews and p4gf_reviews_non_gf are not connected! If this is the first time connecting, complete context initialization. ''' # if previously connected, just reconnect if self.p4: if not self.p4.connected(): p4_connect(self.p4) if not self.p4gf.connected(): p4_connect(self.p4gf) return # create connections and use them to complete initialization of context self.p4 = self.__make_p4( client=self.config.p4client ) self.p4gf = self.__make_p4( client=self.config.p4client_gf ) self.p4gf_reviews = self.__make_p4( user = p4gf_util.gf_reviews_user_name() , connect = False ) self.p4gf_reviews_non_gf = self.__make_p4( user = p4gf_const.P4GF_REVIEWS__NON_GF , connect = False ) self._client_pool = ClientPool(self) self.__wrangle_charset() self.get_timezone_serverversion() self.__set_branch_creation() self.__set_merge_commits() self.__set_submodules() self.__set_change_owner() self.__set_up_paths()
def set_user_passwd_if_created(created, user): '''If creating the user, conditionally prompt for and set the passwd.''' global P4_PASSWD, PROMPT_FOR_PASSWD if created: if PROMPT_FOR_PASSWD: prompt_msg = _("Set one password for Perforce users 'git-fusion-user'" "\nand 'git-fusion-reviews-*'.") # When creating additional Git Fusion instance only the new reviews will be created. # Catch this case and avoid a misleading prompt. if user == p4gf_util.gf_reviews_user_name(): prompt_msg = _("Enter a new password for Perforce user '{0}'.").format(user) try: P4_PASSWD = get_passwd(prompt_msg) except KeyboardInterrupt: Verbosity.report(Verbosity.INFO, _("\n Stopping. Passwords not set.")) sys.exit(1) # If we prompted, do so once and use for all the service users, # even if the user enters no password at all. PROMPT_FOR_PASSWD = False if not P4_PASSWD: Verbosity.report(Verbosity.INFO, _("Empty password. Not setting passwords.")) # passwd may be suppressed with --nopasswd option, which also suppresses the prompt. if P4_PASSWD: set_passwd(user, P4_PASSWD) Verbosity.report(Verbosity.INFO, _("Password set for Perforce user '{}'.").format(user))
def connect(self): ''' Connect the p4 and p4gf connections. Note: p4gf_reviews and p4gf_reviews_non_gf are not connected! If this is the first time connecting, complete context initialization. ''' # if previously connected, just reconnect if self.p4: if not self.p4.connected(): p4_connect(self.p4) if not self.p4gf.connected(): p4_connect(self.p4gf) return # create connections and use them to complete initialization of context self.p4 = self.__make_p4(client=self.config.p4client) self.p4gf = self.__make_p4(client=self.config.p4client_gf) self.p4gf_reviews = self.__make_p4( user=p4gf_util.gf_reviews_user_name(), connect=False) self.p4gf_reviews_non_gf = self.__make_p4( user=p4gf_const.P4GF_REVIEWS__NON_GF, connect=False) self._client_pool = ClientPool(self) self.__wrangle_charset() self.get_timezone_serverversion() self.__set_branch_creation() self.__set_merge_commits() self.__set_submodules() self.__set_change_owner() self.__set_up_paths()
def set_user_passwd_if_created(created, user): '''If creating the user, conditionally prompt for and set the passwd.''' global P4_PASSWD, PROMPT_FOR_PASSWD if created: if PROMPT_FOR_PASSWD: prompt_msg = _( "Set one password for Perforce users 'git-fusion-user'" "\nand 'git-fusion-reviews-*'.") # When creating additional Git Fusion instance only the new reviews will be created. # Catch this case and avoid a misleading prompt. if user == p4gf_util.gf_reviews_user_name(): prompt_msg = _("Enter a new password for Perforce user '{0}'." ).format(user) try: P4_PASSWD = get_passwd(prompt_msg) except KeyboardInterrupt: Verbosity.report(Verbosity.INFO, _("\n Stopping. Passwords not set.")) sys.exit(1) # If we prompted, do so once and use for all the service users, # even if the user enters no password at all. PROMPT_FOR_PASSWD = False if not P4_PASSWD: Verbosity.report(Verbosity.INFO, _("Empty password. Not setting passwords.")) # passwd may be suppressed with --nopasswd option, which also suppresses the prompt. if P4_PASSWD: set_passwd(user, P4_PASSWD) Verbosity.report( Verbosity.INFO, _("Password set for Perforce user '{}'.").format(user))
def ensure_group(): """Create Perforce group git-fusion-group if not already exists.""" users = [] # Keep the order of the users in the same order that P4 insists on # (if the order doesn't match then the group is updated repeatedly). users.append(p4gf_const.P4GF_REVIEWS__ALL_GF) users.append(p4gf_const.P4GF_REVIEWS__NON_GF) users.append(p4gf_util.gf_reviews_user_name()) users.append(p4gf_const.P4GF_USER) args = [p4, NTR("group")] spec = {'Timeout': NTR('unlimited'), 'Users': users} kwargs = {'spec_id': p4gf_const.P4GF_GROUP, 'values': spec} if not p4gf_util.ensure_spec(*args, **kwargs): # We change the list of users in the group from time to time, # so ensure the membership is up to date. users = p4gf_util.first_dict( p4.run('group', '-o', p4gf_const.P4GF_GROUP))['Users'] # Add the gf_reviews_user_name if not already in the group. # This avoids removing already existing reviews users from multiple GF instances. if not p4gf_util.gf_reviews_user_name() in users: users.append(p4gf_util.gf_reviews_user_name()) spec = {'Timeout': NTR('unlimited'), 'Users': users} kwargs = {'spec_id': p4gf_const.P4GF_GROUP, 'values': spec} if p4gf_util.ensure_spec_values(*args, **kwargs): Verbosity.report( Verbosity.INFO, _("Group '{}' updated.").format(p4gf_const.P4GF_GROUP)) else: Verbosity.report( Verbosity.INFO, _("Group '{}' already up to date.").format( p4gf_const.P4GF_GROUP)) else: Verbosity.report( Verbosity.INFO, _("Group '{}' already up to date.").format( p4gf_const.P4GF_GROUP)) return False else: Verbosity.report( Verbosity.INFO, _("Group '{}' created.").format(p4gf_const.P4GF_GROUP)) return True
def ensure_users(): """Create Perforce user git-fusion-user, and reviews users if not already extant.""" default_auth_method = get_auth_method() has_auth_check, has_service_check = has_auth_check_trigger() set_perforce_auth_method = default_auth_method and default_auth_method != 'perforce' # These ensure_user-* methods always set AuthMethod to 'perforce' created = p4gf_p4spec.ensure_user_gf(p4, set_perforce_auth_method) log_user_info(created, has_auth_check, p4gf_const.P4GF_USER, default_auth_method) if not has_auth_check: set_passwd_and_login(created, p4gf_const.P4GF_USER) created = p4gf_p4spec.ensure_user_reviews(p4, set_perforce_auth_method) log_user_info(created, has_service_check, p4gf_util.gf_reviews_user_name(), default_auth_method) if not has_service_check: set_passwd_and_login(created, p4gf_util.gf_reviews_user_name()) created = p4gf_p4spec.ensure_user_reviews_non_gf(p4, set_perforce_auth_method) log_user_info(created, has_service_check, p4gf_const.P4GF_REVIEWS__NON_GF, default_auth_method) if not has_service_check: set_passwd_and_login(created, p4gf_const.P4GF_REVIEWS__NON_GF) created = p4gf_p4spec.ensure_user_reviews_all_gf(p4, set_perforce_auth_method) log_user_info(created, has_service_check, p4gf_const.P4GF_REVIEWS__ALL_GF, default_auth_method) if not has_service_check: set_passwd_and_login(created, p4gf_const.P4GF_REVIEWS__ALL_GF) if CREATE_UNKNOWN_GIT: created = p4gf_p4spec.ensure_unknown_git(p4, set_perforce_auth_method) log_user_info(created, has_auth_check, p4gf_const.P4GF_UNKNOWN_USER, default_auth_method) if not has_auth_check: passwd = str(uuid.uuid4().hex).upper()[-10:] + '$#z' set_passwd_and_login(created, p4gf_const.P4GF_UNKNOWN_USER, passwd=passwd) # Report whether 'unknown_git' exists. e = p4gf_util.service_user_exists(p4, p4gf_const.P4GF_UNKNOWN_USER) _exists = ( _("Git Fusion user '{user}' does not exist.") , _("Git Fusion user '{user}' exists.")) Verbosity.report(Verbosity.INFO, _exists[e].format(user=p4gf_const.P4GF_UNKNOWN_USER))
def _ensure_specs_created(p4): """Ensure that various specs have been created by p4gf_super_init.""" spec_list = [ ['user', p4gf_const.P4GF_USER], ['user', p4gf_util.gf_reviews_user_name()], ['user', p4gf_const.P4GF_REVIEWS__NON_GF], ['group', p4gf_const.P4GF_GROUP], ['depot', p4gf_const.P4GF_DEPOT] ] for spec_type, spec_id in spec_list: if not p4gf_p4spec.spec_exists(p4, spec_type, spec_id): raise RuntimeError(_("error: {spec_type} '{spec_id}' does not exist." " Please contact your administrator.") .format(spec_type=spec_type, spec_id=spec_id))
def ensure_users(): """Create Perforce user git-fusion-user, and reviews users if not already extant.""" created = p4gf_util.ensure_user_gf(p4) log_info(created, p4gf_const.P4GF_USER) set_user_passwd_if_created(created, p4gf_const.P4GF_USER) created = p4gf_util.ensure_user_reviews(p4) log_info(created, p4gf_util.gf_reviews_user_name()) set_user_passwd_if_created(created, p4gf_util.gf_reviews_user_name()) created = p4gf_util.ensure_user_reviews_non_gf(p4) log_info(created, p4gf_const.P4GF_REVIEWS__NON_GF) set_user_passwd_if_created(created, p4gf_const.P4GF_REVIEWS__NON_GF) created = p4gf_util.ensure_user_reviews_all_gf(p4) log_info(created, p4gf_const.P4GF_REVIEWS__ALL_GF) set_user_passwd_if_created(created, p4gf_const.P4GF_REVIEWS__ALL_GF) # Report whether 'unknown_git' exists. Do not create. e = p4gf_util.service_user_exists(p4, p4gf_const.P4GF_UNKNOWN_USER) _exists = ( _("Git Fusion user '{0}' does not exist.") , _("Git Fusion user '{0}' exists.")) Verbosity.report(Verbosity.INFO, _exists[e].format(p4gf_const.P4GF_UNKNOWN_USER))
def ensure_users(): """Create Perforce user git-fusion-user, and reviews users if not already extant.""" created = p4gf_util.ensure_user_gf(p4) log_info(created, p4gf_const.P4GF_USER) set_user_passwd_if_created(created, p4gf_const.P4GF_USER) created = p4gf_util.ensure_user_reviews(p4) log_info(created, p4gf_util.gf_reviews_user_name()) set_user_passwd_if_created(created, p4gf_util.gf_reviews_user_name()) created = p4gf_util.ensure_user_reviews_non_gf(p4) log_info(created, p4gf_const.P4GF_REVIEWS__NON_GF) set_user_passwd_if_created(created, p4gf_const.P4GF_REVIEWS__NON_GF) created = p4gf_util.ensure_user_reviews_all_gf(p4) log_info(created, p4gf_const.P4GF_REVIEWS__ALL_GF) set_user_passwd_if_created(created, p4gf_const.P4GF_REVIEWS__ALL_GF) # Report whether 'unknown_git' exists. Do not create. e = p4gf_util.service_user_exists(p4, p4gf_const.P4GF_UNKNOWN_USER) _exists = (_("Git Fusion user '{0}' does not exist."), _("Git Fusion user '{0}' exists.")) Verbosity.report(Verbosity.INFO, _exists[e].format(p4gf_const.P4GF_UNKNOWN_USER))
def is_locked_by_review(p4, clientmap, check_for_self=False): """Check whether any other GF/submit users have my views under Review""" gf_user = p4gf_util.gf_reviews_user_name() repo_views = remove_exclusionary_maps(clientmap.lhs()) cmd = [NTR('reviews')] + [p4gf_util.dequote(l) for l in repo_views] reviewers = p4gf_util.p4run_logged(p4, cmd) for user in reviewers: _user = user['user'] if _user.startswith(p4gf_const.P4GF_REVIEWS_GF): if _user == p4gf_const.P4GF_REVIEWS__ALL_GF: continue # skip the union Reviews - used only by trigger if check_for_self: if _user == gf_user: return True, gf_user if _user != gf_user: # always check if another user has this view locked return True, _user return False, None
def ensure_user_reviews(p4, auth_method=None): """Create user git-fusion-reviews it not already exists. Requires that connection p4 has super permissions. Return True if created, False if already exists. """ user = p4gf_util.gf_reviews_user_name() if auth_method: spec = { 'FullName': _('Git Fusion Reviews'), 'AuthMethod': 'perforce', 'Type': 'service' } else: spec = { 'FullName': _('Git Fusion Reviews'), 'Type': 'service' } return ensure_spec(p4, NTR('user'), spec_id=user, args='-f', values=spec)
def lock_update_repo_reviews(ctx, repo, clientmap, action=None): """Lock on this gf-instance counter lock then add the repo views to the service user account. Use 'p4 reviews' to check whether views are locked. Cleanup reviews on rejection. """ p4 = ctx.p4gf user = p4gf_util.gf_reviews_user_name() if not p4gf_util.service_user_exists(p4, user): raise RuntimeError(_("Git Fusion: GF instance reviews user '{}' does not exist") .format(user)) LOG.debug3("user:{} repo:{} action:{}".format(user, repo, action)) if p4gf_version.p4d_version(p4) < P4D_VERSION_NO_NON_GF_CLEANUP: with p4gf_create_p4.Connector(ctx.p4gf_reviews_non_gf) as p4_reviews_non_gf: cleanup_non_gf_reviews(p4, p4_reviews_non_gf) with p4gf_create_p4.Connector(ctx.p4gf_reviews) as p4_reviews: with p4gf_lock.user_spec_lock(p4, user): intersects = update_repo_reviews(p4_reviews, user, clientmap, action=action) # When action == ADD, before updating reviews # update_repo_reviews checks for a conflict with self - this p4_reviews user # this check handles the case of overlapping views pushed to the same GF server # if it detects a conflict it returns INTERSECT and does not update the user reviews if intersects == INTERSECT: msg = p4gf_const.P4GF_LOCKED_BY_MSG.format(user=user) LOG.error(msg) LOG.error("clientmap: {}".format(clientmap)) raise LockConflict(msg) if action == ADD: # Here we check if another P4GF_REVIEWS_GF service user already has locked the view # After we have released the lock is_locked, by_user = is_locked_by_review(p4, clientmap) if is_locked: # get the lock again for cleanup and remove the views we just added with p4gf_lock.user_spec_lock(p4, user): update_repo_reviews(p4_reviews, user, clientmap, action=REMOVE) msg = p4gf_const.P4GF_LOCKED_BY_MSG.format(user=by_user) LOG.error(msg) LOG.error("clientmap: {}".format(clientmap)) raise LockConflict(msg)
def set_passwd(user, passwd): """Set the P4 passwd for user. Assumes super user priviledge.""" with p4.at_exception_level(p4.RAISE_NONE): p4.input = passwd r = p4.run_passwd(user) Verbosity.report(Verbosity.DEBUG, NTR('p4 passwd\n{}').format(r)) if p4.errors: Verbosity.report( Verbosity.ERROR, _("Unable to run 'p4 passwd -P xxx {user}'.").format(user=user)) for e in p4.errors: Verbosity.report(Verbosity.ERROR, e) Verbosity.report( Verbosity.ERROR, _("You must set passwords for Git Fusion users and re-run configure-git-fusion.sh")) Verbosity.report( Verbosity.ERROR, _("Git Fusion users are: {gf_user} {reviews_user} {non_gf} {all_gf}") .format(gf_user=p4gf_const.P4GF_USER, reviews_user=p4gf_util.gf_reviews_user_name(), non_gf=p4gf_const.P4GF_REVIEWS__NON_GF, all_gf=p4gf_const.P4GF_REVIEWS__ALL_GF)) sys.exit(2)
def _global_init(p4): """Check that p4gf_super_init has been run and created the following * user git-fusion-user * depot //P4GF_DEPOT * group git-fusion-pull * group git-fusion-push * protects entries """ # # The global initialization process below must be idempotent in the sense # that it is safe to perform more than once. As such, there are checks to # determine if work is needed or not, and if that work results in an # error, log and carry on with the rest of the steps, with the assumption # that a previous attempt had failed in the middle (or possibly that # another instance of Git Fusion has started at nearly the same time as # this one). # p4gf_util.has_server_id_or_exit() spec_list = { 'user1': p4gf_const.P4GF_USER, 'user2': p4gf_util.gf_reviews_user_name(), 'user3': p4gf_const.P4GF_REVIEWS__NON_GF, 'group': p4gf_const.P4GF_GROUP, 'depot': p4gf_const.P4GF_DEPOT } for spec_type, spec_id in spec_list.items(): spec_type = re.sub(NTR(r'\d$'), '', spec_type) if not p4gf_util.spec_exists(p4, spec_type, spec_id): # pylint:disable=C0301 raise RuntimeError(_("error: {spec_type} '{spec_id}' does not exist." " Please contact your administrator.") .format(spec_type=spec_type, spec_id=spec_id)) # pylint:enable=C0301 for group in [p4gf_group.PERM_PULL, p4gf_group.PERM_PUSH]: c = p4gf_group.create_global_perm(p4, group) if c: _info(_("Global permission group '{}' created.").format(group)) else: _info(_("Global permission group '{}' already exists.").format(group)) c = p4gf_group.create_default_perm(p4) if c: _info(_("Default permission counter '{}' set to '{}'.") .format( p4gf_const.P4GF_COUNTER_PERMISSION_GROUP_DEFAULT , p4gf_group.DEFAULT_PERM )) else: _info(_("Default permission counter '{}' already exists.") .format(p4gf_const.P4GF_COUNTER_PERMISSION_GROUP_DEFAULT)) # Require that single git-fusion-user have admin privileges # over the //P4GF_DEPOT/ depot is_protects_empty = False try: p4.run('protects', '-u', p4gf_const.P4GF_USER, '-m', '//{depot}/...'.format(depot=p4gf_const.P4GF_DEPOT)) except P4.P4Exception: # Why MsgDm_ReferClient here? Because p4d 11.1 returns # "must refer to client" instead of # "Protections table is empty" when given a depot path to # 'p4 protects -m -u'. Surprise! if p4gf_p4msg.find_all_msgid(p4, [ p4gf_p4msgid.MsgDm_ProtectsEmpty , p4gf_p4msgid.MsgDm_ReferClient ]): is_protects_empty = True # All other errors are fatal, propagated. if is_protects_empty: # - order the lines in increasing permission # - end with at least one user (even a not-yet-created user) with super # write user * * //... # admin user git-fusion-user * //... # super user super * //... p4gf_util.set_spec(p4, 'protect', values={ 'Protections': ["super user * * //...", "super user {user} * //...".format(user=p4gf_const.P4GF_USER), "admin user {user} * //{depot}/..." .format(user=p4gf_const.P4GF_USER, depot=p4gf_const.P4GF_DEPOT)]}) _info(_('Protects table set.'))
def _global_init(p4): """Check that p4gf_super_init has been run and created the following * user git-fusion-user * depot //P4GF_DEPOT * group git-fusion-pull * group git-fusion-push * protects entries """ # # The global initialization process below must be idempotent in the sense # that it is safe to perform more than once. As such, there are checks to # determine if work is needed or not, and if that work results in an # error, log and carry on with the rest of the steps, with the assumption # that a previous attempt had failed in the middle (or possibly that # another instance of Git Fusion has started at nearly the same time as # this one). # p4gf_util.has_server_id_or_exit() spec_list = { 'user1': p4gf_const.P4GF_USER, 'user2': p4gf_util.gf_reviews_user_name(), 'user3': p4gf_const.P4GF_REVIEWS__NON_GF, 'group': p4gf_const.P4GF_GROUP, 'depot': p4gf_const.P4GF_DEPOT } for spec_type, spec_id in spec_list.items(): spec_type = re.sub(NTR(r'\d$'), '', spec_type) if not p4gf_util.spec_exists(p4, spec_type, spec_id): # pylint:disable=C0301 raise RuntimeError( _("error: {spec_type} '{spec_id}' does not exist." " Please contact your administrator.").format( spec_type=spec_type, spec_id=spec_id)) # pylint:enable=C0301 for group in [p4gf_group.PERM_PULL, p4gf_group.PERM_PUSH]: c = p4gf_group.create_global_perm(p4, group) if c: _info(_("Global permission group '{}' created.").format(group)) else: _info( _("Global permission group '{}' already exists.").format( group)) c = p4gf_group.create_default_perm(p4) if c: _info( _("Default permission counter '{}' set to '{}'.").format( p4gf_const.P4GF_COUNTER_PERMISSION_GROUP_DEFAULT, p4gf_group.DEFAULT_PERM)) else: _info( _("Default permission counter '{}' already exists.").format( p4gf_const.P4GF_COUNTER_PERMISSION_GROUP_DEFAULT)) # Require that single git-fusion-user have admin privileges # over the //P4GF_DEPOT/ depot is_protects_empty = False try: p4.run('protects', '-u', p4gf_const.P4GF_USER, '-m', '//{depot}/...'.format(depot=p4gf_const.P4GF_DEPOT)) except P4.P4Exception: # Why MsgDm_ReferClient here? Because p4d 11.1 returns # "must refer to client" instead of # "Protections table is empty" when given a depot path to # 'p4 protects -m -u'. Surprise! if p4gf_p4msg.find_all_msgid( p4, [p4gf_p4msgid.MsgDm_ProtectsEmpty, p4gf_p4msgid.MsgDm_ReferClient ]): is_protects_empty = True # All other errors are fatal, propagated. if is_protects_empty: # - order the lines in increasing permission # - end with at least one user (even a not-yet-created user) with super # write user * * //... # admin user git-fusion-user * //... # super user super * //... p4gf_util.set_spec(p4, 'protect', values={ 'Protections': [ "super user * * //...", "super user {user} * //...".format( user=p4gf_const.P4GF_USER), "admin user {user} * //{depot}/...".format( user=p4gf_const.P4GF_USER, depot=p4gf_const.P4GF_DEPOT) ] }) _info(_('Protects table set.'))