Role-based preoperation trigger script

The following preoperation trigger script maps users to the following roles:

• Project manager
• Integrator
• Developer

use strict;

sub has_permission
{
   my ($user,$op,$pop,$proj) = @_;

   #When performing a composite operation like 'deliver' or 'rebase',
   #we don’t need to check permissions on the individual sub-operations
   #that make up the composite.

   return 1 if($pop eq 'deliver_start' || $pop eq 'rebase_start' ||
          ($pop eq 'deliver_complete' || $pop eq 'rebase_complete' ||
          ($pop eq 'deliver_cancel' || $pop eq 'rebase_cancel');

   # Which roles can perform what operations?
   # Note that these maps can be stored in the HCL VersionVault attribute
   # on each project instead of hard-coded here in the trigger script
   # to give true per-project control.

   my %map_op_to_roles = (
      mkactivity => [ "projectmgr", "integrator", "developer" ],
      mkbl       => [ "projectmgr", "integrator" ],
      mkstream   => [ "projectmgr", "integrator", "developer" ],
   );

   # Which users belong to what roles?

   my %map_role_to_users = (
      projectmgr => [ "kate" ],
      integrator => [ "kate", "mike" ],
      developer  => [ "kate", "mike", "jones" ],
   );

   # Does user belong to any of the roles that can perform this 
operation?

   my ($role,$tmp_user);

   for $role (@{ $map_op_to_roles{$op} }) {
      for $tmp_user (@{ $map_role_to_users{$role} }) {
         if ($tmp_user eq $user) {
            return 1;
         }
      }
   }

   return 0;
}
sub Main
{
   my $user = $ENV{CLEARCASE_USER};
   my $proj = $ENV{CLEARCASE_PROJECT};
   my $op   = $ENV{CLEARCASE_OP_KIND};
   my $pop  = $ENV{CLEARCASE_POP_KIND};

   my $perm = has_permission($user, $op, $proj);

   printf("$user %s permission to perform '$op' in project $proj\n",
      $perm ? "has" : "does NOT have");

   exit($perm ? 0 : 1);
}

Main();