#!/usr/bin/env python3
"""
accounting 模块 RBAC 权限管理脚本

使用方法:
    cd ~/repos/sage
    ./py3/bin/python ~/repos/accounting/scripts/load_path.py
"""

import subprocess
import os
import sys


def find_sage_root():
    candidates = [
        os.path.expanduser("~/repos/sage"),
        os.path.expanduser("~/sage"),
        os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))),
    ]
    for c in candidates:
        if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")):
            return c
    return None


SAGE_ROOT = find_sage_root()
if not SAGE_ROOT:
    print("ERROR: Cannot find Sage root directory")
    sys.exit(1)

PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python")
SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py")

MOD = "accounting"

# ============================================================
# 权限路径定义
# ============================================================

# any — 无需登录
PATHS_ANY = [
    f"/{MOD}/usermenu.ui",
]

# logined — 所有已登录用户
PATHS_LOGINED = [
    # 模块入口
    f"/{MOD}",
    f"/{MOD}/index.ui",

    # 顶层 .ui 页面
    f"/{MOD}/myaccounts.ui",
    f"/{MOD}/accdetail.ui",

    # 顶层 .dspy
    f"/{MOD}/accdetail.dspy",
    f"/{MOD}/billing.dspy",
    f"/{MOD}/billing_download.dspy",
    f"/{MOD}/get_user_balance.dspy",
    f"/{MOD}/myaccounts.dspy",
    f"/{MOD}/mybalance.dspy",
    f"/{MOD}/oca.dspy",
    f"/{MOD}/open_customer_accounts.dspy",
    f"/{MOD}/open_owner_accounts.dspy",
    f"/{MOD}/open_provider_accounts.dspy",
    f"/{MOD}/open_reseller_accounts.dspy",
    f"/{MOD}/open_reseller_provider_accounts.dspy",

    # 统计卡片 .ui
    f"/{MOD}/stat_total_balance.ui",
    f"/{MOD}/stat_today_consumption.ui",
    f"/{MOD}/stat_month_consumption.ui",
    f"/{MOD}/stat_account_count.ui",

    # acc_balance/
    f"/{MOD}/acc_balance/index.ui",
    f"/{MOD}/acc_balance/get_acc_balance.dspy",
    f"/{MOD}/acc_balance/add_acc_balance.dspy",
    f"/{MOD}/acc_balance/update_acc_balance.dspy",
    f"/{MOD}/acc_balance/delete_acc_balance.dspy",

    # acc_detail/
    f"/{MOD}/acc_detail/index.ui",
    f"/{MOD}/acc_detail/get_acc_detail.dspy",
    f"/{MOD}/acc_detail/add_acc_detail.dspy",
    f"/{MOD}/acc_detail/update_acc_detail.dspy",
    f"/{MOD}/acc_detail/delete_acc_detail.dspy",

    # account/
    f"/{MOD}/account/index.ui",
    f"/{MOD}/account/get_account.dspy",
    f"/{MOD}/account/add_account.dspy",
    f"/{MOD}/account/update_account.dspy",
    f"/{MOD}/account/delete_account.dspy",

    # account_config/
    f"/{MOD}/account_config/index.ui",
    f"/{MOD}/account_config/get_account_config.dspy",
    f"/{MOD}/account_config/add_account_config.dspy",
    f"/{MOD}/account_config/update_account_config.dspy",
    f"/{MOD}/account_config/delete_account_config.dspy",

    # accounting_config/
    f"/{MOD}/accounting_config/index.ui",
    f"/{MOD}/accounting_config/get_accounting_config.dspy",
    f"/{MOD}/accounting_config/add_accounting_config.dspy",
    f"/{MOD}/accounting_config/update_accounting_config.dspy",
    f"/{MOD}/accounting_config/delete_accounting_config.dspy",

    # accounting_log/
    f"/{MOD}/accounting_log/index.ui",
    f"/{MOD}/accounting_log/get_accounting_log.dspy",
    f"/{MOD}/accounting_log/add_accounting_log.dspy",
    f"/{MOD}/accounting_log/update_accounting_log.dspy",
    f"/{MOD}/accounting_log/delete_accounting_log.dspy",

    # subject/
    f"/{MOD}/subject/index.ui",
    f"/{MOD}/subject/get_subject.dspy",
    f"/{MOD}/subject/add_subject.dspy",
    f"/{MOD}/subject/update_subject.dspy",
    f"/{MOD}/subject/delete_subject.dspy",

    # credit_limit/
    f"/{MOD}/credit_limit/index.ui",
    f"/{MOD}/credit_limit/get_credit_limit.dspy",
    f"/{MOD}/credit_limit/add_credit_limit.dspy",
    f"/{MOD}/credit_limit/update_credit_limit.dspy",
    f"/{MOD}/credit_limit/delete_credit_limit.dspy",
    f"/{MOD}/credit_limit/hub.ui",
    f"/{MOD}/credit_limit/credit_manage.ui",
    f"/{MOD}/credit_limit/credit_overview.ui",
    f"/{MOD}/credit_limit/api/credit_summary.dspy",
    f"/{MOD}/credit_limit/api/set_credit_form.ui",
    f"/{MOD}/credit_limit/api/set_customer_credit.dspy",
]

# ============================================================
# 执行注册
# ============================================================


def run_set_perm(role, path):
    cmd = [PYTHON, SET_PERM_SCRIPT, role, path]
    result = subprocess.run(cmd, capture_output=True, text=True)
    return result.returncode == 0


def register_role_paths(role, paths):
    count = 0
    for p in paths:
        if run_set_perm(role, p):
            count += 1
    print(f"  {role}: {count}/{len(paths)} paths registered")
    return count


def main():
    print(f"Sage root: {SAGE_ROOT}")
    total = 0
    total += register_role_paths("any", PATHS_ANY)
    total += register_role_paths("logined", PATHS_LOGINED)
    print(f"\nDone. Total {total} permission entries registered.")
    print("NOTE: Restart Sage after permission changes to reload RBAC cache.")


if __name__ == "__main__":
    main()