#!/usr/bin/env python3
"""
bugfix 模块 RBAC 权限管理脚本
仅限 developer 角色使用

使用方法:
    cd ~/repos/sage
    ./py3/bin/python ~/test/bugfix/scripts/load_path.py
"""

import subprocess
import os
import sys


def find_sage_root():
	candidates = [
		os.path.expanduser("~/repos/sage"),
		os.path.expanduser("~/sage"),
	]
	for c in candidates:
		if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")):
			return c
	return None


SAGE_ROOT = find_sage_root()
if not SAGE_ROOT:
	print("ERROR: Cannot find Sage root directory")
	sys.exit(1)

PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python")
SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py")

MOD = "bugfix"

# ============================================================
# 权限路径定义 — 仅 developer 角色可访问
# ============================================================

# developer — 仅开发者
PATHS_DEVELOPER = [
	f"/{MOD}",
	f"/{MOD}/index.ui",
	f"/{MOD}/api/execute_sql.dspy",
	f"/{MOD}/api/read_log.dspy",
	f"/{MOD}/api/tail_log.dspy",
]


def run_set_perm(role, path):
	cmd = [PYTHON, SET_PERM_SCRIPT, role, path]
	result = subprocess.run(cmd, capture_output=True, text=True)
	return result.returncode == 0


def register_role_paths(role, paths):
	count = 0
	for p in paths:
		if run_set_perm(role, p):
			count += 1
	print(f"  {role}: {count}/{len(paths)} paths registered")
	return count


def main():
	print(f"Sage root: {SAGE_ROOT}")
	print("Registering bugfix module RBAC permissions (owner.developer only)...")
	total = 0
	total += register_role_paths("owner.developer", PATHS_DEVELOPER)
	print(f"\nDone. Total {total} permission entries registered.")
	print("NOTE: Restart Sage after permission changes to reload RBAC cache.")


if __name__ == "__main__":
	main()