diff --git a/init_superuser.py b/init_superuser.py new file mode 100644 index 0000000..f0307e5 --- /dev/null +++ b/init_superuser.py @@ -0,0 +1,118 @@ +""" +CMS RBAC权限初始化 — superuser角色 +为owner.superuser授予CMS所有权限 + +用法: cd ~/repos/cms && py3/bin/python init_superuser.py +""" +import os, sys, subprocess + +def find_app_root(): + """查找CMS应用根目录""" + script_dir = os.path.dirname(os.path.abspath(__file__)) + return script_dir + +app_root = find_app_root() +sage_root = None +for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]: + if os.path.isdir(os.path.join(c, "py3", "bin")): + sage_root = c + break +if not sage_root: + sage_root = app_root + +py = os.path.join(sage_root, "py3", "bin", "python") +sp = os.path.join(sage_root, "set_role_perm.py") if os.path.exists(os.path.join(sage_root, "set_role_perm.py")) else None + +if not sp: + print("ERROR: 找不到set_role_perm.py,请确保Sage或CMS已构建") + sys.exit(1) + +def run(role, paths): + assert sp is not None, "set_role_perm.py not found" + for p in paths: + print(f" {role:30s} {p}") + subprocess.run([py, sp, role, p], cwd=sage_root, capture_output=True) + +# ─── superuser — 所有权限 ─── +superuser_paths = [ + # entcms 公开页面 + "/index.ui", + "/news.ui", + "/news_detail.ui", + "/cases.ui", + "/products.ui", + "/cms_styles.css", + "/cms_scripts.js", + "/menu.ui", + "/admin.ui", + + # entcms 内容管理 + "/cms_content_list", "/cms_content_list/%", + "/api/cms_content_create.dspy", + "/api/cms_content_update.dspy", + "/api/cms_content_delete.dspy", + "/api/cms_content_list.dspy", + "/api/submit_content_approval.dspy", + + # entcms 分类管理 + "/cms_categories_list", "/cms_categories_list/%", + "/api/cms_categories_create.dspy", + "/api/cms_categories_update.dspy", + "/api/cms_categories_delete.dspy", + "/api/cms_categories_list.dspy", + "/api/category_options.dspy", + + # entcms 栏目管理 + "/cms_sections_list", "/cms_sections_list/%", + "/api/cms_sections_create.dspy", + "/api/cms_sections_update.dspy", + "/api/cms_sections_delete.dspy", + "/api/cms_sections_list.dspy", + + # entcms 站点配置 + "/cms_site_config_list", "/cms_site_config_list/%", + "/api/cms_site_config_create.dspy", + "/api/cms_site_config_update.dspy", + "/api/cms_site_config_delete.dspy", + "/api/cms_site_config_list.dspy", + + # entcms 线索管理 + "/cms_leads_list", "/cms_leads_list/%", + "/api/cms_leads_create.dspy", + "/api/cms_leads_update.dspy", + "/api/cms_leads_delete.dspy", + "/api/cms_leads_list.dspy", + + # entcms 其他API + "/api/submit_lead.dspy", + "/api/get_config.dspy", + "/api/get_published_content.dspy", + "/api/get_content_detail.dspy", + "/api/get_sections.dspy", + + # dingdingflow + "/dingdingflow", + "/dingdingflow/index.ui", + "/dingdingflow/menu.ui", + "/dingdingflow/api/dingtalk_callback.dspy", + "/dingdingflow/api/submit_approval.dspy", + + # dingdingflow 审批配置 + "/dingdingflow/dd_approval_configs", "/dingdingflow/dd_approval_configs/%", + "/dingdingflow/api/dd_approval_configs_create.dspy", + "/dingdingflow/api/dd_approval_configs_update.dspy", + "/dingdingflow/api/dd_approval_configs_delete.dspy", + "/dingdingflow/api/dd_approval_configs_list.dspy", + + # dingdingflow 审批单 + "/dingdingflow/dd_approvals", "/dingdingflow/dd_approvals/%", + "/dingdingflow/api/dd_approvals_create.dspy", + "/dingdingflow/api/dd_approvals_update.dspy", + "/dingdingflow/api/dd_approvals_delete.dspy", + "/dingdingflow/api/dd_approvals_list.dspy", +] + +print("=== CMS RBAC权限初始化 — superuser ===") +print(f"\\n--- owner.superuser (超级管理员) ---") +run("owner.superuser", superuser_paths) +print("\\n完成")