"""
cms 模块 RBAC 权限配置
CMS管理后台的CRUD页面和API，挂载在 /cms/ 路径下

用法:
    cd ~/repos/portal
    py3/bin/python ~/repos/cms/scripts/load_path.py
"""
import subprocess, os, sys

def find_portal_root():
    candidates = [
        os.path.expanduser("~/repos/portal"),
        os.path.expanduser("~/portal"),
    ]
    for c in candidates:
        if os.path.isdir(os.path.join(c, "py3")):
            return c
    # fallback: sage
    for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
        if os.path.isdir(os.path.join(c, "py3")):
            return c
    return None

PORTAL_ROOT = find_portal_root()
if not PORTAL_ROOT:
    print("ERROR: Cannot find Portal or Sage root")
    sys.exit(1)

PYTHON = os.path.join(PORTAL_ROOT, "py3", "bin", "python")
SET_PERM = os.path.join(PORTAL_ROOT, "set_role_perm.py")
if not os.path.exists(SET_PERM):
    for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
        sp = os.path.join(c, "set_role_perm.py")
        if os.path.exists(sp):
            SET_PERM = sp
            break

MOD = "cms"
env = os.environ.copy()
env['SAGE_RBAC_DB'] = 'ocai_cms'

# CMS管理后台所有路径
PATHS = [
    f"/{MOD}",
    f"/{MOD}/admin.ui",
    f"/{MOD}/menu.ui",
    # Content
    f"/{MOD}/cms_content_list", f"/{MOD}/cms_content_list/%",
    f"/{MOD}/api/cms_content_create.dspy",
    f"/{MOD}/api/cms_content_update.dspy",
    f"/{MOD}/api/cms_content_delete.dspy",
    f"/{MOD}/api/cms_content_list.dspy",
    f"/{MOD}/api/submit_content_approval.dspy",
    # Categories
    f"/{MOD}/cms_categories_list", f"/{MOD}/cms_categories_list/%",
    f"/{MOD}/api/cms_categories_create.dspy",
    f"/{MOD}/api/cms_categories_update.dspy",
    f"/{MOD}/api/cms_categories_delete.dspy",
    f"/{MOD}/api/cms_categories_list.dspy",
    f"/{MOD}/api/category_options.dspy",
    # Sections
    f"/{MOD}/cms_sections_list", f"/{MOD}/cms_sections_list/%",
    f"/{MOD}/api/cms_sections_create.dspy",
    f"/{MOD}/api/cms_sections_update.dspy",
    f"/{MOD}/api/cms_sections_delete.dspy",
    f"/{MOD}/api/cms_sections_list.dspy",
    # Leads
    f"/{MOD}/cms_leads_list", f"/{MOD}/cms_leads_list/%",
    f"/{MOD}/api/cms_leads_create.dspy",
    f"/{MOD}/api/cms_leads_update.dspy",
    f"/{MOD}/api/cms_leads_delete.dspy",
    f"/{MOD}/api/cms_leads_list.dspy",
    # Site Config
    f"/{MOD}/cms_site_config_list", f"/{MOD}/cms_site_config_list/%",
    f"/{MOD}/api/cms_site_config_create.dspy",
    f"/{MOD}/api/cms_site_config_update.dspy",
    f"/{MOD}/api/cms_site_config_delete.dspy",
    f"/{MOD}/api/cms_site_config_list.dspy",
    # DD Approvals
    f"/{MOD}/dd_approvals", f"/{MOD}/dd_approvals/%",
    f"/{MOD}/api/dd_approvals_create.dspy",
    f"/{MOD}/api/dd_approvals_update.dspy",
    f"/{MOD}/api/dd_approvals_delete.dspy",
    f"/{MOD}/api/dd_approvals_list.dspy",
    # DD Approval Configs
    f"/{MOD}/dd_approval_configs", f"/{MOD}/dd_approval_configs/%",
    f"/{MOD}/api/dd_approval_configs_create.dspy",
    f"/{MOD}/api/dd_approval_configs_update.dspy",
    f"/{MOD}/api/dd_approval_configs_delete.dspy",
    f"/{MOD}/api/dd_approval_configs_list.dspy",
    # DingTalk
    f"/{MOD}/api/submit_approval.dspy",
    f"/{MOD}/api/dingtalk_callback.dspy",
]

def run(role, paths):
    count = 0
    for p in paths:
        result = subprocess.run(
            [PYTHON, SET_PERM, role, p],
            cwd=PORTAL_ROOT, capture_output=True, text=True, env=env
        )
        status = "✓" if result.returncode == 0 else "✗"
        print(f"  {status} {role:20s} {p}")
        count += 1
    return count

print(f"=== CMS模块 RBAC权限初始化 ===")
print(f"Portal: {PORTAL_ROOT}")
n = run("owner.superuser", PATHS)
print(f"\n完成: {n} 个权限已设置")