"""
entcms RBAC权限配置 — 企业类型: owner
角色: superuser(继承全部), webmaster(内容管理), reviewer(审核),
      supervisor(主管), customer-support(客服)
匿名: any (公开页面)

用法: cd ~/repos/sage && ./py3/bin/python ~/repos/cms/entcms/scripts/load_path.py
"""
import os, sys, subprocess

def find_sage_root():
    for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
        if os.path.isdir(os.path.join(c, "wwwroot")) and os.path.isdir(os.path.join(c, "py3")):
            return c
    return None

sage_root = find_sage_root()
if not sage_root:
    print("ERROR: Cannot find Sage root"); sys.exit(1)

py  = os.path.join(sage_root, "py3", "bin", "python")
sp  = os.path.join(sage_root, "set_role_perm.py")

def run(role, paths):
    for p in paths:
        print(f"  {role:30s} {p}")
        subprocess.run([py, sp, role, p], cwd=sage_root, capture_output=True)

# ─── anonymous (any) — 公开页面 + 公开API ───
any_paths = [
    "/entcms/index.ui",
    "/entcms/news.ui",
    "/entcms/news_detail.ui",
    "/entcms/cases.ui",
    "/entcms/products.ui",
    "/entcms/cms_styles.css",
    "/entcms/cms_scripts.js",
    "/entcms/menu.ui",
    "/entcms/api/submit_lead.dspy",
    "/entcms/api/get_config.dspy",
    "/entcms/api/get_published_content.dspy",
    "/entcms/api/get_content_detail.dspy",
    "/entcms/api/get_sections.dspy",
]

# ─── webmaster — 内容/分类/栏目/配置/线索 全部CRUD ───
webmaster_paths = [
    "/entcms",
    "/entcms/admin.ui",
    # 内容
    "/entcms/cms_content_list", "/entcms/cms_content_list/%",
    "/entcms/api/cms_content_create.dspy",
    "/entcms/api/cms_content_update.dspy",
    "/entcms/api/cms_content_delete.dspy",
    "/entcms/api/cms_content_list.dspy",
    # 分类
    "/entcms/cms_categories_list", "/entcms/cms_categories_list/%",
    "/entcms/api/cms_categories_create.dspy",
    "/entcms/api/cms_categories_update.dspy",
    "/entcms/api/cms_categories_delete.dspy",
    "/entcms/api/cms_categories_list.dspy",
    "/entcms/api/category_options.dspy",
    # 栏目
    "/entcms/cms_sections_list", "/entcms/cms_sections_list/%",
    "/entcms/api/cms_sections_create.dspy",
    "/entcms/api/cms_sections_update.dspy",
    "/entcms/api/cms_sections_delete.dspy",
    "/entcms/api/cms_sections_list.dspy",
    # 站点配置
    "/entcms/cms_site_config_list", "/entcms/cms_site_config_list/%",
    "/entcms/api/cms_site_config_create.dspy",
    "/entcms/api/cms_site_config_update.dspy",
    "/entcms/api/cms_site_config_delete.dspy",
    "/entcms/api/cms_site_config_list.dspy",
    # 线索管理
    "/entcms/cms_leads_list", "/entcms/cms_leads_list/%",
    "/entcms/api/cms_leads_create.dspy",
    "/entcms/api/cms_leads_update.dspy",
    "/entcms/api/cms_leads_delete.dspy",
    "/entcms/api/cms_leads_list.dspy",
    # 审批
    "/entcms/api/submit_content_approval.dspy",
]

# ─── reviewer — 查看内容 + 审批(只改status) ───
reviewer_paths = [
    "/entcms",
    "/entcms/admin.ui",
    "/entcms/cms_content_list", "/entcms/cms_content_list/%",
    "/entcms/api/cms_content_list.dspy",
    "/entcms/api/cms_content_update.dspy",    # 仅更新status字段
    "/entcms/api/category_options.dspy",
]

# ─── supervisor — 查看全部 + 审批配置 + 线索管理 ───
supervisor_paths = [
    "/entcms",
    "/entcms/admin.ui",
    # 只读
    "/entcms/cms_content_list", "/entcms/cms_content_list/%",
    "/entcms/cms_categories_list", "/entcms/cms_categories_list/%",
    "/entcms/cms_sections_list", "/entcms/cms_sections_list/%",
    "/entcms/cms_site_config_list", "/entcms/cms_site_config_list/%",
    # 列表API(只读)
    "/entcms/api/cms_content_list.dspy",
    "/entcms/api/cms_categories_list.dspy",
    "/entcms/api/cms_sections_list.dspy",
    "/entcms/api/cms_site_config_list.dspy",
    "/entcms/api/category_options.dspy",
    # 线索全权
    "/entcms/cms_leads_list", "/entcms/cms_leads_list/%",
    "/entcms/api/cms_leads_create.dspy",
    "/entcms/api/cms_leads_update.dspy",
    "/entcms/api/cms_leads_delete.dspy",
    "/entcms/api/cms_leads_list.dspy",
    # 审批
    "/entcms/api/submit_content_approval.dspy",
]

# ─── customer-support — 线索查看和更新 ───
support_paths = [
    "/entcms",
    "/entcms/admin.ui",
    "/entcms/cms_leads_list", "/entcms/cms_leads_list/%",
    "/entcms/api/cms_leads_list.dspy",
    "/entcms/api/cms_leads_update.dspy",
]

print("=== entcms RBAC权限配置 ===")
print(f"\n--- any (匿名用户) ---")
run("any", any_paths)
print(f"\n--- owner.webmaster (内容管理员) ---")
run("owner.webmaster", webmaster_paths)
print(f"\n--- owner.reviewer (内容审核) ---")
run("owner.reviewer", reviewer_paths)
print(f"\n--- owner.supervisor (主管) ---")
run("owner.supervisor", supervisor_paths)
print(f"\n--- owner.customer-support (客服) ---")
run("owner.customer-support", support_paths)
print("\n完成")