""" entcms RBAC权限配置 — 企业类型: owner CMS独立部署,路径不带/entcms前缀 用法: cd ~/repos/cms && py3/bin/python entcms/scripts/load_path.py """ import os, sys, subprocess def find_app_root(): """查找CMS应用根目录""" script_dir = os.path.dirname(os.path.abspath(__file__)) # scripts/ -> entcms/ -> cms root return os.path.dirname(os.path.dirname(script_dir)) app_root = find_app_root() # 查找Sage的set_role_perm.py(RBAC工具) sage_root = None for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]: if os.path.isdir(os.path.join(c, "py3", "bin")): sage_root = c break if not sage_root: # 使用CMS自己的py3 sage_root = app_root py = os.path.join(app_root, "py3", "bin", "python") sp = os.path.join(sage_root, "set_role_perm.py") if os.path.exists(os.path.join(sage_root, "set_role_perm.py")) else None if not sp: print("ERROR: 找不到set_role_perm.py,请确保Sage或CMS已构建") sys.exit(1) def run(role, paths): for p in paths: print(f" {role:30s} {p}") subprocess.run([py, sp, role, p], cwd=sage_root, capture_output=True) # ─── anonymous (any) — 公开页面 + 公开API ─── any_paths = [ "/index.ui", "/news.ui", "/news_detail.ui", "/cases.ui", "/products.ui", "/cms_styles.css", "/cms_scripts.js", "/menu.ui", "/api/submit_lead.dspy", "/api/get_config.dspy", "/api/get_published_content.dspy", "/api/get_content_detail.dspy", "/api/get_sections.dspy", ] # ─── webmaster — 内容/分类/栏目/配置/线索 全部CRUD ─── webmaster_paths = [ "/admin.ui", # 内容 "/cms_content_list", "/cms_content_list/%", "/api/cms_content_create.dspy", "/api/cms_content_update.dspy", "/api/cms_content_delete.dspy", "/api/cms_content_list.dspy", # 分类 "/cms_categories_list", "/cms_categories_list/%", "/api/cms_categories_create.dspy", "/api/cms_categories_update.dspy", "/api/cms_categories_delete.dspy", "/api/cms_categories_list.dspy", "/api/category_options.dspy", # 栏目 "/cms_sections_list", "/cms_sections_list/%", "/api/cms_sections_create.dspy", "/api/cms_sections_update.dspy", "/api/cms_sections_delete.dspy", "/api/cms_sections_list.dspy", # 站点配置 "/cms_site_config_list", "/cms_site_config_list/%", "/api/cms_site_config_create.dspy", "/api/cms_site_config_update.dspy", "/api/cms_site_config_delete.dspy", "/api/cms_site_config_list.dspy", # 线索管理 "/cms_leads_list", "/cms_leads_list/%", "/api/cms_leads_create.dspy", "/api/cms_leads_update.dspy", "/api/cms_leads_delete.dspy", "/api/cms_leads_list.dspy", # 审批 "/api/submit_content_approval.dspy", ] # ─── reviewer — 查看内容 + 审批(只改status) ─── reviewer_paths = [ "/admin.ui", "/cms_content_list", "/cms_content_list/%", "/api/cms_content_list.dspy", "/api/cms_content_update.dspy", "/api/category_options.dspy", ] # ─── supervisor — 查看全部 + 审批配置 + 线索管理 ─── supervisor_paths = [ "/admin.ui", "/cms_content_list", "/cms_content_list/%", "/cms_categories_list", "/cms_categories_list/%", "/cms_sections_list", "/cms_sections_list/%", "/cms_site_config_list", "/cms_site_config_list/%", "/api/cms_content_list.dspy", "/api/cms_categories_list.dspy", "/api/cms_sections_list.dspy", "/api/cms_site_config_list.dspy", "/api/category_options.dspy", "/cms_leads_list", "/cms_leads_list/%", "/api/cms_leads_create.dspy", "/api/cms_leads_update.dspy", "/api/cms_leads_delete.dspy", "/api/cms_leads_list.dspy", "/api/submit_content_approval.dspy", ] # ─── customer-support — 线索查看和更新 ─── support_paths = [ "/admin.ui", "/cms_leads_list", "/cms_leads_list/%", "/api/cms_leads_list.dspy", "/api/cms_leads_update.dspy", ] print("=== CMS RBAC权限配置 ===") print(f"\n--- any (匿名用户) ---") run("any", any_paths) print(f"\n--- owner.webmaster (内容管理员) ---") run("owner.webmaster", webmaster_paths) print(f"\n--- owner.reviewer (内容审核) ---") run("owner.reviewer", reviewer_paths) print(f"\n--- owner.supervisor (主管) ---") run("owner.supervisor", supervisor_paths) print(f"\n--- owner.customer-support (客服) ---") run("owner.customer-support", support_paths) print("\n完成")