"""
entcms RBAC权限配置
用法: cd ~/repos/sage && ./py3/bin/python ~/repos/cms/entcms/scripts/load_path.py
"""
import os
import sys
import subprocess

# 查找Sage根目录
def find_sage_root():
    for candidate in [
        os.path.expanduser("~/repos/sage"),
        os.path.expanduser("~/sage"),
    ]:
        if os.path.isdir(os.path.join(candidate, "wwwroot")) and \
           os.path.isdir(os.path.join(candidate, "py3")):
            return candidate
    return None

sage_root = find_sage_root()
if not sage_root:
    print("ERROR: Cannot find Sage root directory")
    sys.exit(1)

python = os.path.join(sage_root, "py3", "bin", "python")
set_perm = os.path.join(sage_root, "set_role_perm.py")

# 权限配置
paths_any = [
    # 公开页面和静态资源
    "/entcms/index.ui",
    "/entcms/news.ui",
    "/entcms/news_detail.ui",
    "/entcms/cases.ui",
    "/entcms/products.ui",
    "/entcms/cms_styles.css",
    "/entcms/cms_scripts.js",
    "/entcms/menu.ui",
    # 公开API
    "/entcms/api/submit_lead.dspy",
    "/entcms/api/get_config.dspy",
    "/entcms/api/get_published_content.dspy",
    "/entcms/api/get_content_detail.dspy",
]

paths_logined = [
    # 管理后台
    "/entcms",
    "/entcms/admin.ui",
    # CRUD页面
    "/entcms/cms_content_list",
    "/entcms/cms_content_list/%",
    "/entcms/cms_categories_list",
    "/entcms/cms_categories_list/%",
    "/entcms/cms_leads_list",
    "/entcms/cms_leads_list/%",
    "/entcms/cms_site_config_list",
    "/entcms/cms_site_config_list/%",
    # 管理API
    "/entcms/api/cms_content_create.dspy",
    "/entcms/api/cms_content_update.dspy",
    "/entcms/api/cms_content_delete.dspy",
    "/entcms/api/cms_content_list.dspy",
    "/entcms/api/cms_categories_create.dspy",
    "/entcms/api/cms_categories_update.dspy",
    "/entcms/api/cms_categories_delete.dspy",
    "/entcms/api/cms_categories_list.dspy",
    "/entcms/api/category_options.dspy",
    "/entcms/api/cms_leads_create.dspy",
    "/entcms/api/cms_leads_update.dspy",
    "/entcms/api/cms_leads_delete.dspy",
    "/entcms/api/cms_leads_list.dspy",
    "/entcms/api/cms_site_config_create.dspy",
    "/entcms/api/cms_site_config_update.dspy",
    "/entcms/api/cms_site_config_delete.dspy",
    "/entcms/api/cms_site_config_list.dspy",
    "/entcms/api/submit_content_approval.dspy",
]

def set_perms(role, paths):
    for path in paths:
        cmd = [python, set_perm, role, path]
        print(f"  {role:20s} {path}")
        subprocess.run(cmd, cwd=sage_root, capture_output=True)

print("=== entcms RBAC权限配置 ===")
set_perms("any", paths_any)
set_perms("logined", paths_logined)
print("完成")