yumoqing
0d624c73df
- Initialize owner.superuser role with all CMS permissions - Cover both entcms and dingdingflow modules - Include content, categories, sections, site config, leads, and approvals
119 lines
3.7 KiB
Python
119 lines
3.7 KiB
Python
"""
|
||
CMS RBAC权限初始化 — superuser角色
|
||
为owner.superuser授予CMS所有权限
|
||
|
||
用法: cd ~/repos/cms && py3/bin/python init_superuser.py
|
||
"""
|
||
import os, sys, subprocess
|
||
|
||
def find_app_root():
|
||
"""查找CMS应用根目录"""
|
||
script_dir = os.path.dirname(os.path.abspath(__file__))
|
||
return script_dir
|
||
|
||
app_root = find_app_root()
|
||
sage_root = None
|
||
for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
|
||
if os.path.isdir(os.path.join(c, "py3", "bin")):
|
||
sage_root = c
|
||
break
|
||
if not sage_root:
|
||
sage_root = app_root
|
||
|
||
py = os.path.join(sage_root, "py3", "bin", "python")
|
||
sp = os.path.join(sage_root, "set_role_perm.py") if os.path.exists(os.path.join(sage_root, "set_role_perm.py")) else None
|
||
|
||
if not sp:
|
||
print("ERROR: 找不到set_role_perm.py,请确保Sage或CMS已构建")
|
||
sys.exit(1)
|
||
|
||
def run(role, paths):
|
||
assert sp is not None, "set_role_perm.py not found"
|
||
for p in paths:
|
||
print(f" {role:30s} {p}")
|
||
subprocess.run([py, sp, role, p], cwd=sage_root, capture_output=True)
|
||
|
||
# ─── superuser — 所有权限 ───
|
||
superuser_paths = [
|
||
# entcms 公开页面
|
||
"/index.ui",
|
||
"/news.ui",
|
||
"/news_detail.ui",
|
||
"/cases.ui",
|
||
"/products.ui",
|
||
"/cms_styles.css",
|
||
"/cms_scripts.js",
|
||
"/menu.ui",
|
||
"/admin.ui",
|
||
|
||
# entcms 内容管理
|
||
"/cms_content_list", "/cms_content_list/%",
|
||
"/api/cms_content_create.dspy",
|
||
"/api/cms_content_update.dspy",
|
||
"/api/cms_content_delete.dspy",
|
||
"/api/cms_content_list.dspy",
|
||
"/api/submit_content_approval.dspy",
|
||
|
||
# entcms 分类管理
|
||
"/cms_categories_list", "/cms_categories_list/%",
|
||
"/api/cms_categories_create.dspy",
|
||
"/api/cms_categories_update.dspy",
|
||
"/api/cms_categories_delete.dspy",
|
||
"/api/cms_categories_list.dspy",
|
||
"/api/category_options.dspy",
|
||
|
||
# entcms 栏目管理
|
||
"/cms_sections_list", "/cms_sections_list/%",
|
||
"/api/cms_sections_create.dspy",
|
||
"/api/cms_sections_update.dspy",
|
||
"/api/cms_sections_delete.dspy",
|
||
"/api/cms_sections_list.dspy",
|
||
|
||
# entcms 站点配置
|
||
"/cms_site_config_list", "/cms_site_config_list/%",
|
||
"/api/cms_site_config_create.dspy",
|
||
"/api/cms_site_config_update.dspy",
|
||
"/api/cms_site_config_delete.dspy",
|
||
"/api/cms_site_config_list.dspy",
|
||
|
||
# entcms 线索管理
|
||
"/cms_leads_list", "/cms_leads_list/%",
|
||
"/api/cms_leads_create.dspy",
|
||
"/api/cms_leads_update.dspy",
|
||
"/api/cms_leads_delete.dspy",
|
||
"/api/cms_leads_list.dspy",
|
||
|
||
# entcms 其他API
|
||
"/api/submit_lead.dspy",
|
||
"/api/get_config.dspy",
|
||
"/api/get_published_content.dspy",
|
||
"/api/get_content_detail.dspy",
|
||
"/api/get_sections.dspy",
|
||
|
||
# dingdingflow
|
||
"/dingdingflow",
|
||
"/dingdingflow/index.ui",
|
||
"/dingdingflow/menu.ui",
|
||
"/dingdingflow/api/dingtalk_callback.dspy",
|
||
"/dingdingflow/api/submit_approval.dspy",
|
||
|
||
# dingdingflow 审批配置
|
||
"/dingdingflow/dd_approval_configs", "/dingdingflow/dd_approval_configs/%",
|
||
"/dingdingflow/api/dd_approval_configs_create.dspy",
|
||
"/dingdingflow/api/dd_approval_configs_update.dspy",
|
||
"/dingdingflow/api/dd_approval_configs_delete.dspy",
|
||
"/dingdingflow/api/dd_approval_configs_list.dspy",
|
||
|
||
# dingdingflow 审批单
|
||
"/dingdingflow/dd_approvals", "/dingdingflow/dd_approvals/%",
|
||
"/dingdingflow/api/dd_approvals_create.dspy",
|
||
"/dingdingflow/api/dd_approvals_update.dspy",
|
||
"/dingdingflow/api/dd_approvals_delete.dspy",
|
||
"/dingdingflow/api/dd_approvals_list.dspy",
|
||
]
|
||
|
||
print("=== CMS RBAC权限初始化 — superuser ===")
|
||
print(f"\\n--- owner.superuser (超级管理员) ---")
|
||
run("owner.superuser", superuser_paths)
|
||
print("\\n完成")
|