yumoqing
569c8e6715
架构变更: - CMS作为独立进程运行(端口9090),不再嵌入Sage - 使用ahserver框架,复用rbac模块做认证授权 - 所有模块共享sage数据库(配置在conf/config.json) 新增文件: - app/cms.py: 独立Web应用主入口(webapp(init)) - app/global_func.py: 全局函数(get_module_dbname/UiWindow等) - conf/config.json: 应用配置模板(数据库/路径/处理器/Redis) - start.sh/stop.sh: 进程管理脚本 - pyproject.toml: 顶层Python包配置 路径重构(去掉/entcms前缀): - 官网首页: /entcms/index.ui → /index.ui - 管理后台: /entcms/admin.ui → /admin.ui - API: /entcms/api/xxx.dspy → /api/xxx.dspy - CRUD: /entcms/cms_content_list → /cms_content_list - dingdingflow保持/dingdingflow前缀(映射子目录) config.json路径映射: - entcms/wwwroot → / (根路径) - dingdingflow/wwwroot → /dingdingflow - bricks/dist → /bricks 构建脚本(build.sh): - 创建独立venv(py3/) - 安装核心依赖(apppublic/sqlor/ahserver/bricks/rbac等) - json2ddl生成CMS业务表DDL - xls2ui生成CRUD UI - 生成systemd服务文件 load_path.py更新: - entcms: 所有路径去掉/entcms前缀 - dingdingflow: 保持/dingdingflow前缀 - 查找set_role_perm.py支持CMS和Sage两种环境 init_superuser.py更新: - 支持CMS独立环境(自动检测py3/conf) - 创建superuser角色并分配全部权限
142 lines
4.4 KiB
Python
142 lines
4.4 KiB
Python
"""
|
||
entcms RBAC权限配置 — 企业类型: owner
|
||
CMS独立部署,路径不带/entcms前缀
|
||
|
||
用法: cd ~/repos/cms && py3/bin/python entcms/scripts/load_path.py
|
||
"""
|
||
import os, sys, subprocess
|
||
|
||
def find_app_root():
|
||
"""查找CMS应用根目录"""
|
||
script_dir = os.path.dirname(os.path.abspath(__file__))
|
||
# scripts/ -> entcms/ -> cms root
|
||
return os.path.dirname(os.path.dirname(script_dir))
|
||
|
||
app_root = find_app_root()
|
||
# 查找Sage的set_role_perm.py(RBAC工具)
|
||
sage_root = None
|
||
for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
|
||
if os.path.isdir(os.path.join(c, "py3", "bin")):
|
||
sage_root = c
|
||
break
|
||
if not sage_root:
|
||
# 使用CMS自己的py3
|
||
sage_root = app_root
|
||
|
||
py = os.path.join(app_root, "py3", "bin", "python")
|
||
sp = os.path.join(sage_root, "set_role_perm.py") if os.path.exists(os.path.join(sage_root, "set_role_perm.py")) else None
|
||
|
||
if not sp:
|
||
print("ERROR: 找不到set_role_perm.py,请确保Sage或CMS已构建")
|
||
sys.exit(1)
|
||
|
||
def run(role, paths):
|
||
for p in paths:
|
||
print(f" {role:30s} {p}")
|
||
subprocess.run([py, sp, role, p], cwd=sage_root, capture_output=True)
|
||
|
||
# ─── anonymous (any) — 公开页面 + 公开API ───
|
||
any_paths = [
|
||
"/index.ui",
|
||
"/news.ui",
|
||
"/news_detail.ui",
|
||
"/cases.ui",
|
||
"/products.ui",
|
||
"/cms_styles.css",
|
||
"/cms_scripts.js",
|
||
"/menu.ui",
|
||
"/api/submit_lead.dspy",
|
||
"/api/get_config.dspy",
|
||
"/api/get_published_content.dspy",
|
||
"/api/get_content_detail.dspy",
|
||
"/api/get_sections.dspy",
|
||
]
|
||
|
||
# ─── webmaster — 内容/分类/栏目/配置/线索 全部CRUD ───
|
||
webmaster_paths = [
|
||
"/admin.ui",
|
||
# 内容
|
||
"/cms_content_list", "/cms_content_list/%",
|
||
"/api/cms_content_create.dspy",
|
||
"/api/cms_content_update.dspy",
|
||
"/api/cms_content_delete.dspy",
|
||
"/api/cms_content_list.dspy",
|
||
# 分类
|
||
"/cms_categories_list", "/cms_categories_list/%",
|
||
"/api/cms_categories_create.dspy",
|
||
"/api/cms_categories_update.dspy",
|
||
"/api/cms_categories_delete.dspy",
|
||
"/api/cms_categories_list.dspy",
|
||
"/api/category_options.dspy",
|
||
# 栏目
|
||
"/cms_sections_list", "/cms_sections_list/%",
|
||
"/api/cms_sections_create.dspy",
|
||
"/api/cms_sections_update.dspy",
|
||
"/api/cms_sections_delete.dspy",
|
||
"/api/cms_sections_list.dspy",
|
||
# 站点配置
|
||
"/cms_site_config_list", "/cms_site_config_list/%",
|
||
"/api/cms_site_config_create.dspy",
|
||
"/api/cms_site_config_update.dspy",
|
||
"/api/cms_site_config_delete.dspy",
|
||
"/api/cms_site_config_list.dspy",
|
||
# 线索管理
|
||
"/cms_leads_list", "/cms_leads_list/%",
|
||
"/api/cms_leads_create.dspy",
|
||
"/api/cms_leads_update.dspy",
|
||
"/api/cms_leads_delete.dspy",
|
||
"/api/cms_leads_list.dspy",
|
||
# 审批
|
||
"/api/submit_content_approval.dspy",
|
||
]
|
||
|
||
# ─── reviewer — 查看内容 + 审批(只改status) ───
|
||
reviewer_paths = [
|
||
"/admin.ui",
|
||
"/cms_content_list", "/cms_content_list/%",
|
||
"/api/cms_content_list.dspy",
|
||
"/api/cms_content_update.dspy",
|
||
"/api/category_options.dspy",
|
||
]
|
||
|
||
# ─── supervisor — 查看全部 + 审批配置 + 线索管理 ───
|
||
supervisor_paths = [
|
||
"/admin.ui",
|
||
"/cms_content_list", "/cms_content_list/%",
|
||
"/cms_categories_list", "/cms_categories_list/%",
|
||
"/cms_sections_list", "/cms_sections_list/%",
|
||
"/cms_site_config_list", "/cms_site_config_list/%",
|
||
"/api/cms_content_list.dspy",
|
||
"/api/cms_categories_list.dspy",
|
||
"/api/cms_sections_list.dspy",
|
||
"/api/cms_site_config_list.dspy",
|
||
"/api/category_options.dspy",
|
||
"/cms_leads_list", "/cms_leads_list/%",
|
||
"/api/cms_leads_create.dspy",
|
||
"/api/cms_leads_update.dspy",
|
||
"/api/cms_leads_delete.dspy",
|
||
"/api/cms_leads_list.dspy",
|
||
"/api/submit_content_approval.dspy",
|
||
]
|
||
|
||
# ─── customer-support — 线索查看和更新 ───
|
||
support_paths = [
|
||
"/admin.ui",
|
||
"/cms_leads_list", "/cms_leads_list/%",
|
||
"/api/cms_leads_list.dspy",
|
||
"/api/cms_leads_update.dspy",
|
||
]
|
||
|
||
print("=== CMS RBAC权限配置 ===")
|
||
print(f"\n--- any (匿名用户) ---")
|
||
run("any", any_paths)
|
||
print(f"\n--- owner.webmaster (内容管理员) ---")
|
||
run("owner.webmaster", webmaster_paths)
|
||
print(f"\n--- owner.reviewer (内容审核) ---")
|
||
run("owner.reviewer", reviewer_paths)
|
||
print(f"\n--- owner.supervisor (主管) ---")
|
||
run("owner.supervisor", supervisor_paths)
|
||
print(f"\n--- owner.customer-support (客服) ---")
|
||
run("owner.customer-support", support_paths)
|
||
print("\n完成")
|