yumoqing
569c8e6715
架构变更: - CMS作为独立进程运行(端口9090),不再嵌入Sage - 使用ahserver框架,复用rbac模块做认证授权 - 所有模块共享sage数据库(配置在conf/config.json) 新增文件: - app/cms.py: 独立Web应用主入口(webapp(init)) - app/global_func.py: 全局函数(get_module_dbname/UiWindow等) - conf/config.json: 应用配置模板(数据库/路径/处理器/Redis) - start.sh/stop.sh: 进程管理脚本 - pyproject.toml: 顶层Python包配置 路径重构(去掉/entcms前缀): - 官网首页: /entcms/index.ui → /index.ui - 管理后台: /entcms/admin.ui → /admin.ui - API: /entcms/api/xxx.dspy → /api/xxx.dspy - CRUD: /entcms/cms_content_list → /cms_content_list - dingdingflow保持/dingdingflow前缀(映射子目录) config.json路径映射: - entcms/wwwroot → / (根路径) - dingdingflow/wwwroot → /dingdingflow - bricks/dist → /bricks 构建脚本(build.sh): - 创建独立venv(py3/) - 安装核心依赖(apppublic/sqlor/ahserver/bricks/rbac等) - json2ddl生成CMS业务表DDL - xls2ui生成CRUD UI - 生成systemd服务文件 load_path.py更新: - entcms: 所有路径去掉/entcms前缀 - dingdingflow: 保持/dingdingflow前缀 - 查找set_role_perm.py支持CMS和Sage两种环境 init_superuser.py更新: - 支持CMS独立环境(自动检测py3/conf) - 创建superuser角色并分配全部权限
75 lines
2.4 KiB
Python
75 lines
2.4 KiB
Python
"""
|
||
dingdingflow RBAC权限配置 — 企业类型: owner
|
||
CMS独立部署,dingdingflow路径保持/dingdingflow前缀
|
||
|
||
用法: cd ~/repos/cms && py3/bin/python dingdingflow/scripts/load_path.py
|
||
"""
|
||
import os, sys, subprocess
|
||
|
||
def find_app_root():
|
||
script_dir = os.path.dirname(os.path.abspath(__file__))
|
||
return os.path.dirname(os.path.dirname(script_dir))
|
||
|
||
app_root = find_app_root()
|
||
sage_root = None
|
||
for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
|
||
if os.path.isdir(os.path.join(c, "py3", "bin")):
|
||
sage_root = c
|
||
break
|
||
if not sage_root:
|
||
sage_root = app_root
|
||
|
||
py = os.path.join(app_root, "py3", "bin", "python")
|
||
sp = os.path.join(sage_root, "set_role_perm.py") if os.path.exists(os.path.join(sage_root, "set_role_perm.py")) else None
|
||
if not sp:
|
||
print("ERROR: 找不到set_role_perm.py"); sys.exit(1)
|
||
|
||
def run(role, paths):
|
||
for p in paths:
|
||
print(f" {role:30s} {p}")
|
||
subprocess.run([py, sp, role, p], cwd=sage_root, capture_output=True)
|
||
|
||
any_paths = [
|
||
"/dingdingflow/api/dingtalk_callback.dspy",
|
||
"/dingdingflow/menu.ui",
|
||
]
|
||
|
||
webmaster_paths = [
|
||
"/dingdingflow",
|
||
"/dingdingflow/index.ui",
|
||
"/dingdingflow/api/submit_approval.dspy",
|
||
"/dingdingflow/dd_approvals", "/dingdingflow/dd_approvals/%",
|
||
"/dingdingflow/api/dd_approvals_list.dspy",
|
||
]
|
||
|
||
reviewer_paths = [
|
||
"/dingdingflow",
|
||
"/dingdingflow/index.ui",
|
||
"/dingdingflow/dd_approvals", "/dingdingflow/dd_approvals/%",
|
||
"/dingdingflow/api/dd_approvals_list.dspy",
|
||
"/dingdingflow/api/dd_approvals_update.dspy",
|
||
]
|
||
|
||
supervisor_paths = [
|
||
"/dingdingflow",
|
||
"/dingdingflow/index.ui",
|
||
"/dingdingflow/dd_approvals", "/dingdingflow/dd_approvals/%",
|
||
"/dingdingflow/dd_approval_configs", "/dingdingflow/dd_approval_configs/%",
|
||
"/dingdingflow/api/dd_approvals_create.dspy",
|
||
"/dingdingflow/api/dd_approvals_update.dspy",
|
||
"/dingdingflow/api/dd_approvals_delete.dspy",
|
||
"/dingdingflow/api/dd_approvals_list.dspy",
|
||
"/dingdingflow/api/dd_approval_configs_create.dspy",
|
||
"/dingdingflow/api/dd_approval_configs_update.dspy",
|
||
"/dingdingflow/api/dd_approval_configs_delete.dspy",
|
||
"/dingdingflow/api/dd_approval_configs_list.dspy",
|
||
"/dingdingflow/api/submit_approval.dspy",
|
||
]
|
||
|
||
print("=== dingdingflow RBAC权限配置 ===")
|
||
run("any", any_paths)
|
||
run("owner.webmaster", webmaster_paths)
|
||
run("owner.reviewer", reviewer_paths)
|
||
run("owner.supervisor", supervisor_paths)
|
||
print("\n完成")
|