diff --git a/scripts/load_path.py b/scripts/load_path.py index 877000f..354a97e 100644 --- a/scripts/load_path.py +++ b/scripts/load_path.py @@ -1,69 +1,112 @@ -"""Generate RBAC permissions for msp module paths. - -Run from Sage root with Sage venv: - cd ~/repos/sage && ./py3/bin/python ../msp/scripts/load_path.py +#!/usr/bin/env python3 """ +msp 模块 RBAC 权限管理脚本 + +使用方法: + cd ~/repos/sage + ./py3/bin/python ~/repos/msp/scripts/load_path.py +""" + +import subprocess import os import sys -import asyncio - -sage_root = os.environ.get('SAGE_ROOT') -if sage_root and sage_root not in sys.path: - sys.path.insert(0, sage_root) - -from sqlor.dbpools import DBPools -from appPublic.jsonConfig import getConfig -from appPublic.dictObject import DictObject -from appPublic.uniqueID import getID -paths = [ - ("/msp", "logined"), - ("/msp/index.ui", "logined"), - ("/msp/menu.ui", "any"), - ("/msp/accordion.ui", "logined"), - ("/msp/app_panel.ui", "logined"), - ("/msp/bottom.ui", "logined"), - ("/msp/center.ui", "logined"), - ("/msp/connecthost.ui", "logined"), - ("/msp/connecthost.xterm", "logined"), - ("/msp/keypress.ui", "logined"), - ("/msp/msp_profile.md", "logined"), - ("/msp/msp_profile.ui", "logined"), - ("/msp/sagelog.ui", "logined"), - ("/msp/sagelog.xterm", "logined"), - ("/msp/test.ui", "logined"), - ("/msp/top.ui", "logined"), - ("/msp/get_code.dspy", "logined"), - ("/msp/imgs/%", "any"), +def find_sage_root(): + candidates = [ + os.path.expanduser("~/repos/sage"), + os.path.expanduser("~/sage"), + os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))), + ] + for c in candidates: + if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")): + return c + return None + + +SAGE_ROOT = find_sage_root() +if not SAGE_ROOT: + print("ERROR: Cannot find Sage root directory") + sys.exit(1) + +PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python") +SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py") + +MOD = "msp" + +# ============================================================ +# 权限路径定义 +# ============================================================ + +# any — 无需登录 +PATHS_ANY = [ + f"/{MOD}/menu.ui", + f"/{MOD}/imgs/%", ] +# logined — 所有已登录用户 +PATHS_LOGINED = [ + # 模块入口 + f"/{MOD}", + f"/{MOD}/index.ui", -async def main(): - config = getConfig('.') - DBPools(config.databases) - dbname = 'sage' - async with DBPools().sqlorContext(dbname) as sor: - cnt = 0 - for path, role in paths: - r = await sor.sqlExe( - 'select * from permission where permcode = ${permcode}$', - {'permcode': path} - ) - if len(r) == 0: - await sor.sqlExe( - '''insert into permission (id, permcode, permname, permtype) - values (${id}$, ${permcode}$, ${permname}$, ${permtype}$)''', - { - 'id': getID(), - 'permcode': path, - 'permname': path, - 'permtype': role, - } - ) - cnt += 1 - print(f'{cnt} path(s) inserted for msp') + # 顶层 .ui 页面 + f"/{MOD}/msp_profile.ui", + f"/{MOD}/msp_profile.md", + f"/{MOD}/accordion.ui", + f"/{MOD}/app_panel.ui", + f"/{MOD}/connecthost.ui", + f"/{MOD}/connecthost.xterm", + f"/{MOD}/keypress.ui", + f"/{MOD}/sagelog.ui", + f"/{MOD}/sagelog.xterm", + f"/{MOD}/test.ui", + + # 老式布局文件(兼容) + f"/{MOD}/top.ui", + f"/{MOD}/center.ui", + f"/{MOD}/bottom.ui", + + # 顶层 .dspy + f"/{MOD}/get_code.dspy", + + # CRUD 子目录 — 通配 + f"/{MOD}/devgroup/%", + f"/{MOD}/hostdev/%", + f"/{MOD}/mspcatelog/%", + f"/{MOD}/serve_status/%", + f"/{MOD}/service_log/%", + f"/{MOD}/techservice/%", +] + +# ============================================================ +# 执行注册 +# ============================================================ -if __name__ == '__main__': - asyncio.run(main()) +def run_set_perm(role, path): + cmd = [PYTHON, SET_PERM_SCRIPT, role, path] + result = subprocess.run(cmd, capture_output=True, text=True) + return result.returncode == 0 + + +def register_role_paths(role, paths): + count = 0 + for p in paths: + if run_set_perm(role, p): + count += 1 + print(f" {role}: {count}/{len(paths)} paths registered") + return count + + +def main(): + print(f"Sage root: {SAGE_ROOT}") + total = 0 + total += register_role_paths("any", PATHS_ANY) + total += register_role_paths("logined", PATHS_LOGINED) + print(f"\nDone. Total {total} permission entries registered.") + print("NOTE: Restart Sage after permission changes to reload RBAC cache.") + + +if __name__ == "__main__": + main()