#!/usr/bin/env python3
"""pipeline_service 模块 RBAC 权限注册。

注意: pipeline_service 是纯后端引擎模块，无 wwwroot 前端文件。
此脚本仅注册模块 API 可能被引用的路径。
宿主应用的 load_path.py 负责注册实际的 dspy 路径。
"""

import os
import sys
import subprocess

SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))

# Find app root (pipeline-app or any ahserver app)
APP_ROOT = None
for candidate in [
    os.path.join(SCRIPT_DIR, "..", ".."),
    os.path.expanduser("~/test/pipeline-app"),
]:
    if os.path.isdir(os.path.join(candidate, "wwwroot")) and os.path.isdir(os.path.join(candidate, "py3")):
        APP_ROOT = os.path.abspath(candidate)
        break

if not APP_ROOT:
    print("ERROR: Cannot find app root directory")
    sys.exit(1)

SET_ROLE_PERM = os.path.join(APP_ROOT, "set_role_perm.py")
PYTHON = os.path.join(APP_ROOT, "py3", "bin", "python")

# pipeline_service is a backend-only module, no wwwroot paths needed.
# The host app's load_path.py handles the dspy paths that call pipeline_submit etc.
# This script exists for consistency and future extensibility.

PATHS_LOGINED = []
PATHS_ANY = []


def register_paths():
    for path in PATHS_ANY:
        subprocess.run([PYTHON, SET_ROLE_PERM, "any", path], cwd=APP_ROOT)
        print(f"  any: {path}")

    for path in PATHS_LOGINED:
        subprocess.run([PYTHON, SET_ROLE_PERM, "logined", path], cwd=APP_ROOT)
        print(f"  logined: {path}")


if __name__ == "__main__":
    print(f"=== pipeline_service RBAC registration ===")
    print(f"App root: {APP_ROOT}")
    if not PATHS_LOGINED and not PATHS_ANY:
        print("No paths to register (backend-only module)")
    else:
        register_paths()
    print("Done.")