fix: load_path.py改为直接操作数据库，不依赖sage set_role_perm

2026-06-16 13:37:02 +08:00 · 2026-06-16 13:37:02 +08:00 · ca66a19a74
commit ca66a19a74
parent 2d3c74b6ad
1 changed files with 60 additions and 108 deletions
--- a/load_path.py
+++ b/load_path.py
@ -2,137 +2,89 @@
 """
 Portal CMS CRUD RBAC 权限注册脚本

-注册CMS管理后台的所有CRUD路径权限:
- superuser (owner.superuser): CMS管理页面和API
- any: 公开API（搜索下拉等）
+直接操作 ocai_cms 数据库的 permission/rolepermission 表，
+注册CMS管理后台的CRUD路径权限。

-使用方法:
-    cd ~/repos/sage
-    ./py3/bin/python ~/repos/portal/load_path.py
+用法: cd ~/portal && py3/bin/python load_path.py
 """
-
-import subprocess
-import os
+import asyncio
 import sys
+import os

+sys.path.insert(0, os.path.join(os.path.dirname(os.path.abspath(__file__)), 'pkgs'))

-def find_sage_root():
-    candidates = [
-        os.path.expanduser("~/repos/sage"),
-        os.path.expanduser("~/sage"),
-    ]
-    for c in candidates:
-        if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")):
-            return c
-    return None
+from appPublic.jsonConfig import getConfig
+from sqlor.dbpools import DBPools
+from appPublic.uniqueID import getID

-
-SAGE_ROOT = find_sage_root()
-if not SAGE_ROOT:
-    print("ERROR: Cannot find Sage root directory")
-    sys.exit(1)
-
-PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python")
-SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py")
-
-# ============================================================
-# 权限路径定义
-# ============================================================
-
-# any — 无需登录（公开API: 搜索下拉、内容类型列表）
-PATHS_ANY = [
-    "/api/get_search_cms_categories.dspy",
-    "/api/get_search_content_type.dspy",
-]
-
-# owner.superuser — CMS管理CRUD页面和API
+# CMS管理页面路径 — superuser可访问
 PATHS_SUPERUSER = [
+    "/admin.ui",
    # CMS Content CRUD
    "/cms_content_list", "/cms_content_list/%",
-    "/api/cms_content_create.dspy",
-    "/api/cms_content_update.dspy",
-    "/api/cms_content_delete.dspy",
-    "/api/cms_content_list.dspy",
-    "/cms_content_list/get_cms_content.dspy",
-    "/cms_content_list/add_cms_content.dspy",
-    "/cms_content_list/update_cms_content.dspy",
-    "/cms_content_list/delete_cms_content.dspy",
-
+    "/api/cms_content_create.dspy", "/api/cms_content_update.dspy", "/api/cms_content_delete.dspy",
    # CMS Sections CRUD
    "/cms_sections_list", "/cms_sections_list/%",
-    "/api/cms_sections_create.dspy",
-    "/api/cms_sections_update.dspy",
-    "/api/cms_sections_delete.dspy",
-    "/api/cms_sections_list.dspy",
-    "/cms_sections_list/get_cms_sections.dspy",
-    "/cms_sections_list/add_cms_sections.dspy",
-    "/cms_sections_list/update_cms_sections.dspy",
-    "/cms_sections_list/delete_cms_sections.dspy",
-
+    "/api/cms_sections_create.dspy", "/api/cms_sections_update.dspy", "/api/cms_sections_delete.dspy",
    # CMS Categories CRUD
    "/cms_categories_list", "/cms_categories_list/%",
-    "/api/cms_categories_create.dspy",
-    "/api/cms_categories_update.dspy",
-    "/api/cms_categories_delete.dspy",
-    "/api/cms_categories_list.dspy",
-    "/cms_categories_list/get_cms_categories.dspy",
-    "/cms_categories_list/add_cms_categories.dspy",
-    "/cms_categories_list/update_cms_categories.dspy",
-    "/cms_categories_list/delete_cms_categories.dspy",
-
+    "/api/cms_categories_create.dspy", "/api/cms_categories_update.dspy", "/api/cms_categories_delete.dspy",
    # CMS Leads CRUD
    "/cms_leads_list", "/cms_leads_list/%",
-    "/api/cms_leads_create.dspy",
-    "/api/cms_leads_update.dspy",
-    "/api/cms_leads_delete.dspy",
-    "/api/cms_leads_list.dspy",
-    "/cms_leads_list/get_cms_leads.dspy",
-    "/cms_leads_list/add_cms_leads.dspy",
-    "/cms_leads_list/update_cms_leads.dspy",
-    "/cms_leads_list/delete_cms_leads.dspy",
-
+    "/api/cms_leads_create.dspy", "/api/cms_leads_update.dspy", "/api/cms_leads_delete.dspy",
    # CMS Site Config CRUD
    "/cms_site_config_list", "/cms_site_config_list/%",
-    "/api/cms_site_config_create.dspy",
-    "/api/cms_site_config_update.dspy",
-    "/api/cms_site_config_delete.dspy",
-    "/api/cms_site_config_list.dspy",
-    "/cms_site_config_list/get_cms_site_config.dspy",
-    "/cms_site_config_list/add_cms_site_config.dspy",
-    "/cms_site_config_list/update_cms_site_config.dspy",
-    "/cms_site_config_list/delete_cms_site_config.dspy",
+    "/api/cms_site_config_create.dspy", "/api/cms_site_config_update.dspy", "/api/cms_site_config_delete.dspy",
 ]

-# ============================================================
-# 执行注册
-# ============================================================
-
-def run_set_perm(role, path):
-    env = os.environ.copy()
-    env['SAGE_RBAC_DB'] = 'ocai_cms'
-    cmd = [PYTHON, SET_PERM_SCRIPT, role, path]
-    result = subprocess.run(cmd, capture_output=True, text=True, env=env)
-    return result.returncode == 0
+SUPERUSER_ROLE_ID = 'r0ZHXa9vjGUHqkd4m_66w'


-def register_role_paths(role, paths):
-    count = 0
-    for p in paths:
-        if run_set_perm(role, p):
-            count += 1
-    print(f"  {role}: {count}/{len(paths)} paths registered")
-    return count
+async def register_permissions():
+    config = getConfig('.')
+    db = DBPools(config.databases)

+    async with db.sqlorContext('ocai_cms') as sor:
+        cur = await sor.conn.cursor()

-def main():
-    print(f"Sage root: {SAGE_ROOT}")
-    print(f"RBAC DB: ocai_cms")
-    total = 0
-    total += register_role_paths("any", PATHS_ANY)
-    total += register_role_paths("owner.superuser", PATHS_SUPERUSER)
-    print(f"\nDone. Total {total} permission entries registered.")
-    print("NOTE: Restart Sage after permission changes to reload RBAC cache.")
+        # Get existing permissions
+        await cur.execute("SELECT path FROM permission")
+        existing = {r[0] for r in await cur.fetchall()}
+
+        count = 0
+        for path in PATHS_SUPERUSER:
+            if path not in existing:
+                perm_id = getID()
+                await cur.execute(
+                    "INSERT INTO permission (id, name, path) VALUES (%s, %s, %s)",
+                    (perm_id, None, path)
+                )
+                existing.add(path)
+                print(f"  + permission: {path}")
+
+            # Get permission ID and link to superuser role
+            await cur.execute("SELECT id FROM permission WHERE path = %s", (path,))
+            row = await cur.fetchone()
+            if row:
+                perm_id = row[0]
+                # Check if rolepermission already exists
+                await cur.execute(
+                    "SELECT id FROM rolepermission WHERE roleid = %s AND permid = %s",
+                    (SUPERUSER_ROLE_ID, perm_id)
+                )
+                if not await cur.fetchone():
+                    rp_id = getID()
+                    await cur.execute(
+                        "INSERT INTO rolepermission (id, roleid, permid) VALUES (%s, %s, %s)",
+                        (rp_id, SUPERUSER_ROLE_ID, perm_id)
+                    )
+                    count += 1
+
+        await sor.conn.commit()
+        await cur.close()
+        print(f"\nDone: {count} new rolepermission entries for owner.superuser")


 if __name__ == "__main__":
-    main()
+    print("=== Portal CMS RBAC 权限注册 ===")
+    asyncio.run(register_permissions())