From ca66a19a7454d6620102188775c71a60be25afa3 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Tue, 16 Jun 2026 13:37:02 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20load=5Fpath.py=E6=94=B9=E4=B8=BA?= =?UTF-8?q?=E7=9B=B4=E6=8E=A5=E6=93=8D=E4=BD=9C=E6=95=B0=E6=8D=AE=E5=BA=93?= =?UTF-8?q?=EF=BC=8C=E4=B8=8D=E4=BE=9D=E8=B5=96sage=20set=5Frole=5Fperm?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- load_path.py | 168 ++++++++++++++++++--------------------------------- 1 file changed, 60 insertions(+), 108 deletions(-) diff --git a/load_path.py b/load_path.py index 53d2e70..0b5e676 100644 --- a/load_path.py +++ b/load_path.py @@ -2,137 +2,89 @@ """ Portal CMS CRUD RBAC 权限注册脚本 -注册CMS管理后台的所有CRUD路径权限: -- superuser (owner.superuser): CMS管理页面和API -- any: 公开API(搜索下拉等) +直接操作 ocai_cms 数据库的 permission/rolepermission 表, +注册CMS管理后台的CRUD路径权限。 -使用方法: - cd ~/repos/sage - ./py3/bin/python ~/repos/portal/load_path.py +用法: cd ~/portal && py3/bin/python load_path.py """ - -import subprocess -import os +import asyncio import sys +import os +sys.path.insert(0, os.path.join(os.path.dirname(os.path.abspath(__file__)), 'pkgs')) -def find_sage_root(): - candidates = [ - os.path.expanduser("~/repos/sage"), - os.path.expanduser("~/sage"), - ] - for c in candidates: - if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")): - return c - return None +from appPublic.jsonConfig import getConfig +from sqlor.dbpools import DBPools +from appPublic.uniqueID import getID - -SAGE_ROOT = find_sage_root() -if not SAGE_ROOT: - print("ERROR: Cannot find Sage root directory") - sys.exit(1) - -PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python") -SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py") - -# ============================================================ -# 权限路径定义 -# ============================================================ - -# any — 无需登录(公开API: 搜索下拉、内容类型列表) -PATHS_ANY = [ - "/api/get_search_cms_categories.dspy", - "/api/get_search_content_type.dspy", -] - -# owner.superuser — CMS管理CRUD页面和API +# CMS管理页面路径 — superuser可访问 PATHS_SUPERUSER = [ + "/admin.ui", # CMS Content CRUD "/cms_content_list", "/cms_content_list/%", - "/api/cms_content_create.dspy", - "/api/cms_content_update.dspy", - "/api/cms_content_delete.dspy", - "/api/cms_content_list.dspy", - "/cms_content_list/get_cms_content.dspy", - "/cms_content_list/add_cms_content.dspy", - "/cms_content_list/update_cms_content.dspy", - "/cms_content_list/delete_cms_content.dspy", - + "/api/cms_content_create.dspy", "/api/cms_content_update.dspy", "/api/cms_content_delete.dspy", # CMS Sections CRUD "/cms_sections_list", "/cms_sections_list/%", - "/api/cms_sections_create.dspy", - "/api/cms_sections_update.dspy", - "/api/cms_sections_delete.dspy", - "/api/cms_sections_list.dspy", - "/cms_sections_list/get_cms_sections.dspy", - "/cms_sections_list/add_cms_sections.dspy", - "/cms_sections_list/update_cms_sections.dspy", - "/cms_sections_list/delete_cms_sections.dspy", - + "/api/cms_sections_create.dspy", "/api/cms_sections_update.dspy", "/api/cms_sections_delete.dspy", # CMS Categories CRUD "/cms_categories_list", "/cms_categories_list/%", - "/api/cms_categories_create.dspy", - "/api/cms_categories_update.dspy", - "/api/cms_categories_delete.dspy", - "/api/cms_categories_list.dspy", - "/cms_categories_list/get_cms_categories.dspy", - "/cms_categories_list/add_cms_categories.dspy", - "/cms_categories_list/update_cms_categories.dspy", - "/cms_categories_list/delete_cms_categories.dspy", - + "/api/cms_categories_create.dspy", "/api/cms_categories_update.dspy", "/api/cms_categories_delete.dspy", # CMS Leads CRUD "/cms_leads_list", "/cms_leads_list/%", - "/api/cms_leads_create.dspy", - "/api/cms_leads_update.dspy", - "/api/cms_leads_delete.dspy", - "/api/cms_leads_list.dspy", - "/cms_leads_list/get_cms_leads.dspy", - "/cms_leads_list/add_cms_leads.dspy", - "/cms_leads_list/update_cms_leads.dspy", - "/cms_leads_list/delete_cms_leads.dspy", - + "/api/cms_leads_create.dspy", "/api/cms_leads_update.dspy", "/api/cms_leads_delete.dspy", # CMS Site Config CRUD "/cms_site_config_list", "/cms_site_config_list/%", - "/api/cms_site_config_create.dspy", - "/api/cms_site_config_update.dspy", - "/api/cms_site_config_delete.dspy", - "/api/cms_site_config_list.dspy", - "/cms_site_config_list/get_cms_site_config.dspy", - "/cms_site_config_list/add_cms_site_config.dspy", - "/cms_site_config_list/update_cms_site_config.dspy", - "/cms_site_config_list/delete_cms_site_config.dspy", + "/api/cms_site_config_create.dspy", "/api/cms_site_config_update.dspy", "/api/cms_site_config_delete.dspy", ] -# ============================================================ -# 执行注册 -# ============================================================ - -def run_set_perm(role, path): - env = os.environ.copy() - env['SAGE_RBAC_DB'] = 'ocai_cms' - cmd = [PYTHON, SET_PERM_SCRIPT, role, path] - result = subprocess.run(cmd, capture_output=True, text=True, env=env) - return result.returncode == 0 +SUPERUSER_ROLE_ID = 'r0ZHXa9vjGUHqkd4m_66w' -def register_role_paths(role, paths): - count = 0 - for p in paths: - if run_set_perm(role, p): - count += 1 - print(f" {role}: {count}/{len(paths)} paths registered") - return count +async def register_permissions(): + config = getConfig('.') + db = DBPools(config.databases) + async with db.sqlorContext('ocai_cms') as sor: + cur = await sor.conn.cursor() -def main(): - print(f"Sage root: {SAGE_ROOT}") - print(f"RBAC DB: ocai_cms") - total = 0 - total += register_role_paths("any", PATHS_ANY) - total += register_role_paths("owner.superuser", PATHS_SUPERUSER) - print(f"\nDone. Total {total} permission entries registered.") - print("NOTE: Restart Sage after permission changes to reload RBAC cache.") + # Get existing permissions + await cur.execute("SELECT path FROM permission") + existing = {r[0] for r in await cur.fetchall()} + + count = 0 + for path in PATHS_SUPERUSER: + if path not in existing: + perm_id = getID() + await cur.execute( + "INSERT INTO permission (id, name, path) VALUES (%s, %s, %s)", + (perm_id, None, path) + ) + existing.add(path) + print(f" + permission: {path}") + + # Get permission ID and link to superuser role + await cur.execute("SELECT id FROM permission WHERE path = %s", (path,)) + row = await cur.fetchone() + if row: + perm_id = row[0] + # Check if rolepermission already exists + await cur.execute( + "SELECT id FROM rolepermission WHERE roleid = %s AND permid = %s", + (SUPERUSER_ROLE_ID, perm_id) + ) + if not await cur.fetchone(): + rp_id = getID() + await cur.execute( + "INSERT INTO rolepermission (id, roleid, permid) VALUES (%s, %s, %s)", + (rp_id, SUPERUSER_ROLE_ID, perm_id) + ) + count += 1 + + await sor.conn.commit() + await cur.close() + print(f"\nDone: {count} new rolepermission entries for owner.superuser") if __name__ == "__main__": - main() + print("=== Portal CMS RBAC 权限注册 ===") + asyncio.run(register_permissions())