#!/usr/bin/env python3 """ Portal CMS CRUD RBAC 权限注册脚本 注册CMS管理后台的所有CRUD路径权限: - superuser (owner.superuser): CMS管理页面和API - any: 公开API(搜索下拉等) 使用方法: cd ~/repos/sage ./py3/bin/python ~/repos/portal/load_path.py """ import subprocess import os import sys def find_sage_root(): candidates = [ os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage"), ] for c in candidates: if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")): return c return None SAGE_ROOT = find_sage_root() if not SAGE_ROOT: print("ERROR: Cannot find Sage root directory") sys.exit(1) PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python") SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py") # ============================================================ # 权限路径定义 # ============================================================ # any — 无需登录(公开API: 搜索下拉、内容类型列表) PATHS_ANY = [ "/api/get_search_cms_categories.dspy", "/api/get_search_content_type.dspy", ] # owner.superuser — CMS管理CRUD页面和API PATHS_SUPERUSER = [ # CMS Content CRUD "/cms_content_list", "/cms_content_list/%", "/api/cms_content_create.dspy", "/api/cms_content_update.dspy", "/api/cms_content_delete.dspy", "/api/cms_content_list.dspy", "/cms_content_list/get_cms_content.dspy", "/cms_content_list/add_cms_content.dspy", "/cms_content_list/update_cms_content.dspy", "/cms_content_list/delete_cms_content.dspy", # CMS Sections CRUD "/cms_sections_list", "/cms_sections_list/%", "/api/cms_sections_create.dspy", "/api/cms_sections_update.dspy", "/api/cms_sections_delete.dspy", "/api/cms_sections_list.dspy", "/cms_sections_list/get_cms_sections.dspy", "/cms_sections_list/add_cms_sections.dspy", "/cms_sections_list/update_cms_sections.dspy", "/cms_sections_list/delete_cms_sections.dspy", # CMS Categories CRUD "/cms_categories_list", "/cms_categories_list/%", "/api/cms_categories_create.dspy", "/api/cms_categories_update.dspy", "/api/cms_categories_delete.dspy", "/api/cms_categories_list.dspy", "/cms_categories_list/get_cms_categories.dspy", "/cms_categories_list/add_cms_categories.dspy", "/cms_categories_list/update_cms_categories.dspy", "/cms_categories_list/delete_cms_categories.dspy", # CMS Leads CRUD "/cms_leads_list", "/cms_leads_list/%", "/api/cms_leads_create.dspy", "/api/cms_leads_update.dspy", "/api/cms_leads_delete.dspy", "/api/cms_leads_list.dspy", "/cms_leads_list/get_cms_leads.dspy", "/cms_leads_list/add_cms_leads.dspy", "/cms_leads_list/update_cms_leads.dspy", "/cms_leads_list/delete_cms_leads.dspy", # CMS Site Config CRUD "/cms_site_config_list", "/cms_site_config_list/%", "/api/cms_site_config_create.dspy", "/api/cms_site_config_update.dspy", "/api/cms_site_config_delete.dspy", "/api/cms_site_config_list.dspy", "/cms_site_config_list/get_cms_site_config.dspy", "/cms_site_config_list/add_cms_site_config.dspy", "/cms_site_config_list/update_cms_site_config.dspy", "/cms_site_config_list/delete_cms_site_config.dspy", ] # ============================================================ # 执行注册 # ============================================================ def run_set_perm(role, path): env = os.environ.copy() env['SAGE_RBAC_DB'] = 'ocai_cms' cmd = [PYTHON, SET_PERM_SCRIPT, role, path] result = subprocess.run(cmd, capture_output=True, text=True, env=env) return result.returncode == 0 def register_role_paths(role, paths): count = 0 for p in paths: if run_set_perm(role, p): count += 1 print(f" {role}: {count}/{len(paths)} paths registered") return count def main(): print(f"Sage root: {SAGE_ROOT}") print(f"RBAC DB: ocai_cms") total = 0 total += register_role_paths("any", PATHS_ANY) total += register_role_paths("owner.superuser", PATHS_SUPERUSER) print(f"\nDone. Total {total} permission entries registered.") print("NOTE: Restart Sage after permission changes to reload RBAC cache.") if __name__ == "__main__": main()