97541f1fd5
- init_any_permissions.py: import PATHS_ANY from rbac/scripts/load_path.py to register /rbac/user/login.ui etc as anonymous-accessible - init_superuser_permissions.py: add all rbac logined paths for superuser - Fixes frontend loop caused by login.ui lacking any permission
144 lines
5.1 KiB
Python
144 lines
5.1 KiB
Python
"""
|
||
Portal RBAC权限初始化 — superuser角色
|
||
为owner.superuser授予Portal所有权限
|
||
|
||
Portal包含:
|
||
- 公开页面 (wwwroot下的.ui和静态文件)
|
||
- CMS管理CRUD页面 (cms模块wwwroot,路由到/cms/)
|
||
- appbase系统基础模块
|
||
|
||
用法: cd ~/repos/portal && py3/bin/python init_superuser_permissions.py
|
||
"""
|
||
import os, sys, subprocess
|
||
|
||
def find_app_root():
|
||
return os.path.dirname(os.path.abspath(__file__))
|
||
|
||
app_root = find_app_root()
|
||
sage_root = None
|
||
for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
|
||
if os.path.isdir(os.path.join(c, "py3", "bin")):
|
||
sage_root = c
|
||
break
|
||
if not sage_root:
|
||
sage_root = app_root
|
||
|
||
py = os.path.join(sage_root, "py3", "bin", "python")
|
||
sp = os.path.join(sage_root, "set_role_perm.py") if os.path.exists(os.path.join(sage_root, "set_role_perm.py")) else None
|
||
|
||
if not sp:
|
||
print("ERROR: 找不到set_role_perm.py")
|
||
sys.exit(1)
|
||
|
||
def run(role, paths):
|
||
env = os.environ.copy()
|
||
env['SAGE_RBAC_DB'] = 'ocai_cms'
|
||
for p in paths:
|
||
print(f" {role:30s} {p}")
|
||
subprocess.run([py, sp, role, p], cwd=sage_root, capture_output=True, env=env)
|
||
|
||
# ─── superuser — 所有权限 ───
|
||
superuser_paths = [
|
||
# 公开页面
|
||
"/index.ui", "/news.ui", "/news_detail.ui",
|
||
"/cases.ui", "/products.ui",
|
||
"/cms_styles.css", "/cms_scripts.js",
|
||
"/menu.ui", "/admin.ui",
|
||
|
||
# 公开API
|
||
"/api/get_published_content.dspy",
|
||
"/api/get_content_detail.dspy",
|
||
"/api/get_config.dspy",
|
||
"/api/get_sections.dspy",
|
||
"/api/submit_lead.dspy",
|
||
|
||
# CMS管理 — 由cms模块提供,路由到 /cms/
|
||
"/cms",
|
||
"/cms/admin.ui", "/cms/menu.ui",
|
||
|
||
# CMS Content CRUD
|
||
"/cms/cms_content_list", "/cms/cms_content_list/%",
|
||
"/cms/api/cms_content_create.dspy",
|
||
"/cms/api/cms_content_update.dspy",
|
||
"/cms/api/cms_content_delete.dspy",
|
||
"/cms/api/cms_content_list.dspy",
|
||
"/cms/api/submit_content_approval.dspy",
|
||
|
||
# CMS Categories
|
||
"/cms/cms_categories_list", "/cms/cms_categories_list/%",
|
||
"/cms/api/cms_categories_create.dspy",
|
||
"/cms/api/cms_categories_update.dspy",
|
||
"/cms/api/cms_categories_delete.dspy",
|
||
"/cms/api/cms_categories_list.dspy",
|
||
"/cms/api/category_options.dspy",
|
||
|
||
# CMS Sections
|
||
"/cms/cms_sections_list", "/cms/cms_sections_list/%",
|
||
"/cms/api/cms_sections_create.dspy",
|
||
"/cms/api/cms_sections_update.dspy",
|
||
"/cms/api/cms_sections_delete.dspy",
|
||
"/cms/api/cms_sections_list.dspy",
|
||
|
||
# CMS Site Config
|
||
"/cms/cms_site_config_list", "/cms/cms_site_config_list/%",
|
||
"/cms/api/cms_site_config_create.dspy",
|
||
"/cms/api/cms_site_config_update.dspy",
|
||
"/cms/api/cms_site_config_delete.dspy",
|
||
"/cms/api/cms_site_config_list.dspy",
|
||
|
||
# CMS Leads
|
||
"/cms/cms_leads_list", "/cms/cms_leads_list/%",
|
||
"/cms/api/cms_leads_create.dspy",
|
||
"/cms/api/cms_leads_update.dspy",
|
||
"/cms/api/cms_leads_delete.dspy",
|
||
"/cms/api/cms_leads_list.dspy",
|
||
|
||
# DingTalk Approvals (cms模块内)
|
||
"/cms/api/submit_approval.dspy",
|
||
"/cms/api/dingtalk_callback.dspy",
|
||
"/cms/dd_approvals", "/cms/dd_approvals/%",
|
||
"/cms/api/dd_approvals_create.dspy",
|
||
"/cms/api/dd_approvals_update.dspy",
|
||
"/cms/api/dd_approvals_delete.dspy",
|
||
"/cms/api/dd_approvals_list.dspy",
|
||
"/cms/dd_approval_configs", "/cms/dd_approval_configs/%",
|
||
"/cms/api/dd_approval_configs_create.dspy",
|
||
"/cms/api/dd_approval_configs_update.dspy",
|
||
"/cms/api/dd_approval_configs_delete.dspy",
|
||
"/cms/api/dd_approval_configs_list.dspy",
|
||
|
||
# appbase 系统基础模块
|
||
"/appbase/appcodes_kv", "/appbase/appcodes_kv/%",
|
||
"/appbase/appcodes", "/appbase/appcodes/%",
|
||
"/appbase/params", "/appbase/params/%",
|
||
"/appbase/svgicon", "/appbase/svgicon/%",
|
||
"/appbase/cron/index.ui",
|
||
|
||
# rbac模块 (登录后管理页面)
|
||
"/rbac",
|
||
"/rbac/index.ui", "/rbac/admin_menu.ui", "/rbac/usermenu.ui",
|
||
"/rbac/add_adminuser.dspy", "/rbac/add_adminuser.ui",
|
||
"/rbac/add_provider.dspy", "/rbac/add_provider.ui",
|
||
"/rbac/add_reseller.dspy", "/rbac/add_superuser.dspy",
|
||
"/rbac/find_unauth_files.dspy",
|
||
"/rbac/get_all_roles.dspy", "/rbac/get_normal_roles.dspy",
|
||
"/rbac/get_provider.dspy", "/rbac/get_reseller.dspy",
|
||
"/rbac/list_path_roles.dspy", "/rbac/list_path_roles.ui",
|
||
"/rbac/organization", "/rbac/orgtypes",
|
||
"/rbac/permission", "/rbac/provider", "/rbac/reseller",
|
||
"/rbac/refresh_userperm.dspy",
|
||
"/rbac/role", "/rbac/rolepermission",
|
||
"/rbac/stat_active_users.ui", "/rbac/stat_total_orgs.ui", "/rbac/stat_total_users.ui",
|
||
"/rbac/user", "/rbac/user/myrole.ui", "/rbac/user/user.ui", "/rbac/user/user_panel.ui",
|
||
"/rbac/user/userapikey", "/rbac/user/userapikey/%",
|
||
"/rbac/user/userinfo.ui", "/rbac/user/edit_profile.dspy", "/rbac/user/save_profile.dspy",
|
||
"/rbac/user/wechat_login.ui",
|
||
"/rbac/userapp", "/rbac/userdepartment", "/rbac/userrole",
|
||
"/rbac/users", "/rbac/usersync", "/rbac/usersync/index.dspy",
|
||
]
|
||
|
||
print("=== Portal RBAC权限初始化 — superuser ===")
|
||
print(f"\n--- owner.superuser (超级管理员) ---")
|
||
run("owner.superuser", superuser_paths)
|
||
print("\n完成")
|