2d3c74b6ad
- 新增5张CMS表的模型定义(models/)和CRUD定义(json/) - 新增17个.dspy API端点(create/update/delete + search) - 新增load_path.py RBAC权限注册脚本 - xls2crud生成5个CRUD管理页面目录 - 修复bricks默认灰色背景覆盖暗色主题(.site-root全局override) - user_menu.ui添加管理后台入口(按权限显示) - 初始化CMS种子数据(栏目/分类/内容)
139 lines
4.3 KiB
Python
139 lines
4.3 KiB
Python
#!/usr/bin/env python3
|
||
"""
|
||
Portal CMS CRUD RBAC 权限注册脚本
|
||
|
||
注册CMS管理后台的所有CRUD路径权限:
|
||
- superuser (owner.superuser): CMS管理页面和API
|
||
- any: 公开API(搜索下拉等)
|
||
|
||
使用方法:
|
||
cd ~/repos/sage
|
||
./py3/bin/python ~/repos/portal/load_path.py
|
||
"""
|
||
|
||
import subprocess
|
||
import os
|
||
import sys
|
||
|
||
|
||
def find_sage_root():
|
||
candidates = [
|
||
os.path.expanduser("~/repos/sage"),
|
||
os.path.expanduser("~/sage"),
|
||
]
|
||
for c in candidates:
|
||
if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")):
|
||
return c
|
||
return None
|
||
|
||
|
||
SAGE_ROOT = find_sage_root()
|
||
if not SAGE_ROOT:
|
||
print("ERROR: Cannot find Sage root directory")
|
||
sys.exit(1)
|
||
|
||
PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python")
|
||
SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py")
|
||
|
||
# ============================================================
|
||
# 权限路径定义
|
||
# ============================================================
|
||
|
||
# any — 无需登录(公开API: 搜索下拉、内容类型列表)
|
||
PATHS_ANY = [
|
||
"/api/get_search_cms_categories.dspy",
|
||
"/api/get_search_content_type.dspy",
|
||
]
|
||
|
||
# owner.superuser — CMS管理CRUD页面和API
|
||
PATHS_SUPERUSER = [
|
||
# CMS Content CRUD
|
||
"/cms_content_list", "/cms_content_list/%",
|
||
"/api/cms_content_create.dspy",
|
||
"/api/cms_content_update.dspy",
|
||
"/api/cms_content_delete.dspy",
|
||
"/api/cms_content_list.dspy",
|
||
"/cms_content_list/get_cms_content.dspy",
|
||
"/cms_content_list/add_cms_content.dspy",
|
||
"/cms_content_list/update_cms_content.dspy",
|
||
"/cms_content_list/delete_cms_content.dspy",
|
||
|
||
# CMS Sections CRUD
|
||
"/cms_sections_list", "/cms_sections_list/%",
|
||
"/api/cms_sections_create.dspy",
|
||
"/api/cms_sections_update.dspy",
|
||
"/api/cms_sections_delete.dspy",
|
||
"/api/cms_sections_list.dspy",
|
||
"/cms_sections_list/get_cms_sections.dspy",
|
||
"/cms_sections_list/add_cms_sections.dspy",
|
||
"/cms_sections_list/update_cms_sections.dspy",
|
||
"/cms_sections_list/delete_cms_sections.dspy",
|
||
|
||
# CMS Categories CRUD
|
||
"/cms_categories_list", "/cms_categories_list/%",
|
||
"/api/cms_categories_create.dspy",
|
||
"/api/cms_categories_update.dspy",
|
||
"/api/cms_categories_delete.dspy",
|
||
"/api/cms_categories_list.dspy",
|
||
"/cms_categories_list/get_cms_categories.dspy",
|
||
"/cms_categories_list/add_cms_categories.dspy",
|
||
"/cms_categories_list/update_cms_categories.dspy",
|
||
"/cms_categories_list/delete_cms_categories.dspy",
|
||
|
||
# CMS Leads CRUD
|
||
"/cms_leads_list", "/cms_leads_list/%",
|
||
"/api/cms_leads_create.dspy",
|
||
"/api/cms_leads_update.dspy",
|
||
"/api/cms_leads_delete.dspy",
|
||
"/api/cms_leads_list.dspy",
|
||
"/cms_leads_list/get_cms_leads.dspy",
|
||
"/cms_leads_list/add_cms_leads.dspy",
|
||
"/cms_leads_list/update_cms_leads.dspy",
|
||
"/cms_leads_list/delete_cms_leads.dspy",
|
||
|
||
# CMS Site Config CRUD
|
||
"/cms_site_config_list", "/cms_site_config_list/%",
|
||
"/api/cms_site_config_create.dspy",
|
||
"/api/cms_site_config_update.dspy",
|
||
"/api/cms_site_config_delete.dspy",
|
||
"/api/cms_site_config_list.dspy",
|
||
"/cms_site_config_list/get_cms_site_config.dspy",
|
||
"/cms_site_config_list/add_cms_site_config.dspy",
|
||
"/cms_site_config_list/update_cms_site_config.dspy",
|
||
"/cms_site_config_list/delete_cms_site_config.dspy",
|
||
]
|
||
|
||
# ============================================================
|
||
# 执行注册
|
||
# ============================================================
|
||
|
||
def run_set_perm(role, path):
|
||
env = os.environ.copy()
|
||
env['SAGE_RBAC_DB'] = 'ocai_cms'
|
||
cmd = [PYTHON, SET_PERM_SCRIPT, role, path]
|
||
result = subprocess.run(cmd, capture_output=True, text=True, env=env)
|
||
return result.returncode == 0
|
||
|
||
|
||
def register_role_paths(role, paths):
|
||
count = 0
|
||
for p in paths:
|
||
if run_set_perm(role, p):
|
||
count += 1
|
||
print(f" {role}: {count}/{len(paths)} paths registered")
|
||
return count
|
||
|
||
|
||
def main():
|
||
print(f"Sage root: {SAGE_ROOT}")
|
||
print(f"RBAC DB: ocai_cms")
|
||
total = 0
|
||
total += register_role_paths("any", PATHS_ANY)
|
||
total += register_role_paths("owner.superuser", PATHS_SUPERUSER)
|
||
print(f"\nDone. Total {total} permission entries registered.")
|
||
print("NOTE: Restart Sage after permission changes to reload RBAC cache.")
|
||
|
||
|
||
if __name__ == "__main__":
|
||
main()
|