yumoqing/portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
portal/init_superuser_permissions.py
Hermes Agent 97541f1fd5 fix: add rbac module paths to portal RBAC init (any + superuser) 
- init_any_permissions.py: import PATHS_ANY from rbac/scripts/load_path.py
  to register /rbac/user/login.ui etc as anonymous-accessible
- init_superuser_permissions.py: add all rbac logined paths for superuser
- Fixes frontend loop caused by login.ui lacking any permission
2026-06-15 13:36:49 +08:00

144 lines
5.1 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

"""
Portal RBAC权限初始化 — superuser角色
为owner.superuser授予Portal所有权限
Portal包含:
- 公开页面 (wwwroot下的.ui和静态文件)
- CMS管理CRUD页面 (cms模块wwwroot路由到/cms/)
- appbase系统基础模块
用法: cd ~/repos/portal && py3/bin/python init_superuser_permissions.py
"""
import os, sys, subprocess
def find_app_root():
return os.path.dirname(os.path.abspath(__file__))
app_root = find_app_root()
sage_root = None
for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
if os.path.isdir(os.path.join(c, "py3", "bin")):
sage_root = c
break
if not sage_root:
sage_root = app_root
py = os.path.join(sage_root, "py3", "bin", "python")
sp = os.path.join(sage_root, "set_role_perm.py") if os.path.exists(os.path.join(sage_root, "set_role_perm.py")) else None
if not sp:
print("ERROR: 找不到set_role_perm.py")
sys.exit(1)
def run(role, paths):
env = os.environ.copy()
env['SAGE_RBAC_DB'] = 'ocai_cms'
for p in paths:
print(f" {role:30s} {p}")
subprocess.run([py, sp, role, p], cwd=sage_root, capture_output=True, env=env)
# ─── superuser — 所有权限 ───
superuser_paths = [
# 公开页面
"/index.ui", "/news.ui", "/news_detail.ui",
"/cases.ui", "/products.ui",
"/cms_styles.css", "/cms_scripts.js",
"/menu.ui", "/admin.ui",
# 公开API
"/api/get_published_content.dspy",
"/api/get_content_detail.dspy",
"/api/get_config.dspy",
"/api/get_sections.dspy",
"/api/submit_lead.dspy",
# CMS管理 — 由cms模块提供路由到 /cms/
"/cms",
"/cms/admin.ui", "/cms/menu.ui",
# CMS Content CRUD
"/cms/cms_content_list", "/cms/cms_content_list/%",
"/cms/api/cms_content_create.dspy",
"/cms/api/cms_content_update.dspy",
"/cms/api/cms_content_delete.dspy",
"/cms/api/cms_content_list.dspy",
"/cms/api/submit_content_approval.dspy",
# CMS Categories
"/cms/cms_categories_list", "/cms/cms_categories_list/%",
"/cms/api/cms_categories_create.dspy",
"/cms/api/cms_categories_update.dspy",
"/cms/api/cms_categories_delete.dspy",
"/cms/api/cms_categories_list.dspy",
"/cms/api/category_options.dspy",
# CMS Sections
"/cms/cms_sections_list", "/cms/cms_sections_list/%",
"/cms/api/cms_sections_create.dspy",
"/cms/api/cms_sections_update.dspy",
"/cms/api/cms_sections_delete.dspy",
"/cms/api/cms_sections_list.dspy",
# CMS Site Config
"/cms/cms_site_config_list", "/cms/cms_site_config_list/%",
"/cms/api/cms_site_config_create.dspy",
"/cms/api/cms_site_config_update.dspy",
"/cms/api/cms_site_config_delete.dspy",
"/cms/api/cms_site_config_list.dspy",
# CMS Leads
"/cms/cms_leads_list", "/cms/cms_leads_list/%",
"/cms/api/cms_leads_create.dspy",
"/cms/api/cms_leads_update.dspy",
"/cms/api/cms_leads_delete.dspy",
"/cms/api/cms_leads_list.dspy",
# DingTalk Approvals (cms模块内)
"/cms/api/submit_approval.dspy",
"/cms/api/dingtalk_callback.dspy",
"/cms/dd_approvals", "/cms/dd_approvals/%",
"/cms/api/dd_approvals_create.dspy",
"/cms/api/dd_approvals_update.dspy",
"/cms/api/dd_approvals_delete.dspy",
"/cms/api/dd_approvals_list.dspy",
"/cms/dd_approval_configs", "/cms/dd_approval_configs/%",
"/cms/api/dd_approval_configs_create.dspy",
"/cms/api/dd_approval_configs_update.dspy",
"/cms/api/dd_approval_configs_delete.dspy",
"/cms/api/dd_approval_configs_list.dspy",
# appbase 系统基础模块
"/appbase/appcodes_kv", "/appbase/appcodes_kv/%",
"/appbase/appcodes", "/appbase/appcodes/%",
"/appbase/params", "/appbase/params/%",
"/appbase/svgicon", "/appbase/svgicon/%",
"/appbase/cron/index.ui",
# rbac模块 (登录后管理页面)
"/rbac",
"/rbac/index.ui", "/rbac/admin_menu.ui", "/rbac/usermenu.ui",
"/rbac/add_adminuser.dspy", "/rbac/add_adminuser.ui",
"/rbac/add_provider.dspy", "/rbac/add_provider.ui",
"/rbac/add_reseller.dspy", "/rbac/add_superuser.dspy",
"/rbac/find_unauth_files.dspy",
"/rbac/get_all_roles.dspy", "/rbac/get_normal_roles.dspy",
"/rbac/get_provider.dspy", "/rbac/get_reseller.dspy",
"/rbac/list_path_roles.dspy", "/rbac/list_path_roles.ui",
"/rbac/organization", "/rbac/orgtypes",
"/rbac/permission", "/rbac/provider", "/rbac/reseller",
"/rbac/refresh_userperm.dspy",
"/rbac/role", "/rbac/rolepermission",
"/rbac/stat_active_users.ui", "/rbac/stat_total_orgs.ui", "/rbac/stat_total_users.ui",
"/rbac/user", "/rbac/user/myrole.ui", "/rbac/user/user.ui", "/rbac/user/user_panel.ui",
"/rbac/user/userapikey", "/rbac/user/userapikey/%",
"/rbac/user/userinfo.ui", "/rbac/user/edit_profile.dspy", "/rbac/user/save_profile.dspy",
"/rbac/user/wechat_login.ui",
"/rbac/userapp", "/rbac/userdepartment", "/rbac/userrole",
"/rbac/users", "/rbac/usersync", "/rbac/usersync/index.dspy",
]
print("=== Portal RBAC权限初始化 — superuser ===")
print(f"\n--- owner.superuser (超级管理员) ---")
run("owner.superuser", superuser_paths)
print("\n完成")
Reference in New Issue View Git Blame Copy Permalink