yumoqing/portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
portal/init_any_permissions.py
Hermes Agent ae06dda9da feat: portal webapp - CMS独立Web应用壳 
- app/portal.py: 主入口,通过from cms.init import load_cms加载业务模块
- conf/config.json: 应用配置(ocai_cms数据库, 端口9090, cms模块wwwroot挂载到/cms)
- wwwroot/: 公开页面(index/news/cases/products)和公开API
- build.sh: 构建脚本(安装基础设施包+pip install cms模块+DDL/CRUD生成)
- deploy.sh: 一键部署脚本(构建→建表→初始数据→权限→启动)
- init_data.py: 从cms模块init/data.yaml加载初始数据
- init_any/superuser_permissions.py: RBAC权限初始化
2026-06-15 11:06:10 +08:00

93 lines
2.9 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

"""
Portal RBAC权限初始化 — any (匿名) 角色
扫描 wwwroot 和 bricks 下的公开页面,授予 any 角色权限
规则:
- wwwroot/* → /<file> (公开页面和API)
- bricks/* → /bricks/<file>
- /cms/* 由 cms/scripts/load_path.py 管理(需要登录)
用法: cd ~/repos/portal && py3/bin/python init_any_permissions.py
"""
import os, sys, subprocess
def find_app_root():
return os.path.dirname(os.path.abspath(__file__))
app_root = find_app_root()
sage_root = None
for c in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
if os.path.isdir(os.path.join(c, "py3", "bin")):
sage_root = c
break
if not sage_root:
print("ERROR: 找不到Sage无法初始化权限")
sys.exit(1)
py = os.path.join(sage_root, "py3", "bin", "python")
sp = os.path.join(sage_root, "set_role_perm.py")
if not os.path.exists(sp):
print("ERROR: 找不到set_role_perm.py")
sys.exit(1)
SKIP_DIRS = {".git", "__pycache__", "node_modules", ".svn"}
SKIP_EXTS = {".pyc", ".pyo", ".swp", ".swo", ".bak", ".orig", ".log", ".pid", ".lock"}
def scan_dir(base_dir, url_prefix):
paths = []
if not os.path.isdir(base_dir):
return paths
for root, dirs, files in os.walk(base_dir):
dirs[:] = [d for d in dirs if d not in SKIP_DIRS]
for f in sorted(files):
_, ext = os.path.splitext(f)
if ext.lower() in SKIP_EXTS or f.startswith("."):
continue
full_path = os.path.join(root, f)
if os.path.islink(full_path):
link_target = os.path.realpath(full_path)
if not link_target.startswith(app_root):
continue
rel_path = os.path.relpath(full_path, base_dir)
url = url_prefix + "/" + rel_path.replace(os.sep, "/")
paths.append(url)
return paths
def set_any_perms(paths):
count = 0
env = os.environ.copy()
env['SAGE_RBAC_DB'] = 'ocai_cms'
for p in paths:
result = subprocess.run(
[py, sp, "any", p],
cwd=sage_root, capture_output=True, text=True, env=env
)
status = "" if result.returncode == 0 else ""
print(f" {status} any {p}")
count += 1
return count
print("=== Portal RBAC权限初始化 — any (匿名访问) ===")
print(f"Sage: {sage_root}")
print()
# 1. wwwroot/ 公开页面和API
wwwroot_dir = os.path.join(app_root, "wwwroot")
root_paths = scan_dir(wwwroot_dir, "")
root_paths.append("/") # 根路径
print(f"--- wwwroot/ → / ({len(root_paths)} 个路径) ---")
n1 = set_any_perms(root_paths)
# 2. bricks/
bricks_dir = os.path.join(app_root, "bricks")
bricks_paths = scan_dir(bricks_dir, "/bricks")
if bricks_paths:
print(f"\n--- bricks → /bricks ({len(bricks_paths)} 个文件) ---")
n2 = set_any_perms(bricks_paths)
else:
n2 = 0
print(f"\n--- bricks → /bricks (未构建,跳过) ---")
total = n1 + n2
print(f"\n=== 完成: 共设置 {total} 个any权限 ===")
Reference in New Issue View Git Blame Copy Permalink