#!/usr/bin/env python3
"""
supplychain 模块 RBAC 权限管理脚本

使用方法:
    cd ~/repos/sage
    ./py3/bin/python ~/repos/supplychain/scripts/load_path.py

此脚本注册 supplychain 模块的所有 RBAC 权限路径。
每次代码变更如有新 path 出现，需同步更新本脚本的 paths 列表。

路径分类:
    - any: 静态资源/菜单，无需登录
    - logined: 需要认证的页面和 API
    - reseller.operator: 运营角色 — 供应商、供销合同管理
    - reseller.sale: 销售角色 — 二级分销商、分销协议管理
"""

import subprocess
import os
import sys

# 查找 Sage 根目录
def find_sage_root():
    candidates = [
        os.path.expanduser("~/repos/sage"),
        os.path.expanduser("~/sage"),
        os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))),
    ]
    for c in candidates:
        if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")):
            return c
    return None

SAGE_ROOT = find_sage_root()
if not SAGE_ROOT:
    print("ERROR: Cannot find Sage root directory")
    sys.exit(1)

SET_PERM = os.path.join(SAGE_ROOT, "py3", "bin", "python")
SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py")

if not os.path.exists(SET_PERM_SCRIPT):
    print(f"ERROR: set_role_perm.py not found at {SET_PERM_SCRIPT}")
    sys.exit(1)

# ============================================================
# 权限路径定义
# ============================================================

# any — 无需登录，静态资源/CRUD 别名目录
PATHS_ANY = [
    "/supplychain/menu.ui",
    "/supplychain/suppliers_list",
    "/supplychain/supply_contracts_list",
    "/supplychain/supply_contract_items_list",
    "/supplychain/sub_distributors_list",
    "/supplychain/distribution_agreements_list",
    "/supplychain/distribution_agreement_items_list",
    "/supplychain/supplychain_accounting_list",
]

# logined — 需要认证的页面和 API
PATHS_LOGINED = [
    # 模块入口
    "/supplychain",
    "/supplychain/index.ui",
    # 功能页面
    "/supplychain/suppliers.ui",
    "/supplychain/supply_contracts.ui",
    "/supplychain/sub_distributors.ui",
    "/supplychain/distribution_agreements.ui",
    "/supplychain/accounting.ui",
    # CRUD 列表页
    "/supplychain/suppliers_list/index.ui",
    "/supplychain/supply_contracts_list/index.ui",
    "/supplychain/supply_contract_items_list/index.ui",
    "/supplychain/sub_distributors_list/index.ui",
    "/supplychain/distribution_agreements_list/index.ui",
    "/supplychain/distribution_agreement_items_list/index.ui",
    "/supplychain/supplychain_accounting_list/index.ui",
    # CRUD API — suppliers
    "/supplychain/api/suppliers_create.dspy",
    "/supplychain/api/suppliers_update.dspy",
    "/supplychain/api/suppliers_delete.dspy",
    # CRUD API — supply_contracts
    "/supplychain/api/supply_contracts_create.dspy",
    "/supplychain/api/supply_contracts_update.dspy",
    "/supplychain/api/supply_contracts_delete.dspy",
    # CRUD API — supply_contract_items
    "/supplychain/api/supply_contract_items_create.dspy",
    "/supplychain/api/supply_contract_items_update.dspy",
    "/supplychain/api/supply_contract_items_delete.dspy",
    # CRUD API — sub_distributors
    "/supplychain/api/sub_distributors_create.dspy",
    "/supplychain/api/sub_distributors_update.dspy",
    "/supplychain/api/sub_distributors_delete.dspy",
    # CRUD API — distribution_agreements
    "/supplychain/api/distribution_agreements_create.dspy",
    "/supplychain/api/distribution_agreements_update.dspy",
    "/supplychain/api/distribution_agreements_delete.dspy",
    # CRUD API — distribution_agreement_items
    "/supplychain/api/distribution_agreement_items_create.dspy",
    "/supplychain/api/distribution_agreement_items_update.dspy",
    "/supplychain/api/distribution_agreement_items_delete.dspy",
    # CRUD API — supplychain_accounting
    "/supplychain/api/supplychain_accounting_create.dspy",
    "/supplychain/api/supplychain_accounting_update.dspy",
    "/supplychain/api/supplychain_accounting_delete.dspy",
    # 业务 API
    "/supplychain/api/calculate_accounting.dspy",
    "/supplychain/api/query_supply_discount.dspy",
    "/supplychain/api/query_dist_discount.dspy",
]

# 角色专属权限
PATHS_OPERATOR = [
    "/supplychain/suppliers.ui",
    "/supplychain/suppliers_list",
    "/supplychain/suppliers_list/index.ui",
    "/supplychain/api/suppliers_create.dspy",
    "/supplychain/api/suppliers_update.dspy",
    "/supplychain/api/suppliers_delete.dspy",
    "/supplychain/supply_contracts.ui",
    "/supplychain/supply_contracts_list",
    "/supplychain/supply_contracts_list/index.ui",
    "/supplychain/api/supply_contracts_create.dspy",
    "/supplychain/api/supply_contracts_update.dspy",
    "/supplychain/api/supply_contracts_delete.dspy",
    "/supplychain/supply_contract_items_list",
    "/supplychain/supply_contract_items_list/index.ui",
    "/supplychain/api/supply_contract_items_create.dspy",
    "/supplychain/api/supply_contract_items_update.dspy",
    "/supplychain/api/supply_contract_items_delete.dspy",
]

PATHS_SALE = [
    "/supplychain/sub_distributors.ui",
    "/supplychain/sub_distributors_list",
    "/supplychain/sub_distributors_list/index.ui",
    "/supplychain/api/sub_distributors_create.dspy",
    "/supplychain/api/sub_distributors_update.dspy",
    "/supplychain/api/sub_distributors_delete.dspy",
    "/supplychain/distribution_agreements.ui",
    "/supplychain/distribution_agreements_list",
    "/supplychain/distribution_agreements_list/index.ui",
    "/supplychain/api/distribution_agreements_create.dspy",
    "/supplychain/api/distribution_agreements_update.dspy",
    "/supplychain/api/distribution_agreements_delete.dspy",
    "/supplychain/distribution_agreement_items_list",
    "/supplychain/distribution_agreement_items_list/index.ui",
    "/supplychain/api/distribution_agreement_items_create.dspy",
    "/supplychain/api/distribution_agreement_items_update.dspy",
    "/supplychain/api/distribution_agreement_items_delete.dspy",
]

# ============================================================
# 执行注册
# ============================================================

def run_set_perm(role, path, verbose=True):
    """Register a single permission path."""
    cmd = [SET_PERM, SET_PERM_SCRIPT, role, path]
    result = subprocess.run(cmd, capture_output=True, text=True)
    if verbose:
        output = result.stdout.strip()
        if output:
            print(f"  {role}: {path} -> {output}")
    return result.returncode == 0


def register_role_paths(role, paths):
    """Register all paths for a role."""
    count = 0
    for path in paths:
        if run_set_perm(role, path, verbose=False):
            count += 1
    print(f"  {role}: {count}/{len(paths)} paths registered")
    return count


def main():
    print(f"Sage root: {SAGE_ROOT}")
    print(f"set_role_perm.py: {SET_PERM_SCRIPT}")
    print()

    total = 0

    print("[1/4] Registering 'any' role paths...")
    total += register_role_paths("any", PATHS_ANY)

    print("[2/4] Registering 'logined' role paths...")
    total += register_role_paths("logined", PATHS_LOGINED)

    print("[3/4] Registering 'reseller.operator' role paths...")
    total += register_role_paths("reseller.operator", PATHS_OPERATOR)

    print("[4/4] Registering 'reseller.sale' role paths...")
    total += register_role_paths("reseller.sale", PATHS_SALE)

    print()
    print(f"Done. Total {total} permission entries registered.")
    print()
    print("NOTE: Restart Sage after permission changes to reload RBAC cache.")


if __name__ == "__main__":
    main()