From 5f62326ce23a6f84765cb01daafaf06f8cefcc36 Mon Sep 17 00:00:00 2001 From: yumoqing Date: Wed, 27 May 2026 13:16:11 +0800 Subject: [PATCH] feat: add load_path.py RBAC permission registration script --- scripts/load_path.py | 99 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 scripts/load_path.py diff --git a/scripts/load_path.py b/scripts/load_path.py new file mode 100644 index 0000000..deca80d --- /dev/null +++ b/scripts/load_path.py @@ -0,0 +1,99 @@ +#!/usr/bin/env python3 +""" +workflow_approval 模块 RBAC 权限管理脚本 + +使用方法: + cd ~/repos/sage + ./py3/bin/python ~/workflow_approval/scripts/load_path.py + +每次代码变更如有新 path 出现,需同步更新此脚本。 +""" + +import subprocess +import os +import sys + +def find_sage_root(): + candidates = [ + os.path.expanduser("~/repos/sage"), + os.path.expanduser("~/sage"), + os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))), + ] + for c in candidates: + if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")): + return c + return None + +SAGE_ROOT = find_sage_root() +if not SAGE_ROOT: + print("ERROR: Cannot find Sage root directory") + sys.exit(1) + +PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python") +SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py") + +MOD = "workflow_approval" + +# ============================================================ +# 权限路径定义 — 每次新增页面或API时同步更新 +# ============================================================ + +# any — 无需登录(菜单、登录页等) +PATHS_ANY = [ + f"/workflow_approval/menu.ui",] + +# logined — 需要认证的页面和 API +PATHS_LOGINED = [ + f"/workflow_approval", + f"/workflow_approval/api/instance_create.dspy", + f"/workflow_approval/api/instance_list.dspy", + f"/workflow_approval/api/step_create.dspy", + f"/workflow_approval/api/step_delete.dspy", + f"/workflow_approval/api/step_list.dspy", + f"/workflow_approval/api/step_update.dspy", + f"/workflow_approval/api/task_approve.dspy", + f"/workflow_approval/api/task_list.dspy", + f"/workflow_approval/api/task_reject.dspy", + f"/workflow_approval/api/workflow_create.dspy", + f"/workflow_approval/api/workflow_delete.dspy", + f"/workflow_approval/api/workflow_list.dspy", + f"/workflow_approval/api/workflow_update.dspy", + f"/workflow_approval/approval_instance", + f"/workflow_approval/approval_instance.ui", + f"/workflow_approval/approval_step", + f"/workflow_approval/approval_task", + f"/workflow_approval/approval_task.ui", + f"/workflow_approval/approval_task_detail.ui", + f"/workflow_approval/approval_workflow", + f"/workflow_approval/approval_workflow.ui", + f"/workflow_approval/base.ui", + f"/workflow_approval/index.ui", + f"/workflow_approval/mobile_base.ui",] + +# ============================================================ +# 执行注册 +# ============================================================ + +def run_set_perm(role, path): + cmd = [PYTHON, SET_PERM_SCRIPT, role, path] + result = subprocess.run(cmd, capture_output=True, text=True) + return result.returncode == 0 + +def register_role_paths(role, paths): + count = 0 + for p in paths: + if run_set_perm(role, p): + count += 1 + print(f" {role}: {count}/{len(paths)} paths registered") + return count + +def main(): + print(f"Sage root: {SAGE_ROOT}") + total = 0 + total += register_role_paths("any", PATHS_ANY) + total += register_role_paths("logined", PATHS_LOGINED) + print(f"\nDone. Total {total} permission entries registered.") + print("NOTE: Restart Sage after permission changes to reload RBAC cache.") + +if __name__ == "__main__": + main()