feat: add load_path.py RBAC permission registration script

2026-05-27 13:16:11 +08:00 · 2026-05-27 13:16:11 +08:00 · 5f62326ce2
commit 5f62326ce2
parent d0b588d82c
1 changed files with 99 additions and 0 deletions
--- a/scripts/load_path.py
+++ b/scripts/load_path.py
@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+"""
+workflow_approval 模块 RBAC 权限管理脚本
+
+使用方法:
+    cd ~/repos/sage
+    ./py3/bin/python ~/workflow_approval/scripts/load_path.py
+
+每次代码变更如有新 path 出现，需同步更新此脚本。
+"""
+
+import subprocess
+import os
+import sys
+
+def find_sage_root():
+    candidates = [
+        os.path.expanduser("~/repos/sage"),
+        os.path.expanduser("~/sage"),
+        os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))),
+    ]
+    for c in candidates:
+        if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")):
+            return c
+    return None
+
+SAGE_ROOT = find_sage_root()
+if not SAGE_ROOT:
+    print("ERROR: Cannot find Sage root directory")
+    sys.exit(1)
+
+PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python")
+SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py")
+
+MOD = "workflow_approval"
+
+# ============================================================
+# 权限路径定义 — 每次新增页面或API时同步更新
+# ============================================================
+
+# any — 无需登录（菜单、登录页等）
+PATHS_ANY = [
+    f"/workflow_approval/menu.ui",]
+
+# logined — 需要认证的页面和 API
+PATHS_LOGINED = [
+    f"/workflow_approval",
+    f"/workflow_approval/api/instance_create.dspy",
+    f"/workflow_approval/api/instance_list.dspy",
+    f"/workflow_approval/api/step_create.dspy",
+    f"/workflow_approval/api/step_delete.dspy",
+    f"/workflow_approval/api/step_list.dspy",
+    f"/workflow_approval/api/step_update.dspy",
+    f"/workflow_approval/api/task_approve.dspy",
+    f"/workflow_approval/api/task_list.dspy",
+    f"/workflow_approval/api/task_reject.dspy",
+    f"/workflow_approval/api/workflow_create.dspy",
+    f"/workflow_approval/api/workflow_delete.dspy",
+    f"/workflow_approval/api/workflow_list.dspy",
+    f"/workflow_approval/api/workflow_update.dspy",
+    f"/workflow_approval/approval_instance",
+    f"/workflow_approval/approval_instance.ui",
+    f"/workflow_approval/approval_step",
+    f"/workflow_approval/approval_task",
+    f"/workflow_approval/approval_task.ui",
+    f"/workflow_approval/approval_task_detail.ui",
+    f"/workflow_approval/approval_workflow",
+    f"/workflow_approval/approval_workflow.ui",
+    f"/workflow_approval/base.ui",
+    f"/workflow_approval/index.ui",
+    f"/workflow_approval/mobile_base.ui",]
+
+# ============================================================
+# 执行注册
+# ============================================================
+
+def run_set_perm(role, path):
+    cmd = [PYTHON, SET_PERM_SCRIPT, role, path]
+    result = subprocess.run(cmd, capture_output=True, text=True)
+    return result.returncode == 0
+
+def register_role_paths(role, paths):
+    count = 0
+    for p in paths:
+        if run_set_perm(role, p):
+            count += 1
+    print(f"  {role}: {count}/{len(paths)} paths registered")
+    return count
+
+def main():
+    print(f"Sage root: {SAGE_ROOT}")
+    total = 0
+    total += register_role_paths("any", PATHS_ANY)
+    total += register_role_paths("logined", PATHS_LOGINED)
+    print(f"\nDone. Total {total} permission entries registered.")
+    print("NOTE: Restart Sage after permission changes to reload RBAC cache.")
+
+if __name__ == "__main__":
+    main()