#!/usr/bin/env python3
"""
workflow_approval 模块 RBAC 权限管理脚本

使用方法:
    cd ~/repos/sage
    ./py3/bin/python ~/workflow_approval/scripts/load_path.py

每次代码变更如有新 path 出现，需同步更新此脚本。
"""

import subprocess
import os
import sys

def find_sage_root():
    candidates = [
        os.path.expanduser("~/repos/sage"),
        os.path.expanduser("~/sage"),
        os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))),
    ]
    for c in candidates:
        if os.path.isdir(os.path.join(c, "py3")) and os.path.isdir(os.path.join(c, "wwwroot")):
            return c
    return None

SAGE_ROOT = find_sage_root()
if not SAGE_ROOT:
    print("ERROR: Cannot find Sage root directory")
    sys.exit(1)

PYTHON = os.path.join(SAGE_ROOT, "py3", "bin", "python")
SET_PERM_SCRIPT = os.path.join(SAGE_ROOT, "set_role_perm.py")

MOD = "workflow_approval"

# ============================================================
# 权限路径定义 — 每次新增页面或API时同步更新
# ============================================================

# any — 无需登录（菜单、登录页等）
PATHS_ANY = [
    f"/workflow_approval/menu.ui",]

# logined — 需要认证的页面和 API
PATHS_LOGINED = [
    f"/workflow_approval",
    f"/workflow_approval/api/instance_create.dspy",
    f"/workflow_approval/api/instance_list.dspy",
    f"/workflow_approval/api/step_create.dspy",
    f"/workflow_approval/api/step_delete.dspy",
    f"/workflow_approval/api/step_list.dspy",
    f"/workflow_approval/api/step_update.dspy",
    f"/workflow_approval/api/task_approve.dspy",
    f"/workflow_approval/api/task_list.dspy",
    f"/workflow_approval/api/task_reject.dspy",
    f"/workflow_approval/api/workflow_create.dspy",
    f"/workflow_approval/api/workflow_delete.dspy",
    f"/workflow_approval/api/workflow_list.dspy",
    f"/workflow_approval/api/workflow_update.dspy",
    f"/workflow_approval/approval_instance",
    f"/workflow_approval/approval_instance.ui",
    f"/workflow_approval/approval_step",
    f"/workflow_approval/approval_task",
    f"/workflow_approval/approval_task.ui",
    f"/workflow_approval/approval_task_detail.ui",
    f"/workflow_approval/approval_workflow",
    f"/workflow_approval/approval_workflow.ui",
    f"/workflow_approval/base.ui",
    f"/workflow_approval/index.ui",
    f"/workflow_approval/mobile_base.ui",]

# ============================================================
# 执行注册
# ============================================================

def run_set_perm(role, path):
    cmd = [PYTHON, SET_PERM_SCRIPT, role, path]
    result = subprocess.run(cmd, capture_output=True, text=True)
    return result.returncode == 0

def register_role_paths(role, paths):
    count = 0
    for p in paths:
        if run_set_perm(role, p):
            count += 1
    print(f"  {role}: {count}/{len(paths)} paths registered")
    return count

def main():
    print(f"Sage root: {SAGE_ROOT}")
    total = 0
    total += register_role_paths("any", PATHS_ANY)
    total += register_role_paths("logined", PATHS_LOGINED)
    print(f"\nDone. Total {total} permission entries registered.")
    print("NOTE: Restart Sage after permission changes to reload RBAC cache.")

if __name__ == "__main__":
    main()