long-agent/user-system
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1cba56ea85e27b602109db6395cbf7fb2fb31ea2
user-system/tools/seed_permissions.py

83 lines
4.3 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
"""Seed default permissions and role-permission bindings into existing DB."""
import sqlite3
from datetime import datetime
DB_PATH = 'data/user_management.db'
conn = sqlite3.connect(DB_PATH)
cur = conn.cursor()
permissions = [
('User List', 'user:list', 2, 'List users', '/api/v1/users', 'GET', 10),
('View User', 'user:view', 2, 'View user detail', '/api/v1/users/:id', 'GET', 11),
('Edit User', 'user:edit', 2, 'Edit user info', '/api/v1/users/:id', 'PUT', 12),
('Delete User', 'user:delete', 2, 'Delete user', '/api/v1/users/:id', 'DELETE', 13),
('Manage User', 'user:manage', 2, 'Manage user status', '/api/v1/users/:id/status', 'PUT', 14),
('View Profile', 'profile:view', 2, 'View own profile', '/api/v1/auth/userinfo', 'GET', 20),
('Edit Profile', 'profile:edit', 2, 'Edit own profile', '/api/v1/users/:id', 'PUT', 21),
('Change Pwd', 'profile:change_password', 2, 'Change password', '/api/v1/users/:id/password', 'PUT', 22),
('Role Manage', 'role:manage', 2, 'Manage roles', '/api/v1/roles', 'GET', 30),
('Create Role', 'role:create', 2, 'Create role', '/api/v1/roles', 'POST', 31),
('Edit Role', 'role:edit', 2, 'Edit role', '/api/v1/roles/:id', 'PUT', 32),
('Delete Role', 'role:delete', 2, 'Delete role', '/api/v1/roles/:id', 'DELETE', 33),
('Perm Manage', 'permission:manage', 2, 'Manage permissions', '/api/v1/permissions', 'GET', 40),
('View Own Log', 'log:view_own', 2, 'View own login log', '/api/v1/logs/login/me', 'GET', 50),
('View All Logs', 'log:view_all', 2, 'View all logs (admin)','/api/v1/logs/login', 'GET', 51),
('Dashboard', 'stats:view', 2, 'View dashboard stats','/api/v1/admin/stats/dashboard','GET', 60),
('Device Manage', 'device:manage', 2, 'Manage devices', '/api/v1/devices', 'GET', 70),
]
now = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
perm_ids = {}
for name, code, ptype, desc, path, method, sort in permissions:
cur.execute('SELECT id FROM permissions WHERE code=?', (code,))
row = cur.fetchone()
if row:
perm_ids[code] = row[0]
print(f' skip existing: {code}')
else:
cur.execute(
'INSERT INTO permissions(name,code,type,description,level,path,method,sort,status,created_at,updated_at) VALUES(?,?,?,?,1,?,?,?,1,?,?)',
(name, code, ptype, desc, path, method, sort, now, now)
)
perm_ids[code] = cur.lastrowid
print(f' created: {code}')
conn.commit()
# Admin role: bind all permissions
cur.execute('SELECT id FROM roles WHERE code=?', ('admin',))
admin_role = cur.fetchone()
if admin_role:
rid = admin_role[0]
for code, pid in perm_ids.items():
cur.execute('SELECT 1 FROM role_permissions WHERE role_id=? AND permission_id=?', (rid, pid))
if not cur.fetchone():
cur.execute('INSERT INTO role_permissions(role_id,permission_id) VALUES(?,?)', (rid, pid))
conn.commit()
print(f'Admin role {rid}: bound {len(perm_ids)} permissions')
# User role: bind basic permissions
cur.execute('SELECT id FROM roles WHERE code=?', ('user',))
user_role = cur.fetchone()
if user_role:
rid = user_role[0]
for code in ['profile:view', 'profile:edit', 'log:view_own']:
pid = perm_ids.get(code)
if pid:
cur.execute('SELECT 1 FROM role_permissions WHERE role_id=? AND permission_id=?', (rid, pid))
if not cur.fetchone():
cur.execute('INSERT INTO role_permissions(role_id,permission_id) VALUES(?,?)', (rid, pid))
conn.commit()
print(f'User role {rid}: bound 3 base permissions')
# Summary
cur.execute('SELECT COUNT(*) FROM permissions')
print(f'\nTotal permissions: {cur.fetchone()[0]}')
cur.execute('SELECT COUNT(*) FROM role_permissions')
print(f'Total role_permissions: {cur.fetchone()[0]}')
conn.close()
print('Done.')
Reference in New Issue View Git Blame Copy Permalink