feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

tools/seed_permissions.py

@@ -0,0 +1,82 @@
+# -*- coding: utf-8 -*-
+"""Seed default permissions and role-permission bindings into existing DB."""
+import sqlite3
+from datetime import datetime
+
+DB_PATH = 'data/user_management.db'
+conn = sqlite3.connect(DB_PATH)
+cur = conn.cursor()
+
+permissions = [
+    ('User List',     'user:list',               2, 'List users',         '/api/v1/users',                'GET',    10),
+    ('View User',     'user:view',               2, 'View user detail',    '/api/v1/users/:id',            'GET',    11),
+    ('Edit User',     'user:edit',               2, 'Edit user info',      '/api/v1/users/:id',            'PUT',    12),
+    ('Delete User',   'user:delete',             2, 'Delete user',         '/api/v1/users/:id',            'DELETE', 13),
+    ('Manage User',   'user:manage',             2, 'Manage user status',  '/api/v1/users/:id/status',     'PUT',    14),
+    ('View Profile',  'profile:view',            2, 'View own profile',    '/api/v1/auth/userinfo',        'GET',    20),
+    ('Edit Profile',  'profile:edit',            2, 'Edit own profile',    '/api/v1/users/:id',            'PUT',    21),
+    ('Change Pwd',    'profile:change_password', 2, 'Change password',     '/api/v1/users/:id/password',   'PUT',    22),
+    ('Role Manage',   'role:manage',             2, 'Manage roles',        '/api/v1/roles',                'GET',    30),
+    ('Create Role',   'role:create',             2, 'Create role',         '/api/v1/roles',                'POST',   31),
+    ('Edit Role',     'role:edit',               2, 'Edit role',           '/api/v1/roles/:id',            'PUT',    32),
+    ('Delete Role',   'role:delete',             2, 'Delete role',         '/api/v1/roles/:id',            'DELETE', 33),
+    ('Perm Manage',   'permission:manage',       2, 'Manage permissions',  '/api/v1/permissions',          'GET',    40),
+    ('View Own Log',  'log:view_own',            2, 'View own login log',  '/api/v1/logs/login/me',        'GET',    50),
+    ('View All Logs', 'log:view_all',            2, 'View all logs (admin)','/api/v1/logs/login',          'GET',    51),
+    ('Dashboard',     'stats:view',              2, 'View dashboard stats','/api/v1/admin/stats/dashboard','GET',    60),
+    ('Device Manage', 'device:manage',           2, 'Manage devices',      '/api/v1/devices',              'GET',    70),
+]
+
+now = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+perm_ids = {}
+
+for name, code, ptype, desc, path, method, sort in permissions:
+    cur.execute('SELECT id FROM permissions WHERE code=?', (code,))
+    row = cur.fetchone()
+    if row:
+        perm_ids[code] = row[0]
+        print(f'  skip existing: {code}')
+    else:
+        cur.execute(
+            'INSERT INTO permissions(name,code,type,description,level,path,method,sort,status,created_at,updated_at) VALUES(?,?,?,?,1,?,?,?,1,?,?)',
+            (name, code, ptype, desc, path, method, sort, now, now)
+        )
+        perm_ids[code] = cur.lastrowid
+        print(f'  created: {code}')
+
+conn.commit()
+
+# Admin role: bind all permissions
+cur.execute('SELECT id FROM roles WHERE code=?', ('admin',))
+admin_role = cur.fetchone()
+if admin_role:
+    rid = admin_role[0]
+    for code, pid in perm_ids.items():
+        cur.execute('SELECT 1 FROM role_permissions WHERE role_id=? AND permission_id=?', (rid, pid))
+        if not cur.fetchone():
+            cur.execute('INSERT INTO role_permissions(role_id,permission_id) VALUES(?,?)', (rid, pid))
+    conn.commit()
+    print(f'Admin role {rid}: bound {len(perm_ids)} permissions')
+
+# User role: bind basic permissions
+cur.execute('SELECT id FROM roles WHERE code=?', ('user',))
+user_role = cur.fetchone()
+if user_role:
+    rid = user_role[0]
+    for code in ['profile:view', 'profile:edit', 'log:view_own']:
+        pid = perm_ids.get(code)
+        if pid:
+            cur.execute('SELECT 1 FROM role_permissions WHERE role_id=? AND permission_id=?', (rid, pid))
+            if not cur.fetchone():
+                cur.execute('INSERT INTO role_permissions(role_id,permission_id) VALUES(?,?)', (rid, pid))
+    conn.commit()
+    print(f'User role {rid}: bound 3 base permissions')
+
+# Summary
+cur.execute('SELECT COUNT(*) FROM permissions')
+print(f'\nTotal permissions: {cur.fetchone()[0]}')
+cur.execute('SELECT COUNT(*) FROM role_permissions')
+print(f'Total role_permissions: {cur.fetchone()[0]}')
+
+conn.close()
+print('Done.')