tested

2026-01-27 23:49:19 +03:00
parent d3c3a80ed2
commit e7b31accd6
33 changed files with 58782 additions and 79457 deletions
--- a/backend/src/scripts/seed_permissions.py
+++ b/backend/src/scripts/seed_permissions.py
@@ -16,7 +16,8 @@ from pathlib import Path
 sys.path.append(str(Path(__file__).parent.parent.parent))

 from src.core.database import AuthSessionLocal
-from src.models.auth import Permission
+from src.models.auth import Permission, Role
+from src.core.auth.repository import AuthRepository
 from src.core.logger import logger, belief_scope
 # [/SECTION]

@@ -29,6 +30,10 @@ INITIAL_PERMISSIONS = [
    {"resource": "admin:roles", "action": "WRITE"},
    {"resource": "admin:settings", "action": "READ"},
    {"resource": "admin:settings", "action": "WRITE"},
+    {"resource": "environments", "action": "READ"},
+    {"resource": "plugins", "action": "READ"},
+    {"resource": "tasks", "action": "READ"},
+    {"resource": "tasks", "action": "WRITE"},
    
    # Plugin Permissions
    {"resource": "plugin:backup", "action": "EXECUTE"},
@@ -37,6 +42,8 @@ INITIAL_PERMISSIONS = [
    {"resource": "plugin:search", "action": "EXECUTE"},
    {"resource": "plugin:git", "action": "EXECUTE"},
    {"resource": "plugin:storage", "action": "EXECUTE"},
+    {"resource": "plugin:storage", "action": "READ"},
+    {"resource": "plugin:storage", "action": "WRITE"},
    {"resource": "plugin:debug", "action": "EXECUTE"},
 ]
 # [/DEF:INITIAL_PERMISSIONS:Constant]
@@ -66,6 +73,36 @@ def seed_permissions():
            
            db.commit()
            logger.info(f"Seeding completed. Added {count} new permissions.")
+
+            # Assign permissions to User role
+            repo = AuthRepository(db)
+            user_role = repo.get_role_by_name("User")
+            if not user_role:
+                user_role = Role(name="User", description="Standard user with plugin access")
+                db.add(user_role)
+                db.flush()
+            
+            user_permissions = [
+                ("plugin:mapper", "EXECUTE"),
+                ("plugin:migration", "EXECUTE"),
+                ("plugin:backup", "EXECUTE"),
+                ("plugin:git", "EXECUTE"),
+                ("plugin:storage", "READ"),
+                ("plugin:storage", "WRITE"),
+                ("environments", "READ"),
+                ("plugins", "READ"),
+                ("tasks", "READ"),
+                ("tasks", "WRITE"),
+            ]
+
+            for res, act in user_permissions:
+                perm = repo.get_permission_by_resource_action(res, act)
+                if perm and perm not in user_role.permissions:
+                    user_role.permissions.append(perm)
+            
+            db.commit()
+            logger.info("User role permissions updated.")
+
        except Exception as e:
            logger.error(f"Failed to seed permissions: {e}")
            db.rollback()