fix: finalize semantic repair and test updates
This commit is contained in:
@@ -1,10 +1,13 @@
|
||||
# [DEF:backend.src.scripts.seed_permissions:Module]
|
||||
# [DEF:SeedPermissionsScript:Module]
|
||||
#
|
||||
# @SEMANTICS: setup, database, auth, permissions, seeding
|
||||
# @PURPOSE: Populates the auth database with initial system permissions.
|
||||
# @COMPLEXITY: 3
|
||||
# @LAYER: Scripts
|
||||
# @RELATION: USES -> backend.src.core.database.get_auth_db
|
||||
# @RELATION: USES -> backend.src.models.auth.Permission
|
||||
# @RELATION: DEPENDS_ON -> AuthSessionLocal
|
||||
# @RELATION: DEPENDS_ON -> Permission
|
||||
# @RELATION: DEPENDS_ON -> Role
|
||||
# @RELATION: DEPENDS_ON -> AuthRepository
|
||||
#
|
||||
# @INVARIANT: Safe to run multiple times (idempotent).
|
||||
|
||||
@@ -22,6 +25,9 @@ from src.core.logger import logger, belief_scope
|
||||
# [/SECTION]
|
||||
|
||||
# [DEF:INITIAL_PERMISSIONS:Constant]
|
||||
# @PURPOSE: Canonical bootstrap permission tuples seeded into auth storage.
|
||||
# @COMPLEXITY: 3
|
||||
# @RELATION: DEPENDS_ON -> SeedPermissionsScript
|
||||
INITIAL_PERMISSIONS = [
|
||||
# Admin Permissions
|
||||
{"resource": "admin:users", "action": "READ"},
|
||||
@@ -34,7 +40,6 @@ INITIAL_PERMISSIONS = [
|
||||
{"resource": "plugins", "action": "READ"},
|
||||
{"resource": "tasks", "action": "READ"},
|
||||
{"resource": "tasks", "action": "WRITE"},
|
||||
|
||||
# Plugin Permissions
|
||||
{"resource": "plugin:backup", "action": "EXECUTE"},
|
||||
{"resource": "plugin:migration", "action": "EXECUTE"},
|
||||
@@ -46,7 +51,6 @@ INITIAL_PERMISSIONS = [
|
||||
{"resource": "plugin:storage", "action": "WRITE"},
|
||||
{"resource": "plugin:debug", "action": "EXECUTE"},
|
||||
{"resource": "git_config", "action": "READ"},
|
||||
|
||||
# Dataset Review Permissions
|
||||
{"resource": "dataset:session", "action": "READ"},
|
||||
{"resource": "dataset:session", "action": "MANAGE"},
|
||||
@@ -57,9 +61,16 @@ INITIAL_PERMISSIONS = [
|
||||
]
|
||||
# [/DEF:INITIAL_PERMISSIONS:Constant]
|
||||
|
||||
|
||||
# [DEF:seed_permissions:Function]
|
||||
# @PURPOSE: Inserts missing permissions into the database.
|
||||
# @COMPLEXITY: 3
|
||||
# @POST: All INITIAL_PERMISSIONS exist in the DB.
|
||||
# @RELATION: DEPENDS_ON -> AuthSessionLocal
|
||||
# @RELATION: DEPENDS_ON -> Permission
|
||||
# @RELATION: DEPENDS_ON -> Role
|
||||
# @RELATION: DEPENDS_ON -> AuthRepository
|
||||
# @RELATION: DEPENDS_ON -> INITIAL_PERMISSIONS
|
||||
def seed_permissions():
|
||||
with belief_scope("seed_permissions"):
|
||||
db = AuthSessionLocal()
|
||||
@@ -67,19 +78,22 @@ def seed_permissions():
|
||||
logger.info("Seeding permissions...")
|
||||
count = 0
|
||||
for perm_data in INITIAL_PERMISSIONS:
|
||||
exists = db.query(Permission).filter(
|
||||
Permission.resource == perm_data["resource"],
|
||||
Permission.action == perm_data["action"]
|
||||
).first()
|
||||
|
||||
exists = (
|
||||
db.query(Permission)
|
||||
.filter(
|
||||
Permission.resource == perm_data["resource"],
|
||||
Permission.action == perm_data["action"],
|
||||
)
|
||||
.first()
|
||||
)
|
||||
|
||||
if not exists:
|
||||
new_perm = Permission(
|
||||
resource=perm_data["resource"],
|
||||
action=perm_data["action"]
|
||||
resource=perm_data["resource"], action=perm_data["action"]
|
||||
)
|
||||
db.add(new_perm)
|
||||
count += 1
|
||||
|
||||
|
||||
db.commit()
|
||||
logger.info(f"Seeding completed. Added {count} new permissions.")
|
||||
|
||||
@@ -87,10 +101,12 @@ def seed_permissions():
|
||||
repo = AuthRepository(db)
|
||||
user_role = repo.get_role_by_name("User")
|
||||
if not user_role:
|
||||
user_role = Role(name="User", description="Standard user with plugin access")
|
||||
user_role = Role(
|
||||
name="User", description="Standard user with plugin access"
|
||||
)
|
||||
db.add(user_role)
|
||||
db.flush()
|
||||
|
||||
|
||||
user_permissions = [
|
||||
("plugin:mapper", "EXECUTE"),
|
||||
("plugin:migration", "EXECUTE"),
|
||||
@@ -113,7 +129,7 @@ def seed_permissions():
|
||||
perm = repo.get_permission_by_resource_action(res, act)
|
||||
if perm and perm not in user_role.permissions:
|
||||
user_role.permissions.append(perm)
|
||||
|
||||
|
||||
db.commit()
|
||||
logger.info("User role permissions updated.")
|
||||
|
||||
@@ -122,9 +138,11 @@ def seed_permissions():
|
||||
db.rollback()
|
||||
finally:
|
||||
db.close()
|
||||
|
||||
|
||||
# [/DEF:seed_permissions:Function]
|
||||
|
||||
if __name__ == "__main__":
|
||||
seed_permissions()
|
||||
|
||||
# [/DEF:backend.src.scripts.seed_permissions:Module]
|
||||
# [/DEF:SeedPermissionsScript:Module]
|
||||
|
||||
Reference in New Issue
Block a user