#!/usr/bin/env python3 """ Add Directory Permissions Script This script adds the new directory.view and directory.manage permissions without clearing existing permissions. Usage: python add_directory_permissions.py """ import os import sys from sqlalchemy import create_engine, text from sqlalchemy.orm import sessionmaker from database import Base from models import Permission, RolePermission, Role, UserRole from dotenv import load_dotenv # Load environment variables load_dotenv() # Database connection DATABASE_URL = os.getenv("DATABASE_URL") if not DATABASE_URL: print("Error: DATABASE_URL environment variable not set") sys.exit(1) engine = create_engine(DATABASE_URL) SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine) # New directory permissions NEW_PERMISSIONS = [ {"code": "directory.view", "name": "View Directory Settings", "description": "View member directory field configuration", "module": "directory"}, {"code": "directory.manage", "name": "Manage Directory Fields", "description": "Enable/disable directory fields shown in Profile and Directory pages", "module": "directory"}, ] # Roles that should have these permissions ROLE_PERMISSION_MAP = { "directory.view": ["admin", "superadmin"], "directory.manage": ["admin", "superadmin"], } def add_directory_permissions(): """Add directory permissions and assign to appropriate roles""" db = SessionLocal() try: print("=" * 60) print("Adding Directory Permissions") print("=" * 60) # Step 1: Add permissions if they don't exist print("\n1. Adding permissions...") permission_map = {} for perm_data in NEW_PERMISSIONS: existing = db.query(Permission).filter(Permission.code == perm_data["code"]).first() if existing: print(f" - {perm_data['code']}: Already exists") permission_map[perm_data["code"]] = existing else: permission = Permission( code=perm_data["code"], name=perm_data["name"], description=perm_data["description"], module=perm_data["module"] ) db.add(permission) db.flush() # Get the ID permission_map[perm_data["code"]] = permission print(f" - {perm_data['code']}: Created") db.commit() # Step 2: Get roles print("\n2. Fetching roles...") roles = db.query(Role).all() role_map = {role.code: role for role in roles} print(f" Found {len(roles)} roles: {', '.join(role_map.keys())}") # Enum mapping for backward compatibility role_enum_map = { 'guest': UserRole.guest, 'member': UserRole.member, 'admin': UserRole.admin, 'superadmin': UserRole.superadmin, 'finance': UserRole.finance } # Step 3: Assign permissions to roles print("\n3. Assigning permissions to roles...") for perm_code, role_codes in ROLE_PERMISSION_MAP.items(): permission = permission_map.get(perm_code) if not permission: print(f" Warning: Permission {perm_code} not found") continue for role_code in role_codes: role = role_map.get(role_code) if not role: print(f" Warning: Role {role_code} not found") continue # Check if mapping already exists existing_mapping = db.query(RolePermission).filter( RolePermission.role_id == role.id, RolePermission.permission_id == permission.id ).first() if existing_mapping: print(f" - {role_code} -> {perm_code}: Already assigned") else: role_enum = role_enum_map.get(role_code, UserRole.guest) mapping = RolePermission( role=role_enum, role_id=role.id, permission_id=permission.id ) db.add(mapping) print(f" - {role_code} -> {perm_code}: Assigned") db.commit() print("\n" + "=" * 60) print("Directory permissions added successfully!") print("=" * 60) except Exception as e: db.rollback() print(f"\nError: {str(e)}") import traceback traceback.print_exc() raise finally: db.close() if __name__ == "__main__": add_directory_permissions()