114 lines
3.7 KiB
Python
114 lines
3.7 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Script to verify admin@loaf.org account configuration after RBAC migration
|
|
"""
|
|
import sys
|
|
import os
|
|
from sqlalchemy import create_engine
|
|
from sqlalchemy.orm import sessionmaker
|
|
from dotenv import load_dotenv
|
|
|
|
# Add parent directory to path to import models
|
|
sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
|
|
|
|
from models import User, Role, Permission, RolePermission
|
|
from database import DATABASE_URL
|
|
|
|
# Load environment variables
|
|
load_dotenv()
|
|
|
|
# Create database engine and session
|
|
engine = create_engine(DATABASE_URL)
|
|
Session = sessionmaker(bind=engine)
|
|
db = Session()
|
|
|
|
def verify_admin_account():
|
|
print("=" * 80)
|
|
print("VERIFYING admin@loaf.org ACCOUNT")
|
|
print("=" * 80)
|
|
|
|
# Find the user
|
|
user = db.query(User).filter(User.email == "admin@loaf.org").first()
|
|
|
|
if not user:
|
|
print("\n❌ ERROR: User 'admin@loaf.org' not found in database!")
|
|
return
|
|
|
|
print(f"\n✅ User found: {user.first_name} {user.last_name}")
|
|
print(f" Email: {user.email}")
|
|
print(f" Status: {user.status}")
|
|
print(f" Email Verified: {user.email_verified}")
|
|
|
|
# Check legacy role enum
|
|
print(f"\n📋 Legacy Role (enum): {user.role.value if user.role else 'None'}")
|
|
|
|
# Check new dynamic role
|
|
if user.role_id:
|
|
role = db.query(Role).filter(Role.id == user.role_id).first()
|
|
if role:
|
|
print(f"✅ Dynamic Role: {role.name} (code: {role.code})")
|
|
print(f" Role ID: {role.id}")
|
|
print(f" Is System Role: {role.is_system_role}")
|
|
else:
|
|
print(f"❌ ERROR: role_id set to {user.role_id} but role not found!")
|
|
else:
|
|
print("⚠️ WARNING: No dynamic role_id set")
|
|
|
|
# Check permissions
|
|
print("\n🔐 Checking Permissions:")
|
|
|
|
# Get all permissions for this role
|
|
if user.role_id:
|
|
role_perms = db.query(RolePermission).filter(
|
|
RolePermission.role_id == user.role_id
|
|
).all()
|
|
|
|
print(f" Total permissions assigned to role: {len(role_perms)}")
|
|
|
|
if len(role_perms) > 0:
|
|
print("\n Sample permissions:")
|
|
for rp in role_perms[:10]: # Show first 10
|
|
perm = db.query(Permission).filter(Permission.id == rp.permission_id).first()
|
|
if perm:
|
|
print(f" - {perm.code}: {perm.name}")
|
|
if len(role_perms) > 10:
|
|
print(f" ... and {len(role_perms) - 10} more")
|
|
else:
|
|
print(" ⚠️ WARNING: No permissions assigned to this role!")
|
|
else:
|
|
# Check legacy role permissions
|
|
from auth import UserRole
|
|
role_enum = user.role
|
|
legacy_perms = db.query(RolePermission).filter(
|
|
RolePermission.role == role_enum
|
|
).all()
|
|
print(f" Legacy permissions (via enum): {len(legacy_perms)}")
|
|
|
|
# Check if user should have access
|
|
print("\n🎯 Access Check:")
|
|
if user.role and user.role.value in ['admin', 'superadmin']:
|
|
print(" ✅ User should have admin access (based on legacy enum)")
|
|
else:
|
|
print(" ❌ User does NOT have admin access (based on legacy enum)")
|
|
|
|
if user.role_id:
|
|
role = db.query(Role).filter(Role.id == user.role_id).first()
|
|
if role and role.code in ['admin', 'superadmin']:
|
|
print(" ✅ User should have admin access (based on dynamic role)")
|
|
else:
|
|
print(" ❌ User does NOT have admin access (based on dynamic role)")
|
|
|
|
print("\n" + "=" * 80)
|
|
print("VERIFICATION COMPLETE")
|
|
print("=" * 80)
|
|
|
|
if __name__ == "__main__":
|
|
try:
|
|
verify_admin_account()
|
|
except Exception as e:
|
|
print(f"\n❌ ERROR: {e}")
|
|
import traceback
|
|
traceback.print_exc()
|
|
finally:
|
|
db.close()
|