kayela/membership-be
1
0
Fork 0
forked from andika/membership-be
Code Pull Requests Activity

- Add Dockerfile and .dockerignore- Fix initial DB creation- Fix seed permission

Browse Source
This commit is contained in:
Koncept Kit
2026-01-26 20:06:22 +07:00
parent b29bb641f5
commit ea87b3f6ee
7 changed files with 402 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
seed_permissions_rbac.py
View File

@@ -118,6 +118,40 @@ PERMISSIONS = [
{"code": "permissions.audit", "name": "View Permission Audit Log", "description": "View permission change audit logs", "module": "permissions"},
]
# Default system roles that must exist
DEFAULT_ROLES = [
{
"code": "guest",
"name": "Guest",
"description": "Default role for new registrations with no special permissions",
"is_system_role": True
},
{
"code": "member",
"name": "Member",
"description": "Active paying members with access to member-only content",
"is_system_role": True
},
{
"code": "finance",
"name": "Finance",
"description": "Financial management role with access to payments, subscriptions, and reports",
"is_system_role": True
},
{
"code": "admin",
"name": "Admin",
"description": "Board members with full management access except RBAC",
"is_system_role": True
},
{
"code": "superadmin",
"name": "Superadmin",
"description": "Full system access including RBAC management",
"is_system_role": True
},
]
# Default permission assignments for dynamic roles
DEFAULT_ROLE_PERMISSIONS = {
"guest": [], # Guests have no permissions
@@ -196,7 +230,34 @@ def seed_permissions():
print(f"\n⚠️ WARNING: Tables not fully cleared! Stopping.")
return
# Step 2: Create permissions
# Step 2: Create default system roles
print(f"\n👤 Creating {len(DEFAULT_ROLES)} system roles...")
role_map = {}
for role_data in DEFAULT_ROLES:
# Check if role already exists
existing_role = db.query(Role).filter(Role.code == role_data["code"]).first()
if existing_role:
print(f"{role_data['name']}: Already exists, updating...")
existing_role.name = role_data["name"]
existing_role.description = role_data["description"]
existing_role.is_system_role = role_data["is_system_role"]
role_map[role_data["code"]] = existing_role
else:
print(f"{role_data['name']}: Creating...")
role = Role(
code=role_data["code"],
name=role_data["name"],
description=role_data["description"],
is_system_role=role_data["is_system_role"]
)
db.add(role)
role_map[role_data["code"]] = role
db.commit()
print(f"✓ Created/updated {len(DEFAULT_ROLES)} system roles")
# Step 3: Create permissions
print(f"\n📝 Creating {len(PERMISSIONS)} permissions...")
permission_map = {} # Map code to permission object
@@ -213,13 +274,13 @@ def seed_permissions():
db.commit()
print(f"✓ Created {len(PERMISSIONS)} permissions")
# Step 3: Get all roles from database
print("\n🔍 Fetching dynamic roles...")
# Step 4: Verify roles exist
print("\n🔍 Verifying dynamic roles...")
roles = db.query(Role).all()
role_map = {role.code: role for role in roles}
print(f"✓ Found {len(roles)} roles: {', '.join(role_map.keys())}")
# Step 4: Assign permissions to roles
# Step 5: Assign permissions to roles
print("\n🔐 Assigning permissions to roles...")
from models import UserRole # Import for enum mapping
@@ -258,7 +319,7 @@ def seed_permissions():
db.commit()
print(f"{role.name}: Assigned {len(permission_codes)} permissions")
# Step 5: Summary
# Step 6: Summary
print("\n" + "=" * 80)
print("📊 SEEDING SUMMARY")
print("=" * 80)
@@ -273,7 +334,8 @@ def seed_permissions():
for module, count in sorted(modules.items()):
print(f"{module.capitalize()}: {count} permissions")
print(f"\nTotal permissions created: {len(PERMISSIONS)}")
print(f"\nTotal system roles created: {len(DEFAULT_ROLES)}")
print(f"Total permissions created: {len(PERMISSIONS)}")
print(f"Total role-permission mappings: {total_assigned}")
print("\n✅ Permission seeding completed successfully!")
print("\nNext step: Restart backend server")