第一次提交

2026-01-19 00:09:36 +08:00
parent de4b5059e9
commit 6674060f2f
191 changed files with 40940 additions and 0 deletions
--- a/backend/scripts/init_rbac_data.py
+++ b/backend/scripts/init_rbac_data.py
@@ -0,0 +1,190 @@
+#!/usr/bin/env python3
+"""
+初始化RBAC数据
+创建系统角色和权限
+"""
+import sys
+import os
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+from app.core.database import SessionLocal
+from app.models.permission import Role, Permission
+import uuid
+
+# 系统角色定义
+SYSTEM_ROLES = [
+    {
+        "name": "admin",
+        "description": "系统管理员，拥有所有权限",
+        "is_system": True
+    },
+    {
+        "name": "developer",
+        "description": "开发者，可以创建和管理工作流、Agent",
+        "is_system": True
+    },
+    {
+        "name": "viewer",
+        "description": "查看者，只能查看工作流和执行记录",
+        "is_system": True
+    },
+    {
+        "name": "operator",
+        "description": "操作员，可以执行工作流，但不能修改",
+        "is_system": True
+    }
+]
+
+# 权限定义
+PERMISSIONS = [
+    # 工作流权限
+    {"name": "工作流-创建", "code": "workflow:create", "resource": "workflow", "action": "create", "description": "创建工作流"},
+    {"name": "工作流-查看", "code": "workflow:read", "resource": "workflow", "action": "read", "description": "查看工作流"},
+    {"name": "工作流-更新", "code": "workflow:update", "resource": "workflow", "action": "update", "description": "更新工作流"},
+    {"name": "工作流-删除", "code": "workflow:delete", "resource": "workflow", "action": "delete", "description": "删除工作流"},
+    {"name": "工作流-执行", "code": "workflow:execute", "resource": "workflow", "action": "execute", "description": "执行工作流"},
+    {"name": "工作流-分享", "code": "workflow:share", "resource": "workflow", "action": "share", "description": "分享工作流"},
+    
+    # Agent权限
+    {"name": "Agent-创建", "code": "agent:create", "resource": "agent", "action": "create", "description": "创建Agent"},
+    {"name": "Agent-查看", "code": "agent:read", "resource": "agent", "action": "read", "description": "查看Agent"},
+    {"name": "Agent-更新", "code": "agent:update", "resource": "agent", "action": "update", "description": "更新Agent"},
+    {"name": "Agent-删除", "code": "agent:delete", "resource": "agent", "action": "delete", "description": "删除Agent"},
+    {"name": "Agent-执行", "code": "agent:execute", "resource": "agent", "action": "execute", "description": "执行Agent"},
+    {"name": "Agent-部署", "code": "agent:deploy", "resource": "agent", "action": "deploy", "description": "部署Agent"},
+    
+    # 执行权限
+    {"name": "执行-查看", "code": "execution:read", "resource": "execution", "action": "read", "description": "查看执行记录"},
+    {"name": "执行-取消", "code": "execution:cancel", "resource": "execution", "action": "cancel", "description": "取消执行"},
+    
+    # 数据源权限
+    {"name": "数据源-创建", "code": "data_source:create", "resource": "data_source", "action": "create", "description": "创建数据源"},
+    {"name": "数据源-查看", "code": "data_source:read", "resource": "data_source", "action": "read", "description": "查看数据源"},
+    {"name": "数据源-更新", "code": "data_source:update", "resource": "data_source", "action": "update", "description": "更新数据源"},
+    {"name": "数据源-删除", "code": "data_source:delete", "resource": "data_source", "action": "delete", "description": "删除数据源"},
+    
+    # 模型配置权限
+    {"name": "模型配置-创建", "code": "model_config:create", "resource": "model_config", "action": "create", "description": "创建模型配置"},
+    {"name": "模型配置-查看", "code": "model_config:read", "resource": "model_config", "action": "read", "description": "查看模型配置"},
+    {"name": "模型配置-更新", "code": "model_config:update", "resource": "model_config", "action": "update", "description": "更新模型配置"},
+    {"name": "模型配置-删除", "code": "model_config:delete", "resource": "model_config", "action": "delete", "description": "删除模型配置"},
+    
+    # 权限管理权限
+    {"name": "权限-管理", "code": "permission:manage", "resource": "permission", "action": "manage", "description": "管理权限和角色"},
+]
+
+# 角色权限映射
+ROLE_PERMISSIONS = {
+    "admin": ["*"],  # 所有权限
+    "developer": [
+        "workflow:create", "workflow:read", "workflow:update", "workflow:delete", "workflow:execute", "workflow:share",
+        "agent:create", "agent:read", "agent:update", "agent:delete", "agent:execute", "agent:deploy",
+        "execution:read", "execution:cancel",
+        "data_source:create", "data_source:read", "data_source:update", "data_source:delete",
+        "model_config:create", "model_config:read", "model_config:update", "model_config:delete"
+    ],
+    "viewer": [
+        "workflow:read",
+        "agent:read",
+        "execution:read",
+        "data_source:read",
+        "model_config:read"
+    ],
+    "operator": [
+        "workflow:read", "workflow:execute",
+        "agent:read", "agent:execute",
+        "execution:read", "execution:cancel"
+    ]
+}
+
+
+def init_rbac_data():
+    """初始化RBAC数据"""
+    db = SessionLocal()
+    try:
+        print("=" * 60)
+        print("初始化RBAC数据")
+        print("=" * 60)
+        print()
+        
+        # 创建权限
+        print("创建权限...")
+        permission_map = {}
+        for perm_data in PERMISSIONS:
+            existing = db.query(Permission).filter(Permission.code == perm_data["code"]).first()
+            if existing:
+                print(f"  权限已存在: {perm_data['code']}")
+                permission_map[perm_data["code"]] = existing
+            else:
+                permission = Permission(
+                    id=str(uuid.uuid4()),
+                    name=perm_data["name"],
+                    code=perm_data["code"],
+                    resource=perm_data["resource"],
+                    action=perm_data["action"],
+                    description=perm_data["description"]
+                )
+                db.add(permission)
+                permission_map[perm_data["code"]] = permission
+                print(f"  ✅ 创建权限: {perm_data['code']}")
+        
+        db.commit()
+        print()
+        
+        # 创建角色
+        print("创建角色...")
+        role_map = {}
+        for role_data in SYSTEM_ROLES:
+            existing = db.query(Role).filter(Role.name == role_data["name"]).first()
+            if existing:
+                print(f"  角色已存在: {role_data['name']}")
+                role_map[role_data["name"]] = existing
+            else:
+                role = Role(
+                    id=str(uuid.uuid4()),
+                    name=role_data["name"],
+                    description=role_data["description"],
+                    is_system=role_data["is_system"]
+                )
+                db.add(role)
+                role_map[role_data["name"]] = role
+                print(f"  ✅ 创建角色: {role_data['name']}")
+        
+        db.commit()
+        print()
+        
+        # 分配权限给角色
+        print("分配权限给角色...")
+        for role_name, permission_codes in ROLE_PERMISSIONS.items():
+            role = role_map.get(role_name)
+            if not role:
+                continue
+            
+            if permission_codes == ["*"]:
+                # 管理员拥有所有权限
+                role.permissions = list(permission_map.values())
+                print(f"  ✅ {role_name}: 分配所有权限")
+            else:
+                # 分配指定权限
+                permissions = [permission_map[code] for code in permission_codes if code in permission_map]
+                role.permissions = permissions
+                print(f"  ✅ {role_name}: 分配 {len(permissions)} 个权限")
+        
+        db.commit()
+        print()
+        
+        print("=" * 60)
+        print("✅ RBAC数据初始化完成！")
+        print("=" * 60)
+        
+    except Exception as e:
+        db.rollback()
+        print(f"❌ 初始化失败: {e}")
+        import traceback
+        traceback.print_exc()
+    finally:
+        db.close()
+
+
+if __name__ == "__main__":
+    init_rbac_data()