tonytech/library-picturebook-activity
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7800b7786d
library-picturebook-activity/backend/scripts/init-admin-permissions.ts

422 lines
11 KiB
TypeScript
Raw Normal View History

feat: init
2025-11-23 14:04:20 +08:00
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-nocheck
// 加载环境变量(必须在其他导入之前)
import * as dotenv from 'dotenv';
import * as path from 'path';
// 根据 NODE_ENV 加载对应的环境配置文件
const nodeEnv = process.env.NODE_ENV || 'development';
const envFile = `.env.${nodeEnv}`;
// scripts 目录的父目录就是 backend 目录
const backendDir = path.resolve(__dirname, '..');
const envPath = path.resolve(backendDir, envFile);
// 尝试加载环境特定的配置文件
dotenv.config({ path: envPath });
// 如果环境特定文件不存在,尝试加载默认的 .env 文件
if (!process.env.DATABASE_URL) {
dotenv.config({ path: path.resolve(backendDir, '.env') });
}
// 验证必要的环境变量
if (!process.env.DATABASE_URL) {
console.error('❌ 错误: 未找到 DATABASE_URL 环境变量');
console.error(` 请确保存在以下文件之一:`);
console.error(` - ${envPath}`);
console.error(` - ${path.resolve(backendDir, '.env')}`);
console.error(` 或者设置 NODE_ENV 环境变量(当前: ${nodeEnv})`);
process.exit(1);
}
import { PrismaClient } from '@prisma/client';
const prisma = new PrismaClient();
// 定义所有基础权限
const permissions = [
// 用户管理权限
{
code: 'user:create',
resource: 'user',
action: 'create',
name: '创建用户',
description: '允许创建新用户',
},
{
code: 'user:read',
resource: 'user',
action: 'read',
name: '查看用户',
description: '允许查看用户列表和详情',
},
{
code: 'user:update',
resource: 'user',
action: 'update',
name: '更新用户',
description: '允许更新用户信息',
},
{
code: 'user:delete',
resource: 'user',
action: 'delete',
name: '删除用户',
description: '允许删除用户',
},
// 角色管理权限
{
code: 'role:create',
resource: 'role',
action: 'create',
name: '创建角色',
description: '允许创建新角色',
},
{
code: 'role:read',
resource: 'role',
action: 'read',
name: '查看角色',
description: '允许查看角色列表和详情',
},
{
code: 'role:update',
resource: 'role',
action: 'update',
name: '更新角色',
description: '允许更新角色信息',
},
{
code: 'role:delete',
resource: 'role',
action: 'delete',
name: '删除角色',
description: '允许删除角色',
},
{
code: 'role:assign',
resource: 'role',
action: 'assign',
name: '分配角色',
description: '允许给用户分配角色',
},
// 权限管理权限
{
code: 'permission:create',
resource: 'permission',
action: 'create',
name: '创建权限',
description: '允许创建新权限',
},
{
code: 'permission:read',
resource: 'permission',
action: 'read',
name: '查看权限',
description: '允许查看权限列表和详情',
},
{
code: 'permission:update',
resource: 'permission',
action: 'update',
name: '更新权限',
description: '允许更新权限信息',
},
{
code: 'permission:delete',
resource: 'permission',
action: 'delete',
name: '删除权限',
description: '允许删除权限',
},
// 菜单管理权限
{
code: 'menu:create',
resource: 'menu',
action: 'create',
name: '创建菜单',
description: '允许创建新菜单',
},
{
code: 'menu:read',
resource: 'menu',
action: 'read',
name: '查看菜单',
description: '允许查看菜单列表和详情',
},
{
code: 'menu:update',
resource: 'menu',
action: 'update',
name: '更新菜单',
description: '允许更新菜单信息',
},
{
code: 'menu:delete',
resource: 'menu',
action: 'delete',
name: '删除菜单',
description: '允许删除菜单',
},
// 数据字典权限
{
code: 'dict:create',
resource: 'dict',
action: 'create',
name: '创建字典',
description: '允许创建新字典',
},
{
code: 'dict:read',
resource: 'dict',
action: 'read',
name: '查看字典',
description: '允许查看字典列表和详情',
},
{
code: 'dict:update',
resource: 'dict',
action: 'update',
name: '更新字典',
description: '允许更新字典信息',
},
{
code: 'dict:delete',
resource: 'dict',
action: 'delete',
name: '删除字典',
description: '允许删除字典',
},
// 系统配置权限
{
code: 'config:create',
resource: 'config',
action: 'create',
name: '创建配置',
description: '允许创建新配置',
},
{
code: 'config:read',
resource: 'config',
action: 'read',
name: '查看配置',
description: '允许查看配置列表和详情',
},
{
code: 'config:update',
resource: 'config',
action: 'update',
name: '更新配置',
description: '允许更新配置信息',
},
{
code: 'config:delete',
resource: 'config',
action: 'delete',
name: '删除配置',
description: '允许删除配置',
},
// 日志管理权限
{
code: 'log:read',
resource: 'log',
action: 'read',
name: '查看日志',
description: '允许查看系统日志',
},
{
code: 'log:delete',
resource: 'log',
action: 'delete',
name: '删除日志',
description: '允许删除系统日志',
},
// 用户密码管理权限
{
code: 'user:password:update',
resource: 'user',
action: 'password:update',
name: '修改用户密码',
description: '允许修改用户密码',
},
];
async function initAdminPermissions() {
try {
console.log('🚀 开始为超级管理员admin用户初始化权限...\n');
// 1. 检查 admin 用户是否存在
console.log('👤 步骤 1: 检查 admin 用户...');
const adminUser = await prisma.user.findUnique({
where: { username: 'admin' },
});
if (!adminUser) {
console.error('❌ 错误: admin 用户不存在!');
console.error(' 请先运行 pnpm init:admin 创建 admin 用户');
process.exit(1);
}
console.log(
`✅ admin 用户存在: ${adminUser.username} (${adminUser.nickname})\n`,
);
// 2. 创建或更新所有权限
console.log('📝 步骤 2: 确保所有权限存在...');
const createdPermissions = [];
for (const perm of permissions) {
const permission = await prisma.permission.upsert({
where: { code: perm.code },
update: {
name: perm.name,
resource: perm.resource,
action: perm.action,
description: perm.description,
},
create: perm,
});
createdPermissions.push(permission);
}
console.log(`✅ 共确保 ${createdPermissions.length} 个权限存在\n`);
// 3. 创建或获取超级管理员角色
console.log('👤 步骤 3: 确保超级管理员角色存在...');
const adminRole = await prisma.role.upsert({
where: { code: 'super_admin' },
update: {
name: '超级管理员',
description: '拥有系统所有权限的超级管理员角色',
validState: 1,
},
create: {
name: '超级管理员',
code: 'super_admin',
description: '拥有系统所有权限的超级管理员角色',
validState: 1,
},
});
console.log(
`✅ 超级管理员角色已确保存在: ${adminRole.name} (${adminRole.code})\n`,
);
// 4. 确保超级管理员角色拥有所有权限
console.log('🔗 步骤 4: 为超级管理员角色分配所有权限...');
const existingRolePermissions = await prisma.rolePermission.findMany({
where: { roleId: adminRole.id },
select: { permissionId: true },
});
const existingPermissionIds = new Set(
existingRolePermissions.map((rp) => rp.permissionId),
);
let addedCount = 0;
for (const permission of createdPermissions) {
if (!existingPermissionIds.has(permission.id)) {
await prisma.rolePermission.create({
data: {
roleId: adminRole.id,
permissionId: permission.id,
},
});
addedCount++;
}
}
if (addedCount > 0) {
console.log(`✅ 为超级管理员角色添加了 ${addedCount} 个权限\n`);
} else {
console.log(
`✅ 超级管理员角色已拥有所有权限(${createdPermissions.length} 个)\n`,
);
}
// 5. 确保 admin 用户拥有超级管理员角色
console.log('🔗 步骤 5: 确保 admin 用户拥有超级管理员角色...');
const existingUserRole = await prisma.userRole.findUnique({
where: {
userId_roleId: {
userId: adminUser.id,
roleId: adminRole.id,
},
},
});
if (!existingUserRole) {
await prisma.userRole.create({
data: {
userId: adminUser.id,
roleId: adminRole.id,
},
});
console.log(`✅ 已为 admin 用户分配超级管理员角色\n`);
} else {
console.log(`✅ admin 用户已拥有超级管理员角色\n`);
}
// 6. 验证结果
console.log('🔍 步骤 6: 验证结果...');
const userWithRoles = await prisma.user.findUnique({
where: { id: adminUser.id },
include: {
roles: {
include: {
role: {
include: {
permissions: {
include: {
permission: true,
},
},
},
},
},
},
},
});
const roleCodes = userWithRoles?.roles.map((ur) => ur.role.code) || [];
const permissionCodes = new Set<string>();
userWithRoles?.roles.forEach((ur) => {
ur.role.permissions.forEach((rp) => {
permissionCodes.add(rp.permission.code);
});
});
console.log(`\n📊 初始化结果:`);
console.log(` 用户名: ${adminUser.username}`);
console.log(` 昵称: ${adminUser.nickname}`);
console.log(` 角色: ${roleCodes.join(', ')}`);
console.log(` 权限数量: ${permissionCodes.size}`);
console.log(` 权限列表:`);
Array.from(permissionCodes)
.sort()
.forEach((code) => {
console.log(` - ${code}`);
});
console.log(`\n✅ 超级管理员权限初始化完成!`);
} catch (error) {
console.error('❌ 初始化失败:', error);
throw error;
} finally {
await prisma.$disconnect();
}
}
// 执行初始化
initAdminPermissions()
.then(() => {
console.log('\n🎉 权限初始化脚本执行完成!');
process.exit(0);
})
.catch((error) => {
console.error('\n💥 权限初始化脚本执行失败:', error);
process.exit(1);
});
Reference in New Issue Copy Permalink