// eslint-disable-next-line @typescript-eslint/ban-ts-comment // @ts-nocheck // 加载环境变量(必须在其他导入之前) import * as dotenv from 'dotenv'; import * as path from 'path'; // 根据 NODE_ENV 加载对应的环境配置文件 const nodeEnv = process.env.NODE_ENV || 'development'; const envFile = `.env.${nodeEnv}`; // scripts 目录的父目录就是 backend 目录 const backendDir = path.resolve(__dirname, '..'); const envPath = path.resolve(backendDir, envFile); // 尝试加载环境特定的配置文件 dotenv.config({ path: envPath }); // 如果环境特定文件不存在,尝试加载默认的 .env 文件 if (!process.env.DATABASE_URL) { dotenv.config({ path: path.resolve(backendDir, '.env') }); } // 验证必要的环境变量 if (!process.env.DATABASE_URL) { console.error('❌ 错误: 未找到 DATABASE_URL 环境变量'); console.error(` 请确保存在以下文件之一:`); console.error(` - ${envPath}`); console.error(` - ${path.resolve(backendDir, '.env')}`); console.error(` 或者设置 NODE_ENV 环境变量(当前: ${nodeEnv})`); process.exit(1); } import { PrismaClient } from '@prisma/client'; const prisma = new PrismaClient(); // 定义所有基础权限 const permissions = [ // 用户管理权限 { code: 'user:create', resource: 'user', action: 'create', name: '创建用户', description: '允许创建新用户', }, { code: 'user:read', resource: 'user', action: 'read', name: '查看用户', description: '允许查看用户列表和详情', }, { code: 'user:update', resource: 'user', action: 'update', name: '更新用户', description: '允许更新用户信息', }, { code: 'user:delete', resource: 'user', action: 'delete', name: '删除用户', description: '允许删除用户', }, // 角色管理权限 { code: 'role:create', resource: 'role', action: 'create', name: '创建角色', description: '允许创建新角色', }, { code: 'role:read', resource: 'role', action: 'read', name: '查看角色', description: '允许查看角色列表和详情', }, { code: 'role:update', resource: 'role', action: 'update', name: '更新角色', description: '允许更新角色信息', }, { code: 'role:delete', resource: 'role', action: 'delete', name: '删除角色', description: '允许删除角色', }, { code: 'role:assign', resource: 'role', action: 'assign', name: '分配角色', description: '允许给用户分配角色', }, // 权限管理权限 { code: 'permission:create', resource: 'permission', action: 'create', name: '创建权限', description: '允许创建新权限', }, { code: 'permission:read', resource: 'permission', action: 'read', name: '查看权限', description: '允许查看权限列表和详情', }, { code: 'permission:update', resource: 'permission', action: 'update', name: '更新权限', description: '允许更新权限信息', }, { code: 'permission:delete', resource: 'permission', action: 'delete', name: '删除权限', description: '允许删除权限', }, // 菜单管理权限 { code: 'menu:create', resource: 'menu', action: 'create', name: '创建菜单', description: '允许创建新菜单', }, { code: 'menu:read', resource: 'menu', action: 'read', name: '查看菜单', description: '允许查看菜单列表和详情', }, { code: 'menu:update', resource: 'menu', action: 'update', name: '更新菜单', description: '允许更新菜单信息', }, { code: 'menu:delete', resource: 'menu', action: 'delete', name: '删除菜单', description: '允许删除菜单', }, // 数据字典权限 { code: 'dict:create', resource: 'dict', action: 'create', name: '创建字典', description: '允许创建新字典', }, { code: 'dict:read', resource: 'dict', action: 'read', name: '查看字典', description: '允许查看字典列表和详情', }, { code: 'dict:update', resource: 'dict', action: 'update', name: '更新字典', description: '允许更新字典信息', }, { code: 'dict:delete', resource: 'dict', action: 'delete', name: '删除字典', description: '允许删除字典', }, // 系统配置权限 { code: 'config:create', resource: 'config', action: 'create', name: '创建配置', description: '允许创建新配置', }, { code: 'config:read', resource: 'config', action: 'read', name: '查看配置', description: '允许查看配置列表和详情', }, { code: 'config:update', resource: 'config', action: 'update', name: '更新配置', description: '允许更新配置信息', }, { code: 'config:delete', resource: 'config', action: 'delete', name: '删除配置', description: '允许删除配置', }, // 日志管理权限 { code: 'log:read', resource: 'log', action: 'read', name: '查看日志', description: '允许查看系统日志', }, { code: 'log:delete', resource: 'log', action: 'delete', name: '删除日志', description: '允许删除系统日志', }, // 赛事管理权限 { code: 'contest:create', resource: 'contest', action: 'create', name: '创建赛事', description: '允许创建新赛事', }, { code: 'contest:read', resource: 'contest', action: 'read', name: '查看赛事', description: '允许查看赛事列表和详情', }, { code: 'contest:update', resource: 'contest', action: 'update', name: '更新赛事', description: '允许更新赛事信息', }, { code: 'contest:delete', resource: 'contest', action: 'delete', name: '删除赛事', description: '允许删除赛事', }, { code: 'contest:publish', resource: 'contest', action: 'publish', name: '发布赛事', description: '允许发布和撤回赛事', }, // 赛事公告权限 { code: 'notice:create', resource: 'notice', action: 'create', name: '创建公告', description: '允许创建赛事公告', }, { code: 'notice:read', resource: 'notice', action: 'read', name: '查看公告', description: '允许查看赛事公告', }, { code: 'notice:update', resource: 'notice', action: 'update', name: '更新公告', description: '允许更新赛事公告', }, { code: 'notice:delete', resource: 'notice', action: 'delete', name: '删除公告', description: '允许删除赛事公告', }, // 报名管理权限 { code: 'registration:read', resource: 'registration', action: 'read', name: '查看报名', description: '允许查看报名列表', }, { code: 'registration:audit', resource: 'registration', action: 'audit', name: '审核报名', description: '允许审核报名申请', }, // 作品管理权限 { code: 'work:read', resource: 'work', action: 'read', name: '查看作品', description: '允许查看参赛作品', }, { code: 'work:update', resource: 'work', action: 'update', name: '更新作品', description: '允许更新作品状态', }, // 评审管理权限 { code: 'review:read', resource: 'review', action: 'read', name: '查看评审', description: '允许查看评审信息', }, { code: 'review:assign', resource: 'review', action: 'assign', name: '分配评审', description: '允许分配作品给评委', }, { code: 'review:score', resource: 'review', action: 'score', name: '评分', description: '允许对作品进行评分', }, // 评委管理权限 { code: 'judge:create', resource: 'judge', action: 'create', name: '添加评委', description: '允许添加赛事评委', }, { code: 'judge:read', resource: 'judge', action: 'read', name: '查看评委', description: '允许查看评委列表', }, { code: 'judge:delete', resource: 'judge', action: 'delete', name: '移除评委', description: '允许移除赛事评委', }, // 赛果管理权限 { code: 'result:read', resource: 'result', action: 'read', name: '查看赛果', description: '允许查看赛果信息', }, { code: 'result:publish', resource: 'result', action: 'publish', name: '发布赛果', description: '允许发布赛事结果', }, { code: 'result:award', resource: 'result', action: 'award', name: '设置奖项', description: '允许设置作品奖项', }, // 用户密码管理权限 { code: 'user:password:update', resource: 'user', action: 'password:update', name: '修改用户密码', description: '允许修改用户密码', }, ]; async function initAdminPermissions() { try { console.log('🚀 开始为超级管理员(admin)用户初始化权限...\n'); // 1. 检查 admin 用户是否存在(先获取超级租户) console.log('👤 步骤 1: 检查 admin 用户...'); const superTenant = await prisma.tenant.findUnique({ where: { code: 'super' }, }); if (!superTenant) { console.error('❌ 错误: 超级租户不存在!'); console.error(' 请先运行 pnpm init:super-tenant 创建超级租户'); process.exit(1); } const adminUser = await prisma.user.findUnique({ where: { tenantId_username: { tenantId: superTenant.id, username: 'admin' } }, }); if (!adminUser) { console.error('❌ 错误: admin 用户不存在!'); console.error(' 请先运行 pnpm init:admin 创建 admin 用户'); process.exit(1); } console.log( `✅ admin 用户存在: ${adminUser.username} (${adminUser.nickname})\n`, ); // 2. 创建或更新所有权限 console.log('📝 步骤 2: 确保所有权限存在...'); const createdPermissions = []; for (const perm of permissions) { const permission = await prisma.permission.upsert({ where: { tenantId_code: { tenantId: superTenant.id, code: perm.code } }, update: { name: perm.name, resource: perm.resource, action: perm.action, description: perm.description, }, create: { ...perm, tenantId: superTenant.id }, }); createdPermissions.push(permission); } console.log(`✅ 共确保 ${createdPermissions.length} 个权限存在\n`); // 3. 创建或获取超级管理员角色 console.log('👤 步骤 3: 确保超级管理员角色存在...'); const adminRole = await prisma.role.upsert({ where: { tenantId_code: { tenantId: superTenant.id, code: 'super_admin' } }, update: { name: '超级管理员', description: '拥有系统所有权限的超级管理员角色', validState: 1, }, create: { tenantId: superTenant.id, name: '超级管理员', code: 'super_admin', description: '拥有系统所有权限的超级管理员角色', validState: 1, }, }); console.log( `✅ 超级管理员角色已确保存在: ${adminRole.name} (${adminRole.code})\n`, ); // 4. 确保超级管理员角色拥有所有权限 console.log('🔗 步骤 4: 为超级管理员角色分配所有权限...'); const existingRolePermissions = await prisma.rolePermission.findMany({ where: { roleId: adminRole.id }, select: { permissionId: true }, }); const existingPermissionIds = new Set( existingRolePermissions.map((rp) => rp.permissionId), ); let addedCount = 0; for (const permission of createdPermissions) { if (!existingPermissionIds.has(permission.id)) { await prisma.rolePermission.create({ data: { roleId: adminRole.id, permissionId: permission.id, }, }); addedCount++; } } if (addedCount > 0) { console.log(`✅ 为超级管理员角色添加了 ${addedCount} 个权限\n`); } else { console.log( `✅ 超级管理员角色已拥有所有权限(${createdPermissions.length} 个)\n`, ); } // 5. 确保 admin 用户拥有超级管理员角色 console.log('🔗 步骤 5: 确保 admin 用户拥有超级管理员角色...'); const existingUserRole = await prisma.userRole.findUnique({ where: { userId_roleId: { userId: adminUser.id, roleId: adminRole.id, }, }, }); if (!existingUserRole) { await prisma.userRole.create({ data: { userId: adminUser.id, roleId: adminRole.id, }, }); console.log(`✅ 已为 admin 用户分配超级管理员角色\n`); } else { console.log(`✅ admin 用户已拥有超级管理员角色\n`); } // 6. 验证结果 console.log('🔍 步骤 6: 验证结果...'); const userWithRoles = await prisma.user.findUnique({ where: { id: adminUser.id }, include: { roles: { include: { role: { include: { permissions: { include: { permission: true, }, }, }, }, }, }, }, }); const roleCodes = userWithRoles?.roles.map((ur) => ur.role.code) || []; const permissionCodes = new Set(); userWithRoles?.roles.forEach((ur) => { ur.role.permissions.forEach((rp) => { permissionCodes.add(rp.permission.code); }); }); console.log(`\n📊 初始化结果:`); console.log(` 用户名: ${adminUser.username}`); console.log(` 昵称: ${adminUser.nickname}`); console.log(` 角色: ${roleCodes.join(', ')}`); console.log(` 权限数量: ${permissionCodes.size}`); console.log(` 权限列表:`); Array.from(permissionCodes) .sort() .forEach((code) => { console.log(` - ${code}`); }); console.log(`\n✅ 超级管理员权限初始化完成!`); } catch (error) { console.error('❌ 初始化失败:', error); throw error; } finally { await prisma.$disconnect(); } } // 执行初始化 initAdminPermissions() .then(() => { console.log('\n🎉 权限初始化脚本执行完成!'); process.exit(0); }) .catch((error) => { console.error('\n💥 权限初始化脚本执行失败:', error); process.exit(1); });