tonytech/library-picturebook-activity
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2981449353
library-picturebook-activity/backend/scripts/init-admin-permissions.ts
zhangxiaohua f5d3d0a5f5 新增赛事管理
2026-01-08 09:17:46 +08:00

599 lines
15 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-nocheck
// 加载环境变量(必须在其他导入之前)
import * as dotenv from 'dotenv';
import * as path from 'path';
// 根据 NODE_ENV 加载对应的环境配置文件
const nodeEnv = process.env.NODE_ENV || 'development';
const envFile = `.env.${nodeEnv}`;
// scripts 目录的父目录就是 backend 目录
const backendDir = path.resolve(__dirname, '..');
const envPath = path.resolve(backendDir, envFile);
// 尝试加载环境特定的配置文件
dotenv.config({ path: envPath });
// 如果环境特定文件不存在,尝试加载默认的 .env 文件
if (!process.env.DATABASE_URL) {
dotenv.config({ path: path.resolve(backendDir, '.env') });
}
// 验证必要的环境变量
if (!process.env.DATABASE_URL) {
console.error('❌ 错误: 未找到 DATABASE_URL 环境变量');
console.error(` 请确保存在以下文件之一:`);
console.error(` - ${envPath}`);
console.error(` - ${path.resolve(backendDir, '.env')}`);
console.error(` 或者设置 NODE_ENV 环境变量(当前: ${nodeEnv})`);
process.exit(1);
}
import { PrismaClient } from '@prisma/client';
const prisma = new PrismaClient();
// 定义所有基础权限
const permissions = [
// 用户管理权限
{
code: 'user:create',
resource: 'user',
action: 'create',
name: '创建用户',
description: '允许创建新用户',
},
{
code: 'user:read',
resource: 'user',
action: 'read',
name: '查看用户',
description: '允许查看用户列表和详情',
},
{
code: 'user:update',
resource: 'user',
action: 'update',
name: '更新用户',
description: '允许更新用户信息',
},
{
code: 'user:delete',
resource: 'user',
action: 'delete',
name: '删除用户',
description: '允许删除用户',
},
// 角色管理权限
{
code: 'role:create',
resource: 'role',
action: 'create',
name: '创建角色',
description: '允许创建新角色',
},
{
code: 'role:read',
resource: 'role',
action: 'read',
name: '查看角色',
description: '允许查看角色列表和详情',
},
{
code: 'role:update',
resource: 'role',
action: 'update',
name: '更新角色',
description: '允许更新角色信息',
},
{
code: 'role:delete',
resource: 'role',
action: 'delete',
name: '删除角色',
description: '允许删除角色',
},
{
code: 'role:assign',
resource: 'role',
action: 'assign',
name: '分配角色',
description: '允许给用户分配角色',
},
// 权限管理权限
{
code: 'permission:create',
resource: 'permission',
action: 'create',
name: '创建权限',
description: '允许创建新权限',
},
{
code: 'permission:read',
resource: 'permission',
action: 'read',
name: '查看权限',
description: '允许查看权限列表和详情',
},
{
code: 'permission:update',
resource: 'permission',
action: 'update',
name: '更新权限',
description: '允许更新权限信息',
},
{
code: 'permission:delete',
resource: 'permission',
action: 'delete',
name: '删除权限',
description: '允许删除权限',
},
// 菜单管理权限
{
code: 'menu:create',
resource: 'menu',
action: 'create',
name: '创建菜单',
description: '允许创建新菜单',
},
{
code: 'menu:read',
resource: 'menu',
action: 'read',
name: '查看菜单',
description: '允许查看菜单列表和详情',
},
{
code: 'menu:update',
resource: 'menu',
action: 'update',
name: '更新菜单',
description: '允许更新菜单信息',
},
{
code: 'menu:delete',
resource: 'menu',
action: 'delete',
name: '删除菜单',
description: '允许删除菜单',
},
// 数据字典权限
{
code: 'dict:create',
resource: 'dict',
action: 'create',
name: '创建字典',
description: '允许创建新字典',
},
{
code: 'dict:read',
resource: 'dict',
action: 'read',
name: '查看字典',
description: '允许查看字典列表和详情',
},
{
code: 'dict:update',
resource: 'dict',
action: 'update',
name: '更新字典',
description: '允许更新字典信息',
},
{
code: 'dict:delete',
resource: 'dict',
action: 'delete',
name: '删除字典',
description: '允许删除字典',
},
// 系统配置权限
{
code: 'config:create',
resource: 'config',
action: 'create',
name: '创建配置',
description: '允许创建新配置',
},
{
code: 'config:read',
resource: 'config',
action: 'read',
name: '查看配置',
description: '允许查看配置列表和详情',
},
{
code: 'config:update',
resource: 'config',
action: 'update',
name: '更新配置',
description: '允许更新配置信息',
},
{
code: 'config:delete',
resource: 'config',
action: 'delete',
name: '删除配置',
description: '允许删除配置',
},
// 日志管理权限
{
code: 'log:read',
resource: 'log',
action: 'read',
name: '查看日志',
description: '允许查看系统日志',
},
{
code: 'log:delete',
resource: 'log',
action: 'delete',
name: '删除日志',
description: '允许删除系统日志',
},
// 赛事管理权限
{
code: 'contest:create',
resource: 'contest',
action: 'create',
name: '创建赛事',
description: '允许创建新赛事',
},
{
code: 'contest:read',
resource: 'contest',
action: 'read',
name: '查看赛事',
description: '允许查看赛事列表和详情',
},
{
code: 'contest:update',
resource: 'contest',
action: 'update',
name: '更新赛事',
description: '允许更新赛事信息',
},
{
code: 'contest:delete',
resource: 'contest',
action: 'delete',
name: '删除赛事',
description: '允许删除赛事',
},
{
code: 'contest:publish',
resource: 'contest',
action: 'publish',
name: '发布赛事',
description: '允许发布和撤回赛事',
},
// 赛事公告权限
{
code: 'notice:create',
resource: 'notice',
action: 'create',
name: '创建公告',
description: '允许创建赛事公告',
},
{
code: 'notice:read',
resource: 'notice',
action: 'read',
name: '查看公告',
description: '允许查看赛事公告',
},
{
code: 'notice:update',
resource: 'notice',
action: 'update',
name: '更新公告',
description: '允许更新赛事公告',
},
{
code: 'notice:delete',
resource: 'notice',
action: 'delete',
name: '删除公告',
description: '允许删除赛事公告',
},
// 报名管理权限
{
code: 'registration:read',
resource: 'registration',
action: 'read',
name: '查看报名',
description: '允许查看报名列表',
},
{
code: 'registration:audit',
resource: 'registration',
action: 'audit',
name: '审核报名',
description: '允许审核报名申请',
},
// 作品管理权限
{
code: 'work:read',
resource: 'work',
action: 'read',
name: '查看作品',
description: '允许查看参赛作品',
},
{
code: 'work:update',
resource: 'work',
action: 'update',
name: '更新作品',
description: '允许更新作品状态',
},
// 评审管理权限
{
code: 'review:read',
resource: 'review',
action: 'read',
name: '查看评审',
description: '允许查看评审信息',
},
{
code: 'review:assign',
resource: 'review',
action: 'assign',
name: '分配评审',
description: '允许分配作品给评委',
},
{
code: 'review:score',
resource: 'review',
action: 'score',
name: '评分',
description: '允许对作品进行评分',
},
// 评委管理权限
{
code: 'judge:create',
resource: 'judge',
action: 'create',
name: '添加评委',
description: '允许添加赛事评委',
},
{
code: 'judge:read',
resource: 'judge',
action: 'read',
name: '查看评委',
description: '允许查看评委列表',
},
{
code: 'judge:delete',
resource: 'judge',
action: 'delete',
name: '移除评委',
description: '允许移除赛事评委',
},
// 赛果管理权限
{
code: 'result:read',
resource: 'result',
action: 'read',
name: '查看赛果',
description: '允许查看赛果信息',
},
{
code: 'result:publish',
resource: 'result',
action: 'publish',
name: '发布赛果',
description: '允许发布赛事结果',
},
{
code: 'result:award',
resource: 'result',
action: 'award',
name: '设置奖项',
description: '允许设置作品奖项',
},
// 用户密码管理权限
{
code: 'user:password:update',
resource: 'user',
action: 'password:update',
name: '修改用户密码',
description: '允许修改用户密码',
},
];
async function initAdminPermissions() {
try {
console.log('🚀 开始为超级管理员admin用户初始化权限...\n');
// 1. 检查 admin 用户是否存在(先获取超级租户)
console.log('👤 步骤 1: 检查 admin 用户...');
const superTenant = await prisma.tenant.findUnique({
where: { code: 'super' },
});
if (!superTenant) {
console.error('❌ 错误: 超级租户不存在!');
console.error(' 请先运行 pnpm init:super-tenant 创建超级租户');
process.exit(1);
}
const adminUser = await prisma.user.findUnique({
where: { tenantId_username: { tenantId: superTenant.id, username: 'admin' } },
});
if (!adminUser) {
console.error('❌ 错误: admin 用户不存在!');
console.error(' 请先运行 pnpm init:admin 创建 admin 用户');
process.exit(1);
}
console.log(
`✅ admin 用户存在: ${adminUser.username} (${adminUser.nickname})\n`,
);
// 2. 创建或更新所有权限
console.log('📝 步骤 2: 确保所有权限存在...');
const createdPermissions = [];
for (const perm of permissions) {
const permission = await prisma.permission.upsert({
where: { tenantId_code: { tenantId: superTenant.id, code: perm.code } },
update: {
name: perm.name,
resource: perm.resource,
action: perm.action,
description: perm.description,
},
create: { ...perm, tenantId: superTenant.id },
});
createdPermissions.push(permission);
}
console.log(`✅ 共确保 ${createdPermissions.length} 个权限存在\n`);
// 3. 创建或获取超级管理员角色
console.log('👤 步骤 3: 确保超级管理员角色存在...');
const adminRole = await prisma.role.upsert({
where: { tenantId_code: { tenantId: superTenant.id, code: 'super_admin' } },
update: {
name: '超级管理员',
description: '拥有系统所有权限的超级管理员角色',
validState: 1,
},
create: {
tenantId: superTenant.id,
name: '超级管理员',
code: 'super_admin',
description: '拥有系统所有权限的超级管理员角色',
validState: 1,
},
});
console.log(
`✅ 超级管理员角色已确保存在: ${adminRole.name} (${adminRole.code})\n`,
);
// 4. 确保超级管理员角色拥有所有权限
console.log('🔗 步骤 4: 为超级管理员角色分配所有权限...');
const existingRolePermissions = await prisma.rolePermission.findMany({
where: { roleId: adminRole.id },
select: { permissionId: true },
});
const existingPermissionIds = new Set(
existingRolePermissions.map((rp) => rp.permissionId),
);
let addedCount = 0;
for (const permission of createdPermissions) {
if (!existingPermissionIds.has(permission.id)) {
await prisma.rolePermission.create({
data: {
roleId: adminRole.id,
permissionId: permission.id,
},
});
addedCount++;
}
}
if (addedCount > 0) {
console.log(`✅ 为超级管理员角色添加了 ${addedCount} 个权限\n`);
} else {
console.log(
`✅ 超级管理员角色已拥有所有权限(${createdPermissions.length} 个)\n`,
);
}
// 5. 确保 admin 用户拥有超级管理员角色
console.log('🔗 步骤 5: 确保 admin 用户拥有超级管理员角色...');
const existingUserRole = await prisma.userRole.findUnique({
where: {
userId_roleId: {
userId: adminUser.id,
roleId: adminRole.id,
},
},
});
if (!existingUserRole) {
await prisma.userRole.create({
data: {
userId: adminUser.id,
roleId: adminRole.id,
},
});
console.log(`✅ 已为 admin 用户分配超级管理员角色\n`);
} else {
console.log(`✅ admin 用户已拥有超级管理员角色\n`);
}
// 6. 验证结果
console.log('🔍 步骤 6: 验证结果...');
const userWithRoles = await prisma.user.findUnique({
where: { id: adminUser.id },
include: {
roles: {
include: {
role: {
include: {
permissions: {
include: {
permission: true,
},
},
},
},
},
},
},
});
const roleCodes = userWithRoles?.roles.map((ur) => ur.role.code) || [];
const permissionCodes = new Set<string>();
userWithRoles?.roles.forEach((ur) => {
ur.role.permissions.forEach((rp) => {
permissionCodes.add(rp.permission.code);
});
});
console.log(`\n📊 初始化结果:`);
console.log(` 用户名: ${adminUser.username}`);
console.log(` 昵称: ${adminUser.nickname}`);
console.log(` 角色: ${roleCodes.join(', ')}`);
console.log(` 权限数量: ${permissionCodes.size}`);
console.log(` 权限列表:`);
Array.from(permissionCodes)
.sort()
.forEach((code) => {
console.log(` - ${code}`);
});
console.log(`\n✅ 超级管理员权限初始化完成!`);
} catch (error) {
console.error('❌ 初始化失败:', error);
throw error;
} finally {
await prisma.$disconnect();
}
}
// 执行初始化
initAdminPermissions()
.then(() => {
console.log('\n🎉 权限初始化脚本执行完成!');
process.exit(0);
})
.catch((error) => {
console.error('\n💥 权限初始化脚本执行失败:', error);
process.exit(1);
});
Reference in New Issue View Git Blame Copy Permalink