Передаем на тест

backend/src/scripts/create_admin.py

@@ -0,0 +1,82 @@
+# [DEF:backend.src.scripts.create_admin:Module]
+#
+# @SEMANTICS: admin, setup, user, auth, cli
+# @PURPOSE:   CLI tool for creating the initial admin user.
+# @LAYER:     Scripts
+# @RELATION:  USES -> backend.src.core.auth.security
+# @RELATION:  USES -> backend.src.core.database
+# @RELATION:  USES -> backend.src.models.auth
+#
+# @INVARIANT: Admin user must have the "Admin" role.
+
+# [SECTION: IMPORTS]
+import sys
+import argparse
+from pathlib import Path
+
+# Add src to path
+sys.path.append(str(Path(__file__).parent.parent.parent))
+
+from src.core.database import AuthSessionLocal, init_db
+from src.core.auth.security import get_password_hash
+from src.models.auth import User, Role, Permission
+from src.core.logger import logger, belief_scope
+# [/SECTION]
+
+# [DEF:create_admin:Function]
+# @PURPOSE: Creates an admin user and necessary roles/permissions.
+# @PRE:     username and password provided via CLI.
+# @POST:    Admin user exists in auth.db.
+#
+# @PARAM:   username (str) - Admin username.
+# @PARAM:   password (str) - Admin password.
+def create_admin(username, password):
+    with belief_scope("create_admin"):
+        db = AuthSessionLocal()
+        try:
+            # 1. Ensure Admin role exists
+            admin_role = db.query(Role).filter(Role.name == "Admin").first()
+            if not admin_role:
+                logger.info("Creating Admin role...")
+                admin_role = Role(name="Admin", description="System Administrator")
+                db.add(admin_role)
+                db.commit()
+                db.refresh(admin_role)
+
+            # 2. Check if user already exists
+            existing_user = db.query(User).filter(User.username == username).first()
+            if existing_user:
+                logger.warning(f"User {username} already exists.")
+                return
+
+            # 3. Create Admin user
+            logger.info(f"Creating admin user: {username}")
+            new_user = User(
+                username=username,
+                password_hash=get_password_hash(password),
+                auth_source="LOCAL",
+                is_active=True
+            )
+            new_user.roles.append(admin_role)
+            db.add(new_user)
+            db.commit()
+            logger.info(f"Admin user {username} created successfully.")
+            
+        except Exception as e:
+            logger.error(f"Failed to create admin user: {e}")
+            db.rollback()
+        finally:
+            db.close()
+# [/DEF:create_admin:Function]
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="Create initial admin user")
+    parser.add_argument("--username", required=True, help="Admin username")
+    parser.add_argument("--password", required=True, help="Admin password")
+    args = parser.parse_args()
+    
+    # Ensure DB is initialized before creating admin
+    init_db()
+    create_admin(args.username, args.password)
+
+# [/DEF:backend.src.scripts.create_admin:Module]

backend/src/scripts/init_auth_db.py

@@ -0,0 +1,44 @@
+# [DEF:backend.src.scripts.init_auth_db:Module]
+#
+# @SEMANTICS: setup, database, auth, migration
+# @PURPOSE:   Initializes the auth database and creates the necessary tables.
+# @LAYER:     Scripts
+# @RELATION:  CALLS -> backend.src.core.database.init_db
+#
+# @INVARIANT: Safe to run multiple times (idempotent).
+
+# [SECTION: IMPORTS]
+import sys
+import os
+from pathlib import Path
+
+# Add src to path
+sys.path.append(str(Path(__file__).parent.parent.parent))
+
+from src.core.database import init_db, auth_engine
+from src.core.logger import logger, belief_scope
+from src.scripts.seed_permissions import seed_permissions
+# [/SECTION]
+
+# [DEF:run_init:Function]
+# @PURPOSE: Main entry point for the initialization script.
+# @POST:    auth.db is initialized with the correct schema and seeded permissions.
+def run_init():
+    with belief_scope("init_auth_db"):
+        logger.info("Initializing authentication database...")
+        try:
+            init_db()
+            logger.info("Authentication database initialized successfully.")
+            
+            # Seed permissions
+            seed_permissions()
+            
+        except Exception as e:
+            logger.error(f"Failed to initialize authentication database: {e}")
+            sys.exit(1)
+# [/DEF:run_init:Function]
+
+if __name__ == "__main__":
+    run_init()
+
+# [/DEF:backend.src.scripts.init_auth_db:Module]

backend/src/scripts/seed_permissions.py

@@ -0,0 +1,79 @@
+# [DEF:backend.src.scripts.seed_permissions:Module]
+#
+# @SEMANTICS: setup, database, auth, permissions, seeding
+# @PURPOSE:   Populates the auth database with initial system permissions.
+# @LAYER:     Scripts
+# @RELATION:  USES -> backend.src.core.database.get_auth_db
+# @RELATION:  USES -> backend.src.models.auth.Permission
+#
+# @INVARIANT: Safe to run multiple times (idempotent).
+
+# [SECTION: IMPORTS]
+import sys
+from pathlib import Path
+
+# Add src to path
+sys.path.append(str(Path(__file__).parent.parent.parent))
+
+from src.core.database import AuthSessionLocal
+from src.models.auth import Permission
+from src.core.logger import logger, belief_scope
+# [/SECTION]
+
+# [DEF:INITIAL_PERMISSIONS:Constant]
+INITIAL_PERMISSIONS = [
+    # Admin Permissions
+    {"resource": "admin:users", "action": "READ"},
+    {"resource": "admin:users", "action": "WRITE"},
+    {"resource": "admin:roles", "action": "READ"},
+    {"resource": "admin:roles", "action": "WRITE"},
+    {"resource": "admin:settings", "action": "READ"},
+    {"resource": "admin:settings", "action": "WRITE"},
+    
+    # Plugin Permissions
+    {"resource": "plugin:backup", "action": "EXECUTE"},
+    {"resource": "plugin:migration", "action": "EXECUTE"},
+    {"resource": "plugin:mapper", "action": "EXECUTE"},
+    {"resource": "plugin:search", "action": "EXECUTE"},
+    {"resource": "plugin:git", "action": "EXECUTE"},
+    {"resource": "plugin:storage", "action": "EXECUTE"},
+    {"resource": "plugin:debug", "action": "EXECUTE"},
+]
+# [/DEF:INITIAL_PERMISSIONS:Constant]
+
+# [DEF:seed_permissions:Function]
+# @PURPOSE: Inserts missing permissions into the database.
+# @POST:    All INITIAL_PERMISSIONS exist in the DB.
+def seed_permissions():
+    with belief_scope("seed_permissions"):
+        db = AuthSessionLocal()
+        try:
+            logger.info("Seeding permissions...")
+            count = 0
+            for perm_data in INITIAL_PERMISSIONS:
+                exists = db.query(Permission).filter(
+                    Permission.resource == perm_data["resource"],
+                    Permission.action == perm_data["action"]
+                ).first()
+                
+                if not exists:
+                    new_perm = Permission(
+                        resource=perm_data["resource"],
+                        action=perm_data["action"]
+                    )
+                    db.add(new_perm)
+                    count += 1
+            
+            db.commit()
+            logger.info(f"Seeding completed. Added {count} new permissions.")
+        except Exception as e:
+            logger.error(f"Failed to seed permissions: {e}")
+            db.rollback()
+        finally:
+            db.close()
+# [/DEF:seed_permissions:Function]
+
+if __name__ == "__main__":
+    seed_permissions()
+
+# [/DEF:backend.src.scripts.seed_permissions:Module]