#!/bin/bash
# 初始化默认数据和权限

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
cd "$PROJECT_ROOT/base_platform"

echo "正在生成密码哈希..."
HASHED_PASSWORD=$(source venv/bin/activate && python3 -c "from passlib.context import CryptContext; pwd_context = CryptContext(schemes=['bcrypt'], deprecated='auto'); print(pwd_context.hash('Hellotax@2026#Admin'))")

echo "正在初始化数据库..."

# 1. 创建/更新租户0（平台公共资源）
docker exec base_platform_postgres psql -U user -d base_platform -c "INSERT INTO tenants (id, name, code, status, created_at, updated_at, is_deleted) VALUES (0, '平台公共资源', 'platform', 'active', NOW(), NOW(), false) ON CONFLICT (id) DO UPDATE SET name = '平台公共资源', code = 'platform', status = 'active';"

# 2. 创建管理员账号（平台级，tenant_id=NULL）
docker exec base_platform_postgres psql -U user -d base_platform -c "INSERT INTO users (email, name, hashed_password, role, tenant_id, is_active, is_verified, created_at, updated_at, is_deleted) VALUES ('admin@hellotax.cn', '管理员', '${HASHED_PASSWORD}', 'platform_admin', NULL, true, true, NOW(), NOW(), false) ON CONFLICT (email) DO UPDATE SET tenant_id = NULL, role = 'platform_admin', is_active = true, is_verified = true, hashed_password = '${HASHED_PASSWORD}';"

# 3. 获取用户ID
USER_ID=$(docker exec base_platform_postgres psql -U user -d base_platform -t -c "SELECT id FROM users WHERE email = 'admin@hellotax.cn';")
USER_ID=$(echo $USER_ID | xargs)

echo "正在配置 Casbin 权限..."

# 4. 配置 platform_admin 角色权限（仅 Domain 0）
RESOURCES=("knowledge_bases" "knowledge_categories" "knowledge_tags" "agents" "models" "providers" "users" "audit_logs")
ACTIONS=("read" "create" "update" "delete" "execute")

for resource in "${RESOURCES[@]}"; do
    for action in "${ACTIONS[@]}"; do
        docker exec base_platform_postgres psql -U user -d base_platform -c "INSERT INTO casbin_rule (ptype, v0, v1, v2, v3) VALUES ('p', 'role:platform_admin', '0', '$resource', '$action') ON CONFLICT DO NOTHING;" > /dev/null
    done
done

# 5. 为管理员分配角色（Domain 0）
docker exec base_platform_postgres psql -U user -d base_platform -c "INSERT INTO casbin_rule (ptype, v0, v1, v2) VALUES ('g', 'user:$USER_ID', 'role:platform_admin', '0') ON CONFLICT DO NOTHING;"

echo ""
echo "✓ 租户0: 平台公共资源"
echo "✓ 管理员: admin@hellotax.cn (ID: $USER_ID, tenant_id: NULL)"
echo "✓ Casbin 权限已配置 (Domain 0)"
echo "✅ 默认数据和权限初始化完成"