checklist/backend/update_permissions.py

"""
Script para actualizar automáticamente las verificaciones de permisos en main.py
Reemplaza las verificaciones de role string por verificaciones basadas en permisos
"""

import re

def update_permissions():
    with open('app/main.py', 'r', encoding='utf-8') as f:
        content = f.read()
    
    # Mapa de reemplazos: patrón -> reemplazo
    replacements = [
        # Gestión de usuarios
        (
            r'if current_user\.role != "admin":\s+raise HTTPException\(status_code=403, detail="No tienes permisos para ver usuarios"\)',
            'require_permission(current_user, "can_manage_users")'
        ),
        (
            r'if current_user\.role != "admin":\s+raise HTTPException\(status_code=403, detail="No tienes permisos.*usuarios?"\)',
            'require_permission(current_user, "can_manage_users")'
        ),
        
        # Gestión de checklists
        (
            r'if current_user\.role != "admin":\s+raise HTTPException\(status_code=403, detail=".*checklist.*"\)',
            'require_permission(current_user, "can_manage_checklists")'
        ),
        
        # Desactivar inspecciones
        (
            r'if current_user\.role != "admin":\s+raise HTTPException\(status_code=403, detail=".*inactivar.*inspecc.*"\)',
            'require_permission(current_user, "can_deactivate_inspections")'
        ),
        
        # Ver todas las inspecciones (mechanic filter)
        (
            r'if current_user\.role == "mechanic":\s+query = query\.filter\(models\.Inspection\.mechanic_id == current_user\.id\)',
            'if not has_permission(current_user, "can_view_all_inspections"):\n        query = query.filter(models.Inspection.mechanic_id == current_user.id)'
        ),
        
        # Crear inspecciones
        (
            r'# Crear usuario\s+hashed_password = get_password_hash\(user\.password\)\s+db_user = models\.User\(\s+username=user\.username,\s+email=user\.email,\s+full_name=user\.full_name,\s+role=user\.role,',
            '# Crear usuario\n    hashed_password = get_password_hash(user.password)\n    db_user = models.User(\n        username=user.username,\n        email=user.email,\n        full_name=user.full_name,\n        role_id=user.role_id,'
        ),
    ]
    
    # Aplicar reemplazos
    for pattern, replacement in replacements:
        content = re.sub(pattern, replacement, content, flags=re.MULTILINE | re.DOTALL)
    
    # Reemplazos específicos adicionales
    # Cambiar role por role_id en UserUpdate
    content = content.replace(
        'if user_update.role is not None:\n        if current_user.role != "admin":\n            raise HTTPException(status_code=403, detail="No tienes permisos para cambiar roles")\n        db_user.role = user_update.role',
        'if user_update.role_id is not None:\n        require_permission(current_user, "can_manage_roles")\n        db_user.role_id = user_update.role_id'
    )
    
    with open('app/main.py', 'w', encoding='utf-8') as f:
        f.write(content)
    
    print("✅ Archivo main.py actualizado con sistema de permisos")
    print("⚠️  Revisar manualmente y ajustar según sea necesario")

if __name__ == "__main__":
    update_permissions()