enterprise_digital-platform/portal/app/__init__.py

import os
from datetime import datetime
from flask import Flask
from config import config
from app.extensions import db, migrate, login_manager


def create_app(config_name='production'):
    app = Flask(__name__)
    app.config.from_object(config.get(config_name, config['default']))

    data_dir = os.environ.get('DATA_DIR', '/app/data')
    os.makedirs(data_dir, exist_ok=True)

    db.init_app(app)
    migrate.init_app(app, db)
    login_manager.init_app(app)

    from app.models import user, app_access, api_key, module_config  # noqa: F401

    from app.routes.auth import bp as auth_bp
    from app.routes.dashboard import bp as dashboard_bp
    from app.routes.settings import bp as settings_bp
    from app.routes.api import bp as api_bp

    app.register_blueprint(auth_bp)
    app.register_blueprint(dashboard_bp)
    app.register_blueprint(settings_bp)
    app.register_blueprint(api_bp)

    with app.app_context():
        db.create_all()
        _seed_admin(app)
        _seed_modules(app)

    @app.context_processor
    def inject_globals():
        return {'now': datetime.utcnow(), 'registered_apps': app.config['REGISTERED_APPS']}

    return app


def _seed_admin(app):
    from app.models.user import PortalUser
    from app.extensions import db
    from werkzeug.security import generate_password_hash

    if PortalUser.query.count() == 0:
        admin = PortalUser(
            username=app.config['ADMIN_USERNAME'],
            email=app.config['ADMIN_EMAIL'],
            password_hash=generate_password_hash(app.config['ADMIN_PASSWORD']),
            is_admin=True,
            is_active=True,
        )
        db.session.add(admin)
        db.session.flush()

        # Grant admin access to all apps with explicit admin role
        from app.models.app_access import AppAccess
        for reg_app in app.config['REGISTERED_APPS']:
            db.session.add(AppAccess(user_id=admin.id, app_name=reg_app['id'],
                                     is_active=True, app_role='admin'))

        db.session.commit()


def _seed_modules(app):
    """Ensure every registered app has a ModuleConfig row (default: enabled)."""
    from app.models.module_config import ModuleConfig
    for reg_app in app.config['REGISTERED_APPS']:
        if not ModuleConfig.query.filter_by(app_id=reg_app['id']).first():
            db.session.add(ModuleConfig(app_id=reg_app['id'], enabled=True))
    db.session.commit()