fix: права www-data после git pull и npm install

Co-authored-by: Cursor <cursoragent@cursor.com>

scripts/admin-web-update.sh

@@ -10,6 +10,7 @@ source "$SCRIPT_DIR/shop-root.sh"
 
 PORT="${PORT:-3000}"
 REPO_OWNER="${SHOP_GIT_USER:-$(stat -c '%U' "$SHOP_ROOT/.git" 2>/dev/null || stat -c '%U' "$SHOP_ROOT" 2>/dev/null || echo root)}"
+SHOP_SERVICE_USER="${SHOP_SERVICE_USER:-www-data}"
 
 ensure_git_safe() {
   local user="$1"
@@ -52,7 +53,19 @@ run_as_owner "bash scripts/git-sync.sh"
 
 echo ""
 echo "--- npm install ---"
-run_as_owner "npm install --omit=dev"
+if [ "$(id -u)" -eq 0 ]; then
+  npm install --omit=dev
+else
+  run_as_owner "npm install --omit=dev"
+fi
+
+echo ""
+echo "--- права для службы shop ($SHOP_SERVICE_USER) ---"
+if [ "$(id -u)" -eq 0 ]; then
+  bash "$SCRIPT_DIR/fix-shop-permissions.sh"
+else
+  echo "WARN: запустите от root: sudo bash scripts/fix-shop-permissions.sh"
+fi
 
 echo ""
 echo "Новая версия:"

scripts/fix-shop-permissions.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+# Права на каталог магазина для пользователя systemd (www-data)
+#   sudo bash "$SHOP_ROOT/scripts/fix-shop-permissions.sh"
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=shop-root.sh
+source "$SCRIPT_DIR/shop-root.sh"
+
+SHOP_SERVICE_USER="${SHOP_SERVICE_USER:-www-data}"
+
+if [ "$(id -u)" -ne 0 ]; then
+  echo "Запустите от root: sudo bash $0"
+  exit 1
+fi
+
+if ! id "$SHOP_SERVICE_USER" &>/dev/null; then
+  echo "Ошибка: пользователь $SHOP_SERVICE_USER не найден"
+  exit 1
+fi
+
+echo "=== Права Shop: $SHOP_ROOT → $SHOP_SERVICE_USER ==="
+
+chown -R "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$SHOP_ROOT"
+
+# npm cache/logs для www-data
+for dir in /var/www/.npm /var/www/.cache; do
+  mkdir -p "$dir"
+  chown -R "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$dir"
+done
+
+if [ -f "$SHOP_ROOT/.env" ]; then
+  chmod 640 "$SHOP_ROOT/.env"
+  chown "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$SHOP_ROOT/.env"
+fi
+
+echo "OK: владелец $SHOP_SERVICE_USER, можно: systemctl restart shop"

scripts/server-update.sh

@@ -20,7 +20,13 @@ fi
 
 bash "$SCRIPT_DIR/git-sync.sh"
 
-npm install --omit=dev
+if [ "$(id -u)" -eq 0 ]; then
+  npm install --omit=dev
+  bash "$SCRIPT_DIR/fix-shop-permissions.sh"
+else
+  npm install --omit=dev
+  echo "ВНИМАНИЕ: для прав www-data выполните: sudo bash $SCRIPT_DIR/fix-shop-permissions.sh"
+fi
 
 if [ -f .env ] && ! grep -q '^DATABASE_URL=' .env; then
   echo "ВНИМАНИЕ: добавьте DATABASE_URL в .env (см. .env.example)"