diff --git a/jperm/models.py b/jperm/models.py
index ca5b0e687..624df9743 100644
--- a/jperm/models.py
+++ b/jperm/models.py
@@ -14,6 +14,7 @@ class Perm(models.Model):
class CmdGroup(models.Model):
name = models.CharField(max_length=50)
cmd = models.CharField(max_length=999)
+ dept = models.ForeignKey(DEPT)
comment = models.CharField(blank=True, null=True, max_length=50)
def __unicode__(self):
diff --git a/jperm/urls.py b/jperm/urls.py
index 14f6b482e..624f0bcca 100644
--- a/jperm/urls.py
+++ b/jperm/urls.py
@@ -1,23 +1,22 @@
from django.conf.urls import patterns, include, url
-
+from jumpserver.api import view_splitter
+from jperm.views import *
urlpatterns = patterns('jperm.views',
# Examples:
# url(r'^$', 'jumpserver.views.home', name='home'),
# url(r'^blog/', include('blog.urls')),
- (r'^perm_edit/$', 'perm_edit'),
- (r'^perm_add/$', 'perm_add'),
+ (r'^perm_edit/$', view_splitter, {'su': perm_edit, 'adm': perm_edit_adm}),
(r'^dept_perm_edit/$', 'dept_perm_edit'),
- (r'^perm_list/$', 'perm_list'),
+ (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}),
(r'^dept_perm_list/$', 'dept_perm_list'),
(r'^perm_user_detail/$', 'perm_user_detail'),
- # (r'^perm_list_ajax/$', 'perm_list_ajax'),
(r'^perm_detail/$', 'perm_detail'),
(r'^perm_del/$', 'perm_del'),
(r'^perm_asset_detail/$', 'perm_asset_detail'),
(r'^sudo_list/$', 'sudo_list'),
- (r'^sudo_add/$', 'sudo_add'),
+ (r'^sudo_add/$', view_splitter, {'su': sudo_add, 'adm': sudo_add_adm}),
(r'^sudo_del/$', 'sudo_del'),
(r'^sudo_edit/$', 'sudo_edit'),
(r'^sudo_detail/$', 'sudo_detail'),
diff --git a/jperm/views.py b/jperm/views.py
index 76a2867f8..99a39f33b 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -86,7 +86,7 @@ def dept_perm_edit(request):
return render_to_response('jperm/dept_perm_edit.html', locals(), context_instance=RequestContext(request))
-@require_admin
+@require_super_user
def perm_list(request):
header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
keyword = request.GET.get('search', '')
@@ -99,6 +99,19 @@ def perm_list(request):
return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
+@require_admin
+def perm_list_adm(request):
+ header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
+ keyword = request.GET.get('search', '')
+ user, dept = get_session_user_dept(request)
+ contact_list = dept.usergroup_set.all().order_by('name')
+ if keyword:
+ contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
+
+ contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
+ return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
+
+
@require_super_user
def dept_perm_list(request):
header_title, path1, path2 = '查看部门', '授权管理', '部门授权'
@@ -153,6 +166,28 @@ def perm_edit(request):
return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
+@require_admin
+def perm_edit_adm(request):
+ if request.method == 'GET':
+ header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑'
+ user_group_id = request.GET.get('id', '')
+ user_group = UserGroup.objects.filter(id=user_group_id)
+ user, dept = get_session_user_dept(request)
+ if user_group:
+ user_group = user_group[0]
+ asset_groups_all = dept.bisgroup_set.all()
+ asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()]
+ asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select]
+ else:
+ user_group_id = request.POST.get('user_group_id')
+ asset_group_id_list = request.POST.getlist('asset_groups_select')
+ if not validate(request, user_group=[user_group_id], asset_group=asset_group_id_list):
+ return HttpResponseRedirect('/jperm/perm_list/')
+ perm_group_update(user_group_id, asset_group_id_list)
+
+ return HttpResponseRedirect('/jperm/perm_list/')
+ return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
+
@require_admin
def perm_detail(request):
header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权详情'
@@ -271,7 +306,7 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select,
ldap_conn.add(sudo_dn, sudo_attr)
-@require_admin
+@require_super_user
def sudo_add(request):
header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限'
user_groups = UserGroup.objects.filter(id__gt=2)
@@ -294,6 +329,30 @@ def sudo_add(request):
return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
+@require_admin
+def sudo_add_adm(request):
+ header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限'
+ user, dept = get_session_user_dept(request)
+ user_groups = dept.usergroup_set.filter(id__gt=2)
+ asset_groups = dept.bisgroup_set.all()
+ cmd_groups = CmdGroup.objects.all()
+
+ if request.method == 'POST':
+ name = request.POST.get('name')
+ users_runas = request.POST.get('runas', 'root')
+ user_groups_select = request.POST.getlist('user_groups_select')
+ asset_groups_select = request.POST.getlist('asset_groups_select')
+ cmd_groups_select = request.POST.getlist('cmd_groups_select')
+ comment = request.POST.get('comment', '')
+
+ if LDAP_ENABLE:
+ sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment)
+ sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select)
+
+ msg = '添加成功'
+ return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
+
+
@require_admin
def sudo_list(request):
header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情'
@@ -391,13 +450,20 @@ def sudo_del(request):
@require_admin
def cmd_add(request):
header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加'
+ dept_all = DEPT.objects.all()
if request.method == 'POST':
name = request.POST.get('name')
+ dept_id = request.POST.get('dept_id')
cmd = ','.join(request.POST.get('cmd').split())
comment = request.POST.get('comment')
- CmdGroup.objects.create(name=name, cmd=cmd, comment=comment)
+ dept = DEPT.objects.filter(id=dept_id)
+ if dept:
+ dept = dept[0]
+ CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
+ else:
+ error = u"部门不能为空"
msg = u'命令组添加成功'
return HttpResponseRedirect('/jperm/cmd_list/')
diff --git a/jumpserver/api.py b/jumpserver/api.py
index 06b555515..55f31945c 100644
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -10,9 +10,8 @@ from binascii import b2a_hex, a2b_hex
import ldap
from ldap import modlist
import hashlib
-
+from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.http import HttpResponse, Http404
-
from juser.models import User, UserGroup
from jasset.models import Asset, BisGroup
from jlog.models import Log
@@ -109,6 +108,41 @@ def md5_crypt(string):
return hashlib.new("md5", string).hexdigest()
+def page_list_return(total, current=1):
+ min_page = current - 2 if current - 4 > 0 else 1
+ max_page = min_page + 4 if min_page + 4 < total else total
+
+ return range(min_page, max_page+1)
+
+
+def pages(posts, r):
+ """分页公用函数"""
+ contact_list = posts
+ p = paginator = Paginator(contact_list, 10)
+ try:
+ current_page = int(r.GET.get('page', '1'))
+ except ValueError:
+ current_page = 1
+
+ page_range = page_list_return(len(p.page_range), current_page)
+
+ try:
+ contacts = paginator.page(current_page)
+ except (EmptyPage, InvalidPage):
+ contacts = paginator.page(paginator.num_pages)
+
+ if current_page >= 5:
+ show_first = 1
+ else:
+ show_first = 0
+ if current_page <= (len(p.page_range) - 3):
+ show_end = 1
+ else:
+ show_end = 0
+
+ return contact_list, p, contacts, page_range, current_page, show_first, show_end
+
+
def get_session_user_dept(request):
user_id = request.session.get('user_id', '')
user = User.objects.filter(id=user_id)
diff --git a/jumpserver/templatetags/mytags.py b/jumpserver/templatetags/mytags.py
index 672130e89..1f264f4e4 100644
--- a/jumpserver/templatetags/mytags.py
+++ b/jumpserver/templatetags/mytags.py
@@ -181,7 +181,7 @@ def to_name(user_id):
@register.filter(name='to_role_name')
def to_role_name(role_id):
- role_dict = {'0': '普通用户', '1': '组管理员', '2': '超级管理员'}
+ role_dict = {'0': '普通用户', '1': '部门管理员', '2': '超级管理员'}
return role_dict.get(str(role_id), '未知')
@register.filter(name='to_avatar')
diff --git a/jumpserver/views.py b/jumpserver/views.py
index 61fe918a7..a52e99881 100644
--- a/jumpserver/views.py
+++ b/jumpserver/views.py
@@ -1,22 +1,11 @@
# coding: utf-8
-import hashlib
-from ConfigParser import ConfigParser
-import os
import datetime
-import json
from django.db.models import Count
from django.shortcuts import render_to_response
-from django.http import HttpResponse
-from django.http import HttpResponseRedirect
from django.template import RequestContext
-from django.core.paginator import Paginator, EmptyPage, InvalidPage
-from django.template import RequestContext
-
-from juser.models import User, UserGroup
-from jlog.models import Log
-from jasset.models import Asset, BisGroup, IDC
+from jasset.models import IDC
from jumpserver.api import *
@@ -95,13 +84,6 @@ def jasset_group_add(name, comment, jtype):
smg = u'业务组%s添加成功' % name
-def page_list_return(total, current=1):
- min_page = current - 2 if current - 4 > 0 else 1
- max_page = min_page + 4 if min_page + 4 < total else total
-
- return range(min_page, max_page+1)
-
-
def jasset_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_active, j_comment, j_user='', j_password=''):
groups = []
is_active = {u'是': '1', u'否': '2'}
diff --git a/juser/urls.py b/juser/urls.py
index 2a66f78ed..1480008b4 100644
--- a/juser/urls.py
+++ b/juser/urls.py
@@ -20,7 +20,7 @@ urlpatterns = patterns('juser.views',
(r'^group_del/$', view_splitter, {'su': group_del, 'adm': group_del_adm}),
(r'^group_del_ajax/$', 'group_del_ajax'),
(r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}),
- (r'^user_add/$', 'user_add'),
+ (r'^user_add/$', view_splitter, {'su': user_add, 'adm': user_add_adm}),
(r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
(r'^user_detail/$', 'user_detail'),
(r'^user_del/$', 'user_del'),
diff --git a/juser/views.py b/juser/views.py
index 51de86bc8..c9fa02101 100644
--- a/juser/views.py
+++ b/juser/views.py
@@ -13,16 +13,9 @@ from django.core.exceptions import ObjectDoesNotExist
from django.db.models import Q
from django.template import RequestContext
-from juser.models import UserGroup, User, DEPT
-from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn, page_list_return, pages
+from juser.models import DEPT
from jumpserver.api import *
-if LDAP_ENABLE:
- LDAP_HOST_URL = CONF.get('ldap', 'host_url')
- LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
- LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
- LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
-
def gen_rand_pwd(num):
"""生成随机密码"""
@@ -595,7 +588,7 @@ def group_edit_adm(request):
return HttpResponseRedirect('/juser/group_list/')
-@require_admin
+@require_super_user
def user_add(request):
error = ''
msg = ''
@@ -662,6 +655,63 @@ def user_add(request):
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
+@require_admin
+def user_add_adm(request):
+ error = ''
+ msg = ''
+ header_title, path1, path2 = '添加用户', '用户管理', '添加用户'
+ user, dept = get_session_user_dept(request)
+ group_all = dept.usergroup_set.all()
+
+ if request.method == 'POST':
+ username = request.POST.get('username', '')
+ password = request.POST.get('password', '')
+ name = request.POST.get('name', '')
+ email = request.POST.get('email', '')
+ groups = request.POST.getlist('groups', [])
+ ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
+ is_active = True if request.POST.get('is_active', '1') == '1' else False
+ ldap_pwd = gen_rand_pwd(16)
+
+ try:
+ if '' in [username, password, ssh_key_pwd, name, groups, is_active]:
+ error = u'带*内容不能为空'
+ raise AddError
+ user = User.objects.filter(username=username)
+ if user:
+ error = u'用户 %s 已存在' % username
+ raise AddError
+
+ except AddError:
+ pass
+ else:
+ try:
+ db_add_user(username=username,
+ password=md5_crypt(password),
+ name=name, email=email, dept=dept,
+ groups=groups, role='CU',
+ ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
+ ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
+ is_active=is_active,
+ date_joined=datetime.datetime.now())
+
+ server_add_user(username, password, ssh_key_pwd)
+ if LDAP_ENABLE:
+ ldap_add_user(username, ldap_pwd)
+ msg = u'添加用户 %s 成功!' % username
+
+ except Exception, e:
+ error = u'添加用户 %s 失败 %s ' % (username, e)
+ try:
+ db_del_user(username)
+ server_del_user(username)
+ if LDAP_ENABLE:
+ ldap_del_user(username)
+ except Exception:
+ pass
+ return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
+
+
@require_super_user
def user_list(request):
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
diff --git a/templates/jperm/perm_list.html b/templates/jperm/perm_list.html
index 1c272362e..77551ac3a 100644
--- a/templates/jperm/perm_list.html
+++ b/templates/jperm/perm_list.html
@@ -65,8 +65,6 @@
| {{ group.id | ugrp_perm_asset_count }} |
{{ group.comment }} |
- 主机组
- 主机
授权编辑
|
diff --git a/templates/jperm/sudo_cmd_add.html b/templates/jperm/sudo_cmd_add.html
index 85209d7dc..befdbf20d 100644
--- a/templates/jperm/sudo_cmd_add.html
+++ b/templates/jperm/sudo_cmd_add.html
@@ -57,6 +57,19 @@
+ {% ifequal session_role_id 2 %}
+
+
+ {% endifequal %}
diff --git a/templates/juser/user_add.html b/templates/juser/user_add.html
index c4b8b7390..be832e2f1 100644
--- a/templates/juser/user_add.html
+++ b/templates/juser/user_add.html
@@ -69,6 +69,7 @@
+ {% ifequal session_role_id 2 %}
@@ -80,6 +81,7 @@
+ {% endifequal %}
@@ -95,6 +97,7 @@
+ {% ifequal session_role_id 2 %}
@@ -110,6 +113,7 @@
+ {% endifequal %}