github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

今天就这样吧

pull/6/head
guanghongwei 2015-03-23 22:57:19 +08:00
parent 2f7e7b0072
commit 0c31968e3c
11 changed files with 190 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jperm/models.py
View File

@ -14,6 +14,7 @@ class Perm(models.Model):
class CmdGroup(models.Model):
name = models.CharField(max_length=50)
cmd = models.CharField(max_length=999)
dept = models.ForeignKey(DEPT)
comment = models.CharField(blank=True, null=True, max_length=50)
def __unicode__(self):

11
jperm/urls.py
View File

@ -1,23 +1,22 @@
from django.conf.urls import patterns, include, url
from jumpserver.api import view_splitter
from jperm.views import *
urlpatterns = patterns('jperm.views',
# Examples:
# url(r'^$', 'jumpserver.views.home', name='home'),
# url(r'^blog/', include('blog.urls')),
(r'^perm_edit/$', 'perm_edit'),
(r'^perm_add/$', 'perm_add'),
(r'^perm_edit/$', view_splitter, {'su': perm_edit, 'adm': perm_edit_adm}),
(r'^dept_perm_edit/$', 'dept_perm_edit'),
(r'^perm_list/$', 'perm_list'),
(r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}),
(r'^dept_perm_list/$', 'dept_perm_list'),
(r'^perm_user_detail/$', 'perm_user_detail'),
# (r'^perm_list_ajax/$', 'perm_list_ajax'),
(r'^perm_detail/$', 'perm_detail'),
(r'^perm_del/$', 'perm_del'),
(r'^perm_asset_detail/$', 'perm_asset_detail'),
(r'^sudo_list/$', 'sudo_list'),
(r'^sudo_add/$', 'sudo_add'),
(r'^sudo_add/$', view_splitter, {'su': sudo_add, 'adm': sudo_add_adm}),
(r'^sudo_del/$', 'sudo_del'),
(r'^sudo_edit/$', 'sudo_edit'),
(r'^sudo_detail/$', 'sudo_detail'),

72
jperm/views.py
View File

@ -86,7 +86,7 @@ def dept_perm_edit(request):
return render_to_response('jperm/dept_perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
@require_super_user
def perm_list(request):
header_title, path1, path2 = u'灏忕粍鎺堟潈', u'鎺堟潈绠$悊', u'鎺堟潈璇︽儏'
keyword = request.GET.get('search', '')
@ -99,6 +99,19 @@ def perm_list(request):
return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_list_adm(request):
header_title, path1, path2 = u'灏忕粍鎺堟潈', u'鎺堟潈绠$悊', u'鎺堟潈璇︽儏'
keyword = request.GET.get('search', '')
user, dept = get_session_user_dept(request)
contact_list = dept.usergroup_set.all().order_by('name')
if keyword:
contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
@require_super_user
def dept_perm_list(request):
header_title, path1, path2 = '鏌ョ湅閮ㄩ棬', '鎺堟潈绠$悊', '閮ㄩ棬鎺堟潈'
@ -153,6 +166,28 @@ def perm_edit(request):
return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_edit_adm(request):
if request.method == 'GET':
header_title, path1, path2 = u'缂栬緫鎺堟潈', u'鎺堟潈绠$悊', u'鎺堟潈缂栬緫'
user_group_id = request.GET.get('id', '')
user_group = UserGroup.objects.filter(id=user_group_id)
user, dept = get_session_user_dept(request)
if user_group:
user_group = user_group[0]
asset_groups_all = dept.bisgroup_set.all()
asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()]
asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select]
else:
user_group_id = request.POST.get('user_group_id')
asset_group_id_list = request.POST.getlist('asset_groups_select')
if not validate(request, user_group=[user_group_id], asset_group=asset_group_id_list):
return HttpResponseRedirect('/jperm/perm_list/')
perm_group_update(user_group_id, asset_group_id_list)
return HttpResponseRedirect('/jperm/perm_list/')
return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_detail(request):
header_title, path1, path2 = u'缂栬緫鎺堟潈', u'鎺堟潈绠$悊', u'鎺堟潈璇︽儏'
@ -271,7 +306,7 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select,
ldap_conn.add(sudo_dn, sudo_attr)
@require_admin
@require_super_user
def sudo_add(request):
header_title, path1, path2 = u'Sudo鎺堟潈', u'鏉冮檺绠$悊', u'娣诲姞Sudo鏉冮檺'
user_groups = UserGroup.objects.filter(id__gt=2)
@ -294,6 +329,30 @@ def sudo_add(request):
return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_add_adm(request):
header_title, path1, path2 = u'Sudo鎺堟潈', u'鏉冮檺绠$悊', u'娣诲姞Sudo鏉冮檺'
user, dept = get_session_user_dept(request)
user_groups = dept.usergroup_set.filter(id__gt=2)
asset_groups = dept.bisgroup_set.all()
cmd_groups = CmdGroup.objects.all()
if request.method == 'POST':
name = request.POST.get('name')
users_runas = request.POST.get('runas', 'root')
user_groups_select = request.POST.getlist('user_groups_select')
asset_groups_select = request.POST.getlist('asset_groups_select')
cmd_groups_select = request.POST.getlist('cmd_groups_select')
comment = request.POST.get('comment', '')
if LDAP_ENABLE:
sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment)
sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select)
msg = '娣诲姞鎴愬姛'
return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_list(request):
header_title, path1, path2 = u'Sudo鎺堟潈', u'鏉冮檺绠$悊', u'Sudo鏉冮檺璇︽儏'
@ -391,13 +450,20 @@ def sudo_del(request):
@require_admin
def cmd_add(request):
header_title, path1, path2 = u'sudo鍛戒护娣诲姞', u'鎺堟潈绠$悊', u'鍛戒护缁勬坊鍔'
dept_all = DEPT.objects.all()
if request.method == 'POST':
name = request.POST.get('name')
dept_id = request.POST.get('dept_id')
cmd = ','.join(request.POST.get('cmd').split())
comment = request.POST.get('comment')
CmdGroup.objects.create(name=name, cmd=cmd, comment=comment)
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
else:
error = u"閮ㄩ棬涓嶈兘涓虹┖"
msg = u'鍛戒护缁勬坊鍔犳垚鍔'
return HttpResponseRedirect('/jperm/cmd_list/')

38
jumpserver/api.py
View File

@ -10,9 +10,8 @@ from binascii import b2a_hex, a2b_hex
import ldap
from ldap import modlist
import hashlib
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.http import HttpResponse, Http404
from juser.models import User, UserGroup
from jasset.models import Asset, BisGroup
from jlog.models import Log
@ -109,6 +108,41 @@ def md5_crypt(string):
return hashlib.new("md5", string).hexdigest()
def page_list_return(total, current=1):
min_page = current - 2 if current - 4 > 0 else 1
max_page = min_page + 4 if min_page + 4 < total else total
return range(min_page, max_page+1)
def pages(posts, r):
"""鍒嗛〉鍏敤鍑芥暟"""
contact_list = posts
p = paginator = Paginator(contact_list, 10)
try:
current_page = int(r.GET.get('page', '1'))
except ValueError:
current_page = 1
page_range = page_list_return(len(p.page_range), current_page)
try:
contacts = paginator.page(current_page)
except (EmptyPage, InvalidPage):
contacts = paginator.page(paginator.num_pages)
if current_page >= 5:
show_first = 1
else:
show_first = 0
if current_page <= (len(p.page_range) - 3):
show_end = 1
else:
show_end = 0
return contact_list, p, contacts, page_range, current_page, show_first, show_end
def get_session_user_dept(request):
user_id = request.session.get('user_id', '')
user = User.objects.filter(id=user_id)

2
jumpserver/templatetags/mytags.py
View File

@ -181,7 +181,7 @@ def to_name(user_id):
@register.filter(name='to_role_name')
def to_role_name(role_id):
role_dict = {'0': '鏅氱敤鎴', '1': '绠$悊鍛', '2': '瓒呯骇绠$悊鍛'}
role_dict = {'0': '鏅氱敤鎴', '1': '閮ㄩ棬绠$悊鍛', '2': '瓒呯骇绠$悊鍛'}
return role_dict.get(str(role_id), '鏈煡')
@register.filter(name='to_avatar')

20
jumpserver/views.py
View File

@ -1,22 +1,11 @@
# coding: utf-8
import hashlib
from ConfigParser import ConfigParser
import os
import datetime
import json
from django.db.models import Count
from django.shortcuts import render_to_response
from django.http import HttpResponse
from django.http import HttpResponseRedirect
from django.template import RequestContext
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.template import RequestContext
from juser.models import User, UserGroup
from jlog.models import Log
from jasset.models import Asset, BisGroup, IDC
from jasset.models import IDC
from jumpserver.api import *
@ -95,13 +84,6 @@ def jasset_group_add(name, comment, jtype):
smg = u'涓氬姟缁%s娣诲姞鎴愬姛' % name
def page_list_return(total, current=1):
min_page = current - 2 if current - 4 > 0 else 1
max_page = min_page + 4 if min_page + 4 < total else total
return range(min_page, max_page+1)
def jasset_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_active, j_comment, j_user='', j_password=''):
groups = []
is_active = {u'': '1', u'': '2'}

2
juser/urls.py
View File

@ -20,7 +20,7 @@ urlpatterns = patterns('juser.views',
(r'^group_del/$', view_splitter, {'su': group_del, 'adm': group_del_adm}),
(r'^group_del_ajax/$', 'group_del_ajax'),
(r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}),
(r'^user_add/$', 'user_add'),
(r'^user_add/$', view_splitter, {'su': user_add, 'adm': user_add_adm}),
(r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
(r'^user_detail/$', 'user_detail'),
(r'^user_del/$', 'user_del'),

68
juser/views.py
View File

@ -13,16 +13,9 @@ from django.core.exceptions import ObjectDoesNotExist
from django.db.models import Q
from django.template import RequestContext
from juser.models import UserGroup, User, DEPT
from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn, page_list_return, pages
from juser.models import DEPT
from jumpserver.api import *
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
def gen_rand_pwd(num):
"""鐢熸垚闅忔満瀵嗙爜"""
@ -595,7 +588,7 @@ def group_edit_adm(request):
return HttpResponseRedirect('/juser/group_list/')
@require_admin
@require_super_user
def user_add(request):
error = ''
msg = ''
@ -662,6 +655,63 @@ def user_add(request):
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_add_adm(request):
error = ''
msg = ''
header_title, path1, path2 = '娣诲姞鐢ㄦ埛', '鐢ㄦ埛绠$悊', '娣诲姞鐢ㄦ埛'
user, dept = get_session_user_dept(request)
group_all = dept.usergroup_set.all()
if request.method == 'POST':
username = request.POST.get('username', '')
password = request.POST.get('password', '')
name = request.POST.get('name', '')
email = request.POST.get('email', '')
groups = request.POST.getlist('groups', [])
ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16)
try:
if '' in [username, password, ssh_key_pwd, name, groups, is_active]:
error = u'甯*鍐呭涓嶈兘涓虹┖'
raise AddError
user = User.objects.filter(username=username)
if user:
error = u'鐢ㄦ埛 %s 宸插瓨鍦' % username
raise AddError
except AddError:
pass
else:
try:
db_add_user(username=username,
password=md5_crypt(password),
name=name, email=email, dept=dept,
groups=groups, role='CU',
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active,
date_joined=datetime.datetime.now())
server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd)
msg = u'娣诲姞鐢ㄦ埛 %s 鎴愬姛锛' % username
except Exception, e:
error = u'娣诲姞鐢ㄦ埛 %s 澶辫触 %s ' % (username, e)
try:
db_del_user(username)
server_del_user(username)
if LDAP_ENABLE:
ldap_del_user(username)
except Exception:
pass
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_super_user
def user_list(request):
user_role = {'SU': u'瓒呯骇绠$悊鍛', 'GA': u'缁勭鐞嗗憳', 'CU': u'鏅氱敤鎴'}

2
templates/jperm/perm_list.html
View File

@ -65,8 +65,6 @@
<td class="text-center"> {{ group.id | ugrp_perm_asset_count }} </td>
<td class="text-center"> {{ group.comment }} </td>
<td class="text-center">
<a href="../perm_edit/?id={{ group.id }}" class="btn btn-xs btn-primary">涓绘満缁</a>
<a href="../perm_edit/?id={{ group.id }}" class="btn btn-xs btn-info">涓绘満</a>
<a href="../perm_edit/?id={{ group.id }}" class="btn btn-xs btn-danger">鎺堟潈缂栬緫</a>
</td>
</tr>

13
templates/jperm/sudo_cmd_add.html
View File

@ -57,6 +57,19 @@
<input id="cmd_group_id" name="cmd_group_id" type="text" class="form-control" value="{{ cmd_group_id }}" style="display: none">
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="dept_id" class="col-sm-2 control-label">閮ㄩ棬<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select id="dept_id" name="dept_id" class="form-control m-b">
{% for dept in dept_all %}
<option value="{{ dept.id }}" selected>{{ dept.name }}</option>
{% endfor %}
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="group_type" class="col-sm-2 control-label">鍛戒护<span class="red-fonts">*</span></label>

4
templates/juser/user_add.html
View File

@ -69,6 +69,7 @@
<input id="name" name="name" placeholder="Name" type="text" class="form-control" {% if error %}value="{{ name }}" {% endif %} >
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="dept_id" class="col-lg-2 control-label">閮ㄩ棬<span class="red-fonts">*</span></label>
@ -80,6 +81,7 @@
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="groups" class="col-lg-2 control-label">灏忕粍</label>
@ -95,6 +97,7 @@
</select>
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-lg-2 control-label">瑙掕壊<span class="red-fonts">*</span></label>
@ -110,6 +113,7 @@
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email<span class="red-fonts">*</span></label>