diff --git a/.gitignore b/.gitignore index 02e6d758f..c6a0a14a9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,8 @@ *.py[cod] .idea test.py - +.DS_Store +db.sqlite3 # C extensions *.so diff --git a/docs/initial_data.yaml b/docs/initial_data.yaml new file mode 100644 index 000000000..32d05f26f --- /dev/null +++ b/docs/initial_data.yaml @@ -0,0 +1,28 @@ +- model: juser.user + pk: 5000 + fields: + username: admin + name: admin + password: pbkdf2_sha256$20000$jBIDGPB2j5JT$orxqGgzzjzykColYm1BswPjgHOiERjZkcgkuVIkD2Hc= + email: admin@jumpserver.org + role: SU + is_active: 1 +- model: juser.user + pk: 5001 + fields: + username: group_admin + name: group_admin + password: pbkdf2_sha256$20000$ttObUWd15q10$NJoyZf2OZz9oiw2g4j2TkTh9zGgyVDRFdUkhn8X0nB0= + email: group_admin@jumpserver.org + role: GA + is_active: 1 +- model: juser.usergroup + pk: 1 + fields: + name: ALL + comment: ALL +- model: juser.usergroup + pk: 2 + fields: + name: 默认 + comment: 默认 diff --git a/jasset/models.py b/jasset/models.py index 8398cc679..413387281 100644 --- a/jasset/models.py +++ b/jasset/models.py @@ -59,13 +59,13 @@ class AssetGroup(models.Model): class Asset(models.Model): - ip = models.IPAddressField(unique=True) - port = models.IntegerField(max_length=6, blank=True, null=True) + ip = models.GenericIPAddressField(unique=True) + port = models.IntegerField() group = models.ManyToManyField(AssetGroup) username = models.CharField(max_length=20, blank=True, null=True) password = models.CharField(max_length=80, blank=True, null=True) - use_default = models.BooleanField(default=True) - date_added = models.DateTimeField(auto_now=True, default=datetime.datetime.now(), null=True) + use_default_auth = models.BooleanField(default=True) + date_added = models.DateTimeField(auto_now_add=True) is_active = models.BooleanField(default=True) comment = models.CharField(max_length=100, blank=True, null=True) diff --git a/jlog/models.py b/jlog/models.py index caae2b999..a75b7bccd 100644 --- a/jlog/models.py +++ b/jlog/models.py @@ -7,7 +7,7 @@ class Log(models.Model): remote_ip = models.CharField(max_length=100) log_path = models.CharField(max_length=100) start_time = models.DateTimeField(null=True) - pid = models.IntegerField(max_length=10) + pid = models.IntegerField() is_finished = models.BooleanField(default=False) end_time = models.DateTimeField(null=True) diff --git a/jlog/views.py b/jlog/views.py index 3a3515f9f..513cf584e 100644 --- a/jlog/views.py +++ b/jlog/views.py @@ -5,39 +5,10 @@ from django.shortcuts import render_to_response from jumpserver.api import * from django.http import HttpResponseNotFound - -CONF = ConfigParser() -CONF.read('%s/jumpserver.conf' % BASE_DIR) -from jlog.models import Log from jlog.log_api import renderTemplate -# def get_user_info(request, offset): -# """ 获取用户信息及环境 """ -# env_dic = {'online': 0, 'offline': 1} -# env = env_dic[offset] -# keyword = request.GET.get('keyword', '') -# user_info = get_session_user_info(request) -# user_id, username = user_info[0:2] -# dept_id, dept_name = user_info[3:5] -# ret = [request, keyword, env, username, dept_name] -# -# return ret -# -# -# def get_user_log(ret_list): -# """ 获取不同类型用户日志记录 """ -# request, keyword, env, username, dept_name = ret_list -# post_all = Log.objects.filter(is_finished=env).order_by('-start_time') -# post_keyword_all = Log.objects.filter(Q(user__contains=keyword) | -# Q(host__contains=keyword)) \ -# .filter(is_finished=env).order_by('-start_time') -# -# if keyword: -# posts = post_keyword_all -# else: -# posts = post_all -# -# return posts +from models import Log +from jumpserver.settings import web_socket_host def log_list(request, offset): @@ -51,7 +22,6 @@ def log_list(request, offset): cmd = request.GET.get('cmd', '') print date_seven_day, date_now_str if offset == 'online': - web_socket_host = CONF.get('websocket', 'web_socket_host') posts = Log.objects.filter(is_finished=False).order_by('-start_time') else: posts = Log.objects.filter(is_finished=True).order_by('-start_time') @@ -79,6 +49,7 @@ def log_list(request, offset): date_now = datetime.datetime.now() date_now_str = date_now.strftime('%m/%d/%Y') date_seven_day = (date_now + datetime.timedelta(days=-7)).strftime('%m/%d/%Y') + contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) return render_to_response('jlog/log_%s.html' % offset, locals(), context_instance=RequestContext(request)) diff --git a/jumpserver/api.py b/jumpserver/api.py index d53732f86..704ca3904 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -1,8 +1,6 @@ # coding: utf-8 -import os, sys, time -from ConfigParser import ConfigParser -import getpass +import os, sys, time, re from Crypto.Cipher import AES import crypt from binascii import b2a_hex, a2b_hex @@ -11,15 +9,15 @@ import datetime import random import subprocess import paramiko -import struct, fcntl, signal,socket, select, fnmatch -import re +import struct, fcntl, signal, socket, select, fnmatch +from settings import JLOG_FILE, KEY, URL, log_dir, log_level from django.core.paginator import Paginator, EmptyPage, InvalidPage from django.http import HttpResponse, Http404 from django.template import RequestContext from juser.models import User, UserGroup from jasset.models import Asset, AssetGroup -from jasset.models import AssetAlias +# from jlog.models import Log from jlog.models import Log, TtyLog from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned from django.http import HttpResponseRedirect @@ -37,22 +35,6 @@ except ImportError: sys.exit() -BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) -CONF = ConfigParser() -CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf')) -LOG_DIR = os.path.join(BASE_DIR, 'logs') -JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log') -SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') -# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') -KEY = CONF.get('base', 'key') -LOGIN_NAME = getpass.getuser() -# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') -URL = CONF.get('base', 'url') -MAIL_ENABLE = CONF.get('mail', 'mail_enable') -MAIL_FROM = CONF.get('mail', 'email_host_user') -log_dir = os.path.join(BASE_DIR, 'logs') - - def set_log(level): """ return a log file object @@ -78,7 +60,7 @@ def page_list_return(total, current=1): min_page = current - 2 if current - 4 > 0 else 1 max_page = min_page + 4 if min_page + 4 < total else total - return range(min_page, max_page+1) + return range(min_page, max_page + 1) def pages(post_objects, request): @@ -371,7 +353,7 @@ class PyCrypt(object): symbol = '!@$%^&*()_' salt_list = [] if especial: - for i in range(length-4): + for i in range(length - 4): salt_list.append(random.choice(salt_key)) for i in range(4): salt_list.append(random.choice(symbol)) @@ -460,19 +442,24 @@ def require_role(role='user'): decorator for require user role in ["super", "admin", "user"] 要求用户是某种角色 ["super", "admin", "user"]的装饰器 """ + def _deco(func): def __deco(request, *args, **kwargs): if role == 'user': - if not request.session.get('user_id'): + if not request.user.is_authenticated(): return HttpResponseRedirect('/login/') elif role == 'admin': - if request.session.get('role_id', 0) < 1: + # if request.session.get('role_id', 0) < 1: + if request.user.role == 'CU': return HttpResponseRedirect('/') elif role == 'super': - if request.session.get('role_id', 0) < 2: + # if request.session.get('role_id', 0) < 2: + if request.user.role in ['CU', 'GA']: return HttpResponseRedirect('/') return func(request, *args, **kwargs) + return __deco + return _deco @@ -481,8 +468,8 @@ def is_role_request(request, role='user'): require this request of user is right 要求请求角色正确 """ - role_all = {'user': 0, 'admin': 1, 'super': 2} - if request.session.get('role_id') == role_all.get(role, 0): + role_all = {'user': 'CU', 'admin': 'GA', 'super': 'SU'} + if request.user.role == role_all.get(role, 'CU'): return True else: return False @@ -493,13 +480,14 @@ def get_session_user_dept(request): get department of the user in session 获取session中用户的部门 """ - user_id = request.session.get('user_id', 0) - print '#' * 20 - print user_id - user = User.objects.filter(id=user_id) - if user: - user = user[0] - return user, None + # user_id = request.session.get('user_id', 0) + # print '#' * 20 + # print user_id + # user = User.objects.filter(id=user_id) + # if user: + # user = user[0] + # return user, None + return request.user, None @require_role @@ -508,18 +496,18 @@ def get_session_user_info(request): get the user info of the user in session, for example id, username etc. 获取用户的信息 """ - user_id = request.session.get('user_id', 0) - user = get_object(User, id=user_id) - if user: - return [user.id, user.username, user] - + # user_id = request.session.get('user_id', 0) + # user = get_object(User, id=user_id) + # if user: + # return [user.id, user.username, user] + return [request.user.id, request.user.username, request.user] def get_user_dept(request): """ get the user dept id 获取用户的部门id """ - user_id = request.session.get('user_id') + user_id = request.user.id if user_id: user_dept = User.objects.get(id=user_id).dept return user_dept.id @@ -555,7 +543,7 @@ def validate(request, user_group=None, user=None, asset_group=None, asset=None, if edept: if dept.id != int(edept[0]): return False - + if user_group: dept_user_groups = dept.usergroup_set.all() user_group_ids = [] @@ -672,6 +660,5 @@ def my_render(template, data, request): CRYPTOR = PyCrypt(KEY) +logger = set_log(log_level) -log_level = CONF.get('base', 'log') -logger = set_log(log_level) \ No newline at end of file diff --git a/jumpserver/context_processors.py b/jumpserver/context_processors.py index 7fb81f468..35c656c25 100644 --- a/jumpserver/context_processors.py +++ b/jumpserver/context_processors.py @@ -4,8 +4,9 @@ from jumpserver.api import * def name_proc(request): - user_id = request.session.get('user_id') - role_id = request.session.get('role_id') + user_id = request.user.id + # role_id = request.session.get('role_id') + role_id = {'SU':2,'GA':1,'CU':0}.get(request.user.role,0) # if role_id == 2: user_total_num = User.objects.all().count() user_active_num = User.objects.filter().count() diff --git a/jumpserver/settings.py b/jumpserver/settings.py index 279320c92..23908986d 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -11,9 +11,8 @@ https://docs.djangoproject.com/en/1.7/ref/settings/ # Build paths inside the project like this: os.path.join(BASE_DIR, ...) import os import ConfigParser -import djcelery +import getpass -djcelery.setup_loader() config = ConfigParser.ConfigParser() BASE_DIR = os.path.dirname(os.path.dirname(__file__)) @@ -24,7 +23,7 @@ DB_PORT = config.getint('db', 'port') DB_USER = config.get('db', 'user') DB_PASSWORD = config.get('db', 'password') DB_DATABASE = config.get('db', 'database') - +AUTH_USER_MODEL = 'juser.User' # mail config EMAIL_HOST = config.get('mail', 'email_host') EMAIL_PORT = config.get('mail', 'email_port') @@ -32,6 +31,22 @@ EMAIL_HOST_USER = config.get('mail', 'email_host_user') EMAIL_HOST_PASSWORD = config.get('mail', 'email_host_password') EMAIL_USE_TLS = config.getboolean('mail', 'email_use_tls') +# ======== Log ========== +LOG = False +LOG_DIR = os.path.join(BASE_DIR, 'logs') +JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log') +SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') +# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') +KEY = config.get('base', 'key') +LOGIN_NAME = getpass.getuser() +# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') +URL = config.get('base', 'url') +MAIL_ENABLE = config.get('mail', 'mail_enable') +MAIL_FROM = config.get('mail', 'email_host_user') +log_dir = os.path.join(BASE_DIR, 'logs') +log_level = config.get('base', 'log') +web_socket_host = config.get('websocket', 'web_socket_host') + # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ @@ -45,7 +60,6 @@ TEMPLATE_DEBUG = True ALLOWED_HOSTS = ['0.0.0.0/8'] -BROKER_URL = 'django://' # Application definition INSTALLED_APPS = ( @@ -56,8 +70,6 @@ INSTALLED_APPS = ( 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.humanize', - 'djcelery', - 'kombu.transport.django', 'jumpserver', 'juser', 'jasset', @@ -68,9 +80,9 @@ INSTALLED_APPS = ( MIDDLEWARE_CLASSES = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', - #'django.middleware.csrf.CsrfViewMiddleware', + # 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', - #'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + # 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ) @@ -94,6 +106,12 @@ DATABASES = { } } +# DATABASES = { +# 'default': { +# 'ENGINE': 'django.db.backends.sqlite3', +# 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), +# } +# } TEMPLATE_CONTEXT_PROCESSORS = ( 'django.contrib.auth.context_processors.auth', 'django.core.context_processors.debug', @@ -102,14 +120,14 @@ TEMPLATE_CONTEXT_PROCESSORS = ( 'django.core.context_processors.static', 'django.core.context_processors.tz', 'django.contrib.messages.context_processors.messages', - 'jumpserver.context_processors.name_proc' + 'jumpserver.context_processors.name_proc', ) TEMPLATE_DIRS = ( os.path.join(BASE_DIR, 'templates'), ) -#STATIC_ROOT = os.path.join(BASE_DIR, 'static') +# STATIC_ROOT = os.path.join(BASE_DIR, 'static') STATICFILES_DIRS = ( os.path.join(BASE_DIR, "static"), @@ -132,5 +150,3 @@ USE_TZ = False # https://docs.djangoproject.com/en/1.7/howto/static-files/ STATIC_URL = '/static/' - - diff --git a/jumpserver/urls.py b/jumpserver/urls.py index c6d6b4421..345b79ca7 100644 --- a/jumpserver/urls.py +++ b/jumpserver/urls.py @@ -8,8 +8,8 @@ urlpatterns = patterns('', (r'^skin_config/$', 'jumpserver.views.skin_config'), (r'^install/$', 'jumpserver.views.install'), (r'^base/$', 'jumpserver.views.base'), - (r'^login/$', 'jumpserver.views.login'), - (r'^logout/$', 'jumpserver.views.logout'), + (r'^login/$', 'jumpserver.views.Login'), + (r'^logout/$', 'jumpserver.views.Logout'), (r'^file/upload/$', 'jumpserver.views.upload'), (r'^file/download/$', 'jumpserver.views.download'), (r'^setting', 'jumpserver.views.setting'), diff --git a/jumpserver/views.py b/jumpserver/views.py index e7264d205..d28a1eb72 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -13,6 +13,10 @@ from django.http import HttpResponse import paramiko from jumpserver.api import * from jumpserver.models import Setting +from django.contrib.auth import authenticate, login, logout +from django.contrib.auth.decorators import login_required +from settings import BASE_DIR +from jlog.models import Log def getDaysByNum(num): @@ -49,7 +53,7 @@ def get_data(data, items, option): @require_role(role='user') def index_cu(request): - user_id = request.session.get('user_id') + user_id = request.user.id user = get_object(User, id=user_id) login_types = {'L': 'LDAP', 'M': 'MAP'} username = user.username @@ -64,7 +68,6 @@ def index_cu(request): new_posts.append(post_five) post_five = [] new_posts.append(post_five) - return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request)) @@ -193,40 +196,49 @@ def is_latest(): pass -def login(request): +def Login(request): """登录界面""" - if request.session.get('username'): + if request.user.is_authenticated(): return HttpResponseRedirect('/') if request.method == 'GET': return render_to_response('login.html') else: username = request.POST.get('username') password = request.POST.get('password') - user_filter = User.objects.filter(username=username) - if user_filter: - user = user_filter[0] - if PyCrypt.md5_crypt(password) == user.password: - request.session['user_id'] = user.id - user_filter.update(last_login=datetime.datetime.now()) - if user.role == 'SU': - request.session['role_id'] = 2 - elif user.role == 'GA': - request.session['role_id'] = 1 - else: - request.session['role_id'] = 0 - response = HttpResponseRedirect('/', ) - response.set_cookie('username', username, expires=604800) - response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800) - return response - else: - error = '密码错误,请重新输入。' + if username and password: + user = authenticate(username=username, password=password) + if user is not None: + if user.is_active: + login(request, user) + # c = {} + # c.update(csrf(request)) + # request.session['csrf_token'] = str(c.get('csrf_token')) + # user_filter = User.objects.filter(username=username) + # if user_filter: + # user = user_filter[0] + # if PyCrypt.md5_crypt(password) == user.password: + # request.session['user_id'] = user.id + # user_filter.update(last_login=datetime.datetime.now()) + if user.role == 'SU': + request.session['role_id'] = 2 + elif user.role == 'GA': + request.session['role_id'] = 1 + else: + request.session['role_id'] = 0 + return HttpResponseRedirect('/', ) + # response.set_cookie('username', username, expires=604800) + # response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800) + # return response + # else: + # error = '密码错误,请重新输入。' else: - error = '用户不存在。' + error = '用户名或密码错误' return render_to_response('login.html', {'error': error}) -def logout(request): +def Logout(request): request.session.delete() + logout(request) return HttpResponseRedirect('/login/') diff --git a/juser/models.py b/juser/models.py index 50835f63c..26aacffa6 100644 --- a/juser/models.py +++ b/juser/models.py @@ -1,14 +1,13 @@ # coding: utf-8 from django.db import models +from django.contrib.auth.models import AbstractUser from jasset.models import Asset, AssetGroup class UserGroup(models.Model): name = models.CharField(max_length=80, unique=True) - # assets = models.TextField(max_length=1000, verbose_name="Assets", default='') - # asset_groups = models.CharField(max_length=1000, verbose_name="Asset Groups", default='') comment = models.CharField(max_length=160, blank=True, null=True) asset = models.ManyToManyField(Asset) asset_group = models.ManyToManyField(AssetGroup) @@ -16,123 +15,22 @@ class UserGroup(models.Model): def __unicode__(self): return self.name - # def get_user(self): - # return self.user_set.all() - # - # def update(self, **kwargs): - # for key, value in kwargs.items(): - # self.__setattr__(key, value) - # self.save() - -class User(models.Model): +class User(AbstractUser): USER_ROLE_CHOICES = ( ('SU', 'SuperUser'), ('GA', 'GroupAdmin'), ('CU', 'CommonUser'), ) - username = models.CharField(max_length=80, unique=True) - password = models.CharField(max_length=100) name = models.CharField(max_length=80) - email = models.EmailField(max_length=75) - role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU') uuid = models.CharField(max_length=100) + role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU') group = models.ManyToManyField(UserGroup) ssh_key_pwd = models.CharField(max_length=200) - is_active = models.BooleanField(default=True) - last_login = models.DateTimeField(null=True) - date_joined = models.DateTimeField(null=True) - asset = models.ManyToManyField(Asset) - asset_group = models.ManyToManyField(AssetGroup) def __unicode__(self): return self.username - # def get_asset_group(self): - # """ - # Get user host_groups. - # 获取用户有权限的主机组 - # """ - # host_group_list = [] - # perm_list = [] - # user_group_all = self.group.all() - # for user_group in user_group_all: - # perm_list.extend(user_group.perm_set.all()) - # - # for perm in perm_list: - # host_group_list.append(perm.asset_group) - # - # return host_group_list - # - # def get_asset_group_info(self, printable=False): - # """ - # Get or print asset group info - # 获取或打印用户授权资产组 - # """ - # asset_groups_info = {} - # asset_groups = self.get_asset_group() - # - # for asset_group in asset_groups: - # asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment] - # - # if printable: - # for group_id in asset_groups_info: - # if asset_groups_info[group_id][1]: - # print "[%3s] %s -- %s" % (group_id, - # asset_groups_info[group_id][0], - # asset_groups_info[group_id][1]) - # else: - # print "[%3s] %s" % (group_id, asset_groups_info[group_id][0]) - # print '' - # else: - # return asset_groups_info - # - # def get_asset(self): - # """ - # Get the assets of under the user control. - # 获取主机列表 - # """ - # assets = [] - # asset_groups = self.get_asset_group() - # - # for asset_group in asset_groups: - # assets.extend(asset_group.asset_set.all()) - # - # return assets - # - # def get_asset_info(self, printable=False): - # """ - # Get or print the user asset info - # 获取或打印用户资产信息 - # """ - # from jasset.models import AssetAlias - # assets_info = {} - # assets = self.get_asset() - # - # for asset in assets: - # asset_alias = AssetAlias.objects.filter(user=self, asset=asset) - # if asset_alias and asset_alias[0].alias != '': - # assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)] - # else: - # assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)] - # - # if printable: - # ips = assets_info.keys() - # ips.sort() - # for ip in ips: - # if assets_info[ip][2]: - # print '%-15s -- %s' % (ip, assets_info[ip][2]) - # else: - # print '%-15s' % ip - # print '' - # else: - # return assets_info - # - # def update(self, **kwargs): - # for key, value in kwargs.items(): - # self.__setattr__(key, value) - # self.save() - class AdminGroup(models.Model): """ @@ -145,5 +43,3 @@ class AdminGroup(models.Model): def __unicode__(self): return '%s: %s' % (self.user.username, self.group.name) - - diff --git a/juser/urls.py b/juser/urls.py index 5e6f354bf..3b786051f 100644 --- a/juser/urls.py +++ b/juser/urls.py @@ -22,6 +22,6 @@ urlpatterns = patterns('juser.views', (r'^profile/$', 'profile'), (r'^change_info/$', 'change_info'), (r'^regen_ssh_key/$', 'regen_ssh_key'), - (r'^chg_role/$', 'chg_role'), + (r'^change_role/$', 'chg_role'), (r'^down_key/$', 'down_key'), ) diff --git a/juser/user_api.py b/juser/user_api.py index 2354b663f..201d8175a 100644 --- a/juser/user_api.py +++ b/juser/user_api.py @@ -5,7 +5,7 @@ from subprocess import call from juser.models import AdminGroup from jumpserver.api import * - +from jumpserver.settings import BASE_DIR def group_add_user(group, user_id=None, username=None): """ @@ -60,6 +60,7 @@ def db_add_user(**kwargs): admin_groups = kwargs.pop('admin_groups') role = kwargs.get('role', 'CU') user = User(**kwargs) + user.set_password(kwargs.get('password')) user.save() if groups_post: group_select = [] @@ -84,10 +85,10 @@ def db_update_user(**kwargs): groups_post = kwargs.pop('groups') admin_groups_post = kwargs.pop('admin_groups') user_id = kwargs.pop('user_id') - user = User.objects.filter(id=user_id) + user = User.objects.get(id=user_id) if user: user.update(**kwargs) - user = user[0] + user.set_password(kwargs.pop('password')) user.save() else: return None diff --git a/juser/views.py b/juser/views.py index c6ca3a649..e2a07d323 100644 --- a/juser/views.py +++ b/juser/views.py @@ -2,25 +2,24 @@ # Author: Guanghongwei # Email: ibuler@qq.com -import random -from Crypto.PublicKey import RSA +# import random +# from Crypto.PublicKey import RSA import uuid as uuid_r from django.db.models import Q from django.template import RequestContext from django.db.models import ObjectDoesNotExist - +from jumpserver.settings import MAIL_FROM, MAIL_ENABLE from juser.user_api import * from jperm.perm_api import _public_perm_api, perm_user_api, user_permed def chg_role(request): - role = {'SU': 2, 'DA': 1, 'CU': 0} - user, dept = get_session_user_dept(request) + role = {'SU': 2, 'GA': 1, 'CU': 0} if request.session['role_id'] > 0: request.session['role_id'] = 0 elif request.session['role_id'] == 0: - request.session['role_id'] = role.get(user.role, 0) + request.session['role_id'] = role.get(request.user.role, 0) return HttpResponseRedirect('/') @@ -168,8 +167,8 @@ def user_add(request): if '' in [username, password, ssh_key_pwd, name, role]: error = u'带*内容不能为空' raise ServerError - user_test = get_object(User, username=username) - if user_test: + check_user_is_exist = User.objects.filter(username=username) + if check_user_is_exist: error = u'用户 %s 已存在' % username raise ServerError @@ -178,10 +177,10 @@ def user_add(request): else: try: user = db_add_user(username=username, name=name, - password=CRYPTOR.md5_crypt(password), + password=password, email=email, role=role, uuid=uuid, groups=groups, admin_groups=admin_groups, - ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd), + ssh_key_pwd=ssh_key_pwd, is_active=is_active, date_joined=datetime.datetime.now()) server_add_user(username, password, ssh_key_pwd, ssh_key_login_need) @@ -233,10 +232,10 @@ def user_list(request): @require_role(role='user') def user_detail(request): header_title, path1, path2 = '用户详情', '用户管理', '用户详情' - if request.session.get('role_id') == 0: - user_id = request.session.get('user_id') - else: - user_id = request.GET.get('id', '') + # if request.session.get('role_id') == 0: + # user_id = request.user.id + # else: + # user_id = request.GET.get('id', '') # if request.session.get('role_id') == 1: # user, dept = get_session_user_dept(request) # if not validate(request, user=[user_id]): @@ -244,9 +243,9 @@ def user_detail(request): # if not user_id: # return HttpResponseRedirect('/juser/user_list/') - user = get_object(User, id=user_id) - if user: - pass + # user = get_object(User, id=user_id) + # if user: + # pass # asset_group_permed = user.get_asset_group() # logs_last = Log.objects.filter(user=user.name).order_by('-start_time')[0:10] # logs_all = Log.objects.filter(user=user.name).order_by('-start_time') @@ -257,8 +256,14 @@ def user_detail(request): @require_role(role='admin') def user_del(request): - user_ids = request.GET.get('id', '') - user_id_list = user_ids.split(',') + if request.method == "GET": + user_ids = request.GET.get('id', '') + user_id_list = user_ids.split(',') + elif request.method == "POST": + user_ids = request.POST.get('id', '') + user_id_list = user_ids.split(',') + else: + return HttpResponse('错误请求') for user_id in user_id_list: user = get_object(User, id=user_id) if user: @@ -370,11 +375,11 @@ def user_edit(request): else: return HttpResponseRedirect('/juser/user_list/') - if password != user.password: - password_decode = password - password = CRYPTOR.md5_crypt(password) - else: - password_decode = None + # if password != user.password: + # password_decode = password + # password = CRYPTOR.md5_crypt(password) + # else: + # password_decode = None db_update_user(user_id=user_id, password=password, @@ -409,7 +414,10 @@ def user_edit_adm(request): def profile(request): - user_id = request.session.get('user_id') + a = request.user.id + a = request.user.groups + + user_id = request.user.id if not user_id: return HttpResponseRedirect('/') user = User.objects.get(id=user_id) @@ -418,7 +426,7 @@ def profile(request): def change_info(request): header_title, path1, path2 = '修改信息', '用户管理', '修改个人信息' - user_id = request.session.get('user_id') + user_id = request.user.id user = get_object(User, id=user_id) error = '' if not user: @@ -436,10 +444,11 @@ def change_info(request): error = '密码须大于6位' if not error: - if password != user.password: - password = CRYPTOR.md5_crypt(password) + # if password != user.password: + # password = CRYPTOR.md5_crypt(password) - user.update(name=name, password=password, email=email) + user.update(name=name, email=email) + user.set_password(password) msg = '修改成功' return render_to_response('juser/change_info.html', locals(), context_instance=RequestContext(request)) @@ -465,7 +474,7 @@ def down_key(request): user_id = request.GET.get('id') if is_role_request(request, 'user'): - user_id = request.session.get('user_id') + user_id = request.user.id if user_id: user = get_object(User, id=user_id) diff --git a/static/.DS_Store b/static/.DS_Store deleted file mode 100644 index 1f949c218..000000000 Binary files a/static/.DS_Store and /dev/null differ diff --git a/templates/index_cu.html b/templates/index_cu.html index b52f2b4dc..3edb68a75 100644 --- a/templates/index_cu.html +++ b/templates/index_cu.html @@ -72,7 +72,7 @@
- {{ user.name }} + {{ user.username }}
@@ -109,7 +109,7 @@ 角色 - {{ user.id | get_role }} + {{ user.role }} Email diff --git a/templates/jasset/asset_list.html b/templates/jasset/asset_list.html index 6b1812b41..14607f3a4 100644 --- a/templates/jasset/asset_list.html +++ b/templates/jasset/asset_list.html @@ -24,7 +24,9 @@
+ {% if session_role_id > 0 %} 添加 + {% endif %}