merge with dev

2015-10-29 11:11:05 +08:00 · 2015-10-29 11:11:05 +08:00 · 0e24ebdb26
parent d5bd2143e2 ac5ac5e06b
commit 0e24ebdb26
19 changed files with 206 additions and 277 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,8 @@
 *.py[cod]
 .idea
 test.py
-
+.DS_Store
 db.sqlite3
 # C extensions
 *.so
--- a/docs/initial_data.yaml
+++ b/docs/initial_data.yaml
@ -0,0 +1,28 @@
 - model: juser.user
  pk: 5000
  fields:
    username: admin
    name: admin
    password: pbkdf2_sha256$20000$jBIDGPB2j5JT$orxqGgzzjzykColYm1BswPjgHOiERjZkcgkuVIkD2Hc=
    email: admin@jumpserver.org
    role: SU
    is_active: 1
 - model: juser.user
  pk: 5001
  fields:
    username: group_admin
    name: group_admin
    password: pbkdf2_sha256$20000$ttObUWd15q10$NJoyZf2OZz9oiw2g4j2TkTh9zGgyVDRFdUkhn8X0nB0=
    email: group_admin@jumpserver.org
    role: GA
    is_active: 1
 - model: juser.usergroup
  pk: 1
  fields:
    name: ALL
    comment: ALL
 - model: juser.usergroup
  pk: 2
  fields:
    name: 默认
    comment: 默认
--- a/jasset/models.py
+++ b/jasset/models.py
@ -59,13 +59,13 @@ class AssetGroup(models.Model):
 class Asset(models.Model):
-    ip = models.IPAddressField(unique=True)
+    ip = models.GenericIPAddressField(unique=True)
-    port = models.IntegerField(max_length=6, blank=True, null=True)
+    port = models.IntegerField()
    group = models.ManyToManyField(AssetGroup)
    username = models.CharField(max_length=20, blank=True, null=True)
    password = models.CharField(max_length=80, blank=True, null=True)
-    use_default = models.BooleanField(default=True)
+    use_default_auth = models.BooleanField(default=True)
-    date_added = models.DateTimeField(auto_now=True, default=datetime.datetime.now(), null=True)
+    date_added = models.DateTimeField(auto_now_add=True)
    is_active = models.BooleanField(default=True)
    comment = models.CharField(max_length=100, blank=True, null=True)
--- a/jlog/models.py
+++ b/jlog/models.py
@ -7,7 +7,7 @@ class Log(models.Model):
    remote_ip = models.CharField(max_length=100)
    log_path = models.CharField(max_length=100)
    start_time = models.DateTimeField(null=True)
-    pid = models.IntegerField(max_length=10)
+    pid = models.IntegerField()
    is_finished = models.BooleanField(default=False)
    end_time = models.DateTimeField(null=True)
--- a/jlog/views.py
+++ b/jlog/views.py
@ -5,39 +5,10 @@ from django.shortcuts import render_to_response
 from jumpserver.api import *
 from django.http import HttpResponseNotFound
 CONF = ConfigParser()
 CONF.read('%s/jumpserver.conf' % BASE_DIR)
 from jlog.models import Log
 from jlog.log_api import renderTemplate
-# def get_user_info(request, offset):
+from models import Log
-#     """ 获取用户信息及环境 """
+from jumpserver.settings import web_socket_host
 #     env_dic = {'online': 0, 'offline': 1}
 #     env = env_dic[offset]
 #     keyword = request.GET.get('keyword', '')
 #     user_info = get_session_user_info(request)
 #     user_id, username = user_info[0:2]
 #     dept_id, dept_name = user_info[3:5]
 #     ret = [request, keyword, env, username, dept_name]
 #
 #     return ret
 #
 #
 # def get_user_log(ret_list):
 #     """ 获取不同类型用户日志记录 """
 #     request, keyword, env, username, dept_name = ret_list
 #     post_all = Log.objects.filter(is_finished=env).order_by('-start_time')
 #     post_keyword_all = Log.objects.filter(Q(user__contains=keyword) |
 #                                           Q(host__contains=keyword)) \
 #         .filter(is_finished=env).order_by('-start_time')
 #
 #     if keyword:
 #         posts = post_keyword_all
 #     else:
 #         posts = post_all
 #
 #     return posts
 def log_list(request, offset):
@ -51,7 +22,6 @@ def log_list(request, offset):
    cmd = request.GET.get('cmd', '')
    print date_seven_day, date_now_str
    if offset == 'online':
        web_socket_host = CONF.get('websocket', 'web_socket_host')
        posts = Log.objects.filter(is_finished=False).order_by('-start_time')
    else:
        posts = Log.objects.filter(is_finished=True).order_by('-start_time')
@ -79,6 +49,7 @@ def log_list(request, offset):
            date_now = datetime.datetime.now()
            date_now_str = date_now.strftime('%m/%d/%Y')
            date_seven_day = (date_now + datetime.timedelta(days=-7)).strftime('%m/%d/%Y')
    contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
    return render_to_response('jlog/log_%s.html' % offset, locals(), context_instance=RequestContext(request))
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@ -1,8 +1,6 @@
 # coding: utf-8
-import os, sys, time
+import os, sys, time, re
 from ConfigParser import ConfigParser
 import getpass
 from Crypto.Cipher import AES
 import crypt
 from binascii import b2a_hex, a2b_hex
@ -12,14 +10,14 @@ import random
 import subprocess
 import paramiko
 import struct, fcntl, signal, socket, select, fnmatch
-import re
+from settings import JLOG_FILE, KEY, URL, log_dir, log_level
 from django.core.paginator import Paginator, EmptyPage, InvalidPage
 from django.http import HttpResponse, Http404
 from django.template import RequestContext
 from juser.models import User, UserGroup
 from jasset.models import Asset, AssetGroup
-from jasset.models import AssetAlias
+# from jlog.models import Log
 from jlog.models import Log, TtyLog
 from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
 from django.http import HttpResponseRedirect
@ -37,22 +35,6 @@ except ImportError:
    sys.exit()
 BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
 CONF = ConfigParser()
 CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
 LOG_DIR = os.path.join(BASE_DIR, 'logs')
 JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
 SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
 # SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
 KEY = CONF.get('base', 'key')
 LOGIN_NAME = getpass.getuser()
 # LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
 URL = CONF.get('base', 'url')
 MAIL_ENABLE = CONF.get('mail', 'mail_enable')
 MAIL_FROM = CONF.get('mail', 'email_host_user')
 log_dir = os.path.join(BASE_DIR, 'logs')
 def set_log(level):
    """
    return a log file object
@ -460,19 +442,24 @@ def require_role(role='user'):
    decorator for require user role in ["super", "admin", "user"]
    要求用户是某种角色 ["super", "admin", "user"]的装饰器
    """
    def _deco(func):
        def __deco(request, *args, **kwargs):
            if role == 'user':
-                if not request.session.get('user_id'):
+                if not request.user.is_authenticated():
                    return HttpResponseRedirect('/login/')
            elif role == 'admin':
-                if request.session.get('role_id', 0) < 1:
+                # if request.session.get('role_id', 0) < 1:
                if request.user.role == 'CU':
                    return HttpResponseRedirect('/')
            elif role == 'super':
-                if request.session.get('role_id', 0) < 2:
+                # if request.session.get('role_id', 0) < 2:
                if request.user.role in ['CU', 'GA']:
                    return HttpResponseRedirect('/')
            return func(request, *args, **kwargs)
        return __deco
    return _deco
@ -481,8 +468,8 @@ def is_role_request(request, role='user'):
    require this request of user is right
    要求请求角色正确
    """
-    role_all = {'user': 0, 'admin': 1, 'super': 2}
+    role_all = {'user': 'CU', 'admin': 'GA', 'super': 'SU'}
-    if request.session.get('role_id') == role_all.get(role, 0):
+    if request.user.role == role_all.get(role, 'CU'):
        return True
    else:
        return False
@ -493,13 +480,14 @@ def get_session_user_dept(request):
    get department of the user in session
    获取session中用户的部门
    """
-    user_id = request.session.get('user_id', 0)
+    # user_id = request.session.get('user_id', 0)
-    print '#' * 20
+    # print '#' * 20
-    print user_id
+    # print user_id
-    user = User.objects.filter(id=user_id)
+    # user = User.objects.filter(id=user_id)
-    if user:
+    # if user:
-        user = user[0]
+    #     user = user[0]
-        return user, None
+    #     return user, None
    return request.user, None
@require_role
@ -508,18 +496,18 @@ def get_session_user_info(request):
    get the user info of the user in session, for example id, username etc.
    获取用户的信息
    """
-    user_id = request.session.get('user_id', 0)
+    # user_id = request.session.get('user_id', 0)
-    user = get_object(User, id=user_id)
+    # user = get_object(User, id=user_id)
-    if user:
+    # if user:
-        return [user.id, user.username, user]
+    #     return [user.id, user.username, user]
-
+    return [request.user.id, request.user.username, request.user]
 def get_user_dept(request):
    """
    get the user dept id
    获取用户的部门id
    """
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
    if user_id:
        user_dept = User.objects.get(id=user_id).dept
        return user_dept.id
@ -672,6 +660,5 @@ def my_render(template, data, request):
 CRYPTOR = PyCrypt(KEY)
 log_level = CONF.get('base', 'log')
 logger = set_log(log_level)
--- a/jumpserver/context_processors.py
+++ b/jumpserver/context_processors.py
@ -4,8 +4,9 @@ from jumpserver.api import *
 def name_proc(request):
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
-    role_id = request.session.get('role_id')
+    # role_id = request.session.get('role_id')
    role_id = {'SU':2,'GA':1,'CU':0}.get(request.user.role,0)
    # if role_id == 2:
    user_total_num = User.objects.all().count()
    user_active_num = User.objects.filter().count()
--- a/jumpserver/settings.py
+++ b/jumpserver/settings.py
@ -11,9 +11,8 @@ https://docs.djangoproject.com/en/1.7/ref/settings/
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 import os
 import ConfigParser
-import djcelery
+import getpass
 djcelery.setup_loader()
 config = ConfigParser.ConfigParser()
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
@ -24,7 +23,7 @@ DB_PORT = config.getint('db', 'port')
 DB_USER = config.get('db', 'user')
 DB_PASSWORD = config.get('db', 'password')
 DB_DATABASE = config.get('db', 'database')
-
+AUTH_USER_MODEL = 'juser.User'
 # mail config
 EMAIL_HOST = config.get('mail', 'email_host')
 EMAIL_PORT = config.get('mail', 'email_port')
@ -32,6 +31,22 @@ EMAIL_HOST_USER = config.get('mail', 'email_host_user')
 EMAIL_HOST_PASSWORD = config.get('mail', 'email_host_password')
 EMAIL_USE_TLS = config.getboolean('mail', 'email_use_tls')
 # ======== Log ==========
 LOG = False
 LOG_DIR = os.path.join(BASE_DIR, 'logs')
 JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
 SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
 # SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
 KEY = config.get('base', 'key')
 LOGIN_NAME = getpass.getuser()
 # LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
 URL = config.get('base', 'url')
 MAIL_ENABLE = config.get('mail', 'mail_enable')
 MAIL_FROM = config.get('mail', 'email_host_user')
 log_dir = os.path.join(BASE_DIR, 'logs')
 log_level = config.get('base', 'log')
 web_socket_host = config.get('websocket', 'web_socket_host')
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
@ -45,7 +60,6 @@ TEMPLATE_DEBUG = True
 ALLOWED_HOSTS = ['0.0.0.0/8']
 BROKER_URL = 'django://'
 # Application definition
 INSTALLED_APPS = (
@ -56,8 +70,6 @@ INSTALLED_APPS = (
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.humanize',
    'djcelery',
    'kombu.transport.django',
    'jumpserver',
    'juser',
    'jasset',
@ -94,6 +106,12 @@ DATABASES = {
    }
 }
 # DATABASES = {
 #     'default': {
 #         'ENGINE': 'django.db.backends.sqlite3',
 #         'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
 #     }
 # }
 TEMPLATE_CONTEXT_PROCESSORS = (
    'django.contrib.auth.context_processors.auth',
    'django.core.context_processors.debug',
@ -102,7 +120,7 @@ TEMPLATE_CONTEXT_PROCESSORS = (
    'django.core.context_processors.static',
    'django.core.context_processors.tz',
    'django.contrib.messages.context_processors.messages',
-    'jumpserver.context_processors.name_proc'
+    'jumpserver.context_processors.name_proc',
 )
 TEMPLATE_DIRS = (
@ -132,5 +150,3 @@ USE_TZ = False
 # https://docs.djangoproject.com/en/1.7/howto/static-files/
 STATIC_URL = '/static/'
--- a/jumpserver/urls.py
+++ b/jumpserver/urls.py
@ -8,8 +8,8 @@ urlpatterns = patterns('',
    (r'^skin_config/$', 'jumpserver.views.skin_config'),
    (r'^install/$', 'jumpserver.views.install'),
    (r'^base/$', 'jumpserver.views.base'),
-    (r'^login/$', 'jumpserver.views.login'),
+    (r'^login/$', 'jumpserver.views.Login'),
-    (r'^logout/$', 'jumpserver.views.logout'),
+    (r'^logout/$', 'jumpserver.views.Logout'),
    (r'^file/upload/$', 'jumpserver.views.upload'),
    (r'^file/download/$', 'jumpserver.views.download'),
    (r'^setting', 'jumpserver.views.setting'),
--- a/jumpserver/views.py
+++ b/jumpserver/views.py
@ -13,6 +13,10 @@ from django.http import HttpResponse
 import paramiko
 from jumpserver.api import *
 from jumpserver.models import Setting
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.decorators import login_required
 from settings import BASE_DIR
 from jlog.models import Log
 def getDaysByNum(num):
@ -49,7 +53,7 @@ def get_data(data, items, option):
@require_role(role='user')
 def index_cu(request):
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
    user = get_object(User, id=user_id)
    login_types = {'L': 'LDAP', 'M': 'MAP'}
    username = user.username
@ -64,7 +68,6 @@ def index_cu(request):
            new_posts.append(post_five)
            post_five = []
    new_posts.append(post_five)
    return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request))
@ -193,40 +196,49 @@ def is_latest():
        pass
-def login(request):
+def Login(request):
    """登录界面"""
-    if request.session.get('username'):
+    if request.user.is_authenticated():
        return HttpResponseRedirect('/')
    if request.method == 'GET':
        return render_to_response('login.html')
    else:
        username = request.POST.get('username')
        password = request.POST.get('password')
-        user_filter = User.objects.filter(username=username)
+        if username and password:
-        if user_filter:
+            user = authenticate(username=username, password=password)
-            user = user_filter[0]
+            if user is not None:
-            if PyCrypt.md5_crypt(password) == user.password:
+                if user.is_active:
-                request.session['user_id'] = user.id
+                    login(request, user)
-                user_filter.update(last_login=datetime.datetime.now())
+                    # c = {}
                    # c.update(csrf(request))
                    # request.session['csrf_token'] = str(c.get('csrf_token'))
        # user_filter = User.objects.filter(username=username)
        # if user_filter:
        #     user = user_filter[0]
        #     if PyCrypt.md5_crypt(password) == user.password:
        #         request.session['user_id'] = user.id
        #         user_filter.update(last_login=datetime.datetime.now())
                    if user.role == 'SU':
                        request.session['role_id'] = 2
                    elif user.role == 'GA':
                        request.session['role_id'] = 1
                    else:
                        request.session['role_id'] = 0
-                response = HttpResponseRedirect('/', )
+                    return HttpResponseRedirect('/', )
-                response.set_cookie('username', username, expires=604800)
+                # response.set_cookie('username', username, expires=604800)
-                response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800)
+                # response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800)
-                return response
+                # return response
            # else:
            #     error = '密码错误，请重新输入。'
        else:
-                error = '密码错误，请重新输入。'
+            error = '用户名或密码错误'
        else:
            error = '用户不存在。'
    return render_to_response('login.html', {'error': error})
-def logout(request):
+def Logout(request):
    request.session.delete()
    logout(request)
    return HttpResponseRedirect('/login/')
--- a/juser/models.py
+++ b/juser/models.py
@ -1,14 +1,13 @@
 # coding: utf-8
 from django.db import models
 from django.contrib.auth.models import AbstractUser
 from jasset.models import Asset, AssetGroup
 class UserGroup(models.Model):
    name = models.CharField(max_length=80, unique=True)
    # assets = models.TextField(max_length=1000, verbose_name="Assets", default='')
    # asset_groups = models.CharField(max_length=1000, verbose_name="Asset Groups", default='')
    comment = models.CharField(max_length=160, blank=True, null=True)
    asset = models.ManyToManyField(Asset)
    asset_group = models.ManyToManyField(AssetGroup)
@ -16,123 +15,22 @@ class UserGroup(models.Model):
    def __unicode__(self):
        return self.name
    # def get_user(self):
    #     return self.user_set.all()
    #
    # def update(self, **kwargs):
    #     for key, value in kwargs.items():
    #         self.__setattr__(key, value)
    #         self.save()
-
+class User(AbstractUser):
 class User(models.Model):
    USER_ROLE_CHOICES = (
        ('SU', 'SuperUser'),
        ('GA', 'GroupAdmin'),
        ('CU', 'CommonUser'),
    )
    username = models.CharField(max_length=80, unique=True)
    password = models.CharField(max_length=100)
    name = models.CharField(max_length=80)
    email = models.EmailField(max_length=75)
    role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU')
    uuid = models.CharField(max_length=100)
    role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU')
    group = models.ManyToManyField(UserGroup)
    ssh_key_pwd = models.CharField(max_length=200)
    is_active = models.BooleanField(default=True)
    last_login = models.DateTimeField(null=True)
    date_joined = models.DateTimeField(null=True)
    asset = models.ManyToManyField(Asset)
    asset_group = models.ManyToManyField(AssetGroup)
    def __unicode__(self):
        return self.username
    # def get_asset_group(self):
    #     """
    #     Get user host_groups.
    #     获取用户有权限的主机组
    #     """
    #     host_group_list = []
    #     perm_list = []
    #     user_group_all = self.group.all()
    #     for user_group in user_group_all:
    #         perm_list.extend(user_group.perm_set.all())
    #
    #     for perm in perm_list:
    #         host_group_list.append(perm.asset_group)
    #
    #     return host_group_list
    #
    # def get_asset_group_info(self, printable=False):
    #     """
    #     Get or print asset group info
    #     获取或打印用户授权资产组
    #     """
    #     asset_groups_info = {}
    #     asset_groups = self.get_asset_group()
    #
    #     for asset_group in asset_groups:
    #         asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment]
    #
    #     if printable:
    #         for group_id in asset_groups_info:
    #             if asset_groups_info[group_id][1]:
    #                 print "[%3s] %s -- %s" % (group_id,
    #                                           asset_groups_info[group_id][0],
    #                                           asset_groups_info[group_id][1])
    #             else:
    #                 print "[%3s] %s" % (group_id, asset_groups_info[group_id][0])
    #             print ''
    #     else:
    #         return asset_groups_info
    #
    # def get_asset(self):
    #     """
    #     Get the assets of under the user control.
    #     获取主机列表
    #     """
    #     assets = []
    #     asset_groups = self.get_asset_group()
    #
    #     for asset_group in asset_groups:
    #         assets.extend(asset_group.asset_set.all())
    #
    #     return assets
    #
    # def get_asset_info(self, printable=False):
    #     """
    #     Get or print the user asset info
    #     获取或打印用户资产信息
    #     """
    #     from jasset.models import AssetAlias
    #     assets_info = {}
    #     assets = self.get_asset()
    #
    #     for asset in assets:
    #         asset_alias = AssetAlias.objects.filter(user=self, asset=asset)
    #         if asset_alias and asset_alias[0].alias != '':
    #             assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)]
    #         else:
    #             assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)]
    #
    #     if printable:
    #         ips = assets_info.keys()
    #         ips.sort()
    #         for ip in ips:
    #             if assets_info[ip][2]:
    #                 print '%-15s -- %s' % (ip, assets_info[ip][2])
    #             else:
    #                 print '%-15s' % ip
    #         print ''
    #     else:
    #         return assets_info
    #
    # def update(self, **kwargs):
    #     for key, value in kwargs.items():
    #         self.__setattr__(key, value)
    #         self.save()
 class AdminGroup(models.Model):
    """
@ -145,5 +43,3 @@ class AdminGroup(models.Model):
    def __unicode__(self):
        return '%s: %s' % (self.user.username, self.group.name)
--- a/juser/urls.py
+++ b/juser/urls.py
@ -22,6 +22,6 @@ urlpatterns = patterns('juser.views',
    (r'^profile/$', 'profile'),
    (r'^change_info/$', 'change_info'),
    (r'^regen_ssh_key/$', 'regen_ssh_key'),
-    (r'^chg_role/$', 'chg_role'),
+    (r'^change_role/$', 'chg_role'),
    (r'^down_key/$', 'down_key'),
 )
--- a/juser/user_api.py
+++ b/juser/user_api.py
@ -5,7 +5,7 @@ from subprocess import call
 from juser.models import AdminGroup
 from jumpserver.api import *
-
+from  jumpserver.settings import BASE_DIR
 def group_add_user(group, user_id=None, username=None):
    """
@ -60,6 +60,7 @@ def db_add_user(**kwargs):
    admin_groups = kwargs.pop('admin_groups')
    role = kwargs.get('role', 'CU')
    user = User(**kwargs)
    user.set_password(kwargs.get('password'))
    user.save()
    if groups_post:
        group_select = []
@ -84,10 +85,10 @@ def db_update_user(**kwargs):
    groups_post = kwargs.pop('groups')
    admin_groups_post = kwargs.pop('admin_groups')
    user_id = kwargs.pop('user_id')
-    user = User.objects.filter(id=user_id)
+    user = User.objects.get(id=user_id)
    if user:
        user.update(**kwargs)
-        user = user[0]
+        user.set_password(kwargs.pop('password'))
        user.save()
    else:
        return None
--- a/juser/views.py
+++ b/juser/views.py
@ -2,25 +2,24 @@
 # Author: Guanghongwei
 # Email: ibuler@qq.com
-import random
+# import random
-from Crypto.PublicKey import RSA
+# from Crypto.PublicKey import RSA
 import uuid as uuid_r
 from django.db.models import Q
 from django.template import RequestContext
 from django.db.models import ObjectDoesNotExist
-
+from jumpserver.settings import MAIL_FROM, MAIL_ENABLE
 from juser.user_api import *
 from jperm.perm_api import _public_perm_api, perm_user_api, user_permed
 def chg_role(request):
-    role = {'SU': 2, 'DA': 1, 'CU': 0}
+    role = {'SU': 2, 'GA': 1, 'CU': 0}
    user, dept = get_session_user_dept(request)
    if request.session['role_id'] > 0:
        request.session['role_id'] = 0
    elif request.session['role_id'] == 0:
-        request.session['role_id'] = role.get(user.role, 0)
+        request.session['role_id'] = role.get(request.user.role, 0)
    return HttpResponseRedirect('/')
@ -168,8 +167,8 @@ def user_add(request):
            if '' in [username, password, ssh_key_pwd, name, role]:
                error = u'带*内容不能为空'
                raise ServerError
-            user_test = get_object(User, username=username)
+            check_user_is_exist = User.objects.filter(username=username)
-            if user_test:
+            if check_user_is_exist:
                error = u'用户 %s 已存在' % username
                raise ServerError
@ -178,10 +177,10 @@ def user_add(request):
        else:
            try:
                user = db_add_user(username=username, name=name,
-                                   password=CRYPTOR.md5_crypt(password),
+                                   password=password,
                                   email=email, role=role, uuid=uuid,
                                   groups=groups, admin_groups=admin_groups,
-                                   ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
+                                   ssh_key_pwd=ssh_key_pwd,
                                   is_active=is_active,
                                   date_joined=datetime.datetime.now())
                server_add_user(username, password, ssh_key_pwd, ssh_key_login_need)
@ -233,10 +232,10 @@ def user_list(request):
@require_role(role='user')
 def user_detail(request):
    header_title, path1, path2 = '用户详情', '用户管理', '用户详情'
-    if request.session.get('role_id') == 0:
+    # if request.session.get('role_id') == 0:
-        user_id = request.session.get('user_id')
+    #     user_id = request.user.id
-    else:
+    # else:
-        user_id = request.GET.get('id', '')
+    #     user_id = request.GET.get('id', '')
    #     if request.session.get('role_id') == 1:
    #         user, dept = get_session_user_dept(request)
    #         if not validate(request, user=[user_id]):
@ -244,9 +243,9 @@ def user_detail(request):
    # if not user_id:
    #     return HttpResponseRedirect('/juser/user_list/')
-    user = get_object(User, id=user_id)
+    # user = get_object(User, id=user_id)
-    if user:
+    # if user:
-        pass
+    #     pass
        # asset_group_permed = user.get_asset_group()
        # logs_last = Log.objects.filter(user=user.name).order_by('-start_time')[0:10]
        # logs_all = Log.objects.filter(user=user.name).order_by('-start_time')
@ -257,8 +256,14 @@ def user_detail(request):
@require_role(role='admin')
 def user_del(request):
    if request.method == "GET":
        user_ids = request.GET.get('id', '')
        user_id_list = user_ids.split(',')
    elif request.method == "POST":
        user_ids = request.POST.get('id', '')
        user_id_list = user_ids.split(',')
    else:
        return HttpResponse('错误请求')
    for user_id in user_id_list:
        user = get_object(User, id=user_id)
        if user:
@ -370,11 +375,11 @@ def user_edit(request):
        else:
            return HttpResponseRedirect('/juser/user_list/')
-        if password != user.password:
+        # if password != user.password:
-            password_decode = password
+        #     password_decode = password
-            password = CRYPTOR.md5_crypt(password)
+        #     password = CRYPTOR.md5_crypt(password)
-        else:
+        # else:
-            password_decode = None
+        #     password_decode = None
        db_update_user(user_id=user_id,
                       password=password,
@ -409,7 +414,10 @@ def user_edit_adm(request):
 def profile(request):
-    user_id = request.session.get('user_id')
+    a = request.user.id
    a = request.user.groups
    user_id = request.user.id
    if not user_id:
        return HttpResponseRedirect('/')
    user = User.objects.get(id=user_id)
@ -418,7 +426,7 @@ def profile(request):
 def change_info(request):
    header_title, path1, path2 = '修改信息', '用户管理', '修改个人信息'
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
    user = get_object(User, id=user_id)
    error = ''
    if not user:
@ -436,10 +444,11 @@ def change_info(request):
            error = '密码须大于6位'
        if not error:
-            if password != user.password:
+            # if password != user.password:
-                password = CRYPTOR.md5_crypt(password)
+            #     password = CRYPTOR.md5_crypt(password)
-            user.update(name=name, password=password, email=email)
+            user.update(name=name, email=email)
            user.set_password(password)
            msg = '修改成功'
    return render_to_response('juser/change_info.html', locals(), context_instance=RequestContext(request))
@ -465,7 +474,7 @@ def down_key(request):
        user_id = request.GET.get('id')
    if is_role_request(request, 'user'):
-        user_id = request.session.get('user_id')
+        user_id = request.user.id
    if user_id:
        user = get_object(User, id=user_id)
--- a/static/.DS_Store
+++ b/static/.DS_Store
--- a/templates/index_cu.html
+++ b/templates/index_cu.html
@ -72,7 +72,7 @@
        <div class="col-lg-4">
            <div class="ibox float-e-margins">
                <div class="ibox-title">
-                    <span class="label label-primary"><b>{{ user.name }}</b></span>
+                    <span class="label label-primary"><b>{{ user.username }}</b></span>
                    <div class="ibox-tools">
                        <a class="collapse-link">
                            <i class="fa fa-chevron-up"></i>
@ -109,7 +109,7 @@
                                </tr>
                                <tr>
                                    <td class="text-navy">角色</td>
-                                    <td>{{ user.id | get_role }}</td>
+                                    <td>{{ user.role }}</td>
                                </tr>
                                <tr>
                                    <td class="text-navy">Email</td>
--- a/templates/jasset/asset_list.html
+++ b/templates/jasset/asset_list.html
@ -24,7 +24,9 @@
                <div class="ibox-content">
                    <div>
                        {% if session_role_id > 0 %}
                        <a target="_blank" href="/jasset/asset_add/" class="btn btn-sm btn-primary "> 添加 </a>
                        {% endif %}
                        <form id="search_form" method="get" action="" class="pull-right mail-search">
                            <div class="input-group">
                                <input type="text" class="form-control input-sm" id="search_input" name="keyword" placeholder="Search">
--- a/templates/nav.html
+++ b/templates/nav.html
@ -1,4 +1,4 @@
-{% ifequal session_role_id 2 %}
+{% if request.session.role_id == 2 %}
 <nav class="navbar-default navbar-static-side" role="navigation">
    <div class="sidebar-collapse">
        <ul class="nav" id="side-menu">
@ -55,8 +55,8 @@
    </div>
 </nav>
-{% endifequal %}
+{% endif %}
-{% ifequal session_role_id 1 %}
+{% if request.session.role_id == 1 %}
 <nav class="navbar-default navbar-static-side" role="navigation">
    <div class="sidebar-collapse">
        <ul class="nav" id="side-menu">
@ -77,8 +77,8 @@
            <li id="jasset">
                <a><i class="fa fa-cube"></i> <span class="nav-label">资产管理</span><span class="fa arrow"></span></a>
                <ul class="nav nav-second-level">
-                    <li class="host_add host_add_multi"><a href="/jasset/host_add/">添加资产</a></li>
+{#                    <li class="host_add host_add_multi"><a href="/jasset/host_add/">添加资产</a></li>#}
-                    <li class="host_list host_detail host_edit"><a href="/jasset/host_list/">查看资产<span class="label label-info pull-right">{{ host_active_num }}/{{ host_total_num}}</span></a></li>
+                    <li class="host_list host_detail host_edit"><a href="/jasset/asset_list/">查看资产<span class="label label-info pull-right">{{ host_active_num }}/{{ host_total_num}}</span></a></li>
                    <li class="idc_list idc_detail idc_edit"><a href="/jasset/idc_list/">查看IDC</a></li>
                    <li class="group_add"><a href="/jasset/group_add/">添加主机组</a></li>
                    <li class="group_list group_detail group_edit"><a href="/jasset/group_list/">查看主机组</a></li>
@ -107,9 +107,9 @@
        </ul>
    </div>
 </nav>
-{% endifequal %}
+{% endif %}
-{% ifequal session_role_id 0 %}
+{% if request.session.role_id == 0 %}
 <nav class="navbar-default navbar-static-side" role="navigation">
    <div class="sidebar-collapse">
        <ul class="nav" id="side-menu">
@ -121,7 +121,7 @@
               <a href="/juser/user_detail/?id={{ session_user_id }}"><i class="fa fa-rebel"></i> <span class="nav-label">个人信息</span><span class="label label-info pull-right"></span></a>
            </li>
            <li id="jasset">
-               <a href="/jasset/host_list/"><i class="fa fa-cube"></i> <span class="nav-label">查看主机</span><span class="label label-info pull-right"></span></a>
+               <a href="/jasset/asset_list/"><i class="fa fa-cube"></i> <span class="nav-label">查看主机</span><span class="label label-info pull-right"></span></a>
            </li>
             <li id="jperm">
                <a><i class="fa fa-cube"></i> <span class="nav-label">权限申请</span><span class="fa arrow"></span></a>
@ -148,4 +148,4 @@
        </ul>
    </div>
 </nav>
-{% endifequal %}
+{% endif %}
--- a/templates/nav_li_profile.html
+++ b/templates/nav_li_profile.html
@ -17,8 +17,13 @@
        <ul class="dropdown-menu animated fadeInRight m-t-xs">
            <li><a value="/juser/profile/?id={{ session_user_id }}" class="iframe_user">个人信息</a></li>
            <li><a href="/juser/change_info/">修改信息</a></li>
-            <li><a href="/juser/change_role/">切换角色</a></li>
+            {% if not user.role == 'CU' %}
-
+                {% if request.session.role_id == 0 %}
                    <li><a href="/juser/change_role/">系统后台</a></li>
                {% else %}
                    <li><a href="/juser/change_role/">主机控制台</a></li>
                {% endif %}
            {% endif %}
            <li class="divider"></li>
            <li><a href="/logout/">注销</a></li>
        </ul>