mirror of https://github.com/jumpserver/jumpserver
[Update] 修改授权
ibuler
parent
2d3967872b
commit
274cb74097
|
|
@ -8,16 +8,15 @@ from .models import NodePermission
|
||||||
|
|
||||||
|
|
||||||
class AssetPermissionForm(forms.ModelForm):
|
class AssetPermissionForm(forms.ModelForm):
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = NodePermission
|
model = NodePermission
|
||||||
fields = [
|
fields = [
|
||||||
'node', 'user_group', 'system_user', 'is_active',
|
'node', 'user_group', 'system_user', 'is_active',
|
||||||
'date_expired', 'comment'
|
'date_expired', 'comment',
|
||||||
]
|
]
|
||||||
widgets = {
|
widgets = {
|
||||||
'node': forms.Select(
|
'node': forms.Select(
|
||||||
attrs={'class': 'select2', 'data-placeholder': _("Node")}
|
attrs={'style': 'display:none'}
|
||||||
),
|
),
|
||||||
'user_group': forms.Select(
|
'user_group': forms.Select(
|
||||||
attrs={'class': 'select2', 'data-placeholder': _("User group")}
|
attrs={'class': 'select2', 'data-placeholder': _("User group")}
|
||||||
|
|
|
||||||
|
|
@ -81,7 +81,8 @@ class NodePermission(models.Model):
|
||||||
comment = models.TextField(verbose_name=_('Comment'), blank=True)
|
comment = models.TextField(verbose_name=_('Comment'), blank=True)
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return "{}:{}:{}".format(self.node.name, self.user_group.name, self.system_user.name)
|
return "{}:{}:{}".format(self.node.value, self.user_group.name, self.system_user.name)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
unique_together = ('node', 'user_group', 'system_user')
|
unique_together = ('node', 'user_group', 'system_user')
|
||||||
|
verbose_name = _("Asset permission")
|
||||||
|
|
|
||||||
|
|
@ -28,10 +28,21 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="ibox-content">
|
<div class="ibox-content">
|
||||||
|
{% if form.non_field_errors %}
|
||||||
|
<div class="alert alert-danger">
|
||||||
|
{{ form.non_field_errors }}
|
||||||
|
</div>
|
||||||
|
{% endif %}
|
||||||
<form method="post" class="form-horizontal" action="" >
|
<form method="post" class="form-horizontal" action="" >
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<h3>{% trans 'Basic' %}</h3>
|
<h3>{% trans 'Basic' %}</h3>
|
||||||
{% bootstrap_field form.node layout="horizontal" %}
|
<div class="form-group">
|
||||||
|
<label class="col-md-2 control-label" for="id_name">{% trans 'Node' %}</label>
|
||||||
|
<div class="col-md-9">
|
||||||
|
<input type="text" class="form-control" readonly value="{{ form.node.initial }}">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{{ form.node }}
|
||||||
{% bootstrap_field form.user_group layout="horizontal" %}
|
{% bootstrap_field form.user_group layout="horizontal" %}
|
||||||
{% bootstrap_field form.system_user layout="horizontal" %}
|
{% bootstrap_field form.system_user layout="horizontal" %}
|
||||||
<div class="hr-line-dashed"></div>
|
<div class="hr-line-dashed"></div>
|
||||||
|
|
|
||||||
|
|
@ -9,10 +9,10 @@ urlpatterns = [
|
||||||
url(r'^asset-permission$', views.AssetPermissionListView.as_view(), name='asset-permission-list'),
|
url(r'^asset-permission$', views.AssetPermissionListView.as_view(), name='asset-permission-list'),
|
||||||
url(r'^asset-permission/create$', views.AssetPermissionCreateView.as_view(), name='asset-permission-create'),
|
url(r'^asset-permission/create$', views.AssetPermissionCreateView.as_view(), name='asset-permission-create'),
|
||||||
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/update$', views.AssetPermissionUpdateView.as_view(), name='asset-permission-update'),
|
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/update$', views.AssetPermissionUpdateView.as_view(), name='asset-permission-update'),
|
||||||
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})$', views.AssetPermissionDetailView.as_view(),name='asset-permission-detail'),
|
# url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})$', views.AssetPermissionDetailView.as_view(),name='asset-permission-detail'),
|
||||||
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/delete$', views.AssetPermissionDeleteView.as_view(), name='asset-permission-delete'),
|
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/delete$', views.AssetPermissionDeleteView.as_view(), name='asset-permission-delete'),
|
||||||
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/user$', views.AssetPermissionUserView.as_view(), name='asset-permission-user-list'),
|
# url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/user$', views.AssetPermissionUserView.as_view(), name='asset-permission-user-list'),
|
||||||
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/asset$', views.AssetPermissionAssetView.as_view(), name='asset-permission-asset-list'),
|
# url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/asset$', views.AssetPermissionAssetView.as_view(), name='asset-permission-asset-list'),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,14 +2,21 @@
|
||||||
|
|
||||||
from __future__ import absolute_import, unicode_literals
|
from __future__ import absolute_import, unicode_literals
|
||||||
import collections
|
import collections
|
||||||
|
from django.utils import timezone
|
||||||
|
|
||||||
from common.utils import setattr_bulk, get_logger
|
from common.utils import setattr_bulk, get_logger
|
||||||
from .tasks import push_users
|
from .tasks import push_users
|
||||||
from .hands import User, UserGroup, Asset, AssetGroup, SystemUser
|
from .hands import AssetGroup
|
||||||
|
|
||||||
logger = get_logger(__file__)
|
logger = get_logger(__file__)
|
||||||
|
|
||||||
|
|
||||||
|
def get_user_group_permissions(user_group):
|
||||||
|
return user_group.nodepermission_set.all() \
|
||||||
|
.filter(is_active=True) \
|
||||||
|
.filter(date_expired=timezone.now())
|
||||||
|
|
||||||
|
|
||||||
def get_user_group_granted_asset_groups(user_group):
|
def get_user_group_granted_asset_groups(user_group):
|
||||||
"""Return asset groups granted of the user group
|
"""Return asset groups granted of the user group
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,6 @@ from django.conf import settings
|
||||||
from django.views.generic import ListView, CreateView, UpdateView
|
from django.views.generic import ListView, CreateView, UpdateView
|
||||||
from django.views.generic.edit import DeleteView
|
from django.views.generic.edit import DeleteView
|
||||||
from django.urls import reverse_lazy
|
from django.urls import reverse_lazy
|
||||||
from django.contrib.messages.views import SuccessMessageMixin
|
|
||||||
from django.views.generic.detail import DetailView, SingleObjectMixin
|
from django.views.generic.detail import DetailView, SingleObjectMixin
|
||||||
|
|
||||||
from common.utils import get_object_or_none
|
from common.utils import get_object_or_none
|
||||||
|
|
@ -61,6 +60,11 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
|
||||||
template_name = 'perms/asset_permission_create_update.html'
|
template_name = 'perms/asset_permission_create_update.html'
|
||||||
success_url = reverse_lazy("perms:asset-permission-list")
|
success_url = reverse_lazy("perms:asset-permission-list")
|
||||||
|
|
||||||
|
def get_form(self, form_class=None):
|
||||||
|
form = super().get_form(form_class=form_class)
|
||||||
|
form['node'].initial = form.instance.node
|
||||||
|
return form
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
def get_context_data(self, **kwargs):
|
||||||
context = {
|
context = {
|
||||||
'app': _('Perms'),
|
'app': _('Perms'),
|
||||||
|
|
@ -70,22 +74,22 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
|
||||||
return super().get_context_data(**kwargs)
|
return super().get_context_data(**kwargs)
|
||||||
|
|
||||||
|
|
||||||
class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
|
# class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
|
||||||
template_name = 'perms/asset_permission_detail.html'
|
# template_name = 'perms/asset_permission_detail.html'
|
||||||
context_object_name = 'asset_permission'
|
# context_object_name = 'asset_permission'
|
||||||
model = AssetPermission
|
# model = AssetPermission
|
||||||
|
#
|
||||||
def get_context_data(self, **kwargs):
|
# def get_context_data(self, **kwargs):
|
||||||
context = {
|
# context = {
|
||||||
'app': _('Perms'),
|
# 'app': _('Perms'),
|
||||||
'action': _('Asset permission detail'),
|
# 'action': _('Asset permission detail'),
|
||||||
'system_users_remain': [
|
# 'system_users_remain': [
|
||||||
system_user for system_user in SystemUser.objects.all()
|
# system_user for system_user in SystemUser.objects.all()
|
||||||
if system_user not in self.object.system_users.all()],
|
# if system_user not in self.object.system_users.all()],
|
||||||
'system_users': self.object.system_users.all(),
|
# 'system_users': self.object.system_users.all(),
|
||||||
}
|
# }
|
||||||
kwargs.update(context)
|
# kwargs.update(context)
|
||||||
return super().get_context_data(**kwargs)
|
# return super().get_context_data(**kwargs)
|
||||||
|
|
||||||
|
|
||||||
class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
|
class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
|
||||||
|
|
@ -94,61 +98,61 @@ class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
|
||||||
success_url = reverse_lazy('perms:asset-permission-list')
|
success_url = reverse_lazy('perms:asset-permission-list')
|
||||||
|
|
||||||
|
|
||||||
class AssetPermissionUserView(AdminUserRequiredMixin,
|
# class AssetPermissionUserView(AdminUserRequiredMixin,
|
||||||
SingleObjectMixin,
|
# SingleObjectMixin,
|
||||||
ListView):
|
# ListView):
|
||||||
template_name = 'perms/asset_permission_user.html'
|
# template_name = 'perms/asset_permission_user.html'
|
||||||
context_object_name = 'asset_permission'
|
# context_object_name = 'asset_permission'
|
||||||
paginate_by = settings.DISPLAY_PER_PAGE
|
# paginate_by = settings.DISPLAY_PER_PAGE
|
||||||
object = None
|
# object = None
|
||||||
|
#
|
||||||
def get(self, request, *args, **kwargs):
|
# def get(self, request, *args, **kwargs):
|
||||||
self.object = self.get_object(queryset=AssetPermission.objects.all())
|
# self.object = self.get_object(queryset=AssetPermission.objects.all())
|
||||||
return super().get(request, *args, **kwargs)
|
# return super().get(request, *args, **kwargs)
|
||||||
|
#
|
||||||
def get_queryset(self):
|
# def get_queryset(self):
|
||||||
queryset = self.object.get_granted_users()
|
# queryset = self.object.get_granted_users()
|
||||||
return queryset
|
# return queryset
|
||||||
|
#
|
||||||
def get_context_data(self, **kwargs):
|
# def get_context_data(self, **kwargs):
|
||||||
users_granted = self.get_queryset()
|
# users_granted = self.get_queryset()
|
||||||
groups_granted = self.object.user_groups.all()
|
# groups_granted = self.object.user_groups.all()
|
||||||
context = {
|
# context = {
|
||||||
'app': _('Perms'),
|
# 'app': _('Perms'),
|
||||||
'action': _('Asset permission user list'),
|
# 'action': _('Asset permission user list'),
|
||||||
'users_remain': User.objects.exclude(id__in=[user.id for user in users_granted]),
|
# 'users_remain': User.objects.exclude(id__in=[user.id for user in users_granted]),
|
||||||
'user_groups': self.object.user_groups.all(),
|
# 'user_groups': self.object.user_groups.all(),
|
||||||
'user_groups_remain': UserGroup.objects.exclude(id__in=[group.id for group in groups_granted])
|
# 'user_groups_remain': UserGroup.objects.exclude(id__in=[group.id for group in groups_granted])
|
||||||
}
|
# }
|
||||||
kwargs.update(context)
|
# kwargs.update(context)
|
||||||
return super().get_context_data(**kwargs)
|
# return super().get_context_data(**kwargs)
|
||||||
|
|
||||||
|
|
||||||
class AssetPermissionAssetView(AdminUserRequiredMixin,
|
# class AssetPermissionAssetView(AdminUserRequiredMixin,
|
||||||
SingleObjectMixin,
|
# SingleObjectMixin,
|
||||||
ListView):
|
# ListView):
|
||||||
template_name = 'perms/asset_permission_asset.html'
|
# template_name = 'perms/asset_permission_asset.html'
|
||||||
context_object_name = 'asset_permission'
|
# context_object_name = 'asset_permission'
|
||||||
paginate_by = settings.DISPLAY_PER_PAGE
|
# paginate_by = settings.DISPLAY_PER_PAGE
|
||||||
object = None
|
# object = None
|
||||||
|
#
|
||||||
def get(self, request, *args, **kwargs):
|
# def get(self, request, *args, **kwargs):
|
||||||
self.object = self.get_object(queryset=AssetPermission.objects.all())
|
# self.object = self.get_object(queryset=AssetPermission.objects.all())
|
||||||
return super().get(request, *args, **kwargs)
|
# return super().get(request, *args, **kwargs)
|
||||||
|
#
|
||||||
def get_queryset(self):
|
# def get_queryset(self):
|
||||||
queryset = self.object.get_granted_assets()
|
# queryset = self.object.get_granted_assets()
|
||||||
return queryset
|
# return queryset
|
||||||
|
#
|
||||||
def get_context_data(self, **kwargs):
|
# def get_context_data(self, **kwargs):
|
||||||
assets_granted = self.get_queryset()
|
# assets_granted = self.get_queryset()
|
||||||
groups_granted = self.object.asset_groups.all()
|
# groups_granted = self.object.asset_groups.all()
|
||||||
context = {
|
# context = {
|
||||||
'app': _('Perms'),
|
# 'app': _('Perms'),
|
||||||
'action': _('Asset permission asset list'),
|
# 'action': _('Asset permission asset list'),
|
||||||
'assets_remain': Asset.objects.exclude(id__in=[asset.id for asset in assets_granted]),
|
# 'assets_remain': Asset.objects.exclude(id__in=[asset.id for asset in assets_granted]),
|
||||||
'asset_groups': self.object.asset_groups.all(),
|
# 'asset_groups': self.object.asset_groups.all(),
|
||||||
'asset_groups_remain': AssetGroup.objects.exclude(id__in=[group.id for group in groups_granted])
|
# 'asset_groups_remain': AssetGroup.objects.exclude(id__in=[group.id for group in groups_granted])
|
||||||
}
|
# }
|
||||||
kwargs.update(context)
|
# kwargs.update(context)
|
||||||
return super().get_context_data(**kwargs)
|
# return super().get_context_data(**kwargs)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue