github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

校验推送

pull/26/head
ibuler 2015-11-29 16:38:40 +08:00
parent 29e1090d2c
commit 2d91f1ab38
3 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jperm/perm_api.py
View File

@ -266,7 +266,7 @@ def get_role_info(role_id, type="all"):
return u"不支持的查询" return u"不支持的查询"
def get_role_push_host(role): def get_role_push_host(role, raw=False):
""" """
get the role push host get the role push host
:return: the asset object :return: the asset object
@ -282,6 +282,8 @@ def get_role_push_host(role):
group_assets.extend(asset_group.asset_set.all()) group_assets.extend(asset_group.asset_set.all())
cacl_assets = set(assets) | set(group_assets) cacl_assets = set(assets) | set(group_assets)
if raw:
return {'asset': cacl_assets, 'asset_group': set(asset_groups)}
# 计算所有主机 在push记录里面的 使用密码和使用秘钥状况 # 计算所有主机 在push记录里面的 使用密码和使用秘钥状况
result = [] result = []
for asset in cacl_assets: for asset in cacl_assets:

15
jperm/views.py
View File

@ -106,6 +106,19 @@ def perm_rule_add(request):
# 获取授予的角色列表 # 获取授予的角色列表
roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select] roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
for role in roles_obj:
push_assets_or_group = get_role_push_host(role=role, raw=True)
push_assets = push_assets_or_group.get('asset')
push_asset_groups = push_assets_or_group.get('asset_group')
no_push_assets = set(assets_obj) - set(push_assets)
no_push_asset_groups = set(asset_groups_obj) - set(push_asset_groups)
if no_push_assets:
raise ServerError(u'没有推送角色 %s 的主机 %s'
% (role.name, ','.join([asset.hostname for asset in no_push_assets])))
elif no_push_asset_groups:
raise ServerError(u'没有推送角色 %s 的主机组 %s'
% (role.name, ','.join(asset_group.name for asset_group in no_push_asset_groups)))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule = PermRule(name=rule_name, comment=rule_comment) rule = PermRule(name=rule_name, comment=rule_comment)
rule.save() rule.save()
@ -117,7 +130,6 @@ def perm_rule_add(request):
rule.save() rule.save()
msg = u"添加授权规则:%s" % rule.name msg = u"添加授权规则:%s" % rule.name
# 渲染数据
return HttpResponseRedirect('/jperm/rule/') return HttpResponseRedirect('/jperm/rule/')
except ServerError, e: except ServerError, e:
error = e error = e
@ -465,7 +477,6 @@ def perm_role_push(request):
os.remove(add_sudo_script) os.remove(add_sudo_script)
print ret print ret
# 结果汇总统计 # 结果汇总统计
if ret_failed: if ret_failed:
# 推送失败 # 推送失败

4
templates/jperm/perm_rule_add.html
View File

@ -136,25 +136,21 @@ $('#ruleForm').validator({
"rulename": { "rulename": {
rule: "required;check_name", rule: "required;check_name",
tip: "输入规则名称", tip: "输入规则名称",
ok: "",
msg: {required: "规则名称必填"} msg: {required: "规则名称必填"}
}, },
"usergroup": { "usergroup": {
rule: "required(check_user)", rule: "required(check_user)",
tip: "请选择用户组", tip: "请选择用户组",
ok: "",
msg: {required: "用户和用户组必选一个!"} msg: {required: "用户和用户组必选一个!"}
}, },
"assetgroup": { "assetgroup": {
rule: "required(check_asset)", rule: "required(check_asset)",
tip: "输入资产组", tip: "输入资产组",
ok: "",
msg: {required: "资产和资产组必选一个!"} msg: {required: "资产和资产组必选一个!"}
}, },
"role": { "role": {
rule: "required", rule: "required",
tip: "请选择角色", tip: "请选择角色",
ok: "",
msg: {required: "必须选择角色"} msg: {required: "必须选择角色"}
} }
}, },