校验推送

2015-11-29 16:38:40 +08:00 · 2015-11-29 16:38:40 +08:00 · 2d91f1ab38
parent 29e1090d2c
commit 2d91f1ab38
3 changed files with 16 additions and 7 deletions
--- a/jperm/perm_api.py
+++ b/jperm/perm_api.py
@ -266,7 +266,7 @@ def get_role_info(role_id, type="all"):
        return u"不支持的查询"


-def get_role_push_host(role):
+def get_role_push_host(role, raw=False):
    """
    get the role push host
    :return: the asset object
@ -282,6 +282,8 @@ def get_role_push_host(role):
        group_assets.extend(asset_group.asset_set.all())
    cacl_assets = set(assets) | set(group_assets)

+    if raw:
+        return {'asset': cacl_assets, 'asset_group': set(asset_groups)}
    # 计算所有主机 在push记录里面的 使用密码和使用秘钥状况
    result = []
    for asset in cacl_assets:
--- a/jperm/views.py
+++ b/jperm/views.py
@ -106,6 +106,19 @@ def perm_rule_add(request):
            # 获取授予的角色列表
            roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]

+            for role in roles_obj:
+                push_assets_or_group = get_role_push_host(role=role, raw=True)
+                push_assets = push_assets_or_group.get('asset')
+                push_asset_groups = push_assets_or_group.get('asset_group')
+                no_push_assets = set(assets_obj) - set(push_assets)
+                no_push_asset_groups = set(asset_groups_obj) - set(push_asset_groups)
+                if no_push_assets:
+                    raise ServerError(u'没有推送角色 %s 的主机 %s'
+                                      % (role.name, ','.join([asset.hostname for asset in no_push_assets])))
+                elif no_push_asset_groups:
+                    raise ServerError(u'没有推送角色 %s 的主机组 %s'
+                                      % (role.name, ','.join(asset_group.name for asset_group in no_push_asset_groups)))
+
            # 仅授权成功的，写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
            rule = PermRule(name=rule_name, comment=rule_comment)
            rule.save()
@ -117,7 +130,6 @@ def perm_rule_add(request):
            rule.save()

            msg = u"添加授权规则：%s" % rule.name
-            # 渲染数据
            return HttpResponseRedirect('/jperm/rule/')
        except ServerError, e:
            error = e
@ -465,7 +477,6 @@ def perm_role_push(request):
        os.remove(add_sudo_script)

        print ret
-
        # 结果汇总统计
        if ret_failed:
            # 推送失败
--- a/templates/jperm/perm_rule_add.html
+++ b/templates/jperm/perm_rule_add.html
@ -136,25 +136,21 @@ $('#ruleForm').validator({
        "rulename": {
            rule: "required;check_name",
            tip: "输入规则名称",
-            ok: "",
            msg: {required: "规则名称必填"}
        },
        "usergroup": {
            rule: "required(check_user)",
            tip: "请选择用户组",
-            ok: "",
            msg: {required: "用户和用户组必选一个!"}
        },
        "assetgroup": {
            rule: "required(check_asset)",
            tip: "输入资产组",
-            ok: "",
            msg: {required: "资产和资产组必选一个!"}
        },
        "role": {
            rule: "required",
            tip: "请选择角色",
-            ok: "",
            msg: {required: "必须选择角色"}
        }
    },