��

10 years ago · 386d6a1cb2
parent a2ede31ae6
commit 386d6a1cb2
4 changed files with 94 additions and 3 deletions
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@ -192,7 +192,6 @@ def view_splitter(request, su=None, adm=None):
    raise Http404


-
 def user_perm_group_api(user):
    if user:
        perm_list = []
@ -233,3 +232,43 @@ def asset_perm_api(asset):
        for user_group in user_group_list:
            user_permed_list.extend(user_group.user_set.all())
        return user_permed_list
+
+
+def validate(request, user_group=None, user=None, asset_group=None, asset=None):
+    dept = get_session_user_dept(request)[1]
+    if user_group:
+        dept_user_groups = dept.usergroup_set.all()
+        user_groups = []
+        for user_group_id in user_group:
+            user_groups.extend(UserGroup.objects.filter(id=user_group_id))
+        if not set(user_groups).issubset(set(dept_user_groups)):
+            return False
+
+    if user:
+        dept_users = dept.user_set.all()
+        users = []
+        for user_id in user:
+            users.extend(User.objects.filter(id=user_id))
+
+        if not set(users).issubset(set(dept_users)):
+            return False
+
+    if asset_group:
+        dept_asset_groups = dept.bisgroup_set.all()
+        asset_groups = []
+        for asset_group_id in asset_group:
+            asset_groups.extend(BisGroup.objects.filter(id=asset_group_id))
+
+        if not set(asset_groups).issubset(set(dept_asset_groups)):
+            return False
+
+    if asset:
+        dept_assets = dept.asset_set.all()
+        assets = []
+        for asset_id in asset:
+            assets.extend(asset_id)
+
+        if not set(assets).issubset(dept_assets):
+            return False
+
+    return True
--- a/juser/urls.py
+++ b/juser/urls.py
@ -18,7 +18,7 @@ urlpatterns = patterns('juser.views',
    (r'^group_detail/$', 'group_detail'),
    (r'^group_del/$', 'group_del'),
    (r'^group_del_ajax/$', 'group_del_ajax'),
-    (r'^group_edit/$', 'group_edit'),
+    (r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}),
    (r'^user_add/$', 'user_add'),
    (r'^user_list/$', 'user_list'),
    (r'^user_detail/$', 'user_detail'),
--- a/juser/views.py
+++ b/juser/views.py
@ -444,7 +444,7 @@ def group_update_member(group_id, users_id_list):
            group.user_set.add(user)


-@require_admin
+@require_super_user
 def group_edit(request):
    error = ''
    msg = ''
@ -492,6 +492,56 @@ def group_edit(request):
        return HttpResponseRedirect('/juser/group_list/')


+@require_admin
+def group_edit_adm(request):
+    error = ''
+    msg = ''
+    header_title, path1, path2 = '修改小组信息', '用户管理', '编辑小组'
+    if request.method == 'GET':
+        group_id = request.GET.get('id', '')
+        if not validate(request, user_group=[group_id]):
+            return HttpResponseRedirect('/juser/group_list/')
+        group = UserGroup.objects.filter(id=group_id)
+        if group:
+            group = group[0]
+            dept_all = DEPT.objects.all()
+            users_all = User.objects.all()
+            users_selected = group.user_set.all()
+            users = [user for user in users_all if user not in users_selected]
+
+        return render_to_response('juser/group_edit.html', locals(), context_instance=RequestContext(request))
+    else:
+        group_id = request.POST.get('group_id', '')
+        group_name = request.POST.get('group_name', '')
+        dept_id = request.POST.get('dept_id', '')
+        comment = request.POST.get('comment', '')
+        users_selected = request.POST.getlist('users_selected')
+
+        users = []
+        try:
+            if '' in [group_id, group_name]:
+                raise AddError('组名不能为空')
+            dept = DEPT.objects.filter(id=dept_id)
+            if dept:
+                dept = dept[0]
+            else:
+                raise AddError('部门不存在')
+            for user_id in users_selected:
+                users.extend(User.objects.filter(id=user_id))
+
+            user_group = UserGroup.objects.filter(id=group_id)
+            if user_group:
+                user_group.update(name=group_name, comment=comment, dept=dept)
+                user_group = user_group[0]
+                user_group.user_set.clear()
+                user_group.user_set = users
+
+        except AddError, e:
+            error = e
+
+        return HttpResponseRedirect('/juser/group_list/')
+
+
@require_admin
 def user_add(request):
    error = ''
--- a/templates/juser/group_edit.html
+++ b/templates/juser/group_edit.html
@ -41,6 +41,7 @@
                                    <input id="group_name" name="group_name" placeholder="Group name" type="text" class="form-control" value="{{ group.name }}">
                                </div>
                            </div>
+                            {% ifequal session_role_id 2 %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="dept_id" class="col-sm-2 control-label">部门<span class="red-fonts">*</span></label>
@ -56,6 +57,7 @@
                                    </select>
                                </div>
                            </div>
+                            {% endifequal %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="users" class="col-lg-2 control-label">用户</label>