github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Bugfix] 修复授权和资产的一部分bug

pull/828/merge
ibuler 2017-12-19 19:38:09 +08:00
parent b0eace6ad8
commit 3f89701b84
18 changed files with 607 additions and 537 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/assets/models/asset.py
View File

@ -87,7 +87,7 @@ class Asset(models.Model):
comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment')) comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
def __str__(self): def __str__(self):
return '%s <%s: %s>' % (self.hostname, self.ip, self.port) return self.hostname
@property @property
def is_valid(self): def is_valid(self):

2
apps/assets/models/user.py
View File

@ -198,7 +198,7 @@ class SystemUser(AssetUser):
('P', 'Password'), ('P', 'Password'),
('K', 'Public key'), ('K', 'Public key'),
) )
cluster = models.ManyToManyField('assets.Cluster', null=True, blank=True, verbose_name=_("Cluster")) cluster = models.ManyToManyField('assets.Cluster', blank=True, verbose_name=_("Cluster"))
priority = models.IntegerField(default=10, verbose_name=_("Priority")) # Todo: If user granted more priority user, default will be login as the hign priority = models.IntegerField(default=10, verbose_name=_("Priority")) # Todo: If user granted more priority user, default will be login as the hign
protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol')) protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
auto_push = models.BooleanField(default=True, verbose_name=_('Auto push')) auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))

18
apps/assets/templates/assets/admin_user_detail.html
View File

@ -123,24 +123,6 @@
{% endblock %} {% endblock %}
{% block custom_foot_js %} {% block custom_foot_js %}
<script> <script>
Array.prototype.remove = function(val) {
var index = this.indexOf(val);
if (index > -1) {
this.splice(index, 1);
}
};
Array.prototype.unique = function(){
var res = [];
var json = {};
for(var i = 0; i < this.length; i++){
if(!json[this[i]]){
res.push(this[i]);
json[this[i]] = 1;
}
}
return res;
};
function bindToCluster(clusters) { function bindToCluster(clusters) {
var the_url = "{% url 'api-assets:admin-user-add-clusters' pk=admin_user.id %}"; var the_url = "{% url 'api-assets:admin-user-add-clusters' pk=admin_user.id %}";
var body = { var body = {

4
apps/assets/templates/assets/asset_detail.html
View File

@ -227,7 +227,7 @@
</tr> </tr>
<tr> <tr>
<td colspan="2" class="no-borders"> <td colspan="2" class="no-borders">
<button type="button" class="btn btn-info btn-sm" id="btn_add_user_group">{% trans 'Confirm' %}</button> <button type="button" class="btn btn-info btn-sm" id="btn-add-user-group">{% trans 'Confirm' %}</button>
</td> </td>
</tr> </tr>
</form> </form>
@ -327,7 +327,7 @@ $(document).ready(function () {
}else{ }else{
$(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('False'); $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('False');
} }
}).on('click', '#btn_add_user_group', function () { }).on('click', '#btn-add-user-group', function () {
if (Object.keys(jumpserver.groups_selected).length === 0) { if (Object.keys(jumpserver.groups_selected).length === 0) {
return false; return false;
} }

2
apps/assets/templates/assets/cluster_assets.html
View File

@ -101,7 +101,7 @@
</tr> </tr>
<tr class="no-borders-tr"> <tr class="no-borders-tr">
<td colspan="2"> <td colspan="2">
<button type="button" class="btn btn-primary btn-sm btn-add-assets">{% trans 'Confirm' %}</button> <button type="button" class="btn btn-info btn-sm btn-add-assets">{% trans 'Confirm' %}</button>
</td> </td>
</tr> </tr>
</form> </form>

7
apps/assets/templates/assets/system_user_list.html
View File

@ -30,7 +30,7 @@
{% endblock %} {% endblock %}
{% block custom_foot_js %} {% block custom_foot_js %}
<script> <script>
$(document).ready(function(){ function initTable() {
var options = { var options = {
ele: $('#system_user_list_table'), ele: $('#system_user_list_table'),
columnDefs: [ columnDefs: [
@ -74,7 +74,6 @@ $(document).ready(function(){
}}, }},
{targets: 8, createdCell: function (td, cellData, rowData) { {targets: 8, createdCell: function (td, cellData, rowData) {
{# var script_btn = '<a href="{% url "assets:system-user-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-primary">{% trans "Script" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);#}
var update_btn = '<a href="{% url "assets:system-user-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData); var update_btn = '<a href="{% url "assets:system-user-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_admin_user_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData); var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_admin_user_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
$(td).html(update_btn + del_btn) $(td).html(update_btn + del_btn)
@ -87,6 +86,10 @@ $(document).ready(function(){
op_html: $('#actions').html() op_html: $('#actions').html()
}; };
jumpserver.initDataTable(options); jumpserver.initDataTable(options);
}
$(document).ready(function(){
initTable();
}) })
.on('click', '.btn_admin_user_delete', function () { .on('click', '.btn_admin_user_delete', function () {

19
apps/ops/ansible/callback.py
View File

@ -1,5 +1,7 @@
# ~*~ coding: utf-8 ~*~ # ~*~ coding: utf-8 ~*~
from collections import defaultdict
from ansible.plugins.callback import CallbackBase from ansible.plugins.callback import CallbackBase
from ansible.plugins.callback.default import CallbackModule from ansible.plugins.callback.default import CallbackModule
@ -19,8 +21,9 @@ class AdHocResultCallback(CallbackModule):
# "contacted": {"hostname",...}, # "contacted": {"hostname",...},
# "dark": {"hostname": {"task_name": {}, "task_name": {}},...,}, # "dark": {"hostname": {"task_name": {}, "task_name": {}},...,},
# } # }
self.results_raw = dict(ok={}, failed={}, unreachable={}, skipped={}) self.results_raw = dict(ok=defaultdict(dict), failed=defaultdict(dict),
self.results_summary = dict(contacted=[], dark={}) unreachable=defaultdict(dict), skipped=defaultdict(dict))
self.results_summary = dict(contacted=[], dark=defaultdict(dict))
super().__init__() super().__init__()
def gather_result(self, t, res): def gather_result(self, t, res):
@ -31,8 +34,8 @@ class AdHocResultCallback(CallbackModule):
if self.results_raw[t].get(host): if self.results_raw[t].get(host):
self.results_raw[t][host][task_name] = task_result self.results_raw[t][host][task_name] = task_result
else: # else:
self.results_raw[t][host] = {task_name: task_result} # self.results_raw[t][host] = {task_name: task_result}
self.clean_result(t, host, task_name, task_result) self.clean_result(t, host, task_name, task_result)
def clean_result(self, t, host, task_name, task_result): def clean_result(self, t, host, task_name, task_result):
@ -42,10 +45,10 @@ class AdHocResultCallback(CallbackModule):
if host not in contacted: if host not in contacted:
contacted.append(host) contacted.append(host)
else: else:
if dark.get(host): # if dark.get(host):
dark[host][task_name] = task_result dark[host][task_name] = task_result.values
else: # else:
dark[host] = {task_name: task_result} # dark[host] = {task_name: task_result}
if host in contacted: if host in contacted:
contacted.remove(host) contacted.remove(host)

127
apps/perms/api.py
View File

@ -3,7 +3,7 @@
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from rest_framework.views import APIView, Response from rest_framework.views import APIView, Response
from rest_framework.generics import ListAPIView, get_object_or_404 from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView
from rest_framework import viewsets from rest_framework import viewsets
from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
from common.utils import get_object_or_none from common.utils import get_object_or_none
@ -14,7 +14,6 @@ from .models import AssetPermission
from .hands import AssetGrantedSerializer, User, UserGroup, AssetGroup, Asset, \ from .hands import AssetGrantedSerializer, User, UserGroup, AssetGroup, Asset, \
AssetGroup, AssetGroupGrantedSerializer, SystemUser, MyAssetGroupGrantedSerializer AssetGroup, AssetGroupGrantedSerializer, SystemUser, MyAssetGroupGrantedSerializer
from . import serializers from . import serializers
from .utils import associate_system_users_and_assets
class AssetPermissionViewSet(viewsets.ModelViewSet): class AssetPermissionViewSet(viewsets.ModelViewSet):
@ -39,93 +38,85 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
queryset = get_user_group_asset_permissions(user_group) queryset = get_user_group_asset_permissions(user_group)
return queryset return queryset
# Todo: 忘记为何要重写get_serializer_class了
def get_serializer_class(self): def get_serializer_class(self):
if getattr(self, 'user_id', ''): if getattr(self, 'user_id', ''):
return serializers.UserAssetPermissionSerializer return serializers.UserAssetPermissionSerializer
return serializers.AssetPermissionSerializer return serializers.AssetPermissionSerializer
def associate_system_users_and_assets(self, serializer):
assets = serializer.validated_data.get('assets', [])
asset_groups = serializer.validated_data.get('asset_groups', [])
system_users = serializer.validated_data.get('system_users', [])
if serializer.partial:
instance = self.get_object()
assets.extend(list(instance.assets.all()))
asset_groups.extend(list(instance.asset_groups.all()))
system_users.extend(list(instance.system_users.all()))
associate_system_users_and_assets(system_users, assets, asset_groups)
def perform_create(self, serializer): class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
self.associate_system_users_and_assets(serializer)
return super(AssetPermissionViewSet, self).perform_create(serializer)
def perform_update(self, serializer):
self.associate_system_users_and_assets(serializer)
return super(AssetPermissionViewSet, self).perform_update(serializer)
class RevokeUserAssetPermission(APIView):
""" """
将用户从授权中移除Detail页面会调用 将用户从授权中移除Detail页面会调用
""" """
permission_classes = (IsSuperUser,) permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateUserSerializer
queryset = AssetPermission.objects.all()
def put(self, request, *args, **kwargs): def update(self, request, *args, **kwargs):
permission_id = str(request.data.get('id', '')) perm = self.get_object()
user_id = str(request.data.get('user_id', '')) serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
if permission_id and user_id and permission_id.isdigit() and user_id.isdigit(): users = serializer.validated_data.get('users')
asset_permission = get_object_or_404(AssetPermission, id=int(permission_id)) if users:
user = get_object_or_404(User, id=int(user_id)) perm.users.remove(*tuple(users))
return Response({"msg": "ok"})
if asset_permission and user: else:
asset_permission.users.remove(user) return Response({"error": serializer.errors})
return Response({'msg': 'success'})
return Response({'msg': 'failed'}, status=404)
class RemoveSystemUserAssetPermission(APIView): class AssetPermissionAddUserApi(RetrieveUpdateAPIView):
permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateUserSerializer
queryset = AssetPermission.objects.all()
def update(self, request, *args, **kwargs):
perm = self.get_object()
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
users = serializer.validated_data.get('users')
if users:
perm.users.add(*tuple(users))
return Response({"msg": "ok"})
else:
return Response({"error": serializer.errors})
class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
""" """
将系统用户从授权中移除, Detail页面会调用 用户从授权中移除Detail页面会调用
""" """
permission_classes = (IsSuperUser,) permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateAssetSerializer
queryset = AssetPermission.objects.all()
def put(self, request, *args, **kwargs): def update(self, request, *args, **kwargs):
response = [] perm = self.get_object()
asset_permission_id = kwargs.pop('pk') serializer = self.serializer_class(data=request.data)
system_users_id = request.data.get('system_users') if serializer.is_valid():
print(system_users_id) print(serializer.data)
asset_permission = get_object_or_404( assets = serializer.validated_data.get('assets')
AssetPermission, id=asset_permission_id) if assets:
if not isinstance(system_users_id, list): perm.assets.remove(*tuple(assets))
system_users_id = [system_users_id] return Response({"msg": "ok"})
for system_user_id in system_users_id: else:
system_user = get_object_or_none(SystemUser, id=system_user_id) return Response({"error": serializer.errors})
if system_user:
asset_permission.system_users.remove(system_user)
response.append(system_user.to_json())
return Response(response, status=200)
class RevokeUserGroupAssetPermission(APIView): class AssetPermissionAddAssetApi(RetrieveUpdateAPIView):
"""
将用户组从授权中删除
"""
permission_classes = (IsSuperUser,) permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateAssetSerializer
queryset = AssetPermission.objects.all()
def put(self, request, *args, **kwargs): def update(self, request, *args, **kwargs):
permission_id = str(request.data.get('id', '')) perm = self.get_object()
user_group_id = str(request.data.get('user_group_id', '')) serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
if permission_id and user_group_id and permission_id.isdigit() and user_group_id.isdigit(): assets = serializer.validated_data.get('assets')
asset_permission = get_object_or_404(AssetPermission, id=int(permission_id)) if assets:
user_group = get_object_or_404(UserGroup, id=int(user_group_id)) perm.assets.add(*tuple(assets))
return Response({"msg": "ok"})
if asset_permission and user_group: else:
asset_permission.user_groups.remove(user_group) return Response({"error": serializer.errors})
return Response({'msg': 'success'})
return Response({'msg': 'failed'}, status=404)
class UserGrantedAssetsApi(ListAPIView): class UserGrantedAssetsApi(ListAPIView):

4
apps/perms/forms.py
View File

@ -34,7 +34,7 @@ class AssetPermissionForm(forms.ModelForm):
} }
help_texts = { help_texts = {
'name': '* required', 'name': '* required',
'user_groups': '* User or user group at least one required',
'asset_groups': '* Asset or Asset group at least one required',
'system_users': '* required', 'system_users': '* required',
'user_groups': _('User or user group at least one required'),
'asset_groups': _('Asset or Asset group at least one required'),
} }

58
apps/perms/models.py
View File

@ -9,28 +9,18 @@ from common.utils import date_expired_default
class AssetPermission(models.Model): class AssetPermission(models.Model):
from users.models import User, UserGroup from users.models import User, UserGroup
from assets.models import Asset, AssetGroup, SystemUser from assets.models import Asset, AssetGroup, SystemUser, Cluster
id = models.UUIDField(default=uuid.uuid4, primary_key=True) id = models.UUIDField(default=uuid.uuid4, primary_key=True)
name = models.CharField( name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
max_length=128, unique=True, verbose_name=_('Name')) users = models.ManyToManyField(User, related_name='asset_permissions', blank=True, verbose_name=_("User"))
users = models.ManyToManyField( user_groups = models.ManyToManyField(UserGroup, related_name='asset_permissions', blank=True, verbose_name=_("User group"))
User, related_name='asset_permissions', blank=True) assets = models.ManyToManyField(Asset, related_name='granted_by_permissions', blank=True, verbose_name=_("Asset"))
user_groups = models.ManyToManyField( asset_groups = models.ManyToManyField(AssetGroup, related_name='granted_by_permissions', blank=True, verbose_name=_("Asset group"))
UserGroup, related_name='asset_permissions', blank=True) system_users = models.ManyToManyField(SystemUser, related_name='granted_by_permissions', verbose_name=_("System user"))
assets = models.ManyToManyField( is_active = models.BooleanField(default=True, verbose_name=_('Active'))
Asset, related_name='granted_by_permissions', blank=True) date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_('Date expired'))
asset_groups = models.ManyToManyField( created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
AssetGroup, related_name='granted_by_permissions', blank=True) date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
system_users = models.ManyToManyField(
SystemUser, related_name='granted_by_permissions')
is_active = models.BooleanField(
default=True, verbose_name=_('Active'))
date_expired = models.DateTimeField(
default=date_expired_default, verbose_name=_('Date expired'))
created_by = models.CharField(
max_length=128, blank=True, verbose_name=_('Created by'))
date_created = models.DateTimeField(
auto_now_add=True, verbose_name=_('Date created'))
comment = models.TextField(verbose_name=_('Comment'), blank=True) comment = models.TextField(verbose_name=_('Comment'), blank=True)
def __str__(self): def __str__(self):
@ -38,7 +28,7 @@ class AssetPermission(models.Model):
@property @property
def is_valid(self): def is_valid(self):
if self.date_expired < timezone.now() and self.is_active: if self.date_expired > timezone.now() and self.is_active:
return True return True
return False return False
@ -68,18 +58,12 @@ class AssetPermission(models.Model):
assets.add(asset) assets.add(asset)
return assets return assets
# class Meta: def check_system_user_in_assets(self):
# db_table = 'asset_permission' errors = {}
assets = self.get_granted_assets()
clusters = set([asset.cluster for asset in assets])
# def change_permission(sender, **kwargs): for system_user in self.system_users.all():
# print('Sender: %s' % sender) cluster_remain = clusters - set(system_user.cluster.all())
# for k, v in kwargs.items(): if cluster_remain:
# print('%s: %s' % (k, v)) errors[system_user.name] = cluster_remain
# print() return errors
#
# m2m_changed.connect(change_permission, sender=AssetPermission.assets.through)

40
apps/perms/serializers.py
View File

@ -9,10 +9,50 @@ from .hands import User
class AssetPermissionSerializer(serializers.ModelSerializer): class AssetPermissionSerializer(serializers.ModelSerializer):
assets_ = serializers.SerializerMethodField()
asset_groups_ = serializers.SerializerMethodField()
users_ = serializers.SerializerMethodField()
user_groups_ = serializers.SerializerMethodField()
system_users_ = serializers.SerializerMethodField()
class Meta: class Meta:
model = AssetPermission model = AssetPermission
fields = '__all__' fields = '__all__'
@staticmethod
def get_assets_(obj):
return [asset.hostname for asset in obj.assets.all()]
@staticmethod
def get_asset_groups_(obj):
return [group.name for group in obj.asset_groups.all()]
@staticmethod
def get_users_(obj):
return [user.username for user in obj.users.all()]
@staticmethod
def get_user_groups_(obj):
return [group.name for group in obj.user_groups.all()]
@staticmethod
def get_system_users_(obj):
return [user.username for user in obj.system_users.all()]
class AssetPermissionUpdateUserSerializer(serializers.ModelSerializer):
class Meta:
model = AssetPermission
fields = ['id', 'users']
class AssetPermissionUpdateAssetSerializer(serializers.ModelSerializer):
class Meta:
model = AssetPermission
fields = ['id', 'assets']
class UserAssetPermissionSerializer(AssetPermissionSerializer): class UserAssetPermissionSerializer(AssetPermissionSerializer):
is_inherited = serializers.SerializerMethodField() is_inherited = serializers.SerializerMethodField()

161
apps/perms/templates/perms/asset_permission_asset.html
View File

@ -26,16 +26,6 @@
<a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id %}" class="text-center"> <a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id %}" class="text-center">
<i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a> <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
</li> </li>
<form id="search_form" method="get" action="" class="pull-right mail-search">
<div class="input-group">
<input type="text" class="form-control input-sm" name="keyword" placeholder="Search" value="{{ keyword }}">
<div class="input-group-btn">
<button id="search_btn" type="submit" class="btn btn-sm btn-primary">
搜索
</button>
</div>
</div>
</form>
</ul> </ul>
</div> </div>
<div class="tab-content"> <div class="tab-content">
@ -83,7 +73,7 @@
</td> </td>
<td> <td>
<button title="{{ asset.inherit_from_asset_groups }}" class="btn btn-danger btn-xs {% if asset.is_inherit_from_asset_groups %} disabled {% endif %}" type="button" style="float: right;"><i class="fa fa-minus"></i></button> <button title="{{ asset.inherit_from_asset_groups }}" data-gid="{{ asset.id }}" class="btn btn-danger btn-xs btn-remove-asset {% if asset.is_inherit_from_asset_groups %} disabled {% endif %}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -106,16 +96,16 @@
<form> <form>
<tr class="no-borders-tr"> <tr class="no-borders-tr">
<td colspan="2"> <td colspan="2">
<select data-placeholder="{% trans 'Select assets' %}" class="select2" style="width: 100%" multiple="" tabindex="4"> <select data-placeholder="{% trans 'Select assets' %}" class="select2 asset" style="width: 100%" multiple="" tabindex="4">
{% for asset in asset_remain %} {% for asset in assets_remain %}
<option value="{{ asset.id }}">{{ asset.hostname }}: {{ asset.ip }}</option> <option value="{{ asset.id }}">{{ asset.hostname }}</option>
{% endfor %} {% endfor %}
</select> </select>
</td> </td>
</tr> </tr>
<tr class="no-borders-tr"> <tr class="no-borders-tr">
<td colspan="2"> <td colspan="2">
<button type="button" class="btn btn-primary btn-sm">{% trans 'Add' %}</button> <button type="button" class="btn btn-primary btn-sm btn-add-assets">{% trans 'Add' %}</button>
</td> </td>
</tr> </tr>
</form> </form>
@ -134,16 +124,16 @@
<form> <form>
<tr> <tr>
<td colspan="2" class="no-borders"> <td colspan="2" class="no-borders">
<select data-placeholder="{% trans 'Select asset groups' %}" class="select2" style="width: 100%" multiple="" tabindex="4"> <select data-placeholder="{% trans 'Select asset groups' %}" class="select2 group" style="width: 100%" multiple="" tabindex="4">
{% for asset_group in asset_groups_remain %} {% for asset_group in asset_groups_remain %}
<option value="{{ asset_group.id }}">{{ asset_group.name }}</option> <option value="{{ asset_group.id }}" id="opt_{{ asset_group.id }}">{{ asset_group.name }}</option>
{% endfor %} {% endfor %}
</select> </select>
</td> </td>
</tr> </tr>
<tr> <tr>
<td colspan="2" class="no-borders"> <td colspan="2" class="no-borders">
<button type="button" class="btn btn-info btn-small" id="btn_add_user_group">{% trans 'Join' %}</button> <button type="button" class="btn btn-info btn-sm" id="btn-add-group">{% trans 'Join' %}</button>
</td> </td>
</tr> </tr>
</form> </form>
@ -152,7 +142,7 @@
<tr> <tr>
<td ><b class="bdg_user_group" data-gid={{ asset_group.id }}>{{ asset_group.name }}</b></td> <td ><b class="bdg_user_group" data-gid={{ asset_group.id }}>{{ asset_group.name }}</b></td>
<td> <td>
<button class="btn btn-danger btn-xs btn_delete_user_group" type="button" style="float: right;"><i class="fa fa-minus"></i></button> <button class="btn btn-danger btn-xs btn-remove-group" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -170,25 +160,120 @@
{% endblock %} {% endblock %}
{% block custom_foot_js %} {% block custom_foot_js %}
<script> <script>
{# function switch_user_status(obj) {#} function addAssets(assets) {
{# var status = $(obj).prop('checked');#} var the_url = "{% url 'api-perms:asset-permission-add-asset' pk=asset_permission.id %}";
{##} var body = {
{# $.ajax({#} assets: assets
{# url: "{% url 'users:user-active-api' pk=user.id %}",#} };
{# type: "PUT",#} var success = function(data) {
{# data: {#} location.reload();
{# 'is_active': status#} };
{# },#} APIUpdateAttr({
{# success: function (data, status) {#} url: the_url,
{# console.log(data)#} body: JSON.stringify(body),
{# },#} success: success
{# error: function () {#}
{# console.log('error')#}
{# }#}
{# })#}
{# }#}
$(document).ready(function () {
$('.select2').select2();
}); });
}
function removeAssets(assets) {
var the_url = "{% url 'api-perms:asset-permission-remove-asset' pk=asset_permission.id %}";
var body = {
assets: assets
};
var success = function(data) {
location.reload();
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body),
success: success
});
}
function updateGroup(groups) {
var the_url = "{% url 'api-perms:asset-permission-detail' pk=asset_permission.id %}";
var body = {
asset_groups: groups
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body)
});
}
jumpserver.assets_selected = {};
jumpserver.groups_selected = {};
$(document).ready(function () {
$('.select2.asset').select2()
.on('select2:select', function(evt) {
var data = evt.params.data;
jumpserver.assets_selected[data.id] = data.text;
})
.on('select2:unselect', function(evt) {
var data = evt.params.data;
delete jumpserver.assets_selected[data.id]
});
$('.select2.group').select2()
.on('select2:select', function(evt) {
var data = evt.params.data;
jumpserver.groups_selected[data.id] = data.text;
})
.on('select2:unselect', function(evt) {
var data = evt.params.data;
delete jumpserver.groups_selected[data.id]
})
})
.on('click', '.btn-add-assets', function () {
if (Object.keys(jumpserver.assets_selected).length === 0) {
return false;
}
var assets = [];
$.map(jumpserver.assets_selected, function(value, index) {
assets.push(index);
});
addAssets(assets);
})
.on('click', '.btn-remove-asset', function () {
var asset_id = $(this).data("gid");
if (asset_id === "") {
return
}
var assets = [asset_id];
removeAssets(assets)
})
.on('click', '#btn-add-group', function () {
if (Object.keys(jumpserver.groups_selected).length === 0) {
return false;
}
var groups = $('.bdg_group').map(function() {
return $(this).data('gid');
}).get();
$.map(jumpserver.groups_selected, function(group_name, index) {
groups.push(index);
$('#opt_' + index).remove();
$('.group_edit tbody').append(
'<tr>' +
'<td><b class="bdg_group" data-gid="' + index + '">' + group_name + '</b></td>' +
'<td><button class="btn btn-danger btn-xs pull-right btn-leave-group" type="button"><i class="fa fa-minus"></i></button></td>' +
'</tr>'
)
});
updateGroup(groups);
})
.on('click', '.btn-remove-group', function () {
var $this = $(this);
var $tr = $this.closest('tr');
var groups = $('.bdg_group').map(function() {
if ($(this).data('gid') !== $this.data('gid')){
return $(this).data('gid');
}
}).get();
updateGroup(groups);
$tr.remove()
})
</script> </script>
{% endblock %} {% endblock %}

87
apps/perms/templates/perms/asset_permission_detail.html
View File

@ -126,23 +126,6 @@
</div> </div>
</span></td> </span></td>
</tr> </tr>
<tr>
<td width="50%">{% trans 'Retest asset connectivity' %}:</td>
<td>
<span style="float: right">
<button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Start' %}</button>
</span>
</td>
</tr>
<tr>
<td width="50%">{% trans 'Repush system user' %}:</td>
<td>
<span style="float: right">
<button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Push' %}</button>
</span>
</td>
</tr>
</tbody> </tbody>
</table> </table>
</div> </div>
@ -153,21 +136,21 @@
<i class="fa fa-info-circle"></i> {% trans 'System user' %} <i class="fa fa-info-circle"></i> {% trans 'System user' %}
</div> </div>
<div class="panel-body"> <div class="panel-body">
<table class="table group_edit"> <table class="table" id="system-user-table">
<tbody> <tbody>
<form> <form>
<tr> <tr>
<td colspan="2" class="no-borders"> <td colspan="2" class="no-borders">
<select data-placeholder="{% trans 'Select system users' %}" class="select2" style="width: 100%" multiple="" tabindex="4"> <select data-placeholder="{% trans 'Select system users' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
{% for system_user in system_users_remain %} {% for system_user in system_users_remain %}
<option value="{{ system_user.id }}" id="opt_{{ system_user.id }}">{{ system_user.name }}: {{ system_user.username }}</option> <option value="{{ system_user.id }}" id="opt_{{ system_user.id }}">{{ system_user.name }}</option>
{% endfor %} {% endfor %}
</select> </select>
</td> </td>
</tr> </tr>
<tr> <tr>
<td colspan="2" class="no-borders"> <td colspan="2" class="no-borders">
<button type="button" class="btn btn-info btn-small" id="btn_add_system_user">{% trans 'Join' %}</button> <button type="button" class="btn btn-info btn-small" id="btn-add-system-user">{% trans 'Add' %}</button>
</td> </td>
</tr> </tr>
</form> </form>
@ -176,7 +159,7 @@
<tr> <tr>
<td ><b class="bdg-system-user" data-uid={{ system_user.id }}>{{ system_user.name }}</b></td> <td ><b class="bdg-system-user" data-uid={{ system_user.id }}>{{ system_user.name }}</b></td>
<td> <td>
<button class="btn btn-danger btn-xs btn-del" data-uid="{{ system_user.id }}" type="button" style="float: right;"><i class="fa fa-minus"></i></button> <button class="btn btn-danger btn-xs btn-remove-user" data-uid="{{ system_user.id }}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -190,40 +173,22 @@
</div> </div>
</div> </div>
</div> </div>
{% endblock %} {% endblock %}
{% block custom_foot_js %} {% block custom_foot_js %}
<script> <script>
jumpserver.system_users_selected = {}; jumpserver.system_users_selected = {};
function addSystemUser(system_users) {
function updateSystemUser(system_users) {
var the_url = "{% url 'api-perms:asset-permission-detail' pk=asset_permission.id %}"; var the_url = "{% url 'api-perms:asset-permission-detail' pk=asset_permission.id %}";
var body = { var body = {
system_users: Object.assign([], system_users) system_users: Object.assign([], system_users)
}; };
var success = function(data) {
window.location.reload();
};
APIUpdateAttr({ APIUpdateAttr({
url: the_url, url: the_url,
body: JSON.stringify(body), body: JSON.stringify(body)
success: success
}); });
} }
function removeSystemUser(system_users, tr) {
var the_url = "{% url 'api-perms:remove-system-user-asset-permission' pk=asset_permission.id %}";
var body = {
system_users: system_users
};
var success = function (data) {
tr.remove()
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body),
method: 'PUT',
success: success
})
}
$(document).ready(function () { $(document).ready(function () {
$('.select2').select2() $('.select2').select2()
.on('select2:select', function(evt) { .on('select2:select', function(evt) {
@ -234,36 +199,44 @@
var data = evt.params.data; var data = evt.params.data;
delete jumpserver.system_users_selected[data.id] delete jumpserver.system_users_selected[data.id]
}) })
})
}).on('click', '.btn-delete-perm', function () { .on('click', '.btn-delete-perm', function () {
var $this = $(this); var $this = $(this);
var name = "{{ asset_permission.name }}"; var name = "{{ asset_permission.name }}";
var uid = "{{ asset_permission.id }}"; var uid = "{{ asset_permission.id }}";
var the_url = '{% url "api-perms:asset-permission-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid); var the_url = '{% url "api-perms:asset-permission-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
var redirect_url = "{% url 'perms:asset-permission-list' %}"; var redirect_url = "{% url 'perms:asset-permission-list' %}";
objectDelete($this, name, the_url, redirect_url); objectDelete($this, name, the_url, redirect_url);
}).on('click', '#btn_add_system_user', function () { })
.on('click', '#btn-add-system-user', function () {
if (Object.keys(jumpserver.system_users_selected).length === 0) { if (Object.keys(jumpserver.system_users_selected).length === 0) {
return false; return false;
} }
var system_users = $('.bdg-system-user').map(function() { var system_users = $('.bdg-system-user').map(function() {
return $(this).data('uid'); return $(this).data('uid');
}).get(); }).get();
$.map(jumpserver.system_users_selected, function(value, index) {
system_users.push(parseInt(index)); $.map(jumpserver.system_users_selected, function(name, index) {
system_users.push(index);
$('#opt_' + index).remove(); $('#opt_' + index).remove();
$('.group_edit tbody').append(
'<tr>' +
'<td><b class="bdg-system-user" data-gid="' + index + '">' + name + '</b></td>' +
'<td><button class="btn btn-danger btn-xs pull-right btn-remove-user" type="button"><i class="fa fa-minus"></i></button></td>' +
'</tr>'
)
}); });
addSystemUser(system_users) updateSystemUser(system_users);
}).on('click', '.btn-del', function () { }).on('click', '.btn-remove-user', function () {
var $this = $(this); var $this = $(this);
var $uid = $this.data('uid');
var $tr = $this.closest('tr'); var $tr = $this.closest('tr');
var $badge = $tr.find('.bdg-system-user'); var system_users = $('.bdg-system-user').map(function() {
var $system_user = $badge.html() || $badge.text(); if ($(this).data('uid') !== $this.data('uid')){
$('#groups_selected').append( return $(this).data('uid');
'<option value="' + $uid + '" id="opt_' + $uid + '">' + $system_user + '</option>' }
); }).get();
removeSystemUser($uid, $tr) updateSystemUser(system_users);
$tr.remove()
}) })
</script> </script>
{% endblock %} {% endblock %}

107
apps/perms/templates/perms/asset_permission_list.html
View File

@ -1,12 +1,21 @@
{% extends '_base_list.html' %} {% extends '_base_list.html' %}
{% load i18n %} {% load i18n %}
{% block content_left_head %}
{% block table_search %}
{% endblock %}
{% block table_container %}
<div class="uc pull-left m-r-5">
<a href="{% url 'perms:asset-permission-create' %}" class="btn btn-sm btn-primary "> <a href="{% url 'perms:asset-permission-create' %}" class="btn btn-sm btn-primary ">
{% trans "Create permission" %} {% trans "Create permission" %}
</a> </a>
{% endblock %} </div>
<table class="table table-striped table-bordered table-hover" id="permission_list_table" >
{% block table_head %} <thead>
<tr>
<th class="text-center">
<input type="checkbox" id="check_all" class="ipt_check_all" >
</th>
<th class="text-center">{% trans 'Name' %}</th> <th class="text-center">{% trans 'Name' %}</th>
<th class="text-center">{% trans 'User' %}</th> <th class="text-center">{% trans 'User' %}</th>
<th class="text-center">{% trans 'User group' %}</th> <th class="text-center">{% trans 'User group' %}</th>
@ -15,49 +24,67 @@
<th class="text-center">{% trans 'System user' %}</th> <th class="text-center">{% trans 'System user' %}</th>
<th class="text-center">{% trans 'Is valid' %}</th> <th class="text-center">{% trans 'Is valid' %}</th>
<th class="text-center">{% trans 'Action' %}</th> <th class="text-center">{% trans 'Action' %}</th>
{% endblock %}
{% block table_body %}
{% for asset_permission in asset_permission_list %}
<tr class="gradeX">
<td class="text-center">
<a href="{% url 'perms:asset-permission-detail' pk=asset_permission.id %}">
{{ asset_permission.name }}
</a>
</td>
<td class="text-center">{{ asset_permission.users.count }}</td>
<td class="text-center">{{ asset_permission.user_groups.count }}</td>
<td class="text-center">{{ asset_permission.assets.count }}</td>
<td class="text-center">{{ asset_permission.asset_groups.count }}</td>
<td class="text-center">{{ asset_permission.system_users.count }}</td>
<td class="text-center">
{% if asset_permission.is_valid %}
<i class="fa fa-check text-navy"></i>
{% else %}
<i class="fa fa-times text-danger"></i>
{% endif %}
</td>
<td class="text-center">
<a href="{% url 'perms:asset-permission-update' pk=asset_permission.id %}"
class="btn btn-xs btn-info">{% trans 'Update' %}
</a>
<a class="btn btn-xs btn-danger btn-del" data-name="{{ asset_permission.name }}"
data-uid="{{ asset_permission.id }}">{% trans 'Delete' %}
</a>
</td>
</tr> </tr>
{% endfor %} </thead>
<tbody>
</tbody>
</table>
{% endblock %} {% endblock %}
{% block custom_foot_js %} {% block custom_foot_js %}
<script> <script>
function initTable() {
var options = {
ele: $('#permission_list_table'),
columnDefs: [
{targets: 1, createdCell: function (td, cellData, rowData) {
var detail_btn = '<a href="{% url "perms:asset-permission-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
}},
{targets: 2, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 3, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 4, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 5, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 6, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 7, createdCell: function (td, cellData) {
if (!cellData) {
$(td).html('<i class="fa fa-times text-danger"></i>')
} else {
$(td).html('<i class="fa fa-check text-navy"></i>')
}
}},
{targets: 8, createdCell: function (td, cellData) {
var update_btn = '<a href="{% url "perms:asset-permission-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del-permission" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
$(td).html(update_btn + del_btn);
}}
],
ajax_url: '{% url "api-perms:asset-permission-list" %}',
columns: [
{data: "id" }, {data: "name"}, {data: "users_" }, {data: "user_groups_" }, {data: "assets_" },
{data: "asset_groups_"}, {data: "system_users_"}, {data: "is_active"}, {data: "id" }
],
op_html: $('#actions').html()
};
jumpserver.initDataTable(options);
}
$(document).ready(function(){ $(document).ready(function(){
$('table').DataTable({ initTable();
"searching": false,
"paging": false,
"order": []
}) })
}).on('click', '.btn-del', function () {
.on('click', '.btn-del', function () {
var $this = $(this); var $this = $(this);
var name = $this.data('name'); var name = $this.data('name');
var uid = $this.data('uid'); var uid = $this.data('uid');

116
apps/perms/templates/perms/asset_permission_user.html
View File

@ -26,16 +26,6 @@
<a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id %}" class="text-center"> <a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id %}" class="text-center">
<i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a> <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
</li> </li>
<form id="search_form" method="get" action="" class="pull-right mail-search">
<div class="input-group">
<input type="text" class="form-control input-sm" name="keyword" placeholder="Search" value="{{ keyword }}">
<div class="input-group-btn">
<button id="search_btn" type="submit" class="btn btn-sm btn-primary">
搜索
</button>
</div>
</div>
</form>
</ul> </ul>
</div> </div>
<div class="tab-content"> <div class="tab-content">
@ -83,7 +73,7 @@
</td> </td>
<td> <td>
<button class="btn btn-danger btn-xs btn_delete_user_group {% if user.is_inherit_from_user_groups %} disabled {% endif %}" type="button" style="float: right;"><i class="fa fa-minus"></i></button> <button class="btn btn-danger btn-xs btn-remove-user {% if user.is_inherit_from_user_groups %} disabled {% endif %}" data-gid="{{ user.id }}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -108,7 +98,7 @@
<td colspan="2"> <td colspan="2">
<select data-placeholder="{% trans 'Select user' %}" class="select2 user" style="width: 100%" multiple="" tabindex="4"> <select data-placeholder="{% trans 'Select user' %}" class="select2 user" style="width: 100%" multiple="" tabindex="4">
{% for user in users_remain %} {% for user in users_remain %}
<option value="{{ user.id }}">{{ user.name }}: {{ user.username }}</option> <option value="{{ user.id }}">{{ user.name }}</option>
{% endfor %} {% endfor %}
</select> </select>
</td> </td>
@ -143,16 +133,16 @@
</tr> </tr>
<tr> <tr>
<td colspan="2" class="no-borders"> <td colspan="2" class="no-borders">
<button type="button" class="btn btn-info btn-small" id="btn_add_user_group">{% trans 'Add' %}</button> <button type="button" class="btn btn-info btn-sm" id="btn-add-group">{% trans 'Add' %}</button>
</td> </td>
</tr> </tr>
</form> </form>
{% for user_group in user_groups %} {% for user_group in user_groups %}
<tr> <tr>
<td ><b class="bdg_user_group" data-gid={{ user_group.id }}>{{ user_group.name }}</b></td> <td ><b class="bdg_group" data-gid={{ user_group.id }}>{{ user_group.name }}</b></td>
<td> <td>
<button class="btn btn-danger btn-xs btn_delete_user_group" type="button" style="float: right;"><i class="fa fa-minus"></i></button> <button class="btn btn-danger btn-xs btn-remove-group" type="button" data-gid="{{ user_group.id }}" style="float: right;"><i class="fa fa-minus"></i></button>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -171,7 +161,49 @@
{% block custom_foot_js %} {% block custom_foot_js %}
<script> <script>
jumpserver.users_selected = {}; jumpserver.users_selected = {};
jumpserver.user_groups_selected = {}; jumpserver.groups_selected = {};
function addUsers(users) {
var the_url = "{% url 'api-perms:asset-permission-add-user' pk=asset_permission.id %}";
var body = {
users: users
};
var success = function(data) {
location.reload();
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body),
success: success
});
}
function removeUser(users) {
var the_url = "{% url 'api-perms:asset-permission-remove-user' pk=asset_permission.id %}";
var body = {
users: users
};
var success = function(data) {
location.reload();
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body),
success: success
});
}
function updateGroup(groups) {
var the_url = "{% url 'api-perms:asset-permission-detail' pk=asset_permission.id %}";
var body = {
user_groups: groups
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body)
});
}
$(document).ready(function () { $(document).ready(function () {
$('.select2.user').select2() $('.select2.user').select2()
.on('select2:select', function(evt) { .on('select2:select', function(evt) {
@ -185,14 +217,60 @@
$('.select2.user-group').select2() $('.select2.user-group').select2()
.on('select2:select', function(evt) { .on('select2:select', function(evt) {
var data = evt.params.data; var data = evt.params.data;
jumpserver.user_groups_selected[data.id] = data.text; jumpserver.groups_selected[data.id] = data.text;
}) })
.on('select2:unselect', function(evt) { .on('select2:unselect', function(evt) {
var data = evt.params.data; var data = evt.params.data;
delete jumpserver.user_groups_selected[data.id] delete jumpserver.groups_selected[data.id]
}) })
}).on('click', '.btn-add-user', function () { }).on('click', '.btn-add-user', function () {
console.log(jumpserver.users_selected) if (Object.keys(jumpserver.users_selected).length === 0) {
return false;
}
var users_id = [];
$.map(jumpserver.users_selected, function(value, index) {
users_id.push(index);
});
console.log(users_id);
addUsers(users_id);
}).on('click', '.btn-remove-user', function () {
var user_id = $(this).data("gid");
if (user_id === "") {
return
}
var users = [user_id];
removeUser(users)
}).on('click', '#btn-add-group', function () {
if (Object.keys(jumpserver.groups_selected).length === 0) {
return false;
}
var groups = $('.bdg_group').map(function() {
return $(this).data('gid');
}).get();
$.map(jumpserver.groups_selected, function(group_name, index) {
groups.push(index);
$('#opt_' + index).remove();
$('.group_edit tbody').append(
'<tr>' +
'<td><b class="bdg_group" data-gid="' + index + '">' + group_name + '</b></td>' +
'<td><button class="btn btn-danger btn-xs pull-right btn-leave-group" type="button"><i class="fa fa-minus"></i></button></td>' +
'</tr>'
)
});
updateGroup(groups);
}).on('click', '.btn-remove-group', function () {
var $this = $(this);
var $tr = $this.closest('tr');
var groups = $('.bdg_group').map(function() {
if ($(this).data('gid') !== $this.data('gid')){
return $(this).data('gid');
}
}).get();
updateGroup(groups);
$tr.remove()
}) })
</script> </script>
{% endblock %} {% endblock %}

41
apps/perms/urls/api_urls.py
View File

@ -19,41 +19,22 @@ urlpatterns = [
url(r'^v1/user/my/asset-group/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', api.MyAssetGroupOfAssetsApi.as_view(), name='my-asset-group-of-assets'), url(r'^v1/user/my/asset-group/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', api.MyAssetGroupOfAssetsApi.as_view(), name='my-asset-group-of-assets'),
# 查询某个用户授权的资产和资产组 # 查询某个用户授权的资产和资产组
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', api.UserGrantedAssetsApi.as_view(), name='user-assets'),
api.UserGrantedAssetsApi.as_view(), url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups/$', api.UserGrantedAssetGroupsApi.as_view(), name='user-asset-groups'),
name='user-assets'), url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups-assets/$', api.UserGrantedAssetGroupsWithAssetsApi.as_view(), name='user-asset-groups'),
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups/$',
api.UserGrantedAssetGroupsApi.as_view(),
name='user-asset-groups'),
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups-assets/$',
api.UserGrantedAssetGroupsWithAssetsApi.as_view(),
name='user-asset-groups'),
# 查询某个用户组授权的资产和资产组 # 查询某个用户组授权的资产和资产组
url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
api.UserGroupGrantedAssetsApi.as_view(), url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups/$', api.UserGroupGrantedAssetGroupsApi.as_view(), name='user-group-asset-groups'),
name='user-group-assets'),
url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups/$',
api.UserGroupGrantedAssetGroupsApi.as_view(),
name='user-group-asset-groups'),
# 回收用户或用户组授权 # 用户和资产授权变更
url(r'^v1/asset-permissions/user/revoke/$', url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/user/remove/$', api.AssetPermissionRemoveUserApi.as_view(), name='asset-permission-remove-user'),
api.RevokeUserAssetPermission.as_view(), url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/user/add/$', api.AssetPermissionAddUserApi.as_view(), name='asset-permission-add-user'),
name='revoke-user-asset-permission'), url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/asset/remove/$', api.AssetPermissionRemoveAssetApi.as_view(), name='asset-permission-remove-asset'),
url(r'^v1/asset-permissions/user-group/revoke/$', url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/asset/add/$', api.AssetPermissionAddAssetApi.as_view(), name='asset-permission-add-asset'),
api.RevokeUserGroupAssetPermission.as_view(),
name='revoke-user-group-asset-permission'),
# 验证用户是否有某个资产和系统用户的权限 # 验证用户是否有某个资产和系统用户的权限
url(r'v1/asset-permission/user/validate/$', url(r'v1/asset-permission/user/validate/$', api.ValidateUserAssetPermissionView.as_view(), name='validate-user-asset-permission'),
api.ValidateUserAssetPermissionView.as_view(),
name='validate-user-asset-permission'),
# 删除asset permission中的某个系统用户
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/system-user/remove/$',
api.RemoveSystemUserAssetPermission.as_view(),
name='remove-system-user-asset-permission'),
] ]
urlpatterns += router.urls urlpatterns += router.urls

28
apps/perms/utils.py
View File

@ -179,31 +179,3 @@ def push_system_user(assets, system_user):
system_user = system_user._to_secret_json() system_user = system_user._to_secret_json()
task = push_users.delay(assets, system_user) task = push_users.delay(assets, system_user)
return task.id return task.id
def associate_system_users_and_assets(system_users, assets, asset_groups, force=False):
"""关联系统用户和资产, 目的是保存它们的关系, 然后新加入的资产或系统
用户时,推送系统用户到资产
Todo: 这里需要最终Api定下来更改一下, 现在策略是以系统用户为核心推送, 一个系统用户
推送一次
"""
assets_all = set(assets)
for asset_group in asset_groups:
assets_all |= set(asset_group.assets.all())
for system_user in system_users:
assets_need_push = []
if system_user.auto_push:
if force:
assets_need_push = assets_all
else:
assets_need_push.extend(
[asset for asset in assets_all
if asset not in system_user.assets.all()
]
)
system_user.assets.add(*(tuple(assets_all)))
push_system_user(assets_need_push, system_user)

161
apps/perms/views.py
View File

@ -2,24 +2,19 @@
from __future__ import unicode_literals, absolute_import from __future__ import unicode_literals, absolute_import
import functools
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.db import transaction
from django.conf import settings from django.conf import settings
from django.db.models import Q
from django.views.generic import ListView, CreateView, UpdateView from django.views.generic import ListView, CreateView, UpdateView
from django.views.generic.edit import DeleteView, FormView from django.views.generic.edit import DeleteView, FormView
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.contrib.messages.views import SuccessMessageMixin from django.contrib.messages.views import SuccessMessageMixin
from django.views.generic.detail import DetailView, SingleObjectMixin from django.views.generic.detail import DetailView, SingleObjectMixin
from django.contrib import messages
from common.utils import search_object_attr
from .hands import AdminUserRequiredMixin, User, UserGroup, SystemUser, \ from .hands import AdminUserRequiredMixin, User, UserGroup, SystemUser, \
Asset, AssetGroup Asset, AssetGroup
from .models import AssetPermission from .models import AssetPermission
from .forms import AssetPermissionForm from .forms import AssetPermissionForm
# from .utils import associate_system_users_and_assets
class AssetPermissionListView(AdminUserRequiredMixin, ListView): class AssetPermissionListView(AdminUserRequiredMixin, ListView):
@ -32,52 +27,34 @@ class AssetPermissionListView(AdminUserRequiredMixin, ListView):
context = { context = {
'app': _('Perms'), 'app': _('Perms'),
'action': _('Asset permission list'), 'action': _('Asset permission list'),
'keyword': self.keyword,
} }
kwargs.update(context) kwargs.update(context)
return super(AssetPermissionListView, self).get_context_data(**kwargs) return super().get_context_data(**kwargs)
def get_queryset(self):
self.queryset = super(AssetPermissionListView, self).get_queryset()
self.keyword = keyword = self.request.GET.get('keyword', '')
self.sort = sort = self.request.GET.get('sort', '-date_created')
if keyword:
self.queryset = self.queryset\
.filter(Q(users__name__contains=keyword) |
Q(users__username__contains=keyword) |
Q(user_groups__name__contains=keyword) |
Q(assets__ip__contains=keyword) |
Q(assets__hostname__contains=keyword) |
Q(system_users__username__icontains=keyword) |
Q(system_users__name__icontains=keyword) |
Q(asset_groups__name__icontains=keyword) |
Q(comment__icontains=keyword) |
Q(name__icontains=keyword)).distinct()
if sort:
self.queryset = self.queryset.order_by(sort)
return self.queryset
class AssetPermissionCreateView(AdminUserRequiredMixin, class MessageMixin:
SuccessMessageMixin, def form_valid(self, form):
CreateView): response = super().form_valid(form)
model = AssetPermission errors = self.object.check_system_user_in_assets()
form_class = AssetPermissionForm if errors:
template_name = 'perms/asset_permission_create_update.html' message = self.get_warning_messages(errors)
success_url = reverse_lazy('perms:asset-permission-list') messages.warning(self.request, message)
else:
message = self.get_success_message(form.cleaned_data)
messages.success(self.request, message)
@transaction.atomic success_message = self.get_success_message(form.cleaned_data)
def post(self, request, *args, **kwargs): if success_message:
return super(AssetPermissionCreateView, self).post(request, *args, **kwargs) messages.success(self.request, success_message)
return response
def get_context_data(self, **kwargs): @staticmethod
context = { def get_warning_messages(errors):
'app': _('Perms'), message = "System user should in behind clusters, so that " \
'action': _('Create asset permission'), "system user auto push to cluster assets <br>"
} for system_user, clusters in errors:
kwargs.update(context) message += "{}: {} ".format(system_user.name, ", ".join(list(clusters)))
return super(AssetPermissionCreateView, self).get_context_data(**kwargs) return message
def get_success_message(self, cleaned_data): def get_success_message(self, cleaned_data):
url = reverse_lazy('perms:asset-permission-detail', url = reverse_lazy('perms:asset-permission-detail',
@ -87,24 +64,29 @@ class AssetPermissionCreateView(AdminUserRequiredMixin,
'successfully.'.format(url=url, name=self.object.name)) 'successfully.'.format(url=url, name=self.object.name))
return success_message return success_message
# Todo: When create push system user
# def form_valid(self, form):
# assets = form.cleaned_data['assets']
# asset_groups = form.cleaned_data['asset_groups']
# system_users = form.cleaned_data['system_users']
# response = super(AssetPermissionCreateView, self).form_valid(form)
# self.object.created_by = self.request.user.name
# self.object.save()
# return response
class AssetPermissionCreateView(AdminUserRequiredMixin,
class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView): MessageMixin,
CreateView):
model = AssetPermission
form_class = AssetPermissionForm
template_name = 'perms/asset_permission_create_update.html'
success_url = reverse_lazy('perms:asset-permission-list')
warning = None
def get_context_data(self, **kwargs):
context = {
'app': _('Perms'),
'action': _('Create asset permission'),
}
kwargs.update(context)
return super().get_context_data(**kwargs)
class AssetPermissionUpdateView(AdminUserRequiredMixin, MessageMixin, UpdateView):
model = AssetPermission model = AssetPermission
form_class = AssetPermissionForm form_class = AssetPermissionForm
template_name = 'perms/asset_permission_create_update.html' template_name = 'perms/asset_permission_create_update.html'
success_message = _(
'Update asset permission <a href="{url}"> {name} </a> successfully.'
)
success_url = reverse_lazy("perms:asset-permission-list") success_url = reverse_lazy("perms:asset-permission-list")
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
@ -113,14 +95,7 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
'action': _('Update asset permission') 'action': _('Update asset permission')
} }
kwargs.update(context) kwargs.update(context)
return super(AssetPermissionUpdateView, self).get_context_data(**kwargs) return super().get_context_data(**kwargs)
def get_success_message(self):
url = reverse_lazy('perms:asset-permission-detail',
kwargs={'pk': self.object.pk})
return self.success_message.format(
url=url, name=self.object.name
)
class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView): class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
@ -138,7 +113,7 @@ class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
'system_users': self.object.system_users.all(), 'system_users': self.object.system_users.all(),
} }
kwargs.update(context) kwargs.update(context)
return super(AssetPermissionDetailView, self).get_context_data(**kwargs) return super().get_context_data(**kwargs)
class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView): class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
@ -153,40 +128,28 @@ class AssetPermissionUserView(AdminUserRequiredMixin,
template_name = 'perms/asset_permission_user.html' template_name = 'perms/asset_permission_user.html'
context_object_name = 'asset_permission' context_object_name = 'asset_permission'
paginate_by = settings.CONFIG.DISPLAY_PER_PAGE paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
object = None
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=AssetPermission.objects.all()) self.object = self.get_object(queryset=AssetPermission.objects.all())
self.keyword = self.request.GET.get('keyword', '') return super().get(request, *args, **kwargs)
return super(AssetPermissionUserView, self).get(request, *args, **kwargs)
def get_queryset(self): def get_queryset(self):
queryset = self.object.get_granted_users() queryset = self.object.get_granted_users()
if self.keyword:
search_func = functools.partial(
search_object_attr,
value=self.keyword,
attr_list=['username', 'name', 'email'],
ignore_case=True)
queryset = filter(search_func, queryset)
return queryset return queryset
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
users_granted = self.get_queryset() users_granted = self.get_queryset()
user_groups_granted = self.object.user_groups.all() groups_granted = self.object.user_groups.all()
context = { context = {
'app': _('Perms'), 'app': _('Perms'),
'action': _('Asset permission user list'), 'action': _('Asset permission user list'),
'users_remain': [ 'users_remain': User.objects.exclude(id__in=[user.id for user in users_granted]),
user for user in User.objects.all()
if user not in users_granted],
'user_groups': self.object.user_groups.all(), 'user_groups': self.object.user_groups.all(),
'user_groups_remain': [ 'user_groups_remain': UserGroup.objects.exclude(id__in=[group.id for group in groups_granted])
user_group for user_group in UserGroup.objects.all()
if user_group not in user_groups_granted],
'keyword': self.keyword,
} }
kwargs.update(context) kwargs.update(context)
return super(AssetPermissionUserView, self).get_context_data(**kwargs) return super().get_context_data(**kwargs)
class AssetPermissionAssetView(AdminUserRequiredMixin, class AssetPermissionAssetView(AdminUserRequiredMixin,
@ -195,37 +158,25 @@ class AssetPermissionAssetView(AdminUserRequiredMixin,
template_name = 'perms/asset_permission_asset.html' template_name = 'perms/asset_permission_asset.html'
context_object_name = 'asset_permission' context_object_name = 'asset_permission'
paginate_by = settings.CONFIG.DISPLAY_PER_PAGE paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
object = None
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=AssetPermission.objects.all()) self.object = self.get_object(queryset=AssetPermission.objects.all())
self.keyword = self.request.GET.get('keyword', '') return super().get(request, *args, **kwargs)
return super(AssetPermissionAssetView, self)\
.get(request, *args, **kwargs)
def get_queryset(self): def get_queryset(self):
queryset = self.object.get_granted_assets() queryset = self.object.get_granted_assets()
if self.keyword:
search_func = functools.partial(
search_object_attr, value=self.keyword,
attr_list=['hostname', 'ip'],
ignore_case=True)
queryset = filter(search_func, queryset)
return queryset return queryset
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
assets_granted = self.get_queryset() assets_granted = self.get_queryset()
asset_groups_granted = self.object.user_groups.all() groups_granted = self.object.asset_groups.all()
context = { context = {
'app': _('Perms'), 'app': _('Perms'),
'action': _('Asset permission asset list'), 'action': _('Asset permission asset list'),
'assets_remain': [ 'assets_remain': Asset.objects.exclude(id__in=[asset.id for asset in assets_granted]),
asset for asset in Asset.objects.all()
if asset not in assets_granted],
'asset_groups': self.object.asset_groups.all(), 'asset_groups': self.object.asset_groups.all(),
'asset_groups_remain': [ 'asset_groups_remain': AssetGroup.objects.exclude(id__in=[group.id for group in groups_granted])
asset_group for asset_group in AssetGroup.objects.all()
if asset_group not in asset_groups_granted],
'keyword': self.keyword,
} }
kwargs.update(context) kwargs.update(context)
return super(AssetPermissionAssetView, self).get_context_data(**kwargs) return super().get_context_data(**kwargs)