diff --git a/jperm/models.py b/jperm/models.py index 1a07e6572..9584e8946 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -7,5 +7,7 @@ from jasset.models import Asset, AssetGroup class PermLog(models.Model): datetime = models.DateTimeField(auto_now_add=True) - result = models.CharField(max_length=1000, null=True, blank=True, default='') - is_finished = models.BooleanField(default=False) + action = models.CharField(max_length=100, null=True, blank=True, default='') + results = models.CharField(max_length=1000, null=True, blank=True, default='') + is_success = models.BooleanField(default=False) + is_finish = models.BooleanField(default=False) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 8f95a7e1b..2ded2087c 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -6,9 +6,10 @@ import uuid import re from ansible.playbook import PlayBook from ansible import callbacks, utils -from jumpserver.tasks import playbook_run, add +from jumpserver.tasks import playbook_run from jumpserver.models import Setting +from jperm.models import PermLog def get_object_list(model, id_list): @@ -64,38 +65,21 @@ def perm_user_api(perm_info): 'new': {'users': [], 'assets': []}} """ + log = PermLog(action=perm_info.get('action', '')) try: new_users = perm_info.get('new', {}).get('users', []) - new_assets = perm_info.get('new', {}).get('assets',[]) + new_assets = perm_info.get('new', {}).get('assets', []) del_users = perm_info.get('del', {}).get('users', []) del_assets = perm_info.get('del', {}).get('assets', []) - print new_users, new_assets except IndexError: raise ServerError("Error: function perm_user_api传入参数错误") - # 检查传入的是字符串还是对象 - check_users = new_users + del_users try: - if isinstance(check_users[0], str): - var_type = 'str' - else: - var_type = 'obj' - - except IndexError: - raise ServerError("Error: function perm_user_api传入参数错误") - - try: - if var_type == 'str': - new_ip = new_assets - del_ip = del_assets - new_username = new_users - del_username = del_users - else: - new_ip = [asset.ip for asset in new_assets if isinstance(asset, Asset)] - del_ip = [asset.ip for asset in del_assets if isinstance(asset, Asset)] - new_username = [user.username for user in new_users if isinstance(user, User)] - del_username = [user.username for user in del_users if isinstance(user, User)] + new_ip = [asset.ip for asset in new_assets if isinstance(asset, Asset)] + del_ip = [asset.ip for asset in del_assets if isinstance(asset, Asset)] + new_username = [user.username for user in new_users if isinstance(user, User)] + del_username = [user.username for user in del_users if isinstance(user, User)] except IndexError: raise ServerError("Error: function perm_user_api传入参数类型错误") @@ -114,11 +98,20 @@ def perm_user_api(perm_info): settings = get_object(Setting, name='default') results = playbook_run(inventory, playbook, settings) + if not results.get('failed', 1) and not results.get('unreachable', ''): + is_success = True + else: + is_success = False + + log.results = results + log.is_finish = True + log.is_success = is_success + log.save() return results def user_group_permed(user_group): - assets = user_group.asset_set.all() + assets = user_group.asset.all() asset_groups = user_group.asset_group.all() for asset_group in asset_groups: @@ -130,7 +123,7 @@ def user_group_permed(user_group): def user_permed(user): asset_groups = [] assets = [] - user_groups = user.user_group.all() + user_groups = user.group.all() asset_groups.extend(user.asset_group.all()) assets.extend(user.asset.all()) @@ -213,7 +206,7 @@ def _public_perm_api(info): new_assets.extend(user_group_permed(user_group).get('assets', [])) perm_info = { - 'new': {'users': [user], 'assets': new_assets} + 'new': {'action': 'new user: ' + user.name, 'users': [user], 'assets': new_assets} } elif info.get('type') == 'edit_user': new_assets = [] @@ -229,6 +222,7 @@ def _public_perm_api(info): del_assets.extend((user_group_permed(user_group).get('assets', []))) perm_info = { + 'action': 'edit user: ' + user.name, 'del': {'users': [user], 'assets': del_assets}, 'new': {'users': [user], 'assets': new_assets} } @@ -237,7 +231,7 @@ def _public_perm_api(info): user = info.get('user') del_assets = user_permed(user).get('assets', []) perm_info = { - 'del': {'users': [user], 'assets': del_assets}, + 'action': 'del user: ' + user.name, 'del': {'users': [user], 'assets': del_assets}, } elif info.get('type') == 'edit_user_group': @@ -247,18 +241,32 @@ def _public_perm_api(info): assets = user_group_permed(user_group).get('assets', []) perm_info = { + 'action': 'edit user group: ' + user_group.name, 'new': {'users': new_users, 'assets': assets}, 'del': {'users': del_users, 'assets': assets} } elif info.get('type') == 'del_user_group': - assets = [] - user_groups = info.get('group', []) - del_users = [user_group.user_set.all() for user_group in user_groups] - for user_group in user_groups: - assets.extend(user_group_permed(user_group).get('assets', [])) + user_group = info.get('group', []) + del_users = user_group.user_set.all() + assets = user_group_permed(user_group).get('assets', []) + + perm_info = { + 'action': "del user group: " + user_group.name, 'del': {'users': del_users, 'assets': assets} + } + else: + return + + try: + results = perm_user_api(perm_info) # 通过API授权或回收 + except ServerError, e: + return e + else: + return results + + + - perm_info = {} diff --git a/jperm/views.py b/jperm/views.py index 8a5e67e3e..0fd1f1f99 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -1 +1 @@ -# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jumpserver.api import * from jperm.perm_api import * from jperm.models import PermLog as Log @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 for asset_group in asset_group_new: asset_new.extend(asset_group.asset_set.all()) for asset_group in asset_group_del: asset_del.extend(asset_group.asset_set.all()) perm_info = { 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } print perm_info try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') def log(request): header_title, path1, path2 = '授权记录', '授权管理', '授权记录' log_all = Log.objects.all().order_by('-datetime') log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request) return my_render('jperm/perm_log.html', locals(), request) \ No newline at end of file +# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jumpserver.api import * from jperm.perm_api import * from jperm.models import PermLog as Log @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 for asset_group in asset_group_new: asset_new.extend(asset_group.asset_set.all()) for asset_group in asset_group_del: asset_del.extend(asset_group.asset_set.all()) perm_info = { 'action': 'perm user edit: ' + user.name, 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } print perm_info try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 users = user_group.user_set.all() perm_info = { 'action': 'perm group edit: ' + user_group.name, 'del': {'users': users, 'assets': asset_del}, 'new': {'users': users, 'assets': asset_new} } results = perm_user_api(perm_info) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') def log(request): header_title, path1, path2 = '授权记录', '授权管理', '授权记录' log_all = Log.objects.all().order_by('-datetime') log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request) return my_render('jperm/perm_log.html', locals(), request) \ No newline at end of file diff --git a/juser/views.py b/juser/views.py index 6cfd91ef1..c6ca3a649 100644 --- a/juser/views.py +++ b/juser/views.py @@ -11,6 +11,7 @@ from django.template import RequestContext from django.db.models import ObjectDoesNotExist from juser.user_api import * +from jperm.perm_api import _public_perm_api, perm_user_api, user_permed def chg_role(request): @@ -89,31 +90,6 @@ def group_del(request): return HttpResponse('删除成功') -# @require_role(role='admin') -# def group_list_adm(request): -# header_title, path1, path2 = '查看部门小组', '用户管理', '查看小组' -# keyword = request.GET.get('search', '') -# did = request.GET.get('did', '') -# user, dept = get_session_user_dept(request) -# contact_list = dept.usergroup_set.all().order_by('name') -# -# if keyword: -# contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# return render_to_response('juser/group_list.html', locals(), context_instance=RequestContext(request)) - -# -# @require_role(role='admin') -# def group_detail(request): -# group_id = request.GET.get('id', None) -# if not group_id: -# return HttpResponseRedirect('/') -# group = UserGroup.objects.get(id=group_id) -# users = group.user_set.all() -# return render_to_response('juser/group_detail.html', locals(), context_instance=RequestContext(request)) - - @require_role(role='super') def group_edit(request): error = '' @@ -165,54 +141,6 @@ def group_edit(request): return my_render('juser/group_edit.html', locals(), request) -# @require_role(role='admin') -# def group_edit_adm(request): -# error = '' -# msg = '' -# header_title, path1, path2 = '修改小组信息', '用户管理', '编辑小组' -# user, dept = get_session_user_dept(request) -# if request.method == 'GET': -# group_id = request.GET.get('id', '') -# if not validate(request, user_group=[group_id]): -# return HttpResponseRedirect('/juser/group_list/') -# group = UserGroup.objects.filter(id=group_id) -# if group: -# group = group[0] -# users_all = dept.user_set.all() -# users_selected = group.user_set.all() -# users = [user for user in users_all if user not in users_selected] -# -# return render_to_response('juser/group_edit.html', locals(), context_instance=RequestContext(request)) -# else: -# group_id = request.POST.get('group_id', '') -# group_name = request.POST.get('group_name', '') -# comment = request.POST.get('comment', '') -# users_selected = request.POST.getlist('users_selected') -# -# users = [] -# try: -# if not validate(request, user=users_selected): -# raise ServerError(u'右侧非部门用户') -# -# if not validate(request, user_group=[group_id]): -# raise ServerError(u'没有权限修改本组') -# -# for user_id in users_selected: -# users.extend(User.objects.filter(id=user_id)) -# -# user_group = UserGroup.objects.filter(id=group_id) -# if user_group: -# user_group.update(name=group_name, comment=comment, dept=dept) -# user_group = user_group[0] -# user_group.user_set.clear() -# user_group.user_set = users -# -# except ServerError, e: -# error = e -# -# return HttpResponseRedirect('/juser/group_list/') - - @require_role(role='super') def user_add(request): error = '' @@ -257,11 +185,20 @@ def user_add(request): is_active=is_active, date_joined=datetime.datetime.now()) server_add_user(username, password, ssh_key_pwd, ssh_key_login_need) - except Exception, e: + user = get_object(User, username=username) + if groups: + user_groups = [] + for user_group_id in groups: + user_groups.extend(UserGroup.objects.filter(id=user_group_id)) + print user_groups + results = _public_perm_api({'type': 'new_user', 'user': user, 'group': user_groups}) + print results + except IndexError, e: error = u'添加用户 %s 失败 %s ' % (username, e) try: db_del_user(username) server_del_user(username) + _public_perm_api({'type': 'del_user', 'user': user, 'group': user_groups}) except Exception: pass else: @@ -271,78 +208,6 @@ def user_add(request): return my_render('juser/user_add.html', locals(), request) -# @require_role(role='admin') -# def user_add_adm(request): -# error = '' -# msg = '' -# header_title, path1, path2 = '添加用户', '用户管理', '添加用户' -# user, dept = get_session_user_dept(request) -# group_all = dept.usergroup_set.all() -# -# if request.method == 'POST': -# username = request.POST.get('username', '') -# password = PyCrypt.gen_rand_pwd(16) -# name = request.POST.get('name', '') -# email = request.POST.get('email', '') -# groups = request.POST.getlist('groups', []) -# ssh_key_pwd = PyCrypt.gen_rand_pwd(16) -# is_active = True if request.POST.get('is_active', '1') == '1' else False -# ldap_pwd = PyCrypt.gen_rand_pwd(16) -# -# try: -# if '' in [username, password, ssh_key_pwd, name, groups, is_active]: -# error = u'带*内容不能为空' -# raise ServerError -# user = User.objects.filter(username=username) -# if user: -# error = u'用户 %s 已存在' % username -# raise ServerError -# -# except ServerError: -# pass -# else: -# try: -# user = db_add_user(username=username, -# password=CRYPTOR.md5_crypt(password), -# name=name, email=email, dept=dept, -# groups=groups, role='CU', -# ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd), -# ldap_pwd=CRYPTOR.encrypt(ldap_pwd), -# is_active=is_active, -# date_joined=datetime.datetime.now()) -# -# server_add_user(username, password, ssh_key_pwd) -# if LDAP_ENABLE: -# ldap_add_user(username, ldap_pwd) -# -# except Exception, e: -# error = u'添加用户 %s 失败 %s ' % (username, e) -# try: -# db_del_user(username) -# server_del_user(username) -# if LDAP_ENABLE: -# ldap_del_user(username) -# except Exception: -# pass -# else: -# mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver' -# mail_msg = """ -# Hi, %s -# 您的用户名: %s -# 您的部门: %s -# 您的角色: %s -# 您的web登录密码: %s -# 您的ssh密钥文件密码: %s -# 密钥下载地址: http://%s:%s/juser/down_key/?id=%s -# 说明: 请登陆后再下载密钥! -# """ % (name, username, dept.name, '普通用户', -# password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id) -# send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False) -# msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email) -# -# return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) - - @require_role(role='super') def user_list(request): user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} @@ -365,31 +230,6 @@ def user_list(request): return my_render('juser/user_list.html', locals(), request) -# @require_role(role='admin') -# def user_list_adm(request): -# user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} -# header_title, path1, path2 = '查看用户', '用户管理', '用户列表' -# keyword = request.GET.get('keyword', '') -# user, dept = get_session_user_dept(request) -# gid = request.GET.get('gid', '') -# contact_list = dept.user_set.all().order_by('name') -# -# if gid: -# if not validate(request, user_group=[gid]): -# return HttpResponseRedirect('/juser/user_list/') -# user_group = UserGroup.objects.filter(id=gid) -# if user_group: -# user_group = user_group[0] -# contact_list = user_group.user_set.all() -# -# if keyword: -# contact_list = contact_list.filter(Q(username__icontains=keyword) | Q(name__icontains=keyword)).order_by('name') -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# -# return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request)) - - @require_role(role='user') def user_detail(request): header_title, path1, path2 = '用户详情', '用户管理', '用户详情' @@ -420,8 +260,12 @@ def user_del(request): user_ids = request.GET.get('id', '') user_id_list = user_ids.split(',') for user_id in user_id_list: - User.objects.filter(id=user_id).delete() - + user = get_object(User, id=user_id) + if user: + assets = user_permed(user) + result = _public_perm_api({'type': 'del_user', 'user': user, 'asset': assets}) + print result + user.delete() return HttpResponse('删除成功') @@ -540,6 +384,7 @@ def user_edit(request): admin_groups=admin_groups, role=role_post, is_active=is_active) + _public_perm_api({'type': 'del_user', 'user': user, 'asset': user_permed(user)}) if email_need: msg = u""" @@ -561,59 +406,6 @@ def user_edit(request): # @require_role(role='admin') def user_edit_adm(request): pass -# header_title, path1, path2 = '编辑用户', '用户管理', '用户编辑' -# user, dept = get_session_user_dept(request) -# if request.method == 'GET': -# user_id = request.GET.get('id', '') -# if not user_id: -# return HttpResponseRedirect('/juser/user_list/') -# -# if not validate(request, user=[user_id]): -# return HttpResponseRedirect('/juser/user_list/') -# -# user = User.objects.filter(id=user_id) -# dept_all = DEPT.objects.all() -# group_all = dept.usergroup_set.all() -# if user: -# user = user[0] -# groups_str = ' '.join([str(group.id) for group in user.group.all()]) -# -# else: -# user_id = request.POST.get('user_id', '') -# password = request.POST.get('password', '') -# name = request.POST.get('name', '') -# email = request.POST.get('email', '') -# groups = request.POST.getlist('groups', []) -# ssh_key_pwd = request.POST.get('ssh_key_pwd', '') -# is_active = True if request.POST.get('is_active', '1') == '1' else False -# -# if not validate(request, user=[user_id], user_group=groups): -# return HttpResponseRedirect('/juser/user_edit/') -# if user_id: -# user = User.objects.filter(id=user_id) -# if user: -# user = user[0] -# else: -# return HttpResponseRedirect('/juser/user_list/') -# -# if password != user.password: -# password = CRYPTOR.md5_crypt(password) -# -# if ssh_key_pwd != user.ssh_key_pwd: -# ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd) -# -# db_update_user(user_id=user_id, -# password=password, -# name=name, -# email=email, -# groups=groups, -# is_active=is_active, -# ssh_key_pwd=ssh_key_pwd) -# -# return HttpResponseRedirect('/juser/user_list/') -# -# return render_to_response('juser/user_edit.html', locals(), context_instance=RequestContext(request)) -# def profile(request):