diff --git a/jasset/models.py b/jasset/models.py index ab65792da..d7821fd93 100644 --- a/jasset/models.py +++ b/jasset/models.py @@ -19,7 +19,6 @@ class BisGroup(models.Model): name = models.CharField(max_length=80, unique=True) dept = models.ForeignKey(DEPT) comment = models.CharField(max_length=160, blank=True, null=True) - type = models.CharField(max_length=1, choices=GROUP_TYPE, default='P') def __unicode__(self): return self.name diff --git a/jasset/urls.py b/jasset/urls.py index d11dcb6eb..1e66eb59b 100644 --- a/jasset/urls.py +++ b/jasset/urls.py @@ -8,6 +8,7 @@ urlpatterns = patterns('', url(r'^host_list/$', host_list), url(r'^search/$', host_search), url(r"^host_detail/$", host_detail), + url(r"^dept_host_ajax/$", dept_host_ajax), url(r'^idc_add/$', idc_add), url(r'^idc_list/$', idc_list), url(r'^idc_edit/$', idc_edit), @@ -18,9 +19,9 @@ urlpatterns = patterns('', url(r'^group_list/$', group_list), url(r'^group_detail/$', group_detail), url(r'^group_del_host/(\w+)/$', group_del_host), - url(r'^group_del/(\w+)/$', group_del), + url(r'^group_del/$', group_del), url(r'^host_del/(\w+)/$', host_del), - url(r'^host_edit/$', host_edit), + url(r'^host_edit/$', view_splitter, {'su': host_edit, 'adm': host_edit_adm}), url(r'^host_edit/batch/$', host_edit_batch), url(r'^host_edit_common/batch/$', host_edit_common_batch), ) \ No newline at end of file diff --git a/jasset/views.py b/jasset/views.py index 5adb4721d..c37c22910 100644 --- a/jasset/views.py +++ b/jasset/views.py @@ -8,6 +8,7 @@ from django.shortcuts import render_to_response from jasset.models import IDC, Asset, BisGroup, AssetAlias from jperm.models import Perm, SudoPerm +from django.shortcuts import redirect from jumpserver.api import * cryptor = PyCrypt(KEY) @@ -17,10 +18,38 @@ class RaiseError(Exception): pass -def f_host_add(ip, port, idc, jtype, group, dept, active, comment, username='', password=''): - groups, depts = [], [] - idc = IDC.objects.get(name=idc) +def httperror(request, emg): + message = emg + return render_to_response('error.html', locals(), context_instance=RequestContext(request)) + + +def get_host_groups(groups): + ret = [] + for group_id in groups: + group = BisGroup.objects.filter(id=group_id) + if group: + group = group[0] + ret.append(group) + return ret + + +def get_host_depts(depts): + ret = [] + for dept_id in depts: + dept = DEPT.objects.filter(id=dept_id) + if dept: + dept = dept[0] + ret.append(dept) + return ret + + +def db_host_insert(ip, port, idc, jtype, group, dept, active, comment, username='', password=''): + """ 添加主机时数据库操作函数 """ + idc = IDC.objects.filter(id=idc) + if idc: + idc = idc[0] if jtype == 'M': + password = cryptor.encrypt(password) a = Asset(ip=ip, port=port, login_type=jtype, idc=idc, is_active=int(active), @@ -35,21 +64,46 @@ def f_host_add(ip, port, idc, jtype, group, dept, active, comment, username='', a.save() all_group = BisGroup.objects.get(name='ALL') - for g in group: - c = BisGroup.objects.get(name=g) - groups.append(c) + groups = get_host_groups(group) groups.append(all_group) - for d in dept: - p = DEPT.objects.get(name=d) - depts.append(p) + depts = get_host_depts(dept) a.bis_group = groups a.dept = depts a.save() + + +def db_host_update(ip, port, idc, jtype, group, dept, active, comment, host, username='', password=''): + """ 修改主机时数据库操作函数 """ + idc = IDC.objects.filter(id=idc) + if idc: + idc = idc[0] + groups = get_host_groups(group) + depts = get_host_depts(dept) + host.ip = ip + host.port = port + host.login_type = jtype + host.idc = idc + host.is_active = int(active) + host.comment = comment + + if jtype == 'M': + print password, host.password + if password != host.password: + password = cryptor.encrypt(password) + print password + host.password = password + host.username = username + host.password = password + host.save() + host.bis_group = groups + host.dept = depts + host.save() -def f_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment, j_user='', j_password=''): +def batch_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment, j_user='', j_password=''): + """ 批量修改主机函数 """ groups, depts = [], [] is_active = {u'是': '1', u'否': '2'} login_types = {'LDAP': 'L', 'MAP': 'M'} @@ -59,11 +113,12 @@ def f_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_ for d in j_dept[0].split(): p = DEPT.objects.get(name=d.strip()) depts.append(p) - j_type = login_types[j_type] j_idc = IDC.objects.get(name=j_idc) a = Asset.objects.get(id=j_id) if j_type == 'M': + if a.password != j_password: + j_password = cryptor.decrypt(j_password) a.ip = j_ip a.port = j_port a.login_type = j_type @@ -87,18 +142,15 @@ def f_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_ @require_admin def host_add(request): - login_types = {'L': 'LDAP', 'M': 'MAP'} header_title, path1, path2 = u'添加主机', u'资产管理', u'添加主机' + login_types = {'L': 'LDAP', 'M': 'MAP'} eidc = IDC.objects.exclude(name='ALL') if is_super_user(request): edept = DEPT.objects.all() egroup = BisGroup.objects.exclude(name='ALL') - eusergroup = UserGroup.objects.all() elif is_group_admin(request): - dept_id = get_user_dept(request) - user_id = request.session.get('user_id') - edept = DEPT.objects.get(id=dept_id) - egroup = edept.bisgroup_set.all() + dept = get_session_user_info(request)[5] + egroup = dept.bisgroup_set.all() if request.method == 'POST': j_ip = request.POST.get('j_ip') @@ -109,8 +161,7 @@ def host_add(request): j_active = request.POST.get('j_active') j_comment = request.POST.get('j_comment') j_dept = request.POST.getlist('j_dept') - - if is_group_admin(request) and not validate(request, asset_group=j_group, edept=j_dept): + if is_group_admin(request) and not verify(request, asset_group=j_group, edept=j_dept): emg = u'添加失败,您无权操作!' return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request)) @@ -120,10 +171,10 @@ def host_add(request): if j_type == 'M': j_user = request.POST.get('j_user') - j_password = cryptor.encrypt(request.POST.get('j_password')) - f_host_add(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password) + j_password = request.POST.get('j_password', '') + db_host_insert(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password) else: - f_host_add(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment) + db_host_insert(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment) smg = u'主机 %s 添加成功' % j_ip return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request)) @@ -152,9 +203,9 @@ def host_add_batch(request): if j_type == 'M': j_user = request.POST.get('j_user') j_password = cryptor.encrypt(request.POST.get('j_password')) - f_host_add(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password) + db_host_insert(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password) else: - f_host_add(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment) + db_host_insert(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment) smg = u'批量添加添加成功' return HttpResponseRedirect('/jasset/host_list/') @@ -187,15 +238,7 @@ def host_edit_batch(request): j_active = request.POST.get(j_active).strip() j_comment = request.POST.get(j_comment).strip() - if j_type == 'M': - j_user = "editable[" + str(i) + "][j_user]" - j_password = "editable[" + str(i) + "][j_password]" - j_user = request.POST.get(j_user).strip() - password = request.POST.get(j_password).strip() - j_password = cryptor.encrypt(password) - f_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password) - else: - f_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment) + batch_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment) return render_to_response('jasset/host_list.html') @@ -225,13 +268,12 @@ def host_edit_common_batch(request): @require_login def host_list(request): header_title, path1, path2 = u'查看主机', u'资产管理', u'查看主机' - login_types = {'L': 'LDAP', 'M': 'MAP'} keyword = request.GET.get('keyword', '') dept_id = get_user_dept(request) dept = DEPT.objects.get(id=dept_id) - did = request.GET.get('did') - gid = request.GET.get('gid') - sid = request.GET.get('sid') + did = request.GET.get('did', '') + gid = request.GET.get('gid', '') + sid = request.GET.get('sid', '') if did: dept = DEPT.objects.get(id=did) posts = dept.asset_set.all() @@ -280,8 +322,8 @@ def host_list(request): return render_to_response('jasset/host_list.html', locals(), context_instance=RequestContext(request)) elif is_common_user(request): - user_id = request.session.get('user_id') - username = User.objects.get(id=user_id).name + user_id = get_session_user_info(request)[0] + username = get_session_user_info(request)[1] posts = user_perm_asset_api(username) contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) return render_to_response('jasset/host_list_common.html', locals(), @@ -310,21 +352,64 @@ def host_del(request, offset): return HttpResponseRedirect('/jasset/host_list/') -@require_admin +@require_super_user def host_edit(request): + header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机' actives = {1: u'激活', 0: u'禁用'} login_types = {'L': 'LDAP', 'M': 'MAP'} - header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机' - groups, e_group, e_dept, depts = [], [], [], [] eidc = IDC.objects.all() egroup = BisGroup.objects.exclude(name='ALL') edept = DEPT.objects.all() - offset = request.GET.get('id') - for g in Asset.objects.get(id=int(offset)).bis_group.all(): - e_group.append(g) - for d in Asset.objects.get(id=int(offset)).dept.all(): - e_dept.append(d) - post = Asset.objects.get(id=int(offset)) + host_id = request.GET.get('id', '') + post = Asset.objects.filter(id=int(host_id)) + if post: + post = post[0] + else: + return httperror(request, '没有此主机!') + + e_group = post.bis_group.all() + e_dept = post.dept.all() + + if request.method == 'POST': + j_ip = request.POST.get('j_ip', '') + j_idc = request.POST.get('j_idc', '') + j_port = request.POST.get('j_port', '') + j_type = request.POST.get('j_type', '') + j_dept = request.POST.getlist('j_dept', '') + j_group = request.POST.getlist('j_group', '') + j_active = request.POST.get('j_active', '') + j_comment = request.POST.get('j_comment', '') + + if j_type == 'M': + j_user = request.POST.get('j_user') + j_password = request.POST.get('j_password') + db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, post, j_password, post) + else: + db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, post) + + smg = u'主机 %s 修改成功' % j_ip + return HttpResponseRedirect('/jasset/host_detail/?id=%s' % host_id) + + return render_to_response('jasset/host_edit.html', locals(), context_instance=RequestContext(request)) + + +@require_admin +def host_edit_adm(request): + header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机' + actives = {1: u'激活', 0: u'禁用'} + login_types = {'L': 'LDAP', 'M': 'MAP'} + eidc = IDC.objects.all() + dept = get_session_user_info(request)[5] + egroup = BisGroup.objects.exclude(name='ALL').filter(dept=dept) + host_id = request.GET.get('id', '') + post = Asset.objects.filter(id=int(host_id)) + if post: + post = post[0] + else: + return httperror(request, '没有此主机!') + + e_group = post.bis_group.all() + if request.method == 'POST': j_ip = request.POST.get('j_ip') j_idc = request.POST.get('j_idc') @@ -334,49 +419,20 @@ def host_edit(request): j_group = request.POST.getlist('j_group') j_active = request.POST.get('j_active') j_comment = request.POST.get('j_comment') - j_idc = IDC.objects.get(name=j_idc) - if is_group_admin(request) and not validate(request, asset_group=j_group, edept=j_dept): + if not verify(request, asset_group=j_group, edept=j_dept): emg = u'修改失败,您无权操作!' return render_to_response('jasset/host_edit.html', locals(), context_instance=RequestContext(request)) - for group in j_group: - c = BisGroup.objects.get(name=group) - groups.append(c) - - for dept in j_dept: - d = DEPT.objects.get(name=dept) - depts.append(d) - - a = Asset.objects.get(id=int(offset)) if j_type == 'M': - if post.password == request.POST.get('j_password'): - j_password = post.password - else: - j_password = cryptor.encrypt(request.POST.get('j_password')) j_user = request.POST.get('j_user') - a.ip = j_ip - a.port = j_port - a.login_type = j_type - a.idc = j_idc - a.is_active = int(j_active) - a.comment = j_comment - a.username = j_user - a.password = j_password + j_password = request.POST.get('j_password') + db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, post, j_user, j_password) else: - a.ip = j_ip - a.port = j_port - a.idc = j_idc - a.login_type = j_type - a.is_active = int(j_active) - a.comment = j_comment + db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, post) - a.save() - a.bis_group = groups - a.dept = depts - a.save() smg = u'主机 %s 修改成功' % j_ip - return HttpResponseRedirect('/jasset/host_detail/?id=%s' % offset) + return HttpResponseRedirect('/jasset/host_detail/?id=%s' % host_id) return render_to_response('jasset/host_edit.html', locals(), context_instance=RequestContext(request)) @@ -384,13 +440,25 @@ def host_edit(request): @require_login def host_detail(request): header_title, path1, path2 = u'主机详细信息', u'资产管理', u'主机详情' - host_id = int(request.GET.get('id')) - post = Asset.objects.get(id=host_id) - host_ip = post.ip - login_types = {'L': 'LDAP', 'S': 'SSH_KEY', 'P': 'PASSWORD', 'M': 'MAP'} - log_all = Log.objects.filter(host=host_ip) - log, log_more = log_all[:10], log_all[10:] - user_permed_list = asset_perm_api(post) + host_id = request.GET.get('id', '') + post = Asset.objects.filter(id=host_id) + if not post: + return httperror(request, '没有此主机!') + post = post.first() + + if is_group_admin(request) and not verify(request, asset=[host_id]): + return httperror(request, '您无权查看!') + + elif is_common_user(request): + username = get_session_user_info[1] + user_permed_hosts = user_perm_asset_api(username) + if post not in user_permed_hosts: + return httperror(request, '您无权查看!') + else: + log_all = Log.objects.filter(host=post.ip) + log, log_more = log_all[:10], log_all[10:] + user_permed_list = asset_perm_api(post) + return render_to_response('jasset/host_detail.html', locals(), context_instance=RequestContext(request)) @@ -447,14 +515,12 @@ def idc_edit(request): idc = IDC.objects.filter(id=idc_id) if idc: idc.update(name=j_idc, comment=j_comment) - for host in j_hosts: - g = Asset.objects.get(id=host) - Asset.objects.filter(id=host).update(idc=idc) + for host_id in j_hosts: + Asset.objects.filter(id=host_id).update(idc=idc[0]) + i = IDC.objects.get(name='默认') for host in idc_default: - g = Asset.objects.get(id=host) - i = IDC.objects.get(name='默认') - Asset.objects.filter(id=host).update(idc=i) + g = Asset.objects.filter(id=host).update(idc=i) else: emg = '此IDC不存在' return render_to_response('jasset/idc_edit.html', locals(), context_instance=RequestContext(request)) @@ -464,6 +530,27 @@ def idc_edit(request): return render_to_response('jasset/idc_edit.html', locals(), context_instance=RequestContext(request)) +@require_admin +def idc_detail(request): + header_title, path1, path2 = u'IDC详情', u'资产管理', u'IDC详情' + login_types = {'L': 'LDAP', 'M': 'MAP'} + idc_id = request.GET.get('id') + idc_filter = IDC.objects.filter(id=idc_id) + if idc_filter: + idc = idc_filter[0] + else: + return httperror(request, '没有此IDC') + dept_id = get_user_dept(request) + dept = DEPT.objects.get(id=dept_id) + if is_super_user(request): + posts = Asset.objects.filter(idc=idc).order_by('ip') + elif is_group_admin(request): + posts = Asset.objects.filter(idc=idc, dept=dept).order_by('ip') + contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) + + return render_to_response('jasset/idc_detail.html', locals(), context_instance=RequestContext(request)) + + @require_super_user def idc_del(request): offset = request.GET.get('id', '') @@ -490,27 +577,33 @@ def group_add(request): dept = DEPT.objects.get(id=dept_id) posts = Asset.objects.filter(dept=dept) edept = DEPT.objects.get(id=dept_id) + if request.method == 'POST': - j_group = request.POST.get('j_group') - j_dept = request.POST.get('j_dept') - j_hosts = request.POST.getlist('j_hosts') - j_comment = request.POST.get('j_comment') + j_group = request.POST.get('j_group', '') + j_dept = request.POST.get('j_dept', '') + j_hosts = request.POST.getlist('j_hosts', '') + j_comment = request.POST.get('j_comment', '') - if is_group_admin(request) and not validate(request, asset=j_hosts, edept=[j_dept]): - emg = u'添加失败,您无权操作!' - return render_to_response('jasset/group_add.html', locals(), context_instance=RequestContext(request)) + try: + print verify(request, asset=j_hosts, edept=[j_dept]), 'hehe' + if is_group_admin(request) and not verify(request, asset=j_hosts, edept=[j_dept]): + emg = u'添加失败, 您无权操作!' + raise RaiseError + + elif BisGroup.objects.filter(name=j_group): + emg = u'添加失败, 该主机组已存在!' + raise RaiseError + + except RaiseError: + pass - j_dept = DEPT.objects.get(name=j_dept) - if BisGroup.objects.filter(name=j_group): - emg = u'该主机组已存在!' - return render_to_response('jasset/group_add.html', locals(), context_instance=RequestContext(request)) else: - BisGroup.objects.create(name=j_group, dept=j_dept, comment=j_comment) - group = BisGroup.objects.get(name=j_group) + j_dept = DEPT.objects.filter(id=j_dept).first() + group = BisGroup.objects.create(name=j_group, dept=j_dept, comment=j_comment) for host in j_hosts: g = Asset.objects.get(id=host) group.asset_set.add(g) - smg = u'主机组%s添加成功' % j_group + smg = u'主机组 %s 添加成功' % j_group return render_to_response('jasset/group_add.html', locals(), context_instance=RequestContext(request)) @@ -557,7 +650,7 @@ def group_list(request): @require_admin def group_edit(request): header_title, path1, path2 = u'编辑主机组', u'资产管理', u'编辑主机组' - group_id = request.GET.get('id') + group_id = request.GET.get('id', '') group = BisGroup.objects.get(id=group_id) all = Asset.objects.all() dept_id = get_user_dept(request) @@ -573,19 +666,23 @@ def group_edit(request): posts = [g for g in all_dept if g not in eposts] if request.method == 'POST': - j_group = request.POST.get('j_group') - j_hosts = request.POST.getlist('j_hosts') - j_comment = request.POST.get('j_comment') + j_group = request.POST.get('j_group', '') + j_hosts = request.POST.getlist('j_hosts', '') + j_dept = request.POST.get('j_dept', '') + j_comment = request.POST.get('j_comment', '') + + j_dept = DEPT.objects.filter(id=int(j_dept)) + j_dept = j_dept[0] group.asset_set.clear() for host in j_hosts: g = Asset.objects.get(id=host) group.asset_set.add(g) - BisGroup.objects.filter(id=group_id).update(name=j_group, comment=j_comment) + BisGroup.objects.filter(id=group_id).update(name=j_group, dept=j_dept, comment=j_comment) smg = u'主机组%s修改成功' % j_group - return HttpResponseRedirect('/jasset/group_detail/?id=%s' % group_id) + return HttpResponseRedirect('/jasset/group_list') - return render_to_response('jasset/group_add.html', locals(), context_instance=RequestContext(request)) + return render_to_response('jasset/group_edit.html', locals(), context_instance=RequestContext(request)) @require_admin @@ -607,24 +704,6 @@ def group_detail(request): return render_to_response('jasset/group_detail.html', locals(), context_instance=RequestContext(request)) -@require_admin -def idc_detail(request): - header_title, path1, path2 = u'IDC详情', u'资产管理', u'IDC详情' - login_types = {'L': 'LDAP', 'M': 'MAP'} - idc_id = request.GET.get('id') - idc_name = IDC.objects.get(id=idc_id).name - b = IDC.objects.get(id=idc_id) - dept_id = get_user_dept(request) - dept = DEPT.objects.get(id=dept_id) - if is_super_user(request): - posts = Asset.objects.filter(idc=b).order_by('ip') - elif is_group_admin(request): - posts = Asset.objects.filter(idc=b).filter(dept=dept).order_by('ip') - contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) - - return render_to_response('jasset/idc_detail.html', locals(), context_instance=RequestContext(request)) - - @require_admin def group_del_host(request, offset): if request.method == 'POST': @@ -648,7 +727,8 @@ def group_del_host(request, offset): @require_admin -def group_del(request, offset): +def group_del(request): + offset = request.GET.get('id', '') if offset == 'multi': len_list = request.POST.get("len_list") for i in range(int(len_list)): @@ -661,6 +741,19 @@ def group_del(request, offset): return HttpResponseRedirect('/jasset/group_list/') +def dept_host_ajax(request): + dept_id = request.GET.get('id', '') + if dept_id not in ['1', '2']: + dept = DEPT.objects.filter(id=dept_id) + if dept: + dept = dept[0] + hosts = dept.asset_set.all() + else: + hosts = Asset.objects.all() + + return render_to_response('jasset/dept_host_ajax.html', locals()) + + @require_login def host_search(request): keyword = request.GET.get('keyword') diff --git a/jumpserver.conf b/jumpserver.conf index 618d76f14..3c56daab7 100644 --- a/jumpserver.conf +++ b/jumpserver.conf @@ -15,14 +15,14 @@ database = jumpserver [ldap] ldap_enable = 1 -host_url = ldap://127.0.0.1:389 +host_url = ldap://192.168.8.230:389 base_dn = dc=jumpserver, dc=org root_dn = cn=admin,dc=jumpserver,dc=org root_pw = secret234 [websocket] -web_socket_host = 192.168.20.209:3000 +web_socket_host = 192.168.173.129:3000 [web] diff --git a/jumpserver/api.py b/jumpserver/api.py index 688a7d446..fafe6d41c 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -223,7 +223,6 @@ def is_super_user(request): def is_group_admin(request): - print request.session.get('role_id'), type(request.session.get('role_id')) if request.session.get('role_id') == 1: return True else: @@ -247,6 +246,16 @@ def get_session_user_dept(request): return user, dept +@require_login +def get_session_user_info(request): + user_id = request.session.get('user_id', 0) + user = User.objects.filter(id=user_id) + if user: + user = user.first() + dept = user.dept + return [user.id, user.name, user, dept.id, dept.name, dept] + + def get_user_dept(request): user_id = request.session.get('user_id') if user_id: @@ -413,6 +422,53 @@ def validate(request, user_group=None, user=None, asset_group=None, asset=None, return True +def verify(request, user_group=None, user=None, asset_group=None, asset=None, edept=None): + dept = get_session_user_dept(request)[1] + if edept: + print dept.id, edept[0] + if dept.id != int(edept[0]): + return False + + if user_group: + dept_user_groups = dept.usergroup_set.all() + user_groups = [] + for user_group_id in user_group: + user_groups.extend(UserGroup.objects.filter(id=user_group_id)) + if not set(user_groups).issubset(set(dept_user_groups)): + return False + + if user: + dept_users = dept.user_set.all() + users = [] + for user_id in user: + users.extend(User.objects.filter(id=user_id)) + + if not set(users).issubset(set(dept_users)): + return False + + if asset_group: + dept_asset_groups = dept.bisgroup_set.all() + asset_groups = [] + for group_id in asset_group: + asset_groups.extend(BisGroup.objects.filter(id=int(group_id))) + + if not set(asset_groups).issubset(set(dept_asset_groups)): + return False + + if asset: + dept_assets = dept.asset_set.all() + assets_id, dept_assets_id = [], [] + for a in dept_assets: + dept_assets_id.append(int(a.id)) + for i in asset: + assets_id.append(int(i)) + print assets_id, dept_assets_id + if not set(assets_id).issubset(dept_assets_id): + return False + + return True + + def get_dept_asset(request): dept_id = get_user_dept(request) dept_asset = DEPT.objects.get(id=dept_id).asset_set.all() diff --git a/jumpserver/templatetags/mytags.py b/jumpserver/templatetags/mytags.py index 956375d24..8ca36df99 100644 --- a/jumpserver/templatetags/mytags.py +++ b/jumpserver/templatetags/mytags.py @@ -83,6 +83,12 @@ def get_item(dictionary, key): return dictionary.get(key) +@register.filter(name='get_login_type') +def get_login_type(login): + login_types = {'L': 'LDAP', 'M': 'MAP'} + return login_types[login] + + @register.filter(name='bool2str') def bool2str(value): if value: diff --git a/jumpserver/urls.py b/jumpserver/urls.py index 583f2ca96..f6019aa5d 100644 --- a/jumpserver/urls.py +++ b/jumpserver/urls.py @@ -12,10 +12,10 @@ urlpatterns = patterns('', (r'^logout/$', 'jumpserver.views.logout'), (r'^file/upload/$', 'jumpserver.views.upload'), (r'^file/download/$', 'jumpserver.views.download'), + (r'^error/$', 'jumpserver.views.httperror'), (r'^juser/', include('juser.urls')), (r'^jasset/', include('jasset.urls')), (r'^jlog/', include('jlog.urls')), (r'^jperm/', include('jperm.urls')), - ) diff --git a/jumpserver/views.py b/jumpserver/views.py index 1b7348508..609be01ab 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -81,10 +81,16 @@ def admin_index(request): active_hosts = hosts.filter(is_active=1) # percent of dashboard - percent_user = format(active_users.count() / users.count(), '.0%') - percent_host = format(active_hosts.count() / hosts.count(), '.0%') - percent_online_user = format(online_user.count() / users.count(), '.0%') - percent_online_host = format(online_host.count() / hosts.count(), '.0%') + if users.count() == 0: + percent_user, percent_online_user = '0%', '0%' + else: + percent_user = format(active_users.count() / users.count(), '.0%') + percent_online_user = format(online_user.count() / users.count(), '.0%') + if hosts.count() == 0: + percent_host, percent_online_host = '0%', '0%' + else: + percent_host = format(active_hosts.count() / hosts.count(), '.0%') + percent_online_host = format(online_host.count() / hosts.count(), '.0%') li_date, li_str = getDaysByNum(7) today = datetime.datetime.now().day diff --git a/templates/404.html b/templates/404.html index 7f5ec7a40..4e4389e56 100644 --- a/templates/404.html +++ b/templates/404.html @@ -22,7 +22,6 @@

404

Page Not Found

-
Sorry, but the page you are looking for has note been found. Try checking the URL for error, then hit the refresh button on your browser or try found something else in our app.
diff --git a/templates/error.html b/templates/error.html new file mode 100644 index 000000000..99356315b --- /dev/null +++ b/templates/error.html @@ -0,0 +1,39 @@ + + + + + + + + + Jumpserver | 500 Error + + + + + + + + + + + + +
+

Error

+

{{ message }}

+ +
+ The server encountered something unexpected that didn't allow it to complete the request. We apologize.
+ You can go back to main page:
Dashboard +
+
+ + + + + + + + + diff --git a/templates/index.html b/templates/index.html index f4dbb773b..269384465 100644 --- a/templates/index.html +++ b/templates/index.html @@ -104,21 +104,25 @@
- {% for perm in perm_apply_10 %} -
-
- {% ifequal perm.status 0 %} - {{ perm.date_add|naturaltime }} - {% else %} - {{ perm.date_add|naturaltime }} - {% endifequal %} - {{ perm.applyer }} -
申请 {{ perm.bisgroup|ast_to_list }} 主机组权限
-
申请 {{ perm.asset|ast_to_list }} 主机权限
- {{ perm.date_add }} + {% if perm_apply_10 %} + {% for perm in perm_apply_10 %} +
+
+ {% ifequal perm.status 0 %} + {{ perm.date_add|naturaltime }} + {% else %} + {{ perm.date_add|naturaltime }} + {% endifequal %} + {{ perm.applyer }} +
申请 {{ perm.bisgroup|ast_to_list }} 主机组权限
+
申请 {{ perm.asset|ast_to_list }} 主机权限
+ {{ perm.date_add }} +
-
- {% endfor %} + {% endfor %} + {% else %} +

(暂无)

+ {% endif %}
@@ -138,30 +142,8 @@
- {% for login in login_10 %} -
- - image - -
- {% ifequal login.is_finished 0 %} - {{ login.start_time|naturaltime }} - {% else %} - {{ login.start_time|naturaltime }} - {% endifequal %} - {{ login.user }} 登录了{{ login.host }}
- {{ login.start_time }} - -
-
- {% endfor %} -
- - - + + + + {% else %} +

(暂无)

+ {% endif %}
-
-
@@ -209,23 +215,27 @@ 一周Top10用户登录次数及最近一次登录记录.
- {% for data in user_top_ten %} -
-
-
- - {{ data.user }} -
- {{ data.times }}次 -
-
-

最近一次登录

-

{{ data.last.host }}

-

于{{ data.last.start_time |date:"Y-m-d H:i:s" }}

+ {% if user_top_ten %} + {% for data in user_top_ten %} +
+
+
+ + {{ data.user }} +
+ {{ data.times }}次 +
+
+

最近一次登录

+

{{ data.last.host }}

+

于{{ data.last.start_time |date:"Y-m-d H:i:s" }}

+
-
- {% endfor %} + {% endfor %} + {% else %} +

(暂无)

+ {% endif %}
diff --git a/templates/jasset/dept_host_ajax.html b/templates/jasset/dept_host_ajax.html new file mode 100644 index 000000000..be529cfc7 --- /dev/null +++ b/templates/jasset/dept_host_ajax.html @@ -0,0 +1,3 @@ +{% for host in hosts %} + +{% endfor %} \ No newline at end of file diff --git a/templates/jasset/group_add.html b/templates/jasset/group_add.html index 37303ce38..a3e769de3 100644 --- a/templates/jasset/group_add.html +++ b/templates/jasset/group_add.html @@ -26,9 +26,9 @@
- {% for d in edept %} - + {% endfor %}
@@ -39,21 +39,22 @@
-
+ +
{% endifequal %}
- +
- {% for post in posts %} {% endfor %} @@ -61,14 +62,14 @@
- - + +

已选中主机

- {% for post in eposts %} {% endfor %} @@ -112,8 +113,8 @@ }, valid: function(form) { form.submit(); - } -}); + } + }); function on_submit(id){ $('#'+id+' option').each( @@ -122,7 +123,6 @@ }) } - $('#search').keyup(function() { var $rows = $('#groups option'); console.log($rows); @@ -133,6 +133,14 @@ return !~text.indexOf(val); }).hide(); }); + + function change_dept(dept_id){ + $.get('/jasset/dept_host_ajax/', + {'id': dept_id}, + function(data){ + $('#hosts').html(data) + }) + } {% endblock %} \ No newline at end of file diff --git a/templates/jasset/group_detail.html b/templates/jasset/group_detail.html index 0d8cd85b9..a21da2796 100644 --- a/templates/jasset/group_detail.html +++ b/templates/jasset/group_detail.html @@ -30,7 +30,7 @@
@@ -55,7 +55,7 @@ {{ post.ip }} {{ post.port }} - {{ login_types|get_item:post.login_type }} + {{ post.login_type|get_login_type }} {{ post.idc.name }} {{ post.bis_group.all | group_str2 }} {{ post.is_active|bool2str }} @@ -75,44 +75,7 @@
-
-
-
    - - {% if contacts.has_previous %} - - {% else %} - - {% endif %} - {% ifequal show_first 1 %} -
  • 1...
    • - {% endifequal %} - {% for page in page_range %} - {% ifequal current_page page %} -
  • {{ page }}
    • - {% else %} -
  • {{ page }}
    • - {% endifequal %} - {% endfor %} - {% ifequal show_end 1 %} -
  • ...{{ p.num_pages }}
    • - {% endifequal %} - {% if contacts.has_next %} - - {% else %} - - {% endif %} -
-
-
+ {% include 'paginator.html' %}
diff --git a/templates/jasset/group_edit.html b/templates/jasset/group_edit.html new file mode 100644 index 000000000..5e5f0fa76 --- /dev/null +++ b/templates/jasset/group_edit.html @@ -0,0 +1,150 @@ +{% extends 'base.html' %} +{% load mytags %} +{% block content %} +{% include 'nav_cat_bar.html' %} +
+
+
+
+
+
填写主机组基本信息
+
+
+ {% if emg %} +
{{ emg }}
+ {% endif %} + {% if smg %} +
{{ smg }}
+ {% endif %} +
+
+
+
+ + {% ifequal session_role_id 2 %} +
+
+ +
+ +
+
+ {% endifequal %} + + {% ifequal session_role_id 1 %} +
+
+ + +
+
+ {% endifequal %} + +
+
+
+ +
+ +
+ +
+ +
+
+
+ + +
+
+
+

已选中主机

+
+ +
+
+
+
+ +
+
+
+
+ +
+
+
+ + +
+
+
+
+
+
+
+
+ + + +{% endblock %} \ No newline at end of file diff --git a/templates/jasset/group_list.html b/templates/jasset/group_list.html index 5a8b0a547..ed350feeb 100644 --- a/templates/jasset/group_list.html +++ b/templates/jasset/group_list.html @@ -9,7 +9,7 @@
- 添加主机组 + 添加主机组