From 98f0655da4c3fd38a63fda0079337ade3ee264ac Mon Sep 17 00:00:00 2001 From: ibuler Date: Sun, 29 Nov 2015 11:33:19 +0800 Subject: [PATCH 1/2] fix rule and role bug --- jlog/log_api.py | 4 +- jperm/views.py | 177 +++++++++++++--------------- run_websocket.py | 1 + templates/jasset/asset_list.html | 8 +- templates/jasset/idc_list.html | 2 +- templates/jlog/log_online.html | 8 +- templates/jperm/perm_role_add.html | 22 ++-- templates/jperm/perm_role_edit.html | 4 +- templates/jperm/perm_role_list.html | 2 +- templates/jperm/perm_role_push.html | 64 +++++----- templates/jperm/perm_rule_add.html | 11 +- templates/jperm/perm_rule_edit.html | 41 +------ templates/nav.html | 6 +- templates/setting.html | 19 +-- 14 files changed, 159 insertions(+), 210 deletions(-) diff --git a/jlog/log_api.py b/jlog/log_api.py index cbcb38a26..b10325643 100644 --- a/jlog/log_api.py +++ b/jlog/log_api.py @@ -46,12 +46,12 @@ def scriptToJSON(scriptf, timing=None): ret = [] with closing(scriptf): - print "# %s #" % scriptf.readline() # ignore first header line from script file + scriptf.readline() # ignore first header line from script file offset = 0 for t in timing: dt = scriptf.read(t[1]) data = escapeString(dt) - print ('###### (%s, %s)' % (t[1], repr(data))) + # print ('###### (%s, %s)' % (t[1], repr(data))) offset += t[0] ret.append((data, offset)) return dumps(ret) diff --git a/jperm/views.py b/jperm/views.py index 445d82845..800a3579a 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -69,17 +69,14 @@ def perm_rule_add(request): # 渲染数据 header_title, path1, path2 = "授权规则", "规则管理", "添加规则" - if request.method == 'GET': - # 渲染数据, 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则 - users = User.objects.all() - user_groups = UserGroup.objects.all() - assets = Asset.objects.all() - asset_groups = AssetGroup.objects.all() - roles = PermRole.objects.all() + # 渲染数据, 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则 + users = User.objects.all() + user_groups = UserGroup.objects.all() + assets = Asset.objects.all() + asset_groups = AssetGroup.objects.all() + roles = PermRole.objects.all() - return my_render('jperm/perm_rule_add.html', locals(), request) - - elif request.method == 'POST': + if request.method == 'POST': # 获取用户选择的 用户,用户组,资产,资产组,用户角色 users_select = request.POST.getlist('user', []) user_groups_select = request.POST.getlist('usergroup', []) @@ -88,45 +85,43 @@ def perm_rule_add(request): roles_select = request.POST.getlist('role', []) rule_name = request.POST.get('rulename') rule_comment = request.POST.get('rule_comment') - rule_ssh_key = request.POST.get("use_publicKey") - # 获取需要授权的主机列表 - assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select] - asset_groups_obj = [AssetGroup.objects.get(name=group) for group in asset_groups_select] - group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]] - calc_assets = set(group_assets_obj) | set(assets_obj) + try: + rule = get_object(PermRule, name=rule_name) + if rule: + raise ServerError(u'授权规则 %s 已存在' % rule_name) - # 获取需要授权的用户列表 - users_obj = [User.objects.get(name=user) for user in users_select] - user_groups_obj = [UserGroup.objects.get(name=group) for group in user_groups_select] - group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]] - calc_users = set(group_users_obj) | set(users_obj) + # 获取需要授权的主机列表 + assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select] + asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select] + # group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]] + # calc_assets = set(group_assets_obj) | set(assets_obj) - # 获取授予的角色列表 - roles_obj = [PermRole.objects.get(name=role) for role in roles_select] + # 获取需要授权的用户列表 + users_obj = [User.objects.get(id=user_id) for user_id in users_select] + user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select] + # group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]] + # calc_users = set(group_users_obj) | set(users_obj) - # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) - rule = PermRule(name=rule_name, comment=rule_comment) - rule.save() - rule.user = users_obj - rule.usergroup = user_groups_obj - rule.asset = assets_obj - rule.asset_group = asset_groups_obj - rule.role = roles_obj - rule.save() + # 获取授予的角色列表 + roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select] - msg = u"添加授权规则:%s" % rule.name - # 渲染数据 - header_title, path1, path2 = "授权规则", "规则管理", "查看规则" - rules_list = PermRule.objects.all() + # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) + rule = PermRule(name=rule_name, comment=rule_comment) + rule.save() + rule.user = users_obj + rule.user_group = user_groups_obj + rule.asset = assets_obj + rule.asset_group = asset_groups_obj + rule.role = roles_obj + rule.save() - # TODO: 搜索和分页 - keyword = request.GET.get('search', '') - if keyword: - rules_list = rules_list.filter(Q(name=keyword)) - rules_list, p, rules, page_range, current_page, show_first, show_end = pages(rules_list, request) - - return my_render('jperm/perm_rule_list.html', locals(), request) + msg = u"添加授权规则:%s" % rule.name + # 渲染数据 + return HttpResponseRedirect('/jperm/rule/') + except ServerError, e: + error = e + return my_render('jperm/perm_rule_add.html', locals(), request) @require_role('admin') @@ -155,7 +150,6 @@ def perm_rule_edit(request): assets = Asset.objects.all() asset_groups = AssetGroup.objects.all() roles = PermRole.objects.all() - return my_render('jperm/perm_rule_edit.html', locals(), request) elif request.method == 'POST' and rule_id: @@ -168,24 +162,23 @@ def perm_rule_edit(request): asset_groups_select = request.POST.getlist('assetgroup', []) roles_select = request.POST.getlist('role', []) - # 获取需要授权的主机列表 - assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select] - asset_groups_obj = [AssetGroup.objects.get(name=group) for group in asset_groups_select] - group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]] - calc_assets = set(group_assets_obj) | set(assets_obj) + assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select] + asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select] + # group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]] + # calc_assets = set(group_assets_obj) | set(assets_obj) # 获取需要授权的用户列表 - users_obj = [User.objects.get(name=user) for user in users_select] - user_groups_obj = [UserGroup.objects.get(name=group) for group in user_groups_select] - group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]] - calc_users = set(group_users_obj) | set(users_obj) + users_obj = [User.objects.get(id=user_id) for user_id in users_select] + user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select] + # group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]] + # calc_users = set(group_users_obj) | set(users_obj) # 获取授予的角色列表 - roles_obj = [PermRole.objects.get(name=role) for role in roles_select] + roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select] # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) rule.user = users_obj - rule.usergroup = user_groups_obj + rule.user_group = user_groups_obj rule.asset = assets_obj rule.asset_group = asset_groups_obj rule.role = roles_obj @@ -194,17 +187,8 @@ def perm_rule_edit(request): rule.save() msg = u"更新授权规则:%s" % rule.name - # 渲染数据 - header_title, path1, path2 = "授权规则", "规则管理", "查看规则" - rules_list = PermRule.objects.all() - # TODO: 搜索和分页 - keyword = request.GET.get('search', '') - if keyword: - rules_list = rules_list.filter(Q(name=keyword)) - rules_list, p, rules, page_range, current_page, show_first, show_end = pages(rules_list, request) - - return my_render('jperm/perm_rule_list.html', locals(), request) + return HttpResponseRedirect('/jperm/rule/') @require_role('admin') @@ -254,37 +238,37 @@ def perm_role_add(request): """ # 渲染数据 header_title, path1, path2 = "系统角色", "角色管理", "添加角色" + sudos = PermSudo.objects.all() - if request.method == "GET": - default_password = get_rand_pass() - sudos = PermSudo.objects.all() - return my_render('jperm/perm_role_add.html', locals(), request) - - elif request.method == "POST": - # 获取参数: name, comment, sudo - name = request.POST.get("role_name") - comment = request.POST.get("role_comment") - password = request.POST.get("role_password") - sudos_name = request.POST.getlist("sudo_name") - sudos_obj = [PermSudo.objects.get(name=sudo_name) for sudo_name in sudos_name] - encrypt_pass = CRYPTOR.encrypt(password) - # 生成随机密码,生成秘钥对 - - key_path = gen_keys() - role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path) - role.save() - role.sudo = sudos_obj - role.save() - - msg = u"添加角色: %s" % name - # 渲染 刷新数据 - header_title, path1, path2 = "系统角色", "角色管理", "查看角色" - roles_list = PermRole.objects.all() - # TODO: 搜索和分页 - keyword = request.GET.get('search', '') - if keyword: - roles_list = roles_list.filter(Q(name=keyword)) + if request.method == "POST": + # 获取参数: name, comment + name = request.POST.get("role_name", "") + comment = request.POST.get("role_comment", "") + password = request.POST.get("role_password", "") + key_content = request.POST.get("role_key", "") + sudo_ids = request.POST.getlist('sudo_name') + try: + if get_object(PermRole, name=name): + raise ServerError('已经存在该用户 %s' % name) + if password: + encrypt_pass = CRYPTOR.encrypt(password) + else: + encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) + # 生成随机密码,生成秘钥对 + sudos_obj = [get_object(PermSudo, id=sudo_id) for sudo_id in sudo_ids] + if key_content: + key_path = gen_keys(key=key_content) + else: + key_path = gen_keys() + logger.debug('generate role key: %s' % key_path) + role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path) + role.save() + role.sudo = sudos_obj + msg = u"添加角色: %s" % name + return HttpResponseRedirect('/jperm/role/') + except ServerError, e: + error = e return my_render('jperm/perm_role_add.html', locals(), request) @@ -352,6 +336,7 @@ def perm_role_edit(request): role_id = request.GET.get("id") role = PermRole.objects.get(id=role_id) role_pass = CRYPTOR.decrypt(role.password) + sudo_all = PermSudo.objects.all() role_sudos = role.sudo.all() if request.method == "GET": return my_render('jperm/perm_role_edit.html', locals(), request) @@ -362,7 +347,7 @@ def perm_role_edit(request): role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") - role_sudos = [PermSudo.objects.get(name=sudo_name) for sudo_name in role_sudo_names] + role_sudos = [PermSudo.objects.get(id=sudo_id) for sudo_id in role_sudo_names] key_content = request.POST.get("role_key", "") try: if not role: @@ -380,10 +365,8 @@ def perm_role_edit(request): logger.debug('Recreate role key: %s' % role.key_path) # 写入数据库 role.name = role_name - role.password = encrypt_role_pass role.comment = role_comment role.sudo = role_sudos - role.save() msg = u"更新系统角色: %s" % role.name return HttpResponseRedirect('/jperm/role/') diff --git a/run_websocket.py b/run_websocket.py index e3a858d82..742220c6d 100644 --- a/run_websocket.py +++ b/run_websocket.py @@ -250,6 +250,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): if asset: roles = user_have_perm(self.user, asset) logger.debug(roles) + logger.debug('rolename: %s' % role_name) login_role = '' for role in roles: if role.name == role_name: diff --git a/templates/jasset/asset_list.html b/templates/jasset/asset_list.html index 3550b1248..887ce81a3 100644 --- a/templates/jasset/asset_list.html +++ b/templates/jasset/asset_list.html @@ -31,7 +31,7 @@