diff --git a/docs/AddUserAsset.py b/docs/AddUserAsset.py new file mode 100644 index 000000000..29bd5eab2 --- /dev/null +++ b/docs/AddUserAsset.py @@ -0,0 +1,47 @@ +#coding:utf-8 +import django +import os +import sys + +sys.path.append('../') +os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings' +django.setup() + +from juser.views import db_add_user, md5_crypt, CRYPTOR +from jasset.models import Asset, IDC +from jasset.views import jasset_group_add + + +def test_add_user(): + for i in range(1, 500): + username = "test" + str(i) + db_add_user(username=username, + password=md5_crypt(username), + name=username, email='%s@jumpserver.org' % username, + groups=[1,3], role='CU', + ssh_pwd=CRYPTOR.encrypt(username), + ssh_key_pwd=CRYPTOR.encrypt(username), + ldap_pwd=CRYPTOR.encrypt(username), + is_active=True, + date_joined=0) + print "Add: %s" % username + + +def test_add_asset(): + test_idc = IDC.objects.get(id=1) + for i in range(1, 500): + ip = '192.168.1.' + str(i) + Asset.objects.create(ip=ip, port=22, login_type='L', idc=test_idc, is_active=True, comment='test') + print "Add: %s" % ip + + +if __name__ == '__main__': + args = sys.argv + if args[1] == 'user': + test_add_user() + if args[1] == 'asset': + test_add_asset() + + + + diff --git a/jperm/views.py b/jperm/views.py index 6bf8a5399..3d706a928 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -163,7 +163,7 @@ def user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_group return user_groups_select_list, asset_groups_select_list, cmd_groups_select_list -def sudo_db_add(name, user_runas , user_groups_select, asset_groups_select, cmd_groups_select, comment): +def sudo_db_add(name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment): user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) @@ -190,7 +190,8 @@ def unicode2str(unicode_list): return [str(i) for i in unicode_list] -def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=False): +def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, + cmd_groups_select, update=False, old_name=''): user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) @@ -198,18 +199,26 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm assets = [] cmds = [] users_runas = users_runas.split(',') + asset_all = False for user_group in user_groups_select_list: users.extend(user_group.user_set.all()) for asset_group in asset_groups_select_list: - assets.extend(asset_group.asset_set.all()) + if u'ALL' in asset_group.name: + asset_all = True + break + else: + assets.extend(asset_group.asset_set.all()) for cmd_group in cmd_groups_select_list: cmds.extend(cmd_group.cmd.split(',')) users_name = [user.username for user in users] - assets_ip = [asset.ip for asset in assets] + if asset_all: + assets_ip = ['ALL'] + else: + assets_ip = [asset.ip for asset in assets] sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN) sudo_attr = {'objectClass': ['top', 'sudoRole'], @@ -221,13 +230,14 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm 'sudoUser': unicode2str(users_name)} if update: - ldap_conn.delete(sudo_dn) + old_sudo_dn = 'cn=%s,ou=Sudoers,%s' % (old_name, LDAP_BASE_DN) + ldap_conn.delete(old_sudo_dn) ldap_conn.add(sudo_dn, sudo_attr) def sudo_add(request): - header_title, path1, path2 = u'Sudo授权 | Perm Sudo Add.', u'jperm', u'sudo_add' + header_title, path1, path2 = u'Sudo授权 | Perm Sudo Add.', u'权限管理', u'添加Sudo权限' user_groups = UserGroup.objects.filter(Q(type='A') | Q(type='P')).order_by('type') asset_groups = BisGroup.objects.all().order_by('type') cmd_groups = CmdGroup.objects.all() @@ -300,9 +310,12 @@ def sudo_edit(request): cmd_groups_select = request.POST.getlist('cmd_groups_select') comment = request.POST.get('comment', '') + sudo_perm = SudoPerm.objects.get(id=sudo_perm_id) + old_name = sudo_perm.name sudo_db_update(sudo_perm_id, name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) - sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=True) + sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, + cmd_groups_select, update=True, old_name=str(old_name)) msg = '修改成功' return HttpResponseRedirect('/jperm/sudo_list/') @@ -311,6 +324,7 @@ def sudo_edit(request): def sudo_detail(request): + header_title, path1, path2 = u'Sudo授权详情 | Perm Sudo Detail.', u'授权管理', u'授权详情' sudo_perm_id = request.GET.get('id') sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id) if sudo_perm: @@ -328,7 +342,7 @@ def sudo_detail(request): for asset_group in asset_groups: assets_list.extend(asset_group.asset_set.all()) for cmd_group in cmd_groups: - cmds_list.extend(cmd_group.cmd.split(',')) + cmds_list.append({cmd_group.name: cmd_group.cmd.split(',')}) return render_to_response('jperm/sudo_detail.html', locals()) diff --git a/juser/views.py b/juser/views.py index deaf6b6a0..d2073d553 100644 --- a/juser/views.py +++ b/juser/views.py @@ -328,7 +328,7 @@ def group_edit(request): def user_list(request): user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} - header_title, path1, path2 = '查看用户 | Show User', 'juser', 'user_list' + header_title, path1, path2 = '查看用户 | Show User', '用户管理', '用户列表' users = contact_list = User.objects.all().order_by('id') p = paginator = Paginator(contact_list, 10) diff --git a/templates/jperm/sudo_detail.html b/templates/jperm/sudo_detail.html index 0b9e7fa08..bd4a1bb5e 100644 --- a/templates/jperm/sudo_detail.html +++ b/templates/jperm/sudo_detail.html @@ -5,10 +5,10 @@ {% include 'nav_cat_bar.html' %}
-
+
-
详情 {{ user.name }} Add perm info.
+
授权用户 User.
@@ -28,10 +28,126 @@
- {{ }} + + + + + + + + + + + {% for user in users_list %} + + + + + + + {% endfor %} + +
用户名姓名部门属组
{{ user.username }}{{ user.name }}{{ user.username|group_manage_str }}{{ user.username|groups_str }}
+ +
+
+
+
授权主机 Asset.
+
+ + + + + + + + + + +
+
+
+ + + + + + + + + + {% for asset in assets_list %} + + + + + + {% endfor %} + +
IPIDC主机组
{{ asset.ip }}{{ asset.idc.name }} + {% for group in asset.bis_group.all|filter_private %} + {{ group }} + {% endfor %} +
+
+
+
+ +
+
+
+
授权命令 Command.
+
+ + + + + + + + + + +
+
+
+ + + + + + + + + {% for cmd_group in cmds_list %} + {% for cmd_group_name, cmds in cmd_group.items %} + {% for cmd in cmds %} + + + + + {% endfor %} + {% endfor %} + {% endfor %} + +
命令命令组
{{ cmd }}{{ cmd_group_name }}
+
+
+
+
diff --git a/templates/jperm/sudo_edit.html b/templates/jperm/sudo_edit.html index 6e1f3e812..87df22fa4 100644 --- a/templates/jperm/sudo_edit.html +++ b/templates/jperm/sudo_edit.html @@ -41,7 +41,7 @@
- + 取个名字方便辨识,只支持英文
diff --git a/templates/jperm/sudo_list.html b/templates/jperm/sudo_list.html index 812324ba5..b84d2f4ed 100644 --- a/templates/jperm/sudo_list.html +++ b/templates/jperm/sudo_list.html @@ -31,26 +31,26 @@
添加命令组 - 查看命令组 + 查看命令组
@@ -64,11 +64,11 @@ 授权名 - user_runas + UserRunAs 用户组 主机组 命令组 - 备注 + 操作 @@ -94,7 +94,7 @@ {% endfor %} - 详情 + 详情 编辑 删除 diff --git a/templates/nav_li_profile.html b/templates/nav_li_profile.html index eb048c7ae..09811e0c8 100644 --- a/templates/nav_li_profile.html +++ b/templates/nav_li_profile.html @@ -14,7 +14,7 @@
- JumpServer + JS+