github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

添加授权查询api

pull/26/head
ibuler 2015-11-21 00:42:54 +08:00
parent 40d1eb37dc
commit 558309599c
3 changed files with 46 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
jperm/perm_api.py
View File

@ -10,9 +10,52 @@ from jperm.models import PermRole
from jperm.models import PermRule
class PermGet(object):
def __init__(self):
pass
def get_user_perm(user):
"""
return:
{asset_group': {
asset_group1: {'role': [role1, role2], 'rule': [rule1, rule2]},
asset_group2: {'role': [role1, role2], 'rule': [rule1, rule2]},
}
'asset':{
asset1: {'role': [role1, role2], 'rule': [rule1, rule2]},
asset2: {'role': [role1, role2], 'rule': [rule1, rule2]},
}
]},
'rule':[rule1, rule2,]
}
"""
perm = {}
user_rule_all = PermRule.objects.filter(user=user)
perm['rule'] = user_rule_all
perm_asset_group = perm['asset_group'] = {}
perm_asset = perm['asset'] = {}
for rule in user_rule_all:
asset_groups = rule.asset_group.all()
assets = rule.asset.all()
for asset_group in asset_groups:
if perm_asset_group.get(asset_group):
perm_asset_group[asset_group].get('role', []).update(set(rule.role.all()))
perm_asset_group[asset_group].get('rule', []).append(rule)
else:
perm_asset_group[asset_group] = {'role': set(rule.role.all()), 'rule': [rule]}
for asset in assets:
if perm_asset.get(asset):
perm_asset[asset].get('role', []).update(set(rule.role.all()))
perm_asset[asset].get('rule', []).append(rule)
else:
perm_asset[asset] = {'role': set(rule.role.all()), 'rule': [rule]}
return perm
def get_object_list(model, id_list):

7
jperm/urls.py
View File

@ -13,11 +13,4 @@ urlpatterns = patterns('jperm.views',
(r'^role/perm_role_detail/$', perm_role_detail),
(r'^role/perm_role_edit/$', perm_role_edit),
(r'^role/perm_role_push/$', perm_role_push),
(r'^log/$', log),
(r'^sys_user_add/$', sys_user_add),
(r'^perm_user_list/$', sys_user_list),
(r'^sys_user_del/$', sys_user_del),
(r'^sys_user_edit/$', sys_user_edit),
)

86
jperm/views.py
View File

@ -378,8 +378,6 @@ def perm_role_edit(request):
return my_render('jperm/perm_role_list.html', locals(), request)
@require_role('admin')
def perm_role_push(request):
"""
@ -458,87 +456,3 @@ def perm_role_push(request):
else:
return HttpResponse(u"推送系统角色: %s" % ','.join(role_names))
@require_role('admin')
def perm_group_list(request):
header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权'
keyword = request.GET.get('search', '')
user_groups_list = UserGroup.objects.all()
if keyword:
request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword))
user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request)
return my_render('jperm/perm_group_list.html', locals(), request)
@require_role('admin')
def perm_group_edit(request):
header_title, path1, path2 = '用户组授权', '授权管理', '授权更改'
user_group_id = request.GET.get('id', '')
user_group = get_object(UserGroup, id=user_group_id)
asset_all = Asset.objects.all()
asset_group_all = AssetGroup.objects.all()
asset_permed = user_group.asset.all() # 获取授权的资产对象列表
asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表
if request.method == 'GET' and user_group:
assets = [asset for asset in asset_all if asset not in asset_permed]
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
return my_render('jperm/perm_group_edit.html', locals(), request)
elif request.method == 'POST' and user_group:
asset_id_select = request.POST.getlist('asset_select', [])
asset_group_id_select = request.POST.getlist('asset_groups_select', [])
asset_select = get_object_list(Asset, asset_id_select)
asset_group_select = get_object_list(AssetGroup, asset_group_id_select)
asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表
asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表
asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表
asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表
users = user_group.user_set.all()
perm_info = {
'action': 'perm group edit: ' + user_group.name,
'del': {'users': users, 'assets': asset_del},
'new': {'users': users, 'assets': asset_new}
}
results = perm_user_api(perm_info)
unreachable_asset = []
failures_asset = []
for ip in results.get('unreachable'):
unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
for ip in results.get('failures'):
failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
failures_asset.extend(unreachable_asset) # 失败的授权要统计
for asset in failures_asset:
if asset in asset_select:
asset_select.remove(asset)
else:
asset_select.append(asset)
user_group.asset = asset_select
user_group.asset_group = asset_group_select
user_group.save() # 保存到数据库
return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
else:
return HttpResponse('输入错误')
def log(request):
header_title, path1, path2 = '授权记录', '授权管理', '授权记录'
log_all = Log.objects.all().order_by('-datetime')
log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request)
return my_render('jperm/perm_log.html', locals(), request)
def sys_user_edit(request):
pass
def sys_user_del(request):
pass