diff --git a/jperm/models.py b/jperm/models.py index 624df9743..cfa2b3f79 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -22,12 +22,11 @@ class CmdGroup(models.Model): class SudoPerm(models.Model): - name = models.CharField(max_length=20) + user_group = models.ForeignKey(UserGroup) user_runas = models.CharField(max_length=100) - user_group = models.ManyToManyField(UserGroup) asset_group = models.ManyToManyField(BisGroup) cmd_group = models.ManyToManyField(CmdGroup) comment = models.CharField(max_length=30, null=True, blank=True) def __unicode__(self): - return self.name \ No newline at end of file + return self.user_group.name \ No newline at end of file diff --git a/jperm/urls.py b/jperm/urls.py index 624f0bcca..194a76180 100644 --- a/jperm/urls.py +++ b/jperm/urls.py @@ -16,9 +16,9 @@ urlpatterns = patterns('jperm.views', (r'^perm_del/$', 'perm_del'), (r'^perm_asset_detail/$', 'perm_asset_detail'), (r'^sudo_list/$', 'sudo_list'), - (r'^sudo_add/$', view_splitter, {'su': sudo_add, 'adm': sudo_add_adm}), (r'^sudo_del/$', 'sudo_del'), (r'^sudo_edit/$', 'sudo_edit'), + (r'^sudo_refresh/$', 'sudo_refresh'), (r'^sudo_detail/$', 'sudo_detail'), (r'^cmd_add/$', 'cmd_add'), (r'^cmd_list/$', 'cmd_list'), diff --git a/jperm/views.py b/jperm/views.py index 99a39f33b..7cf75f31c 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -12,21 +12,17 @@ from jumpserver.views import LDAP_ENABLE, ldap_conn, CONF, page_list_return, pag from jumpserver.api import * -def user_asset_cmd_groups_get(user_groups_select='', asset_groups_select='', cmd_groups_select=''): - user_groups_select_list = [] +def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''): asset_groups_select_list = [] cmd_groups_select_list = [] - for user_group_id in user_groups_select: - user_groups_select_list.append(UserGroup.objects.get(id=user_group_id)) - for asset_group_id in asset_groups_select: - asset_groups_select_list.append(BisGroup.objects.get(id=asset_group_id)) + asset_groups_select_list.extend(BisGroup.objects.filter(id=asset_group_id)) for cmd_group_id in cmd_groups_select: - cmd_groups_select_list.append(CmdGroup.objects.get(id=cmd_group_id)) + cmd_groups_select_list.extend(CmdGroup.objects.filter(id=cmd_group_id)) - return user_groups_select_list, asset_groups_select_list, cmd_groups_select_list + return asset_groups_select_list, cmd_groups_select_list @require_admin @@ -230,180 +226,186 @@ def perm_asset_detail(request): return render_to_response('jperm/perm_asset_detail.html', locals(), context_instance=RequestContext(request)) -def sudo_db_add(name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment): - user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ - user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) - - sudo_perm = SudoPerm(name=name, user_runas=user_runas, comment=comment) - sudo_perm.save() - sudo_perm.user_group = user_groups_select_list - sudo_perm.asset_group = asset_groups_select_list - sudo_perm.cmd_group = cmd_groups_select_list - - -def sudo_db_update(sudo_perm_id, name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment): - user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ - user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) - sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id) - if sudo_perm: - sudo_perm.update(name=name, user_runas=user_runas, comment=comment) - sudo_perm = sudo_perm[0] - sudo_perm.user_group = user_groups_select_list - sudo_perm.asset_group = asset_groups_select_list - sudo_perm.cmd_group = cmd_groups_select_list +# def sudo_db_add(name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment): +# user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ +# user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) +# +# sudo_perm = SudoPerm(name=name, user_runas=user_runas, comment=comment) +# sudo_perm.save() +# sudo_perm.user_group = user_groups_select_list +# sudo_perm.asset_group = asset_groups_select_list +# sudo_perm.cmd_group = cmd_groups_select_list def unicode2str(unicode_list): return [str(i) for i in unicode_list] -def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, - cmd_groups_select, update=False, old_name=''): - user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ - user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) +def sudo_ldap_add(user_group, user_runas, asset_groups_select, + cmd_groups_select): if not LDAP_ENABLE: return True - users = [] assets = [] cmds = [] - users_runas = users_runas.split(',') - asset_all = False - - for user_group in user_groups_select_list: - users.extend(user_group.user_set.all()) - - for asset_group in asset_groups_select_list: - if u'ALL' in asset_group.name: - asset_all = True - break - else: + user_runas = user_runas.split(',') + if len(asset_groups_select) == 1 and asset_groups_select[0].name == 'ALL': + asset_all = True + else: + asset_all = False + for asset_group in asset_groups_select: assets.extend(asset_group.asset_set.all()) - for cmd_group in cmd_groups_select_list: + if user_group.name == 'ALL': + user_all = True + users = [] + else: + user_all = False + users = user_group.user_set.all() + + for cmd_group in cmd_groups_select: cmds.extend(cmd_group.cmd.split(',')) - users_name = [user.username for user in users] + if user_all: + users_name = ['ALL'] + else: + users_name = list(set([user.username for user in users])) + if asset_all: assets_ip = ['ALL'] else: - assets_ip = [asset.ip for asset in assets] + assets_ip = list(set([asset.ip for asset in assets])) + name = 'sudo%s' % user_group.id sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN) sudo_attr = {'objectClass': ['top', 'sudoRole'], - 'cn': ['%s' % str(name)], + 'cn': ['%s' % name], 'sudoCommand': unicode2str(cmds), 'sudoHost': unicode2str(assets_ip), 'sudoOption': ['!authenticate'], - 'sudoRunAsUser': unicode2str(users_runas), + 'sudoRunAsUser': unicode2str(user_runas), 'sudoUser': unicode2str(users_name)} - - if update: - old_sudo_dn = 'cn=%s,ou=Sudoers,%s' % (old_name, LDAP_BASE_DN) - ldap_conn.delete(old_sudo_dn) - + print sudo_dn + ldap_conn.delete(sudo_dn) ldap_conn.add(sudo_dn, sudo_attr) -@require_super_user -def sudo_add(request): - header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限' - user_groups = UserGroup.objects.filter(id__gt=2) - asset_groups = BisGroup.objects.all() - cmd_groups = CmdGroup.objects.all() +def sudo_update(user_group, user_runas, asset_groups_select, cmd_groups_select, comment): + asset_groups_select_list, cmd_groups_select_list = \ + asset_cmd_groups_get(asset_groups_select, cmd_groups_select) + sudo_perm = user_group.sudoperm_set.all() + if sudo_perm: + sudo_perm.update(user_runas=user_runas, comment=comment) + sudo_perm = sudo_perm[0] + sudo_perm.asset_group = asset_groups_select_list + sudo_perm.cmd_group = cmd_groups_select_list + else: + sudo_perm = SudoPerm(user_group=user_group, user_runas=user_runas, comment=comment) + sudo_perm.save() + sudo_perm.asset_group = asset_groups_select_list + sudo_perm.cmd_group = cmd_groups_select_list - if request.method == 'POST': - name = request.POST.get('name') - users_runas = request.POST.get('runas', 'root') - user_groups_select = request.POST.getlist('user_groups_select') - asset_groups_select = request.POST.getlist('asset_groups_select') - cmd_groups_select = request.POST.getlist('cmd_groups_select') - comment = request.POST.get('comment', '') - - if LDAP_ENABLE: - sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) - sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select) - - msg = '添加成功' - return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request)) + sudo_ldap_add(user_group, user_runas, asset_groups_select_list, cmd_groups_select_list) -@require_admin -def sudo_add_adm(request): - header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限' - user, dept = get_session_user_dept(request) - user_groups = dept.usergroup_set.filter(id__gt=2) - asset_groups = dept.bisgroup_set.all() - cmd_groups = CmdGroup.objects.all() +# @require_super_user +# def sudo_add(request): +# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限' +# user_groups = UserGroup.objects.filter(id__gt=2) +# asset_groups = BisGroup.objects.all() +# cmd_groups = CmdGroup.objects.all() +# +# if request.method == 'POST': +# name = request.POST.get('name') +# users_runas = request.POST.get('runas', 'root') +# user_groups_select = request.POST.getlist('user_groups_select') +# asset_groups_select = request.POST.getlist('asset_groups_select') +# cmd_groups_select = request.POST.getlist('cmd_groups_select') +# comment = request.POST.get('comment', '') +# +# if LDAP_ENABLE: +# sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) +# sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select) +# +# msg = '添加成功' +# return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request)) - if request.method == 'POST': - name = request.POST.get('name') - users_runas = request.POST.get('runas', 'root') - user_groups_select = request.POST.getlist('user_groups_select') - asset_groups_select = request.POST.getlist('asset_groups_select') - cmd_groups_select = request.POST.getlist('cmd_groups_select') - comment = request.POST.get('comment', '') - if LDAP_ENABLE: - sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) - sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select) - - msg = '添加成功' - return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request)) +# @require_admin +# def sudo_add_adm(request): +# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限' +# user, dept = get_session_user_dept(request) +# user_groups = dept.usergroup_set.filter(id__gt=2) +# asset_groups = dept.bisgroup_set.all() +# cmd_groups = CmdGroup.objects.all() +# +# if request.method == 'POST': +# name = request.POST.get('name') +# users_runas = request.POST.get('runas', 'root') +# user_groups_select = request.POST.getlist('user_groups_select') +# asset_groups_select = request.POST.getlist('asset_groups_select') +# cmd_groups_select = request.POST.getlist('cmd_groups_select') +# comment = request.POST.get('comment', '') +# +# if LDAP_ENABLE: +# sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) +# sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select) +# +# msg = '添加成功' +# return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request)) @require_admin def sudo_list(request): header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情' - contact_list = SudoPerm.objects.all() + keyword = request.GET.get('search', '') + if keyword: + contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) + else: + contact_list = UserGroup.objects.all().order_by('name') contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) return render_to_response('jperm/sudo_list.html', locals(), context_instance=RequestContext(request)) -@require_admin +@require_super_user def sudo_edit(request): - header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo修改' + header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo授权' if request.method == 'GET': - sudo_perm_id = request.GET.get('id', '0') - sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id)) - if sudo_perm: - user_group_all = UserGroup.objects.filter(id__gt=2) - asset_group_all = BisGroup.objects.filter() - cmd_group_all = CmdGroup.objects.all() + user_group_id = request.GET.get('id', '0') + user_group = UserGroup.objects.filter(id=user_group_id) + asset_group_all = BisGroup.objects.filter() + cmd_group_all = CmdGroup.objects.all() + if user_group: + user_group = user_group[0] + sudo_perm = user_group.sudoperm_set.all() + if sudo_perm: + sudo_perm = sudo_perm[0] + asset_group_permed = sudo_perm.asset_group.all() + cmd_group_permed = sudo_perm.cmd_group.all() + user_runas = sudo_perm.user_runas + comment = sudo_perm.comment + else: + asset_group_permed = [] + cmd_group_permed = [] - sudo_perm = sudo_perm[0] - user_group_permed = sudo_perm.user_group.all() - asset_group_permed = sudo_perm.asset_group.all() - cmd_group_permed = sudo_perm.cmd_group.all() - - user_groups = [user_group for user_group in user_group_all if user_group not in user_group_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] cmd_groups = [cmd_group for cmd_group in cmd_group_all if cmd_group not in cmd_group_permed] - name = sudo_perm.name - user_runas = sudo_perm.user_runas - comment = sudo_perm.comment - else: - sudo_perm_id = request.POST.get('sudo_perm_id') - name = request.POST.get('name') + user_group_id = request.POST.get('user_group_id', '') users_runas = request.POST.get('runas', 'root') - user_groups_select = request.POST.getlist('user_groups_select') asset_groups_select = request.POST.getlist('asset_groups_select') cmd_groups_select = request.POST.getlist('cmd_groups_select') comment = request.POST.get('comment', '') - - sudo_perm = SudoPerm.objects.get(id=sudo_perm_id) - old_name = sudo_perm.name - if LDAP_ENABLE: - sudo_db_update(sudo_perm_id, name, users_runas, user_groups_select, - asset_groups_select, cmd_groups_select, comment) - sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, - cmd_groups_select, update=True, old_name=str(old_name)) - msg = '修改成功' + user_group = UserGroup.objects.filter(id=user_group_id) + if user_group: + user_group = user_group[0] + if LDAP_ENABLE: + sudo_update(user_group, users_runas, asset_groups_select, cmd_groups_select, comment) + msg = '修改成功' return HttpResponseRedirect('/jperm/sudo_list/') @@ -411,40 +413,51 @@ def sudo_edit(request): @require_admin -def sudo_detail(request): - header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情' - sudo_perm_id = request.GET.get('id') - sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id) - if sudo_perm: - sudo_perm = sudo_perm[0] - user_groups = sudo_perm.user_group.all() - asset_groups = sudo_perm.asset_group.all() - cmd_groups = sudo_perm.cmd_group.all() +def sudo_refresh(request): + sudo_perm_all = SudoPerm.objects.all() + for sudo_perm in sudo_perm_all: + user_group = sudo_perm.user_group + user_runas = sudo_perm.user_runas + asset_groups_select = sudo_perm.asset_group.all() + cmd_groups_select = sudo_perm.cmd_group.all() + sudo_ldap_add(user_group, user_runas, asset_groups_select, cmd_groups_select) + return HttpResponse('ok') - users_list = [] - assets_list = [] - cmds_list = [] - - for user_group in user_groups: - users_list.extend(user_group.user_set.all()) - for asset_group in asset_groups: - assets_list.extend(asset_group.asset_set.all()) - for cmd_group in cmd_groups: - cmds_list.append({cmd_group.name: cmd_group.cmd.split(',')}) - - return render_to_response('jperm/sudo_detail.html', locals(), context_instance=RequestContext(request)) +# @require_admin +# def sudo_detail(request): +# header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情' +# sudo_perm_id = request.GET.get('id') +# sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id) +# if sudo_perm: +# sudo_perm = sudo_perm[0] +# user_groups = sudo_perm.user_group.all() +# asset_groups = sudo_perm.asset_group.all() +# cmd_groups = sudo_perm.cmd_group.all() +# +# users_list = [] +# assets_list = [] +# cmds_list = [] +# +# for user_group in user_groups: +# users_list.extend(user_group.user_set.all()) +# for asset_group in asset_groups: +# assets_list.extend(asset_group.asset_set.all()) +# for cmd_group in cmd_groups: +# cmds_list.append({cmd_group.name: cmd_group.cmd.split(',')}) +# +# return render_to_response('jperm/sudo_detail.html', locals(), context_instance=RequestContext(request)) -@require_admin -def sudo_del(request): - sudo_perm_id = request.GET.get('id', '0') - sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id)) - if sudo_perm: - name = sudo_perm[0].name - sudo_perm.delete() - sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN) - ldap_conn.delete(sudo_dn) - return HttpResponseRedirect('/jperm/sudo_list/') +# @require_admin +# def sudo_del(request): +# sudo_perm_id = request.GET.get('id', '0') +# sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id)) +# if sudo_perm: +# name = sudo_perm[0].name +# sudo_perm.delete() +# sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN) +# ldap_conn.delete(sudo_dn) +# return HttpResponseRedirect('/jperm/sudo_list/') @require_admin diff --git a/templates/jperm/perm_list.html b/templates/jperm/perm_list.html index 77551ac3a..ad715349f 100644 --- a/templates/jperm/perm_list.html +++ b/templates/jperm/perm_list.html @@ -60,7 +60,7 @@ {{ group.name }} {{ group.dept.name }} - {{ group.id | member_count }} + {{ group.id | member_count }} {{ group.id | ugrp_perm_agrp_count }} {{ group.id | ugrp_perm_asset_count }} {{ group.comment }} diff --git a/templates/jperm/sudo_cmd_add.html b/templates/jperm/sudo_cmd_add.html index befdbf20d..603600201 100644 --- a/templates/jperm/sudo_cmd_add.html +++ b/templates/jperm/sudo_cmd_add.html @@ -32,9 +32,8 @@
diff --git a/templates/jperm/sudo_cmd_list.html b/templates/jperm/sudo_cmd_list.html index 8046a5f06..73e8b77de 100644 --- a/templates/jperm/sudo_cmd_list.html +++ b/templates/jperm/sudo_cmd_list.html @@ -34,9 +34,8 @@
diff --git a/templates/jperm/sudo_edit.html b/templates/jperm/sudo_edit.html index 2148c534e..69b957739 100644 --- a/templates/jperm/sudo_edit.html +++ b/templates/jperm/sudo_edit.html @@ -33,10 +33,9 @@
@@ -51,64 +50,23 @@ {% endif %}
- -
- - - 取个名字方便辨识,只支持英文 -
-
-
- -
- +
+ 允许以哪个用户允许sudo,逗号分隔,默认root
-
- -
- -
-
- -
-
- - -
-
- - -
-
- -
-
- -
-
-
- +
- {% for asset_group in asset_groups %} {% endfor %} @@ -125,7 +83,7 @@
- {% for asset_group in asset_group_permed %} {% endfor %} @@ -137,10 +95,10 @@
- +
- {% for cmd_group in cmd_groups %} {% endfor %} @@ -157,7 +115,7 @@
- {% for cmd_group in cmd_group_permed %} {% endfor %} @@ -187,10 +145,11 @@
- +
+{% endblock %} diff --git a/templates/jperm/sudo_list.html b/templates/jperm/sudo_list.html index 07aad992b..0d1f76608 100644 --- a/templates/jperm/sudo_list.html +++ b/templates/jperm/sudo_list.html @@ -35,9 +35,11 @@
@@ -49,47 +51,40 @@ - - - - - + + + + + + + - - {% for sudo_perm in contacts.object_list %} - - - - - - - - - - + + {% for group in contacts.object_list %} + + + + + + + + + + {% endfor %}
授权名UserRunAs用户组主机组命令组组名所属部门成员数目授权主机组数目授权主机数目sudo命令备注 操作
{{ sudo_perm.name }} {{ sudo_perm.user_runas }} - {{ sudo_perm.user_group.all | group_str2 }} - - {{ sudo_perm.asset_group.all | group_str2 }} - - {{ sudo_perm.cmd_group.all | group_str2 }} - - 详情 - 编辑 - 删除 -
{{ group.name }} {{ group.dept.name }} {{ group.id | member_count }} {{ group.id | ugrp_perm_agrp_count }} {{ group.id | ugrp_perm_asset_count }} {{ group.id | ugrp_perm_asset_count }} {{ group.comment }} + sudo授权 +
- Showing {{ contacts1.start_index }} to {{ contacts1.end_index }} of {{ p1.count }} entries + Showing {{ contacts.start_index }} to {{ contacts.end_index }} of {{ p.count }} entries
{% include 'paginator.html' %} -