diff --git a/apps/ops/api/serializers.py b/apps/ops/api/serializers.py index e580028f6..4111a64ff 100644 --- a/apps/ops/api/serializers.py +++ b/apps/ops/api/serializers.py @@ -1,7 +1,7 @@ # ~*~ coding: utf-8 ~*~ from __future__ import unicode_literals, print_function -from ..models import HostAlia, UserAlia, CmdAlia, RunasAlia, Extra_conf +from ..models import HostAlia, UserAlia, CmdAlia, RunasAlia, Extra_conf, Privilege, Sudo from rest_framework import serializers @@ -34,3 +34,16 @@ class ExtraconfSerializer(serializers.ModelSerializer): class Meta: model = Extra_conf + +class PrivilegeSerializer(serializers.ModelSerializer): + + class Meta: + model = Privilege + + +class SudoSerializer(serializers.ModelSerializer): + + class Meta: + model = Sudo + + diff --git a/apps/ops/api/views.py b/apps/ops/api/views.py index 065a04639..b0eec81e0 100644 --- a/apps/ops/api/views.py +++ b/apps/ops/api/views.py @@ -193,3 +193,55 @@ class ExtraconfViewSet(viewsets.GenericViewSet): pass +class PrivilegeViewSet(viewsets.GenericViewSet): + queryset = Privilege.objects.all() + serializer_class = PrivilegeSerializer + permission_classes = None + + def list(self): + pass + + def create(self): + pass + + def retrieve(self, *args, **kwargs): + pass + + def update(self, *args, **kwargs): + pass + + def destroy(self, *args, **kwargs): + privilege = self.get_object() + privilege.delete() + return Response(status=status.HTTP_204_NO_CONTENT) + + def perform_create(self): + pass + + +class SudoViewSet(viewsets.GenericViewSet): + queryset = Sudo.objects.all() + serializer_class = SudoSerializer + permission_classes = None + + def list(self): + pass + + def create(self): + pass + + def retrieve(self, *args, **kwargs): + pass + + def update(self, *args, **kwargs): + pass + + def destroy(self, *args, **kwargs): + sudo = self.get_object() + sudo.delete() + return Response(status=status.HTTP_204_NO_CONTENT) + + def perform_create(self): + pass + + diff --git a/apps/ops/models.py b/apps/ops/models.py index 70fe0cc7f..ba5c4cc1e 100644 --- a/apps/ops/models.py +++ b/apps/ops/models.py @@ -274,49 +274,29 @@ class Sudo(models.Model): """ Sudo配置文件对象, 用于配置sudo的配置文件 - :param user_alias: {: } - :param cmnd_alias: {: } - :param host_alias: {: } - :param runas_alias: {: } :param extra_lines: [, ,...] :param privileges: [(user, host, runas, command, nopassword),] """ asset = models.ForeignKey(Asset, null=True, blank=True, related_name='sudos') - host_alias = models.ManyToManyField(HostAlia, related_name='sudos', blank=True) - user_alias = models.ManyToManyField(UserAlia, related_name='sudos', blank=True) - cmnd_alias = models.ManyToManyField(CmdAlia, related_name='sudos', blank=True) - runas_alias = models.ManyToManyField(RunasAlia, related_name='sudos', blank=True) extra_lines = models.ManyToManyField(Extra_conf, related_name='sudos', blank=True) privilege_items = models.ManyToManyField(Privilege, related_name='sudos', blank=True) @property def users(self): - ret = {} - for user in self.user_alias.all(): - ret[user.name] = user.user_items.split(',') - return ret + return {privilege.user.name: privilege.user.user_items.split(',') for privilege in self.privilege_items.all()} @property def commands(self): - ret = {} - for cmd in self.cmnd_alias.all(): - ret[cmd.name] = cmd.cmd_items.split(',') - return ret + return {privilege.command.name: privilege.command.cmd_items.split(',') for privilege in self.privilege_items.all()} @property def hosts(self): - ret = {} - for host in self.host_alias.all(): - ret[host.name] = host.host_items.split(',') - return ret + return {privilege.host.name: privilege.host.host_items.split(',') for privilege in self.privilege_items.all()} @property def runas(self): - ret = {} - for runas in self.runas_alias.all(): - ret[runas.name] = runas.runas_items.split(',') - return ret + return {privilege.runas.name: privilege.runas.runas_items.split(',') for privilege in self.privilege_items.all()} @property def extras(self): @@ -391,7 +371,7 @@ root ALL=(ALL:ALL) ALL # JumpServer Generate User privilege is here. # Note privileges is a tuple list like [(user, host, runas, command, nopassword),] -{% if privileges -%} +{% if Privileges -%} {% for User_Flag, Host_Flag, Runas_Flag, Command_Flag, NopassWord in Privileges -%} {% if NopassWord -%} {{ User_Flag }} {{ Host_Flag }}=({{ Runas_Flag }}) NOPASSWD: {{ Command_Flag }} diff --git a/apps/ops/urls.py b/apps/ops/urls.py index c2ff9f62c..ea4b669b7 100644 --- a/apps/ops/urls.py +++ b/apps/ops/urls.py @@ -20,11 +20,11 @@ router.register(r'Extraconf', api_view.ExtraconfViewSet) urlpatterns = [ # Resource Sudo url - url(r'^sudo/list$', mvc_view.SudoListView.as_view(), name='sudo-list'), - url(r'^sudo/create', mvc_view.SudoCreateView.as_view(), name='sudo-create'), - url(r'^sudo/detail', mvc_view.SudoDetailView.as_view(), name='sudo-detail'), - url(r'^sudo/update', mvc_view.SudoUpdateView.as_view(), name='sudo-update'), - url(r'^sudo/delete', mvc_view.SudoDeleteView.as_view(), name='sudo-delete'), + url(r'^sudo/list$', mvc_view.SudoListView.as_view(), name='sudo-list'), + url(r'^sudo/create$', mvc_view.SudoCreateView.as_view(), name='sudo-create'), + url(r'^sudo/detail$', mvc_view.SudoDetailView.as_view(), name='sudo-detail'), + url(r'^sudo/update$', mvc_view.SudoUpdateView.as_view(), name='sudo-update'), + url(r'^sudo/delete$', mvc_view.SudoDeleteView.as_view(), name='sudo-delete'), ] urlpatterns += [ diff --git a/apps/ops/utils.py b/apps/ops/utils.py index 7307f91ca..9cb69df23 100644 --- a/apps/ops/utils.py +++ b/apps/ops/utils.py @@ -1,41 +1,16 @@ # ~*~ coding: utf-8 ~*~ -class CreateHostAliasMinxin(object): - pass +class CreateSudoPrivilegesMixin(object): + + def create_privilege(self): + pass -class CreateUserAliasMinxin(object): - pass +class ListSudoPrivilegesMixin(object): + + def get_all_privilege(self): + pass -class CreateCmdAliasMinxin(object): - pass - -class CreateRunasAliasMinxin(object): - pass - - -class CreateExtralineAliasMinxin(object): - pass - - -class UpdateHostAliasMinxin(object): - pass - - -class UpdateUserAliasMinxin(object): - pass - - -class UpdateCmdAliasMinxin(object): - pass - - -class UpdateRunasAliasMinxin(object): - pass - - -class UpdateExtralineAliasMinxin(object): - pass \ No newline at end of file diff --git a/apps/ops/views.py b/apps/ops/views.py index 89344583f..6b05b0253 100644 --- a/apps/ops/views.py +++ b/apps/ops/views.py @@ -7,102 +7,29 @@ from django.views.generic.edit import CreateView, DeleteView, UpdateView from django.views.generic.detail import DetailView, SingleObjectMixin from .hands import AdminUserRequiredMixin +from .utils import CreateSudoPrivilegesMixin, ListSudoPrivilegesMixin +from models import * -class SudoListView(AdminUserRequiredMixin, ListView): +class SudoListView(AdminUserRequiredMixin, ListSudoPrivilegesMixin, ListView): paginate_by = settings.CONFIG.DISPLAY_PER_PAGE - model = Asset - context_object_name = 'asset_list' - template_name = 'assets/asset_list.html' - - def get_queryset(self): - queryset = super(AssetListView, self).get_queryset() - queryset = sorted(queryset, key=self.sorted_by_valid_and_ip) - return queryset - - @staticmethod - def sorted_by_valid_and_ip(asset): - ip_list = int_seq(asset.ip.split('.')) - ip_list.insert(0, asset.is_valid()[0]) - return ip_list - - def get_context_data(self, **kwargs): - context = { - 'app': 'Assets', - 'action': 'asset list', - 'tag_list': [(i.id,i.name,i.asset_set.all().count())for i in Tag.objects.all().order_by('name')] - - } - kwargs.update(context) - return super(AssetListView, self).get_context_data(**kwargs) + model = Sudo + context_object_name = 'sudos' + template_name = 'sudo/list.html' -class SudoCreateView(AdminUserRequiredMixin, CreateView): - model = Asset - tag_type = 'asset' - form_class = AssetCreateForm - template_name = 'assets/asset_create.html' - success_url = reverse_lazy('assets:asset-list') - - def form_valid(self, form): - asset = form.save() - asset.created_by = self.request.user.username or 'Admin' - asset.save() - return super(AssetCreateView, self).form_valid(form) - - def form_invalid(self, form): - print(form.errors) - return super(AssetCreateView, self).form_invalid(form) - - - def get_context_data(self, **kwargs): - context = { - 'app': 'Assets', - 'action': 'Create asset', - } - kwargs.update(context) - - return super(AssetCreateView, self).get_context_data(**kwargs) +class SudoCreateView(AdminUserRequiredMixin, CreateSudoPrivilegesMixin, CreateView): + model = Sudo + template_name = 'sudo/create.html' class SudoUpdateView(AdminUserRequiredMixin, UpdateView): - model = Asset - form_class = AssetCreateForm - template_name = 'assets/asset_update.html' - success_url = reverse_lazy('assets:asset-list') - - def get_context_data(self, **kwargs): - context = { - 'app': 'Assets', - 'action': 'Update asset', - } - kwargs.update(context) - return super(AssetUpdateView, self).get_context_data(**kwargs) - - def form_invalid(self, form): - print(form.errors) - return super(AssetUpdateView, self).form_invalid(form) - - -class SudoDeleteView(DeleteView): - model = Asset - template_name = 'assets/delete_confirm.html' - success_url = reverse_lazy('assets:asset-list') + model = Sudo + template_name = 'sudo/update.html' class SudoDetailView(DetailView): - model = Asset - context_object_name = 'asset' - template_name = 'assets/asset_detail.html' + model = Sudo + context_object_name = 'sudo' + template_name = 'sudo/detail.html' - def get_context_data(self, **kwargs): - asset_groups = self.object.groups.all() - context = { - 'app': 'Assets', - 'action': 'Asset detail', - 'asset_groups_remain': [asset_group for asset_group in AssetGroup.objects.all() - if asset_group not in asset_groups], - 'asset_groups': asset_groups, - } - kwargs.update(context) - return super(AssetDetailView, self).get_context_data(**kwargs)