ansible api add get_host_info in Class Tasks

2015-11-13 00:31:27 +08:00 · 2015-11-13 00:31:27 +08:00 · 6074bb033d
parent 82286ea7ed
commit 6074bb033d
7 changed files with 528 additions and 232 deletions
--- a/jperm/ansible_api.py
+++ b/jperm/ansible_api.py
@ -78,18 +78,19 @@ class MyInventory(object):
        # add hosts to group
        for host in hosts:
            # set connection variables
-            hostname = host.pop("hostname")
-            hostport = host.pop("port")
-            username = host.pop("username")
-            password = host.pop("password")
+            hostname = host.get("hostname")
+            hostport = host.get("port")
+            username = host.get("username")
+            password = host.get("password")
            my_host = Host(name=hostname, port=hostport)
            my_host.set_variable('ansible_ssh_host', hostname)
            my_host.set_variable('ansible_ssh_port', hostport)
            my_host.set_variable('ansible_ssh_user', username)
            my_host.set_variable('ansible_ssh_pass', password)
-            # set other variables
+            # set other variables 
            for key, value in host.iteritems():
-                my_host.set_variable(key, value)
+                if key not in ["hostname", "port", "username", "password"]:
+                    my_host.set_variable(key, value)
            # add to group
            my_group.add_host(my_host)

@ -112,8 +113,9 @@ class Command(MyInventory):
    """
    def __init__(self, *args, **kwargs):
        super(Command, self).__init__(*args, **kwargs)
+        self.results = ''

-    def run(self, command, module_name="command", timeout=5, forks=10):
+    def run(self, command, module_name="command", timeout=5, forks=10, group='my_group'):
        """
        run command from andible ad-hoc.
        command  : 必须是一个需要执行的命令字符串， 比如 
@ -126,12 +128,20 @@ class Command(MyInventory):
                     module_args=command,
                     timeout=timeout,
                     inventory=self.inventory,
-                     subset='my_group',
+                     subset=group,
                     forks=forks
                     )
-
        self.results = hoc.run()
-        return self.stdout
+
+        if self.stdout:
+            return {"ok": self.stdout}
+        else:
+            msg = []
+            if self.stderr:
+                msg.append(self.stderr)
+            if self.dark:
+                msg.append(self.dark)
+            return {"failed": msg}

    @property
    def raw_results(self):
@ -193,7 +203,7 @@ class Tasks(Command):
    def __init__(self, *args, **kwargs):
        super(Tasks, self).__init__(*args, **kwargs)

-    def __run(self, module_args, module_name="command", timeout=5, forks=10):
+    def __run(self, module_args, module_name="command", timeout=5, forks=10, group='my_group'):
        """
        run command from andible ad-hoc.
        command  : 必须是一个需要执行的命令字符串， 比如 
@ -203,7 +213,7 @@ class Tasks(Command):
                     module_args=module_args,
                     timeout=timeout,
                     inventory=self.inventory,
-                     subset='my_group',
+                     subset=group,
                     forks=forks
                     )

@ -250,6 +260,25 @@ class Tasks(Command):

        return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}

+    def add_multi_user(self, *args):
+        """
+        add multi user
+        :param args:
+            user
+        :return:
+        """
+        results = {}
+        users = {}
+        action = results["action_info"] = {}
+        for user in args:
+            users[user] = get_rand_pass()
+        for user, password in users.iteritems():
+            ret = self.add_user(user, password)
+            action[user] = ret
+        results["user_info"] = users
+
+        return results
+
    def del_user(self, username):
        """
        delete a host user.
@ -284,6 +313,56 @@ class Tasks(Command):
            action[user] = ret
        return results

+    def get_host_info(self):
+        """
+        use the setup module get host informations
+        :return:
+          all_ip is list
+          processor_count is int
+          system_dist_version is string
+          system_type is string
+          disk is dict (device_name: device_size}
+          system_dist is string
+          processor_type is string
+          default_ip is string
+          hostname is string
+          product_sn is string
+          memory_total is int (MB)
+          default_mac is string
+          product_name is string
+        """
+        self.__run('', 'setup')
+
+        result = {}
+        all = self.results.get("contacted")
+        for key, value in all.iteritems():
+            setup =value.get("ansible_facts")
+            # get disk informations
+            disk_all = setup.get("ansible_devices")
+            disk_need = {}
+            for disk_name, disk_info in disk_all.iteritems():
+                if disk_name.startswith('sd') or disk_name.startswith('hd'):
+                    disk_need[disk_name] = disk_info.get("size")
+
+            result[key] = {
+                    "all_ip": setup.get("ansible_all_ipv4_addresses"),
+                    "hostname"  : setup.get("ansible_hostname" ),
+                    "default_ip": setup.get("ansible_default_ipv4").get("address"),
+                    "default_mac": setup.get("ansible_default_ipv4").get("macaddress"),
+                    "product_name": setup.get("ansible_product_name"),
+                    "processor_type": ' '.join(setup.get("ansible_processor")),
+                    "processor_count": setup.get("ansible_processor_count"),
+                    "memory_total": setup.get("ansible_memtotal_mb"),
+                    "disk": disk_need,
+                    "system_type": setup.get("ansible_system"),
+                    "system_dist": setup.get("ansible_distribution"),
+                    "system_dist_verion": setup.get("ansible_distribution_major_version"),
+                    "product_sn": setup.get("ansible_product_serial")
+            }
+
+        return {"status": "failed", "msg": self.msg} if self.msg else {"status": "ok", "result": result}
+
+


 class CustomAggregateStats(callbacks.AggregateStats):
@ -362,25 +441,32 @@ class App(MyPlaybook):
        super(App, self).__init__(*args, **kwargs)


-
 if __name__ == "__main__":
    pass
-#   resource =  [{"hostname": "192.168.10.128", "port": "22", "username": "root", "password": "yusky0902"}]
+
+#   resource =  {
+#                "group1": {
+#                    "hosts": [{"hostname": "127.0.0.1", "port": "22", "username": "root", "password": "xxx"},],
+#                    "vars" : {"var1": "value1", "var2": "value2"},
+#                          },
+#                }
+#   command = Command(resource)
+#   print    command.run("who", group="group1")
+
+    # resource = [{"hostname": "192.168.10.148", "port": "22", "username": "root", "password": "xxx"}]
+    # task = Tasks(resource)
+    # print task.get_host_info()
+
 #   playbook = MyPlaybook(resource)
 #   playbook.run('test.yml')
 #   print playbook.raw_results
-#   command = Command(resource)
-#   command.run("who")
-#   print command.raw_results

-
-#   task = Tasks(resource)
-#   print task.add_user('test', 'mypass')
+#    task = Tasks(resource)
+    # print task.add_user('test', 'mypass')
 #   print task.del_user('test')
 #   print task.push_key('root', '/root/.ssh/id_rsa.pub')
 #   print task.del_key('root', '/root/.ssh/id_rsa.pub')

-
 #   task = Tasks(resource)
 #   print task.add_init_users()
 #   print task.del_init_users()
--- a/jperm/template_filter.py
+++ b/jperm/template_filter.py
--- a/jperm/views.py
+++ b/jperm/views.py
@ -9,16 +9,18 @@ from jperm.models import SysUser
 from juser.user_api import gen_ssh_key


-from juser.models     import User
-from jasset.models    import Asset, AssetGroup
+from juser.models      import User, UserGroup
+from jasset.models     import Asset, AssetGroup
+from jperm.models      import PermRole, PermRule

-from jperm.utils      import updates_dict
+from jperm.utils       import updates_dict
+from jperm.ansible_api import Tasks

-from jumpserver.api   import my_render, get_object
+from jumpserver.api    import my_render, get_object


@require_role('admin')
-def perm_user_list(request):
+def perm_rules(request):
    """
    用户授权视图：
      该视图的模板包含2部分：
@ -27,25 +29,27 @@ def perm_user_list(request):
        2. include 部分：{% include 'nav_cat_bar.html' %}
             rander_nav 为渲染数据
    """
-    data_nav = {"header_title": "用户授权", "path1": "授权管理", "path2": "用户授权"}
+    data_nav = {"header_title": "授权规则", "path1": "规则管理", "path2": "查看规则"}
+
+    # 获取所有规则
+    rules_list = PermRule.objects.all()

-    # 获取所有用户
-    users_list = User.objects.all()
    
-    # 搜索和分页
+    # TODO: 搜索和分页
    keyword = request.GET.get('search', '')
    if keyword:
-        users_list = users_list.filter(Q(name=keyword) | Q(username=keyword))
-    users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request)
-    data_content = {"users": users}
+        rules_list = rules_list.filter(Q(name=keyword))
+
+    rules_list, p, rules, page_range, current_page, show_first, show_end = pages(rules_list, request)
+    data_content = {"rules": rules_list}

    render_data = updates_dict(data_nav, data_content)
        
-    return my_render('jperm/perm_user_list.html', render_data, request)
+    return my_render('jperm/perm_rules.html', render_data, request)


@require_role('admin')
-def perm_user_detail(request):
+def perm_rule_detail(request):
    """
    用户详情视图：
      该视图的模板包含2部分：
@ -59,82 +63,112 @@ def perm_user_detail(request):
    # 待实现
    render_data = updates_dict(data_nav)

-    return my_render('jperm/perm_user_detail.html', render_data, request)
+    return my_render('jperm/perm_rule_detail.html', render_data, request)
    

@require_role('admin')
-def perm_user_edit(request):
+def perm_rule_add(request):
    """
-    TODO:
-    """
-    data_nav = {"header_title": "用户授权", "path1": "授权管理", "path2": "授权更改"}

-    # 获取user对象
+    :param request:
+    :return:
+    """
+    data_nav = {"header_title": "用户授权", "path1": "授权管理", "path2": "添加授权规则"}
+
+    if request.method == 'GET':
+        # 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则
+        users = User.objects.all()
+        user_groups = UserGroup.objects.all()
+        assets = Asset.objects.all()
+        asset_groups = AssetGroup.objects.all()
+        roles = PermRole.objects.all()
+
+        data_content = {"users": users, "user_groups": user_groups, 
+                        "assets": assets, "asset_groups": asset_groups,
+                        "roles": roles}
+        render_data = updates_dict(data_nav, data_content)        
+        return my_render('jperm/perm_rule_add.html', render_data, request)
+
+    elif request.method == 'POST':
+        # 获取用户选择的 用户,用户组,资产,资产组,用户角色
+        users_select = request.POST.getlist('user', [])
+        user_groups_select = request.POST.getlist('usergroup', [])
+        assets_select = request.POST.getlist('asset', [])
+        asset_groups_select = request.POST.getlist('assetgroup', [])
+        roles_select = request.POST.getlist('role', [])
+        rule_name = request.POST.get('rulename')
+        rule_comment = request.POST.get('comment')
+
+        # 获取需要授权的主机列表
+        assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select]
+        asset_groups_obj = [AssetGroup.objects.get(name=group) for group in asset_groups_select]
+        group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]]
+        calc_assets = set(group_assets_obj) | set(assets_obj)
+
+        # 获取需要授权的用户列表
+        users_obj = [User.objects.get(name=user) for user in users_select]
+        user_groups_obj = [UserGroup.objects.get(name=group) for group in user_groups_select]
+        group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]]
+        calc_users = set(group_users_obj) | set(users_obj)
+
+        # 获取授予的角色列表
+        roles_obj = [PermRole.objects.get(name=role) for role in roles_select]
+
+        # 调用Ansible API 执行授权 资源---Role---用户
+        # 生成Inventory, 这里需要向CMDB 获取认证信息（1. password， 2, key）
+        hosts = [{"hostname": asset.ip,
+                  "port": asset.port,
+                  "username": asset.username,
+                  "password": asset.password} for asset in calc_assets]
+        # 获取需要授权的角色名称
+        roles = [role.name for role in roles_obj]
+        # 调用Ansible API 执行 password方式的授权 TODO: Surport sudo
+        tasks = Tasks(hosts)
+        ret = tasks.add_multi_user(*roles)
+        # TODO: 调用Ansible API 执行 key方式的授权
+
+        # 计算授权成功和授权失败的主机 TODO: 记录成功和失败
+        perm_sucess = {}
+        perm_failed = {}
+        for role, status in ret.get('action_info').iteritems():
+            if status['status'] == 'failed':
+                failed_ip = status['msg'].keys()
+                perm_sucess[role] = [asset for asset in calc_assets if asset.ip not in failed_ip]
+                perm_failed[role] = [asset for asset in calc_assets if asset.ip in failed_ip]
+
+        if not perm_failed.values():
+            # 仅授权成功的，写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
+            rule = PermRule(name=rule_name, comment=rule_comment)
+            rule.save()
+            rule.user = users_obj
+            rule.usergroup = user_groups_obj
+            rule.asset = assets_obj
+            rule.asset_group = asset_groups_obj
+            rule.role = roles_obj
+            rule.save()
+            return HttpResponse(ret)
+        else:
+            return HttpResponse("add rule failed")
+
+@require_role('admin')
+def perm_rule_list(request):
+    """
+    list rules
+    :param request:
+    :return:
+    """
+
+    data_nav = {"header_title": "用户授权", "path1": "授权管理", "path2": "查看授权规则"}
+
    user_id = request.GET.get('id', '')
    user = get_object(User, id=user_id)

-    # 获取所有 资产 和 资产组
-    asset_all = Asset.objects.all()
-    asset_group_all = AssetGroup.objects.all()
-
-    # 获取授权的 资产对象列表 和 资产组对象列表
-    asset_permed = user.asset.all()
-    asset_group_permed = user.asset_group.all()
-
-    # 获取未授权的 资产对象列表 和 资产组对象列表
    if request.method == 'GET' and user:
-        assets = [asset for asset in asset_all if asset not in asset_permed]
-        asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
-        data_content = {"assets": assets, "asset_groups": asset_groups, "user": user}
+        # 获取所有的rule对象
+        rules = PermRule.obects.all()

-        render_data = updates_dict(data_nav, data_content)        
-        return my_render('jperm/perm_user_edit.html', render_data, request)

-    elif request.method == 'POST' and user:
-        # 获取选择的资产列表 和 资产组列表
-        asset_id_select = request.POST.getlist('asset_select', [])
-        asset_group_id_select = request.POST.getlist('asset_groups_select', [])
-        asset_select = get_object_list(Asset, asset_id_select)
-        asset_group_select = get_object_list(AssetGroup, asset_group_id_select)

-        # 新授权的资产对象列表, 回收权限的资产对象列表, 新授权的资产组对象列表, 回收的资产组对象列表
-        asset_new = list(set(asset_select) - set(asset_permed))
-        asset_del = list(set(asset_permed) - set(asset_select))
-        asset_group_new = list(set(asset_group_select) - set(asset_group_permed))
-        asset_group_del = list(set(asset_group_permed) - set(asset_group_select))
-
-        for asset_group in asset_group_new:
-            asset_new.extend(asset_group.asset_set.all())
-        for asset_group in asset_group_del:
-            asset_del.extend(asset_group.asset_set.all())
-        perm_info = {
-            'action': 'perm user edit: ' + user.name,
-            'del': {'users': [user], 'assets': asset_del},
-            'new': {'users': [user], 'assets': asset_new}
-        }
-        print perm_info
-        try:
-            results = perm_user_api(perm_info)  # 通过API授权或回收
-        except ServerError, e:
-            return HttpResponse(e)
-        unreachable_asset = []
-        failures_asset = []
-        for ip in results.get('unreachable'):
-            unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
-        for ip in results.get('failures'):
-            failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
-        failures_asset.extend(unreachable_asset)  # 失败的授权要统计
-        for asset in failures_asset:
-            if asset in asset_select:
-                asset_select.remove(asset)
-            else:
-                asset_select.append(asset)
-        user.asset = asset_select
-        user.asset_group = asset_group_select
-        user.save()  # 保存到数据库
-        return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
-    else:
-        return HttpResponse('输入错误')


@require_role('admin')
--- a/templates/jperm/perm_rule_detail.html
+++ b/templates/jperm/perm_rule_detail.html
--- a/templates/jperm/perm_rule_edit.html
+++ b/templates/jperm/perm_rule_edit.html
@ -0,0 +1,284 @@
+{% extends 'base.html' %}
+{% load mytags %}
+{% block content %}
+{% include 'nav_cat_bar.html' %}
+
+<div class="wrapper wrapper-content animated fadeInRight">
+    <div class="row">
+        <div class="col-sm-4">
+            <div class="ibox float-e-margins">
+                <div class="ibox-title">
+                    <h5> 未授权资源和资源组</h5>
+                    <div class="ibox-tools">
+                        <a class="collapse-link">
+                            <i class="fa fa-chevron-up"></i>
+                        </a>
+                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                            <i class="fa fa-wrench"></i>
+                        </a>
+                        <a class="close-link">
+                            <i class="fa fa-times"></i>
+                        </a>
+                    </div>
+                </div>
+
+                <div class="ibox-content">
+                    <div class="">
+{#                    <a target="_blank" href="/juser/user_add/" class="btn btn-sm btn-primary "> 添加用户 </a>#}
+                    <form id="search_form" method="get" action="" class="pull-right mail-search">
+                        <div class="input-group">
+                            <input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">
+                            <div class="input-group-btn">
+                                <button id='search_btn' type="submit" class="btn btn-sm btn-primary">
+                                    - 搜索 -
+                                </button>
+                            </div>
+                        </div>
+                    </form>
+                    </div>
+
+                    <table class="table table-striped table-bordered table-hover " id="editable" >
+                        <thead>
+                            <tr>
+                                <th class="text-center">主机</th>
+                                <th class="text-center">用户角色</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                        {% for user in users.object_list %}
+                            <tr class="gradeX">
+                                <td class="text-center"> 192.168.10.128 </td>
+                                <td class="text-center">
+                                    <div class="btn-group" data-toggle="buttons">
+                                       <label class="btn btn-xs btn-default">
+                                          <input type="checkbox"> SA
+                                       </label>
+                                    </div>
+                                    <div class="btn-group" data-toggle="buttons">
+                                       <label class="btn btn-xs btn-default">
+                                          <input type="checkbox"> DBA
+                                       </label>
+                                    </div>
+                                    <div class="btn-group" data-toggle="buttons">
+                                       <label class="btn btn-xs btn-default">
+                                          <input type="checkbox"> DEV
+                                       </label>
+                                    </div>
+                                </td>
+                            </tr>
+                        {% endfor %}
+                        </tbody>
+                    </table>
+                    <div class="row">
+                        <div class="col-sm-6">
+                            <div class="dataTables_info" id="editable_info" role="status" aria-live="polite">
+                                Showing {{ users.start_index }} to {{ users.end_index }} of {{ p.count }} entries
+                            </div>
+                        </div>
+                        {% include 'paginator.html' %}
+                    </div>
+                </div>
+
+            </div>
+            <div class="ibox float-e-margins">
+                <div class="ibox-title">
+                    <h5> 授权资源和资源组</h5>
+                    <div class="ibox-tools">
+                        <a class="collapse-link">
+                            <i class="fa fa-chevron-up"></i>
+                        </a>
+                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                            <i class="fa fa-wrench"></i>
+                        </a>
+                        <a class="close-link">
+                            <i class="fa fa-times"></i>
+                        </a>
+                    </div>
+                </div>
+
+                <div class="ibox-content">
+                    <div class="">
+                    <form id="search_form" method="get" action="" class="pull-right mail-search">
+                        <div class="input-group">
+                            <input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">
+                            <div class="input-group-btn">
+                                <button id='search_btn' type="submit" class="btn btn-sm btn-primary">
+                                    - 搜索 -
+                                </button>
+                            </div>
+                        </div>
+                    </form>
+                    </div>
+
+                    <table class="table table-striped table-bordered table-hover " id="editable" >
+                        <thead>
+                            <tr>
+                                <th class="text-center">主机</th>
+                                <th class="text-center">用户角色</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                        {% for user in users.object_list %}
+                            <tr class="gradeX">
+                                <td class="text-center"> {{ user.name }} </td>
+                                <td class="text-center">
+                                    <a href="../perm_user_detail/?id={{ user.id }}" class="btn btn-xs btn-primary">详情</a>
+                                    <a href="../perm_user_edit/?id={{ user.id }}" class="btn btn-xs btn-danger">编辑</a>
+                                </td>
+                            </tr>
+                        {% endfor %}
+                        </tbody>
+                    </table>
+                    <div class="row">
+                        <div class="col-sm-6">
+                            <div class="dataTables_info" id="editable_info" role="status" aria-live="polite">
+                                Showing {{ users.start_index }} to {{ users.end_index }} of {{ p.count }} entries
+                            </div>
+                        </div>
+                        {% include 'paginator.html' %}
+                    </div>
+                </div>
+
+            </div>
+        </div>
+        <div class="col-sm-3">
+            <div class="ibox float-e-margins">
+                <div class="ibox-title">
+                    <h5> 未授权资源和资源组</h5>
+                    <div class="ibox-tools">
+                        <a class="collapse-link">
+                            <i class="fa fa-chevron-up"></i>
+                        </a>
+                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                            <i class="fa fa-wrench"></i>
+                        </a>
+                        <a class="close-link">
+                            <i class="fa fa-times"></i>
+                        </a>
+                    </div>
+                </div>
+
+                <div class="ibox-content">
+                    <div class="">
+{#                    <a target="_blank" href="/juser/user_add/" class="btn btn-sm btn-primary "> 添加用户 </a>#}
+                    <form id="search_form" method="get" action="" class="pull-right mail-search">
+                        <div class="input-group">
+                            <input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">
+                            <div class="input-group-btn">
+                                <button id='search_btn' type="submit" class="btn btn-sm btn-primary">
+                                    - 搜索 -
+                                </button>
+                            </div>
+                        </div>
+                    </form>
+                    </div>
+
+                    <table class="table table-striped table-bordered table-hover " id="editable" >
+                        <thead>
+                            <tr>
+                                <th class="text-center">主机</th>
+                                <th class="text-center">用户角色</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                        {% for user in users.object_list %}
+                            <tr class="gradeX">
+                                <td class="text-center"> 192.168.10.128 </td>
+                                <td class="text-center">
+                                    <div class="btn-group" data-toggle="buttons">
+                                       <label class="btn btn-xs btn-default">
+                                          <input type="checkbox"> SA
+                                       </label>
+                                    </div>
+                                    <div class="btn-group" data-toggle="buttons">
+                                       <label class="btn btn-xs btn-default">
+                                          <input type="checkbox"> DBA
+                                       </label>
+                                    </div>
+                                    <div class="btn-group" data-toggle="buttons">
+                                       <label class="btn btn-xs btn-default">
+                                          <input type="checkbox"> DEV
+                                       </label>
+                                    </div>
+                                </td>
+                            </tr>
+                        {% endfor %}
+                        </tbody>
+                    </table>
+                    <div class="row">
+                        <div class="col-sm-6">
+                            <div class="dataTables_info" id="editable_info" role="status" aria-live="polite">
+                                Showing {{ users.start_index }} to {{ users.end_index }} of {{ p.count }} entries
+                            </div>
+                        </div>
+                        {% include 'paginator.html' %}
+                    </div>
+                </div>
+
+            </div>
+            <div class="ibox float-e-margins">
+                <div class="ibox-title">
+                    <h5> 授权资源和资源组</h5>
+                    <div class="ibox-tools">
+                        <a class="collapse-link">
+                            <i class="fa fa-chevron-up"></i>
+                        </a>
+                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                            <i class="fa fa-wrench"></i>
+                        </a>
+                        <a class="close-link">
+                            <i class="fa fa-times"></i>
+                        </a>
+                    </div>
+                </div>
+
+                <div class="ibox-content">
+                    <div class="">
+                    <form id="search_form" method="get" action="" class="pull-right mail-search">
+                        <div class="input-group">
+                            <input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">
+                            <div class="input-group-btn">
+                                <button id='search_btn' type="submit" class="btn btn-sm btn-primary">
+                                    - 搜索 -
+                                </button>
+                            </div>
+                        </div>
+                    </form>
+                    </div>
+
+                    <table class="table table-striped table-bordered table-hover " id="editable" >
+                        <thead>
+                            <tr>
+                                <th class="text-center">主机</th>
+                                <th class="text-center">用户角色</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                        {% for user in users.object_list %}
+                            <tr class="gradeX">
+                                <td class="text-center"> {{ user.name }} </td>
+                                <td class="text-center">
+                                    <a href="../perm_user_detail/?id={{ user.id }}" class="btn btn-xs btn-primary">详情</a>
+                                    <a href="../perm_user_edit/?id={{ user.id }}" class="btn btn-xs btn-danger">编辑</a>
+                                </td>
+                            </tr>
+                        {% endfor %}
+                        </tbody>
+                    </table>
+                    <div class="row">
+                        <div class="col-sm-6">
+                            <div class="dataTables_info" id="editable_info" role="status" aria-live="polite">
+                                Showing {{ users.start_index }} to {{ users.end_index }} of {{ p.count }} entries
+                            </div>
+                        </div>
+                        {% include 'paginator.html' %}
+                    </div>
+                </div>
+
+            </div>
+        </div>    
+    </div>
+</div>
+
+{% endblock %}
+
--- a/templates/jperm/perm_user_list.html
+++ b/templates/jperm/perm_user_list.html
@ -8,7 +8,7 @@
        <div class="col-lg-10">
            <div class="ibox float-e-margins">
                <div class="ibox-title">
-                    <h5> 查看小组</h5>
+                    <h5> 所有规则</h5>
                    <div class="ibox-tools">
                        <a class="collapse-link">
                            <i class="fa fa-chevron-up"></i>
@ -24,7 +24,8 @@

                <div class="ibox-content">
                    <div class="">
-                    <a target="_blank" href="/juser/user_add/" class="btn btn-sm btn-primary "> 添加用户 </a>
+                    <a target="_blank" href="/jperm/perm_user_edit/" class="btn btn-sm btn-primary "> 添加规则 </a>
+                    <a id="del_btn" class="btn btn-sm btn-danger "> 删除所选 </a>
                    <form id="search_form" method="get" action="" class="pull-right mail-search">
                        <div class="input-group">
                            <input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">
@ -40,25 +41,38 @@
                    <table class="table table-striped table-bordered table-hover " id="editable" >
                        <thead>
                            <tr>
+                                <th class="text-center">规则名称 </th>
                                <th class="text-center">用户</th>
-                                <th class="text-center">所属用户组</th>
-                                <th class="text-center">授权资产</th>
-                                <th class="text-center">授权资产组</th>
+                                <th class="text-center">用户组</th>
+                                <th class="text-center">资产</th>
+                                <th class="text-center">资产组</th>
+                                <th class="text-center">角色</th>
                                <th class="text-center">操作</th>
                            </tr>
                        </thead>
                        <tbody>
-                        {% for user in users.object_list %}
+                        {% for rule in rules %}
                            <tr class="gradeX">
-                                <td class="text-center"> {{ user.name }} </td>
+                                <td class="text-center"> {{ rule.name }} </td>
                                <td class="text-center">
-                                    <a href="/juser/user_list/?gid={{ user.id }}">{{ user.group.all | groups2str  }} </a>
+                                    <a href="/jasset/asset_list/?gid={{ user.id }}">{{ rule | rule_member_count:"user" }} </a>
+                                </td>
+                                <td class="text-center">
+                                    <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"usergroup" }}</a>
+                                </td>
+                                <td class="text-center">
+                                    <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"asset" }}</a>
+                                </td>
+                                <td class="text-center">
+                                    <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"asset_group" }}</a>
+                                </td>
+                                <td class="text-center">
+                                    <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"role" }}</a>
                                </td>
-                                <td class="text-center"> <a href="/jasset/asset_list/?gid={{ user.id }}">{{ user.name }} </a> </td>
-                                <td class="text-center"> <a href="/jasset/group_list/?gid={{ user.id }}">{{ user.name }}</a></td>
                                <td class="text-center">
                                    <a href="../perm_user_detail/?id={{ user.id }}" class="btn btn-xs btn-primary">详情</a>
-                                    <a href="../perm_user_edit/?id={{ user.id }}" class="btn btn-xs btn-danger">编辑</a>
+                                    <a href="../perm_user_edit/?id={{ user.id }}" class="btn btn-xs btn-info">编辑</a>
+                                    <a href="../perm_user_edit/?id={{ user.id }}" class="btn btn-xs btn-danger">删除</a>
                                </td>
                            </tr>
                        {% endfor %}
--- a/templates/jperm/perm_user_edit.html
+++ b/templates/jperm/perm_user_edit.html
@ -1,122 +0,0 @@
-{% extends 'base.html' %}
-{% load mytags %}
-{% block content %}
-{% include 'nav_cat_bar.html' %}
-
-<div class="wrapper wrapper-content animated fadeInRight">
-    <div class="row">
-        <div class="col-lg-10">
-            <div class="ibox float-e-margins">
-                <div class="ibox-title">
-                    <h5> {{ user.name }}授权修改</h5>
-                    <div class="ibox-tools">
-                        <a class="collapse-link">
-                            <i class="fa fa-chevron-up"></i>
-                        </a>
-                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                            <i class="fa fa-wrench"></i>
-                        </a>
-                        <a class="close-link">
-                            <i class="fa fa-times"></i>
-                        </a>
-                    </div>
-                </div>
-
-                <div class="ibox-content">
-                    <form id="userPerm" method="post" class="form-horizontal" action="../perm_user_edit/?id={{ user.id }}">
-                        {% if error %}
-                            <div class="alert alert-warning text-center">{{ error }}</div>
-                        {% endif %}
-                        {% if msg %}
-                            <div class="alert alert-success text-center">{{ msg }}</div>
-                        {% endif %}
-                        <div class="row">
-                            <div class="form-group">
-                                <label for="" class="col-sm-2 control-label">用户<span class="red-fonts">*</span></label>
-                                <div class="col-sm-4">
-                                    <input id="user_group_name" name="user_group_name"  type="text" class="form-control" value="{{ user.name }}" readonly>
-                                </div>
-                            </div>
-
-                            <div class="hr-line-dashed"></div>
-
-                            <div class="form-group">
-                                <label for="" class="col-sm-2 control-label">资产<span class="red-fonts">*</span></label>
-                                <div class="col-sm-4">
-                                    <div>
-                                        <select id="assets" name="assets" class="form-control m-b" size="12" multiple>
-                                            {% for asset in assets %}
-                                            <option value="{{ asset.id }}">{{ asset.ip }}</option>
-                                            {% endfor %}
-                                        </select>
-                                    </div>
-                                </div>
-
-                                <div class="col-sm-1">
-                                    <div class="btn-group" style="margin-top: 42px;">
-                                        <button type="button" class="btn btn-white" onclick="move('assets', 'asset_select')"><i class="fa fa-chevron-right"></i></button>
-                                        <button type="button" class="btn btn-white" onclick="move('asset_select', 'assets')"><i class="fa fa-chevron-left"></i> </button>
-                                    </div>
-                                </div>
-
-                                <div class="col-sm-3">
-                                    <div>
-                                        <select id="asset_select" name="asset_select" class="form-control m-b" size="12"  multiple>
-                                            {% for asset in asset_permed %}
-                                            <option value="{{ asset.id }}">{{ asset.ip }}</option>
-                                            {% endfor %}
-                                        </select>
-                                    </div>
-                                </div>
-                            </div>
-
-                            <div class="hr-line-dashed"></div>
-
-                            <div class="form-group">
-                                <label for="" class="col-sm-2 control-label">资产组<span class="red-fonts">*</span></label>
-                                <div class="col-sm-4">
-                                    <div>
-                                        <select id="asset_groups" name="asset_groups" class="form-control m-b" size="12" multiple>
-                                            {% for asset_group in asset_groups %}
-                                            <option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
-                                            {% endfor %}
-                                        </select>
-                                    </div>
-                                </div>
-
-                                <div class="col-sm-1">
-                                    <div class="btn-group" style="margin-top: 42px;">
-                                        <button type="button" class="btn btn-white" onclick="move('asset_groups', 'asset_groups_select')"><i class="fa fa-chevron-right"></i></button>
-                                        <button type="button" class="btn btn-white" onclick="move('asset_groups_select', 'asset_groups')"><i class="fa fa-chevron-left"></i> </button>
-                                    </div>
-                                </div>
-
-                                <div class="col-sm-3">
-                                    <div>
-                                        <select id="asset_groups_select" name="asset_groups_select" class="form-control m-b" size="12"  multiple>
-                                            {% for asset_group in asset_group_permed %}
-                                            <option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
-                                            {% endfor %}
-                                        </select>
-                                    </div>
-                                </div>
-                            </div>
-                        </div>
-
-                        <div class="row">
-                            <div class="form-group">
-                                <div class="col-sm-4 col-sm-offset-2">
-                                    <button class="btn btn-white" type="reset">取消</button>
-                                    <button id="submit_button" class="btn btn-primary" type="submit" onclick="selectAll()">确认保存</button>
-                                </div>
-                            </div>
-                        </div>
-                    </form>
-
-                </div>
-            </div>
-        </div>
-    </div>
-</div>
-
-{% endblock %}