Merge branch 'guanghongwei' into wangyong

pull/6/head
halcyon 2015-03-24 17:05:17 +08:00
commit 6816f941d9
13 changed files with 220 additions and 100 deletions

View File

@ -127,13 +127,13 @@ def test_add_log():
if __name__ == '__main__':
#install()
#test_add_dept()
#test_add_group()
#test_add_user()
#test_add_idc()
#test_add_asset_group()
#test_add_asset()
install()
test_add_dept()
test_add_group()
test_add_user()
test_add_idc()
test_add_asset_group()
test_add_asset()
test_add_log()

View File

@ -14,6 +14,7 @@ class Perm(models.Model):
class CmdGroup(models.Model):
name = models.CharField(max_length=50)
cmd = models.CharField(max_length=999)
dept = models.ForeignKey(DEPT)
comment = models.CharField(blank=True, null=True, max_length=50)
def __unicode__(self):

View File

@ -1,23 +1,22 @@
from django.conf.urls import patterns, include, url
from jumpserver.api import view_splitter
from jperm.views import *
urlpatterns = patterns('jperm.views',
# Examples:
# url(r'^$', 'jumpserver.views.home', name='home'),
# url(r'^blog/', include('blog.urls')),
(r'^perm_edit/$', 'perm_edit'),
(r'^perm_add/$', 'perm_add'),
(r'^perm_edit/$', view_splitter, {'su': perm_edit, 'adm': perm_edit_adm}),
(r'^dept_perm_edit/$', 'dept_perm_edit'),
(r'^perm_list/$', 'perm_list'),
(r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}),
(r'^dept_perm_list/$', 'dept_perm_list'),
(r'^perm_user_detail/$', 'perm_user_detail'),
# (r'^perm_list_ajax/$', 'perm_list_ajax'),
(r'^perm_detail/$', 'perm_detail'),
(r'^perm_del/$', 'perm_del'),
(r'^perm_asset_detail/$', 'perm_asset_detail'),
(r'^sudo_list/$', 'sudo_list'),
(r'^sudo_add/$', 'sudo_add'),
(r'^sudo_add/$', view_splitter, {'su': sudo_add, 'adm': sudo_add_adm}),
(r'^sudo_del/$', 'sudo_del'),
(r'^sudo_edit/$', 'sudo_edit'),
(r'^sudo_detail/$', 'sudo_detail'),

View File

@ -86,7 +86,7 @@ def dept_perm_edit(request):
return render_to_response('jperm/dept_perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
@require_super_user
def perm_list(request):
header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
keyword = request.GET.get('search', '')
@ -99,6 +99,19 @@ def perm_list(request):
return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_list_adm(request):
header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
keyword = request.GET.get('search', '')
user, dept = get_session_user_dept(request)
contact_list = dept.usergroup_set.all().order_by('name')
if keyword:
contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
@require_super_user
def dept_perm_list(request):
header_title, path1, path2 = '查看部门', '授权管理', '部门授权'
@ -153,6 +166,28 @@ def perm_edit(request):
return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_edit_adm(request):
if request.method == 'GET':
header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑'
user_group_id = request.GET.get('id', '')
user_group = UserGroup.objects.filter(id=user_group_id)
user, dept = get_session_user_dept(request)
if user_group:
user_group = user_group[0]
asset_groups_all = dept.bisgroup_set.all()
asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()]
asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select]
else:
user_group_id = request.POST.get('user_group_id')
asset_group_id_list = request.POST.getlist('asset_groups_select')
if not validate(request, user_group=[user_group_id], asset_group=asset_group_id_list):
return HttpResponseRedirect('/jperm/perm_list/')
perm_group_update(user_group_id, asset_group_id_list)
return HttpResponseRedirect('/jperm/perm_list/')
return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_detail(request):
header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权详情'
@ -271,7 +306,7 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select,
ldap_conn.add(sudo_dn, sudo_attr)
@require_admin
@require_super_user
def sudo_add(request):
header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限'
user_groups = UserGroup.objects.filter(id__gt=2)
@ -294,6 +329,30 @@ def sudo_add(request):
return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_add_adm(request):
header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限'
user, dept = get_session_user_dept(request)
user_groups = dept.usergroup_set.filter(id__gt=2)
asset_groups = dept.bisgroup_set.all()
cmd_groups = CmdGroup.objects.all()
if request.method == 'POST':
name = request.POST.get('name')
users_runas = request.POST.get('runas', 'root')
user_groups_select = request.POST.getlist('user_groups_select')
asset_groups_select = request.POST.getlist('asset_groups_select')
cmd_groups_select = request.POST.getlist('cmd_groups_select')
comment = request.POST.get('comment', '')
if LDAP_ENABLE:
sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment)
sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select)
msg = '添加成功'
return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_list(request):
header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情'
@ -391,13 +450,20 @@ def sudo_del(request):
@require_admin
def cmd_add(request):
header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加'
dept_all = DEPT.objects.all()
if request.method == 'POST':
name = request.POST.get('name')
dept_id = request.POST.get('dept_id')
cmd = ','.join(request.POST.get('cmd').split())
comment = request.POST.get('comment')
CmdGroup.objects.create(name=name, cmd=cmd, comment=comment)
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
else:
error = u"部门不能为空"
msg = u'命令组添加成功'
return HttpResponseRedirect('/jperm/cmd_list/')

View File

@ -10,9 +10,8 @@ from binascii import b2a_hex, a2b_hex
import ldap
from ldap import modlist
import hashlib
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.http import HttpResponse, Http404
from juser.models import User, UserGroup
from jasset.models import Asset, BisGroup
from jlog.models import Log
@ -109,6 +108,41 @@ def md5_crypt(string):
return hashlib.new("md5", string).hexdigest()
def page_list_return(total, current=1):
min_page = current - 2 if current - 4 > 0 else 1
max_page = min_page + 4 if min_page + 4 < total else total
return range(min_page, max_page+1)
def pages(posts, r):
"""分页公用函数"""
contact_list = posts
p = paginator = Paginator(contact_list, 10)
try:
current_page = int(r.GET.get('page', '1'))
except ValueError:
current_page = 1
page_range = page_list_return(len(p.page_range), current_page)
try:
contacts = paginator.page(current_page)
except (EmptyPage, InvalidPage):
contacts = paginator.page(paginator.num_pages)
if current_page >= 5:
show_first = 1
else:
show_first = 0
if current_page <= (len(p.page_range) - 3):
show_end = 1
else:
show_end = 0
return contact_list, p, contacts, page_range, current_page, show_first, show_end
def get_session_user_dept(request):
user_id = request.session.get('user_id', '')
user = User.objects.filter(id=user_id)
@ -257,7 +291,7 @@ def asset_perm_api(asset):
user_group_list = []
for perm in perm_list:
user_group_list.extend(perm.user_group.all())
user_group_list.append(perm.user_group)
user_permed_list = []
for user_group in user_group_list:

View File

@ -181,7 +181,7 @@ def to_name(user_id):
@register.filter(name='to_role_name')
def to_role_name(role_id):
role_dict = {'0': '普通用户', '1': '管理员', '2': '超级管理员'}
role_dict = {'0': '普通用户', '1': '部门管理员', '2': '超级管理员'}
return role_dict.get(str(role_id), '未知')
@register.filter(name='to_avatar')

View File

@ -1,22 +1,11 @@
# coding: utf-8
import hashlib
from ConfigParser import ConfigParser
import os
import datetime
import json
from django.db.models import Count
from django.shortcuts import render_to_response
from django.http import HttpResponse
from django.http import HttpResponseRedirect
from django.template import RequestContext
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.template import RequestContext
from juser.models import User, UserGroup
from jlog.models import Log
from jasset.models import Asset, BisGroup, IDC
from jasset.models import IDC
from jumpserver.api import *
@ -95,13 +84,6 @@ def jasset_group_add(name, comment, jtype):
smg = u'业务组%s添加成功' % name
def page_list_return(total, current=1):
min_page = current - 2 if current - 4 > 0 else 1
max_page = min_page + 4 if min_page + 4 < total else total
return range(min_page, max_page+1)
def jasset_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_active, j_comment, j_user='', j_password=''):
groups = []
is_active = {u'': '1', u'': '2'}

View File

@ -20,7 +20,7 @@ urlpatterns = patterns('juser.views',
(r'^group_del/$', view_splitter, {'su': group_del, 'adm': group_del_adm}),
(r'^group_del_ajax/$', 'group_del_ajax'),
(r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}),
(r'^user_add/$', 'user_add'),
(r'^user_add/$', view_splitter, {'su': user_add, 'adm': user_add_adm}),
(r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
(r'^user_detail/$', 'user_detail'),
(r'^user_del/$', 'user_del'),

View File

@ -2,33 +2,20 @@
# Author: Guanghongwei
# Email: ibuler@qq.com
import time
import os
import random
import subprocess
from Crypto.PublicKey import RSA
import crypt
from django.http import HttpResponseRedirect
import datetime
from django.shortcuts import render_to_response
from django.core.exceptions import ObjectDoesNotExist
from django.db.models import Q
from django.template import RequestContext
from django.http import HttpResponse
from juser.models import UserGroup, User, DEPT
from connect import BASE_DIR
from connect import CONF
from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn, page_list_return, pages
from juser.models import DEPT
from jumpserver.api import *
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
def gen_rand_pwd(num):
"""生成随机密码"""
@ -601,7 +588,7 @@ def group_edit_adm(request):
return HttpResponseRedirect('/juser/group_list/')
@require_admin
@require_super_user
def user_add(request):
error = ''
msg = ''
@ -668,6 +655,63 @@ def user_add(request):
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_add_adm(request):
error = ''
msg = ''
header_title, path1, path2 = '添加用户', '用户管理', '添加用户'
user, dept = get_session_user_dept(request)
group_all = dept.usergroup_set.all()
if request.method == 'POST':
username = request.POST.get('username', '')
password = request.POST.get('password', '')
name = request.POST.get('name', '')
email = request.POST.get('email', '')
groups = request.POST.getlist('groups', [])
ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
is_active = True if request.POST.get('is_active', '1') == '1' else False
ldap_pwd = gen_rand_pwd(16)
try:
if '' in [username, password, ssh_key_pwd, name, groups, is_active]:
error = u'带*内容不能为空'
raise AddError
user = User.objects.filter(username=username)
if user:
error = u'用户 %s 已存在' % username
raise AddError
except AddError:
pass
else:
try:
db_add_user(username=username,
password=md5_crypt(password),
name=name, email=email, dept=dept,
groups=groups, role='CU',
ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
is_active=is_active,
date_joined=datetime.datetime.now())
server_add_user(username, password, ssh_key_pwd)
if LDAP_ENABLE:
ldap_add_user(username, ldap_pwd)
msg = u'添加用户 %s 成功!' % username
except Exception, e:
error = u'添加用户 %s 失败 %s ' % (username, e)
try:
db_del_user(username)
server_del_user(username)
if LDAP_ENABLE:
ldap_del_user(username)
except Exception:
pass
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_super_user
def user_list(request):
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}

View File

@ -65,8 +65,6 @@
<td class="text-center"> {{ group.id | ugrp_perm_asset_count }} </td>
<td class="text-center"> {{ group.comment }} </td>
<td class="text-center">
<a href="../perm_edit/?id={{ group.id }}" class="btn btn-xs btn-primary">主机组</a>
<a href="../perm_edit/?id={{ group.id }}" class="btn btn-xs btn-info">主机</a>
<a href="../perm_edit/?id={{ group.id }}" class="btn btn-xs btn-danger">授权编辑</a>
</td>
</tr>

View File

@ -57,6 +57,19 @@
<input id="cmd_group_id" name="cmd_group_id" type="text" class="form-control" value="{{ cmd_group_id }}" style="display: none">
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="dept_id" class="col-sm-2 control-label">部门<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select id="dept_id" name="dept_id" class="form-control m-b">
{% for dept in dept_all %}
<option value="{{ dept.id }}" selected>{{ dept.name }}</option>
{% endfor %}
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="group_type" class="col-sm-2 control-label">命令<span class="red-fonts">*</span></label>

View File

@ -69,6 +69,7 @@
<input id="name" name="name" placeholder="Name" type="text" class="form-control" {% if error %}value="{{ name }}" {% endif %} >
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="dept_id" class="col-lg-2 control-label">部门<span class="red-fonts">*</span></label>
@ -80,6 +81,7 @@
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="groups" class="col-lg-2 control-label">小组</label>
@ -95,6 +97,7 @@
</select>
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-lg-2 control-label">角色<span class="red-fonts">*</span></label>
@ -110,6 +113,7 @@
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email<span class="red-fonts">*</span></label>

View File

@ -50,21 +50,16 @@
</li>
</ul>
</li>
{# <li id="jlog">#}
{# <a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>#}
{# <ul class="nav nav-second-level">#}
{# <li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>#}
{# <li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>#}
{# </ul>#}
{# </li>#}
<li id="jlog">
<a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>
<li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>
</ul>
<a href="/jlog/log_list/online/"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="label label-info pull-right"></span></a>
</li>
<li>
<a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li><a href="/file/upload/">文件上传</a></li>
<li><a href="/file/download/">文件下载</a></li>
</ul>
</li>
<li class="special_link">
<a href="http://www.jumpserver.org" target="_blank"><i class="fa fa-database"></i> <span class="nav-label">访问官网</span></a>
</li>
@ -120,18 +115,7 @@
</ul>
</li>
<li id="jlog">
<a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>
<li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>
</ul>
</li>
<li>
<a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li><a href="/file/upload/">文件上传</a></li>
<li><a href="/file/download/">文件下载</a></li>
</ul>
<a href="/jlog/log_list/online/"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="label label-info pull-right"></span></a>
</li>
<li class="special_link">
@ -150,27 +134,19 @@
<li>
<a href="/"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span><span class="label label-info pull-right"></span></a>
</li>
<li id="juser">
<a href="#"><i class="fa fa-rebel"></i> <span class="nav-label">用户管理</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li id="user_list"><a href="/juser/user_list/">查看用户<span class="label {% ifequal user_active_num user_total_num %}label-primary {% else %}label-warning {% endifequal %}pull-right">{{ user_active_num }}/{{ user_total_num }}</span></a></li>
</ul>
<li>
<a href="/"><i class="fa fa-rebel"></i> <span class="nav-label">个人信息</span><span class="label label-info pull-right"></span></a>
</li>
<li id="jasset">
<a><i class="fa fa-cube"></i> <span class="nav-label">资产管理</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li class="host_list"><a href="/jasset/host_list/">查看资产&nbsp&nbsp</span><span class="label label-info pull-right">16/18</span></a></li>
<li class="jgroup_list group_detail"><a href="/jasset/jgroup_list/">查看主机组</a></li>
<li class="idc_list idc_detail"><a href="/jasset/idc_list/">查看IDC</a></li>
</ul>
<li>
<a href="/"><i class="fa fa-cube"></i> <span class="nav-label">查看主机</span><span class="label label-info pull-right"></span></a>
</li>
<li id="jlog">
<a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>
<li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>
</ul>
<li>
<a href="/"><i class="fa fa-cube"></i> <span class="nav-label">申请主机</span><span class="label label-info pull-right"></span></a>
</li>
<li>
<a href="/"><i class="fa fa-files-o"></i> <span class="nav-label">登录历史</span><span class="label label-info pull-right"></span></a>
</li>
<li>
<a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
@ -178,6 +154,9 @@
<li><a href="/file/download/">文件下载</a></li>
</ul>
</li>
<li>
<a href="/"><i class="fa fa-files-o"></i> <span class="nav-label">使用说明</span><span class="label label-info pull-right"></span></a>
</li>
<li class="special_link">
<a href="http://www.jumpserver.org" target="_blank"><i class="fa fa-database"></i> <span class="nav-label">访问官网</span></a>