Merge branch 'guanghongwei' into wangyong

2015-03-24 17:05:17 +08:00 · 2015-03-24 17:05:17 +08:00 · 6816f941d9
parent 1dddd98741 0c31968e3c
commit 6816f941d9
13 changed files with 220 additions and 100 deletions
--- a/docs/AddUserAsset.py
+++ b/docs/AddUserAsset.py
@ -127,13 +127,13 @@ def test_add_log():
 if __name__ == '__main__':
-    #install()
+    install()
-    #test_add_dept()
+    test_add_dept()
-    #test_add_group()
+    test_add_group()
-    #test_add_user()
+    test_add_user()
-    #test_add_idc()
+    test_add_idc()
-    #test_add_asset_group()
+    test_add_asset_group()
-    #test_add_asset()
+    test_add_asset()
    test_add_log()
--- a/jperm/models.py
+++ b/jperm/models.py
@ -14,6 +14,7 @@ class Perm(models.Model):
 class CmdGroup(models.Model):
    name = models.CharField(max_length=50)
    cmd = models.CharField(max_length=999)
    dept = models.ForeignKey(DEPT)
    comment = models.CharField(blank=True, null=True, max_length=50)
    def __unicode__(self):
--- a/jperm/urls.py
+++ b/jperm/urls.py
@ -1,23 +1,22 @@
 from django.conf.urls import patterns, include, url
-
+from jumpserver.api import view_splitter
 from jperm.views import *
 urlpatterns = patterns('jperm.views',
    # Examples:
    # url(r'^$', 'jumpserver.views.home', name='home'),
    # url(r'^blog/', include('blog.urls')),
-    (r'^perm_edit/$', 'perm_edit'),
+    (r'^perm_edit/$', view_splitter, {'su': perm_edit, 'adm': perm_edit_adm}),
    (r'^perm_add/$', 'perm_add'),
    (r'^dept_perm_edit/$', 'dept_perm_edit'),
-    (r'^perm_list/$', 'perm_list'),
+    (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}),
    (r'^dept_perm_list/$', 'dept_perm_list'),
    (r'^perm_user_detail/$', 'perm_user_detail'),
    # (r'^perm_list_ajax/$', 'perm_list_ajax'),
    (r'^perm_detail/$', 'perm_detail'),
    (r'^perm_del/$', 'perm_del'),
    (r'^perm_asset_detail/$', 'perm_asset_detail'),
    (r'^sudo_list/$', 'sudo_list'),
-    (r'^sudo_add/$', 'sudo_add'),
+    (r'^sudo_add/$', view_splitter, {'su': sudo_add, 'adm': sudo_add_adm}),
    (r'^sudo_del/$', 'sudo_del'),
    (r'^sudo_edit/$', 'sudo_edit'),
    (r'^sudo_detail/$', 'sudo_detail'),
--- a/jperm/views.py
+++ b/jperm/views.py
@ -86,7 +86,7 @@ def dept_perm_edit(request):
    return render_to_response('jperm/dept_perm_edit.html', locals(), context_instance=RequestContext(request))
-@require_admin
+@require_super_user
 def perm_list(request):
    header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
    keyword = request.GET.get('search', '')
@ -99,6 +99,19 @@ def perm_list(request):
    return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
@require_admin
 def perm_list_adm(request):
    header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
    keyword = request.GET.get('search', '')
    user, dept = get_session_user_dept(request)
    contact_list = dept.usergroup_set.all().order_by('name')
    if keyword:
        contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
    contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
    return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
@require_super_user
 def dept_perm_list(request):
    header_title, path1, path2 = '查看部门', '授权管理', '部门授权'
@ -153,6 +166,28 @@ def perm_edit(request):
    return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
 def perm_edit_adm(request):
    if request.method == 'GET':
        header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑'
        user_group_id = request.GET.get('id', '')
        user_group = UserGroup.objects.filter(id=user_group_id)
        user, dept = get_session_user_dept(request)
        if user_group:
            user_group = user_group[0]
            asset_groups_all = dept.bisgroup_set.all()
            asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()]
            asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select]
    else:
        user_group_id = request.POST.get('user_group_id')
        asset_group_id_list = request.POST.getlist('asset_groups_select')
        if not validate(request, user_group=[user_group_id], asset_group=asset_group_id_list):
            return HttpResponseRedirect('/jperm/perm_list/')
        perm_group_update(user_group_id, asset_group_id_list)
        return HttpResponseRedirect('/jperm/perm_list/')
    return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
 def perm_detail(request):
    header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权详情'
@ -271,7 +306,7 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select,
    ldap_conn.add(sudo_dn, sudo_attr)
-@require_admin
+@require_super_user
 def sudo_add(request):
    header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限'
    user_groups = UserGroup.objects.filter(id__gt=2)
@ -294,6 +329,30 @@ def sudo_add(request):
    return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
@require_admin
 def sudo_add_adm(request):
    header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限'
    user, dept = get_session_user_dept(request)
    user_groups = dept.usergroup_set.filter(id__gt=2)
    asset_groups = dept.bisgroup_set.all()
    cmd_groups = CmdGroup.objects.all()
    if request.method == 'POST':
        name = request.POST.get('name')
        users_runas = request.POST.get('runas', 'root')
        user_groups_select = request.POST.getlist('user_groups_select')
        asset_groups_select = request.POST.getlist('asset_groups_select')
        cmd_groups_select = request.POST.getlist('cmd_groups_select')
        comment = request.POST.get('comment', '')
        if LDAP_ENABLE:
            sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment)
            sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select)
        msg = '添加成功'
    return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
@require_admin
 def sudo_list(request):
    header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情'
@ -391,13 +450,20 @@ def sudo_del(request):
@require_admin
 def cmd_add(request):
    header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加'
    dept_all = DEPT.objects.all()
    if request.method == 'POST':
        name = request.POST.get('name')
        dept_id = request.POST.get('dept_id')
        cmd = ','.join(request.POST.get('cmd').split())
        comment = request.POST.get('comment')
-        CmdGroup.objects.create(name=name, cmd=cmd, comment=comment)
+        dept = DEPT.objects.filter(id=dept_id)
        if dept:
            dept = dept[0]
            CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
        else:
            error = u"部门不能为空"
        msg = u'命令组添加成功'
        return HttpResponseRedirect('/jperm/cmd_list/')
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@ -10,9 +10,8 @@ from binascii import b2a_hex, a2b_hex
 import ldap
 from ldap import modlist
 import hashlib
-
+from django.core.paginator import Paginator, EmptyPage, InvalidPage
 from django.http import HttpResponse, Http404
 from juser.models import User, UserGroup
 from jasset.models import Asset, BisGroup
 from jlog.models import Log
@ -109,6 +108,41 @@ def md5_crypt(string):
    return hashlib.new("md5", string).hexdigest()
 def page_list_return(total, current=1):
    min_page = current - 2 if current - 4 > 0 else 1
    max_page = min_page + 4 if min_page + 4 < total else total
    return range(min_page, max_page+1)
 def pages(posts, r):
    """分页公用函数"""
    contact_list = posts
    p = paginator = Paginator(contact_list, 10)
    try:
        current_page = int(r.GET.get('page', '1'))
    except ValueError:
        current_page = 1
    page_range = page_list_return(len(p.page_range), current_page)
    try:
        contacts = paginator.page(current_page)
    except (EmptyPage, InvalidPage):
        contacts = paginator.page(paginator.num_pages)
    if current_page >= 5:
        show_first = 1
    else:
        show_first = 0
    if current_page <= (len(p.page_range) - 3):
        show_end = 1
    else:
        show_end = 0
    return contact_list, p, contacts, page_range, current_page, show_first, show_end
 def get_session_user_dept(request):
    user_id = request.session.get('user_id', '')
    user = User.objects.filter(id=user_id)
@ -257,7 +291,7 @@ def asset_perm_api(asset):
        user_group_list = []
        for perm in perm_list:
-            user_group_list.extend(perm.user_group.all())
+            user_group_list.append(perm.user_group)
        user_permed_list = []
        for user_group in user_group_list:
--- a/jumpserver/templatetags/mytags.py
+++ b/jumpserver/templatetags/mytags.py
@ -181,7 +181,7 @@ def to_name(user_id):
@register.filter(name='to_role_name')
 def to_role_name(role_id):
-    role_dict = {'0': '普通用户', '1': '组管理员', '2': '超级管理员'}
+    role_dict = {'0': '普通用户', '1': '部门管理员', '2': '超级管理员'}
    return role_dict.get(str(role_id), '未知')
@register.filter(name='to_avatar')
--- a/jumpserver/views.py
+++ b/jumpserver/views.py
@ -1,22 +1,11 @@
 # coding: utf-8
 import hashlib
 from ConfigParser import ConfigParser
 import os
 import datetime
 import json
 from django.db.models import Count
 from django.shortcuts import render_to_response
 from django.http import HttpResponse
 from django.http import HttpResponseRedirect
 from django.template import RequestContext
-from django.core.paginator import Paginator, EmptyPage, InvalidPage
+from jasset.models import IDC
 from django.template import RequestContext
 from juser.models import User, UserGroup
 from jlog.models import Log
 from jasset.models import Asset, BisGroup, IDC
 from jumpserver.api import *
@ -95,13 +84,6 @@ def jasset_group_add(name, comment, jtype):
        smg = u'业务组%s添加成功' % name
 def page_list_return(total, current=1):
    min_page = current - 2 if current - 4 > 0 else 1
    max_page = min_page + 4 if min_page + 4 < total else total
    return range(min_page, max_page+1)
 def jasset_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_active, j_comment, j_user='', j_password=''):
    groups = []
    is_active = {u'是': '1', u'否': '2'}
--- a/juser/urls.py
+++ b/juser/urls.py
@ -20,7 +20,7 @@ urlpatterns = patterns('juser.views',
    (r'^group_del/$', view_splitter, {'su': group_del, 'adm': group_del_adm}),
    (r'^group_del_ajax/$', 'group_del_ajax'),
    (r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}),
-    (r'^user_add/$', 'user_add'),
+    (r'^user_add/$', view_splitter, {'su': user_add, 'adm': user_add_adm}),
    (r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
    (r'^user_detail/$', 'user_detail'),
    (r'^user_del/$', 'user_del'),
--- a/juser/views.py
+++ b/juser/views.py
@ -2,33 +2,20 @@
 # Author: Guanghongwei
 # Email: ibuler@qq.com
 import time
 import os
 import random
 import subprocess
 from Crypto.PublicKey import RSA
 import crypt
 from django.http import HttpResponseRedirect
 import datetime
 from django.shortcuts import render_to_response
 from django.core.exceptions import ObjectDoesNotExist
 from django.db.models import Q
 from django.template import RequestContext
 from django.http import HttpResponse
-from juser.models import UserGroup, User, DEPT
+from juser.models import DEPT
 from connect import BASE_DIR
 from connect import CONF
 from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn, page_list_return, pages
 from jumpserver.api import *
 if LDAP_ENABLE:
    LDAP_HOST_URL = CONF.get('ldap', 'host_url')
    LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
    LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
    LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')
 def gen_rand_pwd(num):
    """生成随机密码"""
@ -601,7 +588,7 @@ def group_edit_adm(request):
        return HttpResponseRedirect('/juser/group_list/')
-@require_admin
+@require_super_user
 def user_add(request):
    error = ''
    msg = ''
@ -668,6 +655,63 @@ def user_add(request):
    return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_admin
 def user_add_adm(request):
    error = ''
    msg = ''
    header_title, path1, path2 = '添加用户', '用户管理', '添加用户'
    user, dept = get_session_user_dept(request)
    group_all = dept.usergroup_set.all()
    if request.method == 'POST':
        username = request.POST.get('username', '')
        password = request.POST.get('password', '')
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
        groups = request.POST.getlist('groups', [])
        ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
        is_active = True if request.POST.get('is_active', '1') == '1' else False
        ldap_pwd = gen_rand_pwd(16)
        try:
            if '' in [username, password, ssh_key_pwd, name, groups, is_active]:
                error = u'带*内容不能为空'
                raise AddError
            user = User.objects.filter(username=username)
            if user:
                error = u'用户 %s 已存在' % username
                raise AddError
        except AddError:
            pass
        else:
            try:
                db_add_user(username=username,
                            password=md5_crypt(password),
                            name=name, email=email, dept=dept,
                            groups=groups, role='CU',
                            ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
                            ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
                            is_active=is_active,
                            date_joined=datetime.datetime.now())
                server_add_user(username, password, ssh_key_pwd)
                if LDAP_ENABLE:
                    ldap_add_user(username, ldap_pwd)
                msg = u'添加用户 %s 成功！' % username
            except Exception, e:
                error = u'添加用户 %s 失败 %s ' % (username, e)
                try:
                    db_del_user(username)
                    server_del_user(username)
                    if LDAP_ENABLE:
                        ldap_del_user(username)
                except Exception:
                    pass
    return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_super_user
 def user_list(request):
    user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
--- a/templates/jperm/perm_list.html
+++ b/templates/jperm/perm_list.html
@ -65,8 +65,6 @@
                                <td class="text-center"> {{ group.id | ugrp_perm_asset_count }} </td>
                                <td class="text-center"> {{ group.comment }} </td>
                                <td class="text-center">
                                    <a href="../perm_edit/?id={{ group.id }}" class="btn btn-xs btn-primary">主机组</a>
                                    <a href="../perm_edit/?id={{ group.id }}" class="btn btn-xs btn-info">主机</a>
                                    <a href="../perm_edit/?id={{ group.id }}" class="btn btn-xs btn-danger">授权编辑</a>
                                </td>
                            </tr>
--- a/templates/jperm/sudo_cmd_add.html
+++ b/templates/jperm/sudo_cmd_add.html
@ -57,6 +57,19 @@
                                    <input id="cmd_group_id" name="cmd_group_id"  type="text" class="form-control" value="{{ cmd_group_id }}" style="display: none">
                                </div>
                            </div>
                            {% ifequal session_role_id 2 %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="dept_id" class="col-sm-2 control-label">部门<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">
                                    <select id="dept_id" name="dept_id" class="form-control m-b">
                                        {% for dept in dept_all %}
                                            <option value="{{ dept.id }}" selected>{{ dept.name }}</option>
                                        {% endfor %}
                                    </select>
                                </div>
                            </div>
                            {% endifequal %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="group_type" class="col-sm-2 control-label">命令<span class="red-fonts">*</span></label>
--- a/templates/juser/user_add.html
+++ b/templates/juser/user_add.html
@ -69,6 +69,7 @@
                                    <input id="name" name="name" placeholder="Name" type="text" class="form-control" {% if error %}value="{{ name }}" {% endif %} >
                                </div>
                            </div>
                            {% ifequal session_role_id 2 %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="dept_id" class="col-lg-2 control-label">部门<span class="red-fonts">*</span></label>
@ -80,6 +81,7 @@
                                    </select>
                                </div>
                            </div>
                            {% endifequal %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="groups" class="col-lg-2 control-label">小组</label>
@ -95,6 +97,7 @@
                                    </select>
                                </div>
                            </div>
                            {% ifequal session_role_id 2 %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="role" class="col-lg-2 control-label">角色<span class="red-fonts">*</span></label>
@ -110,6 +113,7 @@
                                    </select>
                                </div>
                            </div>
                            {% endifequal %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="email" class="col-sm-2 control-label">Email<span class="red-fonts">*</span></label>
--- a/templates/nav.html
+++ b/templates/nav.html
@ -50,21 +50,16 @@
                    </li>
                </ul>
            </li>
 {#            <li id="jlog">#}
 {#                <a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>#}
 {#                <ul class="nav nav-second-level">#}
 {#                    <li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>#}
 {#                    <li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>#}
 {#                </ul>#}
 {#            </li>#}
            <li id="jlog">
-                <a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>
+               <a href="/jlog/log_list/online/"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="label label-info pull-right"></span></a>
                <ul class="nav nav-second-level">
                    <li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>
                    <li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>
                </ul>
            </li>
            <li>
                <a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a>
                <ul class="nav nav-second-level">
                    <li><a href="/file/upload/">文件上传</a></li>
                    <li><a href="/file/download/">文件下载</a></li>
                </ul>
            </li>
            <li class="special_link">
                <a href="http://www.jumpserver.org" target="_blank"><i class="fa fa-database"></i> <span class="nav-label">访问官网</span></a>
            </li>
@ -120,18 +115,7 @@
                </ul>
            </li>
            <li id="jlog">
-                <a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>
+               <a href="/jlog/log_list/online/"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="label label-info pull-right"></span></a>
                <ul class="nav nav-second-level">
                    <li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>
                    <li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>
                </ul>
            </li>
            <li>
                <a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a>
                <ul class="nav nav-second-level">
                    <li><a href="/file/upload/">文件上传</a></li>
                    <li><a href="/file/download/">文件下载</a></li>
                </ul>
            </li>
            <li class="special_link">
@ -150,27 +134,19 @@
            <li>
               <a href="/"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span><span class="label label-info pull-right"></span></a>
            </li>
-            <li id="juser">
+            <li>
-                <a href="#"><i class="fa fa-rebel"></i> <span class="nav-label">用户管理</span><span class="fa arrow"></span></a>
+               <a href="/"><i class="fa fa-rebel"></i> <span class="nav-label">个人信息</span><span class="label label-info pull-right"></span></a>
                <ul class="nav nav-second-level">
                    <li id="user_list"><a href="/juser/user_list/">查看用户<span class="label {% ifequal user_active_num user_total_num %}label-primary {% else %}label-warning {% endifequal %}pull-right">{{ user_active_num }}/{{ user_total_num }}</span></a></li>
                </ul>
            </li>
-            <li id="jasset">
+            <li>
-                <a><i class="fa fa-cube"></i> <span class="nav-label">资产管理</span><span class="fa arrow"></span></a>
+               <a href="/"><i class="fa fa-cube"></i> <span class="nav-label">查看主机</span><span class="label label-info pull-right"></span></a>
                <ul class="nav nav-second-level">
                    <li class="host_list"><a href="/jasset/host_list/">查看资产&nbsp&nbsp</span><span class="label label-info pull-right">16/18</span></a></li>
                    <li class="jgroup_list group_detail"><a href="/jasset/jgroup_list/">查看主机组</a></li>
                    <li class="idc_list idc_detail"><a href="/jasset/idc_list/">查看IDC</a></li>
                </ul>
            </li>
-            <li id="jlog">
+            <li>
-                <a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>
+               <a href="/"><i class="fa fa-cube"></i> <span class="nav-label">申请主机</span><span class="label label-info pull-right"></span></a>
                <ul class="nav nav-second-level">
                    <li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>
                    <li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>
                </ul>
            </li>
            <li>
               <a href="/"><i class="fa fa-files-o"></i> <span class="nav-label">登录历史</span><span class="label label-info pull-right"></span></a>
            </li>
            <li>
                <a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a>
                <ul class="nav nav-second-level">
@ -178,6 +154,9 @@
                    <li><a href="/file/download/">文件下载</a></li>
                </ul>
            </li>
            <li>
               <a href="/"><i class="fa fa-files-o"></i> <span class="nav-label">使用说明</span><span class="label label-info pull-right"></span></a>
            </li>
            <li class="special_link">
                <a href="http://www.jumpserver.org" target="_blank"><i class="fa fa-database"></i> <span class="nav-label">访问官网</span></a>