github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Finish permission create and list

pull/530/head
ibuler 2016-09-11 22:45:24 +08:00
parent f558ded5bb
commit 6d736d7309
10 changed files with 109 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/assets/migrations/0001_initial.py
View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Generated by Django 1.10 on 2016-09-10 16:40 # Generated by Django 1.10 on 2016-09-11 09:22
from __future__ import unicode_literals from __future__ import unicode_literals
from django.db import migrations, models from django.db import migrations, models

24
apps/perms/forms.py
View File

@ -4,23 +4,33 @@ from __future__ import absolute_import, unicode_literals
from django import forms from django import forms
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from .hands import User, UserGroup, Asset, AssetGroup, SystemUser # from .hands import User, UserGroup, Asset, AssetGroup, SystemUser
from .models import PermUserAsset from .models import AssetPermission
class PermUserAssetForm(forms.ModelForm): class AssetPermissionForm(forms.ModelForm):
class Meta: class Meta:
model = PermUserAsset model = AssetPermission
fields = [ fields = [
'user', 'action', 'assets', 'asset_groups', 'system_users', 'date_expired', 'comment' 'name', 'users', 'user_groups', 'assets', 'asset_groups',
'system_users', 'action', 'is_active', 'date_expired', 'comment',
] ]
widgets = { widgets = {
'user': forms.HiddenInput(attrs={'style': 'display: none'}), 'users': forms.SelectMultiple(attrs={'class': 'select2',
'data-placeholder': _('Select users')}),
'user_groups': forms.SelectMultiple(attrs={'class': 'select2',
'data-placeholder': _('Select user groups')}),
'assets': forms.SelectMultiple(attrs={'class': 'select2', 'assets': forms.SelectMultiple(attrs={'class': 'select2',
'data-placeholder': _('Select assets')}), 'data-placeholder': _('Select assets')}),
'asset_groups': forms.SelectMultiple(attrs={'class': 'select2', 'asset_groups': forms.SelectMultiple(attrs={'class': 'select2',
'data-placeholder': _('Select asset groups')}), 'data-placeholder': _('Select asset groups')}),
'system_users': forms.SelectMultiple(attrs={'class': 'select2', 'system_users': forms.SelectMultiple(attrs={'class': 'select2',
'data-placeholder': _('Select system users')}), 'data-placeholder': _('Select system users')}),
}
help_texts = {
'name': '* required',
'user_groups': '* User or user group at least one required',
'asset_groups': '* Asset or Asset group at least one required',
'system_users': '* required',
} }

62
apps/perms/models.py
View File

@ -9,70 +9,34 @@ from assets.models import Asset, AssetGroup, SystemUser
from common.utils import date_expired_default from common.utils import date_expired_default
class PermUserAsset(models.Model): class AssetPermission(models.Model):
ACTION_CHOICE = ( ACTION_CHOICE = (
('1', 'Allow'), ('1', 'Allow'),
('0', 'Deny'), ('0', 'Deny'),
) )
user = models.ForeignKey(User, on_delete=models.CASCADE) name = models.CharField(max_length=128, verbose_name=_('Name'))
users = models.ManyToManyField(User, related_name='asset_permissions')
user_groups = models.ManyToManyField(UserGroup, related_name='asset_permissions')
assets = models.ManyToManyField(Asset, related_name='granted_by_permissions', blank=True)
asset_groups = models.ManyToManyField(AssetGroup, related_name='granted_by_permissions', blank=True)
system_users = models.ManyToManyField(SystemUser, related_name='granted_by_permissions')
action = models.CharField(choices=ACTION_CHOICE, max_length=8, default='1') action = models.CharField(choices=ACTION_CHOICE, max_length=8, default='1')
assets = models.ManyToManyField(Asset, blank=True) is_active = models.BooleanField(default=True)
asset_groups = models.ManyToManyField(AssetGroup, blank=True)
system_users = models.ManyToManyField(SystemUser, blank=True)
date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_('Date expired')) date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_('Date expired'))
created_by = models.CharField(max_length=128, blank=True) created_by = models.CharField(max_length=128, blank=True)
date_created = models.DateTimeField(auto_now=True) date_created = models.DateTimeField(auto_now=True)
comment = models.TextField(verbose_name=_('Comment'), blank=True) comment = models.TextField(verbose_name=_('Comment'), blank=True)
def __unicode__(self): def __unicode__(self):
return '%(id)s: %(user)s %(action)s' % { return '%(name)s: %(action)s' % {'name': self.name, 'action': self.action}
'id': self.id,
'user': self.user.username,
'action': self.action,
}
@property @property
def is_expired(self): def is_valid(self):
if self.date_expired > timezone.now(): if self.date_expired < timezone.now() and is_active:
return False
else:
return True return True
return True
class Meta: class Meta:
db_table = 'perm_user_asset' db_table = 'asset_permission'
class PermUserGroupAsset(models.Model):
ACTION_CHOICES = (
('0', 'Deny'),
('1', 'Allow'),
)
user_group = models.ForeignKey(User, on_delete=models.CASCADE)
action = models.CharField(choices=ACTION_CHOICES, max_length=8, default='1')
assets = models.ManyToManyField(Asset, blank=True)
asset_groups = models.ManyToManyField(AssetGroup, blank=True)
system_users = models.ManyToManyField(SystemUser, blank=True)
date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_('Date expired'))
created_by = models.CharField(max_length=128)
date_created = models.DateTimeField(auto_now=True)
comment = models.TextField(verbose_name=_('Comment'))
def __unicode__(self):
return '%(id)s: %(user)s %(action)s' % {
'id': self.id,
'user': self.user_group.name,
'action': self.action,
}
@property
def is_expired(self):
if self.date_expired > timezone.now():
return False
else:
return True
class Meta:
db_table = 'perm_user_group_asset'

24
apps/perms/templates/perms/perm_user_asset_create.html → apps/perms/templates/perms/asset_permission_create.html
View File

@ -14,7 +14,7 @@
<div class="col-sm-12"> <div class="col-sm-12">
<div class="ibox float-e-margins"> <div class="ibox float-e-margins">
<div class="ibox-title"> <div class="ibox-title">
<h5>{% trans 'Create asset perm for ' %}<b>{{ user.name }}</b></h5> <h5>{% trans 'Create asset permission ' %}</h5>
<div class="ibox-tools"> <div class="ibox-tools">
<a class="collapse-link"> <a class="collapse-link">
<i class="fa fa-chevron-up"></i> <i class="fa fa-chevron-up"></i>
@ -28,13 +28,29 @@
</div> </div>
</div> </div>
<div class="ibox-content"> <div class="ibox-content">
<form enctype="multipart/form-data" method="post" class="form-horizontal" action="" > <form method="post" class="form-horizontal" action="" >
{% csrf_token %} {% csrf_token %}
<input name="{{ form.user.html_name }}" hidden="hidden" style="display: none" value="{{ user.id }}"> <h3>{% trans 'Name' %}</h3>
{{ form.action|bootstrap_horizontal }} {{ form.name|bootstrap_horizontal }}
<div class="hr-line-dashed"></div>
<h3>{% trans 'User' %}</h3>
{{ form.users|bootstrap_horizontal }}
{{ form.user_groups|bootstrap_horizontal }}
<div class="hr-line-dashed"></div>
<h3>{% trans 'Asset' %}</h3>
{{ form.assets|bootstrap_horizontal }} {{ form.assets|bootstrap_horizontal }}
{{ form.asset_groups|bootstrap_horizontal }} {{ form.asset_groups|bootstrap_horizontal }}
{{ form.system_users |bootstrap_horizontal }} {{ form.system_users |bootstrap_horizontal }}
<div class="hr-line-dashed"></div>
<h3>{% trans 'Other' %}</h3>
{{ form.action|bootstrap_horizontal }}
<div class="form-group">
<label for="{{ form.is_active.id_for_label }}" class="col-sm-2 control-label">{% trans 'Active' %}</label>
<div class="col-sm-8">
{{ form.is_active }}
</div>
</div>
<div class="form-group {% if form.date_expired.errors %} has-error {% endif %}" id="date_5"> <div class="form-group {% if form.date_expired.errors %} has-error {% endif %}" id="date_5">
<label for="{{ form.date_expired.id_for_label }}" class="col-sm-2 control-label">{{ form.date_expired.label }}</label> <label for="{{ form.date_expired.id_for_label }}" class="col-sm-2 control-label">{{ form.date_expired.label }}</label>

28
apps/perms/templates/perms/user_asset_permission_list.html → apps/perms/templates/perms/asset_permission_list.html
View File

@ -2,41 +2,49 @@
{% load i18n %} {% load i18n %}
{% load common_tags %} {% load common_tags %}
{% block content_left_head %} {% block content_left_head %}
<a href="{% url 'users:user-create' %}" class="btn btn-sm btn-primary "> {% trans "Batch create perm " %} </a> <a href="{% url 'perms:asset-permission-create' %}" class="btn btn-sm btn-primary "> {% trans "Create permission" %} </a>
{% endblock %} {% endblock %}
{% block table_head %} {% block table_head %}
<th class="text-center"> <th class="text-center">
<input type="checkbox" id="check_all" onclick="checkAll('check_all', 'checked')"> <input type="checkbox" id="check_all" onclick="checkAll('check_all', 'checked')">
</th> </th>
<th class="text-center"><a href="{% url 'perms:user-permission-list' %}?sort=name">{% trans 'Name' %}</a></th> <th class="text-center"><a href="{% url 'perms:asset-permission-list' %}?sort=name">{% trans 'Name' %}</a></th>
<th class="text-center"><a href="{% url 'perms:user-permission-list' %}?sort=username">{% trans 'Username' %}</a></th> <th class="text-center">{% trans 'User count' %}</th>
<th class="text-center">{% trans 'User group count' %}</th>
<th class="text-center">{% trans 'Asset count' %}</th> <th class="text-center">{% trans 'Asset count' %}</th>
<th class="text-center">{% trans 'Asset group count' %}</th> <th class="text-center">{% trans 'Asset group count' %}</th>
<th class="text-center">{% trans 'System user count' %}</th> <th class="text-center">{% trans 'System user count' %}</th>
<th class="text-center"><a href="{% url 'users:user-list' %}?sort=date_expired">{% trans 'Is expired' %}</a></th> <th class="text-center"><a href="{% url 'users:user-list' %}?sort=date_expired">{% trans 'Is valid' %}</a></th>
<th class="text-center"></th> <th class="text-center"></th>
{% endblock %} {% endblock %}
{% block table_body %} {% block table_body %}
{% for permission in user_permission_list %} {% for permission in asset_permission_list %}
<tr class="gradeX"> <tr class="gradeX">
<td class="text-center"> <td class="text-center">
<input type="checkbox" name="checked" value="{{ permission.id }}"> <input type="checkbox" name="checked" value="{{ permission.id }}">
</td> </td>
<td class="text-center"> <td class="text-center">
<a href=""> <a href="">
{{ permission.user.name }} {{ permission.name }}
</a> </a>
</td> </td>
<td class="text-center">{{ permission.user.username }}</td> <td class="text-center">{{ permission.users.count}}</td>
<td class="text-center">{{ permission.user_groups.count}}</td>
<td class="text-center">{{ permission.assets.count }}</td> <td class="text-center">{{ permission.assets.count }}</td>
<td class="text-center">{{ permission.asset_groups.count }}</td> <td class="text-center">{{ permission.asset_groups.count }}</td>
<td class="text-center">{{ permission.system_users.count }}</td> <td class="text-center">{{ permission.system_users.count }}</td>
<td class="text-center">{{ permission.is_expired }}</td>
<td class="text-center"> <td class="text-center">
<a href="{% url 'perms:user-asset-permission-create' pk=user.id %}" class="btn btn-xs btn-info">{% trans 'Create perm' %}</a> {% if permission.is_valid %}
<a href="{% url 'users:user-delete' pk=user.id %}" class="btn btn-xs btn-danger del {% if user.id == request.user.id or user.username == 'admin' %} disabled {% endif %}">{% trans 'Flush' %}</a> <i class="fa fa-check text-navy"></i>
{% else %}
<i class="fa fa-times text-danger"></i>
{% endif %}
</td>
<td class="text-center">
<a href="" class="btn btn-xs btn-info">{% trans 'Update' %}</a>
<a href="" class="btn btn-xs btn-danger del">{% trans 'Delete' %}</a>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}

12
apps/perms/urls.py
View File

@ -6,15 +6,7 @@ import views
app_name = 'perms' app_name = 'perms'
urlpatterns = [ urlpatterns = [
# Resource asset url url(r'^asset-permission$', views.UserAssetPermissionListView.as_view(), name='asset-permission-list'),
url(r'^user$', views.PermUserListView.as_view(), name='perm-user-list'), url(r'^asset-permission/create$', views.UserAssetPermissionCreateView.as_view(), name='asset-permission-create'),
url(r'^user/(?P<pk>[0-9]+)/perm-asset/$', views.PermUserAssetListView.as_view(), name='perm-user-asset-list'),
url(r'^user/(?P<pk>[0-9]+)/perm-asset/create$', views.PermUserAssetCreateView.as_view(),
name='perm-user-asset-create'),
# url(r'^user/(?P<user>[0-9]+)$', views.AssetListView.as_view(), name='asset-list'),
# url(r'^asset/create$', views.AssetCreateView.as_view(), name='asset-create'),
# url(r'^asset/(?P<pk>[0-9]+)$', views.AssetDetailView.as_view(), name='asset-detail'),
# url(r'^asset/(?P<pk>[0-9]+)/update', views.AssetUpdateView.as_view(), name='asset-update'),
# url(r'^asset/(?P<pk>[0-9]+)/delete$', views.AssetDeleteView.as_view(), name='asset-delete'),
] ]

85
apps/perms/views.py
View File

@ -12,33 +12,40 @@ from django.contrib.messages.views import SuccessMessageMixin
from django.views.generic.detail import DetailView, SingleObjectMixin from django.views.generic.detail import DetailView, SingleObjectMixin
from .hands import AdminUserRequiredMixin, User, UserGroup from .hands import AdminUserRequiredMixin, User, UserGroup
from .models import PermUserAsset, PermUserGroupAsset from .models import AssetPermission
from .forms import PermUserAssetForm from .forms import AssetPermissionForm
class PermUserListView(AdminUserRequiredMixin, ListView): class UserAssetPermissionListView(AdminUserRequiredMixin, ListView):
model = User model = AssetPermission
paginate_by = settings.CONFIG.DISPLAY_PER_PAGE paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
context_object_name = 'user_list' context_object_name = 'asset_permission_list'
template_name = 'perms/perm_user_list.html' template_name = 'perms/asset_permission_list.html'
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = { context = {
'app': _('Perms'), 'app': _('Perms'),
'action': _('Perms user list'), 'action': _('Asset permission list'),
'keyword': self.request.GET.get('keyword', '') 'keyword': self.request.GET.get('keyword', '')
} }
kwargs.update(context) kwargs.update(context)
return super(PermUserListView, self).get_context_data(**kwargs) return super(UserAssetPermissionListView, self).get_context_data(**kwargs)
def get_queryset(self): def get_queryset(self):
# Todo: Default order by lose asset connection num # Todo: Default order by lose asset connection num
self.queryset = super(PermUserListView, self).get_queryset() self.queryset = super(UserAssetPermissionListView, self).get_queryset()
self.keyword = keyword = self.request.GET.get('keyword', '') self.keyword = keyword = self.request.GET.get('keyword', '')
self.sort = sort = self.request.GET.get('sort', '-date_joined') self.sort = sort = self.request.GET.get('sort', '-date_created')
if keyword: if keyword:
self.queryset = self.queryset.filter(Q(name__icontains=keyword) | self.queryset = self.queryset.filter(Q(users__name__icontains=keyword) |
Q(users__username__icontains=keyword) |
Q(user_groups__name__icontains=keyword) |
Q(assets__ip__icontains=keyword) |
Q(assets__hostname__icontains=keyword) |
Q(system_users__username_icontains=keyword) |
Q(system_users__name_icontains=keyword) |
Q(asset_groups__name__icontains=keyword) |
Q(comment__icontains=keyword)) Q(comment__icontains=keyword))
if sort: if sort:
@ -46,57 +53,25 @@ class PermUserListView(AdminUserRequiredMixin, ListView):
return self.queryset return self.queryset
class PermUserAssetListView(AdminUserRequiredMixin, SingleObjectMixin, ListView): class UserAssetPermissionCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
paginate_by = settings.CONFIG.DISPLAY_PER_PAGE model = AssetPermission
context_object_name = 'perm_user_asset_list' form_class = AssetPermissionForm
template_name = 'perms/perm_user_asset_list.html' template_name = 'perms/asset_permission_create.html'
model = User success_url = reverse_lazy('perms:asset-permission-list')
success_message = _('Create asset <a href="%s"> %s </a> perm successfully.')
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=User.objects.all())
return super(PermUserAssetListView, self).get(request, *args, **kwargs)
def get_context_data(self, **kwargs):
context = {
'app': _('Assets'),
'action': _('User perm asset list'),
'keyword': self.request.GET.get('keyword', '')
}
kwargs.update(context)
return super(PermUserAssetListView, self).get_context_data(**kwargs)
def get_queryset(self):
self.queryset = self.object.permuserasset_set.all()
return self.queryset
class PermUserAssetCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
model = PermUserAsset
form_class = PermUserAssetForm
template_name = 'perms/perm_user_asset_create_update.html'
success_url = reverse_lazy('perms:perm-user-list')
success_message = _('Create user asset perm <a href="%s">%s</a> successfully.')
def get_initial(self):
return {'user': self.get_object(queryset=User.objects.all())}
def form_invalid(self, form):
print(form.errors)
return super(PermUserAssetCreateView, self).form_invalid(form)
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = { context = {
'app': _('Perms'), 'app': _('Perms'),
'action': _('Create user asset perm'), 'action': _('Create asset permission'),
'user': self.get_object(queryset=User.objects.all()),
} }
kwargs.update(context) kwargs.update(context)
return super(PermUserAssetCreateView, self).get_context_data(**kwargs) return super(UserAssetPermissionCreateView, self).get_context_data(**kwargs)
def get_success_message(self, cleaned_data): # def get_success_message(self, cleaned_data):
return self.success_message % ( # return self.success_message % (
reverse_lazy('perms:perm-user-asset-list', kwargs={'pk': self.object.user.id}) # reverse_lazy('perms:asset-permission-list', kwargs={'pk': self.object.pk})
) # )
# class PermUserAssetUpdateView(AdminUserRequiredMixin, UpdateView): # class PermUserAssetUpdateView(AdminUserRequiredMixin, UpdateView):

12
apps/templates/_nav.html
View File

@ -26,15 +26,15 @@
<li id=""><a href="">{% trans 'Label' %}</a></li> <li id=""><a href="">{% trans 'Label' %}</a></li>
</ul> </ul>
</li> </li>
<li id=""> <li id="perms">
<a href="#"><i class="fa fa-edit"></i> <span class="nav-label">{% trans 'Perms' %}</span><span class="fa arrow"></span></a> <a href="#"><i class="fa fa-edit"></i> <span class="nav-label">{% trans 'Perms' %}</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level"> <ul class="nav nav-second-level">
<li id="sudo"> <li id="asset-permission">
<a class="sudo" href="{% url 'perms:perm-user-list' %}">{% trans 'User perm' %}</a> <a href="{% url 'perms:asset-permission-list' %}">{% trans 'Asset permission' %}</a>
</li>
<li id="role">
<a href="">{% trans 'User group perm' %}</a>
</li> </li>
{# <li id="user-group">#}
{# <a href="">{% trans 'User group perm' %}</a>#}
{# </li>#}
</ul> </ul>
</li> </li>
<li id=""> <li id="">

2
apps/users/models.py
View File

@ -32,7 +32,7 @@ class UserGroup(models.Model):
return False return False
class Meta: class Meta:
db_table = 'user-group' db_table = 'user_group'
@classmethod @classmethod
def initial(cls): def initial(cls):

2
apps/users/views.py
View File

@ -84,7 +84,7 @@ class UserListView(AdminUserRequiredMixin, ListView):
model = User model = User
paginate_by = settings.CONFIG.DISPLAY_PER_PAGE paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
context_object_name = 'user_list' context_object_name = 'user_list'
template_name = 'users/user_list.html' template_name = 'users/asset_permission_list.html'
ordering = '-date_joined' ordering = '-date_joined'
def get_queryset(self): def get_queryset(self):