github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

添加sudo权限删除,修改和详情

pull/6/head
guanghongwei 2015-02-10 00:21:08 +08:00
parent d7de3edcf4
commit 8a5e494cfe
6 changed files with 408 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jperm/models.py
View File

@ -19,6 +19,7 @@ class CmdGroup(models.Model):
class SudoPerm(models.Model):
name = models.CharField(max_length=20)
user_runas = models.CharField(max_length=100)
user_group = models.ManyToManyField(UserGroup)
asset_group = models.ManyToManyField(BisGroup)
cmd_group = models.ManyToManyField(CmdGroup)

3
jperm/urls.py
View File

@ -14,6 +14,9 @@ urlpatterns = patterns('jperm.views',
(r'^perm_asset_detail/$', 'perm_asset_detail'),
(r'^sudo_list/$', 'sudo_list'),
(r'^sudo_add/$', 'sudo_add'),
(r'^sudo_del/$', 'sudo_del'),
(r'^sudo_edit/$', 'sudo_edit'),
(r'^sudo_detail/$', 'sudo_detail'),
(r'^cmd_add/$', 'cmd_add'),
(r'^cmd_list/$', 'cmd_list'),
)

122
jperm/views.py
View File

@ -163,28 +163,41 @@ def user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_group
return user_groups_select_list, asset_groups_select_list, cmd_groups_select_list
def sudo_db_add(user_groups_select, asset_groups_select, cmd_groups_select, comment):
def sudo_db_add(name, user_runas , user_groups_select, asset_groups_select, cmd_groups_select, comment):
user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
sudo_perm = SudoPerm(comment=comment)
sudo_perm = SudoPerm(name=name, user_runas=user_runas, comment=comment)
sudo_perm.save()
sudo_perm.user_group = user_groups_select_list
sudo_perm.asset_group = asset_groups_select_list
sudo_perm.cmd_group = cmd_groups_select_list
def sudo_db_update(sudo_perm_id, name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment):
user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id)
if sudo_perm:
sudo_perm.update(name=name, user_runas=user_runas, comment=comment)
sudo_perm = sudo_perm[0]
sudo_perm.user_group = user_groups_select_list
sudo_perm.asset_group = asset_groups_select_list
sudo_perm.cmd_group = cmd_groups_select_list
def unicode2str(unicode_list):
return [str(i) for i in unicode_list]
def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select):
def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=False):
user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
users = []
assets = []
cmds = []
users_runas = users_runas.split(',')
for user_group in user_groups_select_list:
users.extend(user_group.user_set.all())
@ -195,7 +208,7 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm
for cmd_group in cmd_groups_select_list:
cmds.extend(cmd_group.cmd.split(','))
users_name = [user.name for user in users]
users_name = [user.username for user in users]
assets_ip = [asset.ip for asset in assets]
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN)
@ -207,6 +220,9 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm
'sudoRunAsUser': unicode2str(users_runas),
'sudoUser': unicode2str(users_name)}
if update:
ldap_conn.delete(sudo_dn)
ldap_conn.add(sudo_dn, sudo_attr)
@ -218,13 +234,13 @@ def sudo_add(request):
if request.method == 'POST':
name = request.POST.get('name')
users_runas = request.POST.get('runas', 'root').split(',')
users_runas = request.POST.get('runas', 'root')
user_groups_select = request.POST.getlist('user_groups_select')
asset_groups_select = request.POST.getlist('asset_groups_select')
cmd_groups_select = request.POST.getlist('cmd_groups_select')
comment = request.POST.get('comment', '')
sudo_db_add(user_groups_select, asset_groups_select, cmd_groups_select, comment)
sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment)
sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select)
msg = '添加成功'
@ -233,23 +249,101 @@ def sudo_add(request):
def sudo_list(request):
header_title, path1, path2 = u'Sudo授权 | Perm Sudo Detail.', u'jperm', u'sudo_list'
sudo_perms = contact_list2 = SudoPerm.objects.all()
p2 = paginator2 = Paginator(contact_list2, 10)
sudo_perms = contact_list = SudoPerm.objects.all()
p1 = paginator1 = Paginator(contact_list, 10)
user_groups = UserGroup.objects.filter(Q(type='A') | Q(type='P'))
asset_groups = BisGroup.objects.all()
cmd_groups = CmdGroup.objects.all()
try:
page = int(request.GET.get('page', '1'))
except ValueError:
page = 1
try:
contacts2 = paginator2.page(page)
page1 = int(request.GET.get('page', '1'))
except ValueError:
page1 = 1
try:
contacts1 = paginator1.page(page1)
except (EmptyPage, InvalidPage):
contacts2 = paginator2.page(paginator2.num_pages)
contacts1 = paginator1.page(paginator1.num_pages)
return render_to_response('jperm/sudo_list.html', locals())
def sudo_edit(request):
header_title, path1, path2 = u'Sudo授权 | Perm Sudo Detail.', u'jperm', u'sudo_list'
if request.method == 'GET':
sudo_perm_id = request.GET.get('id', '0')
sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id))
if sudo_perm:
user_group_all = UserGroup.objects.filter(Q(type='A') | Q(type='P'))
asset_group_all = BisGroup.objects.filter()
cmd_group_all = CmdGroup.objects.all()
sudo_perm = sudo_perm[0]
user_group_permed = sudo_perm.user_group.all()
asset_group_permed = sudo_perm.asset_group.all()
cmd_group_permed = sudo_perm.cmd_group.all()
user_groups = [user_group for user_group in user_group_all if user_group not in user_group_permed]
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
cmd_groups = [cmd_group for cmd_group in cmd_group_all if cmd_group not in cmd_group_permed]
name = sudo_perm.name
user_runas = sudo_perm.user_runas
comment = sudo_perm.comment
else:
sudo_perm_id = request.POST.get('sudo_perm_id')
name = request.POST.get('name')
users_runas = request.POST.get('runas', 'root')
user_groups_select = request.POST.getlist('user_groups_select')
asset_groups_select = request.POST.getlist('asset_groups_select')
cmd_groups_select = request.POST.getlist('cmd_groups_select')
comment = request.POST.get('comment', '')
sudo_db_update(sudo_perm_id, name, users_runas, user_groups_select,
asset_groups_select, cmd_groups_select, comment)
sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=True)
msg = '修改成功'
return HttpResponseRedirect('/jperm/sudo_list/')
return render_to_response('jperm/sudo_edit.html', locals())
def sudo_detail(request):
sudo_perm_id = request.GET.get('id')
sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id)
if sudo_perm:
sudo_perm = sudo_perm[0]
user_groups = sudo_perm.user_group.all()
asset_groups = sudo_perm.asset_group.all()
cmd_groups = sudo_perm.cmd_group.all()
users_list = []
assets_list = []
cmds_list = []
for user_group in user_groups:
users_list.extend(user_group.user_set.all())
for asset_group in asset_groups:
assets_list.extend(asset_group.asset_set.all())
for cmd_group in cmd_groups:
cmds_list.extend(cmd_group.cmd.split(','))
return render_to_response('jperm/sudo_detail.html', locals())
def sudo_del(request):
sudo_perm_id = request.GET.get('id', '0')
sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id))
if sudo_perm:
name = sudo_perm[0].name
sudo_perm.delete()
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN)
ldap_conn.delete(sudo_dn)
return HttpResponseRedirect('/jperm/sudo_list/')
def cmd_add(request):
header_title, path1, path2 = u'sudo命令添加 | Sudo Cmd Add.', u'jperm', u'sudo_cmd_add'

38
templates/jperm/sudo_detail.html Normal file
View File

@ -0,0 +1,38 @@
{% extends 'base.html' %}
{% load mytags %}
{% block content %}
{% include 'nav_cat_bar.html' %}
<div class="wrapper wrapper-content animated fadeInRight">
<div class="row">
<div class="col-lg-10">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5>详情 {{ user.name }} <small> Add perm info.</small></h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li><a href="#">未启用 1</a>
</li>
<li><a href="#">未启用 2</a>
</li>
</ul>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
{{ }}
</div>
</div>
</div>
</div>
</div>
{% endblock %}

184
templates/jperm/sudo_edit.html Normal file
View File

@ -0,0 +1,184 @@
{% extends 'base.html' %}
{% load mytags %}
{% block content %}
{% include 'nav_cat_bar.html' %}
<div class="wrapper wrapper-content animated fadeInRight">
<div class="row">
<div class="col-lg-10">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5> Sudo授权 <small> show sudo perm info.</small> </h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li><a href="#">未启用 1</a>
</li>
<li><a href="#">未启用 2</a>
</li>
</ul>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<form id="sudoPerm" method="post" class="form-horizontal" action="">
{% if error %}
<div class="alert alert-warning text-center">{{ error }}</div>
{% endif %}
{% if msg %}
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="row">
<div class="form-group">
<label for="name" class="col-sm-2 control-label">授权名</label>
<div class="col-sm-8">
<input id="name" name="name" placeholder="OnlyForEnglish" type="text" class="form-control" value="{{ name }}">
<input id="sudo_perm_id" name="sudo_perm_id" type="text" class="form-control" value="{{ sudo_perm_id }}">
<span class="help-block m-b-none">取个名字方便辨识,只支持英文</span>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="runas" class="col-sm-2 control-label">RunAsUser</label>
<div class="col-sm-8">
<input id="runas" name="runas" placeholder="RunAsUser" type="text" class="form-control" value="{{ user_runas }}">
<span class="help-block m-b-none">
允许以哪个用户允许sudo,逗号分隔,默认root
</span>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="" class="col-sm-2 control-label">用户组</label>
<div class="col-sm-4">
<div>
<select id="user_groups" name="user_groups" class="form-control" size="5" multiple>
{% for user_group in user_groups %}
<option value="{{ user_group.id }}">{{ user_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 12px;">
<button type="button" class="btn btn-white" onclick="move('user_groups', 'user_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('user_groups_select', 'user_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-3">
<div>
<select id="user_groups_select" name="user_groups_select" class="form-control m-b" size="5" multiple>
{% for user_group in user_group_permed %}
<option value="{{ user_group.id }}">{{ user_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="" class="col-sm-2 control-label">主机组</label>
<div class="col-sm-4">
<div>
<select id="asset_groups" name="asset_groups" class="form-control m-b" size="5" multiple>
{% for asset_group in asset_groups %}
<option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 12px;">
<button type="button" class="btn btn-white" onclick="move('asset_groups', 'asset_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('asset_groups_select', 'asset_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-3">
<div>
<select id="asset_groups_select" name="asset_groups_select" class="form-control m-b" size="5" multiple>
{% for asset_group in asset_group_permed %}
<option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="" class="col-sm-2 control-label">命令组</label>
<div class="col-sm-4">
<div>
<select id="cmd_groups" name="cmd_groups" class="form-control m-b" size="5" multiple>
{% for cmd_group in cmd_groups %}
<option value="{{ cmd_group.id }}">{{ cmd_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 12px;">
<button type="button" class="btn btn-white" onclick="move('cmd_groups', 'cmd_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('cmd_groups_select', 'cmd_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-3">
<div>
<select id="cmd_groups_select" name="cmd_groups_select" class="form-control m-b" size="5" multiple>
{% for cmd_group in cmd_group_permed %}
<option value="{{ cmd_group.id }}">{{ cmd_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="group_name" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
<input id="comment" name="comment" placeholder="备注说明" type="text" class="form-control" value="{{ comment }}">
</div>
</div>
<div class="hr-line-dashed"></div>
</div>
<div class="row">
<div class="form-group">
<div class="col-sm-4 col-sm-offset-2">
<button class="btn btn-white" type="reset">取消</button>
<button class="btn btn-primary" type="submit" onclick="javascript: (function(){$('#sudoPerm option').each(function(){$(this).prop('selected', true)})})()">确认保存</button>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
{% endblock %}

168
templates/jperm/sudo_list.html
View File

@ -60,106 +60,86 @@
<div class="tab-content">
<div id="tab-1" class="tab-pane active">
<form id="sudoPerm" method="post" class="form-horizontal" action="">
{% if error %}
<div class="alert alert-warning text-center">{{ error }}</div>
{% endif %}
{% if msg %}
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="row">
<div class="col-sm-5"><h4>用户组</h4>
<div>
<select id="user_groups" name="user_groups" class="form-control" size="5" multiple>
{% for user_group in user_groups %}
<option value="{{ user_group.id }}">{{ user_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
<table class="table table-striped table-bordered table-hover " id="editable" >
<thead>
<tr>
<th class="text-center">授权名</th>
<th class="text-center">user_runas</th>
<th class="text-center">用户组</th>
<th class="text-center">主机组</th>
<th class="text-center">命令组</th>
<th class="text-center">备注</th>
</tr>
</thead>
<tbody id="perm_list">
{% for sudo_perm in contacts1.object_list %}
<tr class="gradeX">
<td class="text-center"> {{ sudo_perm.name }} </td>
<td class="text-center"> {{ sudo_perm.user_runas }} </td>
<td class="text-center">
{% for user_group in sudo_perm.user_group.all %}
{{ user_group.name }}
{% endfor %}
</td>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 50px;">
<button type="button" class="btn btn-white" onclick="move('user_groups', 'user_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('user_groups_select', 'user_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<td class="text-center">
{% for asset_group in sudo_perm.asset_group.all %}
{{ asset_group.name }}
{% endfor %}
</td>
<div class="col-sm-5"><h4>授权用户组</h4>
<div>
<select id="user_groups_select" name="user_groups_select" class="form-control m-b" size="5" multiple>
</select>
</div>
<td class="text-center">
{% for cmd_group in sudo_perm.cmd_group.all %}
{{ cmd_group.name }}
{% endfor %}
</td>
<td class="text-center">
<a title="[ {{ sudo_perm.name }} 授权详情 ]" href="../sudo_detail/?id={{ sudo_perm.id }}" class="iframe btn btn-xs btn-primary">详情</a>
<a href="../sudo_edit/?id={{ sudo_perm.id }}" class="btn btn-xs btn-info">编辑</a>
<a href="../sudo_del/?id={{ sudo_perm.id }}" class="btn btn-xs btn-danger">删除</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
<div class="row">
<div class="col-sm-6">
<div class="dataTables_info" id="editable_info" role="status" aria-live="polite">
Showing {{ contacts1.start_index }} to {{ contacts1.end_index }} of {{ p1.count }} entries
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="row">
<div class="col-sm-5"><h4>主机组</h4>
<div>
<select id="asset_groups" name="asset_groups" class="form-control m-b" size="5" multiple>
{% for asset_group in asset_groups %}
<option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
{% endfor %}
</select>
</div>
<div class="col-sm-6">
<div class="dataTables_paginate paging_simple_numbers" id="editable_paginate">
<ul class="pagination" style="margin-top: 0; float: right">
{% if contacts1.has_previous %}
<li class="paginate_button previous" aria-controls="editable" tabindex="0" id="editable_previous">
<a href="?page={{ contacts1.previous_page_number }}">Previous</a>
</li>
{% else %}
<li class="paginate_button previous disabled" aria-controls="editable" tabindex="0" id="editable_previous">
<a href="#">Previous</a>
</li>
{% endif %}
{% for page in p1.page_range %}
{% ifequal offset1 page %}
<li class="paginate_button active" aria-controls="editable" tabindex="0"><a href="?page={{ page }}" title="第{{ page }}页">{{ page }}</a></li>
{% else %}
<li class="paginate_button" aria-controls="editable" tabindex="0"><a href="?page={{ page }}" title="第{{ page }}页">{{ page }}</a></li>
{% endifequal %}
{% endfor %}
{% if contacts1.has_next %}
<li class="paginate_button next" aria-controls="editable" tabindex="0" id="editable_next">
<a href="?page={{ contacts1.next_page_number }}">Next</a>
</li>
{% else %}
<li class="paginate_button next disabled" aria-controls="editable" tabindex="0" id="editable_next">
<a href="#">Next</a>
</li>
{% endif %}
</ul>
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 50px;">
<button type="button" class="btn btn-white" onclick="move('asset_groups', 'asset_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('asset_groups_select', 'asset_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-5"><h4>授权主机组</h4>
<div>
<select id="asset_groups_select" name="asset_groups_select" class="form-control m-b" size="5" multiple>
</select>
</div>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="row">
<div class="col-sm-5"><h4>命令组</h4>
<div>
<select id="cmd_groups" name="cmd_groups" class="form-control m-b" size="5" multiple>
{% for cmd_group in cmd_groups %}
<option value="{{ cmd_group.id }}">{{ cmd_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 50px;">
<button type="button" class="btn btn-white" onclick="move('cmd_groups', 'cmd_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('cmd_groups_select', 'cmd_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-5"><h4>命令组</h4>
<div>
<select id="cmd_groups_select" name="cmd_groups_select" class="form-control m-b" size="5" multiple>
</select>
</div>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="row">
<div class="form-group">
<div class="col-sm-4 col-sm-offset-2">
<button class="btn btn-white" type="submit">取消</button>
<button class="btn btn-primary" type="submit" onclick="javascript: (function(){$('#sudoPerm option').each(function(){$(this).prop('selected', true)})})()">确认保存</button>
</div>
</div>
</div>
</form>
</div>
@ -179,7 +159,7 @@
<tr class="gradeX">
<td class="text-center"> {{ user.name }} </td>
<td class="text-center"> {{ user.id | get_role }} </td>
<td class="text-center"> {{ user.username | groups_str }} </td>
<td class="text-center"> {{ user.username }} </td>
<td class="text-center"> {{ user.id | perm_asset_count }} </td>
<td class="text-center">
<a title="[ {{ user.name }} ] 授权详情" href="../perm_asset_detail/?id={{ user.id }}" class="iframe btn btn-xs btn-primary">详情</a>