diff --git a/jperm/models.py b/jperm/models.py index 0f41c7d10..0f3390d1c 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -19,6 +19,7 @@ class CmdGroup(models.Model): class SudoPerm(models.Model): name = models.CharField(max_length=20) + user_runas = models.CharField(max_length=100) user_group = models.ManyToManyField(UserGroup) asset_group = models.ManyToManyField(BisGroup) cmd_group = models.ManyToManyField(CmdGroup) diff --git a/jperm/urls.py b/jperm/urls.py index 484818473..a59ec01cd 100644 --- a/jperm/urls.py +++ b/jperm/urls.py @@ -14,6 +14,9 @@ urlpatterns = patterns('jperm.views', (r'^perm_asset_detail/$', 'perm_asset_detail'), (r'^sudo_list/$', 'sudo_list'), (r'^sudo_add/$', 'sudo_add'), + (r'^sudo_del/$', 'sudo_del'), + (r'^sudo_edit/$', 'sudo_edit'), + (r'^sudo_detail/$', 'sudo_detail'), (r'^cmd_add/$', 'cmd_add'), (r'^cmd_list/$', 'cmd_list'), ) diff --git a/jperm/views.py b/jperm/views.py index 7433a61a6..6bf8a5399 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -163,28 +163,41 @@ def user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_group return user_groups_select_list, asset_groups_select_list, cmd_groups_select_list -def sudo_db_add(user_groups_select, asset_groups_select, cmd_groups_select, comment): +def sudo_db_add(name, user_runas , user_groups_select, asset_groups_select, cmd_groups_select, comment): user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) - sudo_perm = SudoPerm(comment=comment) + sudo_perm = SudoPerm(name=name, user_runas=user_runas, comment=comment) sudo_perm.save() sudo_perm.user_group = user_groups_select_list sudo_perm.asset_group = asset_groups_select_list sudo_perm.cmd_group = cmd_groups_select_list +def sudo_db_update(sudo_perm_id, name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment): + user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ + user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) + sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id) + if sudo_perm: + sudo_perm.update(name=name, user_runas=user_runas, comment=comment) + sudo_perm = sudo_perm[0] + sudo_perm.user_group = user_groups_select_list + sudo_perm.asset_group = asset_groups_select_list + sudo_perm.cmd_group = cmd_groups_select_list + + def unicode2str(unicode_list): return [str(i) for i in unicode_list] -def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select): +def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=False): user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) users = [] assets = [] cmds = [] + users_runas = users_runas.split(',') for user_group in user_groups_select_list: users.extend(user_group.user_set.all()) @@ -195,7 +208,7 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm for cmd_group in cmd_groups_select_list: cmds.extend(cmd_group.cmd.split(',')) - users_name = [user.name for user in users] + users_name = [user.username for user in users] assets_ip = [asset.ip for asset in assets] sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN) @@ -207,6 +220,9 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm 'sudoRunAsUser': unicode2str(users_runas), 'sudoUser': unicode2str(users_name)} + if update: + ldap_conn.delete(sudo_dn) + ldap_conn.add(sudo_dn, sudo_attr) @@ -218,13 +234,13 @@ def sudo_add(request): if request.method == 'POST': name = request.POST.get('name') - users_runas = request.POST.get('runas', 'root').split(',') + users_runas = request.POST.get('runas', 'root') user_groups_select = request.POST.getlist('user_groups_select') asset_groups_select = request.POST.getlist('asset_groups_select') cmd_groups_select = request.POST.getlist('cmd_groups_select') comment = request.POST.get('comment', '') - sudo_db_add(user_groups_select, asset_groups_select, cmd_groups_select, comment) + sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select) msg = '添加成功' @@ -233,23 +249,101 @@ def sudo_add(request): def sudo_list(request): header_title, path1, path2 = u'Sudo授权 | Perm Sudo Detail.', u'jperm', u'sudo_list' - sudo_perms = contact_list2 = SudoPerm.objects.all() - p2 = paginator2 = Paginator(contact_list2, 10) + sudo_perms = contact_list = SudoPerm.objects.all() + p1 = paginator1 = Paginator(contact_list, 10) user_groups = UserGroup.objects.filter(Q(type='A') | Q(type='P')) asset_groups = BisGroup.objects.all() cmd_groups = CmdGroup.objects.all() - try: - page = int(request.GET.get('page', '1')) - except ValueError: - page = 1 try: - contacts2 = paginator2.page(page) + page1 = int(request.GET.get('page', '1')) + except ValueError: + page1 = 1 + + try: + contacts1 = paginator1.page(page1) except (EmptyPage, InvalidPage): - contacts2 = paginator2.page(paginator2.num_pages) + contacts1 = paginator1.page(paginator1.num_pages) return render_to_response('jperm/sudo_list.html', locals()) +def sudo_edit(request): + header_title, path1, path2 = u'Sudo授权 | Perm Sudo Detail.', u'jperm', u'sudo_list' + + if request.method == 'GET': + sudo_perm_id = request.GET.get('id', '0') + sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id)) + if sudo_perm: + user_group_all = UserGroup.objects.filter(Q(type='A') | Q(type='P')) + asset_group_all = BisGroup.objects.filter() + cmd_group_all = CmdGroup.objects.all() + + sudo_perm = sudo_perm[0] + user_group_permed = sudo_perm.user_group.all() + asset_group_permed = sudo_perm.asset_group.all() + cmd_group_permed = sudo_perm.cmd_group.all() + + user_groups = [user_group for user_group in user_group_all if user_group not in user_group_permed] + asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] + cmd_groups = [cmd_group for cmd_group in cmd_group_all if cmd_group not in cmd_group_permed] + + name = sudo_perm.name + user_runas = sudo_perm.user_runas + comment = sudo_perm.comment + + else: + sudo_perm_id = request.POST.get('sudo_perm_id') + name = request.POST.get('name') + users_runas = request.POST.get('runas', 'root') + user_groups_select = request.POST.getlist('user_groups_select') + asset_groups_select = request.POST.getlist('asset_groups_select') + cmd_groups_select = request.POST.getlist('cmd_groups_select') + comment = request.POST.get('comment', '') + + sudo_db_update(sudo_perm_id, name, users_runas, user_groups_select, + asset_groups_select, cmd_groups_select, comment) + sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=True) + msg = '修改成功' + + return HttpResponseRedirect('/jperm/sudo_list/') + + return render_to_response('jperm/sudo_edit.html', locals()) + + +def sudo_detail(request): + sudo_perm_id = request.GET.get('id') + sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id) + if sudo_perm: + sudo_perm = sudo_perm[0] + user_groups = sudo_perm.user_group.all() + asset_groups = sudo_perm.asset_group.all() + cmd_groups = sudo_perm.cmd_group.all() + + users_list = [] + assets_list = [] + cmds_list = [] + + for user_group in user_groups: + users_list.extend(user_group.user_set.all()) + for asset_group in asset_groups: + assets_list.extend(asset_group.asset_set.all()) + for cmd_group in cmd_groups: + cmds_list.extend(cmd_group.cmd.split(',')) + + return render_to_response('jperm/sudo_detail.html', locals()) + + +def sudo_del(request): + sudo_perm_id = request.GET.get('id', '0') + sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id)) + if sudo_perm: + name = sudo_perm[0].name + sudo_perm.delete() + sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN) + ldap_conn.delete(sudo_dn) + return HttpResponseRedirect('/jperm/sudo_list/') + + def cmd_add(request): header_title, path1, path2 = u'sudo命令添加 | Sudo Cmd Add.', u'jperm', u'sudo_cmd_add' diff --git a/templates/jperm/sudo_detail.html b/templates/jperm/sudo_detail.html new file mode 100644 index 000000000..0b9e7fa08 --- /dev/null +++ b/templates/jperm/sudo_detail.html @@ -0,0 +1,38 @@ +{% extends 'base.html' %} +{% load mytags %} + +{% block content %} + {% include 'nav_cat_bar.html' %} +
+
+
+
+
+
详情 {{ user.name }} Add perm info.
+
+ + + + + + + + + + +
+
+
+ {{ }} +
+
+
+
+
+ +{% endblock %} \ No newline at end of file diff --git a/templates/jperm/sudo_edit.html b/templates/jperm/sudo_edit.html new file mode 100644 index 000000000..6e1f3e812 --- /dev/null +++ b/templates/jperm/sudo_edit.html @@ -0,0 +1,184 @@ +{% extends 'base.html' %} +{% load mytags %} +{% block content %} +{% include 'nav_cat_bar.html' %} + +
+
+
+
+
+
Sudo授权 show sudo perm info.
+
+ + + + + + + + + + +
+
+ +
+
+ {% if error %} +
{{ error }}
+ {% endif %} + {% if msg %} +
{{ msg }}
+ {% endif %} +
+
+ +
+ + + 取个名字方便辨识,只支持英文 +
+
+
+ +
+ +
+ + + 允许以哪个用户允许sudo,逗号分隔,默认root + +
+
+
+ +
+ +
+
+ +
+
+ + +
+
+ + +
+
+ +
+
+ +
+
+
+ +
+ +
+ +
+
+ +
+
+ +
+
+ + +
+
+ +
+
+ +
+
+
+ +
+ +
+ +
+
+ +
+
+ +
+
+ + +
+
+ +
+
+ +
+
+
+ + +
+
+ +
+ +
+
+
+
+ +
+
+
+ + +
+
+
+
+ +
+
+
+
+
+ + +{% endblock %} \ No newline at end of file diff --git a/templates/jperm/sudo_list.html b/templates/jperm/sudo_list.html index 22cd04607..812324ba5 100644 --- a/templates/jperm/sudo_list.html +++ b/templates/jperm/sudo_list.html @@ -60,106 +60,86 @@
-
- {% if error %} -
{{ error }}
- {% endif %} - {% if msg %} -
{{ msg }}
- {% endif %} -
-

用户组

-
- -
-
+ + + + + + + + + + + + + {% for sudo_perm in contacts1.object_list %} + + + + -
-
- - -
-
+ -

授权用户组

-
- -
+
+ + + {% endfor %} + +
授权名user_runas用户组主机组命令组备注
{{ sudo_perm.name }} {{ sudo_perm.user_runas }} + {% for user_group in sudo_perm.user_group.all %} + {{ user_group.name }} + {% endfor %} + + {% for asset_group in sudo_perm.asset_group.all %} + {{ asset_group.name }} + {% endfor %} + + {% for cmd_group in sudo_perm.cmd_group.all %} + {{ cmd_group.name }} + {% endfor %} + + 详情 + 编辑 + 删除 +
+
+
+
+ Showing {{ contacts1.start_index }} to {{ contacts1.end_index }} of {{ p1.count }} entries
- -
- -
-

主机组

-
- -
+
+
+
    + {% if contacts1.has_previous %} + + {% else %} + + {% endif %} + {% for page in p1.page_range %} + {% ifequal offset1 page %} +
  • {{ page }}
    • + {% else %} +
  • {{ page }}
    • + {% endifequal %} + {% endfor %} + {% if contacts1.has_next %} + + {% else %} + + {% endif %} +
- -
-
- - -
-
- -

授权主机组

-
- -
-
-
- -
- -
-

命令组

-
- -
-
- -
-
- - -
-
- -

命令组

-
- -
-
-
- -
- -
-
-
- -
-
-
@@ -179,7 +159,7 @@ {{ user.name }} {{ user.id | get_role }} - {{ user.username | groups_str }} + {{ user.username }} {{ user.id | perm_asset_count }} 详情