diff --git a/jasset/views.py b/jasset/views.py
index 4f30b0b40..430bf0a6f 100644
--- a/jasset/views.py
+++ b/jasset/views.py
@@ -220,11 +220,14 @@ def host_add_batch(request):
if host == '':
break
j_ip, j_port, j_type, j_idc, j_groups, j_depts, j_active, j_comment = host.split()
- j_type = login_types[j_type]
j_active = active_types[str(j_active)]
j_group = ast.literal_eval(j_groups)
j_dept = ast.literal_eval(j_depts)
+ if j_type not in ['LDAP', 'MAP']:
+ return httperror(request, u'没有%s这种登录方式!' %j_type)
+
+ j_type = login_types[j_type]
idc = IDC.objects.filter(name=j_idc)
if idc:
j_idc = idc[0].id
@@ -326,6 +329,7 @@ def host_list(request):
dept = DEPT.objects.get(id=dept_id)
did = request.GET.get('did', '')
gid = request.GET.get('gid', '')
+ sid = request.GET.get('sid', '')
user_id = get_session_user_info(request)[0]
post_all = Asset.objects.all().order_by('ip')
@@ -360,6 +364,27 @@ def host_list(request):
return httperror(request, u'没有这个小组!')
return my_render('jasset/host_list_nop.html', locals(), request)
+ elif sid:
+ if is_common_user(request):
+ return httperror(request, u'您无权查看!')
+
+ elif is_group_admin(request) and not verify(request, user_group=[sid]):
+ return httperror(request, u'您无权查看!')
+
+ posts, asset_groups = [], []
+ user_group = UserGroup.objects.filter(id=int(sid))
+ if user_group:
+ user_group = user_group[0]
+ for perm in user_group.sudoperm_set.all():
+ asset_groups.extend(perm.asset_group.all())
+
+ for asset_group in asset_groups:
+ posts.extend(asset_group.asset_set.all())
+ posts = list(set(posts))
+ else:
+ return httperror(request, u'没有这个sudo授权!')
+ return my_render('jasset/host_list_nop.html', locals(), request)
+
else:
if is_super_user(request):
if keyword:
@@ -619,7 +644,7 @@ def idc_del(request):
for i in range(int(len_list)):
key = "id_list[" + str(i) + "]"
idc_id = request.POST.get(key)
- db_idc_delete(request, idc_id)
+ db_idc_delete(request, int(idc_id))
else:
db_idc_delete(request, int(offset))
return HttpResponseRedirect('/jasset/idc_list/')
@@ -677,18 +702,36 @@ def group_list(request):
gid = request.GET.get('gid')
sid = request.GET.get('sid')
if gid:
+ if is_common_user(request):
+ return httperror(request, u'您无权查看!')
+
+ elif is_group_admin(request) and not verify(request, user_group=[gid]):
+ return httperror(request, u'您无权查看!')
+
posts = []
- user_group = UserGroup.objects.get(id=gid)
- perms = Perm.objects.filter(user_group=user_group)
- for perm in perms:
- posts.append(perm.asset_group)
+ user_group = UserGroup.objects.filter(id=gid)
+ if user_group:
+ user_group = user_group[0]
+ perms = Perm.objects.filter(user_group=user_group)
+ for perm in perms:
+ posts.append(perm.asset_group)
elif sid:
+ if is_common_user(request):
+ return httperror(request, u'您无权查看!')
+
+ elif is_group_admin(request) and not verify(request, user_group=[sid]):
+ return httperror(request, u'您无权查看!')
+
posts = []
- user_group = UserGroup.objects.get(id=sid)
- perms = Perm.objects.filter(user_group=user_group)
- for perm in perms:
- posts.append(perm.asset_group)
+ user_group = UserGroup.objects.filter(id=sid)
+ if user_group:
+ user_group = user_group[0]
+ for perm in user_group.sudoperm_set.all():
+ posts.extend(perm.asset_group.all())
+ posts = list(set(posts))
+ else:
+ return httperror(request, u'没有此sudo授权!')
else:
if is_super_user(request):
@@ -712,21 +755,26 @@ def group_edit(request):
""" 修改主机组 """
header_title, path1, path2 = u'编辑主机组', u'资产管理', u'编辑主机组'
group_id = request.GET.get('id', '')
- group = BisGroup.objects.get(id=group_id)
+ group = BisGroup.objects.filter(id=group_id)
+ if group:
+ group = group.first()
+ else:
+ httperror(request, u'没有这个主机组!')
+
host_all = Asset.objects.all()
- dept_id = get_user_dept(request)
+ dept_id = get_session_user_info(request)[3]
eposts = Asset.objects.filter(bis_group=group)
- if is_super_user(request):
- edept = DEPT.objects.all()
- posts = [g for g in host_all if g not in eposts]
+ if is_group_admin(request) and not verify(request, asset_group=[group_id]):
+ return httperror(request, '编辑失败, 您无权操作!')
+ dept = DEPT.objects.filter(id=group.dept.id)
+ if dept:
+ dept = dept[0]
+ else:
+ return httperror(request, u'没有这个部门!')
- elif is_group_admin(request):
- if not verify(request, asset_group=[group_id]):
- return httperror(request, '编辑失败, 您无权操作!')
- dept = DEPT.objects.get(id=dept_id)
- all_dept = Asset.objects.filter(dept=dept)
- posts = [g for g in all_dept if g not in eposts]
+ all_dept = dept.asset_set.all()
+ posts = [g for g in all_dept if g not in eposts]
if request.method == 'POST':
j_group = request.POST.get('j_group', '')
diff --git a/jumpserver.conf b/jumpserver.conf
index c1e035757..d08e6cc0b 100644
--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -1,7 +1,7 @@
#coding: utf8
[base]
-ip = 192.168.20.209
+ip = 192.168.0.129
port = 80
key = 88aaaf7ffe3c6c04
diff --git a/log_handler.py b/log_handler.py
index a3942a288..b1ec0fccc 100755
--- a/log_handler.py
+++ b/log_handler.py
@@ -16,7 +16,7 @@ from jlog.models import Log
def log_hanler(id):
log = Log.objects.get(id=id)
- pattern = re.compile(r'\[.*@.*\][\$#].*')
+ pattern = re.compile(r'(\[.*@.*\][\$#].*) | (mysql>.*)')
if log:
filename = log.log_path
if os.path.isfile(filename):
diff --git a/templates/jasset/group_edit.html b/templates/jasset/group_edit.html
index 2080f97c2..2f142a2e3 100644
--- a/templates/jasset/group_edit.html
+++ b/templates/jasset/group_edit.html
@@ -66,32 +66,12 @@
- {% ifequal session_role_id 2 %}
-
-
- {% endifequal %}
-
- {% ifequal session_role_id 1 %}
-
-
- {% endifequal %}
+
+
@@ -189,25 +169,6 @@
$(this).prop('selected', true)
})
}
-
-// $('#search').keyup(function() {
-// var $rows = $('#hosts option');
-// console.log($rows);
-// var val = $.trim($(this).val()).replace(/ +/g, ' ').toLowerCase();
-//
-// $rows.show().filter(function() {
-// var text = $(this).text().replace(/\s+/g, ' ').toLowerCase();
-// return !~text.indexOf(val);
-// }).hide();
-// });
-
- function change_dept(dept_id){
- $.get('/jasset/dept_host_ajax/',
- {'id': dept_id},
- function(data){
- $('#assets').html(data)
- })
- }
{% endblock %}
\ No newline at end of file