github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix user perm group perm

pull/31/head
ibuler 2015-12-25 20:26:31 +08:00
parent 9fc0c9da06
commit 9eb64466bc
3 changed files with 31 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
jperm/perm_api.py
View File

@ -29,7 +29,10 @@ def get_group_user_perm(ob):
"""
perm = {}
if isinstance(ob, User):
rule_all = PermRule.objects.filter(user=ob)
rule_all = set(PermRule.objects.filter(user=ob))
for user_group in ob.group.all():
rule_all = rule_all.union(set(PermRule.objects.filter(user_group=user_group)))
elif isinstance(ob, UserGroup):
rule_all = PermRule.objects.filter(user_group=ob)
else:
@ -80,6 +83,7 @@ def get_group_user_perm(ob):
else:
perm_asset[asset] = {'role': perm_asset_group[asset_group].get('role', set()),
'rule': perm_asset_group[asset_group].get('rule', set())}
print perm
return perm

2
jperm/views.py
View File

@ -667,7 +667,7 @@ def perm_role_get(request):
asset = get_object(Asset, id=asset_id)
if asset:
role = user_have_perm(request.user, asset=asset)
logger.debug('#' + ','.join([i.name for i in role]) + '#')
logger.debug(u'获取授权系统用户: ' + ','.join([i.name for i in role]))
return HttpResponse(','.join([i.name for i in role]))
else:
roles = get_group_user_perm(request.user).get('role').keys()

51
run_websocket.py
View File

@ -44,29 +44,28 @@ def require_auth(role='user'):
else:
session_key = request.get_argument('sessionid', '')
logger.debug('Websocket: session_key: %s' % session_key)
logger.debug(u'请求session_key: %s' % session_key)
if session_key:
session = get_object(Session, session_key=session_key)
logger.debug('Websocket: session: %s' % session)
if session and datetime.datetime.now() < session.expire_date:
user_id = session.get_decoded().get('_auth_user_id')
user = get_object(User, id=user_id)
if user:
logger.debug('Websocket: user [ %s ] request websocket' % user.username)
logger.debug(u'用户 [ %s ] 请求websocket' % user.username)
request.user = user
if role == 'admin':
if user.role in ['SU', 'GA']:
return func(request, *args, **kwargs)
logger.debug('Websocket: user [ %s ] is not admin.' % user.username)
logger.debug(u'用户 [ %s ] 不是admin.' % user.username)
else:
return func(request, *args, **kwargs)
else:
logger.debug('Websocket: session expired: %s' % session_key)
logger.debug(u'session过期 %s' % session_key)
try:
request.close()
except AttributeError:
pass
logger.warning('Websocket: Request auth failed.')
logger.warning('认证失败,非法请求')
return _deco2
return _deco
@ -96,10 +95,10 @@ def file_monitor(path='.', client=None):
notifier = AsyncNotifier(wm, EventHandler(client))
wm.add_watch(path, mask, auto_add=True, rec=True)
if not os.path.isfile(path):
logger.debug("File %s does not exist." % path)
logger.debug(u"文件 %s 不存在." % path)
sys.exit(3)
else:
logger.debug("Now starting monitor file %s." % path)
logger.debug(u"开始监控文件 %s." % path)
global f
f = open(path, 'r')
st_size = os.stat(path)[6]
@ -149,8 +148,8 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
MonitorHandler.clients.remove(self)
MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients),
len(MonitorHandler.threads)))
logger.debug(u"监控在线数量: %s, 线程数量: %s" % (len(MonitorHandler.clients),
len(MonitorHandler.threads)))
def on_message(self, message):
# 监控日志,发生变动发向客户端
@ -160,7 +159,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
# 客户端主动关闭
# self.close()
logger.debug("Websocket: Monitor client close request")
logger.debug("监控请求关闭")
try:
client_index = MonitorHandler.clients.index(self)
MonitorHandler.clients.remove(self)
@ -184,10 +183,10 @@ class WebTerminalKillHandler(tornado.web.RequestHandler):
Log.objects.filter(id=ws_id).update(is_finished=True)
for ws in WebTerminalHandler.clients:
if ws.id == int(ws_id):
logger.debug("Kill log id %s" % ws_id)
logger.debug(u"终结logID %s" % ws_id)
ws.log.save()
ws.close()
logger.debug('Websocket: web terminal client num: %s' % len(WebTerminalHandler.clients))
logger.debug(u'WebTerminal在线数量: %s' % len(WebTerminalHandler.clients))
class ExecHandler(tornado.websocket.WebSocketHandler):
@ -209,7 +208,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
@require_auth('user')
def open(self):
logger.debug('Websocket: Open exec request')
logger.debug('web批量命令执行请求')
role_name = self.get_argument('role', 'sb')
self.remote_ip = self.request.remote_ip
logger.debug('Web执行命令: 请求系统用户 %s' % role_name)
@ -255,7 +254,6 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
for k, v in self.runner.results.items():
for host, output in v.items():
output = newline_pattern.sub('<br />', output)
logger.debug(output)
if k == 'ok':
header = "<span style='color: green'>[ %s => %s]</span>\n" % (host, 'Ok')
else:
@ -266,7 +264,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
self.write_message('\n~o~ Task finished ~o~\n')
def on_close(self):
logger.debug('关闭web_exec请求')
logger.debug('关闭web批量命令请求')
class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@ -289,30 +287,31 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@require_auth('user')
def open(self):
logger.debug('Websocket: Open request')
logger.debug('WebTerminal请求')
role_name = self.get_argument('role', 'sb')
asset_id = self.get_argument('id', 9999)
asset = get_object(Asset, id=asset_id)
if asset:
roles = user_have_perm(self.user, asset)
logger.debug(roles)
logger.debug('系统用户: %s' % role_name)
logger.debug('请求系统用户: %s' % role_name)
login_role = ''
for role in roles:
if role.name == role_name:
login_role = role
break
if not login_role:
logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.hostname,
self.user.username))
logger.warning(u'%s 这台主机上没有为用户%s 授权系统用户%s ' % (asset.hostname,
self.user.username,
role_name))
self.close()
return
else:
logger.warning('Websocket: No that Host: %s User: %s ' % (asset_id, self.user.username))
logger.warning(u'没有授权该主机 %s' % asset_id)
self.close()
return
logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username,
login_role.name))
logger.debug('web terminal 请求主机: %s 用户: %s 系统用户: %s' % (asset.hostname,
self.user.username,
login_role.name))
self.term = WebTty(self.user, asset, login_role, login_type='web')
self.term.remote_ip = self.request.remote_ip
self.ssh = self.term.get_connection()
@ -352,7 +351,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
self.channel.send(data['data'])
def on_close(self):
logger.debug('Websocket: Close request')
logger.debug('关闭websocket请求')
if self in WebTerminalHandler.clients:
WebTerminalHandler.clients.remove(self)
try:
@ -425,6 +424,6 @@ if __name__ == '__main__':
server = tornado.httpserver.HTTPServer(app)
server.bind(options.port, options.host)
#server.listen(options.port)
server.start(num_processes=5)
#server.start(num_processes=5)
print "Run server on %s:%s" % (options.host, options.port)
tornado.ioloop.IOLoop.instance().start()