github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

调整User,UserGroup类

pull/26/head
Guang 2015-08-20 23:42:27 +08:00
parent 9e52e6a320
commit 9f0620f97e
6 changed files with 416 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
connect.py
View File

@ -26,20 +26,19 @@ os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
if django.get_version() != '1.6': if django.get_version() != '1.6':
django.setup() django.setup()
from jlog.models import Log from jlog.models import Log
from jumpserver.api import CONF, BASE_DIR, ServerError, Juser, Jasset, JassetGroup from jumpserver.api import CONF, BASE_DIR, ServerError, User, UserGroup, Asset, BisGroup
from jumpserver.api import CRYPTOR, logger, is_dir from jumpserver.api import CRYPTOR, logger, is_dir
try: try:
import termios import termios
import tty import tty
except ImportError: except ImportError:
print '\033[1;31mOnly unix like supported.\033[0m' print '\033[1;31m仅支持类Unix系统 Only unix like supported.\033[0m'
time.sleep(3) time.sleep(3)
sys.exit() sys.exit()
CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
log_dir = os.path.join(BASE_DIR, 'logs') log_dir = os.path.join(BASE_DIR, 'logs')
login_user = Juser(username=getpass.getuser()) login_user = User(username=getpass.getuser())
def color_print(msg, color='red', exits=False): def color_print(msg, color='red', exits=False):
@ -265,7 +264,7 @@ def verify_connect(user, option):
elif len(ip_matched) < 1: elif len(ip_matched) < 1:
color_print('No Permission or No host.', 'red') color_print('No Permission or No host.', 'red')
else: else:
asset = Jasset(ip=ip_matched[0]).asset asset = Asset(ip=ip_matched[0]).asset
jtty = Jtty(user, asset) jtty = Jtty(user, asset)
jtty.connect() jtty.connect()

14
docs/AddUserAsset.py
View File

@ -127,14 +127,14 @@ def test_add_log():
if __name__ == '__main__': if __name__ == '__main__':
#install() install()
#test_add_dept() test_add_dept()
#test_add_group() test_add_group()
#test_add_user() test_add_user()
#test_add_idc() test_add_idc()
#test_add_asset_group() test_add_asset_group()
test_add_asset() test_add_asset()
#test_add_log() test_add_log()

55
jasset/models.py
View File

@ -23,6 +23,45 @@ class BisGroup(models.Model):
def __unicode__(self): def __unicode__(self):
return self.name return self.name
def get_asset(self):
return self.asset_set.all()
def get_asset_info(self, printable=False):
assets = self.get_asset()
for asset in assets:
if asset.comment:
print '%-15s -- %s' % (asset.ip, asset.comment)
else:
print '%-15s' % asset.ip
print ''
def get_asset_num(self):
return len(self.get_asset())
def get_user_group(self):
perm_list = self.perm_set.all()
user_group_list = []
for perm in perm_list:
user_group_list.append(perm.user_group)
return user_group_list
def get_user(self):
user_list = []
user_group_list = self.get_user_group()
for user_group in user_group_list:
user_list.extend(user_group.user_set.all())
return user_list
def is_permed(self, user=None, user_group=None):
if user:
if user in self.get_user():
return True
if user_group:
if user_group in self.get_user_group():
return True
return False
class Asset(models.Model): class Asset(models.Model):
LOGIN_TYPE_CHOICES = ( LOGIN_TYPE_CHOICES = (
@ -44,6 +83,22 @@ class Asset(models.Model):
def __unicode__(self): def __unicode__(self):
return self.ip return self.ip
def get_user(self):
perm_list = []
asset_group_all = self.bis_group.all()
for asset_group in asset_group_all:
perm_list.extend(asset_group.perm_set.all())
user_group_list = []
for perm in perm_list:
user_group_list.append(perm.user_group)
user_permed_list = []
for user_group in user_group_list:
user_permed_list.extend(user_group.user_set.all())
user_permed_list = list(set(user_permed_list))
return user_permed_list
class AssetAlias(models.Model): class AssetAlias(models.Model):
user = models.ForeignKey(User) user = models.ForeignKey(User)

519
jumpserver/api.py
View File

@ -219,6 +219,7 @@ def require_login(func):
def require_super_user(func): def require_super_user(func):
"""要求是超级管理员"""
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('user_id'): if not request.session.get('user_id'):
return HttpResponseRedirect('/login/') return HttpResponseRedirect('/login/')
@ -230,6 +231,7 @@ def require_super_user(func):
def require_admin(func): def require_admin(func):
"""要求是管理员"""
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
if not request.session.get('user_id'): if not request.session.get('user_id'):
return HttpResponseRedirect('/login/') return HttpResponseRedirect('/login/')
@ -241,6 +243,7 @@ def require_admin(func):
def is_super_user(request): def is_super_user(request):
"""要求请求是超级管理员"""
if request.session.get('role_id') == 2: if request.session.get('role_id') == 2:
return True return True
else: else:
@ -248,6 +251,7 @@ def is_super_user(request):
def is_group_admin(request): def is_group_admin(request):
"""要求请求是组管理员"""
if request.session.get('role_id') == 1: if request.session.get('role_id') == 1:
return True return True
else: else:
@ -255,6 +259,7 @@ def is_group_admin(request):
def is_common_user(request): def is_common_user(request):
"""要求用户是普通用户"""
if request.session.get('role_id') == 0: if request.session.get('role_id') == 0:
return True return True
else: else:
@ -313,267 +318,267 @@ def api_user(request):
# return asset_group_list # return asset_group_list
class Juser(object): # class Juser(object):
""" # """
Jumpserver user class # Jumpserver user class
用户类 # 用户类
""" # """
#
def __init__(self, username=None, uid=None): # def __init__(self, username=None, uid=None):
if username: # if username:
user = User.objects.filter(username=username) # user = User.objects.filter(username=username)
elif uid: # elif uid:
user = User.objects.filter(id=uid) # user = User.objects.filter(id=uid)
else: # else:
user = '' # user = ''
#
if user: # if user:
user = user[0] # user = user[0]
self.user = user # self.user = user
self.id = user.id
# self.id = user.id # self.id = user.id
# self.username = user.username # # self.id = user.id
# self.name = user.name # # self.username = user.username
self.group = user.group.all() # # self.name = user.name
else: # self.group = user.group.all()
self.id = None # else:
# self.id = None
#
# def __repr__(self):
# if self.id:
# return '<%s Juser instance>' % getattr(self.user, 'username')
# else:
# return 'None'
#
# def __getattr__(self, item):
# if self.id:
# return getattr(self.user, item)
# else:
# return None
#
# def validate(self):
# """
# Validate is or not a true user
# 鉴定用户
# """
# if self.id:
# return True
# else:
# return False
#
# def get_asset_group(self):
# """
# Get user host_groups.
# 获取用户有权限的主机组
# """
# host_group_list = []
# perm_list = []
# user_group_all = self.user.group.all()
# for user_group in user_group_all:
# perm_list.extend(user_group.perm_set.all())
#
# for perm in perm_list:
# host_group_list.append(perm.asset_group)
#
# return host_group_list
#
# def get_asset_group_info(self, printable=False):
# """
# Get or print asset group info
# 获取或打印用户授权资产组
# """
# asset_groups_info = {}
# asset_groups = self.get_asset_group()
#
# for asset_group in asset_groups:
# asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment]
#
# if printable:
# for group_id in asset_groups_info:
# if asset_groups_info[group_id][1]:
# print "[%3s] %s -- %s" % (group_id,
# asset_groups_info[group_id][0],
# asset_groups_info[group_id][1])
# else:
# print "[%3s] %s" % (group_id, asset_groups_info[group_id][0])
# print ''
# else:
# return asset_groups_info
#
# def get_asset(self):
# """
# Get the assets of under the user control.
# 获取主机列表
# """
# assets = []
# asset_groups = self.get_asset_group()
#
# for asset_group in asset_groups:
# assets.extend(asset_group.asset_set.all())
#
# return assets
#
# def get_asset_info(self, printable=False):
# """
# Get or print the user asset info
# 获取或打印用户资产信息
# """
# assets_info = {}
# assets = self.get_asset()
#
# for asset in assets:
# asset_alias = AssetAlias.objects.filter(user=self.user, asset=asset)
# if asset_alias and asset_alias[0].alias != '':
# assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)]
# else:
# assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)]
#
# if printable:
# ips = assets_info.keys()
# ips.sort()
# for ip in ips:
# if assets_info[ip][2]:
# print '%-15s -- %s' % (ip, assets_info[ip][2])
# else:
# print '%-15s' % ip
# print ''
# else:
# return assets_info
#
def __repr__(self): # class Jasset(object):
if self.id: # """
return '<%s Juser instance>' % getattr(self.user, 'username') # Jumpserver asset class
else: # Jumpserver资产类
return 'None' # """
# def __init__(self, ip=None, id=None):
def __getattr__(self, item): # if ip:
if self.id: # asset = Asset.objects.filter(ip=ip)
return getattr(self.user, item) # elif id:
else: # asset = Asset.objects.filter(id=id)
return None # else:
# asset = ''
def validate(self): #
""" # if asset:
Validate is or not a true user # asset = asset[0]
鉴定用户 # self.asset = asset
""" # self.id = asset.id
if self.id: # else:
return True # self.id = None
else: #
return False # def __repr__(self):
# if self.id:
def get_asset_group(self): # return '<%s Jasset instance>' % self.asset.ip
""" # else:
Get user host_groups. # return 'None'
获取用户有权限的主机组 #
""" # def __getattr__(self, item):
host_group_list = [] # if self.id:
perm_list = [] # return getattr(self.asset, item)
user_group_all = self.user.group.all() # else:
for user_group in user_group_all: # return None
perm_list.extend(user_group.perm_set.all()) #
# def validate(self):
for perm in perm_list: # """
host_group_list.append(perm.asset_group) # Validate is or not a true asset
# 判断是否存在
return host_group_list # """
# if self.id:
def get_asset_group_info(self, printable=False): # return True
""" # else:
Get or print asset group info # return False
获取或打印用户授权资产组 #
""" # def get_user(self):
asset_groups_info = {} # perm_list = []
asset_groups = self.get_asset_group() # asset_group_all = self.bis_group.all()
# for asset_group in asset_group_all:
for asset_group in asset_groups: # perm_list.extend(asset_group.perm_set.all())
asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment] #
# user_group_list = []
if printable: # for perm in perm_list:
for group_id in asset_groups_info: # user_group_list.append(perm.user_group)
if asset_groups_info[group_id][1]: #
print "[%3s] %s -- %s" % (group_id, # user_permed_list = []
asset_groups_info[group_id][0], # for user_group in user_group_list:
asset_groups_info[group_id][1]) # user_permed_list.extend(user_group.user_set.all())
else: # user_permed_list = list(set(user_permed_list))
print "[%3s] %s" % (group_id, asset_groups_info[group_id][0]) # return user_permed_list
print ''
else:
return asset_groups_info
def get_asset(self):
"""
Get the assets of under the user control.
获取主机列表
"""
assets = []
asset_groups = self.get_asset_group()
for asset_group in asset_groups:
assets.extend(asset_group.asset_set.all())
return assets
def get_asset_info(self, printable=False):
"""
Get or print the user asset info
获取或打印用户资产信息
"""
assets_info = {}
assets = self.get_asset()
for asset in assets:
asset_alias = AssetAlias.objects.filter(user=self.user, asset=asset)
if asset_alias and asset_alias[0].alias != '':
assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)]
else:
assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)]
if printable:
ips = assets_info.keys()
ips.sort()
for ip in ips:
if assets_info[ip][2]:
print '%-15s -- %s' % (ip, assets_info[ip][2])
else:
print '%-15s' % ip
print ''
else:
return assets_info
class Jasset(object): # class JassetGroup(object):
""" # """
Jumpserver asset class # Jumpserver AssetGroup class
Jumpserver资产类 # Jumpserver 资产组类
""" # """
def __init__(self, ip=None, id=None): # def __init__(self, name=None, id=None):
if ip: # if id:
asset = Asset.objects.filter(ip=ip) # asset_group = BisGroup.objects.filter(id=int(id))
elif id: # elif name:
asset = Asset.objects.filter(id=id) # asset_group = BisGroup.objects.filter(name=name)
else: # else:
asset = '' # asset_group = ''
#
if asset: # if asset_group:
asset = asset[0] # asset_group = asset_group[0]
self.asset = asset # self.asset_group = asset_group
self.id = asset.id # # self.name = asset_group.name
else: # self.id = asset_group.id
self.id = None # else:
# self.id = None
def __repr__(self): #
if self.id: # def __repr__(self):
return '<%s Jasset instance>' % self.asset.ip # if self.id:
else: # return '<%s JassetGroup instance>' % self.name
return 'None' # else:
# return 'None'
def __getattr__(self, item): #
if self.id: # def validate(self):
return getattr(self.asset, item) # """
else: # Validate it is a true asset group or not
return None # 鉴定是否为真是存在的组
# """
def validate(self): # if self.id:
""" # return True
Validate is or not a true asset # else:
判断是否存在 # return False
""" #
if self.id: # def get_asset(self):
return True # return self.asset_group.asset_set.all()
else: #
return False # def get_asset_info(self, printable=False):
# assets = self.get_asset()
def get_user(self): # for asset in assets:
perm_list = [] # if asset.comment:
asset_group_all = self.asset.bis_group.all() # print '%-15s -- %s' % (asset.ip, asset.comment)
for asset_group in asset_group_all: # else:
perm_list.extend(asset_group.perm_set.all()) # print '%-15s' % asset.ip
# print ''
user_group_list = [] #
for perm in perm_list: # def get_asset_num(self):
user_group_list.append(perm.user_group) # return len(self.get_asset())
#
user_permed_list = [] # def get_user_group(self):
for user_group in user_group_list: # perm_list = self.asset_group.perm_set.all()
user_permed_list.extend(user_group.user_set.all()) # user_group_list = []
user_permed_list = list(set(user_permed_list)) # for perm in perm_list:
return user_permed_list # user_group_list.append(perm.user_group)
# return user_group_list
#
class JassetGroup(object): # def get_user(self):
""" # user_list = []
Jumpserver AssetGroup class # user_group_list = self.get_user_group()
Jumpserver 资产组类 # for user_group in user_group_list:
""" # user_list.extend(user_group.user_set.all())
def __init__(self, name=None, id=None): # return user_list
if id: #
asset_group = BisGroup.objects.filter(id=int(id)) # def is_permed(self, user=None, user_group=None):
elif name: # if user:
asset_group = BisGroup.objects.filter(name=name) # if user in self.get_user():
else: # return True
asset_group = '' #
# if user_group:
if asset_group: # if user_group in self.get_user_group():
asset_group = asset_group[0] # return True
self.asset_group = asset_group # return False
# self.name = asset_group.name
self.id = asset_group.id
else:
self.id = None
def __repr__(self):
if self.id:
return '<%s JassetGroup instance>' % self.name
else:
return 'None'
def validate(self):
"""
Validate it is a true asset group or not
鉴定是否为真是存在的组
"""
if self.id:
return True
else:
return False
def get_asset(self):
return self.asset_group.asset_set.all()
def get_asset_info(self, printable=False):
assets = self.get_asset()
for asset in assets:
if asset.comment:
print '%-15s -- %s' % (asset.ip, asset.comment)
else:
print '%-15s' % asset.ip
print ''
def get_asset_num(self):
return len(self.get_asset())
def get_user_group(self):
perm_list = self.asset_group.perm_set.all()
user_group_list = []
for perm in perm_list:
user_group_list.append(perm.user_group)
return user_group_list
def get_user(self):
user_list = []
user_group_list = self.get_user_group()
for user_group in user_group_list:
user_list.extend(user_group.user_set.all())
return user_list
def is_permed(self, user=None, user_group=None):
if user:
if user in self.get_user():
return True
if user_group:
if user_group in self.get_user_group():
return True
return False
# def asset_perm_api(asset): # def asset_perm_api(asset):

84
juser/models.py
View File

@ -1,3 +1,5 @@
#coding: utf-8
from django.db import models from django.db import models
@ -32,10 +34,90 @@ class User(models.Model):
dept = models.ForeignKey(DEPT) dept = models.ForeignKey(DEPT)
group = models.ManyToManyField(UserGroup) group = models.ManyToManyField(UserGroup)
ldap_pwd = models.CharField(max_length=128) ldap_pwd = models.CharField(max_length=128)
ssh_key_pwd = models.CharField(max_length=100) ssh_key_pwd = models.CharField(max_length=200)
is_active = models.BooleanField(default=True) is_active = models.BooleanField(default=True)
last_login = models.DateTimeField(null=True) last_login = models.DateTimeField(null=True)
date_joined = models.DateTimeField(null=True) date_joined = models.DateTimeField(null=True)
def __unicode__(self): def __unicode__(self):
return self.username return self.username
def get_asset_group(self):
"""
Get user host_groups.
获取用户有权限的主机组
"""
host_group_list = []
perm_list = []
user_group_all = self.group.all()
for user_group in user_group_all:
perm_list.extend(user_group.perm_set.all())
for perm in perm_list:
host_group_list.append(perm.asset_group)
return host_group_list
def get_asset_group_info(self, printable=False):
"""
Get or print asset group info
获取或打印用户授权资产组
"""
asset_groups_info = {}
asset_groups = self.get_asset_group()
for asset_group in asset_groups:
asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment]
if printable:
for group_id in asset_groups_info:
if asset_groups_info[group_id][1]:
print "[%3s] %s -- %s" % (group_id,
asset_groups_info[group_id][0],
asset_groups_info[group_id][1])
else:
print "[%3s] %s" % (group_id, asset_groups_info[group_id][0])
print ''
else:
return asset_groups_info
def get_asset(self):
"""
Get the assets of under the user control.
获取主机列表
"""
assets = []
asset_groups = self.get_asset_group()
for asset_group in asset_groups:
assets.extend(asset_group.asset_set.all())
return assets
def get_asset_info(self, printable=False):
"""
Get or print the user asset info
获取或打印用户资产信息
"""
from jasset.models import AssetAlias
assets_info = {}
assets = self.get_asset()
for asset in assets:
asset_alias = AssetAlias.objects.filter(user=self.user, asset=asset)
if asset_alias and asset_alias[0].alias != '':
assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)]
else:
assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)]
if printable:
ips = assets_info.keys()
ips.sort()
for ip in ips:
if assets_info[ip][2]:
print '%-15s -- %s' % (ip, assets_info[ip][2])
else:
print '%-15s' % ip
print ''
else:
return assets_info

4
juser/views.py
View File

@ -13,6 +13,10 @@ from django.db.models import ObjectDoesNotExist
from jumpserver.api import * from jumpserver.api import *
def md5_crypt(string):
return hashlib.new("md5", string).hexdigest()
def gen_rand_pwd(num): def gen_rand_pwd(num):
""" """
generate random password generate random password