diff --git a/jasset/views.py b/jasset/views.py index d0dfb3bd5..5ef312435 100644 --- a/jasset/views.py +++ b/jasset/views.py @@ -24,6 +24,7 @@ def httperror(request, emg): def get_host_groups(groups): + """ 获取主机所属的组类 """ ret = [] for group_id in groups: group = BisGroup.objects.filter(id=group_id) @@ -34,6 +35,7 @@ def get_host_groups(groups): def get_host_depts(depts): + """ 获取主机所属的部门类 """ ret = [] for dept_id in depts: dept = DEPT.objects.filter(id=dept_id) @@ -43,8 +45,9 @@ def get_host_depts(depts): return ret -def db_host_insert(ip, port, idc, jtype, group, dept, active, comment, username='', password=''): +def db_host_insert(host_info, username='', password=''): """ 添加主机时数据库操作函数 """ + ip, port, idc, jtype, group, dept, active, comment = host_info idc = IDC.objects.filter(id=idc) if idc: idc = idc[0] @@ -72,10 +75,11 @@ def db_host_insert(ip, port, idc, jtype, group, dept, active, comment, username= a.bis_group = groups a.dept = depts a.save() - - -def db_host_update(ip, port, idc, jtype, group, dept, active, comment, host, username='', password=''): + + +def db_host_update(host_info, username='', password=''): """ 修改主机时数据库操作函数 """ + ip, port, idc, jtype, group, dept, active, comment, host = host_info idc = IDC.objects.filter(id=idc) if idc: idc = idc[0] @@ -89,10 +93,8 @@ def db_host_update(ip, port, idc, jtype, group, dept, active, comment, host, use host.comment = comment if jtype == 'M': - print password, host.password if password != host.password: password = cryptor.encrypt(password) - print password host.password = password host.username = username host.password = password @@ -102,8 +104,9 @@ def db_host_update(ip, port, idc, jtype, group, dept, active, comment, host, use host.save() -def batch_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment, j_user='', j_password=''): +def batch_host_edit(host_info, j_user='', j_password=''): """ 批量修改主机函数 """ + j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment = host_info groups, depts = [], [] is_active = {u'是': '1', u'否': '2'} login_types = {'LDAP': 'L', 'MAP': 'M'} @@ -140,8 +143,37 @@ def batch_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active a.save() +def db_host_delete(request, host_id): + """ 删除主机操作 """ + if is_group_admin(request) and not validate(request, asset=[host_id]): + return httperror(request, '删除失败, 您无权删除!') + + asset = Asset.objects.filter(id=host_id) + if asset: + asset.delete() + else: + return httperror(request, '删除失败, 没有此主机!') + + +def db_idc_delete(request, idc_id): + """ IDC删除操作数据库函数 """ + if idc_id == 1: + return httperror(request, '删除失败, 默认IDC不能删除!') + + default_idc = IDC.objects.get(id=1) + + idc = IDC.objects.filter(id=idc_id) + if idc: + idc_class = idc.first() + idc_class.asset_set.update(idc=default_idc) + idc.delete() + else: + return httperror(request, '删除失败, 没有这个IDC!') + + @require_admin def host_add(request): + """ 添加主机 """ header_title, path1, path2 = u'添加主机', u'资产管理', u'添加主机' login_types = {'L': 'LDAP', 'M': 'MAP'} eidc = IDC.objects.exclude(name='ALL') @@ -161,20 +193,20 @@ def host_add(request): j_active = request.POST.get('j_active') j_comment = request.POST.get('j_comment') j_dept = request.POST.getlist('j_dept') + + host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment] if is_group_admin(request) and not verify(request, asset_group=j_group, edept=j_dept): - emg = u'添加失败,您无权操作!' - return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request)) + return httperror(request, u'添加失败,您无权操作!') if Asset.objects.filter(ip=str(j_ip)): emg = u'该IP %s 已存在!' % j_ip return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request)) - if j_type == 'M': j_user = request.POST.get('j_user') j_password = request.POST.get('j_password', '') - db_host_insert(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password) + db_host_insert(host_info, j_user, j_password) else: - db_host_insert(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment) + db_host_insert(host_info) smg = u'主机 %s 添加成功' % j_ip return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request)) @@ -182,13 +214,13 @@ def host_add(request): @require_admin def host_add_batch(request): + """ 批量添加主机 """ header_title, path1, path2 = u'批量添加主机', u'资产管理', u'批量添加主机' login_types = {'LDAP': 'L', 'MAP': 'M'} active_types = {'激活': 1, '禁用': 0} dept_id = get_user_dept(request) if request.method == 'POST': multi_hosts = request.POST.get('j_multi').split('\n') - print multi_hosts for host in multi_hosts: if host == '': break @@ -201,34 +233,34 @@ def host_add_batch(request): idc = IDC.objects.filter(name=j_idc) if idc: j_idc = idc[0].id + else: + return httperror(request, '添加失败, 没有%s这个IDC' % j_idc) group_ids, dept_ids = [], [] for group_name in j_group: group = BisGroup.objects.filter(name=group_name) if group: group_id = group[0].id + else: + return httperror(request, '添加失败, 没有%s这个主机组' % group_name) group_ids.append(group_id) for dept_name in j_dept: dept = DEPT.objects.filter(name=dept_name) if dept: dept_id = dept[0].id + else: + return httperror(request, '添加失败, 没有%s这个部门' % dept_name) dept_ids.append(dept_id) if is_group_admin(request) and not verify(request, asset_group=group_ids, edept=dept_ids): - return httperror(request, '添加失败, 您无权添加!') + return httperror(request, '添加失败, 没有%s这个主机组' % group_name) if Asset.objects.filter(ip=str(j_ip)): - emg = u'该IP %s 已存在!' % j_ip - return render_to_response('jasset/host_add_multi.html', locals(), - context_instance=RequestContext(request)) + return httperror(request, '添加失败, 改IP%s已存在' % j_ip) - # if j_type == 'M': - # j_user = request.POST.get('j_user') - # j_password = request.POST.get('j_password') - # db_host_insert(j_ip, j_port, j_idc, j_type, group_ids, dept_ids, j_active, j_comment) - # else: - db_host_insert(j_ip, j_port, j_idc, j_type, group_ids, dept_ids, j_active, j_comment) + host_info = [j_ip, j_port, j_idc, j_type, group_ids, dept_ids, j_active, j_comment] + db_host_insert(host_info) smg = u'批量添加添加成功' return render_to_response('jasset/host_add_multi.html', locals(), context_instance=RequestContext(request)) @@ -238,6 +270,7 @@ def host_add_batch(request): @require_admin def host_edit_batch(request): + """ 批量修改主机 """ if request.method == 'POST': len_table = request.POST.get('len_table') for i in range(int(len_table)): @@ -261,14 +294,16 @@ def host_edit_batch(request): j_active = request.POST.get(j_active).strip() j_comment = request.POST.get(j_comment).strip() - batch_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment) + host_info = [j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment] + batch_host_edit(host_info) return render_to_response('jasset/host_list.html') @require_login def host_edit_common_batch(request): - user_id = request.session.get('user_id', '') + """ 普通用户批量修改主机别名 """ + user_id = get_session_user_info(request)[0] u = User.objects.get(id=user_id) if request.method == 'POST': len_table = request.POST.get('len_table') @@ -290,13 +325,20 @@ def host_edit_common_batch(request): @require_login def host_list(request): + """ 列出主机 """ header_title, path1, path2 = u'查看主机', u'资产管理', u'查看主机' keyword = request.GET.get('keyword', '') - dept_id = get_user_dept(request) + dept_id = get_session_user_info(request)[3] dept = DEPT.objects.get(id=dept_id) did = request.GET.get('did', '') gid = request.GET.get('gid', '') sid = request.GET.get('sid', '') + post_all = Asset.objects.all().order_by('ip') + + post_keyword_all = Asset.objects.filter(Q(ip__contains=keyword) | + Q(idc__name__contains=keyword) | + Q(bis_group__name__contains=keyword) | + Q(comment__contains=keyword)).distinct().order_by('ip') if did: dept = DEPT.objects.get(id=did) posts = dept.asset_set.all() @@ -325,28 +367,23 @@ def host_list(request): else: if is_super_user(request): if keyword: - posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) | - Q(bis_group__name__contains=keyword) | Q( - comment__contains=keyword)).distinct().order_by('ip') + posts = post_keyword_all else: - posts = Asset.objects.all().order_by('ip') + posts = post_all contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) return render_to_response('jasset/host_list.html', locals(), context_instance=RequestContext(request)) elif is_group_admin(request): if keyword: - posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) | - Q(bis_group__name__contains=keyword) | Q( - comment__contains=keyword)).filter(dept=dept).distinct().order_by('ip') + posts = post_keyword_all.filter(dept=dept) else: - posts = Asset.objects.all().filter(dept=dept).order_by('ip') + posts = post_all.filter(dept=dept) contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) return render_to_response('jasset/host_list.html', locals(), context_instance=RequestContext(request)) elif is_common_user(request): - user_id = get_session_user_info(request)[0] - username = get_session_user_info(request)[1] + user_id, username = get_session_user_info(request)[0:2] posts = user_perm_asset_api(username) contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) return render_to_response('jasset/host_list_common.html', locals(), @@ -355,28 +392,23 @@ def host_list(request): @require_admin def host_del(request, offset): + """ 删除主机 """ if offset == 'multi': len_list = request.POST.get("len_list") for i in range(int(len_list)): key = "id_list[" + str(i) + "]" - jid = request.POST.get(key) - if is_group_admin(request) and not validate(request, asset=[jid]): - return HttpResponseRedirect('/jasset/host_list/') - a = Asset.objects.get(id=jid).ip - Asset.objects.filter(id=jid).delete() - BisGroup.objects.filter(name=a).delete() + host_id = request.POST.get(key) + db_host_delete(request, host_id) else: - jid = int(offset) - if is_group_admin(request) and not validate(request, asset=[jid]): - return HttpResponseRedirect('/jasset/host_list/') - a = Asset.objects.get(id=jid).ip - BisGroup.objects.filter(name=a).delete() - Asset.objects.filter(id=jid).delete() + host_id = int(offset) + db_host_delete(request, host_id) + return HttpResponseRedirect('/jasset/host_list/') @require_super_user def host_edit(request): + """ 修改主机 """ header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机' actives = {1: u'激活', 0: u'禁用'} login_types = {'L': 'LDAP', 'M': 'MAP'} @@ -403,12 +435,13 @@ def host_edit(request): j_active = request.POST.get('j_active', '') j_comment = request.POST.get('j_comment', '') + host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment] if j_type == 'M': j_user = request.POST.get('j_user') j_password = request.POST.get('j_password') - db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, post, j_password, post) + db_host_update(host_info, j_user, j_password, post) else: - db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, post) + db_host_update(host_info, post) smg = u'主机 %s 修改成功' % j_ip return HttpResponseRedirect('/jasset/host_detail/?id=%s' % host_id) @@ -418,6 +451,7 @@ def host_edit(request): @require_admin def host_edit_adm(request): + """ 部门管理员修改主机 """ header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机' actives = {1: u'激活', 0: u'禁用'} login_types = {'L': 'LDAP', 'M': 'MAP'} @@ -443,6 +477,8 @@ def host_edit_adm(request): j_active = request.POST.get('j_active') j_comment = request.POST.get('j_comment') + host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment] + if not verify(request, asset_group=j_group, edept=j_dept): emg = u'修改失败,您无权操作!' return render_to_response('jasset/host_edit.html', locals(), context_instance=RequestContext(request)) @@ -450,9 +486,9 @@ def host_edit_adm(request): if j_type == 'M': j_user = request.POST.get('j_user') j_password = request.POST.get('j_password') - db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, post, j_user, j_password) + db_host_update(host_info, j_user, j_password, post) else: - db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, post) + db_host_update(host_info, post) smg = u'主机 %s 修改成功' % j_ip return HttpResponseRedirect('/jasset/host_detail/?id=%s' % host_id) @@ -462,6 +498,7 @@ def host_edit_adm(request): @require_login def host_detail(request): + """ 主机详情 """ header_title, path1, path2 = u'主机详细信息', u'资产管理', u'主机详情' host_id = request.GET.get('id', '') post = Asset.objects.filter(id=host_id) @@ -487,6 +524,7 @@ def host_detail(request): @require_super_user def idc_add(request): + """ 添加IDC """ header_title, path1, path2 = u'添加IDC', u'资产管理', u'添加IDC' if request.method == 'POST': j_idc = request.POST.get('j_idc') @@ -503,6 +541,7 @@ def idc_add(request): @require_admin def idc_list(request): + """ 列出IDC """ header_title, path1, path2 = u'查看IDC', u'资产管理', u'查看IDC' dept_id = get_user_dept(request) dept = DEPT.objects.get(id=dept_id) @@ -517,8 +556,9 @@ def idc_list(request): @require_super_user def idc_edit(request): + """ 修改IDC """ header_title, path1, path2 = u'编辑IDC', u'资产管理', u'编辑IDC' - idc_id = request.GET.get('id') + idc_id = request.GET.get('id', '') idc = IDC.objects.filter(id=idc_id) if idc: idc = idc[0] @@ -555,16 +595,16 @@ def idc_edit(request): @require_admin def idc_detail(request): + """ IDC详情 """ header_title, path1, path2 = u'IDC详情', u'资产管理', u'IDC详情' login_types = {'L': 'LDAP', 'M': 'MAP'} - idc_id = request.GET.get('id') + idc_id = request.GET.get('id', '') idc_filter = IDC.objects.filter(id=idc_id) if idc_filter: idc = idc_filter[0] else: return httperror(request, '没有此IDC') - dept_id = get_user_dept(request) - dept = DEPT.objects.get(id=dept_id) + dept = get_session_user_info(request)[5] if is_super_user(request): posts = Asset.objects.filter(idc=idc).order_by('ip') elif is_group_admin(request): @@ -576,34 +616,22 @@ def idc_detail(request): @require_super_user def idc_del(request): + """ 删除IDC """ offset = request.GET.get('id', '') - default_idc = IDC.objects.get(id=1) if offset == 'multi': len_list = request.POST.get("len_list") for i in range(int(len_list)): key = "id_list[" + str(i) + "]" - gid = request.POST.get(key) - idc = IDC.objects.filter(id=gid) - if idc: - idc_class = idc.first() - idc_class.asset_set.update(idc=default_idc) - idc.delete() - else: - return httperror(request, '删除失败, 没有这个IDC!') + idc_id = request.POST.get(key) + db_idc_delete(request, idc_id) else: - gid = int(offset) - idc = IDC.objects.filter(id=gid) - if idc: - idc_class = idc.first() - idc_class.asset_set.update(idc=default_idc) - idc.delete() - else: - return httperror(request, '删除失败, 没有这个IDC!') + db_idc_delete(request, int(offset)) return HttpResponseRedirect('/jasset/idc_list/') @require_admin def group_add(request): + """ 添加主机组 """ header_title, path1, path2 = u'添加主机组', u'资产管理', u'添加主机组' if is_super_user(request): posts = Asset.objects.all() @@ -621,7 +649,6 @@ def group_add(request): j_comment = request.POST.get('j_comment', '') try: - print verify(request, asset=j_hosts, edept=[j_dept]), 'hehe' if is_group_admin(request) and not verify(request, asset=j_hosts, edept=[j_dept]): emg = u'添加失败, 您无权操作!' raise RaiseError @@ -646,6 +673,7 @@ def group_add(request): @require_admin def group_list(request): + """ 列出主机组 """ header_title, path1, path2 = u'查看主机组', u'资产管理', u'查看主机组' dept_id = get_user_dept(request) dept = DEPT.objects.get(id=dept_id) @@ -685,6 +713,7 @@ def group_list(request): @require_admin def group_edit(request): + """ 修改主机组 """ header_title, path1, path2 = u'编辑主机组', u'资产管理', u'编辑主机组' group_id = request.GET.get('id', '') group = BisGroup.objects.get(id=group_id) @@ -725,6 +754,7 @@ def group_edit(request): @require_admin def group_detail(request): + """ 主机组详情 """ header_title, path1, path2 = u'主机组详情', u'资产管理', u'主机组详情' login_types = {'L': 'LDAP', 'M': 'MAP'} dept = get_session_user_info(request)[5] @@ -744,6 +774,7 @@ def group_detail(request): @require_admin def group_del_host(request): + """ 主机组中剔除主机, 并不删除真实主机 """ if request.method == 'POST': group_id = request.POST.get('group_id') offset = request.GET.get('id', '') @@ -768,6 +799,7 @@ def group_del_host(request): @require_admin def group_del(request): + """ 删除主机组 """ offset = request.GET.get('id', '') if offset == 'multi': len_list = request.POST.get("len_list") @@ -786,6 +818,7 @@ def group_del(request): def dept_host_ajax(request): + """ 添加主机组时, 部门联动主机异步 """ dept_id = request.GET.get('id', '') if dept_id not in ['1', '2']: dept = DEPT.objects.filter(id=dept_id) @@ -800,26 +833,25 @@ def dept_host_ajax(request): @require_login def host_search(request): + """ 搜索主机 """ keyword = request.GET.get('keyword') login_types = {'L': 'LDAP', 'M': 'MAP'} - dept_id = get_user_dept(request) - dept = DEPT.objects.get(id=dept_id) + dept = get_session_user_info(request)[5] + post_all = Asset.objects.filter(Q(ip__contains=keyword) | + Q(idc__name__contains=keyword) | + Q(bis_group__name__contains=keyword) | + Q(comment__contains=keyword)).distinct().order_by('ip') if is_super_user(request): - posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) | - Q(bis_group__name__contains=keyword) | Q( - comment__contains=keyword)).distinct().order_by('ip') + posts = post_all + elif is_group_admin(request): - posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) | - Q(bis_group__name__contains=keyword) | Q( - comment__contains=keyword)).filter(dept=dept).distinct().order_by('ip') + posts = post_all.filter(dept=dept) + elif is_common_user(request): - user_id = request.session.get('user_id') - username = User.objects.get(id=user_id).name + username = get_session_user_info(request)[2] post_perm = user_perm_asset_api(username) - post_all = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) | - Q(bis_group__name__contains=keyword) | Q(comment__contains=keyword)) \ - .distinct().order_by('ip') posts = list(set(post_all) & set(post_perm)) + contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) return render_to_response('jasset/host_search.html', locals(), context_instance=RequestContext(request)) \ No newline at end of file diff --git a/jlog/views.py b/jlog/views.py index ae84131e4..cabc15351 100644 --- a/jlog/views.py +++ b/jlog/views.py @@ -21,6 +21,7 @@ CONF.read('%s/jumpserver.conf' % BASE_DIR) def get_user_info(request, offset): + """ 获取用户信息及环境 """ env_dic = {'online': 0, 'offline': 1} env = env_dic[offset] keyword = request.GET.get('keyword', '') @@ -33,32 +34,37 @@ def get_user_info(request, offset): def get_user_log(ret_list): + """ 获取不同类型用户日志记录 """ request, keyword, env, username, dept_name = ret_list + post_all = Log.objects.filter(is_finished=env).order_by('-start_time') + post_keyword_all = Log.objects.filter(Q(user__contains=keyword) | + Q(host__contains=keyword)) \ + .filter(is_finished=env).order_by('-start_time') + if is_super_user(request): if keyword: - posts = Log.objects.filter(Q(user__contains=keyword) | Q(host__contains=keyword)) \ - .filter(is_finished=env).order_by('-start_time') + posts = post_keyword_all else: - posts = Log.objects.filter(is_finished=env).order_by('-start_time') + posts = post_all elif is_group_admin(request): if keyword: - posts = Log.objects.filter(Q(user__contains=keyword) | Q(host__contains=keyword)) \ - .filter(is_finished=env).filter(dept_name=dept_name).order_by('-start_time') + posts = post_keyword_all.filter(dept_name=dept_name) else: - posts = Log.objects.filter(is_finished=env).filter(dept_name=dept_name).order_by('-start_time') + posts = post_all.filter(dept_name=dept_name) elif is_common_user(request): if keyword: - posts = Log.objects.filter(user=username).filter(Q(user__contains=keyword) | Q(host__contains=keyword))\ - .filter(is_finished=env).order_by('-start_time') + posts = post_keyword_all.filter(user=username) else: - posts = Log.objects.filter(is_finished=env).filter(user=username).order_by('-start_time') + posts = post_all.filter(user=username) + return posts @require_login def log_list(request, offset): + """ 显示日志 """ header_title, path1, path2 = u'查看日志', u'查看日志', u'在线用户' keyword = request.GET.get('keyword', '') web_socket_host = CONF.get('websocket', 'web_socket_host') @@ -70,6 +76,7 @@ def log_list(request, offset): @require_admin def log_kill(request): + """ 杀掉connect进程 """ pid = request.GET.get('id', '') log = Log.objects.filter(pid=pid) if log: @@ -85,6 +92,7 @@ def log_kill(request): @require_login def log_history(request): + """ 命令历史记录 """ log_id = request.GET.get('id', 0) log = Log.objects.filter(id=int(log_id)) if log: @@ -108,6 +116,7 @@ def log_history(request): @require_login def log_search(request): + """ 日志搜索 """ offset = request.GET.get('env', '') keyword = request.GET.get('keyword', '') posts = get_user_log(get_user_info(request, offset)) diff --git a/jperm/views.py b/jperm/views.py index 57f2aaadd..38f4b80ee 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -1,5 +1,6 @@ # coding: utf-8 import sys + reload(sys) sys.setdefaultencoding('utf8') @@ -182,6 +183,7 @@ def perm_edit_adm(request): return HttpResponseRedirect('/jperm/perm_list/') return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request)) + @require_admin def perm_detail(request): header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权详情' @@ -225,7 +227,7 @@ def perm_asset_detail(request): # def sudo_db_add(name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment): -# user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ +# user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ # user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) # # sudo_perm = SudoPerm(name=name, user_runas=user_runas, comment=comment) @@ -241,7 +243,6 @@ def unicode2str(unicode_list): def sudo_ldap_add(user_group, user_runas, asset_groups_select, cmd_groups_select): - if not LDAP_ENABLE: return True @@ -479,6 +480,7 @@ def sudo_refresh(request): sudo_ldap_add(user_group, user_runas, asset_groups_select, cmd_groups_select) return HttpResponse('ok') + # @require_admin # def sudo_detail(request): # header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情' @@ -669,15 +671,19 @@ def cmd_detail(request): @require_login def perm_apply(request): + """ 权限申请 """ header_title, path1, path2 = u'主机权限申请', u'权限管理', u'申请主机' user_id, username = get_session_user_info(request)[0:2] dept_id, deptname, dept = get_session_user_info(request)[3:6] perm_host = user_perm_asset_api(username) all_host = Asset.objects.filter(dept=dept) + perm_group = user_perm_group_api(username) all_group = dept.bisgroup_set.all() + posts = [g for g in all_host if g not in perm_host] egroup = [d for d in all_group if d not in perm_group] + dept_da = User.objects.filter(dept_id=dept_id, role='DA') if request.method == 'POST': @@ -693,7 +699,8 @@ def perm_apply(request): group_lis = ', '.join(group) hosts_lis = ', '.join(hosts) time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') - a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment) + a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), + asset=hosts, status=0, comment=comment) uuid = a.uuid url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid) mail_msg = """ @@ -710,13 +717,14 @@ def perm_apply(request): """ % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url) send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False) - smg = "提交成功,已发邮件通知部门管理员。" + smg = "提交成功,已发邮件至 %s 通知部门管理员。" % mail_address return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) @require_admin def perm_apply_exec(request): + """ 确认权限 """ header_title, path1, path2 = u'主机权限申请', u'权限管理', u'审批完成' uuid = request.GET.get('uuid') user_id = request.session.get('user_id') @@ -737,7 +745,7 @@ def perm_apply_exec(request): Hi,%s: 您所申请的权限已由 %s 在 %s 审批完成, 请登录验证。 """ % (q_apply.applyer, q_apply.approver, time_now) - send_mail(mail_title, mail_msg, 'jkfunshion@fun.tv', [mail_address], fail_silently=False) + send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False) smg = '授权完成, 已邮件通知申请人, 十秒钟后返回首页' return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request)) else: @@ -746,37 +754,38 @@ def perm_apply_exec(request): def get_apply_posts(request, status, username, dept_name, keyword=None): + """ 获取申请记录 """ + post_all = Apply.objects.filter(status=status).order_by('-date_add') + post_keyword_all = Apply.objects.filter(Q(applyer__contains=keyword) | + Q(approver__contains=keyword)) \ + .filter(status=status).order_by('-date_add') + if is_super_user(request): if keyword: - posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \ - .filter(status=status).order_by('-date_add') + posts = post_keyword_all else: - posts = Apply.objects.filter(status=status).order_by('-date_add') - + posts = post_all elif is_group_admin(request): if keyword: - posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \ - .filter(status=status).filter(dept=dept_name).order_by('-date_add') + posts = post_keyword_all.filter(dept=dept_name) else: - posts = Apply.objects.filter(status=status).filter(dept=dept_name).order_by('-date_add') - + posts = post_all.filter(dept=dept_name) elif is_common_user(request): if keyword: - posts = Apply.objects.filter(applyer=username).filter(status=status).filter(Q(applyer__contains=keyword) | - Q(asset__contains=keyword)).order_by('-date_add') + posts = post_keyword_all.filter(user=username) else: - posts = Apply.objects.filter(applyer=username).filter(status=status).order_by('-date_add') + posts = post_all.filter(user=username) + return posts @require_login def perm_apply_log(request, offset): + """ 申请记录 """ header_title, path1, path2 = u'权限申请记录', u'权限管理', u'申请记录' - keyword = request.GET.get('keyword') - dept_id = get_user_dept(request) - dept_name = DEPT.objects.get(id=dept_id).name - user_id = request.session.get('user_id') - username = User.objects.get(id=user_id).username + keyword = request.GET.get('keyword', '') + username = get_session_user_info(request)[1] + dept_name = get_session_user_info(request)[4] status_dic = {'online': 0, 'offline': 1} status = status_dic[offset] posts = get_apply_posts(request, status, username, dept_name, keyword) @@ -786,6 +795,7 @@ def perm_apply_log(request, offset): @require_login def perm_apply_info(request): + """ 申请信息详情 """ uuid = request.GET.get('uuid') post = Apply.objects.get(uuid=uuid) return render_to_response('jperm/perm_apply_info.html', locals(), context_instance=RequestContext(request)) @@ -793,6 +803,7 @@ def perm_apply_info(request): @require_admin def perm_apply_del(request): + """ 删除日志记录 """ uuid = request.GET.get('uuid') u_apply = Apply.objects.filter(uuid=uuid) if u_apply: @@ -802,12 +813,11 @@ def perm_apply_del(request): @require_login def perm_apply_search(request): + """ 申请搜索 """ keyword = request.GET.get('keyword') offset = request.GET.get('env') - dept_id = get_user_dept(request) - dept_name = DEPT.objects.get(id=dept_id).name - user_id = request.session.get('user_id') - username = User.objects.get(id=user_id).username + username = get_session_user_info(request)[1] + dept_name = get_session_user_info(request)[3] status_dic = {'online': 0, 'offline': 1} status = status_dic[offset] posts = get_apply_posts(request, status, username, dept_name, keyword) diff --git a/jumpserver/views.py b/jumpserver/views.py index ec012bcb6..a214f8d2c 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -66,19 +66,36 @@ def index_cu(request): return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request)) -@require_admin -def admin_index(request): - user_id = request.session.get('user_id', '') - user = User.objects.get(id=user_id) - dept = user.dept - dept_name = user.dept.name - users = User.objects.filter(dept=dept) - hosts = Asset.objects.filter(dept=dept) - online = Log.objects.filter(dept_name=dept_name, is_finished=0) - online_host = online.values('host').distinct() - online_user = online.values('user').distinct() - active_users = users.filter(is_active=1) - active_hosts = hosts.filter(is_active=1) +@require_login +def index(request): + li_date, li_str = getDaysByNum(7) + today = datetime.datetime.now().day + from_week = datetime.datetime.now() - datetime.timedelta(days=7) + + if is_common_user(request): + return index_cu(request) + + elif is_super_user(request): + users = User.objects.all() + hosts = Asset.objects.all() + online = Log.objects.filter(is_finished=0) + online_host = online.values('host').distinct() + online_user = online.values('user').distinct() + active_users = User.objects.filter(is_active=1) + active_hosts = Asset.objects.filter(is_active=1) + week_data = Log.objects.filter(start_time__range=[from_week, datetime.datetime.now()]) + + elif is_group_admin(request): + user = get_session_user_info(request)[2] + dept_name, dept = get_session_user_info(request)[4:] + users = User.objects.filter(dept=dept) + hosts = Asset.objects.filter(dept=dept) + online = Log.objects.filter(dept_name=dept_name, is_finished=0) + online_host = online.values('host').distinct() + online_user = online.values('user').distinct() + active_users = users.filter(is_active=1) + active_hosts = hosts.filter(is_active=1) + week_data = Log.objects.filter(dept_name=dept_name, start_time__range=[from_week, datetime.datetime.now()]) # percent of dashboard if users.count() == 0: @@ -92,10 +109,6 @@ def admin_index(request): percent_host = format(active_hosts.count() / hosts.count(), '.0%') percent_online_host = format(online_host.count() / hosts.count(), '.0%') - li_date, li_str = getDaysByNum(7) - today = datetime.datetime.now().day - from_week = datetime.datetime.now() - datetime.timedelta(days=7) - week_data = Log.objects.filter(dept_name=dept_name, start_time__range=[from_week, datetime.datetime.now()]) user_top_ten = week_data.values('user').annotate(times=Count('user')).order_by('-times')[:10] host_top_ten = week_data.values('host').annotate(times=Count('host')).order_by('-times')[:10] user_dic, host_dic = get_data(week_data, user_top_ten, 'user'), get_data(week_data, host_top_ten, 'host') @@ -119,78 +132,6 @@ def admin_index(request): username = user_info.get('user') last = Log.objects.filter(user=username).latest('start_time') user_info['last'] = last - print user_top_ten - - top = {'user': '活跃用户数', 'host': '活跃主机数', 'times': '登录次数'} - top_dic = {} - for key, value in top.items(): - li = [] - for t in li_date: - year, month, day = t.year, t.month, t.day - if key != 'times': - times = week_data.filter(start_time__year=year, start_time__month=month, start_time__day=day).values(key).distinct().count() - else: - times = week_data.filter(start_time__year=year, start_time__month=month, start_time__day=day).count() - li.append(times) - top_dic[value] = li - return render_to_response('index.html', locals(), context_instance=RequestContext(request)) - - -@require_login -def index(request): - if is_common_user(request): - return index_cu(request) - - if is_group_admin(request): - return admin_index(request) - users = User.objects.all() - hosts = Asset.objects.all() - online = Log.objects.filter(is_finished=0) - online_host = online.values('host').distinct() - online_user = online.values('user').distinct() - active_users = User.objects.filter(is_active=1) - active_hosts = Asset.objects.filter(is_active=1) - - # percent of dashboard - if users.count() == 0: - percent_user, percent_online_user = '0%', '0%' - else: - percent_user = format(active_users.count() / users.count(), '.0%') - percent_online_user = format(online_user.count() / users.count(), '.0%') - if hosts.count() == 0: - percent_host, percent_online_host = '0%', '0%' - else: - percent_host = format(active_hosts.count() / hosts.count(), '.0%') - percent_online_host = format(online_host.count() / hosts.count(), '.0%') - - li_date, li_str = getDaysByNum(7) - today = datetime.datetime.now().day - from_week = datetime.datetime.now() - datetime.timedelta(days=7) - week_data = Log.objects.filter(start_time__range=[from_week, datetime.datetime.now()]) - user_top_ten = week_data.values('user').annotate(times=Count('user')).order_by('-times')[:10] - host_top_ten = week_data.values('host').annotate(times=Count('host')).order_by('-times')[:10] - user_dic, host_dic = get_data(week_data, user_top_ten, 'user'), get_data(week_data, host_top_ten, 'host') - - # a week data - week_users = week_data.values('user').distinct().count() - week_hosts = week_data.count() - - user_top_five = week_data.values('user').annotate(times=Count('user')).order_by('-times')[:5] - color = ['label-success', 'label-info', 'label-primary', 'label-default', 'label-warnning'] - - # perm apply latest 10 - perm_apply_10 = Apply.objects.order_by('-date_add')[:10] - login_more_10 = Log.objects.order_by('-start_time')[10:20] - - # latest 10 login - login_10 = Log.objects.order_by('-start_time')[:10] - - # a week top 10 - for user_info in user_top_ten: - username = user_info.get('user') - last = Log.objects.filter(user=username).latest('start_time') - user_info['last'] = last - print user_top_ten top = {'user': '活跃用户数', 'host': '活跃主机数', 'times': '登录次数'} top_dic = {} diff --git a/templates/jasset/group_edit.html b/templates/jasset/group_edit.html index 5b1f2ba27..c52dbaab6 100644 --- a/templates/jasset/group_edit.html +++ b/templates/jasset/group_edit.html @@ -53,8 +53,6 @@
-
diff --git a/templates/nav.html b/templates/nav.html index c3533cb44..fc9e46e19 100644 --- a/templates/nav.html +++ b/templates/nav.html @@ -5,12 +5,6 @@ {% include 'nav_li_profile.html' %}
  • 仪表盘 -
  • 用户管理 @@ -51,13 +45,6 @@
  • 权限审批
    • -{#
  • #} -{# 日志审计#} -{# #} -{#
    • #}
  • 日志审计
    • @@ -76,12 +63,6 @@ {% include 'nav_li_profile.html' %}
  • 仪表盘 -
  • 用户管理