github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

优化

pull/6/head
halcyon 2015-04-16 19:03:02 +08:00
parent 75c8e44575
commit a269c43d1c
6 changed files with 202 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
jasset/views.py
View File

@ -24,6 +24,7 @@ def httperror(request, emg):
def get_host_groups(groups):
""" 获取主机所属的组类 """
ret = []
for group_id in groups:
group = BisGroup.objects.filter(id=group_id)
@ -34,6 +35,7 @@ def get_host_groups(groups):
def get_host_depts(depts):
""" 获取主机所属的部门类 """
ret = []
for dept_id in depts:
dept = DEPT.objects.filter(id=dept_id)
@ -43,8 +45,9 @@ def get_host_depts(depts):
return ret
def db_host_insert(ip, port, idc, jtype, group, dept, active, comment, username='', password=''):
def db_host_insert(host_info, username='', password=''):
""" 添加主机时数据库操作函数 """
ip, port, idc, jtype, group, dept, active, comment = host_info
idc = IDC.objects.filter(id=idc)
if idc:
idc = idc[0]
@ -74,8 +77,9 @@ def db_host_insert(ip, port, idc, jtype, group, dept, active, comment, username=
a.save()
def db_host_update(ip, port, idc, jtype, group, dept, active, comment, host, username='', password=''):
def db_host_update(host_info, username='', password=''):
""" 修改主机时数据库操作函数 """
ip, port, idc, jtype, group, dept, active, comment, host = host_info
idc = IDC.objects.filter(id=idc)
if idc:
idc = idc[0]
@ -89,10 +93,8 @@ def db_host_update(ip, port, idc, jtype, group, dept, active, comment, host, use
host.comment = comment
if jtype == 'M':
print password, host.password
if password != host.password:
password = cryptor.encrypt(password)
print password
host.password = password
host.username = username
host.password = password
@ -102,8 +104,9 @@ def db_host_update(ip, port, idc, jtype, group, dept, active, comment, host, use
host.save()
def batch_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment, j_user='', j_password=''):
def batch_host_edit(host_info, j_user='', j_password=''):
""" 批量修改主机函数 """
j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment = host_info
groups, depts = [], []
is_active = {u'': '1', u'': '2'}
login_types = {'LDAP': 'L', 'MAP': 'M'}
@ -140,8 +143,37 @@ def batch_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active
a.save()
def db_host_delete(request, host_id):
""" 删除主机操作 """
if is_group_admin(request) and not validate(request, asset=[host_id]):
return httperror(request, '删除失败, 您无权删除!')
asset = Asset.objects.filter(id=host_id)
if asset:
asset.delete()
else:
return httperror(request, '删除失败, 没有此主机!')
def db_idc_delete(request, idc_id):
""" IDC删除操作数据库函数 """
if idc_id == 1:
return httperror(request, '删除失败, 默认IDC不能删除!')
default_idc = IDC.objects.get(id=1)
idc = IDC.objects.filter(id=idc_id)
if idc:
idc_class = idc.first()
idc_class.asset_set.update(idc=default_idc)
idc.delete()
else:
return httperror(request, '删除失败, 没有这个IDC!')
@require_admin
def host_add(request):
""" 添加主机 """
header_title, path1, path2 = u'添加主机', u'资产管理', u'添加主机'
login_types = {'L': 'LDAP', 'M': 'MAP'}
eidc = IDC.objects.exclude(name='ALL')
@ -161,20 +193,20 @@ def host_add(request):
j_active = request.POST.get('j_active')
j_comment = request.POST.get('j_comment')
j_dept = request.POST.getlist('j_dept')
host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment]
if is_group_admin(request) and not verify(request, asset_group=j_group, edept=j_dept):
emg = u'添加失败,您无权操作!'
return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request))
return httperror(request, u'添加失败,您无权操作!')
if Asset.objects.filter(ip=str(j_ip)):
emg = u'该IP %s 已存在!' % j_ip
return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request))
if j_type == 'M':
j_user = request.POST.get('j_user')
j_password = request.POST.get('j_password', '')
db_host_insert(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password)
db_host_insert(host_info, j_user, j_password)
else:
db_host_insert(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment)
db_host_insert(host_info)
smg = u'主机 %s 添加成功' % j_ip
return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request))
@ -182,13 +214,13 @@ def host_add(request):
@require_admin
def host_add_batch(request):
""" 批量添加主机 """
header_title, path1, path2 = u'批量添加主机', u'资产管理', u'批量添加主机'
login_types = {'LDAP': 'L', 'MAP': 'M'}
active_types = {'激活': 1, '禁用': 0}
dept_id = get_user_dept(request)
if request.method == 'POST':
multi_hosts = request.POST.get('j_multi').split('\n')
print multi_hosts
for host in multi_hosts:
if host == '':
break
@ -201,34 +233,34 @@ def host_add_batch(request):
idc = IDC.objects.filter(name=j_idc)
if idc:
j_idc = idc[0].id
else:
return httperror(request, '添加失败, 没有%s这个IDC' % j_idc)
group_ids, dept_ids = [], []
for group_name in j_group:
group = BisGroup.objects.filter(name=group_name)
if group:
group_id = group[0].id
else:
return httperror(request, '添加失败, 没有%s这个主机组' % group_name)
group_ids.append(group_id)
for dept_name in j_dept:
dept = DEPT.objects.filter(name=dept_name)
if dept:
dept_id = dept[0].id
else:
return httperror(request, '添加失败, 没有%s这个部门' % dept_name)
dept_ids.append(dept_id)
if is_group_admin(request) and not verify(request, asset_group=group_ids, edept=dept_ids):
return httperror(request, '添加失败, 您无权添加!')
return httperror(request, '添加失败, 没有%s这个主机组' % group_name)
if Asset.objects.filter(ip=str(j_ip)):
emg = u'该IP %s 已存在!' % j_ip
return render_to_response('jasset/host_add_multi.html', locals(),
context_instance=RequestContext(request))
return httperror(request, '添加失败, 改IP%s已存在' % j_ip)
# if j_type == 'M':
# j_user = request.POST.get('j_user')
# j_password = request.POST.get('j_password')
# db_host_insert(j_ip, j_port, j_idc, j_type, group_ids, dept_ids, j_active, j_comment)
# else:
db_host_insert(j_ip, j_port, j_idc, j_type, group_ids, dept_ids, j_active, j_comment)
host_info = [j_ip, j_port, j_idc, j_type, group_ids, dept_ids, j_active, j_comment]
db_host_insert(host_info)
smg = u'批量添加添加成功'
return render_to_response('jasset/host_add_multi.html', locals(), context_instance=RequestContext(request))
@ -238,6 +270,7 @@ def host_add_batch(request):
@require_admin
def host_edit_batch(request):
""" 批量修改主机 """
if request.method == 'POST':
len_table = request.POST.get('len_table')
for i in range(int(len_table)):
@ -261,14 +294,16 @@ def host_edit_batch(request):
j_active = request.POST.get(j_active).strip()
j_comment = request.POST.get(j_comment).strip()
batch_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment)
host_info = [j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment]
batch_host_edit(host_info)
return render_to_response('jasset/host_list.html')
@require_login
def host_edit_common_batch(request):
user_id = request.session.get('user_id', '')
""" 普通用户批量修改主机别名 """
user_id = get_session_user_info(request)[0]
u = User.objects.get(id=user_id)
if request.method == 'POST':
len_table = request.POST.get('len_table')
@ -290,13 +325,20 @@ def host_edit_common_batch(request):
@require_login
def host_list(request):
""" 列出主机 """
header_title, path1, path2 = u'查看主机', u'资产管理', u'查看主机'
keyword = request.GET.get('keyword', '')
dept_id = get_user_dept(request)
dept_id = get_session_user_info(request)[3]
dept = DEPT.objects.get(id=dept_id)
did = request.GET.get('did', '')
gid = request.GET.get('gid', '')
sid = request.GET.get('sid', '')
post_all = Asset.objects.all().order_by('ip')
post_keyword_all = Asset.objects.filter(Q(ip__contains=keyword) |
Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) |
Q(comment__contains=keyword)).distinct().order_by('ip')
if did:
dept = DEPT.objects.get(id=did)
posts = dept.asset_set.all()
@ -325,28 +367,23 @@ def host_list(request):
else:
if is_super_user(request):
if keyword:
posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) | Q(
comment__contains=keyword)).distinct().order_by('ip')
posts = post_keyword_all
else:
posts = Asset.objects.all().order_by('ip')
posts = post_all
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/host_list.html', locals(), context_instance=RequestContext(request))
elif is_group_admin(request):
if keyword:
posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) | Q(
comment__contains=keyword)).filter(dept=dept).distinct().order_by('ip')
posts = post_keyword_all.filter(dept=dept)
else:
posts = Asset.objects.all().filter(dept=dept).order_by('ip')
posts = post_all.filter(dept=dept)
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/host_list.html', locals(), context_instance=RequestContext(request))
elif is_common_user(request):
user_id = get_session_user_info(request)[0]
username = get_session_user_info(request)[1]
user_id, username = get_session_user_info(request)[0:2]
posts = user_perm_asset_api(username)
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/host_list_common.html', locals(),
@ -355,28 +392,23 @@ def host_list(request):
@require_admin
def host_del(request, offset):
""" 删除主机 """
if offset == 'multi':
len_list = request.POST.get("len_list")
for i in range(int(len_list)):
key = "id_list[" + str(i) + "]"
jid = request.POST.get(key)
if is_group_admin(request) and not validate(request, asset=[jid]):
return HttpResponseRedirect('/jasset/host_list/')
a = Asset.objects.get(id=jid).ip
Asset.objects.filter(id=jid).delete()
BisGroup.objects.filter(name=a).delete()
host_id = request.POST.get(key)
db_host_delete(request, host_id)
else:
jid = int(offset)
if is_group_admin(request) and not validate(request, asset=[jid]):
return HttpResponseRedirect('/jasset/host_list/')
a = Asset.objects.get(id=jid).ip
BisGroup.objects.filter(name=a).delete()
Asset.objects.filter(id=jid).delete()
host_id = int(offset)
db_host_delete(request, host_id)
return HttpResponseRedirect('/jasset/host_list/')
@require_super_user
def host_edit(request):
""" 修改主机 """
header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机'
actives = {1: u'激活', 0: u'禁用'}
login_types = {'L': 'LDAP', 'M': 'MAP'}
@ -403,12 +435,13 @@ def host_edit(request):
j_active = request.POST.get('j_active', '')
j_comment = request.POST.get('j_comment', '')
host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment]
if j_type == 'M':
j_user = request.POST.get('j_user')
j_password = request.POST.get('j_password')
db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, post, j_password, post)
db_host_update(host_info, j_user, j_password, post)
else:
db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, post)
db_host_update(host_info, post)
smg = u'主机 %s 修改成功' % j_ip
return HttpResponseRedirect('/jasset/host_detail/?id=%s' % host_id)
@ -418,6 +451,7 @@ def host_edit(request):
@require_admin
def host_edit_adm(request):
""" 部门管理员修改主机 """
header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机'
actives = {1: u'激活', 0: u'禁用'}
login_types = {'L': 'LDAP', 'M': 'MAP'}
@ -443,6 +477,8 @@ def host_edit_adm(request):
j_active = request.POST.get('j_active')
j_comment = request.POST.get('j_comment')
host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment]
if not verify(request, asset_group=j_group, edept=j_dept):
emg = u'修改失败,您无权操作!'
return render_to_response('jasset/host_edit.html', locals(), context_instance=RequestContext(request))
@ -450,9 +486,9 @@ def host_edit_adm(request):
if j_type == 'M':
j_user = request.POST.get('j_user')
j_password = request.POST.get('j_password')
db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, post, j_user, j_password)
db_host_update(host_info, j_user, j_password, post)
else:
db_host_update(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, post)
db_host_update(host_info, post)
smg = u'主机 %s 修改成功' % j_ip
return HttpResponseRedirect('/jasset/host_detail/?id=%s' % host_id)
@ -462,6 +498,7 @@ def host_edit_adm(request):
@require_login
def host_detail(request):
""" 主机详情 """
header_title, path1, path2 = u'主机详细信息', u'资产管理', u'主机详情'
host_id = request.GET.get('id', '')
post = Asset.objects.filter(id=host_id)
@ -487,6 +524,7 @@ def host_detail(request):
@require_super_user
def idc_add(request):
""" 添加IDC """
header_title, path1, path2 = u'添加IDC', u'资产管理', u'添加IDC'
if request.method == 'POST':
j_idc = request.POST.get('j_idc')
@ -503,6 +541,7 @@ def idc_add(request):
@require_admin
def idc_list(request):
""" 列出IDC """
header_title, path1, path2 = u'查看IDC', u'资产管理', u'查看IDC'
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
@ -517,8 +556,9 @@ def idc_list(request):
@require_super_user
def idc_edit(request):
""" 修改IDC """
header_title, path1, path2 = u'编辑IDC', u'资产管理', u'编辑IDC'
idc_id = request.GET.get('id')
idc_id = request.GET.get('id', '')
idc = IDC.objects.filter(id=idc_id)
if idc:
idc = idc[0]
@ -555,16 +595,16 @@ def idc_edit(request):
@require_admin
def idc_detail(request):
""" IDC详情 """
header_title, path1, path2 = u'IDC详情', u'资产管理', u'IDC详情'
login_types = {'L': 'LDAP', 'M': 'MAP'}
idc_id = request.GET.get('id')
idc_id = request.GET.get('id', '')
idc_filter = IDC.objects.filter(id=idc_id)
if idc_filter:
idc = idc_filter[0]
else:
return httperror(request, '没有此IDC')
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
dept = get_session_user_info(request)[5]
if is_super_user(request):
posts = Asset.objects.filter(idc=idc).order_by('ip')
elif is_group_admin(request):
@ -576,34 +616,22 @@ def idc_detail(request):
@require_super_user
def idc_del(request):
""" 删除IDC """
offset = request.GET.get('id', '')
default_idc = IDC.objects.get(id=1)
if offset == 'multi':
len_list = request.POST.get("len_list")
for i in range(int(len_list)):
key = "id_list[" + str(i) + "]"
gid = request.POST.get(key)
idc = IDC.objects.filter(id=gid)
if idc:
idc_class = idc.first()
idc_class.asset_set.update(idc=default_idc)
idc.delete()
else:
return httperror(request, '删除失败, 没有这个IDC!')
idc_id = request.POST.get(key)
db_idc_delete(request, idc_id)
else:
gid = int(offset)
idc = IDC.objects.filter(id=gid)
if idc:
idc_class = idc.first()
idc_class.asset_set.update(idc=default_idc)
idc.delete()
else:
return httperror(request, '删除失败, 没有这个IDC!')
db_idc_delete(request, int(offset))
return HttpResponseRedirect('/jasset/idc_list/')
@require_admin
def group_add(request):
""" 添加主机组 """
header_title, path1, path2 = u'添加主机组', u'资产管理', u'添加主机组'
if is_super_user(request):
posts = Asset.objects.all()
@ -621,7 +649,6 @@ def group_add(request):
j_comment = request.POST.get('j_comment', '')
try:
print verify(request, asset=j_hosts, edept=[j_dept]), 'hehe'
if is_group_admin(request) and not verify(request, asset=j_hosts, edept=[j_dept]):
emg = u'添加失败, 您无权操作!'
raise RaiseError
@ -646,6 +673,7 @@ def group_add(request):
@require_admin
def group_list(request):
""" 列出主机组 """
header_title, path1, path2 = u'查看主机组', u'资产管理', u'查看主机组'
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
@ -685,6 +713,7 @@ def group_list(request):
@require_admin
def group_edit(request):
""" 修改主机组 """
header_title, path1, path2 = u'编辑主机组', u'资产管理', u'编辑主机组'
group_id = request.GET.get('id', '')
group = BisGroup.objects.get(id=group_id)
@ -725,6 +754,7 @@ def group_edit(request):
@require_admin
def group_detail(request):
""" 主机组详情 """
header_title, path1, path2 = u'主机组详情', u'资产管理', u'主机组详情'
login_types = {'L': 'LDAP', 'M': 'MAP'}
dept = get_session_user_info(request)[5]
@ -744,6 +774,7 @@ def group_detail(request):
@require_admin
def group_del_host(request):
""" 主机组中剔除主机, 并不删除真实主机 """
if request.method == 'POST':
group_id = request.POST.get('group_id')
offset = request.GET.get('id', '')
@ -768,6 +799,7 @@ def group_del_host(request):
@require_admin
def group_del(request):
""" 删除主机组 """
offset = request.GET.get('id', '')
if offset == 'multi':
len_list = request.POST.get("len_list")
@ -786,6 +818,7 @@ def group_del(request):
def dept_host_ajax(request):
""" 添加主机组时, 部门联动主机异步 """
dept_id = request.GET.get('id', '')
if dept_id not in ['1', '2']:
dept = DEPT.objects.filter(id=dept_id)
@ -800,26 +833,25 @@ def dept_host_ajax(request):
@require_login
def host_search(request):
""" 搜索主机 """
keyword = request.GET.get('keyword')
login_types = {'L': 'LDAP', 'M': 'MAP'}
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
dept = get_session_user_info(request)[5]
post_all = Asset.objects.filter(Q(ip__contains=keyword) |
Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) |
Q(comment__contains=keyword)).distinct().order_by('ip')
if is_super_user(request):
posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) | Q(
comment__contains=keyword)).distinct().order_by('ip')
posts = post_all
elif is_group_admin(request):
posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) | Q(
comment__contains=keyword)).filter(dept=dept).distinct().order_by('ip')
posts = post_all.filter(dept=dept)
elif is_common_user(request):
user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).name
username = get_session_user_info(request)[2]
post_perm = user_perm_asset_api(username)
post_all = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) | Q(comment__contains=keyword)) \
.distinct().order_by('ip')
posts = list(set(post_all) & set(post_perm))
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/host_search.html', locals(), context_instance=RequestContext(request))

27
jlog/views.py
View File

@ -21,6 +21,7 @@ CONF.read('%s/jumpserver.conf' % BASE_DIR)
def get_user_info(request, offset):
""" 获取用户信息及环境 """
env_dic = {'online': 0, 'offline': 1}
env = env_dic[offset]
keyword = request.GET.get('keyword', '')
@ -33,32 +34,37 @@ def get_user_info(request, offset):
def get_user_log(ret_list):
""" 获取不同类型用户日志记录 """
request, keyword, env, username, dept_name = ret_list
post_all = Log.objects.filter(is_finished=env).order_by('-start_time')
post_keyword_all = Log.objects.filter(Q(user__contains=keyword) |
Q(host__contains=keyword)) \
.filter(is_finished=env).order_by('-start_time')
if is_super_user(request):
if keyword:
posts = Log.objects.filter(Q(user__contains=keyword) | Q(host__contains=keyword)) \
.filter(is_finished=env).order_by('-start_time')
posts = post_keyword_all
else:
posts = Log.objects.filter(is_finished=env).order_by('-start_time')
posts = post_all
elif is_group_admin(request):
if keyword:
posts = Log.objects.filter(Q(user__contains=keyword) | Q(host__contains=keyword)) \
.filter(is_finished=env).filter(dept_name=dept_name).order_by('-start_time')
posts = post_keyword_all.filter(dept_name=dept_name)
else:
posts = Log.objects.filter(is_finished=env).filter(dept_name=dept_name).order_by('-start_time')
posts = post_all.filter(dept_name=dept_name)
elif is_common_user(request):
if keyword:
posts = Log.objects.filter(user=username).filter(Q(user__contains=keyword) | Q(host__contains=keyword))\
.filter(is_finished=env).order_by('-start_time')
posts = post_keyword_all.filter(user=username)
else:
posts = Log.objects.filter(is_finished=env).filter(user=username).order_by('-start_time')
posts = post_all.filter(user=username)
return posts
@require_login
def log_list(request, offset):
""" 显示日志 """
header_title, path1, path2 = u'查看日志', u'查看日志', u'在线用户'
keyword = request.GET.get('keyword', '')
web_socket_host = CONF.get('websocket', 'web_socket_host')
@ -70,6 +76,7 @@ def log_list(request, offset):
@require_admin
def log_kill(request):
""" 杀掉connect进程 """
pid = request.GET.get('id', '')
log = Log.objects.filter(pid=pid)
if log:
@ -85,6 +92,7 @@ def log_kill(request):
@require_login
def log_history(request):
""" 命令历史记录 """
log_id = request.GET.get('id', 0)
log = Log.objects.filter(id=int(log_id))
if log:
@ -108,6 +116,7 @@ def log_history(request):
@require_login
def log_search(request):
""" 日志搜索 """
offset = request.GET.get('env', '')
keyword = request.GET.get('keyword', '')
posts = get_user_log(get_user_info(request, offset))

60
jperm/views.py
View File

@ -1,5 +1,6 @@
# coding: utf-8
import sys
reload(sys)
sys.setdefaultencoding('utf8')
@ -182,6 +183,7 @@ def perm_edit_adm(request):
return HttpResponseRedirect('/jperm/perm_list/')
return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_detail(request):
header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权详情'
@ -225,7 +227,7 @@ def perm_asset_detail(request):
# def sudo_db_add(name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment):
# user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
# user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
# user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
#
# sudo_perm = SudoPerm(name=name, user_runas=user_runas, comment=comment)
@ -241,7 +243,6 @@ def unicode2str(unicode_list):
def sudo_ldap_add(user_group, user_runas, asset_groups_select,
cmd_groups_select):
if not LDAP_ENABLE:
return True
@ -479,6 +480,7 @@ def sudo_refresh(request):
sudo_ldap_add(user_group, user_runas, asset_groups_select, cmd_groups_select)
return HttpResponse('ok')
# @require_admin
# def sudo_detail(request):
# header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情'
@ -669,15 +671,19 @@ def cmd_detail(request):
@require_login
def perm_apply(request):
""" 权限申请 """
header_title, path1, path2 = u'主机权限申请', u'权限管理', u'申请主机'
user_id, username = get_session_user_info(request)[0:2]
dept_id, deptname, dept = get_session_user_info(request)[3:6]
perm_host = user_perm_asset_api(username)
all_host = Asset.objects.filter(dept=dept)
perm_group = user_perm_group_api(username)
all_group = dept.bisgroup_set.all()
posts = [g for g in all_host if g not in perm_host]
egroup = [d for d in all_group if d not in perm_group]
dept_da = User.objects.filter(dept_id=dept_id, role='DA')
if request.method == 'POST':
@ -693,7 +699,8 @@ def perm_apply(request):
group_lis = ', '.join(group)
hosts_lis = ', '.join(hosts)
time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment)
a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(),
asset=hosts, status=0, comment=comment)
uuid = a.uuid
url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid)
mail_msg = """
@ -710,13 +717,14 @@ def perm_apply(request):
""" % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url)
send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
smg = "提交成功,已发邮件通知部门管理员。"
smg = "提交成功,已发邮件%s 通知部门管理员。" % mail_address
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_apply_exec(request):
""" 确认权限 """
header_title, path1, path2 = u'主机权限申请', u'权限管理', u'审批完成'
uuid = request.GET.get('uuid')
user_id = request.session.get('user_id')
@ -737,7 +745,7 @@ def perm_apply_exec(request):
Hi,%s:
您所申请的权限已由 %s %s 审批完成, 请登录验证
""" % (q_apply.applyer, q_apply.approver, time_now)
send_mail(mail_title, mail_msg, 'jkfunshion@fun.tv', [mail_address], fail_silently=False)
send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
smg = '授权完成, 已邮件通知申请人, 十秒钟后返回首页'
return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request))
else:
@ -746,37 +754,38 @@ def perm_apply_exec(request):
def get_apply_posts(request, status, username, dept_name, keyword=None):
""" 获取申请记录 """
post_all = Apply.objects.filter(status=status).order_by('-date_add')
post_keyword_all = Apply.objects.filter(Q(applyer__contains=keyword) |
Q(approver__contains=keyword)) \
.filter(status=status).order_by('-date_add')
if is_super_user(request):
if keyword:
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=status).order_by('-date_add')
posts = post_keyword_all
else:
posts = Apply.objects.filter(status=status).order_by('-date_add')
posts = post_all
elif is_group_admin(request):
if keyword:
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=status).filter(dept=dept_name).order_by('-date_add')
posts = post_keyword_all.filter(dept=dept_name)
else:
posts = Apply.objects.filter(status=status).filter(dept=dept_name).order_by('-date_add')
posts = post_all.filter(dept=dept_name)
elif is_common_user(request):
if keyword:
posts = Apply.objects.filter(applyer=username).filter(status=status).filter(Q(applyer__contains=keyword) |
Q(asset__contains=keyword)).order_by('-date_add')
posts = post_keyword_all.filter(user=username)
else:
posts = Apply.objects.filter(applyer=username).filter(status=status).order_by('-date_add')
posts = post_all.filter(user=username)
return posts
@require_login
def perm_apply_log(request, offset):
""" 申请记录 """
header_title, path1, path2 = u'权限申请记录', u'权限管理', u'申请记录'
keyword = request.GET.get('keyword')
dept_id = get_user_dept(request)
dept_name = DEPT.objects.get(id=dept_id).name
user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).username
keyword = request.GET.get('keyword', '')
username = get_session_user_info(request)[1]
dept_name = get_session_user_info(request)[4]
status_dic = {'online': 0, 'offline': 1}
status = status_dic[offset]
posts = get_apply_posts(request, status, username, dept_name, keyword)
@ -786,6 +795,7 @@ def perm_apply_log(request, offset):
@require_login
def perm_apply_info(request):
""" 申请信息详情 """
uuid = request.GET.get('uuid')
post = Apply.objects.get(uuid=uuid)
return render_to_response('jperm/perm_apply_info.html', locals(), context_instance=RequestContext(request))
@ -793,6 +803,7 @@ def perm_apply_info(request):
@require_admin
def perm_apply_del(request):
""" 删除日志记录 """
uuid = request.GET.get('uuid')
u_apply = Apply.objects.filter(uuid=uuid)
if u_apply:
@ -802,12 +813,11 @@ def perm_apply_del(request):
@require_login
def perm_apply_search(request):
""" 申请搜索 """
keyword = request.GET.get('keyword')
offset = request.GET.get('env')
dept_id = get_user_dept(request)
dept_name = DEPT.objects.get(id=dept_id).name
user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).username
username = get_session_user_info(request)[1]
dept_name = get_session_user_info(request)[3]
status_dic = {'online': 0, 'offline': 1}
status = status_dic[offset]
posts = get_apply_posts(request, status, username, dept_name, keyword)

119
jumpserver/views.py
View File

@ -66,19 +66,36 @@ def index_cu(request):
return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request))
@require_admin
def admin_index(request):
user_id = request.session.get('user_id', '')
user = User.objects.get(id=user_id)
dept = user.dept
dept_name = user.dept.name
users = User.objects.filter(dept=dept)
hosts = Asset.objects.filter(dept=dept)
online = Log.objects.filter(dept_name=dept_name, is_finished=0)
online_host = online.values('host').distinct()
online_user = online.values('user').distinct()
active_users = users.filter(is_active=1)
active_hosts = hosts.filter(is_active=1)
@require_login
def index(request):
li_date, li_str = getDaysByNum(7)
today = datetime.datetime.now().day
from_week = datetime.datetime.now() - datetime.timedelta(days=7)
if is_common_user(request):
return index_cu(request)
elif is_super_user(request):
users = User.objects.all()
hosts = Asset.objects.all()
online = Log.objects.filter(is_finished=0)
online_host = online.values('host').distinct()
online_user = online.values('user').distinct()
active_users = User.objects.filter(is_active=1)
active_hosts = Asset.objects.filter(is_active=1)
week_data = Log.objects.filter(start_time__range=[from_week, datetime.datetime.now()])
elif is_group_admin(request):
user = get_session_user_info(request)[2]
dept_name, dept = get_session_user_info(request)[4:]
users = User.objects.filter(dept=dept)
hosts = Asset.objects.filter(dept=dept)
online = Log.objects.filter(dept_name=dept_name, is_finished=0)
online_host = online.values('host').distinct()
online_user = online.values('user').distinct()
active_users = users.filter(is_active=1)
active_hosts = hosts.filter(is_active=1)
week_data = Log.objects.filter(dept_name=dept_name, start_time__range=[from_week, datetime.datetime.now()])
# percent of dashboard
if users.count() == 0:
@ -92,10 +109,6 @@ def admin_index(request):
percent_host = format(active_hosts.count() / hosts.count(), '.0%')
percent_online_host = format(online_host.count() / hosts.count(), '.0%')
li_date, li_str = getDaysByNum(7)
today = datetime.datetime.now().day
from_week = datetime.datetime.now() - datetime.timedelta(days=7)
week_data = Log.objects.filter(dept_name=dept_name, start_time__range=[from_week, datetime.datetime.now()])
user_top_ten = week_data.values('user').annotate(times=Count('user')).order_by('-times')[:10]
host_top_ten = week_data.values('host').annotate(times=Count('host')).order_by('-times')[:10]
user_dic, host_dic = get_data(week_data, user_top_ten, 'user'), get_data(week_data, host_top_ten, 'host')
@ -119,78 +132,6 @@ def admin_index(request):
username = user_info.get('user')
last = Log.objects.filter(user=username).latest('start_time')
user_info['last'] = last
print user_top_ten
top = {'user': '活跃用户数', 'host': '活跃主机数', 'times': '登录次数'}
top_dic = {}
for key, value in top.items():
li = []
for t in li_date:
year, month, day = t.year, t.month, t.day
if key != 'times':
times = week_data.filter(start_time__year=year, start_time__month=month, start_time__day=day).values(key).distinct().count()
else:
times = week_data.filter(start_time__year=year, start_time__month=month, start_time__day=day).count()
li.append(times)
top_dic[value] = li
return render_to_response('index.html', locals(), context_instance=RequestContext(request))
@require_login
def index(request):
if is_common_user(request):
return index_cu(request)
if is_group_admin(request):
return admin_index(request)
users = User.objects.all()
hosts = Asset.objects.all()
online = Log.objects.filter(is_finished=0)
online_host = online.values('host').distinct()
online_user = online.values('user').distinct()
active_users = User.objects.filter(is_active=1)
active_hosts = Asset.objects.filter(is_active=1)
# percent of dashboard
if users.count() == 0:
percent_user, percent_online_user = '0%', '0%'
else:
percent_user = format(active_users.count() / users.count(), '.0%')
percent_online_user = format(online_user.count() / users.count(), '.0%')
if hosts.count() == 0:
percent_host, percent_online_host = '0%', '0%'
else:
percent_host = format(active_hosts.count() / hosts.count(), '.0%')
percent_online_host = format(online_host.count() / hosts.count(), '.0%')
li_date, li_str = getDaysByNum(7)
today = datetime.datetime.now().day
from_week = datetime.datetime.now() - datetime.timedelta(days=7)
week_data = Log.objects.filter(start_time__range=[from_week, datetime.datetime.now()])
user_top_ten = week_data.values('user').annotate(times=Count('user')).order_by('-times')[:10]
host_top_ten = week_data.values('host').annotate(times=Count('host')).order_by('-times')[:10]
user_dic, host_dic = get_data(week_data, user_top_ten, 'user'), get_data(week_data, host_top_ten, 'host')
# a week data
week_users = week_data.values('user').distinct().count()
week_hosts = week_data.count()
user_top_five = week_data.values('user').annotate(times=Count('user')).order_by('-times')[:5]
color = ['label-success', 'label-info', 'label-primary', 'label-default', 'label-warnning']
# perm apply latest 10
perm_apply_10 = Apply.objects.order_by('-date_add')[:10]
login_more_10 = Log.objects.order_by('-start_time')[10:20]
# latest 10 login
login_10 = Log.objects.order_by('-start_time')[:10]
# a week top 10
for user_info in user_top_ten:
username = user_info.get('user')
last = Log.objects.filter(user=username).latest('start_time')
user_info['last'] = last
print user_top_ten
top = {'user': '活跃用户数', 'host': '活跃主机数', 'times': '登录次数'}
top_dic = {}

2
templates/jasset/group_edit.html
View File

@ -53,8 +53,6 @@
<div>
<label for="hosts" class="col-lg-2 control-label">主机</label>
<div class="col-sm-3">
<select multiple="multiple" id="id_domains_filter" name="domains_filter" style="display: none;">
</select>
<div class="input-group" style="padding-bottom: 5px">
<input type="text" size="19" class="form-control input-sm" id="search" name="keyword" placeholder="过滤">
</div>

19
templates/nav.html
View File

@ -5,12 +5,6 @@
{% include 'nav_li_profile.html' %}
<li id="index">
<a href="/"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span><span class="label label-info pull-right"></span></a>
<!--<a href="index.html"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span> <span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li><a href="index.html">Dashboard v.1</a></li>
<li ><a href="dashboard_2.html">Dashboard v.2</a></li>
<li ><a href="dashboard_3.html">Dashboard v.3</a></li>
</ul>-->
</li>
<li id="juser">
<a href="#"><i class="fa fa-rebel"></i> <span class="nav-label">用户管理</span><span class="fa arrow"></span></a>
@ -51,13 +45,6 @@
<li class="apply_show online"><a href="/jperm/apply_show/online/">权限审批</a></li>
</ul>
</li>
{# <li id="jlog">#}
{# <a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>#}
{# <ul class="nav nav-second-level">#}
{# <li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>#}
{# <li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>#}
{# </ul>#}
{# </li>#}
<li id="jlog">
<a href="/jlog/log_list/online/"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="label label-info pull-right"></span></a>
</li>
@ -76,12 +63,6 @@
{% include 'nav_li_profile.html' %}
<li id="index">
<a href="/"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span><span class="label label-info pull-right"></span></a>
<!--<a href="index.html"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span> <span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li><a href="index.html">Dashboard v.1</a></li>
<li ><a href="dashboard_2.html">Dashboard v.2</a></li>
<li ><a href="dashboard_3.html">Dashboard v.3</a></li>
</ul>-->
</li>
<li id="juser">
<a href="#"><i class="fa fa-rebel"></i> <span class="nav-label">用户管理</span><span class="fa arrow"></span></a>