From b2c72221f75b48aadb7215eddba408aeec4bc505 Mon Sep 17 00:00:00 2001
From: guanghongwei <hongwei.guang@yolu-inc.com>
Date: Fri, 13 Mar 2015 23:46:38 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BB=8A=E5=A4=A9=E5=B0=B1=E8=BF=99=E6=A0=B7?=
 =?UTF-8?q?=E4=BA=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 jumpserver/api.py  | 14 +++++++++
 juser/views.py     | 22 ++++++++++----
 templates/nav.html | 72 +++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 102 insertions(+), 6 deletions(-)

diff --git a/jumpserver/api.py b/jumpserver/api.py
index 7cf3e1ac8..074667eb8 100644
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -71,3 +71,17 @@ def require_admin(func):
             return HttpResponseRedirect('/')
         return func(request, *args, **kwargs)
     return _deco
+
+
+def is_super_user(request):
+    if request.session.get('role_id') == '2':
+        return True
+    else:
+        return False
+
+
+def is_group_admin(request):
+    if request.session.get('role_id') == '1':
+        return True
+    else:
+        return False
diff --git a/juser/views.py b/juser/views.py
index 11b82418f..7da0e2532 100644
--- a/juser/views.py
+++ b/juser/views.py
@@ -23,7 +23,8 @@ from connect import PyCrypt, KEY
 from connect import BASE_DIR
 from connect import CONF
 from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn, page_list_return, pages
-from jumpserver.api import user_perm_group_api, require_login, require_super_user, require_admin
+from jumpserver.api import user_perm_group_api, require_login, require_super_user, \
+    require_admin, is_group_admin, is_super_user
 
 if LDAP_ENABLE:
     LDAP_HOST_URL = CONF.get('ldap', 'host_url')
@@ -369,10 +370,21 @@ def group_add(request):
 def group_list(request):
     header_title, path1, path2 = '查看小组', '用户管理', '查看小组'
     keyword = request.GET.get('search', '')
-    if keyword:
-        contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
-    else:
-        contact_list = UserGroup.objects.all().order_by('name')
+    contact_list = []
+    if is_super_user(request):
+        if keyword:
+            contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
+        else:
+            contact_list = UserGroup.objects.all().order_by('name')
+    elif is_group_admin(request):
+        user_id = request.session.get('user_id', '')
+        user = User.objects.filter(id=user_id)
+        if user:
+            user = user[0]
+            if keyword:
+                contact_list = UserGroup.objects.filter(Q(dept=user.dept) & Q(name__icontains=keyword) | Q(comment__icontains=keyword))
+            else:
+                contact_list = UserGroup.objects.filter(dept=user.dept).order_by('name')
 
     contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
     return render_to_response('juser/group_list.html', locals(), context_instance=RequestContext(request))
diff --git a/templates/nav.html b/templates/nav.html
index bfc66bac1..64f81dbb4 100644
--- a/templates/nav.html
+++ b/templates/nav.html
@@ -1,3 +1,4 @@
+{% ifequal session_role_id 2 %}
 <nav class="navbar-default navbar-static-side" role="navigation">
     <div class="sidebar-collapse">
         <ul class="nav" id="side-menu">
@@ -70,4 +71,73 @@
         </ul>
 
     </div>
-</nav>
\ No newline at end of file
+</nav>
+{% endifequal %}
+{% ifequal session_role_id 1 %}
+<nav class="navbar-default navbar-static-side" role="navigation">
+    <div class="sidebar-collapse">
+        <ul class="nav" id="side-menu">
+            {% include 'nav_li_profile.html' %}
+            <li>
+               <a href="/"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span><span class="label label-info pull-right"></span></a>
+              <!--<a href="index.html"><i class="fa fa-th-large"></i> <span class="nav-label">仪表盘</span> <span class="fa arrow"></span></a>
+                <ul class="nav nav-second-level">
+                    <li><a href="index.html">Dashboard v.1</a></li>
+                    <li ><a href="dashboard_2.html">Dashboard v.2</a></li>
+                    <li ><a href="dashboard_3.html">Dashboard v.3</a></li>
+                </ul>-->
+            </li>
+            <li id="juser">
+                <a href="#"><i class="fa fa-rebel"></i> <span class="nav-label">用户管理</span><span class="fa arrow"></span></a>
+                <ul class="nav nav-second-level">
+                    <li id="group_list"><a href="/juser/group_list/">查看小组</a></li>
+                    <li id="group_add"><a href="/juser/group_add/">添加小组</a></li>
+                    <li id="user_list"><a href="/juser/user_list/">查看用户<span class="label {% ifequal user_active_num user_total_num %}label-primary {% else %}label-warning {% endifequal %}pull-right">{{ user_active_num }}/{{ user_total_num }}</span></a></li>
+                    <li id="user_add"><a href="/juser/user_add/">添加用户</a></li>
+                </ul>
+            </li>
+            <li id="jasset">
+                <a><i class="fa fa-cube"></i> <span class="nav-label">资产管理</span><span class="fa arrow"></span></a>
+                <ul class="nav nav-second-level">
+                    <li id="host_add"><a href="/jasset/host_add/">添加资产</a></li>
+                    <li id="host_list"><a href="/jasset/host_list/">查看资产&nbsp&nbsp</span><span class="label label-info pull-right">16/18</span></a></li>
+                    <li id="jgroup_add"><a href="/jasset/jgroup_add/">添加主机组</a></li>
+                    <li id="jgroup_list"><a href="/jasset/jgroup_list/">查看主机组</a></li>
+                    <li id="idc_add"><a href="/jasset/idc_add/">添加IDC</a></li>
+                    <li id="idc_list"><a href="/jasset/idc_list/">查看IDC</a></li>
+                </ul>
+            </li>
+            <li id="jperm">
+                <a href="#"><i class="fa fa-edit"></i> <span class="nav-label">授权管理</span><span class="fa arrow"></span></a>
+                <ul class="nav nav-second-level">
+                    <li id="perm_list">
+                        <a href="/jperm/perm_list/">小组授权</a>
+                    </li>
+
+                    <li id="sudo_add">
+                        <a href="/jperm/sudo_list/">Sudo授权</a>
+                    </li>
+                </ul>
+            </li>
+            <li id="jlog">
+                <a href="#"><i class="fa fa-files-o"></i> <span class="nav-label">日志审计</span><span class="fa arrow"></span></a>
+                <ul class="nav nav-second-level">
+                    <li id="log_list"><a href="/jlog/log_list/online/">查看日志</a></li>
+                    <li id="log_detail"><a href="/jlog/log_detail/">日志分析</a></li>
+                </ul>
+            </li>
+            <li>
+                <a href="#"><i class="fa fa-download"></i> <span class="nav-label">上传下载</span><span class="fa arrow"></span></a>
+                <ul class="nav nav-second-level">
+                    <li><a href="/file/upload/">文件上传</a></li>
+                    <li><a href="/file/download/">文件下载</a></li>
+                </ul>
+            </li>
+
+            <li class="special_link">
+                <a href="http://www.jumpserver.org" target="_blank"><i class="fa fa-database"></i> <span class="nav-label">访问官网</span></a>
+            </li>
+        </ul>
+    </div>
+</nav>
+{% endifequal %}
\ No newline at end of file