diff --git a/connect.py b/connect.py index 49cdb4fec..0ba04d99d 100644 --- a/connect.py +++ b/connect.py @@ -21,7 +21,7 @@ import uuid os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings' if django.get_version() != '1.6': - django.setup() + setup = django.setup() from django.contrib.sessions.models import Session from jumpserver.api import ServerError, User, Asset, PermRole, AssetGroup, get_object, mkdir, get_asset_info from jumpserver.api import logger, Log, TtyLog, get_role_key, CRYPTOR, bash, get_tmp_dir @@ -526,7 +526,7 @@ class Nav(object): user_asset_search = user_asset_all self.search_result = dict(zip(range(len(user_asset_search)), user_asset_search)) - color_print('[%-3s] %-12s %-15s %-5s %-10s %s' % ('ID', u'主机名', 'IP', u'端口', u'角色', u'备注'), 'title') + color_print('[%-3s] %-12s %-15s %-5s %-10s %s' % ('ID', u'主机名', 'IP', u'端口', u'系统用户', u'备注'), 'title') for index, asset in self.search_result.items(): # 获取该资产信息 asset_info = get_asset_info(asset) @@ -556,13 +556,13 @@ class Nav(object): roles = self.user_perm.get('role').keys() if len(roles) > 1: # 授权角色数大于1 - color_print('[%-2s] %-15s' % ('ID', '角色'), 'info') + color_print('[%-2s] %-15s' % ('ID', '系统用户'), 'info') role_check = dict(zip(range(len(roles)), roles)) for i, r in role_check.items(): print '[%-2s] %-15s' % (i, r.name) print - print "请输入运行命令角色的ID, q退出" + print "请输入运行命令所关联系统用户的ID, q退出" try: role_id = raw_input("\033[1;32mRole>:\033[0m ").strip() @@ -575,7 +575,7 @@ class Nav(object): elif len(roles) == 1: # 授权角色数为1 role = roles[0] assets = list(self.user_perm.get('role', {}).get(role).get('asset')) # 获取该用户,角色授权主机 - print "该角色有权限的所有主机" + print "授权包含该系统用户的所有主机" for asset in assets: print ' %s' % asset.hostname print @@ -766,11 +766,11 @@ def main(): roles = nav.user_perm.get('asset').get(asset).get('role') if len(roles) > 1: role_check = dict(zip(range(len(roles)), roles)) - print "\033[32m[ID] 角色\033[0m" + print "\033[32m[ID] 系统用户\033[0m" for index, role in role_check.items(): print "[%-2s] %s" % (index, role.name) print - print "授权角色超过1个,请输入角色ID, q退出" + print "授权系统用户超过1个,请输入ID, q退出" try: role_index = raw_input("\033[1;32mID>:\033[0m ").strip() if role_index == 'q': diff --git a/docs/developer_doc.txt b/docs/developer_doc.txt index d24cacdcd..aa7b0db9f 100644 --- a/docs/developer_doc.txt +++ b/docs/developer_doc.txt @@ -30,7 +30,7 @@ connect.py逻辑说明: 匹配到0了就显示没有权限或者主机, 匹配到1个则继续 查询该服务器是否支持ldap 如果是,获得ldap用户密码登陆 - 如果否,查询授权表,查看该服务器授权的角色,并返回对应账号密码,登陆 + 如果否,查询授权表,查看该服务器授权的系统用户,并返回对应账号密码,登陆 connect函数是登陆函数,采用paramiko 使用channel登陆,posix_shell 来完成交互,并记录日志 signal模块来完成窗口改变导致的tty大小随之改变 PyCrypt是对称加密类 \ No newline at end of file diff --git a/jasset/views.py b/jasset/views.py index bc03d2490..ca5e5f91a 100644 --- a/jasset/views.py +++ b/jasset/views.py @@ -263,7 +263,6 @@ def asset_list(request): asset_group_all = AssetGroup.objects.all() asset_types = ASSET_TYPE asset_status = ASSET_STATUS - asset_id = request.GET.get('id') idc_name = request.GET.get('idc', '') group_name = request.GET.get('group', '') asset_type = request.GET.get('asset_type', '') @@ -273,6 +272,7 @@ def asset_list(request): group_id = request.GET.get("group_id", '') idc_id = request.GET.get("idc_id", '') asset_id_all = request.GET.getlist("id", '') + if group_id: group = get_object(AssetGroup, id=group_id) if group: @@ -302,9 +302,6 @@ def asset_list(request): if status: asset_find = asset_find.filter(status__contains=status) - if asset_id: - asset_find = asset_find.filter(id=asset_id) - if keyword: asset_find = asset_find.filter( Q(hostname__contains=keyword) | diff --git a/jlog/views.py b/jlog/views.py index 360265c4f..ff0eaf1c0 100644 --- a/jlog/views.py +++ b/jlog/views.py @@ -133,7 +133,10 @@ def log_detail(request, offset): if offset == 'exec': log = get_object(ExecLog, id=log_id) assets_hostname = log.host.split(' ') - result = eval(str(log.result)) + try: + result = eval(str(log.result)) + except (SyntaxError, NameError): + result = {} return my_render('jlog/exec_detail.html', locals(), request) elif offset == 'file': log = get_object(FileLog, id=log_id) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 0814a1382..e34de01ad 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -175,13 +175,17 @@ def gen_resource(ob, perm=None): for asset in assets: asset_info = get_asset_info(asset) + role_key = get_role_key(user, role) info = {'hostname': asset.hostname, 'ip': asset.ip, 'port': asset_info.get('port', 22), 'username': role.name, - 'password': CRYPTOR.decrypt(role.password), - 'ssh_key': get_role_key(user, role) - } + 'password': CRYPTOR.decrypt(role.password) + } + + if os.path.isfile(role_key): + info['ssh_key'] = role_key + res.append(info) else: for asset, asset_info in perm.get('asset').items(): @@ -192,13 +196,17 @@ def gen_resource(ob, perm=None): role = sorted(list(perm.get('asset').get(asset).get('role')))[0] except IndexError: continue + + role_key = get_role_key(user, role) info = {'hostname': asset.hostname, 'ip': asset.ip, 'port': asset_info.get('port', 22), 'username': role.name, 'password': CRYPTOR.decrypt(role.password), - 'ssh_key': get_role_key(user, role) } + if os.path.isfile(role_key): + info['ssh_key'] = role_key + res.append(info) elif isinstance(ob, User): @@ -214,8 +222,12 @@ def gen_resource(ob, perm=None): continue info['username'] = role.name info['password'] = CRYPTOR.decrypt(role.password) - info['ssh_key'] = get_role_key(ob, role) + + role_key = get_role_key(ob, role) + if os.path.isfile(role_key): + info['ssh_key'] = role_key res.append(info) + elif isinstance(ob, (list, QuerySet)): for asset in ob: info = get_asset_info(asset) diff --git a/jperm/urls.py b/jperm/urls.py index 3f76eaf2a..5fd3320a6 100644 --- a/jperm/urls.py +++ b/jperm/urls.py @@ -2,21 +2,21 @@ from django.conf.urls import patterns, include, url from jperm.views import * urlpatterns = patterns('jperm.views', - url(r'^rule/$', perm_rule_list, name='rule_list'), - url(r'^perm_rule_add/$', perm_rule_add, name='rule_add'), - url(r'^perm_rule_detail/$', perm_rule_detail, name='rule_detail'), - url(r'^perm_rule_edit/$', perm_rule_edit, name='rule_edit'), - url(r'^perm_rule_delete/$', perm_rule_delete, name='rule_del'), - url(r'^role/$', perm_role_list, name='role_list'), - url(r'^role/perm_role_add/$', perm_role_add, name='role_add'), - url(r'^role/perm_role_delete/$', perm_role_delete, name='role_del'), - url(r'^role/perm_role_detail/$', perm_role_detail, name='role_detail'), - url(r'^role/perm_role_edit/$', perm_role_edit, name='role_edit'), + url(r'^rule/list/$', perm_rule_list, name='rule_list'), + url(r'^rule/add/$', perm_rule_add, name='rule_add'), + url(r'^rule/detail/$', perm_rule_detail, name='rule_detail'), + url(r'^rule/edit/$', perm_rule_edit, name='rule_edit'), + url(r'^rule/del/$', perm_rule_delete, name='rule_del'), + url(r'^role/list/$', perm_role_list, name='role_list'), + url(r'^role/add/$', perm_role_add, name='role_add'), + url(r'^role/del/$', perm_role_delete, name='role_del'), + url(r'^role/detail/$', perm_role_detail, name='role_detail'), + url(r'^role/edit/$', perm_role_edit, name='role_edit'), url(r'^role/push/$', perm_role_push, name='role_push'), url(r'^role/recycle/$', perm_role_recycle, name='role_recycle'), url(r'^role/get/$', perm_role_get, name='role_get'), - url(r'^sudo/$', perm_sudo_list, name='sudo_list'), - url(r'^sudo/perm_sudo_add/$', perm_sudo_add, name='sudo_add'), - url(r'^sudo/perm_sudo_delete/$', perm_sudo_delete, name='sudo_del'), - url(r'^sudo/perm_sudo_edit/$', perm_sudo_edit, name='sudo_edit'), + url(r'^sudo/list/$', perm_sudo_list, name='sudo_list'), + url(r'^sudo/add/$', perm_sudo_add, name='sudo_add'), + url(r'^sudo/del/$', perm_sudo_delete, name='sudo_del'), + url(r'^sudo/edit/$', perm_sudo_edit, name='sudo_edit'), ) diff --git a/jperm/views.py b/jperm/views.py index da769abfd..09b23d37b 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -104,7 +104,7 @@ def perm_rule_add(request): raise ServerError(u'授权规则 %s 已存在' % rule_name) if not rule_name or not roles_select: - raise ServerError(u'角色名称和授权角色不能为空') + raise ServerError(u'系统用户名称和规则名称不能为空') # 获取需要授权的主机列表 assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select] @@ -126,7 +126,7 @@ def perm_rule_add(request): asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产 need_push_asset.update(set(calc_assets) & set(asset_no_push)) if need_push_asset: - raise ServerError(u'没有推送角色 %s 的主机 %s' + raise ServerError(u'没有推送系统用户 %s 的主机 %s' % (role.name, ','.join([asset.hostname for asset in need_push_asset]))) # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) @@ -175,10 +175,10 @@ def perm_rule_edit(request): assets_select = request.POST.getlist('asset', []) asset_groups_select = request.POST.getlist('asset_group', []) roles_select = request.POST.getlist('role', []) - print rule_name, roles_select + try: if not rule_name or not roles_select: - raise ServerError(u'角色名称和授权角色不能为空') + raise ServerError(u'系统用户和关联系统用户不能为空') assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select] asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select] @@ -198,7 +198,7 @@ def perm_rule_edit(request): asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产 need_push_asset.update(set(calc_assets) & set(asset_no_push)) if need_push_asset: - raise ServerError(u'没有推送角色 %s 的主机 %s' + raise ServerError(u'没有推送系统用户 %s 的主机 %s' % (role.name, ','.join([asset.hostname for asset in need_push_asset]))) # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) @@ -208,7 +208,7 @@ def perm_rule_edit(request): rule.asset_group = asset_groups_obj rule.role = roles_obj rule.name = rule_name - rule.comment = rule.comment + rule.comment = rule_comment rule.save() msg = u"更新授权规则:%s成功" % rule.name @@ -241,7 +241,7 @@ def perm_role_list(request): list role page """ # 渲染数据 - header_title, path1, path2 = "系统角色", "角色管理", "查看角色" + header_title, path1, path2 = "系统用户", "系统用户管理", "查看系统用户" # 获取所有系统角色 roles_list = PermRole.objects.all() @@ -265,7 +265,7 @@ def perm_role_add(request): add role page """ # 渲染数据 - header_title, path1, path2 = "系统角色", "角色管理", "添加角色" + header_title, path1, path2 = "系统用户", "系统用户管理", "添加系统用户" sudos = PermSudo.objects.all() if request.method == "POST": @@ -295,7 +295,7 @@ def perm_role_add(request): role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path) role.save() role.sudo = sudos_obj - msg = u"添加角色: %s" % name + msg = u"添加系统用户: %s" % name return HttpResponseRedirect(reverse('role_list')) except ServerError, e: error = e @@ -330,12 +330,11 @@ def perm_role_delete(request): logger.info(u"delete role %s - delete role key directory: %s" % (role.name, role_key)) # 数据库里删除记录 TODO: 判断返回结果,处理异常 role.delete() - return HttpResponse(u"删除角色: %s" % role.name) + return HttpResponse(u"删除系统用户: %s" % role.name) else: return HttpResponse(u"不支持该操作") - @require_role('admin') def perm_role_detail(request): """ @@ -348,7 +347,7 @@ def perm_role_detail(request): '': []} """ # 渲染数据 - header_title, path1, path2 = "系统角色", "角色管理", "角色详情" + header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情" if request.method == "GET": role_id = request.GET.get("id") @@ -372,7 +371,7 @@ def perm_role_edit(request): edit role page """ # 渲染数据 - header_title, path1, path2 = "系统角色", "角色管理", "角色编辑" + header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑" # 渲染数据 role_id = request.GET.get("id") @@ -395,7 +394,7 @@ def perm_role_edit(request): try: if not role: - raise ServerError('角色用户不能存在') + raise ServerError('该系统用户不能存在') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) @@ -413,7 +412,7 @@ def perm_role_edit(request): role.sudo = role_sudos role.save() - msg = u"更新系统角色: %s" % role.name + msg = u"更新系统用户: %s" % role.name return HttpResponseRedirect(reverse('role_list')) except ServerError, e: error = e @@ -427,7 +426,7 @@ def perm_role_push(request): the role push page """ # 渲染数据 - header_title, path1, path2 = "系统角色", "角色管理", "角色推送" + header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户推送" role_id = request.GET.get('id') asset_ids = request.GET.get('asset_id') role = get_object(PermRole, id=role_id) @@ -511,9 +510,9 @@ def perm_role_push(request): func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=True) if not failed_asset: - msg = u'角色 %s 推送成功[ %s ]' % (role.name, ','.join(success_asset.keys())) + msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(success_asset.keys())) else: - error = u'角色 %s 推送失败 [ %s ], 推送成功 [ %s ]' % (role.name, + error = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ]' % (role.name, ','.join(failed_asset.keys()), ','.join(success_asset.keys())) return my_render('jperm/perm_role_push.html', locals(), request) @@ -618,7 +617,7 @@ def perm_sudo_delete(request): sudo = PermSudo.objects.get(id=sudo_id) # 数据库里删除记录 sudo.delete() - return HttpResponse(u"删除角色: %s" % sudo.name) + return HttpResponse(u"删除系统用户: %s" % sudo.name) else: return HttpResponse(u"不支持该操作") diff --git a/jperm/views.py.back b/jperm/views.py.back deleted file mode 100644 index 2e910e025..000000000 --- a/jperm/views.py.back +++ /dev/null @@ -1 +0,0 @@ -# # coding: utf-8 # import sysuser # # reload(sysuser) # sysuser.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jumpserver.api import * from jperm.perm_api import * from jperm.models import PermLog as Log from jperm.models import SysUser from juser.user_api import gen_ssh_key @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 for asset_group in asset_group_new: asset_new.extend(asset_group.asset_set.all()) for asset_group in asset_group_del: asset_del.extend(asset_group.asset_set.all()) perm_info = { 'action': 'perm user edit: ' + user.name, 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } print perm_info try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 users = user_group.user_set.all() perm_info = { 'action': 'perm group edit: ' + user_group.name, 'del': {'users': users, 'assets': asset_del}, 'new': {'users': users, 'assets': asset_new} } results = perm_user_api(perm_info) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') def log(request): header_title, path1, path2 = '授权记录', '授权管理', '授权记录' log_all = Log.objects.all().order_by('-datetime') log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request) return my_render('jperm/perm_log.html', locals(), request) def sys_user_add(request): asset_group_all = AssetGroup.objects.all() if request.method == 'POST': username = request.POST.get('username', '') password = request.POST.get('password', '') asset_groups_id = request.POST.getlist('asset_groups_select', []) comment = request.POST.get('comment') sys_user = SysUser(username=username, password=password, comment=comment) sys_user.save() gen_ssh_key(username, key_dir=os.path.join(SSH_KEY_DIR, 'sysuser'), authorized_keys=False) results = push_user(sys_user, asset_groups_id) return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") return my_render('jperm/sys_user_add.html', locals(), request) def sys_user_list(request): users_list = SysUser.objects.all() users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) return my_render('jperm/sys_user_list.html', locals(), request) def sys_user_edit(request): pass def sys_user_del(request): pass \ No newline at end of file diff --git a/jumpserver/api.py b/jumpserver/api.py index 0e772eb85..646aeeeb2 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -70,7 +70,8 @@ def get_asset_info(asset): info['password'] = CRYPTOR.decrypt(default.field3) except ServerError: pass - info['ssh_key'] = default.field4 + if os.path.isfile(default.field4): + info['ssh_key'] = default.field4 else: info['port'] = int(asset.port) info['username'] = asset.username @@ -93,7 +94,7 @@ def get_role_key(user, role): with open(os.path.join(role.key_path, 'id_rsa')) as fk: with open(user_role_key_path, 'w') as fu: fu.write(fk.read()) - logger.debug(u"创建新的用户角色key %s, Owner: %s" % (user_role_key_path, user.username)) + logger.debug(u"创建新的系统用户key %s, Owner: %s" % (user_role_key_path, user.username)) chown(user_role_key_path, user.username) os.chmod(user_role_key_path, 0600) return user_role_key_path diff --git a/jumpserver/views.py b/jumpserver/views.py index 49e5fc592..a0a86ffcc 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -230,7 +230,10 @@ def setting(request): if '' in [username, port]: return HttpResponse('所填内容不能为空, 且密码和私钥填一个') else: - private_key_path = os.path.join(BASE_DIR, 'keys/role_keys', 'default', 'default_private_key.pem') + private_key_dir = os.path.join(BASE_DIR, 'keys', 'default') + private_key_path = os.path.join(private_key_dir, 'admin_user.pem') + mkdir(private_key_dir) + if private_key: with open(private_key_path, 'w') as f: f.write(private_key) diff --git a/juser/views.py b/juser/views.py index 3e1b6eeb3..1646910c5 100644 --- a/juser/views.py +++ b/juser/views.py @@ -58,10 +58,14 @@ def group_list(request): header_title, path1, path2 = '查看用户组', '用户管理', '查看用户组' keyword = request.GET.get('search', '') user_group_list = UserGroup.objects.all().order_by('name') + group_id = request.GET.get('id', '') if keyword: user_group_list = user_group_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) + if id: + user_group_list = user_group_list.filter(id=int(group_id)) + user_group_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_group_list, request) return my_render('juser/group_list.html', locals(), request) @@ -387,7 +391,7 @@ def user_edit(request): 地址:%s 用户名: %s 密码:%s (如果密码为None代表密码为原密码) - 角色:%s + 权限::%s """ % (user.name, URL, user.username, password_decode, user_role.get(role_post, u'')) send_mail('您的信息已修改', msg, MAIL_FROM, [email], fail_silently=False) diff --git a/run_websocket.py b/run_websocket.py index 3ecc9b578..b3bcffac8 100644 --- a/run_websocket.py +++ b/run_websocket.py @@ -231,7 +231,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler): logger.debug('Websocket: Open exec request') role_name = self.get_argument('role', 'sb') self.remote_ip = self.request.remote_ip - logger.debug('Web执行命令: 请求角色 %s' % role_name) + logger.debug('Web执行命令: 请求系统用户 %s' % role_name) self.role = get_object(PermRole, name=role_name) self.perm = get_group_user_perm(self.user) roles = self.perm.get('role').keys() @@ -315,7 +315,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): if asset: roles = user_have_perm(self.user, asset) logger.debug(roles) - logger.debug('角色: %s' % role_name) + logger.debug('系统用户: %s' % role_name) login_role = '' for role in roles: if role.name == role_name: diff --git a/templates/index_cu.html b/templates/index_cu.html index 4ba361479..ee571001c 100644 --- a/templates/index_cu.html +++ b/templates/index_cu.html @@ -124,7 +124,7 @@ {{ user.name }} - 角色 + 系统用户 {{ user.role }} diff --git a/templates/jasset/asset_cu_list.html b/templates/jasset/asset_cu_list.html index f59be1929..140484da7 100644 --- a/templates/jasset/asset_cu_list.html +++ b/templates/jasset/asset_cu_list.html @@ -135,7 +135,7 @@ }); //window.open(new_url + data, '', 'location=no, resizeable=no, height=410, width=625, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,status=no'); } else if (dataArray.length == '1' && data == 'error'){ - layer.alert('没有授权角色') + layer.alert('没有授权系统用户') } else { aUrl = ''; $.each(dataArray, function(index, value){ @@ -143,7 +143,7 @@ }); layer.alert(aUrl, { skin: 'layui-layer-molv', - title: '多个角色,请选择一个连接', + title: '授权多个系统用户,请选择一个连接', shade: false, closeBtn: 0 }) @@ -167,7 +167,7 @@ success: function(data){ var dataArray = data.split(','); if (data == 'error' || data == '' || data == null || data == undefined){ - layer.alert('没有授权角色') + layer.alert('没有授权系统用户') } else if (dataArray.length == 1 && data != 'error' && navigator.platform == 'Win32') { layer.open({ type: 2, @@ -194,7 +194,7 @@ }); layer.alert(aUrl, { skin: 'layui-layer-molv', - title: '多个角色,请选择一个连接', + title: '授权多个系统用户,请选择一个连接', shade: false, closeBtn: 0 }) diff --git a/templates/jasset/asset_detail.html b/templates/jasset/asset_detail.html index f8e417fa0..48de38e8f 100644 --- a/templates/jasset/asset_detail.html +++ b/templates/jasset/asset_detail.html @@ -197,7 +197,7 @@

授权用户信息

- + {% for perm in user_perm %} diff --git a/templates/jasset/asset_list.html b/templates/jasset/asset_list.html index 4775eba0d..a510b3398 100644 --- a/templates/jasset/asset_list.html +++ b/templates/jasset/asset_list.html @@ -199,7 +199,7 @@ }); //window.open(new_url + data, '', 'location=no, resizeable=no, height=410, width=625, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,status=no'); } else if (dataArray.length == '1' && data == 'error'){ - layer.alert('没有授权角色') + layer.alert('没有授权系统用户') } else { aUrl = ''; $.each(dataArray, function(index, value){ @@ -207,7 +207,7 @@ }); layer.alert(aUrl, { skin: 'layui-layer-molv', - title: '多个角色,请选择一个连接', + title: '授权多个系统用户,请选择一个连接', shade: false, closeBtn: 0 }) @@ -230,7 +230,7 @@ success: function(data){ var dataArray = data.split(','); if (data == 'error' || data == '' || data == null || data == undefined){ - layer.alert('没有授权角色') + layer.alert('没有授权系统用户') } else if (dataArray.length == 1 && data != 'error' && navigator.platform == 'Win32'){ var title = 'Jumpserver Web Terminal' + ' '+ hostname +''; @@ -260,7 +260,7 @@ console.log(aUrl); layer.alert(aUrl, { skin: 'layui-layer-molv', - title: '多个角色,请选择一个连接', + title: '授权多个系统用户,请选择一个连接', shade: false, closeBtn: 0 }) diff --git a/templates/jasset/idc_list.html b/templates/jasset/idc_list.html index e88871320..860f788f3 100644 --- a/templates/jasset/idc_list.html +++ b/templates/jasset/idc_list.html @@ -59,13 +59,13 @@ {% for post in contacts.object_list %} - + diff --git a/templates/jperm/perm_role_add.html b/templates/jperm/perm_role_add.html index 43ed50e8c..b328eda2c 100644 --- a/templates/jperm/perm_role_add.html +++ b/templates/jperm/perm_role_add.html @@ -34,21 +34,21 @@
{{ msg }}
{% endif %}
- +
- +
如果不添加密码,会自动生成
- +
如果不添加密钥,会自动生成, 密码密钥必填一项 @@ -56,7 +56,7 @@
- +
授权用户系统角色关联用户
{{ perm.0 }}
{{ post.name }} {{ post.name }} {{ post.asset_set.count }} {{ post.linkman }} {{ post.phone }} {{ post.comment }} - 详情 + 编辑 删除
{% for user in users %} - + {% endfor %}
{{ user.name }} {{ user.name }}
@@ -86,7 +86,7 @@ {% for group in user_groups %} - + {% endfor %}
{{ group.name }} {{ group.name }}
diff --git a/templates/jperm/perm_role_edit.html b/templates/jperm/perm_role_edit.html index 8a3a858f2..33ab47e0e 100644 --- a/templates/jperm/perm_role_edit.html +++ b/templates/jperm/perm_role_edit.html @@ -34,14 +34,14 @@
{{ msg }}
{% endif %}
- +
- +
不修改请留空 @@ -49,7 +49,7 @@
- +
不修改请留空 @@ -57,9 +57,9 @@
- +
- {% for sudo in sudo_all %} {% endfor %} @@ -100,9 +100,9 @@ $('#roleForm').validator({ fields: { "role_name": { rule: "required;check_name", - tip: "输入角色名称", + tip: "输入系统用户名称", ok: "", - msg: {required: "角色名称必填"} + msg: {required: "系统用户名称必填"} } }, valid: function(form) { diff --git a/templates/jperm/perm_role_list.html b/templates/jperm/perm_role_list.html index 2779317ef..2f7913ada 100644 --- a/templates/jperm/perm_role_list.html +++ b/templates/jperm/perm_role_list.html @@ -16,7 +16,7 @@ {% endif %}
-
所有系统角色
+
所有系统用户
@@ -31,7 +31,7 @@
- 添加角色 + 添加系统用户