github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

role fix to sys user

pull/26/head
ibuler 2015-12-14 14:36:42 +08:00
parent db13b7a3e9
commit b58ff14ed1
33 changed files with 133 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
connect.py
View File

@ -21,7 +21,7 @@ import uuid
os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
if django.get_version() != '1.6':
django.setup()
setup = django.setup()
from django.contrib.sessions.models import Session
from jumpserver.api import ServerError, User, Asset, PermRole, AssetGroup, get_object, mkdir, get_asset_info
from jumpserver.api import logger, Log, TtyLog, get_role_key, CRYPTOR, bash, get_tmp_dir
@ -526,7 +526,7 @@ class Nav(object):
user_asset_search = user_asset_all
self.search_result = dict(zip(range(len(user_asset_search)), user_asset_search))
color_print('[%-3s] %-12s %-15s %-5s %-10s %s' % ('ID', u'主机名', 'IP', u'端口', u'角色', u'备注'), 'title')
color_print('[%-3s] %-12s %-15s %-5s %-10s %s' % ('ID', u'主机名', 'IP', u'端口', u'系统用户', u'备注'), 'title')
for index, asset in self.search_result.items():
# 获取该资产信息
asset_info = get_asset_info(asset)
@ -556,13 +556,13 @@ class Nav(object):
roles = self.user_perm.get('role').keys()
if len(roles) > 1: # 授权角色数大于1
color_print('[%-2s] %-15s' % ('ID', '角色'), 'info')
color_print('[%-2s] %-15s' % ('ID', '系统用户'), 'info')
role_check = dict(zip(range(len(roles)), roles))
for i, r in role_check.items():
print '[%-2s] %-15s' % (i, r.name)
print
print "请输入运行命令角色的ID, q退出"
print "请输入运行命令所关联系统用户的ID, q退出"
try:
role_id = raw_input("\033[1;32mRole>:\033[0m ").strip()
@ -575,7 +575,7 @@ class Nav(object):
elif len(roles) == 1: # 授权角色数为1
role = roles[0]
assets = list(self.user_perm.get('role', {}).get(role).get('asset')) # 获取该用户,角色授权主机
print "该角色有权限的所有主机"
print "授权包含该系统用户的所有主机"
for asset in assets:
print ' %s' % asset.hostname
print
@ -766,11 +766,11 @@ def main():
roles = nav.user_perm.get('asset').get(asset).get('role')
if len(roles) > 1:
role_check = dict(zip(range(len(roles)), roles))
print "\033[32m[ID] 角色\033[0m"
print "\033[32m[ID] 系统用户\033[0m"
for index, role in role_check.items():
print "[%-2s] %s" % (index, role.name)
print
print "授权角色超过1个请输入角色ID, q退出"
print "授权系统用户超过1个请输入ID, q退出"
try:
role_index = raw_input("\033[1;32mID>:\033[0m ").strip()
if role_index == 'q':

2
docs/developer_doc.txt
View File

@ -30,7 +30,7 @@ connect.py逻辑说明
匹配到0了就显示没有权限或者主机
匹配到1个则继续
查询该服务器是否支持ldap 如果是获得ldap用户密码登陆
如果否,查询授权表,查看该服务器授权的角色,并返回对应账号密码,登陆
如果否,查询授权表,查看该服务器授权的系统用户,并返回对应账号密码,登陆
connect函数是登陆函数采用paramiko 使用channel登陆posix_shell 来完成交互,并记录日志
signal模块来完成窗口改变导致的tty大小随之改变
PyCrypt是对称加密类

5
jasset/views.py
View File

@ -263,7 +263,6 @@ def asset_list(request):
asset_group_all = AssetGroup.objects.all()
asset_types = ASSET_TYPE
asset_status = ASSET_STATUS
asset_id = request.GET.get('id')
idc_name = request.GET.get('idc', '')
group_name = request.GET.get('group', '')
asset_type = request.GET.get('asset_type', '')
@ -273,6 +272,7 @@ def asset_list(request):
group_id = request.GET.get("group_id", '')
idc_id = request.GET.get("idc_id", '')
asset_id_all = request.GET.getlist("id", '')
if group_id:
group = get_object(AssetGroup, id=group_id)
if group:
@ -302,9 +302,6 @@ def asset_list(request):
if status:
asset_find = asset_find.filter(status__contains=status)
if asset_id:
asset_find = asset_find.filter(id=asset_id)
if keyword:
asset_find = asset_find.filter(
Q(hostname__contains=keyword) |

5
jlog/views.py
View File

@ -133,7 +133,10 @@ def log_detail(request, offset):
if offset == 'exec':
log = get_object(ExecLog, id=log_id)
assets_hostname = log.host.split(' ')
result = eval(str(log.result))
try:
result = eval(str(log.result))
except (SyntaxError, NameError):
result = {}
return my_render('jlog/exec_detail.html', locals(), request)
elif offset == 'file':
log = get_object(FileLog, id=log_id)

22
jperm/perm_api.py
View File

@ -175,13 +175,17 @@ def gen_resource(ob, perm=None):
for asset in assets:
asset_info = get_asset_info(asset)
role_key = get_role_key(user, role)
info = {'hostname': asset.hostname,
'ip': asset.ip,
'port': asset_info.get('port', 22),
'username': role.name,
'password': CRYPTOR.decrypt(role.password),
'ssh_key': get_role_key(user, role)
}
'password': CRYPTOR.decrypt(role.password)
}
if os.path.isfile(role_key):
info['ssh_key'] = role_key
res.append(info)
else:
for asset, asset_info in perm.get('asset').items():
@ -192,13 +196,17 @@ def gen_resource(ob, perm=None):
role = sorted(list(perm.get('asset').get(asset).get('role')))[0]
except IndexError:
continue
role_key = get_role_key(user, role)
info = {'hostname': asset.hostname,
'ip': asset.ip,
'port': asset_info.get('port', 22),
'username': role.name,
'password': CRYPTOR.decrypt(role.password),
'ssh_key': get_role_key(user, role)
}
if os.path.isfile(role_key):
info['ssh_key'] = role_key
res.append(info)
elif isinstance(ob, User):
@ -214,8 +222,12 @@ def gen_resource(ob, perm=None):
continue
info['username'] = role.name
info['password'] = CRYPTOR.decrypt(role.password)
info['ssh_key'] = get_role_key(ob, role)
role_key = get_role_key(ob, role)
if os.path.isfile(role_key):
info['ssh_key'] = role_key
res.append(info)
elif isinstance(ob, (list, QuerySet)):
for asset in ob:
info = get_asset_info(asset)

28
jperm/urls.py
View File

@ -2,21 +2,21 @@ from django.conf.urls import patterns, include, url
from jperm.views import *
urlpatterns = patterns('jperm.views',
url(r'^rule/$', perm_rule_list, name='rule_list'),
url(r'^perm_rule_add/$', perm_rule_add, name='rule_add'),
url(r'^perm_rule_detail/$', perm_rule_detail, name='rule_detail'),
url(r'^perm_rule_edit/$', perm_rule_edit, name='rule_edit'),
url(r'^perm_rule_delete/$', perm_rule_delete, name='rule_del'),
url(r'^role/$', perm_role_list, name='role_list'),
url(r'^role/perm_role_add/$', perm_role_add, name='role_add'),
url(r'^role/perm_role_delete/$', perm_role_delete, name='role_del'),
url(r'^role/perm_role_detail/$', perm_role_detail, name='role_detail'),
url(r'^role/perm_role_edit/$', perm_role_edit, name='role_edit'),
url(r'^rule/list/$', perm_rule_list, name='rule_list'),
url(r'^rule/add/$', perm_rule_add, name='rule_add'),
url(r'^rule/detail/$', perm_rule_detail, name='rule_detail'),
url(r'^rule/edit/$', perm_rule_edit, name='rule_edit'),
url(r'^rule/del/$', perm_rule_delete, name='rule_del'),
url(r'^role/list/$', perm_role_list, name='role_list'),
url(r'^role/add/$', perm_role_add, name='role_add'),
url(r'^role/del/$', perm_role_delete, name='role_del'),
url(r'^role/detail/$', perm_role_detail, name='role_detail'),
url(r'^role/edit/$', perm_role_edit, name='role_edit'),
url(r'^role/push/$', perm_role_push, name='role_push'),
url(r'^role/recycle/$', perm_role_recycle, name='role_recycle'),
url(r'^role/get/$', perm_role_get, name='role_get'),
url(r'^sudo/$', perm_sudo_list, name='sudo_list'),
url(r'^sudo/perm_sudo_add/$', perm_sudo_add, name='sudo_add'),
url(r'^sudo/perm_sudo_delete/$', perm_sudo_delete, name='sudo_del'),
url(r'^sudo/perm_sudo_edit/$', perm_sudo_edit, name='sudo_edit'),
url(r'^sudo/list/$', perm_sudo_list, name='sudo_list'),
url(r'^sudo/add/$', perm_sudo_add, name='sudo_add'),
url(r'^sudo/del/$', perm_sudo_delete, name='sudo_del'),
url(r'^sudo/edit/$', perm_sudo_edit, name='sudo_edit'),
)

37
jperm/views.py
View File

@ -104,7 +104,7 @@ def perm_rule_add(request):
raise ServerError(u'授权规则 %s 已存在' % rule_name)
if not rule_name or not roles_select:
raise ServerError(u'角色名称和授权角色不能为空')
raise ServerError(u'系统用户名称和规则名称不能为空')
# 获取需要授权的主机列表
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
@ -126,7 +126,7 @@ def perm_rule_add(request):
asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送角色 %s 的主机 %s'
raise ServerError(u'没有推送系统用户 %s 的主机 %s'
% (role.name, ','.join([asset.hostname for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
@ -175,10 +175,10 @@ def perm_rule_edit(request):
assets_select = request.POST.getlist('asset', [])
asset_groups_select = request.POST.getlist('asset_group', [])
roles_select = request.POST.getlist('role', [])
print rule_name, roles_select
try:
if not rule_name or not roles_select:
raise ServerError(u'角色名称和授权角色不能为空')
raise ServerError(u'系统用户和关联系统用户不能为空')
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
@ -198,7 +198,7 @@ def perm_rule_edit(request):
asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送角色 %s 的主机 %s'
raise ServerError(u'没有推送系统用户 %s 的主机 %s'
% (role.name, ','.join([asset.hostname for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
@ -208,7 +208,7 @@ def perm_rule_edit(request):
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.name = rule_name
rule.comment = rule.comment
rule.comment = rule_comment
rule.save()
msg = u"更新授权规则:%s成功" % rule.name
@ -241,7 +241,7 @@ def perm_role_list(request):
list role page
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "查看角色"
header_title, path1, path2 = "系统用户", "系统用户管理", "查看系统用户"
# 获取所有系统角色
roles_list = PermRole.objects.all()
@ -265,7 +265,7 @@ def perm_role_add(request):
add role page
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "添加角色"
header_title, path1, path2 = "系统用户", "系统用户管理", "添加系统用户"
sudos = PermSudo.objects.all()
if request.method == "POST":
@ -295,7 +295,7 @@ def perm_role_add(request):
role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path)
role.save()
role.sudo = sudos_obj
msg = u"添加角色: %s" % name
msg = u"添加系统用户: %s" % name
return HttpResponseRedirect(reverse('role_list'))
except ServerError, e:
error = e
@ -330,12 +330,11 @@ def perm_role_delete(request):
logger.info(u"delete role %s - delete role key directory: %s" % (role.name, role_key))
# 数据库里删除记录 TODO: 判断返回结果,处理异常
role.delete()
return HttpResponse(u"删除角色: %s" % role.name)
return HttpResponse(u"删除系统用户: %s" % role.name)
else:
return HttpResponse(u"不支持该操作")
@require_role('admin')
def perm_role_detail(request):
"""
@ -348,7 +347,7 @@ def perm_role_detail(request):
'': [<User: user1>]}
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色详情"
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情"
if request.method == "GET":
role_id = request.GET.get("id")
@ -372,7 +371,7 @@ def perm_role_edit(request):
edit role page
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色编辑"
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑"
# 渲染数据
role_id = request.GET.get("id")
@ -395,7 +394,7 @@ def perm_role_edit(request):
try:
if not role:
raise ServerError('角色用户不能存在')
raise ServerError('该系统用户不能存在')
if role_password:
encrypt_pass = CRYPTOR.encrypt(role_password)
@ -413,7 +412,7 @@ def perm_role_edit(request):
role.sudo = role_sudos
role.save()
msg = u"更新系统角色 %s" % role.name
msg = u"更新系统用户 %s" % role.name
return HttpResponseRedirect(reverse('role_list'))
except ServerError, e:
error = e
@ -427,7 +426,7 @@ def perm_role_push(request):
the role push page
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色推送"
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户推送"
role_id = request.GET.get('id')
asset_ids = request.GET.get('asset_id')
role = get_object(PermRole, id=role_id)
@ -511,9 +510,9 @@ def perm_role_push(request):
func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=True)
if not failed_asset:
msg = u'角色 %s 推送成功[ %s ]' % (role.name, ','.join(success_asset.keys()))
msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(success_asset.keys()))
else:
error = u'角色 %s 推送失败 [ %s ], 推送成功 [ %s ]' % (role.name,
error = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ]' % (role.name,
','.join(failed_asset.keys()),
','.join(success_asset.keys()))
return my_render('jperm/perm_role_push.html', locals(), request)
@ -618,7 +617,7 @@ def perm_sudo_delete(request):
sudo = PermSudo.objects.get(id=sudo_id)
# 数据库里删除记录
sudo.delete()
return HttpResponse(u"删除角色: %s" % sudo.name)
return HttpResponse(u"删除系统用户: %s" % sudo.name)
else:
return HttpResponse(u"不支持该操作")

1
jperm/views.py.back
View File

File diff suppressed because one or more lines are too long

5
jumpserver/api.py
View File

@ -70,7 +70,8 @@ def get_asset_info(asset):
info['password'] = CRYPTOR.decrypt(default.field3)
except ServerError:
pass
info['ssh_key'] = default.field4
if os.path.isfile(default.field4):
info['ssh_key'] = default.field4
else:
info['port'] = int(asset.port)
info['username'] = asset.username
@ -93,7 +94,7 @@ def get_role_key(user, role):
with open(os.path.join(role.key_path, 'id_rsa')) as fk:
with open(user_role_key_path, 'w') as fu:
fu.write(fk.read())
logger.debug(u"创建新的用户角色key %s, Owner: %s" % (user_role_key_path, user.username))
logger.debug(u"创建新的系统用户key %s, Owner: %s" % (user_role_key_path, user.username))
chown(user_role_key_path, user.username)
os.chmod(user_role_key_path, 0600)
return user_role_key_path

5
jumpserver/views.py
View File

@ -230,7 +230,10 @@ def setting(request):
if '' in [username, port]:
return HttpResponse('所填内容不能为空, 且密码和私钥填一个')
else:
private_key_path = os.path.join(BASE_DIR, 'keys/role_keys', 'default', 'default_private_key.pem')
private_key_dir = os.path.join(BASE_DIR, 'keys', 'default')
private_key_path = os.path.join(private_key_dir, 'admin_user.pem')
mkdir(private_key_dir)
if private_key:
with open(private_key_path, 'w') as f:
f.write(private_key)

6
juser/views.py
View File

@ -58,10 +58,14 @@ def group_list(request):
header_title, path1, path2 = '查看用户组', '用户管理', '查看用户组'
keyword = request.GET.get('search', '')
user_group_list = UserGroup.objects.all().order_by('name')
group_id = request.GET.get('id', '')
if keyword:
user_group_list = user_group_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
if id:
user_group_list = user_group_list.filter(id=int(group_id))
user_group_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_group_list, request)
return my_render('juser/group_list.html', locals(), request)
@ -387,7 +391,7 @@ def user_edit(request):
地址%s
用户名 %s
密码%s (如果密码为None代表密码为原密码)
角色%s
权限%s
""" % (user.name, URL, user.username, password_decode, user_role.get(role_post, u''))
send_mail('您的信息已修改', msg, MAIL_FROM, [email], fail_silently=False)

4
run_websocket.py
View File

@ -231,7 +231,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
logger.debug('Websocket: Open exec request')
role_name = self.get_argument('role', 'sb')
self.remote_ip = self.request.remote_ip
logger.debug('Web执行命令: 请求角色 %s' % role_name)
logger.debug('Web执行命令: 请求系统用户 %s' % role_name)
self.role = get_object(PermRole, name=role_name)
self.perm = get_group_user_perm(self.user)
roles = self.perm.get('role').keys()
@ -315,7 +315,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
if asset:
roles = user_have_perm(self.user, asset)
logger.debug(roles)
logger.debug('角色: %s' % role_name)
logger.debug('系统用户: %s' % role_name)
login_role = ''
for role in roles:
if role.name == role_name:

2
templates/index_cu.html
View File

@ -124,7 +124,7 @@
<td>{{ user.name }}</td>
</tr>
<tr>
<td class="text-navy">角色</td>
<td class="text-navy">系统用户</td>
<td>{{ user.role }}</td>
</tr>
<tr>

8
templates/jasset/asset_cu_list.html
View File

@ -135,7 +135,7 @@
});
//window.open(new_url + data, '', 'location=no, resizeable=no, height=410, width=625, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,status=no');
} else if (dataArray.length == '1' && data == 'error'){
layer.alert('没有授权角色')
layer.alert('没有授权系统用户')
} else {
aUrl = '';
$.each(dataArray, function(index, value){
@ -143,7 +143,7 @@
});
layer.alert(aUrl, {
skin: 'layui-layer-molv',
title: '多个角色,请选择一个连接',
title: '授权多个系统用户,请选择一个连接',
shade: false,
closeBtn: 0
})
@ -167,7 +167,7 @@
success: function(data){
var dataArray = data.split(',');
if (data == 'error' || data == '' || data == null || data == undefined){
layer.alert('没有授权角色')
layer.alert('没有授权系统用户')
} else if (dataArray.length == 1 && data != 'error' && navigator.platform == 'Win32') {
layer.open({
type: 2,
@ -194,7 +194,7 @@
});
layer.alert(aUrl, {
skin: 'layui-layer-molv',
title: '多个角色,请选择一个连接',
title: '授权多个系统用户,请选择一个连接',
shade: false,
closeBtn: 0
})

2
templates/jasset/asset_detail.html
View File

@ -197,7 +197,7 @@
<table class="table">
<p>授权用户信息</p>
<td class="text-navy">授权用户</td>
<td class="text-navy">系统角色</td>
<td class="text-navy">关联用户</td>
{% for perm in user_perm %}
<tr>
<td class="text-navy"><a href="{% url 'user_detail' %}?id={{ perm.0.id }}">{{ perm.0 }}</a></td>

8
templates/jasset/asset_list.html
View File

@ -199,7 +199,7 @@
});
//window.open(new_url + data, '', 'location=no, resizeable=no, height=410, width=625, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,status=no');
} else if (dataArray.length == '1' && data == 'error'){
layer.alert('没有授权角色')
layer.alert('没有授权系统用户')
} else {
aUrl = '';
$.each(dataArray, function(index, value){
@ -207,7 +207,7 @@
});
layer.alert(aUrl, {
skin: 'layui-layer-molv',
title: '多个角色,请选择一个连接',
title: '授权多个系统用户,请选择一个连接',
shade: false,
closeBtn: 0
})
@ -230,7 +230,7 @@
success: function(data){
var dataArray = data.split(',');
if (data == 'error' || data == '' || data == null || data == undefined){
layer.alert('没有授权角色')
layer.alert('没有授权系统用户')
}
else if (dataArray.length == 1 && data != 'error' && navigator.platform == 'Win32'){
var title = 'Jumpserver Web Terminal' + '<span class="text-info"> '+ hostname +'</span>';
@ -260,7 +260,7 @@
console.log(aUrl);
layer.alert(aUrl, {
skin: 'layui-layer-molv',
title: '多个角色,请选择一个连接',
title: '授权多个系统用户,请选择一个连接',
shade: false,
closeBtn: 0
})

4
templates/jasset/idc_list.html
View File

@ -59,13 +59,13 @@
{% for post in contacts.object_list %}
<tr class="gradeX">
<td class="text-center" name="j_id" value="{{ post.id }}" data-editable='false'><input name="id" value="{{ post.id }}" type="checkbox" class="i-checks"></td>
<td class="text-center"> {{ post.name }} </td>
<td class="text-center"> <a href="{% url 'asset_list' %}?idc_id={{ post.id }}">{{ post.name }}</a> </td>
<td class="text-center"> <a href="{% url 'asset_list' %}?idc_id={{ post.id }}">{{ post.asset_set.count }}</a> </td>
<td class="text-center"> {{ post.linkman }} </td>
<td class="text-center"> {{ post.phone }} </td>
<td class="text-center"> {{ post.comment }} </td>
<td class="text-center">
<a href="{% url 'asset_list' %}?idc_id={{ post.id }}" class="iframe btn btn-xs btn-primary">详情</a>
<a href="{% url 'idc_edit' %}?id={{ post.id }}" class="btn btn-xs btn-info">编辑</a>
<a href="{% url 'idc_del' %}?id={{ post.id }}" class="btn btn-xs btn-danger idc_del">删除</a>
</td>

12
templates/jperm/perm_role_add.html
View File

@ -34,21 +34,21 @@
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="form-group">
<label for="role_name" class="col-sm-2 control-label">角色名称<span class="red-fonts">*</span></label>
<label for="role_name" class="col-sm-2 control-label">用户名称<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="role_name" name="role_name" placeholder="Role Name" type="text" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_password" class="col-sm-2 control-label">角色密码</label>
<label for="role_password" class="col-sm-2 control-label">用户密码</label>
<div class="col-sm-8">
<input id="role_password" name="role_password" placeholder="Role Password" type="password" class="form-control">
<span class="help-block m-b-none">如果不添加密码,会自动生成</span>
</div>
</div>
<div class="form-group">
<label for="role_key" class="col-sm-2 control-label">角色密钥</label>
<label for="role_key" class="col-sm-2 control-label">用户密钥</label>
<div class="col-sm-8">
<textarea class="form-control" name="role_key" placeholder="请复制粘贴私钥" rows="10" style="font-size: 9px;"></textarea>
<span class="help-block m-b-none">如果不添加密钥,会自动生成, 密码密钥必填一项</span>
@ -56,7 +56,7 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="sudo" class="col-sm-2 control-label">角色Sudo命令</label>
<label for="sudo" class="col-sm-2 control-label">关联Sudo</label>
<div class="col-sm-8" id="sudo_name">
<select name="sudo_name" data-placeholder="请选择Sudo别名" class="chosen-select form-control m-b" multiple tabindex="2">
{% for sudo in sudos %}
@ -101,9 +101,9 @@ $('#roleForm').validator({
fields: {
"role_name": {
rule: "required;check_name",
tip: "输入角色名称",
tip: "输入系统用户名称",
ok: "",
msg: {required: "角色名称必填"}
msg: {required: "系统用户名称必填"}
},
{# "role_key": {#}
{# rule: "required(either)",#}

4
templates/jperm/perm_role_detail.html
View File

@ -77,7 +77,7 @@
<table class="table progress-striped text-left">
{% for user in users %}
<tr class="gradeX">
<td> <a href="{% url 'asset_detail' %}?id={{ user.id }}">{{ user.name }}</a> </td>
<td> <a href="{% url 'user_detail' %}?id={{ user.id }}">{{ user.name }}</a> </td>
</tr>
{% endfor %}
</table>
@ -86,7 +86,7 @@
<table class="table progress-striped text-right">
{% for group in user_groups %}
<tr class="gradeX-">
<td> <a href="{% url 'asset_list' %}?group_id={{ group.id }}">{{ group.name }}</a> </td>
<td> <a href="{% url 'user_group_list' %}?id={{ group.id }}">{{ group.name }}</a> </td>
</tr>
{% endfor %}
</table>

14
templates/jperm/perm_role_edit.html
View File

@ -34,14 +34,14 @@
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="form-group">
<label for="role_name" class="col-sm-2 control-label">规则名称<span class="red-fonts">*</span></label>
<label for="role_name" class="col-sm-2 control-label">用户名称<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="role_name" name="role_name" placeholder="Role Name" type="text" class="form-control" value="{{ role.name }}">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_password" class="col-sm-2 control-label">角色密码</label>
<label for="role_password" class="col-sm-2 control-label">用户密码</label>
<div class="col-sm-8">
<input id="role_password" name="role_password" type="password" class="form-control">
<span class="help-block m-b-none">不修改请留空</span>
@ -49,7 +49,7 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_key" class="col-sm-2 control-label">角色密钥</label>
<label for="role_key" class="col-sm-2 control-label">用户密钥</label>
<div class="col-sm-8">
<textarea class="form-control" name="role_key" placeholder="请复制粘贴私钥" rows="10" style="font-size: 9px;"></textarea>
<span class="help-block m-b-none">不修改请留空</span>
@ -57,9 +57,9 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="sudo" class="col-sm-2 control-label">角色Sudo命令<span class="red-fonts">*</span></label>
<label for="sudo" class="col-sm-2 control-label">关联sudo<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select name="sudo_name" data-placeholder="请选择Sudo别名" class="chosen-select form-control m-b" multiple tabindex="2">
<select name="sudo_name" data-placeholder="请选择Sudo" class="chosen-select form-control m-b" multiple tabindex="2">
{% for sudo in sudo_all %}
<option value="{{ sudo.id }}" {% if sudo in role_sudos %} selected {% endif %}>{{ sudo.name }}</option>
{% endfor %}
@ -100,9 +100,9 @@ $('#roleForm').validator({
fields: {
"role_name": {
rule: "required;check_name",
tip: "输入角色名称",
tip: "输入系统用户名称",
ok: "",
msg: {required: "角色名称必填"}
msg: {required: "系统用户名称必填"}
}
},
valid: function(form) {

4
templates/jperm/perm_role_list.html
View File

@ -16,7 +16,7 @@
{% endif %}
</div>
<div class="ibox-title">
<h5> 所有系统角色</h5>
<h5> 所有系统用户</h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
@ -31,7 +31,7 @@
</div>
<div class="ibox-content">
<div class="">
<a href="{% url 'role_add' %}" class="btn btn-sm btn-primary "> 添加角色 </a>
<a href="{% url 'role_add' %}" class="btn btn-sm btn-primary "> 添加系统用户 </a>
<form id="search_form" method="get" action="" class="pull-right mail-search">
<div class="input-group">
<input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">

6
templates/jperm/perm_role_push.html
View File

@ -34,7 +34,7 @@
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="form-group">
<label for="role" class="col-sm-2 control-label">角色</label>
<label for="role" class="col-sm-2 control-label">系统用户</label>
<div class="col-sm-8">
<input name="id" type="text" class="form-control" disabled value="{{ role.name }}">
</div>
@ -125,8 +125,8 @@ $('#pushForm').validator({
},
"roles": {
rule: "required",
tip: "请选择角色",
msg: {required: "必须选择角色"}
tip: "请选择系统用户",
msg: {required: "必须选择系统用户"}
}
},
valid: function(form) {

14
templates/jperm/perm_rule_add.html
View File

@ -36,14 +36,14 @@
<div class="form-group">
<label for="name" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="name" name="name" placeholder="Rule Name" type="text" class="form-control">
<input id="name" name="name" type="text" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="user" class="col-sm-2 control-label">用户</label>
<div class="col-sm-8">
<select name="user" id="user" data-placeholder="用户" class="chosen-select form-control m-b" multiple tabindex="2">
<select name="user" id="user" data-placeholder="请选择用户" class="chosen-select form-control m-b" multiple tabindex="2">
{% for user in users %}
<option value="{{ user.id }}">{{ user.name }}</option>
{% endfor %}
@ -85,9 +85,9 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-sm-2 control-label">角色<span class="red-fonts">*</span></label>
<label for="role" class="col-sm-2 control-label">系统用户<span class="red-fonts">*</span></label>
<div class="col-sm-8" id="role_name">
<select name="role" data-placeholder="请选择角色" class="chosen-select form-control m-b" multiple tabindex="2">
<select name="role" data-placeholder="请选择需要关联的系统用户" class="chosen-select form-control m-b" multiple tabindex="2">
{% for role in roles %}
<option value="{{ role.id }}">{{ role.name }}</option>
{% endfor %}
@ -99,7 +99,7 @@
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
<input id="comment" name="comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
<input id="comment" name="comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
</div>
</div>
<div class="hr-line-dashed"></div>
@ -149,8 +149,8 @@ $('#ruleForm').validator({
},
"role": {
rule: "required",
tip: "请选择角色",
msg: {required: "必须选择角色"}
tip: "请选择系统用户",
msg: {required: "必须选择系统用户"}
}
},
valid: function(form) {

2
templates/jperm/perm_rule_detail.html
View File

@ -46,7 +46,7 @@
<td>{{ rule.date_added | date:"Y-m-d H:i:s"}}</td>
</tr>
<tr>
<td class="text-navy">角色</td>
<td class="text-navy">关联用户</td>
<td>{{ roles_name }}</td>
</tr>

10
templates/jperm/perm_rule_edit.html
View File

@ -85,9 +85,9 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-sm-2 control-label">角色<span class="red-fonts">*</span></label>
<label for="role" class="col-sm-2 control-label">系统用户<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select name="role" data-placeholder="请选择角色" class="chosen-select form-control m-b" multiple tabindex="2">
<select name="role" data-placeholder="请选择系统用户" class="chosen-select form-control m-b" multiple tabindex="2">
{% for role in roles %}
<option value="{{ role.id }}"{% if role in rule.role.all %} selected {% endif %}>{{ role.name }}</option>
{% endfor %}
@ -99,7 +99,7 @@
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
<input id="comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule.comment }}">
<input id="comment" name="comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule.comment }}">
</div>
</div>
<div class="hr-line-dashed"></div>
@ -150,8 +150,8 @@ $('#ruleForm').validator({
},
"role": {
rule: "required",
tip: "请选择角色",
msg: {required: "必须选择角色"}
tip: "请选择系统用户",
msg: {required: "必须选择系统用户"}
}
},
valid: function(form) {

2
templates/jperm/perm_rule_list.html
View File

@ -55,7 +55,7 @@
<th class="text-center">用户组</th>
<th class="text-center">资产</th>
<th class="text-center">资产组</th>
<th class="text-center">角色</th>
<th class="text-center">系统用户</th>
<th class="text-center">操作</th>
</tr>
</thead>

2
templates/juser/change_info.html
View File

@ -53,7 +53,7 @@
<div class="form-group">
<label for="ssh_key_pwd" class="col-sm-2 control-label">SSH密钥</label>
<div class="col-sm-8">
<a value="/juser/regen_ssh_key/?uuid={{ user.uuid }}" id="regen_ssh_key" class="form-control"> 重新生成</a>
<a value="{% url 'key_gen' %}?uuid={{ user.uuid }}" id="regen_ssh_key" class="form-control"> 重新生成</a>
<span class="help-block m-b-none">
重新生成密钥,需要重新下载并导入
</span>

2
templates/juser/group_detail.html
View File

@ -22,7 +22,7 @@
<tr>
<th class="text-center">用户名</th>
<th class="text-center">姓名</th>
<th class="text-center">角色</th>
<th class="text-center">系统用户</th>
</tr>
</thead>
<tbody>

2
templates/juser/profile.html
View File

@ -23,7 +23,7 @@
<td class="text-center" width="120">ID</td>
<td class="text-center">用户名</td>
<td class="text-center">姓名</td>
<td class="text-center">角色</td>
<td class="text-center">关联用户</td>
<td class="text-center">Email</td>
<td class="text-center">激活</td>
</tr>

8
templates/juser/user_detail.html
View File

@ -53,7 +53,7 @@
{% if user.username|key_exist %}
<td><a href="{% url 'key_down' %}?id={{ user.id }}" >下载</a></td>
{% else %}
<td><span style="color: #586b7d">下载</span></td>
<td><span style="color: #586b7d">NoKey</span></td>
{% endif %}
</tr>
<tr>
@ -140,7 +140,7 @@
</div>
<div class="ibox-content ibox-heading">
<h3>用户的所有授权主机</h3>
<small><i class="fa fa-map-marker"></i> 这里包含了用户授权角色和角色下的主机.</small>
<small><i class="fa fa-map-marker"></i> 这里包含了用户授权的主机和其映射的系统用户.</small>
</div>
<div class="ibox-content inspinia-timeline">
{% for role, assets in role_assets.items %}
@ -155,13 +155,13 @@
</div>
<div class="col-xs-7 content no-top-border">
<p class="m-b-xs">
<strong>{{ role.comment }}</strong></p>
<strong>{{ role.comment }}</strong>
</p>
<p>
{% for asset in assets.asset %}
<a href="{% url 'asset_list' %}?id={{ asset.id }}">{{ asset.hostname }}</a><br>
{% endfor %}
</p>
<p></p>
</div>
</div>
</div>

2
templates/juser/user_edit.html
View File

@ -70,7 +70,7 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-sm-2 control-label">角色<span class="red-fonts">*</span></label>
<label for="role" class="col-sm-2 control-label">权限<span class="red-fonts">*</span></label>
<div class="col-sm-8">
{% for r, role_name in user_role.items %}
<div class="col-sm-3">

2
templates/juser/user_list.html
View File

@ -70,7 +70,7 @@
{% if user.username|key_exist %}
<a href="{% url 'key_down' %}?uuid={{ user.uuid }}" >下载</a>
{% else %}
<span style="color: #586b7d">下载</span>
<span style="color: #586b7d">NoKey</span>
{% endif %}
</td>
<td class="text-center">

4
templates/nav.html
View File

@ -25,10 +25,10 @@
<a href="#"><i class="fa fa-edit"></i> <span class="nav-label">授权管理</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li class="sudo">
<a class="sudo" href="{% url 'sudo_list' %}">Sudo命令</a>
<a class="sudo" href="{% url 'sudo_list' %}">Sudo</a>
</li>
<li class="role">
<a href="{% url 'role_list' %}">系统角色</a>
<a href="{% url 'role_list' %}">系统用户</a>
</li>
<li class="rule">
<a href="{% url 'rule_list' %}">授权规则</a>