github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

app jperm role and rule bug fixed...

pull/26/head
yumaojun 2015-11-16 13:49:39 +08:00
parent 844fe2c250
commit c00e4c24a3
4 changed files with 98 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
jasset/models.py
View File

@ -42,7 +42,7 @@ class IDC(models.Model):
address = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"机房地址") address = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"机房地址")
network = models.TextField(blank=True, null=True, verbose_name=u"IP地址段") network = models.TextField(blank=True, null=True, verbose_name=u"IP地址段")
date_added = models.DateField(auto_now=True, null=True) date_added = models.DateField(auto_now=True, null=True)
operator = models.IntegerField(max_length=32, blank=True, null=True, verbose_name=u"运营商") operator = models.IntegerField(blank=True, null=True, verbose_name=u"运营商")
comment = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"备注") comment = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"备注")
def __unicode__(self): def __unicode__(self):
@ -57,11 +57,11 @@ class Asset(models.Model):
""" """
asset modle asset modle
""" """
ip = models.IPAddressField(unique=True, verbose_name=u"主机IP") ip = models.GenericIPAddressField(unique=True, verbose_name=u"主机IP")
other_ip = models.CharField(max_length=255, blank=True, null=True, verbose_name=u"其他IP") other_ip = models.CharField(max_length=255, blank=True, null=True, verbose_name=u"其他IP")
hostname = models.CharField(max_length=64, blank=True, null=True, verbose_name=u"主机名") hostname = models.CharField(max_length=64, blank=True, null=True, verbose_name=u"主机名")
port = models.IntegerField(max_length=6, verbose_name=u"端口号") port = models.IntegerField(verbose_name=u"端口号")
group = models.ManyToManyField(AssetGroup, blank=True, null=True, verbose_name=u"所属主机组") group = models.ManyToManyField(AssetGroup, blank=True, verbose_name=u"所属主机组")
username = models.CharField(max_length=16, blank=True, null=True, verbose_name=u"管理用户名") username = models.CharField(max_length=16, blank=True, null=True, verbose_name=u"管理用户名")
password = models.CharField(max_length=64, blank=True, null=True, verbose_name=u"密码") password = models.CharField(max_length=64, blank=True, null=True, verbose_name=u"密码")
use_default_auth = models.BooleanField(default=True, verbose_name=u"使用默认管理账号") use_default_auth = models.BooleanField(default=True, verbose_name=u"使用默认管理账号")
@ -75,11 +75,11 @@ class Asset(models.Model):
system_type = models.CharField(max_length=32, blank=True, null=True, verbose_name=u"系统类型") system_type = models.CharField(max_length=32, blank=True, null=True, verbose_name=u"系统类型")
system_version = models.CharField(max_length=8, blank=True, null=True, verbose_name=u"版本号") system_version = models.CharField(max_length=8, blank=True, null=True, verbose_name=u"版本号")
cabinet = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'机柜号') cabinet = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'机柜号')
position = models.IntegerField(max_length=2, blank=True, null=True, verbose_name=u'机器位置') position = models.IntegerField(blank=True, null=True, verbose_name=u'机器位置')
number = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'资产编号') number = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'资产编号')
status = models.IntegerField(max_length=2, choices=ASSET_STATUS, blank=True, null=True, default=1, verbose_name=u"机器状态") status = models.IntegerField(choices=ASSET_STATUS, blank=True, null=True, default=1, verbose_name=u"机器状态")
asset_type = models.IntegerField(max_length=2, choices=ASSET_TYPE, blank=True, null=True, verbose_name=u"主机类型") asset_type = models.IntegerField(choices=ASSET_TYPE, blank=True, null=True, verbose_name=u"主机类型")
env = models.IntegerField(max_length=2, choices=ASSET_ENV, blank=True, null=True, verbose_name=u"运行环境") env = models.IntegerField(choices=ASSET_ENV, blank=True, null=True, verbose_name=u"运行环境")
sn = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"SN编号") sn = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"SN编号")
date_added = models.DateTimeField(auto_now=True, null=True) date_added = models.DateTimeField(auto_now=True, null=True)
is_active = models.BooleanField(default=True, verbose_name=u"是否激活") is_active = models.BooleanField(default=True, verbose_name=u"是否激活")

207
jperm/views.py
View File

@ -19,32 +19,23 @@ from jperm.perm_api import get_role_info
from jumpserver.api import my_render, get_object from jumpserver.api import my_render, get_object
@require_role('admin') @require_role('admin')
def perm_rule_list(request): def perm_rule_list(request):
""" """
用户授权视图 list rule page
该视图的模板包含2部分
1. block 部分{% block content %}
rander_content 为渲染数据
2. include 部分{% include 'nav_cat_bar.html' %}
rander_nav 为渲染数据
""" """
data_nav = {"header_title": "授权规则", "path1": "规则管理", "path2": "查看规则"} # 渲染数据
header_title, path1, path2 = "授权规则", "规则管理", "查看规则"
# 获取所有规则 # 获取所有规则
rules_list = PermRule.objects.all() rules_list = PermRule.objects.all()
# TODO: 搜索和分页 # TODO: 搜索和分页
keyword = request.GET.get('search', '') keyword = request.GET.get('search', '')
if keyword: if keyword:
rules_list = rules_list.filter(Q(name=keyword)) rules_list = rules_list.filter(Q(name=keyword))
rules_list, p, rules, page_range, current_page, show_first, show_end = pages(rules_list, request) rules_list, p, rules, page_range, current_page, show_first, show_end = pages(rules_list, request)
data_content = {"rules": rules_list}
render_data = updates_dict(data_nav, data_content)
return my_render('jperm/perm_rule_list.html', locals(), request) return my_render('jperm/perm_rule_list.html', locals(), request)
@ -52,49 +43,42 @@ def perm_rule_list(request):
@require_role('admin') @require_role('admin')
def perm_rule_detail(request): def perm_rule_detail(request):
""" """
用户详情视图 rule detail page
该视图的模板包含2部分
1. block 部分{% block content %}
rander_content 为渲染数据
2. include 部分{% include 'nav_cat_bar.html' %}
rander_nav 为渲染数据
""" """
data_nav = {"header_title": "授权规则", "path1": "授权管理", "path2": "规则详情"} # 渲染数据
header_title, path1, path2 = "授权规则", "规则管理", "规则详情"
# 根据rule_id 取得rule对象 # 根据rule_id 取得rule对象
rule_id = request.GET.get("id") rule_id = request.GET.get("id")
rule_obj = PermRule.objects.get(id=rule_id) rule_obj = PermRule.objects.get(id=rule_id)
user_obj = rule_obj.user.all() user_obj = rule_obj.user.all()
asset_obj = rule_obj.asset.all() asset_obj = rule_obj.asset.all()
roles_name = [role.name for role in rule_obj.role.all()] roles_name = [role.name for role in rule_obj.role.all()]
data_content = {"roles_name": ','.join(roles_name), "rule": rule_obj, "users": user_obj, "assets": asset_obj}
render_data = updates_dict(data_nav, data_content) # 渲染数据
roles_name = ','.join(roles_name)
rule = rule_obj
users = user_obj
assets = asset_obj
return my_render('jperm/perm_rule_detail.html', locals(), request) return my_render('jperm/perm_rule_detail.html', locals(), request)
def perm_rule_add(request): def perm_rule_add(request):
""" """
add rule page
:param request:
:return:
""" """
data_nav = {"header_title": "授权规则", "path1": "授权管理", "path2": "添加规则"} # 渲染数据
header_title, path1, path2 = "授权规则", "规则管理", "添加规则"
if request.method == 'GET': if request.method == 'GET':
# 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则 # 渲染数据, 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则
users = User.objects.all() users = User.objects.all()
user_groups = UserGroup.objects.all() user_groups = UserGroup.objects.all()
assets = Asset.objects.all() assets = Asset.objects.all()
asset_groups = AssetGroup.objects.all() asset_groups = AssetGroup.objects.all()
roles = PermRole.objects.all() roles = PermRole.objects.all()
data_content = {"users": users, "user_groups": user_groups,
"assets": assets, "asset_groups": asset_groups,
"roles": roles}
render_data = updates_dict(data_nav, data_content)
return my_render('jperm/perm_rule_add.html', locals(), request) return my_render('jperm/perm_rule_add.html', locals(), request)
elif request.method == 'POST': elif request.method == 'POST':
@ -122,69 +106,38 @@ def perm_rule_add(request):
# 获取授予的角色列表 # 获取授予的角色列表
roles_obj = [PermRole.objects.get(name=role) for role in roles_select] roles_obj = [PermRole.objects.get(name=role) for role in roles_select]
# 调用Ansible API 执行授权 资源---Role---用户 # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
# 生成Inventory, 这里需要向CMDB 获取认证信息1. password 2, key rule = PermRule(name=rule_name, comment=rule_comment)
hosts = [{"hostname": asset.ip, rule.save()
"port": asset.port, rule.user = users_obj
"username": asset.username, rule.usergroup = user_groups_obj
"password": asset.password} for asset in calc_assets] rule.asset = assets_obj
# 获取需要授权的角色名称 rule.asset_group = asset_groups_obj
roles = [role.name for role in roles_obj] rule.role = roles_obj
# 调用Ansible API 执行 password方式的授权 TODO: Surport sudo rule.save()
tasks = Tasks(hosts) return HttpResponse(u"添加授权规则:%s" % rule.name)
ret = tasks.add_multi_user(*roles)
# TODO: 调用Ansible API 执行 key方式的授权
# 计算授权成功和授权失败的主机 TODO: 记录成功和失败
perm_sucess = {}
perm_failed = {}
for role, status in ret.get('action_info').iteritems():
if status['status'] == 'failed':
failed_ip = status['msg'].keys()
perm_sucess[role] = [asset for asset in calc_assets if asset.ip not in failed_ip]
perm_failed[role] = [asset for asset in calc_assets if asset.ip in failed_ip]
if not perm_failed.values():
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule = PermRule(name=rule_name, comment=rule_comment)
rule.save()
rule.user = users_obj
rule.usergroup = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.save()
return HttpResponse(ret)
else:
return HttpResponse("add rule failed")
@require_role('admin') @require_role('admin')
def perm_rule_edit(request): def perm_rule_edit(request):
""" """
list rules edit rule page
:param request:
:return:
""" """
# 渲染数据
header_title, path1, path2 = "授权规则", "规则管理", "添加规则"
data_nav = {"header_title": "授权规则", "path1": "授权管理", "path2": "编辑规则"}
# 根据rule_id 取得rule对象 # 根据rule_id 取得rule对象
rule_id = request.GET.get("id") rule_id = request.GET.get("id")
rule_obj = PermRule.objects.get(id=rule_id) rule = PermRule.objects.get(id=rule_id)
if request.method == 'GET' and rule_id: if request.method == 'GET' and rule_id:
# 获取所有的rule对象 # 渲染数据, 获取所有的rule对象
users_obj = rule_obj.user.all() users = rule.user.all()
user_groups_obj = rule_obj.user_group.all() user_groups = rule.user_group.all()
assets_obj = rule_obj.asset.all() assets = rule.asset.all()
asset_groups_obj = rule_obj.asset_group.all() asset_groups = rule.asset_group.all()
roles_obj = rule_obj.role.all() roles = rule.role.all()
data_content = {"users": users_obj, "user_groups": user_groups_obj,
"assets": assets_obj, "asset_groups": asset_groups_obj,
"roles": roles_obj, "rule": rule_obj}
render_data = updates_dict(data_nav, data_content)
return my_render('jperm/perm_rule_edit.html', locals(), request) return my_render('jperm/perm_rule_edit.html', locals(), request)
elif request.method == 'POST' and rule_id: elif request.method == 'POST' and rule_id:
@ -213,28 +166,20 @@ def perm_rule_delete(request):
@require_role('admin') @require_role('admin')
def perm_role_list(request): def perm_role_list(request):
""" """
用户授权视图 list role page
该视图的模板包含2部分
1. block 部分{% block content %}
rander_content 为渲染数据
2. include 部分{% include 'nav_cat_bar.html' %}
rander_nav 为渲染数据
""" """
data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "查看角色"} # 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "查看角色"
# 获取所有系统角色 # 获取所有系统角色
roles_list = PermRole.objects.all() roles_list = PermRole.objects.all()
# TODO: 搜索和分页 # TODO: 搜索和分页
keyword = request.GET.get('search', '') keyword = request.GET.get('search', '')
if keyword: if keyword:
roles_list = roles_list.filter(Q(name=keyword)) roles_list = roles_list.filter(Q(name=keyword))
roles_list, p, roles, page_range, current_page, show_first, show_end = pages(roles_list, request) roles_list, p, roles, page_range, current_page, show_first, show_end = pages(roles_list, request)
data_content = {"roles": roles_list}
render_data = updates_dict(data_nav, data_content)
return my_render('jperm/perm_role_list.html', locals(), request) return my_render('jperm/perm_role_list.html', locals(), request)
@ -242,24 +187,22 @@ def perm_role_list(request):
@require_role('admin') @require_role('admin')
def perm_role_add(request): def perm_role_add(request):
""" """
用户授权视图 add role page
该视图的模板包含2部分
1. block 部分{% block content %}
rander_content 为渲染数据
2. include 部分{% include 'nav_cat_bar.html' %}
rander_nav 为渲染数据
""" """
data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "添加角色"} # 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "添加角色"
if request.method == "GET": if request.method == "GET":
default_password = get_rand_pass()
return my_render('jperm/perm_role_add.html', locals(), request) return my_render('jperm/perm_role_add.html', locals(), request)
elif request.method == "POST": elif request.method == "POST":
# 获取参数: name, comment # 获取参数: name, comment
name = request.POST.get("role_name") name = request.POST.get("role_name")
comment = request.POST.get("role_comment") comment = request.POST.get("role_comment")
password = request.POST.get("role_password")
# 生成随机密码,生成秘钥对 # 生成随机密码,生成秘钥对
password = get_rand_pass()
key_path = gen_keys() key_path = gen_keys()
role = PermRole(name=name, comment=comment, password=password, key_path=key_path) role = PermRole(name=name, comment=comment, password=password, key_path=key_path)
role.save() role.save()
@ -267,15 +210,11 @@ def perm_role_add(request):
else: else:
return HttpResponse(u"不支持该操作") return HttpResponse(u"不支持该操作")
@require_role('admin') @require_role('admin')
def perm_role_delete(request): def perm_role_delete(request):
""" """
用户授权视图 delete role page
该视图的模板包含2部分
1. block 部分{% block content %}
rander_content 为渲染数据
2. include 部分{% include 'nav_cat_bar.html' %}
rander_nav 为渲染数据
""" """
if request.method == "POST": if request.method == "POST":
# 获取参数删除的role对象 # 获取参数删除的role对象
@ -297,35 +236,40 @@ def perm_role_delete(request):
@require_role('admin') @require_role('admin')
def perm_role_detail(request): def perm_role_detail(request):
""" """
the role detail page
the role_info data like: the role_info data like:
{'asset_groups': [], {'asset_groups': [],
'assets': [<Asset: 192.168.10.148>], 'assets': [<Asset: 192.168.10.148>],
'rules': [<PermRule: PermRule object>], 'rules': [<PermRule: PermRule object>],
'user_groups': [], '': [],
'users': [<User: user1>]} '': [<User: user1>]}
""" """
data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "角色详情"} # 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色详情"
if request.method == "GET": if request.method == "GET":
role_id = request.GET.get("id") role_id = request.GET.get("id")
role_info = get_role_info(role_id) role_info = get_role_info(role_id)
render_data = updates_dict(data_nav, role_info)
# 渲染数据
for key, value in role_info.iteritems():
key = value
return my_render('jperm/perm_role_detail.html', locals(), request) return my_render('jperm/perm_role_detail.html', locals(), request)
@require_role('admin') @require_role('admin')
def perm_role_edit(request): def perm_role_edit(request):
""" """
edit role page
:param request:
:return:
""" """
data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "角色编辑"} # 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色编辑"
if request.method == "GET": if request.method == "GET":
role_id = request.GET.get("id") role_id = request.GET.get("id")
data_content = {"role": PermRole.objects.get(id=role_id)} # 渲染数据
render_data = updates_dict(data_nav, data_content) role = PermRole.objects.get(id=role_id)
return my_render('jperm/perm_role_edit.html', locals(), request) return my_render('jperm/perm_role_edit.html', locals(), request)
if request.method == "POST": if request.method == "POST":
@ -335,17 +279,17 @@ def perm_role_edit(request):
@require_role('admin') @require_role('admin')
def perm_role_push(request): def perm_role_push(request):
""" """
the role push page
:param request:
:return:
""" """
data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "角色推送"} # 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色推送"
if request.method == "GET": if request.method == "GET":
data_content = {"roles": PermRole.objects.all(), # 渲染数据
"assets": Asset.objects.all(), roles = PermRole.objects.all()
"asset_groups": AssetGroup.objects.all()} assets = Asset.objects.all()
render_data = updates_dict(data_nav, data_content) asset_groups = AssetGroup.objects.all()
return my_render('jperm/perm_role_push.html', locals(), request) return my_render('jperm/perm_role_push.html', locals(), request)
if request.method == "POST": if request.method == "POST":
@ -364,9 +308,9 @@ def perm_role_push(request):
# 生成Inventory # 生成Inventory
push_resource = [{"hostname": asset.ip, push_resource = [{"hostname": asset.ip,
"port": asset.port, "port": asset.port,
"username": asset.username, "username": asset.username,
"password": asset.password} for asset in calc_assets] "password": asset.password} for asset in calc_assets]
# 获取角色的推送方式,以及推送需要的信息 # 获取角色的推送方式,以及推送需要的信息
roles_obj = [PermRole.objects.get(name=role_name) for role_name in role_names] roles_obj = [PermRole.objects.get(name=role_name) for role_name in role_names]
@ -399,6 +343,13 @@ def perm_role_push(request):
@require_role('admin') @require_role('admin')
def perm_group_list(request): def perm_group_list(request):
header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权'

11
templates/jperm/perm_role_add.html
View File

@ -36,14 +36,21 @@
<div class="form-group"> <div class="form-group">
<label for="role_name" class="col-sm-2 control-label">规则名称<span class="red-fonts">*</span></label> <label for="role_name" class="col-sm-2 control-label">规则名称<span class="red-fonts">*</span></label>
<div class="col-sm-8"> <div class="col-sm-8">
<input id="role_name" name="role_name" placeholder="Role Name" type="text" class="form-control" {% if error %}value="{{ role.name }}" {% endif %}> <input id="role_name" name="role_name" placeholder="Role Name" type="text" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_password_label" class="col-sm-2 control-label">角色密码<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="role_password" name="role_password" type="password" class="form-control" value="{{ default_password }}">
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
<div class="form-group"> <div class="form-group">
<label for="role_comment" class="col-sm-2 control-label">备注</label> <label for="role_comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8"> <div class="col-sm-8">
<input id="role_comment" name="role_comment" placeholder="Role Comment" type="text" class="form-control" {% if error %}value="{{ role.comment }}" {% endif %}> <input id="role_comment" name="role_comment" placeholder="Role Comment" type="text" class="form-control">
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>

4
templates/jperm/perm_rule_edit.html
View File

@ -34,9 +34,9 @@
<div class="alert alert-success text-center">{{ msg }}</div> <div class="alert alert-success text-center">{{ msg }}</div>
{% endif %} {% endif %}
<div class="form-group"> <div class="form-group">
<label for="username" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label> <label for="username_lab" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label>
<div class="col-sm-8"> <div class="col-sm-8">
<input id="rulename" name="rulename" placeholder="RuleName" type="text" class="form-control" value="{{ rule.name }}"> <input id="rule_name" name="rule_name" placeholder="RuleName" type="text" class="form-control" value="{{ rule.name }}">
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>