github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

禁止添加root用户作为系统用户

pull/34/head
yumaojun 2016-01-04 11:43:17 +08:00
parent 0832ea97b1
commit c6626e83f2
3 changed files with 23 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jperm/views.py
View File

@ -277,7 +277,7 @@ def perm_role_add(request):
if request.method == "POST": if request.method == "POST":
# 获取参数: name, comment # 获取参数: name, comment
name = request.POST.get("role_name", "") name = request.POST.get("role_name", "").strip()
comment = request.POST.get("role_comment", "") comment = request.POST.get("role_comment", "")
password = request.POST.get("role_password", "") password = request.POST.get("role_password", "")
key_content = request.POST.get("role_key", "") key_content = request.POST.get("role_key", "")
@ -286,6 +286,8 @@ def perm_role_add(request):
try: try:
if get_object(PermRole, name=name): if get_object(PermRole, name=name):
raise ServerError(u'已经存在该用户 %s' % name) raise ServerError(u'已经存在该用户 %s' % name)
if name == "root":
raise ServerError(u'禁止使用root用户作为系统用户这样非常危险')
default = get_object(Setting, name='default') default = get_object(Setting, name='default')
if password: if password:
@ -423,6 +425,9 @@ def perm_role_edit(request):
if not role: if not role:
raise ServerError('该系统用户不能存在') raise ServerError('该系统用户不能存在')
if role_name == "root":
raise ServerError(u'禁止使用root用户作为系统用户这样非常危险')
if role_password: if role_password:
encrypt_pass = CRYPTOR.encrypt(role_password) encrypt_pass = CRYPTOR.encrypt(role_password)
role.password = encrypt_pass role.password = encrypt_pass
@ -473,6 +478,7 @@ def perm_role_push(request):
for asset_group in asset_groups_obj: for asset_group in asset_groups_obj:
group_assets_obj.extend(asset_group.asset_set.all()) group_assets_obj.extend(asset_group.asset_set.all())
calc_assets = list(set(assets_obj) | set(group_assets_obj)) calc_assets = list(set(assets_obj) | set(group_assets_obj))
push_resource = gen_resource(calc_assets) push_resource = gen_resource(calc_assets)
# 调用Ansible API 进行推送 # 调用Ansible API 进行推送

14
templates/jperm/perm_role_add.html
View File

@ -93,15 +93,14 @@ $('#roleForm').validator({
theme: "yellow_right_effect", theme: "yellow_right_effect",
rules: { rules: {
check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'], check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户这样非常危险'],
check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误请检查'], check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误请检查'],
{# either: function(){#}
{# return $('#role_password').val() == ''#}
{# }#}
}, },
fields: { fields: {
"role_name": { "role_name": {
rule: "required;check_name", rule: "required;check_name;check_name_root",
tip: "输入系统用户名称", tip: "输入系统用户名称",
ok: "", ok: "",
msg: {required: "系统用户名称必填"} msg: {required: "系统用户名称必填"}
@ -111,12 +110,7 @@ $('#roleForm').validator({
ok: "", ok: "",
empty: true empty: true
}, },
{# "role_key": {#}
{# rule: "required(either)",#}
{# tip: "输入密钥",#}
{# ok: "",#}
{# msg: {required: "密码和密钥必填一个!"}#}
{# }#}
}, },
valid: function(form) { valid: function(form) {
form.submit(); form.submit();

15
templates/jperm/perm_role_edit.html
View File

@ -94,16 +94,25 @@ $('#roleForm').validator({
timely: 2, timely: 2,
theme: "yellow_right_effect", theme: "yellow_right_effect",
rules: { rules: {
check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'] check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户这样非常危险'],
check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误请检查'],
}, },
fields: { fields: {
"role_name": { "role_name": {
rule: "required;check_name", rule: "required;check_name;check_name_root",
tip: "输入系统用户名称", tip: "输入系统用户名称",
ok: "", ok: "",
msg: {required: "系统用户名称必填"} msg: {required: "系统用户名称必填"}
} },
"role_key": {
rule: "check_begin",
ok: "",
empty: true
},
}, },
valid: function(form) { valid: function(form) {
form.submit(); form.submit();