github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branches 'master' and 'wangyong' of gitcafe.com:ibuler/jumpserver 

Conflicts:
	jumpserver/api.py
pull/6/head
ibuler 2015-04-18 18:06:17 +08:00
parent 6d6e9d97b5 bd2d7ce007
commit c8d91884c8
2 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
jasset/views.py
View File

@ -140,6 +140,7 @@ def batch_host_edit(host_info, j_user='', j_password=''):
def db_host_delete(request, host_id): def db_host_delete(request, host_id):
""" 删除主机操作 """ """ 删除主机操作 """
print host_id
if is_group_admin(request) and not validate(request, asset=[host_id]): if is_group_admin(request) and not validate(request, asset=[host_id]):
return httperror(request, '删除失败, 您无权删除!') return httperror(request, '删除失败, 您无权删除!')
@ -187,10 +188,16 @@ def host_add(request):
j_group = request.POST.getlist('j_group') j_group = request.POST.getlist('j_group')
j_active = request.POST.get('j_active') j_active = request.POST.get('j_active')
j_comment = request.POST.get('j_comment') j_comment = request.POST.get('j_comment')
j_dept = request.POST.getlist('j_dept')
if is_super_user(request):
j_dept = request.POST.getlist('j_dept')
host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment] host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment]
if is_group_admin(request) and not verify(request, asset_group=j_group, edept=j_dept): elif is_group_admin(request):
j_dept = request.POST.get('j_dept')
host_info = [j_ip, j_port, j_idc, j_type, j_group, [j_dept], j_active, j_comment]
if is_group_admin(request) and not validate(request, asset_group=j_group, edept=[j_dept]):
print j_dept
return httperror(request, u'添加失败,您无权操作!') return httperror(request, u'添加失败,您无权操作!')
if Asset.objects.filter(ip=str(j_ip)): if Asset.objects.filter(ip=str(j_ip)):
@ -251,7 +258,7 @@ def host_add_batch(request):
return httperror(request, '添加失败, 没有%s这个部门' % dept_name) return httperror(request, '添加失败, 没有%s这个部门' % dept_name)
dept_ids.append(dept_id) dept_ids.append(dept_id)
if is_group_admin(request) and not verify(request, asset_group=group_ids, edept=dept_ids): if is_group_admin(request) and not validate(request, asset_group=group_ids, edept=dept_ids):
return httperror(request, '添加失败, 没有%s这个主机组' % group_name) return httperror(request, '添加失败, 没有%s这个主机组' % group_name)
if Asset.objects.filter(ip=str(j_ip)): if Asset.objects.filter(ip=str(j_ip)):
@ -352,7 +359,7 @@ def host_list(request):
if is_common_user(request): if is_common_user(request):
return httperror(request, u'您无权查看!') return httperror(request, u'您无权查看!')
elif is_group_admin(request) and not verify(request, user_group=[gid]): elif is_group_admin(request) and not validate(request, user_group=[gid]):
return httperror(request, u'您无权查看!') return httperror(request, u'您无权查看!')
posts = [] posts = []
@ -371,7 +378,7 @@ def host_list(request):
if is_common_user(request): if is_common_user(request):
return httperror(request, u'您无权查看!') return httperror(request, u'您无权查看!')
elif is_group_admin(request) and not verify(request, user_group=[sid]): elif is_group_admin(request) and not validate(request, user_group=[sid]):
return httperror(request, u'您无权查看!') return httperror(request, u'您无权查看!')
posts, asset_groups = [], [] posts, asset_groups = [], []
@ -502,7 +509,7 @@ def host_edit_adm(request):
host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment] host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment]
if not verify(request, asset_group=j_group, edept=j_dept): if not validate(request, asset_group=j_group, edept=j_dept):
emg = u'修改失败,您无权操作!' emg = u'修改失败,您无权操作!'
return my_render('jasset/host_edit.html', locals(), request) return my_render('jasset/host_edit.html', locals(), request)
@ -529,7 +536,7 @@ def host_detail(request):
return httperror(request, '没有此主机!') return httperror(request, '没有此主机!')
post = post.first() post = post.first()
if is_group_admin(request) and not verify(request, asset=[host_id]): if is_group_admin(request) and not validate(request, asset=[host_id]):
return httperror(request, '您无权查看!') return httperror(request, '您无权查看!')
elif is_common_user(request): elif is_common_user(request):
@ -673,7 +680,7 @@ def group_add(request):
j_comment = request.POST.get('j_comment', '') j_comment = request.POST.get('j_comment', '')
try: try:
if is_group_admin(request) and not verify(request, asset=j_hosts, edept=[j_dept]): if is_group_admin(request) and not validate(request, asset=j_hosts, edept=[j_dept]):
emg = u'添加失败, 您无权操作!' emg = u'添加失败, 您无权操作!'
raise RaiseError raise RaiseError
@ -708,7 +715,7 @@ def group_list(request):
if is_common_user(request): if is_common_user(request):
return httperror(request, u'您无权查看!') return httperror(request, u'您无权查看!')
elif is_group_admin(request) and not verify(request, user_group=[gid]): elif is_group_admin(request) and not validate(request, user_group=[gid]):
return httperror(request, u'您无权查看!') return httperror(request, u'您无权查看!')
posts = [] posts = []
@ -723,7 +730,7 @@ def group_list(request):
if is_common_user(request): if is_common_user(request):
return httperror(request, u'您无权查看!') return httperror(request, u'您无权查看!')
elif is_group_admin(request) and not verify(request, user_group=[sid]): elif is_group_admin(request) and not validate(request, user_group=[sid]):
return httperror(request, u'您无权查看!') return httperror(request, u'您无权查看!')
posts = [] posts = []
@ -768,7 +775,7 @@ def group_edit(request):
dept_id = get_session_user_info(request)[3] dept_id = get_session_user_info(request)[3]
eposts = Asset.objects.filter(bis_group=group) eposts = Asset.objects.filter(bis_group=group)
if is_group_admin(request) and not verify(request, asset_group=[group_id]): if is_group_admin(request) and not validate(request, asset_group=[group_id]):
return httperror(request, '编辑失败, 您无权操作!') return httperror(request, '编辑失败, 您无权操作!')
dept = DEPT.objects.filter(id=group.dept.id) dept = DEPT.objects.filter(id=group.dept.id)
if dept: if dept:
@ -811,7 +818,7 @@ def group_detail(request):
posts = Asset.objects.filter(bis_group=group).order_by('ip') posts = Asset.objects.filter(bis_group=group).order_by('ip')
elif is_group_admin(request): elif is_group_admin(request):
if not verify(request, asset_group=[group_id]): if not validate(request, asset_group=[group_id]):
return httperror(request, u'您无权查看!') return httperror(request, u'您无权查看!')
posts = Asset.objects.filter(bis_group=group).filter(dept=dept).order_by('ip') posts = Asset.objects.filter(bis_group=group).filter(dept=dept).order_by('ip')
@ -853,12 +860,12 @@ def group_del(request):
for i in range(int(len_list)): for i in range(int(len_list)):
key = "id_list[" + str(i) + "]" key = "id_list[" + str(i) + "]"
gid = request.POST.get(key) gid = request.POST.get(key)
if is_group_admin(request) and not verify(request, asset_group=[gid]): if is_group_admin(request) and not validate(request, asset_group=[gid]):
return httperror(request, '删除失败, 您无权删除!') return httperror(request, '删除失败, 您无权删除!')
BisGroup.objects.filter(id=gid).delete() BisGroup.objects.filter(id=gid).delete()
else: else:
gid = int(offset) gid = int(offset)
if is_group_admin(request) and not verify(request, asset_group=[gid]): if is_group_admin(request) and not validate(request, asset_group=[gid]):
return httperror(request, '删除失败, 您无权删除!') return httperror(request, '删除失败, 您无权删除!')
BisGroup.objects.filter(id=gid).delete() BisGroup.objects.filter(id=gid).delete()
return HttpResponseRedirect('/jasset/group_list/') return HttpResponseRedirect('/jasset/group_list/')

12
jumpserver/api.py
View File

@ -383,9 +383,9 @@ def get_connect_item(username, ip):
def validate(request, user_group=None, user=None, asset_group=None, asset=None, edept=None): def validate(request, user_group=None, user=None, asset_group=None, asset=None, edept=None):
dept = get_session_user_dept(request)[1] dept = get_session_user_dept(request)[1]
if edept: if edept:
print dept.id, edept[0]
if dept.id != int(edept[0]): if dept.id != int(edept[0]):
return False return False
if user_group: if user_group:
dept_user_groups = dept.usergroup_set.all() dept_user_groups = dept.usergroup_set.all()
user_group_ids = [] user_group_ids = []
@ -428,7 +428,6 @@ def validate(request, user_group=None, user=None, asset_group=None, asset=None,
def verify(request, user_group=None, user=None, asset_group=None, asset=None, edept=None): def verify(request, user_group=None, user=None, asset_group=None, asset=None, edept=None):
dept = get_session_user_dept(request)[1] dept = get_session_user_dept(request)[1]
if edept: if edept:
print dept.id, edept[0]
if dept.id != int(edept[0]): if dept.id != int(edept[0]):
return False return False
@ -460,12 +459,11 @@ def verify(request, user_group=None, user=None, asset_group=None, asset=None, ed
if asset: if asset:
dept_assets = dept.asset_set.all() dept_assets = dept.asset_set.all()
assets_id, dept_assets_id = [], [] asset_ids = []
for a in dept_assets: for a in dept_assets:
dept_assets_id.append(int(a.id)) asset_ids.append(str(a.id))
for i in asset: print asset, asset_ids
assets_id.append(int(i)) if not set(asset).issubset(set(asset_ids)):
if not set(assets_id).issubset(dept_assets_id):
return False return False
return True return True