From c6626e83f292de90c9de875ecb52be0ffb8e892a Mon Sep 17 00:00:00 2001
From: yumaojun <719118794@qq.com>
Date: Mon, 4 Jan 2016 11:43:17 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E7=A6=81=E6=AD=A2=E6=B7=BB=E5=8A=A0root?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E4=BD=9C=E4=B8=BA=E7=B3=BB=E7=BB=9F=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 jperm/views.py                      |  8 +++++++-
 templates/jperm/perm_role_add.html  | 14 ++++----------
 templates/jperm/perm_role_edit.html | 15 ++++++++++++---
 3 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/jperm/views.py b/jperm/views.py
index bc56f6d3b..63bedd689 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -277,7 +277,7 @@ def perm_role_add(request):
 
     if request.method == "POST":
         # 获取参数： name, comment
-        name = request.POST.get("role_name", "")
+        name = request.POST.get("role_name", "").strip()
         comment = request.POST.get("role_comment", "")
         password = request.POST.get("role_password", "")
         key_content = request.POST.get("role_key", "")
@@ -286,6 +286,8 @@ def perm_role_add(request):
         try:
             if get_object(PermRole, name=name):
                 raise ServerError(u'已经存在该用户 %s' % name)
+            if name == "root":
+                raise ServerError(u'禁止使用root用户作为系统用户，这样非常危险！')
             default = get_object(Setting, name='default')
 
             if password:
@@ -423,6 +425,9 @@ def perm_role_edit(request):
             if not role:
                 raise ServerError('该系统用户不能存在')
 
+            if role_name == "root":
+                raise ServerError(u'禁止使用root用户作为系统用户，这样非常危险！')
+
             if role_password:
                 encrypt_pass = CRYPTOR.encrypt(role_password)
                 role.password = encrypt_pass
@@ -473,6 +478,7 @@ def perm_role_push(request):
         for asset_group in asset_groups_obj:
             group_assets_obj.extend(asset_group.asset_set.all())
         calc_assets = list(set(assets_obj) | set(group_assets_obj))
+
         push_resource = gen_resource(calc_assets)
 
         # 调用Ansible API 进行推送
diff --git a/templates/jperm/perm_role_add.html b/templates/jperm/perm_role_add.html
index 70ad918d8..381e4da86 100644
--- a/templates/jperm/perm_role_add.html
+++ b/templates/jperm/perm_role_add.html
@@ -93,15 +93,14 @@ $('#roleForm').validator({
     theme: "yellow_right_effect",
     rules: {
         check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
+        check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户，这样非常危险！'],
         check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误，请检查'],
-{#        either: function(){#}
-{#            return $('#role_password').val() == ''#}
-{#        }#}
+
     },
 
     fields: {
         "role_name": {
-            rule: "required;check_name",
+            rule: "required;check_name;check_name_root",
             tip: "输入系统用户名称",
             ok: "",
             msg: {required: "系统用户名称必填"}
@@ -111,12 +110,7 @@ $('#roleForm').validator({
             ok: "",
             empty: true
         },
-{#        "role_key": {#}
-{#            rule: "required(either)",#}
-{#            tip: "输入密钥",#}
-{#            ok: "",#}
-{#            msg: {required: "密码和密钥必填一个!"}#}
-{#        }#}
+
     },
     valid: function(form) {
             form.submit();
diff --git a/templates/jperm/perm_role_edit.html b/templates/jperm/perm_role_edit.html
index 33ab47e0e..c216517e3 100644
--- a/templates/jperm/perm_role_edit.html
+++ b/templates/jperm/perm_role_edit.html
@@ -94,16 +94,25 @@ $('#roleForm').validator({
     timely: 2,
     theme: "yellow_right_effect",
     rules: {
-        check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位']
+        check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
+        check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户，这样非常危险！'],
+        check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误，请检查'],
+
     },
 
     fields: {
         "role_name": {
-            rule: "required;check_name",
+            rule: "required;check_name;check_name_root",
             tip: "输入系统用户名称",
             ok: "",
             msg: {required: "系统用户名称必填"}
-        }
+        },
+        "role_key": {
+            rule: "check_begin",
+            ok: "",
+            empty: true
+        },
+
     },
     valid: function(form) {
             form.submit();

From 34e8b32180d5dca77706321006f1d2114e71cdf3 Mon Sep 17 00:00:00 2001
From: yumaojun <719118794@qq.com>
Date: Mon, 4 Jan 2016 11:47:50 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=B3=BB=E7=BB=9F?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=88=A0=E9=99=A4=20=E6=8F=90=E9=86=92?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 templates/jperm/perm_role_list.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/jperm/perm_role_list.html b/templates/jperm/perm_role_list.html
index aafa94053..3e998de5a 100644
--- a/templates/jperm/perm_role_list.html
+++ b/templates/jperm/perm_role_list.html
@@ -84,7 +84,7 @@
 
 <script>
 function remove_role(role_id){
-    if (confirm("确认删除")) {
+    if (confirm("对应资产上已推送的系统用户会被删除，包括其家目录，请谨慎操作!")) {
         $.ajax({
            type: "POST",
            url: "{% url 'role_del' %}",