mirror of https://github.com/jumpserver/jumpserver
修复Role 删除时 秘钥问题等异常引起的Bug
parent
d604639b96
commit
d040e2719f
|
@ -1,18 +1,19 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
|
from django.http import HttpResponseBadRequest, HttpResponseNotAllowed
|
||||||
from paramiko import SSHException
|
from paramiko import SSHException
|
||||||
from jperm.perm_api import *
|
from jperm.perm_api import *
|
||||||
|
|
||||||
from juser.models import User, UserGroup
|
from juser.models import User, UserGroup
|
||||||
from jasset.models import Asset, AssetGroup
|
from jasset.models import Asset, AssetGroup
|
||||||
from jperm.models import PermRole, PermRule, PermSudo, PermPush
|
from jperm.models import PermRole, PermRule, PermSudo, PermPush
|
||||||
from jumpserver.models import Setting
|
from jumpserver.models import Setting
|
||||||
|
|
||||||
from jperm.utils import gen_keys
|
from jperm.utils import gen_keys
|
||||||
from jperm.ansible_api import MyTask
|
from jperm.ansible_api import MyTask
|
||||||
from jperm.perm_api import get_role_info, get_role_push_host
|
from jperm.perm_api import get_role_info, get_role_push_host
|
||||||
from jumpserver.api import my_render, get_object, CRYPTOR
|
from jumpserver.api import my_render, get_object, CRYPTOR
|
||||||
|
|
||||||
# 设置PERM APP Log
|
# 设置PERM APP Log
|
||||||
from jumpserver.settings import LOG_LEVEL
|
from jumpserver.settings import LOG_LEVEL
|
||||||
|
@ -317,30 +318,43 @@ def perm_role_delete(request):
|
||||||
delete role page
|
delete role page
|
||||||
"""
|
"""
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
# 获取参数删除的role对象
|
try:
|
||||||
role_id = request.POST.get("id")
|
# 获取参数删除的role对象
|
||||||
role = get_object(PermRole, id=role_id)
|
role_id = request.POST.get("id")
|
||||||
role_key = role.key_path
|
role = get_object(PermRole, id=role_id)
|
||||||
# 删除推送到主机上的role
|
if not role:
|
||||||
recycle_assets = [push.asset for push in role.perm_push.all() if push.success]
|
logger.warning(u"Delete Role: %s not exist" % role.name)
|
||||||
logger.debug(u"delete role %s - delete_assets: %s" % (role.name, recycle_assets))
|
raise ServerError(u"%s 无数据记录" % role.name)
|
||||||
if recycle_assets:
|
role_key = role.key_path
|
||||||
recycle_resource = gen_resource(recycle_assets)
|
# 删除推送到主机上的role
|
||||||
task = MyTask(recycle_resource)
|
recycle_assets = [push.asset for push in role.perm_push.all() if push.success]
|
||||||
msg = task.del_user(get_object(PermRole, id=role_id).name)
|
logger.debug(u"delete role %s - delete_assets: %s" % (role.name, recycle_assets))
|
||||||
logger.info(u"delete role %s - execute delete user: %s" % (role.name, msg))
|
if recycle_assets:
|
||||||
# TODO: 判断返回结果,处理异常
|
recycle_resource = gen_resource(recycle_assets)
|
||||||
# 删除存储的秘钥,以及目录
|
task = MyTask(recycle_resource)
|
||||||
key_files = os.listdir(role_key)
|
try:
|
||||||
for key_file in key_files:
|
msg = task.del_user(get_object(PermRole, id=role_id).name)
|
||||||
os.remove(os.path.join(role_key, key_file))
|
except Exception, e:
|
||||||
os.rmdir(role_key)
|
logger.warning(u"Recycle Role failed: %s" % e)
|
||||||
logger.info(u"delete role %s - delete role key directory: %s" % (role.name, role_key))
|
raise ServerError(u"回收已推送的系统用户失败: %s" % e)
|
||||||
# 数据库里删除记录 TODO: 判断返回结果,处理异常
|
logger.info(u"delete role %s - execute delete user: %s" % (role.name, msg))
|
||||||
role.delete()
|
# TODO: 判断返回结果,处理异常
|
||||||
return HttpResponse(u"删除系统用户: %s" % role.name)
|
# 删除存储的秘钥,以及目录
|
||||||
else:
|
try:
|
||||||
return HttpResponse(u"不支持该操作")
|
key_files = os.listdir(role_key)
|
||||||
|
for key_file in key_files:
|
||||||
|
os.remove(os.path.join(role_key, key_file))
|
||||||
|
os.rmdir(role_key)
|
||||||
|
except OSError, e:
|
||||||
|
logger.warning(u"Delete Role: delete key error, %s" % e)
|
||||||
|
raise ServerError(u"删除系统用户key失败: %s" % e)
|
||||||
|
logger.info(u"delete role %s - delete role key directory: %s" % (role.name, role_key))
|
||||||
|
# 数据库里删除记录
|
||||||
|
role.delete()
|
||||||
|
return HttpResponse(u"删除系统用户: %s" % role.name)
|
||||||
|
except ServerError, e:
|
||||||
|
return HttpResponseBadRequest(u"删除失败, 原因: %s" % e)
|
||||||
|
return HttpResponseNotAllowed(u"仅支持POST")
|
||||||
|
|
||||||
|
|
||||||
@require_role('admin')
|
@require_role('admin')
|
||||||
|
|
|
@ -96,7 +96,7 @@ function remove_role(role_id){
|
||||||
},
|
},
|
||||||
error: function (msg) {
|
error: function (msg) {
|
||||||
console.log(msg);
|
console.log(msg);
|
||||||
alert("失败: " + msg)
|
alert("失败: " + msg.responseText)
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue