diff --git a/jperm/views.py b/jperm/views.py index 356be2f95..44e59b6fe 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -80,18 +80,21 @@ def perm_rule_add(request): if request.method == 'POST': # 获取用户选择的 用户,用户组,资产,资产组,用户角色 users_select = request.POST.getlist('user', []) # 需要授权用户 - user_groups_select = request.POST.getlist('usergroup', []) # 需要授权用户组 + user_groups_select = request.POST.getlist('user_group', []) # 需要授权用户组 assets_select = request.POST.getlist('asset', []) # 需要授权资产 - asset_groups_select = request.POST.getlist('assetgroup', []) # 需要授权资产组 + asset_groups_select = request.POST.getlist('asset_group', []) # 需要授权资产组 roles_select = request.POST.getlist('role', []) # 需要授权角色 - rule_name = request.POST.get('rulename') - rule_comment = request.POST.get('rule_comment') + rule_name = request.POST.get('name') + rule_comment = request.POST.get('comment') try: rule = get_object(PermRule, name=rule_name) if rule: raise ServerError(u'授权规则 %s 已存在' % rule_name) + if not rule_name or not roles_select: + raise ServerError(u'角色名称和授权角色不能为空') + # 获取需要授权的主机列表 assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select] asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select] @@ -156,31 +159,34 @@ def perm_rule_edit(request): if request.method == 'POST' and rule_id: # 获取用户选择的 用户,用户组,资产,资产组,用户角色 - rule_name = request.POST.get('rule_name') - rule_comment = request.POST.get("rule_comment") + rule_name = request.POST.get('name') + rule_comment = request.POST.get("comment") users_select = request.POST.getlist('user', []) - user_groups_select = request.POST.getlist('usergroup', []) + user_groups_select = request.POST.getlist('user_group', []) assets_select = request.POST.getlist('asset', []) - asset_groups_select = request.POST.getlist('assetgroup', []) + asset_groups_select = request.POST.getlist('asset_group', []) roles_select = request.POST.getlist('role', []) - - assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select] - asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select] - group_assets_obj = [] - for asset_group in asset_groups_obj: - group_assets_obj.extend(list(asset_group.asset_set.all())) - calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产 - - # 获取需要授权的用户列表 - users_obj = [User.objects.get(id=user_id) for user_id in users_select] - user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select] - # group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]] - # calc_users = set(group_users_obj) | set(users_obj) - - # 获取授予的角色列表 - roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select] - need_push_asset = set() + print rule_name, roles_select try: + if not rule_name or not roles_select: + raise ServerError(u'角色名称和授权角色不能为空') + + assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select] + asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select] + group_assets_obj = [] + for asset_group in asset_groups_obj: + group_assets_obj.extend(list(asset_group.asset_set.all())) + calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产 + + # 获取需要授权的用户列表 + users_obj = [User.objects.get(id=user_id) for user_id in users_select] + user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select] + # group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]] + # calc_users = set(group_users_obj) | set(users_obj) + + # 获取授予的角色列表 + roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select] + need_push_asset = set() for role in roles_obj: asset_no_push = get_role_push_host(role=role)[0] # 获取某角色已经推送的资产 need_push_asset.update(set(calc_assets) - set(asset_no_push)) @@ -188,12 +194,12 @@ def perm_rule_edit(request): raise ServerError(u'没有推送角色 %s 的主机 %s' % (role.name, ','.join([asset.hostname for asset in need_push_asset]))) - # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) - rule.user = users_obj - rule.user_group = user_groups_obj - rule.asset = assets_obj - rule.asset_group = asset_groups_obj - rule.role = roles_obj + # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) + rule.user = users_obj + rule.user_group = user_groups_obj + rule.asset = assets_obj + rule.asset_group = asset_groups_obj + rule.role = roles_obj rule.name = rule_name rule.comment = rule.comment rule.save() @@ -623,9 +629,11 @@ def perm_role_get(request): asset = get_object(Asset, id=asset_id) if asset: role = user_have_perm(request.user, asset=asset) + logger.debug('#' + ','.join([i.name for i in role]) + '#') return HttpResponse(','.join([i.name for i in role])) else: roles = get_group_user_perm(request.user).get('role').keys() return HttpResponse(','.join(i.name for i in roles)) + return HttpResponse('error') diff --git a/templates/jasset/asset_list.html b/templates/jasset/asset_list.html index f3035b097..4124b30d1 100644 --- a/templates/jasset/asset_list.html +++ b/templates/jasset/asset_list.html @@ -219,9 +219,9 @@ }); $('.conn').click(function(){ - var url='/jperm/role/get/?id=' + $(this).attr('value'); + var url='/jperm/role/get/?id=' + $(this).attr('value'); // 获取用户有权限的角色 var href = $(this).attr('href'); - var new_url = '/jlog/web_terminal/?id=' + $(this).attr('value') + '&role='; + var new_url = '/jlog/web_terminal/?id=' + $(this).attr('value') + '&role='; // webterminal socket url var hostname = $(this).closest('tr').find('.hostname a')[0].innerHTML; $.ajax({ type: 'GET', @@ -229,6 +229,8 @@ data: {}, success: function(data){ var dataArray = data.split(','); + console.log(data+'a'); + console.log(dataArray); if (dataArray.length == 1 && data != 'error'){ var title = 'Jumpserver Web Terminal' + ' '+ hostname +''; console.log(new_url+data); @@ -241,7 +243,7 @@ content: new_url+data }); //window.open(new_url + data, '', 'location=no, resizeable=no, height=410, width=625, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,status=no'); - } else if (dataArray.length == '1' && data == 'error'){ + } else if (data == 'error' || data == '' || data == null || data == undefined){ layer.alert('没有授权角色') } else { aUrl = ''; diff --git a/templates/jperm/perm_rule_add.html b/templates/jperm/perm_rule_add.html index e484ff4b1..e0ea6bd75 100644 --- a/templates/jperm/perm_rule_add.html +++ b/templates/jperm/perm_rule_add.html @@ -34,9 +34,9 @@
{{ msg }}
{% endif %}
- +
- +
@@ -52,10 +52,9 @@
- +
- {% for user_group in user_groups %} {% endfor %} @@ -75,9 +74,9 @@
- +
- {% for asset_group in asset_groups %} {% endfor %} @@ -100,7 +99,7 @@
- +
@@ -133,17 +132,17 @@ $('#ruleForm').validator({ }, fields: { - "rulename": { + "name": { rule: "required;check_name", tip: "输入规则名称", msg: {required: "规则名称必填"} }, - "usergroup": { + "user_group": { rule: "required(check_user)", tip: "请选择用户组", msg: {required: "用户和用户组必选一个!"} }, - "assetgroup": { + "asset_group": { rule: "required(check_asset)", tip: "输入资产组", msg: {required: "资产和资产组必选一个!"} diff --git a/templates/jperm/perm_rule_edit.html b/templates/jperm/perm_rule_edit.html index ba3765e4f..21a99101a 100644 --- a/templates/jperm/perm_rule_edit.html +++ b/templates/jperm/perm_rule_edit.html @@ -34,9 +34,9 @@
{{ msg }}
{% endif %}
- +
- +
@@ -52,9 +52,9 @@
- +
- {% for user_group in user_groups %} {% endfor %} @@ -74,9 +74,9 @@
- +
- {% for asset_group in asset_groups %} {% endfor %} @@ -86,7 +86,7 @@
-
+
+
@@ -118,6 +118,7 @@ {% endblock %} {% block self_footer_js %}