github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perm edit fix

pull/26/head
ibuler 2015-12-09 17:27:13 +08:00
parent f74b15c1bf
commit d337b929ef
4 changed files with 66 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
jperm/views.py
View File

@ -80,18 +80,21 @@ def perm_rule_add(request):
if request.method == 'POST': if request.method == 'POST':
# 获取用户选择的 用户,用户组,资产,资产组,用户角色 # 获取用户选择的 用户,用户组,资产,资产组,用户角色
users_select = request.POST.getlist('user', []) # 需要授权用户 users_select = request.POST.getlist('user', []) # 需要授权用户
user_groups_select = request.POST.getlist('usergroup', []) # 需要授权用户组 user_groups_select = request.POST.getlist('user_group', []) # 需要授权用户组
assets_select = request.POST.getlist('asset', []) # 需要授权资产 assets_select = request.POST.getlist('asset', []) # 需要授权资产
asset_groups_select = request.POST.getlist('assetgroup', []) # 需要授权资产组 asset_groups_select = request.POST.getlist('asset_group', []) # 需要授权资产组
roles_select = request.POST.getlist('role', []) # 需要授权角色 roles_select = request.POST.getlist('role', []) # 需要授权角色
rule_name = request.POST.get('rulename') rule_name = request.POST.get('name')
rule_comment = request.POST.get('rule_comment') rule_comment = request.POST.get('comment')
try: try:
rule = get_object(PermRule, name=rule_name) rule = get_object(PermRule, name=rule_name)
if rule: if rule:
raise ServerError(u'授权规则 %s 已存在' % rule_name) raise ServerError(u'授权规则 %s 已存在' % rule_name)
if not rule_name or not roles_select:
raise ServerError(u'角色名称和授权角色不能为空')
# 获取需要授权的主机列表 # 获取需要授权的主机列表
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select] assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select] asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
@ -156,31 +159,34 @@ def perm_rule_edit(request):
if request.method == 'POST' and rule_id: if request.method == 'POST' and rule_id:
# 获取用户选择的 用户,用户组,资产,资产组,用户角色 # 获取用户选择的 用户,用户组,资产,资产组,用户角色
rule_name = request.POST.get('rule_name') rule_name = request.POST.get('name')
rule_comment = request.POST.get("rule_comment") rule_comment = request.POST.get("comment")
users_select = request.POST.getlist('user', []) users_select = request.POST.getlist('user', [])
user_groups_select = request.POST.getlist('usergroup', []) user_groups_select = request.POST.getlist('user_group', [])
assets_select = request.POST.getlist('asset', []) assets_select = request.POST.getlist('asset', [])
asset_groups_select = request.POST.getlist('assetgroup', []) asset_groups_select = request.POST.getlist('asset_group', [])
roles_select = request.POST.getlist('role', []) roles_select = request.POST.getlist('role', [])
print rule_name, roles_select
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [User.objects.get(id=user_id) for user_id in users_select]
user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]
# group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]]
# calc_users = set(group_users_obj) | set(users_obj)
# 获取授予的角色列表
roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
need_push_asset = set()
try: try:
if not rule_name or not roles_select:
raise ServerError(u'角色名称和授权角色不能为空')
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [User.objects.get(id=user_id) for user_id in users_select]
user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]
# group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]]
# calc_users = set(group_users_obj) | set(users_obj)
# 获取授予的角色列表
roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
need_push_asset = set()
for role in roles_obj: for role in roles_obj:
asset_no_push = get_role_push_host(role=role)[0] # 获取某角色已经推送的资产 asset_no_push = get_role_push_host(role=role)[0] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) - set(asset_no_push)) need_push_asset.update(set(calc_assets) - set(asset_no_push))
@ -188,12 +194,12 @@ def perm_rule_edit(request):
raise ServerError(u'没有推送角色 %s 的主机 %s' raise ServerError(u'没有推送角色 %s 的主机 %s'
% (role.name, ','.join([asset.hostname for asset in need_push_asset]))) % (role.name, ','.join([asset.hostname for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule.user = users_obj rule.user = users_obj
rule.user_group = user_groups_obj rule.user_group = user_groups_obj
rule.asset = assets_obj rule.asset = assets_obj
rule.asset_group = asset_groups_obj rule.asset_group = asset_groups_obj
rule.role = roles_obj rule.role = roles_obj
rule.name = rule_name rule.name = rule_name
rule.comment = rule.comment rule.comment = rule.comment
rule.save() rule.save()
@ -623,9 +629,11 @@ def perm_role_get(request):
asset = get_object(Asset, id=asset_id) asset = get_object(Asset, id=asset_id)
if asset: if asset:
role = user_have_perm(request.user, asset=asset) role = user_have_perm(request.user, asset=asset)
logger.debug('#' + ','.join([i.name for i in role]) + '#')
return HttpResponse(','.join([i.name for i in role])) return HttpResponse(','.join([i.name for i in role]))
else: else:
roles = get_group_user_perm(request.user).get('role').keys() roles = get_group_user_perm(request.user).get('role').keys()
return HttpResponse(','.join(i.name for i in roles)) return HttpResponse(','.join(i.name for i in roles))
return HttpResponse('error') return HttpResponse('error')

8
templates/jasset/asset_list.html
View File

@ -219,9 +219,9 @@
}); });
$('.conn').click(function(){ $('.conn').click(function(){
var url='/jperm/role/get/?id=' + $(this).attr('value'); var url='/jperm/role/get/?id=' + $(this).attr('value'); // 获取用户有权限的角色
var href = $(this).attr('href'); var href = $(this).attr('href');
var new_url = '/jlog/web_terminal/?id=' + $(this).attr('value') + '&role='; var new_url = '/jlog/web_terminal/?id=' + $(this).attr('value') + '&role='; // webterminal socket url
var hostname = $(this).closest('tr').find('.hostname a')[0].innerHTML; var hostname = $(this).closest('tr').find('.hostname a')[0].innerHTML;
$.ajax({ $.ajax({
type: 'GET', type: 'GET',
@ -229,6 +229,8 @@
data: {}, data: {},
success: function(data){ success: function(data){
var dataArray = data.split(','); var dataArray = data.split(',');
console.log(data+'a');
console.log(dataArray);
if (dataArray.length == 1 && data != 'error'){ if (dataArray.length == 1 && data != 'error'){
var title = 'Jumpserver Web Terminal' + '<span class="text-info"> '+ hostname +'</span>'; var title = 'Jumpserver Web Terminal' + '<span class="text-info"> '+ hostname +'</span>';
console.log(new_url+data); console.log(new_url+data);
@ -241,7 +243,7 @@
content: new_url+data content: new_url+data
}); });
//window.open(new_url + data, '', 'location=no, resizeable=no, height=410, width=625, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,status=no'); //window.open(new_url + data, '', 'location=no, resizeable=no, height=410, width=625, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,status=no');
} else if (dataArray.length == '1' && data == 'error'){ } else if (data == 'error' || data == '' || data == null || data == undefined){
layer.alert('没有授权角色') layer.alert('没有授权角色')
} else { } else {
aUrl = ''; aUrl = '';

21
templates/jperm/perm_rule_add.html
View File

@ -34,9 +34,9 @@
<div class="alert alert-success text-center">{{ msg }}</div> <div class="alert alert-success text-center">{{ msg }}</div>
{% endif %} {% endif %}
<div class="form-group"> <div class="form-group">
<label for="rulename" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label> <label for="name" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label>
<div class="col-sm-8"> <div class="col-sm-8">
<input id="rulename" name="rulename" placeholder="Rule Name" type="text" class="form-control"> <input id="name" name="name" placeholder="Rule Name" type="text" class="form-control">
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
@ -52,10 +52,9 @@
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="usergroup" class="col-sm-2 control-label">用户组</label> <label for="user_group" class="col-sm-2 control-label">用户组</label>
<div class="col-sm-8"> <div class="col-sm-8">
<select name="usergroup" id="usergroup" data-placeholder="请选择用户组" class="chosen-select form-control m-b" multiple tabindex="2"> <select name="user_group" id="user_group" data-placeholder="请选择用户组" class="chosen-select form-control m-b" multiple tabindex="2">
{% for user_group in user_groups %} {% for user_group in user_groups %}
<option value="{{ user_group.id }}">{{ user_group.name }}</option> <option value="{{ user_group.id }}">{{ user_group.name }}</option>
{% endfor %} {% endfor %}
@ -75,9 +74,9 @@
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="assetgroup" id="assetgroup" class="col-sm-2 control-label">资产组</label> <label for="asset_group" id="asset_group" class="col-sm-2 control-label">资产组</label>
<div class="col-sm-8"> <div class="col-sm-8">
<select name="assetgroup" data-placeholder="请选择资产组" class="chosen-select form-control m-b" multiple tabindex="2"> <select name="asset_group" data-placeholder="请选择资产组" class="chosen-select form-control m-b" multiple tabindex="2">
{% for asset_group in asset_groups %} {% for asset_group in asset_groups %}
<option value="{{ asset_group.id }}">{{ asset_group.name }}</option> <option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
{% endfor %} {% endfor %}
@ -100,7 +99,7 @@
<div class="form-group"> <div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label> <label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8"> <div class="col-sm-8">
<input id="rule_comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}> <input id="comment" name="comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
@ -133,17 +132,17 @@ $('#ruleForm').validator({
}, },
fields: { fields: {
"rulename": { "name": {
rule: "required;check_name", rule: "required;check_name",
tip: "输入规则名称", tip: "输入规则名称",
msg: {required: "规则名称必填"} msg: {required: "规则名称必填"}
}, },
"usergroup": { "user_group": {
rule: "required(check_user)", rule: "required(check_user)",
tip: "请选择用户组", tip: "请选择用户组",
msg: {required: "用户和用户组必选一个!"} msg: {required: "用户和用户组必选一个!"}
}, },
"assetgroup": { "asset_group": {
rule: "required(check_asset)", rule: "required(check_asset)",
tip: "输入资产组", tip: "输入资产组",
msg: {required: "资产和资产组必选一个!"} msg: {required: "资产和资产组必选一个!"}

23
templates/jperm/perm_rule_edit.html
View File

@ -34,9 +34,9 @@
<div class="alert alert-success text-center">{{ msg }}</div> <div class="alert alert-success text-center">{{ msg }}</div>
{% endif %} {% endif %}
<div class="form-group"> <div class="form-group">
<label for="rulename" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label> <label for="name" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label>
<div class="col-sm-8"> <div class="col-sm-8">
<input id="rulename" name="rulename" placeholder="Rule Name" type="text" class="form-control" value={{ rule.name }}> <input id="name" name="name" placeholder="Rule Name" type="text" class="form-control" value={{ rule.name }}>
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
@ -52,9 +52,9 @@
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="usergroup" class="col-sm-2 control-label">用户组</label> <label for="user_group" class="col-sm-2 control-label">用户组</label>
<div class="col-sm-8"> <div class="col-sm-8">
<select name="usergroup" id="usergroup" data-placeholder="请选择用户组" class="chosen-select form-control m-b" multiple tabindex="2"> <select name="user_group" id="user_group" data-placeholder="请选择用户组" class="chosen-select form-control m-b" multiple tabindex="2">
{% for user_group in user_groups %} {% for user_group in user_groups %}
<option value="{{ user_group.id }}"{% if user_group in rule.user_group.all %} selected {% endif %}>{{ user_group.name }}</option> <option value="{{ user_group.id }}"{% if user_group in rule.user_group.all %} selected {% endif %}>{{ user_group.name }}</option>
{% endfor %} {% endfor %}
@ -74,9 +74,9 @@
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="assetgroup" id="assetgroup" class="col-sm-2 control-label">资产组</label> <label for="asset_group" id="asset_group" class="col-sm-2 control-label">资产组</label>
<div class="col-sm-8"> <div class="col-sm-8">
<select name="assetgroup" data-placeholder="请选择资产组" class="chosen-select form-control m-b" multiple tabindex="2"> <select name="asset_group" data-placeholder="请选择资产组" class="chosen-select form-control m-b" multiple tabindex="2">
{% for asset_group in asset_groups %} {% for asset_group in asset_groups %}
<option value="{{ asset_group.id }}"{% if asset_group in rule.asset_group.all %} selected {% endif %}>{{ asset_group.name }}</option> <option value="{{ asset_group.id }}"{% if asset_group in rule.asset_group.all %} selected {% endif %}>{{ asset_group.name }}</option>
{% endfor %} {% endfor %}
@ -86,7 +86,7 @@
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
<div class="form-group"> <div class="form-group">
<label for="role" class="col-sm-2 control-label">角色<span class="red-fonts">*</span></label> <label for="role" class="col-sm-2 control-label">角色<span class="red-fonts">*</span></label>
<div class="col-sm-8" id="role_name"> <div class="col-sm-8">
<select name="role" data-placeholder="请选择角色" class="chosen-select form-control m-b" multiple tabindex="2"> <select name="role" data-placeholder="请选择角色" class="chosen-select form-control m-b" multiple tabindex="2">
{% for role in roles %} {% for role in roles %}
<option value="{{ role.id }}"{% if role in rule.role.all %} selected {% endif %}>{{ role.name }}</option> <option value="{{ role.id }}"{% if role in rule.role.all %} selected {% endif %}>{{ role.name }}</option>
@ -99,7 +99,7 @@
<div class="form-group"> <div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label> <label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8"> <div class="col-sm-8">
<input id="rule_comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule.comment }}"> <input id="comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule.comment }}">
</div> </div>
</div> </div>
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
@ -118,6 +118,7 @@
{% endblock %} {% endblock %}
{% block self_footer_js %} {% block self_footer_js %}
<script> <script>
$('#ruleForm').validator({ $('#ruleForm').validator({
timely: 2, timely: 2,
theme: "yellow_right_effect", theme: "yellow_right_effect",
@ -132,17 +133,17 @@ $('#ruleForm').validator({
}, },
fields: { fields: {
"rulename": { "name": {
rule: "required;check_name", rule: "required;check_name",
tip: "输入规则名称", tip: "输入规则名称",
msg: {required: "规则名称必填"} msg: {required: "规则名称必填"}
}, },
"usergroup": { "user_group": {
rule: "required(check_user)", rule: "required(check_user)",
tip: "请选择用户组", tip: "请选择用户组",
msg: {required: "用户和用户组必选一个!"} msg: {required: "用户和用户组必选一个!"}
}, },
"assetgroup": { "asset_group": {
rule: "required(check_asset)", rule: "required(check_asset)",
tip: "输入资产组", tip: "输入资产组",
msg: {required: "资产和资产组必选一个!"} msg: {required: "资产和资产组必选一个!"}