今天先到这里吧

2015-03-19 23:57:08 +08:00 · 2015-03-19 23:57:08 +08:00 · e717fad762
parent 386d6a1cb2
commit e717fad762
11 changed files with 245 additions and 39 deletions
--- a/connect.py
+++ b/connect.py
@ -174,7 +174,6 @@ def get_user_host(username):
 def get_connect_item(username, ip):
    cryptor = PyCrypt(KEY)
    asset = get_object(Asset, ip=ip)
    port = asset.port
@ -192,12 +191,12 @@ def get_connect_item(username, ip):
    }
    if asset.login_type in login_type_dict:
-        password = cryptor.decrypt(login_type_dict[asset.login_type])
+        password = CRYPTOR.decrypt(login_type_dict[asset.login_type])
        return username, password, ip, port
    elif asset.login_type == 'M':
        username = asset.username
-        password = cryptor.decrypt(asset.password)
+        password = CRYPTOR.decrypt(asset.password)
        return username, password, ip, port
    else:
@ -286,7 +285,7 @@ def remote_exec_cmd(ip, port, username, password, cmd):
        stdin, stdout, stderr = ssh.exec_command("bash -l -c '%s'" % cmd)
        out = stdout.readlines()
        err = stderr.readlines()
-        color_print('%s:' %ip, 'blue')
+        color_print('%s:' % ip, 'blue')
        for i in out:
            color_print(" " * 4 + i.strip(), 'green')
        for j in err:
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@ -128,6 +128,14 @@ class PyCrypt(object):
        ciphertext = cryptor.encrypt(text)
        return b2a_hex(ciphertext)
    def decrypt(self, text):
        cryptor = AES.new(self.key, self.mode, b'0000000000000000')
        try:
            plain_text = cryptor.decrypt(a2b_hex(text))
        except TypeError:
            raise ServerError('Decrypt password error, TYpe error.')
        return plain_text.rstrip('\0')
 CRYPTOR = PyCrypt(KEY)
--- a/jumpserver/templatetags/mytags.py
+++ b/jumpserver/templatetags/mytags.py
@ -6,7 +6,7 @@ import time
 from django import template
 from juser.models import User, UserGroup, DEPT
 from jasset.models import BisGroup
-from jumpserver.api import user_perm_asset_api
+from jumpserver.api import *
 register = template.Library()
@ -78,6 +78,16 @@ def bool2str(value):
        return u'鍚�'
@register.filter(name='user_readonly')
 def user_readonly(user_id):
    user = User.objects.filter(id=user_id)
    if user:
        user = user[0]
        if user.role == 'CU':
            return False
    return True
@register.filter(name='member_count')
 def member_count(group_id):
    group = UserGroup.objects.get(id=group_id)
--- a/juser/urls.py
+++ b/juser/urls.py
@ -13,18 +13,19 @@ urlpatterns = patterns('juser.views',
    (r'^dept_detail/$', 'dept_detail'),
    (r'^dept_del_ajax/$', 'dept_del_ajax'),
    (r'^dept_edit/$', 'dept_edit'),
-    (r'^group_add/$', 'group_add'),
+    (r'^dept_user_ajax/$', 'dept_user_ajax'),
    (r'^group_add/$', view_splitter, {'su': group_add, 'adm': group_add_adm}),
    (r'^group_list/$', view_splitter, {'su': group_list, 'adm': group_list_adm}),
    (r'^group_detail/$', 'group_detail'),
-    (r'^group_del/$', 'group_del'),
+    (r'^group_del/$', view_splitter, {'su': group_del, 'adm': group_del_adm}),
    (r'^group_del_ajax/$', 'group_del_ajax'),
    (r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}),
    (r'^user_add/$', 'user_add'),
-    (r'^user_list/$', 'user_list'),
+    (r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
    (r'^user_detail/$', 'user_detail'),
    (r'^user_del/$', 'user_del'),
    (r'^user_del_ajax/$', 'user_del_ajax'),
-    (r'^user_edit/$', 'user_edit'),
+    (r'^user_edit/$', view_splitter, {'su': user_edit, 'adm': user_edit_adm}),
    (r'^profile/$', 'profile'),
    (r'^chg_pass/$', 'chg_pass'),
 )
--- a/juser/views.py
+++ b/juser/views.py
@ -97,11 +97,12 @@ def db_add_user(**kwargs):
 def db_update_user(**kwargs):
    groups_post = kwargs.pop('groups')
-    username = kwargs.get('username')
+    user_id = kwargs.pop('user_id')
-    user = User.objects.filter(username=username)
+    user = User.objects.filter(id=user_id)
-    user.update(**kwargs)
+    if user:
-    user = User.objects.get(username=username)
+        user.update(**kwargs)
-    user.save()
+        user = User.objects.get(id=user_id)
        user.save()
    if groups_post:
        group_select = []
@ -336,7 +337,21 @@ def dept_edit(request):
    return render_to_response('juser/dept_edit.html', locals(), context_instance=RequestContext(request))
-@require_admin
+def dept_user_ajax(request):
    dept_id = request.GET.get('id', '4')
    if dept_id not in ['1', '2']:
        dept = DEPT.objects.filter(id=dept_id)
        if dept:
            dept = dept[0]
            users = dept.user_set.all()
    else:
        users = User.objects.all()
    return render_to_response('juser/dept_user_ajax.html', locals())
@require_super_user
 def group_add(request):
    error = ''
    msg = ''
@ -372,6 +387,37 @@ def group_add(request):
    return render_to_response('juser/group_add.html', locals(), context_instance=RequestContext(request))
@require_admin
 def group_add_adm(request):
    error = ''
    msg = ''
    header_title, path1, path2 = '娣诲姞灏忕粍', '鐢ㄦ埛绠＄悊', '娣诲姞灏忕粍'
    user, dept = get_session_user_dept(request)
    user_all = dept.user_set.all()
    if request.method == 'POST':
        group_name = request.POST.get('group_name', '')
        users_selected = request.POST.getlist('users_selected', '')
        comment = request.POST.get('comment', '')
        try:
            if not validate(request, user=users_selected):
                raise AddError('娌℃湁鏌愮敤鎴锋潈闄�')
            if '' in [group_name]:
                error = u'缁勫悕涓嶈兘涓虹┖'
                raise AddError(error)
            db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment)
        except AddError:
            pass
        except TypeError:
            error = u'淇濆瓨灏忕粍澶辫触'
        else:
            msg = u'娣诲姞缁� %s 鎴愬姛' % group_name
    return render_to_response('juser/group_add.html', locals(), context_instance=RequestContext(request))
@require_super_user
 def group_list(request):
    header_title, path1, path2 = '鏌ョ湅灏忕粍', '鐢ㄦ埛绠＄悊', '鏌ョ湅灏忕粍'
@ -417,7 +463,7 @@ def group_detail(request):
    return render_to_response('juser/group_detail.html', locals(), context_instance=RequestContext(request))
-@require_admin
+@require_super_user
 def group_del(request):
    group_id = request.GET.get('id', '')
    if not group_id:
@ -426,10 +472,25 @@ def group_del(request):
    return HttpResponseRedirect('/juser/group_list/')
@require_admin
 def group_del_adm(request):
    group_id = request.GET.get('id', '')
    if not validate(request, user_group=[group_id]):
        return HttpResponseRedirect('/juser/group_list/')
    if not group_id:
        return HttpResponseRedirect('/')
    UserGroup.objects.filter(id=group_id).delete()
    return HttpResponseRedirect('/juser/group_list/')
@require_admin
 def group_del_ajax(request):
    group_ids = request.POST.get('group_ids')
-    for group_id in group_ids.split(','):
+    group_ids = group_ids.split(',')
    if request.session.get('role_id') == 1:
        if not validate(request, user_group=group_ids):
            return "error"
    for group_id in group_ids:
        UserGroup.objects.filter(id=group_id).delete()
    return HttpResponse('鍒犻櫎鎴愬姛')
@ -497,6 +558,7 @@ def group_edit_adm(request):
    error = ''
    msg = ''
    header_title, path1, path2 = '淇敼灏忕粍淇℃伅', '鐢ㄦ埛绠＄悊', '缂栬緫灏忕粍'
    user, dept = get_session_user_dept(request)
    if request.method == 'GET':
        group_id = request.GET.get('id', '')
        if not validate(request, user_group=[group_id]):
@ -504,8 +566,7 @@ def group_edit_adm(request):
        group = UserGroup.objects.filter(id=group_id)
        if group:
            group = group[0]
-            dept_all = DEPT.objects.all()
+            users_all = dept.user_set.all()
            users_all = User.objects.all()
            users_selected = group.user_set.all()
            users = [user for user in users_all if user not in users_selected]
@ -513,19 +574,17 @@ def group_edit_adm(request):
    else:
        group_id = request.POST.get('group_id', '')
        group_name = request.POST.get('group_name', '')
        dept_id = request.POST.get('dept_id', '')
        comment = request.POST.get('comment', '')
        users_selected = request.POST.getlist('users_selected')
        users = []
        try:
-            if '' in [group_id, group_name]:
+            if not validate(request, user=users_selected):
-                raise AddError('缁勫悕涓嶈兘涓虹┖')
+                raise AddError(u'鍙充晶闈為儴闂ㄧ敤鎴�')
-            dept = DEPT.objects.filter(id=dept_id)
+
-            if dept:
+            if not validate(request, user_group=[group_id]):
-                dept = dept[0]
+                raise AddError(u'娌℃湁鏉冮檺淇敼鏈粍')
-            else:
+
                raise AddError('閮ㄩ棬涓嶅瓨鍦�')
            for user_id in users_selected:
                users.extend(User.objects.filter(id=user_id))
@ -609,7 +668,7 @@ def user_add(request):
    return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
-@require_admin
+@require_super_user
 def user_list(request):
    user_role = {'SU': u'瓒呯骇绠＄悊鍛�', 'GA': u'缁勭鐞嗗憳', 'CU': u'鏅€氱敤鎴�'}
    header_title, path1, path2 = '鏌ョ湅鐢ㄦ埛', '鐢ㄦ埛绠＄悊', '鐢ㄦ埛鍒楄〃'
@ -638,11 +697,39 @@ def user_list(request):
    return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request))
@require_admin
 def user_list_adm(request):
    user_role = {'SU': u'瓒呯骇绠＄悊鍛�', 'GA': u'缁勭鐞嗗憳', 'CU': u'鏅€氱敤鎴�'}
    header_title, path1, path2 = '鏌ョ湅鐢ㄦ埛', '鐢ㄦ埛绠＄悊', '鐢ㄦ埛鍒楄〃'
    keyword = request.GET.get('keyword', '')
    user, dept = get_session_user_dept(request)
    gid = request.GET.get('gid', '')
    contact_list = dept.user_set.all().order_by('name')
    if gid:
        if not validate(request, user_group=[gid]):
            return HttpResponseRedirect('/juser/user_list/')
        user_group = UserGroup.objects.filter(id=gid)
        if user_group:
            user_group = user_group[0]
            contact_list = user_group.user_set.all()
    if keyword:
        contact_list = contact_list.filter(Q(username__icontains=keyword) | Q(name__icontains=keyword)).order_by('name')
    contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
    return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request))
@require_admin
 def user_detail(request):
    user_id = request.GET.get('id', '')
    if not user_id:
        return HttpResponseRedirect('/juser/user_list/')
    if request.session.get('role_id', '') == '1':
        if not validate(request, user=[user_id]):
            return HttpResponseRedirect('/juser/user_list/')
    user = User.objects.filter(id=user_id)
    if user:
        user = user[0]
@ -655,7 +742,12 @@ def user_detail(request):
 def user_del(request):
    user_id = request.GET.get('id', '')
    if not user_id:
-        return HttpResponseRedirect('/')
+        return HttpResponseRedirect('/juser/user_list/')
    if request.session.get('role_id', '') == '1':
        if not validate(request, user=[user_id]):
            return HttpResponseRedirect('/juser/user_list/')
    user = User.objects.filter(id=user_id)
    if user:
        user = user[0]
@ -669,7 +761,11 @@ def user_del(request):
@require_admin
 def user_del_ajax(request):
    user_ids = request.POST.get('ids')
-    for user_id in user_ids.split(','):
+    user_ids = user_ids.split(',')
    if request.session.get('role_id', '') == 1:
        if not validate(request, user=user_ids):
            return "error"
    for user_id in user_ids:
        user = User.objects.filter(id=user_id)
        if user:
            user = user[0]
@ -681,7 +777,7 @@ def user_del_ajax(request):
    return HttpResponse('鍒犻櫎鎴愬姛')
-@require_admin
+@require_super_user
 def user_edit(request):
    header_title, path1, path2 = '缂栬緫鐢ㄦ埛', '鐢ㄦ埛绠＄悊', '鐢ㄦ埛缂栬緫'
    if request.method == 'GET':
@ -698,7 +794,7 @@ def user_edit(request):
            groups_str = ' '.join([str(group.id) for group in user.group.all()])
    else:
-        username = request.POST.get('username', '')
+        user_id = request.GET.get('user_id', '')
        password = request.POST.get('password', '')
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
@ -715,8 +811,8 @@ def user_edit(request):
        else:
            dept = DEPT.objects.get(id='1')
-        if username:
+        if user_id:
-            user = User.objects.filter(username=username)
+            user = User.objects.filter(id=user_id)
            if user:
                user = user[0]
        else:
@ -728,7 +824,7 @@ def user_edit(request):
        if ssh_key_pwd != user.ssh_key_pwd:
            ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd)
-        db_update_user(username=username,
+        db_update_user(user_id=user_id,
                       password=password,
                       name=name,
                       email=email,
@ -743,6 +839,62 @@ def user_edit(request):
    return render_to_response('juser/user_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
 def user_edit_adm(request):
    header_title, path1, path2 = '缂栬緫鐢ㄦ埛', '鐢ㄦ埛绠＄悊', '鐢ㄦ埛缂栬緫'
    user, dept = get_session_user_dept(request)
    if request.method == 'GET':
        user_id = request.GET.get('id', '')
        if not user_id:
            return HttpResponseRedirect('/juser/user_list/')
        if not validate(request, user=[user_id]):
            return HttpResponseRedirect('/juser/user_list/')
        user = User.objects.filter(id=user_id)
        dept_all = DEPT.objects.all()
        group_all = dept.usergroup_set.all()
        if user:
            user = user[0]
            groups_str = ' '.join([str(group.id) for group in user.group.all()])
    else:
        user_id = request.POST.get('user_id', '')
        password = request.POST.get('password', '')
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
        groups = request.POST.getlist('groups', [])
        ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
        is_active = True if request.POST.get('is_active', '1') == '1' else False
        if not validate(request, user=[user_id], user_group=groups):
            return HttpResponseRedirect('/juser/user_edit/')
        if user_id:
            user = User.objects.filter(id=user_id)
            if user:
                user = user[0]
        else:
            return HttpResponseRedirect('/juser/user_list/')
        if password != user.password:
            password = md5_crypt(password)
        if ssh_key_pwd != user.ssh_key_pwd:
            ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd)
        db_update_user(user_id=user_id,
                       password=password,
                       name=name,
                       email=email,
                       groups=groups,
                       is_active=is_active,
                       ssh_key_pwd=ssh_key_pwd)
        return HttpResponseRedirect('/juser/user_list/')
    return render_to_response('juser/user_edit.html', locals(), context_instance=RequestContext(request))
 def profile(request):
    user_id = request.session.get('user_id')
    if not user_id:
--- a/templates/juser/dept_user_ajax.html
+++ b/templates/juser/dept_user_ajax.html
@ -0,0 +1,3 @@
 {% for user in users %}
    <option value="{{ user.id }}">{{ user.name }}</option>
 {% endfor %}
--- a/templates/juser/group_add.html
+++ b/templates/juser/group_add.html
@ -40,17 +40,19 @@
                                    <input id="group_name" name="group_name" placeholder="Group name" type="text" class="form-control" value="{{ group_name }}">
                                </div>
                            </div>
                            {% ifequal session_role_id 2 %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="dept_id" class="col-sm-2 control-label">閮ㄩ棬<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">
-                                    <select id="dept_id" name="dept_id" class="form-control m-b">
+                                    <select id="dept_id" name="dept_id" class="form-control m-b" onchange="change_dept(this.value)">
                                        {% for dept in dept_all %}
                                            <option value="{{ dept.id }}" selected>{{ dept.name }}</option>
                                        {% endfor %}
                                    </select>
                                </div>
                            </div>
                            {% endifequal %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="users" class="col-lg-2 control-label">鐢ㄦ埛</label>
@ -127,6 +129,16 @@ function change_type(type){
           })
 }
 function change_dept(dept_id){
    $.get('/juser/dept_user_ajax/',
            {'id': dept_id},
            function(data){
                $('#users').html(data)
            })
 }
 $(document).ready(function(){
    $("#submit_button").click(function(){
        $('#users_selected option').each(function(){
--- a/templates/juser/group_edit.html
+++ b/templates/juser/group_edit.html
@ -46,7 +46,7 @@
                            <div class="form-group">
                                <label for="dept_id" class="col-sm-2 control-label">閮ㄩ棬<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">
-                                    <select id="dept_id" name="dept_id" class="form-control m-b">
+                                    <select id="dept_id" name="dept_id" class="form-control m-b" onchange="change_dept(this.value)">
                                        {% for dept in dept_all %}
                                            {% ifequal group.dept.id dept.id %}
                                            <option value="{{ dept.id }}" selected>{{ dept.name }}</option>
@ -88,7 +88,7 @@
                            <div class="form-group">
                                <label for="comment" class="col-sm-2 control-label">澶囨敞</label>
                                <div class="col-sm-8">
-                                    <input id="comment" name="comment" placeholder="Comment" type="text" class="form-control" value="{{ comment }}">
+                                    <input id="comment" name="comment" placeholder="Comment" type="text" class="form-control" value="{{ group.comment }}">
                                </div>
                            </div>
@ -145,6 +145,16 @@ $(document).ready(function(){
    })
 })
 function change_dept(dept_id){
    $.get('/juser/dept_user_ajax/',
            {'id': dept_id},
            function(data){
                $('#users').html(data);
                $('#users_selected').html('')
            })
 }
 </script>
 {% endblock %}
--- a/templates/juser/user_edit.html
+++ b/templates/juser/user_edit.html
@ -39,6 +39,7 @@
                            <div class="form-group">
                                <label for="username" class="col-sm-2 control-label">鐢ㄦ埛鍚�<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">
                                    <input id="user_id" name="user_id" type="text"  value="{{ user.id }}" style="display: none">
                                    <input id="username" name="username" placeholder="Username" type="text" class="form-control" value="{{ user.username }}" readonly>
                                </div>
                            </div>
@ -70,6 +71,7 @@
                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>
                            {% ifequal session_role_id 2 %}
                            <div class="form-group">
                                <label for="dept_id" class="col-lg-2 control-label">閮ㄩ棬<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">
@ -85,6 +87,7 @@
                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>
                            {% endifequal %}
                            <div class="form-group">
                                <label for="groups" class="col-lg-2 control-label">灏忕粍</label>
                                <div class="col-sm-8">
@ -99,6 +102,7 @@
                                    </select>
                                </div>
                            </div>
                            {% ifequal session_role_id 2 %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="role" class="col-lg-2 control-label">瑙掕壊<span class="red-fonts">*</span></label>
@ -114,6 +118,7 @@
                                    </select>
                                </div>
                            </div>
                            {% endifequal %}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="email" class="col-sm-2 control-label">Email<span class="red-fonts">*</span></label>
--- a/templates/juser/user_list.html
+++ b/templates/juser/user_list.html
@ -73,8 +73,14 @@
                                <td class="text-center">{{ user.is_active|bool2str }}</td>
                                <td class="text-center">
                                    <a title="[ {{ user.name }} ] 璇︽儏" href="../user_detail/?id={{ user.id }}" class="iframe btn btn-xs btn-primary">璇︽儏</a>
                                    {% ifequal session_role_id 2 %}
                                    <a href="../user_edit/?id={{ user.id }}" class="btn btn-xs btn-info">缂栬緫</a>
                                    <a href="../user_del/?id={{ user.id }}" class="btn btn-xs btn-danger">鍒犻櫎</a>
                                    {% else %}
                                    <a href="../user_edit/?id={{ user.id }}" class="btn btn-xs btn-info {% if user.id|user_readonly %} disabled {% endif %}">缂栬緫</a>
                                    <a href="../user_del/?id={{ user.id }}" class="btn btn-xs btn-danger {% if user.id|user_readonly %} disabled {% endif %}">鍒犻櫎</a>
                                    {% endifequal %}
                                </td>
                            </tr>
                        {% endfor %}
--- a/templates/nav.html
+++ b/templates/nav.html
@ -91,7 +91,7 @@
                <a href="#"><i class="fa fa-rebel"></i> <span class="nav-label">鐢ㄦ埛绠＄悊</span><span class="fa arrow"></span></a>
                <ul class="nav nav-second-level">
                    <li class="dept_list dept_edit"><a href="/juser/dept_list/">鏌ョ湅閮ㄩ棬</a></li>
-                    <li class="group_list"><a href="/juser/group_list/">鏌ョ湅灏忕粍</a></li>
+                    <li class="group_list group_edit"><a href="/juser/group_list/">鏌ョ湅灏忕粍</a></li>
                    <li class="group_add"><a href="/juser/group_add/">娣诲姞灏忕粍</a></li>
                    <li class="user_list"><a href="/juser/user_list/">鏌ョ湅鐢ㄦ埛<span class="label {% ifequal user_active_num user_total_num %}label-primary {% else %}label-warning {% endifequal %}pull-right">{{ user_active_num }}/{{ user_total_num }}</span></a></li>
                    <li class="user_add"><a href="/juser/user_add/">娣诲姞鐢ㄦ埛</a></li>