github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

今天先到这里吧

pull/6/head
guanghongwei 2015-03-19 23:57:08 +08:00
parent 386d6a1cb2
commit e717fad762
11 changed files with 245 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
connect.py
View File

@ -174,7 +174,6 @@ def get_user_host(username):
def get_connect_item(username, ip):
cryptor = PyCrypt(KEY)
asset = get_object(Asset, ip=ip)
port = asset.port
@ -192,12 +191,12 @@ def get_connect_item(username, ip):
}
if asset.login_type in login_type_dict:
password = cryptor.decrypt(login_type_dict[asset.login_type])
password = CRYPTOR.decrypt(login_type_dict[asset.login_type])
return username, password, ip, port
elif asset.login_type == 'M':
username = asset.username
password = cryptor.decrypt(asset.password)
password = CRYPTOR.decrypt(asset.password)
return username, password, ip, port
else:

8
jumpserver/api.py
View File

@ -128,6 +128,14 @@ class PyCrypt(object):
ciphertext = cryptor.encrypt(text)
return b2a_hex(ciphertext)
def decrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
try:
plain_text = cryptor.decrypt(a2b_hex(text))
except TypeError:
raise ServerError('Decrypt password error, TYpe error.')
return plain_text.rstrip('\0')
CRYPTOR = PyCrypt(KEY)

12
jumpserver/templatetags/mytags.py
View File

@ -6,7 +6,7 @@ import time
from django import template
from juser.models import User, UserGroup, DEPT
from jasset.models import BisGroup
from jumpserver.api import user_perm_asset_api
from jumpserver.api import *
register = template.Library()
@ -78,6 +78,16 @@ def bool2str(value):
return u''
@register.filter(name='user_readonly')
def user_readonly(user_id):
user = User.objects.filter(id=user_id)
if user:
user = user[0]
if user.role == 'CU':
return False
return True
@register.filter(name='member_count')
def member_count(group_id):
group = UserGroup.objects.get(id=group_id)

9
juser/urls.py
View File

@ -13,18 +13,19 @@ urlpatterns = patterns('juser.views',
(r'^dept_detail/$', 'dept_detail'),
(r'^dept_del_ajax/$', 'dept_del_ajax'),
(r'^dept_edit/$', 'dept_edit'),
(r'^group_add/$', 'group_add'),
(r'^dept_user_ajax/$', 'dept_user_ajax'),
(r'^group_add/$', view_splitter, {'su': group_add, 'adm': group_add_adm}),
(r'^group_list/$', view_splitter, {'su': group_list, 'adm': group_list_adm}),
(r'^group_detail/$', 'group_detail'),
(r'^group_del/$', 'group_del'),
(r'^group_del/$', view_splitter, {'su': group_del, 'adm': group_del_adm}),
(r'^group_del_ajax/$', 'group_del_ajax'),
(r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}),
(r'^user_add/$', 'user_add'),
(r'^user_list/$', 'user_list'),
(r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
(r'^user_detail/$', 'user_detail'),
(r'^user_del/$', 'user_del'),
(r'^user_del_ajax/$', 'user_del_ajax'),
(r'^user_edit/$', 'user_edit'),
(r'^user_edit/$', view_splitter, {'su': user_edit, 'adm': user_edit_adm}),
(r'^profile/$', 'profile'),
(r'^chg_pass/$', 'chg_pass'),
)

200
juser/views.py
View File

@ -97,10 +97,11 @@ def db_add_user(**kwargs):
def db_update_user(**kwargs):
groups_post = kwargs.pop('groups')
username = kwargs.get('username')
user = User.objects.filter(username=username)
user_id = kwargs.pop('user_id')
user = User.objects.filter(id=user_id)
if user:
user.update(**kwargs)
user = User.objects.get(username=username)
user = User.objects.get(id=user_id)
user.save()
if groups_post:
@ -336,7 +337,21 @@ def dept_edit(request):
return render_to_response('juser/dept_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def dept_user_ajax(request):
dept_id = request.GET.get('id', '4')
if dept_id not in ['1', '2']:
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
users = dept.user_set.all()
else:
users = User.objects.all()
return render_to_response('juser/dept_user_ajax.html', locals())
@require_super_user
def group_add(request):
error = ''
msg = ''
@ -372,6 +387,37 @@ def group_add(request):
return render_to_response('juser/group_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def group_add_adm(request):
error = ''
msg = ''
header_title, path1, path2 = '娣诲姞灏忕粍', '鐢ㄦ埛绠$悊', '娣诲姞灏忕粍'
user, dept = get_session_user_dept(request)
user_all = dept.user_set.all()
if request.method == 'POST':
group_name = request.POST.get('group_name', '')
users_selected = request.POST.getlist('users_selected', '')
comment = request.POST.get('comment', '')
try:
if not validate(request, user=users_selected):
raise AddError('娌℃湁鏌愮敤鎴锋潈闄')
if '' in [group_name]:
error = u'缁勫悕涓嶈兘涓虹┖'
raise AddError(error)
db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment)
except AddError:
pass
except TypeError:
error = u'淇濆瓨灏忕粍澶辫触'
else:
msg = u'娣诲姞缁 %s 鎴愬姛' % group_name
return render_to_response('juser/group_add.html', locals(), context_instance=RequestContext(request))
@require_super_user
def group_list(request):
header_title, path1, path2 = '鏌ョ湅灏忕粍', '鐢ㄦ埛绠$悊', '鏌ョ湅灏忕粍'
@ -417,7 +463,7 @@ def group_detail(request):
return render_to_response('juser/group_detail.html', locals(), context_instance=RequestContext(request))
@require_admin
@require_super_user
def group_del(request):
group_id = request.GET.get('id', '')
if not group_id:
@ -426,10 +472,25 @@ def group_del(request):
return HttpResponseRedirect('/juser/group_list/')
@require_admin
def group_del_adm(request):
group_id = request.GET.get('id', '')
if not validate(request, user_group=[group_id]):
return HttpResponseRedirect('/juser/group_list/')
if not group_id:
return HttpResponseRedirect('/')
UserGroup.objects.filter(id=group_id).delete()
return HttpResponseRedirect('/juser/group_list/')
@require_admin
def group_del_ajax(request):
group_ids = request.POST.get('group_ids')
for group_id in group_ids.split(','):
group_ids = group_ids.split(',')
if request.session.get('role_id') == 1:
if not validate(request, user_group=group_ids):
return "error"
for group_id in group_ids:
UserGroup.objects.filter(id=group_id).delete()
return HttpResponse('鍒犻櫎鎴愬姛')
@ -497,6 +558,7 @@ def group_edit_adm(request):
error = ''
msg = ''
header_title, path1, path2 = '淇敼灏忕粍淇℃伅', '鐢ㄦ埛绠$悊', '缂栬緫灏忕粍'
user, dept = get_session_user_dept(request)
if request.method == 'GET':
group_id = request.GET.get('id', '')
if not validate(request, user_group=[group_id]):
@ -504,8 +566,7 @@ def group_edit_adm(request):
group = UserGroup.objects.filter(id=group_id)
if group:
group = group[0]
dept_all = DEPT.objects.all()
users_all = User.objects.all()
users_all = dept.user_set.all()
users_selected = group.user_set.all()
users = [user for user in users_all if user not in users_selected]
@ -513,19 +574,17 @@ def group_edit_adm(request):
else:
group_id = request.POST.get('group_id', '')
group_name = request.POST.get('group_name', '')
dept_id = request.POST.get('dept_id', '')
comment = request.POST.get('comment', '')
users_selected = request.POST.getlist('users_selected')
users = []
try:
if '' in [group_id, group_name]:
raise AddError('缁勫悕涓嶈兘涓虹┖')
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
else:
raise AddError('閮ㄩ棬涓嶅瓨鍦')
if not validate(request, user=users_selected):
raise AddError(u'鍙充晶闈為儴闂ㄧ敤鎴')
if not validate(request, user_group=[group_id]):
raise AddError(u'娌℃湁鏉冮檺淇敼鏈粍')
for user_id in users_selected:
users.extend(User.objects.filter(id=user_id))
@ -609,7 +668,7 @@ def user_add(request):
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_admin
@require_super_user
def user_list(request):
user_role = {'SU': u'瓒呯骇绠$悊鍛', 'GA': u'缁勭鐞嗗憳', 'CU': u'鏅氱敤鎴'}
header_title, path1, path2 = '鏌ョ湅鐢ㄦ埛', '鐢ㄦ埛绠$悊', '鐢ㄦ埛鍒楄〃'
@ -638,11 +697,39 @@ def user_list(request):
return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_list_adm(request):
user_role = {'SU': u'瓒呯骇绠$悊鍛', 'GA': u'缁勭鐞嗗憳', 'CU': u'鏅氱敤鎴'}
header_title, path1, path2 = '鏌ョ湅鐢ㄦ埛', '鐢ㄦ埛绠$悊', '鐢ㄦ埛鍒楄〃'
keyword = request.GET.get('keyword', '')
user, dept = get_session_user_dept(request)
gid = request.GET.get('gid', '')
contact_list = dept.user_set.all().order_by('name')
if gid:
if not validate(request, user_group=[gid]):
return HttpResponseRedirect('/juser/user_list/')
user_group = UserGroup.objects.filter(id=gid)
if user_group:
user_group = user_group[0]
contact_list = user_group.user_set.all()
if keyword:
contact_list = contact_list.filter(Q(username__icontains=keyword) | Q(name__icontains=keyword)).order_by('name')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_detail(request):
user_id = request.GET.get('id', '')
if not user_id:
return HttpResponseRedirect('/juser/user_list/')
if request.session.get('role_id', '') == '1':
if not validate(request, user=[user_id]):
return HttpResponseRedirect('/juser/user_list/')
user = User.objects.filter(id=user_id)
if user:
user = user[0]
@ -655,7 +742,12 @@ def user_detail(request):
def user_del(request):
user_id = request.GET.get('id', '')
if not user_id:
return HttpResponseRedirect('/')
return HttpResponseRedirect('/juser/user_list/')
if request.session.get('role_id', '') == '1':
if not validate(request, user=[user_id]):
return HttpResponseRedirect('/juser/user_list/')
user = User.objects.filter(id=user_id)
if user:
user = user[0]
@ -669,7 +761,11 @@ def user_del(request):
@require_admin
def user_del_ajax(request):
user_ids = request.POST.get('ids')
for user_id in user_ids.split(','):
user_ids = user_ids.split(',')
if request.session.get('role_id', '') == 1:
if not validate(request, user=user_ids):
return "error"
for user_id in user_ids:
user = User.objects.filter(id=user_id)
if user:
user = user[0]
@ -681,7 +777,7 @@ def user_del_ajax(request):
return HttpResponse('鍒犻櫎鎴愬姛')
@require_admin
@require_super_user
def user_edit(request):
header_title, path1, path2 = '缂栬緫鐢ㄦ埛', '鐢ㄦ埛绠$悊', '鐢ㄦ埛缂栬緫'
if request.method == 'GET':
@ -698,7 +794,7 @@ def user_edit(request):
groups_str = ' '.join([str(group.id) for group in user.group.all()])
else:
username = request.POST.get('username', '')
user_id = request.GET.get('user_id', '')
password = request.POST.get('password', '')
name = request.POST.get('name', '')
email = request.POST.get('email', '')
@ -715,8 +811,8 @@ def user_edit(request):
else:
dept = DEPT.objects.get(id='1')
if username:
user = User.objects.filter(username=username)
if user_id:
user = User.objects.filter(id=user_id)
if user:
user = user[0]
else:
@ -728,7 +824,7 @@ def user_edit(request):
if ssh_key_pwd != user.ssh_key_pwd:
ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd)
db_update_user(username=username,
db_update_user(user_id=user_id,
password=password,
name=name,
email=email,
@ -743,6 +839,62 @@ def user_edit(request):
return render_to_response('juser/user_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_edit_adm(request):
header_title, path1, path2 = '缂栬緫鐢ㄦ埛', '鐢ㄦ埛绠$悊', '鐢ㄦ埛缂栬緫'
user, dept = get_session_user_dept(request)
if request.method == 'GET':
user_id = request.GET.get('id', '')
if not user_id:
return HttpResponseRedirect('/juser/user_list/')
if not validate(request, user=[user_id]):
return HttpResponseRedirect('/juser/user_list/')
user = User.objects.filter(id=user_id)
dept_all = DEPT.objects.all()
group_all = dept.usergroup_set.all()
if user:
user = user[0]
groups_str = ' '.join([str(group.id) for group in user.group.all()])
else:
user_id = request.POST.get('user_id', '')
password = request.POST.get('password', '')
name = request.POST.get('name', '')
email = request.POST.get('email', '')
groups = request.POST.getlist('groups', [])
ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
is_active = True if request.POST.get('is_active', '1') == '1' else False
if not validate(request, user=[user_id], user_group=groups):
return HttpResponseRedirect('/juser/user_edit/')
if user_id:
user = User.objects.filter(id=user_id)
if user:
user = user[0]
else:
return HttpResponseRedirect('/juser/user_list/')
if password != user.password:
password = md5_crypt(password)
if ssh_key_pwd != user.ssh_key_pwd:
ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd)
db_update_user(user_id=user_id,
password=password,
name=name,
email=email,
groups=groups,
is_active=is_active,
ssh_key_pwd=ssh_key_pwd)
return HttpResponseRedirect('/juser/user_list/')
return render_to_response('juser/user_edit.html', locals(), context_instance=RequestContext(request))
def profile(request):
user_id = request.session.get('user_id')
if not user_id:

3
templates/juser/dept_user_ajax.html Normal file
View File

@ -0,0 +1,3 @@
{% for user in users %}
<option value="{{ user.id }}">{{ user.name }}</option>
{% endfor %}

14
templates/juser/group_add.html
View File

@ -40,17 +40,19 @@
<input id="group_name" name="group_name" placeholder="Group name" type="text" class="form-control" value="{{ group_name }}">
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="dept_id" class="col-sm-2 control-label">閮ㄩ棬<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select id="dept_id" name="dept_id" class="form-control m-b">
<select id="dept_id" name="dept_id" class="form-control m-b" onchange="change_dept(this.value)">
{% for dept in dept_all %}
<option value="{{ dept.id }}" selected>{{ dept.name }}</option>
{% endfor %}
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="users" class="col-lg-2 control-label">鐢ㄦ埛</label>
@ -127,6 +129,16 @@ function change_type(type){
})
}
function change_dept(dept_id){
$.get('/juser/dept_user_ajax/',
{'id': dept_id},
function(data){
$('#users').html(data)
})
}
$(document).ready(function(){
$("#submit_button").click(function(){
$('#users_selected option').each(function(){

14
templates/juser/group_edit.html
View File

@ -46,7 +46,7 @@
<div class="form-group">
<label for="dept_id" class="col-sm-2 control-label">閮ㄩ棬<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select id="dept_id" name="dept_id" class="form-control m-b">
<select id="dept_id" name="dept_id" class="form-control m-b" onchange="change_dept(this.value)">
{% for dept in dept_all %}
{% ifequal group.dept.id dept.id %}
<option value="{{ dept.id }}" selected>{{ dept.name }}</option>
@ -88,7 +88,7 @@
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">澶囨敞</label>
<div class="col-sm-8">
<input id="comment" name="comment" placeholder="Comment" type="text" class="form-control" value="{{ comment }}">
<input id="comment" name="comment" placeholder="Comment" type="text" class="form-control" value="{{ group.comment }}">
</div>
</div>
@ -145,6 +145,16 @@ $(document).ready(function(){
})
})
function change_dept(dept_id){
$.get('/juser/dept_user_ajax/',
{'id': dept_id},
function(data){
$('#users').html(data);
$('#users_selected').html('')
})
}
</script>
{% endblock %}

5
templates/juser/user_edit.html
View File

@ -39,6 +39,7 @@
<div class="form-group">
<label for="username" class="col-sm-2 control-label">鐢ㄦ埛鍚<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="user_id" name="user_id" type="text" value="{{ user.id }}" style="display: none">
<input id="username" name="username" placeholder="Username" type="text" class="form-control" value="{{ user.username }}" readonly>
</div>
</div>
@ -70,6 +71,7 @@
</div>
</div>
<div class="hr-line-dashed"></div>
{% ifequal session_role_id 2 %}
<div class="form-group">
<label for="dept_id" class="col-lg-2 control-label">閮ㄩ棬<span class="red-fonts">*</span></label>
<div class="col-sm-8">
@ -85,6 +87,7 @@
</div>
</div>
<div class="hr-line-dashed"></div>
{% endifequal %}
<div class="form-group">
<label for="groups" class="col-lg-2 control-label">灏忕粍</label>
<div class="col-sm-8">
@ -99,6 +102,7 @@
</select>
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-lg-2 control-label">瑙掕壊<span class="red-fonts">*</span></label>
@ -114,6 +118,7 @@
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email<span class="red-fonts">*</span></label>

6
templates/juser/user_list.html
View File

@ -73,8 +73,14 @@
<td class="text-center">{{ user.is_active|bool2str }}</td>
<td class="text-center">
<a title="[ {{ user.name }} ] 璇︽儏" href="../user_detail/?id={{ user.id }}" class="iframe btn btn-xs btn-primary">璇︽儏</a>
{% ifequal session_role_id 2 %}
<a href="../user_edit/?id={{ user.id }}" class="btn btn-xs btn-info">缂栬緫</a>
<a href="../user_del/?id={{ user.id }}" class="btn btn-xs btn-danger">鍒犻櫎</a>
{% else %}
<a href="../user_edit/?id={{ user.id }}" class="btn btn-xs btn-info {% if user.id|user_readonly %} disabled {% endif %}">缂栬緫</a>
<a href="../user_del/?id={{ user.id }}" class="btn btn-xs btn-danger {% if user.id|user_readonly %} disabled {% endif %}">鍒犻櫎</a>
{% endifequal %}
</td>
</tr>
{% endfor %}

2
templates/nav.html
View File

@ -91,7 +91,7 @@
<a href="#"><i class="fa fa-rebel"></i> <span class="nav-label">鐢ㄦ埛绠$悊</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li class="dept_list dept_edit"><a href="/juser/dept_list/">鏌ョ湅閮ㄩ棬</a></li>
<li class="group_list"><a href="/juser/group_list/">鏌ョ湅灏忕粍</a></li>
<li class="group_list group_edit"><a href="/juser/group_list/">鏌ョ湅灏忕粍</a></li>
<li class="group_add"><a href="/juser/group_add/">娣诲姞灏忕粍</a></li>
<li class="user_list"><a href="/juser/user_list/">鏌ョ湅鐢ㄦ埛<span class="label {% ifequal user_active_num user_total_num %}label-primary {% else %}label-warning {% endifequal %}pull-right">{{ user_active_num }}/{{ user_total_num }}</span></a></li>
<li class="user_add"><a href="/juser/user_add/">娣诲姞鐢ㄦ埛</a></li>