github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

user profile: update ssh pk

pull/530/head
xiaokong1937@gmail.com 2017-02-03 13:37:05 +08:00
parent 8a5d0b2d92
commit fe01f92545
5 changed files with 139 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -20,3 +20,4 @@ migrations/
*.log *.log
host_rsa_key host_rsa_key
*.bat *.bat
tags

7
apps/templates/base.html
View File

@ -24,9 +24,9 @@
{% block first_login_message %} {% block first_login_message %}
{% if user.is_authenticated and user.is_first_login %} {% if user.is_authenticated and user.is_first_login %}
<div class="alert alert-danger" style="margin: 20px auto 0px"> <div class="alert alert-danger" style="margin: 20px auto 0px">
{% url 'users:user-first-login' as the_url %} {% url 'users:user-first-login' as first_login_url %}
{% blocktrans %} {% blocktrans %}
Your information was incomplete. Please click <a href="{{ the_url }}"> this link </a>to complete your information. Your information was incomplete. Please click <a href="{{ first_login_url }}"> this link </a>to complete your information.
{% endblocktrans %} {% endblocktrans %}
</div> </div>
{% endif %} {% endif %}
@ -34,8 +34,9 @@
{% block update_public_key_message %} {% block update_public_key_message %}
{% if user.is_authenticated and not user.is_public_key_valid %} {% if user.is_authenticated and not user.is_public_key_valid %}
<div class="alert alert-danger" style="margin: 20px auto 0px"> <div class="alert alert-danger" style="margin: 20px auto 0px">
{% url 'users:user-profile' as profile_url %}
{% blocktrans %} {% blocktrans %}
Your ssh-public-key has been expired. Please click <a href="#"> this link </a>to update your ssh-public-key. Your ssh-public-key has been expired. Please click <a href="{{ profile_url }}"> this link </a>to update your ssh-public-key.
{% endblocktrans %} {% endblocktrans %}
</div> </div>
{% endif %} {% endif %}

20
apps/users/api.py
View File

@ -1,21 +1,18 @@
# ~*~ coding: utf-8 ~*~ # ~*~ coding: utf-8 ~*~
#
from rest_framework import generics, viewsets from rest_framework import generics
from rest_framework.permissions import AllowAny
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework.permissions import AllowAny
from rest_framework_bulk import BulkModelViewSet from rest_framework_bulk import BulkModelViewSet
# from django_filters.rest_framework import DjangoFilterBackend
from . import serializers
from .hands import write_login_log_async
from .models import User, UserGroup
from .permissions import IsSuperUser, IsValidUser, IsCurrentUserOrReadOnly
from .utils import check_user_valid, generate_token
from common.mixins import IDInFilterMixin from common.mixins import IDInFilterMixin
from common.utils import get_logger from common.utils import get_logger
from .utils import check_user_valid, generate_token
from .models import User, UserGroup
from .hands import write_login_log_async
from .permissions import (
IsSuperUser, IsAppUser, IsValidUser)
from . import serializers
logger = get_logger(__name__) logger = get_logger(__name__)
@ -41,7 +38,7 @@ class UserResetPasswordApi(generics.UpdateAPIView):
def perform_update(self, serializer): def perform_update(self, serializer):
# Note: we are not updating the user object here. # Note: we are not updating the user object here.
# We just do the reset-password staff. # We just do the reset-password stuff.
import uuid import uuid
from .utils import send_reset_password_mail from .utils import send_reset_password_mail
user = self.get_object() user = self.get_object()
@ -65,6 +62,7 @@ class UserResetPKApi(generics.UpdateAPIView):
class UserUpdatePKApi(generics.UpdateAPIView): class UserUpdatePKApi(generics.UpdateAPIView):
queryset = User.objects.all() queryset = User.objects.all()
serializer_class = serializers.UserPKUpdateSerializer serializer_class = serializers.UserPKUpdateSerializer
permission_classes = (IsCurrentUserOrReadOnly,)
def perform_update(self, serializer): def perform_update(self, serializer):
user = self.get_object() user = self.get_object()

29
apps/users/permissions.py
View File

@ -1,18 +1,7 @@
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
#
import base64 from rest_framework import permissions
from django.core.cache import cache
from django.conf import settings
from django.utils.translation import ugettext as _
from rest_framework import authentication, exceptions, permissions
from rest_framework.compat import is_authenticated
from common.utils import signer, get_object_or_none
from .hands import Terminal
from .models import User
class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission): class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
@ -20,7 +9,7 @@ class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
return super(IsValidUser, self).has_permission(request, view) \ return super(IsValidUser, self).has_permission(request, view) \
and request.user.is_valid and request.user.is_valid
class IsAppUser(IsValidUser, permissions.BasePermission): class IsAppUser(IsValidUser, permissions.BasePermission):
@ -28,7 +17,7 @@ class IsAppUser(IsValidUser, permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
return super(IsAppUser, self).has_permission(request, view) \ return super(IsAppUser, self).has_permission(request, view) \
and request.user.is_app and request.user.is_app
class IsSuperUser(IsValidUser, permissions.BasePermission): class IsSuperUser(IsValidUser, permissions.BasePermission):
@ -36,7 +25,7 @@ class IsSuperUser(IsValidUser, permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
return super(IsSuperUser, self).has_permission(request, view) \ return super(IsSuperUser, self).has_permission(request, view) \
and request.user.is_superuser and request.user.is_superuser
class IsSuperUserOrAppUser(IsValidUser, permissions.BasePermission): class IsSuperUserOrAppUser(IsValidUser, permissions.BasePermission):
@ -44,8 +33,12 @@ class IsSuperUserOrAppUser(IsValidUser, permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
return super(IsSuperUserOrAppUser, self).has_permission(request, view) \ return super(IsSuperUserOrAppUser, self).has_permission(request, view) \
and (request.user.is_superuser or request.user.is_app) and (request.user.is_superuser or request.user.is_app)
if __name__ == '__main__': class IsCurrentUserOrReadOnly(permissions.BasePermission):
pass
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return obj == request.user

191
apps/users/templates/users/user_profile.html
View File

@ -17,95 +17,132 @@
<a class="collapse-link"> <a class="collapse-link">
<i class="fa fa-chevron-up"></i> <i class="fa fa-chevron-up"></i>
</a> </a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li><a href="#"></a>
</li>
<li><a href="#"></a>
</li>
</ul>
<a class="close-link"> <a class="close-link">
<i class="fa fa-times"></i> <i class="fa fa-times"></i>
</a> </a>
</div> </div>
</div> </div>
<div class="ibox-content"> <div class="ibox-content">
<div> <div class="text-left">
<div class="text-left"> <table class="table">
<table class="table"> <tr>
<tr> <td class="text-navy">用户名</td>
<td class="text-navy">用户名</td> <td>{{ user.username }}</td>
<td>{{ user.username }}</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">姓名</td>
<td class="text-navy">姓名</td> <td>{{ user.name }}</td>
<td>{{ user.name }}</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">权限</td>
<td class="text-navy">权限</td> <td>{{ user.get_role_display }}</td>
<td>{{ user.get_role_display }}</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">Email</td>
<td class="text-navy">Email</td> <td>{{ user.email }}</td>
<td>{{ user.email }}</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">激活</td>
<td class="text-navy">激活</td> <td>{{ user.is_active }}</td>
<td>{{ user.is_active }}</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">添加日期</td>
<td class="text-navy">添加日期</td> <td>{{ user.date_joined|date:"Y-m-d H:i:s" }}</td>
<td>{{ user.date_joined|date:"Y-m-d H:i:s" }}</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">最后登录</td>
<td class="text-navy">最后登录</td> <td>{{ user.last_login|date:"Y-m-d H:i:s" }}</td>
<td>{{ user.last_login|date:"Y-m-d H:i:s" }}</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">所在用户组</td>
<td class="text-navy">所在用户组</td> <td>
<td> {% for group in user.groups.all %}
{% for group in user.groups.all %} <span class="simple-tag with-link">
<span class="simple-tag with-link"> <a href="{% url 'users:user-group-detail' group.id %}">{{ group.name }}</a>
<a href="{% url 'users:user-group-detail' group.id %}">{{ group.name }}</a> </span>
</span> {% endfor %}
{% endfor %} </td>
</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">授权主机数量</td>
<td class="text-navy">授权主机数量</td> <td>{{ assets | length }}</td>
<td>{{ assets | length }}</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">授权主机组</td>
<td class="text-navy">授权主机组</td> <td>
<td> {% for group in asset_groups %}
{% for group in asset_groups %} <span class="simple-tag with-link">
<span class="simple-tag with-link"> <a href="{% url 'assets:asset-group-detail' group.id %}">{{ group.name }}</a>
<a href="{% url 'assets:asset-group-detail' group.id %}">{{ group.name }}</a> </span>
</span> {% endfor %}
{% endfor %} </td>
</td> </tr>
</tr> <tr>
<tr> <td class="text-navy">授权规则</td>
<td class="text-navy">授权规则</td> <td>
<td> {% for perm in permissions %}
{% for perm in permissions %} <span class="simple-tag with-link">
<span class="simple-tag with-link"> <a href="{% url 'perms:asset-permission-detail' perm.id %}">{{ perm.name }}</a>
<a href="{% url 'perms:asset-permission-detail' perm.id %}">{{ perm.name }}</a> </span>
</span> {% endfor %}
{% endfor %} </td>
</td> </tr>
</tr> </table>
</table>
</div>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
<div class="col-sm-6"></div> <div class="col-sm-6">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span class="label label-primary"><b>{% trans "Update Public Key" %}</b></span>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<p>{% trans "Paste your SSH Public Key here" %}</p>
<textarea id="txt_pk" class="form-control" cols="30" rows="10" placeholder="ssh-rsa AAAAB3NzaC1yc2EAA....."></textarea>
<button id="btn_update_pk" class="btn btn-primary m-t-15">{% trans 'Update' %}</button>
</div>
</div>
</div>
</div> </div>
</div> </div>
{% endblock %} {% endblock %}
{% block custom_foot_js %} {% block custom_foot_js %}
<script>
$(document).on('click', '#btn_update_pk', function() {
var $this = $(this);
var pk = $('#txt_pk').val();
var the_url = '{% url "api-users:user-public-key-update" pk=user.id %}';
var body = {'_public_key': pk};
var success = function() {
$('#txt_pk').val('');
var msg = "{% trans 'Successfully updated the SSH public key.' %}";
swal("{% trans 'User SSH Public Key Update' %}", msg, "success");
};
var fail = function() {
var msg = "{% trans 'Failed to update SSH public key.' %}";
swal({
title: "{% trans 'User SSH Public Key Update' %}",
text: msg,
type: "error",
showCancelButton: false,
confirmButtonColor: "#DD6B55",
confirmButtonText: "{% trans 'Confirm' %}",
closeOnConfirm: true
}, function () {
$('#txt_pk').focus();
}
);
}
APIUpdateAttr({ url: the_url, body: JSON.stringify(body), success: success, error: fail});
})
</script>
{% endblock %} {% endblock %}