github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perm edit

pull/26/head
ibuler@qq.com 2015-10-19 23:40:16 +08:00
parent 50d2bfb272
commit fe1f825fdf
2 changed files with 149 additions and 319 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

303
jasset/views.py
View File

@ -118,119 +118,6 @@ def asset_add(request):
msg = u'主机 %s 添加成功' % ip msg = u'主机 %s 添加成功' % ip
return my_render('jasset/asset_add.html', locals(), request) return my_render('jasset/asset_add.html', locals(), request)
#
#
# @require_admin
# def host_add_batch(request):
# """ 批量添加主机 """
# header_title, path1, path2 = u'批量添加主机', u'资产管理', u'批量添加主机'
# login_types = {'LDAP': 'L', 'MAP': 'M'}
# active_types = {'激活': 1, '禁用': 0}
# dept_id = get_user_dept(request)
# if request.method == 'POST':
# multi_hosts = request.POST.get('j_multi').split('\n')
# for host in multi_hosts:
# if host == '':
# break
# j_ip, j_port, j_type, j_idc, j_groups, j_depts, j_active, j_comment = host.split()
# j_active = active_types[str(j_active)]
# j_group = ast.literal_eval(j_groups)
# j_dept = ast.literal_eval(j_depts)
#
# if j_type not in ['LDAP', 'MAP']:
# return httperror(request, u'没有%s这种登录方式!' %j_type)
#
# j_type = login_types[j_type]
# idc = IDC.objects.filter(name=j_idc)
# if idc:
# j_idc = idc[0].id
# else:
# return httperror(request, '添加失败, 没有%s这个IDC' % j_idc)
#
# group_ids, dept_ids = [], []
# for group_name in j_group:
# group = BisGroup.objects.filter(name=group_name)
# if group:
# group_id = group[0].id
# else:
# return httperror(request, '添加失败, 没有%s这个主机组' % group_name)
# group_ids.append(group_id)
#
# for dept_name in j_dept:
# dept = DEPT.objects.filter(name=dept_name)
# if dept:
# dept_id = dept[0].id
# else:
# return httperror(request, '添加失败, 没有%s这个部门' % dept_name)
# dept_ids.append(dept_id)
#
# if is_group_admin(request) and not validate(request, asset_group=group_ids, edept=dept_ids):
# return httperror(request, '添加失败, 没有%s这个主机组' % group_name)
#
# if Asset.objects.filter(ip=str(j_ip)):
# return httperror(request, '添加失败, 改IP%s已存在' % j_ip)
#
# host_info = [j_ip, j_port, j_idc, j_type, group_ids, dept_ids, j_active, j_comment]
# db_host_insert(host_info)
#
# smg = u'批量添加添加成功'
# return my_render('jasset/host_add_multi.html', locals(), request)
#
# return my_render('jasset/host_add_multi.html', locals(), request)
#
#
# @require_admin
# def host_edit_batch(request):
# """ 批量修改主机 """
# if request.method == 'POST':
# len_table = request.POST.get('len_table')
# for i in range(int(len_table)):
# j_id = "editable[" + str(i) + "][j_id]"
# j_ip = "editable[" + str(i) + "][j_ip]"
# j_port = "editable[" + str(i) + "][j_port]"
# j_dept = "editable[" + str(i) + "][j_dept]"
# j_idc = "editable[" + str(i) + "][j_idc]"
# j_type = "editable[" + str(i) + "][j_type]"
# j_group = "editable[" + str(i) + "][j_group]"
# j_active = "editable[" + str(i) + "][j_active]"
# j_comment = "editable[" + str(i) + "][j_comment]"
#
# j_id = request.POST.get(j_id).strip()
# j_ip = request.POST.get(j_ip).strip()
# j_port = request.POST.get(j_port).strip()
# j_dept = request.POST.getlist(j_dept)
# j_idc = request.POST.get(j_idc).strip()
# j_type = request.POST.get(j_type).strip()
# j_group = request.POST.getlist(j_group)
# j_active = request.POST.get(j_active).strip()
# j_comment = request.POST.get(j_comment).strip()
#
# host_info = [j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment]
# batch_host_edit(host_info)
#
# return HttpResponseRedirect('/jasset/host_list/')
#
#
# @require_role(role='user')
# def host_edit_common_batch(request):
# """ 普通用户批量修改主机别名 """
# u = get_session_user_info(request)[2]
# if request.method == 'POST':
# len_table = request.POST.get('len_table')
# for i in range(int(len_table)):
# j_id = "editable[" + str(i) + "][j_id]"
# j_alias = "editable[" + str(i) + "][j_alias]"
# j_id = request.POST.get(j_id, '').strip()
# j_alias = request.POST.get(j_alias, '').strip()
# a = Asset.objects.get(id=j_id)
# asset_alias = AssetAlias.objects.filter(user=u, host=a)
# if asset_alias:
# asset_alias = asset_alias[0]
# asset_alias.alias = j_alias
# asset_alias.save()
# else:
# AssetAlias.objects.create(user=u, host=a, alias=j_alias)
# return my_render('jasset/host_list_common.html', locals(), request)
@require_role(role='user') @require_role(role='user')
@ -313,53 +200,6 @@ def asset_edit(request):
return my_render('jasset/asset_edit.html', locals(), request) return my_render('jasset/asset_edit.html', locals(), request)
# @require_role(role='admin')
# def host_edit_adm(request):
# """ 部门管理员修改主机 """
# header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机'
# actives = {1: u'激活', 0: u'禁用'}
# login_types = {'L': 'LDAP', 'M': 'MAP'}
# eidc = IDC.objects.all()
# dept = get_session_user_info(request)[5]
# egroup = BisGroup.objects.exclude(name='ALL').filter(dept=dept)
# host_id = request.GET.get('id', '')
# post = Asset.objects.filter(id=int(host_id))
# if post:
# post = post[0]
# else:
# return httperror(request, '没有此主机!')
#
# e_group = post.bis_group.all()
#
# if request.method == 'POST':
# j_ip = request.POST.get('j_ip')
# j_idc = request.POST.get('j_idc')
# j_port = request.POST.get('j_port')
# j_type = request.POST.get('j_type')
# j_dept = request.POST.getlist('j_dept')
# j_group = request.POST.getlist('j_group')
# j_active = request.POST.get('j_active')
# j_comment = request.POST.get('j_comment')
#
# host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment]
#
# if not validate(request, asset_group=j_group, edept=j_dept):
# emg = u'修改失败,您无权操作!'
# return my_render('jasset/asset_edit.html', locals(), request)
#
# if j_type == 'M':
# j_user = request.POST.get('j_user')
# j_password = request.POST.get('j_password')
# db_host_update(host_info, j_user, j_password, post)
# else:
# db_host_update(host_info, post)
#
# smg = u'主机 %s 修改成功' % j_ip
# return HttpResponseRedirect('/jasset/host_detail/?id=%s' % host_id)
#
# return my_render('jasset/asset_edit.html', locals(), request)
@require_role('admin') @require_role('admin')
def asset_detail(request): def asset_detail(request):
""" 主机详情 """ """ 主机详情 """
@ -370,146 +210,3 @@ def asset_detail(request):
return my_render('jasset/asset_detail.html', locals(), request) return my_render('jasset/asset_detail.html', locals(), request)
#
#
# @require_admin
# def group_edit(request):
# """ 修改主机组 """
# header_title, path1, path2 = u'编辑主机组', u'资产管理', u'编辑主机组'
# group_id = request.GET.get('id', '')
# group = BisGroup.objects.filter(id=group_id)
# if group:
# group = group[0]
# else:
# httperror(request, u'没有这个主机组!')
#
# host_all = Asset.objects.all()
# dept_id = get_session_user_info(request)[3]
# eposts = Asset.objects.filter(bis_group=group)
#
# if is_group_admin(request) and not validate(request, asset_group=[group_id]):
# return httperror(request, '编辑失败, 您无权操作!')
# dept = DEPT.objects.filter(id=group.dept.id)
# if dept:
# dept = dept[0]
# else:
# return httperror(request, u'没有这个部门!')
#
# all_dept = dept.asset_set.all()
# posts = [g for g in all_dept if g not in eposts]
#
# if request.method == 'POST':
# j_group = request.POST.get('j_group', '')
# j_hosts = request.POST.getlist('j_hosts', '')
# j_dept = request.POST.get('j_dept', '')
# j_comment = request.POST.get('j_comment', '')
#
# j_dept = DEPT.objects.filter(id=int(j_dept))
# j_dept = j_dept[0]
#
# group.asset_set.clear()
# for host in j_hosts:
# g = Asset.objects.get(id=host)
# group.asset_set.add(g)
# BisGroup.objects.filter(id=group_id).update(name=j_group, dept=j_dept, comment=j_comment)
# smg = u'主机组%s修改成功' % j_group
# return HttpResponseRedirect('/jasset/group_list')
#
# return my_render('jasset/group_edit.html', locals(), request)
#
#
# @require_admin
# def group_detail(request):
# """ 主机组详情 """
# header_title, path1, path2 = u'主机组详情', u'资产管理', u'主机组详情'
# login_types = {'L': 'LDAP', 'M': 'MAP'}
# dept = get_session_user_info(request)[5]
# group_id = request.GET.get('id', '')
# group = BisGroup.objects.get(id=group_id)
# if is_super_user(request):
# posts = Asset.objects.filter(bis_group=group).order_by('ip')
#
# elif is_group_admin(request):
# if not validate(request, asset_group=[group_id]):
# return httperror(request, u'您无权查看!')
# posts = Asset.objects.filter(bis_group=group).filter(dept=dept).order_by('ip')
#
# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
# return my_render('jasset/group_detail.html', locals(), request)
#
#
# @require_admin
# def group_del_host(request):
# """ 主机组中剔除主机, 并不删除真实主机 """
# if request.method == 'POST':
# group_id = request.POST.get('group_id')
# offset = request.GET.get('id', '')
# group = BisGroup.objects.get(id=group_id)
# if offset == 'group':
# len_list = request.POST.get("len_list")
# for i in range(int(len_list)):
# key = "id_list[" + str(i) + "]"
# jid = request.POST.get(key)
# g = Asset.objects.get(id=jid)
# group.asset_set.remove(g)
#
# else:
# offset = request.GET.get('id', '')
# group_id = request.GET.get('gid', '')
# group = BisGroup.objects.get(id=group_id)
# g = Asset.objects.get(id=offset)
# group.asset_set.remove(g)
#
# return HttpResponseRedirect('/jasset/group_detail/?id=%s' % group.id)
#
# @require_admin
# def dept_host_ajax(request):
# """ 添加主机组时, 部门联动主机异步 """
# dept_id = request.GET.get('id', '')
# if dept_id not in ['1', '2']:
# dept = DEPT.objects.filter(id=dept_id)
# if dept:
# dept = dept[0]
# hosts = dept.asset_set.all()
# else:
# hosts = Asset.objects.all()
#
# return my_render('jasset/dept_host_ajax.html', locals(), request)
#
#
# def show_all_ajax(request):
# """ 批量修改主机时, 部门和组全部显示 """
# env = request.GET.get('env', '')
# get_id = request.GET.get('id', '')
# host = Asset.objects.filter(id=get_id)
# if host:
# host = host[0]
# return my_render('jasset/show_all_ajax.html', locals(), request)
#
#
# @require_login
# def host_search(request):
# """ 搜索主机 """
# keyword = request.GET.get('keyword')
# login_types = {'L': 'LDAP', 'M': 'MAP'}
# dept = get_session_user_info(request)[5]
# post_all = Asset.objects.filter(Q(ip__contains=keyword) |
# Q(idc__name__contains=keyword) |
# Q(bis_group__name__contains=keyword) |
# Q(comment__contains=keyword)).distinct().order_by('ip')
# if is_super_user(request):
# posts = post_all
#
# elif is_group_admin(request):
# posts = post_all.filter(dept=dept)
#
# elif is_common_user(request):
# user_id, username = get_session_user_info(request)[0:2]
# post_perm = user_perm_asset_api(username)
# posts = list(set(post_all) & set(post_perm))
# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
#
# return my_render('jasset/host_search.html', locals(), request)

165
jperm/perm_api.py
View File

@ -65,10 +65,10 @@ def perm_user_api(perm_info):
'assets': []}} 'assets': []}}
""" """
try: try:
new_users = perm_info['new']['users'] new_users = perm_info.get('new', {}).get('users', [])
new_assets = perm_info['new']['assets'] new_assets = perm_info.get('new', {}).get('assets',[])
del_users = perm_info['del']['users'] del_users = perm_info.get('del', {}).get('users', [])
del_assets = perm_info['del']['assets'] del_assets = perm_info.get('del', {}).get('assets', [])
print new_users, new_assets print new_users, new_assets
except IndexError: except IndexError:
@ -117,18 +117,151 @@ def perm_user_api(perm_info):
return results return results
def get_user_assets(user): def user_group_permed(user_group):
if isinstance(user, int): assets = user_group.asset_set.all()
user = get_object(User, id=user) asset_groups = user_group.asset_group.all()
elif isinstance(user, str):
user = get_object(User, username=user) for asset_group in asset_groups:
elif isinstance(user, User): assets.extend(asset_group.asset.all())
user = user
else: return {'assets': assets, 'asset_groups': asset_groups}
user = None
def user_permed(user):
asset_groups = []
assets = []
user_groups = user.user_group.all()
asset_groups.extend(user.asset_group.all())
assets.extend(user.asset.all())
for user_group in user_groups:
asset_groups.extend(user_group_permed(user_group).get('assets', []))
assets.extend((user_group_permed(user_group).get('asset_groups', [])))
return {'assets': assets, 'asset_groups': asset_groups}
def _public_perm_api(info):
"""
公用的用户用户组主机主机组编辑修改新建调用的api用来完成授权
info like that:
{
'type': 'new_user',
'user': 'a',
'group': ['A', 'B']
}
{
'type': 'edit_user',
'user': 'a',
'group': {'new': ['A'], 'del': []}
}
{
'type': 'del_user',
'user': ['a', 'b']
}
{
'type': 'edit_user_group',
'group': 'A',
'user': {'del': ['a', 'b'], 'new': ['c', 'd']}
}
{
'type': 'del_user_group',
'group': ['A']
}
{
'type': 'new_asset',
'asset': 'a',
'group': ['A', 'B']
}
{
'type': 'edit_asset',
'asset': 'a',
'group': {
'del': ['A', ['B'],
'new': ['C', ['D']]
}
}
{
'type': 'del_asset',
'asset': ['a', 'b']
}
{
'type': 'edit_asset_group',
'group': 'A',
'asset': {'new': ['a', 'b'], 'del': ['c', 'd']}
}
{
'type': 'del_asset_group',
'group': ['A', 'B']
}
"""
if info.get('type') == 'new_user':
new_assets = []
user = info.get('user')
user_groups = info.get('group')
for user_group in user_groups:
new_assets.extend(user_group_permed(user_group).get('assets', []))
perm_info = {
'new': {'users': [user], 'assets': new_assets}
}
elif info.get('type') == 'edit_user':
new_assets = []
del_assets = []
user = info.get('user')
new_group = info.get('group').get('new')
del_group = info.get('group').get('del')
for user_group in new_group:
new_assets.extend(user_group_permed(user_group).get('assets', []))
for user_group in del_group:
del_assets.extend((user_group_permed(user_group).get('assets', [])))
perm_info = {
'del': {'users': [user], 'assets': del_assets},
'new': {'users': [user], 'assets': new_assets}
}
elif info.get('type') == 'del_user':
user = info.get('user')
del_assets = user_permed(user).get('assets', [])
perm_info = {
'del': {'users': [user], 'assets': del_assets},
}
elif info.get('type') == 'edit_user_group':
user_group = info.get('group')
new_users = info.get('user').get('new')
del_users = info.get('user').get('del')
assets = user_group_permed(user_group).get('assets', [])
perm_info = {
'new': {'users': new_users, 'assets': assets},
'del': {'users': del_users, 'assets': assets}
}
elif info.get('type') == 'del_user_group':
assets = []
user_groups = info.get('group', [])
del_users = [user_group.user_set.all() for user_group in user_groups]
for user_group in user_groups:
assets.extend(user_group_permed(user_group).get('assets', []))
perm_info = {}
def refresh_group_api(user_group=None, asset_group=None):
"""用户组添加删除用户,主机组添加删除主机触发"""
pass