github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity
jumpserver/jperm/views.py

801 lines
32 KiB
Python
Raw Blame History

# coding: utf-8
import sys
reload(sys)
sys.setdefaultencoding('utf8')
import datetime
from django.core.mail import send_mail
from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect, HttpResponse
from django.template import RequestContext
from juser.models import User, UserGroup, DEPT
from jasset.models import Asset, BisGroup
from jperm.models import Perm, SudoPerm, CmdGroup, Apply
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.db.models import Q
from jumpserver.views import LDAP_ENABLE, ldap_conn, CONF, page_list_return, pages
from jumpserver.api import *
def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''):
asset_groups_select_list = []
cmd_groups_select_list = []
for asset_group_id in asset_groups_select:
asset_groups_select_list.extend(BisGroup.objects.filter(id=asset_group_id))
for cmd_group_id in cmd_groups_select:
cmd_groups_select_list.extend(CmdGroup.objects.filter(id=cmd_group_id))
return asset_groups_select_list, cmd_groups_select_list
@require_admin
def perm_add(request):
header_title, path1, path2 = u'主机授权添加', u'授权管理', u'授权添加'
if request.method == 'GET':
user_groups = UserGroup.objects.filter(id__gt=2)
asset_groups = BisGroup.objects.all()
else:
name = request.POST.get('name', '')
user_groups_select = request.POST.getlist('user_groups_select')
asset_groups_select = request.POST.getlist('asset_groups_select')
comment = request.POST.get('comment', '')
user_groups, asset_groups = user_asset_cmd_groups_get(user_groups_select, asset_groups_select, '')[0:2]
perm = Perm(name=name, comment=comment)
perm.save()
perm.user_group = user_groups
perm.asset_group = asset_groups
msg = '添加成功'
return render_to_response('jperm/perm_add.html', locals(), context_instance=RequestContext(request))
def dept_add_asset(dept_id, asset_list):
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
new_perm_asset = []
for asset_id in asset_list:
asset = Asset.objects.filter(id=asset_id)
new_perm_asset.extend(asset)
dept.asset_set.clear()
dept.asset_set = new_perm_asset
@require_super_user
def dept_perm_edit(request):
header_title, path1, path2 = u'部门授权添加', u'授权管理', u'部门授权添加'
if request.method == 'GET':
dept_id = request.GET.get('id', '')
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
asset_all = Asset.objects.all()
asset_select = dept.asset_set.all()
assets = [asset for asset in asset_all if asset not in asset_select]
else:
dept_id = request.POST.get('dept_id')
asset_select = request.POST.getlist('asset_select')
dept_add_asset(dept_id, asset_select)
return HttpResponseRedirect('/jperm/dept_perm_list/')
return render_to_response('jperm/dept_perm_edit.html', locals(), context_instance=RequestContext(request))
@require_super_user
def perm_list(request):
header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
keyword = request.GET.get('search', '')
if keyword:
contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
else:
contact_list = UserGroup.objects.all().order_by('name')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_list_adm(request):
header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
keyword = request.GET.get('search', '')
user, dept = get_session_user_dept(request)
contact_list = dept.usergroup_set.all().order_by('name')
if keyword:
contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
@require_super_user
def dept_perm_list(request):
header_title, path1, path2 = '查看部门', '授权管理', '部门授权'
keyword = request.GET.get('search')
if keyword:
contact_list = DEPT.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)).order_by('name')
else:
contact_list = DEPT.objects.filter(id__gt=1)
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('jperm/dept_perm_list.html', locals(), context_instance=RequestContext(request))
def perm_group_update(user_group_id, asset_groups_id_list):
user_group = UserGroup.objects.filter(id=user_group_id)
if user_group:
user_group = user_group[0]
old_asset_group = [perm.asset_group for perm in user_group.perm_set.all()]
new_asset_group = []
for asset_group_id in asset_groups_id_list:
new_asset_group.extend(BisGroup.objects.filter(id=asset_group_id))
del_asset_group = [asset_group for asset_group in old_asset_group if asset_group not in new_asset_group]
add_asset_group = [asset_group for asset_group in new_asset_group if asset_group not in old_asset_group]
for asset_group in del_asset_group:
Perm.objects.filter(user_group=user_group, asset_group=asset_group).delete()
for asset_group in add_asset_group:
Perm(user_group=user_group, asset_group=asset_group).save()
@require_super_user
def perm_edit(request):
if request.method == 'GET':
header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑'
user_group_id = request.GET.get('id', '')
user_group = UserGroup.objects.filter(id=user_group_id)
if user_group:
user_group = user_group[0]
asset_groups_all = BisGroup.objects.all()
asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()]
asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select]
else:
user_group_id = request.POST.get('user_group_id')
asset_group_id_list = request.POST.getlist('asset_groups_select')
perm_group_update(user_group_id, asset_group_id_list)
return HttpResponseRedirect('/jperm/perm_list/')
return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_edit_adm(request):
if request.method == 'GET':
header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑'
user_group_id = request.GET.get('id', '')
user_group = UserGroup.objects.filter(id=user_group_id)
user, dept = get_session_user_dept(request)
if user_group:
user_group = user_group[0]
asset_groups_all = dept.bisgroup_set.all()
asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()]
asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select]
else:
user_group_id = request.POST.get('user_group_id')
asset_group_id_list = request.POST.getlist('asset_groups_select')
if not validate(request, user_group=[user_group_id], asset_group=asset_group_id_list):
return HttpResponseRedirect('/jperm/perm_list/')
perm_group_update(user_group_id, asset_group_id_list)
return HttpResponseRedirect('/jperm/perm_list/')
return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_detail(request):
header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权详情'
perm_id = request.GET.get('id')
perm = Perm.objects.filter(id=perm_id)
if perm:
perm = perm[0]
user_groups = perm.user_group.all()
asset_groups = perm.asset_group.all()
users_list = []
assets_list = []
for user_group in user_groups:
users_list.extend(user_group.user_set.all())
for asset_group in asset_groups:
assets_list.extend(asset_group.asset_set.all())
return render_to_response('jperm/perm_detail.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_del(request):
perm_id = request.GET.get('id')
perm = Perm.objects.filter(id=perm_id)
if perm:
perm = perm[0]
perm.delete()
return HttpResponseRedirect('/jperm/perm_list/')
@require_admin
def perm_asset_detail(request):
header_title, path1, path2 = u'用户授权主机', u'权限管理', u'用户主机详情'
user_id = request.GET.get('id')
user = User.objects.filter(id=user_id)
if user:
user = user[0]
assets_list = user_perm_asset_api(user.username)
return render_to_response('jperm/perm_asset_detail.html', locals(), context_instance=RequestContext(request))
# def sudo_db_add(name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment):
# user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
# user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
#
# sudo_perm = SudoPerm(name=name, user_runas=user_runas, comment=comment)
# sudo_perm.save()
# sudo_perm.user_group = user_groups_select_list
# sudo_perm.asset_group = asset_groups_select_list
# sudo_perm.cmd_group = cmd_groups_select_list
def unicode2str(unicode_list):
return [str(i) for i in unicode_list]
def sudo_ldap_add(user_group, user_runas, asset_groups_select,
cmd_groups_select):
if not LDAP_ENABLE:
return True
assets = []
cmds = []
user_runas = user_runas.split(',')
if len(asset_groups_select) == 1 and asset_groups_select[0].name == 'ALL':
asset_all = True
else:
asset_all = False
for asset_group in asset_groups_select:
assets.extend(asset_group.asset_set.all())
if user_group.name == 'ALL':
user_all = True
users = []
else:
user_all = False
users = user_group.user_set.all()
for cmd_group in cmd_groups_select:
cmds.extend(cmd_group.cmd.split(','))
if user_all:
users_name = ['ALL']
else:
users_name = list(set([user.username for user in users]))
if asset_all:
assets_ip = ['ALL']
else:
assets_ip = list(set([asset.ip for asset in assets]))
name = 'sudo%s' % user_group.id
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'],
'cn': ['%s' % name],
'sudoCommand': unicode2str(cmds),
'sudoHost': unicode2str(assets_ip),
'sudoOption': ['!authenticate'],
'sudoRunAsUser': unicode2str(user_runas),
'sudoUser': unicode2str(users_name)}
print sudo_dn
ldap_conn.delete(sudo_dn)
ldap_conn.add(sudo_dn, sudo_attr)
def sudo_update(user_group, user_runas, asset_groups_select, cmd_groups_select, comment):
asset_groups_select_list, cmd_groups_select_list = \
asset_cmd_groups_get(asset_groups_select, cmd_groups_select)
sudo_perm = user_group.sudoperm_set.all()
if sudo_perm:
sudo_perm.update(user_runas=user_runas, comment=comment)
sudo_perm = sudo_perm[0]
sudo_perm.asset_group = asset_groups_select_list
sudo_perm.cmd_group = cmd_groups_select_list
else:
sudo_perm = SudoPerm(user_group=user_group, user_runas=user_runas, comment=comment)
sudo_perm.save()
sudo_perm.asset_group = asset_groups_select_list
sudo_perm.cmd_group = cmd_groups_select_list
sudo_ldap_add(user_group, user_runas, asset_groups_select_list, cmd_groups_select_list)
# @require_super_user
# def sudo_add(request):
# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限'
# user_groups = UserGroup.objects.filter(id__gt=2)
# asset_groups = BisGroup.objects.all()
# cmd_groups = CmdGroup.objects.all()
#
# if request.method == 'POST':
# name = request.POST.get('name')
# users_runas = request.POST.get('runas', 'root')
# user_groups_select = request.POST.getlist('user_groups_select')
# asset_groups_select = request.POST.getlist('asset_groups_select')
# cmd_groups_select = request.POST.getlist('cmd_groups_select')
# comment = request.POST.get('comment', '')
#
# if LDAP_ENABLE:
# sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment)
# sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select)
#
# msg = '添加成功'
# return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
# @require_admin
# def sudo_add_adm(request):
# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限'
# user, dept = get_session_user_dept(request)
# user_groups = dept.usergroup_set.filter(id__gt=2)
# asset_groups = dept.bisgroup_set.all()
# cmd_groups = CmdGroup.objects.all()
#
# if request.method == 'POST':
# name = request.POST.get('name')
# users_runas = request.POST.get('runas', 'root')
# user_groups_select = request.POST.getlist('user_groups_select')
# asset_groups_select = request.POST.getlist('asset_groups_select')
# cmd_groups_select = request.POST.getlist('cmd_groups_select')
# comment = request.POST.get('comment', '')
#
# if LDAP_ENABLE:
# sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment)
# sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select)
#
# msg = '添加成功'
# return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
@require_super_user
def sudo_list(request):
header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情'
keyword = request.GET.get('search', '')
contact_list = UserGroup.objects.all().order_by('name')
if keyword:
contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('jperm/sudo_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_list_adm(request):
header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情'
keyword = request.GET.get('search', '')
user, dept = get_session_user_dept(request)
contact_list = dept.usergroup_set.all().order_by('name')
if keyword:
contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('jperm/sudo_list.html', locals(), context_instance=RequestContext(request))
@require_super_user
def sudo_edit(request):
header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo授权'
if request.method == 'GET':
user_group_id = request.GET.get('id', '0')
user_group = UserGroup.objects.filter(id=user_group_id)
asset_group_all = BisGroup.objects.filter()
cmd_group_all = CmdGroup.objects.all()
if user_group:
user_group = user_group[0]
sudo_perm = user_group.sudoperm_set.all()
if sudo_perm:
sudo_perm = sudo_perm[0]
asset_group_permed = sudo_perm.asset_group.all()
cmd_group_permed = sudo_perm.cmd_group.all()
user_runas = sudo_perm.user_runas
comment = sudo_perm.comment
else:
asset_group_permed = []
cmd_group_permed = []
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
cmd_groups = [cmd_group for cmd_group in cmd_group_all if cmd_group not in cmd_group_permed]
else:
user_group_id = request.POST.get('user_group_id', '')
users_runas = request.POST.get('runas', 'root')
asset_groups_select = request.POST.getlist('asset_groups_select')
cmd_groups_select = request.POST.getlist('cmd_groups_select')
comment = request.POST.get('comment', '')
user_group = UserGroup.objects.filter(id=user_group_id)
if user_group:
user_group = user_group[0]
if LDAP_ENABLE:
sudo_update(user_group, users_runas, asset_groups_select, cmd_groups_select, comment)
msg = '修改成功'
return HttpResponseRedirect('/jperm/sudo_list/')
return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_edit_adm(request):
header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo授权'
user, dept = get_session_user_dept(request)
if request.method == 'GET':
user_group_id = request.GET.get('id', '0')
if not validate(request, user_group=[user_group_id]):
return render_to_response('/jperm/sudo_list/')
user_group = UserGroup.objects.filter(id=user_group_id)
asset_group_all = dept.bisgroup_set.all()
cmd_group_all = dept.cmdgroup_set.all()
if user_group:
user_group = user_group[0]
sudo_perm = user_group.sudoperm_set.all()
if sudo_perm:
sudo_perm = sudo_perm[0]
asset_group_permed = sudo_perm.asset_group.all()
cmd_group_permed = sudo_perm.cmd_group.all()
user_runas = sudo_perm.user_runas
comment = sudo_perm.comment
else:
asset_group_permed = []
cmd_group_permed = []
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
cmd_groups = [cmd_group for cmd_group in cmd_group_all if cmd_group not in cmd_group_permed]
else:
user_group_id = request.POST.get('user_group_id', '')
users_runas = request.POST.get('runas', 'root')
asset_groups_select = request.POST.getlist('asset_groups_select')
cmd_groups_select = request.POST.getlist('cmd_groups_select')
comment = request.POST.get('comment', '')
user_group = UserGroup.objects.filter(id=user_group_id)
if not validate(request, user_group=[user_group_id], asset_group=asset_groups_select):
return render_to_response('/jperm/sudo_list/')
if user_group:
user_group = user_group[0]
if LDAP_ENABLE:
sudo_update(user_group, users_runas, asset_groups_select, cmd_groups_select, comment)
msg = '修改成功'
return HttpResponseRedirect('/jperm/sudo_list/')
return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_refresh(request):
sudo_perm_all = SudoPerm.objects.all()
for sudo_perm in sudo_perm_all:
user_group = sudo_perm.user_group
user_runas = sudo_perm.user_runas
asset_groups_select = sudo_perm.asset_group.all()
cmd_groups_select = sudo_perm.cmd_group.all()
sudo_ldap_add(user_group, user_runas, asset_groups_select, cmd_groups_select)
return HttpResponse('ok')
# @require_admin
# def sudo_detail(request):
# header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情'
# sudo_perm_id = request.GET.get('id')
# sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id)
# if sudo_perm:
# sudo_perm = sudo_perm[0]
# user_groups = sudo_perm.user_group.all()
# asset_groups = sudo_perm.asset_group.all()
# cmd_groups = sudo_perm.cmd_group.all()
#
# users_list = []
# assets_list = []
# cmds_list = []
#
# for user_group in user_groups:
# users_list.extend(user_group.user_set.all())
# for asset_group in asset_groups:
# assets_list.extend(asset_group.asset_set.all())
# for cmd_group in cmd_groups:
# cmds_list.append({cmd_group.name: cmd_group.cmd.split(',')})
#
# return render_to_response('jperm/sudo_detail.html', locals(), context_instance=RequestContext(request))
# @require_admin
# def sudo_del(request):
# sudo_perm_id = request.GET.get('id', '0')
# sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id))
# if sudo_perm:
# name = sudo_perm[0].name
# sudo_perm.delete()
# sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN)
# ldap_conn.delete(sudo_dn)
# return HttpResponseRedirect('/jperm/sudo_list/')
@require_super_user
def cmd_add(request):
header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加'
dept_all = DEPT.objects.all()
if request.method == 'POST':
name = request.POST.get('name')
dept_id = request.POST.get('dept_id')
cmd = ','.join(request.POST.get('cmd').split())
comment = request.POST.get('comment')
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
else:
error = u"部门不能为空"
msg = u'命令组添加成功'
return HttpResponseRedirect('/jperm/cmd_list/')
return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def cmd_add_adm(request):
header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加'
user, dept = get_session_user_dept(request)
if request.method == 'POST':
name = request.POST.get('name')
cmd = ','.join(request.POST.get('cmd').split())
comment = request.POST.get('comment')
CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
msg = u'命令组添加成功'
return HttpResponseRedirect('/jperm/cmd_list/')
return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def cmd_edit(request):
header_title, path1, path2 = u'sudo命令修改', u'授权管理管理', u'命令组修改'
cmd_group_id = request.GET.get('id')
cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
if cmd_group:
cmd_group = cmd_group[0]
cmd_group_id = cmd_group.id
name = cmd_group.name
cmd = '\n'.join(cmd_group.cmd.split(','))
comment = cmd_group.comment
if request.method == 'POST':
cmd_group_id = request.POST.get('cmd_group_id')
name = request.POST.get('name')
cmd = ','.join(request.POST.get('cmd').split())
comment = request.POST.get('comment')
cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
if cmd_group:
cmd_group.update(name=name, cmd=cmd, comment=comment)
return HttpResponseRedirect('/jperm/cmd_list/')
return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def cmd_list(request):
header_title, path1, path2 = u'sudo命令查看', u'权限管理', u'Sudo命令添加'
if request.session.get('role_id', '0') == '2':
cmd_groups = contact_list = CmdGroup.objects.all()
else:
user, dept = get_session_user_dept(request)
cmd_groups = contact_list = dept.cmdgroup_set.all()
p = paginator = Paginator(contact_list, 10)
try:
page = int(request.GET.get('page', '1'))
except ValueError:
page = 1
try:
contacts = paginator.page(page)
except (EmptyPage, InvalidPage):
contacts = paginator.page(paginator.num_pages)
return render_to_response('jperm/sudo_cmd_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def cmd_del(request):
cmd_group_id = request.GET.get('id')
cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
if cmd_group:
cmd_group[0].delete()
return HttpResponseRedirect('/jperm/cmd_list/')
@require_login
def perm_apply(request):
header_title, path1, path2 = u'主机权限申请', u'权限管理', u'申请主机'
user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).username
dept_id = get_user_dept(request)
deptname = DEPT.objects.get(id=dept_id).name
dept = DEPT.objects.get(id=dept_id)
posts = Asset.objects.filter(dept=dept)
egroup = dept.bisgroup_set.all()
dept_da = User.objects.filter(dept_id=dept_id, role='DA')
if request.method == 'POST':
applyer = request.POST.get('applyer')
dept = request.POST.get('dept')
da = request.POST.get('da')
group = request.POST.getlist('group')
hosts = request.POST.getlist('hosts')
comment = request.POST.get('comment')
da = User.objects.get(id=da)
mail_address = da.email
mail_title = '%s - 权限申请' % username
group_lis = ', '.join(group)
hosts_lis = ', '.join(hosts)
time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, asset=hosts, status=0, comment=comment)
uuid = Apply.objects.get(applyer=applyer, asset=hosts, comment=comment).uuid
url = "http://127.0.0.1:8000/jperm/apply_exec/?uuid=%s" % uuid
mail_msg = """
Hi,%s:
有新的权限申请, 详情如下:
申请人: %s
申请主机组: %s
申请的主机: %s
申请时间: %s
申请说明: %s
请及时审批, 审批完成后点击以下链接,告知申请人。
%s
""" % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url)
send_mail(mail_title, mail_msg, 'jumpserver@163.com', [mail_address], fail_silently=False)
smg = "提交成功,已发邮件通知部门管理员。"
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_apply_exec(request):
header_title, path1, path2 = u'主机权限申请', u'权限管理', u'审批完成'
uuid = request.GET.get('uuid')
if uuid:
p_apply = Apply.objects.filter(uuid=str(uuid))
q_apply = Apply.objects.get(uuid=str(uuid))
if q_apply.status == 1:
smg = '此权限已经审批完成, 请勿重复审批, 十秒钟后返回首页'
return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request))
else:
user = User.objects.get(username=q_apply.applyer)
mail_address = user.email
time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
p_apply.update(status=1, date_end=time_now)
mail_title = '%s - 权限审批完成' % q_apply.applyer
mail_msg = """
Hi,%s:
您所申请的权限已由 %s%s 审批完成, 请登录验证。
""" % (q_apply.applyer, q_apply.approver, time_now)
send_mail(mail_title, mail_msg, 'jkfunshion@fun.tv', [mail_address], fail_silently=False)
smg = '授权完成, 已邮件通知申请人, 十秒钟后返回首页'
return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request))
else:
smg = '没有此授权, 十秒钟后返回首页'
return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request))
def get_apply_posts(request, status, username, dept_name, keyword=None):
if is_super_user(request):
if keyword:
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=status).order_by('-date_add')
else:
posts = Apply.objects.filter(status=status).order_by('-date_add')
elif is_group_admin(request):
if keyword:
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=status).filter(dept=dept_name).order_by('-date_add')
else:
posts = Log.objects.filter(status=status).filter(dept=dept_name).order_by('-date_add')
elif is_common_user(request):
if keyword:
posts = Apply.objects.filter(applyer=username).filter(status=status).filter(Q(applyer__contains=keyword) |
Q(asset__contains=keyword)).order_by('-date_add')
else:
posts = Apply.objects.filter(applyer=username).filter(status=status).order_by('-date_add')
return posts
@require_login
def perm_apply_log(request, offset):
header_title, path1, path2 = u'权限申请记录', u'权限管理', u'申请记录'
keyword = request.GET.get('keyword')
dept_id = get_user_dept(request)
dept_name = DEPT.objects.get(id=dept_id).name
user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).username
if offset == 'online':
posts = get_apply_posts(request, 0, username, dept_name, keyword)
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jperm/perm_log_online.html', locals(), context_instance=RequestContext(request))
elif offset == 'offline':
posts = get_apply_posts(request, 1, username, dept_name, keyword)
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jperm/perm_log_offline.html', locals(), context_instance=RequestContext(request))
def perm_apply_info(request):
uuid = request.GET.get('uuid')
post = Apply.objects.get(uuid=uuid)
return render_to_response('jperm/perm_apply_info.html', locals(), context_instance=RequestContext(request))
def perm_apply_search(request):
keyword = request.GET.get('keyword')
env = request.GET.get('env')
dept_id = get_user_dept(request)
dept_name = DEPT.objects.get(id=dept_id).name
user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).username
if is_super_user(request):
if env == 'online':
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=0).order_by('-date_add')
elif env == 'offline':
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=1).order_by('-date_add')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
elif is_group_admin(request):
if env == 'online':
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=0).filter(dept_name=dept_name).order_by('-date_add')
elif env == 'offline':
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=1).filter(dept_name=dept_name).order_by('-date_add')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
elif is_common_user(request):
if env == 'online':
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=0).filter(user=username).order_by('-date_add')
elif env == 'offline':
posts = Apply.objects.filter(Q(applyer__contains=keyword) | Q(approver__contains=keyword)) \
.filter(status=1).filter(applyer=username).order_by('-date_add')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jperm/perm_apply_search.html', locals(), context_instance=RequestContext(request))
Reference in New Issue View Git Blame Copy Permalink