jumpserver/jasset/views.py

564 lines
23 KiB
Python

# coding:utf-8
import ast
from django.db.models import Q
from django.http import Http404
from django.http import HttpResponseRedirect
from django.template import RequestContext
from django.shortcuts import render_to_response
from models import IDC, Asset, BisGroup
from juser.models import UserGroup, DEPT
from connect import PyCrypt, KEY
from jlog.models import Log
from jumpserver.views import jasset_host_edit, pages
from jumpserver.api import *
cryptor = PyCrypt(KEY)
class RaiseError(Exception):
pass
def f_add_host(ip, port, idc, jtype, group, dept, active, comment, username='', password=''):
groups, depts = [], []
idc = IDC.objects.get(name=idc)
if jtype == 'M':
print username, password
a = Asset(ip=ip, port=port,
login_type=jtype, idc=idc,
is_active=int(active),
comment=comment,
username=username,
password=password)
else:
a = Asset(ip=ip, port=port,
login_type=jtype, idc=idc,
is_active=int(active),
comment=comment)
a.save()
all_group = BisGroup.objects.get(name='ALL')
for g in group:
c = BisGroup.objects.get(name=g)
groups.append(c)
groups.append(all_group)
for d in dept:
p = DEPT.objects.get(name=d)
depts.append(p)
a.bis_group = groups
a.dept = depts
a.save()
@require_admin
def add_host(request):
login_types = {'L': 'LDAP', 'M': 'MAP'}
header_title, path1, path2 = u'添加主机', u'资产管理', u'添加主机'
eidc = IDC.objects.exclude(name='ALL')
if is_super_user(request):
edept = DEPT.objects.all()
egroup = BisGroup.objects.exclude(name='ALL')
eusergroup = UserGroup.objects.all()
elif is_group_admin(request):
dept_id = get_user_dept(request)
user_id = request.session.get('user_id')
edept = DEPT.objects.get(id=dept_id)
egroup = edept.bisgroup_set.all()
if request.method == 'POST':
j_ip = request.POST.get('j_ip')
j_idc = request.POST.get('j_idc')
j_port = request.POST.get('j_port')
j_type = request.POST.get('j_type')
j_group = request.POST.getlist('j_group')
j_active = request.POST.get('j_active')
j_comment = request.POST.get('j_comment')
j_dept = request.POST.getlist('j_dept')
if is_group_admin(request) and not validate(request, asset_group=j_group, edept=j_dept):
emg = u'添加失败,您无权操作!'
return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request))
if Asset.objects.filter(ip=str(j_ip)):
emg = u'该IP %s 已存在!' % j_ip
return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request))
if j_type == 'M':
j_user = request.POST.get('j_user')
j_password = cryptor.encrypt(request.POST.get('j_password'))
f_add_host(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password)
else:
f_add_host(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment)
smg = u'主机 %s 添加成功' % j_ip
return render_to_response('jasset/host_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def add_host_multi(request):
header_title, path1, path2 = u'批量添加主机', u'资产管理', u'批量添加主机'
login_types = {'LDAP': 'L', 'MAP': 'M'}
dept_id = get_user_dept(request)
if request.method == 'POST':
multi_hosts = request.POST.get('j_multi').split('\n')
for host in multi_hosts:
if host == '':
break
j_ip, j_port, j_type, j_idc, j_groups, j_depts, j_active, j_comment = host.split()
j_type = login_types[j_type]
j_group = ast.literal_eval(j_groups)
j_dept = ast.literal_eval(j_depts)
if Asset.objects.filter(ip=str(j_ip)):
emg = u'该IP %s 已存在!' % j_ip
return render_to_response('jasset/host_add_multi.html', locals(),
context_instance=RequestContext(request))
if j_type == 'M':
j_user = request.POST.get('j_user')
j_password = cryptor.encrypt(request.POST.get('j_password'))
f_add_host(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password)
else:
f_add_host(j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment)
smg = u'批量添加添加成功'
return HttpResponseRedirect('/jasset/host_list/')
return render_to_response('jasset/host_add_multi.html', locals(), context_instance=RequestContext(request))
@require_admin
def batch_host_edit(request):
if request.method == 'POST':
len_table = request.POST.get('len_table')
for i in range(int(len_table)):
j_id = "editable[" + str(i) + "][j_id]"
j_ip = "editable[" + str(i) + "][j_ip]"
j_port = "editable[" + str(i) + "][j_port]"
j_dept = "editable[" + str(i) + "][j_dept]"
j_idc = "editable[" + str(i) + "][j_idc]"
j_type = "editable[" + str(i) + "][j_type]"
j_group = "editable[" + str(i) + "][j_group]"
j_active = "editable[" + str(i) + "][j_active]"
j_comment = "editable[" + str(i) + "][j_comment]"
j_id = request.POST.get(j_id).strip()
j_ip = request.POST.get(j_ip).strip()
j_port = request.POST.get(j_port).strip()
j_dept = request.POST.getlist(j_dept).strip()
j_idc = request.POST.get(j_idc).strip()
j_type = request.POST.get(j_type).strip()
j_group = request.POST.getlist(j_group)
j_active = request.POST.get(j_active).strip()
j_comment = request.POST.get(j_comment).strip()
print j_dept, j_group
#
# if is_group_admin(request) and not validate(request, asset=[j_id]):
# emg = u'删除失败,您无权操作!'
# print 'hehe'
# return HttpResponseRedirect('/jasset/host_list/')
if j_type == 'M':
j_user = "editable[" + str(i) + "][j_user]"
j_password = "editable[" + str(i) + "][j_password]"
j_user = request.POST.get(j_user).strip()
password = request.POST.get(j_password).strip()
j_password = cryptor.encrypt(password)
jasset_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment, j_user, j_password)
else:
jasset_host_edit(j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment)
return render_to_response('jasset/host_list.html')
@require_login
def list_host(request):
header_title, path1, path2 = u'查看主机', u'资产管理', u'查看主机'
login_types = {'L': 'LDAP', 'M': 'MAP'}
keyword = request.GET.get('keyword', '')
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
if is_super_user(request):
if keyword:
posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) | Q(comment__contains=keyword)).distinct().order_by('ip')
else:
posts = Asset.objects.all().order_by('ip')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
elif is_group_admin(request):
if keyword:
posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) | Q(comment__contains=keyword)).filter(dept=dept).distinct().order_by('ip')
else:
posts = Asset.objects.all().filter(dept=dept).order_by('ip')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
elif is_common_user(request):
user_id = request.session.get('user_id')
username = User.objects.get(id=user_id).name
posts = user_perm_asset_api(username)
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
print posts, username
return render_to_response('jasset/host_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def host_del(request, offset):
if offset == 'multi':
len_list = request.POST.get("len_list")
for i in range(int(len_list)):
key = "id_list[" + str(i) + "]"
jid = request.POST.get(key)
print jid
if is_group_admin(request) and not validate(request, asset=[jid]):
emg = u'删除失败,您无权操作!'
return HttpResponseRedirect('/jasset/host_list/')
a = Asset.objects.get(id=jid).ip
Asset.objects.filter(id=jid).delete()
BisGroup.objects.filter(name=a).delete()
else:
jid = int(offset)
if is_group_admin(request) and not validate(request, asset=[jid]):
emg = u'删除失败,您无权操作!'
return HttpResponseRedirect('/jasset/host_list/')
a = Asset.objects.get(id=jid).ip
BisGroup.objects.filter(name=a).delete()
Asset.objects.filter(id=jid).delete()
return HttpResponseRedirect('/jasset/host_list/')
@require_admin
def host_edit(request):
actives = {1: u'激活', 0: u'禁用'}
login_types = {'L': 'LDAP', 'M': 'MAP'}
header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机'
groups, e_group, e_dept, depts = [], [], [], []
eidc = IDC.objects.all()
egroup = BisGroup.objects.all()
edept = DEPT.objects.all()
offset = request.GET.get('id')
for g in Asset.objects.get(id=int(offset)).bis_group.all():
e_group.append(g)
for d in Asset.objects.get(id=int(offset)).dept.all():
e_dept.append(d)
post = Asset.objects.get(id=int(offset))
if request.method == 'POST':
j_ip = request.POST.get('j_ip')
j_idc = request.POST.get('j_idc')
j_port = request.POST.get('j_port')
j_type = request.POST.get('j_type')
j_dept = request.POST.getlist('j_dept')
j_group = request.POST.getlist('j_group')
j_active = request.POST.get('j_active')
j_comment = request.POST.get('j_comment')
j_idc = IDC.objects.get(name=j_idc)
if is_group_admin(request) and not validate(request, asset_group=j_group, edept=j_dept):
emg = u'修改失败,您无权操作!'
return render_to_response('jasset/host_edit.html', locals(), context_instance=RequestContext(request))
for group in j_group:
c = BisGroup.objects.get(name=group)
groups.append(c)
for dept in j_dept:
d = DEPT.objects.get(name=dept)
depts.append(d)
a = Asset.objects.get(id=int(offset))
if j_type == 'M':
if post.password == request.POST.get('j_password'):
j_password = post.password
else:
j_password = cryptor.encrypt(request.POST.get('j_password'))
j_user = request.POST.get('j_user')
a.ip = j_ip
a.port = j_port
a.login_type = j_type
a.idc = j_idc
a.is_active = int(j_active)
a.comment = j_comment
a.username = j_user
a.password = j_password
else:
a.ip = j_ip
a.port = j_port
a.idc = j_idc
a.login_type = j_type
a.is_active = int(j_active)
a.comment = j_comment
a.save()
a.bis_group = groups
a.dept = depts
a.save()
smg = u'主机 %s 修改成功' % j_ip
return HttpResponseRedirect('/jasset/host_list')
return render_to_response('jasset/host_edit.html', locals(), context_instance=RequestContext(request))
@require_login
def jlist_ip(request, offset):
header_title, path1, path2 = u'主机详细信息', u'资产管理', u'主机详情'
login_types = {'L': 'LDAP', 'S': 'SSH_KEY', 'P': 'PASSWORD', 'M': 'MAP'}
post = contact_list = Asset.objects.get(ip=str(offset))
log = Log.objects.filter(host=str(offset))
user_permed_list = asset_perm_api(Asset.objects.get(ip=str(offset)))
return render_to_response('jasset/jlist_ip.html', locals(), context_instance=RequestContext(request))
@require_super_user
def add_idc(request):
header_title, path1, path2 = u'添加IDC', u'资产管理', u'添加IDC'
if request.method == 'POST':
j_idc = request.POST.get('j_idc')
j_comment = request.POST.get('j_comment')
if IDC.objects.filter(name=j_idc):
emg = u'该IDC已存在!'
return render_to_response('jasset/idc_add.html', locals(), context_instance=RequestContext(request))
else:
smg = u'IDC:%s添加成功' % j_idc
IDC.objects.create(name=j_idc, comment=j_comment)
return render_to_response('jasset/idc_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def list_idc(request):
header_title, path1, path2 = u'查看IDC', u'资产管理', u'查看IDC'
keyword = request.GET.get('keyword', '')
if keyword:
posts = IDC.objects.filter(Q(name__contains=keyword) | Q(comment__contains=keyword))
else:
posts = IDC.objects.all().order_by('id')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/idc_list.html', locals(), context_instance=RequestContext(request))
@require_super_user
def edit_idc(request):
header_title, path1, path2 = u'编辑IDC', u'资产管理', u'编辑IDC'
edit = 1
idc_id = request.GET.get('id')
j_idc = IDC.objects.get(id=idc_id)
default = IDC.objects.get(name='默认').asset_set.all()
eposts = contact_list = Asset.objects.filter(idc=j_idc).order_by('ip')
posts = [g for g in default if g not in eposts]
if request.method == 'POST':
j_group = request.POST.get('j_idc')
j_hosts = request.POST.getlist('j_hosts')
j_comment = request.POST.get('j_comment')
idc_default = request.POST.getlist('idc_default')
for host in j_hosts:
g = Asset.objects.get(id=host)
Asset.objects.filter(id=host).update(idc=j_idc)
for host in idc_default:
g = Asset.objects.get(id=host)
i = IDC.objects.get(name='默认')
Asset.objects.filter(id=host).update(idc=i)
return HttpResponseRedirect('/jasset/idc_detail/?id=%s' % idc_id)
return render_to_response('jasset/idc_add.html', locals(), context_instance=RequestContext(request))
@require_super_user
def del_idc(request, offset):
if offset == 'multi':
len_list = request.POST.get("len_list")
for i in range(int(len_list)):
key = "id_list[" + str(i) + "]"
gid = request.POST.get(key)
IDC.objects.filter(id=gid).delete()
else:
gid = int(offset)
IDC.objects.filter(id=gid).delete()
return HttpResponseRedirect('/jasset/idc_list/')
@require_admin
def add_group(request):
header_title, path1, path2 = u'添加主机组', u'资产管理', u'添加主机组'
if is_super_user(request):
posts = Asset.objects.all()
edept = DEPT.objects.all()
elif is_group_admin(request):
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
posts = Asset.objects.filter(dept=dept)
edept = DEPT.objects.get(id=dept_id)
if request.method == 'POST':
j_group = request.POST.get('j_group')
j_dept = request.POST.get('j_dept')
j_hosts = request.POST.getlist('j_hosts')
j_comment = request.POST.get('j_comment')
if is_group_admin(request) and not validate(request, asset=j_hosts, edept=[j_dept]):
emg = u'添加失败,您无权操作!'
return render_to_response('jasset/group_add.html', locals(), context_instance=RequestContext(request))
j_dept = DEPT.objects.get(name=j_dept)
if BisGroup.objects.filter(name=j_group):
emg = u'该主机组已存在!'
return render_to_response('jasset/group_add.html', locals(), context_instance=RequestContext(request))
else:
BisGroup.objects.create(name=j_group, dept=j_dept, comment=j_comment)
group = BisGroup.objects.get(name=j_group)
for host in j_hosts:
g = Asset.objects.get(id=host)
group.asset_set.add(g)
smg = u'主机组%s添加成功' % j_group
return render_to_response('jasset/group_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def list_group(request):
header_title, path1, path2 = u'查看主机组', u'资产管理', u'查看主机组'
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
keyword = request.GET.get('keyword', '')
if is_super_user(request):
if keyword:
posts = BisGroup.objects.exclude(name='ALL').filter(Q(name__contains=keyword) | Q(comment__contains=keyword))
else:
posts = BisGroup.objects.exclude(name='ALL').order_by('id')
elif is_group_admin(request):
if keyword:
posts = BisGroup.objects.filter(Q(name__contains=keyword) | Q(comment__contains=keyword)).filter(dept=dept)
else:
posts = BisGroup.objects.filter(dept=dept).order_by('id')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/group_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def edit_group(request):
header_title, path1, path2 = u'编辑主机组', u'资产管理', u'编辑主机组'
group_id = request.GET.get('id')
group = BisGroup.objects.get(id=group_id)
all = Asset.objects.all()
dept_id = get_user_dept(request)
eposts = contact_list = Asset.objects.filter(bis_group=group).order_by('ip')
if is_super_user(request):
edept = DEPT.objects.all()
posts = [g for g in all if g not in eposts]
elif is_group_admin(request):
dept = DEPT.objects.get(id=dept_id)
all_dept = Asset.objects.filter(dept=dept)
posts = [g for g in all_dept if g not in eposts]
if request.method == 'POST':
j_group = request.POST.get('j_group')
j_hosts = request.POST.getlist('j_hosts')
j_comment = request.POST.get('j_comment')
group.asset_set.clear()
for host in j_hosts:
g = Asset.objects.get(id=host)
group.asset_set.add(g)
BisGroup.objects.filter(id=group_id).update(name=j_group, comment=j_comment)
smg = u'主机组%s修改成功' % j_group
return HttpResponseRedirect('/jasset/group_detail/?id=%s' % group_id)
return render_to_response('jasset/group_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def detail_group(request):
header_title, path1, path2 = u'主机组详情', u'资产管理', u'主机组详情'
login_types = {'L': 'LDAP', 'S': 'SSH_KEY', 'P': 'PASSWORD', 'M': 'MAP'}
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
group_id = request.GET.get('id')
group_name = BisGroup.objects.get(id=group_id).name
b = BisGroup.objects.get(id=group_id)
if is_super_user(request):
posts = Asset.objects.filter(bis_group=b).order_by('ip')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
elif is_group_admin(request):
posts = Asset.objects.filter(bis_group=b).filter(dept=dept).order_by('ip')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/group_detail.html', locals(), context_instance=RequestContext(request))
def detail_idc(request):
header_title, path1, path2 = u'IDC详情', u'资产管理', u'IDC详情'
login_types = {'L': 'LDAP', 'M': 'MAP'}
idc_id = request.GET.get('id')
idc_name = IDC.objects.get(id=idc_id).name
b = IDC.objects.get(id=idc_id)
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
if is_super_user(request):
posts = Asset.objects.filter(idc=b).order_by('ip')
elif is_group_admin(request):
posts = Asset.objects.filter(idc=b).filter(dept=dept).order_by('ip')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/idc_detail.html', locals(), context_instance=RequestContext(request))
@require_admin
def group_del_host(request, offset):
if request.method == 'POST':
group_name = request.POST.get('group_name')
if offset == 'group':
group = BisGroup.objects.get(name=group_name)
elif offset == 'idc':
group = IDC.objects.get(name=group_name)
len_list = request.POST.get("len_list")
for i in range(int(len_list)):
key = "id_list[" + str(i) + "]"
jid = request.POST.get(key)
g = Asset.objects.get(id=jid)
if offset == 'group':
group.asset_set.remove(g)
elif offset == 'idc':
Asset.objects.filter(id=jid).delete()
BisGroup.objects.filter(name=g.ip).delete()
return HttpResponseRedirect('/jasset/%s_detail/?id=%s' % (offset, group.id))
@require_admin
def group_del(request, offset):
if offset == 'multi':
len_list = request.POST.get("len_list")
for i in range(int(len_list)):
key = "id_list[" + str(i) + "]"
gid = request.POST.get(key)
BisGroup.objects.filter(id=gid).delete()
else:
gid = int(offset)
BisGroup.objects.filter(id=gid).delete()
return HttpResponseRedirect('/jasset/jgroup_list/')
def host_search(request):
keyword = request.GET.get('keyword')
login_types = {'L': 'LDAP', 'M': 'MAP'}
dept_id = get_user_dept(request)
dept = DEPT.objects.get(id=dept_id)
if is_super_user(request):
posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) | Q(
comment__contains=keyword)).distinct().order_by('ip')
elif is_group_admin(request):
posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
Q(bis_group__name__contains=keyword) | Q(
comment__contains=keyword)).filter(dept=dept).distinct().order_by('ip')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/host_search.html', locals(), context_instance=RequestContext(request))