lock/unlock ops-policy works now.

2017-11-01 00:16:11 +08:00 · 2017-11-01 00:16:11 +08:00 · 40e0d1cc11
parent 70a5e7e452
commit 40e0d1cc11
4 changed files with 137 additions and 42 deletions
--- a/server/www/teleport/static/js/ops/auz-list.js
+++ b/server/www/teleport/static/js/ops/auz-list.js
@ -501,33 +501,86 @@ $app.get_selected_policy = function (tbl) {
 };

 $app.on_btn_lock_click = function () {
+    var items = $app.get_selected_policy($app.table_policy);
+    if (items.length === 0) {
+        $tp.notify_error('请选择要禁用的授权策略！');
+        return;
+    }
+
+    $tp.ajax_post_json('/ops/policies/update', {
+            action: 'lock',
+            policy_ids: items
+        },
+        function (ret) {
+            if (ret.code === TPE_OK) {
+                CALLBACK_STACK.create()
+                    .add($app.check_host_all_selected)
+                    .add($app.table_policy.load_data)
+                    .exec();
+                $tp.notify_success('禁用授权策略操作成功！');
+            } else {
+                $tp.notify_error('禁用授权策略操作失败：' + tp_error_msg(ret.code, ret.message));
+            }
+        },
+        function () {
+            $tp.notify_error('网络故障，禁用授权策略操作失败！');
+        }
+    );
 };

 $app.on_btn_unlock_click = function () {
+    var items = $app.get_selected_policy($app.table_policy);
+    if (items.length === 0) {
+        $tp.notify_error('请选择要解禁的授权策略！');
+        return;
+    }
+
+    $tp.ajax_post_json('/ops/policies/update', {
+            action: 'unlock',
+            policy_ids: items
+        },
+        function (ret) {
+            if (ret.code === TPE_OK) {
+                CALLBACK_STACK.create()
+                    .add($app.check_host_all_selected)
+                    .add($app.table_policy.load_data)
+                    .exec();
+                $tp.notify_success('解禁授权策略操作成功！');
+            } else {
+                $tp.notify_error('解禁授权策略操作失败：' + tp_error_msg(ret.code, ret.message));
+            }
+        },
+        function () {
+            $tp.notify_error('网络故障，解禁授权策略操作失败！');
+        }
+    );
 };

 $app.on_btn_remove_click = function () {
    var items = $app.get_selected_policy($app.table_policy);
    if (items.length === 0) {
-        $tp.notify_error('请选择要删除的主机！');
+        $tp.notify_error('请选择要删除的授权策略！');
        return;
    }

    var _fn_sure = function (cb_stack, cb_args) {
-        $tp.ajax_post_json('/asset/remove-hosts', {hosts: items},
+        $tp.ajax_post_json('/ops/policies/update', {
+                action: 'remove',
+                policy_ids: items
+            },
            function (ret) {
                if (ret.code === TPE_OK) {
                    cb_stack.add($app.check_host_all_selected);
                    cb_stack.add($app.table_policy.load_data);
-                    $tp.notify_success('删除主机操作成功！');
+                    $tp.notify_success('删除授权策略操作成功！');
                } else {
-                    $tp.notify_error('删除主机操作失败：' + tp_error_msg(ret.code, ret.message));
+                    $tp.notify_error('删除授权策略操作失败：' + tp_error_msg(ret.code, ret.message));
                }

                cb_stack.exec();
            },
            function () {
-                $tp.notify_error('网络故障，删除主机操作失败！');
+                $tp.notify_error('网络故障，删除授权策略操作失败！');
                cb_stack.exec();
            }
        );
@ -535,7 +588,7 @@ $app.on_btn_remove_click = function () {

    var cb_stack = CALLBACK_STACK.create();
    $tp.dlg_confirm(cb_stack, {
-        msg: '<div class="alert alert-danger"><p><strong>注意：删除操作不可恢复！！</strong></p><p>删除主机将同时删除与之相关的账号，并将主机和账号从所在分组中移除，同时删除所有相关授权！</p></div><p>如果您希望临时禁止登录指定主机，可将其“禁用”！</p><p>您确定要移除选定的' + items.length + '个主机吗？</p>',
+        msg: '<div class="alert alert-danger"><p><strong>注意：删除操作不可恢复！！</strong></p></div><p>如果您希望临时禁止指定的授权策略，可将其“禁用”！</p><p>您确定要移除选定的' + items.length + '个授权策略吗？</p>',
        fn_yes: _fn_sure
    });

--- a/server/www/teleport/webroot/app/controller/init.py
+++ b/server/www/teleport/webroot/app/controller/init.py
@ -143,6 +143,8 @@ controllers = [
    (r'/ops/get-policies', ops.DoGetPoliciesHandler),
    #  - [json] 添加/更新策略
    (r'/ops/policy/update', ops.DoUpdatePolicyHandler),
+    #  - [json] 禁用/解禁/删除策略
+    (r'/ops/policies/update', ops.DoUpdatePoliciesHandler),
    #  - [json] 向指定策略中添加对象（操作者或资产）
    (r'/ops/policy/add-members', ops.DoAddMembersHandler),
    #  - [json] 从指定策略中移除对象（操作者或资产）
--- a/server/www/teleport/webroot/app/controller/ops.py
+++ b/server/www/teleport/webroot/app/controller/ops.py
@ -342,6 +342,40 @@ class DoUpdatePolicyHandler(TPBaseJsonHandler):
        self.write_json(err, data=info)


+class DoUpdatePoliciesHandler(TPBaseJsonHandler):
+    def post(self):
+        ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ)
+        if ret != TPE_OK:
+            return
+
+        args = self.get_argument('args', None)
+        if args is None:
+            return self.write_json(TPE_PARAM)
+        try:
+            args = json.loads(args)
+        except:
+            return self.write_json(TPE_JSON_FORMAT)
+
+        try:
+            action = args['action']
+            p_ids = args['policy_ids']
+        except:
+            log.e('\n')
+            return self.write_json(TPE_PARAM)
+
+        if action == 'lock':
+            err = ops.update_policies_state(self, p_ids, TP_STATE_DISABLED)
+            return self.write_json(err)
+        elif action == 'unlock':
+            err = ops.update_policies_state(self, p_ids, TP_STATE_NORMAL)
+            return self.write_json(err)
+        elif action == 'remove':
+            err = ops.remove_policies(self, p_ids)
+            return self.write_json(err)
+        else:
+            return self.write_json(TPE_PARAM)
+
+
 class DoAddMembersHandler(TPBaseJsonHandler):
    def post(self):
        ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ)
--- a/server/www/teleport/webroot/app/model/ops.py
+++ b/server/www/teleport/webroot/app/model/ops.py
@ -142,42 +142,48 @@ def update_policy(handler, args):
    return TPE_OK


-# def remove_policy(handler, policies):
-#     s = SQL(get_db())
-#
-#     user_list = [str(i) for i in users]
-#
-#     # 1. 获取用户名称，用于记录系统日志
-#     where = 'u.id IN ({})'.format(','.join(user_list))
-#     err = s.select_from('user', ['username'], alt_name='u').where(where).query()
-#     if err != TPE_OK:
-#         return err
-#     if len(s.recorder) == 0:
-#         return TPE_NOT_EXISTS
-#
-#     name_list = [n['username'] for n in s.recorder]
-#
-#     # 将用户从所在组中移除
-#     where = 'type={} AND mid IN ({})'.format(TP_GROUP_USER, ','.join(user_list))
-#     err = s.reset().delete_from('group_map').where(where).exec()
-#     if err != TPE_OK:
-#         return err
-#
-#     # sql = 'DELETE FROM `{}group_map` WHERE (type=1 AND ({}));'.format(db.table_prefix, where)
-#     # if not db.exec(sql):
-#     #     return TPE_DATABASE
-#
-#     where = 'id IN ({})'.format(','.join(user_list))
-#     err = s.reset().delete_from('user').where(where).exec()
-#     if err != TPE_OK:
-#         return err
-#     # sql = 'DELETE FROM `{}user` WHERE {};'.format(db.table_prefix, where)
-#     # if not db.exec(sql):
-#     #     return TPE_DATABASE
-#
-#     syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除用户：{}".format('，'.join(name_list)))
-#
-#     return TPE_OK
+def update_policies_state(handler, p_ids, state):
+    db = get_db()
+
+    p_ids = ','.join([str(i) for i in p_ids])
+
+    sql_list = []
+
+    sql = 'UPDATE `{}ops_policy` SET state={state} WHERE id IN ({p_ids});'.format(db.table_prefix, state=state, p_ids=p_ids)
+    sql_list.append(sql)
+
+    sql = 'UPDATE `{}ops_auz` SET state={state} WHERE policy_id IN ({p_ids});'.format(db.table_prefix, state=state, p_ids=p_ids)
+    sql_list.append(sql)
+
+    sql = 'UPDATE `{}ops_map` SET p_state={state} WHERE p_id IN({p_ids});'.format(db.table_prefix, state=state, p_ids=p_ids)
+    sql_list.append(sql)
+
+    if db.transaction(sql_list):
+        return TPE_OK
+    else:
+        return TPE_DATABASE
+
+
+def remove_policies(handler, p_ids):
+    db = get_db()
+
+    p_ids = ','.join([str(i) for i in p_ids])
+
+    sql_list = []
+
+    sql = 'DELETE FROM `{}ops_policy` WHERE id IN ({p_ids});'.format(db.table_prefix, p_ids=p_ids)
+    sql_list.append(sql)
+
+    sql = 'DELETE FROM `{}ops_auz` WHERE policy_id IN ({p_ids});'.format(db.table_prefix, p_ids=p_ids)
+    sql_list.append(sql)
+
+    sql = 'DELETE FROM `{}ops_map` WHERE p_id IN({p_ids});'.format(db.table_prefix, p_ids=p_ids)
+    sql_list.append(sql)
+
+    if db.transaction(sql_list):
+        return TPE_OK
+    else:
+        return TPE_DATABASE


 def add_members(handler, policy_id, policy_type, ref_type, members):