From 40e0d1cc116a139f265bed784ba3d7d33da00bae Mon Sep 17 00:00:00 2001 From: ApexLiu Date: Wed, 1 Nov 2017 00:16:11 +0800 Subject: [PATCH] lock/unlock ops-policy works now. --- server/www/teleport/static/js/ops/auz-list.js | 65 ++++++++++++++-- .../webroot/app/controller/__init__.py | 2 + .../teleport/webroot/app/controller/ops.py | 34 ++++++++ server/www/teleport/webroot/app/model/ops.py | 78 ++++++++++--------- 4 files changed, 137 insertions(+), 42 deletions(-) diff --git a/server/www/teleport/static/js/ops/auz-list.js b/server/www/teleport/static/js/ops/auz-list.js index db745b8..1eb536f 100644 --- a/server/www/teleport/static/js/ops/auz-list.js +++ b/server/www/teleport/static/js/ops/auz-list.js @@ -501,33 +501,86 @@ $app.get_selected_policy = function (tbl) { }; $app.on_btn_lock_click = function () { + var items = $app.get_selected_policy($app.table_policy); + if (items.length === 0) { + $tp.notify_error('请选择要禁用的授权策略!'); + return; + } + + $tp.ajax_post_json('/ops/policies/update', { + action: 'lock', + policy_ids: items + }, + function (ret) { + if (ret.code === TPE_OK) { + CALLBACK_STACK.create() + .add($app.check_host_all_selected) + .add($app.table_policy.load_data) + .exec(); + $tp.notify_success('禁用授权策略操作成功!'); + } else { + $tp.notify_error('禁用授权策略操作失败:' + tp_error_msg(ret.code, ret.message)); + } + }, + function () { + $tp.notify_error('网络故障,禁用授权策略操作失败!'); + } + ); }; $app.on_btn_unlock_click = function () { + var items = $app.get_selected_policy($app.table_policy); + if (items.length === 0) { + $tp.notify_error('请选择要解禁的授权策略!'); + return; + } + + $tp.ajax_post_json('/ops/policies/update', { + action: 'unlock', + policy_ids: items + }, + function (ret) { + if (ret.code === TPE_OK) { + CALLBACK_STACK.create() + .add($app.check_host_all_selected) + .add($app.table_policy.load_data) + .exec(); + $tp.notify_success('解禁授权策略操作成功!'); + } else { + $tp.notify_error('解禁授权策略操作失败:' + tp_error_msg(ret.code, ret.message)); + } + }, + function () { + $tp.notify_error('网络故障,解禁授权策略操作失败!'); + } + ); }; $app.on_btn_remove_click = function () { var items = $app.get_selected_policy($app.table_policy); if (items.length === 0) { - $tp.notify_error('请选择要删除的主机!'); + $tp.notify_error('请选择要删除的授权策略!'); return; } var _fn_sure = function (cb_stack, cb_args) { - $tp.ajax_post_json('/asset/remove-hosts', {hosts: items}, + $tp.ajax_post_json('/ops/policies/update', { + action: 'remove', + policy_ids: items + }, function (ret) { if (ret.code === TPE_OK) { cb_stack.add($app.check_host_all_selected); cb_stack.add($app.table_policy.load_data); - $tp.notify_success('删除主机操作成功!'); + $tp.notify_success('删除授权策略操作成功!'); } else { - $tp.notify_error('删除主机操作失败:' + tp_error_msg(ret.code, ret.message)); + $tp.notify_error('删除授权策略操作失败:' + tp_error_msg(ret.code, ret.message)); } cb_stack.exec(); }, function () { - $tp.notify_error('网络故障,删除主机操作失败!'); + $tp.notify_error('网络故障,删除授权策略操作失败!'); cb_stack.exec(); } ); @@ -535,7 +588,7 @@ $app.on_btn_remove_click = function () { var cb_stack = CALLBACK_STACK.create(); $tp.dlg_confirm(cb_stack, { - msg: '

注意:删除操作不可恢复!!

删除主机将同时删除与之相关的账号,并将主机和账号从所在分组中移除,同时删除所有相关授权!

如果您希望临时禁止登录指定主机,可将其“禁用”!

您确定要移除选定的' + items.length + '个主机吗?

', + msg: '

注意:删除操作不可恢复!!

如果您希望临时禁止指定的授权策略,可将其“禁用”!

您确定要移除选定的' + items.length + '个授权策略吗?

', fn_yes: _fn_sure }); diff --git a/server/www/teleport/webroot/app/controller/__init__.py b/server/www/teleport/webroot/app/controller/__init__.py index 1bbcefe..085410b 100644 --- a/server/www/teleport/webroot/app/controller/__init__.py +++ b/server/www/teleport/webroot/app/controller/__init__.py @@ -143,6 +143,8 @@ controllers = [ (r'/ops/get-policies', ops.DoGetPoliciesHandler), # - [json] 添加/更新策略 (r'/ops/policy/update', ops.DoUpdatePolicyHandler), + # - [json] 禁用/解禁/删除策略 + (r'/ops/policies/update', ops.DoUpdatePoliciesHandler), # - [json] 向指定策略中添加对象(操作者或资产) (r'/ops/policy/add-members', ops.DoAddMembersHandler), # - [json] 从指定策略中移除对象(操作者或资产) diff --git a/server/www/teleport/webroot/app/controller/ops.py b/server/www/teleport/webroot/app/controller/ops.py index 370ad69..5063b34 100644 --- a/server/www/teleport/webroot/app/controller/ops.py +++ b/server/www/teleport/webroot/app/controller/ops.py @@ -342,6 +342,40 @@ class DoUpdatePolicyHandler(TPBaseJsonHandler): self.write_json(err, data=info) +class DoUpdatePoliciesHandler(TPBaseJsonHandler): + def post(self): + ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ) + if ret != TPE_OK: + return + + args = self.get_argument('args', None) + if args is None: + return self.write_json(TPE_PARAM) + try: + args = json.loads(args) + except: + return self.write_json(TPE_JSON_FORMAT) + + try: + action = args['action'] + p_ids = args['policy_ids'] + except: + log.e('\n') + return self.write_json(TPE_PARAM) + + if action == 'lock': + err = ops.update_policies_state(self, p_ids, TP_STATE_DISABLED) + return self.write_json(err) + elif action == 'unlock': + err = ops.update_policies_state(self, p_ids, TP_STATE_NORMAL) + return self.write_json(err) + elif action == 'remove': + err = ops.remove_policies(self, p_ids) + return self.write_json(err) + else: + return self.write_json(TPE_PARAM) + + class DoAddMembersHandler(TPBaseJsonHandler): def post(self): ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ) diff --git a/server/www/teleport/webroot/app/model/ops.py b/server/www/teleport/webroot/app/model/ops.py index 9daee88..b89cd61 100644 --- a/server/www/teleport/webroot/app/model/ops.py +++ b/server/www/teleport/webroot/app/model/ops.py @@ -142,42 +142,48 @@ def update_policy(handler, args): return TPE_OK -# def remove_policy(handler, policies): -# s = SQL(get_db()) -# -# user_list = [str(i) for i in users] -# -# # 1. 获取用户名称,用于记录系统日志 -# where = 'u.id IN ({})'.format(','.join(user_list)) -# err = s.select_from('user', ['username'], alt_name='u').where(where).query() -# if err != TPE_OK: -# return err -# if len(s.recorder) == 0: -# return TPE_NOT_EXISTS -# -# name_list = [n['username'] for n in s.recorder] -# -# # 将用户从所在组中移除 -# where = 'type={} AND mid IN ({})'.format(TP_GROUP_USER, ','.join(user_list)) -# err = s.reset().delete_from('group_map').where(where).exec() -# if err != TPE_OK: -# return err -# -# # sql = 'DELETE FROM `{}group_map` WHERE (type=1 AND ({}));'.format(db.table_prefix, where) -# # if not db.exec(sql): -# # return TPE_DATABASE -# -# where = 'id IN ({})'.format(','.join(user_list)) -# err = s.reset().delete_from('user').where(where).exec() -# if err != TPE_OK: -# return err -# # sql = 'DELETE FROM `{}user` WHERE {};'.format(db.table_prefix, where) -# # if not db.exec(sql): -# # return TPE_DATABASE -# -# syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除用户:{}".format(','.join(name_list))) -# -# return TPE_OK +def update_policies_state(handler, p_ids, state): + db = get_db() + + p_ids = ','.join([str(i) for i in p_ids]) + + sql_list = [] + + sql = 'UPDATE `{}ops_policy` SET state={state} WHERE id IN ({p_ids});'.format(db.table_prefix, state=state, p_ids=p_ids) + sql_list.append(sql) + + sql = 'UPDATE `{}ops_auz` SET state={state} WHERE policy_id IN ({p_ids});'.format(db.table_prefix, state=state, p_ids=p_ids) + sql_list.append(sql) + + sql = 'UPDATE `{}ops_map` SET p_state={state} WHERE p_id IN({p_ids});'.format(db.table_prefix, state=state, p_ids=p_ids) + sql_list.append(sql) + + if db.transaction(sql_list): + return TPE_OK + else: + return TPE_DATABASE + + +def remove_policies(handler, p_ids): + db = get_db() + + p_ids = ','.join([str(i) for i in p_ids]) + + sql_list = [] + + sql = 'DELETE FROM `{}ops_policy` WHERE id IN ({p_ids});'.format(db.table_prefix, p_ids=p_ids) + sql_list.append(sql) + + sql = 'DELETE FROM `{}ops_auz` WHERE policy_id IN ({p_ids});'.format(db.table_prefix, p_ids=p_ids) + sql_list.append(sql) + + sql = 'DELETE FROM `{}ops_map` WHERE p_id IN({p_ids});'.format(db.table_prefix, p_ids=p_ids) + sql_list.append(sql) + + if db.transaction(sql_list): + return TPE_OK + else: + return TPE_DATABASE def add_members(handler, policy_id, policy_type, ref_type, members):