github
/
teleport
mirror of https://github.com/tp4a/teleport
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

lock/unlock ops-policy works now.

pull/105/head
ApexLiu 2017-11-01 00:16:11 +08:00
parent 70a5e7e452
commit 40e0d1cc11
4 changed files with 137 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
server/www/teleport/static/js/ops/auz-list.js
View File

@ -501,33 +501,86 @@ $app.get_selected_policy = function (tbl) {
}; };
$app.on_btn_lock_click = function () { $app.on_btn_lock_click = function () {
var items = $app.get_selected_policy($app.table_policy);
if (items.length === 0) {
$tp.notify_error('请选择要禁用的授权策略!');
return;
}
$tp.ajax_post_json('/ops/policies/update', {
action: 'lock',
policy_ids: items
},
function (ret) {
if (ret.code === TPE_OK) {
CALLBACK_STACK.create()
.add($app.check_host_all_selected)
.add($app.table_policy.load_data)
.exec();
$tp.notify_success('禁用授权策略操作成功!');
} else {
$tp.notify_error('禁用授权策略操作失败:' + tp_error_msg(ret.code, ret.message));
}
},
function () {
$tp.notify_error('网络故障,禁用授权策略操作失败!');
}
);
}; };
$app.on_btn_unlock_click = function () { $app.on_btn_unlock_click = function () {
var items = $app.get_selected_policy($app.table_policy);
if (items.length === 0) {
$tp.notify_error('请选择要解禁的授权策略!');
return;
}
$tp.ajax_post_json('/ops/policies/update', {
action: 'unlock',
policy_ids: items
},
function (ret) {
if (ret.code === TPE_OK) {
CALLBACK_STACK.create()
.add($app.check_host_all_selected)
.add($app.table_policy.load_data)
.exec();
$tp.notify_success('解禁授权策略操作成功!');
} else {
$tp.notify_error('解禁授权策略操作失败:' + tp_error_msg(ret.code, ret.message));
}
},
function () {
$tp.notify_error('网络故障,解禁授权策略操作失败!');
}
);
}; };
$app.on_btn_remove_click = function () { $app.on_btn_remove_click = function () {
var items = $app.get_selected_policy($app.table_policy); var items = $app.get_selected_policy($app.table_policy);
if (items.length === 0) { if (items.length === 0) {
$tp.notify_error('请选择要删除的主机!'); $tp.notify_error('请选择要删除的授权策略');
return; return;
} }
var _fn_sure = function (cb_stack, cb_args) { var _fn_sure = function (cb_stack, cb_args) {
$tp.ajax_post_json('/asset/remove-hosts', {hosts: items}, $tp.ajax_post_json('/ops/policies/update', {
action: 'remove',
policy_ids: items
},
function (ret) { function (ret) {
if (ret.code === TPE_OK) { if (ret.code === TPE_OK) {
cb_stack.add($app.check_host_all_selected); cb_stack.add($app.check_host_all_selected);
cb_stack.add($app.table_policy.load_data); cb_stack.add($app.table_policy.load_data);
$tp.notify_success('删除主机操作成功!'); $tp.notify_success('删除授权策略操作成功!');
} else { } else {
$tp.notify_error('删除主机操作失败:' + tp_error_msg(ret.code, ret.message)); $tp.notify_error('删除授权策略操作失败:' + tp_error_msg(ret.code, ret.message));
} }
cb_stack.exec(); cb_stack.exec();
}, },
function () { function () {
$tp.notify_error('网络故障,删除主机操作失败!'); $tp.notify_error('网络故障,删除授权策略操作失败!');
cb_stack.exec(); cb_stack.exec();
} }
); );
@ -535,7 +588,7 @@ $app.on_btn_remove_click = function () {
var cb_stack = CALLBACK_STACK.create(); var cb_stack = CALLBACK_STACK.create();
$tp.dlg_confirm(cb_stack, { $tp.dlg_confirm(cb_stack, {
msg: '<div class="alert alert-danger"><p><strong>注意:删除操作不可恢复!!</strong></p><p>删除主机将同时删除与之相关的账号,并将主机和账号从所在分组中移除,同时删除所有相关授权!</p></div><p>如果您希望临时禁止登录指定主机,可将其“禁用”!</p><p>您确定要移除选定的' + items.length + '个主机吗?</p>', msg: '<div class="alert alert-danger"><p><strong>注意:删除操作不可恢复!!</strong></p></div><p>如果您希望临时禁止指定的授权策略,可将其“禁用”!</p><p>您确定要移除选定的' + items.length + '个授权策略吗?</p>',
fn_yes: _fn_sure fn_yes: _fn_sure
}); });

2
server/www/teleport/webroot/app/controller/__init__.py
View File

@ -143,6 +143,8 @@ controllers = [
(r'/ops/get-policies', ops.DoGetPoliciesHandler), (r'/ops/get-policies', ops.DoGetPoliciesHandler),
# - [json] 添加/更新策略 # - [json] 添加/更新策略
(r'/ops/policy/update', ops.DoUpdatePolicyHandler), (r'/ops/policy/update', ops.DoUpdatePolicyHandler),
# - [json] 禁用/解禁/删除策略
(r'/ops/policies/update', ops.DoUpdatePoliciesHandler),
# - [json] 向指定策略中添加对象(操作者或资产) # - [json] 向指定策略中添加对象(操作者或资产)
(r'/ops/policy/add-members', ops.DoAddMembersHandler), (r'/ops/policy/add-members', ops.DoAddMembersHandler),
# - [json] 从指定策略中移除对象(操作者或资产) # - [json] 从指定策略中移除对象(操作者或资产)

34
server/www/teleport/webroot/app/controller/ops.py
View File

@ -342,6 +342,40 @@ class DoUpdatePolicyHandler(TPBaseJsonHandler):
self.write_json(err, data=info) self.write_json(err, data=info)
class DoUpdatePoliciesHandler(TPBaseJsonHandler):
def post(self):
ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ)
if ret != TPE_OK:
return
args = self.get_argument('args', None)
if args is None:
return self.write_json(TPE_PARAM)
try:
args = json.loads(args)
except:
return self.write_json(TPE_JSON_FORMAT)
try:
action = args['action']
p_ids = args['policy_ids']
except:
log.e('\n')
return self.write_json(TPE_PARAM)
if action == 'lock':
err = ops.update_policies_state(self, p_ids, TP_STATE_DISABLED)
return self.write_json(err)
elif action == 'unlock':
err = ops.update_policies_state(self, p_ids, TP_STATE_NORMAL)
return self.write_json(err)
elif action == 'remove':
err = ops.remove_policies(self, p_ids)
return self.write_json(err)
else:
return self.write_json(TPE_PARAM)
class DoAddMembersHandler(TPBaseJsonHandler): class DoAddMembersHandler(TPBaseJsonHandler):
def post(self): def post(self):
ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ) ret = self.check_privilege(TP_PRIVILEGE_OPS_AUZ)

78
server/www/teleport/webroot/app/model/ops.py
View File

@ -142,42 +142,48 @@ def update_policy(handler, args):
return TPE_OK return TPE_OK
# def remove_policy(handler, policies): def update_policies_state(handler, p_ids, state):
# s = SQL(get_db()) db = get_db()
#
# user_list = [str(i) for i in users] p_ids = ','.join([str(i) for i in p_ids])
#
# # 1. 获取用户名称,用于记录系统日志 sql_list = []
# where = 'u.id IN ({})'.format(','.join(user_list))
# err = s.select_from('user', ['username'], alt_name='u').where(where).query() sql = 'UPDATE `{}ops_policy` SET state={state} WHERE id IN ({p_ids});'.format(db.table_prefix, state=state, p_ids=p_ids)
# if err != TPE_OK: sql_list.append(sql)
# return err
# if len(s.recorder) == 0: sql = 'UPDATE `{}ops_auz` SET state={state} WHERE policy_id IN ({p_ids});'.format(db.table_prefix, state=state, p_ids=p_ids)
# return TPE_NOT_EXISTS sql_list.append(sql)
#
# name_list = [n['username'] for n in s.recorder] sql = 'UPDATE `{}ops_map` SET p_state={state} WHERE p_id IN({p_ids});'.format(db.table_prefix, state=state, p_ids=p_ids)
# sql_list.append(sql)
# # 将用户从所在组中移除
# where = 'type={} AND mid IN ({})'.format(TP_GROUP_USER, ','.join(user_list)) if db.transaction(sql_list):
# err = s.reset().delete_from('group_map').where(where).exec() return TPE_OK
# if err != TPE_OK: else:
# return err return TPE_DATABASE
#
# # sql = 'DELETE FROM `{}group_map` WHERE (type=1 AND ({}));'.format(db.table_prefix, where)
# # if not db.exec(sql): def remove_policies(handler, p_ids):
# # return TPE_DATABASE db = get_db()
#
# where = 'id IN ({})'.format(','.join(user_list)) p_ids = ','.join([str(i) for i in p_ids])
# err = s.reset().delete_from('user').where(where).exec()
# if err != TPE_OK: sql_list = []
# return err
# # sql = 'DELETE FROM `{}user` WHERE {};'.format(db.table_prefix, where) sql = 'DELETE FROM `{}ops_policy` WHERE id IN ({p_ids});'.format(db.table_prefix, p_ids=p_ids)
# # if not db.exec(sql): sql_list.append(sql)
# # return TPE_DATABASE
# sql = 'DELETE FROM `{}ops_auz` WHERE policy_id IN ({p_ids});'.format(db.table_prefix, p_ids=p_ids)
# syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "删除用户:{}".format(''.join(name_list))) sql_list.append(sql)
#
# return TPE_OK sql = 'DELETE FROM `{}ops_map` WHERE p_id IN({p_ids});'.format(db.table_prefix, p_ids=p_ids)
sql_list.append(sql)
if db.transaction(sql_list):
return TPE_OK
else:
return TPE_DATABASE
def add_members(handler, policy_id, policy_type, ref_type, members): def add_members(handler, policy_id, policy_type, ref_type, members):