From 7bfbfc9a4d70917f0a1f0bc48c29f23e4497129e Mon Sep 17 00:00:00 2001 From: Apex Liu Date: Mon, 9 Apr 2018 17:39:09 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=EF=BC=9A=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E4=BF=A1=E6=81=AF=E5=90=8E=EF=BC=8C=E5=9C=A8?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E7=AE=A1=E7=90=86=E7=95=8C=E9=9D=A2=E7=9C=8B?= =?UTF-8?q?=E5=88=B0=E7=9A=84=E8=BF=98=E6=98=AF=E5=8E=9F=E6=9D=A5=E7=9A=84?= =?UTF-8?q?=E5=90=8D=E7=A7=B0=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../www/teleport/webroot/app/model/system.py | 4 +- server/www/teleport/webroot/app/model/user.py | 38 +++++++++++++++++-- 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/server/www/teleport/webroot/app/model/system.py b/server/www/teleport/webroot/app/model/system.py index 32893b1..c87e983 100644 --- a/server/www/teleport/webroot/app/model/system.py +++ b/server/www/teleport/webroot/app/model/system.py @@ -19,8 +19,8 @@ def save_config(handler, msg, name, value): sql = 'UPDATE `{dbtp}config` SET value={dbph} WHERE name="{name}";'.format(dbtp=db.table_prefix, dbph=db.place_holder, name=name) db_ret = db.exec(sql, (str_val,)) else: - sql = 'INSERT INTO `{dbtp}config` (name, value) VALUES ("{name}", {dbph});'.format(dbtp=db.table_prefix, dbph=db.place_holder, name=name) - db_ret = db.exec(sql, (str_val,)) + sql = 'INSERT INTO `{dbtp}config` (name, value) VALUES ({dbph}, {dbph});'.format(dbtp=db.table_prefix, dbph=db.place_holder) + db_ret = db.exec(sql, (name, str_val)) if not db_ret: return TPE_DATABASE diff --git a/server/www/teleport/webroot/app/model/user.py b/server/www/teleport/webroot/app/model/user.py index f422590..5eb53f2 100644 --- a/server/www/teleport/webroot/app/model/user.py +++ b/server/www/teleport/webroot/app/model/user.py @@ -267,16 +267,16 @@ def update_user(handler, args): db = get_db() # 1. 判断此账号是否已经存在 - sql = 'SELECT `username` FROM {}user WHERE id={};'.format(db.table_prefix, args['id']) - db_ret = db.query(sql) + sql = 'SELECT `username` FROM {dbtp}user WHERE id={dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder) + db_ret = db.query(sql, (args['id'], )) if db_ret is None or len(db_ret) == 0: return TPE_NOT_EXISTS old_username = db_ret[0][0] if old_username != args['username']: # 如果要更新用户登录名,则需要判断是否已经存在了 - sql = 'SELECT `id` FROM {}user WHERE username="{}";'.format(db.table_prefix, args['username']) - db_ret = db.query(sql) + sql = 'SELECT `id` FROM {dbtp}user WHERE username={dbph};'.format(dbtp=db.table_prefix, dbph=db.place_holder) + db_ret = db.query(sql, (args['username'],)) if db_ret is not None and len(db_ret) > 0: return TPE_EXISTS @@ -290,6 +290,28 @@ def update_user(handler, args): if not db_ret: return TPE_DATABASE + # 同步更新授权表和权限映射表 + _uname = args['username'] + if len(args['surname']) > 0: + _uname += '('+args['surname']+')' + sql_list = [] + # 运维授权 + sql = 'UPDATE `{}ops_auz` SET `name`="{uname}" WHERE (`rtype`={rtype} AND `rid`={rid});'.format(db.table_prefix, uname=_uname, rtype=TP_USER, rid=args['id']) + sql_list.append(sql) + sql = 'UPDATE `{}ops_map` SET `u_name`="{uname}", `u_surname`="{surname}" WHERE (u_id={uid});'.format(db.table_prefix, uname=args['username'], surname=args['surname'], uid=args['id']) + sql_list.append(sql) + # 审计授权 + sql = 'UPDATE `{}audit_auz` SET `name`="{uname}" WHERE (`rtype`={rtype} AND `rid`={rid});'.format(db.table_prefix, uname=_uname, rtype=TP_USER, rid=args['id']) + sql_list.append(sql) + sql = 'UPDATE `{}audit_map` SET `u_name`="{uname}", `u_surname`="{surname}" WHERE (u_id={uid});'.format(db.table_prefix, uname=args['username'], surname=args['surname'], uid=args['id']) + sql_list.append(sql) + + if not db.transaction(sql_list): + return TPE_DATABASE + + operator = handler.get_current_user() + syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "更新用户信息:{}".format(args['username'])) + return TPE_OK @@ -472,6 +494,14 @@ def update_users_state(handler, user_ids, state): ''.format(db.table_prefix, state=state, ids=user_ids) sql_list.append(sql) + sql = 'UPDATE `{}audit_auz` SET state={state} WHERE rtype={rtype} AND rid IN ({rid});' \ + ''.format(db.table_prefix, state=state, rtype=TP_USER, rid=user_ids) + sql_list.append(sql) + + sql = 'UPDATE `{}audit_map` SET u_state={state} WHERE u_id IN ({ids});' \ + ''.format(db.table_prefix, state=state, ids=user_ids) + sql_list.append(sql) + if db.transaction(sql_list): return TPE_OK else: