merge with dev

.gitignore

 *.py[cod]
 .idea
 test.py
-
+.DS_Store
+db.sqlite3
 # C extensions
 *.so
 

docs/initial_data.yaml

+- model: juser.user
+  pk: 5000
+  fields:
+    username: admin
+    name: admin
+    password: pbkdf2_sha256$20000$jBIDGPB2j5JT$orxqGgzzjzykColYm1BswPjgHOiERjZkcgkuVIkD2Hc=
+    email: admin@jumpserver.org
+    role: SU
+    is_active: 1
+- model: juser.user
+  pk: 5001
+  fields:
+    username: group_admin
+    name: group_admin
+    password: pbkdf2_sha256$20000$ttObUWd15q10$NJoyZf2OZz9oiw2g4j2TkTh9zGgyVDRFdUkhn8X0nB0=
+    email: group_admin@jumpserver.org
+    role: GA
+    is_active: 1
+- model: juser.usergroup
+  pk: 1
+  fields:
+    name: ALL
+    comment: ALL
+- model: juser.usergroup
+  pk: 2
+  fields:
+    name: 默认
+    comment: 默认

jasset/models.py

@@ -59,13 +59,13 @@ class AssetGroup(models.Model):
 
 
 class Asset(models.Model):
-    ip = models.IPAddressField(unique=True)
-    port = models.IntegerField(max_length=6, blank=True, null=True)
+    ip = models.GenericIPAddressField(unique=True)
+    port = models.IntegerField()
     group = models.ManyToManyField(AssetGroup)
     username = models.CharField(max_length=20, blank=True, null=True)
     password = models.CharField(max_length=80, blank=True, null=True)
-    use_default = models.BooleanField(default=True)
-    date_added = models.DateTimeField(auto_now=True, default=datetime.datetime.now(), null=True)
+    use_default_auth = models.BooleanField(default=True)
+    date_added = models.DateTimeField(auto_now_add=True)
     is_active = models.BooleanField(default=True)
     comment = models.CharField(max_length=100, blank=True, null=True)
 

jlog/models.py

@@ -7,7 +7,7 @@ class Log(models.Model):
     remote_ip = models.CharField(max_length=100)
     log_path = models.CharField(max_length=100)
     start_time = models.DateTimeField(null=True)
-    pid = models.IntegerField(max_length=10)
+    pid = models.IntegerField()
     is_finished = models.BooleanField(default=False)
     end_time = models.DateTimeField(null=True)
 

jlog/views.py

@@ -5,39 +5,10 @@ from django.shortcuts import render_to_response
 
 from jumpserver.api import *
 from django.http import HttpResponseNotFound
-
-CONF = ConfigParser()
-CONF.read('%s/jumpserver.conf' % BASE_DIR)
-from jlog.models import Log
 from jlog.log_api import renderTemplate
 
-# def get_user_info(request, offset):
-#     """ 获取用户信息及环境 """
-#     env_dic = {'online': 0, 'offline': 1}
-#     env = env_dic[offset]
-#     keyword = request.GET.get('keyword', '')
-#     user_info = get_session_user_info(request)
-#     user_id, username = user_info[0:2]
-#     dept_id, dept_name = user_info[3:5]
-#     ret = [request, keyword, env, username, dept_name]
-#
-#     return ret
-#
-#
-# def get_user_log(ret_list):
-#     """ 获取不同类型用户日志记录 """
-#     request, keyword, env, username, dept_name = ret_list
-#     post_all = Log.objects.filter(is_finished=env).order_by('-start_time')
-#     post_keyword_all = Log.objects.filter(Q(user__contains=keyword) |
-#                                           Q(host__contains=keyword)) \
-#         .filter(is_finished=env).order_by('-start_time')
-#
-#     if keyword:
-#         posts = post_keyword_all
-#     else:
-#         posts = post_all
-#
-#     return posts
+from models import Log
+from jumpserver.settings import web_socket_host
 
 
 def log_list(request, offset):
@@ -51,7 +22,6 @@ def log_list(request, offset):
     cmd = request.GET.get('cmd', '')
     print date_seven_day, date_now_str
     if offset == 'online':
-        web_socket_host = CONF.get('websocket', 'web_socket_host')
         posts = Log.objects.filter(is_finished=False).order_by('-start_time')
     else:
         posts = Log.objects.filter(is_finished=True).order_by('-start_time')
@@ -79,6 +49,7 @@ def log_list(request, offset):
             date_now = datetime.datetime.now()
             date_now_str = date_now.strftime('%m/%d/%Y')
             date_seven_day = (date_now + datetime.timedelta(days=-7)).strftime('%m/%d/%Y')
+
     contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
 
     return render_to_response('jlog/log_%s.html' % offset, locals(), context_instance=RequestContext(request))

jumpserver/api.py

 # coding: utf-8
 
-import os, sys, time
-from ConfigParser import ConfigParser
-import getpass
+import os, sys, time, re
 from Crypto.Cipher import AES
 import crypt
 from binascii import b2a_hex, a2b_hex
@@ -11,15 +9,15 @@ import datetime
 import random
 import subprocess
 import paramiko
-import struct, fcntl, signal,socket, select, fnmatch
-import re
+import struct, fcntl, signal, socket, select, fnmatch
+from settings import JLOG_FILE, KEY, URL, log_dir, log_level
 
 from django.core.paginator import Paginator, EmptyPage, InvalidPage
 from django.http import HttpResponse, Http404
 from django.template import RequestContext
 from juser.models import User, UserGroup
 from jasset.models import Asset, AssetGroup
-from jasset.models import AssetAlias
+# from jlog.models import Log
 from jlog.models import Log, TtyLog
 from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
 from django.http import HttpResponseRedirect
@@ -37,22 +35,6 @@ except ImportError:
     sys.exit()
 
 
-BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
-CONF = ConfigParser()
-CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
-LOG_DIR = os.path.join(BASE_DIR, 'logs')
-JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
-SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
-# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
-KEY = CONF.get('base', 'key')
-LOGIN_NAME = getpass.getuser()
-# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
-URL = CONF.get('base', 'url')
-MAIL_ENABLE = CONF.get('mail', 'mail_enable')
-MAIL_FROM = CONF.get('mail', 'email_host_user')
-log_dir = os.path.join(BASE_DIR, 'logs')
-
-
 def set_log(level):
     """
     return a log file object
@@ -78,7 +60,7 @@ def page_list_return(total, current=1):
     min_page = current - 2 if current - 4 > 0 else 1
     max_page = min_page + 4 if min_page + 4 < total else total
 
-    return range(min_page, max_page+1)
+    return range(min_page, max_page + 1)
 
 
 def pages(post_objects, request):
@@ -371,7 +353,7 @@ class PyCrypt(object):
         symbol = '!@$%^&*()_'
         salt_list = []
         if especial:
-            for i in range(length-4):
+            for i in range(length - 4):
                 salt_list.append(random.choice(salt_key))
             for i in range(4):
                 salt_list.append(random.choice(symbol))
@@ -460,19 +442,24 @@ def require_role(role='user'):
     decorator for require user role in ["super", "admin", "user"]
     要求用户是某种角色 ["super", "admin", "user"]的装饰器
     """
+
     def _deco(func):
         def __deco(request, *args, **kwargs):
             if role == 'user':
-                if not request.session.get('user_id'):
+                if not request.user.is_authenticated():
                     return HttpResponseRedirect('/login/')
             elif role == 'admin':
-                if request.session.get('role_id', 0) < 1:
+                # if request.session.get('role_id', 0) < 1:
+                if request.user.role == 'CU':
                     return HttpResponseRedirect('/')
             elif role == 'super':
-                if request.session.get('role_id', 0) < 2:
+                # if request.session.get('role_id', 0) < 2:
+                if request.user.role in ['CU', 'GA']:
                     return HttpResponseRedirect('/')
             return func(request, *args, **kwargs)
+
         return __deco
+
     return _deco
 
 
@@ -481,8 +468,8 @@ def is_role_request(request, role='user'):
     require this request of user is right
     要求请求角色正确
     """
-    role_all = {'user': 0, 'admin': 1, 'super': 2}
-    if request.session.get('role_id') == role_all.get(role, 0):
+    role_all = {'user': 'CU', 'admin': 'GA', 'super': 'SU'}
+    if request.user.role == role_all.get(role, 'CU'):
         return True
     else:
         return False
@@ -493,13 +480,14 @@ def get_session_user_dept(request):
     get department of the user in session
     获取session中用户的部门
     """
-    user_id = request.session.get('user_id', 0)
-    print '#' * 20
-    print user_id
-    user = User.objects.filter(id=user_id)
-    if user:
-        user = user[0]
-        return user, None
+    # user_id = request.session.get('user_id', 0)
+    # print '#' * 20
+    # print user_id
+    # user = User.objects.filter(id=user_id)
+    # if user:
+    #     user = user[0]
+    #     return user, None
+    return request.user, None
 
 
 @require_role
@@ -508,18 +496,18 @@ def get_session_user_info(request):
     get the user info of the user in session, for example id, username etc.
     获取用户的信息
     """
-    user_id = request.session.get('user_id', 0)
-    user = get_object(User, id=user_id)
-    if user:
-        return [user.id, user.username, user]
-
+    # user_id = request.session.get('user_id', 0)
+    # user = get_object(User, id=user_id)
+    # if user:
+    #     return [user.id, user.username, user]
+    return [request.user.id, request.user.username, request.user]
 
 def get_user_dept(request):
     """
     get the user dept id
     获取用户的部门id
     """
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
     if user_id:
         user_dept = User.objects.get(id=user_id).dept
         return user_dept.id
@@ -672,6 +660,5 @@ def my_render(template, data, request):
 
 
 CRYPTOR = PyCrypt(KEY)
-
-log_level = CONF.get('base', 'log')
 logger = set_log(log_level)
+

jumpserver/context_processors.py

@@ -4,8 +4,9 @@ from jumpserver.api import *
 
 
 def name_proc(request):
-    user_id = request.session.get('user_id')
-    role_id = request.session.get('role_id')
+    user_id = request.user.id
+    # role_id = request.session.get('role_id')
+    role_id = {'SU':2,'GA':1,'CU':0}.get(request.user.role,0)
     # if role_id == 2:
     user_total_num = User.objects.all().count()
     user_active_num = User.objects.filter().count()

jumpserver/settings.py

@@ -11,9 +11,8 @@ https://docs.djangoproject.com/en/1.7/ref/settings/
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 import os
 import ConfigParser
-import djcelery
+import getpass
 
-djcelery.setup_loader()
 config = ConfigParser.ConfigParser()
 
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
@@ -24,7 +23,7 @@ DB_PORT = config.getint('db', 'port')
 DB_USER = config.get('db', 'user')
 DB_PASSWORD = config.get('db', 'password')
 DB_DATABASE = config.get('db', 'database')
-
+AUTH_USER_MODEL = 'juser.User'
 # mail config
 EMAIL_HOST = config.get('mail', 'email_host')
 EMAIL_PORT = config.get('mail', 'email_port')
@@ -32,6 +31,22 @@ EMAIL_HOST_USER = config.get('mail', 'email_host_user')
 EMAIL_HOST_PASSWORD = config.get('mail', 'email_host_password')
 EMAIL_USE_TLS = config.getboolean('mail', 'email_use_tls')
 
+# ======== Log ==========
+LOG = False
+LOG_DIR = os.path.join(BASE_DIR, 'logs')
+JLOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
+SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
+# SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
+KEY = config.get('base', 'key')
+LOGIN_NAME = getpass.getuser()
+# LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
+URL = config.get('base', 'url')
+MAIL_ENABLE = config.get('mail', 'mail_enable')
+MAIL_FROM = config.get('mail', 'email_host_user')
+log_dir = os.path.join(BASE_DIR, 'logs')
+log_level = config.get('base', 'log')
+web_socket_host = config.get('websocket', 'web_socket_host')
+
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
 
@@ -45,7 +60,6 @@ TEMPLATE_DEBUG = True
 
 ALLOWED_HOSTS = ['0.0.0.0/8']
 
-BROKER_URL = 'django://'
 # Application definition
 
 INSTALLED_APPS = (
@@ -56,8 +70,6 @@ INSTALLED_APPS = (
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'django.contrib.humanize',
-    'djcelery',
-    'kombu.transport.django',
     'jumpserver',
     'juser',
     'jasset',
@@ -68,9 +80,9 @@ INSTALLED_APPS = (
 MIDDLEWARE_CLASSES = (
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
-    #'django.middleware.csrf.CsrfViewMiddleware',
+    # 'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
-    #'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+    # 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 )
@@ -94,6 +106,12 @@ DATABASES = {
     }
 }
 
+# DATABASES = {
+#     'default': {
+#         'ENGINE': 'django.db.backends.sqlite3',
+#         'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+#     }
+# }
 TEMPLATE_CONTEXT_PROCESSORS = (
     'django.contrib.auth.context_processors.auth',
     'django.core.context_processors.debug',
@@ -102,14 +120,14 @@ TEMPLATE_CONTEXT_PROCESSORS = (
     'django.core.context_processors.static',
     'django.core.context_processors.tz',
     'django.contrib.messages.context_processors.messages',
-    'jumpserver.context_processors.name_proc'
+    'jumpserver.context_processors.name_proc',
 )
 
 TEMPLATE_DIRS = (
     os.path.join(BASE_DIR, 'templates'),
 )
 
-#STATIC_ROOT = os.path.join(BASE_DIR, 'static')
+# STATIC_ROOT = os.path.join(BASE_DIR, 'static')
 
 STATICFILES_DIRS = (
     os.path.join(BASE_DIR, "static"),
@@ -132,5 +150,3 @@ USE_TZ = False
 # https://docs.djangoproject.com/en/1.7/howto/static-files/
 
 STATIC_URL = '/static/'
-
-

jumpserver/urls.py

@@ -8,8 +8,8 @@ urlpatterns = patterns('',
     (r'^skin_config/$', 'jumpserver.views.skin_config'),
     (r'^install/$', 'jumpserver.views.install'),
     (r'^base/$', 'jumpserver.views.base'),
-    (r'^login/$', 'jumpserver.views.login'),
-    (r'^logout/$', 'jumpserver.views.logout'),
+    (r'^login/$', 'jumpserver.views.Login'),
+    (r'^logout/$', 'jumpserver.views.Logout'),
     (r'^file/upload/$', 'jumpserver.views.upload'),
     (r'^file/download/$', 'jumpserver.views.download'),
     (r'^setting', 'jumpserver.views.setting'),

jumpserver/views.py

@@ -13,6 +13,10 @@ from django.http import HttpResponse
 import paramiko
 from jumpserver.api import *
 from jumpserver.models import Setting
+from django.contrib.auth import authenticate, login, logout
+from django.contrib.auth.decorators import login_required
+from settings import BASE_DIR
+from jlog.models import Log
 
 
 def getDaysByNum(num):
@@ -49,7 +53,7 @@ def get_data(data, items, option):
 
 @require_role(role='user')
 def index_cu(request):
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
     user = get_object(User, id=user_id)
     login_types = {'L': 'LDAP', 'M': 'MAP'}
     username = user.username
@@ -64,7 +68,6 @@ def index_cu(request):
             new_posts.append(post_five)
             post_five = []
     new_posts.append(post_five)
-
     return render_to_response('index_cu.html', locals(), context_instance=RequestContext(request))
 
 
@@ -193,40 +196,49 @@ def is_latest():
         pass
 
 
-def login(request):
+def Login(request):
     """登录界面"""
-    if request.session.get('username'):
+    if request.user.is_authenticated():
         return HttpResponseRedirect('/')
     if request.method == 'GET':
         return render_to_response('login.html')
     else:
         username = request.POST.get('username')
         password = request.POST.get('password')
-        user_filter = User.objects.filter(username=username)
-        if user_filter:
-            user = user_filter[0]
-            if PyCrypt.md5_crypt(password) == user.password:
-                request.session['user_id'] = user.id
-                user_filter.update(last_login=datetime.datetime.now())
+        if username and password:
+            user = authenticate(username=username, password=password)
+            if user is not None:
+                if user.is_active:
+                    login(request, user)
+                    # c = {}
+                    # c.update(csrf(request))
+                    # request.session['csrf_token'] = str(c.get('csrf_token'))
+        # user_filter = User.objects.filter(username=username)
+        # if user_filter:
+        #     user = user_filter[0]
+        #     if PyCrypt.md5_crypt(password) == user.password:
+        #         request.session['user_id'] = user.id
+        #         user_filter.update(last_login=datetime.datetime.now())
                     if user.role == 'SU':
                         request.session['role_id'] = 2
                     elif user.role == 'GA':
                         request.session['role_id'] = 1
                     else:
                         request.session['role_id'] = 0
-                response = HttpResponseRedirect('/', )
-                response.set_cookie('username', username, expires=604800)
-                response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800)
-                return response
-            else:
-                error = '密码错误，请重新输入。'
+                    return HttpResponseRedirect('/', )
+                # response.set_cookie('username', username, expires=604800)
+                # response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800)
+                # return response
+            # else:
+            #     error = '密码错误，请重新输入。'
         else:
-            error = '用户不存在。'
+            error = '用户名或密码错误'
     return render_to_response('login.html', {'error': error})
 
 
-def logout(request):
+def Logout(request):
     request.session.delete()
+    logout(request)
     return HttpResponseRedirect('/login/')
 
 

juser/models.py

 # coding: utf-8
 
 from django.db import models
+from django.contrib.auth.models import AbstractUser
 
 from jasset.models import Asset, AssetGroup
 
 
 class UserGroup(models.Model):
     name = models.CharField(max_length=80, unique=True)
-    # assets = models.TextField(max_length=1000, verbose_name="Assets", default='')
-    # asset_groups = models.CharField(max_length=1000, verbose_name="Asset Groups", default='')
     comment = models.CharField(max_length=160, blank=True, null=True)
     asset = models.ManyToManyField(Asset)
     asset_group = models.ManyToManyField(AssetGroup)
@@ -16,123 +15,22 @@ class UserGroup(models.Model):
     def __unicode__(self):
         return self.name
 
-    # def get_user(self):
-    #     return self.user_set.all()
-    #
-    # def update(self, **kwargs):
-    #     for key, value in kwargs.items():
-    #         self.__setattr__(key, value)
-    #         self.save()
 
-
-class User(models.Model):
+class User(AbstractUser):
     USER_ROLE_CHOICES = (
         ('SU', 'SuperUser'),
         ('GA', 'GroupAdmin'),
         ('CU', 'CommonUser'),
     )
-    username = models.CharField(max_length=80, unique=True)
-    password = models.CharField(max_length=100)
     name = models.CharField(max_length=80)
-    email = models.EmailField(max_length=75)
-    role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU')
     uuid = models.CharField(max_length=100)
+    role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU')
     group = models.ManyToManyField(UserGroup)
     ssh_key_pwd = models.CharField(max_length=200)
-    is_active = models.BooleanField(default=True)
-    last_login = models.DateTimeField(null=True)
-    date_joined = models.DateTimeField(null=True)
-    asset = models.ManyToManyField(Asset)
-    asset_group = models.ManyToManyField(AssetGroup)
 
     def __unicode__(self):
         return self.username
 
-    # def get_asset_group(self):
-    #     """
-    #     Get user host_groups.
-    #     获取用户有权限的主机组
-    #     """
-    #     host_group_list = []
-    #     perm_list = []
-    #     user_group_all = self.group.all()
-    #     for user_group in user_group_all:
-    #         perm_list.extend(user_group.perm_set.all())
-    #
-    #     for perm in perm_list:
-    #         host_group_list.append(perm.asset_group)
-    #
-    #     return host_group_list
-    #
-    # def get_asset_group_info(self, printable=False):
-    #     """
-    #     Get or print asset group info
-    #     获取或打印用户授权资产组
-    #     """
-    #     asset_groups_info = {}
-    #     asset_groups = self.get_asset_group()
-    #
-    #     for asset_group in asset_groups:
-    #         asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment]
-    #
-    #     if printable:
-    #         for group_id in asset_groups_info:
-    #             if asset_groups_info[group_id][1]:
-    #                 print "[%3s] %s -- %s" % (group_id,
-    #                                           asset_groups_info[group_id][0],
-    #                                           asset_groups_info[group_id][1])
-    #             else:
-    #                 print "[%3s] %s" % (group_id, asset_groups_info[group_id][0])
-    #             print ''
-    #     else:
-    #         return asset_groups_info
-    #
-    # def get_asset(self):
-    #     """
-    #     Get the assets of under the user control.
-    #     获取主机列表
-    #     """
-    #     assets = []
-    #     asset_groups = self.get_asset_group()
-    #
-    #     for asset_group in asset_groups:
-    #         assets.extend(asset_group.asset_set.all())
-    #
-    #     return assets
-    #
-    # def get_asset_info(self, printable=False):
-    #     """
-    #     Get or print the user asset info
-    #     获取或打印用户资产信息
-    #     """
-    #     from jasset.models import AssetAlias
-    #     assets_info = {}
-    #     assets = self.get_asset()
-    #
-    #     for asset in assets:
-    #         asset_alias = AssetAlias.objects.filter(user=self, asset=asset)
-    #         if asset_alias and asset_alias[0].alias != '':
-    #             assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)]
-    #         else:
-    #             assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)]
-    #
-    #     if printable:
-    #         ips = assets_info.keys()
-    #         ips.sort()
-    #         for ip in ips:
-    #             if assets_info[ip][2]:
-    #                 print '%-15s -- %s' % (ip, assets_info[ip][2])
-    #             else:
-    #                 print '%-15s' % ip
-    #         print ''
-    #     else:
-    #         return assets_info
-    #
-    # def update(self, **kwargs):
-    #     for key, value in kwargs.items():
-    #         self.__setattr__(key, value)
-    #         self.save()
-
 
 class AdminGroup(models.Model):
     """
@@ -145,5 +43,3 @@ class AdminGroup(models.Model):
 
     def __unicode__(self):
         return '%s: %s' % (self.user.username, self.group.name)
-
-

juser/urls.py

@@ -22,6 +22,6 @@ urlpatterns = patterns('juser.views',
     (r'^profile/$', 'profile'),
     (r'^change_info/$', 'change_info'),
     (r'^regen_ssh_key/$', 'regen_ssh_key'),
-    (r'^chg_role/$', 'chg_role'),
+    (r'^change_role/$', 'chg_role'),
     (r'^down_key/$', 'down_key'),
 )

juser/user_api.py

@@ -5,7 +5,7 @@ from subprocess import call
 
 from juser.models import AdminGroup
 from jumpserver.api import *
-
+from  jumpserver.settings import BASE_DIR
 
 def group_add_user(group, user_id=None, username=None):
     """
@@ -60,6 +60,7 @@ def db_add_user(**kwargs):
     admin_groups = kwargs.pop('admin_groups')
     role = kwargs.get('role', 'CU')
     user = User(**kwargs)
+    user.set_password(kwargs.get('password'))
     user.save()
     if groups_post:
         group_select = []
@@ -84,10 +85,10 @@ def db_update_user(**kwargs):
     groups_post = kwargs.pop('groups')
     admin_groups_post = kwargs.pop('admin_groups')
     user_id = kwargs.pop('user_id')
-    user = User.objects.filter(id=user_id)
+    user = User.objects.get(id=user_id)
     if user:
         user.update(**kwargs)
-        user = user[0]
+        user.set_password(kwargs.pop('password'))
         user.save()
     else:
         return None

juser/views.py

@@ -2,25 +2,24 @@
 # Author: Guanghongwei
 # Email: ibuler@qq.com
 
-import random
-from Crypto.PublicKey import RSA
+# import random
+# from Crypto.PublicKey import RSA
 import uuid as uuid_r
 
 from django.db.models import Q
 from django.template import RequestContext
 from django.db.models import ObjectDoesNotExist
-
+from jumpserver.settings import MAIL_FROM, MAIL_ENABLE
 from juser.user_api import *
 from jperm.perm_api import _public_perm_api, perm_user_api, user_permed
 
 
 def chg_role(request):
-    role = {'SU': 2, 'DA': 1, 'CU': 0}
-    user, dept = get_session_user_dept(request)
+    role = {'SU': 2, 'GA': 1, 'CU': 0}
     if request.session['role_id'] > 0:
         request.session['role_id'] = 0
     elif request.session['role_id'] == 0:
-        request.session['role_id'] = role.get(user.role, 0)
+        request.session['role_id'] = role.get(request.user.role, 0)
     return HttpResponseRedirect('/')
 
 
@@ -168,8 +167,8 @@ def user_add(request):
             if '' in [username, password, ssh_key_pwd, name, role]:
                 error = u'带*内容不能为空'
                 raise ServerError
-            user_test = get_object(User, username=username)
-            if user_test:
+            check_user_is_exist = User.objects.filter(username=username)
+            if check_user_is_exist:
                 error = u'用户 %s 已存在' % username
                 raise ServerError
 
@@ -178,10 +177,10 @@ def user_add(request):
         else:
             try:
                 user = db_add_user(username=username, name=name,
-                                   password=CRYPTOR.md5_crypt(password),
+                                   password=password,
                                    email=email, role=role, uuid=uuid,
                                    groups=groups, admin_groups=admin_groups,
-                                   ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
+                                   ssh_key_pwd=ssh_key_pwd,
                                    is_active=is_active,
                                    date_joined=datetime.datetime.now())
                 server_add_user(username, password, ssh_key_pwd, ssh_key_login_need)
@@ -233,10 +232,10 @@ def user_list(request):
 @require_role(role='user')
 def user_detail(request):
     header_title, path1, path2 = '用户详情', '用户管理', '用户详情'
-    if request.session.get('role_id') == 0:
-        user_id = request.session.get('user_id')
-    else:
-        user_id = request.GET.get('id', '')
+    # if request.session.get('role_id') == 0:
+    #     user_id = request.user.id
+    # else:
+    #     user_id = request.GET.get('id', '')
     #     if request.session.get('role_id') == 1:
     #         user, dept = get_session_user_dept(request)
     #         if not validate(request, user=[user_id]):
@@ -244,9 +243,9 @@ def user_detail(request):
     # if not user_id:
     #     return HttpResponseRedirect('/juser/user_list/')
 
-    user = get_object(User, id=user_id)
-    if user:
-        pass
+    # user = get_object(User, id=user_id)
+    # if user:
+    #     pass
         # asset_group_permed = user.get_asset_group()
         # logs_last = Log.objects.filter(user=user.name).order_by('-start_time')[0:10]
         # logs_all = Log.objects.filter(user=user.name).order_by('-start_time')
@@ -257,8 +256,14 @@ def user_detail(request):
 
 @require_role(role='admin')
 def user_del(request):
+    if request.method == "GET":
         user_ids = request.GET.get('id', '')
         user_id_list = user_ids.split(',')
+    elif request.method == "POST":
+        user_ids = request.POST.get('id', '')
+        user_id_list = user_ids.split(',')
+    else:
+        return HttpResponse('错误请求')
     for user_id in user_id_list:
         user = get_object(User, id=user_id)
         if user:
@@ -370,11 +375,11 @@ def user_edit(request):
         else:
             return HttpResponseRedirect('/juser/user_list/')
 
-        if password != user.password:
-            password_decode = password
-            password = CRYPTOR.md5_crypt(password)
-        else:
-            password_decode = None
+        # if password != user.password:
+        #     password_decode = password
+        #     password = CRYPTOR.md5_crypt(password)
+        # else:
+        #     password_decode = None
 
         db_update_user(user_id=user_id,
                        password=password,
@@ -409,7 +414,10 @@ def user_edit_adm(request):
 
 
 def profile(request):
-    user_id = request.session.get('user_id')
+    a = request.user.id
+    a = request.user.groups
+
+    user_id = request.user.id
     if not user_id:
         return HttpResponseRedirect('/')
     user = User.objects.get(id=user_id)
@@ -418,7 +426,7 @@ def profile(request):
 
 def change_info(request):
     header_title, path1, path2 = '修改信息', '用户管理', '修改个人信息'
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
     user = get_object(User, id=user_id)
     error = ''
     if not user:
@@ -436,10 +444,11 @@ def change_info(request):
             error = '密码须大于6位'
 
         if not error:
-            if password != user.password:
-                password = CRYPTOR.md5_crypt(password)
+            # if password != user.password:
+            #     password = CRYPTOR.md5_crypt(password)
 
-            user.update(name=name, password=password, email=email)
+            user.update(name=name, email=email)
+            user.set_password(password)
             msg = '修改成功'
 
     return render_to_response('juser/change_info.html', locals(), context_instance=RequestContext(request))
@@ -465,7 +474,7 @@ def down_key(request):
         user_id = request.GET.get('id')
 
     if is_role_request(request, 'user'):
-        user_id = request.session.get('user_id')
+        user_id = request.user.id
 
     if user_id:
         user = get_object(User, id=user_id)

templates/index_cu.html

@@ -72,7 +72,7 @@
         <div class="col-lg-4">
             <div class="ibox float-e-margins">
                 <div class="ibox-title">
-                    <span class="label label-primary"><b>{{ user.name }}</b></span>
+                    <span class="label label-primary"><b>{{ user.username }}</b></span>
                     <div class="ibox-tools">
                         <a class="collapse-link">
                             <i class="fa fa-chevron-up"></i>
@@ -109,7 +109,7 @@
                                 </tr>
                                 <tr>
                                     <td class="text-navy">角色</td>
-                                    <td>{{ user.id | get_role }}</td>
+                                    <td>{{ user.role }}</td>
                                 </tr>
                                 <tr>
                                     <td class="text-navy">Email</td>

templates/jasset/asset_list.html

@@ -24,7 +24,9 @@
 
                 <div class="ibox-content">
                     <div>
+                        {% if session_role_id > 0 %}
                         <a target="_blank" href="/jasset/asset_add/" class="btn btn-sm btn-primary "> 添加 </a>
+                        {% endif %}
                         <form id="search_form" method="get" action="" class="pull-right mail-search">
                             <div class="input-group">
                                 <input type="text" class="form-control input-sm" id="search_input" name="keyword" placeholder="Search">

templates/nav.html

-{% ifequal session_role_id 2 %}
+{% if request.session.role_id == 2 %}
 <nav class="navbar-default navbar-static-side" role="navigation">
     <div class="sidebar-collapse">
         <ul class="nav" id="side-menu">
@@ -55,8 +55,8 @@
 
     </div>
 </nav>
-{% endifequal %}
-{% ifequal session_role_id 1 %}
+{% endif %}
+{% if request.session.role_id == 1 %}
 <nav class="navbar-default navbar-static-side" role="navigation">
     <div class="sidebar-collapse">
         <ul class="nav" id="side-menu">
@@ -77,8 +77,8 @@
             <li id="jasset">
                 <a><i class="fa fa-cube"></i> <span class="nav-label">资产管理</span><span class="fa arrow"></span></a>
                 <ul class="nav nav-second-level">
-                    <li class="host_add host_add_multi"><a href="/jasset/host_add/">添加资产</a></li>
-                    <li class="host_list host_detail host_edit"><a href="/jasset/host_list/">查看资产<span class="label label-info pull-right">{{ host_active_num }}/{{ host_total_num}}</span></a></li>
+{#                    <li class="host_add host_add_multi"><a href="/jasset/host_add/">添加资产</a></li>#}
+                    <li class="host_list host_detail host_edit"><a href="/jasset/asset_list/">查看资产<span class="label label-info pull-right">{{ host_active_num }}/{{ host_total_num}}</span></a></li>
                     <li class="idc_list idc_detail idc_edit"><a href="/jasset/idc_list/">查看IDC</a></li>
                     <li class="group_add"><a href="/jasset/group_add/">添加主机组</a></li>
                     <li class="group_list group_detail group_edit"><a href="/jasset/group_list/">查看主机组</a></li>
@@ -107,9 +107,9 @@
         </ul>
     </div>
 </nav>
-{% endifequal %}
+{% endif %}
 
-{% ifequal session_role_id 0 %}
+{% if request.session.role_id == 0 %}
 <nav class="navbar-default navbar-static-side" role="navigation">
     <div class="sidebar-collapse">
         <ul class="nav" id="side-menu">
@@ -121,7 +121,7 @@
                <a href="/juser/user_detail/?id={{ session_user_id }}"><i class="fa fa-rebel"></i> <span class="nav-label">个人信息</span><span class="label label-info pull-right"></span></a>
             </li>
             <li id="jasset">
-               <a href="/jasset/host_list/"><i class="fa fa-cube"></i> <span class="nav-label">查看主机</span><span class="label label-info pull-right"></span></a>
+               <a href="/jasset/asset_list/"><i class="fa fa-cube"></i> <span class="nav-label">查看主机</span><span class="label label-info pull-right"></span></a>
             </li>
              <li id="jperm">
                 <a><i class="fa fa-cube"></i> <span class="nav-label">权限申请</span><span class="fa arrow"></span></a>
@@ -148,4 +148,4 @@
         </ul>
     </div>
 </nav>
-{% endifequal %}
+{% endif %}
\ No newline at end of file

templates/nav_li_profile.html

@@ -17,8 +17,13 @@
         <ul class="dropdown-menu animated fadeInRight m-t-xs">
             <li><a value="/juser/profile/?id={{ session_user_id }}" class="iframe_user">个人信息</a></li>
             <li><a href="/juser/change_info/">修改信息</a></li>
-            <li><a href="/juser/change_role/">切换角色</a></li>
-
+            {% if not user.role == 'CU' %}
+                {% if request.session.role_id == 0 %}
+                    <li><a href="/juser/change_role/">系统后台</a></li>
+                {% else %}
+                    <li><a href="/juser/change_role/">主机控制台</a></li>
+                {% endif %}
+            {% endif %}
             <li class="divider"></li>
             <li><a href="/logout/">注销</a></li>
         </ul>