修改用户添加视图

1e170714 · root · 10d96a97 · 1e170714 · 1e170714 · 1e170714
Commit 1e170714 authored Aug 28, 2015 by root
7 changed files
--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -28,8 +28,9 @@ web_socket_host = 192.168.40.140:3000
 [mail]
+mail_enable = 1
 email_host = smtp.qq.com
 email_port = 25
-email_host_user = 1152704203@qq.com
+email_host_user = xxxxxxxxxx@qq.com
-email_host_password = xxxxx
+email_host_password = xxxxxxxxx
 email_use_tls = False
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -51,6 +51,7 @@ LOGIN_NAME = getpass.getuser()
 LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
 SEND_IP = CONF.get('base', 'ip')
 SEND_PORT = CONF.get('base', 'port')
+MAIL_ENABLE = CONF.get('mail', 'mail_enable')
 MAIL_FROM = CONF.get('mail', 'email_host_user')
 log_dir = os.path.join(BASE_DIR, 'logs')
@@ -397,18 +398,22 @@ class PyCrypt(object):
        self.mode = AES.MODE_CBC
    @staticmethod
-    def random_pass():
+    def random_pass(length, especial=False):
        """
        random password
        随机生成密码
        """
-        salt_key = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%^&*()_'
+        salt_key = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_'
        symbol = '!@$%^&*()_'
        salt_list = []
-        for i in range(60):
+        if especial:
+            for i in range(length-4):
                salt_list.append(random.choice(salt_key))
            for i in range(4):
                salt_list.append(random.choice(symbol))
+        else:
+            for i in range(length):
+                salt_list.append(random.choice(salt_key))
        salt = ''.join(salt_list)
        return salt

--- a/juser/models.py
+++ b/juser/models.py
@@ -119,3 +119,13 @@ class User(models.Model):
            print ''
        else:
            return assets_info
+class AdminGroup(models.Model):
+    """
+    under the user control group
+    用户可以管理的用户组，或组的管理员是该用户
+    """
+    user = models.ForeignKey(User)
+    group = models.ForeignKey(UserGroup)
\ No newline at end of file
--- a/juser/urls.py
+++ b/juser/urls.py
@@ -11,7 +11,7 @@ urlpatterns = patterns('juser.views',
    (r'^group_list/$', group_list),
    (r'^group_del/$', group_del),
    (r'^group_del_ajax', group_del_ajax),
-    (r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}),
+    (r'^group_edit/$',group_edit),
    (r'^user_add/$', view_splitter, {'su': user_add, 'adm': user_add_adm}),
    (r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
    (r'^user_detail/$', 'user_detail'),

--- a/juser/user_api.py
+++ b/juser/user_api.py
@@ -2,6 +2,7 @@
 from Crypto.PublicKey import RSA
+from juser.models import AdminGroup
 from jumpserver.api import *
@@ -55,6 +56,8 @@ def db_add_user(**kwargs):
    数据库中添加用户
    """
    groups_post = kwargs.pop('groups')
+    admin_groups = kwargs.pop('admin_groups')
+    role = kwargs.get('role', 'CU')
    user = User(**kwargs)
    user.save()
    if groups_post:
@@ -63,6 +66,12 @@ def db_add_user(**kwargs):
            group = UserGroup.objects.filter(id=group_id)
            group_select.extend(group)
        user.group = group_select
+    if admin_groups and role == 'GA':  # 如果是组管理员就要添加组管理员和组到管理组中
+        for group_id in admin_groups:
+            group = get_object(UserGroup, id=group_id)
+            if group:
+                AdminGroup(user=user, group=group).save()
    return user
@@ -132,6 +141,27 @@ def server_add_user(username, password, ssh_key_pwd):
    gen_ssh_key(username, ssh_key_pwd)
+def user_add_mail(user, kwargs):
+    """
+    add user send mail
+    发送用户添加邮件
+    """
+    print kwargs
+    user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
+    mail_title = u'恭喜你的跳板机用户 %s 添加成功 Jumpserver' % user.name
+    mail_msg = u"""
+    Hi, %s
+        您的用户名： %s
+        您的角色： %s
+        您的web登录密码： %s
+        您的ssh密钥文件密码： %s
+        密钥下载地址： http://%s:%s/juser/down_key/?id=%s
+        说明： 请登陆后再下载密钥！
+    """ % (user.name, user.username, user_role.get(user.role, u'普通用户'),
+           kwargs.get('password'), kwargs.get('ssh_key_pwd'), SEND_IP, SEND_PORT, user.id)
+    send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False)
 def server_del_user(username):
    """
    delete a user from jumpserver linux system
@@ -146,11 +176,9 @@ def ldap_add_user(username, ldap_pwd):
    在LDAP中添加用户
    """
    user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
-    password_sha512 = PyCrypt.gen_sha512(PyCrypt.gen_rand_pwd(6), ldap_pwd)
+    password_sha512 = PyCrypt.gen_sha512(PyCrypt.random_pass(6), ldap_pwd)
-    user = User.objects.filter(username=username)
+    user = get_object(UserGroup, username=username)
-    if user:
+    if not user:
-        user = user[0]
-    else:
        raise ServerError(u'用户 %s 不存在' % username)
    user_attr = {'uid': [str(username)],

--- a/juser/views.py
+++ b/juser/views.py
@@ -171,52 +171,52 @@ def group_edit(request):
    return render_to_response('juser/group_edit.html', locals(), context_instance=RequestContext(request))
-@require_role(role='admin')
+# @require_role(role='admin')
-def group_edit_adm(request):
+# def group_edit_adm(request):
-    error = ''
+#     error = ''
-    msg = ''
+#     msg = ''
-    header_title, path1, path2 = '修改小组信息', '用户管理', '编辑小组'
+#     header_title, path1, path2 = '修改小组信息', '用户管理', '编辑小组'
-    user, dept = get_session_user_dept(request)
+#     user, dept = get_session_user_dept(request)
-    if request.method == 'GET':
+#     if request.method == 'GET':
-        group_id = request.GET.get('id', '')
+#         group_id = request.GET.get('id', '')
-        if not validate(request, user_group=[group_id]):
+#         if not validate(request, user_group=[group_id]):
-            return HttpResponseRedirect('/juser/group_list/')
+#             return HttpResponseRedirect('/juser/group_list/')
-        group = UserGroup.objects.filter(id=group_id)
+#         group = UserGroup.objects.filter(id=group_id)
-        if group:
+#         if group:
-            group = group[0]
+#             group = group[0]
-            users_all = dept.user_set.all()
+#             users_all = dept.user_set.all()
-            users_selected = group.user_set.all()
+#             users_selected = group.user_set.all()
-            users = [user for user in users_all if user not in users_selected]
+#             users = [user for user in users_all if user not in users_selected]
+#
-        return render_to_response('juser/group_edit.html', locals(), context_instance=RequestContext(request))
+#         return render_to_response('juser/group_edit.html', locals(), context_instance=RequestContext(request))
-    else:
+#     else:
-        group_id = request.POST.get('group_id', '')
+#         group_id = request.POST.get('group_id', '')
-        group_name = request.POST.get('group_name', '')
+#         group_name = request.POST.get('group_name', '')
-        comment = request.POST.get('comment', '')
+#         comment = request.POST.get('comment', '')
-        users_selected = request.POST.getlist('users_selected')
+#         users_selected = request.POST.getlist('users_selected')
+#
-        users = []
+#         users = []
-        try:
+#         try:
-            if not validate(request, user=users_selected):
+#             if not validate(request, user=users_selected):
-                raise ServerError(u'右侧非部门用户')
+#                 raise ServerError(u'右侧非部门用户')
+#
-            if not validate(request, user_group=[group_id]):
+#             if not validate(request, user_group=[group_id]):
-                raise ServerError(u'没有权限修改本组')
+#                 raise ServerError(u'没有权限修改本组')
+#
-            for user_id in users_selected:
+#             for user_id in users_selected:
-                users.extend(User.objects.filter(id=user_id))
+#                 users.extend(User.objects.filter(id=user_id))
+#
-            user_group = UserGroup.objects.filter(id=group_id)
+#             user_group = UserGroup.objects.filter(id=group_id)
-            if user_group:
+#             if user_group:
-                user_group.update(name=group_name, comment=comment, dept=dept)
+#                 user_group.update(name=group_name, comment=comment, dept=dept)
-                user_group = user_group[0]
+#                 user_group = user_group[0]
-                user_group.user_set.clear()
+#                 user_group.user_set.clear()
-                user_group.user_set = users
+#                 user_group.user_set = users
+#
-        except ServerError, e:
+#         except ServerError, e:
-            error = e
+#             error = e
+#
-        return HttpResponseRedirect('/juser/group_list/')
+#         return HttpResponseRedirect('/juser/group_list/')
 @require_role(role='super')
@@ -224,46 +224,39 @@ def user_add(request):
    error = ''
    msg = ''
    header_title, path1, path2 = '添加用户', '用户管理', '添加用户'
-    user_role = {'SU': u'超级管理员', 'DA': u'部门管理员', 'CU': u'普通用户'}
+    user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
-    dept_all = DEPT.objects.all()
    group_all = UserGroup.objects.all()
    if request.method == 'POST':
        username = request.POST.get('username', '')
-        password = PyCrypt.gen_rand_pwd(16)
+        password = PyCrypt.random_pass(16)
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
        dept_id = request.POST.get('dept_id')
        groups = request.POST.getlist('groups', [])
-        role_post = request.POST.get('role', 'CU')
+        admin_groups = request.POST.getlist('admin_groups', [])
-        ssh_key_pwd = PyCrypt.gen_rand_pwd(16)
+        role = request.POST.get('role', 'CU')
+        ssh_key_pwd = PyCrypt.random_pass(16)
        is_active = True if request.POST.get('is_active', '1') == '1' else False
-        ldap_pwd = PyCrypt.gen_rand_pwd(16)
+        ldap_pwd = PyCrypt.random_pass(32, especial=True)
        try:
-            if '' in [username, password, ssh_key_pwd, name, groups, role_post, is_active]:
+            if '' in [username, password, ssh_key_pwd, name, groups, role, is_active]:
                error = u'带*内容不能为空'
                raise ServerError
-            user = User.objects.filter(username=username)
+            user_test = get_object(User, username=username)
-            if user:
+            if user_test:
                error = u'用户 %s 已存在' % username
                raise ServerError
-            dept = DEPT.objects.filter(id=dept_id)
-            if dept:
-                dept = dept[0]
-            else:
-                error = u'部门不存在'
-                raise ServerError(error)
        except ServerError:
            pass
        else:
            try:
                user = db_add_user(username=username,
                                   password=CRYPTOR.md5_crypt(password),
-                                   name=name, email=email, dept=dept,
+                                   name=name, email=email, role=role,
-                                   groups=groups, role=role_post,
+                                   groups=groups, admin_groups=admin_groups,
                                   ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd),
                                   ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
                                   is_active=is_active,
@@ -272,18 +265,6 @@ def user_add(request):
                server_add_user(username, password, ssh_key_pwd)
                if LDAP_ENABLE:
                    ldap_add_user(username, ldap_pwd)
-                mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
-                mail_msg = """
-                Hi, %s
-                    您的用户名： %s
-                    您的部门: %s
-                    您的角色： %s
-                    您的web登录密码： %s
-                    您的ssh密钥文件密码： %s
-                    密钥下载地址： http://%s:%s/juser/down_key/?id=%s
-                    说明： 请登陆后再下载密钥！
-                """ % (name, username, dept.name, user_role.get(role_post, ''),
-                       password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
            except Exception, e:
                error = u'添加用户 %s 失败 %s ' % (username, e)
@@ -295,7 +276,8 @@ def user_add(request):
                except Exception:
                    pass
            else:
-                send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
+                if MAIL_ENABLE:
+                    user_add_mail(user, kwargs=locals())
                    msg = u'添加用户 %s 成功！ 用户密码已发送到 %s 邮箱！' % (username, email)
    return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))

--- a/templates/juser/user_add.html
+++ b/templates/juser/user_add.html