Skip to content

J
jumpserver
Commit 274cb740 authored by ibuler's avatar ibuler
Browse files
Options

[Update] 修改授权

parent 2d396787
Hide whitespace changes
Inline Side-by-side
Showing with 106 additions and 84 deletions
apps/perms/forms.py
View file @ 274cb740
...@@ -8,16 +8,15 @@ from .models import NodePermission ...@@ -8,16 +8,15 @@ from .models import NodePermission
class AssetPermissionForm(forms.ModelForm): class AssetPermissionForm(forms.ModelForm):
class Meta: class Meta:
model = NodePermission model = NodePermission
fields = [ fields = [
'node', 'user_group', 'system_user', 'is_active', 'node', 'user_group', 'system_user', 'is_active',
'date_expired', 'comment' 'date_expired', 'comment',
] ]
widgets = { widgets = {
'node': forms.Select( 'node': forms.Select(
attrs={'class': 'select2', 'data-placeholder': _("Node")} attrs={'style': 'display:none'}
), ),
'user_group': forms.Select( 'user_group': forms.Select(
attrs={'class': 'select2', 'data-placeholder': _("User group")} attrs={'class': 'select2', 'data-placeholder': _("User group")}
......
apps/perms/models.py
View file @ 274cb740
...@@ -81,7 +81,8 @@ class NodePermission(models.Model): ...@@ -81,7 +81,8 @@ class NodePermission(models.Model):
comment = models.TextField(verbose_name=_('Comment'), blank=True) comment = models.TextField(verbose_name=_('Comment'), blank=True)
def __str__(self): def __str__(self):
return "{}:{}:{}".format(self.node.name, self.user_group.name, self.system_user.name) return "{}:{}:{}".format(self.node.value, self.user_group.name, self.system_user.name)
class Meta: class Meta:
unique_together = ('node', 'user_group', 'system_user') unique_together = ('node', 'user_group', 'system_user')
verbose_name = _("Asset permission")
apps/perms/templates/perms/asset_permission_create_update.html
View file @ 274cb740
...@@ -28,10 +28,21 @@ ...@@ -28,10 +28,21 @@
</div> </div>
</div> </div>
<div class="ibox-content"> <div class="ibox-content">
{% if form.non_field_errors %}
<div class="alert alert-danger">
{{ form.non_field_errors }}
</div>
{% endif %}
<form method="post" class="form-horizontal" action="" > <form method="post" class="form-horizontal" action="" >
{% csrf_token %} {% csrf_token %}
<h3>{% trans 'Basic' %}</h3> <h3>{% trans 'Basic' %}</h3>
{% bootstrap_field form.node layout="horizontal" %} <div class="form-group">
<label class="col-md-2 control-label" for="id_name">{% trans 'Node' %}</label>
<div class="col-md-9">
<input type="text" class="form-control" readonly value="{{ form.node.initial }}">
</div>
</div>
{{ form.node }}
{% bootstrap_field form.user_group layout="horizontal" %} {% bootstrap_field form.user_group layout="horizontal" %}
{% bootstrap_field form.system_user layout="horizontal" %} {% bootstrap_field form.system_user layout="horizontal" %}
<div class="hr-line-dashed"></div> <div class="hr-line-dashed"></div>
......
apps/perms/urls/views_urls.py
View file @ 274cb740
...@@ -9,10 +9,10 @@ urlpatterns = [ ...@@ -9,10 +9,10 @@ urlpatterns = [
url(r'^asset-permission$', views.AssetPermissionListView.as_view(), name='asset-permission-list'), url(r'^asset-permission$', views.AssetPermissionListView.as_view(), name='asset-permission-list'),
url(r'^asset-permission/create$', views.AssetPermissionCreateView.as_view(), name='asset-permission-create'), url(r'^asset-permission/create$', views.AssetPermissionCreateView.as_view(), name='asset-permission-create'),
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/update$', views.AssetPermissionUpdateView.as_view(), name='asset-permission-update'), url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/update$', views.AssetPermissionUpdateView.as_view(), name='asset-permission-update'),
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})$', views.AssetPermissionDetailView.as_view(),name='asset-permission-detail'), # url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})$', views.AssetPermissionDetailView.as_view(),name='asset-permission-detail'),
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/delete$', views.AssetPermissionDeleteView.as_view(), name='asset-permission-delete'), url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/delete$', views.AssetPermissionDeleteView.as_view(), name='asset-permission-delete'),
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/user$', views.AssetPermissionUserView.as_view(), name='asset-permission-user-list'), # url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/user$', views.AssetPermissionUserView.as_view(), name='asset-permission-user-list'),
url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/asset$', views.AssetPermissionAssetView.as_view(), name='asset-permission-asset-list'), # url(r'^asset-permission/(?P<pk>[0-9a-zA-Z\-]{36})/asset$', views.AssetPermissionAssetView.as_view(), name='asset-permission-asset-list'),
] ]
apps/perms/utils.py
View file @ 274cb740
...@@ -2,14 +2,21 @@ ...@@ -2,14 +2,21 @@
from __future__ import absolute_import, unicode_literals from __future__ import absolute_import, unicode_literals
import collections import collections
from django.utils import timezone
from common.utils import setattr_bulk, get_logger from common.utils import setattr_bulk, get_logger
from .tasks import push_users from .tasks import push_users
from .hands import User, UserGroup, Asset, AssetGroup, SystemUser from .hands import AssetGroup
logger = get_logger(__file__) logger = get_logger(__file__)
def get_user_group_permissions(user_group):
return user_group.nodepermission_set.all() \
.filter(is_active=True) \
.filter(date_expired=timezone.now())
def get_user_group_granted_asset_groups(user_group): def get_user_group_granted_asset_groups(user_group):
"""Return asset groups granted of the user group """Return asset groups granted of the user group
......
apps/perms/views.py
View file @ 274cb740
...@@ -7,7 +7,6 @@ from django.conf import settings ...@@ -7,7 +7,6 @@ from django.conf import settings
from django.views.generic import ListView, CreateView, UpdateView from django.views.generic import ListView, CreateView, UpdateView
from django.views.generic.edit import DeleteView from django.views.generic.edit import DeleteView
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.contrib.messages.views import SuccessMessageMixin
from django.views.generic.detail import DetailView, SingleObjectMixin from django.views.generic.detail import DetailView, SingleObjectMixin
from common.utils import get_object_or_none from common.utils import get_object_or_none
...@@ -61,6 +60,11 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView): ...@@ -61,6 +60,11 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
template_name = 'perms/asset_permission_create_update.html' template_name = 'perms/asset_permission_create_update.html'
success_url = reverse_lazy("perms:asset-permission-list") success_url = reverse_lazy("perms:asset-permission-list")
def get_form(self, form_class=None):
form = super().get_form(form_class=form_class)
form['node'].initial = form.instance.node
return form
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = { context = {
'app': _('Perms'), 'app': _('Perms'),
...@@ -70,22 +74,22 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView): ...@@ -70,22 +74,22 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
return super().get_context_data(**kwargs) return super().get_context_data(**kwargs)
class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView): # class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
template_name = 'perms/asset_permission_detail.html' # template_name = 'perms/asset_permission_detail.html'
context_object_name = 'asset_permission' # context_object_name = 'asset_permission'
model = AssetPermission # model = AssetPermission
#
def get_context_data(self, **kwargs): # def get_context_data(self, **kwargs):
context = { # context = {
'app': _('Perms'), # 'app': _('Perms'),
'action': _('Asset permission detail'), # 'action': _('Asset permission detail'),
'system_users_remain': [ # 'system_users_remain': [
system_user for system_user in SystemUser.objects.all() # system_user for system_user in SystemUser.objects.all()
if system_user not in self.object.system_users.all()], # if system_user not in self.object.system_users.all()],
'system_users': self.object.system_users.all(), # 'system_users': self.object.system_users.all(),
} # }
kwargs.update(context) # kwargs.update(context)
return super().get_context_data(**kwargs) # return super().get_context_data(**kwargs)
class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView): class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
...@@ -94,61 +98,61 @@ class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView): ...@@ -94,61 +98,61 @@ class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
success_url = reverse_lazy('perms:asset-permission-list') success_url = reverse_lazy('perms:asset-permission-list')
class AssetPermissionUserView(AdminUserRequiredMixin, # class AssetPermissionUserView(AdminUserRequiredMixin,
SingleObjectMixin, # SingleObjectMixin,
ListView): # ListView):
template_name = 'perms/asset_permission_user.html' # template_name = 'perms/asset_permission_user.html'
context_object_name = 'asset_permission' # context_object_name = 'asset_permission'
paginate_by = settings.DISPLAY_PER_PAGE # paginate_by = settings.DISPLAY_PER_PAGE
object = None # object = None
#
def get(self, request, *args, **kwargs): # def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=AssetPermission.objects.all()) # self.object = self.get_object(queryset=AssetPermission.objects.all())
return super().get(request, *args, **kwargs) # return super().get(request, *args, **kwargs)
#
def get_queryset(self): # def get_queryset(self):
queryset = self.object.get_granted_users() # queryset = self.object.get_granted_users()
return queryset # return queryset
#
def get_context_data(self, **kwargs): # def get_context_data(self, **kwargs):
users_granted = self.get_queryset() # users_granted = self.get_queryset()
groups_granted = self.object.user_groups.all() # groups_granted = self.object.user_groups.all()
context = { # context = {
'app': _('Perms'), # 'app': _('Perms'),
'action': _('Asset permission user list'), # 'action': _('Asset permission user list'),
'users_remain': User.objects.exclude(id__in=[user.id for user in users_granted]), # 'users_remain': User.objects.exclude(id__in=[user.id for user in users_granted]),
'user_groups': self.object.user_groups.all(), # 'user_groups': self.object.user_groups.all(),
'user_groups_remain': UserGroup.objects.exclude(id__in=[group.id for group in groups_granted]) # 'user_groups_remain': UserGroup.objects.exclude(id__in=[group.id for group in groups_granted])
} # }
kwargs.update(context) # kwargs.update(context)
return super().get_context_data(**kwargs) # return super().get_context_data(**kwargs)
class AssetPermissionAssetView(AdminUserRequiredMixin, # class AssetPermissionAssetView(AdminUserRequiredMixin,
SingleObjectMixin, # SingleObjectMixin,
ListView): # ListView):
template_name = 'perms/asset_permission_asset.html' # template_name = 'perms/asset_permission_asset.html'
context_object_name = 'asset_permission' # context_object_name = 'asset_permission'
paginate_by = settings.DISPLAY_PER_PAGE # paginate_by = settings.DISPLAY_PER_PAGE
object = None # object = None
#
def get(self, request, *args, **kwargs): # def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=AssetPermission.objects.all()) # self.object = self.get_object(queryset=AssetPermission.objects.all())
return super().get(request, *args, **kwargs) # return super().get(request, *args, **kwargs)
#
def get_queryset(self): # def get_queryset(self):
queryset = self.object.get_granted_assets() # queryset = self.object.get_granted_assets()
return queryset # return queryset
#
def get_context_data(self, **kwargs): # def get_context_data(self, **kwargs):
assets_granted = self.get_queryset() # assets_granted = self.get_queryset()
groups_granted = self.object.asset_groups.all() # groups_granted = self.object.asset_groups.all()
context = { # context = {
'app': _('Perms'), # 'app': _('Perms'),
'action': _('Asset permission asset list'), # 'action': _('Asset permission asset list'),
'assets_remain': Asset.objects.exclude(id__in=[asset.id for asset in assets_granted]), # 'assets_remain': Asset.objects.exclude(id__in=[asset.id for asset in assets_granted]),
'asset_groups': self.object.asset_groups.all(), # 'asset_groups': self.object.asset_groups.all(),
'asset_groups_remain': AssetGroup.objects.exclude(id__in=[group.id for group in groups_granted]) # 'asset_groups_remain': AssetGroup.objects.exclude(id__in=[group.id for group in groups_granted])
} # }
kwargs.update(context) # kwargs.update(context)
return super().get_context_data(**kwargs) # return super().get_context_data(**kwargs)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment