Merge branch 'master' into wangyong

29d19641 · halcyon · 55c5230e · 60cb5561 · 29d19641 · 29d19641
Commit 29d19641 authored Apr 16, 2015 by halcyon
17 changed files
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -3,7 +3,6 @@ import sys
 reload(sys)
 sys.setdefaultencoding('utf8')
-from django.core.mail import send_mail
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from jperm.models import Perm, SudoPerm, CmdGroup, Apply
@@ -11,12 +10,6 @@ from django.db.models import Q
 from jumpserver.api import *
-CONF = ConfigParser()
-CONF.read('%s/jumpserver.conf' % BASE_DIR)
-send_ip = CONF.get('base', 'ip')
-send_port = CONF.get('base', 'port')
 def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''):
    asset_groups_select_list = []
    cmd_groups_select_list = []
@@ -120,7 +113,7 @@ def dept_perm_list(request):
    if keyword:
        contact_list = DEPT.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)).order_by('name')
    else:
-        contact_list = DEPT.objects.filter(id__gt=1)
+        contact_list = DEPT.objects.filter(id__gt=2)
    contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
@@ -533,14 +526,23 @@ def cmd_add(request):
        dept_id = request.POST.get('dept_id')
        cmd = ','.join(request.POST.get('cmd').split())
        comment = request.POST.get('comment')
        dept = DEPT.objects.filter(id=dept_id)
-        if dept:
+        try:
+            if CmdGroup.objects.filter(name=name):
+                error = '%s 命令组已存在'
+                raise ServerError(error)
+            if not dept:
+                error = u"部门不能为空"
+                raise ServerError(error)
+        except ServerError, e:
+            pass
+        else:
            dept = dept[0]
            CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
-        else:
-            error = u"部门不能为空"
            msg = u'命令组添加成功'
+            return HttpResponseRedirect('/jperm/cmd_list/')
    return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@@ -555,8 +557,16 @@ def cmd_add_adm(request):
        cmd = ','.join(request.POST.get('cmd').split())
        comment = request.POST.get('comment')
+        try:
+            if CmdGroup.objects.filter(name=name):
+                error = '%s 命令组已存在'
+                raise ServerError(error)
+        except ServerError, e:
+            pass
+        else:
            CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
-        msg = u'命令组添加成功'
+            return HttpResponseRedirect('/jperm/cmd_list/')
        return HttpResponseRedirect('/jperm/cmd_list/')
    return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@@ -568,10 +578,12 @@ def cmd_edit(request):
    cmd_group_id = request.GET.get('id')
    cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
+    dept_all = DEPT.objects.all()
    if cmd_group:
        cmd_group = cmd_group[0]
        cmd_group_id = cmd_group.id
+        dept_id = cmd_group.dept.id
        name = cmd_group.name
        cmd = '\n'.join(cmd_group.cmd.split(','))
        comment = cmd_group.comment
@@ -579,12 +591,23 @@ def cmd_edit(request):
    if request.method == 'POST':
        cmd_group_id = request.POST.get('cmd_group_id')
        name = request.POST.get('name')
+        dept_id = request.POST.get('dept_id')
        cmd = ','.join(request.POST.get('cmd').split())
        comment = request.POST.get('comment')
        cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
-        if cmd_group:
-            cmd_group.update(name=name, cmd=cmd, comment=comment)
+        dept = DEPT.objects.filter(id=dept_id)
+        try:
+            if not dept:
+                error = '没有该部门'
+                raise ServerError(error)
+            if not cmd_group:
+                error = '没有该命令组'
+        except ServerError, e:
+            pass
+        else:
+            cmd_group.update(name=name, cmd=cmd, dept=dept[0], comment=comment)
            return HttpResponseRedirect('/jperm/cmd_list/')
    return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@@ -624,10 +647,22 @@ def cmd_del(request):
 @require_admin
 def cmd_detail(request):
-    cmd_id = request.GET.get('id')
+    cmd_ids = request.GET.get('id').split(',')
-    cmd_group = CmdGroup.objects.filter(id=cmd_id)
+    cmds = []
+    if len(cmd_ids) == 1:
+        cmd_group = CmdGroup.objects.filter(id=cmd_ids[0])
        if cmd_group:
            cmd_group = cmd_group[0]
+            cmds.extend(cmd_group.cmd.split(','))
+            cmd_group_name = cmd_group.name
+    else:
+        cmd_groups = []
+        for cmd_id in cmd_ids:
+            cmd_groups.extend(CmdGroup.objects.filter(id=cmd_id))
+        for cmd_group in cmd_groups:
+            cmds.extend(cmd_group.cmd.split(','))
+    cmds_str = ', '.join(cmds)
    return render_to_response('jperm/sudo_cmd_detail.html', locals(), context_instance=RequestContext(request))
@@ -660,7 +695,7 @@ def perm_apply(request):
        time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        a = Apply.objects.create(applyer=applyer, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), asset=hosts, status=0, comment=comment)
        uuid = a.uuid
-        url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (send_ip, send_port, uuid)
+        url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid)
        mail_msg = """
        Hi,%s:
            有新的权限申请, 详情如下:
@@ -674,7 +709,7 @@ def perm_apply(request):
            %s
        """ % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url)
-        send_mail(mail_title, mail_msg, 'jkfunshion@fun.tv', [mail_address], fail_silently=False)
+        send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
        smg = "提交成功,已发邮件通知部门管理员。"
        return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
    return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))

--- a/jumpserver.conf
+++ b/jumpserver.conf
 #coding: utf8
 [base]
-ip = 192.168.173.129
+ip = 192.168.20.209
 port = 80
+key = 88aaaf7ffe3c6c04
 [db]
@@ -25,13 +27,9 @@ root_pw = secret234
 web_socket_host = 192.168.173.129:3000
-[web]
-key = 88aaaf7ffe3c6c04
 [mail]
-email_host = mail.funshion.com
+email_host = smtp.exmail.qq.com
 email_port = 25
-email_host_user = jkfunshion
+email_host_user = noreply@jumpserver.org
-email_host_password = jkmail%
+email_host_password = jumpserver123
 email_use_tls = False
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -19,6 +19,7 @@ from jasset.models import Asset, BisGroup, IDC
 from jlog.models import Log
 from jasset.models import AssetAlias
 from django.core.exceptions import ObjectDoesNotExist
+from django.core.mail import send_mail
 BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
@@ -27,18 +28,12 @@ CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
 LOG_DIR = os.path.join(BASE_DIR, 'logs')
 SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys')
 SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server')
-KEY = CONF.get('web', 'key')
+KEY = CONF.get('base', 'key')
 LOGIN_NAME = getpass.getuser()
 LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable')
+SEND_IP = CONF.get('base', 'ip')
+SEND_PORT = CONF.get('base', 'port')
-# def user_perm_group_api(username):
+MAIL_FROM = CONF.get('mail', 'email_host_user')
-#     user = User.objects.get(username=username)
-#     if user:
-#         perm_list = []
-#         user_group_all = user.group.all()
-#         for user_group in user_group_all:
-#             perm_list.extend(user_group.perm_set.all())
 class LDAPMgmt():
@@ -201,6 +196,9 @@ def require_login(func):
 def require_super_user(func):
    def _deco(request, *args, **kwargs):
+        if not request.session.get('user_id'):
+            return HttpResponseRedirect('/login/')
        if request.session.get('role_id', 0) != 2:
            return HttpResponseRedirect('/')
        return func(request, *args, **kwargs)
@@ -209,6 +207,9 @@ def require_super_user(func):
 def require_admin(func):
    def _deco(request, *args, **kwargs):
+        if not request.session.get('user_id'):
+            return HttpResponseRedirect('/login/')
        if request.session.get('role_id', 0) < 1:
            return HttpResponseRedirect('/')
        return func(request, *args, **kwargs)
@@ -276,7 +277,8 @@ def view_splitter(request, su=None, adm=None):
        return su(request)
    elif is_group_admin(request):
        return adm(request)
-    raise Http404
+    else:
+        return HttpResponseRedirect('/login/')
 def user_perm_group_api(username):
@@ -384,39 +386,38 @@ def validate(request, user_group=None, user=None, asset_group=None, asset=None,
    if user_group:
        dept_user_groups = dept.usergroup_set.all()
-        user_groups = []
+        user_group_ids = []
-        for user_group_id in user_group:
+        for group in dept_user_groups:
-            user_groups.extend(UserGroup.objects.filter(id=user_group_id))
+            user_group_ids.append(str(group.id))
-        if not set(user_groups).issubset(set(dept_user_groups)):
+        if not set(user_group).issubset(set(user_group_ids)):
            return False
    if user:
        dept_users = dept.user_set.all()
-        users = []
+        user_ids = []
-        for user_id in user:
+        for user in dept_users:
-            users.extend(User.objects.filter(id=user_id))
+            user_ids.append(str(user.id))
-        if not set(users).issubset(set(dept_users)):
+        if not set(user).issubset(set(user_ids)):
            return False
    if asset_group:
        dept_asset_groups = dept.bisgroup_set.all()
-        asset_groups = []
+        asset_group_ids = []
-        for group_id in asset_group:
+        for group in dept_asset_groups:
-            asset_groups.extend(BisGroup.objects.filter(id=int(group_id)))
+            asset_group_ids.append(group.id)
-        if not set(asset_groups).issubset(set(dept_asset_groups)):
+        if not set(asset_group).issubset(set(asset_group_ids)):
            return False
    if asset:
        dept_assets = dept.asset_set.all()
-        assets, eassets = [], []
+        asset_ids = []
-        for asset_id in dept_assets:
+        for asset in dept_assets:
-            eassets.append(int(asset_id.id))
+            asset_ids.append(str(asset.id))
-        for i in asset:
-            assets.append(int(i)) 
-        if not set(assets).issubset(eassets):
+        if not set(asset).issubset(set(asset_ids)):
            return False
    return True

--- a/jumpserver/templatetags/mytags.py
+++ b/jumpserver/templatetags/mytags.py
@@ -163,6 +163,18 @@ def ugrp_perm_agrp_count(user_group_id):
    return 0
+@register.filter(name='ugrp_sudo_agrp_count')
+def ugrp_sudo_agrp_count(user_group_id):
+    user_group = UserGroup.objects.filter(id=user_group_id)
+    asset_groups = []
+    if user_group:
+        user_group = user_group[0]
+        for perm in user_group.sudoperm_set.all():
+            asset_groups.extend(perm.asset_group.all())
+        return len(set(asset_groups))
+    return 0
 @register.filter(name='ugrp_perm_asset_count')
 def ugrp_perm_asset_count(user_group_id):
    user_group = UserGroup.objects.filter(id=user_group_id)
@@ -175,6 +187,21 @@ def ugrp_perm_asset_count(user_group_id):
    return len(set(assets))
+@register.filter(name='ugrp_sudo_asset_count')
+def ugrp_sudo_asset_count(user_group_id):
+    user_group = UserGroup.objects.filter(id=user_group_id)
+    asset_groups = []
+    assets = []
+    if user_group:
+        user_group = user_group[0]
+        for perm in user_group.sudoperm_set.all():
+            asset_groups.extend(perm.asset_group.all())
+        for asset_group in asset_groups:
+            assets.extend(asset_group.asset_set.all())
+    return len(set(assets))
 @register.filter(name='get_user_alias')
 def get_user_alias(post, user_id):
    user = User.objects.get(id=user_id)
@@ -304,8 +331,52 @@ def sudo_cmd_list(cmd_group_id):
 @register.filter(name='sudo_cmd_count')
-def sudo_cmd_count(cmd_group_id):
+def sudo_cmd_count(user_group_id):
-    cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
+    user_group = UserGroup.objects.filter(id=user_group_id)
-    if cmd_group:
+    cmds = []
-        cmd_group = cmd_group[0]
+    if user_group:
-        return len(cmd_group.cmd.split(','))
+        user_group = user_group[0]
+        cmd_groups = []
+        for perm in user_group.sudoperm_set.all():
+            cmd_groups.extend(perm.cmd_group.all())
+        for cmd_group in cmd_groups:
+            cmds.extend(cmd_group.cmd.split(','))
+        return len(set(cmds))
+    else:
+        return 0
+@register.filter(name='sudo_cmd_count')
+def sudo_cmd_count(user_group_id):
+    user_group = UserGroup.objects.filter(id=user_group_id)
+    cmds = []
+    if user_group:
+        user_group = user_group[0]
+        cmd_groups = []
+        for perm in user_group.sudoperm_set.all():
+            cmd_groups.extend(perm.cmd_group.all())
+        for cmd_group in cmd_groups:
+            cmds.extend(cmd_group.cmd.split(','))
+        return len(set(cmds))
+    else:
+        return 0
+@register.filter(name='sudo_cmd_ids')
+def sudo_cmd_ids(user_group_id):
+    user_group = UserGroup.objects.filter(id=user_group_id)
+    if user_group:
+        user_group = user_group[0]
+        cmd_groups = []
+        for perm in user_group.sudoperm_set.all():
+            cmd_groups.extend(perm.cmd_group.all())
+        cmd_ids = [str(cmd_group.id) for cmd_group in cmd_groups]
+        return ','.join(cmd_ids)
+    else:
+        return '0'
--- a/jumpserver/views.py
+++ b/jumpserver/views.py
@@ -50,7 +50,7 @@ def index_cu(request):
        user = user[0]
    login_types = {'L': 'LDAP', 'M': 'MAP'}
    user_id = request.session.get('user_id')
-    username = User.objects.get(id=user_id).name
+    username = User.objects.get(id=user_id).username
    posts = user_perm_asset_api(username)
    host_count = len(posts)
    new_posts = []
@@ -248,11 +248,12 @@ def login(request):
    else:
        username = request.POST.get('username')
        password = request.POST.get('password')
-        user = User.objects.filter(username=username)
+        user_filter = User.objects.filter(username=username)
-        if user:
+        if user_filter:
-            user = user[0]
+            user = user_filter[0]
            if md5_crypt(password) == user.password:
                request.session['user_id'] = user.id
+                user_filter.update(last_login=datetime.datetime.now())
                if user.role == 'SU':
                    request.session['role_id'] = 2
                elif user.role == 'DA':

--- a/juser/views.py
+++ b/juser/views.py
@@ -68,9 +68,11 @@ def db_add_user(**kwargs):
            group = UserGroup.objects.filter(id=group_id)
            group_select.extend(group)
        user.group = group_select
+    return user
 def db_update_user(**kwargs):
+    print kwargs
    groups_post = kwargs.pop('groups')
    user_id = kwargs.pop('user_id')
    user = User.objects.filter(id=user_id)
@@ -152,18 +154,8 @@ def ldap_add_user(username, ldap_pwd):
                  'userPassword': ['{crypt}x'],
                  'gidNumber': [str(user.id)]}
-    # sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
-    # sudo_attr = {'objectClass': ['top', 'sudoRole'],
-    #              'cn': ['%s' % str(username)],
-    #              'sudoCommand': ['/bin/pwd'],
-    #              'sudoHost': ['192.168.1.1'],
-    #              'sudoOption': ['!authenticate'],
-    #              'sudoRunAsUser': ['root'],
-    #              'sudoUser': ['%s' % str(username)]}
    ldap_conn.add(user_dn, user_attr)
    ldap_conn.add(group_dn, group_attr)
-    # ldap_conn.add(sudo_dn, sudo_attr)
 def ldap_del_user(username):
@@ -354,11 +346,16 @@ def group_add(request):
                error = u'组名 或 部门 不能为空'
                raise AddError(error)
+            if UserGroup.objects.filter(name=group_name):
+                error = u'组名已存在'
+                raise AddError(error)
            dept = DEPT.objects.filter(id=dept_id)
            if dept:
                dept = dept[0]
            else:
-                AddError(u'部门不存在')
+                error = u'部门不存在'
+                raise AddError(error)
            db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment)
        except AddError:
@@ -596,13 +593,13 @@ def user_add(request):
    if request.method == 'POST':
        username = request.POST.get('username', '')
-        password = request.POST.get('password', '')
+        password = gen_rand_pwd(16)
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
        dept_id = request.POST.get('dept_id')
        groups = request.POST.getlist('groups', [])
        role_post = request.POST.get('role', 'CU')
-        ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
+        ssh_key_pwd = gen_rand_pwd(16)
        is_active = True if request.POST.get('is_active', '1') == '1' else False
        ldap_pwd = gen_rand_pwd(16)
@@ -626,11 +623,11 @@ def user_add(request):
            pass
        else:
            try:
-                db_add_user(username=username,
+                user = db_add_user(username=username,
                                   password=md5_crypt(password),
                                   name=name, email=email, dept=dept,
                                   groups=groups, role=role_post,
-                            ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
+                                   ssh_key_pwd=md5_crypt(ssh_key_pwd),
                                   ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
                                   is_active=is_active,
                                   date_joined=datetime.datetime.now())
@@ -638,7 +635,18 @@ def user_add(request):
                server_add_user(username, password, ssh_key_pwd)
                if LDAP_ENABLE:
                    ldap_add_user(username, ldap_pwd)
-                msg = u'添加用户 %s 成功！' % username
+                mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
+                mail_msg = """
+                Hi, %s
+                    您的用户名： %s
+                    您的部门: %s
+                    您的角色： %s
+                    您的web登录密码： %s
+                    您的ssh登录密码： %s
+                    密钥下载地址： http://%s:%s/juser/down_key/?id=%s
+                    说明： 请登陆后再下载密钥！
+                """ % (name, username, dept.name, user_role.get(role_post, ''),
+                       password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
            except Exception, e:
                error = u'添加用户 %s 失败 %s ' % (username, e)
@@ -649,6 +657,9 @@ def user_add(request):
                        ldap_del_user(username)
                except Exception:
                    pass
+            else:
+                send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
+                msg = u'添加用户 %s 成功！ 用户密码已发送到 %s 邮箱！' % (username, email)
    return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@@ -662,11 +673,11 @@ def user_add_adm(request):
    if request.method == 'POST':
        username = request.POST.get('username', '')
-        password = request.POST.get('password', '')
+        password = gen_rand_pwd(16)
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
        groups = request.POST.getlist('groups', [])
-        ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
+        ssh_key_pwd = gen_rand_pwd(16)
        is_active = True if request.POST.get('is_active', '1') == '1' else False
        ldap_pwd = gen_rand_pwd(16)
@@ -687,7 +698,7 @@ def user_add_adm(request):
                            password=md5_crypt(password),
                            name=name, email=email, dept=dept,
                            groups=groups, role='CU',
-                            ssh_key_pwd=CRYPTOR.encrypt(ssh_key_pwd),
+                            ssh_key_pwd=md5_crypt(ssh_key_pwd),
                            ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
                            is_active=is_active,
                            date_joined=datetime.datetime.now())
@@ -695,7 +706,6 @@ def user_add_adm(request):
                server_add_user(username, password, ssh_key_pwd)
                if LDAP_ENABLE:
                    ldap_add_user(username, ldap_pwd)
-                msg = u'添加用户 %s 成功！' % username
            except Exception, e:
                error = u'添加用户 %s 失败 %s ' % (username, e)
@@ -706,6 +716,23 @@ def user_add_adm(request):
                        ldap_del_user(username)
                except Exception:
                    pass
+            else:
+                mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver'
+                mail_msg = """
+                Hi, %s
+                    您的用户名： %s
+                    您的部门: %s
+                    您的角色： %s
+                    您的web登录密码： %s
+                    您的ssh登录密码： %s
+                    密钥下载地址： http://%s:%s/juser/down_key/?id=%s
+                    说明： 请登陆后再下载密钥！
+                """ % (name, username, dept.name, '普通用户',
+                       password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id)
+                print MAIL_FROM
+                send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False)
+                msg = u'添加用户 %s 成功！ 用户密码已发送到 %s 邮箱！' % (username, email)
    return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@@ -843,7 +870,7 @@ def user_edit(request):
            groups_str = ' '.join([str(group.id) for group in user.group.all()])
    else:
-        user_id = request.GET.get('user_id', '')
+        user_id = request.POST.get('user_id', '')
        password = request.POST.get('password', '')
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
@@ -858,7 +885,7 @@ def user_edit(request):
        if dept:
            dept = dept[0]
        else:
-            dept = DEPT.objects.get(id='1')
+            dept = DEPT.objects.get(id='2')
        if user_id:
            user = User.objects.filter(id=user_id)

--- a/log_handler.py
+++ b/log_handler.py
 #!/usr/bin/python
-#coding: utf-8
+# coding: utf-8
 import os
 import re

--- a/service.sh
+++ b/service.sh
+#!/bin/bash
+# Date: 2015-04-12
+# Version: 2.0.0
+# Site: http://www.jumpserver.org
+# Author: jumpserver group
+. /etc/init.d/functions
+export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/node/bin
+base_dir=$(dirname $0)
+case $1 in
+start)
+    daemon $base_dir/manage.py runserver 0.0.0.0:80 &
+    daemon $base_dir/log_handler.py &
+    cd $base_dir/websocket/; daemon node index.js &
+    ;;
+stop)
+    pkill -15 python
+    pkill -15 node
+    ;;
+esac
--- a/static/js/base.js
+++ b/static/js/base.js
@@ -59,10 +59,13 @@ function GetTableDataBox() {
    return returnData;
 }
-function move(from, to) {
+function move(from, to, from_o, to_o) {
    $("#" + from + " option").each(function () {
        if ($(this).prop("selected") == true) {
            $("#" + to).append(this);
+            if( typeof from_o !== 'undefined'){
+                $("#"+to_o).append($("#"+from_o +" option[value='"+this.value+"']"));
+            }
        }
    });
 }
@@ -76,12 +79,12 @@ function move_left(from, to) {
    });
 }
-function move_all(from, to) {
+//function move_all(from, to) {
-    $("#" + from).children().each(function () {
+//    $("#" + from).children().each(function () {
-        $("#" + to).append(this);
+//        $("#" + to).append(this);
-    });
+//    });
-}
+//}
+//
 function selectAll(){
         var checklist = document.getElementsByName ("selected");
@@ -100,12 +103,12 @@ function selectAll(){
        }
+//
-function move_all(from, to){
+//function move_all(from, to){
-    $("#"+from).children().each(function(){
+//    $("#"+from).children().each(function(){
-        $("#"+to).append(this);
+//        $("#"+to).append(this);
-    });
+//    });
-}
+//}
 //function commit_select(form_array){
 //    $('#{0} option'.format(form_array)).each(function(){

--- a/templates/jperm/dept_perm_edit.html
+++ b/templates/jperm/dept_perm_edit.html
@@ -16,8 +16,6 @@ function search_ip(text, noselect, total){
        })
 }
 </script>
 <div class="wrapper wrapper-content animated fadeInRight">
@@ -103,8 +101,8 @@ function search_ip(text, noselect, total){
                                <div class="col-sm-1">
                                    <div class="btn-group" style="margin-top: 60px;">
-                                        <button type="button" class="btn btn-white" onclick="move('assets', 'asset_select'  )"><i class="fa fa-chevron-right"></i></button>
+                                        <button type="button" class="btn btn-white" onclick="move('assets', 'asset_select', 'assets_total', 'asset_select_total'  )"><i class="fa fa-chevron-right"></i></button>
-                                        <button type="button" class="btn btn-white" onclick="move('asset_select', 'assets')"><i class="fa fa-chevron-left"></i> </button>
+                                        <button type="button" class="btn btn-white" onclick="move('asset_select', 'assets', 'asset_select_total', 'assets_total')"><i class="fa fa-chevron-left"></i> </button>
                                    </div>
                                </div>
@@ -118,8 +116,6 @@ function search_ip(text, noselect, total){
                                    </div>
                                </div>
                            </div>
                        </div>
                        <div class="row">
@@ -172,14 +168,11 @@ $('#sudoPerm').validator({
 $(document).ready(function(){
    $("#submit_button").click(function(){
-        $('#users_selected option').each(function(){
+        $('#sudoPerm option').each(function(){
            $(this).prop('selected', true)
        })
    });
 })
 </script>

--- a/templates/jperm/sudo_cmd_add.html
+++ b/templates/jperm/sudo_cmd_add.html
@@ -63,7 +63,12 @@
                                <div class="col-sm-8">
                                    <select id="dept_id" name="dept_id" class="form-control m-b">
                                        {% for dept in dept_all %}
+                                            {% ifequal dept_id dept.id %}
                                                <option value="{{ dept.id }}" selected>{{ dept.name }}</option>
+                                            {% else %}
+                                                <option value="{{ dept.id }}">{{ dept.name }}</option>
+                                            {% endifequal %}
                                        {% endfor %}
                                    </select>
                                </div>

--- a/templates/jperm/sudo_cmd_detail.html
+++ b/templates/jperm/sudo_cmd_detail.html
@@ -14,10 +14,13 @@
    <body>
        <div class="row">
            <div class="contact-box">
+                {% if cmd_group_name %}
                <h2 class="text-center">{{ cmd_group.name }} 命令详情</h2>
+                {% endif %}
                <div class="ibox-content">
                    <table class="table table-striped table-bordered table-hover " id="editable" >
+                        {% if cmd_group_name %}
                        <thead>
                            <tr>
                                <td class="text-center" width="120">ID</td>
@@ -31,10 +34,11 @@
                            <td class="text-center">{{ cmd_group.name }}</td>
                            <td class="text-center">{{ cmd_group.dept.name }}</td>
                        </tr>
+                        {% endif %}
                        <tr>
                            <td colspan="1" class="text-center">命令：</td>
                            <td colspan="6" class="text-center">
-                                    <b>{{ cmd_group.cmd }}</b>
+                                    <b>{{ cmds_str }}</b>
                            </td>
                        </tr>
                    </table>

--- a/templates/jperm/sudo_cmd_list.html
+++ b/templates/jperm/sudo_cmd_list.html
@@ -49,6 +49,7 @@
                            <tr>
                                <th class="text-center">组名</th>
                                <th class="text-center">命令</th>
+                                <th class="text-center">部门</th>
                                <th class="text-center">备注</th>
                                <th class="text-center">操作</th>
                            </tr>
@@ -58,9 +59,10 @@
                            <tr class="gradeX">
                                <td class="text-center"> {{ group.name }} </td>
                                <td class="text-center" title="{{ group.cmd }}"> {{ group.cmd | string_length:50 }} </td>
+                                <td class="text-center"> {{ group.dept.name }} </td>
                                <td class="text-center"> {{ group.comment }} </td>
                                <td class="text-center">
-{#                                    <a href="../cmd_detail/?id={{ group.id }}" class="btn btn-xs btn-info">详情</a>#}
+                                    <a value="../cmd_detail/?id={{ group.id }}" class="btn btn-xs btn-primary iframe">详情</a>
                                    <a href="../cmd_edit/?id={{ group.id }}" class="btn btn-xs btn-info">编辑</a>
                                    <a href="../cmd_del/?id={{ group.id }}" class="btn btn-xs btn-danger">删除</a>
                                </td>
@@ -117,8 +119,21 @@
 </div>
 <script>
-    $(document).ready(function(){
+    $(document).ready(function() {
-        $(".iframe").colorbox({iframe:true, width:"70%", height:"70%"});
+        $(".iframe").on('click', function () {
+            var url = $(this).attr("value");
+            $.layer({
+                type: 2,
+                title: '命令详情',
+                maxmin: true,
+                shift: 'top',
+                border: [2, 0.3, '#1AB394'],
+                shade: [0.5, '#000000'],
+                shadeClose: true,
+                area: ['800px', '600px'],
+                iframe: {src: url}
+            });
+        });
    });
 </script>

--- a/templates/jperm/sudo_list.html
+++ b/templates/jperm/sudo_list.html
@@ -67,9 +67,9 @@
                                                <td class="text-center"> {{ group.name }} </td>
                                                <td class="text-center"> {{ group.dept.name }} </td>
                                                <td class="text-center"><a href="/juser/user_list/?gid={{ group.id }}">{{ group.id | member_count }} </a> </td>
-                                                <td class="text-center"><a href="/jasset/group_list/?sid={{ group.id }}">{{ group.id | ugrp_perm_agrp_count }} </a> </td>
+                                                <td class="text-center"><a href="/jasset/group_list/?sid={{ group.id }}">{{ group.id | ugrp_sudo_agrp_count }} </a> </td>
-                                                <td class="text-center"><a href="/jasset/host_list/?sid={{ group.id }}"> {{ group.id | ugrp_perm_asset_count }} </a> </td>
+                                                <td class="text-center"><a href="/jasset/host_list/?sid={{ group.id }}"> {{ group.id | ugrp_sudo_asset_count }} </a> </td>
-                                                <td class="text-center"><a value="/jperm/cmd_detail/?id={{ group.id }}"  class="iframe">{{ group.id | sudo_cmd_count }}</a> </td>
+                                                <td class="text-center"><a value="/jperm/cmd_detail/?id={{ group.id | sudo_cmd_ids }}"  class="iframe">{{ group.id | sudo_cmd_count }}</a> </td>
                                                <td class="text-center"> {{ group.comment }} </td>
                                                <td class="text-center">
                                                    <a href="../sudo_edit/?id={{ group.id }}" class="btn btn-xs btn-danger">sudo授权</a>

--- a/templates/juser/user_add.html
+++ b/templates/juser/user_add.html
@@ -42,26 +42,26 @@
                                    <input id="username" name="username" placeholder="Username" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
                                </div>
                            </div>
-                            <div class="hr-line-dashed"></div>
+{#                            <div class="hr-line-dashed"></div>#}
-                            <div class="form-group">
+{#                            <div class="form-group">#}
-                                <label for="password" class="col-sm-2 control-label">密码<span class="red-fonts">*</span></label>
+{#                                <label for="password" class="col-sm-2 control-label">密码<span class="red-fonts">*</span></label>#}
-                                <div class="col-sm-8">
+{#                                <div class="col-sm-8">#}
-                                    <input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}>
+{#                                    <input id="password" name="password" placeholder="Password" type="password" class="form-control" {% if error %}value="{{ password }}" {% endif %}>#}
-                                    <span class="help-block m-b-none">
+{#                                    <span class="help-block m-b-none">#}
-                                        登陆web的密码
+{#                                        登陆web的密码#}
-                                    </span>
+{#                                    </span>#}
-                                </div>
+{#                                </div>#}
-                            </div>
+{#                            </div>#}
-                            <div class="hr-line-dashed"></div>
+{#                            <div class="hr-line-dashed"></div>#}
-                            <div class="form-group">
+{#                            <div class="form-group">#}
-                                <label for="ssh_key_pwd" class="col-sm-2 control-label">密钥密码<span class="red-fonts">*</span></label>
+{#                                <label for="ssh_key_pwd" class="col-sm-2 control-label">密钥密码<span class="red-fonts">*</span></label>#}
-                                <div class="col-sm-8">
+{#                                <div class="col-sm-8">#}
-                                    <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}>
+{#                                    <input id="ssh_key_pwd" name="ssh_key_pwd" placeholder="SSH Key Password" type="password" class="form-control" {% if error %}value="{{ ssh_key_pwd }}" {% endif %}>#}
-                                    <span class="help-block m-b-none">
+{#                                    <span class="help-block m-b-none">#}
-                                        登陆 Jumpserver 使用的SSH密钥的密码
+{#                                        登陆 Jumpserver 使用的SSH密钥的密码#}
-                                    </span>
+{#                                    </span>#}
-                                </div>
+{#                                </div>#}
-                            </div>
+{#                            </div>#}
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="name" class="col-sm-2 control-label">姓名<span class="red-fonts">*</span></label>

--- a/templates/login.html
+++ b/templates/login.html
@@ -14,6 +14,7 @@
    <link href="/static/css/animate.css" rel="stylesheet">
    <link href="/static/css/style.css" rel="stylesheet">
 </head>
 <body class="gray-bg">

--- a/templates/upload.html
+++ b/templates/upload.html
@@ -56,7 +56,7 @@
            uploadMultiple: true,
            parallelUploads: 100,
            maxFiles: 100,
-            url: '/upload/',
+            url: '/file/upload/',
            // Dropzone settings
            init: function() {