Skip to content

J
jumpserver
Commit 3f89701b authored by ibuler's avatar ibuler
Browse files
Options

[Bugfix] 修复授权和资产的一部分bug

parent b0eace6a
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 425 additions and 391 deletions
apps/assets/models/asset.py
View file @ 3f89701b
......@@ -87,7 +87,7 @@ class Asset(models.Model):
comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
def __str__(self):
return '%s <%s: %s>' % (self.hostname, self.ip, self.port)
return self.hostname
@property
def is_valid(self):
......
apps/assets/models/user.py
View file @ 3f89701b
......@@ -198,7 +198,7 @@ class SystemUser(AssetUser):
('P', 'Password'),
('K', 'Public key'),
)
cluster = models.ManyToManyField('assets.Cluster', null=True, blank=True, verbose_name=_("Cluster"))
cluster = models.ManyToManyField('assets.Cluster', blank=True, verbose_name=_("Cluster"))
priority = models.IntegerField(default=10, verbose_name=_("Priority")) # Todo: If user granted more priority user, default will be login as the hign
protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))
......
apps/assets/templates/assets/admin_user_detail.html
View file @ 3f89701b
......@@ -123,24 +123,6 @@
{% endblock %}
{% block custom_foot_js %}
<script>
Array.prototype.remove = function(val) {
var index = this.indexOf(val);
if (index > -1) {
this.splice(index, 1);
}
};
Array.prototype.unique = function(){
var res = [];
var json = {};
for(var i = 0; i < this.length; i++){
if(!json[this[i]]){
res.push(this[i]);
json[this[i]] = 1;
}
}
return res;
};
function bindToCluster(clusters) {
var the_url = "{% url 'api-assets:admin-user-add-clusters' pk=admin_user.id %}";
var body = {
......
apps/assets/templates/assets/asset_detail.html
View file @ 3f89701b
......@@ -227,7 +227,7 @@
</tr>
<tr>
<td colspan="2" class="no-borders">
<button type="button" class="btn btn-info btn-sm" id="btn_add_user_group">{% trans 'Confirm' %}</button>
<button type="button" class="btn btn-info btn-sm" id="btn-add-user-group">{% trans 'Confirm' %}</button>
</td>
</tr>
</form>
......@@ -327,7 +327,7 @@ $(document).ready(function () {
}else{
$(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('False');
}
}).on('click', '#btn_add_user_group', function () {
}).on('click', '#btn-add-user-group', function () {
if (Object.keys(jumpserver.groups_selected).length === 0) {
return false;
}
......
apps/assets/templates/assets/cluster_assets.html
View file @ 3f89701b
......@@ -101,7 +101,7 @@
</tr>
<tr class="no-borders-tr">
<td colspan="2">
<button type="button" class="btn btn-primary btn-sm btn-add-assets">{% trans 'Confirm' %}</button>
<button type="button" class="btn btn-info btn-sm btn-add-assets">{% trans 'Confirm' %}</button>
</td>
</tr>
</form>
......
apps/assets/templates/assets/system_user_list.html
View file @ 3f89701b
......@@ -30,7 +30,7 @@
{% endblock %}
{% block custom_foot_js %}
<script>
$(document).ready(function(){
function initTable() {
var options = {
ele: $('#system_user_list_table'),
columnDefs: [
......@@ -74,7 +74,6 @@ $(document).ready(function(){
}},
{targets: 8, createdCell: function (td, cellData, rowData) {
{# var script_btn = '<a href="{% url "assets:system-user-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-primary">{% trans "Script" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);#}
var update_btn = '<a href="{% url "assets:system-user-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_admin_user_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
$(td).html(update_btn + del_btn)
......@@ -87,6 +86,10 @@ $(document).ready(function(){
op_html: $('#actions').html()
};
jumpserver.initDataTable(options);
}
$(document).ready(function(){
initTable();
})
.on('click', '.btn_admin_user_delete', function () {
......
apps/ops/ansible/callback.py
View file @ 3f89701b
# ~*~ coding: utf-8 ~*~
from collections import defaultdict
from ansible.plugins.callback import CallbackBase
from ansible.plugins.callback.default import CallbackModule
......@@ -19,8 +21,9 @@ class AdHocResultCallback(CallbackModule):
# "contacted": {"hostname",...},
# "dark": {"hostname": {"task_name": {}, "task_name": {}},...,},
# }
self.results_raw = dict(ok={}, failed={}, unreachable={}, skipped={})
self.results_summary = dict(contacted=[], dark={})
self.results_raw = dict(ok=defaultdict(dict), failed=defaultdict(dict),
unreachable=defaultdict(dict), skipped=defaultdict(dict))
self.results_summary = dict(contacted=[], dark=defaultdict(dict))
super().__init__()
def gather_result(self, t, res):
......@@ -31,8 +34,8 @@ class AdHocResultCallback(CallbackModule):
if self.results_raw[t].get(host):
self.results_raw[t][host][task_name] = task_result
else:
self.results_raw[t][host] = {task_name: task_result}
# else:
# self.results_raw[t][host] = {task_name: task_result}
self.clean_result(t, host, task_name, task_result)
def clean_result(self, t, host, task_name, task_result):
......@@ -42,10 +45,10 @@ class AdHocResultCallback(CallbackModule):
if host not in contacted:
contacted.append(host)
else:
if dark.get(host):
dark[host][task_name] = task_result
else:
dark[host] = {task_name: task_result}
# if dark.get(host):
dark[host][task_name] = task_result.values
# else:
# dark[host] = {task_name: task_result}
if host in contacted:
contacted.remove(host)
......
apps/perms/api.py
View file @ 3f89701b
......@@ -3,7 +3,7 @@
from django.shortcuts import get_object_or_404
from rest_framework.views import APIView, Response
from rest_framework.generics import ListAPIView, get_object_or_404
from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView
from rest_framework import viewsets
from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
from common.utils import get_object_or_none
......@@ -14,7 +14,6 @@ from .models import AssetPermission
from .hands import AssetGrantedSerializer, User, UserGroup, AssetGroup, Asset, \
AssetGroup, AssetGroupGrantedSerializer, SystemUser, MyAssetGroupGrantedSerializer
from . import serializers
from .utils import associate_system_users_and_assets
class AssetPermissionViewSet(viewsets.ModelViewSet):
......@@ -39,93 +38,85 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
queryset = get_user_group_asset_permissions(user_group)
return queryset
# Todo: 忘记为何要重写get_serializer_class了
def get_serializer_class(self):
if getattr(self, 'user_id', ''):
return serializers.UserAssetPermissionSerializer
return serializers.AssetPermissionSerializer
def associate_system_users_and_assets(self, serializer):
assets = serializer.validated_data.get('assets', [])
asset_groups = serializer.validated_data.get('asset_groups', [])
system_users = serializer.validated_data.get('system_users', [])
if serializer.partial:
instance = self.get_object()
assets.extend(list(instance.assets.all()))
asset_groups.extend(list(instance.asset_groups.all()))
system_users.extend(list(instance.system_users.all()))
associate_system_users_and_assets(system_users, assets, asset_groups)
def perform_create(self, serializer):
self.associate_system_users_and_assets(serializer)
return super(AssetPermissionViewSet, self).perform_create(serializer)
def perform_update(self, serializer):
self.associate_system_users_and_assets(serializer)
return super(AssetPermissionViewSet, self).perform_update(serializer)
class RevokeUserAssetPermission(APIView):
class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
"""
将用户从授权中移除,Detail页面会调用
"""
permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateUserSerializer
queryset = AssetPermission.objects.all()
def put(self, request, *args, **kwargs):
permission_id = str(request.data.get('id', ''))
user_id = str(request.data.get('user_id', ''))
def update(self, request, *args, **kwargs):
perm = self.get_object()
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
users = serializer.validated_data.get('users')
if users:
perm.users.remove(*tuple(users))
return Response({"msg": "ok"})
else:
return Response({"error": serializer.errors})
if permission_id and user_id and permission_id.isdigit() and user_id.isdigit():
asset_permission = get_object_or_404(AssetPermission, id=int(permission_id))
user = get_object_or_404(User, id=int(user_id))
if asset_permission and user:
asset_permission.users.remove(user)
return Response({'msg': 'success'})
return Response({'msg': 'failed'}, status=404)
class AssetPermissionAddUserApi(RetrieveUpdateAPIView):
permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateUserSerializer
queryset = AssetPermission.objects.all()
def update(self, request, *args, **kwargs):
perm = self.get_object()
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
users = serializer.validated_data.get('users')
if users:
perm.users.add(*tuple(users))
return Response({"msg": "ok"})
else:
return Response({"error": serializer.errors})
class RemoveSystemUserAssetPermission(APIView):
"""
将系统用户从授权中移除, Detail页面会调用
"""
permission_classes = (IsSuperUser,)
def put(self, request, *args, **kwargs):
response = []
asset_permission_id = kwargs.pop('pk')
system_users_id = request.data.get('system_users')
print(system_users_id)
asset_permission = get_object_or_404(
AssetPermission, id=asset_permission_id)
if not isinstance(system_users_id, list):
system_users_id = [system_users_id]
for system_user_id in system_users_id:
system_user = get_object_or_none(SystemUser, id=system_user_id)
if system_user:
asset_permission.system_users.remove(system_user)
response.append(system_user.to_json())
return Response(response, status=200)
class RevokeUserGroupAssetPermission(APIView):
class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
"""
将用户组从授权中删除
将用户从授权中移除,Detail页面会调用
"""
permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateAssetSerializer
queryset = AssetPermission.objects.all()
def put(self, request, *args, **kwargs):
permission_id = str(request.data.get('id', ''))
user_group_id = str(request.data.get('user_group_id', ''))
def update(self, request, *args, **kwargs):
perm = self.get_object()
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
print(serializer.data)
assets = serializer.validated_data.get('assets')
if assets:
perm.assets.remove(*tuple(assets))
return Response({"msg": "ok"})
else:
return Response({"error": serializer.errors})
if permission_id and user_group_id and permission_id.isdigit() and user_group_id.isdigit():
asset_permission = get_object_or_404(AssetPermission, id=int(permission_id))
user_group = get_object_or_404(UserGroup, id=int(user_group_id))
if asset_permission and user_group:
asset_permission.user_groups.remove(user_group)
return Response({'msg': 'success'})
return Response({'msg': 'failed'}, status=404)
class AssetPermissionAddAssetApi(RetrieveUpdateAPIView):
permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateAssetSerializer
queryset = AssetPermission.objects.all()
def update(self, request, *args, **kwargs):
perm = self.get_object()
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
assets = serializer.validated_data.get('assets')
if assets:
perm.assets.add(*tuple(assets))
return Response({"msg": "ok"})
else:
return Response({"error": serializer.errors})
class UserGrantedAssetsApi(ListAPIView):
......
apps/perms/forms.py
View file @ 3f89701b
......@@ -34,7 +34,7 @@ class AssetPermissionForm(forms.ModelForm):
}
help_texts = {
'name': '* required',
'user_groups': '* User or user group at least one required',
'asset_groups': '* Asset or Asset group at least one required',
'system_users': '* required',
'user_groups': _('User or user group at least one required'),
'asset_groups': _('Asset or Asset group at least one required'),
}
apps/perms/models.py
View file @ 3f89701b
......@@ -9,28 +9,18 @@ from common.utils import date_expired_default
class AssetPermission(models.Model):
from users.models import User, UserGroup
from assets.models import Asset, AssetGroup, SystemUser
from assets.models import Asset, AssetGroup, SystemUser, Cluster
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
name = models.CharField(
max_length=128, unique=True, verbose_name=_('Name'))
users = models.ManyToManyField(
User, related_name='asset_permissions', blank=True)
user_groups = models.ManyToManyField(
UserGroup, related_name='asset_permissions', blank=True)
assets = models.ManyToManyField(
Asset, related_name='granted_by_permissions', blank=True)
asset_groups = models.ManyToManyField(
AssetGroup, related_name='granted_by_permissions', blank=True)
system_users = models.ManyToManyField(
SystemUser, related_name='granted_by_permissions')
is_active = models.BooleanField(
default=True, verbose_name=_('Active'))
date_expired = models.DateTimeField(
default=date_expired_default, verbose_name=_('Date expired'))
created_by = models.CharField(
max_length=128, blank=True, verbose_name=_('Created by'))
date_created = models.DateTimeField(
auto_now_add=True, verbose_name=_('Date created'))
name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
users = models.ManyToManyField(User, related_name='asset_permissions', blank=True, verbose_name=_("User"))
user_groups = models.ManyToManyField(UserGroup, related_name='asset_permissions', blank=True, verbose_name=_("User group"))
assets = models.ManyToManyField(Asset, related_name='granted_by_permissions', blank=True, verbose_name=_("Asset"))
asset_groups = models.ManyToManyField(AssetGroup, related_name='granted_by_permissions', blank=True, verbose_name=_("Asset group"))
system_users = models.ManyToManyField(SystemUser, related_name='granted_by_permissions', verbose_name=_("System user"))
is_active = models.BooleanField(default=True, verbose_name=_('Active'))
date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_('Date expired'))
created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
comment = models.TextField(verbose_name=_('Comment'), blank=True)
def __str__(self):
......@@ -38,7 +28,7 @@ class AssetPermission(models.Model):
@property
def is_valid(self):
if self.date_expired < timezone.now() and self.is_active:
if self.date_expired > timezone.now() and self.is_active:
return True
return False
......@@ -68,18 +58,12 @@ class AssetPermission(models.Model):
assets.add(asset)
return assets
# class Meta:
# db_table = 'asset_permission'
# def change_permission(sender, **kwargs):
# print('Sender: %s' % sender)
# for k, v in kwargs.items():
# print('%s: %s' % (k, v))
# print()
#
# m2m_changed.connect(change_permission, sender=AssetPermission.assets.through)
def check_system_user_in_assets(self):
errors = {}
assets = self.get_granted_assets()
clusters = set([asset.cluster for asset in assets])
for system_user in self.system_users.all():
cluster_remain = clusters - set(system_user.cluster.all())
if cluster_remain:
errors[system_user.name] = cluster_remain
return errors
apps/perms/serializers.py
View file @ 3f89701b
......@@ -9,10 +9,50 @@ from .hands import User
class AssetPermissionSerializer(serializers.ModelSerializer):
assets_ = serializers.SerializerMethodField()
asset_groups_ = serializers.SerializerMethodField()
users_ = serializers.SerializerMethodField()
user_groups_ = serializers.SerializerMethodField()
system_users_ = serializers.SerializerMethodField()
class Meta:
model = AssetPermission
fields = '__all__'
@staticmethod
def get_assets_(obj):
return [asset.hostname for asset in obj.assets.all()]
@staticmethod
def get_asset_groups_(obj):
return [group.name for group in obj.asset_groups.all()]
@staticmethod
def get_users_(obj):
return [user.username for user in obj.users.all()]
@staticmethod
def get_user_groups_(obj):
return [group.name for group in obj.user_groups.all()]
@staticmethod
def get_system_users_(obj):
return [user.username for user in obj.system_users.all()]
class AssetPermissionUpdateUserSerializer(serializers.ModelSerializer):
class Meta:
model = AssetPermission
fields = ['id', 'users']
class AssetPermissionUpdateAssetSerializer(serializers.ModelSerializer):
class Meta:
model = AssetPermission
fields = ['id', 'assets']
class UserAssetPermissionSerializer(AssetPermissionSerializer):
is_inherited = serializers.SerializerMethodField()
......
apps/perms/templates/perms/asset_permission_detail.html
View file @ 3f89701b
......@@ -126,23 +126,6 @@
</div>
</span></td>
</tr>
<tr>
<td width="50%">{% trans 'Retest asset connectivity' %}:</td>
<td>
<span style="float: right">
<button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Start' %}</button>
</span>
</td>
</tr>
<tr>
<td width="50%">{% trans 'Repush system user' %}:</td>
<td>
<span style="float: right">
<button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Push' %}</button>
</span>
</td>
</tr>
</tbody>
</table>
</div>
......@@ -153,21 +136,21 @@
<i class="fa fa-info-circle"></i> {% trans 'System user' %}
</div>
<div class="panel-body">
<table class="table group_edit">
<table class="table" id="system-user-table">
<tbody>
<form>
<tr>
<td colspan="2" class="no-borders">
<select data-placeholder="{% trans 'Select system users' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
{% for system_user in system_users_remain %}
<option value="{{ system_user.id }}" id="opt_{{ system_user.id }}">{{ system_user.name }}: {{ system_user.username }}</option>
<option value="{{ system_user.id }}" id="opt_{{ system_user.id }}">{{ system_user.name }}</option>
{% endfor %}
</select>
</td>
</tr>
<tr>
<td colspan="2" class="no-borders">
<button type="button" class="btn btn-info btn-small" id="btn_add_system_user">{% trans 'Join' %}</button>
<button type="button" class="btn btn-info btn-small" id="btn-add-system-user">{% trans 'Add' %}</button>
</td>
</tr>
</form>
......@@ -176,7 +159,7 @@
<tr>
<td ><b class="bdg-system-user" data-uid={{ system_user.id }}>{{ system_user.name }}</b></td>
<td>
<button class="btn btn-danger btn-xs btn-del" data-uid="{{ system_user.id }}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
<button class="btn btn-danger btn-xs btn-remove-user" data-uid="{{ system_user.id }}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
</td>
</tr>
{% endfor %}
......@@ -190,80 +173,70 @@
</div>
</div>
</div>
{% endblock %}
{% block custom_foot_js %}
<script>
jumpserver.system_users_selected = {};
function addSystemUser(system_users) {
var the_url = "{% url 'api-perms:asset-permission-detail' pk=asset_permission.id %}";
var body = {
system_users: Object.assign([], system_users)
};
var success = function(data) {
window.location.reload();
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body),
success: success
});
}
function removeSystemUser(system_users, tr) {
var the_url = "{% url 'api-perms:remove-system-user-asset-permission' pk=asset_permission.id %}";
var body = {
system_users: system_users
};
var success = function (data) {
tr.remove()
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body),
method: 'PUT',
success: success
})
}
$(document).ready(function () {
$('.select2').select2()
.on('select2:select', function(evt) {
var data = evt.params.data;
jumpserver.system_users_selected[data.id] = data.text;
})
.on('select2:unselect', function(evt) {
var data = evt.params.data;
delete jumpserver.system_users_selected[data.id]
})
<script>
jumpserver.system_users_selected = {};
function updateSystemUser(system_users) {
var the_url = "{% url 'api-perms:asset-permission-detail' pk=asset_permission.id %}";
var body = {
system_users: Object.assign([], system_users)
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body)
});
}
}).on('click', '.btn-delete-perm', function () {
var $this = $(this);
var name = "{{ asset_permission.name }}";
var uid = "{{ asset_permission.id }}";
var the_url = '{% url "api-perms:asset-permission-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
var redirect_url = "{% url 'perms:asset-permission-list' %}";
objectDelete($this, name, the_url, redirect_url);
}).on('click', '#btn_add_system_user', function () {
if (Object.keys(jumpserver.system_users_selected).length === 0) {
return false;
}
var system_users = $('.bdg-system-user').map(function() {
return $(this).data('uid');
}).get();
$.map(jumpserver.system_users_selected, function(value, index) {
system_users.push(parseInt(index));
$('#opt_' + index).remove();
});
addSystemUser(system_users)
}).on('click', '.btn-del', function () {
var $this = $(this);
var $uid = $this.data('uid');
var $tr = $this.closest('tr');
var $badge = $tr.find('.bdg-system-user');
var $system_user = $badge.html() || $badge.text();
$('#groups_selected').append(
'<option value="' + $uid + '" id="opt_' + $uid + '">' + $system_user + '</option>'
);
removeSystemUser($uid, $tr)
$(document).ready(function () {
$('.select2').select2()
.on('select2:select', function(evt) {
var data = evt.params.data;
jumpserver.system_users_selected[data.id] = data.text;
})
</script>
.on('select2:unselect', function(evt) {
var data = evt.params.data;
delete jumpserver.system_users_selected[data.id]
})
})
.on('click', '.btn-delete-perm', function () {
var $this = $(this);
var name = "{{ asset_permission.name }}";
var uid = "{{ asset_permission.id }}";
var the_url = '{% url "api-perms:asset-permission-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
var redirect_url = "{% url 'perms:asset-permission-list' %}";
objectDelete($this, name, the_url, redirect_url);
})
.on('click', '#btn-add-system-user', function () {
if (Object.keys(jumpserver.system_users_selected).length === 0) {
return false;
}
var system_users = $('.bdg-system-user').map(function() {
return $(this).data('uid');
}).get();
$.map(jumpserver.system_users_selected, function(name, index) {
system_users.push(index);
$('#opt_' + index).remove();
$('.group_edit tbody').append(
'<tr>' +
'<td><b class="bdg-system-user" data-gid="' + index + '">' + name + '</b></td>' +
'<td><button class="btn btn-danger btn-xs pull-right btn-remove-user" type="button"><i class="fa fa-minus"></i></button></td>' +
'</tr>'
)
});
updateSystemUser(system_users);
}).on('click', '.btn-remove-user', function () {
var $this = $(this);
var $tr = $this.closest('tr');
var system_users = $('.bdg-system-user').map(function() {
if ($(this).data('uid') !== $this.data('uid')){
return $(this).data('uid');
}
}).get();
updateSystemUser(system_users);
$tr.remove()
})
</script>
{% endblock %}
apps/perms/templates/perms/asset_permission_list.html
View file @ 3f89701b
{% extends '_base_list.html' %}
{% load i18n %}
{% block content_left_head %}
<a href="{% url 'perms:asset-permission-create' %}" class="btn btn-sm btn-primary">
{% trans "Create permission" %}
</a>
{% endblock %}
{% block table_head %}
<th class="text-center">{% trans 'Name' %}</th>
<th class="text-center">{% trans 'User' %}</th>
<th class="text-center">{% trans 'User group' %}</th>
<th class="text-center">{% trans 'Asset' %}</th>
<th class="text-center">{% trans 'Asset group' %}</th>
<th class="text-center">{% trans 'System user' %}</th>
<th class="text-center">{% trans 'Is valid' %}</th>
<th class="text-center">{% trans 'Action' %}</th>
{% block table_search %}
{% endblock %}
{% block table_body %}
{% for asset_permission in asset_permission_list %}
<tr class="gradeX">
<td class="text-center">
<a href="{% url 'perms:asset-permission-detail' pk=asset_permission.id %}">
{{ asset_permission.name }}
</a>
</td>
<td class="text-center">{{ asset_permission.users.count }}</td>
<td class="text-center">{{ asset_permission.user_groups.count }}</td>
<td class="text-center">{{ asset_permission.assets.count }}</td>
<td class="text-center">{{ asset_permission.asset_groups.count }}</td>
<td class="text-center">{{ asset_permission.system_users.count }}</td>
<td class="text-center">
{% if asset_permission.is_valid %}
<i class="fa fa-check text-navy"></i>
{% else %}
<i class="fa fa-times text-danger"></i>
{% endif %}
</td>
<td class="text-center">
<a href="{% url 'perms:asset-permission-update' pk=asset_permission.id %}"
class="btn btn-xs btn-info">{% trans 'Update' %}
</a>
<a class="btn btn-xs btn-danger btn-del" data-name="{{ asset_permission.name }}"
data-uid="{{ asset_permission.id }}">{% trans 'Delete' %}
</a>
</td>
</tr>
{% endfor %}
{% block table_container %}
<div class="uc pull-left m-r-5">
<a href="{% url 'perms:asset-permission-create' %}" class="btn btn-sm btn-primary ">
{% trans "Create permission" %}
</a>
</div>
<table class="table table-striped table-bordered table-hover" id="permission_list_table" >
<thead>
<tr>
<th class="text-center">
<input type="checkbox" id="check_all" class="ipt_check_all" >
</th>
<th class="text-center">{% trans 'Name' %}</th>
<th class="text-center">{% trans 'User' %}</th>
<th class="text-center">{% trans 'User group' %}</th>
<th class="text-center">{% trans 'Asset' %}</th>
<th class="text-center">{% trans 'Asset group' %}</th>
<th class="text-center">{% trans 'System user' %}</th>
<th class="text-center">{% trans 'Is valid' %}</th>
<th class="text-center">{% trans 'Action' %}</th>
</tr>
</thead>
<tbody>
</tbody>
</table>
{% endblock %}
{% block custom_foot_js %}
<script>
$(document).ready(function() {
$('table').DataTable({
"searching": false,
"paging": false,
"order": []
})
}).on('click', '.btn-del', function () {
var $this = $(this);
var name = $this.data('name');
var uid = $this.data('uid');
var the_url = '{% url "api-perms:asset-permission-detail" pk=DEFAULT_PK %}'
.replace('{{ DEFAULT_PK }}', uid);
objectDelete($this, name, the_url);
})
</script>
<script>
function initTable() {
var options = {
ele: $('#permission_list_table'),
columnDefs: [
{targets: 1, createdCell: function (td, cellData, rowData) {
var detail_btn = '<a href="{% url "perms:asset-permission-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
}},
{targets: 2, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 3, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 4, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 5, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 6, createdCell: function (td, cellData) {
$(td).html(cellData.length);
}},
{targets: 7, createdCell: function (td, cellData) {
if (!cellData) {
$(td).html('<i class="fa fa-times text-danger"></i>')
} else {
$(td).html('<i class="fa fa-check text-navy"></i>')
}
}},
{targets: 8, createdCell: function (td, cellData) {
var update_btn = '<a href="{% url "perms:asset-permission-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del-permission" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
$(td).html(update_btn + del_btn);
}}
],
ajax_url: '{% url "api-perms:asset-permission-list" %}',
columns: [
{data: "id" }, {data: "name"}, {data: "users_" }, {data: "user_groups_" }, {data: "assets_" },
{data: "asset_groups_"}, {data: "system_users_"}, {data: "is_active"}, {data: "id" }
],
op_html: $('#actions').html()
};
jumpserver.initDataTable(options);
}
$(document).ready(function(){
initTable();
})
.on('click', '.btn-del', function () {
var $this = $(this);
var name = $this.data('name');
var uid = $this.data('uid');
var the_url = '{% url "api-perms:asset-permission-detail" pk=DEFAULT_PK %}'
.replace('{{ DEFAULT_PK }}', uid);
objectDelete($this, name, the_url);
})
</script>
{% endblock %}
apps/perms/templates/perms/asset_permission_user.html
View file @ 3f89701b
......@@ -26,16 +26,6 @@
<a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id %}" class="text-center">
<i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
</li>
<form id="search_form" method="get" action="" class="pull-right mail-search">
<div class="input-group">
<input type="text" class="form-control input-sm" name="keyword" placeholder="Search" value="{{ keyword }}">
<div class="input-group-btn">
<button id="search_btn" type="submit" class="btn btn-sm btn-primary">
搜索
</button>
</div>
</div>
</form>
</ul>
</div>
<div class="tab-content">
......@@ -83,7 +73,7 @@
</td>
<td>
<button class="btn btn-danger btn-xs btn_delete_user_group {% if user.is_inherit_from_user_groups %} disabled {% endif %}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
<button class="btn btn-danger btn-xs btn-remove-user {% if user.is_inherit_from_user_groups %} disabled {% endif %}" data-gid="{{ user.id }}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
</td>
</tr>
{% endfor %}
......@@ -108,7 +98,7 @@
<td colspan="2">
<select data-placeholder="{% trans 'Select user' %}" class="select2 user" style="width: 100%" multiple="" tabindex="4">
{% for user in users_remain %}
<option value="{{ user.id }}">{{ user.name }}: {{ user.username }}</option>
<option value="{{ user.id }}">{{ user.name }}</option>
{% endfor %}
</select>
</td>
......@@ -143,16 +133,16 @@
</tr>
<tr>
<td colspan="2" class="no-borders">
<button type="button" class="btn btn-info btn-small" id="btn_add_user_group">{% trans 'Add' %}</button>
<button type="button" class="btn btn-info btn-sm" id="btn-add-group">{% trans 'Add' %}</button>
</td>
</tr>
</form>
{% for user_group in user_groups %}
<tr>
<td ><b class="bdg_user_group" data-gid={{ user_group.id }}>{{ user_group.name }}</b></td>
<td ><b class="bdg_group" data-gid={{ user_group.id }}>{{ user_group.name }}</b></td>
<td>
<button class="btn btn-danger btn-xs btn_delete_user_group" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
<button class="btn btn-danger btn-xs btn-remove-group" type="button" data-gid="{{ user_group.id }}" style="float: right;"><i class="fa fa-minus"></i></button>
</td>
</tr>
{% endfor %}
......@@ -169,30 +159,118 @@
{% endblock %}
{% block custom_foot_js %}
<script>
jumpserver.users_selected = {};
jumpserver.user_groups_selected = {};
$(document).ready(function () {
$('.select2.user').select2()
.on('select2:select', function(evt) {
var data = evt.params.data;
jumpserver.users_selected[data.id] = data.text;
})
.on('select2:unselect', function(evt) {
var data = evt.params.data;
delete jumpserver.users_selected[data.id]
});
$('.select2.user-group').select2()
.on('select2:select', function(evt) {
var data = evt.params.data;
jumpserver.user_groups_selected[data.id] = data.text;
})
.on('select2:unselect', function(evt) {
var data = evt.params.data;
delete jumpserver.user_groups_selected[data.id]
})
}).on('click', '.btn-add-user', function () {
console.log(jumpserver.users_selected)
<script>
jumpserver.users_selected = {};
jumpserver.groups_selected = {};
function addUsers(users) {
var the_url = "{% url 'api-perms:asset-permission-add-user' pk=asset_permission.id %}";
var body = {
users: users
};
var success = function(data) {
location.reload();
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body),
success: success
});
}
function removeUser(users) {
var the_url = "{% url 'api-perms:asset-permission-remove-user' pk=asset_permission.id %}";
var body = {
users: users
};
var success = function(data) {
location.reload();
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body),
success: success
});
}
function updateGroup(groups) {
var the_url = "{% url 'api-perms:asset-permission-detail' pk=asset_permission.id %}";
var body = {
user_groups: groups
};
APIUpdateAttr({
url: the_url,
body: JSON.stringify(body)
});
}
$(document).ready(function () {
$('.select2.user').select2()
.on('select2:select', function(evt) {
var data = evt.params.data;
jumpserver.users_selected[data.id] = data.text;
})
</script>
.on('select2:unselect', function(evt) {
var data = evt.params.data;
delete jumpserver.users_selected[data.id]
});
$('.select2.user-group').select2()
.on('select2:select', function(evt) {
var data = evt.params.data;
jumpserver.groups_selected[data.id] = data.text;
})
.on('select2:unselect', function(evt) {
var data = evt.params.data;
delete jumpserver.groups_selected[data.id]
})
}).on('click', '.btn-add-user', function () {
if (Object.keys(jumpserver.users_selected).length === 0) {
return false;
}
var users_id = [];
$.map(jumpserver.users_selected, function(value, index) {
users_id.push(index);
});
console.log(users_id);
addUsers(users_id);
}).on('click', '.btn-remove-user', function () {
var user_id = $(this).data("gid");
if (user_id === "") {
return
}
var users = [user_id];
removeUser(users)
}).on('click', '#btn-add-group', function () {
if (Object.keys(jumpserver.groups_selected).length === 0) {
return false;
}
var groups = $('.bdg_group').map(function() {
return $(this).data('gid');
}).get();
$.map(jumpserver.groups_selected, function(group_name, index) {
groups.push(index);
$('#opt_' + index).remove();
$('.group_edit tbody').append(
'<tr>' +
'<td><b class="bdg_group" data-gid="' + index + '">' + group_name + '</b></td>' +
'<td><button class="btn btn-danger btn-xs pull-right btn-leave-group" type="button"><i class="fa fa-minus"></i></button></td>' +
'</tr>'
)
});
updateGroup(groups);
}).on('click', '.btn-remove-group', function () {
var $this = $(this);
var $tr = $this.closest('tr');
var groups = $('.bdg_group').map(function() {
if ($(this).data('gid') !== $this.data('gid')){
return $(this).data('gid');
}
}).get();
updateGroup(groups);
$tr.remove()
})
</script>
{% endblock %}
apps/perms/urls/api_urls.py
View file @ 3f89701b
......@@ -19,41 +19,22 @@ urlpatterns = [
url(r'^v1/user/my/asset-group/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', api.MyAssetGroupOfAssetsApi.as_view(), name='my-asset-group-of-assets'),
# 查询某个用户授权的资产和资产组
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
api.UserGrantedAssetsApi.as_view(),
name='user-assets'),
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups/$',
api.UserGrantedAssetGroupsApi.as_view(),
name='user-asset-groups'),
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups-assets/$',
api.UserGrantedAssetGroupsWithAssetsApi.as_view(),
name='user-asset-groups'),
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', api.UserGrantedAssetsApi.as_view(), name='user-assets'),
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups/$', api.UserGrantedAssetGroupsApi.as_view(), name='user-asset-groups'),
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups-assets/$', api.UserGrantedAssetGroupsWithAssetsApi.as_view(), name='user-asset-groups'),
# 查询某个用户组授权的资产和资产组
url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
api.UserGroupGrantedAssetsApi.as_view(),
name='user-group-assets'),
url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups/$',
api.UserGroupGrantedAssetGroupsApi.as_view(),
name='user-group-asset-groups'),
# 回收用户或用户组授权
url(r'^v1/asset-permissions/user/revoke/$',
api.RevokeUserAssetPermission.as_view(),
name='revoke-user-asset-permission'),
url(r'^v1/asset-permissions/user-group/revoke/$',
api.RevokeUserGroupAssetPermission.as_view(),
name='revoke-user-group-asset-permission'),
url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/asset-groups/$', api.UserGroupGrantedAssetGroupsApi.as_view(), name='user-group-asset-groups'),
# 用户和资产授权变更
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/user/remove/$', api.AssetPermissionRemoveUserApi.as_view(), name='asset-permission-remove-user'),
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/user/add/$', api.AssetPermissionAddUserApi.as_view(), name='asset-permission-add-user'),
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/asset/remove/$', api.AssetPermissionRemoveAssetApi.as_view(), name='asset-permission-remove-asset'),
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/asset/add/$', api.AssetPermissionAddAssetApi.as_view(), name='asset-permission-add-asset'),
# 验证用户是否有某个资产和系统用户的权限
url(r'v1/asset-permission/user/validate/$',
api.ValidateUserAssetPermissionView.as_view(),
name='validate-user-asset-permission'),
# 删除asset permission中的某个系统用户
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/system-user/remove/$',
api.RemoveSystemUserAssetPermission.as_view(),
name='remove-system-user-asset-permission'),
url(r'v1/asset-permission/user/validate/$', api.ValidateUserAssetPermissionView.as_view(), name='validate-user-asset-permission'),
]
urlpatterns += router.urls
......
apps/perms/utils.py
View file @ 3f89701b
......@@ -179,31 +179,3 @@ def push_system_user(assets, system_user):
system_user = system_user._to_secret_json()
task = push_users.delay(assets, system_user)
return task.id
def associate_system_users_and_assets(system_users, assets, asset_groups, force=False):
"""关联系统用户和资产, 目的是保存它们的关系, 然后新加入的资产或系统
用户时,推送系统用户到资产
Todo: 这里需要最终Api定下来更改一下, 现在策略是以系统用户为核心推送, 一个系统用户
推送一次
"""
assets_all = set(assets)
for asset_group in asset_groups:
assets_all |= set(asset_group.assets.all())
for system_user in system_users:
assets_need_push = []
if system_user.auto_push:
if force:
assets_need_push = assets_all
else:
assets_need_push.extend(
[asset for asset in assets_all
if asset not in system_user.assets.all()
]
)
system_user.assets.add(*(tuple(assets_all)))
push_system_user(assets_need_push, system_user)
apps/perms/views.py
View file @ 3f89701b
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment