Skip to content

J
jumpserver
Commit 43fe9851 authored by Administrator's avatar Administrator
Browse files
Options

添加组授权

parent 699046da
Hide whitespace changes
Inline Side-by-side
Showing with 436 additions and 881 deletions
jperm/perm_api.py
View file @ 43fe9851
...@@ -11,6 +11,7 @@ from jumpserver.models import Setting ...@@ -11,6 +11,7 @@ from jumpserver.models import Setting
def get_object_list(model, id_list): def get_object_list(model, id_list):
"""根据id列表获取对象列表"""
object_list = [] object_list = []
for object_id in id_list: for object_id in id_list:
if object_id: if object_id:
...@@ -19,51 +20,69 @@ def get_object_list(model, id_list): ...@@ -19,51 +20,69 @@ def get_object_list(model, id_list):
return object_list return object_list
def perm_user_handle(user, asset_new, asset_del, group_new, group_del):
username = user.name
asset_group_new = get_object_list(AssetGroup, group_new)
asset_group_del = get_object_list(AssetGroup, group_del)
for asset_group in asset_group_new:
asset_new.extend([asset.ip for asset in asset_group.asset_set.all()])
for asset_group in asset_group_del:
asset_del.extend(asset.ip for asset in asset_group.asset_set.all())
def get_rand_file_path(base_dir=os.path.join(BASE_DIR, 'tmp')): def get_rand_file_path(base_dir=os.path.join(BASE_DIR, 'tmp')):
"""获取随机文件路径"""
filename = uuid.uuid1().hex filename = uuid.uuid1().hex
return os.path.join(base_dir, filename) return os.path.join(base_dir, filename)
def get_inventory(host_group): def get_inventory(host_group):
"""生成资产表库存清单"""
path = get_rand_file_path() path = get_rand_file_path()
f = open(path, 'w') f = open(path, 'w')
for group, host_list in host_group.items(): for group, host_list in host_group.items():
f.write('[%s]\n' % group) f.write('[%s]\n' % group)
for ip in host_list: for ip in host_list:
asset = get_object(Asset, ip=ip) asset = get_object(Asset, ip=ip)
if asset.use_default_auth: if asset.use_default:
f.write('%s ansbile_ssh_port=%s\n' % (ip, asset.port)) f.write('%s\n' % ip)
else: else:
f.write('%s ansible_ssh_port=%s ansible_ssh_user=%s ansbile_ssh_pass=%s\n' f.write('%s ansible_ssh_port=%s ansible_ssh_user=%s ansible_ssh_pass=%s\n' %
% (ip, asset.port, asset.username, CRYPTOR.decrypt(asset.password))) (ip, asset.port, asset.username, CRYPTOR.decrypt(asset.password)))
f.close() f.close()
return path return path
def get_playbook(tempate, var): def get_playbook(template, var):
str_playbook = open(tempate).read() """根据playbook模板,生成playbook"""
str_playbook = open(template).read()
for k, v in var.items(): for k, v in var.items():
str_playbook = re.sub(r'%s' % k, v, str_playbook) str_playbook = re.sub(r'%s' % k, v, str_playbook) # 正则来替换传入的字符
path = get_rand_file_path() path = get_rand_file_path()
f = open(path, 'w') f = open(path, 'w')
f.write(str_playbook) f.write(str_playbook)
return path return path
def perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del): def playbook_run(inventory, playbook, default_user=None, default_port=None, default_pri_key_path=None):
asset_new_ip = [] stats = callbacks.AggregateStats()
asset_del_ip = [] playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)
# run the playbook
results = PlayBook(host_list=inventory,
playbook=playbook,
forks=5,
remote_user=default_user,
remote_port=default_port,
private_key_file=default_pri_key_path,
callbacks=playbook_cb,
runner_callbacks=runner_cb,
stats=stats,
become=True,
become_user='root').run()
for hostname, result in results.items():
if result.get('failures', 2):
print "%s >>> Failed" % hostname
else:
print "%s >>> Success" % hostname
return results
def perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user=None, user_group=None):
"""用户授权api,通过调用ansible API完成用户新建等"""
asset_new_ip = [] # 新授权的ip列表
asset_del_ip = [] # 回收授权的ip列表
if '' in asset_group_new: if '' in asset_group_new:
asset_group_new.remove('') asset_group_new.remove('')
...@@ -71,48 +90,38 @@ def perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del): ...@@ -71,48 +90,38 @@ def perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del):
if '' in asset_group_del: if '' in asset_group_del:
asset_group_del.remove('') asset_group_del.remove('')
asset_new_ip.extend([asset.ip for asset in get_object_list(Asset, asset_new)]) asset_new_ip.extend([asset.ip for asset in get_object_list(Asset, asset_new)]) # 查库,获取新授权ip
for asset_group_id in asset_group_new: for asset_group_id in asset_group_new:
asset_new_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) asset_new_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) # 同理
asset_del_ip.extend([asset.ip for asset in get_object_list(Asset, asset_del)]) # 查库,获取回收授权的ip
asset_del_ip.extend([asset.ip for asset in get_object_list(Asset, asset_del)])
for asset_group_id in asset_group_del: for asset_group_id in asset_group_del:
asset_del_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) asset_del_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) # 同理
print asset_new_ip print asset_new_ip
print asset_del_ip print asset_del_ip
stats = callbacks.AggregateStats()
playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)
if asset_new_ip or asset_del_ip: if asset_new_ip or asset_del_ip:
host_group = {'new': asset_new_ip, 'del': asset_del_ip} host_group = {'new': asset_new_ip, 'del': asset_del_ip}
host_list = get_inventory(host_group) inventory = get_inventory(host_group)
if user:
the_items = user.username,
elif user_group:
users = user_group.user_set.all()
the_items = ','.join([user.username for user in users])
else:
return HttpResponse('Argument error.')
playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'), playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'),
{'the_new_group': 'new', 'the_del_group': 'del', {'the_new_group': 'new', 'the_del_group': 'del',
'the_user': user.username, 'the_pub_key': '/tmp/id_rsa.pub'}) 'the_items': the_items, 'the_pub_key': '/tmp/id_rsa.pub'})
settings = get_object(Setting, id=1) settings = get_object(Setting, id=1)
if settings: if settings:
default_user = settings.default_user default_user = settings.default_user
default_port = settings.default_port
default_pri_key_path = settings.default_pri_key_path default_pri_key_path = settings.default_pri_key_path
else: else:
default_user = default_pri_key_path = '' default_user = default_port = default_pri_key_path = ''
results = PlayBook(host_list=host_list,
playbook=playbook, results = playbook_run(inventory, playbook, default_user, default_port, default_pri_key_path)
forks=5, return results
remote_user=default_user,
private_key_file=default_pri_key_path,
callbacks=playbook_cb,
runner_callbacks=runner_cb,
stats=stats,
become=True,
become_user='root').run()
for hostname, result in results.items():
if result.get('failures', 2):
print "%s >>> Failed" % hostname
else:
print "%s >>> Success" % hostname
jperm/urls.py
View file @ 43fe9851
...@@ -5,6 +5,8 @@ urlpatterns = patterns('jperm.views', ...@@ -5,6 +5,8 @@ urlpatterns = patterns('jperm.views',
# Examples: # Examples:
(r'^user/$', perm_user_list), (r'^user/$', perm_user_list),
(r'^perm_user_edit/$', perm_user_edit), (r'^perm_user_edit/$', perm_user_edit),
(r'^group/$', perm_group_list),
(r'^perm_group_edit/$', perm_group_edit),
# (r'^dept_perm_edit/$', 'dept_perm_edit'), # (r'^dept_perm_edit/$', 'dept_perm_edit'),
# (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}), # (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}),
# (r'^dept_perm_list/$', 'dept_perm_list'), # (r'^dept_perm_list/$', 'dept_perm_list'),
......
jperm/views.py
View file @ 43fe9851
...@@ -17,11 +17,11 @@ from jperm.perm_api import * ...@@ -17,11 +17,11 @@ from jperm.perm_api import *
def perm_user_list(request): def perm_user_list(request):
header_title, path1, path2 = '用户授权', '授权管理', '用户授权' header_title, path1, path2 = '用户授权', '授权管理', '用户授权'
keyword = request.GET.get('search', '') keyword = request.GET.get('search', '')
users_list = User.objects.all() users_list = User.objects.all() # 获取所有用户
if keyword: if keyword:
users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索
users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页
return my_render('jperm/perm_user_list.html', locals(), request) return my_render('jperm/perm_user_list.html', locals(), request)
...@@ -31,834 +31,85 @@ def perm_user_edit(request): ...@@ -31,834 +31,85 @@ def perm_user_edit(request):
header_title, path1, path2 = '用户授权', '授权管理', '授权更改' header_title, path1, path2 = '用户授权', '授权管理', '授权更改'
user_id = request.GET.get('id', '') user_id = request.GET.get('id', '')
user = get_object(User, id=user_id) user = get_object(User, id=user_id)
asset_all = Asset.objects.all() # 获取所有资产
asset_group_all = AssetGroup.objects.all() # 获取所有资产组
asset_id_list = user.assets.split(',') # 获取授权的资产id列表
asset_group_id_list = user.asset_groups.split(',') # 获取授权的资产组id列表
if request.method == 'GET' and user:
asset_permed = get_object_list(Asset, asset_id_list) # 获取授权的资产对象列表
asset_group_permed = get_object_list(AssetGroup, asset_group_id_list) # 获取授权的资产组对象列表
assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理
return my_render('jperm/perm_user_edit.html', locals(), request)
elif request.method == 'POST' and user:
asset_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表
asset_group_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表
asset_new = list(set(asset_select) - set(asset_id_list)) # 计算的得到新授权的资产对象列表
asset_del = list(set(asset_id_list) - set(asset_select)) # 计算得到回收权限的资产对象列表
asset_group_new = list(set(asset_group_select) - set(asset_group_id_list)) # 新授权的资产组对象列表
asset_group_del = list(set(asset_group_id_list) - set(asset_group_select)) # 回收的资产组对象列表
user.assets = ','.join(asset_select) # 获取选择的资产id字符串 '1, 2 ,3'
user.asset_groups = ','.join(asset_group_select) # 获取选择的资产组id字符串 '2, 3'
user.save() # 保存到数据库
perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user=user) # 通过API授权或回收
return HttpResponseRedirect('/jperm/user/')
else:
return HttpResponse('输入错误')
@require_role('admin')
def perm_group_list(request):
header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权'
keyword = request.GET.get('search', '')
user_groups_list = UserGroup.objects.all()
if keyword:
request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword))
user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request)
return my_render('jperm/perm_group_list.html', locals(), request)
@require_role('admin')
def perm_group_edit(request):
header_title, path1, path2 = '用户组授权', '授权管理', '授权更改'
user_group_id = request.GET.get('id', '')
user_group = get_object(UserGroup, id=user_group_id)
asset_all = Asset.objects.all() asset_all = Asset.objects.all()
asset_group_all = AssetGroup.objects.all() asset_group_all = AssetGroup.objects.all()
asset_id_list = user.assets.split(',') asset_id_list = user_group.assets.split(',')
asset_group_id_list = user.asset_groups.split(',') asset_group_id_list = user_group.asset_groups.split(',')
if request.method == 'GET' and user: print asset_id_list, asset_group_id_list
if request.method == 'GET' and user_group:
asset_permed = get_object_list(Asset, asset_id_list) asset_permed = get_object_list(Asset, asset_id_list)
asset_group_permed = get_object_list(AssetGroup, asset_group_id_list) asset_group_permed = get_object_list(AssetGroup, asset_group_id_list)
assets = [asset for asset in asset_all if asset not in asset_permed] assets = [asset for asset in asset_all if asset not in asset_permed]
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
return my_render('jperm/perm_user_edit.html', locals(), request) return my_render('jperm/perm_group_edit.html', locals(), request)
elif request.method == 'POST' and user: elif request.method == 'POST' and user_group:
asset_select = request.POST.getlist('asset_select', []) asset_select = request.POST.getlist('asset_select', [])
asset_group_select = request.POST.getlist('asset_groups_select', []) asset_group_select = request.POST.getlist('asset_groups_select', [])
asset_new = list(set(asset_select) - set(asset_id_list)) asset_new = list(set(asset_select) - set(asset_id_list))
asset_del = list(set(asset_id_list) - set(asset_select)) asset_del = list(set(asset_id_list) - set(asset_select))
asset_group_new = list(set(asset_group_select) - set(asset_group_id_list)) asset_group_new = list(set(asset_group_select) - set(asset_group_id_list))
asset_group_del = list(set(asset_group_id_list) - set(asset_group_select)) asset_group_del = list(set(asset_group_id_list) - set(asset_group_select))
user.assets = ','.join(asset_select) user_group.assets = ','.join(asset_select)
user.asset_groups = ','.join(asset_group_select) user_group.asset_groups = ','.join(asset_group_select)
user.save() user_group.save()
perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del) perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group)
return HttpResponseRedirect('/jperm/user/') return HttpResponseRedirect('/jperm/group/')
else: else:
return HttpResponse('输入错误') return HttpResponse('输入错误')
# def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''):
# asset_groups_select_list = []
# cmd_groups_select_list = []
#
# for asset_group_id in asset_groups_select:
# asset_groups_select_list.extend(BisGroup.objects.filter(id=asset_group_id))
#
# for cmd_group_id in cmd_groups_select:
# cmd_groups_select_list.extend(CmdGroup.objects.filter(id=cmd_group_id))
#
# return asset_groups_select_list, cmd_groups_select_list
#
#
# @require_admin
# def perm_add(request):
# header_title, path1, path2 = u'主机授权添加', u'授权管理', u'授权添加'
#
# if request.method == 'GET':
# user_groups = UserGroup.objects.filter(id__gt=2)
# asset_groups = BisGroup.objects.all()
#
# else:
# name = request.POST.get('name', '')
# user_groups_select = request.POST.getlist('user_groups_select')
# asset_groups_select = request.POST.getlist('asset_groups_select')
# comment = request.POST.get('comment', '')
#
# user_groups, asset_groups = user_asset_cmd_groups_get(user_groups_select, asset_groups_select, '')[0:2]
#
# perm = Perm(name=name, comment=comment)
# perm.save()
#
# perm.user_group = user_groups
# perm.asset_group = asset_groups
# msg = '添加成功'
# return render_to_response('jperm/perm_user_edit.html', locals(), context_instance=RequestContext(request))
#
#
# def dept_add_asset(dept_id, asset_list):
# dept = DEPT.objects.filter(id=dept_id)
# if dept:
# dept = dept[0]
# new_perm_asset = []
# for asset_id in asset_list:
# asset = Asset.objects.filter(id=asset_id)
# new_perm_asset.extend(asset)
#
# dept.asset_set.clear()
# dept.asset_set = new_perm_asset
#
#
# @require_super_user
# def dept_perm_edit(request):
# header_title, path1, path2 = u'部门授权添加', u'授权管理', u'部门授权添加'
# if request.method == 'GET':
# dept_id = request.GET.get('id', '')
# dept = DEPT.objects.filter(id=dept_id)
# if dept:
# dept = dept[0]
# asset_all = Asset.objects.all()
# asset_select = dept.asset_set.all()
# assets = [asset for asset in asset_all if asset not in asset_select]
# else:
# dept_id = request.POST.get('dept_id')
# asset_select = request.POST.getlist('asset_select')
# dept_add_asset(dept_id, asset_select)
# return HttpResponseRedirect('/jperm/dept_perm_list/')
# return render_to_response('jperm/dept_perm_edit.html', locals(), context_instance=RequestContext(request))
#
#
# @require_super_user
# def perm_list(request):
# header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
# keyword = request.GET.get('search', '')
# uid = request.GET.get('uid', '')
# agid = request.GET.get('agid', '')
# if keyword:
# contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
# else:
# contact_list = UserGroup.objects.all().order_by('name')
#
# if uid:
# user = User.objects.filter(id=uid)
# print user
# if user:
# user = user[0]
# contact_list = contact_list.filter(user=user)
#
# if agid:
# contact_list_confirm = []
# asset_group = BisGroup.objects.filter(id=agid)
# if asset_group:
# asset_group = asset_group[0]
# for user_group in contact_list:
# if asset_group in user_group_perm_asset_group_api(user_group):
# contact_list_confirm.append(user_group)
# contact_list = contact_list_confirm
#
# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
# return render_to_response('jperm/perm_user_list.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def perm_list_adm(request):
# header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
# keyword = request.GET.get('search', '')
# uid = request.GET.get('uid', '')
# agid = request.GET.get('agid', '')
# user, dept = get_session_user_dept(request)
# contact_list = dept.usergroup_set.all().order_by('name')
# if keyword:
# contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
#
# if uid:
# user = User.objects.filter(id=uid)
# print user
# if user:
# user = user[0]
# contact_list = contact_list.filter(user=user)
#
# if agid:
# contact_list_confirm = []
# asset_group = BisGroup.objects.filter(id=agid)
# if asset_group:
# asset_group = asset_group[0]
# for user_group in contact_list:
# if asset_group in user_group_perm_asset_group_api(user_group):
# contact_list_confirm.append(user_group)
# contact_list = contact_list_confirm
#
# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
# return render_to_response('jperm/perm_user_list.html', locals(), context_instance=RequestContext(request))
#
#
# @require_super_user
# def dept_perm_list(request):
# header_title, path1, path2 = '查看部门', '授权管理', '部门授权'
# keyword = request.GET.get('search')
# if keyword:
# contact_list = DEPT.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)).order_by('name')
# else:
# contact_list = DEPT.objects.filter(id__gt=2)
#
# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
#
# return render_to_response('jperm/dept_perm_list.html', locals(), context_instance=RequestContext(request))
#
#
# def perm_group_update(user_group_id, asset_groups_id_list):
# user_group = UserGroup.objects.filter(id=user_group_id)
# if user_group:
# user_group = user_group[0]
# old_asset_group = [perm.asset_group for perm in user_group.perm_set.all()]
# new_asset_group = []
#
# for asset_group_id in asset_groups_id_list:
# new_asset_group.extend(BisGroup.objects.filter(id=asset_group_id))
#
# del_asset_group = [asset_group for asset_group in old_asset_group if asset_group not in new_asset_group]
# add_asset_group = [asset_group for asset_group in new_asset_group if asset_group not in old_asset_group]
#
# for asset_group in del_asset_group:
# Perm.objects.filter(user_group=user_group, asset_group=asset_group).delete()
#
# for asset_group in add_asset_group:
# Perm(user_group=user_group, asset_group=asset_group).save()
#
#
# @require_super_user
# def perm_edit(request):
# if request.method == 'GET':
# header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑'
# user_group_id = request.GET.get('id', '')
# user_group = UserGroup.objects.filter(id=user_group_id)
# if user_group:
# user_group = user_group[0]
# asset_groups_all = BisGroup.objects.all()
# asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()]
# asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select]
# else:
# user_group_id = request.POST.get('user_group_id')
# asset_group_id_list = request.POST.getlist('asset_groups_select')
# perm_group_update(user_group_id, asset_group_id_list)
#
# return HttpResponseRedirect('/jperm/perm_list/')
# return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def perm_edit_adm(request):
# if request.method == 'GET':
# header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑'
# user_group_id = request.GET.get('id', '')
# user_group = UserGroup.objects.filter(id=user_group_id)
# user, dept = get_session_user_dept(request)
# if user_group:
# user_group = user_group[0]
# asset_groups_all = dept.bisgroup_set.all()
# asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()]
# asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select]
# else:
# user_group_id = request.POST.get('user_group_id')
# asset_group_id_list = request.POST.getlist('asset_groups_select')
# print user_group_id, asset_group_id_list
# if not validate(request, user_group=[user_group_id], asset_group=asset_group_id_list):
# return HttpResponseRedirect('/')
# perm_group_update(user_group_id, asset_group_id_list)
#
# return HttpResponseRedirect('/jperm/perm_list/')
# return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def perm_detail(request):
# header_title, path1, path2 = u'授权管理', u'小组管理', u'授权详情'
# group_id = request.GET.get('id')
# user_group = UserGroup.objects.filter(id=group_id)
# if user_group:
# user_group = user_group[0]
# users = user_group.user_set.all()
# group_user_num = len(users)
# perms = user_group.perm_set.all()
# asset_groups = [perm.asset_group for perm in perms]
# return render_to_response('jperm/perm_detail.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def perm_del(request):
# perm_id = request.GET.get('id')
# perm = Perm.objects.filter(id=perm_id)
# if perm:
# perm = perm[0]
# perm.delete()
# return HttpResponseRedirect('/jperm/perm_list/')
#
#
# @require_admin
# def perm_asset_detail(request):
# header_title, path1, path2 = u'用户授权主机', u'权限管理', u'用户主机详情'
# user_id = request.GET.get('id')
# user = User.objects.filter(id=user_id)
# if user:
# user = user[0]
# assets_list = user_perm_asset_api(user.username)
# return render_to_response('jperm/perm_asset_detail.html', locals(), context_instance=RequestContext(request))
#
#
# def unicode2str(unicode_list):
# return [str(i) for i in unicode_list]
#
#
# # def sudo_ldap_add(user_group, user_runas, asset_groups_select,
# # cmd_groups_select):
# # if not LDAP_ENABLE:
# # return True
# #
# # assets = []
# # cmds = []
# # user_runas = user_runas.split(',')
# # if len(asset_groups_select) == 1 and asset_groups_select[0].name == 'ALL':
# # asset_all = True
# # else:
# # asset_all = False
# # for asset_group in asset_groups_select:
# # assets.extend(asset_group.asset_set.all())
# #
# # if user_group.name == 'ALL':
# # user_all = True
# # users = []
# # else:
# # user_all = False
# # users = user_group.user_set.all()
# #
# # for cmd_group in cmd_groups_select:
# # cmds.extend(cmd_group.cmd.split(','))
# #
# # if user_all:
# # users_name = ['ALL']
# # else:
# # users_name = list(set([user.username for user in users]))
# #
# # if asset_all:
# # assets_ip = ['ALL']
# # else:
# # assets_ip = list(set([asset.ip for asset in assets]))
# #
# # name = 'sudo%s' % user_group.id
# # sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN)
# # sudo_attr = {'objectClass': ['top', 'sudoRole'],
# # 'cn': ['%s' % name],
# # 'sudoCommand': unicode2str(cmds),
# # 'sudoHost': unicode2str(assets_ip),
# # 'sudoOption': ['!authenticate'],
# # 'sudoRunAsUser': unicode2str(user_runas),
# # 'sudoUser': unicode2str(users_name)}
# # ldap_conn.delete(sudo_dn)
# # ldap_conn.add(sudo_dn, sudo_attr)
#
# #
# # def sudo_update(user_group, user_runas, asset_groups_select, cmd_groups_select, comment):
# # asset_groups_select_list, cmd_groups_select_list = \
# # asset_cmd_groups_get(asset_groups_select, cmd_groups_select)
# # sudo_perm = user_group.sudoperm_set.all()
# # if sudo_perm:
# # sudo_perm.update(user_runas=user_runas, comment=comment)
# # sudo_perm = sudo_perm[0]
# # sudo_perm.asset_group = asset_groups_select_list
# # sudo_perm.cmd_group = cmd_groups_select_list
# # else:
# # sudo_perm = SudoPerm(user_group=user_group, user_runas=user_runas, comment=comment)
# # sudo_perm.save()
# # sudo_perm.asset_group = asset_groups_select_list
# # sudo_perm.cmd_group = cmd_groups_select_list
# #
# # sudo_ldap_add(user_group, user_runas, asset_groups_select_list, cmd_groups_select_list)
#
#
# @require_super_user
# def sudo_list(request):
# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情'
# keyword = request.GET.get('search', '')
# contact_list = UserGroup.objects.all().order_by('name')
# if keyword:
# contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
#
# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
# return render_to_response('jperm/sudo_list.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def sudo_list_adm(request):
# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情'
# keyword = request.GET.get('search', '')
# user, dept = get_session_user_dept(request)
# contact_list = dept.usergroup_set.all().order_by('name')
# if keyword:
# contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
#
# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
# return render_to_response('jperm/sudo_list.html', locals(), context_instance=RequestContext(request))
#
#
# @require_super_user
# def sudo_edit(request):
# header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo授权'
#
# if request.method == 'GET':
# user_group_id = request.GET.get('id', '0')
# user_group = UserGroup.objects.filter(id=user_group_id)
# asset_group_all = BisGroup.objects.filter()
# cmd_group_all = CmdGroup.objects.all()
# if user_group:
# user_group = user_group[0]
# sudo_perm = user_group.sudoperm_set.all()
# if sudo_perm:
# sudo_perm = sudo_perm[0]
# asset_group_permed = sudo_perm.asset_group.all()
# cmd_group_permed = sudo_perm.cmd_group.all()
# user_runas = sudo_perm.user_runas
# comment = sudo_perm.comment
# else:
# asset_group_permed = []
# cmd_group_permed = []
#
# asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
# cmd_groups = [cmd_group for cmd_group in cmd_group_all if cmd_group not in cmd_group_permed]
#
# else:
# user_group_id = request.POST.get('user_group_id', '')
# users_runas = request.POST.get('runas') if request.POST.get('runas') else 'root'
# asset_groups_select = request.POST.getlist('asset_groups_select')
# cmd_groups_select = request.POST.getlist('cmd_groups_select')
# comment = request.POST.get('comment', '')
# user_group = UserGroup.objects.filter(id=user_group_id)
# if user_group:
# user_group = user_group[0]
# if LDAP_ENABLE:
# sudo_update(user_group, users_runas, asset_groups_select, cmd_groups_select, comment)
# msg = '修改成功'
#
# return HttpResponseRedirect('/jperm/sudo_list/')
#
# return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def sudo_edit_adm(request):
# header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo授权'
# user, dept = get_session_user_dept(request)
# if request.method == 'GET':
# user_group_id = request.GET.get('id', '0')
# if not validate(request, user_group=[user_group_id]):
# return render_to_response('/jperm/sudo_list/')
# user_group = UserGroup.objects.filter(id=user_group_id)
# asset_group_all = dept.bisgroup_set.all()
# cmd_group_all = dept.cmdgroup_set.all()
# if user_group:
# user_group = user_group[0]
# sudo_perm = user_group.sudoperm_set.all()
# if sudo_perm:
# sudo_perm = sudo_perm[0]
# asset_group_permed = sudo_perm.asset_group.all()
# cmd_group_permed = sudo_perm.cmd_group.all()
# user_runas = sudo_perm.user_runas
# comment = sudo_perm.comment
# else:
# asset_group_permed = []
# cmd_group_permed = []
#
# asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
# cmd_groups = [cmd_group for cmd_group in cmd_group_all if cmd_group not in cmd_group_permed]
#
# else:
# user_group_id = request.POST.get('user_group_id', '')
# users_runas = request.POST.get('runas', 'root')
# asset_groups_select = request.POST.getlist('asset_groups_select')
# cmd_groups_select = request.POST.getlist('cmd_groups_select')
# comment = request.POST.get('comment', '')
# user_group = UserGroup.objects.filter(id=user_group_id)
# if not validate(request, user_group=[user_group_id], asset_group=asset_groups_select):
# return render_to_response('/jperm/sudo_list/')
# if user_group:
# user_group = user_group[0]
# if LDAP_ENABLE:
# sudo_update(user_group, users_runas, asset_groups_select, cmd_groups_select, comment)
# msg = '修改成功'
#
# return HttpResponseRedirect('/jperm/sudo_list/')
# return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def sudo_detail(request):
# header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情'
# user_group_id = request.GET.get('id')
# user_group = UserGroup.objects.filter(id=user_group_id)
# if user_group:
# asset_groups = []
# cmd_groups = []
# user_group = user_group[0]
# users = user_group.user_set.all()
# group_user_num = len(users)
#
# for perm in user_group.sudoperm_set.all():
# asset_groups.extend(perm.asset_group.all())
# cmd_groups.extend(perm.cmd_group.all())
#
# print asset_groups
# return render_to_response('jperm/sudo_detail.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def sudo_refresh(request):
# sudo_perm_all = SudoPerm.objects.all()
# for sudo_perm in sudo_perm_all:
# user_group = sudo_perm.user_group
# user_runas = sudo_perm.user_runas
# asset_groups_select = sudo_perm.asset_group.all()
# cmd_groups_select = sudo_perm.cmd_group.all()
# sudo_ldap_add(user_group, user_runas, asset_groups_select, cmd_groups_select)
# return HttpResponse('刷新sudo授权成功')
#
#
# @require_super_user
# def cmd_add(request):
# header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加'
# dept_all = DEPT.objects.all()
#
# if request.method == 'POST':
# name = request.POST.get('name')
# dept_id = request.POST.get('dept_id')
# cmd = ','.join(request.POST.get('cmd').split('\n'))
# comment = request.POST.get('comment')
# dept = DEPT.objects.filter(id=dept_id)
#
# try:
# if CmdGroup.objects.filter(name=name):
# error = '%s 命令组已存在'
# raise ServerError(error)
#
# if not dept:
# error = u"部门不能为空"
# raise ServerError(error)
# except ServerError, e:
# pass
# else:
# dept = dept[0]
# CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
# msg = u'命令组添加成功'
# return HttpResponseRedirect('/jperm/cmd_list/')
#
# return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def cmd_add_adm(request):
# header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加'
# user, dept = get_session_user_dept(request)
#
# if request.method == 'POST':
# name = request.POST.get('name')
# cmd = ','.join(request.POST.get('cmd').split('\n'))
# comment = request.POST.get('comment')
#
# try:
# if CmdGroup.objects.filter(name=name):
# error = '%s 命令组已存在'
# raise ServerError(error)
# except ServerError, e:
# pass
# else:
# CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment)
# return HttpResponseRedirect('/jperm/cmd_list/')
#
# return HttpResponseRedirect('/jperm/cmd_list/')
#
# return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def cmd_edit(request):
# header_title, path1, path2 = u'sudo命令修改', u'授权管理管理', u'命令组修改'
#
# cmd_group_id = request.GET.get('id')
# cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
# dept_all = DEPT.objects.all()
#
# if cmd_group:
# cmd_group = cmd_group[0]
# cmd_group_id = cmd_group.id
# dept_id = cmd_group.dept.id
# name = cmd_group.name
# cmd = '\n'.join(cmd_group.cmd.split(','))
# comment = cmd_group.comment
#
# if request.method == 'POST':
# cmd_group_id = request.POST.get('cmd_group_id')
# name = request.POST.get('name')
# dept_id = request.POST.get('dept_id')
# cmd = ','.join(request.POST.get('cmd').split())
# comment = request.POST.get('comment')
# cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
#
# dept = DEPT.objects.filter(id=dept_id)
# try:
# if not dept:
# error = '没有该部门'
# raise ServerError(error)
#
# if not cmd_group:
# error = '没有该命令组'
# except ServerError, e:
# pass
# else:
# cmd_group.update(name=name, cmd=cmd, dept=dept[0], comment=comment)
# return HttpResponseRedirect('/jperm/cmd_list/')
# return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def cmd_list(request):
# header_title, path1, path2 = u'sudo命令查看', u'权限管理', u'Sudo命令添加'
#
# if is_super_user(request):
# cmd_groups = contact_list = CmdGroup.objects.all()
# else:
# user, dept = get_session_user_dept(request)
# cmd_groups = contact_list = dept.cmdgroup_set.all()
# p = paginator = Paginator(contact_list, 10)
#
# try:
# page = int(request.GET.get('page', '1'))
# except ValueError:
# page = 1
#
# try:
# contacts = paginator.page(page)
# except (EmptyPage, InvalidPage):
# contacts = paginator.page(paginator.num_pages)
# return render_to_response('jperm/sudo_cmd_list.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def cmd_del(request):
# cmd_group_id = request.GET.get('id')
# cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
#
# if cmd_group:
# cmd_group[0].delete()
# return HttpResponseRedirect('/jperm/cmd_list/')
#
#
# @require_admin
# def cmd_detail(request):
# cmd_ids = request.GET.get('id').split(',')
# cmds = []
# if len(cmd_ids) == 1:
# if cmd_ids[0]:
# cmd_id = cmd_ids[0]
# else:
# cmd_id = 1
# cmd_group = CmdGroup.objects.filter(id=cmd_id)
# if cmd_group:
# cmd_group = cmd_group[0]
# cmds.extend(cmd_group.cmd.split(','))
# cmd_group_name = cmd_group.name
# else:
# cmd_groups = []
# for cmd_id in cmd_ids:
# cmd_groups.extend(CmdGroup.objects.filter(id=cmd_id))
# for cmd_group in cmd_groups:
# cmds.extend(cmd_group.cmd.split(','))
#
# cmds_str = ', '.join(cmds)
#
# return render_to_response('jperm/sudo_cmd_detail.html', locals(), context_instance=RequestContext(request))
#
#
# @require_login
# def perm_apply(request):
# """ 权限申请 """
# header_title, path1, path2 = u'主机权限申请', u'权限管理', u'申请主机'
# user_id, username = get_session_user_info(request)[0:2]
# name = User.objects.get(id=user_id).username
# dept_id, deptname, dept = get_session_user_info(request)[3:6]
# perm_host = user_perm_asset_api(username)
# all_host = Asset.objects.filter(dept=dept)
#
# perm_group = user_perm_group_api(username)
# all_group = dept.bisgroup_set.all()
#
# posts = [g for g in all_host if g not in perm_host]
# egroup = [d for d in all_group if d not in perm_group]
#
# dept_da = User.objects.filter(dept_id=dept_id, role='DA')
# admin = User.objects.get(name='admin')
#
# if request.method == 'POST':
# applyer = request.POST.get('applyer')
# dept = request.POST.get('dept')
# da = request.POST.get('da')
# group = request.POST.getlist('group')
# hosts = request.POST.getlist('hosts')
# comment = request.POST.get('comment')
# if not da:
# return httperror(request, u'请选择管理员!')
# da = User.objects.get(id=da)
# mail_address = da.email
# mail_title = '%s - 权限申请' % username
# group_lis = ', '.join(group)
# hosts_lis = ', '.join(hosts)
# time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
# a = Apply.objects.create(applyer=applyer, admin=da, dept=dept, bisgroup=group, date_add=datetime.datetime.now(),
# asset=hosts, status=0, comment=comment, read=0)
# uuid = a.uuid
# url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid)
# mail_msg = """
# Hi,%s:
# 有新的权限申请, 详情如下:
# 申请人: %s
# 申请主机组: %s
# 申请的主机: %s
# 申请时间: %s
# 申请说明: %s
# 请及时审批, 审批完成后, 点击以下链接或登录授权管理-权限审批页面点击确认键,告知申请人。
#
# %s
# """ % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url)
#
# send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
# smg = "提交成功,已发邮件至 %s 通知部门管理员。" % mail_address
# return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
# return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def perm_apply_exec(request):
# """ 确认权限 """
# header_title, path1, path2 = u'主机权限申请', u'权限管理', u'审批完成'
# uuid = request.GET.get('uuid')
# user_id = request.session.get('user_id')
# approver = User.objects.get(id=user_id).name
# if uuid:
# p_apply = Apply.objects.filter(uuid=str(uuid))
# q_apply = Apply.objects.get(uuid=str(uuid))
# if q_apply.status == 1:
# smg = '此权限已经审批完成, 请勿重复审批, 十秒钟后返回首页'
# return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request))
# else:
# user = User.objects.get(username=q_apply.applyer)
# mail_address = user.email
# time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
# p_apply.update(status=1, approver=approver, date_end=time_now)
# mail_title = '%s - 权限审批完成' % q_apply.applyer
# mail_msg = """
# Hi,%s:
# 您所申请的权限已由 %s 在 %s 审批完成, 请登录验证。
# """ % (q_apply.applyer, q_apply.approver, time_now)
# send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False)
# smg = '授权完成, 已邮件通知申请人, 十秒钟后返回首页'
# return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request))
# else:
# smg = '没有此授权记录, 十秒钟后返回首页'
# return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request))
#
#
# def get_apply_posts(request, status, username, dept_name, keyword=None):
# """ 获取申请记录 """
# post_all = Apply.objects.filter(status=status).order_by('-date_add')
# post_keyword_all = Apply.objects.filter(Q(applyer__contains=keyword) |
# Q(approver__contains=keyword)) \
# .filter(status=status).order_by('-date_add')
#
# if is_super_user(request):
# if keyword:
# posts = post_keyword_all
# else:
# posts = post_all
# elif is_group_admin(request):
# if keyword:
# posts = post_keyword_all.filter(dept=dept_name)
# else:
# posts = post_all.filter(dept=dept_name)
# elif is_common_user(request):
# if keyword:
# posts = post_keyword_all.filter(applyer=username)
# else:
# posts = post_all.filter(applyer=username)
#
# return posts
#
#
# @require_login
# def perm_apply_log(request, offset):
# """ 申请记录 """
# header_title, path1, path2 = u'权限申请记录', u'权限管理', u'申请记录'
# keyword = request.GET.get('keyword', '')
# user_id = get_session_user_info(request)[0]
# username = User.objects.get(id=user_id).name
# dept_name = get_session_user_info(request)[4]
# status_dic = {'online': 0, 'offline': 1}
# status = status_dic[offset]
# posts = get_apply_posts(request, status, username, dept_name, keyword)
# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
# return render_to_response('jperm/perm_log_%s.html' % offset, locals(), context_instance=RequestContext(request))
#
#
# @require_login
# def perm_apply_info(request):
# """ 申请信息详情 """
# uuid = request.GET.get('uuid', '')
# post = Apply.objects.filter(uuid=uuid)
# username = get_session_user_info(request)[1]
# if post:
# post = post[0]
# if post.read == 0 and post.applyer != username:
# post.read = 1
# post.save()
# else:
# return httperror(request, u'没有这个申请记录!')
#
# return render_to_response('jperm/perm_apply_info.html', locals(), context_instance=RequestContext(request))
#
#
# @require_admin
# def perm_apply_del(request):
# """ 删除日志记录 """
# uuid = request.GET.get('uuid')
# u_apply = Apply.objects.filter(uuid=uuid)
# if u_apply:
# u_apply.delete()
# return HttpResponseRedirect('/jperm/apply_show/online/')
#
#
# @require_login
# def perm_apply_search(request):
# """ 申请搜索 """
# keyword = request.GET.get('keyword')
# offset = request.GET.get('env')
# username = get_session_user_info(request)[1]
# dept_name = get_session_user_info(request)[3]
# status_dic = {'online': 0, 'offline': 1}
# status = status_dic[offset]
# posts = get_apply_posts(request, status, username, dept_name, keyword)
# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
# return render_to_response('jperm/perm_apply_search.html', locals(), context_instance=RequestContext(request))
#
#
#
#
#
#
#
#
#
#
#
#
#
#
jumpserver/templatetags/mytags.py
View file @ 43fe9851
...@@ -54,8 +54,8 @@ def get_role(user_id): ...@@ -54,8 +54,8 @@ def get_role(user_id):
# return "%s ..." % ' '.join(groups[0:2]) # return "%s ..." % ' '.join(groups[0:2])
# #
@register.filter(name='group_str2') @register.filter(name='groups2str')
def groups_str2(group_list): def groups2str(group_list):
""" """
将用户组列表转换为str 将用户组列表转换为str
""" """
...@@ -64,6 +64,55 @@ def groups_str2(group_list): ...@@ -64,6 +64,55 @@ def groups_str2(group_list):
else: else:
return '%s ...' % ' '.join([group.name for group in group_list[0:2]]) return '%s ...' % ' '.join([group.name for group in group_list[0:2]])
@register.filter(name='user_asset_count')
def user_asset_count(user):
"""
返回用户权限主机的数量
"""
assets_id = user.assets.split(',')
asset_groups = user.asset_groups.split(',')
for asset_group_id in asset_groups:
asset_group = get_object(AssetGroup, id=asset_group_id)
if asset_group:
assets_id.extend(asset.id for asset in asset_group.asset_set.all())
assets_id = set(map(str, assets_id))
return len(assets_id)
@register.filter(name='user_asset_group_count')
def user_asset_group_count(user):
"""
返回用户权限主机组的数量
"""
return len(filter(lambda x: x, user.asset_groups.split(',')))
#
# @register.filter(name='user_group_asset_count')
# def user_group_asset_count(user_group):
# """
# 返回用户组权限主机的数量
# """
# assets_id = user_group.assets.split(',')
# asset_groups = user_group.asset_groups.split(',')
#
# for asset_group_id in asset_groups:
# asset_group = get_object(AssetGroup, id=asset_group_id)
# if asset_group:
# assets_id.extend(asset.id for asset in asset_group.asset_set.all())
#
# assets_id = set(map(str, assets_id))
# return len(assets_id)
#
#
# @register.filter(name='user_group_asset_count')
# def user_group_asset_group_count(user_group):
# """
# 返回用户组权限主机组的数量
# """
# return len(user_group.asset_groups.split(','))
# #
# @register.filter(name='group_str2_all') # @register.filter(name='group_str2_all')
# def group_str2_all(group_list): # def group_str2_all(group_list):
......
juser/models.py
View file @ 43fe9851
...@@ -5,6 +5,8 @@ from django.db import models ...@@ -5,6 +5,8 @@ from django.db import models
class UserGroup(models.Model): class UserGroup(models.Model):
name = models.CharField(max_length=80, unique=True) name = models.CharField(max_length=80, unique=True)
assets = models.TextField(max_length=1000, verbose_name="Assets", default='')
asset_groups = models.CharField(max_length=1000, verbose_name="Asset Groups", default='')
comment = models.CharField(max_length=160, blank=True, null=True) comment = models.CharField(max_length=160, blank=True, null=True)
def __unicode__(self): def __unicode__(self):
......
playbook/user_perm.yaml
View file @ 43fe9851
- hosts: the_del_group
tasks:
- name: del user
user: name={{ item }} state=absent remove=yes
with_items: [ the_items ]
- hosts: the_new_group - hosts: the_new_group
vars:
user: the_user
tasks: tasks:
- name: add user - name: add user
user: name={{ user }} state=present user: name={{ item }} state=present
with_items: [ the_items ]
- name: .ssh direcotory - name: .ssh direcotory
file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory file: name=/home/{{ item }}/.ssh mode=700 owner={{ item }} group={{ item }} state=directory
with_items: [ the_items ]
- name: set authorizied_file - name: set authorizied_file
copy: src=the_pub_key dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 copy: src=the_pub_key dest=/home/{{ item }}/.ssh/authorizied_keys owner={{ item }} group={{ item }} mode=600
with_items: [ the_items ]
- hosts: the_del_group
vars:
user: the_user
tasks:
- name: del user
user: name={{ user }} state=absent remove=yes
templates/jperm/perm_group_edit.html 0 → 100644
View file @ 43fe9851
{% extends 'base.html' %}
{% load mytags %}
{% block content %}
{% include 'nav_cat_bar.html' %}
<div class="wrapper wrapper-content animated fadeInRight">
<div class="row">
<div class="col-lg-10">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5> {{ user_group.name }}授权修改</h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<form id="userPerm" method="post" class="form-horizontal" action="../perm_group_edit/?id={{ user_group.id }}">
{% if error %}
<div class="alert alert-warning text-center">{{ error }}</div>
{% endif %}
{% if msg %}
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="row">
<div class="form-group">
<label for="" class="col-sm-2 control-label">用户组<span class="red-fonts">*</span></label>
<div class="col-sm-4">
<input id="user_group_name" name="user_group_name" type="text" class="form-control" value="{{ user_group.name }}" readonly>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="" class="col-sm-2 control-label">资产<span class="red-fonts">*</span></label>
<div class="col-sm-4">
<div>
<select id="assets" name="assets" class="form-control m-b" size="12" multiple>
{% for asset in assets %}
<option value="{{ asset.id }}">{{ asset.ip }}</option>
{% endfor %}
</select>
</div>
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 42px;">
<button type="button" class="btn btn-white" onclick="move('assets', 'asset_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('asset_select', 'assets')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-3">
<div>
<select id="asset_select" name="asset_select" class="form-control m-b" size="12" multiple>
{% for asset in asset_permed %}
<option value="{{ asset.id }}">{{ asset.ip }}</option>
{% endfor %}
</select>
</div>
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="" class="col-sm-2 control-label">资产组<span class="red-fonts">*</span></label>
<div class="col-sm-4">
<div>
<select id="asset_groups" name="asset_groups" class="form-control m-b" size="12" multiple>
{% for asset_group in asset_groups %}
<option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
<div class="col-sm-1">
<div class="btn-group" style="margin-top: 42px;">
<button type="button" class="btn btn-white" onclick="move('asset_groups', 'asset_groups_select')"><i class="fa fa-chevron-right"></i></button>
<button type="button" class="btn btn-white" onclick="move('asset_groups_select', 'asset_groups')"><i class="fa fa-chevron-left"></i> </button>
</div>
</div>
<div class="col-sm-3">
<div>
<select id="asset_groups_select" name="asset_groups_select" class="form-control m-b" size="12" multiple>
{% for asset_group in asset_group_permed %}
<option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
{% endfor %}
</select>
</div>
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-sm-4 col-sm-offset-2">
<button class="btn btn-white" type="reset">取消</button>
<button id="submit_button" class="btn btn-primary" type="submit" onclick="selectAllOption('userForm')">确认保存</button>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<script>
$('#sudoPerm').validator({
timely: 2,
theme: "yellow_right_effect",
fields: {
"name": {
rule: "required",
tip: "输入授权名",
ok: "",
msg: {required: "必须填写!"}
}
},
valid: function(form) {
form.submit();
}
});
$(document).ready(function(){
$("#submit_button").click(function(){
$('#user_groups_select option').each(function(){
$(this).prop('selected', true)
})
$('#asset_groups_select option').each(function(){
$(this).prop('selected', true)
})
})
})
</script>
{% endblock %}
\ No newline at end of file
templates/jperm/perm_group_list.html 0 → 100644
View file @ 43fe9851
{% extends 'base.html' %}
{% load mytags %}
{% block content %}
{% include 'nav_cat_bar.html' %}
<div class="wrapper wrapper-content animated fadeInRight">
<div class="row">
<div class="col-lg-10">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5> 查看小组</h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<div class="">
<a target="_blank" href="/juser/group_add/" class="btn btn-sm btn-primary "> 添加用户组 </a>
<form id="search_form" method="get" action="" class="pull-right mail-search">
<div class="input-group">
<input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">
<div class="input-group-btn">
<button id='search_btn' type="submit" class="btn btn-sm btn-primary">
- 搜索 -
</button>
</div>
</div>
</form>
</div>
<table class="table table-striped table-bordered table-hover " id="editable" >
<thead>
<tr>
<th class="text-center">用户组</th>
<th class="text-center">成员</th>
<th class="text-center">授权资产</th>
<th class="text-center">授权资产组</th>
<th class="text-center">操作</th>
</tr>
</thead>
<tbody>
{% for user_group in user_groups.object_list %}
<tr class="gradeX">
<td class="text-center"> {{ user_group.name }} </td>
<td class="text-center">
<a href="/juser/user_list/?gid={{ user_group.id }}">{{ user_group.user_set.all | length }} </a>
</td>
<td class="text-center"> <a href="/jasset/asset_list/?gid={{ user_group.id }}">{{ user_group | user_asset_count }} </a> </td>
<td class="text-center"> <a href="/jasset/group_list/?gid={{ user_group.id }}">{{ user_group | user_asset_group_count }}</a></td>
<td class="text-center">
<a href="../perm_user_detail/?id={{ user_group.id }}" class="btn btn-xs btn-primary">详情</a>
<a href="../perm_group_edit/?id={{ user_group.id }}" class="btn btn-xs btn-danger">编辑</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
<div class="row">
<div class="col-sm-6">
<div class="dataTables_info" id="editable_info" role="status" aria-live="polite">
Showing {{ users.start_index }} to {{ users.end_index }} of {{ p.count }} entries
</div>
</div>
{% include 'paginator.html' %}
</div>
</div>
</div>
</div>
</div>
</div>
{% endblock %}
\ No newline at end of file
templates/jperm/perm_user_list.html
View file @ 43fe9851
...@@ -51,9 +51,11 @@ ...@@ -51,9 +51,11 @@
{% for user in users.object_list %} {% for user in users.object_list %}
<tr class="gradeX"> <tr class="gradeX">
<td class="text-center"> {{ user.name }} </td> <td class="text-center"> {{ user.name }} </td>
<td class="text-center"> <a href="/juser/user_list/?gid={{ user.id }}">{{ user.id }} </a> </td> <td class="text-center">
<td class="text-center"> <a href="/jasset/host_list/?gid={{ user.id }}">{{ user.id }} </a> </td> <a href="/juser/user_list/?gid={{ user.id }}">{{ user.group.all | groups2str }} </a>
<td class="text-center"> {{ user.comment }} </td> </td>
<td class="text-center"> <a href="/jasset/asset_list/?gid={{ user.id }}">{{ user | user_asset_count }} </a> </td>
<td class="text-center"> <a href="/jasset/group_list/?gid={{ user.id }}">{{ user | user_asset_group_count }}</a></td>
<td class="text-center"> <td class="text-center">
<a href="../perm_user_detail/?id={{ user.id }}" class="btn btn-xs btn-primary">详情</a> <a href="../perm_user_detail/?id={{ user.id }}" class="btn btn-xs btn-primary">详情</a>
<a href="../perm_user_edit/?id={{ user.id }}" class="btn btn-xs btn-danger">编辑</a> <a href="../perm_user_edit/?id={{ user.id }}" class="btn btn-xs btn-danger">编辑</a>
......
templates/nav.html
View file @ 43fe9851
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
</li> </li>
<li class="perm_list perm_edit perm_detail"> <li class="perm_list perm_edit perm_detail">
<a href="/jperm/perm_list/">用户组授权</a> <a href="/jperm/group/">用户组授权</a>
</li> </li>
<li class="sudo_list sudo_edit sudo_add cmd_list cmd_edit cmd_add sudo_detail"> <li class="sudo_list sudo_edit sudo_add cmd_list cmd_edit cmd_add sudo_detail">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment