Skip to content

J
jumpserver
Commit 50208c00 authored by guanghongwei's avatar guanghongwei
Browse files
Options

sudoȨ

parent 8a5e494c
Hide whitespace changes
Inline Side-by-side
Showing with 207 additions and 30 deletions
docs/AddUserAsset.py 0 → 100644
View file @ 50208c00
#coding:utf-8
import django
import os
import sys
sys.path.append('../')
os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
django.setup()
from juser.views import db_add_user, md5_crypt, CRYPTOR
from jasset.models import Asset, IDC
from jasset.views import jasset_group_add
def test_add_user():
for i in range(1, 500):
username = "test" + str(i)
db_add_user(username=username,
password=md5_crypt(username),
name=username, email='%s@jumpserver.org' % username,
groups=[1,3], role='CU',
ssh_pwd=CRYPTOR.encrypt(username),
ssh_key_pwd=CRYPTOR.encrypt(username),
ldap_pwd=CRYPTOR.encrypt(username),
is_active=True,
date_joined=0)
print "Add: %s" % username
def test_add_asset():
test_idc = IDC.objects.get(id=1)
for i in range(1, 500):
ip = '192.168.1.' + str(i)
Asset.objects.create(ip=ip, port=22, login_type='L', idc=test_idc, is_active=True, comment='test')
print "Add: %s" % ip
if __name__ == '__main__':
args = sys.argv
if args[1] == 'user':
test_add_user()
if args[1] == 'asset':
test_add_asset()
jperm/views.py
View file @ 50208c00
......@@ -163,7 +163,7 @@ def user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_group
return user_groups_select_list, asset_groups_select_list, cmd_groups_select_list
def sudo_db_add(name, user_runas , user_groups_select, asset_groups_select, cmd_groups_select, comment):
def sudo_db_add(name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment):
user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
......@@ -190,7 +190,8 @@ def unicode2str(unicode_list):
return [str(i) for i in unicode_list]
def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=False):
def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select,
cmd_groups_select, update=False, old_name=''):
user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \
user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select)
......@@ -198,18 +199,26 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm
assets = []
cmds = []
users_runas = users_runas.split(',')
asset_all = False
for user_group in user_groups_select_list:
users.extend(user_group.user_set.all())
for asset_group in asset_groups_select_list:
assets.extend(asset_group.asset_set.all())
if u'ALL' in asset_group.name:
asset_all = True
break
else:
assets.extend(asset_group.asset_set.all())
for cmd_group in cmd_groups_select_list:
cmds.extend(cmd_group.cmd.split(','))
users_name = [user.username for user in users]
assets_ip = [asset.ip for asset in assets]
if asset_all:
assets_ip = ['ALL']
else:
assets_ip = [asset.ip for asset in assets]
sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN)
sudo_attr = {'objectClass': ['top', 'sudoRole'],
......@@ -221,13 +230,14 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cm
'sudoUser': unicode2str(users_name)}
if update:
ldap_conn.delete(sudo_dn)
old_sudo_dn = 'cn=%s,ou=Sudoers,%s' % (old_name, LDAP_BASE_DN)
ldap_conn.delete(old_sudo_dn)
ldap_conn.add(sudo_dn, sudo_attr)
def sudo_add(request):
header_title, path1, path2 = u'Sudo授权 | Perm Sudo Add.', u'jperm', u'sudo_add'
header_title, path1, path2 = u'Sudo授权 | Perm Sudo Add.', u'权限管理', u'添加Sudo权限'
user_groups = UserGroup.objects.filter(Q(type='A') | Q(type='P')).order_by('type')
asset_groups = BisGroup.objects.all().order_by('type')
cmd_groups = CmdGroup.objects.all()
......@@ -300,9 +310,12 @@ def sudo_edit(request):
cmd_groups_select = request.POST.getlist('cmd_groups_select')
comment = request.POST.get('comment', '')
sudo_perm = SudoPerm.objects.get(id=sudo_perm_id)
old_name = sudo_perm.name
sudo_db_update(sudo_perm_id, name, users_runas, user_groups_select,
asset_groups_select, cmd_groups_select, comment)
sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, update=True)
sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select,
cmd_groups_select, update=True, old_name=str(old_name))
msg = '修改成功'
return HttpResponseRedirect('/jperm/sudo_list/')
......@@ -311,6 +324,7 @@ def sudo_edit(request):
def sudo_detail(request):
header_title, path1, path2 = u'Sudo授权详情 | Perm Sudo Detail.', u'授权管理', u'授权详情'
sudo_perm_id = request.GET.get('id')
sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id)
if sudo_perm:
......@@ -328,7 +342,7 @@ def sudo_detail(request):
for asset_group in asset_groups:
assets_list.extend(asset_group.asset_set.all())
for cmd_group in cmd_groups:
cmds_list.extend(cmd_group.cmd.split(','))
cmds_list.append({cmd_group.name: cmd_group.cmd.split(',')})
return render_to_response('jperm/sudo_detail.html', locals())
......
juser/views.py
View file @ 50208c00
......@@ -328,7 +328,7 @@ def group_edit(request):
def user_list(request):
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
header_title, path1, path2 = '查看用户 | Show User', 'juser', 'user_list'
header_title, path1, path2 = '查看用户 | Show User', '用户管理', '用户列表'
users = contact_list = User.objects.all().order_by('id')
p = paginator = Paginator(contact_list, 10)
......
templates/jperm/sudo_detail.html
View file @ 50208c00
......@@ -5,10 +5,10 @@
{% include 'nav_cat_bar.html' %}
<div class="wrapper wrapper-content animated fadeInRight">
<div class="row">
<div class="col-lg-10">
<div class="col-lg-6">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5>详情 {{ user.name }} <small> Add perm info.</small></h5>
<h5>授权用户 <small> User.</small></h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
......@@ -28,10 +28,126 @@
</div>
</div>
<div class="ibox-content">
{{ }}
<table class="table">
<thead>
<tr>
<th>用户名</th>
<th>姓名</th>
<th>部门</th>
<th>属组</th>
</tr>
</thead>
<tbody>
{% for user in users_list %}
<tr>
<td>{{ user.username }}</td>
<td>{{ user.name }}</td>
<td>{{ user.username|group_manage_str }}</td>
<td>{{ user.username|groups_str }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
<div class="col-lg-6">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5>授权主机 <small> Asset.</small></h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li><a href="#">未启用 1</a>
</li>
<li><a href="#">未启用 2</a>
</li>
</ul>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<table class="table">
<thead>
<tr>
<th>IP</th>
<th>IDC</th>
<th>主机组</th>
</tr>
</thead>
<tbody>
{% for asset in assets_list %}
<tr>
<td>{{ asset.ip }}</td>
<td>{{ asset.idc.name }}</td>
<td>
{% for group in asset.bis_group.all|filter_private %}
{{ group }}
{% endfor %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
<div class="col-lg-6">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5>授权命令 <small> Command.</small></h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
<li><a href="#">未启用 1</a>
</li>
<li><a href="#">未启用 2</a>
</li>
</ul>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<table class="table">
<thead>
<tr>
<th>命令</th>
<th>命令组</th>
</tr>
</thead>
<tbody>
{% for cmd_group in cmds_list %}
{% for cmd_group_name, cmds in cmd_group.items %}
{% for cmd in cmds %}
<tr>
<td>{{ cmd }}</td>
<td>{{ cmd_group_name }}</td>
</tr>
{% endfor %}
{% endfor %}
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
......
templates/jperm/sudo_edit.html
View file @ 50208c00
......@@ -41,7 +41,7 @@
<label for="name" class="col-sm-2 control-label">授权名</label>
<div class="col-sm-8">
<input id="name" name="name" placeholder="OnlyForEnglish" type="text" class="form-control" value="{{ name }}">
<input id="sudo_perm_id" name="sudo_perm_id" type="text" class="form-control" value="{{ sudo_perm_id }}">
<input id="sudo_perm_id" name="sudo_perm_id" type="text" class="form-control" value="{{ sudo_perm_id }}" style="display: none">
<span class="help-block m-b-none">取个名字方便辨识,只支持英文</span>
</div>
</div>
......
templates/jperm/sudo_list.html
View file @ 50208c00
......@@ -31,26 +31,26 @@
<div class="ibox-content">
<div class="" style="margin-left: 15px;">
<a target="_blank" href="/jperm/cmd_add/" class="btn btn-sm btn-primary "> 添加命令组 </a>
<a target="_blank" href="/jperm/cmd_list/" class="btn btn-sm btn-primary "> 查看命令组 </a>
<a target="_blank" href="/jperm/cmd_list/" class="btn btn-sm btn-warning "> 查看命令组 </a>
</div>
<div class="panel blank-panel">
<div class="panel-heading">
<div class="panel-options">
<ul class="nav nav-tabs">
<li id="tab1" class="active"><a data-toggle="tab" href="#tab-1">添加授权</a></li>
<li id="tab2" class=""><a data-toggle="tab" href="#tab-2">查看授权</a></li>
<li id="tab1" class="active"><a data-toggle="tab" href="#tab-1">查看授权</a></li>
{# <li id="tab2" class=""><a data-toggle="tab" href="#tab-2">用户授权详情</a></li>#}
<li style="float: right">
<form method="get" action="" class="pull-right mail-search">
<div class="input-group">
<input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">
<div class="input-group-btn">
<button id='search_btn' type="button" class="btn btn-sm btn-primary">
Search
</button>
</div>
</div>
</form>
{# <form method="get" action="" class="pull-right mail-search">#}
{# <div class="input-group">#}
{# <input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">#}
{# <div class="input-group-btn">#}
{# <button id='search_btn' type="button" class="btn btn-sm btn-primary">#}
{# Search#}
{# </button>#}
{# </div>#}
{# </div>#}
{# </form>#}
</li>
</ul>
</div>
......@@ -64,11 +64,11 @@
<thead>
<tr>
<th class="text-center">授权名</th>
<th class="text-center">user_runas</th>
<th class="text-center">UserRunAs</th>
<th class="text-center">用户组</th>
<th class="text-center">主机组</th>
<th class="text-center">命令组</th>
<th class="text-center">备注</th>
<th class="text-center">操作</th>
</tr>
</thead>
<tbody id="perm_list">
......@@ -94,7 +94,7 @@
{% endfor %}
</td>
<td class="text-center">
<a title="[ {{ sudo_perm.name }} 授权详情 ]" href="../sudo_detail/?id={{ sudo_perm.id }}" class="iframe btn btn-xs btn-primary">详情</a>
<a title="[ {{ sudo_perm.name }} 授权详情 ]" href="../sudo_detail/?id={{ sudo_perm.id }}" class="btn btn-xs btn-primary">详情</a>
<a href="../sudo_edit/?id={{ sudo_perm.id }}" class="btn btn-xs btn-info">编辑</a>
<a href="../sudo_del/?id={{ sudo_perm.id }}" class="btn btn-xs btn-danger">删除</a>
</td>
......
templates/nav_li_profile.html
View file @ 50208c00
......@@ -14,7 +14,7 @@
</ul>
</div>
<div class="logo-element">
JumpServer
JS+
</div>
</li>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment