去掉runas

52c4395b · ibuler · 49fbae4f · 52c4395b · 52c4395b · 52c4395b
Commit 52c4395b authored Nov 29, 2015 by ibuler
6 changed files
--- a/jperm/models.py
+++ b/jperm/models.py
@@ -22,7 +22,6 @@ class SysUser(models.Model):
 class PermSudo(models.Model):
    name = models.CharField(max_length=100, unique=True)
    date_added = models.DateTimeField(auto_now=True)
-    runas = models.CharField(max_length=200, default='root')
    commands = models.TextField()
    comment = models.CharField(max_length=100, null=True, blank=True, default='')

--- a/jperm/views.py
+++ b/jperm/views.py
@@ -466,12 +466,12 @@ def perm_role_push(request):
                ret_failed["step2-2"] = "failed"
        # 3. 推送sudo配置文件
-        role_chosen_aliase = {}  # {'dev': [sudo1, sudo2], 'sa': [sudo2, sudo3]}
+        role_chosen_aliase = {}  # {'dev': 'NETWORKING, SHUTDOWN', 'sa': 'NETWORKING, SHUTDOWN'}
        sudo_alias = set()     # set(sudo1, sudo2, sudo3)
        for role in roles_obj:
            sudos = set([sudo for sudo in role.sudo.all()])
            sudo_alias.update(sudos)
-            role_chosen_aliase[role.name] = sudos
+            role_chosen_aliase[role.name] = ','.join(sudo.name for sudo in sudos)
        add_sudo_script = get_add_sudo_script(role_chosen_aliase, sudo_alias)
        ret_sudo = task.push_sudo_file(add_sudo_script)
@@ -533,14 +533,13 @@ def perm_sudo_add(request):
    if request.method == "POST":
        # 获取参数： name, comment
        name = request.POST.get("sudo_name").strip()
-        runas = request.POST.get('sudo_runas', 'root').strip()
        comment = request.POST.get("sudo_comment").strip()
        commands = request.POST.get("sudo_commands").strip()
        if get_object(PermSudo, name=name):
            error = 'Sudo别名 %s已经存在' % name
        else:
-            sudo = PermSudo(name=name.strip(), runas=runas, comment=comment, commands=commands.strip())
+            sudo = PermSudo(name=name.strip(), comment=comment, commands=commands.strip())
            sudo.save()
            msg = u"添加Sudo命令别名: %s" % name
        # 渲染数据
@@ -564,11 +563,9 @@ def perm_sudo_edit(request):
    if request.method == "POST":
        name = request.POST.get("sudo_name")
        commands = request.POST.get("sudo_commands")
-        runas = request.POST.get('sudo_runas', 'root')
        comment = request.POST.get("sudo_comment")
        sudo.name = name.strip()
        sudo.commands = commands.strip()
-        sudo.runas = runas.strip()
        sudo.comment = comment
        sudo.save()

--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -9,7 +9,7 @@ log = debug
 host = 127.0.0.1
 port = 3306
 user = jumpserver
-password = mysql1234
+password = mysql234
 database = jumpserver
 [websocket]

--- a/templates/jperm/perm_sudo_add.html
+++ b/templates/jperm/perm_sudo_add.html
@@ -35,13 +35,6 @@
                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>
-                            <div class="form-group">
-                                <label for="sudo_runas" class="col-sm-2 control-label">RunAs<span class="red-fonts">*</span></label>
-                                <div class="col-sm-8">
-                                    <input id="sudo_runas" name="sudo_runas" placeholder="Sudo RunAs User" type="text" class="form-control">
-                                </div>
-                            </div>
-                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="sudo_commands" class="col-sm-2 control-label">系统命令<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">

--- a/templates/jperm/perm_sudo_edit.html
+++ b/templates/jperm/perm_sudo_edit.html
@@ -40,13 +40,6 @@
                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>
-                            <div class="form-group">
-                                <label for="sudo_runas" class="col-sm-2 control-label">RunAs<span class="red-fonts">*</span></label>
-                                <div class="col-sm-8">
-                                    <input id="sudo_runas" name="sudo_runas" placeholder="Sudo RunAs User" type="text" class="form-control" value="{{ sudo.runas }}">
-                                </div>
-                            </div>
-                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="sudo_commands_label" class="col-sm-2 control-label">系统命令<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">

--- a/templates/jperm/role_sudo.j2
+++ b/templates/jperm/role_sudo.j2
@@ -17,14 +17,12 @@ add_cmd_alias() {
 add_role_chosen() {
-    {% for role, sudos in role_chosen_aliase.items %}
+    {% for role, alias in role_chosen_aliase.items %}
-        {% for sudo in sudos %}
+        if $(grep '^{{ role }}.*' ${sudo_file} &> /dev/null); then
-        if $(grep '^{{ role }}.*sudo.name' ${sudo_file} &> /dev/null); then
+            sed -i 's@^{{ role }}.*@{{ role }} ALL =  NOPASSWD: {{ alias }}@g' ${sudo_file}
-            sed -i 's@^{{ role }}.*sudo.name@{{ role }} ALL = ({{ sudo.runas }}) NOPASSWD: {{ sudo.name }}@g' ${sudo_file}
        else
-            echo "{{ role }} ALL = ({{ sudo.runas }}) NOPASSWD: {{ sudo.name }}"  >> ${sudo_file}
+            echo "{{ role }} ALL =  NOPASSWD: {{ alias }}"  >> ${sudo_file}
        fi
-        {% endfor %}
    {% endfor %}
 }