鉴权

9348a0de · halcyon · fa0ec1e7 · 9348a0de · 9348a0de · 9348a0de
Commit 9348a0de authored Mar 18, 2015 by halcyon
7 changed files
--- a/jasset/views.py
+++ b/jasset/views.py
@@ -6,11 +6,13 @@ from django.template import RequestContext
 from django.shortcuts import render_to_response
 from models import IDC, Asset, BisGroup
-from juser.models import UserGroup, DEPT
+from juser.models import UserGroup, DEPT, User
 from connect import PyCrypt, KEY
 from jlog.models import Log
-from jumpserver.views import jasset_group_add, jasset_host_edit, pages
+from jumpserver.views import jasset_host_edit, pages
 from jumpserver.api import asset_perm_api
+from jumpserver.api import user_perm_group_api, require_login, require_super_user, \
+    require_admin, is_group_admin, is_super_user, get_user_dept
 cryptor = PyCrypt(KEY)
@@ -52,14 +54,20 @@ def f_add_host(ip, port, idc, jtype, group, dept, active, comment, username='',
    a.save()
+@require_admin
 def add_host(request):
-    login_types = {'L': 'LDAP', 'S': 'SSH_KEY', 'P': 'PASSWORD', 'M': 'MAP'}
+    login_types = {'L': 'LDAP', 'M': 'MAP'}
    header_title, path1, path2 = u'添加主机', u'资产管理', u'添加主机'
    eidc = IDC.objects.all()
-    edept = DEPT.objects.all()
+    if is_super_user(request):
-    egroup = BisGroup.objects.all()
+        edept = DEPT.objects.all()
-    eusergroup = UserGroup.objects.all()
+        egroup = BisGroup.objects.all()
+        eusergroup = UserGroup.objects.all()
+    elif is_group_admin(request):
+        dept_id = get_user_dept(request)
+        user_id = request.session.get('user_id')
+        edept = DEPT.objects.get(id=dept_id)
+        egroup = edept.bisgroup_set.all()
    if request.method == 'POST':
        j_ip = request.POST.get('j_ip')
        j_idc = request.POST.get('j_idc')
@@ -153,20 +161,30 @@ def batch_host_edit(request):
        return render_to_response('jasset/host_list.html')
+@require_admin
 def list_host(request):
    header_title, path1, path2 = u'查看主机', u'资产管理', u'查看主机'
-    login_types = {'L': 'LDAP', 'S': 'SSH_KEY', 'P': 'PASSWORD', 'M': 'MAP'}
+    login_types = {'L': 'LDAP', 'M': 'MAP'}
    keyword = request.GET.get('keyword', '')
-    if keyword:
+    dept_id = get_user_dept(request)
-        posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
+    dept = DEPT.objects.get(id=dept_id)
-                     Q(bis_group__name__contains=keyword) | Q(comment__contains=keyword)).distinct().order_by('ip')
+    if is_super_user(request):
-        contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
+        if keyword:
+            posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
-    else:
+                         Q(bis_group__name__contains=keyword) | Q(comment__contains=keyword)).distinct().order_by('ip')
-        posts = Asset.objects.all().order_by('ip')
+            contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
-        contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
+        else:
+            posts = Asset.objects.all().order_by('ip')
+            contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
+    elif is_group_admin(request):
+        if keyword:
+            posts = Asset.objects.filter(Q(ip__contains=keyword) | Q(idc__name__contains=keyword) |
+                         Q(bis_group__name__contains=keyword) | Q(comment__contains=keyword)).filter(dept=dept).distinct().order_by('ip')
+            contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
+        else:
+            posts = Asset.objects.all().filter(dept=dept).order_by('ip')
+            contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
    return render_to_response('jasset/host_list.html', locals(), context_instance=RequestContext(request))
@@ -329,10 +347,17 @@ def del_idc(request, offset):
    return HttpResponseRedirect('/jasset/idc_list/')
+@require_admin
 def add_group(request):
    header_title, path1, path2 = u'添加主机组', u'资产管理', u'添加主机组'
-    posts = Asset.objects.all()
+    if is_super_user(request):
-    edept = DEPT.objects.all()
+        posts = Asset.objects.all()
+        edept = DEPT.objects.all()
+    elif is_group_admin(request):
+        dept_id = get_user_dept(request)
+        dept = DEPT.objects.get(id=dept_id)
+        posts = Asset.objects.filter(dept=dept)
+        edept = DEPT.objects.get(id=dept_id)
    if request.method == 'POST':
        j_group = request.POST.get('j_group')
        j_dept = request.POST.get('j_dept')
@@ -354,25 +379,41 @@ def add_group(request):
    return render_to_response('jasset/group_add.html', locals(), context_instance=RequestContext(request))
+@require_admin
 def list_group(request):
    header_title, path1, path2 = u'查看主机组', u'资产管理', u'查看主机组'
+    dept_id = get_user_dept(request)
+    dept = DEPT.objects.get(id=dept_id)
    keyword = request.GET.get('keyword', '')
-    if keyword:
+    if is_super_user(request):
-        posts = BisGroup.objects.filter(Q(name__contains=keyword) | Q(comment__contains=keyword))
+        if keyword:
-    else:
+            posts = BisGroup.objects.filter(Q(name__contains=keyword) | Q(comment__contains=keyword))
-        posts = BisGroup.objects.all().order_by('id')
+        else:
+            posts = BisGroup.objects.all().order_by('id')
+    elif is_group_admin(request):
+        if keyword:
+            posts = BisGroup.objects.filter(Q(name__contains=keyword) | Q(comment__contains=keyword)).filter(dept=dept)
+        else:
+            posts = BisGroup.objects.all().filter(dept=dept).order_by('id')
    contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
    return render_to_response('jasset/group_list.html', locals(), context_instance=RequestContext(request))
+@require_admin
 def edit_group(request):
    header_title, path1, path2 = u'编辑主机组', u'资产管理', u'编辑主机组'
    group_id = request.GET.get('id')
    group = BisGroup.objects.get(id=group_id)
    all = Asset.objects.all()
+    dept_id = get_user_dept(request)
+    edept = DEPT.objects.get(id=dept_id)
    eposts = contact_list = Asset.objects.filter(bis_group=group).order_by('ip')
-    posts = [g for g in all if g not in eposts]
+    if is_super_user(request):
+        posts = [g for g in all if g not in eposts]
+    elif is_group_admin(request):
+        dept = DEPT.objects.get(id=dept_id)
+        all_dept = Asset.objects.filter(dept=dept)
+        posts = [g for g in all_dept if g not in eposts]
    if request.method == 'POST':
        j_group = request.POST.get('j_group')
        j_hosts = request.POST.getlist('j_hosts')

--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -9,7 +9,7 @@ database = jumpserver
 [ldap]
 ldap_enable = 1
-host_url = ldap://127.0.0.1:389
+host_url = ldap://192.168.8.230:389
 base_dn = dc=fengxing, dc=com
 root_dn = cn=admin,dc=fengxing,dc=com
 root_pw = 123456

--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -80,18 +80,27 @@ def require_admin(func):
 def is_super_user(request):
-    if request.session.get('role_id') == '2':
+    if request.session.get('role_id') == 2:
        return True
    else:
        return False
 def is_group_admin(request):
-    if request.session.get('role_id') == '1':
+    print request.session.get('role_id'), type(request.session.get('role_id'))
+    if request.session.get('role_id') == 1:
        return True
    else:
        return False
+def get_user_dept(request):
+    user_id = request.session.get('user_id')
+    if user_id:
+        user_dept = User.objects.get(id=user_id).dept
+        return user_dept.id
 def api_user(request):
    hosts = Log.objects.filter(is_finished=0).count()
    users = Log.objects.filter(is_finished=0).values('user').distinct().count()

--- a/jumpserver/ssh.py
+++ b/jumpserver/ssh.py
--- a/templates/jasset/group_add.html
+++ b/templates/jasset/group_add.html
 {% extends 'base.html' %}
+{% load mytags %}
 {% block content %}
 {% include 'nav_cat_bar.html' %}
 <div class="wrapper wrapper-content animated fadeInRight">
@@ -20,17 +21,27 @@
                            <div class="col-sm-8" name="group_id" value="{{ post.id }}"><input type="text" value="{{ group.name }}" placeholder="网站" name="j_group" class="form-control"></div>
                        </div>
-                        <div class="hr-line-dashed"></div>
+                        {% ifequal session_role_id 2 %}
-                        <div class="form-group">
+                            <div class="hr-line-dashed"></div>
-                            <label for="j_dept" class="col-lg-2 control-label">所属部门<span class="red-fonts">*</span></label>
+                            <div class="form-group">
-                            <div class="col-sm-8">
+                                <label for="j_dept" class="col-lg-2 control-label">所属部门<span class="red-fonts">*</span></label>
-                                <select id="j_dept" name="j_dept" class="form-control m-b">
+                                <div class="col-sm-8">
-                                    {% for d in edept %}
+                                    <select id="j_dept" name="j_dept" class="form-control m-b">
-                                        <option type="checkbox" value="{{ d.name }}">{{ d.name }}</option>
+                                        {% for d in edept %}
-                                    {% endfor %}
+                                            <option type="checkbox" value="{{ d.name }}">{{ d.name }}</option>
-                                </select>
+                                        {% endfor %}
+                                    </select>
+                                </div>
                            </div>
-                        </div>
+                        {% endifequal %}
+                        {% ifequal session_role_id 1 %}
+                            <div class="hr-line-dashed"></div>
+                            <div class="form-group">
+                                <label for="j_dept" class="col-lg-2 control-label">所属部门<span class="red-fonts">*</span></label>
+                                    <div class="col-sm-8"><input type="text" name="j_dept" value="{{  edept.name }}" class="form-control" readonly="readonly"></div>
+                            </div>
+                        {% endifequal %}
                        <div class="hr-line-dashed"></div>
                        <div class="form-group">

--- a/templates/jasset/host_add.html
+++ b/templates/jasset/host_add.html
 {% extends 'base.html' %}
+{% load mytags %}
 {% block content %}
 {% include 'nav_cat_bar.html' %}
 <div class="wrapper wrapper-content animated fadeInRight">
@@ -84,17 +85,26 @@
                                            </div>
                                        </div>
-                                        <div class="hr-line-dashed"></div>
+                                        {% ifequal session_role_id 2 %}
-                                        <div class="form-group">
+                                            <div class="hr-line-dashed"></div>
-                                            <label for="j_dept" class="col-lg-2 control-label">所属部门<span class="red-fonts">*</span></label>
+                                            <div class="form-group">
-                                            <div class="col-sm-8">
+                                                <label for="j_dept" class="col-lg-2 control-label">所属部门<span class="red-fonts">*</span></label>
-                                                <select id="j_dept" name="j_dept" class="form-control m-b" multiple size="10">
+                                                <div class="col-sm-8">
-                                                    {% for d in edept %}
+                                                    <select id="j_dept" name="j_dept" class="form-control m-b" multiple size="10">
-                                                        <option type="checkbox" value="{{ d.name }}">{{ d.name }} {% if d.comment %} --- {{ d.comment }} {% endif %}</option>
+                                                        {% for d in edept %}
-                                                    {% endfor %}
+                                                            <option type="checkbox" value="{{ d.name }}">{{ d.name }} {% if d.comment %} --- {{ d.comment }} {% endif %}</option>
-                                                </select>
+                                                        {% endfor %}
+                                                    </select>
+                                                </div>
                                            </div>
-                                        </div>
+                                        {% endifequal %}
+                                        {% ifequal session_role_id 1 %}
+                                            <div class="hr-line-dashed"></div>
+                                            <div class="form-group"><label class="col-sm-2 control-label"> 所属部门 </label>
+                                                <div class="col-sm-8"><input type="text" name="j_dept" value="{{  edept.name }}" class="form-control" readonly="readonly"></div>
+                                            </div>
+                                        {% endifequal %}
                                        <div class="hr-line-dashed"></div>
                                        <div class="form-group">

--- a/templates/nav.html
+++ b/templates/nav.html
@@ -103,7 +103,6 @@
                    <li id="host_list"><a href="/jasset/host_list/">查看资产&nbsp&nbsp</span><span class="label label-info pull-right">16/18</span></a></li>
                    <li id="jgroup_add"><a href="/jasset/jgroup_add/">添加主机组</a></li>
                    <li id="jgroup_list"><a href="/jasset/jgroup_list/">查看主机组</a></li>
-                    <li id="idc_add"><a href="/jasset/idc_add/">添加IDC</a></li>
                    <li id="idc_list"><a href="/jasset/idc_list/">查看IDC</a></li>
                </ul>
            </li>