fix user perm group perm

9eb64466 · ibuler · 9fc0c9da · 9eb64466 · 9eb64466 · 9eb64466
Commit 9eb64466 authored Dec 25, 2015 by ibuler
Show whitespace changes
Inline Side-by-side

Showing with 29 additions and 26 deletions

perm_api.py jperm/perm_api.py +5 -1

views.py jperm/views.py +1 -1

run_websocket.py run_websocket.py +23 -24

No files found.
--- a/jperm/perm_api.py
+++ b/jperm/perm_api.py
@@ -29,7 +29,10 @@ def get_group_user_perm(ob):
    """
    perm = {}
    if isinstance(ob, User):
-        rule_all = PermRule.objects.filter(user=ob)
+        rule_all = set(PermRule.objects.filter(user=ob))
+        for user_group in ob.group.all():
+            rule_all = rule_all.union(set(PermRule.objects.filter(user_group=user_group)))
    elif isinstance(ob, UserGroup):
        rule_all = PermRule.objects.filter(user_group=ob)
    else:
@@ -80,6 +83,7 @@ def get_group_user_perm(ob):
                else:
                    perm_asset[asset] = {'role': perm_asset_group[asset_group].get('role', set()),
                                         'rule': perm_asset_group[asset_group].get('rule', set())}
+    print perm
    return perm

--- a/jperm/views.py
+++ b/jperm/views.py
@@ -667,7 +667,7 @@ def perm_role_get(request):
        asset = get_object(Asset, id=asset_id)
        if asset:
            role = user_have_perm(request.user, asset=asset)
-            logger.debug('#' + ','.join([i.name for i in role]) + '#')
+            logger.debug(u'获取授权系统用户: ' + ','.join([i.name for i in role]))
            return HttpResponse(','.join([i.name for i in role]))
    else:
        roles = get_group_user_perm(request.user).get('role').keys()

--- a/run_websocket.py
+++ b/run_websocket.py
@@ -44,29 +44,28 @@ def require_auth(role='user'):
            else:
                session_key = request.get_argument('sessionid', '')
-            logger.debug('Websocket: session_key: %s' % session_key)
+            logger.debug(u'请求session_key: %s' % session_key)
            if session_key:
                session = get_object(Session, session_key=session_key)
-                logger.debug('Websocket: session: %s' % session)
                if session and datetime.datetime.now() < session.expire_date:
                    user_id = session.get_decoded().get('_auth_user_id')
                    user = get_object(User, id=user_id)
                    if user:
-                        logger.debug('Websocket: user [ %s ] request websocket' % user.username)
+                        logger.debug(u'用户 [ %s ] 请求websocket' % user.username)
                        request.user = user
                        if role == 'admin':
                            if user.role in ['SU', 'GA']:
                                return func(request, *args, **kwargs)
-                            logger.debug('Websocket: user [ %s ] is not admin.' % user.username)
+                            logger.debug(u'用户 [ %s ] 不是admin.' % user.username)
                        else:
                            return func(request, *args, **kwargs)
                else:
-                    logger.debug('Websocket: session expired: %s' % session_key)
+                    logger.debug(u'session过期 %s' % session_key)
            try:
                request.close()
            except AttributeError:
                pass
-            logger.warning('Websocket: Request auth failed.')
+            logger.warning('认证失败，非法请求')
        return _deco2
    return _deco
@@ -96,10 +95,10 @@ def file_monitor(path='.', client=None):
    notifier = AsyncNotifier(wm, EventHandler(client))
    wm.add_watch(path, mask, auto_add=True, rec=True)
    if not os.path.isfile(path):
-        logger.debug("File %s does not exist." % path)
+        logger.debug(u"文件 %s 不存在." % path)
        sys.exit(3)
    else:
-        logger.debug("Now starting monitor file %s." % path)
+        logger.debug(u"开始监控文件 %s." % path)
        global f
        f = open(path, 'r')
        st_size = os.stat(path)[6]
@@ -149,7 +148,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
            MonitorHandler.clients.remove(self)
            MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
-        logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients),
+        logger.debug(u"监控在线数量: %s, 线程数量: %s" % (len(MonitorHandler.clients),
                                                       len(MonitorHandler.threads)))
    def on_message(self, message):
@@ -160,7 +159,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
        # 客户端主动关闭
        # self.close()
-        logger.debug("Websocket: Monitor client close request")
+        logger.debug("监控请求关闭")
        try:
            client_index = MonitorHandler.clients.index(self)
            MonitorHandler.clients.remove(self)
@@ -184,10 +183,10 @@ class WebTerminalKillHandler(tornado.web.RequestHandler):
        Log.objects.filter(id=ws_id).update(is_finished=True)
        for ws in WebTerminalHandler.clients:
            if ws.id == int(ws_id):
-                logger.debug("Kill log id %s" % ws_id)
+                logger.debug(u"终结logID %s" % ws_id)
                ws.log.save()
                ws.close()
-        logger.debug('Websocket: web terminal client num: %s' % len(WebTerminalHandler.clients))
+        logger.debug(u'WebTerminal在线数量: %s' % len(WebTerminalHandler.clients))
 class ExecHandler(tornado.websocket.WebSocketHandler):
@@ -209,7 +208,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
    @require_auth('user')
    def open(self):
-        logger.debug('Websocket: Open exec request')
+        logger.debug('web批量命令执行请求')
        role_name = self.get_argument('role', 'sb')
        self.remote_ip = self.request.remote_ip
        logger.debug('Web执行命令: 请求系统用户 %s' % role_name)
@@ -255,7 +254,6 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
        for k, v in self.runner.results.items():
            for host, output in v.items():
                output = newline_pattern.sub('<br />', output)
-                logger.debug(output)
                if k == 'ok':
                    header = "<span style='color: green'>[ %s => %s]</span>\n" % (host, 'Ok')
                else:
@@ -266,7 +264,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
        self.write_message('\n~o~ Task finished ~o~\n')
    def on_close(self):
-        logger.debug('关闭web_exec请求')
+        logger.debug('关闭web批量命令请求')
 class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@@ -289,29 +287,30 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
    @require_auth('user')
    def open(self):
-        logger.debug('Websocket: Open request')
+        logger.debug('WebTerminal请求')
        role_name = self.get_argument('role', 'sb')
        asset_id = self.get_argument('id', 9999)
        asset = get_object(Asset, id=asset_id)
        if asset:
            roles = user_have_perm(self.user, asset)
-            logger.debug(roles)
+            logger.debug('请求系统用户: %s' % role_name)
-            logger.debug('系统用户: %s' % role_name)
            login_role = ''
            for role in roles:
                if role.name == role_name:
                    login_role = role
                    break
            if not login_role:
-                logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.hostname,
+                logger.warning(u'在%s 这台主机上没有为用户%s 授权系统用户%s ' % (asset.hostname,
-                                                                                       self.user.username))
+                               self.user.username,
+                               role_name))
                self.close()
                return
        else:
-            logger.warning('Websocket: No that Host: %s User: %s ' % (asset_id, self.user.username))
+            logger.warning(u'没有授权该主机 %s' % asset_id)
            self.close()
            return
-        logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username,
+        logger.debug('web terminal 请求主机: %s 用户: %s 系统用户: %s' % (asset.hostname,
+                     self.user.username,
                     login_role.name))
        self.term = WebTty(self.user, asset, login_role, login_type='web')
        self.term.remote_ip = self.request.remote_ip
@@ -352,7 +351,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
            self.channel.send(data['data'])
    def on_close(self):
-        logger.debug('Websocket: Close request')
+        logger.debug('关闭websocket请求')
        if self in WebTerminalHandler.clients:
            WebTerminalHandler.clients.remove(self)
        try:
@@ -425,6 +424,6 @@ if __name__ == '__main__':
    server = tornado.httpserver.HTTPServer(app)
    server.bind(options.port, options.host)
    #server.listen(options.port)
-    server.start(num_processes=5)
+    #server.start(num_processes=5)
    print "Run server on %s:%s" % (options.host, options.port)
    tornado.ioloop.IOLoop.instance().start()