Skip to content

J
jumpserver
Commit a6f53fc9 authored by guanghongwei's avatar guanghongwei
Browse files
Options

修改 登录和删除

parent 35e74f3c
Show whitespace changes
Inline Side-by-side
Showing with 45 additions and 11 deletions
webroot/AutoSa/AutoSa/views.py
View file @ a6f53fc9
...@@ -153,27 +153,37 @@ def gen_sha512(salt, password): ...@@ -153,27 +153,37 @@ def gen_sha512(salt, password):
return crypt.crypt(password, '$6$%s$' % salt) return crypt.crypt(password, '$6$%s$' % salt)
def group_member(username):
member = []
user = User.objects.get(username=username)
for group in user.group.all():
member.extend(group.user_set.all())
return list(set(member))
def login(request): def login(request):
"""登录界面""" """登录界面"""
if request.session.get('username'): if request.session.get('username'):
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
if request.method == 'GET': if request.method == 'GET':
return render_to_response('login.html') return render_to_response('login.html')
if request.method == 'POST': else:
username = request.POST.get('username') username = request.POST.get('username')
password = request.POST.get('password') password = request.POST.get('password')
if pam.authenticate(username, password): user = User.objects.get(username=username)
if username in admin: if password == user.password:
request.session['username'] = username request.session['username'] = username
if user.is_admin:
request.session['admin'] = 1 request.session['admin'] = 1
elif user.is_superuser:
request.session['admin'] = 2
else: else:
request.session['username'] = username
request.session['admin'] = 0 request.session['admin'] = 0
return HttpResponseRedirect('/') return HttpResponseRedirect('/')
else: else:
error = '密码错误,请重新输入。' error = '密码错误,请重新输入。'
return render_to_response('login.html',{'error': error}) return render_to_response('login.html', {'error': error})
def login_required(func): def login_required(func):
...@@ -194,10 +204,20 @@ def admin_required(func): ...@@ -194,10 +204,20 @@ def admin_required(func):
return _deco return _deco
def superuser_required(func):
"""要求用户是superuser"""
def _deco(request, *args, **kwargs):
if request.session.get('admin') != 2:
return HttpResponseRedirect('/')
return func(request, *args, **kwargs)
return _deco
def logout(request): def logout(request):
"""注销登录调用""" """注销登录调用"""
if request.session.get('username'): if request.session.get('username'):
del request.session['username'] del request.session['username']
del request.session['admin']
return HttpResponseRedirect('/login/') return HttpResponseRedirect('/login/')
...@@ -205,6 +225,13 @@ def logout(request): ...@@ -205,6 +225,13 @@ def logout(request):
def downKey(request): def downKey(request):
"""下载key""" """下载key"""
username = request.session.get('username') username = request.session.get('username')
if request.session.get('admin') == 1:
user = User.objects.get(username=username)
if user in group_member(username):
username = request.GET.get('username')
elif request.session.get('admin') == 2:
username = request.GET.get('username')
filename = '%s/keys/%s' % (base_dir, username) filename = '%s/keys/%s' % (base_dir, username)
f = open(filename) f = open(filename)
data = f.read() data = f.read()
...@@ -232,9 +259,7 @@ def index(request): ...@@ -232,9 +259,7 @@ def index(request):
@admin_required @admin_required
def showUser(request): def showUser(request):
"""查看所有用户""" """查看所有用户"""
users = User.objects.all()
info = ''
error = ''
if request.method == 'POST': if request.method == 'POST':
selected_user = request.REQUEST.getlist('selected') selected_user = request.REQUEST.getlist('selected')
if selected_user: if selected_user:
...@@ -243,7 +268,7 @@ def showUser(request): ...@@ -243,7 +268,7 @@ def showUser(request):
user_del = User.objects.get(id=id) user_del = User.objects.get(id=id)
username = user_del.username username = user_del.username
user_del.delete() user_del.delete()
except Exception,e: except Exception, e:
error = u'数据库中用户删除错误' + unicode(e) error = u'数据库中用户删除错误' + unicode(e)
bash_del = bash("userdel -r %s" % username) bash_del = bash("userdel -r %s" % username)
if bash_del != 0: if bash_del != 0:
...@@ -252,14 +277,23 @@ def showUser(request): ...@@ -252,14 +277,23 @@ def showUser(request):
try: try:
ldap_del = LDAPMgmt() ldap_del = LDAPMgmt()
user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn) user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn)
group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn)
ldap_del.delete(user_dn) ldap_del.delete(user_dn)
ldap_del.delete(group_dn)
except Exception, e: except Exception, e:
error = u'ldap中用户删除错误' + unicode(e) error = u'ldap中用户删除错误' + unicode(e)
if not error: if not error:
info = '用户删除成功' info = '用户删除成功'
return render_to_response('showUser.html', else:
if request.session.get('admin') == 2:
users = User.objects.all()
elif request.session.get('admin') == 1:
users = group_member(request.session.get('username'))
return render_to_response(
'showUser.html',
{'users': users, 'info': info, 'error': error, 'user_menu': 'active'}, {'users': users, 'info': info, 'error': error, 'user_menu': 'active'},
context_instance=RequestContext(request)) context_instance=RequestContext(request))
......
webroot/AutoSa/templates/showUser.html
View file @ a6f53fc9
...@@ -36,7 +36,7 @@ ...@@ -36,7 +36,7 @@
<td>{{ user.is_admin }}</td> <td>{{ user.is_admin }}</td>
<td>{{ user.is_superuser }}</td> <td>{{ user.is_superuser }}</td>
<td>{{ user.email }}</td> <td>{{ user.email }}</td>
<td><a href="/downKey/">下载</a></td> <td><a href="/downKey/?username={{ user.username }}">下载</a></td>
</tr> </tr>
{% endfor %} {% endfor %}
</tbody> </tbody>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment