Skip to content

J
jumpserver
Commit a7800b9a authored by guanghongwei's avatar guanghongwei
Browse files
Options

Ȩ޹

parent 47550159
Hide whitespace changes
Inline Side-by-side
Showing with 153 additions and 72 deletions
jperm/views.py
View file @ a7800b9a
......@@ -9,7 +9,7 @@ from jperm.models import Perm, SudoPerm, CmdGroup, DeptPerm
from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.db.models import Q
from jumpserver.views import LDAP_ENABLE, ldap_conn, CONF, page_list_return, pages
from jumpserver.api import user_perm_asset_api
from jumpserver.api import user_perm_asset_api, require_admin, require_super_user, require_login
if LDAP_ENABLE:
......@@ -36,6 +36,7 @@ def user_asset_cmd_groups_get(user_groups_select='', asset_groups_select='', cmd
return user_groups_select_list, asset_groups_select_list, cmd_groups_select_list
@require_admin
def perm_add(request):
header_title, path1, path2 = u'主机授权添加', u'授权管理', u'授权添加'
......@@ -79,6 +80,7 @@ def dept_add_asset(dept_id, asset_list):
DeptPerm(dept=dept, asset=asset).save()
@require_super_user
def dept_perm_edit(request):
header_title, path1, path2 = u'部门授权添加', u'授权管理', u'部门授权添加'
if request.method == 'GET':
......@@ -97,6 +99,7 @@ def dept_perm_edit(request):
return render_to_response('jperm/dept_perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_list(request):
header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情'
keyword = request.GET.get('search', '')
......@@ -109,6 +112,7 @@ def perm_list(request):
return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request))
@require_super_user
def dept_perm_list(request):
header_title, path1, path2 = '查看部门', '授权管理', '部门授权'
keyword = request.GET.get('search')
......@@ -142,6 +146,7 @@ def perm_group_update(user_group_id, asset_groups_id_list):
Perm(user_group=user_group, asset_group=asset_group).save()
@require_super_user
def perm_edit(request):
if request.method == 'GET':
header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑'
......@@ -161,6 +166,7 @@ def perm_edit(request):
return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_detail(request):
header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权详情'
perm_id = request.GET.get('id')
......@@ -181,6 +187,7 @@ def perm_detail(request):
return render_to_response('jperm/perm_detail.html', locals(), context_instance=RequestContext(request))
@require_admin
def perm_del(request):
perm_id = request.GET.get('id')
perm = Perm.objects.filter(id=perm_id)
......@@ -190,6 +197,7 @@ def perm_del(request):
return HttpResponseRedirect('/jperm/perm_list/')
@require_admin
def perm_asset_detail(request):
header_title, path1, path2 = u'用户授权主机', u'权限管理', u'用户主机详情'
user_id = request.GET.get('id')
......@@ -273,6 +281,7 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select,
ldap_conn.add(sudo_dn, sudo_attr)
@require_admin
def sudo_add(request):
header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限'
user_groups = UserGroup.objects.filter(id__gt=2)
......@@ -294,6 +303,7 @@ def sudo_add(request):
return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_list(request):
header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情'
contact_list = SudoPerm.objects.all()
......@@ -302,6 +312,7 @@ def sudo_list(request):
return render_to_response('jperm/sudo_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_edit(request):
header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo修改'
......@@ -348,6 +359,7 @@ def sudo_edit(request):
return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_detail(request):
header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情'
sudo_perm_id = request.GET.get('id')
......@@ -372,6 +384,7 @@ def sudo_detail(request):
return render_to_response('jperm/sudo_detail.html', locals(), context_instance=RequestContext(request))
@require_admin
def sudo_del(request):
sudo_perm_id = request.GET.get('id', '0')
sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id))
......@@ -383,6 +396,7 @@ def sudo_del(request):
return HttpResponseRedirect('/jperm/sudo_list/')
@require_admin
def cmd_add(request):
header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加'
......@@ -399,6 +413,7 @@ def cmd_add(request):
return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def cmd_edit(request):
header_title, path1, path2 = u'sudo命令修改', u'授权管理管理', u'命令组修改'
......@@ -425,6 +440,7 @@ def cmd_edit(request):
return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def cmd_list(request):
header_title, path1, path2 = u'sudo命令查看', u'权限管理', u'Sudo命令添加'
......@@ -443,6 +459,7 @@ def cmd_list(request):
return render_to_response('jperm/sudo_cmd_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def cmd_del(request):
cmd_group_id = request.GET.get('id')
cmd_group = CmdGroup.objects.filter(id=cmd_group_id)
......
jumpserver/api.py
View file @ a7800b9a
__author__ = 'guanghongwei'
#coding: utf-8
from django.http import HttpResponseRedirect
from juser.models import User, UserGroup
from jasset.models import Asset, BisGroup
......@@ -46,3 +47,28 @@ def asset_perm_api(asset):
user_permed_list.extend(user_group.user_set.all())
return user_permed_list
def require_login(func):
"""要求登录的装饰器"""
def _deco(request, *args, **kwargs):
if not request.session.get('user_id'):
return HttpResponseRedirect('/login/')
return func(request, *args, **kwargs)
return _deco
def require_super_user(func):
def _deco(request, *args, **kwargs):
if request.session.get('role_id', 0) != 2:
print "##########%s" % request.session.get('role_id', 0)
return HttpResponseRedirect('/')
return func(request, *args, **kwargs)
return _deco
def require_admin(func):
def _deco(request, *args, **kwargs):
if request.session.get('role_id', 0) < 1:
return HttpResponseRedirect('/')
return func(request, *args, **kwargs)
return _deco
jumpserver/context_processors.py
View file @ a7800b9a
......@@ -3,10 +3,11 @@ from juser.models import User
def name_proc(request):
user_id = request.session.get('user_id')
role = request.session.get('role_id')
role_id = request.session.get('role_id')
user_total_num = User.objects.all().count()
user_active_num = User.objects.filter(is_active=True).count()
request.session.set_expiry(3600)
return {'session_user_id': user_id, 'session_role_id': role,
return {'session_user_id': user_id, 'session_role_id': role_id,
'user_total_num': user_total_num, 'user_active_num': user_active_num}
jumpserver/settings.py
View file @ a7800b9a
......@@ -121,4 +121,3 @@ USE_TZ = False
STATIC_URL = '/static/'
SESSION_COOKIE_AGE = 3600
jumpserver/views.py
View file @ a7800b9a
......@@ -21,6 +21,7 @@ from django.template import RequestContext
from juser.models import User, UserGroup
from jlog.models import Log
from jasset.models import Asset, BisGroup, IDC
from jumpserver.api import require_admin, require_super_user, require_login
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
CONF = ConfigParser()
......@@ -52,10 +53,6 @@ def getDaysByNum(num):
return t
def base(request):
return render_to_response('base.html', context_instance=RequestContext(request))
def get_data(data, items, option):
dic = {}
li_date, li_str = getDaysByNum(7)
......@@ -74,6 +71,7 @@ def get_data(data, items, option):
return dic
@require_login
def index(request):
path1, path2 = u'仪表盘', 'Dashboard'
users = User.objects.all()
......@@ -87,6 +85,7 @@ def index(request):
user_top_ten = week_data.values('user').annotate(times=Count('user')).order_by('-times')[:10]
host_top_ten = week_data.values('host').annotate(times=Count('host')).order_by('-times')[:10]
user_dic, host_dic = get_data(week_data, user_top_ten, 'user'), get_data(week_data, host_top_ten, 'host')
print "##############%s" % request.session.get('role_id')
top = {'user': '活跃用户数', 'host': '活跃主机数', 'times': '登录次数'}
top_dic = {}
......@@ -207,7 +206,7 @@ def login(request):
request.session['user_id'] = user.id
if user.role == 'SU':
request.session['role_id'] = 2
elif user.role == 'GA':
elif user.role == 'DA':
request.session['role_id'] = 1
else:
request.session['role_id'] = 0
......
juser/views.py
View file @ a7800b9a
......@@ -23,7 +23,7 @@ from connect import PyCrypt, KEY
from connect import BASE_DIR
from connect import CONF
from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn, page_list_return, pages
from jumpserver.api import user_perm_group_api
from jumpserver.api import user_perm_group_api, require_login, require_super_user, require_admin
if LDAP_ENABLE:
LDAP_HOST_URL = CONF.get('ldap', 'host_url')
......@@ -204,6 +204,7 @@ def ldap_del_user(username):
ldap_conn.delete(sudo_dn)
@require_super_user
def dept_add(request):
header_title, path1, path2 = '添加部门', '用户管理', '添加部门'
if request.method == 'POST':
......@@ -224,6 +225,7 @@ def dept_add(request):
return render_to_response('juser/dept_add.html', locals(), context_instance=RequestContext(request))
@require_super_user
def dept_list(request):
header_title, path1, path2 = '查看部门', '用户管理', '查看部门'
keyword = request.GET.get('search')
......@@ -237,6 +239,7 @@ def dept_list(request):
return render_to_response('juser/dept_list.html', locals(), context_instance=RequestContext(request))
@require_super_user
def dept_detail(request):
dept_id = request.GET.get('id', None)
if not dept_id:
......@@ -248,6 +251,7 @@ def dept_detail(request):
return render_to_response('juser/dept_detail.html', locals(), context_instance=RequestContext(request))
@require_super_user
def dept_del(request):
dept_id = request.GET.get('id', None)
if not dept_id or dept_id in ['1', '2']:
......@@ -285,6 +289,7 @@ def dept_member_update(dept, users_id_list):
user.save()
@require_super_user
def dept_del_ajax(request):
dept_ids = request.POST.get('dept_ids')
for dept_id in dept_ids.split(','):
......@@ -292,6 +297,7 @@ def dept_del_ajax(request):
return HttpResponse("删除成功")
@require_super_user
def dept_edit(request):
header_title, path1, path2 = '部门编辑', '用户管理', '部门编辑'
if request.method == 'GET':
......@@ -323,6 +329,7 @@ def dept_edit(request):
return render_to_response('juser/dept_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def group_add(request):
error = ''
msg = ''
......@@ -358,6 +365,7 @@ def group_add(request):
return render_to_response('juser/group_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def group_list(request):
header_title, path1, path2 = '查看小组', '用户管理', '查看小组'
keyword = request.GET.get('search', '')
......@@ -370,6 +378,7 @@ def group_list(request):
return render_to_response('juser/group_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def group_detail(request):
group_id = request.GET.get('id', None)
if not group_id:
......@@ -379,6 +388,7 @@ def group_detail(request):
return render_to_response('juser/group_detail.html', locals(), context_instance=RequestContext(request))
@require_admin
def group_del(request):
group_id = request.GET.get('id', '')
if not group_id:
......@@ -387,6 +397,7 @@ def group_del(request):
return HttpResponseRedirect('/juser/group_list/')
@require_admin
def group_del_ajax(request):
group_ids = request.POST.get('group_ids')
for group_id in group_ids.split(','):
......@@ -404,6 +415,7 @@ def group_update_member(group_id, users_id_list):
group.user_set.add(user)
@require_admin
def group_edit(request):
error = ''
msg = ''
......@@ -436,6 +448,7 @@ def group_edit(request):
return HttpResponseRedirect('/juser/group_list/')
@require_admin
def user_add(request):
error = ''
msg = ''
......@@ -502,6 +515,7 @@ def user_add(request):
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_list(request, option=""):
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
header_title, path1, path2 = '查看用户', '用户管理', '用户列表'
......@@ -533,6 +547,7 @@ def user_list(request, option=""):
return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_detail(request):
user_id = request.GET.get('id', '')
if not user_id:
......@@ -545,6 +560,7 @@ def user_detail(request):
return render_to_response('juser/user_detail.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_del(request):
user_id = request.GET.get('id', '')
if not user_id:
......@@ -559,6 +575,7 @@ def user_del(request):
return HttpResponseRedirect('/juser/user_list/')
@require_admin
def user_del_ajax(request):
user_ids = request.POST.get('ids')
for user_id in user_ids.split(','):
......@@ -573,6 +590,7 @@ def user_del_ajax(request):
return HttpResponse('删除成功')
@require_admin
def user_edit(request):
header_title, path1, path2 = '编辑用户', '用户管理', '用户编辑'
if request.method == 'GET':
......
templates/jperm/sudo_add.html
View file @ a7800b9a
......@@ -28,7 +28,22 @@
</div>
</div>
<div class="ibox-content">
<div class="panel blank-panel">
<div class="panel-heading">
<div class="panel-options">
<ul class="nav nav-tabs">
<li id="tab1" class=""><a href="/jperm/sudo_list/">查看Sudo授权</a></li>
<li id="tab2" class="active"><a href="/jperm/sudo_add/">Sudo授权添加</a></li>
<li id="tab3" class=""><a href="/jperm/cmd_list/">查看命令组</a></li>
<li id="tab4" class=""><a href="/jperm/cmd_add/">添加命令组</a></li>
</ul>
</div>
</div>
<div class="panel-body">
<div class="tab-content">
<div id="tab-1" class="tab-pane active">
<form id="sudoPerm" method="post" class="form-horizontal" action="">
{% if error %}
<div class="alert alert-warning text-center">{{ error }}</div>
......@@ -163,6 +178,9 @@
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
......@@ -187,24 +205,6 @@ $('#sudoPerm').validator({
tip: "输入sudoas用户",
ok: "",
msg: {required: "必须填写!"}
},
"user_groups_select": {
rule: "required",
tip: "选择用户组",
ok: "",
msg: {checked: "至少选择一个用户组"}
},
"asset_groups_select": {
rule: "required",
tip: "选择主机组",
ok: "",
msg: {checked: "至少选择一个主机组"}
},
"cmd_groups_select": {
rule: "required",
tip: "选择命令组",
ok: "",
msg: {checked: "至少选择一个命令组"}
}
},
......@@ -216,7 +216,7 @@ $('#sudoPerm').validator({
$(document).ready(function(){
$("#submit_button").click(function(){
$('#users_selected option').each(function(){
$('#sudoPerm option').each(function(){
$(this).prop('selected', true)
})
})
......
templates/jperm/sudo_cmd_add.html
View file @ a7800b9a
......@@ -27,6 +27,22 @@
</div>
</div>
<div class="ibox-content">
<div class="panel blank-panel">
<div class="panel-heading">
<div class="panel-options">
<ul class="nav nav-tabs">
<li id="tab1" class=""><a href="/jperm/sudo_list/">查看Sudo授权</a></li>
<li id="tab2" class=""><a href="/jperm/sudo_add/">Sudo授权添加</a></li>
<li id="tab3" class=""><a href="/jperm/cmd_list/">查看命令组</a></li>
<li id="tab4" class="active"><a href="/jperm/cmd_add/">添加命令组</a></li>
</ul>
</div>
</div>
<div class="panel-body">
<div class="tab-content">
<div id="tab-1" class="tab-pane active">
<form id="cmdForm" method="post" class="form-horizontal" action="">
{% if error %}
<div class="alert alert-warning text-center">{{ error }}</div>
......@@ -68,6 +84,10 @@
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
......
templates/jperm/sudo_cmd_list.html
View file @ a7800b9a
......@@ -29,9 +29,21 @@
</div>
<div class="ibox-content">
<div class="">
<a target="_blank" href="/jperm/cmd_add/" class="btn btn-sm btn-primary "> 添加 </a>
</div>
<div class="panel blank-panel">
<div class="panel-heading">
<div class="panel-options">
<ul class="nav nav-tabs">
<li id="tab1" class=""><a href="/jperm/sudo_list/">查看Sudo授权</a></li>
<li id="tab2" class=""><a href="/jperm/sudo_add/">Sudo授权添加</a></li>
<li id="tab3" class="active"><a href="/jperm/cmd_list/">查看命令组</a></li>
<li id="tab4" class=""><a href="/jperm/cmd_add/">添加命令组</a></li>
</ul>
</div>
</div>
<div class="panel-body">
<div class="tab-content">
<div id="tab-1" class="tab-pane active">
<table class="table table-striped table-bordered table-hover " id="editable" >
<thead>
......@@ -57,6 +69,10 @@
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-sm-6">
<div class="dataTables_info" id="editable_info" role="status" aria-live="polite">
......
templates/jperm/sudo_edit.html
View file @ a7800b9a
......@@ -29,6 +29,19 @@
</div>
<div class="ibox-content">
<div class="panel blank-panel">
<div class="panel-heading">
<div class="panel-options">
<ul class="nav nav-tabs">
<li id="tab1" class="active"><a href="/jperm/sudo_list/">查看Sudo授权</a></li>
<li id="tab2" class=""><a href="/jperm/sudo_add/">Sudo授权添加</a></li>
<li id="tab3" class=""><a href="/jperm/cmd_list/">查看命令组</a></li>
<li id="tab4" class=""><a href="/jperm/cmd_add/">添加命令组</a></li>
</ul>
</div>
</div>
<div class="panel-body">
<form id="sudoPerm" method="post" class="form-horizontal" action="">
{% if error %}
<div class="alert alert-warning text-center">{{ error }}</div>
......@@ -173,6 +186,7 @@
</div>
</div>
</form>
</div>
</div>
</div>
......@@ -180,5 +194,3 @@
</div>
</div>
{% endblock %}
\ No newline at end of file
templates/jperm/sudo_list.html
View file @ a7800b9a
......@@ -29,30 +29,15 @@
</div>
<div class="ibox-content">
{# <div class="" style="margin-left: 15px;">#}
{# <a target="_blank" href="/jperm/cmd_add/" class="btn btn-sm btn-primary "> 添加命令组 </a>#}
{# <a target="_blank" href="/jperm/cmd_list/" class="btn btn-sm btn-warning "> 查看命令组 </a>#}
{# <a target="_blank" href="/jperm/sudo_add/" class="btn btn-sm btn-danger "> Sudo授权添加 </a>#}
{# </div>#}
<div class="panel blank-panel">
<div class="panel-heading">
<div class="panel-options">
<ul class="nav nav-tabs">
<li id="tab1" class="active"><a data-toggle="tab" href="#tab-1">查看授权</a></li>
{# <li id="tab2" class=""><a data-toggle="tab" href="#tab-2">用户授权详情</a></li>#}
<li style="float: right">
{# <form method="get" action="" class="pull-right mail-search">#}
{# <div class="input-group">#}
{# <input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">#}
{# <div class="input-group-btn">#}
{# <button id='search_btn' type="button" class="btn btn-sm btn-primary">#}
{# Search#}
{# </button>#}
{# </div>#}
{# </div>#}
{# </form>#}
</li>
<li id="tab1" class="active"><a href="/jperm/sudo_list/">查看Sudo授权</a></li>
<li id="tab2" class=""><a href="/jperm/sudo_add/">Sudo授权添加</a></li>
<li id="tab3" class=""><a href="/jperm/cmd_list/">查看命令组</a></li>
<li id="tab4" class=""><a href="/jperm/cmd_add/">添加命令组</a></li>
</ul>
</div>
</div>
......
templates/juser/user_list.html
View file @ a7800b9a
......@@ -32,9 +32,9 @@
<div class="">
<a target="_blank" href="/juser/user_add/" class="btn btn-sm btn-primary "> 添加用户 </a>
<a id="del_btn" class="btn btn-sm btn-danger "> 删除所选 </a>
<form id="search_form" method="get" action="" class="pull-right mail-search">
<form id="search_form" method="get" action="./search/" class="pull-right mail-search">
<div class="input-group">
<input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">
<input type="text" class="form-control input-sm" id="search_input" name="keyword" placeholder="Search">
<div class="input-group-btn">
<button id='search_btn' type="submit" class="btn btn-sm btn-primary">
Search
......@@ -68,7 +68,7 @@
<td class="text-center"> {{ user.username }} </td>
<td class="text-center"> {{ user.name }} </td>
<td class="text-center"> {{ user.dept.name }} </td>
<td class="text-center"> {{ user.group.all | group_str2 }} </td>
<td class="text-center" title="{% for user_group in user.group.all %} {{ user_group.name }} {% endfor %}"> {{ user.group.all | group_str2 }} </td>
<td class="text-center"> {{ user.id | get_role }}</td>
<td class="text-center">{{ user.is_active|bool2str }}</td>
<td class="text-center">
......
templates/nav.html
View file @ a7800b9a
......@@ -45,19 +45,8 @@
</li>
<li id="sudo_add">
<a href="/jperm/sudo_add/">Sudo添加</a>
<a href="/jperm/sudo_list/">Sudo授权</a>
</li>
<li id="sudo_list">
<a href="/jperm/sudo_list/">Sudo查看</a>
</li>
<li id="cmd_add">
<a href="/jperm/cmd_add/">命令组添加</a>
</li>
<li id="cmd_list">
<a href="/jperm/cmd_list/">命令组查看</a>
</li>
</ul>
</li>
<li id="jlog">
......
templates/nav_li_profile.html
View file @ a7800b9a
......@@ -6,7 +6,7 @@
</span>
<a data-toggle="dropdown" class="dropdown-toggle" href="#">
<span class="clear"> <span class="block m-t-xs"> <strong class="font-bold">{{ session_user_id | to_name}}</strong>
</span> <span class="text-muted text-xs block">{{ role_id | to_role_name }} <b class="caret"></b></span> </span> </a>
</span> <span class="text-muted text-xs block">{{ session_role_id | to_role_name }} <b class="caret"></b></span> </span> </a>
<ul class="dropdown-menu animated fadeInRight m-t-xs">
<li><a href="/juser/profile/">个人信息</a></li>
<li><a href="/juser/chg_pass/">修改密码</a></li>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment