Skip to content

J
jumpserver
Commit b58ff14e authored by ibuler's avatar ibuler
Browse files
Options

role fix to sys user

parent db13b7a3
Show whitespace changes
Inline Side-by-side
Showing with 131 additions and 113 deletions
connect.py
View file @ b58ff14e
......@@ -21,7 +21,7 @@ import uuid
os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
if django.get_version() != '1.6':
django.setup()
setup = django.setup()
from django.contrib.sessions.models import Session
from jumpserver.api import ServerError, User, Asset, PermRole, AssetGroup, get_object, mkdir, get_asset_info
from jumpserver.api import logger, Log, TtyLog, get_role_key, CRYPTOR, bash, get_tmp_dir
......@@ -526,7 +526,7 @@ class Nav(object):
user_asset_search = user_asset_all
self.search_result = dict(zip(range(len(user_asset_search)), user_asset_search))
color_print('[%-3s] %-12s %-15s %-5s %-10s %s' % ('ID', u'主机名', 'IP', u'端口', u'角色', u'备注'), 'title')
color_print('[%-3s] %-12s %-15s %-5s %-10s %s' % ('ID', u'主机名', 'IP', u'端口', u'系统用户', u'备注'), 'title')
for index, asset in self.search_result.items():
# 获取该资产信息
asset_info = get_asset_info(asset)
......@@ -556,13 +556,13 @@ class Nav(object):
roles = self.user_perm.get('role').keys()
if len(roles) > 1: # 授权角色数大于1
color_print('[%-2s] %-15s' % ('ID', '角色'), 'info')
color_print('[%-2s] %-15s' % ('ID', '系统用户'), 'info')
role_check = dict(zip(range(len(roles)), roles))
for i, r in role_check.items():
print '[%-2s] %-15s' % (i, r.name)
print
print "请输入运行命令角色的ID, q退出"
print "请输入运行命令所关联系统用户的ID, q退出"
try:
role_id = raw_input("\033[1;32mRole>:\033[0m ").strip()
......@@ -575,7 +575,7 @@ class Nav(object):
elif len(roles) == 1: # 授权角色数为1
role = roles[0]
assets = list(self.user_perm.get('role', {}).get(role).get('asset')) # 获取该用户,角色授权主机
print "该角色有权限的所有主机"
print "授权包含该系统用户的所有主机"
for asset in assets:
print ' %s' % asset.hostname
print
......@@ -766,11 +766,11 @@ def main():
roles = nav.user_perm.get('asset').get(asset).get('role')
if len(roles) > 1:
role_check = dict(zip(range(len(roles)), roles))
print "\033[32m[ID] 角色\033[0m"
print "\033[32m[ID] 系统用户\033[0m"
for index, role in role_check.items():
print "[%-2s] %s" % (index, role.name)
print
print "授权角色超过1个,请输入角色ID, q退出"
print "授权系统用户超过1个,请输入ID, q退出"
try:
role_index = raw_input("\033[1;32mID>:\033[0m ").strip()
if role_index == 'q':
......
docs/developer_doc.txt
View file @ b58ff14e
......@@ -30,7 +30,7 @@ connect.py逻辑说明:
匹配到0了就显示没有权限或者主机,
匹配到1个则继续
查询该服务器是否支持ldap 如果是,获得ldap用户密码登陆
如果否,查询授权表,查看该服务器授权的角色,并返回对应账号密码,登陆
如果否,查询授权表,查看该服务器授权的系统用户,并返回对应账号密码,登陆
connect函数是登陆函数,采用paramiko 使用channel登陆,posix_shell 来完成交互,并记录日志
signal模块来完成窗口改变导致的tty大小随之改变
PyCrypt是对称加密类
\ No newline at end of file
jasset/views.py
View file @ b58ff14e
......@@ -263,7 +263,6 @@ def asset_list(request):
asset_group_all = AssetGroup.objects.all()
asset_types = ASSET_TYPE
asset_status = ASSET_STATUS
asset_id = request.GET.get('id')
idc_name = request.GET.get('idc', '')
group_name = request.GET.get('group', '')
asset_type = request.GET.get('asset_type', '')
......@@ -273,6 +272,7 @@ def asset_list(request):
group_id = request.GET.get("group_id", '')
idc_id = request.GET.get("idc_id", '')
asset_id_all = request.GET.getlist("id", '')
if group_id:
group = get_object(AssetGroup, id=group_id)
if group:
......@@ -302,9 +302,6 @@ def asset_list(request):
if status:
asset_find = asset_find.filter(status__contains=status)
if asset_id:
asset_find = asset_find.filter(id=asset_id)
if keyword:
asset_find = asset_find.filter(
Q(hostname__contains=keyword) |
......
jlog/views.py
View file @ b58ff14e
......@@ -133,7 +133,10 @@ def log_detail(request, offset):
if offset == 'exec':
log = get_object(ExecLog, id=log_id)
assets_hostname = log.host.split(' ')
try:
result = eval(str(log.result))
except (SyntaxError, NameError):
result = {}
return my_render('jlog/exec_detail.html', locals(), request)
elif offset == 'file':
log = get_object(FileLog, id=log_id)
......
jperm/perm_api.py
View file @ b58ff14e
......@@ -175,13 +175,17 @@ def gen_resource(ob, perm=None):
for asset in assets:
asset_info = get_asset_info(asset)
role_key = get_role_key(user, role)
info = {'hostname': asset.hostname,
'ip': asset.ip,
'port': asset_info.get('port', 22),
'username': role.name,
'password': CRYPTOR.decrypt(role.password),
'ssh_key': get_role_key(user, role)
'password': CRYPTOR.decrypt(role.password)
}
if os.path.isfile(role_key):
info['ssh_key'] = role_key
res.append(info)
else:
for asset, asset_info in perm.get('asset').items():
......@@ -192,13 +196,17 @@ def gen_resource(ob, perm=None):
role = sorted(list(perm.get('asset').get(asset).get('role')))[0]
except IndexError:
continue
role_key = get_role_key(user, role)
info = {'hostname': asset.hostname,
'ip': asset.ip,
'port': asset_info.get('port', 22),
'username': role.name,
'password': CRYPTOR.decrypt(role.password),
'ssh_key': get_role_key(user, role)
}
if os.path.isfile(role_key):
info['ssh_key'] = role_key
res.append(info)
elif isinstance(ob, User):
......@@ -214,8 +222,12 @@ def gen_resource(ob, perm=None):
continue
info['username'] = role.name
info['password'] = CRYPTOR.decrypt(role.password)
info['ssh_key'] = get_role_key(ob, role)
role_key = get_role_key(ob, role)
if os.path.isfile(role_key):
info['ssh_key'] = role_key
res.append(info)
elif isinstance(ob, (list, QuerySet)):
for asset in ob:
info = get_asset_info(asset)
......
jperm/urls.py
View file @ b58ff14e
......@@ -2,21 +2,21 @@ from django.conf.urls import patterns, include, url
from jperm.views import *
urlpatterns = patterns('jperm.views',
url(r'^rule/$', perm_rule_list, name='rule_list'),
url(r'^perm_rule_add/$', perm_rule_add, name='rule_add'),
url(r'^perm_rule_detail/$', perm_rule_detail, name='rule_detail'),
url(r'^perm_rule_edit/$', perm_rule_edit, name='rule_edit'),
url(r'^perm_rule_delete/$', perm_rule_delete, name='rule_del'),
url(r'^role/$', perm_role_list, name='role_list'),
url(r'^role/perm_role_add/$', perm_role_add, name='role_add'),
url(r'^role/perm_role_delete/$', perm_role_delete, name='role_del'),
url(r'^role/perm_role_detail/$', perm_role_detail, name='role_detail'),
url(r'^role/perm_role_edit/$', perm_role_edit, name='role_edit'),
url(r'^rule/list/$', perm_rule_list, name='rule_list'),
url(r'^rule/add/$', perm_rule_add, name='rule_add'),
url(r'^rule/detail/$', perm_rule_detail, name='rule_detail'),
url(r'^rule/edit/$', perm_rule_edit, name='rule_edit'),
url(r'^rule/del/$', perm_rule_delete, name='rule_del'),
url(r'^role/list/$', perm_role_list, name='role_list'),
url(r'^role/add/$', perm_role_add, name='role_add'),
url(r'^role/del/$', perm_role_delete, name='role_del'),
url(r'^role/detail/$', perm_role_detail, name='role_detail'),
url(r'^role/edit/$', perm_role_edit, name='role_edit'),
url(r'^role/push/$', perm_role_push, name='role_push'),
url(r'^role/recycle/$', perm_role_recycle, name='role_recycle'),
url(r'^role/get/$', perm_role_get, name='role_get'),
url(r'^sudo/$', perm_sudo_list, name='sudo_list'),
url(r'^sudo/perm_sudo_add/$', perm_sudo_add, name='sudo_add'),
url(r'^sudo/perm_sudo_delete/$', perm_sudo_delete, name='sudo_del'),
url(r'^sudo/perm_sudo_edit/$', perm_sudo_edit, name='sudo_edit'),
url(r'^sudo/list/$', perm_sudo_list, name='sudo_list'),
url(r'^sudo/add/$', perm_sudo_add, name='sudo_add'),
url(r'^sudo/del/$', perm_sudo_delete, name='sudo_del'),
url(r'^sudo/edit/$', perm_sudo_edit, name='sudo_edit'),
)
jperm/views.py
View file @ b58ff14e
......@@ -104,7 +104,7 @@ def perm_rule_add(request):
raise ServerError(u'授权规则 %s 已存在' % rule_name)
if not rule_name or not roles_select:
raise ServerError(u'角色名称和授权角色不能为空')
raise ServerError(u'系统用户名称和规则名称不能为空')
# 获取需要授权的主机列表
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
......@@ -126,7 +126,7 @@ def perm_rule_add(request):
asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送角色 %s 的主机 %s'
raise ServerError(u'没有推送系统用户 %s 的主机 %s'
% (role.name, ','.join([asset.hostname for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
......@@ -175,10 +175,10 @@ def perm_rule_edit(request):
assets_select = request.POST.getlist('asset', [])
asset_groups_select = request.POST.getlist('asset_group', [])
roles_select = request.POST.getlist('role', [])
print rule_name, roles_select
try:
if not rule_name or not roles_select:
raise ServerError(u'角色名称和授权角色不能为空')
raise ServerError(u'系统用户和关联系统用户不能为空')
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
......@@ -198,7 +198,7 @@ def perm_rule_edit(request):
asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送角色 %s 的主机 %s'
raise ServerError(u'没有推送系统用户 %s 的主机 %s'
% (role.name, ','.join([asset.hostname for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
......@@ -208,7 +208,7 @@ def perm_rule_edit(request):
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.name = rule_name
rule.comment = rule.comment
rule.comment = rule_comment
rule.save()
msg = u"更新授权规则:%s成功" % rule.name
......@@ -241,7 +241,7 @@ def perm_role_list(request):
list role page
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "查看角色"
header_title, path1, path2 = "系统用户", "系统用户管理", "查看系统用户"
# 获取所有系统角色
roles_list = PermRole.objects.all()
......@@ -265,7 +265,7 @@ def perm_role_add(request):
add role page
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "添加角色"
header_title, path1, path2 = "系统用户", "系统用户管理", "添加系统用户"
sudos = PermSudo.objects.all()
if request.method == "POST":
......@@ -295,7 +295,7 @@ def perm_role_add(request):
role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path)
role.save()
role.sudo = sudos_obj
msg = u"添加角色: %s" % name
msg = u"添加系统用户: %s" % name
return HttpResponseRedirect(reverse('role_list'))
except ServerError, e:
error = e
......@@ -330,12 +330,11 @@ def perm_role_delete(request):
logger.info(u"delete role %s - delete role key directory: %s" % (role.name, role_key))
# 数据库里删除记录 TODO: 判断返回结果,处理异常
role.delete()
return HttpResponse(u"删除角色: %s" % role.name)
return HttpResponse(u"删除系统用户: %s" % role.name)
else:
return HttpResponse(u"不支持该操作")
@require_role('admin')
def perm_role_detail(request):
"""
......@@ -348,7 +347,7 @@ def perm_role_detail(request):
'': [<User: user1>]}
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色详情"
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情"
if request.method == "GET":
role_id = request.GET.get("id")
......@@ -372,7 +371,7 @@ def perm_role_edit(request):
edit role page
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色编辑"
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑"
# 渲染数据
role_id = request.GET.get("id")
......@@ -395,7 +394,7 @@ def perm_role_edit(request):
try:
if not role:
raise ServerError('角色用户不能存在')
raise ServerError('该系统用户不能存在')
if role_password:
encrypt_pass = CRYPTOR.encrypt(role_password)
......@@ -413,7 +412,7 @@ def perm_role_edit(request):
role.sudo = role_sudos
role.save()
msg = u"更新系统角色%s" % role.name
msg = u"更新系统用户%s" % role.name
return HttpResponseRedirect(reverse('role_list'))
except ServerError, e:
error = e
......@@ -427,7 +426,7 @@ def perm_role_push(request):
the role push page
"""
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色推送"
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户推送"
role_id = request.GET.get('id')
asset_ids = request.GET.get('asset_id')
role = get_object(PermRole, id=role_id)
......@@ -511,9 +510,9 @@ def perm_role_push(request):
func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=True)
if not failed_asset:
msg = u'角色 %s 推送成功[ %s ]' % (role.name, ','.join(success_asset.keys()))
msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(success_asset.keys()))
else:
error = u'角色 %s 推送失败 [ %s ], 推送成功 [ %s ]' % (role.name,
error = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ]' % (role.name,
','.join(failed_asset.keys()),
','.join(success_asset.keys()))
return my_render('jperm/perm_role_push.html', locals(), request)
......@@ -618,7 +617,7 @@ def perm_sudo_delete(request):
sudo = PermSudo.objects.get(id=sudo_id)
# 数据库里删除记录
sudo.delete()
return HttpResponse(u"删除角色: %s" % sudo.name)
return HttpResponse(u"删除系统用户: %s" % sudo.name)
else:
return HttpResponse(u"不支持该操作")
......
jperm/views.py.back deleted 100644 → 0
View file @ db13b7a3
# # coding: utf-8 # import sysuser # # reload(sysuser) # sysuser.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jumpserver.api import * from jperm.perm_api import * from jperm.models import PermLog as Log from jperm.models import SysUser from juser.user_api import gen_ssh_key @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 for asset_group in asset_group_new: asset_new.extend(asset_group.asset_set.all()) for asset_group in asset_group_del: asset_del.extend(asset_group.asset_set.all()) perm_info = { 'action': 'perm user edit: ' + user.name, 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } print perm_info try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 users = user_group.user_set.all() perm_info = { 'action': 'perm group edit: ' + user_group.name, 'del': {'users': users, 'assets': asset_del}, 'new': {'users': users, 'assets': asset_new} } results = perm_user_api(perm_info) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') def log(request): header_title, path1, path2 = '授权记录', '授权管理', '授权记录' log_all = Log.objects.all().order_by('-datetime') log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request) return my_render('jperm/perm_log.html', locals(), request) def sys_user_add(request): asset_group_all = AssetGroup.objects.all() if request.method == 'POST': username = request.POST.get('username', '') password = request.POST.get('password', '') asset_groups_id = request.POST.getlist('asset_groups_select', []) comment = request.POST.get('comment') sys_user = SysUser(username=username, password=password, comment=comment) sys_user.save() gen_ssh_key(username, key_dir=os.path.join(SSH_KEY_DIR, 'sysuser'), authorized_keys=False) results = push_user(sys_user, asset_groups_id) return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") return my_render('jperm/sys_user_add.html', locals(), request) def sys_user_list(request): users_list = SysUser.objects.all() users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) return my_render('jperm/sys_user_list.html', locals(), request) def sys_user_edit(request): pass def sys_user_del(request): pass
\ No newline at end of file
jumpserver/api.py
View file @ b58ff14e
......@@ -70,6 +70,7 @@ def get_asset_info(asset):
info['password'] = CRYPTOR.decrypt(default.field3)
except ServerError:
pass
if os.path.isfile(default.field4):
info['ssh_key'] = default.field4
else:
info['port'] = int(asset.port)
......@@ -93,7 +94,7 @@ def get_role_key(user, role):
with open(os.path.join(role.key_path, 'id_rsa')) as fk:
with open(user_role_key_path, 'w') as fu:
fu.write(fk.read())
logger.debug(u"创建新的用户角色key %s, Owner: %s" % (user_role_key_path, user.username))
logger.debug(u"创建新的系统用户key %s, Owner: %s" % (user_role_key_path, user.username))
chown(user_role_key_path, user.username)
os.chmod(user_role_key_path, 0600)
return user_role_key_path
......
jumpserver/views.py
View file @ b58ff14e
......@@ -230,7 +230,10 @@ def setting(request):
if '' in [username, port]:
return HttpResponse('所填内容不能为空, 且密码和私钥填一个')
else:
private_key_path = os.path.join(BASE_DIR, 'keys/role_keys', 'default', 'default_private_key.pem')
private_key_dir = os.path.join(BASE_DIR, 'keys', 'default')
private_key_path = os.path.join(private_key_dir, 'admin_user.pem')
mkdir(private_key_dir)
if private_key:
with open(private_key_path, 'w') as f:
f.write(private_key)
......
juser/views.py
View file @ b58ff14e
......@@ -58,10 +58,14 @@ def group_list(request):
header_title, path1, path2 = '查看用户组', '用户管理', '查看用户组'
keyword = request.GET.get('search', '')
user_group_list = UserGroup.objects.all().order_by('name')
group_id = request.GET.get('id', '')
if keyword:
user_group_list = user_group_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword))
if id:
user_group_list = user_group_list.filter(id=int(group_id))
user_group_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_group_list, request)
return my_render('juser/group_list.html', locals(), request)
......@@ -387,7 +391,7 @@ def user_edit(request):
地址:%s
用户名: %s
密码:%s (如果密码为None代表密码为原密码)
角色%s
权限:%s
""" % (user.name, URL, user.username, password_decode, user_role.get(role_post, u''))
send_mail('您的信息已修改', msg, MAIL_FROM, [email], fail_silently=False)
......
run_websocket.py
View file @ b58ff14e
......@@ -231,7 +231,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler):
logger.debug('Websocket: Open exec request')
role_name = self.get_argument('role', 'sb')
self.remote_ip = self.request.remote_ip
logger.debug('Web执行命令: 请求角色 %s' % role_name)
logger.debug('Web执行命令: 请求系统用户 %s' % role_name)
self.role = get_object(PermRole, name=role_name)
self.perm = get_group_user_perm(self.user)
roles = self.perm.get('role').keys()
......@@ -315,7 +315,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
if asset:
roles = user_have_perm(self.user, asset)
logger.debug(roles)
logger.debug('角色: %s' % role_name)
logger.debug('系统用户: %s' % role_name)
login_role = ''
for role in roles:
if role.name == role_name:
......
templates/index_cu.html
View file @ b58ff14e
......@@ -124,7 +124,7 @@
<td>{{ user.name }}</td>
</tr>
<tr>
<td class="text-navy">角色</td>
<td class="text-navy">系统用户</td>
<td>{{ user.role }}</td>
</tr>
<tr>
......
templates/jasset/asset_cu_list.html
View file @ b58ff14e
......@@ -135,7 +135,7 @@
});
//window.open(new_url + data, '', 'location=no, resizeable=no, height=410, width=625, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,status=no');
} else if (dataArray.length == '1' && data == 'error'){
layer.alert('没有授权角色')
layer.alert('没有授权系统用户')
} else {
aUrl = '';
$.each(dataArray, function(index, value){
......@@ -143,7 +143,7 @@
});
layer.alert(aUrl, {
skin: 'layui-layer-molv',
title: '多个角色,请选择一个连接',
title: '授权多个系统用户,请选择一个连接',
shade: false,
closeBtn: 0
})
......@@ -167,7 +167,7 @@
success: function(data){
var dataArray = data.split(',');
if (data == 'error' || data == '' || data == null || data == undefined){
layer.alert('没有授权角色')
layer.alert('没有授权系统用户')
} else if (dataArray.length == 1 && data != 'error' && navigator.platform == 'Win32') {
layer.open({
type: 2,
......@@ -194,7 +194,7 @@
});
layer.alert(aUrl, {
skin: 'layui-layer-molv',
title: '多个角色,请选择一个连接',
title: '授权多个系统用户,请选择一个连接',
shade: false,
closeBtn: 0
})
......
templates/jasset/asset_detail.html
View file @ b58ff14e
......@@ -197,7 +197,7 @@
<table class="table">
<p>授权用户信息</p>
<td class="text-navy">授权用户</td>
<td class="text-navy">系统角色</td>
<td class="text-navy">关联用户</td>
{% for perm in user_perm %}
<tr>
<td class="text-navy"><a href="{% url 'user_detail' %}?id={{ perm.0.id }}">{{ perm.0 }}</a></td>
......
templates/jasset/asset_list.html
View file @ b58ff14e
......@@ -199,7 +199,7 @@
});
//window.open(new_url + data, '', 'location=no, resizeable=no, height=410, width=625, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,status=no');
} else if (dataArray.length == '1' && data == 'error'){
layer.alert('没有授权角色')
layer.alert('没有授权系统用户')
} else {
aUrl = '';
$.each(dataArray, function(index, value){
......@@ -207,7 +207,7 @@
});
layer.alert(aUrl, {
skin: 'layui-layer-molv',
title: '多个角色,请选择一个连接',
title: '授权多个系统用户,请选择一个连接',
shade: false,
closeBtn: 0
})
......@@ -230,7 +230,7 @@
success: function(data){
var dataArray = data.split(',');
if (data == 'error' || data == '' || data == null || data == undefined){
layer.alert('没有授权角色')
layer.alert('没有授权系统用户')
}
else if (dataArray.length == 1 && data != 'error' && navigator.platform == 'Win32'){
var title = 'Jumpserver Web Terminal' + '<span class="text-info"> '+ hostname +'</span>';
......@@ -260,7 +260,7 @@
console.log(aUrl);
layer.alert(aUrl, {
skin: 'layui-layer-molv',
title: '多个角色,请选择一个连接',
title: '授权多个系统用户,请选择一个连接',
shade: false,
closeBtn: 0
})
......
templates/jasset/idc_list.html
View file @ b58ff14e
......@@ -59,13 +59,13 @@
{% for post in contacts.object_list %}
<tr class="gradeX">
<td class="text-center" name="j_id" value="{{ post.id }}" data-editable='false'><input name="id" value="{{ post.id }}" type="checkbox" class="i-checks"></td>
<td class="text-center"> {{ post.name }} </td>
<td class="text-center"> <a href="{% url 'asset_list' %}?idc_id={{ post.id }}">{{ post.name }}</a> </td>
<td class="text-center"> <a href="{% url 'asset_list' %}?idc_id={{ post.id }}">{{ post.asset_set.count }}</a> </td>
<td class="text-center"> {{ post.linkman }} </td>
<td class="text-center"> {{ post.phone }} </td>
<td class="text-center"> {{ post.comment }} </td>
<td class="text-center">
<a href="{% url 'asset_list' %}?idc_id={{ post.id }}" class="iframe btn btn-xs btn-primary">详情</a>
<a href="{% url 'idc_edit' %}?id={{ post.id }}" class="btn btn-xs btn-info">编辑</a>
<a href="{% url 'idc_del' %}?id={{ post.id }}" class="btn btn-xs btn-danger idc_del">删除</a>
</td>
......
templates/jperm/perm_role_add.html
View file @ b58ff14e
......@@ -34,21 +34,21 @@
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="form-group">
<label for="role_name" class="col-sm-2 control-label">角色名称<span class="red-fonts">*</span></label>
<label for="role_name" class="col-sm-2 control-label">用户名称<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="role_name" name="role_name" placeholder="Role Name" type="text" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_password" class="col-sm-2 control-label">角色密码</label>
<label for="role_password" class="col-sm-2 control-label">用户密码</label>
<div class="col-sm-8">
<input id="role_password" name="role_password" placeholder="Role Password" type="password" class="form-control">
<span class="help-block m-b-none">如果不添加密码,会自动生成</span>
</div>
</div>
<div class="form-group">
<label for="role_key" class="col-sm-2 control-label">角色密钥</label>
<label for="role_key" class="col-sm-2 control-label">用户密钥</label>
<div class="col-sm-8">
<textarea class="form-control" name="role_key" placeholder="请复制粘贴私钥" rows="10" style="font-size: 9px;"></textarea>
<span class="help-block m-b-none">如果不添加密钥,会自动生成, 密码密钥必填一项</span>
......@@ -56,7 +56,7 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="sudo" class="col-sm-2 control-label">角色Sudo命令</label>
<label for="sudo" class="col-sm-2 control-label">关联Sudo</label>
<div class="col-sm-8" id="sudo_name">
<select name="sudo_name" data-placeholder="请选择Sudo别名" class="chosen-select form-control m-b" multiple tabindex="2">
{% for sudo in sudos %}
......@@ -101,9 +101,9 @@ $('#roleForm').validator({
fields: {
"role_name": {
rule: "required;check_name",
tip: "输入角色名称",
tip: "输入系统用户名称",
ok: "",
msg: {required: "角色名称必填"}
msg: {required: "系统用户名称必填"}
},
{# "role_key": {#}
{# rule: "required(either)",#}
......
templates/jperm/perm_role_detail.html
View file @ b58ff14e
......@@ -77,7 +77,7 @@
<table class="table progress-striped text-left">
{% for user in users %}
<tr class="gradeX">
<td> <a href="{% url 'asset_detail' %}?id={{ user.id }}">{{ user.name }}</a> </td>
<td> <a href="{% url 'user_detail' %}?id={{ user.id }}">{{ user.name }}</a> </td>
</tr>
{% endfor %}
</table>
......@@ -86,7 +86,7 @@
<table class="table progress-striped text-right">
{% for group in user_groups %}
<tr class="gradeX-">
<td> <a href="{% url 'asset_list' %}?group_id={{ group.id }}">{{ group.name }}</a> </td>
<td> <a href="{% url 'user_group_list' %}?id={{ group.id }}">{{ group.name }}</a> </td>
</tr>
{% endfor %}
</table>
......
templates/jperm/perm_role_edit.html
View file @ b58ff14e
......@@ -34,14 +34,14 @@
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="form-group">
<label for="role_name" class="col-sm-2 control-label">规则名称<span class="red-fonts">*</span></label>
<label for="role_name" class="col-sm-2 control-label">用户名称<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="role_name" name="role_name" placeholder="Role Name" type="text" class="form-control" value="{{ role.name }}">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_password" class="col-sm-2 control-label">角色密码</label>
<label for="role_password" class="col-sm-2 control-label">用户密码</label>
<div class="col-sm-8">
<input id="role_password" name="role_password" type="password" class="form-control">
<span class="help-block m-b-none">不修改请留空</span>
......@@ -49,7 +49,7 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_key" class="col-sm-2 control-label">角色密钥</label>
<label for="role_key" class="col-sm-2 control-label">用户密钥</label>
<div class="col-sm-8">
<textarea class="form-control" name="role_key" placeholder="请复制粘贴私钥" rows="10" style="font-size: 9px;"></textarea>
<span class="help-block m-b-none">不修改请留空</span>
......@@ -57,9 +57,9 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="sudo" class="col-sm-2 control-label">角色Sudo命令<span class="red-fonts">*</span></label>
<label for="sudo" class="col-sm-2 control-label">关联sudo<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select name="sudo_name" data-placeholder="请选择Sudo别名" class="chosen-select form-control m-b" multiple tabindex="2">
<select name="sudo_name" data-placeholder="请选择Sudo" class="chosen-select form-control m-b" multiple tabindex="2">
{% for sudo in sudo_all %}
<option value="{{ sudo.id }}" {% if sudo in role_sudos %} selected {% endif %}>{{ sudo.name }}</option>
{% endfor %}
......@@ -100,9 +100,9 @@ $('#roleForm').validator({
fields: {
"role_name": {
rule: "required;check_name",
tip: "输入角色名称",
tip: "输入系统用户名称",
ok: "",
msg: {required: "角色名称必填"}
msg: {required: "系统用户名称必填"}
}
},
valid: function(form) {
......
templates/jperm/perm_role_list.html
View file @ b58ff14e
......@@ -16,7 +16,7 @@
{% endif %}
</div>
<div class="ibox-title">
<h5> 所有系统角色</h5>
<h5> 所有系统用户</h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
......@@ -31,7 +31,7 @@
</div>
<div class="ibox-content">
<div class="">
<a href="{% url 'role_add' %}" class="btn btn-sm btn-primary "> 添加角色 </a>
<a href="{% url 'role_add' %}" class="btn btn-sm btn-primary "> 添加系统用户 </a>
<form id="search_form" method="get" action="" class="pull-right mail-search">
<div class="input-group">
<input type="text" class="form-control input-sm" id="search_input" name="search" placeholder="Search">
......
templates/jperm/perm_role_push.html
View file @ b58ff14e
......@@ -34,7 +34,7 @@
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="form-group">
<label for="role" class="col-sm-2 control-label">角色</label>
<label for="role" class="col-sm-2 control-label">系统用户</label>
<div class="col-sm-8">
<input name="id" type="text" class="form-control" disabled value="{{ role.name }}">
</div>
......@@ -125,8 +125,8 @@ $('#pushForm').validator({
},
"roles": {
rule: "required",
tip: "请选择角色",
msg: {required: "必须选择角色"}
tip: "请选择系统用户",
msg: {required: "必须选择系统用户"}
}
},
valid: function(form) {
......
templates/jperm/perm_rule_add.html
View file @ b58ff14e
......@@ -36,14 +36,14 @@
<div class="form-group">
<label for="name" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="name" name="name" placeholder="Rule Name" type="text" class="form-control">
<input id="name" name="name" type="text" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="user" class="col-sm-2 control-label">用户</label>
<div class="col-sm-8">
<select name="user" id="user" data-placeholder="用户名" class="chosen-select form-control m-b" multiple tabindex="2">
<select name="user" id="user" data-placeholder="请选择用户" class="chosen-select form-control m-b" multiple tabindex="2">
{% for user in users %}
<option value="{{ user.id }}">{{ user.name }}</option>
{% endfor %}
......@@ -85,9 +85,9 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-sm-2 control-label">角色<span class="red-fonts">*</span></label>
<label for="role" class="col-sm-2 control-label">系统用户<span class="red-fonts">*</span></label>
<div class="col-sm-8" id="role_name">
<select name="role" data-placeholder="请选择角色" class="chosen-select form-control m-b" multiple tabindex="2">
<select name="role" data-placeholder="请选择需要关联的系统用户" class="chosen-select form-control m-b" multiple tabindex="2">
{% for role in roles %}
<option value="{{ role.id }}">{{ role.name }}</option>
{% endfor %}
......@@ -99,7 +99,7 @@
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
<input id="comment" name="comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
<input id="comment" name="comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
</div>
</div>
<div class="hr-line-dashed"></div>
......@@ -149,8 +149,8 @@ $('#ruleForm').validator({
},
"role": {
rule: "required",
tip: "请选择角色",
msg: {required: "必须选择角色"}
tip: "请选择系统用户",
msg: {required: "必须选择系统用户"}
}
},
valid: function(form) {
......
templates/jperm/perm_rule_detail.html
View file @ b58ff14e
......@@ -46,7 +46,7 @@
<td>{{ rule.date_added | date:"Y-m-d H:i:s"}}</td>
</tr>
<tr>
<td class="text-navy">角色</td>
<td class="text-navy">关联用户</td>
<td>{{ roles_name }}</td>
</tr>
......
templates/jperm/perm_rule_edit.html
View file @ b58ff14e
......@@ -85,9 +85,9 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-sm-2 control-label">角色<span class="red-fonts">*</span></label>
<label for="role" class="col-sm-2 control-label">系统用户<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select name="role" data-placeholder="请选择角色" class="chosen-select form-control m-b" multiple tabindex="2">
<select name="role" data-placeholder="请选择系统用户" class="chosen-select form-control m-b" multiple tabindex="2">
{% for role in roles %}
<option value="{{ role.id }}"{% if role in rule.role.all %} selected {% endif %}>{{ role.name }}</option>
{% endfor %}
......@@ -99,7 +99,7 @@
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
<input id="comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule.comment }}">
<input id="comment" name="comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule.comment }}">
</div>
</div>
<div class="hr-line-dashed"></div>
......@@ -150,8 +150,8 @@ $('#ruleForm').validator({
},
"role": {
rule: "required",
tip: "请选择角色",
msg: {required: "必须选择角色"}
tip: "请选择系统用户",
msg: {required: "必须选择系统用户"}
}
},
valid: function(form) {
......
templates/jperm/perm_rule_list.html
View file @ b58ff14e
......@@ -55,7 +55,7 @@
<th class="text-center">用户组</th>
<th class="text-center">资产</th>
<th class="text-center">资产组</th>
<th class="text-center">角色</th>
<th class="text-center">系统用户</th>
<th class="text-center">操作</th>
</tr>
</thead>
......
templates/juser/change_info.html
View file @ b58ff14e
......@@ -53,7 +53,7 @@
<div class="form-group">
<label for="ssh_key_pwd" class="col-sm-2 control-label">SSH密钥</label>
<div class="col-sm-8">
<a value="/juser/regen_ssh_key/?uuid={{ user.uuid }}" id="regen_ssh_key" class="form-control"> 重新生成</a>
<a value="{% url 'key_gen' %}?uuid={{ user.uuid }}" id="regen_ssh_key" class="form-control"> 重新生成</a>
<span class="help-block m-b-none">
重新生成密钥,需要重新下载并导入
</span>
......
templates/juser/group_detail.html
View file @ b58ff14e
......@@ -22,7 +22,7 @@
<tr>
<th class="text-center">用户名</th>
<th class="text-center">姓名</th>
<th class="text-center">角色</th>
<th class="text-center">系统用户</th>
</tr>
</thead>
<tbody>
......
templates/juser/profile.html
View file @ b58ff14e
......@@ -23,7 +23,7 @@
<td class="text-center" width="120">ID</td>
<td class="text-center">用户名</td>
<td class="text-center">姓名</td>
<td class="text-center">角色</td>
<td class="text-center">关联用户</td>
<td class="text-center">Email</td>
<td class="text-center">激活</td>
</tr>
......
templates/juser/user_detail.html
View file @ b58ff14e
......@@ -53,7 +53,7 @@
{% if user.username|key_exist %}
<td><a href="{% url 'key_down' %}?id={{ user.id }}" >下载</a></td>
{% else %}
<td><span style="color: #586b7d">下载</span></td>
<td><span style="color: #586b7d">NoKey</span></td>
{% endif %}
</tr>
<tr>
......@@ -140,7 +140,7 @@
</div>
<div class="ibox-content ibox-heading">
<h3>用户的所有授权主机</h3>
<small><i class="fa fa-map-marker"></i> 这里包含了用户授权角色和角色下的主机.</small>
<small><i class="fa fa-map-marker"></i> 这里包含了用户授权的主机和其映射的系统用户.</small>
</div>
<div class="ibox-content inspinia-timeline">
{% for role, assets in role_assets.items %}
......@@ -155,13 +155,13 @@
</div>
<div class="col-xs-7 content no-top-border">
<p class="m-b-xs">
<strong>{{ role.comment }}</strong></p>
<strong>{{ role.comment }}</strong>
</p>
<p>
{% for asset in assets.asset %}
<a href="{% url 'asset_list' %}?id={{ asset.id }}">{{ asset.hostname }}</a><br>
{% endfor %}
</p>
<p></p>
</div>
</div>
</div>
......
templates/juser/user_edit.html
View file @ b58ff14e
......@@ -70,7 +70,7 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-sm-2 control-label">角色<span class="red-fonts">*</span></label>
<label for="role" class="col-sm-2 control-label">权限<span class="red-fonts">*</span></label>
<div class="col-sm-8">
{% for r, role_name in user_role.items %}
<div class="col-sm-3">
......
templates/juser/user_list.html
View file @ b58ff14e
......@@ -70,7 +70,7 @@
{% if user.username|key_exist %}
<a href="{% url 'key_down' %}?uuid={{ user.uuid }}" >下载</a>
{% else %}
<span style="color: #586b7d">下载</span>
<span style="color: #586b7d">NoKey</span>
{% endif %}
</td>
<td class="text-center">
......
templates/nav.html
View file @ b58ff14e
......@@ -25,10 +25,10 @@
<a href="#"><i class="fa fa-edit"></i> <span class="nav-label">授权管理</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li class="sudo">
<a class="sudo" href="{% url 'sudo_list' %}">Sudo命令</a>
<a class="sudo" href="{% url 'sudo_list' %}">Sudo</a>
</li>
<li class="role">
<a href="{% url 'role_list' %}">系统角色</a>
<a href="{% url 'role_list' %}">系统用户</a>
</li>
<li class="rule">
<a href="{% url 'rule_list' %}">授权规则</a>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment