[Update] 优化LDAP用户导入功能 (#2550)

apps/settings/api.py

@@ -5,18 +5,21 @@ import os
 import json
 import jms_storage
 
-from ldap3 import Server, Connection
 from rest_framework.views import Response, APIView
 from django.conf import settings
 from django.core.mail import send_mail
 from django.utils.translation import ugettext_lazy as _
 
 from .models import Setting
-from .utils import get_ldap_users_list, save_user
+from .utils import LDAPUtil
 from common.permissions import IsOrgAdmin, IsSuperUser
+from common.utils import get_logger
 from .serializers import MailTestSerializer, LDAPTestSerializer
 
 
+logger = get_logger(__file__)
+
+
 class MailTestingAPI(APIView):
     permission_classes = (IsOrgAdmin,)
     serializer_class = MailTestSerializer
@@ -46,9 +49,8 @@ class LDAPTestingAPI(APIView):
     serializer_class = LDAPTestSerializer
     success_message = _("Test ldap success")
 
-    def post(self, request):
-        serializer = self.serializer_class(data=request.data)
-        if serializer.is_valid():
+    @staticmethod
+    def get_ldap_util(serializer):
         host = serializer.validated_data["AUTH_LDAP_SERVER_URI"]
         bind_dn = serializer.validated_data["AUTH_LDAP_BIND_DN"]
         password = serializer.validated_data["AUTH_LDAP_BIND_PASSWORD"]
@@ -56,68 +58,69 @@ class LDAPTestingAPI(APIView):
         search_ougroup = serializer.validated_data["AUTH_LDAP_SEARCH_OU"]
         search_filter = serializer.validated_data["AUTH_LDAP_SEARCH_FILTER"]
         attr_map = serializer.validated_data["AUTH_LDAP_USER_ATTR_MAP"]
-
         try:
             attr_map = json.loads(attr_map)
         except json.JSONDecodeError:
             return Response({"error": "AUTH_LDAP_USER_ATTR_MAP not valid"}, status=401)
 
-            server = Server(host, use_ssl=use_ssl)
-            conn = Connection(server, bind_dn, password)
+        util = LDAPUtil(
+            use_settings_config=False, server_uri=host, bind_dn=bind_dn,
+            password=password, use_ssl=use_ssl,
+            search_ougroup=search_ougroup, search_filter=search_filter,
+            attr_map=attr_map
+        )
+        return util
+
+    def post(self, request):
+        serializer = self.serializer_class(data=request.data)
+        if not serializer.is_valid():
+            return Response({"error": str(serializer.errors)}, status=401)
+
+        util = self.get_ldap_util(serializer)
+
         try:
-                conn.bind()
+            users = util.get_search_user_items()
         except Exception as e:
             return Response({"error": str(e)}, status=401)
 
-            users = []
-            for search_ou in str(search_ougroup).split("|"):
-                ok = conn.search(search_ou, search_filter % ({"user": "*"}),
-                                 attributes=list(attr_map.values()))
-                if not ok:
-                    return Response({"error": _("Search no entry matched in ou {}").format(search_ou)}, status=401)
-
-                for entry in conn.entries:
-                    user = {}
-                    for attr, mapping in attr_map.items():
-                        if hasattr(entry, mapping):
-                            user[attr] = getattr(entry, mapping)
-                    users.append(user)
         if len(users) > 0:
             return Response({"msg": _("Match {} s users").format(len(users))})
         else:
             return Response({"error": "Have user but attr mapping error"}, status=401)
-        else:
-            return Response({"error": str(serializer.errors)}, status=401)
 
 
-class LDAPSyncAPI(APIView):
+class LDAPUserListApi(APIView):
     permission_classes = (IsOrgAdmin,)
 
     def get(self, request):
-        ldap_users_list = get_ldap_users_list()
-        if not isinstance(ldap_users_list, list):
-            return Response(ldap_users_list, status=401)
-        return Response(ldap_users_list)
+        util = LDAPUtil()
+        try:
+            users = util.get_search_user_items()
+        except Exception as e:
+            users = []
+            logger.error(e, exc_info=True)
+        else:
+            users = sorted(users, key=lambda u: (u['existing'], u['username']))
+        return Response(users)
 
 
-class LDAPConfirmSyncAPI(APIView):
+class LDAPUserSyncAPI(APIView):
     permission_classes = (IsOrgAdmin,)
 
     def post(self, request):
         user_names = request.data.get('user_names', '')
-        if not user_names:
-            error = _('User is not currently selected, please check the user '
-                      'you want to import')
-            return Response({'error': error}, status=401)
-
-        ldap_users_list = get_ldap_users_list(user_names=user_names)
-        if not isinstance(ldap_users_list, list):
-            return Response(ldap_users_list, status=401)
-
-        save_result = save_user(ldap_users_list)
-        if 'error' in save_result.keys():
-            return Response(save_result, status=401)
-        return Response(save_result)
+
+        util = LDAPUtil()
+        try:
+            result = util.sync_users(username_set=user_names)
+        except Exception as e:
+            logger.error(e, exc_info=True)
+            return Response({'error': str(e)}, status=401)
+        else:
+            msg = _("succeed: {} failed: {} total: {}").format(
+                result['succeed'], result['failed'], result['total']
+            )
+            return Response({'msg': msg})
 
 
 class ReplayStorageCreateAPI(APIView):

apps/settings/models.py

@@ -79,6 +79,8 @@ class Setting(models.Model):
             obj.cleaned_value = data
         else:
             value = obj.cleaned_value
+            if value is None:
+                value = {}
             value.update(data)
             obj.cleaned_value = value
         obj.save()

apps/settings/templates/settings/_ldap_list_users_modal.html

@@ -4,7 +4,10 @@
 
 {% block modal_class %}modal-lg{% endblock %}
 {% block modal_id %}ldap_list_users_modal{% endblock %}
-{% block modal_title%}{% trans "Ldap users" %}{% endblock %}
+{% block modal_title%}{% trans "LDAP user list" %}{% endblock %}
+
+{% block modal_help_message%} <div class="alert alert-info help-message" style="width: 838px; margin-left: 30px">{% trans 'Please submit the LDAP configuration before import' %}</div>{% endblock %}
+
 {% block modal_body %}
 <link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
 <script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
@@ -34,7 +37,7 @@
                            <th class="text-center">{% trans 'Username' %}</th>
                            <th class="text-center">{% trans 'Name' %}</th>
                            <th class="text-center">{% trans 'Email' %}</th>
-                           <th class="text-center">{% trans 'Is imported' %}</th>
+                           <th class="text-center">{% trans 'Existing' %}</th>
                        </tr>
                    </thead>
                    <tbody>
@@ -47,16 +50,25 @@
 
 <script>
 var ldap_users_table = 0;
-function initLdapTable() {
+function initLdapUsersTable() {
     if(ldap_users_table){
         return
     }
     var options = {
         ele: $('#ldap_list_users_table'),
-        ajax_url: '{% url "api-settings:ldap-sync" %}',
+        ajax_url: '{% url "api-settings:ldap-user-list" %}',
+        columnDefs: [
+            {targets: 4, createdCell: function (td, cellData, rowData) {
+                if(cellData){
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                }else{
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                }
+            }}
+        ],
         columns: [
             {data: "username" },{data: "username" }, {data: "name" },
-            {data:"email"}, {data:'is_imported'}
+            {data:"email"}, {data:'existing'}
         ],
         pageLength: 10
     };
@@ -68,8 +80,7 @@ function initLdapTable() {
 
 $(document).ready(function(){
 }).on('show.bs.modal', function () {
-    initLdapTable();
-
+    initLdapUsersTable();
 })
 .on('click','.close_btn1',function () {
     window.location.reload()
@@ -82,9 +93,9 @@ $(document).ready(function(){
 {% endblock %}
 
 {% block modal_button %}
-    {{ block.super }}
+    <button data-dismiss="modal" class="btn btn-white close_btn2" type="button">{% trans "Close" %}</button>
+    <button class="btn btn-primary" type="button" id="{% block modal_confirm_id %}btn_ldap_modal_confirm{% endblock %}">{% trans 'Import' %}</button>
 {% endblock %}
-{% block modal_confirm_id %}btn_ldap_modal_confirm{% endblock %}
 
 
 

apps/settings/templates/settings/ldap_setting.html

@@ -58,11 +58,11 @@
                                     <div class="hr-line-dashed"></div>
                                     <div class="form-group">
                                         <div class="col-sm-4 col-sm-offset-2">
-                                            <button class="btn btn-default btn-test" type="button"> {% trans 'Test connection' %}</button>
                                             <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
-                                            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                            <button class="btn btn-default btn-test" type="button"> {% trans 'Test connection' %}</button>
 {#                                            <button class="btn btn-primary sync_button " data-toggle="modal" data-target="#sync_users_modal" type="button">{% trans 'Synchronization' %}</button>#}
-                                            <button class="btn btn-primary sync_button " data-toggle="modal" data-target="#ldap_list_users_modal" type="button">{% trans 'Sync User' %}</button>
+                                            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                            <button class="btn btn-default sync_button " data-toggle="modal" data-target="#ldap_list_users_modal" type="button">{% trans 'Bulk import' %}</button>
                                         </div>
                                     </div>
                                     </form>
@@ -108,11 +108,17 @@ $(document).ready(function () {
 })
 .on("click","#btn_ldap_modal_confirm",function () {
     var user_names=[];
-    var cheked = $("tbody input[type='checkbox']:checked").each(function () {
+    $("tbody input[type='checkbox']:checked").each(function () {
         user_names.push($(this).attr('id'));
-
     });
-    var the_url =  "{% url "api-settings:ldap-comfirm-sync" %}";
+
+    if (user_names.length === 0){
+        var msg = "{% trans 'User is not currently selected, please check the user you want to import'%}"
+        toastr.error(msg);
+        return
+     }
+
+    var the_url =  "{% url "api-settings:ldap-user-sync" %}";
 
     function error(message) {
         toastr.error(message)

apps/settings/urls/api_urls.py

@@ -9,8 +9,8 @@ app_name = 'common'
 urlpatterns = [
     path('mail/testing/', api.MailTestingAPI.as_view(), name='mail-testing'),
     path('ldap/testing/', api.LDAPTestingAPI.as_view(), name='ldap-testing'),
-    path('ldap/sync/', api.LDAPSyncAPI.as_view(), name='ldap-sync'),
-    path('ldap/comfirm/sync/', api.LDAPConfirmSyncAPI.as_view(), name='ldap-comfirm-sync'),
+    path('ldap/users/', api.LDAPUserListApi.as_view(), name='ldap-user-list'),
+    path('ldap/users/sync/', api.LDAPUserSyncAPI.as_view(), name='ldap-user-sync'),
     path('terminal/replay-storage/create/', api.ReplayStorageCreateAPI.as_view(), name='replay-storage-create'),
     path('terminal/replay-storage/delete/', api.ReplayStorageDeleteAPI.as_view(), name='replay-storage-delete'),
     path('terminal/command-storage/create/', api.CommandStorageCreateAPI.as_view(), name='command-storage-create'),

apps/templates/_modal.html

@@ -12,6 +12,7 @@
                 <h4 class="modal-title">{% block modal_title %}{% endblock %}</h4>
                 <small>{% block modal_comment %}{% endblock %}</small>
             </div>
+            {% block modal_help_message %}{% endblock %}
             <div class="modal-body">
               {% block modal_body %}
               {% endblock %}