app jperm role and rule bug fixed...

c00e4c24 · yumaojun · 844fe2c2 · c00e4c24 · c00e4c24 · c00e4c24
Commit c00e4c24 authored Nov 16, 2015 by yumaojun
Showing with 99 additions and 141 deletions

models.py jasset/models.py +8 -8

views.py jperm/views.py +80 -129

perm_role_add.html templates/jperm/perm_role_add.html +9 -2

perm_rule_edit.html templates/jperm/perm_rule_edit.html +2 -2

No files found.
--- a/jasset/models.py
+++ b/jasset/models.py
@@ -42,7 +42,7 @@ class IDC(models.Model):
    address = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"机房地址")
    network = models.TextField(blank=True, null=True, verbose_name=u"IP地址段")
    date_added = models.DateField(auto_now=True, null=True)
-    operator = models.IntegerField(max_length=32, blank=True, null=True, verbose_name=u"运营商")
+    operator = models.IntegerField(blank=True, null=True, verbose_name=u"运营商")
    comment = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"备注")
    def __unicode__(self):
@@ -57,11 +57,11 @@ class Asset(models.Model):
    """
    asset modle
    """
-    ip = models.IPAddressField(unique=True, verbose_name=u"主机IP")
+    ip = models.GenericIPAddressField(unique=True, verbose_name=u"主机IP")
    other_ip = models.CharField(max_length=255, blank=True, null=True, verbose_name=u"其他IP")
    hostname = models.CharField(max_length=64, blank=True, null=True, verbose_name=u"主机名")
-    port = models.IntegerField(max_length=6, verbose_name=u"端口号")
+    port = models.IntegerField(verbose_name=u"端口号")
-    group = models.ManyToManyField(AssetGroup, blank=True, null=True, verbose_name=u"所属主机组")
+    group = models.ManyToManyField(AssetGroup, blank=True, verbose_name=u"所属主机组")
    username = models.CharField(max_length=16, blank=True, null=True, verbose_name=u"管理用户名")
    password = models.CharField(max_length=64, blank=True, null=True, verbose_name=u"密码")
    use_default_auth = models.BooleanField(default=True, verbose_name=u"使用默认管理账号")
@@ -75,11 +75,11 @@ class Asset(models.Model):
    system_type = models.CharField(max_length=32, blank=True, null=True, verbose_name=u"系统类型")
    system_version = models.CharField(max_length=8, blank=True, null=True, verbose_name=u"版本号")
    cabinet = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'机柜号')
-    position = models.IntegerField(max_length=2, blank=True, null=True, verbose_name=u'机器位置')
+    position = models.IntegerField(blank=True, null=True, verbose_name=u'机器位置')
    number = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'资产编号')
-    status = models.IntegerField(max_length=2, choices=ASSET_STATUS, blank=True, null=True, default=1, verbose_name=u"机器状态")
+    status = models.IntegerField(choices=ASSET_STATUS, blank=True, null=True, default=1, verbose_name=u"机器状态")
-    asset_type = models.IntegerField(max_length=2, choices=ASSET_TYPE, blank=True, null=True, verbose_name=u"主机类型")
+    asset_type = models.IntegerField(choices=ASSET_TYPE, blank=True, null=True, verbose_name=u"主机类型")
-    env = models.IntegerField(max_length=2, choices=ASSET_ENV, blank=True, null=True, verbose_name=u"运行环境")
+    env = models.IntegerField(choices=ASSET_ENV, blank=True, null=True, verbose_name=u"运行环境")
    sn = models.CharField(max_length=128, blank=True, null=True, verbose_name=u"SN编号")
    date_added = models.DateTimeField(auto_now=True, null=True)
    is_active = models.BooleanField(default=True, verbose_name=u"是否激活")

--- a/jperm/views.py
+++ b/jperm/views.py
@@ -19,32 +19,23 @@ from jperm.perm_api    import get_role_info
 from jumpserver.api    import my_render, get_object
 @require_role('admin')
 def perm_rule_list(request):
    """
-    用户授权视图：
+    list rule page
-      该视图的模板包含2部分：
-        1. block   部分：{% block content %}
-             rander_content 为渲染数据
-        2. include 部分：{% include 'nav_cat_bar.html' %}
-             rander_nav 为渲染数据
    """
-    data_nav = {"header_title": "授权规则", "path1": "规则管理", "path2": "查看规则"}
+    # 渲染数据
+    header_title, path1, path2 = "授权规则", "规则管理", "查看规则"
    # 获取所有规则
    rules_list = PermRule.objects.all()
    # TODO: 搜索和分页
    keyword = request.GET.get('search', '')
    if keyword:
        rules_list = rules_list.filter(Q(name=keyword))
    rules_list, p, rules, page_range, current_page, show_first, show_end = pages(rules_list, request)
-    data_content = {"rules": rules_list}
-    render_data = updates_dict(data_nav, data_content)
    return my_render('jperm/perm_rule_list.html', locals(), request)
@@ -52,49 +43,42 @@ def perm_rule_list(request):
 @require_role('admin')
 def perm_rule_detail(request):
    """
-    用户详情视图：
+    rule detail page
-      该视图的模板包含2部分：
-        1. block   部分：{% block content %}
-             rander_content 为渲染数据
-        2. include 部分：{% include 'nav_cat_bar.html' %}
-             rander_nav 为渲染数据
    """
-    data_nav = {"header_title": "授权规则", "path1": "授权管理", "path2": "规则详情"}
+    # 渲染数据
+    header_title, path1, path2 = "授权规则", "规则管理", "规则详情"
    # 根据rule_id 取得rule对象
    rule_id = request.GET.get("id")
    rule_obj = PermRule.objects.get(id=rule_id)
    user_obj = rule_obj.user.all()
    asset_obj = rule_obj.asset.all()
    roles_name = [role.name for role in rule_obj.role.all()]
-    data_content = {"roles_name": ','.join(roles_name), "rule": rule_obj, "users": user_obj, "assets": asset_obj}
-    render_data = updates_dict(data_nav, data_content)
+    # 渲染数据
+    roles_name = ','.join(roles_name)
+    rule = rule_obj
+    users = user_obj
+    assets = asset_obj
    return my_render('jperm/perm_rule_detail.html', locals(), request)
 def perm_rule_add(request):
    """
+    add rule page
-    :param request:
-    :return:
    """
-    data_nav = {"header_title": "授权规则", "path1": "授权管理", "path2": "添加规则"}
+    # 渲染数据
+    header_title, path1, path2 = "授权规则", "规则管理", "添加规则"
    if request.method == 'GET':
-        # 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则
+        # 渲染数据, 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则
        users = User.objects.all()
        user_groups = UserGroup.objects.all()
        assets = Asset.objects.all()
        asset_groups = AssetGroup.objects.all()
        roles = PermRole.objects.all()
-        data_content = {"users": users, "user_groups": user_groups, 
-                        "assets": assets, "asset_groups": asset_groups,
-                        "roles": roles}
-        render_data = updates_dict(data_nav, data_content)        
        return my_render('jperm/perm_rule_add.html', locals(), request)
    elif request.method == 'POST':
@@ -122,69 +106,38 @@ def perm_rule_add(request):
        # 获取授予的角色列表
        roles_obj = [PermRole.objects.get(name=role) for role in roles_select]
-        # 调用Ansible API 执行授权 资源---Role---用户
+        # 仅授权成功的，写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
-        # 生成Inventory, 这里需要向CMDB 获取认证信息（1. password， 2, key）
+        rule = PermRule(name=rule_name, comment=rule_comment)
-        hosts = [{"hostname": asset.ip,
+        rule.save()
-                  "port": asset.port,
+        rule.user = users_obj
-                  "username": asset.username,
+        rule.usergroup = user_groups_obj
-                  "password": asset.password} for asset in calc_assets]
+        rule.asset = assets_obj
-        # 获取需要授权的角色名称
+        rule.asset_group = asset_groups_obj
-        roles = [role.name for role in roles_obj]
+        rule.role = roles_obj
-        # 调用Ansible API 执行 password方式的授权 TODO: Surport sudo
+        rule.save()
-        tasks = Tasks(hosts)
+        return HttpResponse(u"添加授权规则：%s" % rule.name)
-        ret = tasks.add_multi_user(*roles)
-        # TODO: 调用Ansible API 执行 key方式的授权
-        # 计算授权成功和授权失败的主机 TODO: 记录成功和失败
-        perm_sucess = {}
-        perm_failed = {}
-        for role, status in ret.get('action_info').iteritems():
-            if status['status'] == 'failed':
-                failed_ip = status['msg'].keys()
-                perm_sucess[role] = [asset for asset in calc_assets if asset.ip not in failed_ip]
-                perm_failed[role] = [asset for asset in calc_assets if asset.ip in failed_ip]
-        if not perm_failed.values():
-            # 仅授权成功的，写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
-            rule = PermRule(name=rule_name, comment=rule_comment)
-            rule.save()
-            rule.user = users_obj
-            rule.usergroup = user_groups_obj
-            rule.asset = assets_obj
-            rule.asset_group = asset_groups_obj
-            rule.role = roles_obj
-            rule.save()
-            return HttpResponse(ret)
-        else:
-            return HttpResponse("add rule failed")
 @require_role('admin')
 def perm_rule_edit(request):
    """
-    list rules
+    edit rule page
-    :param request:
-    :return:
    """
+    # 渲染数据
+    header_title, path1, path2 = "授权规则", "规则管理", "添加规则"
-    data_nav = {"header_title": "授权规则", "path1": "授权管理", "path2": "编辑规则"}
    # 根据rule_id 取得rule对象
    rule_id = request.GET.get("id")
-    rule_obj = PermRule.objects.get(id=rule_id)
+    rule = PermRule.objects.get(id=rule_id)
    if request.method == 'GET' and rule_id:
-        # 获取所有的rule对象
+        # 渲染数据, 获取所有的rule对象
-        users_obj = rule_obj.user.all()
+        users = rule.user.all()
-        user_groups_obj = rule_obj.user_group.all()
+        user_groups = rule.user_group.all()
-        assets_obj = rule_obj.asset.all()
+        assets = rule.asset.all()
-        asset_groups_obj = rule_obj.asset_group.all()
+        asset_groups = rule.asset_group.all()
-        roles_obj = rule_obj.role.all()
+        roles = rule.role.all()
-        data_content = {"users": users_obj, "user_groups": user_groups_obj,
-                        "assets": assets_obj, "asset_groups": asset_groups_obj,
-                        "roles": roles_obj, "rule": rule_obj}
-        render_data = updates_dict(data_nav, data_content)
        return my_render('jperm/perm_rule_edit.html', locals(), request)
    elif request.method == 'POST' and rule_id:
@@ -213,28 +166,20 @@ def perm_rule_delete(request):
 @require_role('admin')
 def perm_role_list(request):
    """
-    用户授权视图：
+    list role page
-      该视图的模板包含2部分：
-        1. block   部分：{% block content %}
-             rander_content 为渲染数据
-        2. include 部分：{% include 'nav_cat_bar.html' %}
-             rander_nav 为渲染数据
    """
-    data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "查看角色"}
+    # 渲染数据
+    header_title, path1, path2 = "系统角色", "角色管理", "查看角色"
    # 获取所有系统角色
    roles_list = PermRole.objects.all()
    # TODO: 搜索和分页
    keyword = request.GET.get('search', '')
    if keyword:
        roles_list = roles_list.filter(Q(name=keyword))
    roles_list, p, roles, page_range, current_page, show_first, show_end = pages(roles_list, request)
-    data_content = {"roles": roles_list}
-    render_data = updates_dict(data_nav, data_content)
    return my_render('jperm/perm_role_list.html', locals(), request)
@@ -242,24 +187,22 @@ def perm_role_list(request):
 @require_role('admin')
 def perm_role_add(request):
    """
-    用户授权视图：
+    add role page
-      该视图的模板包含2部分：
-        1. block   部分：{% block content %}
-             rander_content 为渲染数据
-        2. include 部分：{% include 'nav_cat_bar.html' %}
-             rander_nav 为渲染数据
    """
-    data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "添加角色"}
+    # 渲染数据
+    header_title, path1, path2 = "系统角色", "角色管理", "添加角色"
    if request.method == "GET":
+        default_password = get_rand_pass()
        return my_render('jperm/perm_role_add.html', locals(), request)
    elif request.method == "POST":
        # 获取参数： name, comment
        name = request.POST.get("role_name")
        comment = request.POST.get("role_comment")
+        password = request.POST.get("role_password")
        # 生成随机密码，生成秘钥对
-        password = get_rand_pass()
        key_path = gen_keys()
        role = PermRole(name=name, comment=comment, password=password, key_path=key_path)
        role.save()
@@ -267,15 +210,11 @@ def perm_role_add(request):
    else:
        return HttpResponse(u"不支持该操作")
 @require_role('admin')
 def perm_role_delete(request):
    """
-    用户授权视图：
+    delete role page
-      该视图的模板包含2部分：
-        1. block   部分：{% block content %}
-             rander_content 为渲染数据
-        2. include 部分：{% include 'nav_cat_bar.html' %}
-             rander_nav 为渲染数据
    """
    if request.method == "POST":
        # 获取参数删除的role对象
@@ -297,35 +236,40 @@ def perm_role_delete(request):
 @require_role('admin')
 def perm_role_detail(request):
    """
+    the role detail page
        the role_info data like:
            {'asset_groups': [],
            'assets': [<Asset: 192.168.10.148>],
            'rules': [<PermRule: PermRule object>],
-            'user_groups': [],
+            '': [],
-            'users': [<User: user1>]}
+            '': [<User: user1>]}
    """
-    data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "角色详情"}
+    # 渲染数据
+    header_title, path1, path2 = "系统角色", "角色管理", "角色详情"
    if request.method == "GET":
        role_id = request.GET.get("id")
        role_info = get_role_info(role_id)
-        render_data = updates_dict(data_nav, role_info)
+        # 渲染数据
+        for key, value in role_info.iteritems():
+            key = value
        return my_render('jperm/perm_role_detail.html', locals(), request)
 @require_role('admin')
 def perm_role_edit(request):
    """
+    edit role page
-    :param request:
-    :return:
    """
-    data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "角色编辑"}
+    # 渲染数据
+    header_title, path1, path2 = "系统角色", "角色管理", "角色编辑"
    if request.method == "GET":
        role_id = request.GET.get("id")
-        data_content = {"role": PermRole.objects.get(id=role_id)}
+        # 渲染数据
-        render_data = updates_dict(data_nav, data_content)
+        role = PermRole.objects.get(id=role_id)
        return my_render('jperm/perm_role_edit.html', locals(), request)
    if request.method == "POST":
@@ -335,17 +279,17 @@ def perm_role_edit(request):
 @require_role('admin')
 def perm_role_push(request):
    """
+    the role push page
-    :param request:
-    :return:
    """
-    data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "角色推送"}
+    # 渲染数据
+    header_title, path1, path2 = "系统角色", "角色管理", "角色推送"
    if request.method == "GET":
-        data_content = {"roles": PermRole.objects.all(),
+        # 渲染数据
-                        "assets": Asset.objects.all(),
+        roles = PermRole.objects.all()
-                        "asset_groups": AssetGroup.objects.all()}
+        assets = Asset.objects.all()
-        render_data = updates_dict(data_nav, data_content)
+        asset_groups = AssetGroup.objects.all()
        return my_render('jperm/perm_role_push.html', locals(), request)
    if request.method == "POST":
@@ -364,9 +308,9 @@ def perm_role_push(request):
        # 生成Inventory
        push_resource = [{"hostname": asset.ip,
-                "port": asset.port,
+                          "port": asset.port,
-                "username": asset.username,
+                          "username": asset.username,
-                "password": asset.password} for asset in calc_assets]
+                          "password": asset.password} for asset in calc_assets]
        # 获取角色的推送方式,以及推送需要的信息
        roles_obj = [PermRole.objects.get(name=role_name) for role_name in role_names]
@@ -399,6 +343,13 @@ def perm_role_push(request):
 @require_role('admin')
 def perm_group_list(request):
    header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权'

--- a/templates/jperm/perm_role_add.html
+++ b/templates/jperm/perm_role_add.html
@@ -36,14 +36,21 @@
                            <div class="form-group">
                                <label for="role_name" class="col-sm-2 control-label">规则名称<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">
-                                    <input id="role_name" name="role_name" placeholder="Role Name" type="text" class="form-control" {% if error %}value="{{ role.name }}" {% endif %}>
+                                    <input id="role_name" name="role_name" placeholder="Role Name" type="text" class="form-control">
+                                </div>
+                            </div>
+                            <div class="hr-line-dashed"></div>
+                            <div class="form-group">
+                                <label for="role_password_label" class="col-sm-2 control-label">角色密码<span class="red-fonts">*</span></label>
+                                <div class="col-sm-8">
+                                    <input id="role_password" name="role_password" type="password" class="form-control" value="{{ default_password }}">
                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="role_comment" class="col-sm-2 control-label">备注</label>
                                <div class="col-sm-8">
-                                    <input id="role_comment" name="role_comment" placeholder="Role Comment" type="text" class="form-control" {% if error %}value="{{ role.comment }}" {% endif %}>
+                                    <input id="role_comment" name="role_comment" placeholder="Role Comment" type="text" class="form-control">
                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>

--- a/templates/jperm/perm_rule_edit.html
+++ b/templates/jperm/perm_rule_edit.html
@@ -34,9 +34,9 @@
                                <div class="alert alert-success text-center">{{ msg }}</div>
                            {% endif %}
                            <div class="form-group">
-                                <label for="username" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label>
+                                <label for="username_lab" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">
-                                    <input id="rulename" name="rulename" placeholder="RuleName" type="text" class="form-control" value="{{ rule.name }}">
+                                    <input id="rule_name" name="rule_name" placeholder="RuleName" type="text" class="form-control" value="{{ rule.name }}">
                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>