禁止添加root用户作为系统用户

c6626e83 · yumaojun · 0832ea97 · c6626e83 · c6626e83 · c6626e83
Commit c6626e83 authored 9 years ago by yumaojun
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 14 deletions

views.py jperm/views.py +7 -1

perm_role_add.html templates/jperm/perm_role_add.html +4 -10

perm_role_edit.html templates/jperm/perm_role_edit.html +12 -3

No files found.
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -277,7 +277,7 @@ def perm_role_add(request):

    if request.method == "POST":
        # 获取参数： name, comment
-        name = request.POST.get("role_name", "")
+        name = request.POST.get("role_name", "").strip()
        comment = request.POST.get("role_comment", "")
        password = request.POST.get("role_password", "")
        key_content = request.POST.get("role_key", "")
@@ -286,6 +286,8 @@ def perm_role_add(request):
        try:
            if get_object(PermRole, name=name):
                raise ServerError(u'已经存在该用户 %s' % name)
+            if name == "root":
+                raise ServerError(u'禁止使用root用户作为系统用户，这样非常危险！')
            default = get_object(Setting, name='default')

            if password:
@@ -423,6 +425,9 @@ def perm_role_edit(request):
            if not role:
                raise ServerError('该系统用户不能存在')

+            if role_name == "root":
+                raise ServerError(u'禁止使用root用户作为系统用户，这样非常危险！')
+
            if role_password:
                encrypt_pass = CRYPTOR.encrypt(role_password)
                role.password = encrypt_pass
@@ -473,6 +478,7 @@ def perm_role_push(request):
        for asset_group in asset_groups_obj:
            group_assets_obj.extend(asset_group.asset_set.all())
        calc_assets = list(set(assets_obj) | set(group_assets_obj))
+
        push_resource = gen_resource(calc_assets)

        # 调用Ansible API 进行推送

--- a/templates/jperm/perm_role_add.html
+++ b/templates/jperm/perm_role_add.html
@@ -93,15 +93,14 @@ $('#roleForm').validator({
    theme: "yellow_right_effect",
    rules: {
        check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
+        check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户，这样非常危险！'],
        check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误，请检查'],
-{#        either: function(){#}
-{#            return $('#role_password').val() == ''#}
-{#        }#}
+
    },

    fields: {
        "role_name": {
-            rule: "required;check_name",
+            rule: "required;check_name;check_name_root",
            tip: "输入系统用户名称",
            ok: "",
            msg: {required: "系统用户名称必填"}
@@ -111,12 +110,7 @@ $('#roleForm').validator({
            ok: "",
            empty: true
        },
-{#        "role_key": {#}
-{#            rule: "required(either)",#}
-{#            tip: "输入密钥",#}
-{#            ok: "",#}
-{#            msg: {required: "密码和密钥必填一个!"}#}
-{#        }#}
+
    },
    valid: function(form) {
            form.submit();

--- a/templates/jperm/perm_role_edit.html
+++ b/templates/jperm/perm_role_edit.html
@@ -94,16 +94,25 @@ $('#roleForm').validator({
    timely: 2,
    theme: "yellow_right_effect",
    rules: {
-        check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位']
+        check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
+        check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户，这样非常危险！'],
+        check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误，请检查'],
+
    },

    fields: {
        "role_name": {
-            rule: "required;check_name",
+            rule: "required;check_name;check_name_root",
            tip: "输入系统用户名称",
            ok: "",
            msg: {required: "系统用户名称必填"}
-        }
+        },
+        "role_key": {
+            rule: "check_begin",
+            ok: "",
+            empty: true
+        },
+
    },
    valid: function(form) {
            form.submit();