Merge branches 'master' and 'wangyong' of gitcafe.com:ibuler/jumpserver

Conflicts: jumpserver/api.py

Merge branches 'master' and 'wangyong' of gitcafe.com:ibuler/jumpserver
Conflicts: jumpserver/api.py
c8d91884 · ibuler · 6d6e9d97 · bd2d7ce0 · c8d91884 · c8d91884
Commit c8d91884 authored Apr 18, 2015 by ibuler
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 22 deletions

views.py jasset/views.py +22 -15

api.py jumpserver/api.py +5 -7

No files found.
--- a/jasset/views.py
+++ b/jasset/views.py
@@ -140,6 +140,7 @@ def batch_host_edit(host_info, j_user='', j_password=''):

 def db_host_delete(request, host_id):
    """ 删除主机操作 """
+    print host_id
    if is_group_admin(request) and not validate(request, asset=[host_id]):
        return httperror(request, '删除失败, 您无权删除!')

@@ -187,10 +188,16 @@ def host_add(request):
        j_group = request.POST.getlist('j_group')
        j_active = request.POST.get('j_active')
        j_comment = request.POST.get('j_comment')
-        j_dept = request.POST.getlist('j_dept')

-        host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment]
-        if is_group_admin(request) and not verify(request, asset_group=j_group, edept=j_dept):
+        if is_super_user(request):
+            j_dept = request.POST.getlist('j_dept')
+            host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment]
+        elif is_group_admin(request):
+            j_dept = request.POST.get('j_dept')
+            host_info = [j_ip, j_port, j_idc, j_type, j_group, [j_dept], j_active, j_comment]
+
+        if is_group_admin(request) and not validate(request, asset_group=j_group, edept=[j_dept]):
+            print j_dept
            return httperror(request, u'添加失败,您无权操作!')

        if Asset.objects.filter(ip=str(j_ip)):
@@ -251,7 +258,7 @@ def host_add_batch(request):
                    return httperror(request, '添加失败, 没有%s这个部门' % dept_name)
                dept_ids.append(dept_id)

-            if is_group_admin(request) and not verify(request, asset_group=group_ids, edept=dept_ids):
+            if is_group_admin(request) and not validate(request, asset_group=group_ids, edept=dept_ids):
                return httperror(request, '添加失败, 没有%s这个主机组' % group_name)

            if Asset.objects.filter(ip=str(j_ip)):
@@ -352,7 +359,7 @@ def host_list(request):
        if is_common_user(request):
            return httperror(request, u'您无权查看!')

-        elif is_group_admin(request) and not verify(request, user_group=[gid]):
+        elif is_group_admin(request) and not validate(request, user_group=[gid]):
            return httperror(request, u'您无权查看!')

        posts = []
@@ -371,7 +378,7 @@ def host_list(request):
        if is_common_user(request):
            return httperror(request, u'您无权查看!')

-        elif is_group_admin(request) and not verify(request, user_group=[sid]):
+        elif is_group_admin(request) and not validate(request, user_group=[sid]):
            return httperror(request, u'您无权查看!')

        posts, asset_groups = [], []
@@ -502,7 +509,7 @@ def host_edit_adm(request):

        host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment]

-        if not verify(request, asset_group=j_group, edept=j_dept):
+        if not validate(request, asset_group=j_group, edept=j_dept):
            emg = u'修改失败,您无权操作!'
            return my_render('jasset/host_edit.html', locals(), request)

@@ -529,7 +536,7 @@ def host_detail(request):
        return httperror(request, '没有此主机!')
    post = post.first()

-    if is_group_admin(request) and not verify(request, asset=[host_id]):
+    if is_group_admin(request) and not validate(request, asset=[host_id]):
        return httperror(request, '您无权查看!')

    elif is_common_user(request):
@@ -673,7 +680,7 @@ def group_add(request):
        j_comment = request.POST.get('j_comment', '')

        try:
-            if is_group_admin(request) and not verify(request, asset=j_hosts, edept=[j_dept]):
+            if is_group_admin(request) and not validate(request, asset=j_hosts, edept=[j_dept]):
                emg = u'添加失败, 您无权操作!'
                raise RaiseError

@@ -708,7 +715,7 @@ def group_list(request):
        if is_common_user(request):
            return httperror(request, u'您无权查看!')

-        elif is_group_admin(request) and not verify(request, user_group=[gid]):
+        elif is_group_admin(request) and not validate(request, user_group=[gid]):
            return httperror(request, u'您无权查看!')

        posts = []
@@ -723,7 +730,7 @@ def group_list(request):
        if is_common_user(request):
            return httperror(request, u'您无权查看!')

-        elif is_group_admin(request) and not verify(request, user_group=[sid]):
+        elif is_group_admin(request) and not validate(request, user_group=[sid]):
            return httperror(request, u'您无权查看!')

        posts = []
@@ -768,7 +775,7 @@ def group_edit(request):
    dept_id = get_session_user_info(request)[3]
    eposts = Asset.objects.filter(bis_group=group)

-    if is_group_admin(request) and not verify(request, asset_group=[group_id]):
+    if is_group_admin(request) and not validate(request, asset_group=[group_id]):
        return httperror(request, '编辑失败, 您无权操作!')
    dept = DEPT.objects.filter(id=group.dept.id)
    if dept:
@@ -811,7 +818,7 @@ def group_detail(request):
        posts = Asset.objects.filter(bis_group=group).order_by('ip')

    elif is_group_admin(request):
-        if not verify(request, asset_group=[group_id]):
+        if not validate(request, asset_group=[group_id]):
            return httperror(request, u'您无权查看!')
        posts = Asset.objects.filter(bis_group=group).filter(dept=dept).order_by('ip')

@@ -853,12 +860,12 @@ def group_del(request):
        for i in range(int(len_list)):
            key = "id_list[" + str(i) + "]"
            gid = request.POST.get(key)
-            if is_group_admin(request) and not verify(request, asset_group=[gid]):
+            if is_group_admin(request) and not validate(request, asset_group=[gid]):
                return httperror(request, '删除失败, 您无权删除!')
            BisGroup.objects.filter(id=gid).delete()
    else:
        gid = int(offset)
-        if is_group_admin(request) and not verify(request, asset_group=[gid]):
+        if is_group_admin(request) and not validate(request, asset_group=[gid]):
            return httperror(request, '删除失败, 您无权删除!')
        BisGroup.objects.filter(id=gid).delete()
    return HttpResponseRedirect('/jasset/group_list/')

--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -383,9 +383,9 @@ def get_connect_item(username, ip):
 def validate(request, user_group=None, user=None, asset_group=None, asset=None, edept=None):
    dept = get_session_user_dept(request)[1]
    if edept:
-        print dept.id, edept[0]
        if dept.id != int(edept[0]):
            return False
+        
    if user_group:
        dept_user_groups = dept.usergroup_set.all()
        user_group_ids = []
@@ -428,7 +428,6 @@ def validate(request, user_group=None, user=None, asset_group=None, asset=None,
 def verify(request, user_group=None, user=None, asset_group=None, asset=None, edept=None):
    dept = get_session_user_dept(request)[1]
    if edept:
-        print dept.id, edept[0]
        if dept.id != int(edept[0]):
            return False

@@ -460,12 +459,11 @@ def verify(request, user_group=None, user=None, asset_group=None, asset=None, ed

    if asset:
        dept_assets = dept.asset_set.all()
-        assets_id, dept_assets_id = [], []
+        asset_ids = []
        for a in dept_assets:
-            dept_assets_id.append(int(a.id))
-        for i in asset:
-            assets_id.append(int(i))
-        if not set(assets_id).issubset(dept_assets_id):
+            asset_ids.append(str(a.id))
+        print asset, asset_ids
+        if not set(asset).issubset(set(asset_ids)):
            return False

    return True