Merge branch 'dev' of git.coding.net:jumpserver/jumpserver into dev

d9d009ab · ibuler · 4e5c5010 · 34e8b321 · d9d009ab · d9d009ab
Commit d9d009ab authored Jan 04, 2016 by ibuler
4 changed files
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -277,7 +277,7 @@ def perm_role_add(request):

    if request.method == "POST":
        # 获取参数： name, comment
-        name = request.POST.get("role_name", "")
+        name = request.POST.get("role_name", "").strip()
        comment = request.POST.get("role_comment", "")
        password = request.POST.get("role_password", "")
        key_content = request.POST.get("role_key", "")
@@ -286,6 +286,8 @@ def perm_role_add(request):
        try:
            if get_object(PermRole, name=name):
                raise ServerError(u'已经存在该用户 %s' % name)
+            if name == "root":
+                raise ServerError(u'禁止使用root用户作为系统用户，这样非常危险！')
            default = get_object(Setting, name='default')

            if password:
@@ -423,6 +425,9 @@ def perm_role_edit(request):
            if not role:
                raise ServerError('该系统用户不能存在')

+            if role_name == "root":
+                raise ServerError(u'禁止使用root用户作为系统用户，这样非常危险！')
+
            if role_password:
                encrypt_pass = CRYPTOR.encrypt(role_password)
                role.password = encrypt_pass
@@ -473,6 +478,7 @@ def perm_role_push(request):
        for asset_group in asset_groups_obj:
            group_assets_obj.extend(asset_group.asset_set.all())
        calc_assets = list(set(assets_obj) | set(group_assets_obj))
+
        push_resource = gen_resource(calc_assets)

        # 调用Ansible API 进行推送

--- a/templates/jperm/perm_role_add.html
+++ b/templates/jperm/perm_role_add.html
@@ -93,15 +93,14 @@ $('#roleForm').validator({
    theme: "yellow_right_effect",
    rules: {
        check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
+        check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户，这样非常危险！'],
        check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误，请检查'],
-{#        either: function(){#}
-{#            return $('#role_password').val() == ''#}
-{#        }#}
+
    },

    fields: {
        "role_name": {
-            rule: "required;check_name",
+            rule: "required;check_name;check_name_root",
            tip: "输入系统用户名称",
            ok: "",
            msg: {required: "系统用户名称必填"}
@@ -111,12 +110,7 @@ $('#roleForm').validator({
            ok: "",
            empty: true
        },
-{#        "role_key": {#}
-{#            rule: "required(either)",#}
-{#            tip: "输入密钥",#}
-{#            ok: "",#}
-{#            msg: {required: "密码和密钥必填一个!"}#}
-{#        }#}
+
    },
    valid: function(form) {
            form.submit();

--- a/templates/jperm/perm_role_edit.html
+++ b/templates/jperm/perm_role_edit.html
@@ -94,16 +94,25 @@ $('#roleForm').validator({
    timely: 2,
    theme: "yellow_right_effect",
    rules: {
-        check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位']
+        check_name: [/^\w{2,20}$/, '大小写字母数字和下划线,2-20位'],
+        check_name_root: [/[^rR][^oO][^oO][^tT]/, '禁止使用root用户作为系统用户，这样非常危险！'],
+        check_begin: [/^[\-]+BEGIN RSA PRIVATE KEY[\-]+/gm, 'RSA Key填写有误，请检查'],
+
    },

    fields: {
        "role_name": {
-            rule: "required;check_name",
+            rule: "required;check_name;check_name_root",
            tip: "输入系统用户名称",
            ok: "",
            msg: {required: "系统用户名称必填"}
-        }
+        },
+        "role_key": {
+            rule: "check_begin",
+            ok: "",
+            empty: true
+        },
+
    },
    valid: function(form) {
            form.submit();

--- a/templates/jperm/perm_role_list.html
+++ b/templates/jperm/perm_role_list.html
@@ -84,7 +84,7 @@

 <script>
 function remove_role(role_id){
-    if (confirm("确认删除")) {
+    if (confirm("对应资产上已推送的系统用户会被删除，包括其家目录，请谨慎操作!")) {
        $.ajax({
           type: "POST",
           url: "{% url 'role_del' %}",