diff --git a/jasset/views.py b/jasset/views.py
index 8427f9f676e40c8ace1f11e658be55a66ab2d151..b0d616d9214b976c4c895cbfe3c5878c60db09e5 100644
--- a/jasset/views.py
+++ b/jasset/views.py
@@ -160,7 +160,7 @@ def asset_add(request):
asset_save = af_post.save(commit=False)
if not use_default_auth:
password = request.POST.get('password', '')
- password_encode = CRYPTOR.encrypt(password)
+ password_encode = password
asset_save.password = password_encode
asset_save.is_active = True if is_active else False
asset_save.save()
diff --git a/jperm/models.py b/jperm/models.py
index 2bcea14e3ef265558f7ae8b72fd02f0aba880cce..d9553a00ca27f1e9ade5625510d5e128e8163f65 100644
--- a/jperm/models.py
+++ b/jperm/models.py
@@ -32,14 +32,14 @@ class PermRole(models.Model):
class PermRule(models.Model):
date_added = models.DateTimeField(auto_now=True)
- name = models.CharField(max_length=100)
+ name = models.CharField(max_length=100, unique=True)
comment = models.CharField(max_length=100)
asset = models.ManyToManyField(Asset, related_name='perm_rule')
asset_group = models.ManyToManyField(AssetGroup, related_name='perm_rule')
user = models.ManyToManyField(User, related_name='perm_rule')
user_group = models.ManyToManyField(UserGroup, related_name='perm_rule')
role = models.ManyToManyField(PermRole, related_name='perm_rule')
- ssh_type = models.BooleanField()
+ is_secret_key = models.BooleanField()
def __unicode__(self):
return self.name
\ No newline at end of file
diff --git a/jperm/views.py b/jperm/views.py
index 2685d6bd66e3c134ce5a00a3cf2b639c3ff66cf6..fd4b9a7560767e750724a7aab68a29255aa9e9c5 100644
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -1,6 +1,5 @@
# -*- coding: utf-8 -*-
-
from django.db.models import Q
from jperm.perm_api import *
from jperm.models import PermLog as Log
@@ -89,7 +88,8 @@ def perm_rule_add(request):
asset_groups_select = request.POST.getlist('assetgroup', [])
roles_select = request.POST.getlist('role', [])
rule_name = request.POST.get('rulename')
- rule_comment = request.POST.get('comment')
+ rule_comment = request.POST.get('rule_comment')
+ rule_ssh_key = request.POST.get("use_publicKey")
# 获å–需è¦æŽˆæƒçš„主机列表
assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select]
@@ -114,7 +114,9 @@ def perm_rule_add(request):
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
+ rule.is_secret_key = bool(rule_ssh_key)
rule.save()
+
return HttpResponse(u"æ·»åŠ æŽˆæƒè§„则:%s" % rule.name)
@@ -130,8 +132,10 @@ def perm_rule_edit(request):
rule_id = request.GET.get("id")
rule = PermRule.objects.get(id=rule_id)
+
if request.method == 'GET' and rule_id:
# 渲染数æ®, 获å–所有的rule对象
+ rule_comment = rule.comment
users = rule.user.all()
user_groups = rule.user_group.all()
assets = rule.asset.all()
@@ -141,7 +145,44 @@ def perm_rule_edit(request):
return my_render('jperm/perm_rule_edit.html', locals(), request)
elif request.method == 'POST' and rule_id:
- return HttpResponse("uncompleted")
+ # 获å–用户选择的 用户,用户组,资产,资产组,用户角色
+ rule_name = request.POST.get('rule_name')
+ rule_comment = request.POST.get("rule_comment")
+ users_select = request.POST.getlist('user', [])
+ user_groups_select = request.POST.getlist('usergroup', [])
+ assets_select = request.POST.getlist('asset', [])
+ asset_groups_select = request.POST.getlist('assetgroup', [])
+ roles_select = request.POST.getlist('role', [])
+
+ # 获å–需è¦æŽˆæƒçš„主机列表
+ assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select]
+ asset_groups_obj = [AssetGroup.objects.get(name=group) for group in asset_groups_select]
+ group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]]
+ calc_assets = set(group_assets_obj) | set(assets_obj)
+
+ # 获å–需è¦æŽˆæƒçš„用户列表
+ users_obj = [User.objects.get(name=user) for user in users_select]
+ user_groups_obj = [UserGroup.objects.get(name=group) for group in user_groups_select]
+ group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]]
+ calc_users = set(group_users_obj) | set(users_obj)
+
+ # 获å–授予的角色列表
+ roles_obj = [PermRole.objects.get(name=role) for role in roles_select]
+
+ # 仅授æƒæˆåŠŸçš„,写回数æ®åº“(授æƒè§„则,用户,用户组,资产,资产组,用户角色)
+ rule.user = users_obj
+ rule.usergroup = user_groups_obj
+ rule.asset = assets_obj
+ rule.asset_group = asset_groups_obj
+ rule.role = roles_obj
+ rule.name = rule_name
+ rule.comment = rule.comment
+
+ print rule, rule.name
+ rule.save()
+ return HttpResponse(u"更新授æƒè§„则:%s" % rule.name)
+
+
@require_role('admin')
@@ -252,8 +293,12 @@ def perm_role_detail(request):
role_info = get_role_info(role_id)
# 渲染数æ®
- for key, value in role_info.iteritems():
- key = value
+ rules = role_info.get("rules")
+ assets = role_info.get("assets")
+ asset_groups = role_info.get("asset_groups")
+ users = role_info.get("users")
+ user_groups = role_info.get("user_groups")
+
return my_render('jperm/perm_role_detail.html', locals(), request)
@@ -265,15 +310,27 @@ def perm_role_edit(request):
# 渲染数æ®
header_title, path1, path2 = "系统角色", "角色管ç†", "角色编辑"
+ # 渲染数æ®
+ role_id = request.GET.get("id")
+ role = PermRole.objects.get(id=role_id)
if request.method == "GET":
- role_id = request.GET.get("id")
- # 渲染数æ®
- role = PermRole.objects.get(id=role_id)
-
return my_render('jperm/perm_role_edit.html', locals(), request)
if request.method == "POST":
- return HttpResponse(u"未实现")
+ # èŽ·å– POST æ•°æ®
+ role_name = request.POST.get("role_name")
+ role_password = request.POST.get("role_password")
+ role_comment = request.POST.get("role_comment")
+
+ # 写入数æ®åº“
+ role.name = role_name
+ role.password = role_password
+ role.comment = role_comment
+
+ role.save()
+ return HttpResponse(u"更新系统角色: %s" % role.name)
+
+
@require_role('admin')
@@ -326,10 +383,13 @@ def perm_role_push(request):
task = Tasks(push_resource)
ret = {}
ret_failed = []
- if password_push:
- ret["password_push"] = task.add_multi_user(**role_pass)
- if ret["password_push"].get("status") != "success":
- ret_failed.append(1)
+
+ # å› ä¸ºè¦å…ˆå»ºç«‹ç”¨æˆ·ï¼Œæ‰€ä»¥password 是必选项,
+ # 而push key是在 password也完æˆçš„情况下的 å¯é€‰é¡¹
+ ret["password_push"] = task.add_multi_user(**role_pass)
+ if ret["password_push"].get("status") != "success":
+ ret_failed.append(1)
+
if key_push:
ret["key_push"] = task.push_multi_key(**role_key)
if ret["key_push"].get("status") != "success":
diff --git a/jumpserver.conf b/jumpserver.conf
index 6297ab00a6618dd3da05dda0e293d3a68e790d65..ac95066724225c5bc138a2f43404d74139efb006 100644
--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -9,7 +9,7 @@ log = debug
host = 127.0.0.1
port = 3306
user = jumpserver
-password = mysql234
+password = mysql1234
database = jumpserver
[websocket]
diff --git a/templates/jperm/perm_role_edit.html b/templates/jperm/perm_role_edit.html
index 23c7e76174cd9f94a024096086253386df79170b..81d56d4b45aeb801a015464723037b0f7613c6a7 100644
--- a/templates/jperm/perm_role_edit.html
+++ b/templates/jperm/perm_role_edit.html
@@ -40,6 +40,13 @@
</div>
</div>
<div class="hr-line-dashed"></div>
+ <div class="form-group">
+ <label for="role_password_label" class="col-sm-2 control-label">角色密ç <span class="red-fonts">*</span></label>
+ <div class="col-sm-8">
+ <input id="role_password" name="role_password" type="password" class="form-control" value="{{ role.password }}">
+ </div>
+ </div>
+ <div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
diff --git a/templates/jperm/perm_role_push.html b/templates/jperm/perm_role_push.html
index a524d0cc28d34e44bd1a1a468167aac69c19af39..91a4c7a0dc75691467d66bdffec0a93578aaccbf 100644
--- a/templates/jperm/perm_role_push.html
+++ b/templates/jperm/perm_role_push.html
@@ -67,16 +67,6 @@
</div>
<div class="hr-line-dashed"></div>
<div class="row">
- <div class="form-group">
- <label for="j_group" class="col-sm-2 control-label">使用密ç </label>
- <div class="col-sm-1">
- <div class="radio i-checks">
- <label>
- <input type="checkbox" value="1" id="use_password" name="use_password">
- </label>
- </div>
- </div>
- </div>
<div class="form-group">
<label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
<div class="col-sm-1">
diff --git a/templates/jperm/perm_rule_add.html b/templates/jperm/perm_rule_add.html
index d5a95cc8d64f3cacbaba0fbb27d235d8be155ee2..7f11c9b4ecb62ca2793dd6b5d05d8d8d9147b560 100644
--- a/templates/jperm/perm_rule_add.html
+++ b/templates/jperm/perm_rule_add.html
@@ -96,27 +96,6 @@
</div>
<div class="hr-line-dashed"></div>
-
- <div class="form-group">
- <label for="j_group" class="col-sm-2 control-label">使用密ç </label>
- <div class="col-sm-1">
- <div class="radio i-checks">
- <label>
- <input type="checkbox" value="0" id="use_password" name="use_password">
- </label>
- </div>
- </div>
- </div>
-
- <div class="form-group" id="admin_account_password" style="display: none">
- <label class="col-sm-1 control-label"> 密ç <span class="red-fonts">*</span> </label>
- <div class="col-sm-4">
- <input type="password" name="password" class="form-control">
- </div>
- </div>
-
- <div class="hr-line-dashed"></div>
-
<div class="form-group">
<label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
<div class="col-sm-1">
@@ -128,18 +107,11 @@
</div>
</div>
- <div class="form-group" id="admin_account_publicKey" style="display: none">
- <label class="col-sm-1 control-label"> 秘钥<span class="red-fonts">*</span> </label>
- <div class="col-sm-4">
- <input type="password" name="password" class="form-control">
- </div>
- </div>
-
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
- <input id="comment" name="comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
+ <input id="rule_comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
</div>
</div>
<div class="hr-line-dashed"></div>
diff --git a/templates/jperm/perm_rule_edit.html b/templates/jperm/perm_rule_edit.html
index 9737a3dc422d5d595ef397890a954ddca1355dfb..ee6e0f5c195937fc6685a113b4bcffc9a375027d 100644
--- a/templates/jperm/perm_rule_edit.html
+++ b/templates/jperm/perm_rule_edit.html
@@ -96,27 +96,6 @@
</div>
<div class="hr-line-dashed"></div>
-
- <div class="form-group">
- <label for="j_group" class="col-sm-2 control-label">使用密ç </label>
- <div class="col-sm-1">
- <div class="radio i-checks">
- <label>
- <input type="checkbox" value="0" id="use_password" name="use_password">
- </label>
- </div>
- </div>
- </div>
-
- <div class="form-group" id="admin_account_password" style="display: none">
- <label class="col-sm-1 control-label"> 密ç <span class="red-fonts">*</span> </label>
- <div class="col-sm-4">
- <input type="password" name="password" class="form-control">
- </div>
- </div>
-
- <div class="hr-line-dashed"></div>
-
<div class="form-group">
<label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
<div class="col-sm-1">
@@ -128,18 +107,11 @@
</div>
</div>
- <div class="form-group" id="admin_account_publicKey" style="display: none">
- <label class="col-sm-1 control-label"> 秘钥<span class="red-fonts">*</span> </label>
- <div class="col-sm-4">
- <input type="password" name="password" class="form-control">
- </div>
- </div>
-
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
- <input id="comment" name="comment" placeholder="Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
+ <input id="role_comment" name="role_comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule_comment }}">
</div>
</div>
<div class="hr-line-dashed"></div>
diff --git a/templates/jperm/perm_rule_list.html b/templates/jperm/perm_rule_list.html
index 270431c61eb97c16a21585a7d8e93c28912c5900..e08b8f7f4b621b82a60954e48a21dc8e79b53498 100644
--- a/templates/jperm/perm_rule_list.html
+++ b/templates/jperm/perm_rule_list.html
@@ -55,19 +55,19 @@
<tr class="gradeX" id={{ rule.id }}>
<td class="text-center"> {{ rule.name }} </td>
<td class="text-center">
- <a href="/jasset/asset_list/?gid={{ user.id }}">{{ rule | rule_member_count:"user" }} </a>
+ {{ rule | rule_member_count:"user" }}
</td>
<td class="text-center">
- <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"user_group" }}</a>
+ {{ rule | rule_member_count:"user_group" }}
</td>
<td class="text-center">
- <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"asset" }}</a>
+ {{ rule | rule_member_count:"asset" }}
</td>
<td class="text-center">
- <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"asset_group" }}</a>
+ {{ rule | rule_member_count:"asset_group" }}
</td>
<td class="text-center">
- <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"role" }}</a>
+ {{ rule | rule_member_count:"role" }}
</td>
<td class="text-center">
<a href="/jperm/perm_rule_detail/?id={{ rule.id }}" class="btn btn-xs btn-primary">详情</a>