Skip to content

J
jumpserver
Commit e717fad7 authored by guanghongwei's avatar guanghongwei
Browse files
Options

ȵ

parent 386d6a1c
Hide whitespace changes
Inline Side-by-side
Showing with 247 additions and 39 deletions
connect.py
View file @ e717fad7
......@@ -174,7 +174,6 @@ def get_user_host(username):
def get_connect_item(username, ip):
cryptor = PyCrypt(KEY)
asset = get_object(Asset, ip=ip)
port = asset.port
......@@ -192,12 +191,12 @@ def get_connect_item(username, ip):
}
if asset.login_type in login_type_dict:
password = cryptor.decrypt(login_type_dict[asset.login_type])
password = CRYPTOR.decrypt(login_type_dict[asset.login_type])
return username, password, ip, port
elif asset.login_type == 'M':
username = asset.username
password = cryptor.decrypt(asset.password)
password = CRYPTOR.decrypt(asset.password)
return username, password, ip, port
else:
......@@ -286,7 +285,7 @@ def remote_exec_cmd(ip, port, username, password, cmd):
stdin, stdout, stderr = ssh.exec_command("bash -l -c '%s'" % cmd)
out = stdout.readlines()
err = stderr.readlines()
color_print('%s:' %ip, 'blue')
color_print('%s:' % ip, 'blue')
for i in out:
color_print(" " * 4 + i.strip(), 'green')
for j in err:
......
jumpserver/api.py
View file @ e717fad7
......@@ -128,6 +128,14 @@ class PyCrypt(object):
ciphertext = cryptor.encrypt(text)
return b2a_hex(ciphertext)
def decrypt(self, text):
cryptor = AES.new(self.key, self.mode, b'0000000000000000')
try:
plain_text = cryptor.decrypt(a2b_hex(text))
except TypeError:
raise ServerError('Decrypt password error, TYpe error.')
return plain_text.rstrip('\0')
CRYPTOR = PyCrypt(KEY)
......
jumpserver/templatetags/mytags.py
View file @ e717fad7
......@@ -6,7 +6,7 @@ import time
from django import template
from juser.models import User, UserGroup, DEPT
from jasset.models import BisGroup
from jumpserver.api import user_perm_asset_api
from jumpserver.api import *
register = template.Library()
......@@ -78,6 +78,16 @@ def bool2str(value):
return u'否'
@register.filter(name='user_readonly')
def user_readonly(user_id):
user = User.objects.filter(id=user_id)
if user:
user = user[0]
if user.role == 'CU':
return False
return True
@register.filter(name='member_count')
def member_count(group_id):
group = UserGroup.objects.get(id=group_id)
......
juser/urls.py
View file @ e717fad7
......@@ -13,18 +13,19 @@ urlpatterns = patterns('juser.views',
(r'^dept_detail/$', 'dept_detail'),
(r'^dept_del_ajax/$', 'dept_del_ajax'),
(r'^dept_edit/$', 'dept_edit'),
(r'^group_add/$', 'group_add'),
(r'^dept_user_ajax/$', 'dept_user_ajax'),
(r'^group_add/$', view_splitter, {'su': group_add, 'adm': group_add_adm}),
(r'^group_list/$', view_splitter, {'su': group_list, 'adm': group_list_adm}),
(r'^group_detail/$', 'group_detail'),
(r'^group_del/$', 'group_del'),
(r'^group_del/$', view_splitter, {'su': group_del, 'adm': group_del_adm}),
(r'^group_del_ajax/$', 'group_del_ajax'),
(r'^group_edit/$', view_splitter, {'su': group_edit, 'adm': group_edit_adm}),
(r'^user_add/$', 'user_add'),
(r'^user_list/$', 'user_list'),
(r'^user_list/$', view_splitter, {'su': user_list, 'adm': user_list_adm}),
(r'^user_detail/$', 'user_detail'),
(r'^user_del/$', 'user_del'),
(r'^user_del_ajax/$', 'user_del_ajax'),
(r'^user_edit/$', 'user_edit'),
(r'^user_edit/$', view_splitter, {'su': user_edit, 'adm': user_edit_adm}),
(r'^profile/$', 'profile'),
(r'^chg_pass/$', 'chg_pass'),
)
juser/views.py
View file @ e717fad7
......@@ -97,11 +97,12 @@ def db_add_user(**kwargs):
def db_update_user(**kwargs):
groups_post = kwargs.pop('groups')
username = kwargs.get('username')
user = User.objects.filter(username=username)
user.update(**kwargs)
user = User.objects.get(username=username)
user.save()
user_id = kwargs.pop('user_id')
user = User.objects.filter(id=user_id)
if user:
user.update(**kwargs)
user = User.objects.get(id=user_id)
user.save()
if groups_post:
group_select = []
......@@ -336,7 +337,21 @@ def dept_edit(request):
return render_to_response('juser/dept_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def dept_user_ajax(request):
dept_id = request.GET.get('id', '4')
if dept_id not in ['1', '2']:
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
users = dept.user_set.all()
else:
users = User.objects.all()
return render_to_response('juser/dept_user_ajax.html', locals())
@require_super_user
def group_add(request):
error = ''
msg = ''
......@@ -372,6 +387,37 @@ def group_add(request):
return render_to_response('juser/group_add.html', locals(), context_instance=RequestContext(request))
@require_admin
def group_add_adm(request):
error = ''
msg = ''
header_title, path1, path2 = '添加小组', '用户管理', '添加小组'
user, dept = get_session_user_dept(request)
user_all = dept.user_set.all()
if request.method == 'POST':
group_name = request.POST.get('group_name', '')
users_selected = request.POST.getlist('users_selected', '')
comment = request.POST.get('comment', '')
try:
if not validate(request, user=users_selected):
raise AddError('没有某用户权限')
if '' in [group_name]:
error = u'组名不能为空'
raise AddError(error)
db_add_group(name=group_name, users=users_selected, dept=dept, comment=comment)
except AddError:
pass
except TypeError:
error = u'保存小组失败'
else:
msg = u'添加组 %s 成功' % group_name
return render_to_response('juser/group_add.html', locals(), context_instance=RequestContext(request))
@require_super_user
def group_list(request):
header_title, path1, path2 = '查看小组', '用户管理', '查看小组'
......@@ -417,7 +463,7 @@ def group_detail(request):
return render_to_response('juser/group_detail.html', locals(), context_instance=RequestContext(request))
@require_admin
@require_super_user
def group_del(request):
group_id = request.GET.get('id', '')
if not group_id:
......@@ -426,10 +472,25 @@ def group_del(request):
return HttpResponseRedirect('/juser/group_list/')
@require_admin
def group_del_adm(request):
group_id = request.GET.get('id', '')
if not validate(request, user_group=[group_id]):
return HttpResponseRedirect('/juser/group_list/')
if not group_id:
return HttpResponseRedirect('/')
UserGroup.objects.filter(id=group_id).delete()
return HttpResponseRedirect('/juser/group_list/')
@require_admin
def group_del_ajax(request):
group_ids = request.POST.get('group_ids')
for group_id in group_ids.split(','):
group_ids = group_ids.split(',')
if request.session.get('role_id') == 1:
if not validate(request, user_group=group_ids):
return "error"
for group_id in group_ids:
UserGroup.objects.filter(id=group_id).delete()
return HttpResponse('删除成功')
......@@ -497,6 +558,7 @@ def group_edit_adm(request):
error = ''
msg = ''
header_title, path1, path2 = '修改小组信息', '用户管理', '编辑小组'
user, dept = get_session_user_dept(request)
if request.method == 'GET':
group_id = request.GET.get('id', '')
if not validate(request, user_group=[group_id]):
......@@ -504,8 +566,7 @@ def group_edit_adm(request):
group = UserGroup.objects.filter(id=group_id)
if group:
group = group[0]
dept_all = DEPT.objects.all()
users_all = User.objects.all()
users_all = dept.user_set.all()
users_selected = group.user_set.all()
users = [user for user in users_all if user not in users_selected]
......@@ -513,19 +574,17 @@ def group_edit_adm(request):
else:
group_id = request.POST.get('group_id', '')
group_name = request.POST.get('group_name', '')
dept_id = request.POST.get('dept_id', '')
comment = request.POST.get('comment', '')
users_selected = request.POST.getlist('users_selected')
users = []
try:
if '' in [group_id, group_name]:
raise AddError('组名不能为空')
dept = DEPT.objects.filter(id=dept_id)
if dept:
dept = dept[0]
else:
raise AddError('部门不存在')
if not validate(request, user=users_selected):
raise AddError(u'右侧非部门用户')
if not validate(request, user_group=[group_id]):
raise AddError(u'没有权限修改本组')
for user_id in users_selected:
users.extend(User.objects.filter(id=user_id))
......@@ -609,7 +668,7 @@ def user_add(request):
return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request))
@require_admin
@require_super_user
def user_list(request):
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
header_title, path1, path2 = '查看用户', '用户管理', '用户列表'
......@@ -638,11 +697,39 @@ def user_list(request):
return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_list_adm(request):
user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'}
header_title, path1, path2 = '查看用户', '用户管理', '用户列表'
keyword = request.GET.get('keyword', '')
user, dept = get_session_user_dept(request)
gid = request.GET.get('gid', '')
contact_list = dept.user_set.all().order_by('name')
if gid:
if not validate(request, user_group=[gid]):
return HttpResponseRedirect('/juser/user_list/')
user_group = UserGroup.objects.filter(id=gid)
if user_group:
user_group = user_group[0]
contact_list = user_group.user_set.all()
if keyword:
contact_list = contact_list.filter(Q(username__icontains=keyword) | Q(name__icontains=keyword)).order_by('name')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request)
return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_detail(request):
user_id = request.GET.get('id', '')
if not user_id:
return HttpResponseRedirect('/juser/user_list/')
if request.session.get('role_id', '') == '1':
if not validate(request, user=[user_id]):
return HttpResponseRedirect('/juser/user_list/')
user = User.objects.filter(id=user_id)
if user:
user = user[0]
......@@ -655,7 +742,12 @@ def user_detail(request):
def user_del(request):
user_id = request.GET.get('id', '')
if not user_id:
return HttpResponseRedirect('/')
return HttpResponseRedirect('/juser/user_list/')
if request.session.get('role_id', '') == '1':
if not validate(request, user=[user_id]):
return HttpResponseRedirect('/juser/user_list/')
user = User.objects.filter(id=user_id)
if user:
user = user[0]
......@@ -669,7 +761,11 @@ def user_del(request):
@require_admin
def user_del_ajax(request):
user_ids = request.POST.get('ids')
for user_id in user_ids.split(','):
user_ids = user_ids.split(',')
if request.session.get('role_id', '') == 1:
if not validate(request, user=user_ids):
return "error"
for user_id in user_ids:
user = User.objects.filter(id=user_id)
if user:
user = user[0]
......@@ -681,7 +777,7 @@ def user_del_ajax(request):
return HttpResponse('删除成功')
@require_admin
@require_super_user
def user_edit(request):
header_title, path1, path2 = '编辑用户', '用户管理', '用户编辑'
if request.method == 'GET':
......@@ -698,7 +794,7 @@ def user_edit(request):
groups_str = ' '.join([str(group.id) for group in user.group.all()])
else:
username = request.POST.get('username', '')
user_id = request.GET.get('user_id', '')
password = request.POST.get('password', '')
name = request.POST.get('name', '')
email = request.POST.get('email', '')
......@@ -715,8 +811,8 @@ def user_edit(request):
else:
dept = DEPT.objects.get(id='1')
if username:
user = User.objects.filter(username=username)
if user_id:
user = User.objects.filter(id=user_id)
if user:
user = user[0]
else:
......@@ -728,7 +824,7 @@ def user_edit(request):
if ssh_key_pwd != user.ssh_key_pwd:
ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd)
db_update_user(username=username,
db_update_user(user_id=user_id,
password=password,
name=name,
email=email,
......@@ -743,6 +839,62 @@ def user_edit(request):
return render_to_response('juser/user_edit.html', locals(), context_instance=RequestContext(request))
@require_admin
def user_edit_adm(request):
header_title, path1, path2 = '编辑用户', '用户管理', '用户编辑'
user, dept = get_session_user_dept(request)
if request.method == 'GET':
user_id = request.GET.get('id', '')
if not user_id:
return HttpResponseRedirect('/juser/user_list/')
if not validate(request, user=[user_id]):
return HttpResponseRedirect('/juser/user_list/')
user = User.objects.filter(id=user_id)
dept_all = DEPT.objects.all()
group_all = dept.usergroup_set.all()
if user:
user = user[0]
groups_str = ' '.join([str(group.id) for group in user.group.all()])
else:
user_id = request.POST.get('user_id', '')
password = request.POST.get('password', '')
name = request.POST.get('name', '')
email = request.POST.get('email', '')
groups = request.POST.getlist('groups', [])
ssh_key_pwd = request.POST.get('ssh_key_pwd', '')
is_active = True if request.POST.get('is_active', '1') == '1' else False
if not validate(request, user=[user_id], user_group=groups):
return HttpResponseRedirect('/juser/user_edit/')
if user_id:
user = User.objects.filter(id=user_id)
if user:
user = user[0]
else:
return HttpResponseRedirect('/juser/user_list/')
if password != user.password:
password = md5_crypt(password)
if ssh_key_pwd != user.ssh_key_pwd:
ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd)
db_update_user(user_id=user_id,
password=password,
name=name,
email=email,
groups=groups,
is_active=is_active,
ssh_key_pwd=ssh_key_pwd)
return HttpResponseRedirect('/juser/user_list/')
return render_to_response('juser/user_edit.html', locals(), context_instance=RequestContext(request))
def profile(request):
user_id = request.session.get('user_id')
if not user_id:
......
templates/juser/dept_user_ajax.html 0 → 100644
View file @ e717fad7
{% for user in users %}
<option value="{{ user.id }}">{{ user.name }}</option>
{% endfor %}
\ No newline at end of file
templates/juser/group_add.html
View file @ e717fad7
......@@ -40,17 +40,19 @@
<input id="group_name" name="group_name" placeholder="Group name" type="text" class="form-control" value="{{ group_name }}">
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="dept_id" class="col-sm-2 control-label">部门<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select id="dept_id" name="dept_id" class="form-control m-b">
<select id="dept_id" name="dept_id" class="form-control m-b" onchange="change_dept(this.value)">
{% for dept in dept_all %}
<option value="{{ dept.id }}" selected>{{ dept.name }}</option>
{% endfor %}
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="users" class="col-lg-2 control-label">用户</label>
......@@ -127,6 +129,16 @@ function change_type(type){
})
}
function change_dept(dept_id){
$.get('/juser/dept_user_ajax/',
{'id': dept_id},
function(data){
$('#users').html(data)
})
}
$(document).ready(function(){
$("#submit_button").click(function(){
$('#users_selected option').each(function(){
......
templates/juser/group_edit.html
View file @ e717fad7
......@@ -46,7 +46,7 @@
<div class="form-group">
<label for="dept_id" class="col-sm-2 control-label">部门<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<select id="dept_id" name="dept_id" class="form-control m-b">
<select id="dept_id" name="dept_id" class="form-control m-b" onchange="change_dept(this.value)">
{% for dept in dept_all %}
{% ifequal group.dept.id dept.id %}
<option value="{{ dept.id }}" selected>{{ dept.name }}</option>
......@@ -88,7 +88,7 @@
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
<input id="comment" name="comment" placeholder="Comment" type="text" class="form-control" value="{{ comment }}">
<input id="comment" name="comment" placeholder="Comment" type="text" class="form-control" value="{{ group.comment }}">
</div>
</div>
......@@ -145,6 +145,16 @@ $(document).ready(function(){
})
})
function change_dept(dept_id){
$.get('/juser/dept_user_ajax/',
{'id': dept_id},
function(data){
$('#users').html(data);
$('#users_selected').html('')
})
}
</script>
{% endblock %}
\ No newline at end of file
templates/juser/user_edit.html
View file @ e717fad7
......@@ -39,6 +39,7 @@
<div class="form-group">
<label for="username" class="col-sm-2 control-label">用户名<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="user_id" name="user_id" type="text" value="{{ user.id }}" style="display: none">
<input id="username" name="username" placeholder="Username" type="text" class="form-control" value="{{ user.username }}" readonly>
</div>
</div>
......@@ -70,6 +71,7 @@
</div>
</div>
<div class="hr-line-dashed"></div>
{% ifequal session_role_id 2 %}
<div class="form-group">
<label for="dept_id" class="col-lg-2 control-label">部门<span class="red-fonts">*</span></label>
<div class="col-sm-8">
......@@ -85,6 +87,7 @@
</div>
</div>
<div class="hr-line-dashed"></div>
{% endifequal %}
<div class="form-group">
<label for="groups" class="col-lg-2 control-label">小组</label>
<div class="col-sm-8">
......@@ -99,6 +102,7 @@
</select>
</div>
</div>
{% ifequal session_role_id 2 %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role" class="col-lg-2 control-label">角色<span class="red-fonts">*</span></label>
......@@ -114,6 +118,7 @@
</select>
</div>
</div>
{% endifequal %}
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email<span class="red-fonts">*</span></label>
......
templates/juser/user_list.html
View file @ e717fad7
......@@ -73,8 +73,14 @@
<td class="text-center">{{ user.is_active|bool2str }}</td>
<td class="text-center">
<a title="[ {{ user.name }} ] 详情" href="../user_detail/?id={{ user.id }}" class="iframe btn btn-xs btn-primary">详情</a>
{% ifequal session_role_id 2 %}
<a href="../user_edit/?id={{ user.id }}" class="btn btn-xs btn-info">编辑</a>
<a href="../user_del/?id={{ user.id }}" class="btn btn-xs btn-danger">删除</a>
{% else %}
<a href="../user_edit/?id={{ user.id }}" class="btn btn-xs btn-info {% if user.id|user_readonly %} disabled {% endif %}">编辑</a>
<a href="../user_del/?id={{ user.id }}" class="btn btn-xs btn-danger {% if user.id|user_readonly %} disabled {% endif %}">删除</a>
{% endifequal %}
</td>
</tr>
{% endfor %}
......
templates/nav.html
View file @ e717fad7
......@@ -91,7 +91,7 @@
<a href="#"><i class="fa fa-rebel"></i> <span class="nav-label">用户管理</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li class="dept_list dept_edit"><a href="/juser/dept_list/">查看部门</a></li>
<li class="group_list"><a href="/juser/group_list/">查看小组</a></li>
<li class="group_list group_edit"><a href="/juser/group_list/">查看小组</a></li>
<li class="group_add"><a href="/juser/group_add/">添加小组</a></li>
<li class="user_list"><a href="/juser/user_list/">查看用户<span class="label {% ifequal user_active_num user_total_num %}label-primary {% else %}label-warning {% endifequal %}pull-right">{{ user_active_num }}/{{ user_total_num }}</span></a></li>
<li class="user_add"><a href="/juser/user_add/">添加用户</a></li>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment