perm edit fix

f74b15c1 · ibuler · d3fd9e05 · f74b15c1 · f74b15c1 · f74b15c1
Commit f74b15c1 authored Dec 09, 2015 by ibuler
7 changed files
--- a/connect.py
+++ b/connect.py
@@ -78,6 +78,7 @@ class Tty(object):
        self.asset_name = asset.hostname
        self.ip = None
        self.port = 22
+        self.ssh = None
        self.channel = None
        self.asset = asset
        self.user = user
@@ -300,8 +301,7 @@ class Tty(object):
                                username=connect_info.get('role_name'),
                                password=connect_info.get('role_pass'),
                                key_filename=role_key,
-                                look_for_keys=False,
-                                allow_agent=False)
+                                look_for_keys=False)
                    return ssh
                except (paramiko.ssh_exception.AuthenticationException, paramiko.ssh_exception.SSHException):
                    logger.warning(u'使用ssh key %s 失败, 尝试只使用密码' % role_key)
@@ -319,6 +319,7 @@ class Tty(object):
        except socket.error:
            raise ServerError('端口可能不对 Connect SSH Socket Port Error, Please Correct it.')
        else:
+            self.ssh = ssh
            return ssh



--- a/jperm/views.py
+++ b/jperm/views.py
@@ -144,25 +144,17 @@ def perm_rule_edit(request):

    # 根据rule_id 取得rule对象
    rule_id = request.GET.get("id")
-    rule = PermRule.objects.get(id=rule_id)
+    rule = get_object(PermRule, id=rule_id)

-    if request.method == 'GET' and rule_id:
    # 渲染数据, 获取所选的rule对象
-        rule_comment = rule.comment
-        users_select = rule.user.all()
-        user_groups_select = rule.user_group.all()
-        assets_select = rule.asset.all()
-        asset_groups_select = rule.asset_group.all()
-        roles_select = rule.role.all()

    users = User.objects.all()
    user_groups = UserGroup.objects.all()
    assets = Asset.objects.all()
    asset_groups = AssetGroup.objects.all()
    roles = PermRole.objects.all()
-        return my_render('jperm/perm_rule_edit.html', locals(), request)

-    elif request.method == 'POST' and rule_id:
+    if request.method == 'POST' and rule_id:
        # 获取用户选择的 用户,用户组,资产,资产组,用户角色
        rule_name = request.POST.get('rule_name')
        rule_comment = request.POST.get("rule_comment")
@@ -174,8 +166,10 @@ def perm_rule_edit(request):

        assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
        asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
-        # group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]]
-        # calc_assets = set(group_assets_obj) | set(assets_obj)
+        group_assets_obj = []
+        for asset_group in asset_groups_obj:
+            group_assets_obj.extend(list(asset_group.asset_set.all()))
+        calc_assets = set(group_assets_obj) | set(assets_obj)  # 授权资产和资产组包含的资产

        # 获取需要授权的用户列表
        users_obj = [User.objects.get(id=user_id) for user_id in users_select]
@@ -185,6 +179,14 @@ def perm_rule_edit(request):

        # 获取授予的角色列表
        roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
+        need_push_asset = set()
+        try:
+            for role in roles_obj:
+                asset_no_push = get_role_push_host(role=role)[0]  # 获取某角色已经推送的资产
+                need_push_asset.update(set(calc_assets) - set(asset_no_push))
+                if need_push_asset:
+                    raise ServerError(u'没有推送角色 %s 的主机 %s'
+                                      % (role.name, ','.join([asset.hostname for asset in need_push_asset])))

            # 仅授权成功的，写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
            rule.user = users_obj
@@ -195,10 +197,12 @@ def perm_rule_edit(request):
            rule.name = rule_name
            rule.comment = rule.comment
            rule.save()
+            msg = u"更新授权规则：%s成功" % rule.name

-        msg = u"更新授权规则：%s" % rule.name
+        except ServerError, e:
+            error = e

-    return HttpResponseRedirect('/jperm/rule/')
+    return my_render('jperm/perm_rule_edit.html', locals(), request)


 @require_role('admin')

--- a/run_websocket.py
+++ b/run_websocket.py
@@ -296,6 +296,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
        self.log = None
        self.id = 0
        self.user = None
+        self.ssh = None
+        self.channel = None
        super(WebTerminalHandler, self).__init__(*args, **kwargs)

    def check_origin(self, origin):
@@ -310,7 +312,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
        if asset:
            roles = user_have_perm(self.user, asset)
            logger.debug(roles)
-            logger.debug('rolename: %s' % role_name)
+            logger.debug('角色: %s' % role_name)
            login_role = ''
            for role in roles:
                if role.name == role_name:
@@ -329,8 +331,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
                                                                                     login_role.name))
        self.term = WebTty(self.user, asset, login_role, login_type='web')
        self.term.remote_ip = self.request.remote_ip
-        ssh = self.term.get_connection()
-        self.term.channel = ssh.invoke_shell(term='xterm')
+        self.ssh = self.term.get_connection()
+        self.channel = self.ssh.invoke_shell(term='xterm')
        WebTerminalHandler.tasks.append(MyThread(target=self.forward_outbound))
        WebTerminalHandler.clients.append(self)

@@ -363,7 +365,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
                self.term.vim_data = ''
                self.term.data = ''
                self.term.input_mode = False
-            self.term.channel.send(data['data'])
+            self.channel.send(data['data'])

    def on_close(self):
        logger.debug('Websocket: Close request')
@@ -386,9 +388,9 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
            data = ''
            pre_timestamp = time.time()
            while True:
-                r, w, e = select.select([self.term.channel, sys.stdin], [], [])
-                if self.term.channel in r:
-                    recv = self.term.channel.recv(1024)
+                r, w, e = select.select([self.channel, sys.stdin], [], [])
+                if self.channel in r:
+                    recv = self.channel.recv(1024)
                    if not len(recv):
                        return
                    data += recv
@@ -407,8 +409,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
                        data = ''
                    except UnicodeDecodeError:
                        pass
-        finally:
-            self.close()
+        except IndexError:
+            pass

 if __name__ == '__main__':
    tornado.options.parse_command_line()

--- a/templates/jasset/asset_list.html
+++ b/templates/jasset/asset_list.html
@@ -231,6 +231,7 @@
                    var dataArray = data.split(',');
                    if (dataArray.length == 1 && data != 'error'){
                        var title = 'Jumpserver Web Terminal' + '<span class="text-info"> '+ hostname +'</span>';
+                        console.log(new_url+data);
                        layer.open({
                            type: 2,
                            title: title,

--- a/templates/jperm/perm_role_list.html
+++ b/templates/jperm/perm_role_list.html
@@ -50,19 +50,16 @@
                                <th class="text-center">名称 </th>
                                <th class="text-center">sudo别名</th>
                                <th class="text-center">创建时间</th>
-                                <th class="text-center">备注</th>
                                <th class="text-center">操作</th>
                            </tr>
                        </thead>
                        <tbody id="edittbody">
                        {% for role in roles %}
                            <tr class="gradeX" id={{ role.id }}>
-                                <td class="text-center"> {{ role.name }} </td>
+                                <td class="text-center"><a href="/jperm/role/perm_role_detail/?id={{ role.id }}">{{ role.name }} </a></td>
                                <td class="text-center"> {{ role | role_contain_which_sudos }} </td>
                                <td class="text-center"> {{ role.date_added | date:"Y-m-d H:i:s"}} </td>
-                                <td class="text-center"> {{ role.comment }} </td>
                                <td class="text-center">
-                                    <a href="/jperm/role/perm_role_detail/?id={{ role.id }}" class="btn btn-xs btn-primary">详情</a>
                                    <a href="/jperm/role/perm_role_edit/?id={{ role.id }}" class="btn btn-xs btn-info">编辑</a>
                                    <a href="/jperm/role/push/?id={{ role.id }}" class="btn btn-xs btn-warning">推送</a>
                                    <button onclick="remove_role({{ role.id }})" class="btn btn-xs btn-danger">删除</button>

--- a/templates/jperm/perm_rule_edit.html
+++ b/templates/jperm/perm_rule_edit.html
@@ -36,7 +36,7 @@
                            <div class="form-group">
                                <label for="rulename" class="col-sm-2 control-label">授权名称<span class="red-fonts">*</span></label>
                                <div class="col-sm-8">
-                                    <input id="rulename" name="rulename" placeholder="Rule Name" type="text" class="form-control">
+                                    <input id="rulename" name="rulename" placeholder="Rule Name" type="text" class="form-control" value={{ rule.name }}>
                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>
@@ -45,7 +45,7 @@
                                <div class="col-sm-8">
                                    <select name="user" id="user" data-placeholder="用户名" class="chosen-select form-control m-b" multiple  tabindex="2">
                                        {% for user in users %}
-                                            <option value="{{ user.id }}" {% if user in users_select %} selected {%  endif %}>{{ user.name }}</option>
+                                            <option value="{{ user.id }}" {% if user in rule.user.all %} selected {%  endif %}>{{ user.name }}</option>
                                        {% endfor %}
                                    </select>
                                    <span class="help-block m-b-none">用户和用户组必选一个</span>
@@ -56,7 +56,7 @@
                                <div class="col-sm-8">
                                    <select name="usergroup" id="usergroup" data-placeholder="请选择用户组" class="chosen-select form-control m-b" multiple  tabindex="2">
                                        {% for user_group in user_groups %}
-                                            <option value="{{ user_group.id }}"{% if user_group in user_groups_select %} selected {% endif %}>{{ user_group.name }}</option>
+                                            <option value="{{ user_group.id }}"{% if user_group in rule.user_group.all %} selected {% endif %}>{{ user_group.name }}</option>
                                        {% endfor %}
                                    </select>
                                </div>
@@ -67,7 +67,7 @@
                                <div class="col-sm-8">
                                    <select name="asset" id="asset" data-placeholder="请选择资产" class="chosen-select form-control m-b" multiple  tabindex="2">
                                        {% for asset in assets %}
-                                            <option value="{{ asset.id }}"{% if asset in assets_select %} selected {% endif %}>{{ asset.ip }}</option>
+                                            <option value="{{ asset.id }}"{% if asset in rule.asset.all %} selected {% endif %}>{{ asset.ip }}</option>
                                        {% endfor %}
                                    </select>
                                    <span class="help-block m-b-none">资产和资产组必选一个</span>
@@ -78,7 +78,7 @@
                                <div class="col-sm-8">
                                    <select name="assetgroup" data-placeholder="请选择资产组" class="chosen-select form-control m-b" multiple  tabindex="2">
                                        {% for asset_group in asset_groups %}
-                                            <option value="{{ asset_group.id }}"{% if asset_group in asset_groups_select %} selected {% endif %}>{{ asset_group.name }}</option>
+                                            <option value="{{ asset_group.id }}"{% if asset_group in rule.asset_group.all %} selected {% endif %}>{{ asset_group.name }}</option>
                                        {% endfor %}
                                    </select>
                                </div>
@@ -86,10 +86,10 @@
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">
                                <label for="role" class="col-sm-2 control-label">角色<span class="red-fonts">*</span></label>
-                                <div class="col-sm-8"　id="role_name">
+                                <div class="col-sm-8" id="role_name">
                                    <select name="role" data-placeholder="请选择角色" class="chosen-select form-control m-b" multiple  tabindex="2">
                                         {% for role in roles %}
-                                            <option value="{{ role.id }}"{% if role in roles_select %} selected {% endif %}>{{ role.name }}</option>
+                                            <option value="{{ role.id }}"{% if role in rule.role.all %} selected {% endif %}>{{ role.name }}</option>
                                        {% endfor %}
                                    </select>
                                </div>
@@ -99,7 +99,7 @@
                            <div class="form-group">
                                <label for="comment" class="col-sm-2 control-label">备注</label>
                                <div class="col-sm-8">
-                                    <input id="rule_comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule_comment }}">
+                                    <input id="rule_comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule.comment }}">
                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>

--- a/templates/nav.html
+++ b/templates/nav.html
@@ -24,7 +24,7 @@
            <li id="jperm">
                <a href="#"><i class="fa fa-edit"></i> <span class="nav-label">授权管理</span><span class="fa arrow"></span></a>
                <ul class="nav nav-second-level">
-                    <li class="rule perm_rule_add perm_rule_detail">
+                    <li class="rule perm_rule_add perm_rule_detail perm_rule_edit">
                        <a href="/jperm/rule/">授权规则</a>
                    </li>
                    <li class="role">