update

f8c8c3de · liuzheng712 · 8e9f2253 · f8c8c3de · f8c8c3de · f8c8c3de
Commit f8c8c3de authored Oct 27, 2015 by liuzheng712
Show whitespace changes
Inline Side-by-side

Showing with 49 additions and 36 deletions

api.py jumpserver/api.py +15 -14

views.py jumpserver/views.py +27 -18

views.py juser/views.py +7 -4

No files found.
--- a/jumpserver/api.py
+++ b/jumpserver/api.py
@@ -492,7 +492,7 @@ def require_role(role='user'):
    def _deco(func):
        def __deco(request, *args, **kwargs):
            if role == 'user':
-                if not request.session.get('user_id'):
+                if not request.user.is_authenticated():
                    return HttpResponseRedirect('/login/')
            elif role == 'admin':
                if request.session.get('role_id', 0) < 1:
@@ -522,13 +522,14 @@ def get_session_user_dept(request):
    get department of the user in session
    获取session中用户的部门
    """
-    user_id = request.session.get('user_id', 0)
-    print '#' * 20
-    print user_id
-    user = User.objects.filter(id=user_id)
-    if user:
-        user = user[0]
-        return user, None
+    # user_id = request.session.get('user_id', 0)
+    # print '#' * 20
+    # print user_id
+    # user = User.objects.filter(id=user_id)
+    # if user:
+    #     user = user[0]
+    #     return user, None
+    return request.user, None


 @require_role
@@ -537,18 +538,18 @@ def get_session_user_info(request):
    get the user info of the user in session, for example id, username etc.
    获取用户的信息
    """
-    user_id = request.session.get('user_id', 0)
-    user = get_object(User, id=user_id)
-    if user:
-        return [user.id, user.username, user]
-
+    # user_id = request.session.get('user_id', 0)
+    # user = get_object(User, id=user_id)
+    # if user:
+    #     return [user.id, user.username, user]
+    return [request.user.id, request.user.username, request.user]

 def get_user_dept(request):
    """
    get the user dept id
    获取用户的部门id
    """
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
    if user_id:
        user_dept = User.objects.get(id=user_id).dept
        return user_dept.id

--- a/jumpserver/views.py
+++ b/jumpserver/views.py
@@ -12,7 +12,7 @@ from django.http import HttpResponse
 # from jperm.models import Apply
 import paramiko
 from jumpserver.api import *
-
+from django.contrib.auth import authenticate,logout,login


 def getDaysByNum(num):
@@ -49,7 +49,7 @@ def get_data(data, items, option):

 @require_role(role='user')
 def index_cu(request):
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
    user = get_object(User, id=user_id)
    login_types = {'L': 'LDAP', 'M': 'MAP'}
    username = user.username
@@ -193,40 +193,49 @@ def is_latest():
        pass


-def login(request):
+def Login(request):
    """登录界面"""
-    if request.session.get('username'):
+    if not request.user.is_authenticated():
        return HttpResponseRedirect('/')
    if request.method == 'GET':
        return render_to_response('login.html')
    else:
        username = request.POST.get('username')
        password = request.POST.get('password')
-        user_filter = User.objects.filter(username=username)
-        if user_filter:
-            user = user_filter[0]
-            if PyCrypt.md5_crypt(password) == user.password:
-                request.session['user_id'] = user.id
-                user_filter.update(last_login=datetime.datetime.now())
+        if username and password:
+            user = authenticate(username=username, password=password)
+            if user is not None:
+                if user.is_active:
+                    login(request, user)
+                    # c = {}
+                    # c.update(csrf(request))
+                    # request.session['csrf_token'] = str(c.get('csrf_token'))
+        # user_filter = User.objects.filter(username=username)
+        # if user_filter:
+        #     user = user_filter[0]
+        #     if PyCrypt.md5_crypt(password) == user.password:
+        #         request.session['user_id'] = user.id
+        #         user_filter.update(last_login=datetime.datetime.now())
                    if user.role == 'SU':
                        request.session['role_id'] = 2
                    elif user.role == 'GA':
                        request.session['role_id'] = 1
                    else:
                        request.session['role_id'] = 0
-                response = HttpResponseRedirect('/', )
-                response.set_cookie('username', username, expires=604800)
-                response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800)
-                return response
-            else:
-                error = '密码错误，请重新输入。'
+                    return HttpResponseRedirect('/', )
+                # response.set_cookie('username', username, expires=604800)
+                # response.set_cookie('seed', PyCrypt.md5_crypt(password), expires=604800)
+                # return response
+            # else:
+            #     error = '密码错误，请重新输入。'
        else:
-            error = '用户不存在。'
+            error = '用户名或密码错误'
    return render_to_response('login.html', {'error': error})


-def logout(request):
+def Logout(request):
    request.session.delete()
+    logout(request)
    return HttpResponseRedirect('/login/')

 #

--- a/juser/views.py
+++ b/juser/views.py
@@ -394,7 +394,7 @@ def user_list(request):
 def user_detail(request):
    header_title, path1, path2 = '用户详情', '用户管理', '用户详情'
    if request.session.get('role_id') == 0:
-        user_id = request.session.get('user_id')
+        user_id = request.user.id
    else:
        user_id = request.GET.get('id', '')
    #     if request.session.get('role_id') == 1:
@@ -617,7 +617,10 @@ def user_edit_adm(request):


 def profile(request):
-    user_id = request.session.get('user_id')
+    a = request.user.id
+    a = request.user.groups
+
+    user_id = request.user.id
    if not user_id:
        return HttpResponseRedirect('/')
    user = User.objects.get(id=user_id)
@@ -626,7 +629,7 @@ def profile(request):

 def change_info(request):
    header_title, path1, path2 = '修改信息', '用户管理', '修改个人信息'
-    user_id = request.session.get('user_id')
+    user_id = request.user.id
    user = get_object(User, id=user_id)
    error = ''
    if not user:
@@ -673,7 +676,7 @@ def down_key(request):
        user_id = request.GET.get('id')

    if is_role_request(request, 'user'):
-        user_id = request.session.get('user_id')
+        user_id = request.user.id

    if user_id:
        user = get_object(User, id=user_id)