From 43fe985143f31aa8daf6f07b4d70a5b134334bc6 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 6 Oct 2015 18:51:49 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=BB=84=E6=8E=88=E6=9D=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jperm/perm_api.py | 109 ++-- jperm/urls.py | 2 + jperm/views.py | 893 +++------------------------ jumpserver/templatetags/mytags.py | 53 +- juser/models.py | 2 + playbook/user_perm.yaml | 30 +- templates/jperm/perm_group_edit.html | 155 +++++ templates/jperm/perm_group_list.html | 81 +++ templates/jperm/perm_user_list.html | 8 +- templates/nav.html | 2 +- 10 files changed, 444 insertions(+), 891 deletions(-) create mode 100644 templates/jperm/perm_group_edit.html create mode 100644 templates/jperm/perm_group_list.html diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 015d0a8a8..93c4dda0b 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -11,6 +11,7 @@ from jumpserver.models import Setting def get_object_list(model, id_list): + """根据id列表获取对象列表""" object_list = [] for object_id in id_list: if object_id: @@ -19,51 +20,69 @@ def get_object_list(model, id_list): return object_list -def perm_user_handle(user, asset_new, asset_del, group_new, group_del): - username = user.name - asset_group_new = get_object_list(AssetGroup, group_new) - asset_group_del = get_object_list(AssetGroup, group_del) - for asset_group in asset_group_new: - asset_new.extend([asset.ip for asset in asset_group.asset_set.all()]) - - for asset_group in asset_group_del: - asset_del.extend(asset.ip for asset in asset_group.asset_set.all()) - - def get_rand_file_path(base_dir=os.path.join(BASE_DIR, 'tmp')): + """获取随机文件路径""" filename = uuid.uuid1().hex return os.path.join(base_dir, filename) def get_inventory(host_group): + """生成资产表库存清单""" path = get_rand_file_path() f = open(path, 'w') for group, host_list in host_group.items(): f.write('[%s]\n' % group) for ip in host_list: asset = get_object(Asset, ip=ip) - if asset.use_default_auth: - f.write('%s ansbile_ssh_port=%s\n' % (ip, asset.port)) + if asset.use_default: + f.write('%s\n' % ip) else: - f.write('%s ansible_ssh_port=%s ansible_ssh_user=%s ansbile_ssh_pass=%s\n' - % (ip, asset.port, asset.username, CRYPTOR.decrypt(asset.password))) + f.write('%s ansible_ssh_port=%s ansible_ssh_user=%s ansible_ssh_pass=%s\n' % + (ip, asset.port, asset.username, CRYPTOR.decrypt(asset.password))) f.close() return path -def get_playbook(tempate, var): - str_playbook = open(tempate).read() +def get_playbook(template, var): + """根据playbook模板,生成playbook""" + str_playbook = open(template).read() for k, v in var.items(): - str_playbook = re.sub(r'%s' % k, v, str_playbook) + str_playbook = re.sub(r'%s' % k, v, str_playbook) # 正则来替换传入的字符 path = get_rand_file_path() f = open(path, 'w') f.write(str_playbook) return path -def perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del): - asset_new_ip = [] - asset_del_ip = [] +def playbook_run(inventory, playbook, default_user=None, default_port=None, default_pri_key_path=None): + stats = callbacks.AggregateStats() + playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY) + runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY) + # run the playbook + results = PlayBook(host_list=inventory, + playbook=playbook, + forks=5, + remote_user=default_user, + remote_port=default_port, + private_key_file=default_pri_key_path, + callbacks=playbook_cb, + runner_callbacks=runner_cb, + stats=stats, + become=True, + become_user='root').run() + + for hostname, result in results.items(): + if result.get('failures', 2): + print "%s >>> Failed" % hostname + else: + print "%s >>> Success" % hostname + return results + + +def perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user=None, user_group=None): + """用户授权api,通过调用ansible API完成用户新建等""" + asset_new_ip = [] # 新授权的ip列表 + asset_del_ip = [] # 回收授权的ip列表 if '' in asset_group_new: asset_group_new.remove('') @@ -71,48 +90,38 @@ def perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del): if '' in asset_group_del: asset_group_del.remove('') - asset_new_ip.extend([asset.ip for asset in get_object_list(Asset, asset_new)]) - + asset_new_ip.extend([asset.ip for asset in get_object_list(Asset, asset_new)]) # 查库,获取新授权ip for asset_group_id in asset_group_new: - asset_new_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) - - asset_del_ip.extend([asset.ip for asset in get_object_list(Asset, asset_del)]) - + asset_new_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) # 同理 + asset_del_ip.extend([asset.ip for asset in get_object_list(Asset, asset_del)]) # 查库,获取回收授权的ip for asset_group_id in asset_group_del: - asset_del_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) + asset_del_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) # 同理 print asset_new_ip print asset_del_ip - stats = callbacks.AggregateStats() - playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY) - runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY) - if asset_new_ip or asset_del_ip: host_group = {'new': asset_new_ip, 'del': asset_del_ip} - host_list = get_inventory(host_group) + inventory = get_inventory(host_group) + if user: + the_items = user.username, + elif user_group: + users = user_group.user_set.all() + the_items = ','.join([user.username for user in users]) + else: + return HttpResponse('Argument error.') + playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'), {'the_new_group': 'new', 'the_del_group': 'del', - 'the_user': user.username, 'the_pub_key': '/tmp/id_rsa.pub'}) + 'the_items': the_items, 'the_pub_key': '/tmp/id_rsa.pub'}) + settings = get_object(Setting, id=1) if settings: default_user = settings.default_user + default_port = settings.default_port default_pri_key_path = settings.default_pri_key_path else: - default_user = default_pri_key_path = '' - results = PlayBook(host_list=host_list, - playbook=playbook, - forks=5, - remote_user=default_user, - private_key_file=default_pri_key_path, - callbacks=playbook_cb, - runner_callbacks=runner_cb, - stats=stats, - become=True, - become_user='root').run() + default_user = default_port = default_pri_key_path = '' - for hostname, result in results.items(): - if result.get('failures', 2): - print "%s >>> Failed" % hostname - else: - print "%s >>> Success" % hostname + results = playbook_run(inventory, playbook, default_user, default_port, default_pri_key_path) + return results diff --git a/jperm/urls.py b/jperm/urls.py index a32025944..705ad9307 100644 --- a/jperm/urls.py +++ b/jperm/urls.py @@ -5,6 +5,8 @@ urlpatterns = patterns('jperm.views', # Examples: (r'^user/$', perm_user_list), (r'^perm_user_edit/$', perm_user_edit), + (r'^group/$', perm_group_list), + (r'^perm_group_edit/$', perm_group_edit), # (r'^dept_perm_edit/$', 'dept_perm_edit'), # (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}), # (r'^dept_perm_list/$', 'dept_perm_list'), diff --git a/jperm/views.py b/jperm/views.py index fdf95aa0d..609ef917c 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -17,11 +17,11 @@ from jperm.perm_api import * def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') - users_list = User.objects.all() + users_list = User.objects.all() # 获取所有用户 if keyword: - users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) - users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) + users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 + users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @@ -31,30 +31,30 @@ def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) - asset_all = Asset.objects.all() - asset_group_all = AssetGroup.objects.all() + asset_all = Asset.objects.all() # 获取所有资产 + asset_group_all = AssetGroup.objects.all() # 获取所有资产组 - asset_id_list = user.assets.split(',') - asset_group_id_list = user.asset_groups.split(',') + asset_id_list = user.assets.split(',') # 获取授权的资产id列表 + asset_group_id_list = user.asset_groups.split(',') # 获取授权的资产组id列表 if request.method == 'GET' and user: - asset_permed = get_object_list(Asset, asset_id_list) - asset_group_permed = get_object_list(AssetGroup, asset_group_id_list) - assets = [asset for asset in asset_all if asset not in asset_permed] - asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] + asset_permed = get_object_list(Asset, asset_id_list) # 获取授权的资产对象列表 + asset_group_permed = get_object_list(AssetGroup, asset_group_id_list) # 获取授权的资产组对象列表 + assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 + asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: - asset_select = request.POST.getlist('asset_select', []) - asset_group_select = request.POST.getlist('asset_groups_select', []) - asset_new = list(set(asset_select) - set(asset_id_list)) - asset_del = list(set(asset_id_list) - set(asset_select)) - asset_group_new = list(set(asset_group_select) - set(asset_group_id_list)) - asset_group_del = list(set(asset_group_id_list) - set(asset_group_select)) - user.assets = ','.join(asset_select) - user.asset_groups = ','.join(asset_group_select) - user.save() + asset_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 + asset_group_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 + asset_new = list(set(asset_select) - set(asset_id_list)) # 计算的得到新授权的资产对象列表 + asset_del = list(set(asset_id_list) - set(asset_select)) # 计算得到回收权限的资产对象列表 + asset_group_new = list(set(asset_group_select) - set(asset_group_id_list)) # 新授权的资产组对象列表 + asset_group_del = list(set(asset_group_id_list) - set(asset_group_select)) # 回收的资产组对象列表 + user.assets = ','.join(asset_select) # 获取选择的资产id字符串 '1, 2 ,3' + user.asset_groups = ','.join(asset_group_select) # 获取选择的资产组id字符串 '2, 3' + user.save() # 保存到数据库 - perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del) + perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user=user) # 通过API授权或回收 return HttpResponseRedirect('/jperm/user/') @@ -62,803 +62,54 @@ def perm_user_edit(request): return HttpResponse('输入错误') -# def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''): -# asset_groups_select_list = [] -# cmd_groups_select_list = [] -# -# for asset_group_id in asset_groups_select: -# asset_groups_select_list.extend(BisGroup.objects.filter(id=asset_group_id)) -# -# for cmd_group_id in cmd_groups_select: -# cmd_groups_select_list.extend(CmdGroup.objects.filter(id=cmd_group_id)) -# -# return asset_groups_select_list, cmd_groups_select_list -# -# -# @require_admin -# def perm_add(request): -# header_title, path1, path2 = u'主机授权添加', u'授权管理', u'授权添加' -# -# if request.method == 'GET': -# user_groups = UserGroup.objects.filter(id__gt=2) -# asset_groups = BisGroup.objects.all() -# -# else: -# name = request.POST.get('name', '') -# user_groups_select = request.POST.getlist('user_groups_select') -# asset_groups_select = request.POST.getlist('asset_groups_select') -# comment = request.POST.get('comment', '') -# -# user_groups, asset_groups = user_asset_cmd_groups_get(user_groups_select, asset_groups_select, '')[0:2] -# -# perm = Perm(name=name, comment=comment) -# perm.save() -# -# perm.user_group = user_groups -# perm.asset_group = asset_groups -# msg = '添加成功' -# return render_to_response('jperm/perm_user_edit.html', locals(), context_instance=RequestContext(request)) -# -# -# def dept_add_asset(dept_id, asset_list): -# dept = DEPT.objects.filter(id=dept_id) -# if dept: -# dept = dept[0] -# new_perm_asset = [] -# for asset_id in asset_list: -# asset = Asset.objects.filter(id=asset_id) -# new_perm_asset.extend(asset) -# -# dept.asset_set.clear() -# dept.asset_set = new_perm_asset -# -# -# @require_super_user -# def dept_perm_edit(request): -# header_title, path1, path2 = u'部门授权添加', u'授权管理', u'部门授权添加' -# if request.method == 'GET': -# dept_id = request.GET.get('id', '') -# dept = DEPT.objects.filter(id=dept_id) -# if dept: -# dept = dept[0] -# asset_all = Asset.objects.all() -# asset_select = dept.asset_set.all() -# assets = [asset for asset in asset_all if asset not in asset_select] -# else: -# dept_id = request.POST.get('dept_id') -# asset_select = request.POST.getlist('asset_select') -# dept_add_asset(dept_id, asset_select) -# return HttpResponseRedirect('/jperm/dept_perm_list/') -# return render_to_response('jperm/dept_perm_edit.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_super_user -# def perm_list(request): -# header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情' -# keyword = request.GET.get('search', '') -# uid = request.GET.get('uid', '') -# agid = request.GET.get('agid', '') -# if keyword: -# contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) -# else: -# contact_list = UserGroup.objects.all().order_by('name') -# -# if uid: -# user = User.objects.filter(id=uid) -# print user -# if user: -# user = user[0] -# contact_list = contact_list.filter(user=user) -# -# if agid: -# contact_list_confirm = [] -# asset_group = BisGroup.objects.filter(id=agid) -# if asset_group: -# asset_group = asset_group[0] -# for user_group in contact_list: -# if asset_group in user_group_perm_asset_group_api(user_group): -# contact_list_confirm.append(user_group) -# contact_list = contact_list_confirm -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# return render_to_response('jperm/perm_user_list.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def perm_list_adm(request): -# header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情' -# keyword = request.GET.get('search', '') -# uid = request.GET.get('uid', '') -# agid = request.GET.get('agid', '') -# user, dept = get_session_user_dept(request) -# contact_list = dept.usergroup_set.all().order_by('name') -# if keyword: -# contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) -# -# if uid: -# user = User.objects.filter(id=uid) -# print user -# if user: -# user = user[0] -# contact_list = contact_list.filter(user=user) -# -# if agid: -# contact_list_confirm = [] -# asset_group = BisGroup.objects.filter(id=agid) -# if asset_group: -# asset_group = asset_group[0] -# for user_group in contact_list: -# if asset_group in user_group_perm_asset_group_api(user_group): -# contact_list_confirm.append(user_group) -# contact_list = contact_list_confirm -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# return render_to_response('jperm/perm_user_list.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_super_user -# def dept_perm_list(request): -# header_title, path1, path2 = '查看部门', '授权管理', '部门授权' -# keyword = request.GET.get('search') -# if keyword: -# contact_list = DEPT.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)).order_by('name') -# else: -# contact_list = DEPT.objects.filter(id__gt=2) -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# -# return render_to_response('jperm/dept_perm_list.html', locals(), context_instance=RequestContext(request)) -# -# -# def perm_group_update(user_group_id, asset_groups_id_list): -# user_group = UserGroup.objects.filter(id=user_group_id) -# if user_group: -# user_group = user_group[0] -# old_asset_group = [perm.asset_group for perm in user_group.perm_set.all()] -# new_asset_group = [] -# -# for asset_group_id in asset_groups_id_list: -# new_asset_group.extend(BisGroup.objects.filter(id=asset_group_id)) -# -# del_asset_group = [asset_group for asset_group in old_asset_group if asset_group not in new_asset_group] -# add_asset_group = [asset_group for asset_group in new_asset_group if asset_group not in old_asset_group] -# -# for asset_group in del_asset_group: -# Perm.objects.filter(user_group=user_group, asset_group=asset_group).delete() -# -# for asset_group in add_asset_group: -# Perm(user_group=user_group, asset_group=asset_group).save() -# -# -# @require_super_user -# def perm_edit(request): -# if request.method == 'GET': -# header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑' -# user_group_id = request.GET.get('id', '') -# user_group = UserGroup.objects.filter(id=user_group_id) -# if user_group: -# user_group = user_group[0] -# asset_groups_all = BisGroup.objects.all() -# asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()] -# asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select] -# else: -# user_group_id = request.POST.get('user_group_id') -# asset_group_id_list = request.POST.getlist('asset_groups_select') -# perm_group_update(user_group_id, asset_group_id_list) -# -# return HttpResponseRedirect('/jperm/perm_list/') -# return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def perm_edit_adm(request): -# if request.method == 'GET': -# header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑' -# user_group_id = request.GET.get('id', '') -# user_group = UserGroup.objects.filter(id=user_group_id) -# user, dept = get_session_user_dept(request) -# if user_group: -# user_group = user_group[0] -# asset_groups_all = dept.bisgroup_set.all() -# asset_groups_select = [perm.asset_group for perm in user_group.perm_set.all()] -# asset_groups = [asset_group for asset_group in asset_groups_all if asset_group not in asset_groups_select] -# else: -# user_group_id = request.POST.get('user_group_id') -# asset_group_id_list = request.POST.getlist('asset_groups_select') -# print user_group_id, asset_group_id_list -# if not validate(request, user_group=[user_group_id], asset_group=asset_group_id_list): -# return HttpResponseRedirect('/') -# perm_group_update(user_group_id, asset_group_id_list) -# -# return HttpResponseRedirect('/jperm/perm_list/') -# return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def perm_detail(request): -# header_title, path1, path2 = u'授权管理', u'小组管理', u'授权详情' -# group_id = request.GET.get('id') -# user_group = UserGroup.objects.filter(id=group_id) -# if user_group: -# user_group = user_group[0] -# users = user_group.user_set.all() -# group_user_num = len(users) -# perms = user_group.perm_set.all() -# asset_groups = [perm.asset_group for perm in perms] -# return render_to_response('jperm/perm_detail.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def perm_del(request): -# perm_id = request.GET.get('id') -# perm = Perm.objects.filter(id=perm_id) -# if perm: -# perm = perm[0] -# perm.delete() -# return HttpResponseRedirect('/jperm/perm_list/') -# -# -# @require_admin -# def perm_asset_detail(request): -# header_title, path1, path2 = u'用户授权主机', u'权限管理', u'用户主机详情' -# user_id = request.GET.get('id') -# user = User.objects.filter(id=user_id) -# if user: -# user = user[0] -# assets_list = user_perm_asset_api(user.username) -# return render_to_response('jperm/perm_asset_detail.html', locals(), context_instance=RequestContext(request)) -# -# -# def unicode2str(unicode_list): -# return [str(i) for i in unicode_list] -# -# -# # def sudo_ldap_add(user_group, user_runas, asset_groups_select, -# # cmd_groups_select): -# # if not LDAP_ENABLE: -# # return True -# # -# # assets = [] -# # cmds = [] -# # user_runas = user_runas.split(',') -# # if len(asset_groups_select) == 1 and asset_groups_select[0].name == 'ALL': -# # asset_all = True -# # else: -# # asset_all = False -# # for asset_group in asset_groups_select: -# # assets.extend(asset_group.asset_set.all()) -# # -# # if user_group.name == 'ALL': -# # user_all = True -# # users = [] -# # else: -# # user_all = False -# # users = user_group.user_set.all() -# # -# # for cmd_group in cmd_groups_select: -# # cmds.extend(cmd_group.cmd.split(',')) -# # -# # if user_all: -# # users_name = ['ALL'] -# # else: -# # users_name = list(set([user.username for user in users])) -# # -# # if asset_all: -# # assets_ip = ['ALL'] -# # else: -# # assets_ip = list(set([asset.ip for asset in assets])) -# # -# # name = 'sudo%s' % user_group.id -# # sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN) -# # sudo_attr = {'objectClass': ['top', 'sudoRole'], -# # 'cn': ['%s' % name], -# # 'sudoCommand': unicode2str(cmds), -# # 'sudoHost': unicode2str(assets_ip), -# # 'sudoOption': ['!authenticate'], -# # 'sudoRunAsUser': unicode2str(user_runas), -# # 'sudoUser': unicode2str(users_name)} -# # ldap_conn.delete(sudo_dn) -# # ldap_conn.add(sudo_dn, sudo_attr) -# -# # -# # def sudo_update(user_group, user_runas, asset_groups_select, cmd_groups_select, comment): -# # asset_groups_select_list, cmd_groups_select_list = \ -# # asset_cmd_groups_get(asset_groups_select, cmd_groups_select) -# # sudo_perm = user_group.sudoperm_set.all() -# # if sudo_perm: -# # sudo_perm.update(user_runas=user_runas, comment=comment) -# # sudo_perm = sudo_perm[0] -# # sudo_perm.asset_group = asset_groups_select_list -# # sudo_perm.cmd_group = cmd_groups_select_list -# # else: -# # sudo_perm = SudoPerm(user_group=user_group, user_runas=user_runas, comment=comment) -# # sudo_perm.save() -# # sudo_perm.asset_group = asset_groups_select_list -# # sudo_perm.cmd_group = cmd_groups_select_list -# # -# # sudo_ldap_add(user_group, user_runas, asset_groups_select_list, cmd_groups_select_list) -# -# -# @require_super_user -# def sudo_list(request): -# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情' -# keyword = request.GET.get('search', '') -# contact_list = UserGroup.objects.all().order_by('name') -# if keyword: -# contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# return render_to_response('jperm/sudo_list.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def sudo_list_adm(request): -# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情' -# keyword = request.GET.get('search', '') -# user, dept = get_session_user_dept(request) -# contact_list = dept.usergroup_set.all().order_by('name') -# if keyword: -# contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# return render_to_response('jperm/sudo_list.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_super_user -# def sudo_edit(request): -# header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo授权' -# -# if request.method == 'GET': -# user_group_id = request.GET.get('id', '0') -# user_group = UserGroup.objects.filter(id=user_group_id) -# asset_group_all = BisGroup.objects.filter() -# cmd_group_all = CmdGroup.objects.all() -# if user_group: -# user_group = user_group[0] -# sudo_perm = user_group.sudoperm_set.all() -# if sudo_perm: -# sudo_perm = sudo_perm[0] -# asset_group_permed = sudo_perm.asset_group.all() -# cmd_group_permed = sudo_perm.cmd_group.all() -# user_runas = sudo_perm.user_runas -# comment = sudo_perm.comment -# else: -# asset_group_permed = [] -# cmd_group_permed = [] -# -# asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] -# cmd_groups = [cmd_group for cmd_group in cmd_group_all if cmd_group not in cmd_group_permed] -# -# else: -# user_group_id = request.POST.get('user_group_id', '') -# users_runas = request.POST.get('runas') if request.POST.get('runas') else 'root' -# asset_groups_select = request.POST.getlist('asset_groups_select') -# cmd_groups_select = request.POST.getlist('cmd_groups_select') -# comment = request.POST.get('comment', '') -# user_group = UserGroup.objects.filter(id=user_group_id) -# if user_group: -# user_group = user_group[0] -# if LDAP_ENABLE: -# sudo_update(user_group, users_runas, asset_groups_select, cmd_groups_select, comment) -# msg = '修改成功' -# -# return HttpResponseRedirect('/jperm/sudo_list/') -# -# return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def sudo_edit_adm(request): -# header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo授权' -# user, dept = get_session_user_dept(request) -# if request.method == 'GET': -# user_group_id = request.GET.get('id', '0') -# if not validate(request, user_group=[user_group_id]): -# return render_to_response('/jperm/sudo_list/') -# user_group = UserGroup.objects.filter(id=user_group_id) -# asset_group_all = dept.bisgroup_set.all() -# cmd_group_all = dept.cmdgroup_set.all() -# if user_group: -# user_group = user_group[0] -# sudo_perm = user_group.sudoperm_set.all() -# if sudo_perm: -# sudo_perm = sudo_perm[0] -# asset_group_permed = sudo_perm.asset_group.all() -# cmd_group_permed = sudo_perm.cmd_group.all() -# user_runas = sudo_perm.user_runas -# comment = sudo_perm.comment -# else: -# asset_group_permed = [] -# cmd_group_permed = [] -# -# asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] -# cmd_groups = [cmd_group for cmd_group in cmd_group_all if cmd_group not in cmd_group_permed] -# -# else: -# user_group_id = request.POST.get('user_group_id', '') -# users_runas = request.POST.get('runas', 'root') -# asset_groups_select = request.POST.getlist('asset_groups_select') -# cmd_groups_select = request.POST.getlist('cmd_groups_select') -# comment = request.POST.get('comment', '') -# user_group = UserGroup.objects.filter(id=user_group_id) -# if not validate(request, user_group=[user_group_id], asset_group=asset_groups_select): -# return render_to_response('/jperm/sudo_list/') -# if user_group: -# user_group = user_group[0] -# if LDAP_ENABLE: -# sudo_update(user_group, users_runas, asset_groups_select, cmd_groups_select, comment) -# msg = '修改成功' -# -# return HttpResponseRedirect('/jperm/sudo_list/') -# return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def sudo_detail(request): -# header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情' -# user_group_id = request.GET.get('id') -# user_group = UserGroup.objects.filter(id=user_group_id) -# if user_group: -# asset_groups = [] -# cmd_groups = [] -# user_group = user_group[0] -# users = user_group.user_set.all() -# group_user_num = len(users) -# -# for perm in user_group.sudoperm_set.all(): -# asset_groups.extend(perm.asset_group.all()) -# cmd_groups.extend(perm.cmd_group.all()) -# -# print asset_groups -# return render_to_response('jperm/sudo_detail.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def sudo_refresh(request): -# sudo_perm_all = SudoPerm.objects.all() -# for sudo_perm in sudo_perm_all: -# user_group = sudo_perm.user_group -# user_runas = sudo_perm.user_runas -# asset_groups_select = sudo_perm.asset_group.all() -# cmd_groups_select = sudo_perm.cmd_group.all() -# sudo_ldap_add(user_group, user_runas, asset_groups_select, cmd_groups_select) -# return HttpResponse('刷新sudo授权成功') -# -# -# @require_super_user -# def cmd_add(request): -# header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加' -# dept_all = DEPT.objects.all() -# -# if request.method == 'POST': -# name = request.POST.get('name') -# dept_id = request.POST.get('dept_id') -# cmd = ','.join(request.POST.get('cmd').split('\n')) -# comment = request.POST.get('comment') -# dept = DEPT.objects.filter(id=dept_id) -# -# try: -# if CmdGroup.objects.filter(name=name): -# error = '%s 命令组已存在' -# raise ServerError(error) -# -# if not dept: -# error = u"部门不能为空" -# raise ServerError(error) -# except ServerError, e: -# pass -# else: -# dept = dept[0] -# CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment) -# msg = u'命令组添加成功' -# return HttpResponseRedirect('/jperm/cmd_list/') -# -# return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def cmd_add_adm(request): -# header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加' -# user, dept = get_session_user_dept(request) -# -# if request.method == 'POST': -# name = request.POST.get('name') -# cmd = ','.join(request.POST.get('cmd').split('\n')) -# comment = request.POST.get('comment') -# -# try: -# if CmdGroup.objects.filter(name=name): -# error = '%s 命令组已存在' -# raise ServerError(error) -# except ServerError, e: -# pass -# else: -# CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment) -# return HttpResponseRedirect('/jperm/cmd_list/') -# -# return HttpResponseRedirect('/jperm/cmd_list/') -# -# return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def cmd_edit(request): -# header_title, path1, path2 = u'sudo命令修改', u'授权管理管理', u'命令组修改' -# -# cmd_group_id = request.GET.get('id') -# cmd_group = CmdGroup.objects.filter(id=cmd_group_id) -# dept_all = DEPT.objects.all() -# -# if cmd_group: -# cmd_group = cmd_group[0] -# cmd_group_id = cmd_group.id -# dept_id = cmd_group.dept.id -# name = cmd_group.name -# cmd = '\n'.join(cmd_group.cmd.split(',')) -# comment = cmd_group.comment -# -# if request.method == 'POST': -# cmd_group_id = request.POST.get('cmd_group_id') -# name = request.POST.get('name') -# dept_id = request.POST.get('dept_id') -# cmd = ','.join(request.POST.get('cmd').split()) -# comment = request.POST.get('comment') -# cmd_group = CmdGroup.objects.filter(id=cmd_group_id) -# -# dept = DEPT.objects.filter(id=dept_id) -# try: -# if not dept: -# error = '没有该部门' -# raise ServerError(error) -# -# if not cmd_group: -# error = '没有该命令组' -# except ServerError, e: -# pass -# else: -# cmd_group.update(name=name, cmd=cmd, dept=dept[0], comment=comment) -# return HttpResponseRedirect('/jperm/cmd_list/') -# return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def cmd_list(request): -# header_title, path1, path2 = u'sudo命令查看', u'权限管理', u'Sudo命令添加' -# -# if is_super_user(request): -# cmd_groups = contact_list = CmdGroup.objects.all() -# else: -# user, dept = get_session_user_dept(request) -# cmd_groups = contact_list = dept.cmdgroup_set.all() -# p = paginator = Paginator(contact_list, 10) -# -# try: -# page = int(request.GET.get('page', '1')) -# except ValueError: -# page = 1 -# -# try: -# contacts = paginator.page(page) -# except (EmptyPage, InvalidPage): -# contacts = paginator.page(paginator.num_pages) -# return render_to_response('jperm/sudo_cmd_list.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def cmd_del(request): -# cmd_group_id = request.GET.get('id') -# cmd_group = CmdGroup.objects.filter(id=cmd_group_id) -# -# if cmd_group: -# cmd_group[0].delete() -# return HttpResponseRedirect('/jperm/cmd_list/') -# -# -# @require_admin -# def cmd_detail(request): -# cmd_ids = request.GET.get('id').split(',') -# cmds = [] -# if len(cmd_ids) == 1: -# if cmd_ids[0]: -# cmd_id = cmd_ids[0] -# else: -# cmd_id = 1 -# cmd_group = CmdGroup.objects.filter(id=cmd_id) -# if cmd_group: -# cmd_group = cmd_group[0] -# cmds.extend(cmd_group.cmd.split(',')) -# cmd_group_name = cmd_group.name -# else: -# cmd_groups = [] -# for cmd_id in cmd_ids: -# cmd_groups.extend(CmdGroup.objects.filter(id=cmd_id)) -# for cmd_group in cmd_groups: -# cmds.extend(cmd_group.cmd.split(',')) -# -# cmds_str = ', '.join(cmds) -# -# return render_to_response('jperm/sudo_cmd_detail.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_login -# def perm_apply(request): -# """ 权限申请 """ -# header_title, path1, path2 = u'主机权限申请', u'权限管理', u'申请主机' -# user_id, username = get_session_user_info(request)[0:2] -# name = User.objects.get(id=user_id).username -# dept_id, deptname, dept = get_session_user_info(request)[3:6] -# perm_host = user_perm_asset_api(username) -# all_host = Asset.objects.filter(dept=dept) -# -# perm_group = user_perm_group_api(username) -# all_group = dept.bisgroup_set.all() -# -# posts = [g for g in all_host if g not in perm_host] -# egroup = [d for d in all_group if d not in perm_group] -# -# dept_da = User.objects.filter(dept_id=dept_id, role='DA') -# admin = User.objects.get(name='admin') -# -# if request.method == 'POST': -# applyer = request.POST.get('applyer') -# dept = request.POST.get('dept') -# da = request.POST.get('da') -# group = request.POST.getlist('group') -# hosts = request.POST.getlist('hosts') -# comment = request.POST.get('comment') -# if not da: -# return httperror(request, u'请选择管理员!') -# da = User.objects.get(id=da) -# mail_address = da.email -# mail_title = '%s - 权限申请' % username -# group_lis = ', '.join(group) -# hosts_lis = ', '.join(hosts) -# time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') -# a = Apply.objects.create(applyer=applyer, admin=da, dept=dept, bisgroup=group, date_add=datetime.datetime.now(), -# asset=hosts, status=0, comment=comment, read=0) -# uuid = a.uuid -# url = "http://%s:%s/jperm/apply_exec/?uuid=%s" % (SEND_IP, SEND_PORT, uuid) -# mail_msg = """ -# Hi,%s: -# 有新的权限申请, 详情如下: -# 申请人: %s -# 申请主机组: %s -# 申请的主机: %s -# 申请时间: %s -# 申请说明: %s -# 请及时审批, 审批完成后, 点击以下链接或登录授权管理-权限审批页面点击确认键,告知申请人。 -# -# %s -# """ % (da.username, applyer, group_lis, hosts_lis, time_now, comment, url) -# -# send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False) -# smg = "提交成功,已发邮件至 %s 通知部门管理员。" % mail_address -# return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) -# return render_to_response('jperm/perm_apply.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def perm_apply_exec(request): -# """ 确认权限 """ -# header_title, path1, path2 = u'主机权限申请', u'权限管理', u'审批完成' -# uuid = request.GET.get('uuid') -# user_id = request.session.get('user_id') -# approver = User.objects.get(id=user_id).name -# if uuid: -# p_apply = Apply.objects.filter(uuid=str(uuid)) -# q_apply = Apply.objects.get(uuid=str(uuid)) -# if q_apply.status == 1: -# smg = '此权限已经审批完成, 请勿重复审批, 十秒钟后返回首页' -# return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request)) -# else: -# user = User.objects.get(username=q_apply.applyer) -# mail_address = user.email -# time_now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') -# p_apply.update(status=1, approver=approver, date_end=time_now) -# mail_title = '%s - 权限审批完成' % q_apply.applyer -# mail_msg = """ -# Hi,%s: -# 您所申请的权限已由 %s 在 %s 审批完成, 请登录验证。 -# """ % (q_apply.applyer, q_apply.approver, time_now) -# send_mail(mail_title, mail_msg, MAIL_FROM, [mail_address], fail_silently=False) -# smg = '授权完成, 已邮件通知申请人, 十秒钟后返回首页' -# return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request)) -# else: -# smg = '没有此授权记录, 十秒钟后返回首页' -# return render_to_response('jperm/perm_apply_exec.html', locals(), context_instance=RequestContext(request)) -# -# -# def get_apply_posts(request, status, username, dept_name, keyword=None): -# """ 获取申请记录 """ -# post_all = Apply.objects.filter(status=status).order_by('-date_add') -# post_keyword_all = Apply.objects.filter(Q(applyer__contains=keyword) | -# Q(approver__contains=keyword)) \ -# .filter(status=status).order_by('-date_add') -# -# if is_super_user(request): -# if keyword: -# posts = post_keyword_all -# else: -# posts = post_all -# elif is_group_admin(request): -# if keyword: -# posts = post_keyword_all.filter(dept=dept_name) -# else: -# posts = post_all.filter(dept=dept_name) -# elif is_common_user(request): -# if keyword: -# posts = post_keyword_all.filter(applyer=username) -# else: -# posts = post_all.filter(applyer=username) -# -# return posts -# -# -# @require_login -# def perm_apply_log(request, offset): -# """ 申请记录 """ -# header_title, path1, path2 = u'权限申请记录', u'权限管理', u'申请记录' -# keyword = request.GET.get('keyword', '') -# user_id = get_session_user_info(request)[0] -# username = User.objects.get(id=user_id).name -# dept_name = get_session_user_info(request)[4] -# status_dic = {'online': 0, 'offline': 1} -# status = status_dic[offset] -# posts = get_apply_posts(request, status, username, dept_name, keyword) -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) -# return render_to_response('jperm/perm_log_%s.html' % offset, locals(), context_instance=RequestContext(request)) -# -# -# @require_login -# def perm_apply_info(request): -# """ 申请信息详情 """ -# uuid = request.GET.get('uuid', '') -# post = Apply.objects.filter(uuid=uuid) -# username = get_session_user_info(request)[1] -# if post: -# post = post[0] -# if post.read == 0 and post.applyer != username: -# post.read = 1 -# post.save() -# else: -# return httperror(request, u'没有这个申请记录!') -# -# return render_to_response('jperm/perm_apply_info.html', locals(), context_instance=RequestContext(request)) -# -# -# @require_admin -# def perm_apply_del(request): -# """ 删除日志记录 """ -# uuid = request.GET.get('uuid') -# u_apply = Apply.objects.filter(uuid=uuid) -# if u_apply: -# u_apply.delete() -# return HttpResponseRedirect('/jperm/apply_show/online/') -# -# -# @require_login -# def perm_apply_search(request): -# """ 申请搜索 """ -# keyword = request.GET.get('keyword') -# offset = request.GET.get('env') -# username = get_session_user_info(request)[1] -# dept_name = get_session_user_info(request)[3] -# status_dic = {'online': 0, 'offline': 1} -# status = status_dic[offset] -# posts = get_apply_posts(request, status, username, dept_name, keyword) -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) -# return render_to_response('jperm/perm_apply_search.html', locals(), context_instance=RequestContext(request)) -# -# -# -# -# -# -# -# -# -# -# -# -# -# +@require_role('admin') +def perm_group_list(request): + header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' + keyword = request.GET.get('search', '') + user_groups_list = UserGroup.objects.all() + + if keyword: + request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) + user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) + + return my_render('jperm/perm_group_list.html', locals(), request) + + +@require_role('admin') +def perm_group_edit(request): + header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' + user_group_id = request.GET.get('id', '') + user_group = get_object(UserGroup, id=user_group_id) + asset_all = Asset.objects.all() + asset_group_all = AssetGroup.objects.all() + + asset_id_list = user_group.assets.split(',') + asset_group_id_list = user_group.asset_groups.split(',') + print asset_id_list, asset_group_id_list + if request.method == 'GET' and user_group: + asset_permed = get_object_list(Asset, asset_id_list) + asset_group_permed = get_object_list(AssetGroup, asset_group_id_list) + assets = [asset for asset in asset_all if asset not in asset_permed] + asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] + return my_render('jperm/perm_group_edit.html', locals(), request) + + elif request.method == 'POST' and user_group: + asset_select = request.POST.getlist('asset_select', []) + asset_group_select = request.POST.getlist('asset_groups_select', []) + asset_new = list(set(asset_select) - set(asset_id_list)) + asset_del = list(set(asset_id_list) - set(asset_select)) + asset_group_new = list(set(asset_group_select) - set(asset_group_id_list)) + asset_group_del = list(set(asset_group_id_list) - set(asset_group_select)) + user_group.assets = ','.join(asset_select) + user_group.asset_groups = ','.join(asset_group_select) + user_group.save() + + perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group) + + return HttpResponseRedirect('/jperm/group/') + + else: + return HttpResponse('输入错误') + + + diff --git a/jumpserver/templatetags/mytags.py b/jumpserver/templatetags/mytags.py index da5ba9850..54d9a9ab8 100644 --- a/jumpserver/templatetags/mytags.py +++ b/jumpserver/templatetags/mytags.py @@ -54,8 +54,8 @@ def get_role(user_id): # return "%s ..." % ' '.join(groups[0:2]) # -@register.filter(name='group_str2') -def groups_str2(group_list): +@register.filter(name='groups2str') +def groups2str(group_list): """ 将用户组列表转换为str """ @@ -64,6 +64,55 @@ def groups_str2(group_list): else: return '%s ...' % ' '.join([group.name for group in group_list[0:2]]) + +@register.filter(name='user_asset_count') +def user_asset_count(user): + """ + 返回用户权限主机的数量 + """ + assets_id = user.assets.split(',') + asset_groups = user.asset_groups.split(',') + + for asset_group_id in asset_groups: + asset_group = get_object(AssetGroup, id=asset_group_id) + if asset_group: + assets_id.extend(asset.id for asset in asset_group.asset_set.all()) + + assets_id = set(map(str, assets_id)) + return len(assets_id) + + +@register.filter(name='user_asset_group_count') +def user_asset_group_count(user): + """ + 返回用户权限主机组的数量 + """ + return len(filter(lambda x: x, user.asset_groups.split(','))) + +# +# @register.filter(name='user_group_asset_count') +# def user_group_asset_count(user_group): +# """ +# 返回用户组权限主机的数量 +# """ +# assets_id = user_group.assets.split(',') +# asset_groups = user_group.asset_groups.split(',') +# +# for asset_group_id in asset_groups: +# asset_group = get_object(AssetGroup, id=asset_group_id) +# if asset_group: +# assets_id.extend(asset.id for asset in asset_group.asset_set.all()) +# +# assets_id = set(map(str, assets_id)) +# return len(assets_id) +# +# +# @register.filter(name='user_group_asset_count') +# def user_group_asset_group_count(user_group): +# """ +# 返回用户组权限主机组的数量 +# """ +# return len(user_group.asset_groups.split(',')) # # @register.filter(name='group_str2_all') # def group_str2_all(group_list): diff --git a/juser/models.py b/juser/models.py index da61481b2..f2d5a6643 100644 --- a/juser/models.py +++ b/juser/models.py @@ -5,6 +5,8 @@ from django.db import models class UserGroup(models.Model): name = models.CharField(max_length=80, unique=True) + assets = models.TextField(max_length=1000, verbose_name="Assets", default='') + asset_groups = models.CharField(max_length=1000, verbose_name="Asset Groups", default='') comment = models.CharField(max_length=160, blank=True, null=True) def __unicode__(self): diff --git a/playbook/user_perm.yaml b/playbook/user_perm.yaml index 4aaefa91d..d57ff1964 100644 --- a/playbook/user_perm.yaml +++ b/playbook/user_perm.yaml @@ -1,17 +1,19 @@ -- hosts: the_new_group - vars: - user: the_user - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=the_pub_key dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - - hosts: the_del_group - vars: - user: the_user tasks: - name: del user - user: name={{ user }} state=absent remove=yes + user: name={{ item }} state=absent remove=yes + with_items: [ the_items ] + +- hosts: the_new_group + tasks: + - name: add user + user: name={{ item }} state=present + with_items: [ the_items ] + - name: .ssh direcotory + file: name=/home/{{ item }}/.ssh mode=700 owner={{ item }} group={{ item }} state=directory + with_items: [ the_items ] + - name: set authorizied_file + copy: src=the_pub_key dest=/home/{{ item }}/.ssh/authorizied_keys owner={{ item }} group={{ item }} mode=600 + with_items: [ the_items ] + + diff --git a/templates/jperm/perm_group_edit.html b/templates/jperm/perm_group_edit.html new file mode 100644 index 000000000..785f249a0 --- /dev/null +++ b/templates/jperm/perm_group_edit.html @@ -0,0 +1,155 @@ +{% extends 'base.html' %} +{% load mytags %} +{% block content %} +{% include 'nav_cat_bar.html' %} + +
+
+
+
+
+
{{ user_group.name }}授权修改
+
+ + + + + + + + + +
+
+ +
+
+ {% if error %} +
{{ error }}
+ {% endif %} + {% if msg %} +
{{ msg }}
+ {% endif %} +
+
+ +
+ +
+
+ +
+ +
+ +
+
+ +
+
+ +
+
+ + +
+
+ +
+
+ +
+
+
+ +
+ +
+ +
+
+ +
+
+ +
+
+ + +
+
+ +
+
+ +
+
+
+
+ +
+
+
+ + +
+
+
+
+ +
+
+
+
+
+ + + + +{% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_group_list.html b/templates/jperm/perm_group_list.html new file mode 100644 index 000000000..6a1e8be85 --- /dev/null +++ b/templates/jperm/perm_group_list.html @@ -0,0 +1,81 @@ +{% extends 'base.html' %} +{% load mytags %} +{% block content %} +{% include 'nav_cat_bar.html' %} + +
+
+
+
+
+
查看小组
+
+ + + + + + + + + +
+
+ +
+
+ 添加用户组 + +
+ + + + + + + + + + + + + {% for user_group in user_groups.object_list %} + + + + + + + + {% endfor %} + +
用户组成员授权资产授权资产组操作
{{ user_group.name }} + {{ user_group.user_set.all | length }} + {{ user_group | user_asset_count }} {{ user_group | user_asset_group_count }} + 详情 + 编辑 +
+
+
+
+ Showing {{ users.start_index }} to {{ users.end_index }} of {{ p.count }} entries +
+
+ {% include 'paginator.html' %} +
+
+
+
+
+
+ +{% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_user_list.html b/templates/jperm/perm_user_list.html index 785dbbbbd..348b998b6 100644 --- a/templates/jperm/perm_user_list.html +++ b/templates/jperm/perm_user_list.html @@ -51,9 +51,11 @@ {% for user in users.object_list %} {{ user.name }} - {{ user.id }} - {{ user.id }} - {{ user.comment }} + + {{ user.group.all | groups2str }} + + {{ user | user_asset_count }} + {{ user | user_asset_group_count }} 详情 编辑 diff --git a/templates/nav.html b/templates/nav.html index ff622f8b7..d0a5e37b9 100644 --- a/templates/nav.html +++ b/templates/nav.html @@ -32,7 +32,7 @@
  • - 用户组授权 + 用户组授权