From 9eb64466bc66440abe5b5668ad014c1f77fa4ef5 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 25 Dec 2015 20:26:31 +0800 Subject: [PATCH] fix user perm group perm --- jperm/perm_api.py | 6 +++++- jperm/views.py | 2 +- run_websocket.py | 51 +++++++++++++++++++++++------------------------ 3 files changed, 31 insertions(+), 28 deletions(-) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index e34de01ad..c444b952a 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -29,7 +29,10 @@ def get_group_user_perm(ob): """ perm = {} if isinstance(ob, User): - rule_all = PermRule.objects.filter(user=ob) + rule_all = set(PermRule.objects.filter(user=ob)) + for user_group in ob.group.all(): + rule_all = rule_all.union(set(PermRule.objects.filter(user_group=user_group))) + elif isinstance(ob, UserGroup): rule_all = PermRule.objects.filter(user_group=ob) else: @@ -80,6 +83,7 @@ def get_group_user_perm(ob): else: perm_asset[asset] = {'role': perm_asset_group[asset_group].get('role', set()), 'rule': perm_asset_group[asset_group].get('rule', set())} + print perm return perm diff --git a/jperm/views.py b/jperm/views.py index 10e6b3fd7..e13d55746 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -667,7 +667,7 @@ def perm_role_get(request): asset = get_object(Asset, id=asset_id) if asset: role = user_have_perm(request.user, asset=asset) - logger.debug('#' + ','.join([i.name for i in role]) + '#') + logger.debug(u'获取授权系统用户: ' + ','.join([i.name for i in role])) return HttpResponse(','.join([i.name for i in role])) else: roles = get_group_user_perm(request.user).get('role').keys() diff --git a/run_websocket.py b/run_websocket.py index 3349fda71..c77ae6077 100755 --- a/run_websocket.py +++ b/run_websocket.py @@ -44,29 +44,28 @@ def require_auth(role='user'): else: session_key = request.get_argument('sessionid', '') - logger.debug('Websocket: session_key: %s' % session_key) + logger.debug(u'请求session_key: %s' % session_key) if session_key: session = get_object(Session, session_key=session_key) - logger.debug('Websocket: session: %s' % session) if session and datetime.datetime.now() < session.expire_date: user_id = session.get_decoded().get('_auth_user_id') user = get_object(User, id=user_id) if user: - logger.debug('Websocket: user [ %s ] request websocket' % user.username) + logger.debug(u'用户 [ %s ] 请求websocket' % user.username) request.user = user if role == 'admin': if user.role in ['SU', 'GA']: return func(request, *args, **kwargs) - logger.debug('Websocket: user [ %s ] is not admin.' % user.username) + logger.debug(u'用户 [ %s ] 不是admin.' % user.username) else: return func(request, *args, **kwargs) else: - logger.debug('Websocket: session expired: %s' % session_key) + logger.debug(u'session过期 %s' % session_key) try: request.close() except AttributeError: pass - logger.warning('Websocket: Request auth failed.') + logger.warning('认证失败,非法请求') return _deco2 return _deco @@ -96,10 +95,10 @@ def file_monitor(path='.', client=None): notifier = AsyncNotifier(wm, EventHandler(client)) wm.add_watch(path, mask, auto_add=True, rec=True) if not os.path.isfile(path): - logger.debug("File %s does not exist." % path) + logger.debug(u"文件 %s 不存在." % path) sys.exit(3) else: - logger.debug("Now starting monitor file %s." % path) + logger.debug(u"开始监控文件 %s." % path) global f f = open(path, 'r') st_size = os.stat(path)[6] @@ -149,8 +148,8 @@ class MonitorHandler(tornado.websocket.WebSocketHandler): MonitorHandler.clients.remove(self) MonitorHandler.threads.remove(MonitorHandler.threads[client_index]) - logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients), - len(MonitorHandler.threads))) + logger.debug(u"监控在线数量: %s, 线程数量: %s" % (len(MonitorHandler.clients), + len(MonitorHandler.threads))) def on_message(self, message): # 监控日志,发生变动发向客户端 @@ -160,7 +159,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler): # 客户端主动关闭 # self.close() - logger.debug("Websocket: Monitor client close request") + logger.debug("监控请求关闭") try: client_index = MonitorHandler.clients.index(self) MonitorHandler.clients.remove(self) @@ -184,10 +183,10 @@ class WebTerminalKillHandler(tornado.web.RequestHandler): Log.objects.filter(id=ws_id).update(is_finished=True) for ws in WebTerminalHandler.clients: if ws.id == int(ws_id): - logger.debug("Kill log id %s" % ws_id) + logger.debug(u"终结logID %s" % ws_id) ws.log.save() ws.close() - logger.debug('Websocket: web terminal client num: %s' % len(WebTerminalHandler.clients)) + logger.debug(u'WebTerminal在线数量: %s' % len(WebTerminalHandler.clients)) class ExecHandler(tornado.websocket.WebSocketHandler): @@ -209,7 +208,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler): @require_auth('user') def open(self): - logger.debug('Websocket: Open exec request') + logger.debug('web批量命令执行请求') role_name = self.get_argument('role', 'sb') self.remote_ip = self.request.remote_ip logger.debug('Web执行命令: 请求系统用户 %s' % role_name) @@ -255,7 +254,6 @@ class ExecHandler(tornado.websocket.WebSocketHandler): for k, v in self.runner.results.items(): for host, output in v.items(): output = newline_pattern.sub('
', output) - logger.debug(output) if k == 'ok': header = "[ %s => %s]\n" % (host, 'Ok') else: @@ -266,7 +264,7 @@ class ExecHandler(tornado.websocket.WebSocketHandler): self.write_message('\n~o~ Task finished ~o~\n') def on_close(self): - logger.debug('关闭web_exec请求') + logger.debug('关闭web批量命令请求') class WebTerminalHandler(tornado.websocket.WebSocketHandler): @@ -289,30 +287,31 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): @require_auth('user') def open(self): - logger.debug('Websocket: Open request') + logger.debug('WebTerminal请求') role_name = self.get_argument('role', 'sb') asset_id = self.get_argument('id', 9999) asset = get_object(Asset, id=asset_id) if asset: roles = user_have_perm(self.user, asset) - logger.debug(roles) - logger.debug('系统用户: %s' % role_name) + logger.debug('请求系统用户: %s' % role_name) login_role = '' for role in roles: if role.name == role_name: login_role = role break if not login_role: - logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.hostname, - self.user.username)) + logger.warning(u'在%s 这台主机上没有为用户%s 授权系统用户%s ' % (asset.hostname, + self.user.username, + role_name)) self.close() return else: - logger.warning('Websocket: No that Host: %s User: %s ' % (asset_id, self.user.username)) + logger.warning(u'没有授权该主机 %s' % asset_id) self.close() return - logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username, - login_role.name)) + logger.debug('web terminal 请求主机: %s 用户: %s 系统用户: %s' % (asset.hostname, + self.user.username, + login_role.name)) self.term = WebTty(self.user, asset, login_role, login_type='web') self.term.remote_ip = self.request.remote_ip self.ssh = self.term.get_connection() @@ -352,7 +351,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): self.channel.send(data['data']) def on_close(self): - logger.debug('Websocket: Close request') + logger.debug('关闭websocket请求') if self in WebTerminalHandler.clients: WebTerminalHandler.clients.remove(self) try: @@ -425,6 +424,6 @@ if __name__ == '__main__': server = tornado.httpserver.HTTPServer(app) server.bind(options.port, options.host) #server.listen(options.port) - server.start(num_processes=5) + #server.start(num_processes=5) print "Run server on %s:%s" % (options.host, options.port) tornado.ioloop.IOLoop.instance().start()