diff --git a/jperm/views.py b/jperm/views.py index bca1ea05e..76a2867f8 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -227,6 +227,9 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) + if not LDAP_ENABLE: + return True + users = [] assets = [] cmds = [] @@ -283,8 +286,9 @@ def sudo_add(request): cmd_groups_select = request.POST.getlist('cmd_groups_select') comment = request.POST.get('comment', '') - sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) - sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select) + if LDAP_ENABLE: + sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) + sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select) msg = '添加成功' return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request)) @@ -335,10 +339,11 @@ def sudo_edit(request): sudo_perm = SudoPerm.objects.get(id=sudo_perm_id) old_name = sudo_perm.name - sudo_db_update(sudo_perm_id, name, users_runas, user_groups_select, - asset_groups_select, cmd_groups_select, comment) - sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, - cmd_groups_select, update=True, old_name=str(old_name)) + if LDAP_ENABLE: + sudo_db_update(sudo_perm_id, name, users_runas, user_groups_select, + asset_groups_select, cmd_groups_select, comment) + sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, + cmd_groups_select, update=True, old_name=str(old_name)) msg = '修改成功' return HttpResponseRedirect('/jperm/sudo_list/') diff --git a/jumpserver.conf b/jumpserver.conf index 9540fa014..a24c2190a 100644 --- a/jumpserver.conf +++ b/jumpserver.conf @@ -8,7 +8,7 @@ password = mysql234 database = jumpserver [ldap] -ldap_enable = 0 +ldap_enable = 1 host_url = ldap://127.0.0.1:389 base_dn = dc=jumpserver, dc=org root_dn = cn=admin,dc=jumpserver,dc=org diff --git a/jumpserver/api.py b/jumpserver/api.py index d59529c7c..d3506f885 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -9,6 +9,7 @@ from Crypto.Cipher import AES from binascii import b2a_hex, a2b_hex import ldap from ldap import modlist +import hashlib from django.http import HttpResponse, Http404 @@ -25,33 +26,7 @@ SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys') SERVER_KEY_DIR = os.path.join(SSH_KEY_DIR, 'server') KEY = CONF.get('web', 'key') LOGIN_NAME = getpass.getuser() - - -class PyCrypt(object): - """This class used to encrypt and decrypt password.""" - - def __init__(self, key): - self.key = key - self.mode = AES.MODE_CBC - - def encrypt(self, text): - cryptor = AES.new(self.key, self.mode, b'0000000000000000') - length = 16 - try: - count = len(text) - except TypeError: - raise ServerError('Encrypt password error, TYpe error.') - add = (length - (count % length)) - text += ('\0' * add) - ciphertext = cryptor.encrypt(text) - return b2a_hex(ciphertext) - - -CRYPTOR = PyCrypt(KEY) - - -class ServerError(Exception): - pass +LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') class LDAPMgmt(): @@ -111,8 +86,54 @@ class LDAPMgmt(): return plain_text.rstrip('\0') +if LDAP_ENABLE: + LDAP_HOST_URL = CONF.get('ldap', 'host_url') + LDAP_BASE_DN = CONF.get('ldap', 'base_dn') + LDAP_ROOT_DN = CONF.get('ldap', 'root_dn') + LDAP_ROOT_PW = CONF.get('ldap', 'root_pw') + ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW) +else: + ldap_conn = None +def md5_crypt(string): + return hashlib.new("md5", string).hexdigest() + + +def get_session_user_dept(request): + user_id = request.session.get('user_id', '') + user = User.objects.filter(id=user_id) + if user: + user = user[0] + dept = user.dept + return user, dept + + +class PyCrypt(object): + """This class used to encrypt and decrypt password.""" + + def __init__(self, key): + self.key = key + self.mode = AES.MODE_CBC + + def encrypt(self, text): + cryptor = AES.new(self.key, self.mode, b'0000000000000000') + length = 16 + try: + count = len(text) + except TypeError: + raise ServerError('Encrypt password error, TYpe error.') + add = (length - (count % length)) + text += ('\0' * add) + ciphertext = cryptor.encrypt(text) + return b2a_hex(ciphertext) + + +CRYPTOR = PyCrypt(KEY) + + +class ServerError(Exception): + pass def require_login(func): diff --git a/jumpserver/views.py b/jumpserver/views.py index 3bd0b88d1..61fe918a7 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -1,4 +1,4 @@ -#coding: utf-8 +# coding: utf-8 import hashlib from ConfigParser import ConfigParser @@ -17,27 +17,7 @@ from django.template import RequestContext from juser.models import User, UserGroup from jlog.models import Log from jasset.models import Asset, BisGroup, IDC -from jumpserver.api import require_admin, require_super_user, require_login, CRYPTOR, LDAPMgmt - -BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) -CONF = ConfigParser() -CONF.read(os.path.join(BASE_DIR, 'jumpserver.conf')) - -LDAP_ENABLE = CONF.getint('ldap', 'ldap_enable') - - -if LDAP_ENABLE: - LDAP_HOST_URL = CONF.get('ldap', 'host_url') - LDAP_BASE_DN = CONF.get('ldap', 'base_dn') - LDAP_ROOT_DN = CONF.get('ldap', 'root_dn') - LDAP_ROOT_PW = CONF.get('ldap', 'root_pw') - ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW) -else: - ldap_conn = None - - -def md5_crypt(string): - return hashlib.new("md5", string).hexdigest() +from jumpserver.api import * def getDaysByNum(num): diff --git a/juser/urls.py b/juser/urls.py index 81ac8d67e..a7f01bd39 100644 --- a/juser/urls.py +++ b/juser/urls.py @@ -7,14 +7,14 @@ urlpatterns = patterns('juser.views', # url(r'^$', 'jumpserver.views.home', name='home'), # url(r'^blog/', include('blog.urls')), - (r'^dept_list/$', 'dept_list'), + (r'^dept_list/$', view_splitter, {'su': dept_list, 'adm': dept_list_adm}), (r'^dept_add/$', 'dept_add'), (r'^dept_del/$', 'dept_del'), (r'^dept_detail/$', 'dept_detail'), (r'^dept_del_ajax/$', 'dept_del_ajax'), (r'^dept_edit/$', 'dept_edit'), (r'^group_add/$', 'group_add'), - (r'^group_list/$', view_splitter, {'su': group_list_su, 'adm': group_list_adm}), + (r'^group_list/$', view_splitter, {'su': group_list, 'adm': group_list_adm}), (r'^group_detail/$', 'group_detail'), (r'^group_del/$', 'group_del'), (r'^group_del_ajax/$', 'group_del_ajax'), diff --git a/juser/views.py b/juser/views.py index 4ce07861d..c65d30755 100644 --- a/juser/views.py +++ b/juser/views.py @@ -21,8 +21,7 @@ from juser.models import UserGroup, User, DEPT from connect import BASE_DIR from connect import CONF from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn, page_list_return, pages -from jumpserver.api import user_perm_group_api, require_login, require_super_user, \ - require_admin, is_group_admin, is_super_user, CRYPTOR +from jumpserver.api import * if LDAP_ENABLE: LDAP_HOST_URL = CONF.get('ldap', 'host_url') @@ -31,7 +30,7 @@ if LDAP_ENABLE: LDAP_ROOT_PW = CONF.get('ldap', 'root_pw') -def gen_rand_wd(num): +def gen_rand_pwd(num): """生成随机密码""" seed = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" salt_list = [] @@ -236,6 +235,17 @@ def dept_list(request): return render_to_response('juser/dept_list.html', locals(), context_instance=RequestContext(request)) +@require_admin +def dept_list_adm(request): + header_title, path1, path2 = '查看部门', '用户管理', '查看部门' + user, dept = get_session_user_dept(request) + contact_list = [dept] + contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) + + return render_to_response('juser/dept_list.html', locals(), context_instance=RequestContext(request)) + + + @require_super_user def dept_detail(request): dept_id = request.GET.get('id', None) @@ -363,13 +373,20 @@ def group_add(request): @require_super_user -def group_list_su(request): +def group_list(request): header_title, path1, path2 = '查看小组', '用户管理', '查看小组' keyword = request.GET.get('search', '') + did = request.GET.get('did', '') + contact_list = UserGroup.objects.all().order_by('name') + + if did: + dept = DEPT.objects.filter(id=did) + if dept: + dept = dept[0] + contact_list = dept.usergroup_set.all() + if keyword: - contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) - else: - contact_list = UserGroup.objects.all().order_by('name') + contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) return render_to_response('juser/group_list.html', locals(), context_instance=RequestContext(request)) @@ -379,11 +396,12 @@ def group_list_su(request): def group_list_adm(request): header_title, path1, path2 = '查看部门小组', '用户管理', '查看小组' keyword = request.GET.get('search', '') - user_id = request.session.get('user_id') + did = request.GET.get('did', '') + user, dept = get_session_user_dept(request) + contact_list = dept.usergroup_set.all().order_by('name') + if keyword: - contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) - else: - contact_list = UserGroup.objects.all().order_by('name') + contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) return render_to_response('juser/group_list.html', locals(), context_instance=RequestContext(request)) @@ -445,13 +463,28 @@ def group_edit(request): else: group_id = request.POST.get('group_id', '') group_name = request.POST.get('group_name', '') + dept_id = request.POST.get('dept_id', '') comment = request.POST.get('comment', '') users_selected = request.POST.getlist('users_selected') + users = [] try: if '' in [group_id, group_name]: raise AddError('组名不能为空') - UserGroup.objects.filter(id=group_id).update(name=group_name, comment=comment) + dept = DEPT.objects.filter(id=dept_id) + if dept: + dept = dept[0] + else: + raise AddError('部门不存在') + for user_id in users_selected: + users.extend(User.objects.filter(id=user_id)) + + user_group = UserGroup.objects.filter(id=group_id) + if user_group: + user_group.update(name=group_name, comment=comment, dept=dept) + user_group = user_group[0] + user_group.user_set.clear() + user_group.user_set = users except AddError, e: error = e diff --git a/templates/jperm/dept_perm_list.html b/templates/jperm/dept_perm_list.html index a4f3b7afa..92d3312b5 100644 --- a/templates/jperm/dept_perm_list.html +++ b/templates/jperm/dept_perm_list.html @@ -58,11 +58,11 @@ {% for dept in contacts.object_list %} {{ dept.name }} - {{ dept.id | dept_user_num }} + {{ dept.id | dept_user_num }} {{ dept.id | dept_asset_num }} {{ dept.comment }} - 主机 +{# 主机#} 授权编辑 diff --git a/templates/jperm/perm_list.html b/templates/jperm/perm_list.html index bcc0d88ae..1c272362e 100644 --- a/templates/jperm/perm_list.html +++ b/templates/jperm/perm_list.html @@ -60,7 +60,7 @@ {{ group.name }} {{ group.dept.name }} - {{ group.id | member_count }} + {{ group.id | member_count }} {{ group.id | ugrp_perm_agrp_count }} {{ group.id | ugrp_perm_asset_count }} {{ group.comment }} diff --git a/templates/jperm/sudo_cmd_list.html b/templates/jperm/sudo_cmd_list.html index d9e72c26c..8046a5f06 100644 --- a/templates/jperm/sudo_cmd_list.html +++ b/templates/jperm/sudo_cmd_list.html @@ -58,10 +58,10 @@ {% for group in contacts.object_list %} {{ group.name }} - {{ group.cmd | string_length:50 }} + {{ group.cmd | string_length:50 }} {{ group.comment }} - 详情 +{# 详情#} 编辑 删除 diff --git a/templates/juser/dept_detail.html b/templates/juser/dept_detail.html index 860edba13..81aab3f79 100644 --- a/templates/juser/dept_detail.html +++ b/templates/juser/dept_detail.html @@ -1,42 +1,116 @@ +{% extends 'base.html' %} {% load mytags %} - - - {% include 'link_css.html' %} +{% block content %} +{% include 'nav_cat_bar.html' %} - - +
+
+
+
+
+
查看部门
+
+ + + + + + + + + + +
+
- -
-
-

{{ dept.name }} 部门成员

+
+ 添加部门 + 删除所选 + +
+ - - - + + + + + + + - {% for user in users %} - - - - - + {% for dept in contacts.object_list %} + + + + + + + + + {% endfor %} - -
用户名姓名角色 + + 部门名称小组数目成员数目主机数目备注操作
{{ user.username }}{{ user.name }}{{ user.id|get_role }}
+ + {{ dept.name }} {{ dept.id | dept_group_num }} {{ dept.id | dept_user_num}} {{ dept.id | dept_asset_num}} {{ dept.comment }} + 详情 + 编辑 + 删除 +
+
+
+
+ Showing {{ contacts.start_index }} to {{ contacts.end_index }} of {{ p.count }} entries +
+
+ {% include 'paginator.html' %} +
+
- - \ No newline at end of file +
+
+ + + +{% endblock %} \ No newline at end of file diff --git a/templates/juser/dept_list.html b/templates/juser/dept_list.html index 8df3a1728..0af74f7ea 100644 --- a/templates/juser/dept_list.html +++ b/templates/juser/dept_list.html @@ -65,13 +65,19 @@ {{ dept.name }} - {{ dept.id | dept_group_num}} - {{ dept.id | dept_user_num}} + {{ dept.id | dept_group_num }} + {{ dept.id | dept_user_num}} {{ dept.id | dept_asset_num}} {{ dept.comment }} - 编辑 - 删除 +{# 详情#} + {% ifequal session_role_id 2 %} + 编辑 + 删除 + {% else %} + 编辑 + 删除 + {% endifequal %} {% endfor %} diff --git a/templates/juser/group_list.html b/templates/juser/group_list.html index 649ac5a7e..f9812bfa4 100644 --- a/templates/juser/group_list.html +++ b/templates/juser/group_list.html @@ -65,10 +65,9 @@ {{ group.name }} {{ group.dept.name }} - {{ group.id | member_count }} + {{ group.id | member_count }} {{ group.comment }} - 成员 编辑 删除 diff --git a/templates/nav.html b/templates/nav.html index 93731d699..e8841b50c 100644 --- a/templates/nav.html +++ b/templates/nav.html @@ -15,9 +15,9 @@
  • 用户管理