diff --git a/jperm/views.py b/jperm/views.py index 38cae2ee1..b43633665 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -9,7 +9,7 @@ from jperm.models import Perm, SudoPerm, CmdGroup, DeptPerm from django.core.paginator import Paginator, EmptyPage, InvalidPage from django.db.models import Q from jumpserver.views import LDAP_ENABLE, ldap_conn, CONF, page_list_return, pages -from jumpserver.api import user_perm_asset_api +from jumpserver.api import user_perm_asset_api, require_admin, require_super_user, require_login if LDAP_ENABLE: @@ -36,6 +36,7 @@ def user_asset_cmd_groups_get(user_groups_select='', asset_groups_select='', cmd return user_groups_select_list, asset_groups_select_list, cmd_groups_select_list +@require_admin def perm_add(request): header_title, path1, path2 = u'主机授权添加', u'授权管理', u'授权添加' @@ -79,6 +80,7 @@ def dept_add_asset(dept_id, asset_list): DeptPerm(dept=dept, asset=asset).save() +@require_super_user def dept_perm_edit(request): header_title, path1, path2 = u'部门授权添加', u'授权管理', u'部门授权添加' if request.method == 'GET': @@ -97,6 +99,7 @@ def dept_perm_edit(request): return render_to_response('jperm/dept_perm_edit.html', locals(), context_instance=RequestContext(request)) +@require_admin def perm_list(request): header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情' keyword = request.GET.get('search', '') @@ -109,6 +112,7 @@ def perm_list(request): return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request)) +@require_super_user def dept_perm_list(request): header_title, path1, path2 = '查看部门', '授权管理', '部门授权' keyword = request.GET.get('search') @@ -142,6 +146,7 @@ def perm_group_update(user_group_id, asset_groups_id_list): Perm(user_group=user_group, asset_group=asset_group).save() +@require_super_user def perm_edit(request): if request.method == 'GET': header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权编辑' @@ -161,6 +166,7 @@ def perm_edit(request): return render_to_response('jperm/perm_edit.html', locals(), context_instance=RequestContext(request)) +@require_admin def perm_detail(request): header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权详情' perm_id = request.GET.get('id') @@ -181,6 +187,7 @@ def perm_detail(request): return render_to_response('jperm/perm_detail.html', locals(), context_instance=RequestContext(request)) +@require_admin def perm_del(request): perm_id = request.GET.get('id') perm = Perm.objects.filter(id=perm_id) @@ -190,6 +197,7 @@ def perm_del(request): return HttpResponseRedirect('/jperm/perm_list/') +@require_admin def perm_asset_detail(request): header_title, path1, path2 = u'用户授权主机', u'权限管理', u'用户主机详情' user_id = request.GET.get('id') @@ -273,6 +281,7 @@ def sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, ldap_conn.add(sudo_dn, sudo_attr) +@require_admin def sudo_add(request): header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限' user_groups = UserGroup.objects.filter(id__gt=2) @@ -294,6 +303,7 @@ def sudo_add(request): return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request)) +@require_admin def sudo_list(request): header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情' contact_list = SudoPerm.objects.all() @@ -302,6 +312,7 @@ def sudo_list(request): return render_to_response('jperm/sudo_list.html', locals(), context_instance=RequestContext(request)) +@require_admin def sudo_edit(request): header_title, path1, path2 = u'Sudo授权', u'授权管理', u'Sudo修改' @@ -348,6 +359,7 @@ def sudo_edit(request): return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request)) +@require_admin def sudo_detail(request): header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情' sudo_perm_id = request.GET.get('id') @@ -372,6 +384,7 @@ def sudo_detail(request): return render_to_response('jperm/sudo_detail.html', locals(), context_instance=RequestContext(request)) +@require_admin def sudo_del(request): sudo_perm_id = request.GET.get('id', '0') sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id)) @@ -383,6 +396,7 @@ def sudo_del(request): return HttpResponseRedirect('/jperm/sudo_list/') +@require_admin def cmd_add(request): header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加' @@ -399,6 +413,7 @@ def cmd_add(request): return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request)) +@require_admin def cmd_edit(request): header_title, path1, path2 = u'sudo命令修改', u'授权管理管理', u'命令组修改' @@ -425,6 +440,7 @@ def cmd_edit(request): return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request)) +@require_admin def cmd_list(request): header_title, path1, path2 = u'sudo命令查看', u'权限管理', u'Sudo命令添加' @@ -443,6 +459,7 @@ def cmd_list(request): return render_to_response('jperm/sudo_cmd_list.html', locals(), context_instance=RequestContext(request)) +@require_admin def cmd_del(request): cmd_group_id = request.GET.get('id') cmd_group = CmdGroup.objects.filter(id=cmd_group_id) diff --git a/jumpserver/api.py b/jumpserver/api.py index b4fd70b55..431789a4d 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -1,5 +1,6 @@ -__author__ = 'guanghongwei' +#coding: utf-8 +from django.http import HttpResponseRedirect from juser.models import User, UserGroup from jasset.models import Asset, BisGroup @@ -46,3 +47,28 @@ def asset_perm_api(asset): user_permed_list.extend(user_group.user_set.all()) return user_permed_list + +def require_login(func): + """要求登录的装饰器""" + def _deco(request, *args, **kwargs): + if not request.session.get('user_id'): + return HttpResponseRedirect('/login/') + return func(request, *args, **kwargs) + return _deco + + +def require_super_user(func): + def _deco(request, *args, **kwargs): + if request.session.get('role_id', 0) != 2: + print "##########%s" % request.session.get('role_id', 0) + return HttpResponseRedirect('/') + return func(request, *args, **kwargs) + return _deco + + +def require_admin(func): + def _deco(request, *args, **kwargs): + if request.session.get('role_id', 0) < 1: + return HttpResponseRedirect('/') + return func(request, *args, **kwargs) + return _deco diff --git a/jumpserver/context_processors.py b/jumpserver/context_processors.py index 8edd4d370..160cdd8c0 100644 --- a/jumpserver/context_processors.py +++ b/jumpserver/context_processors.py @@ -3,10 +3,11 @@ from juser.models import User def name_proc(request): user_id = request.session.get('user_id') - role = request.session.get('role_id') + role_id = request.session.get('role_id') user_total_num = User.objects.all().count() user_active_num = User.objects.filter(is_active=True).count() + request.session.set_expiry(3600) - return {'session_user_id': user_id, 'session_role_id': role, + return {'session_user_id': user_id, 'session_role_id': role_id, 'user_total_num': user_total_num, 'user_active_num': user_active_num} diff --git a/jumpserver/settings.py b/jumpserver/settings.py index 7432d56a5..489577dc1 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -121,4 +121,3 @@ USE_TZ = False STATIC_URL = '/static/' -SESSION_COOKIE_AGE = 3600 diff --git a/jumpserver/views.py b/jumpserver/views.py index 3a114ad57..6058e1708 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -21,6 +21,7 @@ from django.template import RequestContext from juser.models import User, UserGroup from jlog.models import Log from jasset.models import Asset, BisGroup, IDC +from jumpserver.api import require_admin, require_super_user, require_login BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) CONF = ConfigParser() @@ -52,10 +53,6 @@ def getDaysByNum(num): return t -def base(request): - return render_to_response('base.html', context_instance=RequestContext(request)) - - def get_data(data, items, option): dic = {} li_date, li_str = getDaysByNum(7) @@ -74,6 +71,7 @@ def get_data(data, items, option): return dic +@require_login def index(request): path1, path2 = u'仪表盘', 'Dashboard' users = User.objects.all() @@ -87,6 +85,7 @@ def index(request): user_top_ten = week_data.values('user').annotate(times=Count('user')).order_by('-times')[:10] host_top_ten = week_data.values('host').annotate(times=Count('host')).order_by('-times')[:10] user_dic, host_dic = get_data(week_data, user_top_ten, 'user'), get_data(week_data, host_top_ten, 'host') + print "##############%s" % request.session.get('role_id') top = {'user': '活跃用户数', 'host': '活跃主机数', 'times': '登录次数'} top_dic = {} @@ -207,7 +206,7 @@ def login(request): request.session['user_id'] = user.id if user.role == 'SU': request.session['role_id'] = 2 - elif user.role == 'GA': + elif user.role == 'DA': request.session['role_id'] = 1 else: request.session['role_id'] = 0 diff --git a/juser/views.py b/juser/views.py index 412ecb86e..11b82418f 100644 --- a/juser/views.py +++ b/juser/views.py @@ -23,7 +23,7 @@ from connect import PyCrypt, KEY from connect import BASE_DIR from connect import CONF from jumpserver.views import md5_crypt, LDAPMgmt, LDAP_ENABLE, ldap_conn, page_list_return, pages -from jumpserver.api import user_perm_group_api +from jumpserver.api import user_perm_group_api, require_login, require_super_user, require_admin if LDAP_ENABLE: LDAP_HOST_URL = CONF.get('ldap', 'host_url') @@ -204,6 +204,7 @@ def ldap_del_user(username): ldap_conn.delete(sudo_dn) +@require_super_user def dept_add(request): header_title, path1, path2 = '添加部门', '用户管理', '添加部门' if request.method == 'POST': @@ -224,6 +225,7 @@ def dept_add(request): return render_to_response('juser/dept_add.html', locals(), context_instance=RequestContext(request)) +@require_super_user def dept_list(request): header_title, path1, path2 = '查看部门', '用户管理', '查看部门' keyword = request.GET.get('search') @@ -237,6 +239,7 @@ def dept_list(request): return render_to_response('juser/dept_list.html', locals(), context_instance=RequestContext(request)) +@require_super_user def dept_detail(request): dept_id = request.GET.get('id', None) if not dept_id: @@ -248,6 +251,7 @@ def dept_detail(request): return render_to_response('juser/dept_detail.html', locals(), context_instance=RequestContext(request)) +@require_super_user def dept_del(request): dept_id = request.GET.get('id', None) if not dept_id or dept_id in ['1', '2']: @@ -285,6 +289,7 @@ def dept_member_update(dept, users_id_list): user.save() +@require_super_user def dept_del_ajax(request): dept_ids = request.POST.get('dept_ids') for dept_id in dept_ids.split(','): @@ -292,6 +297,7 @@ def dept_del_ajax(request): return HttpResponse("删除成功") +@require_super_user def dept_edit(request): header_title, path1, path2 = '部门编辑', '用户管理', '部门编辑' if request.method == 'GET': @@ -323,6 +329,7 @@ def dept_edit(request): return render_to_response('juser/dept_edit.html', locals(), context_instance=RequestContext(request)) +@require_admin def group_add(request): error = '' msg = '' @@ -358,6 +365,7 @@ def group_add(request): return render_to_response('juser/group_add.html', locals(), context_instance=RequestContext(request)) +@require_admin def group_list(request): header_title, path1, path2 = '查看小组', '用户管理', '查看小组' keyword = request.GET.get('search', '') @@ -370,6 +378,7 @@ def group_list(request): return render_to_response('juser/group_list.html', locals(), context_instance=RequestContext(request)) +@require_admin def group_detail(request): group_id = request.GET.get('id', None) if not group_id: @@ -379,6 +388,7 @@ def group_detail(request): return render_to_response('juser/group_detail.html', locals(), context_instance=RequestContext(request)) +@require_admin def group_del(request): group_id = request.GET.get('id', '') if not group_id: @@ -387,6 +397,7 @@ def group_del(request): return HttpResponseRedirect('/juser/group_list/') +@require_admin def group_del_ajax(request): group_ids = request.POST.get('group_ids') for group_id in group_ids.split(','): @@ -404,6 +415,7 @@ def group_update_member(group_id, users_id_list): group.user_set.add(user) +@require_admin def group_edit(request): error = '' msg = '' @@ -436,6 +448,7 @@ def group_edit(request): return HttpResponseRedirect('/juser/group_list/') +@require_admin def user_add(request): error = '' msg = '' @@ -502,6 +515,7 @@ def user_add(request): return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) +@require_admin def user_list(request, option=""): user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} header_title, path1, path2 = '查看用户', '用户管理', '用户列表' @@ -533,6 +547,7 @@ def user_list(request, option=""): return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request)) +@require_admin def user_detail(request): user_id = request.GET.get('id', '') if not user_id: @@ -545,6 +560,7 @@ def user_detail(request): return render_to_response('juser/user_detail.html', locals(), context_instance=RequestContext(request)) +@require_admin def user_del(request): user_id = request.GET.get('id', '') if not user_id: @@ -559,6 +575,7 @@ def user_del(request): return HttpResponseRedirect('/juser/user_list/') +@require_admin def user_del_ajax(request): user_ids = request.POST.get('ids') for user_id in user_ids.split(','): @@ -573,6 +590,7 @@ def user_del_ajax(request): return HttpResponse('删除成功') +@require_admin def user_edit(request): header_title, path1, path2 = '编辑用户', '用户管理', '用户编辑' if request.method == 'GET': diff --git a/templates/jperm/sudo_add.html b/templates/jperm/sudo_add.html index 522612192..0087da321 100644 --- a/templates/jperm/sudo_add.html +++ b/templates/jperm/sudo_add.html @@ -28,7 +28,22 @@ -
+
+
+
+ +
+
+ +
+ +
+
{% if error %}
{{ error }}
@@ -163,6 +178,9 @@
+
+
+
@@ -187,24 +205,6 @@ $('#sudoPerm').validator({ tip: "输入sudoas用户", ok: "", msg: {required: "必须填写!"} - }, - "user_groups_select": { - rule: "required", - tip: "选择用户组", - ok: "", - msg: {checked: "至少选择一个用户组"} - }, - "asset_groups_select": { - rule: "required", - tip: "选择主机组", - ok: "", - msg: {checked: "至少选择一个主机组"} - }, - "cmd_groups_select": { - rule: "required", - tip: "选择命令组", - ok: "", - msg: {checked: "至少选择一个命令组"} } }, @@ -216,7 +216,7 @@ $('#sudoPerm').validator({ $(document).ready(function(){ $("#submit_button").click(function(){ - $('#users_selected option').each(function(){ + $('#sudoPerm option').each(function(){ $(this).prop('selected', true) }) }) diff --git a/templates/jperm/sudo_cmd_add.html b/templates/jperm/sudo_cmd_add.html index a012c17a3..85209d7dc 100644 --- a/templates/jperm/sudo_cmd_add.html +++ b/templates/jperm/sudo_cmd_add.html @@ -27,6 +27,22 @@
+
+
+
+ +
+
+ +
+ +
+
{% if error %}
{{ error }}
@@ -68,6 +84,10 @@
+
+
+
+
diff --git a/templates/jperm/sudo_cmd_list.html b/templates/jperm/sudo_cmd_list.html index f576e7c8c..d9e72c26c 100644 --- a/templates/jperm/sudo_cmd_list.html +++ b/templates/jperm/sudo_cmd_list.html @@ -29,9 +29,21 @@
-
- 添加 -
+
+
+
+ +
+
+ +
+
+
@@ -57,6 +69,10 @@ {% endfor %}
+
+
+
+
diff --git a/templates/jperm/sudo_edit.html b/templates/jperm/sudo_edit.html index 7e0a8f826..2148c534e 100644 --- a/templates/jperm/sudo_edit.html +++ b/templates/jperm/sudo_edit.html @@ -29,6 +29,19 @@
+
+
+
+ +
+
+ +
{% if error %}
{{ error }}
@@ -173,6 +186,7 @@
+
@@ -180,5 +194,3 @@
- -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/sudo_list.html b/templates/jperm/sudo_list.html index debc1db81..07aad992b 100644 --- a/templates/jperm/sudo_list.html +++ b/templates/jperm/sudo_list.html @@ -29,30 +29,15 @@
-{#
#} -{# 添加命令组 #} -{# 查看命令组 #} -{# Sudo授权添加 #} -{#
#}
diff --git a/templates/juser/user_list.html b/templates/juser/user_list.html index 07563ac88..18759b6be 100644 --- a/templates/juser/user_list.html +++ b/templates/juser/user_list.html @@ -32,9 +32,9 @@
添加用户 删除所选 -