diff --git a/jperm/views.py b/jperm/views.py index cfb54c70d..e3cd0c359 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -85,11 +85,30 @@ def dept_perm_edit(request): def perm_list(request): header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情' keyword = request.GET.get('search', '') + uid = request.GET.get('uid', '') + agid = request.GET.get('agid', '') if keyword: contact_list = UserGroup.objects.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) else: contact_list = UserGroup.objects.all().order_by('name') + if uid: + user = User.objects.filter(id=uid) + print user + if user: + user = user[0] + contact_list = contact_list.filter(user=user) + + if agid: + contact_list_confirm = [] + asset_group = BisGroup.objects.filter(id=agid) + if asset_group: + asset_group = asset_group[0] + for user_group in contact_list: + if asset_group in user_group_perm_asset_group_api(user_group): + contact_list_confirm.append(user_group) + contact_list = contact_list_confirm + contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request)) @@ -98,11 +117,30 @@ def perm_list(request): def perm_list_adm(request): header_title, path1, path2 = u'小组授权', u'授权管理', u'授权详情' keyword = request.GET.get('search', '') + uid = request.GET.get('uid', '') + agid = request.GET.get('agid', '') user, dept = get_session_user_dept(request) contact_list = dept.usergroup_set.all().order_by('name') if keyword: contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) + if uid: + user = User.objects.filter(id=uid) + print user + if user: + user = user[0] + contact_list = contact_list.filter(user=user) + + if agid: + contact_list_confirm = [] + asset_group = BisGroup.objects.filter(id=agid) + if asset_group: + asset_group = asset_group[0] + for user_group in contact_list: + if asset_group in user_group_perm_asset_group_api(user_group): + contact_list_confirm.append(user_group) + contact_list = contact_list_confirm + contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request)) @@ -187,19 +225,15 @@ def perm_edit_adm(request): @require_admin def perm_detail(request): - header_title, path1, path2 = u'编辑授权', u'授权管理', u'授权详情' + header_title, path1, path2 = u'授权管理', u'小组管理', u'授权详情' group_id = request.GET.get('id') user_group = UserGroup.objects.filter(id=group_id) if user_group: user_group = user_group[0] - users_list = user_group.user_set.all() + users = user_group.user_set.all() + group_user_num = len(users) perms = user_group.perm_set.all() asset_groups = [perm.asset_group for perm in perms] - assets_list = [] - - for asset_group in asset_groups: - assets_list.extend(asset_group.asset_set.all()) - return render_to_response('jperm/perm_detail.html', locals(), context_instance=RequestContext(request)) @@ -224,17 +258,6 @@ def perm_asset_detail(request): return render_to_response('jperm/perm_asset_detail.html', locals(), context_instance=RequestContext(request)) -# def sudo_db_add(name, user_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment): -# user_groups_select_list, asset_groups_select_list, cmd_groups_select_list = \ -# user_asset_cmd_groups_get(user_groups_select, asset_groups_select, cmd_groups_select) -# -# sudo_perm = SudoPerm(name=name, user_runas=user_runas, comment=comment) -# sudo_perm.save() -# sudo_perm.user_group = user_groups_select_list -# sudo_perm.asset_group = asset_groups_select_list -# sudo_perm.cmd_group = cmd_groups_select_list - - def unicode2str(unicode_list): return [str(i) for i in unicode_list] @@ -243,7 +266,6 @@ def sudo_ldap_add(user_group, user_runas, asset_groups_select, cmd_groups_select): if not LDAP_ENABLE: return True - assets = [] cmds = [] user_runas = user_runas.split(',') @@ -283,7 +305,6 @@ def sudo_ldap_add(user_group, user_runas, asset_groups_select, 'sudoOption': ['!authenticate'], 'sudoRunAsUser': unicode2str(user_runas), 'sudoUser': unicode2str(users_name)} - print sudo_dn ldap_conn.delete(sudo_dn) ldap_conn.add(sudo_dn, sudo_attr) @@ -306,53 +327,6 @@ def sudo_update(user_group, user_runas, asset_groups_select, cmd_groups_select, sudo_ldap_add(user_group, user_runas, asset_groups_select_list, cmd_groups_select_list) -# @require_super_user -# def sudo_add(request): -# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限' -# user_groups = UserGroup.objects.filter(id__gt=2) -# asset_groups = BisGroup.objects.all() -# cmd_groups = CmdGroup.objects.all() -# -# if request.method == 'POST': -# name = request.POST.get('name') -# users_runas = request.POST.get('runas', 'root') -# user_groups_select = request.POST.getlist('user_groups_select') -# asset_groups_select = request.POST.getlist('asset_groups_select') -# cmd_groups_select = request.POST.getlist('cmd_groups_select') -# comment = request.POST.get('comment', '') -# -# if LDAP_ENABLE: -# sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) -# sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select) -# -# msg = '添加成功' -# return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request)) - - -# @require_admin -# def sudo_add_adm(request): -# header_title, path1, path2 = u'Sudo授权', u'权限管理', u'添加Sudo权限' -# user, dept = get_session_user_dept(request) -# user_groups = dept.usergroup_set.filter(id__gt=2) -# asset_groups = dept.bisgroup_set.all() -# cmd_groups = CmdGroup.objects.all() -# -# if request.method == 'POST': -# name = request.POST.get('name') -# users_runas = request.POST.get('runas', 'root') -# user_groups_select = request.POST.getlist('user_groups_select') -# asset_groups_select = request.POST.getlist('asset_groups_select') -# cmd_groups_select = request.POST.getlist('cmd_groups_select') -# comment = request.POST.get('comment', '') -# -# if LDAP_ENABLE: -# sudo_db_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select, comment) -# sudo_ldap_add(name, users_runas, user_groups_select, asset_groups_select, cmd_groups_select) -# -# msg = '添加成功' -# return render_to_response('jperm/sudo_add.html', locals(), context_instance=RequestContext(request)) - - @require_super_user def sudo_list(request): header_title, path1, path2 = u'Sudo授权', u'权限管理', u'Sudo权限详情' @@ -417,7 +391,6 @@ def sudo_edit(request): msg = '修改成功' return HttpResponseRedirect('/jperm/sudo_list/') - return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request)) @@ -467,6 +440,26 @@ def sudo_edit_adm(request): return render_to_response('jperm/sudo_edit.html', locals(), context_instance=RequestContext(request)) +@require_admin +def sudo_detail(request): + header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情' + user_group_id = request.GET.get('id') + user_group = UserGroup.objects.filter(id=user_group_id) + if user_group: + asset_groups = [] + cmd_groups = [] + user_group = user_group[0] + users = user_group.user_set.all() + group_user_num = len(users) + + for perm in user_group.sudoperm_set.all(): + asset_groups.extend(perm.asset_group.all()) + cmd_groups.extend(perm.cmd_group.all()) + + print asset_groups + return render_to_response('jperm/sudo_detail.html', locals(), context_instance=RequestContext(request)) + + @require_admin def sudo_refresh(request): sudo_perm_all = SudoPerm.objects.all() @@ -479,43 +472,6 @@ def sudo_refresh(request): return HttpResponse('刷新sudo授权成功') -# @require_admin -# def sudo_detail(request): -# header_title, path1, path2 = u'Sudo授权详情', u'授权管理', u'授权详情' -# sudo_perm_id = request.GET.get('id') -# sudo_perm = SudoPerm.objects.filter(id=sudo_perm_id) -# if sudo_perm: -# sudo_perm = sudo_perm[0] -# user_groups = sudo_perm.user_group.all() -# asset_groups = sudo_perm.asset_group.all() -# cmd_groups = sudo_perm.cmd_group.all() -# -# users_list = [] -# assets_list = [] -# cmds_list = [] -# -# for user_group in user_groups: -# users_list.extend(user_group.user_set.all()) -# for asset_group in asset_groups: -# assets_list.extend(asset_group.asset_set.all()) -# for cmd_group in cmd_groups: -# cmds_list.append({cmd_group.name: cmd_group.cmd.split(',')}) -# -# return render_to_response('jperm/sudo_detail.html', locals(), context_instance=RequestContext(request)) - - -# @require_admin -# def sudo_del(request): -# sudo_perm_id = request.GET.get('id', '0') -# sudo_perm = SudoPerm.objects.filter(id=int(sudo_perm_id)) -# if sudo_perm: -# name = sudo_perm[0].name -# sudo_perm.delete() -# sudo_dn = 'cn=%s,ou=Sudoers,%s' % (name, LDAP_BASE_DN) -# ldap_conn.delete(sudo_dn) -# return HttpResponseRedirect('/jperm/sudo_list/') - - @require_super_user def cmd_add(request): header_title, path1, path2 = u'sudo命令添加', u'授权管理', u'命令组添加' @@ -543,7 +499,6 @@ def cmd_add(request): CmdGroup.objects.create(name=name, dept=dept, cmd=cmd, comment=comment) msg = u'命令组添加成功' return HttpResponseRedirect('/jperm/cmd_list/') - return render_to_response('jperm/sudo_cmd_add.html', locals(), context_instance=RequestContext(request)) diff --git a/jumpserver/api.py b/jumpserver/api.py index 7373ff727..f7846f956 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -283,6 +283,14 @@ def view_splitter(request, su=None, adm=None): return HttpResponseRedirect('/login/') +def user_group_perm_asset_group_api(user_group): + asset_group_list = [] + perm_list = user_group.perm_set.all() + for perm in perm_list: + asset_group_list.append(perm.asset_group) + return asset_group_list + + def user_perm_group_api(username): if username: user = User.objects.get(username=username) diff --git a/jumpserver/templatetags/mytags.py b/jumpserver/templatetags/mytags.py index f5e1e343c..4caf4b484 100644 --- a/jumpserver/templatetags/mytags.py +++ b/jumpserver/templatetags/mytags.py @@ -380,3 +380,6 @@ def sudo_cmd_ids(user_group_id): return '0' +@register.filter(name='cmd_group_split') +def cmd_group_split(cmd_group): + return cmd_group.cmd.split(',') diff --git a/templates/jperm/perm_detail.html b/templates/jperm/perm_detail.html index be7f25ccd..b772e4613 100644 --- a/templates/jperm/perm_detail.html +++ b/templates/jperm/perm_detail.html @@ -5,10 +5,10 @@ {% include 'nav_cat_bar.html' %}
-
+
-
用户详情
+
授权主机/组
@@ -17,9 +17,9 @@ @@ -27,35 +27,41 @@
-
- - - - - - - - - - - {% for user in users_list %} - - - - - - - {% endfor %} - -
用户名姓名部门小组
{{ user.username }}{{ user.name }}{{ user.dept.name }}{{ user.group.all | group_str2 }}
+
+

用户

+ 组下用户. +
+
+
+
+
+ + {{ user_group.name }} +
+ 共: {{ group_user_num }} 用户 +
+
+

{{ user_group.comment }}

+

+ {% for user in users %} + {{ user.name }}
+ {% endfor %} +

+

+
+
+
+ {% if not user|get_user_asset_group %} + (无) + {% endif %}
-
+
-
授权详情
+
授权主机/组
@@ -64,9 +70,9 @@ @@ -74,33 +80,38 @@
-
- - - - - - - - - - {% for asset in assets_list %} - - - - - - {% endfor %} - -
IPIDC主机组
{{ asset.ip }}{{ asset.idc.name }} - {% for group in asset.bis_group.all %} - {{ group }} +
+

授权主机/组

+ 这里包含了用户所有的主机组和组下的主机. +
+
+ {% for group in asset_groups %} +
+
+
+ + {{ group.name }} +
+ 共: {{ group | group_asset_list_count }}台 +
+
+

{{ group.comment }}

+

+ {% for asset in group|group_asset_list %} + {{ asset.ip }}
{% endfor %} -

+

+

+
+
+
+ {% endfor %} + {% if not user|get_user_asset_group %} + (暂无) + {% endif %}
-
diff --git a/templates/jperm/sudo_detail.html b/templates/jperm/sudo_detail.html index d22af8320..c732a4b37 100644 --- a/templates/jperm/sudo_detail.html +++ b/templates/jperm/sudo_detail.html @@ -5,10 +5,10 @@ {% include 'nav_cat_bar.html' %}
-
+
-
Sudo授权详情
+
授权主机/组
@@ -17,9 +17,9 @@ @@ -27,123 +27,139 @@
-
- - - - - - - - - - - {% for user in users_list %} - - - - - - - {% endfor %} - -
用户名姓名部门属组
{{ user.username }}{{ user.name }}{{ user.dept.name }}{{ user.group.all | group_str2}}
+
+

用户

+ 组下用户.
-
-
- -
-
-
-
授权主机 Asset.
-
- - - - - - - - - - -
-
-
- - - - - - - - - - {% for asset in assets_list %} - - - - - - {% endfor %} - -
IPIDC主机组
{{ asset.ip }}{{ asset.idc.name }} - {% for group in asset.bis_group.all|filter_private %} - {{ group }} - {% endfor %} -
-
-
-
- -
-
-
-
授权命令 Command.
-
- - - - - - - - - - -
-
-
- - - - - - - - - {% for cmd_group in cmds_list %} - {% for cmd_group_name, cmds in cmd_group.items %} - {% for cmd in cmds %} - - - - +
+
+
+
+ + {{ user_group.name }} +
+ 共: {{ group_user_num }} 用户 +
+
+

{{ user_group.comment }}

+

+ {% for user in users %} + {{ user.name }}
{% endfor %} - {% endfor %} - {% endfor %} -

-
命令命令组
{{ cmd }}{{ cmd_group_name }}
+

+

+
+
+
+ {% if not users %} + (暂无) + {% endif %} +
+
+
+ +
+
+
+
授权主机/组
+
+ + + + + + + + + + +
+
+
+

授权主机/组

+ 这里包含了sudo授权所有的主机组和组下的主机. +
+
+ {% for group in asset_groups %} +
+
+
+ + {{ group.name }} +
+ 共: {{ group | group_asset_list_count }}台 +
+
+

{{ group.comment }}

+

+ {% for asset in group|group_asset_list %} + {{ asset.ip }}
+ {% endfor %} +

+

+
+
+
+ {% endfor %} + {% if not asset_groups %} + (暂无) + {% endif %} +
+
+
+ +
+
+
+
授权命令/组
+
+ + + + + + + + + + +
+
+
+ {% for cmd_group in cmd_groups %} +
+
+
+ + {{ cmd_group.name }} +
+ 共: {{ cmd_group.id|sudo_cmd_count }} 个 +
+
+

{{ group.comment }}

+

+ {% for cmd in cmd_group|cmd_group_split %} + {{ cmd }}
+ {% endfor %} +

+

+
+
+
+ {% endfor %} + {% if not cmd_groups %} + (暂无) + {% endif %}
diff --git a/templates/jperm/sudo_list.html b/templates/jperm/sudo_list.html index 9335119a1..ab9116e7a 100644 --- a/templates/jperm/sudo_list.html +++ b/templates/jperm/sudo_list.html @@ -5,7 +5,7 @@
-
+
Sudo授权列表
@@ -45,7 +45,6 @@
-
@@ -72,6 +71,7 @@ @@ -87,15 +87,9 @@ {% include 'paginator.html' %} - - - - - - diff --git a/templates/juser/user_detail.html b/templates/juser/user_detail.html index 462423d73..883085ed8 100644 --- a/templates/juser/user_detail.html +++ b/templates/juser/user_detail.html @@ -118,20 +118,18 @@
- {{ group.name }} + {{ group.name }}
共: {{ group | group_asset_list_count }}台

{{ group.comment }}

-

{% for asset in group|group_asset_list %} {{ asset.ip }}
{% endfor %}

-
diff --git a/templates/nav.html b/templates/nav.html index 61bfdba27..7a9874fc2 100644 --- a/templates/nav.html +++ b/templates/nav.html @@ -35,11 +35,11 @@ 部门授权 -
  • +
  • 小组授权
    • -
  • +
  • Sudo授权
  • 权限审批
    • @@ -91,7 +91,7 @@ 小组授权 -
  • +
  • Sudo授权
  • 权限审批
    • {{ group.id | sudo_cmd_count }} {{ group.comment }} + 详情 sudo授权