From f6bc03324f3de98e8b1cb4f77cd4f5b94f632c92 Mon Sep 17 00:00:00 2001 From: yumaojun <719118794@qq.com> Date: Sat, 14 Nov 2015 21:13:02 +0800 Subject: [PATCH] 1. rule operations list add delete edit info page compeleted 2. rule operations list add delete edit info page compeleted --- jperm/models.py | 20 ++- jperm/perm_api.py | 62 +++++++- jperm/urls.py | 13 +- jperm/utils.py | 34 ++++- jperm/views.py | 136 ++++++++++++++++-- jumpserver/settings.py | 1 + templates/jperm/perm_rule_add.html | 4 +- templates/jperm/perm_rule_detail.html | 56 ++++++-- templates/jperm/perm_rule_edit.html | 2 +- .../{perm_rules.html => perm_rule_list.html} | 0 templates/nav.html | 8 +- 11 files changed, 288 insertions(+), 48 deletions(-) rename templates/jperm/{perm_rules.html => perm_rule_list.html} (100%) diff --git a/jperm/models.py b/jperm/models.py index 238ce73ba..d273eeb9c 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -21,17 +21,25 @@ class SysUser(models.Model): class PermRole(models.Model): name = models.CharField(max_length=100) - comment = models.CharField(max_length=100) + comment = models.CharField(max_length=100, null=True, blank=True, default='') + password = models.CharField(max_length=100) + key_path = models.CharField(max_length=100) date_added = models.DateTimeField(auto_now=True) + def __unicode__(self): + return self.name + class PermRule(models.Model): date_added = models.DateTimeField(auto_now=True) name = models.CharField(max_length=100) comment = models.CharField(max_length=100) - asset = models.ManyToManyField(Asset) - asset_group = models.ManyToManyField(AssetGroup) - user = models.ManyToManyField(User) - user_group = models.ManyToManyField(UserGroup) - role = models.ManyToManyField(PermRole) + asset = models.ManyToManyField(Asset, related_name='perm_rule') + asset_group = models.ManyToManyField(AssetGroup, related_name='perm_rule') + user = models.ManyToManyField(User, related_name='perm_rule') + user_group = models.ManyToManyField(UserGroup, related_name='perm_rule') + role = models.ManyToManyField(PermRole, related_name='perm_rule') ssh_type = models.BooleanField() + + def __unicode__(self): + return self.name \ No newline at end of file diff --git a/jperm/perm_api.py b/jperm/perm_api.py index ccfcbb6b4..c04aeda52 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -1,6 +1,6 @@ # coding: utf-8 -from jasset.models import * + from jumpserver.api import * import uuid import re @@ -9,6 +9,8 @@ from jumpserver.tasks import playbook_run from jumpserver.models import Setting from jperm.models import PermLog +from jperm.models import PermRole + def get_object_list(model, id_list): """根据id列表获取对象列表""" @@ -281,8 +283,62 @@ def push_user(user, asset_groups_id): return results - - +def get_role_info(role_id, type="all"): + """ + 获取role对应的一些信息 + :return: 返回值 均为对象列表 + """ + # 获取role对应的授权规则 + role_obj = PermRole.objects.get(id=role_id) + rules_obj = role_obj.perm_rule.all() + # 获取role 对应的用户 和 用户组 + # 获取role 对应的主机 和主机组 + users_obj = [] + assets_obj = [] + user_groups_obj = [] + group_users_obj = [] + asset_groups_obj = [] + group_assets_obj = [] + for rule in rules_obj: + for user in rule.user.all(): + users_obj.append(user) + for asset in rule.asset.all(): + assets_obj.append(asset) + for user_group in rule.user_group.all(): + user_groups_obj.append(user_group) + for user in user_group.user_set.all(): + group_users_obj.append(user) + for asset_group in rule.asset_group.all(): + asset_groups_obj.append(asset_group) + for asset in asset_group.asset_set.all(): + group_assets_obj.append(asset) + + calc_users = set(users_obj) | set(group_users_obj) + calc_assets = set(assets_obj) | set(group_assets_obj) + + if type == "all": + return {"rules": rules_obj, + "users": list(calc_users), + "user_groups": user_groups_obj, + "assets": list(calc_assets), + "asset_groups": asset_groups_obj, + } + elif type == "rule": + return rules_obj + elif type == "user": + return calc_users + elif type == "user_group": + return user_groups_obj + elif type == "asset": + return calc_assets + elif type == "asset_group": + return asset_groups_obj + else: + return u"不支持的查询" + + +if __name__ == "__main__": + print get_role_info(1) diff --git a/jperm/urls.py b/jperm/urls.py index 16eea4951..1cf64813e 100644 --- a/jperm/urls.py +++ b/jperm/urls.py @@ -2,16 +2,21 @@ from django.conf.urls import patterns, include, url from jperm.views import * urlpatterns = patterns('jperm.views', - (r'^rule/$', perm_rules), + (r'^rule/$', perm_rule_list), (r'^perm_rule_add/$', perm_rule_add), (r'^perm_rule_detail/$', perm_rule_detail), (r'^perm_rule_edit/$', perm_rule_edit), (r'^perm_rule_delete/$', perm_rule_delete), - (r'^group/$', perm_group_list), - (r'^perm_group_edit/$', perm_group_edit), + (r'^role/$', perm_role_list), + (r'^role/perm_role_add/$', perm_role_add), + (r'^role/perm_role_delete/$', perm_role_delete), + (r'^role/perm_role_detail/$', perm_role_detail), + (r'^role/perm_role_edit/$', perm_role_edit), + + (r'^log/$', log), (r'^sys_user_add/$', sys_user_add), - (r'^sys_user_list/$', sys_user_list), + (r'^perm_user_list/$', sys_user_list), (r'^sys_user_del/$', sys_user_del), (r'^sys_user_edit/$', sys_user_edit), ) diff --git a/jperm/utils.py b/jperm/utils.py index 76a0a8489..e7826f59e 100644 --- a/jperm/utils.py +++ b/jperm/utils.py @@ -1,6 +1,15 @@ # -*- coding: utf-8 -*- import random +import os.path + +from Crypto.PublicKey import RSA +from os import chmod, mkdir +from uuid import uuid4 + +PERM_DIR = os.path.dirname(os.path.abspath(__file__)) +KEY_DIR = os.path.join(PERM_DIR, 'role_keys') + def get_rand_pass(): """ @@ -19,6 +28,7 @@ def get_rand_pass(): password = ''.join(pass_list) return password + def updates_dict(*args): """ surport update multi dict @@ -29,8 +39,30 @@ def updates_dict(*args): return result +def gen_keys(): + """ + 在KEY_DIR下创建一个 uuid命名的目录, + 并且在该目录下 生产一对秘钥 + :return: 返回目录名(uuid) + """ + key_basename = "keys-" + uuid4().hex + key_path_dir = os.path.join(KEY_DIR, key_basename) + mkdir(key_path_dir, 0700) + + key = RSA.generate(4096) + private_key = os.path.join(key_path_dir, 'id_rsa') + public_key = os.path.join(key_path_dir, 'id_rsa.pub') + with open(private_key, 'w') as content_file: + content_file.write(key.exportKey('PEM')) + with open(public_key, 'w') as content_file: + content_file.write(key.publickey().exportKey('OpenSSH')) + + return key_path_dir + + + if __name__ == "__main__": - pass + print gen_keys() diff --git a/jperm/views.py b/jperm/views.py index d34e9d90a..285d8d040 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -13,14 +13,16 @@ from juser.models import User, UserGroup from jasset.models import Asset, AssetGroup from jperm.models import PermRole, PermRule -from jperm.utils import updates_dict +from jperm.utils import updates_dict, gen_keys, get_rand_pass from jperm.ansible_api import Tasks +from jperm.perm_api import get_role_info from jumpserver.api import my_render, get_object + @require_role('admin') -def perm_rules(request): +def perm_rule_list(request): """ 用户授权视图: 该视图的模板包含2部分: @@ -45,7 +47,7 @@ def perm_rules(request): render_data = updates_dict(data_nav, data_content) - return my_render('jperm/perm_rules.html', render_data, request) + return my_render('jperm/perm_rule_list.html', render_data, request) @require_role('admin') @@ -175,15 +177,15 @@ def perm_rule_edit(request): if request.method == 'GET' and rule_id: # 获取所有的rule对象 - users = rule_obj.user.all() - user_groups = rule_obj.user_group.all() - assets = rule_obj.asset.all() - asset_groups = rule_obj.asset_group.all() - roles = rule_obj.role.all() + users_obj = rule_obj.user.all() + user_groups_obj = rule_obj.user_group.all() + assets_obj = rule_obj.asset.all() + asset_groups_obj = rule_obj.asset_group.all() + roles_obj = rule_obj.role.all() - data_content = {"users": users, "user_groups": user_groups, - "assets": assets, "asset_groups": asset_groups, - "roles": roles} + data_content = {"users": users_obj, "user_groups": user_groups_obj, + "assets": assets_obj, "asset_groups": asset_groups_obj, + "roles": roles_obj, "rule": rule_obj} render_data = updates_dict(data_nav, data_content) return my_render('jperm/perm_rule_edit.html', render_data, request) @@ -210,6 +212,118 @@ def perm_rule_delete(request): return HttpResponse(u"不支持该操作") +@require_role('admin') +def perm_role_list(request): + """ + 用户授权视图: + 该视图的模板包含2部分: + 1. block 部分:{% block content %} + rander_content 为渲染数据 + 2. include 部分:{% include 'nav_cat_bar.html' %} + rander_nav 为渲染数据 + """ + data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "查看角色"} + + # 获取所有系统角色 + roles_list = PermRole.objects.all() + + + # TODO: 搜索和分页 + keyword = request.GET.get('search', '') + if keyword: + roles_list = roles_list.filter(Q(name=keyword)) + + roles_list, p, roles, page_range, current_page, show_first, show_end = pages(roles_list, request) + data_content = {"roles": roles_list} + + render_data = updates_dict(data_nav, data_content) + + return my_render('jperm/perm_role_list.html', render_data, request) + + +@require_role('admin') +def perm_role_add(request): + """ + 用户授权视图: + 该视图的模板包含2部分: + 1. block 部分:{% block content %} + rander_content 为渲染数据 + 2. include 部分:{% include 'nav_cat_bar.html' %} + rander_nav 为渲染数据 + """ + data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "添加角色"} + + if request.method == "GET": + return my_render('jperm/perm_role_add.html', data_nav, request) + + elif request.method == "POST": + # 获取参数: name, comment + name = request.POST.get("role_name") + comment = request.POST.get("role_comment") + # 生成随机密码,生成秘钥对 + password = get_rand_pass() + key_path = gen_keys() + role = PermRole(name=name, comment=comment, password=password, key_path=key_path) + role.save() + return HttpResponse(u"添加角色: %s" % name) + else: + return HttpResponse(u"不支持该操作") + +@require_role('admin') +def perm_role_delete(request): + """ + 用户授权视图: + 该视图的模板包含2部分: + 1. block 部分:{% block content %} + rander_content 为渲染数据 + 2. include 部分:{% include 'nav_cat_bar.html' %} + rander_nav 为渲染数据 + """ + if request.method == "POST": + # 获取参数删除的role对象 + role_id = request.POST.get("id") + role = PermRole.objects.get(id=role_id) + role.delete() + return HttpResponse(u"删除角色: %s" % role.name) + else: + return HttpResponse(u"不支持该操作") + + +@require_role('admin') +def perm_role_detail(request): + """ + the role_info data like: + {'asset_groups': [], + 'assets': [], + 'rules': [], + 'user_groups': [], + 'users': []} + """ + data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "角色详情"} + + if request.method == "GET": + role_id = request.GET.get("id") + role_info = get_role_info(role_id) + render_data = updates_dict(data_nav, role_info) + return my_render('jperm/perm_role_detail.html', render_data, request) + +@require_role('admin') +def perm_role_edit(request): + """ + + :param request: + :return: + """ + data_nav = {"header_title": "系统角色", "path1": "角色管理", "path2": "角色编辑"} + + if request.method == "GET": + role_id = request.GET.get("id") + data_content = {"role": PermRole.objects.get(id=role_id)} + render_data = updates_dict(data_nav, data_content) + return my_render('jperm/perm_role_edit.html', render_data, request) + + if request.method == "POST": + return HttpResponse(u"未实现") @require_role('admin') diff --git a/jumpserver/settings.py b/jumpserver/settings.py index db02336dc..435f539d9 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -19,6 +19,7 @@ config = ConfigParser.ConfigParser() BASE_DIR = os.path.dirname(os.path.dirname(__file__)) config.read(os.path.join(BASE_DIR, 'jumpserver.conf')) + DB_HOST = config.get('db', 'host') DB_PORT = config.getint('db', 'port') DB_USER = config.get('db', 'user') diff --git a/templates/jperm/perm_rule_add.html b/templates/jperm/perm_rule_add.html index 21f639066..d5a95cc8d 100644 --- a/templates/jperm/perm_rule_add.html +++ b/templates/jperm/perm_rule_add.html @@ -36,7 +36,7 @@
- +
@@ -139,7 +139,7 @@
- +
diff --git a/templates/jperm/perm_rule_detail.html b/templates/jperm/perm_rule_detail.html index e516a993b..c2e362b75 100644 --- a/templates/jperm/perm_rule_detail.html +++ b/templates/jperm/perm_rule_detail.html @@ -43,7 +43,7 @@ 时间 - {{ rule.date_added }} + {{ rule.date_added | date:"Y-m-d H:i:s"}} 角色 @@ -60,15 +60,32 @@ -
-
授权用户/用户组
+ 授权用户/用户组 +
+ + + + + + +
    +
  • +
    • +
  • +
    • +
+ + + +
+
- +
@@ -88,19 +105,33 @@ -
- - -
-
授权主机/主机组
+ 授权主机/主机组 +
+ + + + + + +
    +
  • +
    • +
  • +
    • +
+ + + +
+
-
用户
+
@@ -120,11 +151,8 @@ -
- - - +
主机