From fe1f825fdf91d46e83a246801321c5be4b5dc0c4 Mon Sep 17 00:00:00 2001 From: "ibuler@qq.com" Date: Mon, 19 Oct 2015 23:40:16 +0800 Subject: [PATCH] perm edit --- jasset/views.py | 303 ---------------------------------------------- jperm/perm_api.py | 165 ++++++++++++++++++++++--- 2 files changed, 149 insertions(+), 319 deletions(-) diff --git a/jasset/views.py b/jasset/views.py index 4a33f647c..8e639c3b3 100644 --- a/jasset/views.py +++ b/jasset/views.py @@ -118,119 +118,6 @@ def asset_add(request): msg = u'主机 %s 添加成功' % ip return my_render('jasset/asset_add.html', locals(), request) -# -# -# @require_admin -# def host_add_batch(request): -# """ 批量添加主机 """ -# header_title, path1, path2 = u'批量添加主机', u'资产管理', u'批量添加主机' -# login_types = {'LDAP': 'L', 'MAP': 'M'} -# active_types = {'激活': 1, '禁用': 0} -# dept_id = get_user_dept(request) -# if request.method == 'POST': -# multi_hosts = request.POST.get('j_multi').split('\n') -# for host in multi_hosts: -# if host == '': -# break -# j_ip, j_port, j_type, j_idc, j_groups, j_depts, j_active, j_comment = host.split() -# j_active = active_types[str(j_active)] -# j_group = ast.literal_eval(j_groups) -# j_dept = ast.literal_eval(j_depts) -# -# if j_type not in ['LDAP', 'MAP']: -# return httperror(request, u'没有%s这种登录方式!' %j_type) -# -# j_type = login_types[j_type] -# idc = IDC.objects.filter(name=j_idc) -# if idc: -# j_idc = idc[0].id -# else: -# return httperror(request, '添加失败, 没有%s这个IDC' % j_idc) -# -# group_ids, dept_ids = [], [] -# for group_name in j_group: -# group = BisGroup.objects.filter(name=group_name) -# if group: -# group_id = group[0].id -# else: -# return httperror(request, '添加失败, 没有%s这个主机组' % group_name) -# group_ids.append(group_id) -# -# for dept_name in j_dept: -# dept = DEPT.objects.filter(name=dept_name) -# if dept: -# dept_id = dept[0].id -# else: -# return httperror(request, '添加失败, 没有%s这个部门' % dept_name) -# dept_ids.append(dept_id) -# -# if is_group_admin(request) and not validate(request, asset_group=group_ids, edept=dept_ids): -# return httperror(request, '添加失败, 没有%s这个主机组' % group_name) -# -# if Asset.objects.filter(ip=str(j_ip)): -# return httperror(request, '添加失败, 改IP%s已存在' % j_ip) -# -# host_info = [j_ip, j_port, j_idc, j_type, group_ids, dept_ids, j_active, j_comment] -# db_host_insert(host_info) -# -# smg = u'批量添加添加成功' -# return my_render('jasset/host_add_multi.html', locals(), request) -# -# return my_render('jasset/host_add_multi.html', locals(), request) -# -# -# @require_admin -# def host_edit_batch(request): -# """ 批量修改主机 """ -# if request.method == 'POST': -# len_table = request.POST.get('len_table') -# for i in range(int(len_table)): -# j_id = "editable[" + str(i) + "][j_id]" -# j_ip = "editable[" + str(i) + "][j_ip]" -# j_port = "editable[" + str(i) + "][j_port]" -# j_dept = "editable[" + str(i) + "][j_dept]" -# j_idc = "editable[" + str(i) + "][j_idc]" -# j_type = "editable[" + str(i) + "][j_type]" -# j_group = "editable[" + str(i) + "][j_group]" -# j_active = "editable[" + str(i) + "][j_active]" -# j_comment = "editable[" + str(i) + "][j_comment]" -# -# j_id = request.POST.get(j_id).strip() -# j_ip = request.POST.get(j_ip).strip() -# j_port = request.POST.get(j_port).strip() -# j_dept = request.POST.getlist(j_dept) -# j_idc = request.POST.get(j_idc).strip() -# j_type = request.POST.get(j_type).strip() -# j_group = request.POST.getlist(j_group) -# j_active = request.POST.get(j_active).strip() -# j_comment = request.POST.get(j_comment).strip() -# -# host_info = [j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment] -# batch_host_edit(host_info) -# -# return HttpResponseRedirect('/jasset/host_list/') -# -# -# @require_role(role='user') -# def host_edit_common_batch(request): -# """ 普通用户批量修改主机别名 """ -# u = get_session_user_info(request)[2] -# if request.method == 'POST': -# len_table = request.POST.get('len_table') -# for i in range(int(len_table)): -# j_id = "editable[" + str(i) + "][j_id]" -# j_alias = "editable[" + str(i) + "][j_alias]" -# j_id = request.POST.get(j_id, '').strip() -# j_alias = request.POST.get(j_alias, '').strip() -# a = Asset.objects.get(id=j_id) -# asset_alias = AssetAlias.objects.filter(user=u, host=a) -# if asset_alias: -# asset_alias = asset_alias[0] -# asset_alias.alias = j_alias -# asset_alias.save() -# else: -# AssetAlias.objects.create(user=u, host=a, alias=j_alias) -# return my_render('jasset/host_list_common.html', locals(), request) @require_role(role='user') @@ -313,53 +200,6 @@ def asset_edit(request): return my_render('jasset/asset_edit.html', locals(), request) -# @require_role(role='admin') -# def host_edit_adm(request): -# """ 部门管理员修改主机 """ -# header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机' -# actives = {1: u'激活', 0: u'禁用'} -# login_types = {'L': 'LDAP', 'M': 'MAP'} -# eidc = IDC.objects.all() -# dept = get_session_user_info(request)[5] -# egroup = BisGroup.objects.exclude(name='ALL').filter(dept=dept) -# host_id = request.GET.get('id', '') -# post = Asset.objects.filter(id=int(host_id)) -# if post: -# post = post[0] -# else: -# return httperror(request, '没有此主机!') -# -# e_group = post.bis_group.all() -# -# if request.method == 'POST': -# j_ip = request.POST.get('j_ip') -# j_idc = request.POST.get('j_idc') -# j_port = request.POST.get('j_port') -# j_type = request.POST.get('j_type') -# j_dept = request.POST.getlist('j_dept') -# j_group = request.POST.getlist('j_group') -# j_active = request.POST.get('j_active') -# j_comment = request.POST.get('j_comment') -# -# host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment] -# -# if not validate(request, asset_group=j_group, edept=j_dept): -# emg = u'修改失败,您无权操作!' -# return my_render('jasset/asset_edit.html', locals(), request) -# -# if j_type == 'M': -# j_user = request.POST.get('j_user') -# j_password = request.POST.get('j_password') -# db_host_update(host_info, j_user, j_password, post) -# else: -# db_host_update(host_info, post) -# -# smg = u'主机 %s 修改成功' % j_ip -# return HttpResponseRedirect('/jasset/host_detail/?id=%s' % host_id) -# -# return my_render('jasset/asset_edit.html', locals(), request) - - @require_role('admin') def asset_detail(request): """ 主机详情 """ @@ -370,146 +210,3 @@ def asset_detail(request): return my_render('jasset/asset_detail.html', locals(), request) - - -# -# -# @require_admin -# def group_edit(request): -# """ 修改主机组 """ -# header_title, path1, path2 = u'编辑主机组', u'资产管理', u'编辑主机组' -# group_id = request.GET.get('id', '') -# group = BisGroup.objects.filter(id=group_id) -# if group: -# group = group[0] -# else: -# httperror(request, u'没有这个主机组!') -# -# host_all = Asset.objects.all() -# dept_id = get_session_user_info(request)[3] -# eposts = Asset.objects.filter(bis_group=group) -# -# if is_group_admin(request) and not validate(request, asset_group=[group_id]): -# return httperror(request, '编辑失败, 您无权操作!') -# dept = DEPT.objects.filter(id=group.dept.id) -# if dept: -# dept = dept[0] -# else: -# return httperror(request, u'没有这个部门!') -# -# all_dept = dept.asset_set.all() -# posts = [g for g in all_dept if g not in eposts] -# -# if request.method == 'POST': -# j_group = request.POST.get('j_group', '') -# j_hosts = request.POST.getlist('j_hosts', '') -# j_dept = request.POST.get('j_dept', '') -# j_comment = request.POST.get('j_comment', '') -# -# j_dept = DEPT.objects.filter(id=int(j_dept)) -# j_dept = j_dept[0] -# -# group.asset_set.clear() -# for host in j_hosts: -# g = Asset.objects.get(id=host) -# group.asset_set.add(g) -# BisGroup.objects.filter(id=group_id).update(name=j_group, dept=j_dept, comment=j_comment) -# smg = u'主机组%s修改成功' % j_group -# return HttpResponseRedirect('/jasset/group_list') -# -# return my_render('jasset/group_edit.html', locals(), request) -# -# -# @require_admin -# def group_detail(request): -# """ 主机组详情 """ -# header_title, path1, path2 = u'主机组详情', u'资产管理', u'主机组详情' -# login_types = {'L': 'LDAP', 'M': 'MAP'} -# dept = get_session_user_info(request)[5] -# group_id = request.GET.get('id', '') -# group = BisGroup.objects.get(id=group_id) -# if is_super_user(request): -# posts = Asset.objects.filter(bis_group=group).order_by('ip') -# -# elif is_group_admin(request): -# if not validate(request, asset_group=[group_id]): -# return httperror(request, u'您无权查看!') -# posts = Asset.objects.filter(bis_group=group).filter(dept=dept).order_by('ip') -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) -# return my_render('jasset/group_detail.html', locals(), request) -# -# -# @require_admin -# def group_del_host(request): -# """ 主机组中剔除主机, 并不删除真实主机 """ -# if request.method == 'POST': -# group_id = request.POST.get('group_id') -# offset = request.GET.get('id', '') -# group = BisGroup.objects.get(id=group_id) -# if offset == 'group': -# len_list = request.POST.get("len_list") -# for i in range(int(len_list)): -# key = "id_list[" + str(i) + "]" -# jid = request.POST.get(key) -# g = Asset.objects.get(id=jid) -# group.asset_set.remove(g) -# -# else: -# offset = request.GET.get('id', '') -# group_id = request.GET.get('gid', '') -# group = BisGroup.objects.get(id=group_id) -# g = Asset.objects.get(id=offset) -# group.asset_set.remove(g) -# -# return HttpResponseRedirect('/jasset/group_detail/?id=%s' % group.id) -# - -# @require_admin -# def dept_host_ajax(request): -# """ 添加主机组时, 部门联动主机异步 """ -# dept_id = request.GET.get('id', '') -# if dept_id not in ['1', '2']: -# dept = DEPT.objects.filter(id=dept_id) -# if dept: -# dept = dept[0] -# hosts = dept.asset_set.all() -# else: -# hosts = Asset.objects.all() -# -# return my_render('jasset/dept_host_ajax.html', locals(), request) -# -# -# def show_all_ajax(request): -# """ 批量修改主机时, 部门和组全部显示 """ -# env = request.GET.get('env', '') -# get_id = request.GET.get('id', '') -# host = Asset.objects.filter(id=get_id) -# if host: -# host = host[0] -# return my_render('jasset/show_all_ajax.html', locals(), request) -# -# -# @require_login -# def host_search(request): -# """ 搜索主机 """ -# keyword = request.GET.get('keyword') -# login_types = {'L': 'LDAP', 'M': 'MAP'} -# dept = get_session_user_info(request)[5] -# post_all = Asset.objects.filter(Q(ip__contains=keyword) | -# Q(idc__name__contains=keyword) | -# Q(bis_group__name__contains=keyword) | -# Q(comment__contains=keyword)).distinct().order_by('ip') -# if is_super_user(request): -# posts = post_all -# -# elif is_group_admin(request): -# posts = post_all.filter(dept=dept) -# -# elif is_common_user(request): -# user_id, username = get_session_user_info(request)[0:2] -# post_perm = user_perm_asset_api(username) -# posts = list(set(post_all) & set(post_perm)) -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) -# -# return my_render('jasset/host_search.html', locals(), request) \ No newline at end of file diff --git a/jperm/perm_api.py b/jperm/perm_api.py index d777ca82d..8f95a7e1b 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -65,10 +65,10 @@ def perm_user_api(perm_info): 'assets': []}} """ try: - new_users = perm_info['new']['users'] - new_assets = perm_info['new']['assets'] - del_users = perm_info['del']['users'] - del_assets = perm_info['del']['assets'] + new_users = perm_info.get('new', {}).get('users', []) + new_assets = perm_info.get('new', {}).get('assets',[]) + del_users = perm_info.get('del', {}).get('users', []) + del_assets = perm_info.get('del', {}).get('assets', []) print new_users, new_assets except IndexError: @@ -117,18 +117,151 @@ def perm_user_api(perm_info): return results -def get_user_assets(user): - if isinstance(user, int): - user = get_object(User, id=user) - elif isinstance(user, str): - user = get_object(User, username=user) - elif isinstance(user, User): - user = user - else: - user = None +def user_group_permed(user_group): + assets = user_group.asset_set.all() + asset_groups = user_group.asset_group.all() + + for asset_group in asset_groups: + assets.extend(asset_group.asset.all()) + + return {'assets': assets, 'asset_groups': asset_groups} + + +def user_permed(user): + asset_groups = [] + assets = [] + user_groups = user.user_group.all() + asset_groups.extend(user.asset_group.all()) + assets.extend(user.asset.all()) + + for user_group in user_groups: + asset_groups.extend(user_group_permed(user_group).get('assets', [])) + assets.extend((user_group_permed(user_group).get('asset_groups', []))) + + return {'assets': assets, 'asset_groups': asset_groups} + + +def _public_perm_api(info): + """ + 公用的用户,用户组,主机,主机组编辑修改新建调用的api,用来完成授权 + info like that: + { + 'type': 'new_user', + 'user': 'a', + 'group': ['A', 'B'] + } + + { + 'type': 'edit_user', + 'user': 'a', + 'group': {'new': ['A'], 'del': []} + } + + { + 'type': 'del_user', + 'user': ['a', 'b'] + } + + { + 'type': 'edit_user_group', + 'group': 'A', + 'user': {'del': ['a', 'b'], 'new': ['c', 'd']} + } + + { + 'type': 'del_user_group', + 'group': ['A'] + } + + { + 'type': 'new_asset', + 'asset': 'a', + 'group': ['A', 'B'] + } + + { + 'type': 'edit_asset', + 'asset': 'a', + 'group': { + 'del': ['A', ['B'], + 'new': ['C', ['D']] + } + } + + { + 'type': 'del_asset', + 'asset': ['a', 'b'] + } + + { + 'type': 'edit_asset_group', + 'group': 'A', + 'asset': {'new': ['a', 'b'], 'del': ['c', 'd']} + } + + { + 'type': 'del_asset_group', + 'group': ['A', 'B'] + } + """ + + if info.get('type') == 'new_user': + new_assets = [] + user = info.get('user') + user_groups = info.get('group') + for user_group in user_groups: + new_assets.extend(user_group_permed(user_group).get('assets', [])) + + perm_info = { + 'new': {'users': [user], 'assets': new_assets} + } + elif info.get('type') == 'edit_user': + new_assets = [] + del_assets = [] + user = info.get('user') + new_group = info.get('group').get('new') + del_group = info.get('group').get('del') + + for user_group in new_group: + new_assets.extend(user_group_permed(user_group).get('assets', [])) + + for user_group in del_group: + del_assets.extend((user_group_permed(user_group).get('assets', []))) + + perm_info = { + 'del': {'users': [user], 'assets': del_assets}, + 'new': {'users': [user], 'assets': new_assets} + } + + elif info.get('type') == 'del_user': + user = info.get('user') + del_assets = user_permed(user).get('assets', []) + perm_info = { + 'del': {'users': [user], 'assets': del_assets}, + } + + elif info.get('type') == 'edit_user_group': + user_group = info.get('group') + new_users = info.get('user').get('new') + del_users = info.get('user').get('del') + assets = user_group_permed(user_group).get('assets', []) + + perm_info = { + 'new': {'users': new_users, 'assets': assets}, + 'del': {'users': del_users, 'assets': assets} + } + + elif info.get('type') == 'del_user_group': + assets = [] + user_groups = info.get('group', []) + del_users = [user_group.user_set.all() for user_group in user_groups] + for user_group in user_groups: + assets.extend(user_group_permed(user_group).get('assets', [])) + + perm_info = {} + + + -def refresh_group_api(user_group=None, asset_group=None): - """用户组添加删除用户,主机组添加删除主机触发""" - pass