def perm_rule_add(request):
"""
add rule page
添加授权
"""
# 渲染数据
header_title, path1, path2 = "授权规则", "规则管理", "添加规则"
# 渲染数据, 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则
users = User.objects.all()
user_groups = UserGroup.objects.all()
assets = Asset.objects.all()
asset_groups = AssetGroup.objects.all()
roles = PermRole.objects.all()
if request.method == 'POST':
# 获取用户选择的 用户,用户组,资产,资产组,用户角色
users_select = request.POST.getlist('user', []) # 需要授权用户
user_groups_select = request.POST.getlist('user_group', []) # 需要授权用户组
assets_select = request.POST.getlist('asset', []) # 需要授权资产
asset_groups_select = request.POST.getlist('asset_group',
[]) # 需要授权资产组
roles_select = request.POST.getlist('role', []) # 需要授权角色
rule_name = request.POST.get('name')
rule_comment = request.POST.get('comment')
try:
rule = get_object(PermRule, name=rule_name)
if rule:
raise ServerError(u'授权规则 %s 已存在' % rule_name)
if not rule_name or not roles_select:
raise ServerError(u'系统用户名称和规则名称不能为空')
# 获取需要授权的主机列表
assets_obj = [
Asset.objects.get(id=asset_id) for asset_id in assets_select
]
asset_groups_obj = [
AssetGroup.objects.get(id=group_id)
for group_id in asset_groups_select
]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(
assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [
User.objects.get(id=user_id) for user_id in users_select
]
user_groups_obj = [
UserGroup.objects.get(id=group_id)
for group_id in user_groups_select
]
# 获取授予的角色列表
roles_obj = [
PermRole.objects.get(id=role_id) for role_id in roles_select
]
need_push_asset = set()
for role in roles_obj:
asset_no_push = get_role_push_host(
role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(
u'没有推送系统用户 %s 的主机 %s' % (role.name, ','.join(
[asset.hostname for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule = PermRule(name=rule_name, comment=rule_comment)
rule.save()
rule.user = users_obj
rule.user_group = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.save()
msg = u"添加授权规则:%s" % rule.name
return HttpResponseRedirect(reverse('rule_list'))
except ServerError, e:
error = e
logger.debug("操作系统账号添加成功: %s", user.username)
except ServerError, e:
loggeo.debug(u'jumpserver用户账号添加失败: %s' % username)
raise ServerError
# 开始为用户创建授权规则(PermRule)
# 默认为每一个新注册用户创建一个与账号名相同的授权规则
# 该授权中含有一个名为'zero'的资产组, 资产组中所包含的主机数量为0
#
rule_name = user.username
# 授权规则说明信息
rule_comment = u'给(%s)的授权. 创建于: %s' % (user.name, datetime.now()) # 授权规则说明
# 创建一个授权规则对象, 随后更新授权信息
new_rule = PermRule(name=rule_name, comment=rule_comment)
new_rule.save()
logger.debug("%s :授权规则对象创建成功" % new_rule.name)
try:
# 授权规则对应的用户
rule_to_user = user
logger.debug("规则对应的用户为 %s" % user.username)
# 'zero'资产组
# 默认每个注册用户都会被赋予'zero'资产组
#
asset_group = AssetGroup.objects.get(name='zero')
logger.debug("规则对应的资产组为: %s" % asset_group.name)
except e:
logger.debug("ERROR: 无法找到用户或资产组: %s" % e)
return "ERROR: 更新授权规则失败"
def perm_rule_add(request):
"""
add rule page
添加授权
"""
# 渲染数据
header_title, path1, path2 = "授权规则", "规则管理", "添加规则"
# 渲染数据, 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则
users = User.objects.all()
user_groups = UserGroup.objects.all()
assets = Asset.objects.all()
asset_groups = AssetGroup.objects.all()
roles = PermRole.objects.all()
if request.method == 'POST':
# 获取用户选择的 用户,用户组,资产,资产组,用户角色
users_select = request.POST.getlist('user', []) # 需要授权用户
user_groups_select = request.POST.getlist('user_group', []) # 需要授权用户组
assets_select = request.POST.getlist('asset', []) # 需要授权资产
asset_groups_select = request.POST.getlist('asset_group', []) # 需要授权资产组
roles_select = request.POST.getlist('role', []) # 需要授权角色
rule_name = request.POST.get('name')
rule_comment = request.POST.get('comment')
try:
rule = get_object(PermRule, name=rule_name)
if rule:
raise ServerError(u'授权规则 %s 已存在' % rule_name)
if not rule_name or not roles_select:
raise ServerError(u'系统用户名称和规则名称不能为空')
# 获取需要授权的主机列表
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [User.objects.get(id=user_id) for user_id in users_select]
user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]
# 获取授予的角色列表
roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
need_push_asset = set()
for role in roles_obj:
asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送系统用户 %s 的主机 %s'
% (role.name, ','.join([asset.hostname for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule = PermRule(name=rule_name, comment=rule_comment)
rule.save()
rule.user = users_obj
rule.user_group = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.save()
msg = u"添加授权规则:%s" % rule.name
return HttpResponseRedirect(reverse('rule_list'))
except ServerError, e:
error = e