def perm_role_detail(request):
"""
the role detail page
the role_info data like:
{'asset_groups': [],
'assets': [<Asset: 192.168.10.148>],
'rules': [<PermRule: PermRule object>],
'': [],
'': [<User: user1>]}
"""
# 渲染数据
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情"
try:
if request.method == "GET":
role_id = request.GET.get("id")
if not role_id:
raise ServerError("not role id")
role = get_object(PermRole, id=int(role_id))
role_info = get_role_info(role_id)
# 系统用户推送记录
rules = role_info.get("rules")
assets = role_info.get("assets")
asset_groups = role_info.get("asset_groups")
users = role_info.get("users")
user_groups = role_info.get("user_groups")
pushed_asset, need_push_asset = get_role_push_host(
get_object(PermRole, id=role_id))
# 系统用户在proxy上的操作记录
role_operator_record = Task.objects.filter(
role_name=role.name).filter(role_uuid=role.uuid_id)
except ServerError, e:
logger.error(e)
def perm_role_detail(request):
"""
the role detail page
the role_info data like:
{'asset_groups': [],
'assets': [<Asset: 192.168.10.148>],
'rules': [<PermRule: PermRule object>],
'': [],
'': [<User: user1>]}
"""
# 渲染数据
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情"
try:
if request.method == "GET":
role_id = request.GET.get("id")
if not role_id:
raise ServerError("not role id")
role = get_object(PermRole, id=role_id)
role_info = get_role_info(role_id)
# 渲染数据
rules = role_info.get("rules")
assets = role_info.get("assets")
asset_groups = role_info.get("asset_groups")
users = role_info.get("users")
user_groups = role_info.get("user_groups")
pushed_asset, need_push_asset = get_role_push_host(get_object(PermRole, id=role_id))
except ServerError, e:
logger.warning(e)
def perm_role_detail(request):
"""
the role detail page
the role_info data like:
{'asset_groups': [],
'assets': [<Asset: 192.168.10.148>],
'rules': [<PermRule: PermRule object>],
'': [],
'': [<User: user1>]}
"""
# 渲染数据
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情"
try:
if request.method == "GET":
role_id = request.GET.get("id")
if not role_id:
raise ServerError("not role id")
role = get_object(PermRole, id=int(role_id))
role_info = get_role_info(role_id)
# 系统用户推送记录
rules = role_info.get("rules")
assets = role_info.get("assets")
asset_groups = role_info.get("asset_groups")
users = role_info.get("users")
user_groups = role_info.get("user_groups")
pushed_asset, need_push_asset = get_role_push_host(get_object(PermRole, id=role_id))
# 系统用户在proxy上的操作记录
role_operator_record = Task.objects.filter(role_name=role.name).filter(role_uuid=role.uuid_id)
except ServerError, e:
logger.error(e)
def perm_rule_add(request, res, *args):
"""
add rule page
添加授权
"""
response = {'success': False, 'error': ''}
res['operator'] = "添加授权规则"
res['emer_content'] = 6
if request.method == 'POST':
users_select = request.POST.getlist('user', []) # 需要授权用户
user_groups_select = request.POST.getlist('user_group', []) # 需要授权用户组
assets_select = request.POST.getlist('asset', []) # 需要授权资产
asset_groups_select = request.POST.getlist('asset_group',
[]) # 需要授权资产组
roles_select = request.POST.getlist('role', []) # 需要授权角色
rule_name = request.POST.get('name')
rule_comment = request.POST.get('comment')
try:
rule = get_object(PermRule, name=rule_name)
if rule:
raise ServerError(u'授权规则名称已存在')
if not rule_name or not roles_select:
raise ServerError(u'系统用户名称和规则名称不能为空')
# 获取需要授权的主机列表
assets_obj = [
Asset.objects.get(id=asset_id) for asset_id in assets_select
]
asset_groups_obj = [
AssetGroup.objects.get(id=group_id)
for group_id in asset_groups_select
]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(
assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [
User.objects.get(id=user_id) for user_id in users_select
]
user_groups_obj = [
UserGroup.objects.get(id=group_id)
for group_id in user_groups_select
]
# 获取授予的角色列表
roles_obj = [
PermRole.objects.get(id=role_id) for role_id in roles_select
]
need_push_asset = set()
for role in roles_obj:
asset_no_push = get_role_push_host(
role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(
u'没有推送系统用户 %s 的主机 %s' % (role.name, ','.join(
[asset.name for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule = PermRule.objects.create(name=rule_name,
comment=rule_comment)
rule.user = users_obj
rule.user_group = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.save()
res['content'] = u"添加授权规则:[%s]" % rule.name
res['emer_status'] = u"添加授权规则:[%s]成功" % rule.name
response['success'] = True
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = response[
'error'] = u"添加授权规则[{0}]失败:{1}".format(rule_name, e.message)
return HttpResponse(json.dumps(response),
content_type='application/json')
def perm_rule_edit(request, res, *args):
"""
edit rule page
"""
res['operator'] = "编辑授权规则"
res['emer_content'] = 6
if request.method == 'GET':
try:
rule_id = request.GET.get("id")
rule = get_object(PermRule, id=int(rule_id))
if rule:
rest = {}
rest['Id'] = rule.id
rest['name'] = rule.name
rest['comment'] = rule.comment
rest['asset'] = ','.join(
[str(item.id) for item in rule.asset.all()])
rest['asset_group'] = ','.join(
str(item.id) for item in rule.asset_group.all())
rest['user'] = '******'.join(
str(item.id) for item in rule.user.all())
rest['user_group'] = ','.join(
str(item.id) for item in rule.user_group.all())
rest['role'] = ','.join(
str(item.id) for item in rule.role.all())
return HttpResponse(json.dumps(rest),
content_type='application/json')
else:
return HttpResponse(u'授权规则不存在')
except Exception as e:
logger.error(e)
else:
response = {'success': False, 'error': ''}
rule_id = request.GET.get("id")
rule = get_object(PermRule, id=int(rule_id))
rule_name_old = rule.name
rule_name = request.POST.get('name')
rule_comment = request.POST.get("comment")
users_select = request.POST.getlist('user', [])
user_groups_select = request.POST.getlist('user_group', [])
assets_select = request.POST.getlist('asset', [])
asset_groups_select = request.POST.getlist('asset_group', [])
roles_select = request.POST.getlist('role', [])
try:
if not rule_name or not roles_select:
raise ServerError(u'系统用户和关联系统用户不能为空')
if rule_name_old == rule_name:
if len(PermRule.objects.filter(name=rule_name)) > 1:
raise ServerError(u'授权规则名称[%s]已存在' % rule_name)
else:
if len(PermRule.objects.filter(name=rule_name)) > 0:
raise ServerError(u'授权规则名称[%s]已存在' % rule_name)
assets_obj = [
Asset.objects.get(id=asset_id) for asset_id in assets_select
]
asset_groups_obj = [
AssetGroup.objects.get(id=group_id)
for group_id in asset_groups_select
]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(
assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [
User.objects.get(id=user_id) for user_id in users_select
]
user_groups_obj = [
UserGroup.objects.get(id=group_id)
for group_id in user_groups_select
]
# 获取授予的角色列表
roles_obj = [
PermRole.objects.get(id=role_id) for role_id in roles_select
]
need_push_asset = set()
for role in roles_obj:
asset_no_push = get_role_push_host(
role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(
u'没有推送系统用户 %s 的主机 %s' % (role.name, ','.join(
[asset.name for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule.user = users_obj
rule.user_group = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.name = rule_name
rule.comment = rule_comment
rule.save()
res['content'] = u"编辑授权规则[%s]成功" % rule_name_old
res['emer_status'] = u"编辑授权规则[%s]成功" % rule_name_old
response['success'] = True
except Exception, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = response['error'] = u"编辑授权规则失败:%s" % e.message
return HttpResponse(json.dumps(response),
content_type='application/json')
def perm_rule_add(request, res, *args):
"""
add rule page
添加授权
"""
header_title, path1, path2 = "授权规则", "规则管理", "添加规则"
res['operator'] = path2
# 渲染数据, 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则
users = User.objects.all()
user_groups = UserGroup.objects.all()
assets = Asset.objects.all()
asset_groups = AssetGroup.objects.all()
roles = PermRole.objects.all()
if request.method == 'POST':
# 获取用户选择的 用户,用户组,资产,资产组,用户角色
users_select = request.POST.getlist('user', []) # 需要授权用户
user_groups_select = request.POST.getlist('user_group', []) # 需要授权用户组
assets_select = request.POST.getlist('asset', []) # 需要授权资产
asset_groups_select = request.POST.getlist('asset_group', []) # 需要授权资产组
roles_select = request.POST.getlist('role', []) # 需要授权角色
rule_name = request.POST.get('name')
rule_comment = request.POST.get('comment')
try:
rule = get_object(PermRule, name=rule_name)
if rule:
raise ServerError(u'授权规则 %s 已存在' % rule_name)
if not rule_name or not roles_select:
raise ServerError(u'系统用户名称和规则名称不能为空')
# 获取需要授权的主机列表
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [User.objects.get(id=user_id) for user_id in users_select]
user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]
# 获取授予的角色列表
roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
need_push_asset = set()
for role in roles_obj:
asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送系统用户 %s 的主机 %s'
% (role.name, ','.join([asset.name for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule = PermRule(name=rule_name, comment=rule_comment)
rule.save()
rule.user = users_obj
rule.user_group = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.save()
msg = u"添加授权规则:%s" % rule.name
res['content'] = msg
return HttpResponseRedirect(reverse('rule_list'))
except ServerError, e:
error = e
res['flag'] = 'false'
res['content'] = e
def perm_rule_edit(request, res, *args):
"""
edit rule page
"""
# 渲染数据
header_title, path1, path2 = "授权规则", "规则管理", "编辑授权规则"
res['operator'] = path2
rule_id = request.GET.get("id")
rule = get_object(PermRule, id=rule_id)
# 渲染数据, 获取所选的rule对象
users = User.objects.all()
user_groups = UserGroup.objects.all()
assets = Asset.objects.all()
asset_groups = AssetGroup.objects.all()
roles = PermRole.objects.all()
if request.method == 'POST' and rule_id:
# 获取用户选择的 用户,用户组,资产,资产组,用户角色
rule_name = request.POST.get('name')
rule_comment = request.POST.get("comment")
users_select = request.POST.getlist('user', [])
user_groups_select = request.POST.getlist('user_group', [])
assets_select = request.POST.getlist('asset', [])
asset_groups_select = request.POST.getlist('asset_group', [])
roles_select = request.POST.getlist('role', [])
try:
if not rule_name or not roles_select:
raise ServerError(u'系统用户和关联系统用户不能为空')
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [User.objects.get(id=user_id) for user_id in users_select]
user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]
# 获取授予的角色列表
roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
need_push_asset = set()
for role in roles_obj:
asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送系统用户 %s 的主机 %s'
% (role.name, ','.join([asset.name for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule.user = users_obj
rule.user_group = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.name = rule_name
rule.comment = rule_comment
rule.save()
msg = u"更新授权规则:%s成功" % rule.name
res['content'] = msg
except ServerError, e:
error = e
res['flag'] = 'false'
res['content'] = e
def perm_rule_add(request, res, *args):
"""
add rule page
添加授权
"""
response = {'success': False, 'error': ''}
res['operator'] = "添加授权规则"
res['emer_content'] = 6
if request.method == 'POST':
users_select = request.POST.getlist('user', []) # 需要授权用户
user_groups_select = request.POST.getlist('user_group', []) # 需要授权用户组
assets_select = request.POST.getlist('asset', []) # 需要授权资产
asset_groups_select = request.POST.getlist('asset_group', []) # 需要授权资产组
roles_select = request.POST.getlist('role', []) # 需要授权角色
rule_name = request.POST.get('name')
rule_comment = request.POST.get('comment')
try:
rule = get_object(PermRule, name=rule_name)
if rule:
raise ServerError(u'授权规则名称已存在')
if not rule_name or not roles_select:
raise ServerError(u'系统用户名称和规则名称不能为空')
# 获取需要授权的主机列表
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [User.objects.get(id=user_id) for user_id in users_select]
user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]
# 获取授予的角色列表
roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
need_push_asset = set()
for role in roles_obj:
asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送系统用户 %s 的主机 %s'
% (role.name, ','.join([asset.name for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule = PermRule.objects.create(name=rule_name, comment=rule_comment)
rule.user = users_obj
rule.user_group = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.save()
res['content'] = u"添加授权规则:[%s]" % rule.name
res['emer_status'] = u"添加授权规则:[%s]成功" % rule.name
response['success'] = True
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = response['error'] = u"添加授权规则[{0}]失败:{1}".format(rule_name,e.message)
return HttpResponse(json.dumps(response), content_type='application/json')
def perm_rule_edit(request, res, *args):
"""
edit rule page
"""
res['operator'] = "编辑授权规则"
res['emer_content'] = 6
if request.method == 'GET':
try:
rule_id = request.GET.get("id")
rule = get_object(PermRule, id=int(rule_id))
if rule:
rest = {}
rest['Id'] = rule.id
rest['name'] = rule.name
rest['comment'] = rule.comment
rest['asset'] = ','.join([str(item.id) for item in rule.asset.all()])
rest['asset_group'] = ','.join(str(item.id) for item in rule.asset_group.all())
rest['user'] = '******'.join(str(item.id) for item in rule.user.all())
rest['user_group'] = ','.join(str(item.id) for item in rule.user_group.all())
rest['role'] = ','.join(str(item.id) for item in rule.role.all())
return HttpResponse(json.dumps(rest), content_type='application/json')
else:
return HttpResponse(u'授权规则不存在')
except Exception as e:
logger.error(e)
else:
response = {'success': False, 'error': ''}
rule_id = request.GET.get("id")
rule = get_object(PermRule, id=int(rule_id))
rule_name_old = rule.name
rule_name = request.POST.get('name')
rule_comment = request.POST.get("comment")
users_select = request.POST.getlist('user', [])
user_groups_select = request.POST.getlist('user_group', [])
assets_select = request.POST.getlist('asset', [])
asset_groups_select = request.POST.getlist('asset_group', [])
roles_select = request.POST.getlist('role', [])
try:
if not rule_name or not roles_select:
raise ServerError(u'系统用户和关联系统用户不能为空')
if rule_name_old == rule_name:
if len(PermRule.objects.filter(name=rule_name)) > 1:
raise ServerError(u'授权规则名称[%s]已存在'%rule_name)
else:
if len(PermRule.objects.filter(name=rule_name)) > 0:
raise ServerError(u'授权规则名称[%s]已存在'%rule_name)
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(list(asset_group.asset_set.all()))
calc_assets = set(group_assets_obj) | set(assets_obj) # 授权资产和资产组包含的资产
# 获取需要授权的用户列表
users_obj = [User.objects.get(id=user_id) for user_id in users_select]
user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]
# 获取授予的角色列表
roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
need_push_asset = set()
for role in roles_obj:
asset_no_push = get_role_push_host(role=role)[1] # 获取某角色已经推送的资产
need_push_asset.update(set(calc_assets) & set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送系统用户 %s 的主机 %s'
% (role.name, ','.join([asset.name for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule.user = users_obj
rule.user_group = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.name = rule_name
rule.comment = rule_comment
rule.save()
res['content'] = u"编辑授权规则[%s]成功" % rule_name_old
res['emer_status'] = u"编辑授权规则[%s]成功" % rule_name_old
response['success'] = True
except Exception, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = response['error'] = u"编辑授权规则失败:%s"%e.message
return HttpResponse(json.dumps(response), content_type='application/json')
