Пример #1
0
def perm_role_detail(request):
    """
    the role detail page
        the role_info data like:
            {'asset_groups': [],
            'assets': [<Asset: 192.168.10.148>],
            'rules': [<PermRule: PermRule object>],
            '': [],
            '': [<User: user1>]}
    """
    # 渲染数据
    header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情"

    try:
        if request.method == "GET":
            role_id = request.GET.get("id")
            if not role_id:
                raise ServerError("not role id")
            role = get_object(PermRole, id=int(role_id))
            role_info = get_role_info(role_id)

            # 系统用户推送记录
            rules = role_info.get("rules")
            assets = role_info.get("assets")
            asset_groups = role_info.get("asset_groups")
            users = role_info.get("users")
            user_groups = role_info.get("user_groups")
            pushed_asset, need_push_asset = get_role_push_host(
                get_object(PermRole, id=role_id))

            # 系统用户在proxy上的操作记录
            role_operator_record = Task.objects.filter(
                role_name=role.name).filter(role_uuid=role.uuid_id)
    except ServerError, e:
        logger.error(e)
Пример #2
0
def perm_role_detail(request):
    """
    the role detail page
        the role_info data like:
            {'asset_groups': [],
            'assets': [<Asset: 192.168.10.148>],
            'rules': [<PermRule: PermRule object>],
            '': [],
            '': [<User: user1>]}
    """
    # 渲染数据
    header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情"

    try:
        if request.method == "GET":
            role_id = request.GET.get("id")
            if not role_id:
                raise ServerError("not role id")
            role = get_object(PermRole, id=role_id)
            role_info = get_role_info(role_id)

            # 渲染数据
            rules = role_info.get("rules")
            assets = role_info.get("assets")
            asset_groups = role_info.get("asset_groups")
            users = role_info.get("users")
            user_groups = role_info.get("user_groups")
            pushed_asset, need_push_asset = get_role_push_host(get_object(PermRole, id=role_id))
    except ServerError, e:
        logger.warning(e)
Пример #3
0
def perm_role_detail(request):
    """
    the role detail page
        the role_info data like:
            {'asset_groups': [],
            'assets': [<Asset: 192.168.10.148>],
            'rules': [<PermRule: PermRule object>],
            '': [],
            '': [<User: user1>]}
    """
    # 渲染数据
    header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情"

    try:
        if request.method == "GET":
            role_id = request.GET.get("id")
            if not role_id:
                raise ServerError("not role id")
            role = get_object(PermRole, id=int(role_id))
            role_info = get_role_info(role_id)

            # 系统用户推送记录
            rules = role_info.get("rules")
            assets = role_info.get("assets")
            asset_groups = role_info.get("asset_groups")
            users = role_info.get("users")
            user_groups = role_info.get("user_groups")
            pushed_asset, need_push_asset = get_role_push_host(get_object(PermRole, id=role_id))

            # 系统用户在proxy上的操作记录
            role_operator_record = Task.objects.filter(role_name=role.name).filter(role_uuid=role.uuid_id)
    except ServerError, e:
        logger.error(e)
Пример #4
0
def perm_rule_add(request, res, *args):
    """
    add rule page
    添加授权
    """
    response = {'success': False, 'error': ''}
    res['operator'] = "添加授权规则"
    res['emer_content'] = 6
    if request.method == 'POST':
        users_select = request.POST.getlist('user', [])  # 需要授权用户
        user_groups_select = request.POST.getlist('user_group', [])  # 需要授权用户组
        assets_select = request.POST.getlist('asset', [])  # 需要授权资产
        asset_groups_select = request.POST.getlist('asset_group',
                                                   [])  # 需要授权资产组
        roles_select = request.POST.getlist('role', [])  # 需要授权角色
        rule_name = request.POST.get('name')
        rule_comment = request.POST.get('comment')

        try:
            rule = get_object(PermRule, name=rule_name)

            if rule:
                raise ServerError(u'授权规则名称已存在')

            if not rule_name or not roles_select:
                raise ServerError(u'系统用户名称和规则名称不能为空')

            # 获取需要授权的主机列表
            assets_obj = [
                Asset.objects.get(id=asset_id) for asset_id in assets_select
            ]
            asset_groups_obj = [
                AssetGroup.objects.get(id=group_id)
                for group_id in asset_groups_select
            ]
            group_assets_obj = []
            for asset_group in asset_groups_obj:
                group_assets_obj.extend(list(asset_group.asset_set.all()))
            calc_assets = set(group_assets_obj) | set(
                assets_obj)  # 授权资产和资产组包含的资产

            # 获取需要授权的用户列表
            users_obj = [
                User.objects.get(id=user_id) for user_id in users_select
            ]
            user_groups_obj = [
                UserGroup.objects.get(id=group_id)
                for group_id in user_groups_select
            ]

            # 获取授予的角色列表
            roles_obj = [
                PermRole.objects.get(id=role_id) for role_id in roles_select
            ]
            need_push_asset = set()

            for role in roles_obj:
                asset_no_push = get_role_push_host(
                    role=role)[1]  # 获取某角色已经推送的资产
                need_push_asset.update(set(calc_assets) & set(asset_no_push))
                if need_push_asset:
                    raise ServerError(
                        u'没有推送系统用户 %s 的主机 %s' % (role.name, ','.join(
                            [asset.name for asset in need_push_asset])))

            # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
            rule = PermRule.objects.create(name=rule_name,
                                           comment=rule_comment)
            rule.user = users_obj
            rule.user_group = user_groups_obj
            rule.asset = assets_obj
            rule.asset_group = asset_groups_obj
            rule.role = roles_obj
            rule.save()

            res['content'] = u"添加授权规则:[%s]" % rule.name
            res['emer_status'] = u"添加授权规则:[%s]成功" % rule.name
            response['success'] = True
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = response[
                'error'] = u"添加授权规则[{0}]失败:{1}".format(rule_name, e.message)
        return HttpResponse(json.dumps(response),
                            content_type='application/json')
Пример #5
0
def perm_rule_edit(request, res, *args):
    """
    edit rule page
    """
    res['operator'] = "编辑授权规则"
    res['emer_content'] = 6
    if request.method == 'GET':
        try:
            rule_id = request.GET.get("id")
            rule = get_object(PermRule, id=int(rule_id))
            if rule:
                rest = {}
                rest['Id'] = rule.id
                rest['name'] = rule.name
                rest['comment'] = rule.comment
                rest['asset'] = ','.join(
                    [str(item.id) for item in rule.asset.all()])
                rest['asset_group'] = ','.join(
                    str(item.id) for item in rule.asset_group.all())
                rest['user'] = '******'.join(
                    str(item.id) for item in rule.user.all())
                rest['user_group'] = ','.join(
                    str(item.id) for item in rule.user_group.all())
                rest['role'] = ','.join(
                    str(item.id) for item in rule.role.all())
                return HttpResponse(json.dumps(rest),
                                    content_type='application/json')
            else:
                return HttpResponse(u'授权规则不存在')
        except Exception as e:
            logger.error(e)
    else:
        response = {'success': False, 'error': ''}
        rule_id = request.GET.get("id")
        rule = get_object(PermRule, id=int(rule_id))
        rule_name_old = rule.name
        rule_name = request.POST.get('name')
        rule_comment = request.POST.get("comment")
        users_select = request.POST.getlist('user', [])
        user_groups_select = request.POST.getlist('user_group', [])
        assets_select = request.POST.getlist('asset', [])
        asset_groups_select = request.POST.getlist('asset_group', [])
        roles_select = request.POST.getlist('role', [])

        try:
            if not rule_name or not roles_select:
                raise ServerError(u'系统用户和关联系统用户不能为空')
            if rule_name_old == rule_name:
                if len(PermRule.objects.filter(name=rule_name)) > 1:
                    raise ServerError(u'授权规则名称[%s]已存在' % rule_name)
            else:
                if len(PermRule.objects.filter(name=rule_name)) > 0:
                    raise ServerError(u'授权规则名称[%s]已存在' % rule_name)

            assets_obj = [
                Asset.objects.get(id=asset_id) for asset_id in assets_select
            ]
            asset_groups_obj = [
                AssetGroup.objects.get(id=group_id)
                for group_id in asset_groups_select
            ]
            group_assets_obj = []
            for asset_group in asset_groups_obj:
                group_assets_obj.extend(list(asset_group.asset_set.all()))
            calc_assets = set(group_assets_obj) | set(
                assets_obj)  # 授权资产和资产组包含的资产

            # 获取需要授权的用户列表
            users_obj = [
                User.objects.get(id=user_id) for user_id in users_select
            ]
            user_groups_obj = [
                UserGroup.objects.get(id=group_id)
                for group_id in user_groups_select
            ]

            # 获取授予的角色列表
            roles_obj = [
                PermRole.objects.get(id=role_id) for role_id in roles_select
            ]
            need_push_asset = set()
            for role in roles_obj:
                asset_no_push = get_role_push_host(
                    role=role)[1]  # 获取某角色已经推送的资产
                need_push_asset.update(set(calc_assets) & set(asset_no_push))
                if need_push_asset:
                    raise ServerError(
                        u'没有推送系统用户 %s 的主机 %s' % (role.name, ','.join(
                            [asset.name for asset in need_push_asset])))

                # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
                rule.user = users_obj
                rule.user_group = user_groups_obj
                rule.asset = assets_obj
                rule.asset_group = asset_groups_obj
                rule.role = roles_obj
            rule.name = rule_name
            rule.comment = rule_comment
            rule.save()
            res['content'] = u"编辑授权规则[%s]成功" % rule_name_old
            res['emer_status'] = u"编辑授权规则[%s]成功" % rule_name_old
            response['success'] = True
        except Exception, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = response['error'] = u"编辑授权规则失败:%s" % e.message
        return HttpResponse(json.dumps(response),
                            content_type='application/json')
Пример #6
0
def perm_rule_add(request, res, *args):
    """
    add rule page
    添加授权
    """
    header_title, path1, path2 = "授权规则", "规则管理", "添加规则"
    res['operator'] = path2
    # 渲染数据, 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则
    users = User.objects.all()
    user_groups = UserGroup.objects.all()
    assets = Asset.objects.all()
    asset_groups = AssetGroup.objects.all()
    roles = PermRole.objects.all()

    if request.method == 'POST':
        # 获取用户选择的 用户,用户组,资产,资产组,用户角色
        users_select = request.POST.getlist('user', [])  # 需要授权用户
        user_groups_select = request.POST.getlist('user_group', [])  # 需要授权用户组
        assets_select = request.POST.getlist('asset', [])  # 需要授权资产
        asset_groups_select = request.POST.getlist('asset_group', [])  # 需要授权资产组
        roles_select = request.POST.getlist('role', [])  # 需要授权角色
        rule_name = request.POST.get('name')
        rule_comment = request.POST.get('comment')

        try:
            rule = get_object(PermRule, name=rule_name)

            if rule:
                raise ServerError(u'授权规则 %s 已存在' % rule_name)

            if not rule_name or not roles_select:
                raise ServerError(u'系统用户名称和规则名称不能为空')

            # 获取需要授权的主机列表
            assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
            asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
            group_assets_obj = []
            for asset_group in asset_groups_obj:
                group_assets_obj.extend(list(asset_group.asset_set.all()))
            calc_assets = set(group_assets_obj) | set(assets_obj)  # 授权资产和资产组包含的资产

            # 获取需要授权的用户列表
            users_obj = [User.objects.get(id=user_id) for user_id in users_select]
            user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]

            # 获取授予的角色列表
            roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
            need_push_asset = set()

            for role in roles_obj:
                asset_no_push = get_role_push_host(role=role)[1]  # 获取某角色已经推送的资产
                need_push_asset.update(set(calc_assets) & set(asset_no_push))
                if need_push_asset:
                    raise ServerError(u'没有推送系统用户 %s 的主机 %s'
                                      % (role.name, ','.join([asset.name for asset in need_push_asset])))

            # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
            rule = PermRule(name=rule_name, comment=rule_comment)
            rule.save()
            rule.user = users_obj
            rule.user_group = user_groups_obj
            rule.asset = assets_obj
            rule.asset_group = asset_groups_obj
            rule.role = roles_obj
            rule.save()

            msg = u"添加授权规则:%s" % rule.name
            res['content'] = msg
            return HttpResponseRedirect(reverse('rule_list'))
        except ServerError, e:
            error = e
            res['flag'] = 'false'
            res['content'] = e
Пример #7
0
def perm_rule_edit(request, res, *args):
    """
    edit rule page
    """
    # 渲染数据
    header_title, path1, path2 = "授权规则", "规则管理", "编辑授权规则"
    res['operator'] = path2
    rule_id = request.GET.get("id")
    rule = get_object(PermRule, id=rule_id)

    # 渲染数据, 获取所选的rule对象

    users = User.objects.all()
    user_groups = UserGroup.objects.all()
    assets = Asset.objects.all()
    asset_groups = AssetGroup.objects.all()
    roles = PermRole.objects.all()

    if request.method == 'POST' and rule_id:
        # 获取用户选择的 用户,用户组,资产,资产组,用户角色
        rule_name = request.POST.get('name')
        rule_comment = request.POST.get("comment")
        users_select = request.POST.getlist('user', [])
        user_groups_select = request.POST.getlist('user_group', [])
        assets_select = request.POST.getlist('asset', [])
        asset_groups_select = request.POST.getlist('asset_group', [])
        roles_select = request.POST.getlist('role', [])

        try:
            if not rule_name or not roles_select:
                raise ServerError(u'系统用户和关联系统用户不能为空')

            assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
            asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
            group_assets_obj = []
            for asset_group in asset_groups_obj:
                group_assets_obj.extend(list(asset_group.asset_set.all()))
            calc_assets = set(group_assets_obj) | set(assets_obj)  # 授权资产和资产组包含的资产

            # 获取需要授权的用户列表
            users_obj = [User.objects.get(id=user_id) for user_id in users_select]
            user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]

            # 获取授予的角色列表
            roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
            need_push_asset = set()
            for role in roles_obj:
                asset_no_push = get_role_push_host(role=role)[1]  # 获取某角色已经推送的资产
                need_push_asset.update(set(calc_assets) & set(asset_no_push))
                if need_push_asset:
                    raise ServerError(u'没有推送系统用户 %s 的主机 %s'
                                      % (role.name, ','.join([asset.name for asset in need_push_asset])))

                # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
                rule.user = users_obj
                rule.user_group = user_groups_obj
                rule.asset = assets_obj
                rule.asset_group = asset_groups_obj
                rule.role = roles_obj
            rule.name = rule_name
            rule.comment = rule_comment
            rule.save()
            msg = u"更新授权规则:%s成功" % rule.name
            res['content'] = msg
        except ServerError, e:
            error = e
            res['flag'] = 'false'
            res['content'] = e
Пример #8
0
def perm_rule_add(request, res, *args):
    """
    add rule page
    添加授权
    """
    response = {'success': False, 'error': ''}
    res['operator'] = "添加授权规则"
    res['emer_content'] = 6
    if request.method == 'POST':
        users_select = request.POST.getlist('user', [])  # 需要授权用户
        user_groups_select = request.POST.getlist('user_group', [])  # 需要授权用户组
        assets_select = request.POST.getlist('asset', [])  # 需要授权资产
        asset_groups_select = request.POST.getlist('asset_group', [])  # 需要授权资产组
        roles_select = request.POST.getlist('role', [])  # 需要授权角色
        rule_name = request.POST.get('name')
        rule_comment = request.POST.get('comment')

        try:
            rule = get_object(PermRule, name=rule_name)

            if rule:
                raise ServerError(u'授权规则名称已存在')

            if not rule_name or not roles_select:
                raise ServerError(u'系统用户名称和规则名称不能为空')

            # 获取需要授权的主机列表
            assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
            asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
            group_assets_obj = []
            for asset_group in asset_groups_obj:
                group_assets_obj.extend(list(asset_group.asset_set.all()))
            calc_assets = set(group_assets_obj) | set(assets_obj)  # 授权资产和资产组包含的资产

            # 获取需要授权的用户列表
            users_obj = [User.objects.get(id=user_id) for user_id in users_select]
            user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]

            # 获取授予的角色列表
            roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
            need_push_asset = set()

            for role in roles_obj:
                asset_no_push = get_role_push_host(role=role)[1]  # 获取某角色已经推送的资产
                need_push_asset.update(set(calc_assets) & set(asset_no_push))
                if need_push_asset:
                    raise ServerError(u'没有推送系统用户 %s 的主机 %s'
                                      % (role.name, ','.join([asset.name for asset in need_push_asset])))

            # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
            rule = PermRule.objects.create(name=rule_name, comment=rule_comment)
            rule.user = users_obj
            rule.user_group = user_groups_obj
            rule.asset = assets_obj
            rule.asset_group = asset_groups_obj
            rule.role = roles_obj
            rule.save()

            res['content'] = u"添加授权规则:[%s]" % rule.name
            res['emer_status'] = u"添加授权规则:[%s]成功" % rule.name
            response['success'] = True
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = response['error'] = u"添加授权规则[{0}]失败:{1}".format(rule_name,e.message)
        return HttpResponse(json.dumps(response), content_type='application/json')
Пример #9
0
def perm_rule_edit(request, res, *args):
    """
    edit rule page
    """
    res['operator'] = "编辑授权规则"
    res['emer_content'] = 6
    if request.method == 'GET':
        try:
            rule_id = request.GET.get("id")
            rule = get_object(PermRule, id=int(rule_id))
            if rule:
                rest = {}
                rest['Id'] = rule.id
                rest['name'] = rule.name
                rest['comment'] = rule.comment
                rest['asset'] = ','.join([str(item.id) for item in rule.asset.all()])
                rest['asset_group'] = ','.join(str(item.id) for item in rule.asset_group.all())
                rest['user'] = '******'.join(str(item.id) for item in rule.user.all())
                rest['user_group'] = ','.join(str(item.id) for item in rule.user_group.all())
                rest['role'] = ','.join(str(item.id) for item in rule.role.all())
                return HttpResponse(json.dumps(rest), content_type='application/json')
            else:
                return HttpResponse(u'授权规则不存在')
        except Exception as e:
            logger.error(e)
    else:
        response = {'success': False, 'error': ''}
        rule_id = request.GET.get("id")
        rule = get_object(PermRule, id=int(rule_id))
        rule_name_old = rule.name
        rule_name = request.POST.get('name')
        rule_comment = request.POST.get("comment")
        users_select = request.POST.getlist('user', [])
        user_groups_select = request.POST.getlist('user_group', [])
        assets_select = request.POST.getlist('asset', [])
        asset_groups_select = request.POST.getlist('asset_group', [])
        roles_select = request.POST.getlist('role', [])

        try:
            if not rule_name or not roles_select:
                raise ServerError(u'系统用户和关联系统用户不能为空')
            if rule_name_old == rule_name:
                if len(PermRule.objects.filter(name=rule_name)) > 1:
                    raise ServerError(u'授权规则名称[%s]已存在'%rule_name)
            else:
                if len(PermRule.objects.filter(name=rule_name)) > 0:
                    raise ServerError(u'授权规则名称[%s]已存在'%rule_name)

            assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
            asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
            group_assets_obj = []
            for asset_group in asset_groups_obj:
                group_assets_obj.extend(list(asset_group.asset_set.all()))
            calc_assets = set(group_assets_obj) | set(assets_obj)  # 授权资产和资产组包含的资产

            # 获取需要授权的用户列表
            users_obj = [User.objects.get(id=user_id) for user_id in users_select]
            user_groups_obj = [UserGroup.objects.get(id=group_id) for group_id in user_groups_select]

            # 获取授予的角色列表
            roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
            need_push_asset = set()
            for role in roles_obj:
                asset_no_push = get_role_push_host(role=role)[1]  # 获取某角色已经推送的资产
                need_push_asset.update(set(calc_assets) & set(asset_no_push))
                if need_push_asset:
                    raise ServerError(u'没有推送系统用户 %s 的主机 %s'
                                      % (role.name, ','.join([asset.name for asset in need_push_asset])))

                # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
                rule.user = users_obj
                rule.user_group = user_groups_obj
                rule.asset = assets_obj
                rule.asset_group = asset_groups_obj
                rule.role = roles_obj
            rule.name = rule_name
            rule.comment = rule_comment
            rule.save()
            res['content'] = u"编辑授权规则[%s]成功" % rule_name_old
            res['emer_status'] = u"编辑授权规则[%s]成功" % rule_name_old
            response['success'] = True
        except Exception, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = response['error'] = u"编辑授权规则失败:%s"%e.message
        return HttpResponse(json.dumps(response), content_type='application/json')