首页 > 其他 > 详细

二次开发Jumpserver,增加权限申请模块实现用户组归属,服务器及组授权,系统用户授权申请处理

时间:2016-08-22 01:54:15      阅读:411      评论:0      收藏:0      [点我收藏+]

这是jumpserver二次开发系列第三篇,主要实现用户权限的自主申请、审批和授权功能。有两种方式申请权限:

1、加入用户组,拥有与该用户组相同的权限;

2、按资产、资产组及系统用户申请相应权限。

一、数据库模型设计

其中用户、用户组、资产、资产组及系统用户为原来各模块已设计的表

技术分享

技术分享

 

二、model代码

权限申请表与用户、用户组、资产、资产组及系统用户使ManyToManyField定义关系

class Checker(models.Model):
    checker_um = models.CharField(max_length=50, unique=True)
    checker_name = models.CharField(max_length=50, null=True)
    checker_role = models.CharField(max_length=100, null=True)

    def __unicode__(self):
        return self.checker_name


class CheckOrder(models.Model):
    check_order = models.IntegerField(unique=True)
    checker = models.ForeignKey(Checker, related_name=check_order)
    check_desc = models.CharField(max_length=100, null=True)
   


class RightApply(models.Model):
    app_name = models.CharField(max_length=100, unique=True)
    app_desc = models.CharField(max_length=100, null=True)
    insert_time = models.TimeField(auto_now=True)
    finish_time = models.TimeField(null=True)
    checkorder = models.ForeignKey(CheckOrder, related_name=right_app)
    asset = models.ManyToManyField(Asset, related_name=right_app)
    asset_group = models.ManyToManyField(AssetGroup, related_name=right_app)
    user = models.ManyToManyField(User, related_name=right_app)
    user_group = models.ManyToManyField(UserGroup, related_name=right_app)
    role = models.ManyToManyField(PermRole, related_name=right_app)
    APP_TYPE_CHOICES = (
        (ZCQX, u资产权限申请),
        (GPQX, u用户组权限申请)
    )
    app_type = models.CharField(max_length=8, choices=APP_TYPE_CHOICES, default=ZCQX)

    def __unicode__(self):
        return self.app_name


class CheckList(models.Model):
    rightapply = models.ForeignKey(RightApply, related_name=check_list)
    checkorder = models.ForeignKey(CheckOrder, related_name=check_list)
    insert_time = models.TimeField(auto_now=True)
    finish_time = models.TimeField(null=True)
    check_status = models.NullBooleanField(null=True)
    check_if = models.NullBooleanField(default=False)
    check_desc = models.TextField(null=True)

三、URLS

urlpatterns = patterns(rightapply.views,
                       url(r^apply/list/$, apply_list, name=app_list),
                       url(r^apply/add/$, apply_add, name=app_add),
                       url(r^apply/add_by_gpqx/$, add_by_gpqx, name=add_by_gpqx),
                       url(r^apply/check_list/$, check_list, name=check_list),
                       url(r^apply/check_app/$, check_app, name=check_app),
                       url(r^apply/follow/$, follow_app, name=follow_app),
                       url(r^apply/app_detail/$, app_detail, name=app_detail),
                       url(r^apply/del/$, apply_del, name=app_del),
                       url(r^apply/rule_list/$, app_rule_list, name=app_rule_list),
                       url(r^apply/rule_detail/$, app_rule_detail, name=app_rule_detail),
                       )

四、授权添加接口及邮件发送功能

 

def perm_rule_add(assets_obj, asset_groups_obj, users_obj,
                  user_groups_obj, roles_obj, rule_name, rule_comment):
    """
    add rule page
    添加授权API,参数为object 如:users_obj = [User.objects.get(id=user_id) for user_id in users_select]
    """
    try:
        rule = PermRule(name=rule_name, comment=rule_comment)
        rule.save()
        rule.user = users_obj
        rule.user_group = user_groups_obj
        rule.asset = assets_obj
        rule.asset_group = asset_groups_obj
        rule.role = roles_obj
        rule.save()

        msg = u"添加授权规则:%s" % rule.name
        res = {result: True, Msg: msg}
        return json.dumps(res)
    except ServerError, e:
        error = e
        logger.info(error)
        res = {result: False, Msg: error}
        return json.dumps(res)


def app_send_mail(user, app, check_res, mail_type, host_url):
    """
    check app send mail
    发送审批邮件
    mail_type == "user" or "checker"
    """
    if mail_type == "user":
        mail_title = u堡垒机权限申请审批结果
        url = host_url+reverse(follow_app)
        mail_msg = u"""
        Hi, %s
            您的堡垒机权限申请: %s,
            %s,
            请登录系统查看:
            %s
        """ % (user.name, app.app_name, check_res, url)
    else:
        mail_title = u堡垒机权限申请审批
        url = host_url+reverse(check_app)
        mail_msg = u"""
        Hi, %s
            堡垒机权限申请: %s,
            请您登录系统审批:
            %s
        """ % (user.name, app.app_name, url)
    send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False)

 

五、主要功能部分代码

二次开发Jumpserver,增加权限申请模块实现用户组归属,服务器及组授权,系统用户授权申请处理

原文:http://www.cnblogs.com/mageguoshi/p/5794057.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!