二次开发Jumpserver,增加权限申请模块实现用户组归属,服务器及组授权,系统用户授权申请处理...

这是jumpserver二次开发系列第三篇,主要实现用户权限的自主申请、审批和授权功能。有两种方式申请权限:

1、加入用户组,拥有与该用户组相同的权限;

2、按资产、资产组及系统用户申请相应权限。

一、数据库模型设计

其中用户、用户组、资产、资产组及系统用户为原来各模块已设计的表

 

二、model代码

权限申请表与用户、用户组、资产、资产组及系统用户使ManyToManyField定义关系

class Checker(models.Model):
    checker_um = models.CharField(max_length=50, unique=True)
    checker_name = models.CharField(max_length=50, null=True)
    checker_role = models.CharField(max_length=100, null=True)

    def __unicode__(self):
        return self.checker_name


class CheckOrder(models.Model):
    check_order = models.IntegerField(unique=True)
    checker = models.ForeignKey(Checker, related_name='check_order')
    check_desc = models.CharField(max_length=100, null=True)
   


class RightApply(models.Model):
    app_name = models.CharField(max_length=100, unique=True)
    app_desc = models.CharField(max_length=100, null=True)
    insert_time = models.TimeField(auto_now=True)
    finish_time = models.TimeField(null=True)
    checkorder = models.ForeignKey(CheckOrder, related_name='right_app')
    asset = models.ManyToManyField(Asset, related_name='right_app')
    asset_group = models.ManyToManyField(AssetGroup, related_name='right_app')
    user = models.ManyToManyField(User, related_name='right_app')
    user_group = models.ManyToManyField(UserGroup, related_name='right_app')
    role = models.ManyToManyField(PermRole, related_name='right_app')
    APP_TYPE_CHOICES = (
        ('ZCQX', u'资产权限申请'),
        ('GPQX', u'用户组权限申请')
    )
    app_type = models.CharField(max_length=8, choices=APP_TYPE_CHOICES, default='ZCQX')

    def __unicode__(self):
        return self.app_name


class CheckList(models.Model):
    rightapply = models.ForeignKey(RightApply, related_name='check_list')
    checkorder = models.ForeignKey(CheckOrder, related_name='check_list')
    insert_time = models.TimeField(auto_now=True)
    finish_time = models.TimeField(null=True)
    check_status = models.NullBooleanField(null=True)
    check_if = models.NullBooleanField(default=False)
    check_desc = models.TextField(null=True)

三、URLS

urlpatterns = patterns('rightapply.views',
                       url(r'^apply/list/$', 'apply_list', name='app_list'),
                       url(r'^apply/add/$', 'apply_add', name='app_add'),
                       url(r'^apply/add_by_gpqx/$', 'add_by_gpqx', name='add_by_gpqx'),
                       url(r'^apply/check_list/$', 'check_list', name='check_list'),
                       url(r'^apply/check_app/$', 'check_app', name='check_app'),
                       url(r'^apply/follow/$', 'follow_app', name='follow_app'),
                       url(r'^apply/app_detail/$', 'app_detail', name='app_detail'),
                       url(r'^apply/del/$', 'apply_del', name='app_del'),
                       url(r'^apply/rule_list/$', 'app_rule_list', name='app_rule_list'),
                       url(r'^apply/rule_detail/$', 'app_rule_detail', name='app_rule_detail'),
                       )

四、授权添加接口及邮件发送功能

 

def perm_rule_add(assets_obj, asset_groups_obj, users_obj,
                  user_groups_obj, roles_obj, rule_name, rule_comment):
    """
    add rule page
    添加授权API,参数为object 如:users_obj = [User.objects.get(id=user_id) for user_id in users_select]
    """
    try:
        rule = PermRule(name=rule_name, comment=rule_comment)
        rule.save()
        rule.user = users_obj
        rule.user_group = user_groups_obj
        rule.asset = assets_obj
        rule.asset_group = asset_groups_obj
        rule.role = roles_obj
        rule.save()

        msg = u"添加授权规则:%s" % rule.name
        res = {'result': True, 'Msg': msg}
        return json.dumps(res)
    except ServerError, e:
        error = e
        logger.info(error)
        res = {'result': False, 'Msg': error}
        return json.dumps(res)


def app_send_mail(user, app, check_res, mail_type, host_url):
    """
    check app send mail
    发送审批邮件
    mail_type == "user" or "checker"
    """
    if mail_type == "user":
        mail_title = u'堡垒机权限申请审批结果'
        url = host_url+reverse('follow_app')
        mail_msg = u"""
        Hi, %s
            您的堡垒机权限申请: %s,
            %s,
            请登录系统查看:
            %s
        """ % (user.name, app.app_name, check_res, url)
    else:
        mail_title = u'堡垒机权限申请审批'
        url = host_url+reverse('check_app')
        mail_msg = u"""
        Hi, %s
            堡垒机权限申请: %s,
            请您登录系统审批:
            %s
        """ % (user.name, app.app_name, url)
    send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False)

 

五、主要功能部分代码

转载于:https://www.cnblogs.com/mageguoshi/p/5794057.html

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值