这是jumpserver二次开发系列第三篇,主要实现用户权限的自主申请、审批和授权功能。有两种方式申请权限:
1、加入用户组,拥有与该用户组相同的权限;
2、按资产、资产组及系统用户申请相应权限。
一、数据库模型设计
其中用户、用户组、资产、资产组及系统用户为原来各模块已设计的表
二、model代码
权限申请表与用户、用户组、资产、资产组及系统用户使用ManyToManyField定义关系
class Checker(models.Model):
checker_um = models.CharField(max_length=50, unique=True)
checker_name = models.CharField(max_length=50, null=True)
checker_role = models.CharField(max_length=100, null=True)
def __unicode__(self):
return self.checker_name
class CheckOrder(models.Model):
check_order = models.IntegerField(unique=True)
checker = models.ForeignKey(Checker, related_name=‘check_order‘)
check_desc = models.CharField(max_length=100, null=True)
class RightApply(models.Model):
app_name = models.CharField(max_length=100, unique=True)
app_desc = models.CharField(max_length=100, null=True)
insert_time = models.TimeField(auto_now=True)
finish_time = models.TimeField(null=True)
checkorder = models.ForeignKey(CheckOrder, related_name=‘right_app‘)
asset = models.ManyToManyField(Asset, related_name=‘right_app‘)
asset_group = models.ManyToManyField(AssetGroup, related_name=‘right_app‘)
user = models.ManyToManyField(User, related_name=‘right_app‘)
user_group = models.ManyToManyField(UserGroup, related_name=‘right_app‘)
role = models.ManyToManyField(PermRole, related_name=‘right_app‘)
APP_TYPE_CHOICES = (
(‘ZCQX‘, u‘资产权限申请‘),
(‘GPQX‘, u‘用户组权限申请‘)
)
app_type = models.CharField(max_length=8, choices=APP_TYPE_CHOICES, default=‘ZCQX‘)
def __unicode__(self):
return self.app_name
class CheckList(models.Model):
rightapply = models.ForeignKey(RightApply, related_name=‘check_list‘)
checkorder = models.ForeignKey(CheckOrder, related_name=‘check_list‘)
insert_time = models.TimeField(auto_now=True)
finish_time = models.TimeField(null=True)
check_status = models.NullBooleanField(null=True)
check_if = models.NullBooleanField(default=False)
check_desc = models.TextField(null=True)
三、URLS
urlpatterns = patterns(‘rightapply.views‘,
url(r‘^apply/list/$‘, ‘apply_list‘, name=‘app_list‘),
url(r‘^apply/add/$‘, ‘apply_add‘, name=‘app_add‘),
url(r‘^apply/add_by_gpqx/$‘, ‘add_by_gpqx‘, name=‘add_by_gpqx‘),
url(r‘^apply/check_list/$‘, ‘check_list‘, name=‘check_list‘),
url(r‘^apply/check_app/$‘, ‘check_app‘, name=‘check_app‘),
url(r‘^apply/follow/$‘, ‘follow_app‘, name=‘follow_app‘),
url(r‘^apply/app_detail/$‘, ‘app_detail‘, name=‘app_detail‘),
url(r‘^apply/del/$‘, ‘apply_del‘, name=‘app_del‘),
url(r‘^apply/rule_list/$‘, ‘app_rule_list‘, name=‘app_rule_list‘),
url(r‘^apply/rule_detail/$‘, ‘app_rule_detail‘, name=‘app_rule_detail‘),
)
四、授权添加接口及邮件发送功能
def perm_rule_add(assets_obj, asset_groups_obj, users_obj,
user_groups_obj, roles_obj, rule_name, rule_comment):
"""
add rule page
添加授权API,参数为object 如:users_obj = [User.objects.get(id=user_id) for user_id in users_select]
"""
try:
rule = PermRule(name=rule_name, comment=rule_comment)
rule.save()
rule.user = users_obj
rule.user_group = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.save()
msg = u"添加授权规则:%s" % rule.name
res = {‘result‘: True, ‘Msg‘: msg}
return json.dumps(res)
except ServerError, e:
error = e
logger.info(error)
res = {‘result‘: False, ‘Msg‘: error}
return json.dumps(res)
def app_send_mail(user, app, check_res, mail_type, host_url):
"""
check app send mail
发送审批邮件
mail_type == "user" or "checker"
"""
if mail_type == "user":
mail_title = u‘堡垒机权限申请审批结果‘
url = host_url+reverse(‘follow_app‘)
mail_msg = u"""
Hi, %s
您的堡垒机权限申请: %s,
%s,
请登录系统查看:
%s
""" % (user.name, app.app_name, check_res, url)
else:
mail_title = u‘堡垒机权限申请审批‘
url = host_url+reverse(‘check_app‘)
mail_msg = u"""
Hi, %s
堡垒机权限申请: %s,
请您登录系统审批:
%s
""" % (user.name, app.app_name, url)
send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False)
五、主要功能部分代码
时间: 2024-10-20 14:23:13