Merge pull request #2642 from jumpserver/dev

Dev
Merge branch 'master' into dev
2025-12-25 21:42:37 +00:00 · 2019-04-30 10:46:28 +08:00 · 2019-04-30 10:46:10 +08:00 · 2019-04-30 10:30:58 +08:00 · 2019-04-30 10:20:57 +08:00 · 2019-04-30 10:20:48 +08:00
684 changed files with 111929 additions and 10643 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,7 +1,8 @@
 [简述你的问题]

+
 ##### 使用版本
-[请提供你使用的Jumpserver版本 0.3.2 或 0.5.0]
+[请提供你使用的Jumpserver版本 1.x.x 注: 0.3.x不再提供支持]

 ##### 问题复现步骤
 1. [步骤1]
--- a/.gitignore
+++ b/.gitignore
@@ -17,7 +17,7 @@ dump.rdb
 .idea/
 db.sqlite3
 config.py
-migrations/
+config.yml
 *.log
 host_rsa_key
 *.bat
@@ -32,3 +32,5 @@ django.db
 celerybeat-schedule.db
 data/static
 docs/_build/
+xpack
+logs/*
--- a/24
+++ b/24
@@ -0,0 +1,24 @@
+FROM registry.fit2cloud.com/public/python:v3
+MAINTAINER Jumpserver Team <ibuler@qq.com>
+
+WORKDIR /opt/jumpserver
+RUN useradd jumpserver
+
+COPY ./requirements /tmp/requirements
+
+RUN yum -y install epel-release && rpm -ivh https://repo.mysql.com/mysql57-community-release-el6.rpm
+RUN cd /tmp/requirements && yum -y install $(cat rpm_requirements.txt)
+RUN cd /tmp/requirements && pip install --upgrade pip setuptools && \
+    pip install -i https://mirrors.aliyun.com/pypi/simple/ -r requirements.txt || pip install -r requirements.txt
+RUN mkdir -p /root/.ssh/ && echo -e "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config
+
+COPY . /opt/jumpserver
+RUN echo > config.yml
+VOLUME /opt/jumpserver/data
+VOLUME /opt/jumpserver/logs
+
+ENV LANG=zh_CN.UTF-8
+ENV LC_ALL=zh_CN.UTF-8
+
+EXPOSE 8080
+ENTRYPOINT ["./entrypoint.sh"]
--- a/README.md
+++ b/README.md
@@ -1,58 +1,207 @@
-## Jumpserver
+## Jumpserver 多云环境下更好用的堡垒机

 [![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
-[![Django](https://img.shields.io/badge/django-1.11-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
-[![Ansible](https://img.shields.io/badge/ansible-2.2.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
-[![Paramiko](https://img.shields.io/badge/paramiko-2.1.2-green.svg?style=plastic)](http://www.paramiko.org/)
+[![Django](https://img.shields.io/badge/django-2.1-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
+[![Ansible](https://img.shields.io/badge/ansible-2.4.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
+[![Paramiko](https://img.shields.io/badge/paramiko-2.4.1-green.svg?style=plastic)](http://www.paramiko.org/)


 ----

-Jumpserver是全球首款完全开源的堡垒机，使用GNU GPL v2.0开源协议，是符合 4A 的专业运维审计系统。
+Jumpserver 是全球首款完全开源的堡垒机，使用 GNU GPL v2.0 开源协议，是符合 4A 的专业运维审计系统。

-Jumpserver使用Python / Django 进行开发，遵循 Web 2.0 规范，配备了业界领先的 Web Terminal 解决方案，交互界面美观、用户体验好。
+Jumpserver 使用 Python / Django 进行开发，遵循 Web 2.0 规范，配备了业界领先的 Web Terminal 解决方案，交互界面美观、用户体验好。

-Jumpserver采纳分布式架构，支持多机房跨区域部署，中心节点提供 API，各机房部署登录节点，可横向扩展、无并发限制。
+Jumpserver 采纳分布式架构，支持多机房跨区域部署，中心节点提供 API，各机房部署登录节点，可横向扩展、无并发限制。

 改变世界，从一点点开始。

----
+- [English Version](https://github.com/jumpserver/jumpserver/blob/master/README_EN.md)
+

 ### 功能
-  - 统一认证
-  - 资产管理
-  - 统一授权
-  - 审计
-  - 支持LDAP认证
-  - Web terminal
-  - SSH Server
-  - 支持Windows RDP
+----
+
+<table class="subscription-level-table">
+    <tr class="subscription-level-tr-border">
+        <th  style="background-color: #1ab394;color: #ffffff;" colspan="3">Jumpserver提供的堡垒机必备功能</th>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-first-td-background-style" rowspan="4">身份验证 Authentication</td>
+        <td class="features-second-td-background-style" rowspan="3" >登录认证
+        </td>
+        <td class="features-third-td-background-style">资源统一登录和认证
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">LDAP认证
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">支持OpenID，实现单点登录
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-second-td-background-style">多因子认证
+        </td>
+        <td class="features-third-td-background-style">MFA（Google Authenticator）
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-first-td-background-style" rowspan="9">账号管理 Account</td>
+        <td class="features-second-td-background-style" rowspan="2">集中账号管理
+        </td>
+        <td class="features-third-td-background-style">管理用户管理
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">系统用户管理
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-second-td-background-style" rowspan="4">统一密码管理
+        </td>
+        <td class="features-third-td-background-style">资产密码托管
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">自动生成密码
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">密码自动推送
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">密码过期设置
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-outline-td-background-style" rowspan="2">批量密码变更(X-PACK)
+        </td>
+        <td class="features-outline-td-background-style">定期批量修改密码
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-outline-td-background-style">生成随机密码
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-outline-td-background-style">多云环境的资产纳管(X-PACK)
+        </td>
+        <td class="features-outline-td-background-style">对私有云、公有云资产统一纳管
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-first-td-background-style" rowspan="8">授权控制 Authorization</td>
+        <td class="features-second-td-background-style" rowspan="3">资产授权管理
+        </td>
+        <td class="features-third-td-background-style">资产树
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">资产或资产组灵活授权
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">节点内资产自动继承授权
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-outline-td-background-style">组织管理(X-PACK)
+        </td>
+        <td class="features-outline-td-background-style">实现多租户管理，权限隔离
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-second-td-background-style">多维度授权
+        </td>
+        <td class="features-third-td-background-style">可对用户、用户组或系统角色授权
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-second-td-background-style">指令限制
+        </td>
+        <td class="features-third-td-background-style">限制特权指令使用，支持黑白名单
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-second-td-background-style">统一文件传输
+        </td>
+        <td class="features-third-td-background-style">SFTP 文件上传/下载
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-second-td-background-style">文件管理
+        </td>
+        <td class="features-third-td-background-style">Web SFTP 文件管理
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-first-td-background-style" rowspan="6">安全审计 Audit</td>
+        <td class="features-second-td-background-style" rowspan="2">会话管理
+        </td>
+        <td class="features-third-td-background-style">在线会话管理
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">历史会话管理
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-second-td-background-style" rowspan="2">录像管理
+        </td>
+        <td class="features-third-td-background-style">Linux 录像支持
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-third-td-background-style">Windows 录像支持
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-second-td-background-style">指令审计
+        </td>
+        <td class="features-third-td-background-style">指令记录
+        </td>
+    </tr>
+    <tr class="subscription-level-tr-border">
+        <td class="features-second-td-background-style">文件传输审计
+        </td>
+        <td class="features-third-td-background-style">上传/下载记录审计
+        </td>
+    </tr>
+</table>
+

 ### 开始使用
+----

-快速开始文档  [Docker安装](http://docs.jumpserver.org/zh/latest/quickstart.html)
+- 快速开始文档  [Docker 安装](http://docs.jumpserver.org/zh/docs/dockerinstall.html)

-一步一步安装文档 [详细部署](http://docs.jumpserver.org/zh/latest/step_by_step.html)
+- Step by Step 安装文档 [详细部署](http://docs.jumpserver.org/zh/docs/step_by_step.html)

-也可以查看我们完整文档包括了使用和开发 [文档](http://docs.jumpserver.org)
+- 也可以查看我们完整文档 [文档](http://docs.jumpserver.org)

-### Demo 和 截图 
+### Demo、视频 和 截图
+----

-我们提供了DEMO和截图可以让你快速了解Jumpserver
+我们提供了 Demo 、演示视频和截图可以让你快速了解 Jumpserver

-[DEMO](http://demo.jumpserver.org)
-[截图](http://docs.jumpserver.org/zh/docs/snapshot.html)
+- [Demo](https://demo.jumpserver.org/auth/login/?next=/)
+- [视频](https://fit2cloud2-offline-installer.oss-cn-beijing.aliyuncs.com/tools/Jumpserver%20%E4%BB%8B%E7%BB%8Dv1.4.mp4)
+- [截图](http://docs.jumpserver.org/zh/docs/snapshot.html)

-### SDK 
+### SDK
+----

-我们还编写了一些SDK，供你其它系统快速和Jumpserver APi交互，
+我们还编写了一些SDK，供你的其它系统快速和 Jumpserver API 交互

- [python](https://github.com/jumpserver/jumpserver-python-sdk) Jumpserver其它组件使用这个SDK完成交互
- [java](https://github.com/KaiJunYan/jumpserver-java-sdk.git) 恺珺同学提供的Java版本的SDK
+- [Python](https://github.com/jumpserver/jumpserver-python-sdk) Jumpserver其它组件使用这个SDK完成交互
+- [Java](https://github.com/KaiJunYan/jumpserver-java-sdk.git) 恺珺同学提供的Java版本的SDK


 ### License & Copyright
-Copyright (c) 2014-2018 Beijing Duizhan Tech, Inc., All rights reserved.
+Copyright (c) 2014-2019 飞致云 FIT2CLOUD, All rights reserved.

 Licensed under The GNU General Public License version 2 (GPLv2)  (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

--- a/README_EN.md
+++ b/README_EN.md
@@ -0,0 +1,58 @@
+## Jumpserver 
+
+[![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
+[![Django](https://img.shields.io/badge/django-2.1-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
+[![Ansible](https://img.shields.io/badge/ansible-2.4.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
+[![Paramiko](https://img.shields.io/badge/paramiko-2.4.1-green.svg?style=plastic)](http://www.paramiko.org/)
+
+
+----
+
+- [中文版](https://github.com/jumpserver/jumpserver/blob/master/README_EN.md)
+
+Jumpserver is the first fully open source bastion in the world, based on the GNU GPL v2.0 open source protocol. Jumpserver is a  professional operation and maintenance audit system conforms to 4A specifications.
+
+Jumpserver is developed using Python / Django, conforms to the Web 2.0 specification, and is equipped with the industry-leading Web Terminal solution which have beautiful interface and great user experience.
+
+Jumpserver adopts a distributed architecture to support multi-branch deployment across multiple areas. The central node provides APIs, and login nodes are deployed in each branch. It can be scaled horizontally without concurrency restrictions.
+
+Change the world, starting from little things.
+
+----
+
+### Features
+
+ ![Jumpserver 功能](https://jumpserver-release.oss-cn-hangzhou.aliyuncs.com/Jumpserver148.jpeg "Jumpserver 功能")
+
+### Start 
+
+Quick start  [Docker Install](http://docs.jumpserver.org/zh/docs/dockerinstall.html)
+
+Step by Step deployment. [Docs](http://docs.jumpserver.org/zh/docs/step_by_step.html)
+
+Full documentation [Docs](http://docs.jumpserver.org)
+
+### Demo、Video 和 Snapshot
+
+We provide online demo, demo video and screenshots to get you started quickly.
+
+[Demo](https://demo.jumpserver.org/auth/login/?next=/)
+[Video](https://fit2cloud2-offline-installer.oss-cn-beijing.aliyuncs.com/tools/Jumpserver%20%E4%BB%8B%E7%BB%8Dv1.4.mp4)
+[Snapshot](http://docs.jumpserver.org/zh/docs/snapshot.html)
+
+### SDK
+
+We provide the SDK for your other systems to quickly interact with the Jumpserver API.
+
+- [Python](https://github.com/jumpserver/jumpserver-python-sdk) Jumpserver other components use this SDK to complete the interaction.
+- [Java](https://github.com/KaiJunYan/jumpserver-java-sdk.git) 恺珺同学提供的Java版本的SDK thanks to 恺珺 for provide Java SDK
+
+
+### License & Copyright
+Copyright (c) 2014-2019 Beijing Duizhan Tech, Inc., All rights reserved.
+
+Licensed under The GNU General Public License version 2 (GPLv2)  (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
+
+https://www.gnu.org/licenses/gpl-2.0.html
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
--- a/apps/init.py
+++ b/apps/init.py
@@ -1,5 +1,3 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
-# 
-
-__version__ = "1.0.0"
+#
--- a/apps/assets/api/init.py
+++ b/apps/assets/api/init.py
@@ -4,3 +4,5 @@ from .label import *
 from .system_user import *
 from .node import *
 from .domain import *
+from .cmd_filter import *
+from .asset_user import *
--- a/apps/assets/api/admin_user.py
+++ b/apps/assets/api/admin_user.py
@@ -14,22 +14,25 @@
 # limitations under the License.

 from django.db import transaction
+from django.shortcuts import get_object_or_404
 from rest_framework import generics
 from rest_framework.response import Response
 from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination

 from common.mixins import IDInFilterMixin
 from common.utils import get_logger
-from ..hands import IsSuperUser
+from ..hands import IsOrgAdmin
 from ..models import AdminUser, Asset
 from .. import serializers
-from ..tasks import test_admin_user_connectability_manual
+from ..tasks import test_admin_user_connectivity_manual


 logger = get_logger(__file__)
 __all__ = [
    'AdminUserViewSet', 'ReplaceNodesAdminUserApi',
    'AdminUserTestConnectiveApi', 'AdminUserAuthApi',
+    'AdminUserAssetsListView',
 ]


@@ -37,21 +40,29 @@ class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
    """
    Admin user api set, for add,delete,update,list,retrieve resource
    """
+
+    filter_fields = ("name", "username")
+    search_fields = filter_fields
    queryset = AdminUser.objects.all()
    serializer_class = serializers.AdminUserSerializer
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
+    pagination_class = LimitOffsetPagination
+
+    def get_queryset(self):
+        queryset = super().get_queryset().all()
+        return queryset


 class AdminUserAuthApi(generics.UpdateAPIView):
    queryset = AdminUser.objects.all()
    serializer_class = serializers.AdminUserAuthSerializer
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)


 class ReplaceNodesAdminUserApi(generics.UpdateAPIView):
    queryset = AdminUser.objects.all()
    serializer_class = serializers.ReplaceNodeAdminUserSerializer
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)

    def update(self, request, *args, **kwargs):
        admin_user = self.get_object()
@@ -72,12 +83,30 @@ class ReplaceNodesAdminUserApi(generics.UpdateAPIView):

 class AdminUserTestConnectiveApi(generics.RetrieveAPIView):
    """
-    Test asset admin user connectivity
+    Test asset admin user assets_connectivity
    """
    queryset = AdminUser.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.TaskIDSerializer

    def retrieve(self, request, *args, **kwargs):
        admin_user = self.get_object()
-        task = test_admin_user_connectability_manual.delay(admin_user)
+        task = test_admin_user_connectivity_manual.delay(admin_user)
        return Response({"task": task.id})
+
+
+class AdminUserAssetsListView(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.AssetSimpleSerializer
+    pagination_class = LimitOffsetPagination
+    filter_fields = ("hostname", "ip")
+    http_method_names = ['get']
+    search_fields = filter_fields
+
+    def get_object(self):
+        pk = self.kwargs.get('pk')
+        return get_object_or_404(AdminUser, pk=pk)
+
+    def get_queryset(self):
+        admin_user = self.get_object()
+        return admin_user.get_related_assets()
--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@@ -1,29 +1,37 @@
 # -*- coding: utf-8 -*-
 #

+import uuid
+import random
+
 from rest_framework import generics
+from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework_bulk import BulkModelViewSet
 from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView
 from rest_framework.pagination import LimitOffsetPagination
+from django.utils.translation import ugettext_lazy as _
 from django.shortcuts import get_object_or_404
+from django.urls import reverse_lazy
+from django.core.cache import cache
 from django.db.models import Q

 from common.mixins import IDInFilterMixin
 from common.utils import get_logger
-from ..hands import IsSuperUser, IsValidUser, IsSuperUserOrAppUser, \
-    NodePermissionUtil
-from ..models import  Asset, SystemUser, AdminUser, Node
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
+from ..const import CACHE_KEY_ASSET_BULK_UPDATE_ID_PREFIX
+from ..models import Asset, AdminUser, Node
 from .. import serializers
 from ..tasks import update_asset_hardware_info_manual, \
-    test_asset_connectability_manual
+    test_asset_connectivity_manual
 from ..utils import LabelFilter


 logger = get_logger(__file__)
 __all__ = [
-    'AssetViewSet', 'UserAssetListView', 'AssetListUpdateApi',
-    'AssetRefreshHardwareApi', 'AssetAdminUserTestApi'
+    'AssetViewSet', 'AssetListUpdateApi',
+    'AssetRefreshHardwareApi', 'AssetAdminUserTestApi',
+    'AssetGatewayApi', 'AssetBulkUpdateSelectAPI'
 ]


@@ -37,33 +45,47 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet):
    queryset = Asset.objects.all()
    serializer_class = serializers.AssetSerializer
    pagination_class = LimitOffsetPagination
-    permission_classes = (IsSuperUserOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser,)

-    def get_queryset(self):
-        queryset = super().get_queryset()
-        admin_user_id = self.request.query_params.get('admin_user_id')
+    def filter_node(self, queryset):
        node_id = self.request.query_params.get("node_id")
+        if not node_id:
+            return queryset

-        if admin_user_id:
-            admin_user = get_object_or_404(AdminUser, id=admin_user_id)
-            queryset = queryset.filter(admin_user=admin_user)
-        if node_id:
-            node = get_object_or_404(Node, id=node_id)
-            if not node.is_root():
-                queryset = queryset.filter(nodes__key__startswith=node.key).distinct()
+        node = get_object_or_404(Node, id=node_id)
+        show_current_asset = self.request.query_params.get("show_current_asset") in ('1', 'true')
+
+        if node.is_root() and show_current_asset:
+            queryset = queryset.filter(
+                Q(nodes=node_id) | Q(nodes__isnull=True)
+            )
+        elif node.is_root() and not show_current_asset:
+            pass
+        elif not node.is_root() and show_current_asset:
+            queryset = queryset.filter(nodes=node)
+        else:
+            queryset = queryset.filter(
+                nodes__key__regex='^{}(:[0-9]+)*$'.format(node.key),
+            )
        return queryset

+    def filter_admin_user_id(self, queryset):
+        admin_user_id = self.request.query_params.get('admin_user_id')
+        if not admin_user_id:
+            return queryset
+        admin_user = get_object_or_404(AdminUser, id=admin_user_id)
+        queryset = queryset.filter(admin_user=admin_user)
+        return queryset

-class UserAssetListView(generics.ListAPIView):
-    queryset = Asset.objects.all()
-    serializer_class = serializers.AssetSerializer
-    permission_classes = (IsValidUser,)
+    def filter_queryset(self, queryset):
+        queryset = super().filter_queryset(queryset)
+        queryset = self.filter_node(queryset)
+        queryset = self.filter_admin_user_id(queryset)
+        return queryset

    def get_queryset(self):
-        assets_granted = NodePermissionUtil.get_user_assets(self.request.user).keys()
-        queryset = self.queryset.filter(
-            id__in=[asset.id for asset in assets_granted]
-        )
+        queryset = super().get_queryset().distinct()
+        queryset = self.get_serializer_class().setup_eager_loading(queryset)
        return queryset


@@ -73,7 +95,22 @@ class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView):
    """
    queryset = Asset.objects.all()
    serializer_class = serializers.AssetSerializer
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
+
+
+class AssetBulkUpdateSelectAPI(APIView):
+    permission_classes = (IsOrgAdmin,)
+
+    def post(self, request, *args, **kwargs):
+        assets_id = request.data.get('assets_id', '')
+        if assets_id:
+            spm = uuid.uuid4().hex
+            key = CACHE_KEY_ASSET_BULK_UPDATE_ID_PREFIX.format(spm)
+            cache.set(key, assets_id, 300)
+            url = reverse_lazy('assets:asset-bulk-update') + '?spm=%s' % spm
+            return Response({'url': url})
+        error = _('Please select assets that need to be updated')
+        return Response({'error': error}, status=400)


 class AssetRefreshHardwareApi(generics.RetrieveAPIView):
@@ -82,7 +119,7 @@ class AssetRefreshHardwareApi(generics.RetrieveAPIView):
    """
    queryset = Asset.objects.all()
    serializer_class = serializers.AssetSerializer
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)

    def retrieve(self, request, *args, **kwargs):
        asset_id = kwargs.get('pk')
@@ -93,13 +130,32 @@ class AssetRefreshHardwareApi(generics.RetrieveAPIView):

 class AssetAdminUserTestApi(generics.RetrieveAPIView):
    """
-    Test asset admin user connectivity
+    Test asset admin user assets_connectivity
    """
    queryset = Asset.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.TaskIDSerializer

    def retrieve(self, request, *args, **kwargs):
        asset_id = kwargs.get('pk')
        asset = get_object_or_404(Asset, pk=asset_id)
-        task = test_asset_connectability_manual.delay(asset)
+        task = test_asset_connectivity_manual.delay(asset)
        return Response({"task": task.id})
+
+
+class AssetGatewayApi(generics.RetrieveAPIView):
+    queryset = Asset.objects.all()
+    permission_classes = (IsOrgAdminOrAppUser,)
+    serializer_class = serializers.GatewayWithAuthSerializer
+
+    def retrieve(self, request, *args, **kwargs):
+        asset_id = kwargs.get('pk')
+        asset = get_object_or_404(Asset, pk=asset_id)
+
+        if asset.domain and \
+                asset.domain.gateways.filter(protocol=asset.protocol).exists():
+            gateway = random.choice(asset.domain.gateways.filter(protocol=asset.protocol))
+            serializer = serializers.GatewayWithAuthSerializer(instance=gateway)
+            return Response(serializer.data)
+        else:
+            return Response({"msg": "Not have gateway"}, status=404)
--- a/apps/assets/api/asset_user.py
+++ b/apps/assets/api/asset_user.py
@@ -0,0 +1,101 @@
+# -*- coding: utf-8 -*-
+#
+
+
+from rest_framework.response import Response
+from rest_framework import viewsets, status, generics
+from rest_framework.pagination import LimitOffsetPagination
+
+from common.permissions import IsOrgAdminOrAppUser
+from common.utils import get_object_or_none, get_logger
+
+from ..backends.multi import AssetUserManager
+from ..models import Asset
+from .. import serializers
+from ..tasks import test_asset_users_connectivity_manual
+
+
+__all__ = [
+    'AssetUserViewSet', 'AssetUserAuthInfoApi', 'AssetUserTestConnectiveApi',
+]
+
+
+logger = get_logger(__name__)
+
+
+class AssetUserViewSet(viewsets.GenericViewSet):
+    pagination_class = LimitOffsetPagination
+    serializer_class = serializers.AssetUserSerializer
+    permission_classes = (IsOrgAdminOrAppUser, )
+    http_method_names = ['get', 'post']
+
+    def create(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response(serializer.data, status=status.HTTP_201_CREATED)
+
+    def list(self, request, *args, **kwargs):
+        queryset = self.filter_queryset(self.get_queryset())
+        serializer = self.get_serializer(queryset, many=True)
+        return Response(serializer.data)
+
+    def get_queryset(self):
+        username = self.request.GET.get('username')
+        asset_id = self.request.GET.get('asset_id')
+        asset = get_object_or_none(Asset, pk=asset_id)
+        queryset = AssetUserManager.filter(username=username, asset=asset)
+        return queryset
+
+    def filter_queryset(self, queryset):
+        queryset = sorted(
+            queryset,
+            key=lambda q: (q.asset.hostname, q.connectivity, q.username)
+        )
+        return queryset
+
+
+class AssetUserAuthInfoApi(generics.RetrieveAPIView):
+    serializer_class = serializers.AssetUserAuthInfoSerializer
+    permission_classes = (IsOrgAdminOrAppUser,)
+
+    def retrieve(self, request, *args, **kwargs):
+        instance = self.get_object()
+        serializer = self.get_serializer(instance)
+        status_code = status.HTTP_200_OK
+        if not instance:
+            status_code = status.HTTP_400_BAD_REQUEST
+        return Response(serializer.data, status=status_code)
+
+    def get_object(self):
+        username = self.request.GET.get('username')
+        asset_id = self.request.GET.get('asset_id')
+        asset = get_object_or_none(Asset, pk=asset_id)
+        try:
+            instance = AssetUserManager.get(username, asset)
+        except Exception as e:
+            logger.error(e, exc_info=True)
+            return None
+        else:
+            return instance
+
+
+class AssetUserTestConnectiveApi(generics.RetrieveAPIView):
+    """
+    Test asset users connective
+    """
+
+    def get_asset_users(self):
+        username = self.request.GET.get('username')
+        asset_id = self.request.GET.get('asset_id')
+        asset = get_object_or_none(Asset, pk=asset_id)
+        asset_users = AssetUserManager.filter(username=username, asset=asset)
+        return asset_users
+
+    def retrieve(self, request, *args, **kwargs):
+        asset_users = self.get_asset_users()
+        task = test_asset_users_connectivity_manual.delay(asset_users)
+        return Response({"task": task.id})
+
+
+
--- a/apps/assets/api/cmd_filter.py
+++ b/apps/assets/api/cmd_filter.py
@@ -0,0 +1,39 @@
+# -*- coding: utf-8 -*-
+#
+
+from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination
+from django.shortcuts import get_object_or_404
+
+from ..hands import IsOrgAdmin
+from ..models import CommandFilter, CommandFilterRule
+from .. import serializers
+
+
+__all__ = ['CommandFilterViewSet', 'CommandFilterRuleViewSet']
+
+
+class CommandFilterViewSet(BulkModelViewSet):
+    filter_fields = ("name",)
+    search_fields = filter_fields
+    permission_classes = (IsOrgAdmin,)
+    queryset = CommandFilter.objects.all()
+    serializer_class = serializers.CommandFilterSerializer
+    pagination_class = LimitOffsetPagination
+
+
+class CommandFilterRuleViewSet(BulkModelViewSet):
+    filter_fields = ("content",)
+    search_fields = filter_fields
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.CommandFilterRuleSerializer
+    pagination_class = LimitOffsetPagination
+
+    def get_queryset(self):
+        fpk = self.kwargs.get('filter_pk')
+        if not fpk:
+            return CommandFilterRule.objects.none()
+        cmd_filter = get_object_or_404(CommandFilter, pk=fpk)
+        return cmd_filter.rules.all()
+
+
--- a/apps/assets/api/domain.py
+++ b/apps/assets/api/domain.py
@@ -2,14 +2,13 @@

 from rest_framework_bulk import BulkModelViewSet
 from rest_framework.views import APIView, Response
-from rest_framework.generics import RetrieveAPIView
+from rest_framework.pagination import LimitOffsetPagination

 from django.views.generic.detail import SingleObjectMixin

 from common.utils import get_logger
-from ..hands import IsSuperUser, IsSuperUserOrAppUser
+from common.permissions import IsOrgAdmin, IsAppUser, IsOrgAdminOrAppUser
 from ..models import Domain, Gateway
-from ..utils import test_gateway_connectability
 from .. import serializers


@@ -19,8 +18,13 @@ __all__ = ['DomainViewSet', 'GatewayViewSet', "GatewayTestConnectionApi"]

 class DomainViewSet(BulkModelViewSet):
    queryset = Domain.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.DomainSerializer
+    pagination_class = LimitOffsetPagination
+
+    def get_queryset(self):
+        queryset = super().get_queryset().all()
+        return queryset

    def get_serializer_class(self):
        if self.request.query_params.get('gateway'):
@@ -29,26 +33,28 @@ class DomainViewSet(BulkModelViewSet):

    def get_permissions(self):
        if self.request.query_params.get('gateway'):
-            self.permission_classes = (IsSuperUserOrAppUser,)
+            self.permission_classes = (IsOrgAdminOrAppUser,)
        return super().get_permissions()


 class GatewayViewSet(BulkModelViewSet):
-    filter_fields = ("domain",)
+    filter_fields = ("domain__name", "name", "username", "ip", "domain")
    search_fields = filter_fields
    queryset = Gateway.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.GatewaySerializer
+    pagination_class = LimitOffsetPagination


 class GatewayTestConnectionApi(SingleObjectMixin, APIView):
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    model = Gateway
    object = None

-    def get(self, request, *args, **kwargs):
+    def post(self, request, *args, **kwargs):
        self.object = self.get_object(Gateway.objects.all())
-        ok, e = test_gateway_connectability(self.object)
+        local_port = self.request.data.get('port') or self.object.port
+        ok, e = self.object.test_connective(local_port=local_port)
        if ok:
            return Response("ok")
        else:
--- a/apps/assets/api/label.py
+++ b/apps/assets/api/label.py
@@ -14,10 +14,11 @@
 # limitations under the License.

 from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination
 from django.db.models import Count

 from common.utils import get_logger
-from ..hands import IsSuperUser
+from ..hands import IsOrgAdmin
 from ..models import Label
 from .. import serializers

@@ -27,12 +28,18 @@ __all__ = ['LabelViewSet']


 class LabelViewSet(BulkModelViewSet):
-    queryset = Label.objects.annotate(asset_count=Count("assets"))
-    permission_classes = (IsSuperUser,)
+    filter_fields = ("name", "value")
+    search_fields = filter_fields
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.LabelSerializer
+    pagination_class = LimitOffsetPagination

    def list(self, request, *args, **kwargs):
        if request.query_params.get("distinct"):
            self.serializer_class = serializers.LabelDistinctSerializer
            self.queryset = self.queryset.values("name").distinct()
        return super().list(request, *args, **kwargs)
+
+    def get_queryset(self):
+        self.queryset = Label.objects.annotate(asset_count=Count("assets"))
+        return self.queryset
--- a/apps/assets/api/node.py
+++ b/apps/assets/api/node.py
@@ -13,32 +13,34 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-from rest_framework import generics, mixins
+from rest_framework import generics, mixins, viewsets
+from rest_framework.serializers import ValidationError
 from rest_framework.views import APIView
 from rest_framework.response import Response
-from rest_framework_bulk import BulkModelViewSet
 from django.utils.translation import ugettext_lazy as _
 from django.shortcuts import get_object_or_404

 from common.utils import get_logger, get_object_or_none
-from ..hands import IsSuperUser
+from common.tree import TreeNodeSerializer
+from ..hands import IsOrgAdmin
 from ..models import Node
-from ..tasks import update_assets_hardware_info_util, test_asset_connectability_util
+from ..tasks import update_assets_hardware_info_util, test_asset_connectivity_util
 from .. import serializers


 logger = get_logger(__file__)
 __all__ = [
-    'NodeViewSet', 'NodeChildrenApi',
-    'NodeAddAssetsApi', 'NodeRemoveAssetsApi',
+    'NodeViewSet', 'NodeChildrenApi', 'NodeAssetsApi',
+    'NodeAddAssetsApi', 'NodeRemoveAssetsApi', 'NodeReplaceAssetsApi',
    'NodeAddChildrenApi', 'RefreshNodeHardwareInfoApi',
-    'TestNodeConnectiveApi'
+    'TestNodeConnectiveApi', 'NodeListAsTreeApi',
+    'NodeChildrenAsTreeApi', 'RefreshAssetsAmount',
 ]


-class NodeViewSet(BulkModelViewSet):
+class NodeViewSet(viewsets.ModelViewSet):
    queryset = Node.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.NodeSerializer

    def perform_create(self, serializer):
@@ -46,42 +48,173 @@ class NodeViewSet(BulkModelViewSet):
        serializer.validated_data["key"] = child_key
        serializer.save()

+    def update(self, request, *args, **kwargs):
+        node = self.get_object()
+        if node.is_root():
+            node_value = node.value
+            post_value = request.data.get('value')
+            if node_value != post_value:
+                return Response(
+                    {"msg": _("You can't update the root node name")},
+                    status=400
+                )
+        return super().update(request, *args, **kwargs)
+
+
+class NodeListAsTreeApi(generics.ListAPIView):
+    """
+    获取节点列表树
+    [
+      {
+        "id": "",
+        "name": "",
+        "pId": "",
+        "meta": ""
+      }
+    ]
+    """
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = TreeNodeSerializer
+
+    def get_queryset(self):
+        queryset = [node.as_tree_node() for node in Node.objects.all()]
+        return queryset
+
+    def filter_queryset(self, queryset):
+        if self.request.query_params.get('refresh', '0') == '1':
+            queryset = self.refresh_nodes(queryset)
+        return queryset
+
+    @staticmethod
+    def refresh_nodes(queryset):
+        Node.expire_nodes_assets_amount()
+        Node.expire_nodes_full_value()
+        return queryset
+
+
+class NodeChildrenAsTreeApi(generics.ListAPIView):
+    """
+    节点子节点作为树返回，
+    [
+      {
+        "id": "",
+        "name": "",
+        "pId": "",
+        "meta": ""
+      }
+    ]
+
+    """
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = TreeNodeSerializer
+    node = None
+    is_root = False
+
+    def get_queryset(self):
+        node_key = self.request.query_params.get('key')
+        if node_key:
+            self.node = Node.objects.get(key=node_key)
+            queryset = self.node.get_children(with_self=False)
+        else:
+            self.is_root = True
+            self.node = Node.root()
+            queryset = list(self.node.get_children(with_self=True))
+            nodes_invalid = Node.objects.exclude(key__startswith=self.node.key)
+            queryset.extend(list(nodes_invalid))
+        queryset = [node.as_tree_node() for node in queryset]
+        return queryset
+
+    def filter_assets(self, queryset):
+        include_assets = self.request.query_params.get('assets', '0') == '1'
+        if not include_assets:
+            return queryset
+        assets = self.node.get_assets()
+        for asset in assets:
+            queryset.append(asset.as_tree_node(self.node))
+        return queryset
+
+    def filter_queryset(self, queryset):
+        queryset = self.filter_assets(queryset)
+        queryset = self.filter_refresh_nodes(queryset)
+        return queryset
+
+    def filter_refresh_nodes(self, queryset):
+        if self.request.query_params.get('refresh', '0') == '1':
+            Node.expire_nodes_assets_amount()
+            Node.expire_nodes_full_value()
+        return queryset
+

 class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView):
    queryset = Node.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.NodeSerializer
    instance = None

+    def get(self, request, *args, **kwargs):
+        return self.list(request, *args, **kwargs)
+
    def post(self, request, *args, **kwargs):
+        instance = self.get_object()
        if not request.data.get("value"):
-            request.data["value"] = _("New node {}").format(
-                Node.root().get_next_child_key().split(":")[-1]
-            )
+            request.data["value"] = instance.get_next_child_preset_name()
        return super().post(request, *args, **kwargs)

    def create(self, request, *args, **kwargs):
        instance = self.get_object()
        value = request.data.get("value")
-        node = instance.create_child(value=value)
-        return Response(
-            {"id": node.id, "key": node.key, "value": node.value},
-            status=201,
-        )
+        _id = request.data.get('id') or None
+        values = [child.value for child in instance.get_children()]
+        if value in values:
+            raise ValidationError(
+                'The same level node name cannot be the same'
+            )
+        node = instance.create_child(value=value, _id=_id)
+        return Response(self.serializer_class(instance=node).data, status=201)

-    def get(self, request, *args, **kwargs):
-        instance = self.get_object()
-        if self.request.query_params.get("all"):
-            children = instance.get_all_children()
+    def get_object(self):
+        pk = self.kwargs.get('pk') or self.request.query_params.get('id')
+        if not pk:
+            node = Node.root()
        else:
-            children = instance.get_children()
-        response = [{"id": node.id, "key": node.key, "value": node.value} for node in children]
-        return Response(response, status=200)
+            node = get_object_or_404(Node, pk=pk)
+        return node
+
+    def get_queryset(self):
+        queryset = []
+        query_all = self.request.query_params.get("all")
+        node = self.get_object()
+
+        if node is None:
+            node = Node.root()
+            node.assets__count = node.get_all_assets().count()
+            queryset.append(node)
+
+        if query_all:
+            children = node.get_all_children()
+        else:
+            children = node.get_children()
+        queryset.extend(list(children))
+        return queryset
+
+
+class NodeAssetsApi(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.AssetSerializer
+
+    def get_queryset(self):
+        node_id = self.kwargs.get('pk')
+        query_all = self.request.query_params.get('all')
+        instance = get_object_or_404(Node, pk=node_id)
+        if query_all:
+            return instance.get_all_assets()
+        else:
+            return instance.get_assets()


 class NodeAddChildrenApi(generics.UpdateAPIView):
    queryset = Node.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.NodeAddChildrenSerializer
    instance = None

@@ -93,14 +226,13 @@ class NodeAddChildrenApi(generics.UpdateAPIView):
            if not node:
                continue
            node.parent = instance
-            node.save()
        return Response("OK")


 class NodeAddAssetsApi(generics.UpdateAPIView):
    serializer_class = serializers.NodeAssetsSerializer
    queryset = Node.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    instance = None

    def perform_update(self, serializer):
@@ -112,7 +244,7 @@ class NodeAddAssetsApi(generics.UpdateAPIView):
 class NodeRemoveAssetsApi(generics.UpdateAPIView):
    serializer_class = serializers.NodeAssetsSerializer
    queryset = Node.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    instance = None

    def perform_update(self, serializer):
@@ -120,30 +252,56 @@ class NodeRemoveAssetsApi(generics.UpdateAPIView):
        instance = self.get_object()
        if instance != Node.root():
            instance.assets.remove(*tuple(assets))
+        else:
+            assets = [asset for asset in assets if asset.nodes.count() > 1]
+            instance.assets.remove(*tuple(assets))
+
+
+class NodeReplaceAssetsApi(generics.UpdateAPIView):
+    serializer_class = serializers.NodeAssetsSerializer
+    queryset = Node.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    instance = None
+
+    def perform_update(self, serializer):
+        assets = serializer.validated_data.get('assets')
+        instance = self.get_object()
+        for asset in assets:
+            asset.nodes.set([instance])


 class RefreshNodeHardwareInfoApi(APIView):
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    model = Node

    def get(self, request, *args, **kwargs):
        node_id = kwargs.get('pk')
        node = get_object_or_404(self.model, id=node_id)
-        assets = node.assets.all()
-        task_name = _("更新节点资产硬件信息: {}".format(node.name))
+        assets = node.get_all_assets()
+        # task_name = _("更新节点资产硬件信息: {}".format(node.name))
+        task_name = _("Update node asset hardware information: {}").format(node.name)
        task = update_assets_hardware_info_util.delay(assets, task_name=task_name)
        return Response({"task": task.id})


 class TestNodeConnectiveApi(APIView):
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    model = Node

    def get(self, request, *args, **kwargs):
        node_id = kwargs.get('pk')
        node = get_object_or_404(self.model, id=node_id)
-        assets = node.assets.all()
-        task_name = _("测试节点下资产是否可连接: {}".format(node.name))
-        task = test_asset_connectability_util.delay(assets, task_name=task_name)
+        assets = node.get_all_assets()
+        # task_name = _("测试节点下资产是否可连接: {}".format(node.name))
+        task_name = _("Test if the assets under the node are connectable: {}".format(node.name))
+        task = test_asset_connectivity_util.delay(assets, task_name=task_name)
        return Response({"task": task.id})

+
+class RefreshAssetsAmount(APIView):
+    permission_classes = (IsOrgAdmin,)
+    model = Node
+
+    def get(self, request, *args, **kwargs):
+        self.model.expire_nodes_assets_amount()
+        return Response("Ok")
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -13,21 +13,28 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+from django.shortcuts import get_object_or_404
 from rest_framework import generics
 from rest_framework.response import Response
 from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination
+
 from common.utils import get_logger
-from ..hands import IsSuperUser, IsSuperUserOrAppUser
-from ..models import SystemUser
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
+from ..models import SystemUser, Asset
 from .. import serializers
 from ..tasks import push_system_user_to_assets_manual, \
-    test_system_user_connectability_manual
+    test_system_user_connectivity_manual, push_system_user_a_asset_manual, \
+    test_system_user_connectivity_a_asset


 logger = get_logger(__file__)
 __all__ = [
-    'SystemUserViewSet', 'SystemUserAuthInfoApi',
-    'SystemUserPushApi', 'SystemUserTestConnectiveApi'
+    'SystemUserViewSet', 'SystemUserAuthInfoApi', 'SystemUserAssetAuthInfoApi',
+    'SystemUserPushApi', 'SystemUserTestConnectiveApi',
+    'SystemUserAssetsListView', 'SystemUserPushToAssetApi',
+    'SystemUserTestAssetConnectivityApi', 'SystemUserCommandFilterRuleListApi',
+
 ]


@@ -35,29 +42,60 @@ class SystemUserViewSet(BulkModelViewSet):
    """
    System user api set, for add,delete,update,list,retrieve resource
    """
+    filter_fields = ("name", "username")
+    search_fields = filter_fields
    queryset = SystemUser.objects.all()
    serializer_class = serializers.SystemUserSerializer
-    permission_classes = (IsSuperUserOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser,)
+    pagination_class = LimitOffsetPagination
+
+    def get_queryset(self):
+        queryset = super().get_queryset().all()
+        return queryset


-class SystemUserAuthInfoApi(generics.RetrieveUpdateAPIView):
+class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
    """
    Get system user auth info
    """
    queryset = SystemUser.objects.all()
-    permission_classes = (IsSuperUserOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.SystemUserAuthSerializer

+    def destroy(self, request, *args, **kwargs):
+        instance = self.get_object()
+        instance.clear_auth()
+        return Response(status=204)
+
+
+class SystemUserAssetAuthInfoApi(generics.RetrieveAPIView):
+    """
+    Get system user with asset auth info
+    """
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsOrgAdminOrAppUser,)
+    serializer_class = serializers.SystemUserAuthSerializer
+
+    def get_object(self):
+        instance = super().get_object()
+        aid = self.kwargs.get('aid')
+        asset = get_object_or_404(Asset, pk=aid)
+        instance.load_specific_asset_auth(asset)
+        return instance
+

 class SystemUserPushApi(generics.RetrieveAPIView):
    """
    Push system user to cluster assets api
    """
    queryset = SystemUser.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)

    def retrieve(self, request, *args, **kwargs):
        system_user = self.get_object()
+        nodes = system_user.nodes.all()
+        for node in nodes:
+            system_user.assets.add(*tuple(node.get_all_assets()))
        task = push_system_user_to_assets_manual.delay(system_user)
        return Response({"task": task.id})

@@ -67,9 +105,65 @@ class SystemUserTestConnectiveApi(generics.RetrieveAPIView):
    Push system user to cluster assets api
    """
    queryset = SystemUser.objects.all()
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)

    def retrieve(self, request, *args, **kwargs):
        system_user = self.get_object()
-        task = test_system_user_connectability_manual.delay(system_user)
+        task = test_system_user_connectivity_manual.delay(system_user)
        return Response({"task": task.id})
+
+
+class SystemUserAssetsListView(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.AssetSimpleSerializer
+    pagination_class = LimitOffsetPagination
+    filter_fields = ("hostname", "ip")
+    http_method_names = ['get']
+    search_fields = filter_fields
+
+    def get_object(self):
+        pk = self.kwargs.get('pk')
+        return get_object_or_404(SystemUser, pk=pk)
+
+    def get_queryset(self):
+        system_user = self.get_object()
+        return system_user.assets.all()
+
+
+class SystemUserPushToAssetApi(generics.RetrieveAPIView):
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.TaskIDSerializer
+
+    def retrieve(self, request, *args, **kwargs):
+        system_user = self.get_object()
+        asset_id = self.kwargs.get('aid')
+        asset = get_object_or_404(Asset, id=asset_id)
+        task = push_system_user_a_asset_manual.delay(system_user, asset)
+        return Response({"task": task.id})
+
+
+class SystemUserTestAssetConnectivityApi(generics.RetrieveAPIView):
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.TaskIDSerializer
+
+    def retrieve(self, request, *args, **kwargs):
+        system_user = self.get_object()
+        asset_id = self.kwargs.get('aid')
+        asset = get_object_or_404(Asset, id=asset_id)
+        task = test_system_user_connectivity_a_asset.delay(system_user, asset)
+        return Response({"task": task.id})
+
+
+class SystemUserCommandFilterRuleListApi(generics.ListAPIView):
+    permission_classes = (IsOrgAdminOrAppUser,)
+
+    def get_serializer_class(self):
+        from ..serializers import CommandFilterRuleSerializer
+        return CommandFilterRuleSerializer
+
+    def get_queryset(self):
+        pk = self.kwargs.get('pk', None)
+        system_user = get_object_or_404(SystemUser, pk=pk)
+        return system_user.cmd_filter_rules
--- a/apps/assets/backends/init.py
+++ b/apps/assets/backends/init.py
--- a/apps/assets/backends/base.py
+++ b/apps/assets/backends/base.py
@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+#
+
+from django.core.exceptions import MultipleObjectsReturned, ObjectDoesNotExist
+from abc import abstractmethod
+
+
+class NotSupportError(Exception):
+    pass
+
+
+class BaseBackend:
+    ObjectDoesNotExist = ObjectDoesNotExist
+    MultipleObjectsReturned = MultipleObjectsReturned
+    NotSupportError = NotSupportError
+    MSG_NOT_EXIST = '{} Object matching query does not exist'
+    MSG_MULTIPLE = '{} get() returned more than one object ' \
+                   '-- it returned {}!'
+
+    @classmethod
+    def get(cls, username, asset):
+        instances = cls.filter(username, asset)
+        if len(instances) == 1:
+            return instances[0]
+        elif len(instances) == 0:
+            cls.raise_does_not_exist(cls.__name__)
+        else:
+            cls.raise_multiple_return(cls.__name__, len(instances))
+
+    @classmethod
+    @abstractmethod
+    def filter(cls, username=None, asset=None, latest=True):
+        """
+        :param username: 用户名
+        :param asset: <Asset>对象
+        :param latest: 是否是最新记录
+        :return: 元素为<AuthBook>的可迭代对象(<list> or <QuerySet>)
+        """
+        pass
+
+    @classmethod
+    @abstractmethod
+    def create(cls, **kwargs):
+        """
+        :param kwargs:
+        {
+            name, username, asset, comment, password, public_key, private_key,
+            (org_id)
+        }
+        :return: <AuthBook>对象
+        """
+        pass
+
+    @classmethod
+    def raise_does_not_exist(cls, name):
+        raise cls.ObjectDoesNotExist(cls.MSG_NOT_EXIST.format(name))
+
+    @classmethod
+    def raise_multiple_return(cls, name, length):
+        raise cls.MultipleObjectsReturned(cls.MSG_MULTIPLE.format(name, length))
--- a/apps/assets/backends/external/init.py
+++ b/apps/assets/backends/external/init.py
@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+#
--- a/apps/assets/backends/external/db.py
+++ b/apps/assets/backends/external/db.py
@@ -0,0 +1,31 @@
+# -*- coding: utf-8 -*-
+#
+
+from assets.models import AuthBook
+
+from ..base import BaseBackend
+
+
+class AuthBookBackend(BaseBackend):
+
+    @classmethod
+    def filter(cls, username=None, asset=None, latest=True):
+        queryset = AuthBook.objects.all()
+        if username:
+            queryset = queryset.filter(username=username)
+        if asset:
+            queryset = queryset.filter(asset=asset)
+        if latest:
+            queryset = queryset.latest_version()
+        return queryset
+
+    @classmethod
+    def create(cls, **kwargs):
+        auth_info = {
+            'password': kwargs.pop('password', ''),
+            'public_key': kwargs.pop('public_key', ''),
+            'private_key': kwargs.pop('private_key', '')
+        }
+        obj = AuthBook.objects.create(**kwargs)
+        obj.set_auth(**auth_info)
+        return obj
--- a/apps/assets/backends/external/utils.py
+++ b/apps/assets/backends/external/utils.py
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+#
+
+# from django.conf import settings
+
+from .db import AuthBookBackend
+# from .vault import VaultBackend
+
+
+def get_backend():
+    default_backend = AuthBookBackend
+
+    # if settings.BACKEND_ASSET_USER_AUTH_VAULT:
+    #     return VaultBackend
+
+    return default_backend
--- a/apps/assets/backends/external/vault.py
+++ b/apps/assets/backends/external/vault.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+#
+
+from ..base import BaseBackend
+
+
+class VaultBackend(BaseBackend):
+
+    @classmethod
+    def get(cls, username, asset):
+        pass
+
+    @classmethod
+    def filter(cls, username=None, asset=None, latest=True):
+        pass
+
+    @classmethod
+    def create(cls, **kwargs):
+        pass
--- a/apps/assets/backends/internal/init.py
+++ b/apps/assets/backends/internal/init.py
@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+#
+
+
--- a/apps/assets/backends/internal/admin_user.py
+++ b/apps/assets/backends/internal/admin_user.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+#
+
+from assets.models import Asset
+
+from ..base import BaseBackend
+from .utils import construct_authbook_object
+
+
+class AdminUserBackend(BaseBackend):
+
+    @classmethod
+    def filter(cls, username=None, asset=None, **kwargs):
+        instances = cls.construct_authbook_objects(username, asset)
+        return instances
+
+    @classmethod
+    def _get_assets(cls, asset):
+        if not asset:
+            assets = Asset.objects.all().prefetch_related('admin_user')
+        else:
+            assets = [asset]
+        return assets
+
+    @classmethod
+    def construct_authbook_objects(cls, username, asset):
+        instances = []
+        assets = cls._get_assets(asset)
+        for asset in assets:
+            if username and asset.admin_user.username != username:
+                continue
+            instance = construct_authbook_object(asset.admin_user, asset)
+            instances.append(instance)
+        return instances
+
+    @classmethod
+    def create(cls, **kwargs):
+        raise cls.NotSupportError("Not support create")
--- a/apps/assets/backends/internal/asset_user.py
+++ b/apps/assets/backends/internal/asset_user.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+#
+
+from ..base import BaseBackend
+from .admin_user import AdminUserBackend
+from .system_user import SystemUserBackend
+
+
+class AssetUserBackend(BaseBackend):
+    @classmethod
+    def filter(cls, username=None, asset=None, **kwargs):
+        admin_user_instances = AdminUserBackend.filter(username, asset)
+        system_user_instances = SystemUserBackend.filter(username, asset)
+        instances = cls._merge_instances(admin_user_instances, system_user_instances)
+        return instances
+
+    @classmethod
+    def _merge_instances(cls, admin_user_instances, system_user_instances):
+        admin_user_instances_keyword_list = [
+            {'username': instance.username, 'asset': instance.asset}
+            for instance in admin_user_instances
+        ]
+        instances = [
+            instance for instance in system_user_instances
+            if instance.keyword not in admin_user_instances_keyword_list
+        ]
+        admin_user_instances.extend(instances)
+        return admin_user_instances
+
+    @classmethod
+    def create(cls, **kwargs):
+        raise cls.NotSupportError("Not support create")
--- a/apps/assets/backends/internal/system_user.py
+++ b/apps/assets/backends/internal/system_user.py
@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+#
+
+import itertools
+
+from assets.models import Asset
+
+from ..base import BaseBackend
+from .utils import construct_authbook_object
+
+
+class SystemUserBackend(BaseBackend):
+
+    @classmethod
+    def filter(cls, username=None, asset=None, **kwargs):
+        instances = cls.construct_authbook_objects(username, asset)
+        return instances
+
+    @classmethod
+    def _distinct_system_users_by_username(cls, system_users):
+        system_users = sorted(
+            system_users,
+            key=lambda su: (su.username, su.priority, su.date_updated),
+            reverse=True,
+        )
+        results = itertools.groupby(system_users, key=lambda su: su.username)
+        system_users = [next(result[1]) for result in results]
+        return system_users
+
+    @classmethod
+    def _filter_system_users_by_username(cls, system_users, username):
+        _system_users = cls._distinct_system_users_by_username(system_users)
+        if username:
+            _system_users = [su for su in _system_users if username == su.username]
+        return _system_users
+
+    @classmethod
+    def _construct_authbook_objects(cls, system_users, asset):
+        instances = []
+        for system_user in system_users:
+            instance = construct_authbook_object(system_user, asset)
+            instances.append(instance)
+        return instances
+
+    @classmethod
+    def _get_assets_with_system_users(cls, asset=None):
+        """
+        { 'asset': set(<SystemUser>, <SystemUser>, ...) }
+        """
+        if not asset:
+            _assets = Asset.objects.all().prefetch_related('systemuser_set')
+        else:
+            _assets = [asset]
+
+        assets = {asset: set(asset.systemuser_set.all()) for asset in _assets}
+        return assets
+
+    @classmethod
+    def construct_authbook_objects(cls, username, asset):
+        """
+        :return: [<AuthBook>, <AuthBook>, ...]
+        """
+        instances = []
+        assets = cls._get_assets_with_system_users(asset)
+        for _asset, _system_users in assets.items():
+            _system_users = cls._filter_system_users_by_username(_system_users, username)
+            _instances = cls._construct_authbook_objects(_system_users, _asset)
+            instances.extend(_instances)
+        return instances
+
+    @classmethod
+    def create(cls, **kwargs):
+        raise Exception("Not support create")
+
+
--- a/apps/assets/backends/internal/utils.py
+++ b/apps/assets/backends/internal/utils.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+#
+
+from assets.models import AuthBook
+
+
+def construct_authbook_object(asset_user, asset):
+    """
+    作用: 将<AssetUser>对象构造成为<AuthBook>对象并返回
+
+    :param asset_user: <AdminUser>或<SystemUser>对象
+    :param asset: <Asset>对象
+    :return: <AuthBook>对象
+    """
+    fields = [
+        'id', 'name', 'username', 'comment', 'org_id',
+        '_password', '_private_key', '_public_key',
+        'date_created', 'date_updated', 'created_by'
+    ]
+
+    obj = AuthBook(asset=asset, version=0, is_latest=True)
+    for field in fields:
+        value = getattr(asset_user, field)
+        setattr(obj, field, value)
+    return obj
+
--- a/apps/assets/backends/multi.py
+++ b/apps/assets/backends/multi.py
@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+#
+
+from .base import BaseBackend
+
+from .external.utils import get_backend
+from .internal.asset_user import AssetUserBackend
+
+
+class AssetUserManager(BaseBackend):
+    """
+    资产用户管理器
+    """
+    external_backend = get_backend()
+    internal_backend = AssetUserBackend
+
+    @classmethod
+    def filter(cls, username=None, asset=None, **kwargs):
+        external_instance = list(cls.external_backend.filter(username, asset))
+        internal_instance = list(cls.internal_backend.filter(username, asset))
+        instances = cls._merge_instances(external_instance, internal_instance)
+        return instances
+
+    @classmethod
+    def create(cls, **kwargs):
+        instance = cls.external_backend.create(**kwargs)
+        return instance
+
+    @classmethod
+    def _merge_instances(cls, external_instances, internal_instances):
+        external_instances_keyword_list = [
+            {'username': instance.username, 'asset': instance.asset}
+            for instance in external_instances
+        ]
+        instances = [
+            instance for instance in internal_instances
+            if instance.keyword not in external_instances_keyword_list
+        ]
+        external_instances.extend(instances)
+        return external_instances
--- a/apps/assets/const.py
+++ b/apps/assets/const.py
@@ -32,7 +32,22 @@ TEST_SYSTEM_USER_CONN_TASKS = [
   }
 ]

+
+ASSET_USER_CONN_CACHE_KEY = 'ASSET_USER_CONN_{}_{}'
+TEST_ASSET_USER_CONN_TASKS = [
+    {
+        "name": "ping",
+        "action": {
+            "module": "ping",
+        }
+    }
+]
+
+
 TASK_OPTIONS = {
    'timeout': 10,
    'forks': 10,
 }
+
+CACHE_KEY_ASSET_BULK_UPDATE_ID_PREFIX = '_KEY_ASSET_BULK_UPDATE_ID_{}'
+
--- a/apps/assets/forms/init.py
+++ b/apps/assets/forms/init.py
@@ -4,3 +4,4 @@ from .asset import *
 from .label import *
 from .user import *
 from .domain import *
+from .cmd_filter import *
--- a/apps/assets/forms/asset.py
+++ b/apps/assets/forms/asset.py
@@ -3,20 +3,23 @@
 from django import forms
 from django.utils.translation import gettext_lazy as _

-from ..models import Asset, AdminUser
 from common.utils import get_logger
+from orgs.mixins import OrgModelForm
+
+from ..models import Asset, AdminUser
+

 logger = get_logger(__file__)
 __all__ = ['AssetCreateForm', 'AssetUpdateForm', 'AssetBulkUpdateForm']


-class AssetCreateForm(forms.ModelForm):
+class AssetCreateForm(OrgModelForm):
    class Meta:
        model = Asset
        fields = [
            'hostname', 'ip', 'public_ip', 'port',  'comment',
            'nodes', 'is_active', 'admin_user', 'labels', 'platform',
-            'domain',
+            'domain', 'protocol',

        ]
        widgets = {
@@ -27,66 +30,65 @@ class AssetCreateForm(forms.ModelForm):
                'class': 'select2', 'data-placeholder': _('Admin user')
            }),
            'labels': forms.SelectMultiple(attrs={
-                'class': 'select2', 'data-placeholder': _('Labels')
+                'class': 'select2', 'data-placeholder': _('Label')
            }),
            'port': forms.TextInput(),
            'domain': forms.Select(attrs={
                'class': 'select2', 'data-placeholder': _('Domain')
            }),
        }
+        labels = {
+            'nodes': _("Node"),
+        }
        help_texts = {
-            'hostname': '* required',
-            'ip': '* required',
-            'port': '* required',
            'admin_user': _(
                'root or other NOPASSWD sudo privilege user existed in asset,'
                'If asset is windows or other set any one, more see admin user left menu'
            ),
-            'platform': _("* required Must set exact system platform, Windows, Linux ..."),
+            'platform': _("Windows 2016 RDP protocol is different, If is window 2016, set it"),
            'domain': _("If your have some network not connect with each other, you can set domain")
        }


-class AssetUpdateForm(forms.ModelForm):
+class AssetUpdateForm(OrgModelForm):
    class Meta:
        model = Asset
        fields = [
            'hostname', 'ip', 'port', 'nodes',  'is_active', 'platform',
            'public_ip', 'number', 'comment', 'admin_user', 'labels',
-            'domain',
+            'domain', 'protocol',
        ]
        widgets = {
            'nodes': forms.SelectMultiple(attrs={
-                'class': 'select2', 'data-placeholder': _('Nodes')
+                'class': 'select2', 'data-placeholder': _('Node')
            }),
            'admin_user': forms.Select(attrs={
                'class': 'select2', 'data-placeholder': _('Admin user')
            }),
            'labels': forms.SelectMultiple(attrs={
-                'class': 'select2', 'data-placeholder': _('Labels')
+                'class': 'select2', 'data-placeholder': _('Label')
            }),
            'port': forms.TextInput(),
            'domain': forms.Select(attrs={
                'class': 'select2', 'data-placeholder': _('Domain')
            }),
        }
+        labels = {
+            'nodes': _("Node"),
+        }
        help_texts = {
-            'hostname': '* required',
-            'ip': '* required',
-            'port': '* required',
-            'cluster': '* required',
            'admin_user': _(
                'root or other NOPASSWD sudo privilege user existed in asset,'
                'If asset is windows or other set any one, more see admin user left menu'
            ),
-            'platform': _("* required Must set exact system platform, Windows, Linux ..."),
+            'platform': _("Windows 2016 RDP protocol is different, If is window 2016, set it"),
            'domain': _("If your have some network not connect with each other, you can set domain")
        }


-class AssetBulkUpdateForm(forms.ModelForm):
+class AssetBulkUpdateForm(OrgModelForm):
    assets = forms.ModelMultipleChoiceField(
-        required=True, help_text='* required',
+        required=True,
        label=_('Select assets'), queryset=Asset.objects.all(),
        widget=forms.SelectMultiple(
            attrs={
@@ -95,34 +97,29 @@ class AssetBulkUpdateForm(forms.ModelForm):
            }
        )
    )
-    port = forms.IntegerField(
-        label=_('Port'), required=False, min_value=1, max_value=65535,
-    )
-    admin_user = forms.ModelChoiceField(
-        required=False, queryset=AdminUser.objects.all(),
-        label=_("Admin user"),
-        widget=forms.Select(
-            attrs={
-                'class': 'select2',
-                'data-placeholder': _('Admin user')
-            }
-        )
-    )

    class Meta:
        model = Asset
        fields = [
-            'assets', 'port',  'admin_user', 'labels', 'nodes', 'platform'
+            'assets', 'port',  'admin_user', 'labels', 'platform',
+            'protocol', 'domain',
        ]
        widgets = {
            'labels': forms.SelectMultiple(
-                attrs={'class': 'select2', 'data-placeholder': _('Select labels')}
+                attrs={'class': 'select2', 'data-placeholder': _('Label')}
            ),
            'nodes': forms.SelectMultiple(
-                attrs={'class': 'select2', 'data-placeholder': _('Select nodes')}
+                attrs={'class': 'select2', 'data-placeholder': _('Node')}
            ),
        }

+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        # 重写其他字段为不再required
+        for name, field in self.fields.items():
+            if name != 'assets':
+                field.required = False
+
    def save(self, commit=True):
        changed_fields = []
        for field in self._meta.fields:
@@ -133,14 +130,14 @@ class AssetBulkUpdateForm(forms.ModelForm):
                        if k in changed_fields}
        assets = cleaned_data.pop('assets')
        labels = cleaned_data.pop('labels', [])
-        nodes = cleaned_data.pop('nodes')
+        nodes = cleaned_data.pop('nodes', None)
        assets = Asset.objects.filter(id__in=[asset.id for asset in assets])
        assets.update(**cleaned_data)

        if labels:
-            for label in labels:
-                label.assets.add(*tuple(assets))
+            for asset in assets:
+                asset.labels.set(labels)
        if nodes:
-            for node in nodes:
-                node.assets.add(*tuple(assets))
+            for asset in assets:
+                asset.nodes.set(nodes)
        return assets
--- a/apps/assets/forms/cmd_filter.py
+++ b/apps/assets/forms/cmd_filter.py
@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+#
+from django import forms
+
+from orgs.mixins import OrgModelForm
+from ..models import CommandFilter, CommandFilterRule
+
+__all__ = ['CommandFilterForm', 'CommandFilterRuleForm']
+
+
+class CommandFilterForm(OrgModelForm):
+    class Meta:
+        model = CommandFilter
+        fields = ['name', 'comment']
+
+
+class CommandFilterRuleForm(OrgModelForm):
+    class Meta:
+        model = CommandFilterRule
+        fields = [
+            'filter', 'type', 'content', 'priority', 'action', 'comment'
+        ]
+        widgets = {
+            'content':  forms.Textarea(attrs={
+                'placeholder': 'eg:\r\nreboot\r\nrm -rf'
+            }),
+        }
--- a/apps/assets/forms/domain.py
+++ b/apps/assets/forms/domain.py
@@ -3,6 +3,7 @@
 from django import forms
 from django.utils.translation import gettext_lazy as _

+from orgs.mixins import OrgModelForm
 from ..models import Domain, Asset, Gateway
 from .user import PasswordAndKeyAuthForm

@@ -27,6 +28,15 @@ class DomainForm(forms.ModelForm):
            initial['assets'] = kwargs['instance'].assets.all()
        super().__init__(*args, **kwargs)

+        # 前端渲染优化, 防止过多资产
+        assets_field = self.fields.get('assets')
+        if not self.data:
+            instance = kwargs.get('instance')
+            if instance:
+                assets_field.queryset = instance.assets.all()
+            else:
+                assets_field.queryset = Asset.objects.none()
+
    def save(self, commit=True):
        instance = super().save(commit=commit)
        assets = self.cleaned_data['assets']
@@ -34,7 +44,13 @@ class DomainForm(forms.ModelForm):
        return instance


-class GatewayForm(PasswordAndKeyAuthForm):
+class GatewayForm(PasswordAndKeyAuthForm, OrgModelForm):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        password_field = self.fields.get('password')
+        password_field.help_text = _('Password should not contain special characters')
+        protocol_field = self.fields.get('protocol')
+        protocol_field.choices = [Gateway.PROTOCOL_CHOICES[0]]

    def save(self, commit=True):
        # Because we define custom field, so we need rewrite :method: `save`
@@ -50,11 +66,10 @@ class GatewayForm(PasswordAndKeyAuthForm):
            'name', 'ip', 'port', 'username', 'protocol', 'domain', 'password',
            'private_key_file',  'is_active', 'comment',
        ]
+        help_texts = {
+            'protocol': _("SSH gateway support proxy SSH,RDP,VNC")
+        }
        widgets = {
            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
        }
-        help_texts = {
-            'name': '* required',
-            'username': '* required',
-        }
--- a/apps/assets/forms/label.py
+++ b/apps/assets/forms/label.py
@@ -26,6 +26,15 @@ class LabelForm(forms.ModelForm):
            initial['assets'] = kwargs['instance'].assets.all()
        super().__init__(*args, **kwargs)

+        # 前端渲染优化, 防止过多资产
+        assets_field = self.fields.get('assets')
+        if not self.data:
+            instance = kwargs.get('instance')
+            if instance:
+                assets_field.queryset = instance.assets.all()
+            else:
+                assets_field.queryset = Asset.objects.none()
+
    def save(self, commit=True):
        label = super().save(commit=commit)
        assets = self.cleaned_data['assets']
--- a/apps/assets/forms/user.py
+++ b/apps/assets/forms/user.py
@@ -3,8 +3,9 @@
 from django import forms
 from django.utils.translation import gettext_lazy as _

-from ..models import AdminUser, SystemUser
 from common.utils import validate_ssh_private_key, ssh_pubkey_gen, get_logger
+from orgs.mixins import OrgModelForm
+from ..models import AdminUser, SystemUser

 logger = get_logger(__file__)
 __all__ = [
@@ -34,8 +35,12 @@ class PasswordAndKeyAuthForm(forms.ModelForm):
        if private_key_file:
            key_string = private_key_file.read()
            private_key_file.seek(0)
+            key_string = key_string.decode()
+
            if not validate_ssh_private_key(key_string, password):
-                raise forms.ValidationError(_('Invalid private key'))
+                msg = _('Invalid private key, Only support '
+                        'RSA/DSA format key')
+                raise forms.ValidationError(msg)
        return private_key_file

    def validate_password_key(self):
@@ -79,13 +84,9 @@ class AdminUserForm(PasswordAndKeyAuthForm):
            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
        }
-        help_texts = {
-            'name': '* required',
-            'username': '* required',
-        }


-class SystemUserForm(PasswordAndKeyAuthForm):
+class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
    # Admin user assets define, let user select, save it in form not in view
    auto_generate_key = forms.BooleanField(initial=True, required=False)

@@ -93,14 +94,26 @@ class SystemUserForm(PasswordAndKeyAuthForm):
        # Because we define custom field, so we need rewrite :method: `save`
        system_user = super().save()
        password = self.cleaned_data.get('password', '') or None
+        login_mode = self.cleaned_data.get('login_mode', '') or None
+        protocol = self.cleaned_data.get('protocol') or None
        auto_generate_key = self.cleaned_data.get('auto_generate_key', False)
        private_key, public_key = super().gen_keys()

+        if login_mode == SystemUser.LOGIN_MANUAL or \
+                protocol in [SystemUser.PROTOCOL_RDP,
+                             SystemUser.PROTOCOL_TELNET,
+                             SystemUser.PROTOCOL_VNC]:
+            system_user.auto_push = 0
+            auto_generate_key = False
+            system_user.save()
+
        if auto_generate_key:
            logger.info('Auto generate key and set system user auth')
            system_user.auto_gen_auth()
        else:
-            system_user.set_auth(password=password, private_key=private_key, public_key=public_key)
+            system_user.set_auth(password=password, private_key=private_key,
+                                 public_key=public_key)
+
        return system_user

    def clean(self):
@@ -109,20 +122,38 @@ class SystemUserForm(PasswordAndKeyAuthForm):
        if not self.instance and not auto_generate:
            super().validate_password_key()

+    def clean_username(self):
+        username = self.data.get('username')
+        login_mode = self.data.get('login_mode')
+        protocol = self.data.get('protocol')
+
+        if username:
+            return username
+        if login_mode == SystemUser.LOGIN_AUTO and \
+                protocol != SystemUser.PROTOCOL_VNC:
+            msg = _('* Automatic login mode must fill in the username.')
+            raise forms.ValidationError(msg)
+        return username
+
    class Meta:
        model = SystemUser
        fields = [
            'name', 'username', 'protocol', 'auto_generate_key',
            'password', 'private_key_file', 'auto_push', 'sudo',
-            'comment', 'shell', 'priority',
+            'comment', 'shell', 'priority', 'login_mode', 'cmd_filters',
        ]
        widgets = {
            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
+            'cmd_filters': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Command filter')
+            }),
        }
        help_texts = {
-            'name': '* required',
-            'username': '* required',
            'auto_push': _('Auto push system user to asset'),
-            'priority': _('High level will be using login asset as default, if user was granted more than 2 system user'),
-        }
+            'priority': _('1-100, High level will be using login asset as default, '
+                          'if user was granted more than 2 system user'),
+            'login_mode': _('If you choose manual login mode, you do not '
+                            'need to fill in the username and password.'),
+            'sudo': _("Use comma split multi command, ex: /bin/whoami,/bin/ifconfig")
+        }
--- a/apps/assets/hands.py
+++ b/apps/assets/hands.py
@@ -11,7 +11,6 @@
 """


-from common.mixins import AdminUserRequiredMixin
-from common.permissions import IsAppUser, IsSuperUser, IsValidUser, IsSuperUserOrAppUser
+from common.permissions import AdminUserRequiredMixin
+from common.permissions import IsAppUser, IsOrgAdmin, IsValidUser, IsOrgAdminOrAppUser
 from users.models import User, UserGroup
-from perms.utils import NodePermissionUtil
--- a/apps/assets/migrations/0002_auto_20180105_1807.py
+++ b/apps/assets/migrations/0002_auto_20180105_1807.py
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-01-05 10:07
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='adminuser',
+            options={'ordering': ['name'], 'verbose_name': 'Admin user'},
+        ),
+        migrations.AlterModelOptions(
+            name='asset',
+            options={'verbose_name': 'Asset'},
+        ),
+        migrations.AlterModelOptions(
+            name='assetgroup',
+            options={'ordering': ['name'], 'verbose_name': 'Asset group'},
+        ),
+        migrations.AlterModelOptions(
+            name='cluster',
+            options={'ordering': ['name'], 'verbose_name': 'Cluster'},
+        ),
+        migrations.AlterModelOptions(
+            name='systemuser',
+            options={'ordering': ['name'], 'verbose_name': 'System user'},
+        ),
+    ]
--- a/apps/assets/migrations/0002_auto_20180105_1807_squashed_0009_auto_20180307_1212.py
+++ b/apps/assets/migrations/0002_auto_20180105_1807_squashed_0009_auto_20180307_1212.py
@@ -0,0 +1,158 @@
+# Generated by Django 2.1.7 on 2019-02-28 10:16
+
+import assets.models.asset
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    replaces = [('assets', '0002_auto_20180105_1807'), ('assets', '0003_auto_20180109_2331'), ('assets', '0004_auto_20180125_1218'), ('assets', '0005_auto_20180126_1637'), ('assets', '0006_auto_20180130_1502'), ('assets', '0007_auto_20180225_1815'), ('assets', '0008_auto_20180306_1804'), ('assets', '0009_auto_20180307_1212')]
+
+    dependencies = [
+        ('assets', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='adminuser',
+            options={'ordering': ['name'], 'verbose_name': 'Admin user'},
+        ),
+        migrations.AlterModelOptions(
+            name='asset',
+            options={'verbose_name': 'Asset'},
+        ),
+        migrations.AlterModelOptions(
+            name='assetgroup',
+            options={'ordering': ['name'], 'verbose_name': 'Asset group'},
+        ),
+        migrations.AlterModelOptions(
+            name='cluster',
+            options={'ordering': ['name'], 'verbose_name': 'Cluster'},
+        ),
+        migrations.AlterModelOptions(
+            name='systemuser',
+            options={'ordering': ['name'], 'verbose_name': 'System user'},
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='cluster',
+        ),
+        migrations.AlterField(
+            model_name='assetgroup',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by'),
+        ),
+        migrations.CreateModel(
+            name='Label',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('value', models.CharField(max_length=128, verbose_name='Value')),
+                ('category', models.CharField(choices=[('S', 'System'), ('U', 'User')], default='U', max_length=128, verbose_name='Category')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Is active')),
+                ('comment', models.TextField(blank=True, null=True, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+            ],
+            options={
+                'db_table': 'assets_label',
+            },
+        ),
+        migrations.AlterUniqueTogether(
+            name='label',
+            unique_together={('name', 'value')},
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='labels',
+            field=models.ManyToManyField(blank=True, related_name='assets', to='assets.Label', verbose_name='Labels'),
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='cabinet_no',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='cabinet_pos',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='env',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='remote_card_ip',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='status',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='type',
+        ),
+        migrations.CreateModel(
+            name='Node',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('key', models.CharField(max_length=64, unique=True, verbose_name='Key')),
+                ('value', models.CharField(max_length=128, verbose_name='Value')),
+                ('child_mark', models.IntegerField(default=0)),
+                ('date_create', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='groups',
+        ),
+        migrations.RemoveField(
+            model_name='systemuser',
+            name='cluster',
+        ),
+        migrations.AlterField(
+            model_name='asset',
+            name='admin_user',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.PROTECT, to='assets.AdminUser', verbose_name='Admin user'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp')], default='ssh', max_length=16, verbose_name='Protocol'),
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='nodes',
+            field=models.ManyToManyField(default=assets.models.asset.default_node, related_name='assets', to='assets.Node', verbose_name='Nodes'),
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='nodes',
+            field=models.ManyToManyField(blank=True, to='assets.Node', verbose_name='Nodes'),
+        ),
+        migrations.AlterField(
+            model_name='adminuser',
+            name='created_by',
+            field=models.CharField(max_length=128, null=True, verbose_name='Created by'),
+        ),
+        migrations.AlterField(
+            model_name='adminuser',
+            name='username',
+            field=models.CharField(max_length=128, verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='asset',
+            name='platform',
+            field=models.CharField(choices=[('Linux', 'Linux'), ('Unix', 'Unix'), ('MacOS', 'MacOS'), ('BSD', 'BSD'), ('Windows', 'Windows'), ('Other', 'Other')], default='Linux', max_length=128, verbose_name='Platform'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='created_by',
+            field=models.CharField(max_length=128, null=True, verbose_name='Created by'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='username',
+            field=models.CharField(max_length=128, verbose_name='Username'),
+        ),
+    ]
--- a/apps/assets/migrations/0003_auto_20180109_2331.py
+++ b/apps/assets/migrations/0003_auto_20180109_2331.py
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-01-09 15:31
+from __future__ import unicode_literals
+
+import assets.models.asset
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0002_auto_20180105_1807'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='asset',
+            name='cluster',
+            field=models.ForeignKey(default=assets.models.asset.default_cluster, on_delete=django.db.models.deletion.SET_DEFAULT, related_name='assets', to='assets.Cluster', verbose_name='Cluster'),
+        ),
+    ]
--- a/apps/assets/migrations/0004_auto_20180125_1218.py
+++ b/apps/assets/migrations/0004_auto_20180125_1218.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-01-25 04:18
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0003_auto_20180109_2331'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='assetgroup',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by'),
+        ),
+    ]
--- a/apps/assets/migrations/0005_auto_20180126_1637.py
+++ b/apps/assets/migrations/0005_auto_20180126_1637.py
@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-01-26 08:37
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0004_auto_20180125_1218'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Label',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('value', models.CharField(max_length=128, verbose_name='Value')),
+                ('category', models.CharField(choices=[('S', 'System'), ('U', 'User')], default='U', max_length=128, verbose_name='Category')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Is active')),
+                ('comment', models.TextField(blank=True, null=True, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+            ],
+            options={
+                'db_table': 'assets_label',
+            },
+        ),
+        migrations.AlterUniqueTogether(
+            name='label',
+            unique_together=set([('name', 'value')]),
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='labels',
+            field=models.ManyToManyField(blank=True, related_name='assets', to='assets.Label', verbose_name='Labels'),
+        ),
+    ]
--- a/apps/assets/migrations/0006_auto_20180130_1502.py
+++ b/apps/assets/migrations/0006_auto_20180130_1502.py
@@ -0,0 +1,39 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-01-30 07:02
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0005_auto_20180126_1637'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='asset',
+            name='cabinet_no',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='cabinet_pos',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='env',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='remote_card_ip',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='status',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='type',
+        ),
+    ]
--- a/apps/assets/migrations/0007_auto_20180225_1815.py
+++ b/apps/assets/migrations/0007_auto_20180225_1815.py
@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-02-25 10:15
+from __future__ import unicode_literals
+
+import assets.models.asset
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0006_auto_20180130_1502'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Node',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('key', models.CharField(max_length=64, unique=True, verbose_name='Key')),
+                ('value', models.CharField(max_length=128, unique=True, verbose_name='Value')),
+                ('child_mark', models.IntegerField(default=0)),
+                ('date_create', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='cluster',
+        ),
+        migrations.RemoveField(
+            model_name='asset',
+            name='groups',
+        ),
+        migrations.RemoveField(
+            model_name='systemuser',
+            name='cluster',
+        ),
+        migrations.AlterField(
+            model_name='asset',
+            name='admin_user',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.PROTECT, to='assets.AdminUser', verbose_name='Admin user'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp')], default='ssh', max_length=16, verbose_name='Protocol'),
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='nodes',
+            field=models.ManyToManyField(default=assets.models.asset.default_node, related_name='assets', to='assets.Node', verbose_name='Nodes'),
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='nodes',
+            field=models.ManyToManyField(blank=True, to='assets.Node', verbose_name='Nodes'),
+        ),
+    ]
--- a/apps/assets/migrations/0008_auto_20180306_1804.py
+++ b/apps/assets/migrations/0008_auto_20180306_1804.py
@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-03-06 10:04
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0007_auto_20180225_1815'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='adminuser',
+            name='created_by',
+            field=models.CharField(max_length=128, null=True, verbose_name='Created by'),
+        ),
+        migrations.AlterField(
+            model_name='adminuser',
+            name='username',
+            field=models.CharField(max_length=128, verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='asset',
+            name='platform',
+            field=models.CharField(choices=[('Linux', 'Linux'), ('Unix', 'Unix'), ('MacOS', 'MacOS'), ('BSD', 'BSD'), ('Windows', 'Windows'), ('Other', 'Other')], default='Linux', max_length=128, verbose_name='Platform'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='created_by',
+            field=models.CharField(max_length=128, null=True, verbose_name='Created by'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='username',
+            field=models.CharField(max_length=128, verbose_name='Username'),
+        ),
+    ]
--- a/apps/assets/migrations/0009_auto_20180307_1212.py
+++ b/apps/assets/migrations/0009_auto_20180307_1212.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-03-07 04:12
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0008_auto_20180306_1804'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='node',
+            name='value',
+            field=models.CharField(max_length=128, verbose_name='Value'),
+        ),
+    ]
--- a/apps/assets/migrations/0010_auto_20180307_1749.py
+++ b/apps/assets/migrations/0010_auto_20180307_1749.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-03-07 09:49
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0009_auto_20180307_1212'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='node',
+            name='value',
+            field=models.CharField(max_length=128, unique=True, verbose_name='Value'),
+        ),
+    ]
--- a/apps/assets/migrations/0010_auto_20180307_1749_squashed_0019_auto_20180816_1320.py
+++ b/apps/assets/migrations/0010_auto_20180307_1749_squashed_0019_auto_20180816_1320.py
@@ -0,0 +1,220 @@
+# Generated by Django 2.1.7 on 2019-02-28 10:16
+
+import assets.models.utils
+import django.core.validators
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+# Functions from the following migrations need manual copying.
+# Move them and any dependencies into this file, then update the
+# RunPython operations to refer to the local versions:
+# assets.migrations.0017_auto_20180702_1415
+
+def migrate_win_to_ssh_protocol(apps, schema_editor):
+    asset_model = apps.get_model("assets", "Asset")
+    db_alias = schema_editor.connection.alias
+    asset_model.objects.using(db_alias).filter(platform__startswith='Win').update(protocol='rdp')
+
+
+class Migration(migrations.Migration):
+
+    replaces = [('assets', '0010_auto_20180307_1749'), ('assets', '0011_auto_20180326_0957'), ('assets', '0012_auto_20180404_1302'), ('assets', '0013_auto_20180411_1135'), ('assets', '0014_auto_20180427_1245'), ('assets', '0015_auto_20180510_1235'), ('assets', '0016_auto_20180511_1203'), ('assets', '0017_auto_20180702_1415'), ('assets', '0018_auto_20180807_1116'), ('assets', '0019_auto_20180816_1320')]
+
+    dependencies = [
+        ('assets', '0009_auto_20180307_1212'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='node',
+            name='value',
+            field=models.CharField(max_length=128, unique=True, verbose_name='Value'),
+        ),
+        migrations.CreateModel(
+            name='Domain',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Gateway',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('username', models.CharField(blank=True, max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username')),
+                ('_password', models.CharField(blank=True, max_length=256, null=True, verbose_name='Password')),
+                ('_private_key', models.TextField(blank=True, max_length=4096, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key')),
+                ('_public_key', models.TextField(blank=True, max_length=4096, verbose_name='SSH public key')),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_updated', models.DateTimeField(auto_now=True)),
+                ('created_by', models.CharField(max_length=128, null=True, verbose_name='Created by')),
+                ('ip', models.GenericIPAddressField(db_index=True, verbose_name='IP')),
+                ('port', models.IntegerField(default=22, verbose_name='Port')),
+                ('protocol', models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp')], default='ssh', max_length=16, verbose_name='Protocol')),
+                ('comment', models.CharField(blank=True, max_length=128, null=True, verbose_name='Comment')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Is active')),
+                ('domain', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='assets.Domain', verbose_name='Domain')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='domain',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='assets', to='assets.Domain', verbose_name='Domain'),
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='assets',
+            field=models.ManyToManyField(blank=True, to='assets.Asset', verbose_name='Assets'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='sudo',
+            field=models.TextField(default='/bin/whoami', verbose_name='Sudo'),
+        ),
+        migrations.AlterField(
+            model_name='adminuser',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_-]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_-]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='adminuser',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='node',
+            name='value',
+            field=models.CharField(max_length=128, verbose_name='Value'),
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet (beta)')], default='ssh', max_length=128, verbose_name='Protocol'),
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='login_mode',
+            field=models.CharField(choices=[('auto', 'Automatic login'), ('manual', 'Manually login')], default='auto', max_length=10, verbose_name='Login mode'),
+        ),
+        migrations.AlterField(
+            model_name='adminuser',
+            name='username',
+            field=models.CharField(blank=True, max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='asset',
+            name='platform',
+            field=models.CharField(choices=[('Linux', 'Linux'), ('Unix', 'Unix'), ('MacOS', 'MacOS'), ('BSD', 'BSD'), ('Windows', 'Windows'), ('Windows2016', 'Windows(2016)'), ('Other', 'Other')], default='Linux', max_length=128, verbose_name='Platform'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet (beta)')], default='ssh', max_length=16, verbose_name='Protocol'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='username',
+            field=models.CharField(blank=True, max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.RunPython(
+            code=migrate_win_to_ssh_protocol,
+        ),
+        migrations.AddField(
+            model_name='adminuser',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='domain',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='gateway',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='label',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='node',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AlterField(
+            model_name='adminuser',
+            name='name',
+            field=models.CharField(max_length=128, verbose_name='Name'),
+        ),
+        migrations.AlterField(
+            model_name='asset',
+            name='hostname',
+            field=models.CharField(max_length=128, verbose_name='Hostname'),
+        ),
+        migrations.AlterField(
+            model_name='gateway',
+            name='name',
+            field=models.CharField(max_length=128, verbose_name='Name'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='name',
+            field=models.CharField(max_length=128, verbose_name='Name'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='adminuser',
+            unique_together={('name', 'org_id')},
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='cpu_vcpus',
+            field=models.IntegerField(null=True, verbose_name='CPU vcpus'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='asset',
+            unique_together={('org_id', 'hostname')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='gateway',
+            unique_together={('name', 'org_id')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='systemuser',
+            unique_together={('name', 'org_id')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='label',
+            unique_together={('name', 'value', 'org_id')},
+        ),
+    ]
--- a/apps/assets/migrations/0011_auto_20180326_0957.py
+++ b/apps/assets/migrations/0011_auto_20180326_0957.py
@@ -0,0 +1,55 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-03-26 01:57
+from __future__ import unicode_literals
+
+import assets.models.utils
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0010_auto_20180307_1749'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Domain',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Gateway',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('username', models.CharField(max_length=128, verbose_name='Username')),
+                ('_password', models.CharField(blank=True, max_length=256, null=True, verbose_name='Password')),
+                ('_private_key', models.TextField(blank=True, max_length=4096, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key')),
+                ('_public_key', models.TextField(blank=True, max_length=4096, verbose_name='SSH public key')),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_updated', models.DateTimeField(auto_now=True)),
+                ('created_by', models.CharField(max_length=128, null=True, verbose_name='Created by')),
+                ('ip', models.GenericIPAddressField(db_index=True, verbose_name='IP')),
+                ('port', models.IntegerField(default=22, verbose_name='Port')),
+                ('protocol', models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp')], default='ssh', max_length=16, verbose_name='Protocol')),
+                ('comment', models.CharField(blank=True, max_length=128, null=True, verbose_name='Comment')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Is active')),
+                ('domain', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='assets.Domain', verbose_name='Domain')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='domain',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='assets', to='assets.Domain', verbose_name='Domain'),
+        ),
+    ]
--- a/apps/assets/migrations/0012_auto_20180404_1302.py
+++ b/apps/assets/migrations/0012_auto_20180404_1302.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-04-04 05:02
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0011_auto_20180326_0957'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='asset',
+            name='domain',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='assets', to='assets.Domain', verbose_name='Domain'),
+        ),
+    ]
--- a/apps/assets/migrations/0013_auto_20180411_1135.py
+++ b/apps/assets/migrations/0013_auto_20180411_1135.py
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-04-11 03:35
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0012_auto_20180404_1302'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='systemuser',
+            name='assets',
+            field=models.ManyToManyField(blank=True, to='assets.Asset', verbose_name='Assets'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='sudo',
+            field=models.TextField(default='/bin/whoami', verbose_name='Sudo'),
+        ),
+    ]
--- a/apps/assets/migrations/0014_auto_20180427_1245.py
+++ b/apps/assets/migrations/0014_auto_20180427_1245.py
@@ -0,0 +1,31 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-04-27 04:45
+from __future__ import unicode_literals
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0013_auto_20180411_1135'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='adminuser',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_-]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='gateway',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_-]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_-]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+    ]
--- a/apps/assets/migrations/0015_auto_20180510_1235.py
+++ b/apps/assets/migrations/0015_auto_20180510_1235.py
@@ -0,0 +1,31 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-05-10 04:35
+from __future__ import unicode_literals
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0014_auto_20180427_1245'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='adminuser',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='gateway',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='username',
+            field=models.CharField(max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+    ]
--- a/apps/assets/migrations/0016_auto_20180511_1203.py
+++ b/apps/assets/migrations/0016_auto_20180511_1203.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-05-11 04:03
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0015_auto_20180510_1235'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='node',
+            name='value',
+            field=models.CharField(max_length=128, verbose_name='Value'),
+        ),
+    ]
--- a/apps/assets/migrations/0017_auto_20180702_1415.py
+++ b/apps/assets/migrations/0017_auto_20180702_1415.py
@@ -0,0 +1,58 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2018-07-02 06:15
+from __future__ import unicode_literals
+
+import django.core.validators
+from django.db import migrations, models
+
+
+def migrate_win_to_ssh_protocol(apps, schema_editor):
+    asset_model = apps.get_model("assets", "Asset")
+    db_alias = schema_editor.connection.alias
+    asset_model.objects.using(db_alias).filter(platform__startswith='Win').update(protocol='rdp')
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0016_auto_20180511_1203'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='asset',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet (beta)')], default='ssh', max_length=128, verbose_name='Protocol'),
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='login_mode',
+            field=models.CharField(choices=[('auto', 'Automatic login'), ('manual', 'Manually login')], default='auto', max_length=10, verbose_name='Login mode'),
+        ),
+        migrations.AlterField(
+            model_name='adminuser',
+            name='username',
+            field=models.CharField(blank=True, max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='asset',
+            name='platform',
+            field=models.CharField(choices=[('Linux', 'Linux'), ('Unix', 'Unix'), ('MacOS', 'MacOS'), ('BSD', 'BSD'), ('Windows', 'Windows'), ('Windows2016', 'Windows(2016)'), ('Other', 'Other')], default='Linux', max_length=128, verbose_name='Platform'),
+        ),
+        migrations.AlterField(
+            model_name='gateway',
+            name='username',
+            field=models.CharField(blank=True, max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet (beta)')], default='ssh', max_length=16, verbose_name='Protocol'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='username',
+            field=models.CharField(blank=True, max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.RunPython(migrate_win_to_ssh_protocol),
+    ]
--- a/apps/assets/migrations/0018_auto_20180807_1116.py
+++ b/apps/assets/migrations/0018_auto_20180807_1116.py
@@ -0,0 +1,84 @@
+# Generated by Django 2.0.7 on 2018-08-07 03:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0017_auto_20180702_1415'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='adminuser',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='domain',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='gateway',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='label',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='node',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='org_id',
+            field=models.CharField(blank=True, default=None, max_length=36, null=True),
+        ),
+        migrations.AlterField(
+            model_name='adminuser',
+            name='name',
+            field=models.CharField(max_length=128, verbose_name='Name'),
+        ),
+        migrations.AlterField(
+            model_name='asset',
+            name='hostname',
+            field=models.CharField(max_length=128, verbose_name='Hostname'),
+        ),
+        migrations.AlterField(
+            model_name='gateway',
+            name='name',
+            field=models.CharField(max_length=128, verbose_name='Name'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='name',
+            field=models.CharField(max_length=128, verbose_name='Name'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='adminuser',
+            unique_together={('name', 'org_id')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='asset',
+            unique_together={('org_id', 'hostname')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='gateway',
+            unique_together={('name', 'org_id')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='systemuser',
+            unique_together={('name', 'org_id')},
+        ),
+    ]
--- a/apps/assets/migrations/0019_auto_20180816_1320.py
+++ b/apps/assets/migrations/0019_auto_20180816_1320.py
@@ -0,0 +1,22 @@
+# Generated by Django 2.0.7 on 2018-08-16 05:20
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0018_auto_20180807_1116'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='asset',
+            name='cpu_vcpus',
+            field=models.IntegerField(null=True, verbose_name='CPU vcpus'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='label',
+            unique_together={('name', 'value', 'org_id')},
+        ),
+    ]
--- a/apps/assets/migrations/0020_auto_20180816_1652.py
+++ b/apps/assets/migrations/0020_auto_20180816_1652.py
@@ -0,0 +1,48 @@
+# Generated by Django 2.0.7 on 2018-08-16 08:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0019_auto_20180816_1320'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='adminuser',
+            name='org_id',
+            field=models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization'),
+        ),
+        migrations.AlterField(
+            model_name='asset',
+            name='org_id',
+            field=models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization'),
+        ),
+        migrations.AlterField(
+            model_name='domain',
+            name='org_id',
+            field=models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization'),
+        ),
+        migrations.AlterField(
+            model_name='gateway',
+            name='org_id',
+            field=models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization'),
+        ),
+        migrations.AlterField(
+            model_name='label',
+            name='org_id',
+            field=models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization'),
+        ),
+        migrations.AlterField(
+            model_name='node',
+            name='org_id',
+            field=models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='org_id',
+            field=models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization'),
+        ),
+    ]
--- a/apps/assets/migrations/0021_auto_20180903_1132.py
+++ b/apps/assets/migrations/0021_auto_20180903_1132.py
@@ -0,0 +1,25 @@
+# Generated by Django 2.1 on 2018-09-03 03:32
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0020_auto_20180816_1652'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='domain',
+            options={'verbose_name': 'Domain'},
+        ),
+        migrations.AlterModelOptions(
+            name='gateway',
+            options={'verbose_name': 'Gateway'},
+        ),
+        migrations.AlterModelOptions(
+            name='node',
+            options={'verbose_name': 'Node'},
+        ),
+    ]
--- a/apps/assets/migrations/0022_auto_20181012_1717.py
+++ b/apps/assets/migrations/0022_auto_20181012_1717.py
@@ -0,0 +1,56 @@
+# Generated by Django 2.1.1 on 2018-10-12 09:17
+
+import django.core.validators
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0021_auto_20180903_1132'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CommandFilter',
+            fields=[
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=64, verbose_name='Name')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Is active')),
+                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_updated', models.DateTimeField(auto_now=True)),
+                ('created_by', models.CharField(blank=True, default='', max_length=128, verbose_name='Created by')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.CreateModel(
+            name='CommandFilterRule',
+            fields=[
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('type', models.CharField(choices=[('regex', 'Regex'), ('command', 'Command')], default='command', max_length=16, verbose_name='Type')),
+                ('priority', models.IntegerField(default=50, help_text='1-100, the lower will be match first', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(100)], verbose_name='Priority')),
+                ('content', models.TextField(help_text='One line one command', max_length=1024, verbose_name='Content')),
+                ('action', models.IntegerField(choices=[(0, 'Deny'), (1, 'Allow')], default=0, verbose_name='Action')),
+                ('comment', models.CharField(blank=True, default='', max_length=64, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_updated', models.DateTimeField(auto_now=True)),
+                ('created_by', models.CharField(blank=True, default='', max_length=128, verbose_name='Created by')),
+                ('filter', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='rules', to='assets.CommandFilter', verbose_name='Filter')),
+            ],
+            options={
+                'ordering': ('priority', 'action'),
+            },
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='cmd_filters',
+            field=models.ManyToManyField(blank=True, related_name='system_users', to='assets.CommandFilter', verbose_name='Command filter'),
+        ),
+    ]
--- a/apps/assets/migrations/0023_auto_20181016_1650.py
+++ b/apps/assets/migrations/0023_auto_20181016_1650.py
@@ -0,0 +1,28 @@
+# Generated by Django 2.1.1 on 2018-10-16 08:50
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0022_auto_20181012_1717'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='commandfilterrule',
+            options={'ordering': ('-priority', 'action')},
+        ),
+        migrations.AlterField(
+            model_name='commandfilterrule',
+            name='priority',
+            field=models.IntegerField(default=50, help_text='1-100, the higher will be match first', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(100)], verbose_name='Priority'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='priority',
+            field=models.IntegerField(default=20, validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(100)], verbose_name='Priority'),
+        ),
+    ]
--- a/apps/assets/migrations/0024_auto_20181219_1614.py
+++ b/apps/assets/migrations/0024_auto_20181219_1614.py
@@ -0,0 +1,23 @@
+# Generated by Django 2.1.4 on 2018-12-19 08:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0023_auto_20181016_1650'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='asset',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet (beta)'), ('vnc', 'vnc')], default='ssh', max_length=128, verbose_name='Protocol'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet (beta)'), ('vnc', 'vnc')], default='ssh', max_length=16, verbose_name='Protocol'),
+        ),
+    ]
--- a/apps/assets/migrations/0025_auto_20190221_1902.py
+++ b/apps/assets/migrations/0025_auto_20190221_1902.py
@@ -0,0 +1,21 @@
+# Generated by Django 2.1.7 on 2019-02-21 11:02
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0024_auto_20181219_1614'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='commandfilter',
+            options={'verbose_name': 'Command filter'},
+        ),
+        migrations.AlterModelOptions(
+            name='commandfilterrule',
+            options={'ordering': ('-priority', 'action'), 'verbose_name': 'Command filter rule'},
+        ),
+    ]
--- a/apps/assets/migrations/0026_auto_20190325_2035.py
+++ b/apps/assets/migrations/0026_auto_20190325_2035.py
@@ -0,0 +1,43 @@
+# Generated by Django 2.1.7 on 2019-03-25 12:35
+
+import assets.models.utils
+import django.core.validators
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0025_auto_20190221_1902'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AuthBook',
+            fields=[
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('username', models.CharField(blank=True, max_length=32, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username')),
+                ('_password', models.CharField(blank=True, max_length=256, null=True, verbose_name='Password')),
+                ('_private_key', models.TextField(blank=True, max_length=4096, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key')),
+                ('_public_key', models.TextField(blank=True, max_length=4096, verbose_name='SSH public key')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_updated', models.DateTimeField(auto_now=True)),
+                ('created_by', models.CharField(max_length=128, null=True, verbose_name='Created by')),
+                ('is_latest', models.BooleanField(default=False, verbose_name='Latest version')),
+                ('version', models.IntegerField(default=1, verbose_name='Version')),
+                ('asset', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='assets.Asset', verbose_name='Asset')),
+            ],
+            options={
+                'verbose_name': 'AuthBook',
+            },
+        ),
+        migrations.AlterModelOptions(
+            name='node',
+            options={'ordering': ['key'], 'verbose_name': 'Node'},
+        ),
+    ]
--- a/apps/assets/models/init.py
+++ b/apps/assets/models/init.py
@@ -1,11 +1,10 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#
-from .user import AdminUser, SystemUser
+from .user import *
 from .label import Label
 from .cluster import *
 from .group import *
 from .domain import *
 from .node import *
 from .asset import *
+from .cmd_filter import *
 from .utils import *
+from .authbook import *
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@@ -5,13 +5,16 @@
 import uuid
 import logging
 import random
+from functools import reduce
+from collections import defaultdict

 from django.db import models
+from django.db.models import Q
 from django.utils.translation import ugettext_lazy as _
 from django.core.cache import cache

-from ..const import ASSET_ADMIN_CONN_CACHE_KEY
 from .user import AdminUser, SystemUser
+from orgs.mixins import OrgModelMixin, OrgManager

 __all__ = ['Asset']
 logger = logging.getLogger(__name__)
@@ -30,12 +33,21 @@ def default_cluster():
 def default_node():
    try:
        from .node import Node
-        return Node.root()
+        root = Node.root()
+        return root
    except:
        return None


-class Asset(models.Model):
+class AssetQuerySet(models.QuerySet):
+    def active(self):
+        return self.filter(is_active=True)
+
+    def valid(self):
+        return self.active()
+
+
+class Asset(OrgModelMixin):
    # Important
    PLATFORM_CHOICES = (
        ('Linux', 'Linux'),
@@ -43,12 +55,27 @@ class Asset(models.Model):
        ('MacOS', 'MacOS'),
        ('BSD', 'BSD'),
        ('Windows', 'Windows'),
+        ('Windows2016', 'Windows(2016)'),
        ('Other', 'Other'),
    )
+
+    PROTOCOL_SSH = 'ssh'
+    PROTOCOL_RDP = 'rdp'
+    PROTOCOL_TELNET = 'telnet'
+    PROTOCOL_VNC = 'vnc'
+    PROTOCOL_CHOICES = (
+        (PROTOCOL_SSH, 'ssh'),
+        (PROTOCOL_RDP, 'rdp'),
+        (PROTOCOL_TELNET, 'telnet (beta)'),
+        (PROTOCOL_VNC, 'vnc'),
+    )
+
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True)
-    hostname = models.CharField(max_length=128, unique=True, verbose_name=_('Hostname'))
+    hostname = models.CharField(max_length=128, verbose_name=_('Hostname'))
+    protocol = models.CharField(max_length=128, default=PROTOCOL_SSH, choices=PROTOCOL_CHOICES, verbose_name=_('Protocol'))
    port = models.IntegerField(default=22, verbose_name=_('Port'))
+    platform = models.CharField(max_length=128, choices=PLATFORM_CHOICES, default='Linux', verbose_name=_('Platform'))
    domain = models.ForeignKey("assets.Domain", null=True, blank=True, related_name='assets', verbose_name=_("Domain"), on_delete=models.SET_NULL)
    nodes = models.ManyToManyField('assets.Node', default=default_node, related_name='assets', verbose_name=_("Nodes"))
    is_active = models.BooleanField(default=True, verbose_name=_('Is active'))
@@ -68,11 +95,11 @@ class Asset(models.Model):
    cpu_model = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('CPU model'))
    cpu_count = models.IntegerField(null=True, verbose_name=_('CPU count'))
    cpu_cores = models.IntegerField(null=True, verbose_name=_('CPU cores'))
+    cpu_vcpus = models.IntegerField(null=True, verbose_name=_('CPU vcpus'))
    memory = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Memory'))
    disk_total = models.CharField(max_length=1024, null=True, blank=True, verbose_name=_('Disk total'))
    disk_info = models.CharField(max_length=1024, null=True, blank=True, verbose_name=_('Disk info'))

-    platform = models.CharField(max_length=128, choices=PLATFORM_CHOICES, default='Linux', verbose_name=_('Platform'))
    os = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('OS'))
    os_version = models.CharField(max_length=16, null=True, blank=True, verbose_name=_('OS version'))
    os_arch = models.CharField(max_length=16, blank=True, null=True, verbose_name=_('OS arch'))
@@ -83,8 +110,17 @@ class Asset(models.Model):
    date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
    comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))

+    objects = OrgManager.from_queryset(AssetQuerySet)()
+    CONNECTIVITY_CACHE_KEY = '_JMS_ASSET_CONNECTIVITY_{}'
+    UNREACHABLE, REACHABLE, UNKNOWN = range(0, 3)
+    CONNECTIVITY_CHOICES = (
+        (UNREACHABLE, _("Unreachable")),
+        (REACHABLE, _('Reachable')),
+        (UNKNOWN, _("Unknown")),
+    )
+
    def __str__(self):
-        return self.hostname
+        return '{0.hostname}({0.ip})'.format(self)

    @property
    def is_valid(self):
@@ -95,31 +131,89 @@ class Asset(models.Model):
            return True, ''
        return False, warning

+    def support_ansible(self):
+        if self.platform in ("Windows", "Windows2016", "Other"):
+            return False
+        if self.protocol != 'ssh':
+            return False
+        return True
+
    def is_unixlike(self):
-        if self.platform not in ("Windows",):
+        if self.platform not in ("Windows", "Windows2016"):
            return True
        else:
            return False

+    def get_nodes(self):
+        from .node import Node
+        nodes = self.nodes.all() or [Node.root()]
+        return nodes
+
+    def get_all_nodes(self, flat=False):
+        nodes = []
+        for node in self.get_nodes():
+            _nodes = node.get_ancestor(with_self=True)
+            nodes.append(_nodes)
+        if flat:
+            nodes = list(reduce(lambda x, y: set(x) | set(y), nodes))
+        return nodes
+
+    @classmethod
+    def get_queryset_by_fullname_list(cls, fullname_list):
+        org_fullname_map = defaultdict(list)
+        for fullname in fullname_list:
+            hostname, org = cls.split_fullname(fullname)
+            org_fullname_map[org].append(hostname)
+        filter_arg = Q()
+        for org, hosts in org_fullname_map.items():
+            if org.is_real():
+                filter_arg |= Q(hostname__in=hosts, org_id=org.id)
+            else:
+                filter_arg |= Q(Q(org_id__isnull=True) | Q(org_id=''), hostname__in=hosts)
+        return Asset.objects.filter(filter_arg)
+
    @property
    def hardware_info(self):
        if self.cpu_count:
            return '{} Core {} {}'.format(
-                self.cpu_count * self.cpu_cores,
+                self.cpu_vcpus or self.cpu_count * self.cpu_cores,
                self.memory, self.disk_total
            )
        else:
            return ''

    @property
-    def is_connective(self):
+    def connectivity(self):
        if not self.is_unixlike():
-            return True
-        val = cache.get(ASSET_ADMIN_CONN_CACHE_KEY.format(self.hostname))
-        if val == 1:
-            return True
-        else:
-            return False
+            return self.REACHABLE
+        key = self.CONNECTIVITY_CACHE_KEY.format(str(self.id))
+        cached = cache.get(key, None)
+        return cached if cached is not None else self.UNKNOWN
+
+    @connectivity.setter
+    def connectivity(self, value):
+        key = self.CONNECTIVITY_CACHE_KEY.format(str(self.id))
+        cache.set(key, value, 3600*2)
+
+    def get_auth_info(self):
+        if self.admin_user:
+            self.admin_user.load_specific_asset_auth(self)
+            return {
+                'username': self.admin_user.username,
+                'password': self.admin_user.password,
+                'private_key': self.admin_user.private_key_file,
+                'become': self.admin_user.become_info,
+            }
+
+    def as_node(self):
+        from .node import Node
+        fake_node = Node()
+        fake_node.id = self.id
+        fake_node.key = self.id
+        fake_node.value = self.hostname
+        fake_node.asset = self
+        fake_node.is_node = False
+        return fake_node

    def to_json(self):
        info = {
@@ -132,24 +226,14 @@ class Asset(models.Model):
            info["gateways"] = [d.id for d in self.domain.gateway_set.all()]
        return info

-    def get_auth_info(self):
-        if self.admin_user:
-            return {
-                'username': self.admin_user.username,
-                'password': self.admin_user.password,
-                'private_key': self.admin_user.private_key_file,
-                'become': self.admin_user.become_info,
-            }
-
    def _to_secret_json(self):
        """
-        Ansible use it create inventory, First using asset user,
-        otherwise using cluster admin user
-
+        Ansible use it create inventory
        Todo: May be move to ops implements it
        """
        data = self.to_json()
        if self.admin_user:
+            self.admin_user.load_specific_asset_auth(self)
            admin_user = self.admin_user
            data.update({
                'username': admin_user.username,
@@ -160,8 +244,38 @@ class Asset(models.Model):
            })
        return data

+    def as_tree_node(self, parent_node):
+        from common.tree import TreeNode
+        icon_skin = 'file'
+        if self.platform.lower() == 'windows':
+            icon_skin = 'windows'
+        elif self.platform.lower() == 'linux':
+            icon_skin = 'linux'
+        data = {
+            'id': str(self.id),
+            'name': self.hostname,
+            'title': self.ip,
+            'pId': parent_node.key,
+            'isParent': False,
+            'open': False,
+            'iconSkin': icon_skin,
+            'meta': {
+                'type': 'asset',
+                'asset': {
+                    'id': self.id,
+                    'hostname': self.hostname,
+                    'ip': self.ip,
+                    'port': self.port,
+                    'platform': self.platform,
+                    'protocol': self.protocol,
+                }
+            }
+        }
+        tree_node = TreeNode(**data)
+        return tree_node
+
    class Meta:
-        unique_together = ('ip', 'port')
+        unique_together = [('org_id', 'hostname')]
        verbose_name = _("Asset")

    @classmethod
@@ -169,16 +283,23 @@ class Asset(models.Model):
        from random import seed, choice
        import forgery_py
        from django.db import IntegrityError
-
+        from .node import Node
+        nodes = list(Node.objects.all())
        seed()
        for i in range(count):
-            asset = cls(ip='%s.%s.%s.%s' % (i, i, i, i),
+            ip = [str(i) for i in random.sample(range(255), 4)]
+            asset = cls(ip='.'.join(ip),
                        hostname=forgery_py.internet.user_name(True),
                        admin_user=choice(AdminUser.objects.all()),
                        port=22,
                        created_by='Fake')
            try:
                asset.save()
+                if nodes and len(nodes) > 3:
+                    _nodes = random.sample(nodes, 3)
+                else:
+                    _nodes = [Node.default_node()]
+                asset.nodes.set(_nodes)
                asset.system_users = [choice(SystemUser.objects.all()) for i in range(3)]
                logger.debug('Generate fake asset : %s' % asset.ip)
            except IntegrityError:
--- a/apps/assets/models/authbook.py
+++ b/apps/assets/models/authbook.py
@@ -0,0 +1,93 @@
+# -*- coding: utf-8 -*-
+#
+
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+from django.core.cache import cache
+
+from orgs.mixins import OrgManager
+
+from .base import AssetUser
+from ..const import ASSET_USER_CONN_CACHE_KEY
+
+__all__ = ['AuthBook']
+
+
+class AuthBookQuerySet(models.QuerySet):
+
+    def latest_version(self):
+        return self.filter(is_latest=True)
+
+
+class AuthBookManager(OrgManager):
+    pass
+
+
+class AuthBook(AssetUser):
+    asset = models.ForeignKey('assets.Asset', on_delete=models.CASCADE, verbose_name=_('Asset'))
+    is_latest = models.BooleanField(default=False, verbose_name=_('Latest version'))
+    version = models.IntegerField(default=1, verbose_name=_('Version'))
+
+    objects = AuthBookManager.from_queryset(AuthBookQuerySet)()
+
+    class Meta:
+        verbose_name = _('AuthBook')
+
+    def _set_latest(self):
+        self._remove_pre_obj_latest()
+        self.is_latest = True
+        self.save()
+
+    def _get_pre_obj(self):
+        pre_obj = self.__class__.objects.filter(
+            username=self.username, asset=self.asset).latest_version().first()
+        return pre_obj
+
+    def _remove_pre_obj_latest(self):
+        pre_obj = self._get_pre_obj()
+        if pre_obj:
+            pre_obj.is_latest = False
+            pre_obj.save()
+
+    def _set_version(self):
+        pre_obj = self._get_pre_obj()
+        if pre_obj:
+            self.version = pre_obj.version + 1
+        else:
+            self.version = 1
+        self.save()
+
+    def set_version_and_latest(self):
+        self._set_version()
+        self._set_latest()
+
+    @property
+    def _conn_cache_key(self):
+        return ASSET_USER_CONN_CACHE_KEY.format(self.id, self.asset.id)
+
+    @property
+    def connectivity(self):
+        value = cache.get(self._conn_cache_key, self.UNKNOWN)
+        return value
+
+    @connectivity.setter
+    def connectivity(self, value):
+        _connectivity = self.UNKNOWN
+
+        for host in value.get('dark', {}).keys():
+            if host == self.asset.hostname:
+                _connectivity = self.UNREACHABLE
+
+        for host in value.get('contacted', {}).keys():
+            if host == self.asset.hostname:
+                _connectivity = self.REACHABLE
+
+        cache.set(self._conn_cache_key, _connectivity, 3600)
+
+    @property
+    def keyword(self):
+        return {'username': self.username, 'asset': self.asset}
+
+    def __str__(self):
+        return '{}@{}'.format(self.username, self.asset)
+
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -9,16 +9,22 @@ from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from django.conf import settings

-from common.utils import get_signer, ssh_key_string_to_obj, ssh_key_gen
+from common.utils import (
+    get_signer, ssh_key_string_to_obj, ssh_key_gen, get_logger
+)
+from common.validators import alphanumeric
+from orgs.mixins import OrgModelMixin
 from .utils import private_key_validator

 signer = get_signer()

+logger = get_logger(__file__)

-class AssetUser(models.Model):
+
+class AssetUser(OrgModelMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
-    name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
-    username = models.CharField(max_length=128, verbose_name=_('Username'))
+    name = models.CharField(max_length=128, verbose_name=_('Name'))
+    username = models.CharField(max_length=32, blank=True, verbose_name=_('Username'), validators=[alphanumeric])
    _password = models.CharField(max_length=256, blank=True, null=True, verbose_name=_('Password'))
    _private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ])
    _public_key = models.TextField(max_length=4096, blank=True, verbose_name=_('SSH public key'))
@@ -27,6 +33,13 @@ class AssetUser(models.Model):
    date_updated = models.DateTimeField(auto_now=True)
    created_by = models.CharField(max_length=128, null=True, verbose_name=_('Created by'))

+    UNREACHABLE, REACHABLE, UNKNOWN = range(0, 3)
+    CONNECTIVITY_CHOICES = (
+        (UNREACHABLE, _("Unreachable")),
+        (REACHABLE, _('Reachable')),
+        (UNKNOWN, _("Unknown")),
+    )
+
    @property
    def password(self):
        if self._password:
@@ -36,8 +49,8 @@ class AssetUser(models.Model):

    @password.setter
    def password(self, password_raw):
-        raise AttributeError("Using set_auth do that")
-        # self._password = signer.sign(password_raw)
+        # raise AttributeError("Using set_auth do that")
+        self._password = signer.sign(password_raw)

    @property
    def private_key(self):
@@ -46,8 +59,8 @@ class AssetUser(models.Model):

    @private_key.setter
    def private_key(self, private_key_raw):
-        raise AttributeError("Using set_auth do that")
-        # self._private_key = signer.sign(private_key_raw)
+        # raise AttributeError("Using set_auth do that")
+        self._private_key = signer.sign(private_key_raw)

    @property
    def private_key_obj(self):
@@ -79,6 +92,11 @@ class AssetUser(models.Model):
        else:
            return None

+    @public_key.setter
+    def public_key(self, public_key_raw):
+        # raise AttributeError("Using set_auth do that")
+        self._public_key = signer.sign(public_key_raw)
+
    @property
    def public_key_obj(self):
        if self.public_key:
@@ -103,10 +121,38 @@ class AssetUser(models.Model):
        if update_fields:
            self.save(update_fields=update_fields)

+    def get_auth(self, asset=None):
+        pass
+
+    def load_specific_asset_auth(self, asset):
+        from ..backends.multi import AssetUserManager
+        try:
+            other = AssetUserManager.get(username=self.username, asset=asset)
+        except Exception as e:
+            logger.error(e, exc_info=True)
+        else:
+            self._merge_auth(other)
+
+    def _merge_auth(self, other):
+        if not other:
+            return
+        if other.password:
+            self.password = other.password
+        if other.public_key:
+            self.public_key = other.public_key
+        if other.private_key:
+            self.private_key = other.private_key
+
+    def clear_auth(self):
+        self._password = ''
+        self._private_key = ''
+        self._public_key = ''
+        self.save()
+
    def auto_gen_auth(self):
        password = str(uuid.uuid4())
        private_key, public_key = ssh_key_gen(
-            username=self.name, password=password
+            username=self.username
        )
        self.set_auth(password=password,
                      private_key=private_key,
--- a/apps/assets/models/cluster.py
+++ b/apps/assets/models/cluster.py
@@ -52,7 +52,8 @@ class Cluster(models.Model):
                          contact=forgery_py.name.full_name(),
                          phone=forgery_py.address.phone(),
                          address=forgery_py.address.city() + forgery_py.address.street_address(),
-                          operator=choice(['北京联通', '北京电信', 'BGP全网通']),
+                          # operator=choice(['北京联通', '北京电信', 'BGP全网通']),
+                          operator=choice([_('Beijing unicom'), _('Beijing telecom'), _('BGP full netcom')]),
                          comment=forgery_py.lorem_ipsum.sentence(),
                          created_by='Fake')
            try:
--- a/apps/assets/models/cmd_filter.py
+++ b/apps/assets/models/cmd_filter.py
@@ -0,0 +1,91 @@
+# -*- coding: utf-8 -*-
+#
+import uuid
+import re
+
+from django.db import models
+from django.core.validators import MinValueValidator, MaxValueValidator
+from django.utils.translation import ugettext_lazy as _
+
+from orgs.mixins import OrgModelMixin
+
+
+__all__ = [
+    'CommandFilter', 'CommandFilterRule'
+]
+
+
+class CommandFilter(OrgModelMixin):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=64, verbose_name=_("Name"))
+    is_active = models.BooleanField(default=True, verbose_name=_('Is active'))
+    comment = models.TextField(blank=True, default='', verbose_name=_("Comment"))
+    date_created = models.DateTimeField(auto_now_add=True)
+    date_updated = models.DateTimeField(auto_now=True)
+    created_by = models.CharField(max_length=128, blank=True, default='', verbose_name=_('Created by'))
+
+    def __str__(self):
+        return self.name
+
+    class Meta:
+        verbose_name = _("Command filter")
+
+
+class CommandFilterRule(OrgModelMixin):
+    TYPE_REGEX = 'regex'
+    TYPE_COMMAND = 'command'
+    TYPE_CHOICES = (
+        (TYPE_REGEX, _('Regex')),
+        (TYPE_COMMAND, _('Command')),
+    )
+
+    ACTION_DENY, ACTION_ALLOW, ACTION_UNKNOWN = range(3)
+    ACTION_CHOICES = (
+        (ACTION_DENY, _('Deny')),
+        (ACTION_ALLOW, _('Allow')),
+    )
+
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    filter = models.ForeignKey('CommandFilter', on_delete=models.CASCADE, verbose_name=_("Filter"), related_name='rules')
+    type = models.CharField(max_length=16, default=TYPE_COMMAND, choices=TYPE_CHOICES, verbose_name=_("Type"))
+    priority = models.IntegerField(default=50, verbose_name=_("Priority"), help_text=_("1-100, the higher will be match first"),
+                                   validators=[MinValueValidator(1), MaxValueValidator(100)])
+    content = models.TextField(max_length=1024, verbose_name=_("Content"), help_text=_("One line one command"))
+    action = models.IntegerField(default=ACTION_DENY, choices=ACTION_CHOICES, verbose_name=_("Action"))
+    comment = models.CharField(max_length=64, blank=True, default='', verbose_name=_("Comment"))
+    date_created = models.DateTimeField(auto_now_add=True)
+    date_updated = models.DateTimeField(auto_now=True)
+    created_by = models.CharField(max_length=128, blank=True, default='', verbose_name=_('Created by'))
+
+    __pattern = None
+
+    class Meta:
+        ordering = ('-priority', 'action')
+        verbose_name = _("Command filter rule")
+
+    @property
+    def _pattern(self):
+        if self.__pattern:
+            return self.__pattern
+        if self.type == 'command':
+            regex = []
+            for cmd in self.content.split('\r\n'):
+                cmd = cmd.replace(' ', '\s+')
+                regex.append(r'\b{0}\b'.format(cmd))
+            self.__pattern = re.compile(r'{}'.format('|'.join(regex)))
+        else:
+            self.__pattern = re.compile(r'{0}'.format(self.content))
+        return self.__pattern
+
+    def match(self, data):
+        found = self._pattern.search(data)
+        if not found:
+            return self.ACTION_UNKNOWN, ''
+
+        if self.action == self.ACTION_ALLOW:
+            return self.ACTION_ALLOW, found.group()
+        else:
+            return self.ACTION_DENY, found.group()
+
+    def __str__(self):
+        return '{} % {}'.format(self.type, self.content)
--- a/apps/assets/models/domain.py
+++ b/apps/assets/models/domain.py
@@ -4,21 +4,27 @@
 import uuid
 import random

+import paramiko
+
 from django.db import models
 from django.utils.translation import ugettext_lazy as _

+from orgs.mixins import OrgModelMixin
 from .base import AssetUser

 __all__ = ['Domain', 'Gateway']


-class Domain(models.Model):
+class Domain(OrgModelMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
    comment = models.TextField(blank=True, verbose_name=_('Comment'))
    date_created = models.DateTimeField(auto_now_add=True, null=True,
                                        verbose_name=_('Date created'))

+    class Meta:
+        verbose_name = _("Domain")
+
    def __str__(self):
        return self.name

@@ -34,19 +40,57 @@ class Domain(models.Model):


 class Gateway(AssetUser):
-    SSH_PROTOCOL = 'ssh'
-    RDP_PROTOCOL = 'rdp'
+    PROTOCOL_SSH = 'ssh'
+    PROTOCOL_RDP = 'rdp'
    PROTOCOL_CHOICES = (
-        (SSH_PROTOCOL, 'ssh'),
-        (RDP_PROTOCOL, 'rdp'),
+        (PROTOCOL_SSH, 'ssh'),
+        (PROTOCOL_RDP, 'rdp'),
    )
    ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True)
    port = models.IntegerField(default=22, verbose_name=_('Port'))
-    protocol = models.CharField(choices=PROTOCOL_CHOICES, max_length=16, default=SSH_PROTOCOL, verbose_name=_("Protocol"))
-    domain = models.ForeignKey(Domain, verbose_name=_("Domain"))
+    protocol = models.CharField(choices=PROTOCOL_CHOICES, max_length=16, default=PROTOCOL_SSH, verbose_name=_("Protocol"))
+    domain = models.ForeignKey(Domain, on_delete=models.CASCADE, verbose_name=_("Domain"))
    comment = models.CharField(max_length=128, blank=True, null=True, verbose_name=_("Comment"))
    is_active = models.BooleanField(default=True, verbose_name=_("Is active"))

    def __str__(self):
        return self.name

+    class Meta:
+        unique_together = [('name', 'org_id')]
+        verbose_name = _("Gateway")
+
+    def test_connective(self, local_port=None):
+        if local_port is None:
+            local_port = self.port
+        client = paramiko.SSHClient()
+        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        proxy = paramiko.SSHClient()
+        proxy.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+
+        try:
+            proxy.connect(self.ip, port=self.port,
+                          username=self.username,
+                          password=self.password,
+                          pkey=self.private_key_obj)
+        except(paramiko.AuthenticationException,
+               paramiko.BadAuthenticationType,
+               paramiko.SSHException) as e:
+            return False, str(e)
+
+        try:
+            sock = proxy.get_transport().open_channel(
+                'direct-tcpip', ('127.0.0.1', local_port), ('127.0.0.1', 0)
+            )
+            client.connect("127.0.0.1", port=local_port,
+                           username=self.username,
+                           password=self.password,
+                           key_filename=self.private_key_file,
+                           sock=sock,
+                           timeout=5)
+        except (paramiko.SSHException, paramiko.ssh_exception.SSHException,
+                paramiko.AuthenticationException, TimeoutError) as e:
+            return False, str(e)
+        finally:
+            client.close()
+        return True, None
--- a/apps/assets/models/label.py
+++ b/apps/assets/models/label.py
@@ -4,9 +4,10 @@
 import uuid
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
+from orgs.mixins import OrgModelMixin


-class Label(models.Model):
+class Label(OrgModelMixin):
    SYSTEM_CATEGORY = "S"
    USER_CATEGORY = "U"
    CATEGORY_CHOICES = (
@@ -16,7 +17,8 @@ class Label(models.Model):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    name = models.CharField(max_length=128, verbose_name=_("Name"))
    value = models.CharField(max_length=128, verbose_name=_("Value"))
-    category = models.CharField(max_length=128, choices=CATEGORY_CHOICES, default=USER_CATEGORY, verbose_name=_("Category"))
+    category = models.CharField(max_length=128, choices=CATEGORY_CHOICES,
+                                default=USER_CATEGORY, verbose_name=_("Category"))
    is_active = models.BooleanField(default=True, verbose_name=_("Is active"))
    comment = models.TextField(blank=True, null=True, verbose_name=_("Comment"))
    date_created = models.DateTimeField(
@@ -34,4 +36,4 @@ class Label(models.Model):

    class Meta:
        db_table = "assets_label"
-        unique_together = ('name', 'value')
+        unique_together = [('name', 'value', 'org_id')]
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -2,33 +2,117 @@
 #
 import uuid

-from django.db import models
+from django.db import models, transaction
+from django.db.models import Q
 from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import ugettext
+from django.core.cache import cache

+from orgs.mixins import OrgModelMixin
+from orgs.utils import set_current_org, get_current_org
+from orgs.models import Organization

 __all__ = ['Node']


-class Node(models.Model):
+class Node(OrgModelMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    key = models.CharField(unique=True, max_length=64, verbose_name=_("Key"))  # '1:1:1:1'
-    value = models.CharField(max_length=128, unique=True, verbose_name=_("Value"))
+    value = models.CharField(max_length=128, verbose_name=_("Value"))
    child_mark = models.IntegerField(default=0)
    date_create = models.DateTimeField(auto_now_add=True)

+    is_node = True
+    _assets_amount = None
+    _full_value_cache_key = '_NODE_VALUE_{}'
+    _assets_amount_cache_key = '_NODE_ASSETS_AMOUNT_{}'
+
+    class Meta:
+        verbose_name = _("Node")
+        ordering = ['key']
+
    def __str__(self):
-        return self.value
+        return self.full_value
+
+    def __eq__(self, other):
+        if not other:
+            return False
+        return self.key == other.key
+
+    def __gt__(self, other):
+        if self.is_root():
+            return True
+        self_key = [int(k) for k in self.key.split(':')]
+        other_key = [int(k) for k in other.key.split(':')]
+        return self_key.__lt__(other_key)
+
+    def __lt__(self, other):
+        return not self.__gt__(other)

    @property
    def name(self):
        return self.value

+    @property
+    def assets_amount(self):
+        """
+        获取节点下所有资产数量速度太慢，所以需要重写，使用cache等方案
+        :return:
+        """
+        if self._assets_amount is not None:
+            return self._assets_amount
+        cache_key = self._assets_amount_cache_key.format(self.key)
+        cached = cache.get(cache_key)
+        if cached is not None:
+            return cached
+        assets_amount = self.get_all_assets().count()
+        cache.set(cache_key, assets_amount, 3600)
+        return assets_amount
+
+    @assets_amount.setter
+    def assets_amount(self, value):
+        self._assets_amount = value
+
+    def expire_assets_amount(self):
+        ancestor_keys = self.get_ancestor_keys(with_self=True)
+        cache_keys = [self._assets_amount_cache_key.format(k) for k in ancestor_keys]
+        cache.delete_many(cache_keys)
+
+    @classmethod
+    def expire_nodes_assets_amount(cls, nodes=None):
+        if nodes:
+            for node in nodes:
+                node.expire_assets_amount()
+            return
+        key = cls._assets_amount_cache_key.format('*')
+        cache.delete_pattern(key)
+
    @property
    def full_value(self):
-        if self == self.__class__.root():
+        key = self._full_value_cache_key.format(self.key)
+        cached = cache.get(key)
+        if cached:
+            return cached
+        if self.is_root():
            return self.value
-        else:
-            return '{}/{}'.format(self.value, self.parent.full_value)
+        parent_full_value = self.parent.full_value
+        value = parent_full_value + ' / ' + self.value
+        key = self._full_value_cache_key.format(self.key)
+        cache.set(key, value, 3600)
+        return value
+
+    def expire_full_value(self):
+        key = self._full_value_cache_key.format(self.key)
+        cache.delete_pattern(key+'*')
+
+    @classmethod
+    def expire_nodes_full_value(cls, nodes=None):
+        if nodes:
+            for node in nodes:
+                node.expire_full_value()
+            return
+        key = cls._full_value_cache_key.format('*')
+        cache.delete_pattern(key+'*')

    @property
    def level(self):
@@ -40,80 +124,186 @@ class Node(models.Model):
        self.save()
        return "{}:{}".format(self.key, mark)

-    def create_child(self, value):
-        child_key = self.get_next_child_key()
-        child = self.__class__.objects.create(key=child_key, value=value)
-        return child
+    def get_next_child_preset_name(self):
+        name = ugettext("New node")
+        values = [
+            child.value[child.value.rfind(' '):]
+            for child in self.get_children()
+            if child.value.startswith(name)
+        ]
+        values = [int(value) for value in values if value.strip().isdigit()]
+        count = max(values) + 1 if values else 1
+        return '{} {}'.format(name, count)

-    def get_children(self):
-        return self.__class__.objects.filter(key__regex=r'{}:[0-9]+$'.format(self.key))
+    def create_child(self, value, _id=None):
+        with transaction.atomic():
+            child_key = self.get_next_child_key()
+            child = self.__class__.objects.create(id=_id, key=child_key, value=value)
+            return child

-    def get_all_children(self):
-        return self.__class__.objects.filter(key__startswith='{}:'.format(self.key))
+    def get_children(self, with_self=False):
+        pattern = r'^{0}$|^{0}:[0-9]+$' if with_self else r'^{0}:[0-9]+$'
+        return self.__class__.objects.filter(
+            key__regex=pattern.format(self.key)
+        )
+
+    def get_all_children(self, with_self=False):
+        pattern = r'^{0}$|^{0}:' if with_self else r'^{0}:'
+        return self.__class__.objects.filter(
+            key__regex=pattern.format(self.key)
+        )
+
+    def get_sibling(self, with_self=False):
+        key = ':'.join(self.key.split(':')[:-1])
+        pattern = r'^{}:[0-9]+$'.format(key)
+        sibling = self.__class__.objects.filter(
+            key__regex=pattern.format(self.key)
+        )
+        if not with_self:
+            sibling = sibling.exclude(key=self.key)
+        return sibling

    def get_family(self):
-        children = list(self.get_all_children())
-        children.append(self)
-        return children
+        ancestor = self.get_ancestor()
+        children = self.get_all_children()
+        return [*tuple(ancestor), self, *tuple(children)]

    def get_assets(self):
        from .asset import Asset
-        assets = Asset.objects.filter(nodes__id=self.id)
-        return assets
+        if self.is_default_node():
+            assets = Asset.objects.filter(Q(nodes__id=self.id) | Q(nodes__isnull=True))
+        else:
+            assets = Asset.objects.filter(nodes__id=self.id)
+        return assets.distinct()

-    def get_active_assets(self):
-        return self.get_assets().filter(is_active=True)
+    def get_valid_assets(self):
+        return self.get_assets().valid()

    def get_all_assets(self):
        from .asset import Asset
+        pattern = r'^{0}$|^{0}:'.format(self.key)
+        args = []
+        kwargs = {}
        if self.is_root():
-            assets = Asset.objects.all()
+            args.append(Q(nodes__key__regex=pattern) | Q(nodes=None))
        else:
-            nodes = self.get_family()
-            assets = Asset.objects.filter(nodes__in=nodes)
+            kwargs['nodes__key__regex'] = pattern
+        assets = Asset.objects.filter(*args, **kwargs).distinct()
        return assets

-    def get_all_active_assets(self):
-        return self.get_all_assets().filter(is_active=True)
+    def get_all_valid_assets(self):
+        return self.get_all_assets().valid()
+
+    def is_default_node(self):
+        return self.is_root() and self.key == '0'

    def is_root(self):
-        return self.key == '0'
+        if self.key.isdigit():
+            return True
+        else:
+            return False
+
+    @property
+    def parent_key(self):
+        parent_key = ":".join(self.key.split(":")[:-1])
+        return parent_key

    @property
    def parent(self):
-        if self.key == "0":
-            return self.__class__.root()
-        elif not self.key.startswith("0"):
-            return self.__class__.root()
-
-        parent_key = ":".join(self.key.split(":")[:-1])
+        if self.is_root():
+            return self
        try:
-            parent = self.__class__.objects.get(key=parent_key)
+            parent = self.__class__.objects.get(key=self.parent_key)
+            return parent
        except Node.DoesNotExist:
            return self.__class__.root()
-        else:
-            return parent

    @parent.setter
    def parent(self, parent):
-        self.key = parent.get_next_child_key()
+        if not self.is_node:
+            self.key = parent.key + ':fake'
+            return
+        children = self.get_all_children()
+        old_key = self.key
+        with transaction.atomic():
+            self.key = parent.get_next_child_key()
+            for child in children:
+                child.key = child.key.replace(old_key, self.key, 1)
+                child.save()
+            self.save()

-    @property
-    def ancestor(self):
-        if self.parent == self.__class__.root():
-            return [self.__class__.root()]
-        else:
-            return [self.parent, *tuple(self.parent.ancestor)]
+    def get_ancestor_keys(self, with_self=False):
+        parent_keys = []
+        key_list = self.key.split(":")
+        if not with_self:
+            key_list.pop()
+        for i in range(len(key_list)):
+            parent_keys.append(":".join(key_list))
+            key_list.pop()
+        return parent_keys

-    @property
-    def ancestor_with_node(self):
-        ancestor = self.ancestor
-        ancestor.insert(0, self)
+    def get_ancestor(self, with_self=False):
+        ancestor_keys = self.get_ancestor_keys(with_self=with_self)
+        ancestor = self.__class__.objects.filter(
+            key__in=ancestor_keys
+        ).order_by('key')
        return ancestor

+    @classmethod
+    def create_root_node(cls):
+        # 如果使用current_org 在set_current_org时会死循环
+        _current_org = get_current_org()
+        with transaction.atomic():
+            if not _current_org.is_real():
+                return cls.default_node()
+            set_current_org(Organization.root())
+            org_nodes_roots = cls.objects.filter(key__regex=r'^[0-9]+$')
+            org_nodes_roots_keys = org_nodes_roots.values_list('key', flat=True) or ['1']
+            key = max([int(k) for k in org_nodes_roots_keys])
+            key = str(key + 1) if key != 0 else '2'
+            set_current_org(_current_org)
+            root = cls.objects.create(key=key, value=_current_org.name)
+            return root
+
    @classmethod
    def root(cls):
-        obj, created = cls.objects.get_or_create(
-            key='0', defaults={"key": '0', 'value': "ROOT"}
-        )
+        root = cls.objects.filter(key__regex=r'^[0-9]+$')
+        if root:
+            return root[0]
+        else:
+            return cls.create_root_node()
+
+    @classmethod
+    def default_node(cls):
+        defaults = {'value': 'Default'}
+        obj, created = cls.objects.get_or_create(defaults=defaults, key='1')
        return obj
+
+    def as_tree_node(self):
+        from common.tree import TreeNode
+        from ..serializers import NodeSerializer
+        name = '{} ({})'.format(self.value, self.assets_amount)
+        node_serializer = NodeSerializer(instance=self)
+        data = {
+            'id': self.key,
+            'name': name,
+            'title': name,
+            'pId': self.parent_key,
+            'isParent': True,
+            'open': self.is_root(),
+            'meta': {
+                'node': node_serializer.data,
+                'type': 'node'
+            }
+        }
+        tree_node = TreeNode(**data)
+        return tree_node
+
+    @classmethod
+    def generate_fake(cls, count=100):
+        import random
+        for i in range(count):
+            node = random.choice(cls.objects.all())
+            node.create_child('Node {}'.format(i))
+
+
--- a/apps/assets/models/user.py
+++ b/apps/assets/models/user.py
@@ -7,13 +7,14 @@ import logging
 from django.core.cache import cache
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
+from django.core.validators import MinValueValidator, MaxValueValidator

 from common.utils import get_signer
 from ..const import SYSTEM_USER_CONN_CACHE_KEY
 from .base import AssetUser


-__all__ = ['AdminUser', 'SystemUser',]
+__all__ = ['AdminUser', 'SystemUser']
 logger = logging.getLogger(__name__)
 signer = get_signer()

@@ -30,6 +31,7 @@ class AdminUser(AssetUser):
    become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4)
    become_user = models.CharField(default='root', max_length=64)
    _become_pass = models.CharField(default='', max_length=128)
+    CONNECTIVE_CACHE_KEY = '_JMS_ADMIN_USER_CONNECTIVE_{}'

    def __str__(self):
        return self.name
@@ -66,8 +68,26 @@ class AdminUser(AssetUser):
    def assets_amount(self):
        return self.get_related_assets().count()

+    @property
+    def connectivity(self):
+        from .asset import Asset
+        assets = self.get_related_assets().values_list('id', 'hostname', flat=True)
+        data = {
+            'unreachable': [],
+            'reachable': [],
+        }
+        for asset_id, hostname in assets:
+            key = Asset.CONNECTIVITY_CACHE_KEY.format(str(self.id))
+            value = cache.get(key, Asset.UNKNOWN)
+            if value == Asset.REACHABLE:
+                data['reachable'].append(hostname)
+            elif value == Asset.UNREACHABLE:
+                data['unreachable'].append(hostname)
+        return data
+
    class Meta:
        ordering = ['name']
+        unique_together = [('name', 'org_id')]
        verbose_name = _("Admin user")

    @classmethod
@@ -92,22 +112,39 @@ class AdminUser(AssetUser):


 class SystemUser(AssetUser):
-    SSH_PROTOCOL = 'ssh'
-    RDP_PROTOCOL = 'rdp'
+    PROTOCOL_SSH = 'ssh'
+    PROTOCOL_RDP = 'rdp'
+    PROTOCOL_TELNET = 'telnet'
+    PROTOCOL_VNC = 'vnc'
    PROTOCOL_CHOICES = (
-        (SSH_PROTOCOL, 'ssh'),
-        (RDP_PROTOCOL, 'rdp'),
+        (PROTOCOL_SSH, 'ssh'),
+        (PROTOCOL_RDP, 'rdp'),
+        (PROTOCOL_TELNET, 'telnet (beta)'),
+        (PROTOCOL_VNC, 'vnc'),
+    )
+
+    LOGIN_AUTO = 'auto'
+    LOGIN_MANUAL = 'manual'
+    LOGIN_MODE_CHOICES = (
+        (LOGIN_AUTO, _('Automatic login')),
+        (LOGIN_MANUAL, _('Manually login'))
    )

    nodes = models.ManyToManyField('assets.Node', blank=True, verbose_name=_("Nodes"))
-    priority = models.IntegerField(default=10, verbose_name=_("Priority"))
+    assets = models.ManyToManyField('assets.Asset', blank=True, verbose_name=_("Assets"))
+    priority = models.IntegerField(default=20, verbose_name=_("Priority"), validators=[MinValueValidator(1), MaxValueValidator(100)])
    protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
    auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))
-    sudo = models.TextField(default='/sbin/ifconfig', verbose_name=_('Sudo'))
+    sudo = models.TextField(default='/bin/whoami', verbose_name=_('Sudo'))
    shell = models.CharField(max_length=64,  default='/bin/bash', verbose_name=_('Shell'))
+    login_mode = models.CharField(choices=LOGIN_MODE_CHOICES, default=LOGIN_AUTO, max_length=10, verbose_name=_('Login mode'))
+    cmd_filters = models.ManyToManyField('CommandFilter', related_name='system_users', verbose_name=_("Command filter"), blank=True)
+
+    SYSTEM_USER_CACHE_KEY = "__SYSTEM_USER_CACHED_{}"
+    CONNECTIVE_CACHE_KEY = '_JMS_SYSTEM_USER_CONNECTIVE_{}'

    def __str__(self):
-        return self.name
+        return '{0.name}({0.username})'.format(self)

    def to_json(self):
        return {
@@ -119,34 +156,94 @@ class SystemUser(AssetUser):
            'auto_push': self.auto_push,
        }

-    @property
-    def assets(self):
-        assets = set()
-        for node in self.nodes.all():
-            assets.update(set(node.get_all_assets()))
+    def get_related_assets(self):
+        assets = set(self.assets.all())
        return assets

    @property
-    def assets_connective(self):
-        _result = cache.get(SYSTEM_USER_CONN_CACHE_KEY.format(self.name), {})
-        return _result
+    def connectivity(self):
+        cache_key = self.CONNECTIVE_CACHE_KEY.format(str(self.id))
+        value = cache.get(cache_key, None)
+        if not value or 'unreachable' not in value:
+            return {'unreachable': [], 'reachable': []}
+        else:
+            return value
+
+    @connectivity.setter
+    def connectivity(self, value):
+        data = self.connectivity
+        unreachable = data['unreachable']
+        reachable = data['reachable']
+
+        for host in value.get('dark', {}).keys():
+            if host not in unreachable:
+                unreachable.append(host)
+            if host in reachable:
+                reachable.remove(host)
+        for host in value.get('contacted'):
+            if host not in reachable:
+                reachable.append(host)
+            if host in unreachable:
+                unreachable.remove(host)
+        cache_key = self.CONNECTIVE_CACHE_KEY.format(str(self.id))
+        cache.set(cache_key, data, 3600)

    @property
-    def unreachable_assets(self):
-        return list(self.assets_connective.get('dark', {}).keys())
+    def assets_unreachable(self):
+        return self.connectivity.get('unreachable')

    @property
-    def reachable_assets(self):
-        return self.assets_connective.get('contacted', [])
+    def assets_reachable(self):
+        return self.connectivity.get('reachable')
+
+    @property
+    def login_mode_display(self):
+        return self.get_login_mode_display()

    def is_need_push(self):
-        if self.auto_push and self.protocol == self.__class__.SSH_PROTOCOL:
+        if self.auto_push and self.protocol == self.PROTOCOL_SSH:
            return True
        else:
            return False

+    def set_cache(self):
+        cache.set(self.SYSTEM_USER_CACHE_KEY.format(self.id), self, 3600)
+
+    def expire_cache(self):
+        cache.delete(self.SYSTEM_USER_CACHE_KEY.format(self.id))
+
+    @property
+    def cmd_filter_rules(self):
+        from .cmd_filter import CommandFilterRule
+        rules = CommandFilterRule.objects.filter(
+            filter__in=self.cmd_filters.all()
+        ).distinct()
+        return rules
+
+    def is_command_can_run(self, command):
+        for rule in self.cmd_filter_rules:
+            action, matched_cmd = rule.match(command)
+            if action == rule.ACTION_ALLOW:
+                return True, None
+            elif action == rule.ACTION_DENY:
+                return False, matched_cmd
+        return True, None
+
+    @classmethod
+    def get_system_user_by_id_or_cached(cls, sid):
+        cached = cache.get(cls.SYSTEM_USER_CACHE_KEY.format(sid))
+        if cached:
+            return cached
+        try:
+            system_user = cls.objects.get(id=sid)
+            system_user.set_cache()
+            return system_user
+        except cls.DoesNotExist:
+            return None
+
    class Meta:
        ordering = ['name']
+        unique_together = [('name', 'org_id')]
        verbose_name = _("System user")

    @classmethod
@@ -168,6 +265,3 @@ class SystemUser(AssetUser):
            except IntegrityError:
                print('Error continue')
                continue
-
-
-
--- a/apps/assets/serializers/init.py
+++ b/apps/assets/serializers/init.py
@@ -7,3 +7,5 @@ from .label import *
 from .system_user import *
 from .node import *
 from .domain import *
+from .cmd_filter import *
+from .asset_user import *
--- a/apps/assets/serializers/admin_user.py
+++ b/apps/assets/serializers/admin_user.py
@@ -3,6 +3,8 @@
 from django.core.cache import cache
 from rest_framework import serializers

+from common.serializers import AdaptedBulkListSerializer
+
 from ..models import Node, AdminUser
 from ..const import ADMIN_USER_CONN_CACHE_KEY

@@ -18,6 +20,7 @@ class AdminUserSerializer(serializers.ModelSerializer):
    reachable_amount = serializers.SerializerMethodField()

    class Meta:
+        list_serializer_class = AdaptedBulkListSerializer
        model = AdminUser
        fields = '__all__'

@@ -66,4 +69,5 @@ class ReplaceNodeAdminUserSerializer(serializers.ModelSerializer):
        fields = ['id', 'nodes']


-
+class TaskIDSerializer(serializers.Serializer):
+    task = serializers.CharField(read_only=True)
--- a/apps/assets/serializers/asset.py
+++ b/apps/assets/serializers/asset.py
@@ -1,45 +1,63 @@
 # -*- coding: utf-8 -*-
 #
 from rest_framework import serializers
-from rest_framework_bulk.serializers import BulkListSerializer

 from common.mixins import BulkSerializerMixin
+from common.serializers import AdaptedBulkListSerializer
 from ..models import Asset
 from .system_user import AssetSystemUserSerializer

+__all__ = [
+    'AssetSerializer', 'AssetGrantedSerializer', 'MyAssetGrantedSerializer',
+    'AssetAsNodeSerializer', 'AssetSimpleSerializer',
+]
+

 class AssetSerializer(BulkSerializerMixin, serializers.ModelSerializer):
    """
    资产的数据结构
    """
-
    class Meta:
        model = Asset
-        list_serializer_class = BulkListSerializer
+        list_serializer_class = AdaptedBulkListSerializer
        fields = '__all__'
-        validators = []  # If not set to [], partial bulk update will be error
+        validators = []
+
+    @classmethod
+    def setup_eager_loading(cls, queryset):
+        """ Perform necessary eager loading of data. """
+        queryset = queryset.prefetch_related('labels', 'nodes')\
+            .select_related('admin_user')
+        return queryset

    def get_field_names(self, declared_fields, info):
        fields = super().get_field_names(declared_fields, info)
        fields.extend([
-            'hardware_info', 'is_connective',
+            'hardware_info', 'connectivity', 'org_name'
        ])
        return fields


+class AssetAsNodeSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Asset
+        fields = ['id', 'hostname', 'ip', 'port', 'platform', 'protocol']
+
+
 class AssetGrantedSerializer(serializers.ModelSerializer):
    """
    被授权资产的数据结构
    """
    system_users_granted = AssetSystemUserSerializer(many=True, read_only=True)
    system_users_join = serializers.SerializerMethodField()
+    # nodes = NodeTMPSerializer(many=True, read_only=True)

    class Meta:
        model = Asset
        fields = (
            "id", "hostname", "ip", "port", "system_users_granted",
            "is_active", "system_users_join", "os", 'domain',
-            "platform", "comment"
+            "platform", "comment", "protocol", "org_id", "org_name",
        )

    @staticmethod
@@ -57,6 +75,12 @@ class MyAssetGrantedSerializer(AssetGrantedSerializer):
        model = Asset
        fields = (
            "id", "hostname", "system_users_granted",
-            "is_active", "system_users_join",
-            "os", "platform", "comment",
+            "is_active", "system_users_join", "org_name",
+            "os", "platform", "comment", "org_id", "protocol"
        )
+
+
+class AssetSimpleSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Asset
+        fields = ['id', 'hostname', 'port', 'ip', 'connectivity']
--- a/apps/assets/serializers/asset_user.py
+++ b/apps/assets/serializers/asset_user.py
@@ -0,0 +1,65 @@
+# -*- coding: utf-8 -*-
+#
+
+from django.utils.translation import ugettext as _
+from rest_framework import serializers
+
+from ..models import AuthBook
+from ..backends.multi import AssetUserManager
+
+__all__ = [
+    'AssetUserSerializer', 'AssetUserAuthInfoSerializer',
+]
+
+
+class AssetUserSerializer(serializers.ModelSerializer):
+
+    password = serializers.CharField(
+        max_length=256, allow_blank=True, allow_null=True, write_only=True,
+        required=False, help_text=_('Password')
+    )
+    public_key = serializers.CharField(
+        max_length=4096, allow_blank=True, allow_null=True, write_only=True,
+        required=False, help_text=_('Public key')
+    )
+    private_key = serializers.CharField(
+        max_length=4096, allow_blank=True, allow_null=True, write_only=True,
+        required=False, help_text=_('Private key')
+    )
+
+    class Meta:
+        model = AuthBook
+        read_only_fields = (
+            'date_created', 'date_updated', 'created_by',
+            'is_latest', 'version', 'connectivity',
+        )
+        fields = '__all__'
+        extra_kwargs = {
+            'username': {'required': True}
+        }
+
+    def get_field_names(self, declared_fields, info):
+        fields = super().get_field_names(declared_fields, info)
+        fields = [f for f in fields if not f.startswith('_') and f != 'id']
+        fields.extend(['connectivity'])
+        return fields
+
+    def create(self, validated_data):
+        kwargs = {
+            'name': validated_data.get('name'),
+            'username': validated_data.get('username'),
+            'asset': validated_data.get('asset'),
+            'comment': validated_data.get('comment', ''),
+            'org_id': validated_data.get('org_id', ''),
+            'password': validated_data.get('password'),
+            'public_key': validated_data.get('public_key'),
+            'private_key': validated_data.get('private_key')
+        }
+        instance = AssetUserManager.create(**kwargs)
+        return instance
+
+
+class AssetUserAuthInfoSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = AuthBook
+        fields = ['password', 'private_key', 'public_key']
--- a/apps/assets/serializers/cmd_filter.py
+++ b/apps/assets/serializers/cmd_filter.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import serializers
+
+from common.fields import ChoiceDisplayField
+from common.serializers import AdaptedBulkListSerializer
+from ..models import CommandFilter, CommandFilterRule, SystemUser
+
+
+class CommandFilterSerializer(serializers.ModelSerializer):
+    rules = serializers.PrimaryKeyRelatedField(queryset=CommandFilterRule.objects.all(), many=True)
+    system_users = serializers.PrimaryKeyRelatedField(queryset=SystemUser.objects.all(), many=True)
+
+    class Meta:
+        model = CommandFilter
+        list_serializer_class = AdaptedBulkListSerializer
+        fields = '__all__'
+
+
+class CommandFilterRuleSerializer(serializers.ModelSerializer):
+    serializer_choice_field = ChoiceDisplayField
+
+    class Meta:
+        model = CommandFilterRule
+        fields = '__all__'
+        list_serializer_class = AdaptedBulkListSerializer
--- a/apps/assets/serializers/domain.py
+++ b/apps/assets/serializers/domain.py
@@ -2,6 +2,8 @@
 #
 from rest_framework import serializers

+from common.serializers import AdaptedBulkListSerializer
+
 from ..models import Domain, Gateway


@@ -12,6 +14,7 @@ class DomainSerializer(serializers.ModelSerializer):
    class Meta:
        model = Domain
        fields = '__all__'
+        list_serializer_class = AdaptedBulkListSerializer

    @staticmethod
    def get_asset_count(obj):
@@ -23,9 +26,9 @@ class DomainSerializer(serializers.ModelSerializer):


 class GatewaySerializer(serializers.ModelSerializer):
-
    class Meta:
        model = Gateway
+        list_serializer_class = AdaptedBulkListSerializer
        fields = [
            'id', 'name', 'ip', 'port', 'protocol', 'username',
            'domain', 'is_active', 'date_created', 'date_updated',
--- a/apps/assets/serializers/label.py
+++ b/apps/assets/serializers/label.py
@@ -1,7 +1,8 @@
 # -*- coding: utf-8 -*-
 #
 from rest_framework import serializers
-from rest_framework_bulk.serializers import BulkListSerializer
+
+from common.serializers import AdaptedBulkListSerializer

 from ..models import Label

@@ -12,7 +13,7 @@ class LabelSerializer(serializers.ModelSerializer):
    class Meta:
        model = Label
        fields = '__all__'
-        list_serializer_class = BulkListSerializer
+        list_serializer_class = AdaptedBulkListSerializer

    @staticmethod
    def get_asset_count(obj):
--- a/apps/assets/serializers/node.py
+++ b/apps/assets/serializers/node.py
@@ -1,63 +1,36 @@
 # -*- coding: utf-8 -*-
 from rest_framework import serializers
-from rest_framework_bulk.serializers import BulkListSerializer

-from common.mixins import BulkSerializerMixin
 from ..models import Asset, Node
-from .asset import AssetGrantedSerializer


-class NodeGrantedSerializer(BulkSerializerMixin, serializers.ModelSerializer):
-    """
-    授权资产组
-    """
-    assets_granted = AssetGrantedSerializer(many=True, read_only=True)
-    assets_amount = serializers.SerializerMethodField()
-    parent = serializers.SerializerMethodField()
-    name = serializers.SerializerMethodField()
+__all__ = [
+    'NodeSerializer', "NodeAddChildrenSerializer",
+    "NodeAssetsSerializer",
+]
+
+
+class NodeSerializer(serializers.ModelSerializer):
+    assets_amount = serializers.IntegerField(read_only=True)

    class Meta:
        model = Node
        fields = [
-            'id', 'key', 'name', 'value', 'parent',
-            'assets_granted', 'assets_amount',
+            'id', 'key', 'value', 'assets_amount', 'org_id',
+        ]
+        read_only_fields = [
+            'key', 'assets_amount', 'org_id',
        ]

-    @staticmethod
-    def get_assets_amount(obj):
-        return len(obj.assets_granted)
-
-    @staticmethod
-    def get_name(obj):
-        return obj.name
-
-    @staticmethod
-    def get_parent(obj):
-        return obj.parent.id
-
-
-class NodeSerializer(serializers.ModelSerializer):
-    parent = serializers.SerializerMethodField()
-    assets_amount = serializers.SerializerMethodField()
-
-    class Meta:
-        model = Node
-        fields = ['id', 'key', 'value', 'parent', 'assets_amount']
-        list_serializer_class = BulkListSerializer
-
-    @staticmethod
-    def get_parent(obj):
-        return obj.parent.id
-
-    @staticmethod
-    def get_assets_amount(obj):
-        return obj.get_all_assets().count()
-
-    def get_fields(self):
-        fields = super().get_fields()
-        field = fields["key"]
-        field.required = False
-        return fields
+    def validate_value(self, data):
+        instance = self.instance if self.instance else Node.root()
+        children = instance.parent.get_children().exclude(key=instance.key)
+        values = [child.value for child in children]
+        if data in values:
+            raise serializers.ValidationError(
+                'The same level node name cannot be the same'
+            )
+        return data


 class NodeAssetsSerializer(serializers.ModelSerializer):
@@ -70,3 +43,4 @@ class NodeAssetsSerializer(serializers.ModelSerializer):

 class NodeAddChildrenSerializer(serializers.Serializer):
    nodes = serializers.ListField()
+
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -1,6 +1,8 @@
 from rest_framework import serializers

-from ..models import SystemUser
+from common.serializers import AdaptedBulkListSerializer
+
+from ..models import SystemUser, Asset
 from .base import AuthSerializer


@@ -17,14 +19,22 @@ class SystemUserSerializer(serializers.ModelSerializer):
    class Meta:
        model = SystemUser
        exclude = ('_password', '_private_key', '_public_key')
+        list_serializer_class = AdaptedBulkListSerializer
+
+    def get_field_names(self, declared_fields, info):
+        fields = super(SystemUserSerializer, self).get_field_names(declared_fields, info)
+        fields.extend([
+            'login_mode_display',
+        ])
+        return fields

    @staticmethod
    def get_unreachable_assets(obj):
-        return obj.unreachable_assets
+        return obj.assets_unreachable

    @staticmethod
    def get_reachable_assets(obj):
-        return obj.reachable_assets
+        return obj.assets_reachable

    def get_unreachable_amount(self, obj):
        return len(self.get_unreachable_assets(obj))
@@ -34,7 +44,7 @@ class SystemUserSerializer(serializers.ModelSerializer):

    @staticmethod
    def get_assets_amount(obj):
-        return len(obj.assets)
+        return len(obj.get_related_assets())


 class SystemUserAuthSerializer(AuthSerializer):
@@ -46,7 +56,7 @@ class SystemUserAuthSerializer(AuthSerializer):
        model = SystemUser
        fields = [
            "id", "name", "username", "protocol",
-            "password", "private_key",
+            "login_mode", "password", "private_key",
        ]


@@ -54,9 +64,18 @@ class AssetSystemUserSerializer(serializers.ModelSerializer):
    """
    查看授权的资产系统用户的数据结构，这个和AssetSerializer不同，字段少
    """
+    actions = serializers.SerializerMethodField()
+
    class Meta:
        model = SystemUser
-        fields = ('id', 'name', 'username', 'priority', 'protocol',  'comment',)
+        fields = (
+            'id', 'name', 'username', 'priority',
+            'protocol',  'comment', 'login_mode', 'actions',
+        )
+
+    @staticmethod
+    def get_actions(obj):
+        return [action.name for action in obj.actions]


 class SystemUserSimpleSerializer(serializers.ModelSerializer):
@@ -65,4 +84,7 @@ class SystemUserSimpleSerializer(serializers.ModelSerializer):
    """
    class Meta:
        model = SystemUser
-        fields = ('id', 'name', 'username')
+        fields = ('id', 'name', 'username')
+
+
+
--- a/apps/assets/signals.py
+++ b/apps/assets/signals.py
@@ -1,5 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-from django.dispatch import Signal
-
-on_app_ready = Signal()
--- a/apps/assets/signals_handler.py
+++ b/apps/assets/signals_handler.py
@@ -1,14 +1,16 @@
 # -*- coding: utf-8 -*-
 #
-
-from django.db.models.signals import post_save, m2m_changed
+from collections import defaultdict
+from django.db.models.signals import post_save, m2m_changed, post_delete
 from django.dispatch import receiver

 from common.utils import get_logger
-from .models import Asset, SystemUser, Node
-from .tasks import update_assets_hardware_info_util, \
-    test_asset_connectability_util, push_system_user_to_node, \
-    push_node_system_users_to_asset
+from .models import Asset, SystemUser, Node, AuthBook
+from .tasks import (
+    update_assets_hardware_info_util,
+    test_asset_connectivity_util,
+    push_system_user_to_assets
+)


 logger = get_logger(__file__)
@@ -20,8 +22,8 @@ def update_asset_hardware_info_on_created(asset):


 def test_asset_conn_on_created(asset):
-    logger.debug("Test asset `{}` connectability".format(asset))
-    test_asset_connectability_util.delay([asset])
+    logger.debug("Test asset `{}` connectivity".format(asset))
+    test_asset_connectivity_util.delay([asset])


 def set_asset_root_node(asset):
@@ -31,41 +33,89 @@ def set_asset_root_node(asset):

@receiver(post_save, sender=Asset, dispatch_uid="my_unique_identifier")
 def on_asset_created_or_update(sender, instance=None, created=False, **kwargs):
-    set_asset_root_node(instance)
    if created:
        logger.info("Asset `{}` create signal received".format(instance))
        update_asset_hardware_info_on_created(instance)
        test_asset_conn_on_created(instance)

+        # 过期节点资产数量
+        nodes = instance.nodes.all()
+        Node.expire_nodes_assets_amount(nodes)
+
+
+@receiver(post_delete, sender=Asset, dispatch_uid="my_unique_identifier")
+def on_asset_delete(sender, instance=None, **kwargs):
+    # 过期节点资产数量
+    nodes = instance.nodes.all()
+    Node.expire_nodes_assets_amount(nodes)
+

@receiver(post_save, sender=SystemUser, dispatch_uid="my_unique_identifier")
 def on_system_user_update(sender, instance=None, created=True, **kwargs):
    if instance and not created:
-        for node in instance.nodes.all():
-            push_system_user_to_node(instance, node)
+        logger.info("System user `{}` update signal received".format(instance))
+        assets = instance.assets.all()
+        push_system_user_to_assets.delay(instance, assets)


@receiver(m2m_changed, sender=SystemUser.nodes.through)
-def on_system_user_node_change(sender, instance=None, **kwargs):
+def on_system_user_nodes_change(sender, instance=None, **kwargs):
    if instance and kwargs["action"] == "post_add":
-        for pk in kwargs['pk_set']:
-            node = kwargs['model'].objects.get(pk=pk)
-            push_system_user_to_node(instance, node)
+        assets = set()
+        nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+        for node in nodes:
+            assets.update(set(node.get_all_assets()))
+        instance.assets.add(*tuple(assets))
+
+
+@receiver(m2m_changed, sender=SystemUser.assets.through)
+def on_system_user_assets_change(sender, instance=None, **kwargs):
+    if instance and kwargs["action"] == "post_add":
+        assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+        push_system_user_to_assets.delay(instance, assets)


@receiver(m2m_changed, sender=Asset.nodes.through)
 def on_asset_node_changed(sender, instance=None, **kwargs):
-    if isinstance(instance, Asset) and kwargs['action'] == 'post_add':
-        logger.debug("Asset node change signal received")
-        for pk in kwargs['pk_set']:
-            node = kwargs['model'].objects.get(pk=pk)
-            push_node_system_users_to_asset(node, [instance])
+    logger.debug("Asset nodes change signal received")
+    if isinstance(instance, Asset):
+        if kwargs['action'] == 'pre_remove':
+            nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+            Node.expire_nodes_assets_amount(nodes)
+        if kwargs['action'] == 'post_add':
+            nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+            Node.expire_nodes_assets_amount(nodes)
+            system_users_assets = defaultdict(set)
+            system_users = SystemUser.objects.filter(nodes__in=nodes)
+            # 清理节点缓存
+            for system_user in system_users:
+                system_users_assets[system_user].update({instance})
+            for system_user, assets in system_users_assets.items():
+                system_user.assets.add(*tuple(assets))


@receiver(m2m_changed, sender=Asset.nodes.through)
 def on_node_assets_changed(sender, instance=None, **kwargs):
-    if isinstance(instance, Node) and kwargs['action'] == 'post_add':
-        logger.debug("Node assets change signal received")
+    if isinstance(instance, Node):
+        logger.debug("Node assets change signal {} received".format(instance))
+        # 当节点和资产关系发生改变时，过期资产数量缓存
+        instance.expire_assets_amount()
        assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
-        push_node_system_users_to_asset(instance, assets)
+        if kwargs['action'] == 'post_add':
+            # 重新关联系统用户和资产的关系
+            system_users = SystemUser.objects.filter(nodes=instance)
+            for system_user in system_users:
+                system_user.assets.add(*tuple(assets))

+
+@receiver(post_save, sender=Node)
+def on_node_update_or_created(sender, instance=None, created=False, **kwargs):
+    if instance and not created:
+        instance.expire_full_value()
+
+
+@receiver(post_save, sender=AuthBook)
+def on_auth_book_created(sender, instance=None, created=False, **kwargs):
+    if created:
+        logger.debug('Receive create auth book object signal.')
+        instance.set_version_and_latest()
--- a/apps/assets/tasks.py
+++ b/apps/assets/tasks.py
@@ -4,14 +4,15 @@ import re
 import os

 from celery import shared_task
-from django.core.cache import cache
 from django.utils.translation import ugettext as _
+from django.core.cache import cache

-from common.utils import get_object_or_none, capacity_convert, \
-    sum_capacity, encrypt_password, get_logger
-from ops.celery.utils import register_as_period_task, after_app_shutdown_clean, \
-    after_app_ready_start
-from ops.celery import app as celery_app
+from common.utils import (
+    capacity_convert, sum_capacity, encrypt_password, get_logger
+)
+from ops.celery.decorator import (
+    register_as_period_task, after_app_shutdown_clean_periodic
+)

 from .models import SystemUser, AdminUser, Asset
 from . import const
@@ -20,34 +21,57 @@ from . import const
 FORKS = 10
 TIMEOUT = 60
 logger = get_logger(__file__)
-CACHE_MAX_TIME = 60*60*60
+CACHE_MAX_TIME = 60*60*2
 disk_pattern = re.compile(r'^hd|sd|xvd|vd')
 PERIOD_TASK = os.environ.get("PERIOD_TASK", "on")


+def check_asset_can_run_ansible(asset):
+    if not asset.is_active:
+        msg = _("Asset has been disabled, skipped: {}").format(asset)
+        logger.info(msg)
+        return False
+    if not asset.support_ansible():
+        msg = _("Asset may not be support ansible, skipped: {}").format(asset)
+        logger.info(msg)
+        return False
+    return True
+
+
+def clean_hosts(assets):
+    clean_assets = []
+    for asset in assets:
+        if not check_asset_can_run_ansible(asset):
+            continue
+        clean_assets.append(asset)
+    if not clean_assets:
+        print(_("No assets matched, stop task"))
+    return clean_assets
+
+
@shared_task
-def set_assets_hardware_info(result, **kwargs):
+def set_assets_hardware_info(assets, result, **kwargs):
    """
    Using ops task run result, to update asset info

    @shared_task must be exit, because we using it as a task callback, is must
    be a celery task also
+    :param assets:
    :param result:
    :param kwargs: {task_name: ""}
    :return:
    """
    result_raw = result[0]
    assets_updated = []
-    for hostname, info in result_raw.get('ok', {}).items():
+    success_result = result_raw.get('ok', {})
+
+    for asset in assets:
+        hostname = asset.hostname
+        info = success_result.get(hostname, {})
        info = info.get('setup', {}).get('ansible_facts', {})
        if not info:
-            logger.error("Get asset info failed: {}".format(hostname))
+            logger.error(_("Get asset info failed: {}").format(hostname))
            continue
-
-        asset = get_object_or_none(Asset, hostname=hostname)
-        if not asset:
-            continue
-
        ___vendor = info.get('ansible_system_vendor', 'Unknown')
        ___model = info.get('ansible_product_name', 'Unknown')
        ___sn = info.get('ansible_product_serial', 'Unknown')
@@ -59,8 +83,12 @@ def set_assets_hardware_info(result, **kwargs):
            ___cpu_model = 'Unknown'
        ___cpu_model = ___cpu_model[:64]
        ___cpu_count = info.get('ansible_processor_count', 0)
-        ___cpu_cores = info.get('ansible_processor_cores', None) or len(info.get('ansible_processor', []))
-        ___memory = '%s %s' % capacity_convert('{} MB'.format(info.get('ansible_memtotal_mb')))
+        ___cpu_cores = info.get('ansible_processor_cores', None) or \
+                       len(info.get('ansible_processor', []))
+        ___cpu_vcpus = info.get('ansible_processor_vcpus', 0)
+        ___memory = '%s %s' % capacity_convert(
+            '{} MB'.format(info.get('ansible_memtotal_mb'))
+        )
        disk_info = {}
        for dev, dev_info in info.get('ansible_devices', {}).items():
            if disk_pattern.match(dev) and dev_info['removable'] == '0':
@@ -92,32 +120,30 @@ def update_assets_hardware_info_util(assets, task_name=None):
    """
    from ops.utils import update_or_create_ansible_task
    if task_name is None:
-        # task_name = _("Update some assets hardware info")
-        task_name = _("更新资产硬件信息")
+        task_name = _("Update some assets hardware info")
    tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
-    hostname_list = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
+    hosts = clean_hosts(assets)
+    if not hosts:
+        return {}
+    created_by = str(assets[0].org_id)
    task, created = update_or_create_ansible_task(
-        task_name, hosts=hostname_list, tasks=tasks, pattern='all',
-        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
+        task_name, hosts=hosts, tasks=tasks, created_by=created_by,
+        pattern='all', options=const.TASK_OPTIONS, run_as_admin=True,
    )
    result = task.run()
-    # Todo: may be somewhere using
-    # Manual run callback function
-    set_assets_hardware_info(result)
+    set_assets_hardware_info(assets, result)
    return result


@shared_task
 def update_asset_hardware_info_manual(asset):
-    # task_name = _("Update asset hardware info")
-    task_name = _("更新资产硬件信息")
-    return update_assets_hardware_info_util([asset], task_name=task_name)
+    task_name = _("Update asset hardware info: {}").format(asset.hostname)
+    update_assets_hardware_info_util(
+        [asset], task_name=task_name
+    )


-@celery_app.task
-@register_as_period_task(interval=3600)
-@after_app_ready_start
-@after_app_shutdown_clean
+@shared_task
 def update_assets_hardware_info_period():
    """
    Update asset hardware period task
@@ -127,126 +153,41 @@ def update_assets_hardware_info_period():
        logger.debug("Period task disabled, update assets hardware info pass")
        return

-    from ops.utils import update_or_create_ansible_task
-    # task_name = _("Update assets hardware info period")
-    task_name = _("定期更新资产硬件信息")
-    hostname_list = [
-        asset.hostname for asset in Asset.objects.all()
-        if asset.is_active and asset.is_unixlike()
-    ]
-    tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
-
-    # Only create, schedule by celery beat
-    update_or_create_ansible_task(
-        task_name, hosts=hostname_list, tasks=tasks, pattern='all',
-        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
-        interval=60*60*24, is_periodic=True, callback=set_assets_hardware_info.name,
-    )
-

 ##  ADMIN USER CONNECTIVE  ##

-@shared_task
-def set_admin_user_connectability_info(result, **kwargs):
-    admin_user = kwargs.get("admin_user")
-    task_name = kwargs.get("task_name")
-    if admin_user is None and task_name is not None:
-        admin_user = task_name.split(":")[-1]
-
-    raw, summary = result
-    cache_key = const.ADMIN_USER_CONN_CACHE_KEY.format(admin_user)
-    cache.set(cache_key, summary, CACHE_MAX_TIME)
-
-    for i in summary.get('contacted', []):
-        asset_conn_cache_key = const.ASSET_ADMIN_CONN_CACHE_KEY.format(i)
-        cache.set(asset_conn_cache_key, 1, CACHE_MAX_TIME)
-
-    for i, msg in summary.get('dark', {}).items():
-        asset_conn_cache_key = const.ASSET_ADMIN_CONN_CACHE_KEY.format(i)
-        cache.set(asset_conn_cache_key, 0, CACHE_MAX_TIME)
-        logger.error(msg)
-

@shared_task
-def test_admin_user_connectability_util(admin_user, task_name):
-    """
-    Test asset admin user can connect or not. Using ansible api do that
-    :param admin_user:
-    :param task_name:
-    :return:
-    """
-    from ops.utils import update_or_create_ansible_task
-
-    assets = admin_user.get_related_assets()
-    hosts = [asset.hostname for asset in assets
-             if asset.is_active and asset.is_unixlike()]
-    if not hosts:
-        return
-    tasks = const.TEST_ADMIN_USER_CONN_TASKS
-    task, created = update_or_create_ansible_task(
-        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
-        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
-    )
-    result = task.run()
-    set_admin_user_connectability_info(result, admin_user=admin_user.name)
-    return result
-
-
-@celery_app.task
-@register_as_period_task(interval=3600)
-@after_app_ready_start
-@after_app_shutdown_clean
-def test_admin_user_connectability_period():
-    """
-    A period task that update the ansible task period
-    """
-    if PERIOD_TASK != "on":
-        logger.debug("Period task disabled, test admin user connectability pass")
-        return
-
-    admin_users = AdminUser.objects.all()
-    for admin_user in admin_users:
-        # task_name = _("Test admin user connectability period: {}".format(admin_user.name))
-        task_name = _("定期测试管理账号可连接性: {}".format(admin_user.name))
-        test_admin_user_connectability_util(admin_user, task_name)
-
-
-@shared_task
-def test_admin_user_connectability_manual(admin_user):
-    # task_name = _("Test admin user connectability: {}").format(admin_user.name)
-    task_name = _("测试管理行号可连接性: {}").format(admin_user.name)
-    return test_admin_user_connectability_util(admin_user, task_name)
-
-
-@shared_task
-def test_asset_connectability_util(assets, task_name=None):
+def test_asset_connectivity_util(assets, task_name=None):
    from ops.utils import update_or_create_ansible_task

    if task_name is None:
-        # task_name = _("Test assets connectability")
-        task_name = _("测试资产可连接性")
-    hosts = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
+        task_name = _("Test assets connectivity")
+    hosts = clean_hosts(assets)
    if not hosts:
-        logger.info("No hosts, passed")
        return {}
    tasks = const.TEST_ADMIN_USER_CONN_TASKS
+    created_by = assets[0].org_id
    task, created = update_or_create_ansible_task(
        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
-        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by=created_by,
    )
    result = task.run()
    summary = result[1]
-    for k in summary.get('dark'):
-        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 0, CACHE_MAX_TIME)
-
-    for k in summary.get('contacted'):
-        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 1, CACHE_MAX_TIME)
+    for asset in assets:
+        if asset.hostname in summary.get('dark', {}):
+            asset.connectivity = asset.UNREACHABLE
+        elif asset.hostname in summary.get('contacted', []):
+            asset.connectivity = asset.REACHABLE
+        else:
+            asset.connectivity = asset.UNKNOWN
    return summary


@shared_task
-def test_asset_connectability_manual(asset):
-    summary = test_asset_connectability_util([asset])
+def test_asset_connectivity_manual(asset):
+    task_name = _("Test assets connectivity: {}").format(asset)
+    summary = test_asset_connectivity_util([asset], task_name=task_name)

    if summary.get('dark'):
        return False, summary['dark']
@@ -254,64 +195,108 @@ def test_asset_connectability_manual(asset):
        return True, ""


-##  System user connective ##
-
@shared_task
-def set_system_user_connectablity_info(result, **kwargs):
-    summary = result[1]
-    task_name = kwargs.get("task_name")
-    system_user = kwargs.get("system_user")
-    if system_user is None:
-        system_user = task_name.split(":")[-1]
-    cache_key = const.SYSTEM_USER_CONN_CACHE_KEY.format(system_user)
-    cache.set(cache_key, summary, CACHE_MAX_TIME)
-
-
-@shared_task
-def test_system_user_connectability_util(system_user, task_name):
+def test_admin_user_connectivity_util(admin_user, task_name):
    """
-    Test system cant connect his assets or not.
-    :param system_user:
+    Test asset admin user can connect or not. Using ansible api do that
+    :param admin_user:
    :param task_name:
    :return:
    """
-    from ops.utils import update_or_create_ansible_task
-    assets = system_user.assets
-    hosts = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
-    tasks = const.TEST_SYSTEM_USER_CONN_TASKS
+    assets = admin_user.get_related_assets()
+    hosts = clean_hosts(assets)
    if not hosts:
-        logger.info("No hosts, passed")
        return {}
-    task, created = update_or_create_ansible_task(
-        task_name, hosts=hosts, tasks=tasks, pattern='all',
-        options=const.TASK_OPTIONS,
-        run_as=system_user.name, created_by="System",
-    )
-    result = task.run()
-    set_system_user_connectablity_info(result, system_user=system_user.name)
-    return result
-
-
-@shared_task
-def test_system_user_connectability_manual(system_user):
-    task_name = _("Test system user connectability: {}").format(system_user)
-    return test_system_user_connectability_util(system_user, task_name)
+    summary = test_asset_connectivity_util(hosts, task_name)
+    return summary


@shared_task
@register_as_period_task(interval=3600)
-@after_app_ready_start
-@after_app_shutdown_clean
-def test_system_user_connectability_period():
+def test_admin_user_connectivity_period():
+    """
+    A period task that update the ansible task period
+    """
    if PERIOD_TASK != "on":
-        logger.debug("Period task disabled, test system user connectability pass")
+        logger.debug('Period task off, skip')
        return
+    key = '_JMS_TEST_ADMIN_USER_CONNECTIVITY_PERIOD'
+    prev_execute_time = cache.get(key)
+    if prev_execute_time:
+        logger.debug("Test admin user connectivity, less than 40 minutes, skip")
+        return
+    cache.set(key, 1, 60*40)
+    admin_users = AdminUser.objects.all()
+    for admin_user in admin_users:
+        task_name = _("Test admin user connectivity period: {}").format(admin_user.name)
+        test_admin_user_connectivity_util(admin_user, task_name)
+    cache.set(key, 1, 60*40)

+
+@shared_task
+def test_admin_user_connectivity_manual(admin_user):
+    task_name = _("Test admin user connectivity: {}").format(admin_user.name)
+    test_admin_user_connectivity_util(admin_user, task_name)
+    return True
+
+
+##  System user connective ##
+
+@shared_task
+def set_system_user_connectivity_info(system_user, result):
+    summary = result[1]
+    system_user.connectivity = summary
+
+
+@shared_task
+def test_system_user_connectivity_util(system_user, assets, task_name):
+    """
+    Test system cant connect his assets or not.
+    :param system_user:
+    :param assets:
+    :param task_name:
+    :return:
+    """
+    from ops.utils import update_or_create_ansible_task
+    tasks = const.TEST_SYSTEM_USER_CONN_TASKS
+    hosts = clean_hosts(assets)
+    if not hosts:
+        return {}
+    task, created = update_or_create_ansible_task(
+        task_name, hosts=hosts, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS,
+        run_as=system_user.username, created_by=system_user.org_id,
+    )
+    result = task.run()
+    set_system_user_connectivity_info(system_user, result)
+    return result
+
+
+@shared_task
+def test_system_user_connectivity_manual(system_user):
+    task_name = _("Test system user connectivity: {}").format(system_user)
+    assets = system_user.get_related_assets()
+    return test_system_user_connectivity_util(system_user, assets, task_name)
+
+
+@shared_task
+def test_system_user_connectivity_a_asset(system_user, asset):
+    task_name = _("Test system user connectivity: {} => {}").format(
+        system_user, asset
+    )
+    return test_system_user_connectivity_util(system_user, [asset], task_name)
+
+
+@shared_task
+def test_system_user_connectivity_period():
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, test system user connectivity pass")
+        return
    system_users = SystemUser.objects.all()
    for system_user in system_users:
-        # task_name = _("Test system user connectability period: {}".format(system_user))
-        task_name = _("定期测试系统用户可连接性: {}".format(system_user))
-        test_system_user_connectability_util(system_user, task_name)
+        task_name = _("Test system user connectivity period: {}").format(system_user)
+        assets = system_user.get_related_assets()
+        test_system_user_connectivity_util(system_user, assets, task_name)


 ####  Push system user tasks ####
@@ -333,6 +318,24 @@ def get_push_system_user_tasks(system_user):
                ),
            }
        })
+        tasks.extend([
+            {
+               'name': 'Check home dir exists',
+               'action': {
+                   'module': 'stat',
+                   'args': 'path=/home/{}'.format(system_user.username)
+               },
+               'register': 'home_existed'
+            },
+            {
+                'name': "Set home dir permission",
+                'action': {
+                    'module': 'file',
+                    'args': "path=/home/{0} owner={0} group={0} mode=700".format(system_user.username)
+                },
+                'when': 'home_existed.stat.exists == true'
+            }
+        ])
    if system_user.public_key:
        tasks.append({
            'name': 'Set {} authorized key'.format(system_user.username),
@@ -344,6 +347,12 @@ def get_push_system_user_tasks(system_user):
            }
        })
    if system_user.sudo:
+        sudo = system_user.sudo.replace('\r\n', '\n').replace('\r', '\n')
+        sudo_list = sudo.split('\n')
+        sudo_tmp = []
+        for s in sudo_list:
+            sudo_tmp.append(s.strip(','))
+        sudo = ','.join(sudo_tmp)
        tasks.append({
            'name': 'Set {} sudo setting'.format(system_user.username),
            'action': {
@@ -351,8 +360,7 @@ def get_push_system_user_tasks(system_user):
                'args': "dest=/etc/sudoers state=present regexp='^{0} ALL=' "
                        "line='{0} ALL=(ALL) NOPASSWD: {1}' "
                        "validate='visudo -cf %s'".format(
-                    system_user.username,
-                    system_user.sudo,
+                    system_user.username, sudo,
                )
            }
        })
@@ -360,84 +368,102 @@ def get_push_system_user_tasks(system_user):


@shared_task
-def push_system_user_util(system_users, assets, task_name):
+def push_system_user_util(system_user, assets, task_name):
    from ops.utils import update_or_create_ansible_task
-    tasks = []
-    for system_user in system_users:
-        if not system_user.is_need_push():
-            msg = "push system user `{}` passed, may be not auto push or ssh " \
-                  "protocol is not ssh".format(system_user.name)
-            logger.info(msg)
-            continue
-        tasks.extend(get_push_system_user_tasks(system_user))
-
-    if not tasks:
-        logger.info("Not tasks, passed")
-        return {}
-
-    hosts = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
-    if not hosts:
-        logger.info("Not hosts, passed")
-        return {}
-    task, created = update_or_create_ansible_task(
-        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
-        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System'
-    )
-    return task.run()
-
-
-def get_node_push_system_user_task_name(system_user, node):
-
-    # return _("Push system user to node: {} => {}").format(
-    return _("推送系统用户到节点资产: {} => {}").format(
-        system_user.name,
-        node.value
-    )
-
-
-@shared_task
-def push_system_user_to_node(system_user, node):
-    logger.info("Start push system user node: {} => {}".format(system_user.name, node.value))
-    assets = node.get_all_assets()
-    task_name = get_node_push_system_user_task_name(system_user, node)
-    push_system_user_util([system_user], assets, task_name)
-
-
-@shared_task
-def push_system_user_related_nodes(system_user):
    if not system_user.is_need_push():
-        msg = "push system user `{}` passed, may be not auto push or ssh " \
-              "protocol is not ssh".format(system_user.name)
+        msg = _("Push system user task skip, auto push not enable or "
+                "protocol is not ssh: {}").format(system_user.name)
        logger.info(msg)
        return

-    nodes = system_user.nodes.all()
-    for node in nodes:
-        push_system_user_to_node(system_user, node)
+    hosts = clean_hosts(assets)
+    if not hosts:
+        return {}
+    for host in hosts:
+        system_user.load_specific_asset_auth(host)
+        tasks = get_push_system_user_tasks(system_user)
+        task, created = update_or_create_ansible_task(
+            task_name=task_name, hosts=[host], tasks=tasks, pattern='all',
+            options=const.TASK_OPTIONS, run_as_admin=True,
+            created_by=system_user.org_id,
+        )
+        task.run()


@shared_task
 def push_system_user_to_assets_manual(system_user):
-    push_system_user_related_nodes(system_user)
+    assets = system_user.get_related_assets()
+    task_name = _("Push system users to assets: {}").format(system_user.name)
+    return push_system_user_util(system_user, assets, task_name=task_name)


-def push_node_system_users_to_asset(node, assets):
-    system_users = []
-    nodes = node.ancestor_with_node
-    # 获取该节点所有父节点有的系统用户, 然后推送
-    for n in nodes:
-        system_users.extend(list(n.systemuser_set.all()))
+@shared_task
+def push_system_user_a_asset_manual(system_user, asset):
+    task_name = _("Push system users to asset: {} => {}").format(
+        system_user.name, asset
+    )
+    return push_system_user_util(system_user, [asset], task_name=task_name)

-    if system_users:
-        # task_name = _("Push system users to node: {}").format(node.value)
-        task_name = _("推送节点系统用户到新加入资产中: {}").format(node.value)
-        push_system_user_util.delay(system_users, assets, task_name)
+
+@shared_task
+def push_system_user_to_assets(system_user, assets):
+    task_name = _("Push system users to assets: {}").format(system_user.name)
+    return push_system_user_util(system_user, assets, task_name)
+
+
+@shared_task
+@after_app_shutdown_clean_periodic
+def test_system_user_connectability_period():
+    pass
+
+
+@shared_task
+@after_app_shutdown_clean_periodic
+def test_admin_user_connectability_period():
+    pass
+
+
+@shared_task
+def set_asset_user_connectivity_info(asset_user, result):
+    summary = result[1]
+    asset_user.connectivity = summary
+
+
+@shared_task
+def test_asset_user_connectivity_util(asset_user, task_name):
+    """
+    :param asset_user: <AuthBook>对象
+    :param task_name:
+    :return:
+    """
+    from ops.utils import update_or_create_ansible_task
+    tasks = const.TEST_ASSET_USER_CONN_TASKS
+    if not check_asset_can_run_ansible(asset_user.asset):
+        return
+
+    task, created = update_or_create_ansible_task(
+        task_name, hosts=[asset_user.asset], tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS,
+        run_as=asset_user.username, created_by=asset_user.org_id
+    )
+    result = task.run()
+    set_asset_user_connectivity_info(asset_user, result)
+
+
+@shared_task
+def test_asset_users_connectivity_manual(asset_users):
+    """
+    :param asset_users: <AuthBook>对象
+    """
+    for asset_user in asset_users:
+        task_name = _("Test asset user connectivity: {}").format(asset_user)
+        test_asset_user_connectivity_util(asset_user, task_name)


 # @shared_task
 # @register_as_period_task(interval=3600)
 # @after_app_ready_start
-# # @after_app_shutdown_clean
+# @after_app_shutdown_clean_periodic
 # def push_system_user_period():
 #     for system_user in SystemUser.objects.all():
 #         push_system_user_related_nodes(system_user)
--- a/apps/assets/templates/assets/_asset_group_bulk_update_modal.html
+++ b/apps/assets/templates/assets/_asset_group_bulk_update_modal.html
@@ -31,7 +31,7 @@
    <div class="form-group">
        <div class="col-sm-9 col-lg-9 col-sm-offset-2">
            <div class="checkbox checkbox-success">
-                <input type="checkbox" name="enable_otp" checked id="id_enable_otp"><label for="id_enable_otp">{% trans 'Enable-OTP' %}</label>
+                <input type="checkbox" name="enable_otp" checked id="id_enable_otp"><label for="id_enable_otp">{% trans 'Enable-MFA' %}</label>
            </div>
        </div>
    </div>
--- a/apps/assets/templates/assets/_asset_list_modal.html
+++ b/apps/assets/templates/assets/_asset_list_modal.html
@@ -1,132 +1,124 @@
 {% extends '_modal.html' %}
 {% load i18n %}
+{% load static %}

 {% block modal_class %}modal-lg{% endblock %}
 {% block modal_id %}asset_list_modal{% endblock %}
-{#{% block modal_title%}{% trans "Please select assets" %}{% endblock %}#}
+{% block modal_title%}{% trans "Asset list" %}{% endblock %}
 {% block modal_body %}
-{#<div class="btn-group" style="float: right">#}
-{#   <button data-toggle="dropdown" class="btn btn-default btn-sm dropdown-toggle">{% trans 'Label' %} <span class="caret"></span></button>#}
-{#   <ul class="dropdown-menu labels">#}
-{#       {% for label in labels %}#}
-{#           <li><a style="font-weight: bolder">{{ label.name }}:{{ label.value }}</a></li>#}
-{#       {% endfor %}#}
-{#   </ul>#}
-{#</div>#}
-<table class="table table-striped table-bordered table-hover " id="asset_modal_table" width="100%">
-   <thead>
-       <tr>
-           <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
-           <th class="text-center">{% trans 'Hostname' %}</th>
-           <th class="text-center">{% trans 'IP' %}</th>
-           <th class="text-center">{% trans 'Hardware' %}</th>
-           <th class="text-center">{% trans 'Active' %}</th>
-           <th class="text-center">{% trans 'Reachable' %}</th>
-           <th class="text-center">{% trans 'Action' %}</th>
-       </tr>
-   </thead>
-   <tbody>
-   </tbody>
-</table>
-<div id="actions" class="hide">
-   <div class="input-group">
-       <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
-           <option value="delete">{% trans 'Delete selected' %}</option>
-           <option value="update">{% trans 'Update selected' %}</option>
-           <option value="deactive">{% trans 'Deactive selected' %}</option>
-           <option value="active">{% trans 'Active selected' %}</option>
-       </select>
-       <div class="input-group-btn pull-left" style="padding-left: 5px;">
-           <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
-            {% trans 'Submit' %}
-           </button>
+<link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
+<script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
+<script src="{% static 'js/jquery.form.min.js' %}"></script>
+<style>
+.inmodal .modal-header {
+    padding: 10px 10px;
+    text-align: center;
+}
+
+#assetTree2.ztree * {
+    background-color: #f8fafb;
+}
+#assetTree2.ztree {
+    background-color: #f8fafb;
+}
+</style>
+
+<div class="wrapper wrapper-content">
+   <div class="row">
+       <div class="col-lg-3" id="split-left" style="padding-left: 3px">
+           <div class="ibox float-e-margins">
+               <div class="ibox-content mailbox-content" style="padding-top: 0;padding-left: 1px">
+                   <div class="file-manager ">
+                       <div id="assetTree2" class="ztree">
+                       </div>
+                       <div class="clearfix"></div>
+                   </div>
+               </div>
+           </div>
+       </div>
+       <div class="col-lg-9 animated fadeInRight" id="split-right">
+           <div class="mail-box-header">
+               <table class="table table-striped table-bordered table-hover " id="asset_list_modal_table" style="width: 100%">
+                   <thead>
+                       <tr>
+                           <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
+                           <th class="text-center">{% trans 'Hostname' %}</th>
+                           <th class="text-center">{% trans 'IP' %}</th>
+                       </tr>
+                   </thead>
+                   <tbody>
+                   </tbody>
+               </table>
+           </div>
       </div>
   </div>
 </div>
+
 <script>
-
-var modal_table;
-
-function initModalTable() {
-    var options = {
-        ele: $('#asset_modal_table'),
-        columnDefs: [
-            {targets: 1, createdCell: function (td, cellData, rowData) {
-                {% url 'assets:asset-detail' pk=DEFAULT_PK as the_url  %}
-                var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
-                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
-            }},
-            {targets: 3, createdCell: function (td, cellData, rowData) {
-                $(td).html(rowData.hardware_info)
-            }},
-            {targets: 4, createdCell: function (td, cellData) {
-                if (!cellData) {
-                    $(td).html('<i class="fa fa-times text-danger"></i>')
-                } else {
-                    $(td).html('<i class="fa fa-check text-navy"></i>')
-                }
-            }},
-            {targets: 5, createdCell: function (td, cellData) {
-                if (cellData === 'Unknown'){
-                    $(td).html('<i class="fa fa-circle text-warning"></i>')
-                } else if (!cellData) {
-                    $(td).html('<i class="fa fa-circle text-danger"></i>')
-                } else {
-                    $(td).html('<i class="fa fa-circle text-navy"></i>')
-                }
-            }},
-            {targets: 6, createdCell: function (td, cellData, rowData) {
-                var update_btn = '<a href="{% url "assets:asset-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
-                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
-                $(td).html(update_btn + del_btn)
-            }}
-        ],
-        ajax_url: '{% url "api-assets:asset-list" %}',
-        columns: [
-            {data: "id"}, {data: "hostname" }, {data: "ip" },
-            {data: "cpu_cores"}, {data: "is_active", orderable: false },
-            {data: "is_connective", orderable: false}, {data: "id", orderable: false }
-        ],
-        op_html: $('#actions').html()
-    };
-    modal_table = jumpserver.initServerSideDataTable(options);
-    return modal_table;
-}
-
-$(document).ready(function(){
-   initModalTable();
-}).on('click', '#btn_select_assets', function () {
-    var data_table = $('#asset_modal_table').DataTable();
-    var id_list = [];
-    data_table.rows({selected: true}).every(function(){
-        id_list.push(this.data().id);
-    });
-    var current_node;
-    var nodes = zTree.getSelectedNodes();
-    if (nodes && nodes.length === 1) {
-        current_node = nodes[0]
-    } else {
+var zTree2, asset_table2 = 0;
+function initTable2() {
+    if(asset_table2){
        return
    }

-    var data = {
-        'assets': id_list
+    var options = {
+        ele: $('#asset_list_modal_table'),
+        ajax_url: '{% url "api-assets:asset-list" %}?show_current_asset=1',
+        columns: [
+            {data: "id"}, {data: "hostname" }, {data: "ip" }
+        ],
+        pageLength: 10
    };
+    asset_table2 = jumpserver.initServerSideDataTable(options);
+    return asset_table2
+}

-    var success = function () {
-        modal_table.ajax.reload()
+function onNodeSelected2(event, treeNode) {
+    var url = asset_table2.ajax.url();
+    url = setUrlParam(url, "node_id", treeNode.meta.node.id);
+    asset_table2.ajax.url(url);
+    asset_table2.ajax.reload();
+}
+
+
+function initTree2() {
+    var url = '{% url 'api-assets:node-children-tree' %}?assets=0';
+    var setting = {
+        view: {
+            dblClickExpand: false,
+            showLine: true
+        },
+        data: {
+            simpleData: {
+                enable: true
+            }
+        },
+        async: {
+			enable: true,
+			url: url,
+			autoParam: ["id=key", "name=n", "level=lv"],
+            type: 'get'
+		},
+        callback: {
+            onSelected: onNodeSelected2
+        }
    };
+    zTree2 = $.fn.zTree.init($("#assetTree2"), setting);
+}

-    APIUpdateAttr({
-        'url': '/api/assets/v1/nodes/' + current_node.id + '/assets/add/',
-        'method': 'PUT',
-        'body': JSON.stringify(data),
-        'success': success
-    })
+
+$(document).ready(function(){
+}).on('show.bs.modal', function () {
+    initTable2();
+    initTree2();
 })
 </script>
-
 {% endblock %}
-{% block modal_confirm_id %}btn_select_assets{% endblock %}
+
+{% block modal_button %}
+    {{ block.super }}
+{% endblock %}
+{% block modal_confirm_id %}btn_asset_modal_confirm{% endblock %}
+


--- a/apps/assets/templates/assets/_asset_user_auth_modal.html
+++ b/apps/assets/templates/assets/_asset_user_auth_modal.html
@@ -0,0 +1,28 @@
+{% extends '_modal.html' %}
+{% load i18n %}
+{% block modal_id %}asset_user_auth_modal{% endblock %}
+{% block modal_title%}{% trans "Update asset user auth" %}{% endblock %}
+{% block modal_body %}
+<form class="form-horizontal" role="form" onkeydown="if(event.keyCode==13){ $('#btn_asset_user_auth_modal_confirm').trigger('click'); return false;}">
+    {% csrf_token %}
+    <div class="form-group">
+        <label class="col-sm-2 control-label">{% trans "Hostname" %}</label>
+        <div class="col-sm-10">
+            <p class="form-control-static" id="id_hostname_p"></p>
+        </div>
+    </div>
+    <div class="form-group">
+        <label class="col-sm-2 control-label">{% trans "Username" %}</label>
+        <div class="col-sm-10">
+            <p class="form-control-static" id="id_username_p"></p>
+        </div>
+    </div>
+    <div class="form-group">
+        <label class="col-sm-2 control-label">{% trans "Password" %}</label>
+        <div class="col-sm-10">
+            <input class="form-control" id="id_password" type="password" name="password" placeholder="{% trans 'Please input password' %}"/>
+        </div>
+    </div>
+</form>
+{% endblock %}
+{% block modal_confirm_id %}btn_asset_user_auth_modal_confirm{% endblock %}
--- a/apps/assets/templates/assets/_gateway_test_modal.html
+++ b/apps/assets/templates/assets/_gateway_test_modal.html
@@ -0,0 +1,18 @@
+{% extends '_modal.html' %}
+{% load i18n %}
+{% block modal_id %}gateway_test{% endblock %}
+{% block modal_title%}{% trans "Test gateway test connection" %}{% endblock %}
+{% block modal_body %}
+{% load bootstrap3 %}
+<form method="post" class="form-horizontal" action="" id="test_gateway_form" style="padding-top: 10px">
+    <div class="form-group">
+        <input id="gateway_id" name="gateway_id" hidden>
+        <label for="port" class="col-sm-2 control-label">{% trans 'SSH Port' %}</label>
+        <div class="col-sm-9" id="select2-container">
+            <input id="ssh_test_port" name="port" class="form-control">
+            <span class="help-block">{% trans 'If use nat, set the ssh real port' %}</span>
+        </div>
+    </div>
+</form>
+{% endblock %}
+{% block modal_confirm_id %}btn_gateway_test{% endblock %}
--- a/apps/assets/templates/assets/_system_user.html
+++ b/apps/assets/templates/assets/_system_user.html
@@ -36,12 +36,13 @@
                            {% endif %}
                            <h3>{% trans 'Basic' %}</h3>
                            {% bootstrap_field form.name layout="horizontal" %}
+                            {% bootstrap_field form.login_mode layout="horizontal" %}
                            {% bootstrap_field form.username layout="horizontal" %}
                            {% bootstrap_field form.priority layout="horizontal" %}
                            {% bootstrap_field form.protocol layout="horizontal" %}

+                            <h3 id="auth_title_id">{% trans 'Auth' %}</h3>
                            {% block auth %}
-                            <h3>{% trans 'Auth' %}</h3>
                            <div class="auto-generate">
                                <div class="form-group">
                                    <label for="{{ form.auto_generate_key.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto generate key' %}</label>
@@ -55,12 +56,16 @@
                                {% bootstrap_field form.private_key_file layout="horizontal" %}
                            </div>
                            <div class="form-group">
-                                <label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
+                                <label for="{{ form.auto_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
                                <div class="col-sm-8">
                                    {{ form.auto_push}}
                                </div>
                            </div>
                            {% endblock %}
+                            <div id="command-filter-block">
+                                <h3>{% trans 'Command filter' %}</h3>
+                                {% bootstrap_field form.cmd_filters layout="horizontal" %}
+                            </div>
                            <h3>{% trans 'Other' %}</h3>
                            {% bootstrap_field form.sudo layout="horizontal" %}
                            {% bootstrap_field form.shell layout="horizontal" %}
@@ -79,43 +84,90 @@
    </div>
 {% endblock %}
 {% block custom_foot_js %}
-    <script>
-        var auto_generate_key = '#'+'{{ form.auto_generate_key.id_for_label }}';
-        var protocol_id = '#' + '{{ form.protocol.id_for_label }}';
-        var password_id = '#' + '{{ form.password.id_for_label }}';
-        var private_key_id = '#' + '{{ form.private_key_file.id_for_label }}';
-        var sudo_id = '#' + '{{ form.sudo.id_for_label }}';
-        var shell_id = '#' + '{{ form.shell.id_for_label }}';
+<script>
+var protocol_id = '#' + '{{ form.protocol.id_for_label }}';
+var login_mode_id = '#' + '{{ form.login_mode.id_for_label }}';

-        var need_change_field = [auto_generate_key, private_key_id, sudo_id, shell_id] ;
+var auto_generate_key = '#'+'{{ form.auto_generate_key.id_for_label }}';
+var password_id = '#' + '{{ form.password.id_for_label }}';
+var private_key_id = '#' + '{{ form.private_key_file.id_for_label }}';
+var auto_push_id = '#' + '{{ form.auto_push.id_for_label }}';
+var sudo_id = '#' + '{{ form.sudo.id_for_label }}';
+var shell_id = '#' + '{{ form.shell.id_for_label }}';

-        function authFieldsDisplay() {
-            if ($(auto_generate_key).prop('checked')) {
-                $('.auth-fields').addClass('hidden');
-            } else {
-                $('.auth-fields').removeClass('hidden');
-            }
+var need_change_field = [
+    auto_generate_key, private_key_id, auto_push_id, sudo_id, shell_id
+];
+var need_change_field_login_mode = [
+    auto_generate_key, private_key_id, auto_push_id, password_id
+];
+
+function protocolChange() {
+    var protocol = $(protocol_id + " option:selected").text();
+    if (protocol === 'rdp' || protocol === 'vnc') {
+        $('.auth-fields').removeClass('hidden');
+        $('#command-filter-block').addClass('hidden');
+        $.each(need_change_field, function (index, value) {
+            $(value).closest('.form-group').addClass('hidden')
+        });
+    }
+    else if (protocol === 'telnet (beta)') {
+        $('.auth-fields').removeClass('hidden');
+        $('#command-filter-block').removeClass('hidden');
+        $.each(need_change_field, function (index, value) {
+            $(value).closest('.form-group').addClass('hidden')
+        });
+    }
+    else {
+        if($(login_mode_id).val() === 'manual'){
+            $(sudo_id).closest('.form-group').removeClass('hidden');
+            $(shell_id).closest('.form-group').removeClass('hidden');
+            return
        }
+        authFieldsDisplay();
+        $('#command-filter-block').removeClass('hidden');
+        $.each(need_change_field, function (index, value) {
+            $(value).closest('.form-group').removeClass('hidden')
+        });
+    }
+}

-        function protocolChange() {
-            if ($(protocol_id).attr('value') === 'rdp') {
-                $.each(need_change_field, function (index, value) {
-                    $(value).addClass('hidden')
-                });
-                $(password_id).removeClass('hidden')
-            } else {
-                $.each(need_change_field, function (index, value) {
-                    $(value).removeClass('hidden')
-                });
-            }
-        }
-        $(document).ready(function () {
-            $('.select2').select2();
-            authFieldsDisplay();
-            protocolChange();
-            $(auto_generate_key).change(function () {
-                authFieldsDisplay();
-            });
+function authFieldsDisplay() {
+    if ($(auto_generate_key).prop('checked')) {
+        $('.auth-fields').addClass('hidden');
+    } else {
+        $('.auth-fields').removeClass('hidden');
+    }
+}
+function loginModeChange(){
+    if ($(login_mode_id).val() === 'manual'){
+        $('#auth_title_id').addClass('hidden');
+        $.each(need_change_field_login_mode, function(index, value){
+            $(value).closest('.form-group').addClass('hidden')
        })
-    </script>
+    }
+    else if($(login_mode_id).val() === 'auto'){
+        $('#auth_title_id').removeClass('hidden');
+        $(password_id).closest('.form-group').removeClass('hidden')
+        protocolChange();
+    }
+}
+
+$(document).ready(function () {
+    $('.select2').select2();
+    authFieldsDisplay();
+    protocolChange();
+    loginModeChange();
+})
+.on('change', protocol_id, function(){
+    protocolChange();
+})
+.on('change', auto_generate_key, function(){
+    authFieldsDisplay();
+})
+.on('change', login_mode_id, function(){
+    loginModeChange();
+})
+
+</script>
 {% endblock %}
--- a/apps/assets/templates/assets/_user_asset_detail_modal.html
+++ b/apps/assets/templates/assets/_user_asset_detail_modal.html
@@ -0,0 +1,24 @@
+{% extends '_modal.html' %}
+{% load i18n %}
+{% load static %}
+<style>
+    .modal-body {
+        background-color: white !important;
+    }
+</style>
+{% block modal_id %}user_asset_detail_modal{% endblock %}
+
+{% block modal_title %}{% trans "Asset detail" %}{% endblock %}
+
+{% block modal_body %}
+    <div class="ibox-content" style="background-color: inherit">
+        <table class="table">
+            <tbody id="asset_detail_tbody">
+            </tbody>
+        </table>
+    </div>
+{% endblock %}
+
+{% block modal_button %}
+<button data-dismiss="modal" class="btn btn-white" type="button">{% trans "Close" %}</button>
+{% endblock %}
--- a/apps/assets/templates/assets/admin_user_assets.html
+++ b/apps/assets/templates/assets/admin_user_assets.html
@@ -45,13 +45,11 @@
                                    <table class="table table-striped table-bordered table-hover" id="asset_list_table">
                                        <thead>
                                            <tr>
-                                                <th class="text-center">
-                                                    <input type="checkbox" id="check_all" class="ipt_check_all" >
-                                                </th>
                                                <th>{% trans 'Hostname' %}</th>
                                                <th>{% trans 'IP' %}</th>
                                                <th>{% trans 'Port' %}</th>
                                                <th>{% trans 'Reachable' %}</th>
+                                                <th>{% trans 'Action' %}</th>
                                            </tr>
                                        </thead>
                                        <tbody>
@@ -86,45 +84,68 @@
            </div>
        </div>
    </div>
+   {% include 'assets/_asset_user_auth_modal.html' %}
 {% endblock %}
 {% block custom_foot_js %}
 <script>

 function initTable() {
+    var reachable = {{ admin_user.REACHABLE }};
+    var unreachable = {{ admin_user.UNREACHABLE }};
    var options = {
 		ele: $('#asset_list_table'),
 		buttons: [],
 		order: [],
 		columnDefs: [
-			{targets: 1, createdCell: function (td, cellData, rowData) {
+			{targets: 0, createdCell: function (td, cellData, rowData) {
+			    cellData = htmlEscape(cellData);
 				var detail_btn = '<a href="{% url "assets:asset-detail" pk=DEFAULT_PK %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
 				$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
 			}},
-			{targets: 4, createdCell: function (td, cellData) {
-				if (!cellData) {
+			{targets: 3, createdCell: function (td, cellData) {
+				if (cellData === unreachable) {
 					$(td).html('<i class="fa fa-times text-danger"></i>')
-				} else {
+				} else if (cellData === reachable) {
 					$(td).html('<i class="fa fa-check text-navy"></i>')
-				}
-			}}],
-		ajax_url: '{% url "api-assets:asset-list" %}?admin_user_id={{ admin_user.id }}',
+				} else {
+                    $(td).html('')
+                }
+			}},
+            {targets: 4, createdCell: function (td, cellData, rowData) {
+                var test_btn = ' <a class="btn btn-xs btn-info btn-test-asset" data-uid="{{ DEFAULT_PK }}" >{% trans "Test" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
+                var update_auth_btn = ' <a class="btn btn-xs btn-primary btn-update-asset-user-auth" data-aid="{{ DEFAULT_PK }}" data-hostname="hostname777">{% trans "Update auth" %}</a>'.replace("{{ DEFAULT_PK }}", cellData).replace("hostname777", rowData.hostname);
+                $(td).html(test_btn + update_auth_btn);
+			}}
+        ],
+
+		ajax_url: '{% url "api-assets:admin-user-assets" pk=admin_user.id %}',
 		columns: [
-		    {data: function(){return ""}}, {data: "hostname" }, {data: "ip" },
-            {data: "port" },  {data: "is_connective" }],
+		    {data: "hostname" }, {data: "ip" },
+            {data: "port" },  {data: "connectivity" }, {data: "id"}],
 		op_html: $('#actions').html()
 	};
 	jumpserver.initServerSideDataTable(options);
 }

+function initAssetUserAuthModalForm(hostname, username){
+    $('#id_hostname_p').html(hostname);
+    $('#id_username_p').html(username);
+    $('#id_password').parent().removeClass('has-error');
+    $('#id_password').val('');
+}
+
+var assetId ;
+
 $(document).ready(function () {
 	initTable();
 })
-.on('click', '.btn-test-connective', function () {
-    var the_url = "{% url 'api-assets:admin-user-connective' pk=admin_user.id %}";
+.on('click', '.btn-test-asset', function () {
+    var asset_id = $(this).data('uid');
+    var the_url = "{% url 'api-assets:asset-alive-test' pk=DEFAULT_PK %}".replace('{{ DEFAULT_PK }}', asset_id);
    var success = function (data) {
        var task_id = data.task;
        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
-        window.open(url, '', 'width=800,height=600')
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
    };
    APIUpdateAttr({
        url: the_url,
@@ -133,5 +154,52 @@ $(document).ready(function () {
        flash_message: false
    });
 })
+.on('click', '.btn-test-connective', function () {
+    var the_url = "{% url 'api-assets:admin-user-connective' pk=admin_user.id %}";
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success,
+        flash_message: false
+    });
+})
+.on('click', '.btn-update-asset-user-auth', function() {
+    assetId = $(this).data('aid');
+    var hostname = $(this).data('hostname');
+    var username = '{{ admin_user.username }}';
+    initAssetUserAuthModalForm(hostname, username);
+    $("#asset_user_auth_modal").modal();
+})
+.on('click', '#btn_asset_user_auth_modal_confirm', function(){
+    var password = $('#id_password').val();
+    if (password){
+        var data = {
+            'name': "{{ admin_user.username }}",
+            'asset': assetId,
+            'username': "{{ admin_user.username }}",
+            'password': password
+        };
+        formSubmit({
+            data: data,
+            url: "{% url 'api-assets:asset-user-list' %}",
+            method: 'POST',
+            success: function () {
+                toastr.success("{% trans 'Update successfully!' %}");
+            },
+            error: function () {
+                toastr.error("{% trans 'Update failed!' %}");
+            }
+        });
+        $("#asset_user_auth_modal").modal('hide');
+    }
+    else{
+        $('#id_password').parent().addClass('has-error');
+    }
+})
 </script>
 {% endblock %}
--- a/apps/assets/templates/assets/admin_user_detail.html
+++ b/apps/assets/templates/assets/admin_user_detail.html
@@ -90,7 +90,7 @@
                                                <td colspan="2" class="no-borders">
                                                    <select data-placeholder="{% trans 'Select nodes' %}"  id="nodes_selected"  class="select2" style="width: 100%" multiple="" tabindex="4">
                                                        {% for node in nodes %}
-                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node.value }}</option>
+                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node }}</option>
                                                        {% endfor %}
                                                    </select>
                                                </td>
--- a/apps/assets/templates/assets/admin_user_list.html
+++ b/apps/assets/templates/assets/admin_user_list.html
@@ -5,8 +5,11 @@

 {% block help_message %}
    <div class="alert alert-info help-message">
-    管理用户是服务器的root，或拥有 NOPASSWD: ALL sudo权限的用户，Jumpserver使用该用户来 `推送系统用户`、`获取资产硬件信息`等。
-    Windows或其它硬件可以随意设置一个
+{#    管理用户是资产（被控服务器）上的root，或拥有 NOPASSWD: ALL sudo权限的用户，Jumpserver使用该用户来 `推送系统用户`、`获取资产硬件信息`等。#}
+{#    Windows或其它硬件可以随意设置一个#}
+    {% trans 'Admin users are asset (charged server) on the root, or have NOPASSWD: ALL sudo permissions users, '%}
+    {% trans 'Jumpserver users of the system using the user to `push system user`,  `get assets hardware information`, etc. '%}
+    {% trans 'You can set any one for Windows or other hardware.' %}
    </div>
 {% endblock %}

@@ -41,9 +44,10 @@ $(document).ready(function(){
    var options = {
        ele: $('#admin_user_list_table'),
        columnDefs: [
-            {targets: 1, createdCell: function (td, cellData, rowData) {
+            {targets: 1, render: function (cellData, tp, rowData, meta) {
+                cellData = htmlEscape(cellData);
                var detail_btn = '<a href="{% url "assets:admin-user-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
-                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+                return detail_btn.replace('{{ DEFAULT_PK }}', rowData.id);
            }},
            {targets: 4, createdCell: function (td, cellData) {
                var innerHtml = "";
@@ -79,7 +83,6 @@ $(document).ready(function(){
                    innerHtml = "<span class='text-danger'>" + num.toFixed(1) + "% </span>";
                }
                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
-
            }},
            {targets: 8, createdCell: function (td, cellData, rowData) {
                var update_btn = '<a href="{% url "assets:admin-user-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
@@ -87,10 +90,10 @@ $(document).ready(function(){
                $(td).html(update_btn + del_btn)
             }}],
        ajax_url: '{% url "api-assets:admin-user-list" %}',
-        columns: [{data: function(){return ""}}, {data: "name" }, {data: "username" }, {data: "assets_amount" },
-                  {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment" }, {data: "id" }]
+        columns: [{data: function(){return ""}}, {data: "name"}, {data: "username" }, {data: "assets_amount" },
+                  {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment"}, {data: "id"}]
    };
-    jumpserver.initDataTable(options);
+    jumpserver.initServerSideDataTable(options)
 })

 .on('click', '.btn_admin_user_delete', function () {
@@ -107,6 +110,3 @@ $(document).ready(function(){
 });
 </script>
 {% endblock %}
-
-
-
--- a/apps/assets/templates/assets/asset_asset_user_list.html
+++ b/apps/assets/templates/assets/asset_asset_user_list.html
@@ -0,0 +1,218 @@
+{% extends 'base.html' %}
+{% load common_tags %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'assets:asset-detail' pk=asset.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Asset detail' %}</a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'assets:asset-user-list' pk=asset.id %}" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'Asset user list' %}</a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-8" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span style="float: left">{% trans 'Asset users of' %} <b>{{ asset.hostname }} </b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table table-hover" id="asset_user_list">
+                                        <thead>
+                                        <tr>
+                                            <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
+                                            <th class="text-center">{% trans 'Username' %}</th>
+                                            <th class="text-center">{% trans 'Password version' %}</th>
+                                            <th class="text-center">{% trans 'Reachable' %}</th>
+                                            <th class="text-center">{% trans 'Date updated' %}</th>
+                                            <th class="text-center">{% trans 'Action' %}</th>
+                                        </tr>
+                                        </thead>
+                                        <tbody>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
+                            <div class="panel panel-primary">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Quick modify' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table">
+                                        <tbody>
+                                        {% if asset.protocol == 'ssh' %}
+                                            <tr class="no-borders-tr">
+                                                <td>{% trans 'Test connective' %}:</td>
+                                                <td>
+                                                    <span class="pull-right">
+                                                        <button type="button" class="btn btn-primary btn-xs" id="btn-bulk-test-connective" style="width: 54px">{% trans 'Test' %}</button>
+                                                    </span>
+                                                </td>
+                                            </tr>
+                                        {% endif %}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+    {% include 'assets/_asset_user_auth_modal.html' %}
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initAssetUserAuthModalForm(hostname){
+    $('#id_hostname_p').html(hostname);
+    $('#id_username_p').html(username);
+    $('#id_password').parent().removeClass('has-error');
+    $('#id_password').val('');
+}
+function initAssetUserTable() {
+    var reachable = {{ asset.admin_user.REACHABLE }};
+    var unreachable = {{ asset.admin_user.UNREACHABLE }};
+    var options = {
+        ele: $('#asset_user_list'),
+        buttons: [],
+        order: [],
+        columnDefs: [
+            {targets: 3, createdCell: function (td, cellData) {
+                if (cellData === unreachable) {
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                } else if (cellData === reachable) {
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                } else {
+                    $(td).html('')
+                }
+            }},
+            {targets: 4, createdCell: function (td, cellData) {
+                $(td).html(cellData.slice(0, -6));
+            }},
+            {targets: 5, createdCell: function (td, cellData) {
+                var update_auth_btn = ' <a class="btn btn-xs btn-primary btn-update-asset-user-auth" data-username="DEFAULT_USERNAME">{% trans "Update auth" %}</a>'.replace("DEFAULT_USERNAME", cellData);
+                {% if asset.protocol == 'ssh' %}
+                    var test_btn = ' <a class="btn btn-xs btn-info btn-test-connective" data-username="DEFAULT_USERNAME">{% trans "Test" %}</a>'.replace("DEFAULT_USERNAME", cellData);
+                    $(td).html(test_btn + update_auth_btn);
+                {% else %}
+                    $(td).html(update_auth_btn);
+                {% endif %}
+                {#var check_btn = ' <a class="btn btn-xs btn-info btn-check-asset-user-auth" data-username="DEFAULT_USERNAME">{% trans "Check auth" %}</a>'.replace("DEFAULT_USERNAME", cellData);#}
+
+            }}
+        ],
+        ajax_url: '{% url "api-assets:asset-user-list" %}' + '?asset_id={{ asset.id }}',
+        columns: [
+            {data: function (){return ''}}, {data: "username" },
+            {data: "version"}, {data: "connectivity"}, {data: "date_updated"},
+            {data: "username", orderable: false}
+        ],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}
+var username;
+$(document).ready(function () {
+    initAssetUserTable();
+})
+{#.on('click', '.btn-check-asset-user-auth', function(){#}
+{#    var username = $(this).data('username');#}
+{#    var the_url = "{% url 'api-assets:asset-user-auth-info' %}" + '?asset_id={{ asset.id }}' + '&username=' + username;#}
+{#    $.ajax({#}
+{#        url: the_url,#}
+{#        method: 'GET',#}
+{#        success: function (data) {#}
+{#            alert("Password: " + data.password);#}
+{#        }#}
+{#    });#}
+{# })#}
+.on('click', '.btn-update-asset-user-auth', function() {
+    username = $(this).data('username');
+    var hostname = "{{ asset.hostname }}";
+    initAssetUserAuthModalForm(hostname, username);
+    $("#asset_user_auth_modal").modal();
+})
+.on('click', '#btn_asset_user_auth_modal_confirm', function(){
+    var password = $('#id_password').val();
+    if (password){
+        var data = {
+            'name': username,
+            'asset': "{{ asset.id }}",
+            'username': username,
+            'password': password
+        };
+        formSubmit({
+            data: data,
+            url: "{% url 'api-assets:asset-user-list' %}",
+            method: 'POST',
+            success: function () {
+                toastr.success("{% trans 'Update successfully!' %}");
+            },
+            error: function () {
+                toastr.error("{% trans 'Update failed!' %}");
+            }
+        });
+        $("#asset_user_auth_modal").modal('hide');
+    }
+    else{
+        $('#id_password').parent().addClass('has-error');
+    }
+})
+.on('click', '.btn-test-connective', function () {
+    var username = $(this).data('username');
+    var the_url = "{% url 'api-assets:asset-user-connective' %}" + "?asset_id={{ asset.id }}" + "&username=" + username;
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success,
+        flash_message: false
+    });
+})
+.on('click', '#btn-bulk-test-connective', function () {
+    var the_url = "{% url 'api-assets:asset-user-connective' %}" + "?asset_id={{ asset.id }}";
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success,
+        flash_message: false
+    });
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/asset_bulk_update.html
+++ b/apps/assets/templates/assets/asset_bulk_update.html
@@ -5,9 +5,9 @@

 {% block form %}
 <div class="ydxbd" id="formlists" style="display: block;">
-    <p id="tags_p" class="mgl-5 c02">选择需要修改属性</p>
+    <p id="tags_p" class="mgl-5 c02">{% trans 'Select properties that need to be modified' %}</p>
    <div class="tagBtnList">
-        <a class="label label-primary" id="change_all" value="1">全选</a>
+        <a class="label label-primary" id="change_all" value="1">{% trans 'Select all' %}</a>
        {% for field in form %}
            {% if field.name != 'assets' %}
             <a data-id="{{ field.id_for_label }}" class="label label-default label-primary field-tag" value="1">{{ field.label }}</a>
--- a/apps/assets/templates/assets/asset_create.html
+++ b/apps/assets/templates/assets/asset_create.html
@@ -16,6 +16,7 @@
    <h3>{% trans 'Basic' %}</h3>
    {% bootstrap_field form.hostname layout="horizontal" %}
    {% bootstrap_field form.ip layout="horizontal" %}
+    {% bootstrap_field form.protocol layout="horizontal" %}
    {% bootstrap_field form.port layout="horizontal" %}
    {% bootstrap_field form.platform layout="horizontal" %}
    {% bootstrap_field form.public_ip layout="horizontal" %}
@@ -34,7 +35,7 @@
    <div class="form-group {% if form.errors.labels %} has-error {% endif %}">
        <label for="{{ form.labels.id_for_label }}" class="col-md-2 control-label">{% trans 'Label' %}</label>
        <div class="col-md-9">
-            <select name="labels" class="select2 labels" data-placeholder="{% trans 'Select labels' %}" style="width: 100%" multiple="" tabindex="4" id="{{ form.labels.id_for_label }}">
+            <select name="labels" class="select2 labels" data-placeholder="{% trans 'Label' %}" style="width: 100%" multiple="" tabindex="4" id="{{ form.labels.id_for_label }}">
                {% for name, labels in form.labels.field.queryset|group_labels %}
                <optgroup label="{{ name }}">
                    {% for label in labels %}
@@ -85,6 +86,23 @@ $(document).ready(function () {
        allowClear: true,
        templateSelection: format
    });
+    $('#id_nodes.select2').select2({
+        closeOnSelect: false
+    });
+    $("#id_protocol").change(function (){
+        var protocol = $("#id_protocol option:selected").text();
+        var port = 22;
+        if(protocol === 'rdp'){
+            port = 3389;
+        }
+        else if(protocol === 'telnet (beta)'){
+            port = 23;
+        }
+        else if(protocol === 'vnc'){
+            port = 5901;
+        }
+        $("#id_port").val(port);
+    });
 })
 </script>
 {% endblock %}
--- a/apps/assets/templates/assets/asset_detail.html
+++ b/apps/assets/templates/assets/asset_detail.html
@@ -19,6 +19,9 @@
                            <li class="active">
                                <a href="{% url 'assets:asset-detail' pk=asset.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Asset detail' %} </a>
                            </li>
+                            <li>
+                                <a href="{% url 'assets:asset-user-list' pk=asset.id %}" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'Asset user list' %} </a>
+                            </li>
                            {% if user.is_superuser %}
                            <li class="pull-right">
                                <a class="btn btn-outline btn-default" href="{% url 'assets:asset-update' pk=asset.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
@@ -32,7 +35,7 @@
                        </ul>
                    </div>
                    <div class="tab-content">
-                        <div class="col-sm-7" style="padding-left: 0">
+                        <div class="col-sm-8" style="padding-left: 0">
                            <div class="ibox float-e-margins">
                                <div class="ibox-title">
                                    <span class="label"><b>{{ asset.hostname }}</b></span>
@@ -69,10 +72,18 @@
                                            <td>{% trans 'Port' %}:</td>
                                            <td><b>{{ asset.port }}</b></td>
                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Protocol' %}:</td>
+                                            <td><b>{{ asset.protocol }}</b></td>
+                                        </tr>
                                        <tr>
                                            <td>{% trans 'Admin user' %}:</td>
                                            <td><b>{{ asset.admin_user }}</b></td>
                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Domain' %}:</td>
+                                            <td><b>{{ asset.domain|default:"" }}</b></td>
+                                        </tr>
                                        <tr>
                                            <td>{% trans 'Vendor' %}:</td>
                                            <td><b>{{ asset.vendor|default:"" }}</b></td>
@@ -130,8 +141,8 @@
                                </div>
                            </div>
                        </div>
-                        {% if user.is_superuser %}
-                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
+                        {% if user.is_superuser or user.is_org_admin %}
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
                            <div class="panel panel-primary">
                                <div class="panel-heading">
                                    <i class="fa fa-info-circle"></i> {% trans 'Quick modify' %}
@@ -155,7 +166,7 @@
                                              </span>
                                          </td>
                                        </tr>
-                                        {% if asset.is_unixlike %}
+                                        {% if asset.protocol == 'ssh' %}
                                        <tr>
                                            <td>{% trans 'Refresh hardware' %}:</td>
                                            <td>
@@ -190,7 +201,7 @@
                                                <td colspan="2" class="no-borders">
                                                    <select data-placeholder="{% trans 'Nodes' %}" id="groups_selected" class="select2 groups" style="width: 100%" multiple="" tabindex="4">
                                                        {% for node in nodes_remain %}
-                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node.name }}</option>
+                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node }}</option>
                                                        {% endfor %}
                                                    </select>
                                                </td>
@@ -204,7 +215,7 @@

                                        {% for node in asset.nodes.all %}
                                        <tr>
-                                          <td ><b class="bdg_node" data-gid={{ node.id }}>{{ node.name }}</b></td>
+                                          <td ><b class="bdg_node" data-gid={{ node.id }}>{{ node }}</b></td>
                                          <td>
                                              <button class="btn btn-danger pull-right btn-xs btn-leave-node" type="button"><i class="fa fa-minus"></i></button>
                                          </td>
@@ -305,9 +316,9 @@ $(document).ready(function () {
        success_message: success
    });
    if (status === "False") {
-            $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('True');
+        $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('True');
    }else{
-            $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('False');
+        $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('False');
    }
 }).on('click', '#btn-update-nodes', function () {
    if (Object.keys(jumpserver.nodes_selected).length === 0) {
--- a/apps/assets/templates/assets/asset_list.html
+++ b/apps/assets/templates/assets/asset_list.html
@@ -4,12 +4,14 @@

 {% block help_message %}
    <div class="alert alert-info help-message">
-    左侧是资产树，右击可以新建、删除、更改树节点，授权资产也是以节点方式组织的，右侧是属于该节点下的资产
+{#    左侧是资产树，右击可以新建、删除、更改树节点，授权资产也是以节点方式组织的，右侧是属于该节点下的资产#}
+    {% trans 'The left side is the asset tree, right click to create, delete, and change the tree node, authorization asset is also organized as a node, and the right side is the asset under that node' %}
    </div>
 {% endblock %}

 {% block custom_head_css_js %}
    <link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
+{#    <link href="https://cdn.datatables.net/1.10.19/css/jquery.dataTables.min.css" rel="stylesheet">#}
    <script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
    <script src="{% static 'js/jquery.form.min.js' %}"></script>
 	<style type="text/css">
@@ -17,20 +19,25 @@
            position:absolute;
            visibility:hidden;
            text-align: left;
-            top: 100%;
+            {#top: 100%;#}
+            top: 0;
            left: 0;
            z-index: 1000;
-            float: left;
-            padding: 5px 0;
+            {#float: left;#}
+            padding: 0 0;
            margin: 2px 0 0;
            list-style: none;
            background-clip: padding-box;
+         }
+        .dataTables_wrapper .dataTables_processing {
+            opacity: .9;
+            border: none;
        }
        div#rMenu li{
        	margin: 1px 0;
        	cursor: pointer;
-        	{#list-style: none outside none;#}
-        }
+        	list-style: none outside none;
+         }
        .dropdown a:hover {
            background-color: #f1f1f1
        }
@@ -41,13 +48,12 @@
 {% block content %}
 <div class="wrapper wrapper-content">
   <div class="row">
-       <div class="col-lg-3" id="split-left">
+       <div class="col-lg-3" id="split-left" style="padding-left: 3px">
           <div class="ibox float-e-margins">
-               <div class="ibox-content mailbox-content" style="padding-top: 0">
+               <div class="ibox-content mailbox-content" style="padding-top: 0;padding-left: 1px">
                   <div class="file-manager ">
                       <div id="assetTree" class="ztree">
                       </div>
-
                       <div class="clearfix"></div>
                   </div>
               </div>
@@ -59,57 +65,56 @@
                   <i class="fa fa-angle-left fa-x" id="toggle-icon"></i>
               </div>
           </div>
-               <div class="mail-box-header">
-                   <div class="uc pull-left m-r-5"><a class="btn btn-sm btn-primary btn-create-asset"> {% trans "Create asset" %} </a></div>
-                    <div class="html5buttons">
-                        <div class="dt-buttons btn-group">
-                            <a class="btn btn-default btn_import" data-toggle="modal" data-target="#asset_import_modal" tabindex="0">
-                                <span>{% trans "Import" %}</span>
-                            </a>
-                            <a class="btn btn-default btn_export" tabindex="0">
-                                <span>{% trans "Export" %}</span>
-                            </a>
-                        </div>
-                    </div>
-                   <div class="btn-group" style="float: right">
-                       <button data-toggle="dropdown" class="btn btn-default btn-sm dropdown-toggle">{% trans 'Label' %} <span class="caret"></span></button>
-                       <ul class="dropdown-menu labels">
-                           {% for label in labels %}
-                               <li><a style="font-weight: bolder">{{ label.name }}:{{ label.value }}</a></li>
-                           {% endfor %}
-                       </ul>
+           <div class="mail-box-header">
+               <div class="uc pull-left m-r-5"><a class="btn btn-sm btn-primary btn-create-asset"> {% trans "Create asset" %} </a></div>
+               <div class="html5buttons">
+                   <div class="dt-buttons btn-group">
+                       <a class="btn btn-default btn_import" data-toggle="modal" data-target="#asset_import_modal" tabindex="0">
+                           <span>{% trans "Import" %}</span>
+                       </a>
+                       <a class="btn btn-default btn_export" tabindex="0">
+                           <span>{% trans "Export" %}</span>
+                       </a>
                   </div>
-                   <table class="table table-striped table-bordered table-hover " id="asset_list_table" style="width: 100%">
-                       <thead>
-                           <tr>
-                               <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
-                               <th class="text-center">{% trans 'Hostname' %}</th>
-                               <th class="text-center">{% trans 'IP' %}</th>
-                               <th class="text-center">{% trans 'Hardware' %}</th>
-                               <th class="text-center">{% trans 'Active' %}</th>
-                               <th class="text-center">{% trans 'Reachable' %}</th>
-                               <th class="text-center">{% trans 'Action' %}</th>
-                           </tr>
-                       </thead>
-                       <tbody>
-                       </tbody>
-                   </table>
-                   <div id="actions" class="hide">
-                       <div class="input-group">
-                           <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
-                               <option value="delete">{% trans 'Delete selected' %}</option>
-                               <option value="update">{% trans 'Update selected' %}</option>
-                               <option value="remove">{% trans 'Remove from this node' %}</option>
-                               <option value="deactive">{% trans 'Deactive selected' %}</option>
-                               <option value="active">{% trans 'Active selected' %}</option>
-                           </select>
-                           <div class="input-group-btn pull-left" style="padding-left: 5px;">
-                               <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
-                                {% trans 'Submit' %}
-                               </button>
-                           </div>
+               </div>
+               <div class="btn-group" style="float: right">
+                  <button data-toggle="dropdown" class="btn btn-default btn-sm dropdown-toggle">{% trans 'Label' %} <span class="caret"></span></button>
+                  <ul class="dropdown-menu labels">
+                      {% for label in labels %}
+                          <li><a style="font-weight: bolder">{{ label.name }}:{{ label.value }}</a></li>
+                      {% endfor %}
+                  </ul>
+               </div>
+               <table class="table table-striped table-bordered table-hover " id="asset_list_table" style="width: 100%">
+                   <thead>
+                       <tr>
+                           <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
+                           <th class="text-center">{% trans 'Hostname' %}</th>
+                           <th class="text-center">{% trans 'IP' %}</th>
+                           <th class="text-center">{% trans 'Hardware' %}</th>
+                           <th class="text-center">{% trans 'Reachable' %}</th>
+                           <th class="text-center">{% trans 'Action' %}</th>
+                       </tr>
+                   </thead>
+                   <tbody>
+                   </tbody>
+               </table>
+               <div id="actions" class="hide">
+                   <div class="input-group">
+                       <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
+                           <option value="delete">{% trans 'Delete selected' %}</option>
+                           <option value="update">{% trans 'Update selected' %}</option>
+                           <option value="remove">{% trans 'Remove from this node' %}</option>
+                           <option value="deactive">{% trans 'Deactive selected' %}</option>
+                           <option value="active">{% trans 'Active selected' %}</option>
+                       </select>
+                       <div class="input-group-btn pull-left" style="padding-left: 5px;">
+                           <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
+                            {% trans 'Submit' %}
+                           </button>
                       </div>
                   </div>
+               </div>
           </div>
       </div>
   </div>
@@ -117,15 +122,22 @@

 <div id="rMenu">
    <ul class="dropdown-menu">
-        <li id="menu_asset_create" class="btn-create-asset" tabindex="-1"><a>{% trans 'Create asset' %}</a></li>
-        <li id="menu_asset_add" class="btn-add-asset" data-toggle="modal" data-target="#asset_list_modal" tabindex="0"><a>{% trans 'Add asset' %}</a></li>
-        <li id="menu_refresh_hardware_info" class="btn-refresh-hardware" tabindex="-1"><a>{% trans 'Refresh node hardware info' %}</a></li>
-        <li id="menu_test_connective" class="btn-test-connective" tabindex="-1"><a>{% trans 'Test node connective' %}</a></li>
        <li class="divider"></li>
-        <li id="m_create" tabindex="-1" onclick="addTreeNode();"><a>{% trans 'Add node' %}</a></li>
-        <li id="m_del" tabindex="-1" onclick="editTreeNode();"><a>{% trans 'Rename node' %}</a></li>
+        <li id="m_create" tabindex="-1" onclick="addTreeNode();"><a><i class="fa fa-plus-square-o"></i> {% trans 'Add node' %}</a></li>
+        <li id="m_del" tabindex="-1" onclick="editTreeNode();"><a><i class="fa fa-pencil-square-o"></i> {% trans 'Rename node' %}</a></li>
+        <li id="m_del" tabindex="-1" onclick="removeTreeNode();"><a><i class="fa fa-minus-square"></i> {% trans 'Delete node' %}</a></li>
        <li class="divider"></li>
-        <li id="m_del" tabindex="-1" onclick="removeTreeNode();"><a>{% trans 'Delete node' %}</a></li>
+        <li id="menu_asset_add" class="btn-add-asset" data-toggle="modal" data-target="#asset_list_modal" tabindex="0"><a><i class="fa fa-copy"></i> {% trans 'Add assets to node' %}</a></li>
+        <li id="menu_asset_move" class="btn-move-asset" data-toggle="modal" data-target="#asset_list_modal" tabindex="0"><a><i class="fa fa-cut"></i> {% trans 'Move assets to node' %}</a></li>
+        <li class="divider"></li>
+        <li id="menu_refresh_hardware_info" class="btn-refresh-hardware" tabindex="-1"><a><i class="fa fa-refresh"></i> {% trans 'Refresh node hardware info' %}</a></li>
+        <li id="menu_test_connective" class="btn-test-connective" tabindex="-1"><a><i class="fa fa-chain"></i> {% trans 'Test node connective' %}</a></li>
+        <li class="divider"></li>
+        <li id="menu_refresh_assets_amount" class="btn-refresh-assets-amount" tabindex="-1"><a><i class="fa fa-refresh"></i> {% trans 'Refresh all node assets amount' %}</a></li>
+        <li class="divider"></li>
+        <li id="show_current_asset" class="btn-show-current-asset" style="display: none;" tabindex="-1"><a><i class="fa fa-hand-o-up"></i> {% trans 'Display only current node assets' %}</a></li>
+        <li id="show_all_asset" class="btn-show-all-asset" style="display: none;" tabindex="-1"><a><i class="fa fa-th"></i> {% trans 'Displays all child node assets' %}</a></li>
+{#        <li id="fresh_tree" class="btn-refresh-tree" tabindex="-1"><a><i class="fa fa-refresh"></i> {% trans 'Refresh' %}</a></li>#}
    </ul>
 </div>

@@ -136,11 +148,15 @@
 {% block custom_foot_js %}
 <script>
 var zTree, rMenu, asset_table, show = 0;
+var update_node_action = "";
+var current_node_id = null;
+var current_node = null;
 function initTable() {
    var options = {
        ele: $('#asset_list_table'),
        columnDefs: [
            {targets: 1, createdCell: function (td, cellData, rowData) {
+                cellData = htmlEscape(cellData);
                {% url 'assets:asset-detail' pk=DEFAULT_PK as the_url  %}
                var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
@@ -149,22 +165,16 @@ function initTable() {
                $(td).html(rowData.hardware_info)
            }},
            {targets: 4, createdCell: function (td, cellData) {
-                if (!cellData) {
-                    $(td).html('<i class="fa fa-times text-danger"></i>')
-                } else {
-                    $(td).html('<i class="fa fa-check text-navy"></i>')
-                }
-            }},
-            {targets: 5, createdCell: function (td, cellData) {
-                if (cellData === 'Unknown'){
-                    $(td).html('<i class="fa fa-circle text-warning"></i>')
-                } else if (!cellData) {
+                if (cellData === 1){
+                    $(td).html('<i class="fa fa-circle text-navy"></i>')
+                } else if (cellData === 0) {
                    $(td).html('<i class="fa fa-circle text-danger"></i>')
                } else {
-                    $(td).html('<i class="fa fa-circle text-navy"></i>')
+                    $(td).html('<i class="fa fa-circle text-warning"></i>')
                }
            }},
-            {targets: 6, createdCell: function (td, cellData, rowData) {
+
+            {targets: 5, createdCell: function (td, cellData, rowData) {
                var update_btn = '<a href="{% url "assets:asset-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
                $(td).html(update_btn + del_btn)
@@ -173,8 +183,8 @@ function initTable() {
        ajax_url: '{% url "api-assets:asset-list" %}',
        columns: [
            {data: "id"}, {data: "hostname" }, {data: "ip" },
-            {data: "cpu_cores"}, {data: "is_active", orderable: false },
-            {data: "is_connective", orderable: false}, {data: "id", orderable: false }
+            {data: "cpu_cores", orderable: false},
+            {data: "connectivity", orderable: false}, {data: "id", orderable: false }
        ],
        op_html: $('#actions').html()
    };
@@ -188,16 +198,21 @@ function addTreeNode() {
 	if (!parentNode){
 	    return
    }
-    var url = "{% url 'api-assets:node-children' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", parentNode.id );
+    var url = "{% url 'api-assets:node-children' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", parentNode.meta.node.id);
    $.post(url,  {}, function (data, status){
        if (status === "success") {
            var newNode = {
+                id: data["key"],
                name: data["value"],
-                id: data["id"],
-                pId: parentNode.id
+                pId: parentNode.id,
+                meta: {
+                    "node": data
+                }
            };
            newNode.checked = zTree.getSelectedNodes()[0].checked;
            zTree.addNodes(parentNode, 0, newNode);
+            var node = zTree.getNodeByParam('id', newNode.id, parentNode);
+            zTree.editName(node);
        } else {
            alert("{% trans 'Create node failed' %}")
        }
@@ -210,11 +225,12 @@ function removeTreeNode() {
 	if (!current_node){
 	    return
    }
-
 	if (current_node.children && current_node.children.length > 0) {
-		alert("{% trans 'Have child node, cancel' %}")
-	} else {
-        var url = "{% url 'api-assets:node-detail' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", current_node.id );
+		toastr.error("{% trans 'Have child node, cancel' %}");
+	 } else if (current_node.meta.node.assets_amount !== 0) {
+        toastr.error("{% trans 'Have assets, cancel' %}");
+    } else {
+        var url = "{% url 'api-assets:node-detail' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", current_node_id);
 		$.ajax({
            url: url,
            method: "DELETE",
@@ -227,12 +243,12 @@ function removeTreeNode() {

 function editTreeNode() {
    hideRMenu();
-	var current_node = zTree.getSelectedNodes()[0];
-	if (!current_node){
-	    return
+    var current_node = zTree.getSelectedNodes()[0];
+    if (!current_node){
+        return
    }
-    if (current_node.value) {
-        current_node.name = current_node.value;
+    if (current_node) {
+        current_node.name = current_node.meta.node.value;
    }
    zTree.editName(current_node);
 }
@@ -249,14 +265,9 @@ function OnRightClick(event, treeId, treeNode) {

 function showRMenu(type, x, y) {
 	$("#rMenu ul").show();
-	{#if (type === "root") {#}
-	{#	return#}
-	{# } else {#}
-	{#	$("#m_del").show();#}
-	{#	$("#m_check").show();#}
-	{#	$("#m_unCheck").show();#}
-	{# }#}
    x -= 220;
+    x += document.body.scrollLeft;
+    y += document.body.scrollTop+document.documentElement.scrollTop;
    rMenu.css({"top":y+"px", "left":x+"px", "visibility":"visible"});

 	$("body").bind("mousedown", onBodyMouseDown);
@@ -279,7 +290,7 @@ function onBodyMouseDown(event){


 function onRename(event, treeId, treeNode, isCancel){
-    var url = "{% url 'api-assets:node-detail' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", treeNode.id);
+    var url = "{% url 'api-assets:node-detail' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", current_node_id);
    var data = {"value": treeNode.name};
    if (isCancel){
        return
@@ -287,19 +298,33 @@ function onRename(event, treeId, treeNode, isCancel){
    APIUpdateAttr({
        url: url,
        body: JSON.stringify(data),
-        method: "PATCH"
+        method: "PATCH",
+        success_message: "{% trans 'Rename success' %}",
+        fail_message: "{% trans 'Rename failed, do not change the root node name' %}",
+        success: function () {
+            treeNode.name = treeNode.name + ' (' + treeNode.meta.node.assets_amount + ')'
+            zTree.updateNode(treeNode);
+            console.log("Success: " + treeNode.name)
+        }
    })
 }

 function onSelected(event, treeNode) {
+    current_node = treeNode;
+    current_node_id = treeNode.meta.node.id;
+    zTree.expandNode(current_node, true);
    var url = asset_table.ajax.url();
-    url = setUrlParam(url, "node_id", treeNode.id);
-    setCookie('node_selected', treeNode.id);
+    url = setUrlParam(url, "node_id", current_node_id);
+    url = setUrlParam(url, "show_current_asset", getCookie('show_current_asset'));
+    setCookie('node_selected', treeNode.node_id);
    asset_table.ajax.url(url);
    asset_table.ajax.reload();
 }

 function selectQueryNode() {
+    // TODO: 是否应该添加
+    // 暂时忽略之前选中的内容
+    return
    var query_node_id = $.getUrlParam("node");
    var cookie_node_id = getCookie('node_selected');
    var node;
@@ -311,7 +336,7 @@ function selectQueryNode() {
        node_id = cookie_node_id;
    }

-    node = zTree.getNodesByParam("id", node_id, null);
+    node = zTree.getNodesByParam("node_id", node_id, null);
    if (node){
        zTree.selectNode(node[0]);
    }
@@ -324,15 +349,11 @@ function beforeDrag() {
 function beforeDrop(treeId, treeNodes, targetNode, moveType) {
    var treeNodesNames = [];
    $.each(treeNodes, function (index, value) {
-        treeNodesNames.push(value.value);
+        treeNodesNames.push(value.name);
    });

-    var msg = "你想移动节点: `" + treeNodesNames.join(",") + "` 到 `" + targetNode.value + "` 下吗?";
-    if (confirm(msg)){
-        return true
-    } else {
-        return false
-    }
+    var msg = "你想移动节点: `" + treeNodesNames.join(",") + "` 到 `" + targetNode.name + "` 下吗?";
+    return confirm(msg);
 }

 function onDrag(event, treeId, treeNodes) {
@@ -341,10 +362,10 @@ function onDrag(event, treeId, treeNodes) {
 function onDrop(event, treeId, treeNodes, targetNode, moveType) {
    var treeNodesIds = [];
    $.each(treeNodes, function (index, value) {
-        treeNodesIds.push(value.id);
+        treeNodesIds.push(value.meta.node.id);
    });

-    var the_url = "{% url 'api-assets:node-add-children' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", targetNode.id);
+    var the_url = "{% url 'api-assets:node-add-children' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", targetNode.meta.node.id);
    var body = {nodes: treeNodesIds};
    APIUpdateAttr({
        url: the_url,
@@ -354,6 +375,14 @@ function onDrop(event, treeId, treeNodes, targetNode, moveType) {
 }

 function initTree() {
+    if (zTree) {
+        return
+    }
+    var url = '{% url 'api-assets:node-children-tree' %}?assets=0&all=';
+    var showCurrentAsset = getCookie('show_current_asset');
+    if (!showCurrentAsset) {
+        url += '1'
+    }
    var setting = {
        view: {
            dblClickExpand: false,
@@ -364,6 +393,12 @@ function initTree() {
                enable: true
            }
        },
+        async: {
+			enable: true,
+			url: url,
+			autoParam: ["id=key", "name=n", "level=lv"],
+            type: 'get'
+		},
        edit: {
            enable: true,
 			showRemoveBtn: false,
@@ -386,21 +421,8 @@ function initTree() {
    };

    var zNodes = [];
-    $.get("{% url 'api-assets:node-list' %}", function(data, status){
-        $.each(data, function (index, value) {
-            value["pId"] = value["parent"];
-            {#if (value["key"] === "0") {#}
-            value["open"] = true;
-            {# }#}
-            value["name"] = value["value"] + ' (' + value['assets_amount'] + ')';
-            value['value'] = value['value'];
-        });
-        zNodes = data;
-        $.fn.zTree.init($("#assetTree"), setting, zNodes);
-        zTree = $.fn.zTree.getZTreeObj("assetTree");
-		rMenu = $("#rMenu");
-		selectQueryNode();
-    });
+    zTree = $.fn.zTree.init($("#assetTree"), setting, zNodes);
+    rMenu = $("#rMenu");
 }

 function toggle() {
@@ -421,6 +443,13 @@ function toggle() {
 $(document).ready(function(){
    initTable();
    initTree();
+
+    if(getCookie('show_current_asset') === '1'){
+        $('#show_all_asset').css('display', 'inline-block');
+    }
+    else{
+        $('#show_current_asset').css('display', 'inline-block');
+    }
 })
 .on('click', '.labels li', function () {
    var val = $(this).text();
@@ -430,11 +459,7 @@ $(document).ready(function(){
 .on('click', '.btn_export', function () {
    var $data_table = $('#asset_list_table').DataTable();
    var rows = $data_table.rows('.selected').data();
-    var nodes = zTree.getSelectedNodes();
-    var current_node;
-    if (nodes && nodes.length === 1) {
-        current_node = nodes[0];
-    }
+
    var assets = [];
    $.each(rows, function (index, obj) {
        assets.push(obj.id)
@@ -442,7 +467,7 @@ $(document).ready(function(){
    $.ajax({
        url: "{% url "assets:asset-export" %}",
        method: 'POST',
-        data: JSON.stringify({assets_id: assets, node_id: current_node.id}),
+        data: JSON.stringify({assets_id: assets, node_id: current_node_id}),
        dataType: "json",
        success: function (data, textStatus) {
            window.open(data.redirect)
@@ -455,11 +480,8 @@ $(document).ready(function(){
 .on('click', '#btn_asset_import', function () {
    var $form = $('#fm_asset_import');
    var action = $form.attr("action");
-    var nodes = zTree.getSelectedNodes();
-    var current_node;
-    if (nodes && nodes.length ===1 ){
-        current_node = nodes[0];
-        action += "?node_id=" + current_node.id;
+    if (current_node_id){
+        action = setUrlParam(action, 'node_id', current_node_id);
        $form.attr("action", action)
    }
    $form.find('.help-block').remove();
@@ -481,25 +503,14 @@ $(document).ready(function(){
 })
 .on('click', '.btn-create-asset', function () {
    var url = "{% url 'assets:asset-create' %}";
-    var nodes = zTree.getSelectedNodes();
-    var current_node;
-    if (nodes && nodes.length ===1 ){
-        current_node = nodes[0];
-        url += "?node_id=" + current_node.id;
+    if (current_node_id) {
+        url += "?node_id=" + current_node_id;
    }
    window.open(url, '_self');
 })
 .on('click', '.btn-refresh-hardware', function () {
    var url = "{% url 'api-assets:node-refresh-hardware-info' pk=DEFAULT_PK %}";
-    var nodes = zTree.getSelectedNodes();
-    var current_node;
-    if (nodes && nodes.length ===1 ){
-        current_node = nodes[0];
-    } else {
-        return null;
-    }
-
-    var the_url = url.replace("{{ DEFAULT_PK }}", current_node.id);
+    var the_url = url.replace("{{ DEFAULT_PK }}", current_node_id);
    function success(data) {
        rMenu.css({"visibility" : "hidden"});
        var task_id = data.task;
@@ -516,15 +527,10 @@ $(document).ready(function(){
 })
 .on('click', '.btn-test-connective', function () {
    var url = "{% url 'api-assets:node-test-connective' pk=DEFAULT_PK %}";
-    var nodes = zTree.getSelectedNodes();
-    var current_node;
-    if (nodes && nodes.length ===1 ){
-        current_node = nodes[0];
-    } else {
+    if (!current_node_id) {
        return null;
    }
-
-    var the_url = url.replace("{{ DEFAULT_PK }}", current_node.id);
+    var the_url = url.replace("{{ DEFAULT_PK }}", current_node_id);
    function success(data) {
        rMenu.css({"visibility" : "hidden"});
        var task_id = data.task;
@@ -538,6 +544,33 @@ $(document).ready(function(){
        flash_message: false
    });
 })
+.on('click', '.btn-show-current-asset', function(){
+    hideRMenu();
+    $(this).css('display', 'none');
+    $('#show_all_asset').css('display', 'inline-block');
+    setCookie('show_current_asset', '1');
+    location.reload();
+})
+.on('click', '.btn-show-all-asset', function(){
+    hideRMenu();
+    $(this).css('display', 'none');
+    $('#show_current_asset').css('display', 'inline-block');
+    setCookie('show_current_asset', '');
+    location.reload();
+})
+.on('click', '.btn-test-connective', function () {
+    hideRMenu();
+
+})
+.on('click', '#menu_refresh_assets_amount', function () {
+    hideRMenu();
+    var url = "{% url 'api-assets:refresh-assets-amount' %}";
+    APIUpdateAttr({
+        'url': url,
+        'method': 'GET'
+    });
+    window.location.reload();
+})
 .on('click', '.btn_asset_delete', function () {
    var $this = $(this);
    var $data_table = $("#asset_list_table").DataTable();
@@ -599,6 +632,7 @@ $(document).ready(function(){
            text: "{% trans 'This will delete the selected assets !!!' %}",
            type: "warning",
            showCancelButton: true,
+            cancelButtonText: "{% trans 'Cancel' %}",
            confirmButtonColor: "#DD6B55",
            confirmButtonText: "{% trans 'Confirm' %}",
            closeOnConfirm: false
@@ -624,17 +658,28 @@ $(document).ready(function(){
        });
    }
    function doUpdate() {
-        var id_list_string = id_list.join(',');
-        var url = "{% url 'assets:asset-bulk-update' %}?assets_id=" + id_list_string;
-        location.href = url
+        var data = {
+            'assets_id':id_list
+        };
+        function error(data) {
+            toastr.error(JSON.parse(data).error)
+        }
+        function success(data) {
+            location.href = data.url;
+         }
+        APIUpdateAttr({
+            'url': "{% url 'api-assets:asset-bulk-update-select' %}",
+            'method': 'POST',
+            'body': JSON.stringify(data),
+            'flash_message': false,
+            'success': success,
+             'error': error,
+        })
    }

    function doRemove() {
-        var current_node;
        var nodes = zTree.getSelectedNodes();
-        if (nodes && nodes.length === 1) {
-            current_node = nodes[0]
-        } else {
+        if (!current_node_id) {
            return
        }

@@ -647,7 +692,7 @@ $(document).ready(function(){
        };

        APIUpdateAttr({
-            'url': '/api/assets/v1/nodes/' + current_node.id + '/assets/remove/',
+            'url': '/api/assets/v1/nodes/' + current_node_id + '/assets/remove/',
            'method': 'PUT',
            'body': JSON.stringify(data),
            'success': success
@@ -673,7 +718,40 @@ $(document).ready(function(){
            break;
    }
    $(".ipt_check_all").prop("checked", false)
-});
+})
+.on('click', '#btn_asset_modal_confirm', function () {
+    var assets_selected = asset_table2.selected;
+    if (!current_node_id) {
+        return
+    }
+
+    var data = {'assets': assets_selected};
+    var success = function () {
+        asset_table2.selected = [];
+        asset_table2.ajax.reload()
+    };
+
+    var url = '';
+    if (update_node_action === "move") {
+        url = "{% url 'api-assets:node-replace-assets' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", current_node_id);
+    } else {
+        url = "{% url 'api-assets:node-add-assets' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", current_node_id);
+    }
+
+    APIUpdateAttr({
+        'url': url,
+        'method': 'PUT',
+        'body': JSON.stringify(data),
+        'success': success
+    })
+}).on('hidden.bs.modal', '#asset_list_modal', function () {
+    window.location.reload();
+}).on('click', '#menu_asset_add', function () {
+    update_node_action = "add"
+}).on('click', '#menu_asset_move', function () {
+    update_node_action = "move"
+})
+
 </script>

 {% endblock %}
--- a/apps/assets/templates/assets/asset_update.html
+++ b/apps/assets/templates/assets/asset_update.html
@@ -12,7 +12,7 @@

 {% block form %}
    <form action="" method="post" class="form-horizontal">
-    {% if form.no_field_errors %}
+    {% if form.non_field_errors %}
         <div class="alert alert-danger">
             {{ form.non_field_errors }}
         </div>
@@ -21,6 +21,7 @@
    <h3>{% trans 'Basic' %}</h3>
    {% bootstrap_field form.hostname layout="horizontal" %}
    {% bootstrap_field form.ip layout="horizontal" %}
+    {% bootstrap_field form.protocol layout="horizontal" %}
    {% bootstrap_field form.port layout="horizontal" %}
    {% bootstrap_field form.platform layout="horizontal" %}
    {% bootstrap_field form.public_ip layout="horizontal" %}
@@ -39,7 +40,7 @@
    <div class="form-group">
        <label for="{{ form.labels.id_for_label }}" class="col-md-2 control-label">{% trans 'Label' %}</label>
        <div class="col-md-9">
-            <select name="labels" class="select2 labels" data-placeholder="Select labels" style="width: 100%" multiple="" tabindex="4" id="{{ form.labels.id_for_label }}">
+            <select name="labels" class="select2 labels" data-placeholder="{% trans 'Label'  %}" style="width: 100%" multiple="" tabindex="4" id="{{ form.labels.id_for_label }}">
                {% for name, labels in form.labels.field.queryset|group_labels %}
                <optgroup label="{{ name }}">
                    {% for label in labels %}
--- a/apps/assets/templates/assets/cmd_filter_create_update.html
+++ b/apps/assets/templates/assets/cmd_filter_create_update.html
@@ -0,0 +1,20 @@
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block form %}
+<form id="groupForm" method="post" class="form-horizontal">
+    {% csrf_token %}
+    {% bootstrap_field form.name layout="horizontal" %}
+    {% bootstrap_field form.comment layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <div class="form-group">
+        <div class="col-sm-4 col-sm-offset-2">
+            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+        </div>
+    </div>
+</form>
+{% endblock %}
--- a/Show More
+++ b/Show More