Merge pull request #1905 from jumpserver/dev

支持命令过滤
[Update] 修改版本
2025-12-18 01:52:46 +00:00 · 2018-10-12 15:33:52 +08:00 · 2018-10-12 15:05:04 +08:00 · 2018-10-12 15:04:01 +08:00 · 2018-10-11 11:10:47 +08:00 · 2018-10-10 19:31:28 +08:00
603 changed files with 103643 additions and 16535 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+.git
+logs/*
+data/*
+.github
+tmp/*
+django.db
+celerybeat.pid
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,7 +1,8 @@
 [简述你的问题]

+
 ##### 使用版本
-[请提供你使用的Jumpserver版本 0.3.2 或 0.4.0]
+[请提供你使用的Jumpserver版本 1.x.x 注: 0.3.x不再提供支持]

 ##### 问题复现步骤
 1. [步骤1]
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@
 .env
 env
 env*
+venv
 dist
 build
 *.egg
@@ -24,3 +25,11 @@ tags
 jumpserver.iml
 .python-version
 tmp/*
+sessions/*
+media
+celerybeat.pid
+django.db
+celerybeat-schedule.db
+data/static
+docs/_build/
+xpack
--- a/.python-version
+++ b/.python-version
@@ -1 +0,0 @@
-system
--- a/22
+++ b/22
@@ -1,22 +0,0 @@
-FROM jumpserver/python:v3.6.1
-LABEL MAINTAINER Jumpserver Team <ibuler@qq.com>
-
-
-COPY . /opt/jumpserver
-WORKDIR /opt/jumpserver
-
-RUN yum -y install epel-release && yum clean all -y
-RUN cd requirements && yum -y install $(cat rpm_requirements.txt) && yum clean all -y
-RUN cd requirements && pip install -r requirements.txt 
-
-RUN rm -f data/db.sqlite3
-RUN rm -r .git
-RUN rm -f config.py
-
-VOLUME /opt/jumpserver/data
-VOLUME /opt/jumpserver/logs
-
-RUN cp config_docker.py config.py
-
-EXPOSE 8080
-CMD cd utils && sh make_migrations.sh && sh init_db.sh && cd .. && python run_server.py
--- a/16
+++ b/16
@@ -1,16 +0,0 @@
-FROM centos:centos6
-LABEL MAINTAINER Jumpserver Team <ibuler@qq.com>
-
-WORKDIR /tmp
-
-RUN yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel; yum clean all
-
-# Install Python
-RUN wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz && \
-    tar xvf Python-3.6.1.tar.xz  && cd Python-3.6.1 && ./configure && make && make install &&  \
-    rm -rf /tmp/{Python-3.6.1.tar.xz,Python-3.6.1}
-
-RUN mv /usr/bin/python /usr/bin/python2
-RUN ln -s /usr/local/bin/python3 /usr/bin/python && ln -s /usr/local/bin/pip3 /usr/bin/pip
-RUN sed -i 's@/usr/bin/python@/usr/bin/python2@g' /usr/bin/yum
-
--- a/README.md
+++ b/README.md
@@ -1,110 +1,52 @@
 ## Jumpserver

 [![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
-[![Django](https://img.shields.io/badge/django-1.11-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
-[![Ansible](https://img.shields.io/badge/ansible-2.2.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
-[![Paramiko](https://img.shields.io/badge/paramiko-2.1.2-green.svg?style=plastic)](http://www.paramiko.org/)
-
-Jumpserver is a open source proxy server, developed by `Python` and `Django`, aim to help 
-companies to efficiently user, assets, authority and audit management
-
-Jumpserver是一款使用Python, Django开发的开源跳板机系统, 助力互联网企业高效 用户、资产、权限、审计 管理
-
-### Feature 功能
-  - Auth 统一认证
-  - CMDB 资产管理
-  - Perm 统一授权
-  - Audit 审计
-  - LDAP AUTH 支持LDAP认证
-  - Web terminal
-  - SSH Server
+[![Django](https://img.shields.io/badge/django-2.1-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
+[![Ansible](https://img.shields.io/badge/ansible-2.4.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
+[![Paramiko](https://img.shields.io/badge/paramiko-2.4.1-green.svg?style=plastic)](http://www.paramiko.org/)


-### Environment 环境
-   * Python 3.6  
-   * Django 1.11
+----

-### Install 安装 
-Using docker compose to setup it
+Jumpserver是全球首款完全开源的堡垒机，使用GNU GPL v2.0开源协议，是符合 4A 的专业运维审计系统。

-使用docker compose 安装，一键完成，docker compose 安装见 docker官方
+Jumpserver使用Python / Django 进行开发，遵循 Web 2.0 规范，配备了业界领先的 Web Terminal 解决方案，交互界面美观、用户体验好。

-   $ docker-compose up
+Jumpserver采纳分布式架构，支持多机房跨区域部署，中心节点提供 API，各机房部署登录节点，可横向扩展、无并发限制。

-### Usage 使用
-   1. Visit http://$HOST:8080 (访问 http://你的主机IP:8080 来访问 Jumpserver)
- 
-   2. Click left navigation visit Applications-Terminal and accept coco and luna register
-      (点击左侧 应用程序接受 Coco和Luna的注册)
-   
-   3. Click Assets-Admin user, Create admin user
-      (添加 管理用户)
-   
-   4. Click Assets-System user, Create system user
-      (添加 系统用户)
-      
-   5. Click Assets-Asset, Add a asset
-      (添加 资产)
-   
-   6. Click Perms-Asset permission, Add a perm rule
-      (添加授权规则，授权给admin)
-   
-   7. Connect ssh server coco (连接 ssh server coco)
-      
-      ssh -p2222 $USER@$Host
- 
-   8. Visit web terminal server Luna, click server test connection
-      (访问 访问Luna，点击左侧服务器连接测试)
-      
-      http://$HOST:5000
-   
-   
-### Snapshot 截图
+改变世界，从一点点开始。

-    https://github.com/jumpserver/jumpserver/issues/438
+----

+### 功能

-### Demo
+ ![Jumpserver功能](https://jumpserver-release.oss-cn-hangzhou.aliyuncs.com/Jumpserver13.jpg "Jumpserver功能")

-demo使用了开发者模式，并发只能为1 
+### 开始使用

- Jumpserver: [访问](http://demo.jumpserver.org:8080)  账号: admin 密码: admin
+快速开始文档  [Docker安装](http://docs.jumpserver.org/zh/docs/dockerinstall.html)

- Luna: [访问](http://demo.jumpserver.org:5000) 同Jumpserver认证
+一步一步安装文档 [详细部署](http://docs.jumpserver.org/zh/docs/step_by_step.html)

- Coco: ssh -p 2222 admin@demo.jumpserver.org 密码: admin
+也可以查看我们完整文档包括了使用和开发 [文档](http://docs.jumpserver.org)

-### ROADMAP
+### Demo 和 截图

-参见 https://github.com/jumpserver/jumpserver/milestone/2
+我们提供了DEMO和截图可以让你快速了解Jumpserver

-### Docs 开发者文档
+[DEMO](http://demo.jumpserver.org)
+[截图](http://docs.jumpserver.org/zh/docs/snapshot.html)

+### SDK

-   * [Project structure 项目结构描述](https://github.com/jumpserver/jumpserver/blob/dev/docs/project_structure.md)
-   * [Code style Python代码规范](https://github.com/jumpserver/jumpserver/blob/dev/docs/python_style_guide.md)
-   * [Api style API设计规范](https://github.com/jumpserver/jumpserver/blob/dev/docs/api_style_guide.md)
+我们还编写了一些SDK，供你其它系统快速和Jumpserver APi交互，

-### Contributor 贡献者
-#### 0.4.0
- ibuler <广宏伟>
- 小彧 <李磊> Django资深开发者，为users模块贡献了很多代码
- sofia <周小侠> 资深前端工程师, luna前端代码贡献者和现在维护者
- liuz <刘正> 全栈工程师, 编写了luna大部分代码
- jiaxiangkong <陈尚委> Jumpserver测试运营
+- [python](https://github.com/jumpserver/jumpserver-python-sdk) Jumpserver其它组件使用这个SDK完成交互
+- [java](https://github.com/KaiJunYan/jumpserver-java-sdk.git) 恺珺同学提供的Java版本的SDK

-#### 0.3.2 
- halcyon <王墉> DevOps 资深开发者, 0.3.2 核心开发者之一
- yumaojun03 <喻茂峻> DevOps 资深开发者，jperm开发者，擅长Python, Go以及PAAS平台开发
- kelianchun <柯连春> DevOps 资产开发者，fix了很多connect.py bug
-
-### 开发者群
-如果你为Jumpserver贡献过代码，请加一下群 （需要验证一下你的github id）
-
-群号: 489385245

 ### License & Copyright
-Copyright (c) 2014-2017 Beijing Duizhan Tech, Inc., All rights reserved.
+Copyright (c) 2014-2018 Beijing Duizhan Tech, Inc., All rights reserved.

 Licensed under The GNU General Public License version 2 (GPLv2)  (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

--- a/apps/init.py
+++ b/apps/init.py
@@ -1,7 +1,5 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
-# 
+#

-
-if __name__ == '__main__':
-    pass
+__version__ = "1.4.3"
--- a/apps/applications/api.py
+++ b/apps/applications/api.py
@@ -1,103 +0,0 @@
-# -*- coding: utf-8 -*-
-# 
-
-from collections import OrderedDict
-import copy
-from rest_framework.generics import ListCreateAPIView
-from rest_framework import viewsets
-from rest_framework.views import APIView, Response
-from rest_framework.permissions import AllowAny
-from django.shortcuts import get_object_or_404
-from rest_framework.decorators import api_view
-
-from .models import Terminal, TerminalHeatbeat
-from .serializers import TerminalSerializer, TerminalHeatbeatSerializer
-from .hands import IsSuperUserOrAppUser, IsAppUser, ProxyLog, \
-    IsSuperUserOrAppUserOrUserReadonly
-from common.utils import get_object_or_none
-
-
-class TerminalRegisterView(ListCreateAPIView):
-    queryset = Terminal.objects.all()
-    serializer_class = TerminalSerializer
-    permission_classes = (AllowAny,)
-
-    def create(self, request, *args, **kwargs):
-        name = request.data.get('name', '')
-        remote_addr = request.META.get('X-Real-IP') or \
-                      request.META.get('REMOTE_ADDR')
-        serializer = self.serializer_class(
-            data={'name': name, 'remote_addr': remote_addr})
-
-        if get_object_or_none(Terminal, name=name):
-            return Response({'msg': 'Already register, Need '
-                                    'administrator active it'}, status=200)
-
-        if serializer.is_valid():
-            terminal = serializer.save()
-            app_user, access_key = terminal.create_related_app_user()
-            data = OrderedDict()
-            data['terminal'] = copy.deepcopy(serializer.data)
-            data['user'] = app_user.to_json()
-            data['access_key_id'] = access_key.id
-            data['access_key_secret'] = access_key.secret
-            return Response(data, status=201)
-        else:
-            data = {'msg': 'Not valid', 'detail': ';'.join(serializer.errors)}
-            return Response(data, status=400)
-
-    def list(self, request, *args, **kwargs):
-        return Response('', status=404)
-
-
-class TerminalViewSet(viewsets.ModelViewSet):
-    queryset = Terminal.objects.all()
-    serializer_class = TerminalSerializer
-    permission_classes = (IsSuperUserOrAppUserOrUserReadonly,)
-
-    def create(self, request, *args, **kwargs):
-        return Response({'msg': 'Use register view except that'}, status=404)
-
-    # def destroy(self, request, *args, **kwargs):
-        # instance = self.get_object()
-        # if instance.user is not None:
-        #     instance.user.delete()
-        # return super(TerminalViewSet, self).destroy(request, *args, **kwargs)
-
-tasks = OrderedDict()
-# tasks = {1: [{'name': 'kill_proxy', 'proxy_log_id': 23}]}
-
-
-class TerminalHeatbeatViewSet(viewsets.ModelViewSet):
-    queryset = TerminalHeatbeat.objects.all()
-    serializer_class = TerminalHeatbeatSerializer
-    permission_classes = (IsAppUser,)
-
-    def create(self, request, *args, **kwargs):
-        terminal = request.user.terminal
-        TerminalHeatbeat.objects.create(terminal=terminal)
-        task = tasks.get(terminal.name)
-        tasks[terminal.name] = []
-        return Response({'msg': 'Success',
-                         'tasks': task},
-                        status=201)
-
-
-class TerminateConnectionView(APIView):
-    def post(self, request, *args, **kwargs):
-        if isinstance(request.data, dict):
-            data = [request.data]
-        else:
-            data = request.data
-        for d in data:
-            proxy_log_id = d.get('proxy_log_id')
-            proxy_log = get_object_or_404(ProxyLog, id=proxy_log_id)
-            terminal_id = proxy_log.terminal
-            if terminal_id in tasks:
-                tasks[terminal_id].append({'name': 'kill_proxy',
-                                           'proxy_log_id': proxy_log_id})
-            else:
-                tasks[terminal_id] = [{'name': 'kill_proxy',
-                                       'proxy_log_id': proxy_log_id}]
-
-        return Response({'msg': 'get it'})
--- a/apps/applications/apps.py
+++ b/apps/applications/apps.py
@@ -1,7 +0,0 @@
-from __future__ import unicode_literals
-
-from django.apps import AppConfig
-
-
-class ApplicationsConfig(AppConfig):
-    name = 'applications'
--- a/apps/applications/forms.py
+++ b/apps/applications/forms.py
@@ -1,18 +0,0 @@
-# ~*~ coding: utf-8 ~*~
-#
-
-from django import forms
-
-from .models import Terminal
-
-
-class TerminalForm(forms.ModelForm):
-    class Meta:
-        model = Terminal
-        fields = ['name', 'remote_addr', 'type', 'url', 'comment']
-        help_texts = {
-            'url': 'Example: ssh://192.168.1.1:22 or http://jms.jumpserver.org, that user login'
-        }
-        widgets = {
-            'name': forms.TextInput(attrs={'readonly': 'readonly'})
-        }
--- a/apps/applications/hands.py
+++ b/apps/applications/hands.py
@@ -1,8 +0,0 @@
-# -*- coding: utf-8 -*-
-# 
-
-from users.models import User
-from users.permissions import IsSuperUserOrAppUser, IsAppUser, \
-    IsSuperUserOrAppUserOrUserReadonly
-from audits.models import ProxyLog
-from users.utils import AdminUserRequiredMixin
--- a/apps/applications/models.py
+++ b/apps/applications/models.py
@@ -1,62 +0,0 @@
-from __future__ import unicode_literals
-
-from django.db import models
-from django.utils.translation import ugettext_lazy as _
-
-from users.models import User
-
-
-class Terminal(models.Model):
-    TYPE_CHOICES = (
-        ('SSH', 'SSH Terminal'),
-        ('Web', 'Web Terminal')
-    )
-    name = models.CharField(max_length=30, unique=True, verbose_name=_('Name'))
-    remote_addr = models.GenericIPAddressField(verbose_name=_('Remote address'), blank=True, null=True)
-    type = models.CharField(choices=TYPE_CHOICES, max_length=3, blank=True, verbose_name=_('Terminal type'))
-    user = models.OneToOneField(User, related_name='terminal', verbose_name='Application user',
-                                null=True, on_delete=models.CASCADE)
-    url = models.CharField(max_length=100, blank=True, verbose_name=_('URL to login'))
-    is_accepted = models.BooleanField(default=False, verbose_name='Is Accepted')
-    date_created = models.DateTimeField(auto_now_add=True)
-    comment = models.TextField(blank=True, verbose_name=_('Comment'))
-
-    @property
-    def is_active(self):
-        if self.user and self.user.is_active:
-            return True
-        return False
-
-    @is_active.setter
-    def is_active(self, active):
-        if self.user:
-            self.user.is_active = active
-            self.user.save()
-
-    def create_related_app_user(self):
-        user, access_key = User.create_app_user(name=self.name, comment=self.comment)
-        self.user = user
-        self.save()
-        return user, access_key
-
-    def delete(self, using=None, keep_parents=False):
-        if self.user:
-            self.user.delete()
-        return super(Terminal, self).delete(using=using, keep_parents=keep_parents)
-
-    def __unicode__(self):
-        active = 'Active' if self.user and self.user.is_active else 'Disabled'
-        return '%s: %s' % (self.name, active)
-
-    __str__ = __unicode__
-
-    class Meta:
-        ordering = ('is_accepted',)
-
-
-class TerminalHeatbeat(models.Model):
-    terminal = models.ForeignKey(Terminal, on_delete=models.CASCADE)
-    date_created = models.DateTimeField(auto_now_add=True)
-
-    class Meta:
-        db_table = 'terminal_heatbeat'
--- a/apps/applications/serializers.py
+++ b/apps/applications/serializers.py
@@ -1,41 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-
-from django.utils import timezone
-from rest_framework import serializers
-
-from .models import Terminal, TerminalHeatbeat
-from .hands import ProxyLog
-
-
-class TerminalSerializer(serializers.ModelSerializer):
-    proxy_online = serializers.SerializerMethodField()
-    is_alive = serializers.SerializerMethodField()
-
-    class Meta:
-        model = Terminal
-        fields = ['id', 'name', 'remote_addr', 'type', 'url', 'comment',
-                  'is_accepted', 'is_active', 'get_type_display',
-                  'proxy_online', 'is_alive']
-
-    @staticmethod
-    def get_proxy_online(obj):
-        return ProxyLog.objects.filter(terminal=obj.name, is_finished=False).count()
-
-    @staticmethod
-    def get_is_alive(obj):
-        log = obj.terminalheatbeat_set.last()
-        if log and timezone.now() - log.date_created < timezone.timedelta(seconds=600):
-            return True
-        else:
-            return False
-
-
-class TerminalHeatbeatSerializer(serializers.ModelSerializer):
-    date_start = serializers.DateTimeField
-    class Meta:
-        model = TerminalHeatbeat
-
-
-if __name__ == '__main__':
-    pass
--- a/apps/applications/urls/api_urls.py
+++ b/apps/applications/urls/api_urls.py
@@ -1,24 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#
-
-from django.conf.urls import url
-from rest_framework import routers
-
-from .. import api
-
-app_name = 'applications'
-
-router = routers.DefaultRouter()
-router.register(r'v1/terminal/heatbeat', api.TerminalHeatbeatViewSet, 'terminal-heatbeat')
-router.register(r'v1/terminal', api.TerminalViewSet, 'terminal')
-
-urlpatterns = [
-    url(r'^v1/terminal/register/$', api.TerminalRegisterView.as_view(),
-        name='terminal-register'),
-    url(r'^v1/terminate/connection/$', api.TerminateConnectionView.as_view(),
-        name='terminate-connection')
-    # url(r'^v1/terminal/heatbeat/$', api.TestHeatbeat.as_view())
-]
-
-urlpatterns += router.urls
--- a/apps/applications/urls/views_urls.py
+++ b/apps/applications/urls/views_urls.py
@@ -1,21 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#
-
-from django.conf.urls import url
-
-from .. import views
-
-app_name = 'applications'
-
-urlpatterns = [
-    url(r'^terminal/$', views.TerminalListView.as_view(), name='terminal-list'),
-    url(r'^terminal/(?P<pk>\d+)/$', views.TerminalDetailView.as_view(),
-        name='terminal-detail'),
-    url(r'^terminal/(?P<pk>\d+)/connect/$', views.TerminalConnectView.as_view(),
-        name='terminal-connect'),
-    url(r'^terminal/(?P<pk>\d+)/update$', views.TerminalUpdateView.as_view(),
-        name='terminal-update'),
-    url(r'^terminal/(?P<pk>\d+)/modal/accept$', views.TerminalModelAccept.as_view(),
-        name='terminal-modal-accept'),
-]
--- a/apps/assets/api.py
+++ b/apps/assets/api.py
@@ -1,220 +0,0 @@
-# ~*~ coding: utf-8 ~*~
-
-# Copyright (C) 2014-2017 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
-#
-# Licensed under the GNU General Public License v2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.gnu.org/licenses/gpl-2.0.html
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from rest_framework import generics
-from rest_framework.response import Response
-from rest_framework_bulk import BulkModelViewSet
-from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView
-from django.shortcuts import get_object_or_404
-
-from common.mixins import IDInFilterMixin
-from common.utils import get_object_or_none
-from .hands import IsSuperUser, IsAppUser, IsValidUser, \
-    get_user_granted_assets, push_users
-from .models import AssetGroup, Asset, IDC, SystemUser, AdminUser
-from . import serializers
-from .tasks import update_assets_hardware_info
-from .utils import test_admin_user_connective_manual
-
-
-class AssetViewSet(IDInFilterMixin, BulkModelViewSet):
-    """API endpoint that allows Asset to be viewed or edited."""
-    queryset = Asset.objects.all()
-    serializer_class = serializers.AssetSerializer
-    permission_classes = (IsValidUser,)
-
-    def get_queryset(self):
-        if self.request.user.is_superuser:
-            queryset = super(AssetViewSet, self).get_queryset()
-        else:
-            queryset = get_user_granted_assets(self.request.user)
-        idc_id = self.request.query_params.get('idc_id', '')
-        system_users_id = self.request.query_params.get('system_user_id', '')
-        asset_group_id = self.request.query_params.get('asset_group_id', '')
-        admin_user_id = self.request.query_params.get('admin_user_id', '')
-        if idc_id:
-            queryset = queryset.filter(idc__id=idc_id)
-        if system_users_id:
-            queryset = queryset.filter(system_users__id=system_users_id)
-        if admin_user_id:
-            queryset = queryset.filter(admin_user__id=admin_user_id)
-        if asset_group_id:
-            queryset = queryset.filter(groups__id=asset_group_id)
-        return queryset
-
-
-class AssetGroupViewSet(IDInFilterMixin, BulkModelViewSet):
-    """Asset group api set, for add,delete,update,list,retrieve resource"""
-    queryset = AssetGroup.objects.all()
-    serializer_class = serializers.AssetGroupSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class AssetUpdateGroupApi(generics.RetrieveUpdateAPIView):
-    """Asset update it's group api"""
-    queryset = Asset.objects.all()
-    serializer_class = serializers.AssetUpdateGroupSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class AssetGroupUpdateApi(generics.RetrieveUpdateAPIView):
-    """Asset group, update it's asset member"""
-    queryset = AssetGroup.objects.all()
-    serializer_class = serializers.AssetGroupUpdateSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class AssetGroupUpdateSystemUserApi(generics.RetrieveUpdateAPIView):
-    """Asset group push system user"""
-    queryset = AssetGroup.objects.all()
-    serializer_class = serializers.AssetGroupUpdateSystemUserSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class IDCUpdateAssetsApi(generics.RetrieveUpdateAPIView):
-    """IDC update asset member"""
-    queryset = IDC.objects.all()
-    serializer_class = serializers.IDCUpdateAssetsSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class IDCViewSet(IDInFilterMixin, BulkModelViewSet):
-    """IDC api set, for add,delete,update,list,retrieve resource"""
-    queryset = IDC.objects.all()
-    serializer_class = serializers.IDCSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
-    """Admin user api set, for add,delete,update,list,retrieve resource"""
-    queryset = AdminUser.objects.all()
-    serializer_class = serializers.AdminUserSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class SystemUserViewSet(IDInFilterMixin, BulkModelViewSet):
-    """System user api set, for add,delete,update,list,retrieve resource"""
-    queryset = SystemUser.objects.all()
-    serializer_class = serializers.SystemUserSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class SystemUserUpdateApi(generics.RetrieveUpdateAPIView):
-    """Asset update it's system user
-
-    when update then push system user to asset.
-    """
-    queryset = Asset.objects.all()
-    serializer_class = serializers.AssetUpdateSystemUserSerializer
-    permission_classes = (IsSuperUser,)
-
-    def patch(self, request, *args, **kwargs):
-        asset = self.get_object()
-        old_system_users = set(asset.system_users.all())
-        response = super(SystemUserUpdateApi, self).patch(request, *args, **kwargs)
-        system_users_new = set(asset.system_users.all())
-        system_users = system_users_new - old_system_users
-        system_users = [system_user._to_secret_json() for system_user in system_users]
-        push_users.delay([asset._to_secret_json()], system_users)
-        return response
-
-
-class SystemUserUpdateAssetsApi(generics.RetrieveUpdateAPIView):
-    """System user update it's assets"""
-    queryset = SystemUser.objects.all()
-    serializer_class = serializers.SystemUserUpdateAssetsSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class SystemUserUpdateAssetGroupApi(generics.RetrieveUpdateAPIView):
-    """System user update asset group"""
-    queryset = SystemUser.objects.all()
-    serializer_class = serializers.SystemUserUpdateAssetGroupSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView):
-    """Asset bulk update api"""
-    queryset = Asset.objects.all()
-    serializer_class = serializers.AssetSerializer
-    permission_classes = (IsSuperUser,)
-
-
-class SystemUserAuthInfoApi(generics.RetrieveAPIView):
-    """Get system user auth info"""
-    queryset = SystemUser.objects.all()
-    permission_classes = (IsAppUser,)
-
-    def retrieve(self, request, *args, **kwargs):
-        system_user = self.get_object()
-        data = {
-            'id': system_user.id,
-            'name': system_user.name,
-            'username': system_user.username,
-            'password': system_user.password,
-            'private_key': system_user.private_key,
-            'auth_method': system_user.auth_method,
-        }
-        return Response(data)
-
-
-class AssetRefreshHardwareView(generics.RetrieveAPIView):
-    """Refresh asset hardware info"""
-    queryset = Asset.objects.all()
-    serializer_class = serializers.AssetSerializer
-    permission_classes = (IsSuperUser,)
-
-    def retrieve(self, request, *args, **kwargs):
-        asset_id = kwargs.get('pk')
-        asset = get_object_or_404(Asset, pk=asset_id)
-        summary = update_assets_hardware_info([asset])
-        if len(summary['failed']) == 0:
-            return super(AssetRefreshHardwareView, self).retrieve(request, *args, **kwargs)
-        else:
-            return Response('', status=502)
-
-
-class AssetAdminUserTestView(AssetRefreshHardwareView):
-    """Test asset admin user connectivity"""
-    queryset = Asset.objects.all()
-    permission_classes = (IsSuperUser,)
-
-    def retrieve(self, request, *args, **kwargs):
-        asset_id = kwargs.get('pk')
-        asset = get_object_or_404(Asset, pk=asset_id)
-        result = test_admin_user_connective_manual([asset])
-        if result:
-            return Response('1')
-        else:
-            return Response('0', status=502)
-
-
-class AssetGroupPushSystemUserView(generics.UpdateAPIView):
-    """Asset group push system user api"""
-    queryset = AssetGroup.objects.all()
-    permission_classes = (IsSuperUser,)
-    serializer_class = serializers.AssetSerializer
-
-    def patch(self, request, *args, **kwargs):
-        asset_group = self.get_object()
-        assets = asset_group.assets.all()
-        system_user_id = self.request.data['system_user']
-        system_user = get_object_or_none(SystemUser, id=system_user_id)
-        if not assets or not system_user:
-            return Response('Invalid system user id or asset group id', status=404)
-        task = push_users.delay([asset._to_secret_json() for asset in assets],
-                                system_user._to_secret_json())
-        return Response(task.id)
--- a/apps/assets/api/init.py
+++ b/apps/assets/api/init.py
@@ -0,0 +1,7 @@
+from .admin_user import *
+from .asset import *
+from .label import *
+from .system_user import *
+from .node import *
+from .domain import *
+from .cmd_filter import *
--- a/apps/assets/api/admin_user.py
+++ b/apps/assets/api/admin_user.py
@@ -0,0 +1,83 @@
+# ~*~ coding: utf-8 ~*~
+# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
+#
+# Licensed under the GNU General Public License v2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.gnu.org/licenses/gpl-2.0.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from django.db import transaction
+from rest_framework import generics
+from rest_framework.response import Response
+from rest_framework_bulk import BulkModelViewSet
+
+from common.mixins import IDInFilterMixin
+from common.utils import get_logger
+from ..hands import IsOrgAdmin
+from ..models import AdminUser, Asset
+from .. import serializers
+from ..tasks import test_admin_user_connectability_manual
+
+
+logger = get_logger(__file__)
+__all__ = [
+    'AdminUserViewSet', 'ReplaceNodesAdminUserApi',
+    'AdminUserTestConnectiveApi', 'AdminUserAuthApi',
+]
+
+
+class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
+    """
+    Admin user api set, for add,delete,update,list,retrieve resource
+    """
+    queryset = AdminUser.objects.all()
+    serializer_class = serializers.AdminUserSerializer
+    permission_classes = (IsOrgAdmin,)
+
+
+class AdminUserAuthApi(generics.UpdateAPIView):
+    queryset = AdminUser.objects.all()
+    serializer_class = serializers.AdminUserAuthSerializer
+    permission_classes = (IsOrgAdmin,)
+
+
+class ReplaceNodesAdminUserApi(generics.UpdateAPIView):
+    queryset = AdminUser.objects.all()
+    serializer_class = serializers.ReplaceNodeAdminUserSerializer
+    permission_classes = (IsOrgAdmin,)
+
+    def update(self, request, *args, **kwargs):
+        admin_user = self.get_object()
+        serializer = self.serializer_class(data=request.data)
+        if serializer.is_valid():
+            nodes = serializer.validated_data['nodes']
+            assets = []
+            for node in nodes:
+                assets.extend([asset.id for asset in node.get_all_assets()])
+
+            with transaction.atomic():
+                Asset.objects.filter(id__in=assets).update(admin_user=admin_user)
+
+            return Response({"msg": "ok"})
+        else:
+            return Response({'error': serializer.errors}, status=400)
+
+
+class AdminUserTestConnectiveApi(generics.RetrieveAPIView):
+    """
+    Test asset admin user connectivity
+    """
+    queryset = AdminUser.objects.all()
+    permission_classes = (IsOrgAdmin,)
+
+    def retrieve(self, request, *args, **kwargs):
+        admin_user = self.get_object()
+        task = test_admin_user_connectability_manual.delay(admin_user)
+        return Response({"task": task.id})
--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@@ -0,0 +1,132 @@
+# -*- coding: utf-8 -*-
+#
+
+import random
+
+from rest_framework import generics
+from rest_framework.response import Response
+from rest_framework_bulk import BulkModelViewSet
+from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView
+from rest_framework.pagination import LimitOffsetPagination
+from django.shortcuts import get_object_or_404
+from django.db.models import Q
+
+from common.mixins import IDInFilterMixin
+from common.utils import get_logger
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
+from ..models import Asset, AdminUser, Node
+from .. import serializers
+from ..tasks import update_asset_hardware_info_manual, \
+    test_asset_connectability_manual
+from ..utils import LabelFilter
+
+
+logger = get_logger(__file__)
+__all__ = [
+    'AssetViewSet', 'AssetListUpdateApi',
+    'AssetRefreshHardwareApi', 'AssetAdminUserTestApi',
+    'AssetGatewayApi'
+]
+
+
+class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet):
+    """
+    API endpoint that allows Asset to be viewed or edited.
+    """
+    filter_fields = ("hostname", "ip")
+    search_fields = filter_fields
+    ordering_fields = ("hostname", "ip", "port", "cpu_cores")
+    queryset = Asset.objects.all()
+    serializer_class = serializers.AssetSerializer
+    pagination_class = LimitOffsetPagination
+    permission_classes = (IsOrgAdminOrAppUser,)
+
+    def filter_node(self):
+        node_id = self.request.query_params.get("node_id")
+        if not node_id:
+            return
+
+        node = get_object_or_404(Node, id=node_id)
+        show_current_asset = self.request.query_params.get("show_current_asset") in ('1', 'true')
+
+        if node.is_root():
+            if show_current_asset:
+                self.queryset = self.queryset.filter(
+                    Q(nodes=node_id) | Q(nodes__isnull=True)
+                ).distinct()
+            return
+        if show_current_asset:
+            self.queryset = self.queryset.filter(nodes=node).distinct()
+        else:
+            self.queryset = self.queryset.filter(
+                nodes__key__regex='^{}(:[0-9]+)*$'.format(node.key),
+            ).distinct()
+
+    def filter_admin_user_id(self):
+        admin_user_id = self.request.query_params.get('admin_user_id')
+        if admin_user_id:
+            admin_user = get_object_or_404(AdminUser, id=admin_user_id)
+            self.queryset = self.queryset.filter(admin_user=admin_user)
+
+    def get_queryset(self):
+        self.queryset = super().get_queryset()\
+            .prefetch_related('labels', 'nodes')\
+            .select_related('admin_user')
+        self.filter_admin_user_id()
+        self.filter_node()
+        return self.queryset
+
+
+class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView):
+    """
+    Asset bulk update api
+    """
+    queryset = Asset.objects.all()
+    serializer_class = serializers.AssetSerializer
+    permission_classes = (IsOrgAdmin,)
+
+
+class AssetRefreshHardwareApi(generics.RetrieveAPIView):
+    """
+    Refresh asset hardware info
+    """
+    queryset = Asset.objects.all()
+    serializer_class = serializers.AssetSerializer
+    permission_classes = (IsOrgAdmin,)
+
+    def retrieve(self, request, *args, **kwargs):
+        asset_id = kwargs.get('pk')
+        asset = get_object_or_404(Asset, pk=asset_id)
+        task = update_asset_hardware_info_manual.delay(asset)
+        return Response({"task": task.id})
+
+
+class AssetAdminUserTestApi(generics.RetrieveAPIView):
+    """
+    Test asset admin user connectivity
+    """
+    queryset = Asset.objects.all()
+    permission_classes = (IsOrgAdmin,)
+
+    def retrieve(self, request, *args, **kwargs):
+        asset_id = kwargs.get('pk')
+        asset = get_object_or_404(Asset, pk=asset_id)
+        task = test_asset_connectability_manual.delay(asset)
+        return Response({"task": task.id})
+
+
+class AssetGatewayApi(generics.RetrieveAPIView):
+    queryset = Asset.objects.all()
+    permission_classes = (IsOrgAdminOrAppUser,)
+
+    def retrieve(self, request, *args, **kwargs):
+        asset_id = kwargs.get('pk')
+        asset = get_object_or_404(Asset, pk=asset_id)
+
+        if asset.domain and \
+                asset.domain.gateways.filter(protocol=asset.protocol).exists():
+            gateway = random.choice(asset.domain.gateways.filter(protocol=asset.protocol))
+            serializer = serializers.GatewayWithAuthSerializer(instance=gateway)
+            return Response(serializer.data)
+        else:
+            return Response({"msg": "Not have gateway"}, status=404)
--- a/apps/assets/api/cmd_filter.py
+++ b/apps/assets/api/cmd_filter.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+#
+
+from rest_framework_bulk import BulkModelViewSet
+from django.shortcuts import get_object_or_404
+
+from ..hands import IsOrgAdmin
+from ..models import CommandFilter, CommandFilterRule
+from .. import serializers
+
+
+__all__ = ['CommandFilterViewSet', 'CommandFilterRuleViewSet']
+
+
+class CommandFilterViewSet(BulkModelViewSet):
+    permission_classes = (IsOrgAdmin,)
+    queryset = CommandFilter.objects.all()
+    serializer_class = serializers.CommandFilterSerializer
+
+
+class CommandFilterRuleViewSet(BulkModelViewSet):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.CommandFilterRuleSerializer
+
+    def get_queryset(self):
+        fpk = self.kwargs.get('filter_pk')
+        if not fpk:
+            return CommandFilterRule.objects.none()
+        group = get_object_or_404(CommandFilter, pk=fpk)
+        return group.rules.all().order_by('priority')
+
+
--- a/apps/assets/api/domain.py
+++ b/apps/assets/api/domain.py
@@ -0,0 +1,54 @@
+# ~*~ coding: utf-8 ~*~
+
+from rest_framework_bulk import BulkModelViewSet
+from rest_framework.views import APIView, Response
+
+from django.views.generic.detail import SingleObjectMixin
+
+from common.utils import get_logger
+from common.permissions import IsOrgAdmin, IsAppUser, IsOrgAdminOrAppUser
+from ..models import Domain, Gateway
+from ..utils import test_gateway_connectability
+from .. import serializers
+
+
+logger = get_logger(__file__)
+__all__ = ['DomainViewSet', 'GatewayViewSet', "GatewayTestConnectionApi"]
+
+
+class DomainViewSet(BulkModelViewSet):
+    queryset = Domain.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.DomainSerializer
+
+    def get_serializer_class(self):
+        if self.request.query_params.get('gateway'):
+            return serializers.DomainWithGatewaySerializer
+        return super().get_serializer_class()
+
+    def get_permissions(self):
+        if self.request.query_params.get('gateway'):
+            self.permission_classes = (IsOrgAdminOrAppUser,)
+        return super().get_permissions()
+
+
+class GatewayViewSet(BulkModelViewSet):
+    filter_fields = ("domain",)
+    search_fields = filter_fields
+    queryset = Gateway.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.GatewaySerializer
+
+
+class GatewayTestConnectionApi(SingleObjectMixin, APIView):
+    permission_classes = (IsOrgAdmin,)
+    model = Gateway
+    object = None
+
+    def get(self, request, *args, **kwargs):
+        self.object = self.get_object(Gateway.objects.all())
+        ok, e = test_gateway_connectability(self.object)
+        if ok:
+            return Response("ok")
+        else:
+            return Response({"failed": e}, status=404)
--- a/apps/assets/api/label.py
+++ b/apps/assets/api/label.py
@@ -0,0 +1,41 @@
+# ~*~ coding: utf-8 ~*~
+# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
+#
+# Licensed under the GNU General Public License v2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.gnu.org/licenses/gpl-2.0.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from rest_framework_bulk import BulkModelViewSet
+from django.db.models import Count
+
+from common.utils import get_logger
+from ..hands import IsOrgAdmin
+from ..models import Label
+from .. import serializers
+
+
+logger = get_logger(__file__)
+__all__ = ['LabelViewSet']
+
+
+class LabelViewSet(BulkModelViewSet):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.LabelSerializer
+
+    def list(self, request, *args, **kwargs):
+        if request.query_params.get("distinct"):
+            self.serializer_class = serializers.LabelDistinctSerializer
+            self.queryset = self.queryset.values("name").distinct()
+        return super().list(request, *args, **kwargs)
+
+    def get_queryset(self):
+        self.queryset = Label.objects.annotate(asset_count=Count("assets"))
+        return self.queryset
--- a/apps/assets/api/node.py
+++ b/apps/assets/api/node.py
@@ -0,0 +1,238 @@
+# ~*~ coding: utf-8 ~*~
+# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
+#
+# Licensed under the GNU General Public License v2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.gnu.org/licenses/gpl-2.0.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from rest_framework import generics, mixins, viewsets
+from rest_framework.serializers import ValidationError
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework_bulk import BulkModelViewSet
+from django.utils.translation import ugettext_lazy as _
+from django.shortcuts import get_object_or_404
+from django.db.models import Count
+
+from common.utils import get_logger, get_object_or_none
+from ..hands import IsOrgAdmin
+from ..models import Node
+from ..tasks import update_assets_hardware_info_util, test_asset_connectability_util
+from .. import serializers
+
+
+logger = get_logger(__file__)
+__all__ = [
+    'NodeViewSet', 'NodeChildrenApi', 'NodeAssetsApi',
+    'NodeAddAssetsApi', 'NodeRemoveAssetsApi', 'NodeReplaceAssetsApi',
+    'NodeAddChildrenApi', 'RefreshNodeHardwareInfoApi',
+    'TestNodeConnectiveApi'
+]
+
+
+class NodeViewSet(viewsets.ModelViewSet):
+    queryset = Node.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.NodeSerializer
+
+    def perform_create(self, serializer):
+        child_key = Node.root().get_next_child_key()
+        serializer.validated_data["key"] = child_key
+        serializer.save()
+
+    def update(self, request, *args, **kwargs):
+        node = self.get_object()
+        if node.is_root():
+            node_value = node.value
+            post_value = request.data.get('value')
+            if node_value != post_value:
+                return Response(
+                    {"msg": _("You can't update the root node name")},
+                    status=400
+                )
+        return super().update(request, *args, **kwargs)
+
+
+class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView):
+    queryset = Node.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.NodeSerializer
+    instance = None
+
+    def counter(self):
+        values = [
+            child.value[child.value.rfind(' '):]
+            for child in self.get_object().get_children()
+            if child.value.startswith("新节点 ")
+        ]
+        values = [int(value) for value in values if value.strip().isdigit()]
+        count = max(values)+1 if values else 1
+        return count
+
+    def post(self, request, *args, **kwargs):
+        if not request.data.get("value"):
+            request.data["value"] = _("New node {}").format(self.counter())
+        return super().post(request, *args, **kwargs)
+
+    def create(self, request, *args, **kwargs):
+        instance = self.get_object()
+        value = request.data.get("value")
+        values = [child.value for child in instance.get_children()]
+        if value in values:
+            raise ValidationError(
+                'The same level node name cannot be the same'
+            )
+        node = instance.create_child(value=value)
+        return Response(
+            {"id": node.id, "key": node.key, "value": node.value},
+            status=201,
+        )
+
+    def get_object(self):
+        pk = self.kwargs.get('pk') or self.request.query_params.get('id')
+        if not pk:
+            node = None
+        else:
+            node = get_object_or_404(Node, pk=pk)
+        return node
+
+    def get_queryset(self):
+        queryset = []
+        query_all = self.request.query_params.get("all")
+        query_assets = self.request.query_params.get('assets')
+        node = self.get_object()
+
+        if node is None:
+            node = Node.root()
+            node.assets__count = node.get_all_assets().count()
+            queryset.append(node)
+
+        if query_all:
+            children = node.get_all_children()
+        else:
+            children = node.get_children()
+        queryset.extend(list(children))
+
+        if query_assets:
+            assets = node.get_assets()
+            for asset in assets:
+                node_fake = Node()
+                node_fake.assets__count = 0
+                node_fake.id = asset.id
+                node_fake.is_node = False
+                node_fake.key = node.key + ':0'
+                node_fake.value = asset.hostname
+                queryset.append(node_fake)
+        queryset = sorted(queryset, key=lambda x: x.is_node, reverse=True)
+        return queryset
+
+    def get(self, request, *args, **kwargs):
+        return super().list(request, *args, **kwargs)
+
+
+class NodeAssetsApi(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.AssetSerializer
+
+    def get_queryset(self):
+        node_id = self.kwargs.get('pk')
+        query_all = self.request.query_params.get('all')
+        instance = get_object_or_404(Node, pk=node_id)
+        if query_all:
+            return instance.get_all_assets()
+        else:
+            return instance.get_assets()
+
+
+class NodeAddChildrenApi(generics.UpdateAPIView):
+    queryset = Node.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.NodeAddChildrenSerializer
+    instance = None
+
+    def put(self, request, *args, **kwargs):
+        instance = self.get_object()
+        nodes_id = request.data.get("nodes")
+        children = [get_object_or_none(Node, id=pk) for pk in nodes_id]
+        for node in children:
+            if not node:
+                continue
+            node.parent = instance
+        return Response("OK")
+
+
+class NodeAddAssetsApi(generics.UpdateAPIView):
+    serializer_class = serializers.NodeAssetsSerializer
+    queryset = Node.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    instance = None
+
+    def perform_update(self, serializer):
+        assets = serializer.validated_data.get('assets')
+        instance = self.get_object()
+        instance.assets.add(*tuple(assets))
+
+
+class NodeRemoveAssetsApi(generics.UpdateAPIView):
+    serializer_class = serializers.NodeAssetsSerializer
+    queryset = Node.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    instance = None
+
+    def perform_update(self, serializer):
+        assets = serializer.validated_data.get('assets')
+        instance = self.get_object()
+        if instance != Node.root():
+            instance.assets.remove(*tuple(assets))
+        else:
+            assets = [asset for asset in assets if asset.nodes.count() > 1]
+            instance.assets.remove(*tuple(assets))
+
+
+class NodeReplaceAssetsApi(generics.UpdateAPIView):
+    serializer_class = serializers.NodeAssetsSerializer
+    queryset = Node.objects.all()
+    permission_classes = (IsOrgAdmin,)
+    instance = None
+
+    def perform_update(self, serializer):
+        assets = serializer.validated_data.get('assets')
+        instance = self.get_object()
+        for asset in assets:
+            asset.nodes.set([instance])
+
+
+class RefreshNodeHardwareInfoApi(APIView):
+    permission_classes = (IsOrgAdmin,)
+    model = Node
+
+    def get(self, request, *args, **kwargs):
+        node_id = kwargs.get('pk')
+        node = get_object_or_404(self.model, id=node_id)
+        assets = node.assets.all()
+        # task_name = _("更新节点资产硬件信息: {}".format(node.name))
+        task_name = _("Update node asset hardware information: {}").format(node.name)
+        task = update_assets_hardware_info_util.delay(assets, task_name=task_name)
+        return Response({"task": task.id})
+
+
+class TestNodeConnectiveApi(APIView):
+    permission_classes = (IsOrgAdmin,)
+    model = Node
+
+    def get(self, request, *args, **kwargs):
+        node_id = kwargs.get('pk')
+        node = get_object_or_404(self.model, id=node_id)
+        assets = node.assets.all()
+        # task_name = _("测试节点下资产是否可连接: {}".format(node.name))
+        task_name = _("Test if the assets under the node are connectable: {}".format(node.name))
+        task = test_asset_connectability_util.delay(assets, task_name=task_name)
+        return Response({"task": task.id})
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -0,0 +1,143 @@
+# ~*~ coding: utf-8 ~*~
+# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
+#
+# Licensed under the GNU General Public License v2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.gnu.org/licenses/gpl-2.0.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from django.shortcuts import get_object_or_404
+from rest_framework import generics
+from rest_framework.response import Response
+from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination
+
+from common.utils import get_logger
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
+from ..models import SystemUser, Asset
+from .. import serializers
+from ..tasks import push_system_user_to_assets_manual, \
+    test_system_user_connectability_manual, push_system_user_a_asset_manual, \
+    test_system_user_connectability_a_asset
+
+
+logger = get_logger(__file__)
+__all__ = [
+    'SystemUserViewSet', 'SystemUserAuthInfoApi',
+    'SystemUserPushApi', 'SystemUserTestConnectiveApi',
+    'SystemUserAssetsListView', 'SystemUserPushToAssetApi',
+    'SystemUserTestAssetConnectabilityApi', 'SystemUserCommandFilterRuleListApi',
+
+]
+
+
+class SystemUserViewSet(BulkModelViewSet):
+    """
+    System user api set, for add,delete,update,list,retrieve resource
+    """
+    queryset = SystemUser.objects.all()
+    serializer_class = serializers.SystemUserSerializer
+    permission_classes = (IsOrgAdminOrAppUser,)
+
+
+class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
+    """
+    Get system user auth info
+    """
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsOrgAdminOrAppUser,)
+    serializer_class = serializers.SystemUserAuthSerializer
+
+    def destroy(self, request, *args, **kwargs):
+        instance = self.get_object()
+        instance.clear_auth()
+        return Response(status=204)
+
+
+class SystemUserPushApi(generics.RetrieveAPIView):
+    """
+    Push system user to cluster assets api
+    """
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsOrgAdmin,)
+
+    def retrieve(self, request, *args, **kwargs):
+        system_user = self.get_object()
+        nodes = system_user.nodes.all()
+        for node in nodes:
+            system_user.assets.add(*tuple(node.get_all_assets()))
+        task = push_system_user_to_assets_manual.delay(system_user)
+        return Response({"task": task.id})
+
+
+class SystemUserTestConnectiveApi(generics.RetrieveAPIView):
+    """
+    Push system user to cluster assets api
+    """
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsOrgAdmin,)
+
+    def retrieve(self, request, *args, **kwargs):
+        system_user = self.get_object()
+        task = test_system_user_connectability_manual.delay(system_user)
+        return Response({"task": task.id})
+
+
+class SystemUserAssetsListView(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.AssetSerializer
+    pagination_class = LimitOffsetPagination
+    filter_fields = ("hostname", "ip")
+    search_fields = filter_fields
+
+    def get_object(self):
+        pk = self.kwargs.get('pk')
+        return get_object_or_404(SystemUser, pk=pk)
+
+    def get_queryset(self):
+        system_user = self.get_object()
+        return system_user.assets.all()
+
+
+class SystemUserPushToAssetApi(generics.RetrieveAPIView):
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsOrgAdmin,)
+
+    def retrieve(self, request, *args, **kwargs):
+        system_user = self.get_object()
+        asset_id = self.kwargs.get('aid')
+        asset = get_object_or_404(Asset, id=asset_id)
+        task = push_system_user_a_asset_manual.delay(system_user, asset)
+        return Response({"task": task.id})
+
+
+class SystemUserTestAssetConnectabilityApi(generics.RetrieveAPIView):
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsOrgAdmin,)
+
+    def retrieve(self, request, *args, **kwargs):
+        system_user = self.get_object()
+        asset_id = self.kwargs.get('aid')
+        asset = get_object_or_404(Asset, id=asset_id)
+        task = test_system_user_connectability_a_asset.delay(system_user, asset)
+        return Response({"task": task.id})
+
+
+class SystemUserCommandFilterRuleListApi(generics.ListAPIView):
+    permission_classes = (IsOrgAdminOrAppUser,)
+
+    def get_serializer_class(self):
+        from ..serializers import CommandFilterRuleSerializer
+        return CommandFilterRuleSerializer
+
+    def get_queryset(self):
+        pk = self.kwargs.get('pk', None)
+        system_user = get_object_or_404(SystemUser, pk=pk)
+        return system_user.cmd_filter_rules
--- a/apps/assets/apps.py
+++ b/apps/assets/apps.py
@@ -5,3 +5,7 @@ from django.apps import AppConfig

 class AssetsConfig(AppConfig):
    name = 'assets'
+
+    def ready(self):
+        from . import signals_handler
+        super().ready()
--- a/apps/assets/const.py
+++ b/apps/assets/const.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+#
+
+UPDATE_ASSETS_HARDWARE_TASKS = [
+   {
+       'name': "setup",
+       'action': {
+           'module': 'setup'
+       }
+   }
+]
+
+ADMIN_USER_CONN_CACHE_KEY = "ADMIN_USER_CONN_{}"
+TEST_ADMIN_USER_CONN_TASKS = [
+    {
+        "name": "ping",
+        "action": {
+            "module": "ping",
+        }
+    }
+]
+
+ASSET_ADMIN_CONN_CACHE_KEY = "ASSET_ADMIN_USER_CONN_{}"
+
+SYSTEM_USER_CONN_CACHE_KEY = "SYSTEM_USER_CONN_{}"
+TEST_SYSTEM_USER_CONN_TASKS = [
+   {
+       "name": "ping",
+       "action": {
+           "module": "ping",
+       }
+   }
+]
+
+TASK_OPTIONS = {
+    'timeout': 10,
+    'forks': 10,
+}
--- a/apps/assets/forms.py
+++ b/apps/assets/forms.py
@@ -1,361 +0,0 @@
-# coding:utf-8
-from django import forms
-from django.utils.translation import gettext_lazy as _
-
-from .models import IDC, Asset, AssetGroup, AdminUser, SystemUser
-from common.utils import validate_ssh_private_key, ssh_pubkey_gen, ssh_key_gen, get_logger
-
-
-logger = get_logger(__file__)
-
-
-class AssetCreateForm(forms.ModelForm):
-    class Meta:
-        model = Asset
-        fields = [
-            'hostname', 'ip', 'public_ip', 'port', 'type', 'comment',
-            'admin_user', 'idc', 'groups', 'status', 'env', 'is_active'
-        ]
-        widgets = {
-            'groups': forms.SelectMultiple(
-                attrs={'class': 'select2',
-                       'data-placeholder': _('Select asset groups')}),
-            'admin_user': forms.Select(
-                attrs={'class': 'select2',
-                       'data-placeholder': _('Select asset admin user')}),
-        }
-        help_texts = {
-            'hostname': '* required',
-            'ip': '* required',
-            'system_users': _('System user will be granted for user to login '
-                              'assets (using ansible create automatic)'),
-            'admin_user': _('Admin user should be exist on asset already, '
-                            'And have sudo ALL permission'),
-        }
-
-    def clean_admin_user(self):
-        if not self.cleaned_data['admin_user']:
-            raise forms.ValidationError(_('Select admin user'))
-        return self.cleaned_data['admin_user']
-
-
-class AssetUpdateForm(forms.ModelForm):
-    class Meta:
-        model = Asset
-        fields = [
-            'hostname', 'ip', 'port', 'groups', 'admin_user', 'idc', 'is_active',
-            'type', 'env', 'status', 'public_ip', 'remote_card_ip', 'cabinet_no',
-            'cabinet_pos', 'number', 'comment'
-        ]
-        widgets = {
-            'groups': forms.SelectMultiple(
-                attrs={'class': 'select2',
-                       'data-placeholder': _('Select asset groups')}),
-            'admin_user': forms.Select(
-                attrs={'class': 'select2',
-                       'data-placeholder': _('Select asset admin user')}),
-        }
-        help_texts = {
-            'hostname': '* required',
-            'ip': '* required',
-            'system_users': _('System user will be granted for user '
-                              'to login assets (using ansible create automatic)'),
-            'admin_user': _('Admin user should be exist on asset '
-                            'already, And have sudo ALL permission'),
-        }
-
-
-class AssetBulkUpdateForm(forms.ModelForm):
-    assets = forms.MultipleChoiceField(
-        required=True,
-        help_text='* required',
-        label=_('Select assets'),
-        widget=forms.SelectMultiple(
-            attrs={
-                'class': 'select2',
-                'data-placeholder': _('Select assets')
-            }
-        )
-    )
-    port = forms.IntegerField(min_value=1, max_value=65535,
-                              required=False, label=_('Port'))
-
-    class Meta:
-        model = Asset
-        fields = [
-            'assets', 'port', 'groups', 'admin_user', 'idc',
-            'type', 'env', 'status',
-        ]
-        widgets = {
-            'groups': forms.SelectMultiple(
-                attrs={'class': 'select2',
-                       'data-placeholder': _('Select asset groups')}),
-            'admin_user': forms.Select(
-                attrs={'class': 'select2',
-                       'data-placeholder': _('Select asset admin user')}),
-        }
-
-    def save(self, commit=True):
-        cleaned_data = {k: v for k, v in self.cleaned_data.items() if v is not None}
-        assets_id = cleaned_data.pop('assets')
-        groups = cleaned_data.pop('groups')
-        assets = Asset.objects.filter(id__in=assets_id)
-        assets.update(**cleaned_data)
-        if groups:
-            for asset in assets:
-                asset.groups.set(groups)
-        return assets
-
-
-class AssetGroupForm(forms.ModelForm):
-    # See AdminUserForm comment same it
-    assets = forms.ModelMultipleChoiceField(
-        queryset=Asset.objects.all(),
-        label=_('Asset'),
-        required=False,
-        widget=forms.SelectMultiple(
-            attrs={'class': 'select2', 'data-placeholder': _('Select assets')})
-        )
-
-    def __init__(self, *args, **kwargs):
-        if kwargs.get('instance', None):
-            initial = kwargs.get('initial', {})
-            initial['assets'] = kwargs['instance'].assets.all()
-        super(AssetGroupForm, self).__init__(*args, **kwargs)
-
-    def _save_m2m(self):
-        super(AssetGroupForm, self)._save_m2m()
-        assets = self.cleaned_data['assets']
-        self.instance.assets.clear()
-        self.instance.assets.add(*tuple(assets))
-
-    class Meta:
-        model = AssetGroup
-        fields = [
-            "name", "comment",
-        ]
-        help_texts = {
-            'name': '* required',
-        }
-
-
-class IDCForm(forms.ModelForm):
-    # See AdminUserForm comment same it
-    assets = forms.ModelMultipleChoiceField(
-        queryset=Asset.objects.all(),
-        label=_('Asset'),
-        required=False,
-        widget=forms.SelectMultiple(
-            attrs={'class': 'select2', 'data-placeholder': _('Select assets')})
-        )
-
-    def __init__(self, *args, **kwargs):
-        if kwargs.get('instance'):
-            initial = kwargs.get('initial', {})
-            initial['assets'] = kwargs['instance'].assets.all()
-        super(IDCForm, self).__init__(*args, **kwargs)
-
-    def _save_m2m(self):
-        super(IDCForm, self)._save_m2m()
-        assets = self.cleaned_data['assets']
-        self.instance.assets.clear()
-        self.instance.assets.add(*tuple(assets))
-
-    class Meta:
-        model = IDC
-        fields = ['name', "bandwidth", "operator", 'contact',
-                  'phone', 'address', 'intranet', 'extranet', 'comment']
-        widgets = {
-            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
-            'intranet': forms.Textarea(
-                attrs={'placeholder': 'IP段之间用逗号隔开，如：192.168.1.0/24,192.168.1.0/24'}),
-            'extranet': forms.Textarea(
-                attrs={'placeholder': 'IP段之间用逗号隔开，如：201.1.32.1/24,202.2.32.1/24'})
-        }
-        help_texts = {
-            'name': '* required'
-        }
-
-
-class AdminUserForm(forms.ModelForm):
-    # Form field name can not start with `_`, so redefine it,
-    password = forms.CharField(
-        widget=forms.PasswordInput, max_length=100,
-        strip=True, required=False,
-        help_text=_('If also set private key, use that first'),
-    )
-    # Need use upload private key file except paste private key content
-    private_key_file = forms.FileField(required=False)
-
-    def save(self, commit=True):
-        # Because we define custom field, so we need rewrite :method: `save`
-        admin_user = super(AdminUserForm, self).save(commit=commit)
-        password = self.cleaned_data['password']
-        private_key = self.cleaned_data['private_key_file']
-
-        if password:
-            admin_user.password = password
-        if private_key:
-            public_key = ssh_pubkey_gen(private_key)
-            admin_user.private_key = private_key
-            admin_user.public_key = public_key
-        admin_user.save()
-        return admin_user
-
-    def clean_private_key_file(self):
-        private_key_file = self.cleaned_data['private_key_file']
-        if private_key_file:
-            private_key = private_key_file.read()
-            if not validate_ssh_private_key(private_key):
-                raise forms.ValidationError(_('Invalid private key'))
-            return private_key
-        return private_key_file
-
-    def clean(self):
-        password = self.cleaned_data['password']
-        private_key_file = self.cleaned_data.get('private_key_file', '')
-
-        if not self.instance and not (password or private_key_file):
-            raise forms.ValidationError(
-                _('Password and private key file must be input one'))
-
-    class Meta:
-        model = AdminUser
-        fields = ['name', 'username', 'password',
-                  'private_key_file', 'comment']
-        widgets = {
-            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
-            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
-        }
-        help_texts = {
-            'name': '* required',
-            'username': '* required',
-        }
-
-
-class SystemUserForm(forms.ModelForm):
-    # Admin user assets define, let user select, save it in form not in view
-    auto_generate_key = forms.BooleanField(initial=True, required=False)
-    # Form field name can not start with `_`, so redefine it,
-    password = forms.CharField(widget=forms.PasswordInput, required=False,
-                               max_length=100, strip=True)
-    # Need use upload private key file except paste private key content
-    private_key_file = forms.FileField(required=False)
-
-    def __init__(self, *args, **kwargs):
-        super(SystemUserForm, self).__init__(*args, **kwargs)
-
-    def save(self, commit=True):
-        # Because we define custom field, so we need rewrite :method: `save`
-        system_user = super(SystemUserForm, self).save(commit=commit)
-        password = self.cleaned_data['password']
-        private_key_file = self.cleaned_data.get('private_key_file')
-
-        if system_user.auth_method == 'P':
-            if password:
-                system_user.password = password
-        elif system_user.auth_method == 'K':
-            if self.cleaned_data['auto_generate_key']:
-                private_key, public_key = ssh_key_gen(username=system_user.name)
-                logger.info('Generate private key and public key')
-            else:
-                private_key = private_key_file.read().strip()
-                public_key = ssh_pubkey_gen(private_key=private_key)
-            system_user.private_key = private_key
-            system_user.public_key = public_key
-        system_user.save()
-        return self.instance
-
-    def clean_private_key_file(self):
-        if self.data['auth_method'] == 'K' and \
-                not self.cleaned_data['auto_generate_key']:
-            if not self.cleaned_data['private_key_file']:
-                raise forms.ValidationError(_('Private key required'))
-            else:
-                key_string = self.cleaned_data['private_key_file'].read()
-                self.cleaned_data['private_key_file'].seek(0)
-                if not validate_ssh_private_key(key_string):
-                    raise forms.ValidationError(_('Invalid private key'))
-        return self.cleaned_data['private_key_file']
-
-    def clean_password(self):
-        if self.data['auth_method'] == 'P':
-            if not self.cleaned_data.get('password'):
-                raise forms.ValidationError(_('Password required'))
-        return self.cleaned_data['password']
-
-    class Meta:
-        model = SystemUser
-        fields = [
-            'name', 'username', 'protocol', 'auto_generate_key', 'password',
-            'private_key_file', 'auth_method', 'auto_push', 'sudo',
-            'comment', 'shell'
-        ]
-        widgets = {
-            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
-            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
-        }
-        help_texts = {
-            'name': '* required',
-            'username': '* required',
-            'auto_push': 'Auto push system user to asset',
-        }
-
-
-class SystemUserUpdateForm(forms.ModelForm):
-    # Admin user assets define, let user select, save it in form not in view
-    auto_generate_key = forms.BooleanField(initial=False, required=False)
-    # Form field name can not start with `_`, so redefine it,
-    password = forms.CharField(widget=forms.PasswordInput, required=False,
-                               max_length=100, strip=True)
-    # Need use upload private key file except paste private key content
-    private_key_file = forms.FileField(required=False)
-
-    def __init__(self, *args, **kwargs):
-        super(SystemUserUpdateForm, self).__init__(*args, **kwargs)
-
-    def save(self, commit=True):
-        # Because we define custom field, so we need rewrite :method: `save`
-        system_user = super(SystemUserUpdateForm, self).save(commit=commit)
-        password = self.cleaned_data['password']
-        private_key_file = self.cleaned_data.get('private_key_file')
-
-        if system_user.auth_method == 'P' and password:
-            system_user.password = password
-        elif system_user.auth_method == 'K' and private_key_file:
-            private_key = private_key_file.read().strip()
-            public_key = ssh_pubkey_gen(private_key=private_key)
-            system_user.private_key = private_key
-            system_user.public_key = public_key
-        system_user.save()
-        return self.instance
-
-    def clean_private_key_file(self):
-        if self.data['auth_method'] == 'K' and self.cleaned_data['private_key_file']:
-            key_string = self.cleaned_data['private_key_file'].read()
-            self.cleaned_data['private_key_file'].seek(0)
-            if not validate_ssh_private_key(key_string):
-                raise forms.ValidationError(_('Invalid private key'))
-        return self.cleaned_data['private_key_file']
-
-    class Meta:
-        model = SystemUser
-        fields = [
-            'name', 'username', 'protocol', 'auto_generate_key', 'password',
-            'private_key_file', 'auth_method', 'auto_push', 'sudo',
-            'comment', 'shell'
-        ]
-        widgets = {
-            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
-            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
-        }
-        help_texts = {
-            'name': '* required',
-            'username': '* required',
-            'auto_push': 'Auto push system user to asset',
-        }
-
-
-
-class FileForm(forms.Form):
-    file = forms.FileField()
--- a/apps/assets/forms/init.py
+++ b/apps/assets/forms/init.py
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+#
+from .asset import *
+from .label import *
+from .user import *
+from .domain import *
+from .cmd_filter import *
--- a/apps/assets/forms/asset.py
+++ b/apps/assets/forms/asset.py
@@ -0,0 +1,155 @@
+# -*- coding: utf-8 -*-
+#
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+from common.utils import get_logger
+from orgs.mixins import OrgModelForm
+
+from ..models import Asset, AdminUser
+
+
+logger = get_logger(__file__)
+__all__ = ['AssetCreateForm', 'AssetUpdateForm', 'AssetBulkUpdateForm']
+
+
+class AssetCreateForm(OrgModelForm):
+    class Meta:
+        model = Asset
+        fields = [
+            'hostname', 'ip', 'public_ip', 'port',  'comment',
+            'nodes', 'is_active', 'admin_user', 'labels', 'platform',
+            'domain', 'protocol',
+
+        ]
+        widgets = {
+            'nodes': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Nodes')
+            }),
+            'admin_user': forms.Select(attrs={
+                'class': 'select2', 'data-placeholder': _('Admin user')
+            }),
+            'labels': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Label')
+            }),
+            'port': forms.TextInput(),
+            'domain': forms.Select(attrs={
+                'class': 'select2', 'data-placeholder': _('Domain')
+            }),
+        }
+        labels = {
+            'nodes': _("Node"),
+        }
+        help_texts = {
+            'hostname': '* required',
+            'ip': '* required',
+            'port': '* required',
+            'admin_user': _(
+                'root or other NOPASSWD sudo privilege user existed in asset,'
+                'If asset is windows or other set any one, more see admin user left menu'
+            ),
+            'platform': _("Windows 2016 RDP protocol is different, If is window 2016, set it"),
+            'domain': _("If your have some network not connect with each other, you can set domain")
+        }
+
+
+class AssetUpdateForm(OrgModelForm):
+    class Meta:
+        model = Asset
+        fields = [
+            'hostname', 'ip', 'port', 'nodes',  'is_active', 'platform',
+            'public_ip', 'number', 'comment', 'admin_user', 'labels',
+            'domain', 'protocol',
+        ]
+        widgets = {
+            'nodes': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Node')
+            }),
+            'admin_user': forms.Select(attrs={
+                'class': 'select2', 'data-placeholder': _('Admin user')
+            }),
+            'labels': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Label')
+            }),
+            'port': forms.TextInput(),
+            'domain': forms.Select(attrs={
+                'class': 'select2', 'data-placeholder': _('Domain')
+            }),
+        }
+        labels = {
+            'nodes': _("Node"),
+        }
+        help_texts = {
+            'hostname': '* required',
+            'ip': '* required',
+            'port': '* required',
+            'cluster': '* required',
+            'admin_user': _(
+                'root or other NOPASSWD sudo privilege user existed in asset,'
+                'If asset is windows or other set any one, more see admin user left menu'
+            ),
+            'platform': _("Windows 2016 RDP protocol is different, If is window 2016, set it"),
+            'domain': _("If your have some network not connect with each other, you can set domain")
+        }
+
+
+class AssetBulkUpdateForm(OrgModelForm):
+    assets = forms.ModelMultipleChoiceField(
+        required=True, help_text='* required',
+        label=_('Select assets'), queryset=Asset.objects.all(),
+        widget=forms.SelectMultiple(
+            attrs={
+                'class': 'select2',
+                'data-placeholder': _('Select assets')
+            }
+        )
+    )
+    port = forms.IntegerField(
+        label=_('Port'), required=False, min_value=1, max_value=65535,
+    )
+    admin_user = forms.ModelChoiceField(
+        required=False, queryset=AdminUser.objects,
+        label=_("Admin user"),
+        widget=forms.Select(
+            attrs={
+                'class': 'select2',
+                'data-placeholder': _('Admin user')
+            }
+        )
+    )
+
+    class Meta:
+        model = Asset
+        fields = [
+            'assets', 'port',  'admin_user', 'labels', 'nodes', 'platform'
+        ]
+        widgets = {
+            'labels': forms.SelectMultiple(
+                attrs={'class': 'select2', 'data-placeholder': _('Label')}
+            ),
+            'nodes': forms.SelectMultiple(
+                attrs={'class': 'select2', 'data-placeholder': _('Node')}
+            ),
+        }
+
+    def save(self, commit=True):
+        changed_fields = []
+        for field in self._meta.fields:
+            if self.data.get(field) not in [None, '']:
+                changed_fields.append(field)
+
+        cleaned_data = {k: v for k, v in self.cleaned_data.items()
+                        if k in changed_fields}
+        assets = cleaned_data.pop('assets')
+        labels = cleaned_data.pop('labels', [])
+        nodes = cleaned_data.pop('nodes')
+        assets = Asset.objects.filter(id__in=[asset.id for asset in assets])
+        assets.update(**cleaned_data)
+
+        if labels:
+            for label in labels:
+                label.assets.add(*tuple(assets))
+        if nodes:
+            for node in nodes:
+                node.assets.add(*tuple(assets))
+        return assets
--- a/apps/assets/forms/cmd_filter.py
+++ b/apps/assets/forms/cmd_filter.py
@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+#
+from django import forms
+
+from orgs.mixins import OrgModelForm
+from ..models import CommandFilter, CommandFilterRule
+
+__all__ = ['CommandFilterForm', 'CommandFilterRuleForm']
+
+
+class CommandFilterForm(OrgModelForm):
+    class Meta:
+        model = CommandFilter
+        fields = ['name', 'comment']
+
+
+class CommandFilterRuleForm(OrgModelForm):
+    class Meta:
+        model = CommandFilterRule
+        fields = [
+            'filter', 'type', 'content', 'priority', 'action', 'comment'
+        ]
+        widgets = {
+            'content':  forms.Textarea(attrs={
+                'placeholder': 'eg:\r\nreboot\r\nrm -rf'
+            }),
+        }
--- a/apps/assets/forms/domain.py
+++ b/apps/assets/forms/domain.py
@@ -0,0 +1,65 @@
+# -*- coding: utf-8 -*-
+#
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+from orgs.mixins import OrgModelForm
+from ..models import Domain, Asset, Gateway
+from .user import PasswordAndKeyAuthForm
+
+__all__ = ['DomainForm', 'GatewayForm']
+
+
+class DomainForm(forms.ModelForm):
+    assets = forms.ModelMultipleChoiceField(
+        queryset=Asset.objects.all(), label=_('Asset'), required=False,
+        widget=forms.SelectMultiple(
+            attrs={'class': 'select2', 'data-placeholder': _('Select assets')}
+        )
+    )
+
+    class Meta:
+        model = Domain
+        fields = ['name', 'comment', 'assets']
+
+    def __init__(self, *args, **kwargs):
+        if kwargs.get('instance', None):
+            initial = kwargs.get('initial', {})
+            initial['assets'] = kwargs['instance'].assets.all()
+        super().__init__(*args, **kwargs)
+
+    def save(self, commit=True):
+        instance = super().save(commit=commit)
+        assets = self.cleaned_data['assets']
+        instance.assets.set(assets)
+        return instance
+
+
+class GatewayForm(PasswordAndKeyAuthForm, OrgModelForm):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        password_field = self.fields.get('password')
+        password_field.help_text = _('Password should not contain special characters')
+
+    def save(self, commit=True):
+        # Because we define custom field, so we need rewrite :method: `save`
+        instance = super().save()
+        password = self.cleaned_data.get('password')
+        private_key, public_key = super().gen_keys()
+        instance.set_auth(password=password, private_key=private_key)
+        return instance
+
+    class Meta:
+        model = Gateway
+        fields = [
+            'name', 'ip', 'port', 'username', 'protocol', 'domain', 'password',
+            'private_key_file',  'is_active', 'comment',
+        ]
+        widgets = {
+            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
+            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
+        }
+        help_texts = {
+            'name': '* required',
+            'username': '* required',
+        }
--- a/apps/assets/forms/label.py
+++ b/apps/assets/forms/label.py
@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+#
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+from ..models import Label, Asset
+
+__all__ = ['LabelForm']
+
+
+class LabelForm(forms.ModelForm):
+    assets = forms.ModelMultipleChoiceField(
+        queryset=Asset.objects.all(), label=_('Asset'), required=False,
+        widget=forms.SelectMultiple(
+            attrs={'class': 'select2', 'data-placeholder': _('Select assets')}
+        )
+    )
+
+    class Meta:
+        model = Label
+        fields = ['name', 'value', 'assets']
+
+    def __init__(self, *args, **kwargs):
+        if kwargs.get('instance', None):
+            initial = kwargs.get('initial', {})
+            initial['assets'] = kwargs['instance'].assets.all()
+        super().__init__(*args, **kwargs)
+
+    def save(self, commit=True):
+        label = super().save(commit=commit)
+        assets = self.cleaned_data['assets']
+        label.assets.set(assets)
+        return label
--- a/apps/assets/forms/user.py
+++ b/apps/assets/forms/user.py
@@ -0,0 +1,157 @@
+# -*- coding: utf-8 -*-
+#
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+from common.utils import validate_ssh_private_key, ssh_pubkey_gen, get_logger
+from orgs.mixins import OrgModelForm
+from ..models import AdminUser, SystemUser
+
+logger = get_logger(__file__)
+__all__ = [
+    'FileForm', 'SystemUserForm', 'AdminUserForm', 'PasswordAndKeyAuthForm',
+]
+
+
+class FileForm(forms.Form):
+    file = forms.FileField()
+
+
+class PasswordAndKeyAuthForm(forms.ModelForm):
+    # Form field name can not start with `_`, so redefine it,
+    password = forms.CharField(
+        widget=forms.PasswordInput, max_length=128,
+        strip=True, required=False,
+        help_text=_('Password or private key passphrase'),
+        label=_("Password"),
+    )
+    # Need use upload private key file except paste private key content
+    private_key_file = forms.FileField(required=False, label=_("Private key"))
+
+    def clean_private_key_file(self):
+        private_key_file = self.cleaned_data['private_key_file']
+        password = self.cleaned_data['password']
+
+        if private_key_file:
+            key_string = private_key_file.read()
+            private_key_file.seek(0)
+            if not validate_ssh_private_key(key_string, password):
+                raise forms.ValidationError(_('Invalid private key'))
+        return private_key_file
+
+    def validate_password_key(self):
+        password = self.cleaned_data['password']
+        private_key_file = self.cleaned_data.get('private_key_file', '')
+
+        if not password and not private_key_file:
+            raise forms.ValidationError(_(
+                'Password and private key file must be input one'
+            ))
+
+    def gen_keys(self):
+        password = self.cleaned_data.get('password', '') or None
+        private_key_file = self.cleaned_data['private_key_file']
+        public_key = private_key = None
+
+        if private_key_file:
+            private_key = private_key_file.read().strip().decode('utf-8')
+            public_key = ssh_pubkey_gen(private_key=private_key, password=password)
+        return private_key, public_key
+
+
+class AdminUserForm(PasswordAndKeyAuthForm):
+    def save(self, commit=True):
+        # Because we define custom field, so we need rewrite :method: `save`
+        admin_user = super().save(commit=commit)
+        password = self.cleaned_data.get('password', '') or None
+        private_key, public_key = super().gen_keys()
+        admin_user.set_auth(password=password, public_key=public_key, private_key=private_key)
+        return admin_user
+
+    def clean(self):
+        super().clean()
+        if not self.instance:
+            super().validate_password_key()
+
+    class Meta:
+        model = AdminUser
+        fields = ['name', 'username', 'password', 'private_key_file', 'comment']
+        widgets = {
+            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
+            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
+        }
+        help_texts = {
+            'name': '* required',
+            'username': '* required',
+        }
+
+
+class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
+    # Admin user assets define, let user select, save it in form not in view
+    auto_generate_key = forms.BooleanField(initial=True, required=False)
+
+    def save(self, commit=True):
+        # Because we define custom field, so we need rewrite :method: `save`
+        system_user = super().save()
+        password = self.cleaned_data.get('password', '') or None
+        login_mode = self.cleaned_data.get('login_mode', '') or None
+        protocol = self.cleaned_data.get('protocol') or None
+        auto_generate_key = self.cleaned_data.get('auto_generate_key', False)
+        private_key, public_key = super().gen_keys()
+
+        if login_mode == SystemUser.MANUAL_LOGIN or \
+                protocol in [SystemUser.RDP_PROTOCOL, SystemUser.TELNET_PROTOCOL]:
+            system_user.auto_push = 0
+            auto_generate_key = False
+            system_user.save()
+
+        if auto_generate_key:
+            logger.info('Auto generate key and set system user auth')
+            system_user.auto_gen_auth()
+        else:
+            system_user.set_auth(password=password, private_key=private_key,
+                                 public_key=public_key)
+
+        return system_user
+
+    def clean(self):
+        super().clean()
+        auto_generate = self.cleaned_data.get('auto_generate_key')
+        if not self.instance and not auto_generate:
+            super().validate_password_key()
+
+    def is_valid(self):
+        validated = super().is_valid()
+        username = self.cleaned_data.get('username')
+        login_mode = self.cleaned_data.get('login_mode')
+        if login_mode == SystemUser.AUTO_LOGIN and not username:
+            self.add_error(
+                "username", _('* Automatic login mode,'
+                              ' must fill in the username.')
+            )
+            return False
+        return validated
+
+    class Meta:
+        model = SystemUser
+        fields = [
+            'name', 'username', 'protocol', 'auto_generate_key',
+            'password', 'private_key_file', 'auto_push', 'sudo',
+            'comment', 'shell', 'priority', 'login_mode', 'cmd_filters',
+        ]
+        widgets = {
+            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
+            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
+            'cmd_filters': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Command filter')
+            }),
+        }
+        help_texts = {
+            'name': '* required',
+            'username': '* required',
+            'auto_push': _('Auto push system user to asset'),
+            'priority': _('High level will be using login asset as default, '
+                          'if user was granted more than 2 system user'),
+            'login_mode': _('If you choose manual login mode, you do not '
+                            'need to fill in the username and password.')
+        }
--- a/apps/assets/hands.py
+++ b/apps/assets/hands.py
@@ -6,13 +6,11 @@

    Other module of this app shouldn't connect with other app.

-    :copyright: (c) 2014-2017 by Jumpserver Team.
+    :copyright: (c) 2014-2018 by Jumpserver Team.
    :license: GPL v2, see LICENSE for more details.
 """


-from users.utils import AdminUserRequiredMixin
-from users.permissions import IsAppUser, IsSuperUser, IsValidUser
+from common.permissions import AdminUserRequiredMixin
+from common.permissions import IsAppUser, IsOrgAdmin, IsValidUser, IsOrgAdminOrAppUser
 from users.models import User, UserGroup
-from perms.utils import get_user_granted_assets
-from perms.tasks import push_users
--- a/apps/assets/migrations/0001_initial.py
+++ b/apps/assets/migrations/0001_initial.py
@@ -0,0 +1,168 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2017-12-21 16:06
+from __future__ import unicode_literals
+
+import assets.models.utils
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+def add_default_group(apps, schema_editor):
+    group_model = apps.get_model("assets", "AssetGroup")
+    db_alias = schema_editor.connection.alias
+    group_model.objects.using(db_alias).create(
+        name="Default"
+    )
+
+
+def add_default_cluster(apps, schema_editor):
+    cluster_model = apps.get_model("assets", "Cluster")
+    db_alias = schema_editor.connection.alias
+    cluster_model.objects.using(db_alias).create(
+        name="Default"
+    )
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AdminUser',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('username', models.CharField(max_length=16, verbose_name='Username')),
+                ('_password', models.CharField(blank=True, max_length=256, null=True, verbose_name='Password')),
+                ('_private_key', models.TextField(blank=True, max_length=4096, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key')),
+                ('_public_key', models.TextField(blank=True, max_length=4096, verbose_name='SSH public key')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_updated', models.DateTimeField(auto_now=True)),
+                ('created_by', models.CharField(max_length=32, null=True, verbose_name='Created by')),
+                ('become', models.BooleanField(default=True)),
+                ('become_method', models.CharField(choices=[('sudo', 'sudo'), ('su', 'su')], default='sudo', max_length=4)),
+                ('become_user', models.CharField(default='root', max_length=64)),
+                ('_become_pass', models.CharField(default='', max_length=128)),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='Asset',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('ip', models.GenericIPAddressField(db_index=True, verbose_name='IP')),
+                ('hostname', models.CharField(max_length=128, unique=True, verbose_name='Hostname')),
+                ('port', models.IntegerField(default=22, verbose_name='Port')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Is active')),
+                ('type', models.CharField(blank=True, choices=[('Server', 'Server'), ('VM', 'VM'), ('Switch', 'Switch'), ('Router', 'Router'), ('Firewall', 'Firewall'), ('Storage', 'Storage')], default='Server', max_length=16, null=True, verbose_name='Asset type')),
+                ('env', models.CharField(blank=True, choices=[('Prod', 'Production'), ('Dev', 'Development'), ('Test', 'Testing')], default='Prod', max_length=8, null=True, verbose_name='Asset environment')),
+                ('status', models.CharField(blank=True, choices=[('In use', 'In use'), ('Out of use', 'Out of use')], default='In use', max_length=12, null=True, verbose_name='Asset status')),
+                ('public_ip', models.GenericIPAddressField(blank=True, null=True, verbose_name='Public IP')),
+                ('remote_card_ip', models.CharField(blank=True, max_length=16, null=True, verbose_name='Remote control card IP')),
+                ('cabinet_no', models.CharField(blank=True, max_length=32, null=True, verbose_name='Cabinet number')),
+                ('cabinet_pos', models.IntegerField(blank=True, null=True, verbose_name='Cabinet position')),
+                ('number', models.CharField(blank=True, max_length=32, null=True, verbose_name='Asset number')),
+                ('vendor', models.CharField(blank=True, max_length=64, null=True, verbose_name='Vendor')),
+                ('model', models.CharField(blank=True, max_length=54, null=True, verbose_name='Model')),
+                ('sn', models.CharField(blank=True, max_length=128, null=True, verbose_name='Serial number')),
+                ('cpu_model', models.CharField(blank=True, max_length=64, null=True, verbose_name='CPU model')),
+                ('cpu_count', models.IntegerField(null=True, verbose_name='CPU count')),
+                ('cpu_cores', models.IntegerField(null=True, verbose_name='CPU cores')),
+                ('memory', models.CharField(blank=True, max_length=64, null=True, verbose_name='Memory')),
+                ('disk_total', models.CharField(blank=True, max_length=1024, null=True, verbose_name='Disk total')),
+                ('disk_info', models.CharField(blank=True, max_length=1024, null=True, verbose_name='Disk info')),
+                ('platform', models.CharField(blank=True, max_length=128, null=True, verbose_name='Platform')),
+                ('os', models.CharField(blank=True, max_length=128, null=True, verbose_name='OS')),
+                ('os_version', models.CharField(blank=True, max_length=16, null=True, verbose_name='OS version')),
+                ('os_arch', models.CharField(blank=True, max_length=16, null=True, verbose_name='OS arch')),
+                ('hostname_raw', models.CharField(blank=True, max_length=128, null=True, verbose_name='Hostname raw')),
+                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
+                ('admin_user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='assets.AdminUser', verbose_name='Admin user')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AssetGroup',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=64, unique=True, verbose_name='Name')),
+                ('created_by', models.CharField(blank=True, max_length=32, verbose_name='Created by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='Cluster',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=32, verbose_name='Name')),
+                ('bandwidth', models.CharField(blank=True, max_length=32, verbose_name='Bandwidth')),
+                ('contact', models.CharField(blank=True, max_length=128, verbose_name='Contact')),
+                ('phone', models.CharField(blank=True, max_length=32, verbose_name='Phone')),
+                ('address', models.CharField(blank=True, max_length=128, verbose_name='Address')),
+                ('intranet', models.TextField(blank=True, verbose_name='Intranet')),
+                ('extranet', models.TextField(blank=True, verbose_name='Extranet')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('operator', models.CharField(blank=True, max_length=32, verbose_name='Operator')),
+                ('created_by', models.CharField(blank=True, max_length=32, verbose_name='Created by')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+                ('admin_user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='assets.AdminUser', verbose_name='Admin user')),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='SystemUser',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('username', models.CharField(max_length=16, verbose_name='Username')),
+                ('_password', models.CharField(blank=True, max_length=256, null=True, verbose_name='Password')),
+                ('_private_key', models.TextField(blank=True, max_length=4096, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key')),
+                ('_public_key', models.TextField(blank=True, max_length=4096, verbose_name='SSH public key')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_updated', models.DateTimeField(auto_now=True)),
+                ('created_by', models.CharField(max_length=32, null=True, verbose_name='Created by')),
+                ('priority', models.IntegerField(default=10, verbose_name='Priority')),
+                ('protocol', models.CharField(choices=[('ssh', 'ssh')], default='ssh', max_length=16, verbose_name='Protocol')),
+                ('auto_push', models.BooleanField(default=True, verbose_name='Auto push')),
+                ('sudo', models.TextField(default='/sbin/ifconfig', verbose_name='Sudo')),
+                ('shell', models.CharField(default='/bin/bash', max_length=64, verbose_name='Shell')),
+                ('cluster', models.ManyToManyField(blank=True, to='assets.Cluster', verbose_name='Cluster')),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='cluster',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='assets', to='assets.Cluster', verbose_name='Cluster'),
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='groups',
+            field=models.ManyToManyField(blank=True, related_name='assets', to='assets.AssetGroup', verbose_name='Asset groups'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='asset',
+            unique_together=set([('ip', 'port')]),
+        ),
+
+        migrations.RunPython(add_default_cluster),
+        migrations.RunPython(add_default_group),
+    ]
--- a/apps/assets/models/init.py
+++ b/apps/assets/models/init.py
@@ -1,9 +1,12 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
-# 
-
-from .idc import *
+#
 from .user import *
+from .label import Label
+from .cluster import *
 from .group import *
+from .domain import *
+from .node import *
 from .asset import *
+from .cmd_filter import *
 from .utils import *
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@@ -2,96 +2,138 @@
 # -*- coding: utf-8 -*-
 # 

-from __future__ import unicode_literals
+import uuid
+import logging
+import random
+from functools import reduce
+from collections import defaultdict

 from django.db import models
-import logging
+from django.db.models import Q
 from django.utils.translation import ugettext_lazy as _
+from django.core.cache import cache

-from . import IDC, AssetGroup, AdminUser, SystemUser
+from ..const import ASSET_ADMIN_CONN_CACHE_KEY
+from .user import AdminUser, SystemUser
+from orgs.mixins import OrgModelMixin, OrgManager

 __all__ = ['Asset']
 logger = logging.getLogger(__name__)


-def get_default_idc():
-    return IDC.initial()
+def default_cluster():
+    from .cluster import Cluster
+    name = "Default"
+    defaults = {"name": name}
+    cluster, created = Cluster.objects.get_or_create(
+        defaults=defaults, name=name
+    )
+    return cluster.id


-class Asset(models.Model):
-    STATUS_CHOICES = (
-        ('In use', _('In use')),
-        ('Out of use', _('Out of use')),
-    )
-    TYPE_CHOICES = (
-        ('Server', _('Server')),
-        ('VM', _('VM')),
-        ('Switch', _('Switch')),
-        ('Router', _('Router')),
-        ('Firewall', _('Firewall')),
-        ('Storage', _("Storage")),
-    )
-    ENV_CHOICES = (
-        ('Prod', 'Production'),
-        ('Dev', 'Development'),
-        ('Test', 'Testing'),
-    )
+def default_node():
+    try:
+        from .node import Node
+        return Node.root()
+    except:
+        return None

+
+class AssetQuerySet(models.QuerySet):
+    def active(self):
+        return self.filter(is_active=True)
+
+    def valid(self):
+        return self.active()
+
+
+class Asset(OrgModelMixin):
    # Important
+    PLATFORM_CHOICES = (
+        ('Linux', 'Linux'),
+        ('Unix', 'Unix'),
+        ('MacOS', 'MacOS'),
+        ('BSD', 'BSD'),
+        ('Windows', 'Windows'),
+        ('Windows2016', 'Windows(2016)'),
+        ('Other', 'Other'),
+    )
+
+    SSH_PROTOCOL = 'ssh'
+    RDP_PROTOCOL = 'rdp'
+    TELNET_PROTOCOL = 'telnet'
+    PROTOCOL_CHOICES = (
+        (SSH_PROTOCOL, 'ssh'),
+        (RDP_PROTOCOL, 'rdp'),
+        (TELNET_PROTOCOL, 'telnet (beta)'),
+    )
+
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True)
-    hostname = models.CharField(max_length=128, unique=True, verbose_name=_('Hostname'))
+    hostname = models.CharField(max_length=128, verbose_name=_('Hostname'))
+    protocol = models.CharField(max_length=128, default=SSH_PROTOCOL, choices=PROTOCOL_CHOICES, verbose_name=_('Protocol'))
    port = models.IntegerField(default=22, verbose_name=_('Port'))
-    groups = models.ManyToManyField(AssetGroup, blank=True, related_name='assets',
-                                    verbose_name=_('Asset groups'))
-    admin_user = models.ForeignKey(AdminUser, null=True, blank=True, related_name='assets',
-                                   on_delete=models.SET_NULL, verbose_name=_("Admin user"))
-    system_users = models.ManyToManyField(SystemUser, blank=True,
-                                          related_name='assets',
-                                          verbose_name=_("System User"))
-    idc = models.ForeignKey(IDC, blank=True, null=True, related_name='assets',
-                            on_delete=models.SET_NULL, verbose_name=_('IDC'),)
+    platform = models.CharField(max_length=128, choices=PLATFORM_CHOICES, default='Linux', verbose_name=_('Platform'))
+    domain = models.ForeignKey("assets.Domain", null=True, blank=True,
+                               related_name='assets', verbose_name=_("Domain"),
+                               on_delete=models.SET_NULL)
+    nodes = models.ManyToManyField('assets.Node', default=default_node,
+                                   related_name='assets',
+                                   verbose_name=_("Nodes"))
    is_active = models.BooleanField(default=True, verbose_name=_('Is active'))
-    type = models.CharField(choices=TYPE_CHOICES, max_length=16, blank=True, null=True,
-                            default='Server', verbose_name=_('Asset type'),)
-    env = models.CharField(choices=ENV_CHOICES, max_length=8, blank=True, null=True,
-                           default='Prod', verbose_name=_('Asset environment'),)
-    status = models.CharField(choices=STATUS_CHOICES, max_length=12, null=True, blank=True,
-                              default='In use', verbose_name=_('Asset status'))
+
+    # Auth
+    admin_user = models.ForeignKey('assets.AdminUser', on_delete=models.PROTECT,
+                                   null=True, verbose_name=_("Admin user"))

    # Some information
-    public_ip = models.GenericIPAddressField(max_length=32, blank=True,
-                                             null=True, verbose_name=_('Public IP'))
-    remote_card_ip = models.CharField(max_length=16, null=True, blank=True,
-                                      verbose_name=_('Remote control card IP'))
-    cabinet_no = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Cabinet number'))
-    cabinet_pos = models.IntegerField(null=True, blank=True, verbose_name=_('Cabinet position'))
+    public_ip = models.GenericIPAddressField(max_length=32, blank=True, null=True, verbose_name=_('Public IP'))
    number = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Asset number'))

    # Collect
-    vendor = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Vendor'))
-    model = models.CharField(max_length=54, null=True, blank=True, verbose_name=_('Model'))
-    sn = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('Serial number'))
+    vendor = models.CharField(max_length=64, null=True, blank=True,
+                              verbose_name=_('Vendor'))
+    model = models.CharField(max_length=54, null=True, blank=True,
+                             verbose_name=_('Model'))
+    sn = models.CharField(max_length=128, null=True, blank=True,
+                          verbose_name=_('Serial number'))

-    cpu_model = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('CPU model'))
+    cpu_model = models.CharField(max_length=64, null=True, blank=True,
+                                 verbose_name=_('CPU model'))
    cpu_count = models.IntegerField(null=True, verbose_name=_('CPU count'))
    cpu_cores = models.IntegerField(null=True, verbose_name=_('CPU cores'))
-    memory = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Memory'))
-    disk_total = models.CharField(max_length=1024, null=True, blank=True, verbose_name=_('Disk total'))
-    disk_info = models.CharField(max_length=1024, null=True, blank=True, verbose_name=_('Disk info'))
+    cpu_vcpus = models.IntegerField(null=True, verbose_name=_('CPU vcpus'))
+    memory = models.CharField(max_length=64, null=True, blank=True,
+                              verbose_name=_('Memory'))
+    disk_total = models.CharField(max_length=1024, null=True, blank=True,
+                                  verbose_name=_('Disk total'))
+    disk_info = models.CharField(max_length=1024, null=True, blank=True,
+                                 verbose_name=_('Disk info'))

-    platform = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('Platform'))
-    os = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('OS'))
-    os_version = models.CharField(max_length=16, null=True, blank=True, verbose_name=_('OS version'))
-    os_arch = models.CharField(max_length=16, blank=True, null=True, verbose_name=_('OS arch'))
-    hostname_raw = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Hostname raw'))
+    os = models.CharField(max_length=128, null=True, blank=True,
+                          verbose_name=_('OS'))
+    os_version = models.CharField(max_length=16, null=True, blank=True,
+                                  verbose_name=_('OS version'))
+    os_arch = models.CharField(max_length=16, blank=True, null=True,
+                               verbose_name=_('OS arch'))
+    hostname_raw = models.CharField(max_length=128, blank=True, null=True,
+                                    verbose_name=_('Hostname raw'))

-    created_by = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Created by'))
-    date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
-    comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
+    labels = models.ManyToManyField('assets.Label', blank=True,
+                                    related_name='assets',
+                                    verbose_name=_("Labels"))
+    created_by = models.CharField(max_length=32, null=True, blank=True,
+                                  verbose_name=_('Created by'))
+    date_created = models.DateTimeField(auto_now_add=True, null=True,
+                                        blank=True,
+                                        verbose_name=_('Date created'))
+    comment = models.TextField(max_length=128, default='', blank=True,
+                               verbose_name=_('Comment'))

-    def __unicode__(self):
-        return '%s <%s: %s>' % (self.hostname, self.ip, self.port)
-    __str__ = __unicode__
+    objects = OrgManager.from_queryset(AssetQuerySet)()
+
+    def __str__(self):
+        return '{0.hostname}({0.ip})'.format(self)

    @property
    def is_valid(self):
@@ -102,34 +144,102 @@ class Asset(models.Model):
            return True, ''
        return False, warning

+    def is_unixlike(self):
+        if self.platform not in ("Windows", "Windows2016"):
+            return True
+        else:
+            return False
+
+    def get_nodes(self):
+        from .node import Node
+        nodes = self.nodes.all() or [Node.root()]
+        return nodes
+
+    def get_all_nodes(self, flat=False):
+        nodes = []
+        for node in self.get_nodes():
+            _nodes = node.get_ancestor(with_self=True)
+            _nodes.append(_nodes)
+        if flat:
+            nodes = list(reduce(lambda x, y: set(x) | set(y), nodes))
+        return nodes
+
+    @classmethod
+    def get_queryset_by_fullname_list(cls, fullname_list):
+        org_fullname_map = defaultdict(list)
+        for fullname in fullname_list:
+            hostname, org = cls.split_fullname(fullname)
+            org_fullname_map[org].append(hostname)
+        filter_arg = Q()
+        for org, hosts in org_fullname_map.items():
+            if org.is_real():
+                filter_arg |= Q(hostname__in=hosts, org_id=org.id)
+            else:
+                filter_arg |= Q(Q(org_id__isnull=True) | Q(org_id=''), hostname__in=hosts)
+        return Asset.objects.filter(filter_arg)
+
+    @property
+    def hardware_info(self):
+        if self.cpu_count:
+            return '{} Core {} {}'.format(
+                self.cpu_vcpus or self.cpu_count * self.cpu_cores,
+                self.memory, self.disk_total
+            )
+        else:
+            return ''
+
+    @property
+    def is_connective(self):
+        if not self.is_unixlike():
+            return True
+        val = cache.get(ASSET_ADMIN_CONN_CACHE_KEY.format(self.hostname))
+        if val == 1:
+            return True
+        else:
+            return False
+
    def to_json(self):
-        return {
+        info = {
            'id': self.id,
            'hostname': self.hostname,
            'ip': self.ip,
            'port': self.port,
        }
+        if self.domain and self.domain.gateway_set.all():
+            info["gateways"] = [d.id for d in self.domain.gateway_set.all()]
+        return info
+
+    def get_auth_info(self):
+        if self.admin_user:
+            return {
+                'username': self.admin_user.username,
+                'password': self.admin_user.password,
+                'private_key': self.admin_user.private_key_file,
+                'become': self.admin_user.become_info,
+            }

    def _to_secret_json(self):
-        """Ansible use it create inventory"""
-        return {
-            'id': self.id,
-            'hostname': self.hostname,
-            'ip': self.ip,
-            'port': self.port,
-            'groups': [group.name for group in self.groups.all()],
-            'username': self.admin_user.username if self.admin_user else '',
-            'password': self.admin_user.password if self.admin_user else '',
-            'private_key': self.admin_user.private_key_file if self.admin_user else None,
-            'become': {
-                'method': self.admin_user.become_method,
-                'user': self.admin_user.become_user,
-                'pass': self.admin_user.become_pass,
-            } if self.admin_user and self.admin_user.become else {},
-        }
+        """
+        Ansible use it create inventory, First using asset user,
+        otherwise using cluster admin user
+
+        Todo: May be move to ops implements it
+        """
+        data = self.to_json()
+        if self.admin_user:
+            admin_user = self.admin_user
+            data.update({
+                'username': admin_user.username,
+                'password': admin_user.password,
+                'private_key': admin_user.private_key_file,
+                'become': admin_user.become_info,
+                'groups': [node.value for node in self.nodes.all()],
+            })
+        return data

    class Meta:
-        unique_together = ('ip', 'port')
+        unique_together = [('org_id', 'hostname')]
+        verbose_name = _("Asset")

    @classmethod
    def generate_fake(cls, count=100):
@@ -139,18 +249,16 @@ class Asset(models.Model):

        seed()
        for i in range(count):
-            asset = cls(ip='%s.%s.%s.%s' % (i, i, i, i),
+            ip = [str(i) for i in random.sample(range(255), 4)]
+            asset = cls(ip='.'.join(ip),
                        hostname=forgery_py.internet.user_name(True),
                        admin_user=choice(AdminUser.objects.all()),
-                        idc=choice(IDC.objects.all()),
                        port=22,
                        created_by='Fake')
            try:
                asset.save()
                asset.system_users = [choice(SystemUser.objects.all()) for i in range(3)]
-                asset.groups = [choice(AssetGroup.objects.all()) for i in range(3)]
                logger.debug('Generate fake asset : %s' % asset.ip)
            except IntegrityError:
                print('Error continue')
                continue
-
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -0,0 +1,134 @@
+# -*- coding: utf-8 -*-
+#
+import os
+import uuid
+from hashlib import md5
+
+import sshpubkeys
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+from django.conf import settings
+
+from common.utils import get_signer, ssh_key_string_to_obj, ssh_key_gen
+from common.validators import alphanumeric
+from orgs.mixins import OrgModelMixin
+from .utils import private_key_validator
+
+signer = get_signer()
+
+
+class AssetUser(OrgModelMixin):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=128, verbose_name=_('Name'))
+    username = models.CharField(max_length=32, blank=True, verbose_name=_('Username'), validators=[alphanumeric])
+    _password = models.CharField(max_length=256, blank=True, null=True, verbose_name=_('Password'))
+    _private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ])
+    _public_key = models.TextField(max_length=4096, blank=True, verbose_name=_('SSH public key'))
+    comment = models.TextField(blank=True, verbose_name=_('Comment'))
+    date_created = models.DateTimeField(auto_now_add=True)
+    date_updated = models.DateTimeField(auto_now=True)
+    created_by = models.CharField(max_length=128, null=True, verbose_name=_('Created by'))
+
+    @property
+    def password(self):
+        if self._password:
+            return signer.unsign(self._password)
+        else:
+            return None
+
+    @password.setter
+    def password(self, password_raw):
+        raise AttributeError("Using set_auth do that")
+        # self._password = signer.sign(password_raw)
+
+    @property
+    def private_key(self):
+        if self._private_key:
+            return signer.unsign(self._private_key)
+
+    @private_key.setter
+    def private_key(self, private_key_raw):
+        raise AttributeError("Using set_auth do that")
+        # self._private_key = signer.sign(private_key_raw)
+
+    @property
+    def private_key_obj(self):
+        if self._private_key:
+            key_str = signer.unsign(self._private_key)
+            return ssh_key_string_to_obj(key_str, password=self.password)
+        else:
+            return None
+
+    @property
+    def private_key_file(self):
+        if not self.private_key_obj:
+            return None
+        project_dir = settings.PROJECT_DIR
+        tmp_dir = os.path.join(project_dir, 'tmp')
+        key_str = signer.unsign(self._private_key)
+        key_name = '.' + md5(key_str.encode('utf-8')).hexdigest()
+        key_path = os.path.join(tmp_dir, key_name)
+        if not os.path.exists(key_path):
+            self.private_key_obj.write_private_key_file(key_path)
+            os.chmod(key_path, 0o400)
+        return key_path
+
+    @property
+    def public_key(self):
+        key = signer.unsign(self._public_key)
+        if key:
+            return key
+        else:
+            return None
+
+    @property
+    def public_key_obj(self):
+        if self.public_key:
+            try:
+                return sshpubkeys.SSHKey(self.public_key)
+            except TabError:
+                pass
+        return None
+
+    def set_auth(self, password=None, private_key=None, public_key=None):
+        update_fields = []
+        if password:
+            self._password = signer.sign(password)
+            update_fields.append('_password')
+        if private_key:
+            self._private_key = signer.sign(private_key)
+            update_fields.append('_private_key')
+        if public_key:
+            self._public_key = signer.sign(public_key)
+            update_fields.append('_public_key')
+
+        if update_fields:
+            self.save(update_fields=update_fields)
+
+    def clear_auth(self):
+        self._password = ''
+        self._private_key = ''
+        self._public_key = ''
+        self.save()
+
+    def auto_gen_auth(self):
+        password = str(uuid.uuid4())
+        private_key, public_key = ssh_key_gen(
+            username=self.username
+        )
+        self.set_auth(password=password,
+                      private_key=private_key,
+                      public_key=public_key)
+
+    def _to_secret_json(self):
+        """Push system user use it"""
+        return {
+            'name': self.name,
+            'username': self.username,
+            'password': self.password,
+            'public_key': self.public_key,
+            'private_key': self.private_key_file,
+        }
+
+    class Meta:
+        abstract = True
--- a/apps/assets/models/cluster.py
+++ b/apps/assets/models/cluster.py
@@ -0,0 +1,64 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+
+import logging
+import uuid
+
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+
+__all__ = ['Cluster']
+logger = logging.getLogger(__name__)
+
+
+class Cluster(models.Model):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=32, verbose_name=_('Name'))
+    admin_user = models.ForeignKey('assets.AdminUser', null=True, blank=True, on_delete=models.SET_NULL, verbose_name=_("Admin user"))
+    bandwidth = models.CharField(max_length=32, blank=True, verbose_name=_('Bandwidth'))
+    contact = models.CharField(max_length=128, blank=True, verbose_name=_('Contact'))
+    phone = models.CharField(max_length=32, blank=True, verbose_name=_('Phone'))
+    address = models.CharField(max_length=128, blank=True, verbose_name=_("Address"))
+    intranet = models.TextField(blank=True, verbose_name=_('Intranet'))
+    extranet = models.TextField(blank=True, verbose_name=_('Extranet'))
+    date_created = models.DateTimeField(auto_now_add=True, null=True, verbose_name=_('Date created'))
+    operator = models.CharField(max_length=32, blank=True, verbose_name=_('Operator'))
+    created_by = models.CharField(max_length=32, blank=True, verbose_name=_('Created by'))
+    comment = models.TextField(blank=True, verbose_name=_('Comment'))
+
+    def __str__(self):
+        return self.name
+
+    @classmethod
+    def initial(cls):
+        return cls.objects.get_or_create(name=_('Default'), created_by=_('System'), comment=_('Default Cluster'))[0]
+
+    class Meta:
+        ordering = ['name']
+        verbose_name = _("Cluster")
+
+    @classmethod
+    def generate_fake(cls, count=5):
+        from random import seed, choice
+        import forgery_py
+        from django.db import IntegrityError
+
+        seed()
+        for i in range(count):
+            cluster = cls(name=forgery_py.name.full_name(),
+                          bandwidth='200M',
+                          contact=forgery_py.name.full_name(),
+                          phone=forgery_py.address.phone(),
+                          address=forgery_py.address.city() + forgery_py.address.street_address(),
+                          # operator=choice(['北京联通', '北京电信', 'BGP全网通']),
+                          operator=choice([_('Beijing unicom'), _('Beijing telecom'), _('BGP full netcom')]),
+                          comment=forgery_py.lorem_ipsum.sentence(),
+                          created_by='Fake')
+            try:
+                cluster.save()
+                logger.debug('Generate fake asset group: %s' % cluster.name)
+            except IntegrityError:
+                print('Error continue')
+                continue
--- a/apps/assets/models/cmd_filter.py
+++ b/apps/assets/models/cmd_filter.py
@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+#
+import uuid
+
+from django.db import models
+from django.core.validators import MinValueValidator, MaxValueValidator
+from django.utils.translation import ugettext_lazy as _
+
+from orgs.mixins import OrgModelMixin
+
+
+__all__ = [
+    'CommandFilter', 'CommandFilterRule'
+]
+
+
+class CommandFilter(OrgModelMixin):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=64, verbose_name=_("Name"))
+    is_active = models.BooleanField(default=True, verbose_name=_('Is active'))
+    comment = models.TextField(blank=True, default='', verbose_name=_("Comment"))
+    date_created = models.DateTimeField(auto_now_add=True)
+    date_updated = models.DateTimeField(auto_now=True)
+    created_by = models.CharField(max_length=128, blank=True, default='', verbose_name=_('Created by'))
+
+    def __str__(self):
+        return self.name
+
+
+class CommandFilterRule(OrgModelMixin):
+    TYPE_REGEX = 'regex'
+    TYPE_COMMAND = 'command'
+    TYPE_CHOICES = (
+        (TYPE_REGEX, _('Regex')),
+        (TYPE_COMMAND, _('Command')),
+    )
+
+    ACTION_DENY, ACTION_ALLOW = range(2)
+    ACTION_CHOICES = (
+        (ACTION_DENY, _('Deny')),
+        (ACTION_ALLOW, _('Allow')),
+    )
+
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    filter = models.ForeignKey('CommandFilter', on_delete=models.CASCADE, verbose_name=_("Filter"), related_name='rules')
+    type = models.CharField(max_length=16, default=TYPE_COMMAND, choices=TYPE_CHOICES, verbose_name=_("Type"))
+    priority = models.IntegerField(default=50, verbose_name=_("Priority"), help_text=_("1-100, the lower will be match first"),
+                                   validators=[MinValueValidator(1), MaxValueValidator(100)])
+    content = models.TextField(max_length=1024, verbose_name=_("Content"), help_text=_("One line one command"))
+    action = models.IntegerField(default=ACTION_DENY, choices=ACTION_CHOICES, verbose_name=_("Action"))
+    comment = models.CharField(max_length=64, blank=True, default='', verbose_name=_("Comment"))
+    date_created = models.DateTimeField(auto_now_add=True)
+    date_updated = models.DateTimeField(auto_now=True)
+    created_by = models.CharField(max_length=128, blank=True, default='', verbose_name=_('Created by'))
+
+    class Meta:
+        ordering = ('priority', 'action')
+
+    def __str__(self):
+        return '{} % {}'.format(self.type, self.content)
--- a/apps/assets/models/domain.py
+++ b/apps/assets/models/domain.py
@@ -0,0 +1,59 @@
+# -*- coding: utf-8 -*-
+#
+
+import uuid
+import random
+
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+from orgs.mixins import OrgModelMixin
+from .base import AssetUser
+
+__all__ = ['Domain', 'Gateway']
+
+
+class Domain(OrgModelMixin):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
+    comment = models.TextField(blank=True, verbose_name=_('Comment'))
+    date_created = models.DateTimeField(auto_now_add=True, null=True,
+                                        verbose_name=_('Date created'))
+
+    class Meta:
+        verbose_name = _("Domain")
+
+    def __str__(self):
+        return self.name
+
+    def has_gateway(self):
+        return self.gateway_set.filter(is_active=True).exists()
+
+    @property
+    def gateways(self):
+        return self.gateway_set.filter(is_active=True)
+
+    def random_gateway(self):
+        return random.choice(self.gateways)
+
+
+class Gateway(AssetUser):
+    SSH_PROTOCOL = 'ssh'
+    RDP_PROTOCOL = 'rdp'
+    PROTOCOL_CHOICES = (
+        (SSH_PROTOCOL, 'ssh'),
+        (RDP_PROTOCOL, 'rdp'),
+    )
+    ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True)
+    port = models.IntegerField(default=22, verbose_name=_('Port'))
+    protocol = models.CharField(choices=PROTOCOL_CHOICES, max_length=16, default=SSH_PROTOCOL, verbose_name=_("Protocol"))
+    domain = models.ForeignKey(Domain, on_delete=models.CASCADE, verbose_name=_("Domain"))
+    comment = models.CharField(max_length=128, blank=True, null=True, verbose_name=_("Comment"))
+    is_active = models.BooleanField(default=True, verbose_name=_("Is active"))
+
+    def __str__(self):
+        return self.name
+
+    class Meta:
+        unique_together = [('name', 'org_id')]
+        verbose_name = _("Gateway")
--- a/apps/assets/models/group.py
+++ b/apps/assets/models/group.py
@@ -4,29 +4,30 @@

 from __future__ import unicode_literals

+import uuid
+
 from django.db import models
 import logging
 from django.utils.translation import ugettext_lazy as _

-from . import SystemUser

 __all__ = ['AssetGroup']
 logger = logging.getLogger(__name__)


 class AssetGroup(models.Model):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    name = models.CharField(max_length=64, unique=True, verbose_name=_('Name'))
-    system_users = models.ManyToManyField(SystemUser, related_name='asset_groups', blank=True)
-    created_by = models.CharField(max_length=32, blank=True, verbose_name=_('Created by'))
+    created_by = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Created by'))
    date_created = models.DateTimeField(auto_now_add=True, null=True, verbose_name=_('Date created'))
    comment = models.TextField(blank=True, verbose_name=_('Comment'))

-    def __unicode__(self):
+    def __str__(self):
        return self.name
-    __str__ = __unicode__

    class Meta:
        ordering = ['name']
+        verbose_name = _("Asset group")

    @classmethod
    def initial(cls):
--- a/apps/assets/models/idc.py
+++ b/apps/assets/models/idc.py
@@ -1,69 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#
-
-from __future__ import unicode_literals
-
-import logging
-
-from django.db import models
-from django.utils.translation import ugettext_lazy as _
-
-
-__all__ = ['IDC']
-logger = logging.getLogger(__name__)
-
-
-class IDC(models.Model):
-    name = models.CharField(max_length=32, verbose_name=_('Name'))
-    bandwidth = models.CharField(
-        max_length=32, blank=True, verbose_name=_('Bandwidth'))
-    contact = models.CharField(
-        max_length=128, blank=True, verbose_name=_('Contact'))
-    phone = models.CharField(max_length=32, blank=True,
-                             verbose_name=_('Phone'))
-    address = models.CharField(
-        max_length=128, blank=True, verbose_name=_("Address"))
-    intranet = models.TextField(blank=True, verbose_name=_('Intranet'))
-    extranet = models.TextField(blank=True, verbose_name=_('Extranet'))
-    date_created = models.DateTimeField(
-        auto_now_add=True, null=True, verbose_name=_('Date created'))
-    operator = models.CharField(
-        max_length=32, blank=True, verbose_name=_('Operator'))
-    created_by = models.CharField(
-        max_length=32, blank=True, verbose_name=_('Created by'))
-    comment = models.TextField(blank=True, verbose_name=_('Comment'))
-
-    def __unicode__(self):
-        return self.name
-    __str__ = __unicode__
-
-    @classmethod
-    def initial(cls):
-        return cls.objects.get_or_create(name=_('Default'), created_by=_('System'), comment=_('Default IDC'))[0]
-
-    class Meta:
-        ordering = ['name']
-
-    @classmethod
-    def generate_fake(cls, count=5):
-        from random import seed, choice
-        import forgery_py
-        from django.db import IntegrityError
-
-        seed()
-        for i in range(count):
-            idc = cls(name=forgery_py.name.full_name(),
-                      bandwidth='200M',
-                      contact=forgery_py.name.full_name(),
-                      phone=forgery_py.address.phone(),
-                      address=forgery_py.address.city() + forgery_py.address.street_address(),
-                      operator=choice(['北京联通', '北京电信', 'BGP全网通']),
-                      comment=forgery_py.lorem_ipsum.sentence(),
-                      created_by='Fake')
-            try:
-                idc.save()
-                logger.debug('Generate fake asset group: %s' % idc.name)
-            except IntegrityError:
-                print('Error continue')
-                continue
--- a/apps/assets/models/label.py
+++ b/apps/assets/models/label.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+#
+
+import uuid
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+from orgs.mixins import OrgModelMixin
+
+
+class Label(OrgModelMixin):
+    SYSTEM_CATEGORY = "S"
+    USER_CATEGORY = "U"
+    CATEGORY_CHOICES = (
+        ("S", _("System")),
+        ("U", _("User"))
+    )
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=128, verbose_name=_("Name"))
+    value = models.CharField(max_length=128, verbose_name=_("Value"))
+    category = models.CharField(max_length=128, choices=CATEGORY_CHOICES, default=USER_CATEGORY, verbose_name=_("Category"))
+    is_active = models.BooleanField(default=True, verbose_name=_("Is active"))
+    comment = models.TextField(blank=True, null=True, verbose_name=_("Comment"))
+    date_created = models.DateTimeField(
+        auto_now_add=True, null=True, blank=True, verbose_name=_('Date created')
+    )
+
+    @classmethod
+    def get_queryset_group_by_name(cls):
+        names = cls.objects.values_list('name', flat=True)
+        for name in names:
+            yield name, cls.objects.filter(name=name)
+
+    def __str__(self):
+        return "{}:{}".format(self.name, self.value)
+
+    class Meta:
+        db_table = "assets_label"
+        unique_together = [('name', 'value', 'org_id')]
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -0,0 +1,239 @@
+# -*- coding: utf-8 -*-
+#
+import uuid
+
+from django.db import models, transaction
+from django.db.models import Q
+from django.utils.translation import ugettext_lazy as _
+from django.core.cache import cache
+
+from orgs.mixins import OrgModelMixin
+from orgs.utils import set_current_org, get_current_org
+from orgs.models import Organization
+
+__all__ = ['Node']
+
+
+class Node(OrgModelMixin):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    key = models.CharField(unique=True, max_length=64, verbose_name=_("Key"))  # '1:1:1:1'
+    value = models.CharField(max_length=128, verbose_name=_("Value"))
+    child_mark = models.IntegerField(default=0)
+    date_create = models.DateTimeField(auto_now_add=True)
+
+    is_node = True
+    _full_value_cache_key_prefix = '_NODE_VALUE_{}'
+
+    class Meta:
+        verbose_name = _("Node")
+
+    def __str__(self):
+        return self.full_value
+
+    def __eq__(self, other):
+        return self.key == other.key
+
+    def __gt__(self, other):
+        if self.is_root():
+            return True
+        self_key = [int(k) for k in self.key.split(':')]
+        other_key = [int(k) for k in other.key.split(':')]
+        return self_key.__lt__(other_key)
+
+    def __lt__(self, other):
+        return not self.__gt__(other)
+
+    @property
+    def name(self):
+        return self.value
+
+    @property
+    def full_value(self):
+        key = self._full_value_cache_key_prefix.format(self.key)
+        cached = cache.get(key)
+        if cached:
+            return cached
+        value = self.get_full_value()
+        self.cache_full_value(value)
+        return value
+
+    def get_full_value(self):
+        # ancestor = [a.value for a in self.get_ancestor(with_self=True)]
+        if self.is_root():
+            return self.value
+        parent_full_value = self.parent.full_value
+        value = parent_full_value + ' / ' + self.value
+        return value
+
+    def cache_full_value(self, value):
+        key = self._full_value_cache_key_prefix.format(self.key)
+        cache.set(key, value, 3600)
+
+    def expire_full_value(self):
+        key = self._full_value_cache_key_prefix.format(self.key)
+        cache.delete_pattern(key+'*')
+
+    @property
+    def level(self):
+        return len(self.key.split(':'))
+
+    def get_next_child_key(self):
+        mark = self.child_mark
+        self.child_mark += 1
+        self.save()
+        return "{}:{}".format(self.key, mark)
+
+    def create_child(self, value):
+        with transaction.atomic():
+            child_key = self.get_next_child_key()
+            child = self.__class__.objects.create(key=child_key, value=value)
+            return child
+
+    def get_children(self, with_self=False):
+        pattern = r'^{0}$|^{}:[0-9]+$' if with_self else r'^{}:[0-9]+$'
+        return self.__class__.objects.filter(
+            key__regex=pattern.format(self.key)
+        )
+
+    def get_all_children(self, with_self=False):
+        pattern = r'^{0}$|^{0}:' if with_self else r'^{0}'
+        return self.__class__.objects.filter(
+            key__regex=pattern.format(self.key)
+        )
+
+    def get_sibling(self, with_self=False):
+        key = ':'.join(self.key.split(':')[:-1])
+        pattern = r'^{}:[0-9]+$'.format(key)
+        sibling = self.__class__.objects.filter(
+            key__regex=pattern.format(self.key)
+        )
+        if not with_self:
+            sibling = sibling.exclude(key=self.key)
+        return sibling
+
+    def get_family(self):
+        ancestor = self.get_ancestor()
+        children = self.get_all_children()
+        return [*tuple(ancestor), self, *tuple(children)]
+
+    def get_assets(self):
+        from .asset import Asset
+        if self.is_default_node():
+            assets = Asset.objects.filter(nodes__isnull=True)
+        else:
+            assets = Asset.objects.filter(nodes__id=self.id)
+        return assets
+
+    def get_valid_assets(self):
+        return self.get_assets().valid()
+
+    def get_all_assets(self):
+        from .asset import Asset
+        pattern = r'^{0}$|^{0}:'.format(self.key)
+        args = []
+        kwargs = {}
+        if self.is_default_node():
+            args.append(Q(nodes__key__regex=pattern) | Q(nodes=None))
+        else:
+            kwargs['nodes__key__regex'] = pattern
+        assets = Asset.objects.filter(*args, **kwargs)
+        return assets
+
+    def get_all_valid_assets(self):
+        return self.get_all_assets().valid()
+
+    def is_default_node(self):
+        return self.is_root() and self.key == '0'
+
+    def is_root(self):
+        if self.key.isdigit():
+            return True
+        else:
+            return False
+
+    @property
+    def parent_key(self):
+        parent_key = ":".join(self.key.split(":")[:-1])
+        return parent_key
+
+    @property
+    def parent(self):
+        if self.is_root():
+            return self
+        try:
+            parent = self.__class__.objects.get(key=self.parent_key)
+            return parent
+        except Node.DoesNotExist:
+            return self.__class__.root()
+
+    @parent.setter
+    def parent(self, parent):
+        if not self.is_node:
+            self.key = parent.key + ':fake'
+            return
+        children = self.get_all_children()
+        old_key = self.key
+        with transaction.atomic():
+            self.key = parent.get_next_child_key()
+            for child in children:
+                child.key = child.key.replace(old_key, self.key, 1)
+                child.save()
+            self.save()
+
+    def get_ancestor(self, with_self=False):
+        if self.is_root():
+            root = self.__class__.root()
+            return [root]
+        _key = self.key.split(':')
+        if not with_self:
+            _key.pop()
+        ancestor_keys = []
+        for i in range(len(_key)):
+            ancestor_keys.append(':'.join(_key))
+            _key.pop()
+        ancestor = self.__class__.objects.filter(
+            key__in=ancestor_keys
+        ).order_by('key')
+        return ancestor
+
+    @classmethod
+    def create_root_node(cls):
+        # 如果使用current_org 在set_current_org时会死循环
+        _current_org = get_current_org()
+        with transaction.atomic():
+            if _current_org.is_default():
+                key = '0'
+            else:
+                set_current_org(Organization.root())
+                org_nodes_roots = cls.objects.filter(key__regex=r'^[0-9]+$')
+                org_nodes_roots_keys = org_nodes_roots.values_list('key', flat=True) or [0]
+                key = str(max([int(k) for k in org_nodes_roots_keys]) + 1)
+                set_current_org(_current_org)
+            root = cls.objects.create(key=key, value=_current_org.name)
+            return root
+
+    @classmethod
+    def root(cls):
+        root = cls.objects.filter(key__regex=r'^[0-9]+$')
+        if root:
+            return root[0]
+        else:
+            return cls.create_root_node()
+
+    @classmethod
+    def default_node(cls):
+        defaults = {'value': 'Default'}
+        return cls.objects.get_or_create(defaults=defaults, key='0')
+
+    @classmethod
+    def get_tree_name_ref(cls):
+        pass
+
+    @classmethod
+    def generate_fake(cls, count=100):
+        import random
+        for i in range(count):
+            node = random.choice(cls.objects.all())
+            node.create_child('Node {}'.format(i))
+
+
--- a/apps/assets/models/user.py
+++ b/apps/assets/models/user.py
@@ -2,105 +2,74 @@
 # -*- coding: utf-8 -*-
 #

-from __future__ import unicode_literals
-import os
 import logging
-from hashlib import md5

-from django.core.exceptions import ValidationError
+from django.core.cache import cache
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
-from django.conf import settings

-from common.utils import signer, validate_ssh_private_key, ssh_key_string_to_obj
+from common.utils import get_signer
+from ..const import SYSTEM_USER_CONN_CACHE_KEY
+from .base import AssetUser

-__all__ = ['AdminUser', 'SystemUser', 'private_key_validator']
+
+__all__ = ['AdminUser', 'SystemUser',]
 logger = logging.getLogger(__name__)
+signer = get_signer()


-def private_key_validator(value):
-    if not validate_ssh_private_key(value):
-        raise ValidationError(
-            _('%(value)s is not an even number'),
-            params={'value': value},
-        )
-
-
-class AdminUser(models.Model):
+class AdminUser(AssetUser):
+    """
+    A privileged user that ansible can use it to push system user and so on
+    """
    BECOME_METHOD_CHOICES = (
        ('sudo', 'sudo'),
        ('su', 'su'),
    )
-    name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
-    username = models.CharField(max_length=16, verbose_name=_('Username'))
-    _password = models.CharField(
-        max_length=256, blank=True, null=True, verbose_name=_('Password'))
-    _private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'),
-                                    validators=[private_key_validator,])
    become = models.BooleanField(default=True)
    become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4)
    become_user = models.CharField(default='root', max_length=64)
-    become_pass = models.CharField(default='', max_length=128)
-    _public_key = models.TextField(
-        max_length=4096, blank=True, verbose_name=_('SSH public key'))
-    comment = models.TextField(blank=True, verbose_name=_('Comment'))
-    date_created = models.DateTimeField(auto_now_add=True, null=True)
-    created_by = models.CharField(
-        max_length=32, null=True, verbose_name=_('Created by'))
+    _become_pass = models.CharField(default='', max_length=128)

-    def __unicode__(self):
+    def __str__(self):
        return self.name
-    __str__ = __unicode__

    @property
-    def password(self):
-        if self._password:
-            return signer.unsign(self._password)
+    def become_pass(self):
+        password = signer.unsign(self._become_pass)
+        if password:
+            return password
        else:
-            return ''
+            return ""

-    @password.setter
-    def password(self, password_raw):
-        self._password = signer.sign(password_raw)
+    @become_pass.setter
+    def become_pass(self, password):
+        self._become_pass = signer.sign(password)

    @property
-    def private_key(self):
-        if self._private_key:
-            key_str = signer.unsign(self._private_key)
-            return ssh_key_string_to_obj(key_str)
+    def become_info(self):
+        if self.become:
+            info = {
+                "method": self.become_method,
+                "user": self.become_user,
+                "pass": self.become_pass,
+            }
        else:
-            return None
+            info = None
+        return info

-    @private_key.setter
-    def private_key(self, private_key_raw):
-        self._private_key = signer.sign(private_key_raw)
-
-    @property
-    def private_key_file(self):
-        if not self.private_key:
-            return None
-        project_dir = settings.PROJECT_DIR
-        tmp_dir = os.path.join(project_dir, 'tmp')
-        key_name = md5(self._private_key.encode()).hexdigest()
-        key_path = os.path.join(tmp_dir, key_name)
-        if not os.path.exists(key_path):
-            self.private_key.write_private_key_file(key_path)
-        return key_path
-
-    @property
-    def public_key(self):
-        return signer.unsign(self._public_key)
-
-    @public_key.setter
-    def public_key(self, public_key_raw):
-        self._public_key = signer.sign(public_key_raw)
+    def get_related_assets(self):
+        assets = self.asset_set.all()
+        return assets

    @property
    def assets_amount(self):
-        return self.assets.count()
+        return self.get_related_assets().count()

    class Meta:
        ordering = ['name']
+        unique_together = [('name', 'org_id')]
+        verbose_name = _("Admin user")

    @classmethod
    def generate_fake(cls, count=10):
@@ -123,104 +92,37 @@ class AdminUser(models.Model):
                continue


-class SystemUser(models.Model):
+class SystemUser(AssetUser):
+    SSH_PROTOCOL = 'ssh'
+    RDP_PROTOCOL = 'rdp'
+    TELNET_PROTOCOL = 'telnet'
    PROTOCOL_CHOICES = (
-        ('ssh', 'ssh'),
+        (SSH_PROTOCOL, 'ssh'),
+        (RDP_PROTOCOL, 'rdp'),
+        (TELNET_PROTOCOL, 'telnet (beta)'),
    )
-    AUTH_METHOD_CHOICES = (
-        ('P', 'Password'),
-        ('K', 'Public key'),
+
+    AUTO_LOGIN = 'auto'
+    MANUAL_LOGIN = 'manual'
+    LOGIN_MODE_CHOICES = (
+        (AUTO_LOGIN, _('Automatic login')),
+        (MANUAL_LOGIN, _('Manually login'))
    )
-    name = models.CharField(max_length=128, unique=True,
-                            verbose_name=_('Name'))
-    username = models.CharField(max_length=16, verbose_name=_('Username'))
-    _password = models.CharField(
-        max_length=256, blank=True, verbose_name=_('Password'))
-    protocol = models.CharField(
-        max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
-    _private_key = models.TextField(
-        max_length=8192, blank=True, verbose_name=_('SSH private key'))
-    _public_key = models.TextField(
-        max_length=8192, blank=True, verbose_name=_('SSH public key'))
-    auth_method = models.CharField(choices=AUTH_METHOD_CHOICES, default='K',
-                                   max_length=1, verbose_name=_('Auth method'))
+
+    nodes = models.ManyToManyField('assets.Node', blank=True, verbose_name=_("Nodes"))
+    assets = models.ManyToManyField('assets.Asset', blank=True, verbose_name=_("Assets"))
+    priority = models.IntegerField(default=10, verbose_name=_("Priority"))
+    protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
    auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))
-    sudo = models.TextField(
-        max_length=4096, default='/sbin/ifconfig', verbose_name=_('Sudo'))
-    shell = models.CharField(
-        max_length=64,  default='/bin/bash', verbose_name=_('Shell'))
-    date_created = models.DateTimeField(auto_now_add=True)
-    created_by = models.CharField(
-        max_length=32, blank=True, verbose_name=_('Created by'))
-    comment = models.TextField(
-        max_length=128, blank=True, verbose_name=_('Comment'))
+    sudo = models.TextField(default='/bin/whoami', verbose_name=_('Sudo'))
+    shell = models.CharField(max_length=64,  default='/bin/bash', verbose_name=_('Shell'))
+    login_mode = models.CharField(choices=LOGIN_MODE_CHOICES, default=AUTO_LOGIN, max_length=10, verbose_name=_('Login mode'))
+    cmd_filters = models.ManyToManyField('CommandFilter', related_name='system_users', verbose_name=_("Command filter"), blank=True)

-    def __unicode__(self):
-        return self.name
-    __str__ = __unicode__
+    cache_key = "__SYSTEM_USER_CACHED_{}"

-    @property
-    def password(self):
-        if self._password:
-            return signer.unsign(self._password)
-        return None
-
-    @password.setter
-    def password(self, password_raw):
-        self._password = signer.sign(password_raw)
-
-    @property
-    def private_key(self):
-        if self._private_key:
-            return signer.unsign(self._private_key)
-        return None
-
-    @private_key.setter
-    def private_key(self, private_key_raw):
-        self._private_key = signer.sign(private_key_raw)
-
-    @property
-    def public_key(self):
-        return signer.unsign(self._public_key)
-
-    @public_key.setter
-    def public_key(self, public_key_raw):
-        self._public_key = signer.sign(public_key_raw)
-
-    def get_assets_inherit_from_asset_groups(self):
-        assets = set()
-        asset_groups = self.asset_groups.all()
-        for asset_group in asset_groups:
-            for asset in asset_group.assets.all():
-                setattr(asset, 'is_inherit_from_asset_groups', True)
-                setattr(asset, 'inherit_from_asset_groups',
-                        getattr(asset, 'inherit_from_asset_groups', set()).add(asset_group))
-                assets.add(asset)
-        return assets
-
-    def get_assets(self):
-        assets = set(self.assets.all()
-                     ) | self.get_assets_inherit_from_asset_groups()
-        return list(assets)
-
-    def _to_secret_json(self):
-        """Push system user use it"""
-        return {
-            'name': self.name,
-            'username': self.username,
-            'shell': self.shell,
-            'sudo': self.sudo,
-            'password': self.password,
-            'public_key': self.public_key
-        }
-
-    @property
-    def assets_amount(self):
-        return self.assets.count()
-
-    @property
-    def asset_group_amount(self):
-        return self.asset_groups.count()
+    def __str__(self):
+        return '{0.name}({0.username})'.format(self)

    def to_json(self):
        return {
@@ -228,12 +130,63 @@ class SystemUser(models.Model):
            'name': self.name,
            'username': self.username,
            'protocol': self.protocol,
-            'auth_method': self.auth_method,
+            'priority': self.priority,
            'auto_push': self.auto_push,
        }

+    def get_assets(self):
+        assets = set(self.assets.all())
+        return assets
+
+    @property
+    def assets_connective(self):
+        _result = cache.get(SYSTEM_USER_CONN_CACHE_KEY.format(self.name), {})
+        return _result
+
+    @property
+    def unreachable_assets(self):
+        return list(self.assets_connective.get('dark', {}).keys())
+
+    @property
+    def reachable_assets(self):
+        return self.assets_connective.get('contacted', [])
+
+    def is_need_push(self):
+        if self.auto_push and self.protocol == self.__class__.SSH_PROTOCOL:
+            return True
+        else:
+            return False
+
+    def set_cache(self):
+        cache.set(self.cache_key.format(self.id), self, 3600)
+
+    def expire_cache(self):
+        cache.delete(self.cache_key.format(self.id))
+
+    @property
+    def cmd_filter_rules(self):
+        from .cmd_filter import CommandFilterRule
+        rules = CommandFilterRule.objects.filter(
+            filter__in=self.cmd_filters.all()
+        ).order_by('priority').distinct()
+        return rules
+
+    @classmethod
+    def get_system_user_by_id_or_cached(cls, sid):
+        cached = cache.get(cls.cache_key.format(sid))
+        if cached:
+            return cached
+        try:
+            system_user = cls.objects.get(id=sid)
+            system_user.set_cache()
+            return system_user
+        except cls.DoesNotExist:
+            return None
+
    class Meta:
        ordering = ['name']
+        unique_together = [('name', 'org_id')]
+        verbose_name = _("System user")

    @classmethod
    def generate_fake(cls, count=10):
@@ -254,6 +207,3 @@ class SystemUser(models.Model):
            except IntegrityError:
                print('Error continue')
                continue
-
-
-
--- a/apps/assets/models/utils.py
+++ b/apps/assets/models/utils.py
@@ -2,22 +2,34 @@
 # -*- coding: utf-8 -*-
 #

-from . import IDC, SystemUser, AdminUser, AssetGroup, Asset
+from django.core.exceptions import ValidationError
+from common.utils import validate_ssh_private_key
+

 __all__ = ['init_model', 'generate_fake']


 def init_model():
-    for cls in [IDC, SystemUser, AdminUser, AssetGroup, Asset]:
+    from . import SystemUser, AdminUser, Asset
+    for cls in [SystemUser, AdminUser, Asset]:
        if hasattr(cls, 'initial'):
            cls.initial()


 def generate_fake():
-    for cls in [IDC, SystemUser, AdminUser, AssetGroup, Asset]:
+    from . import SystemUser, AdminUser,  Asset
+    for cls in [SystemUser, AdminUser, Asset]:
        if hasattr(cls, 'generate_fake'):
            cls.generate_fake()


+def private_key_validator(value):
+    if not validate_ssh_private_key(value):
+        raise ValidationError(
+            _('%(value)s is not an even number'),
+            params={'value': value},
+        )
+
+
 if __name__ == '__main__':
    pass
--- a/apps/assets/serializers.py
+++ b/apps/assets/serializers.py
@@ -1,189 +0,0 @@
-# -*- coding: utf-8 -*-
-from django.utils.translation import ugettext_lazy as _
-from django.core.cache import cache
-from rest_framework import viewsets, serializers, generics
-from .models import AssetGroup, Asset, IDC, AdminUser, SystemUser
-from common.mixins import IDInFilterMixin
-from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
-
-
-class AssetGroupSerializer(BulkSerializerMixin, serializers.ModelSerializer):
-    assets_amount = serializers.SerializerMethodField()
-    assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
-
-    class Meta:
-        model = AssetGroup
-        list_serializer_class = BulkListSerializer
-        fields = ['id', 'name', 'comment', 'assets_amount', 'assets']
-
-    @staticmethod
-    def get_assets_amount(obj):
-        return obj.assets.count()
-
-
-class AssetUpdateGroupSerializer(serializers.ModelSerializer):
-    groups = serializers.PrimaryKeyRelatedField(many=True, queryset=AssetGroup.objects.all())
-
-    class Meta:
-        model = Asset
-        fields = ['id', 'groups']
-
-
-class AssetUpdateSystemUserSerializer(serializers.ModelSerializer):
-    system_users = serializers.PrimaryKeyRelatedField(many=True, queryset=SystemUser.objects.all())
-
-    class Meta:
-        model = Asset
-        fields = ['id', 'system_users']
-
-
-class AssetGroupUpdateSerializer(serializers.ModelSerializer):
-    """update the asset group, and add or delete the asset to the group"""
-    assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
-
-    class Meta:
-        model = AssetGroup
-        fields = ['id', 'assets']
-
-
-class AssetGroupUpdateSystemUserSerializer(serializers.ModelSerializer):
-    system_users = serializers.PrimaryKeyRelatedField(many=True, queryset=SystemUser.objects.all())
-
-    class Meta:
-        model = AssetGroup
-        fields = ['id', 'system_users']
-
-
-class IDCUpdateAssetsSerializer(serializers.ModelSerializer):
-    assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
-
-    class Meta:
-        model = IDC
-        fields = ['id', 'assets']
-
-
-class AdminUserSerializer(serializers.ModelSerializer):
-    assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
-
-    class Meta:
-        model = AdminUser
-        fields = '__all__'
-
-    def get_field_names(self, declared_fields, info):
-        fields = super(AdminUserSerializer, self).get_field_names(declared_fields, info)
-        fields.append('assets_amount')
-        return fields
-
-
-class SystemUserSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = SystemUser
-        exclude = ('_password', '_private_key', '_public_key')
-
-    def get_field_names(self, declared_fields, info):
-        fields = super(SystemUserSerializer, self).get_field_names(declared_fields, info)
-        fields.extend(['assets_amount'])
-        return fields
-
-
-class AssetSystemUserSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = SystemUser
-        fields = ('id', 'name', 'username', 'protocol', 'auth_method', 'comment')
-
-
-class SystemUserUpdateAssetsSerializer(serializers.ModelSerializer):
-    assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
-
-    class Meta:
-        model = SystemUser
-        fields = ['id', 'assets']
-
-
-class SystemUserUpdateAssetGroupSerializer(serializers.ModelSerializer):
-    asset_groups = serializers.PrimaryKeyRelatedField(many=True, queryset=AssetGroup.objects.all())
-
-    class Meta:
-        model = SystemUser
-        fields = ['id', 'asset_groups']
-
-
-class SystemUserSimpleSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = SystemUser
-        fields = ('id', 'name', 'username')
-
-
-class AssetSerializer(BulkSerializerMixin, serializers.ModelSerializer):
-    # system_users = SystemUserSerializer(many=True, read_only=True)
-    # admin_user = AdminUserSerializer(many=False, read_only=True)
-    hardware = serializers.SerializerMethodField()
-    is_online = serializers.SerializerMethodField()
-
-    class Meta(object):
-        model = Asset
-        list_serializer_class = BulkListSerializer
-        fields = '__all__'
-
-    @staticmethod
-    def get_hardware(obj):
-        if obj.cpu_count:
-            return '{} Core {} {}'.format(obj.cpu_count*obj.cpu_cores, obj.memory, obj.disk_total)
-        else:
-            return ''
-
-    @staticmethod
-    def get_is_online(obj):
-        hostname = obj.hostname
-        if cache.get(hostname) == '1':
-            return True
-        elif cache.get(hostname) == '0':
-            return False
-        else:
-            return 'Unknown'
-
-    def get_field_names(self, declared_fields, info):
-        fields = super(AssetSerializer, self).get_field_names(declared_fields, info)
-        fields.extend(['get_type_display', 'get_env_display'])
-        return fields
-
-
-class AssetGrantedSerializer(serializers.ModelSerializer):
-    system_users_granted = AssetSystemUserSerializer(many=True, read_only=True)
-    is_inherited = serializers.SerializerMethodField()
-    system_users_join = serializers.SerializerMethodField()
-
-    class Meta(object):
-        model = Asset
-        fields = ("id", "hostname", "ip", "port", "system_users_granted", "is_inherited",
-                  "is_active", "system_users_join", "comment")
-
-    @staticmethod
-    def get_is_inherited(obj):
-        if getattr(obj, 'inherited', ''):
-            return True
-        else:
-            return False
-
-    @staticmethod
-    def get_system_users_join(obj):
-        return ', '.join([system_user.username for system_user in obj.system_users_granted])
-
-
-class IDCSerializer(BulkSerializerMixin, serializers.ModelSerializer):
-    assets_amount = serializers.SerializerMethodField()
-    assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
-
-    class Meta:
-        model = IDC
-        fields = '__all__'
-
-    @staticmethod
-    def get_assets_amount(obj):
-        return obj.assets.count()
-
-    def get_field_names(self, declared_fields, info):
-        fields = super(IDCSerializer, self).get_field_names(declared_fields, info)
-        fields.append('assets_amount')
-        return fields
-
--- a/apps/assets/serializers/init.py
+++ b/apps/assets/serializers/init.py
@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+#
+
+from .asset import *
+from .admin_user import *
+from .label import *
+from .system_user import *
+from .node import *
+from .domain import *
+from .cmd_filter import *
--- a/apps/assets/serializers/admin_user.py
+++ b/apps/assets/serializers/admin_user.py
@@ -0,0 +1,69 @@
+# -*- coding: utf-8 -*-
+#
+from django.core.cache import cache
+from rest_framework import serializers
+
+from ..models import Node, AdminUser
+from ..const import ADMIN_USER_CONN_CACHE_KEY
+
+from .base import AuthSerializer
+
+
+class AdminUserSerializer(serializers.ModelSerializer):
+    """
+    管理用户
+    """
+    assets_amount = serializers.SerializerMethodField()
+    unreachable_amount = serializers.SerializerMethodField()
+    reachable_amount = serializers.SerializerMethodField()
+
+    class Meta:
+        model = AdminUser
+        fields = '__all__'
+
+    def get_field_names(self, declared_fields, info):
+        fields = super().get_field_names(declared_fields, info)
+        return [f for f in fields if not f.startswith('_')]
+
+    @staticmethod
+    def get_unreachable_amount(obj):
+        data = cache.get(ADMIN_USER_CONN_CACHE_KEY.format(obj.name))
+        if data:
+            return len(data.get('dark'))
+        else:
+            return 0
+
+    @staticmethod
+    def get_reachable_amount(obj):
+        data = cache.get(ADMIN_USER_CONN_CACHE_KEY.format(obj.name))
+        if data:
+            return len(data.get('contacted'))
+        else:
+            return 0
+
+    @staticmethod
+    def get_assets_amount(obj):
+        return obj.assets_amount
+
+
+class AdminUserAuthSerializer(AuthSerializer):
+
+    class Meta:
+        model = AdminUser
+        fields = ['password', 'private_key']
+
+
+class ReplaceNodeAdminUserSerializer(serializers.ModelSerializer):
+    """
+    管理用户更新关联到的集群
+    """
+    nodes = serializers.PrimaryKeyRelatedField(
+        many=True, queryset = Node.objects.all()
+    )
+
+    class Meta:
+        model = AdminUser
+        fields = ['id', 'nodes']
+
+
+
--- a/apps/assets/serializers/asset.py
+++ b/apps/assets/serializers/asset.py
@@ -0,0 +1,66 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import serializers
+from rest_framework_bulk.serializers import BulkListSerializer
+
+from common.mixins import BulkSerializerMixin
+from ..models import Asset
+from .system_user import AssetSystemUserSerializer
+
+__all__ = [
+    'AssetSerializer', 'AssetGrantedSerializer', 'MyAssetGrantedSerializer',
+]
+
+
+class AssetSerializer(BulkSerializerMixin, serializers.ModelSerializer):
+    """
+    资产的数据结构
+    """
+    class Meta:
+        model = Asset
+        list_serializer_class = BulkListSerializer
+        fields = '__all__'
+        validators = []
+
+    def get_field_names(self, declared_fields, info):
+        fields = super().get_field_names(declared_fields, info)
+        fields.extend([
+            'hardware_info', 'is_connective', 'org_name'
+        ])
+        return fields
+
+
+class AssetGrantedSerializer(serializers.ModelSerializer):
+    """
+    被授权资产的数据结构
+    """
+    system_users_granted = AssetSystemUserSerializer(many=True, read_only=True)
+    system_users_join = serializers.SerializerMethodField()
+    # nodes = NodeTMPSerializer(many=True, read_only=True)
+
+    class Meta:
+        model = Asset
+        fields = (
+            "id", "hostname", "ip", "port", "system_users_granted",
+            "is_active", "system_users_join", "os", 'domain',
+            "platform", "comment", "protocol", "org_id", "org_name",
+        )
+
+    @staticmethod
+    def get_system_users_join(obj):
+        system_users = [s.username for s in obj.system_users_granted]
+        return ', '.join(system_users)
+
+
+class MyAssetGrantedSerializer(AssetGrantedSerializer):
+    """
+    普通用户获取授权的资产定义的数据结构
+    """
+
+    class Meta:
+        model = Asset
+        fields = (
+            "id", "hostname", "system_users_granted",
+            "is_active", "system_users_join", "org_name",
+            "os", "platform", "comment", "org_id", "protocol"
+        )
--- a/apps/assets/serializers/base.py
+++ b/apps/assets/serializers/base.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+#
+
+from rest_framework import serializers
+from common.utils import ssh_pubkey_gen
+
+
+class AuthSerializer(serializers.ModelSerializer):
+    password = serializers.CharField(required=False, allow_blank=True, allow_null=True, max_length=1024)
+    private_key = serializers.CharField(required=False, allow_blank=True, allow_null=True, max_length=4096)
+
+    def gen_keys(self, private_key=None, password=None):
+        if private_key is None:
+            return None, None
+        public_key = ssh_pubkey_gen(private_key=private_key, password=password)
+        return private_key, public_key
+
+    def save(self, **kwargs):
+        password = self.validated_data.pop('password', None) or None
+        private_key = self.validated_data.pop('private_key', None) or None
+        self.instance = super().save(**kwargs)
+        if password or private_key:
+            private_key, public_key = self.gen_keys(private_key, password)
+            self.instance.set_auth(password=password, private_key=private_key,
+                                   public_key=public_key)
+        return self.instance
--- a/apps/assets/serializers/cmd_filter.py
+++ b/apps/assets/serializers/cmd_filter.py
@@ -0,0 +1,23 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import serializers
+
+from common.fields import ChoiceDisplayField
+from ..models import CommandFilter, CommandFilterRule, SystemUser
+
+
+class CommandFilterSerializer(serializers.ModelSerializer):
+    rules = serializers.PrimaryKeyRelatedField(queryset=CommandFilterRule.objects.all(), many=True)
+    system_users = serializers.PrimaryKeyRelatedField(queryset=SystemUser.objects.all(), many=True)
+
+    class Meta:
+        model = CommandFilter
+        fields = '__all__'
+
+
+class CommandFilterRuleSerializer(serializers.ModelSerializer):
+    serializer_choice_field = ChoiceDisplayField
+
+    class Meta:
+        model = CommandFilterRule
+        fields = '__all__'
--- a/apps/assets/serializers/domain.py
+++ b/apps/assets/serializers/domain.py
@@ -0,0 +1,50 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import serializers
+
+from ..models import Domain, Gateway
+
+
+class DomainSerializer(serializers.ModelSerializer):
+    asset_count = serializers.SerializerMethodField()
+    gateway_count = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Domain
+        fields = '__all__'
+
+    @staticmethod
+    def get_asset_count(obj):
+        return obj.assets.count()
+
+    @staticmethod
+    def get_gateway_count(obj):
+        return obj.gateway_set.all().count()
+
+
+class GatewaySerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Gateway
+        fields = [
+            'id', 'name', 'ip', 'port', 'protocol', 'username',
+            'domain', 'is_active', 'date_created', 'date_updated',
+            'created_by', 'comment',
+        ]
+
+
+class GatewayWithAuthSerializer(GatewaySerializer):
+    def get_field_names(self, declared_fields, info):
+        fields = super().get_field_names(declared_fields, info)
+        fields.extend(
+            ['password', 'private_key']
+        )
+        return fields
+
+
+class DomainWithGatewaySerializer(serializers.ModelSerializer):
+    gateways = GatewayWithAuthSerializer(many=True, read_only=True)
+
+    class Meta:
+        model = Domain
+        fields = '__all__'
--- a/apps/assets/serializers/label.py
+++ b/apps/assets/serializers/label.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import serializers
+from rest_framework_bulk.serializers import BulkListSerializer
+
+from ..models import Label
+
+
+class LabelSerializer(serializers.ModelSerializer):
+    asset_count = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Label
+        fields = '__all__'
+        list_serializer_class = BulkListSerializer
+
+    @staticmethod
+    def get_asset_count(obj):
+        return obj.assets.count()
+
+    def get_field_names(self, declared_fields, info):
+        fields = super().get_field_names(declared_fields, info)
+        fields.extend(['get_category_display'])
+        return fields
+
+
+class LabelDistinctSerializer(serializers.ModelSerializer):
+    value = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Label
+        fields = ("name", "value")
+
+    @staticmethod
+    def get_value(obj):
+        labels = Label.objects.filter(name=obj["name"])
+        return ', '.join([label.value for label in labels])
--- a/apps/assets/serializers/node.py
+++ b/apps/assets/serializers/node.py
@@ -0,0 +1,97 @@
+# -*- coding: utf-8 -*-
+from rest_framework import serializers
+from rest_framework_bulk.serializers import BulkListSerializer
+
+from common.mixins import BulkSerializerMixin
+from ..models import Asset, Node
+from .asset import AssetGrantedSerializer
+
+
+__all__ = [
+    'NodeSerializer', "NodeGrantedSerializer", "NodeAddChildrenSerializer",
+    "NodeAssetsSerializer",
+]
+
+
+class NodeGrantedSerializer(BulkSerializerMixin, serializers.ModelSerializer):
+    """
+    授权资产组
+    """
+    assets_granted = AssetGrantedSerializer(many=True, read_only=True)
+    assets_amount = serializers.SerializerMethodField()
+    parent = serializers.SerializerMethodField()
+    name = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Node
+        fields = [
+            'id', 'key', 'name', 'value', 'parent',
+            'assets_granted', 'assets_amount', 'org_id',
+        ]
+
+    @staticmethod
+    def get_assets_amount(obj):
+        return len(obj.assets_granted)
+
+    @staticmethod
+    def get_name(obj):
+        return obj.name
+
+    @staticmethod
+    def get_parent(obj):
+        return obj.parent.id
+
+
+class NodeSerializer(serializers.ModelSerializer):
+    assets_amount = serializers.SerializerMethodField()
+    tree_id = serializers.SerializerMethodField()
+    tree_parent = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Node
+        fields = [
+            'id', 'key', 'value', 'assets_amount',
+            'is_node', 'org_id', 'tree_id', 'tree_parent',
+        ]
+        list_serializer_class = BulkListSerializer
+
+    def validate(self, data):
+        value = data.get('value')
+        instance = self.instance if self.instance else Node.root()
+        children = instance.parent.get_children().exclude(key=instance.key)
+        values = [child.value for child in children]
+        if value in values:
+            raise serializers.ValidationError(
+                'The same level node name cannot be the same'
+            )
+        return data
+
+    @staticmethod
+    def get_assets_amount(obj):
+        return obj.get_all_assets().count()
+
+    @staticmethod
+    def get_tree_id(obj):
+        return obj.key
+
+    @staticmethod
+    def get_tree_parent(obj):
+        return obj.parent_key
+
+    def get_fields(self):
+        fields = super().get_fields()
+        field = fields["key"]
+        field.required = False
+        return fields
+
+
+class NodeAssetsSerializer(serializers.ModelSerializer):
+    assets = serializers.PrimaryKeyRelatedField(many=True, queryset = Asset.objects.all())
+
+    class Meta:
+        model = Node
+        fields = ['assets']
+
+
+class NodeAddChildrenSerializer(serializers.Serializer):
+    nodes = serializers.ListField()
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -0,0 +1,78 @@
+from rest_framework import serializers
+
+from ..models import SystemUser
+from .base import AuthSerializer
+
+
+class SystemUserSerializer(serializers.ModelSerializer):
+    """
+    系统用户
+    """
+    unreachable_amount = serializers.SerializerMethodField()
+    reachable_amount = serializers.SerializerMethodField()
+    unreachable_assets = serializers.SerializerMethodField()
+    reachable_assets = serializers.SerializerMethodField()
+    assets_amount = serializers.SerializerMethodField()
+
+    class Meta:
+        model = SystemUser
+        exclude = ('_password', '_private_key', '_public_key')
+
+    def get_field_names(self, declared_fields, info):
+        fields = super(SystemUserSerializer, self).get_field_names(declared_fields, info)
+        fields.extend([
+            'get_login_mode_display',
+        ])
+        return fields
+
+    @staticmethod
+    def get_unreachable_assets(obj):
+        return obj.unreachable_assets
+
+    @staticmethod
+    def get_reachable_assets(obj):
+        return obj.reachable_assets
+
+    def get_unreachable_amount(self, obj):
+        return len(self.get_unreachable_assets(obj))
+
+    def get_reachable_amount(self, obj):
+        return len(self.get_reachable_assets(obj))
+
+    @staticmethod
+    def get_assets_amount(obj):
+        return len(obj.get_assets())
+
+
+class SystemUserAuthSerializer(AuthSerializer):
+    """
+    系统用户认证信息
+    """
+
+    class Meta:
+        model = SystemUser
+        fields = [
+            "id", "name", "username", "protocol",
+            "login_mode", "password", "private_key",
+        ]
+
+
+class AssetSystemUserSerializer(serializers.ModelSerializer):
+    """
+    查看授权的资产系统用户的数据结构，这个和AssetSerializer不同，字段少
+    """
+    class Meta:
+        model = SystemUser
+        fields = (
+            'id', 'name', 'username', 'priority',
+            'protocol',  'comment', 'login_mode'
+        )
+
+
+class SystemUserSimpleSerializer(serializers.ModelSerializer):
+    """
+    系统用户最基本信息的数据结构
+    """
+    class Meta:
+        model = SystemUser
+        fields = ('id', 'name', 'username')
--- a/apps/assets/signals.py
+++ b/apps/assets/signals.py
@@ -0,0 +1,5 @@
+# -*- coding: utf-8 -*-
+#
+from django.dispatch import Signal
+
+on_app_ready = Signal()
--- a/apps/assets/signals_handler.py
+++ b/apps/assets/signals_handler.py
@@ -0,0 +1,94 @@
+# -*- coding: utf-8 -*-
+#
+from collections import defaultdict
+from django.db.models.signals import post_save, m2m_changed
+from django.dispatch import receiver
+
+from common.utils import get_logger
+from .models import Asset, SystemUser, Node
+from .tasks import update_assets_hardware_info_util, \
+    test_asset_connectability_util, push_system_user_to_assets
+
+
+logger = get_logger(__file__)
+
+
+def update_asset_hardware_info_on_created(asset):
+    logger.debug("Update asset `{}` hardware info".format(asset))
+    update_assets_hardware_info_util.delay([asset])
+
+
+def test_asset_conn_on_created(asset):
+    logger.debug("Test asset `{}` connectability".format(asset))
+    test_asset_connectability_util.delay([asset])
+
+
+def set_asset_root_node(asset):
+    logger.debug("Set asset default node: {}".format(Node.root()))
+    asset.nodes.add(Node.root())
+
+
+@receiver(post_save, sender=Asset, dispatch_uid="my_unique_identifier")
+def on_asset_created_or_update(sender, instance=None, created=False, **kwargs):
+    if created:
+        logger.info("Asset `{}` create signal received".format(instance))
+        update_asset_hardware_info_on_created(instance)
+        test_asset_conn_on_created(instance)
+
+
+@receiver(post_save, sender=SystemUser, dispatch_uid="my_unique_identifier")
+def on_system_user_update(sender, instance=None, created=True, **kwargs):
+    if instance and not created:
+        logger.info("System user `{}` update signal received".format(instance))
+        assets = instance.assets.all()
+        push_system_user_to_assets.delay(instance, assets)
+
+
+@receiver(m2m_changed, sender=SystemUser.nodes.through)
+def on_system_user_nodes_change(sender, instance=None, **kwargs):
+    if instance and kwargs["action"] == "post_add":
+        assets = set()
+        nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+        for node in nodes:
+            assets.update(set(node.get_all_assets()))
+        instance.assets.add(*tuple(assets))
+
+
+@receiver(m2m_changed, sender=SystemUser.assets.through)
+def on_system_user_assets_change(sender, instance=None, **kwargs):
+    if instance and kwargs["action"] == "post_add":
+        assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+        push_system_user_to_assets(instance, assets)
+
+
+@receiver(m2m_changed, sender=Asset.nodes.through)
+def on_asset_node_changed(sender, instance=None, **kwargs):
+    if isinstance(instance, Asset):
+        if kwargs['action'] == 'post_add':
+            logger.debug("Asset node change signal received")
+            nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+            system_users_assets = defaultdict(set)
+            system_users = SystemUser.objects.filter(nodes__in=nodes)
+            # 清理节点缓存
+            for system_user in system_users:
+                system_users_assets[system_user].update({instance})
+            for system_user, assets in system_users_assets.items():
+                system_user.assets.add(*tuple(assets))
+
+
+@receiver(m2m_changed, sender=Asset.nodes.through)
+def on_node_assets_changed(sender, instance=None, **kwargs):
+    if isinstance(instance, Node):
+        assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+        if kwargs['action'] == 'post_add':
+            logger.debug("Node assets change signal received")
+            # 重新关联系统用户和资产的关系
+            system_users = SystemUser.objects.filter(nodes=instance)
+            for system_user in system_users:
+                system_user.assets.add(*tuple(assets))
+
+
+@receiver(post_save, sender=Node)
+def on_node_update_or_created(sender, instance=None, created=False, **kwargs):
+    if instance and not created:
+        instance.expire_full_value()
--- a/apps/assets/tasks.py
+++ b/apps/assets/tasks.py
@@ -1,80 +1,436 @@
 # ~*~ coding: utf-8 ~*~
-from celery import shared_task
 import json
+import re
+import os

+from celery import shared_task
 from django.core.cache import cache
+from django.utils.translation import ugettext as _

-from ops.tasks import run_AdHoc
-from common.utils import get_object_or_none, capacity_convert, sum_capacity
-from .models import Asset
+from common.utils import get_object_or_none, capacity_convert, \
+    sum_capacity, encrypt_password, get_logger
+from ops.celery.utils import register_as_period_task, after_app_shutdown_clean, \
+    after_app_ready_start
+from ops.celery import app as celery_app
+
+from .models import SystemUser, AdminUser, Asset
+from . import const
+
+
+FORKS = 10
+TIMEOUT = 60
+logger = get_logger(__file__)
+CACHE_MAX_TIME = 60*60*60
+disk_pattern = re.compile(r'^hd|sd|xvd|vd')
+PERIOD_TASK = os.environ.get("PERIOD_TASK", "off")


@shared_task
-def update_assets_hardware_info(assets):
-    task_tuple = (
-        ('setup', ''),
-    )
-    summary, result = run_AdHoc(task_tuple, assets, record=False)
-    for hostname, info in result['contacted'].items():
-        if info:
-            info = info[0]['ansible_facts']
-        else:
+def set_assets_hardware_info(result, **kwargs):
+    """
+    Using ops task run result, to update asset info
+
+    @shared_task must be exit, because we using it as a task callback, is must
+    be a celery task also
+    :param result:
+    :param kwargs: {task_name: ""}
+    :return:
+    """
+    result_raw = result[0]
+    assets_updated = []
+    for hostname, info in result_raw.get('ok', {}).items():
+        info = info.get('setup', {}).get('ansible_facts', {})
+        if not info:
+            logger.error("Get asset info failed: {}".format(hostname))
            continue
-        asset = get_object_or_none(Asset, hostname=hostname)
+
+        asset = Asset.objects.get_object_by_fullname(hostname)
        if not asset:
            continue

-        ___vendor = info['ansible_system_vendor']
-        ___model = info['ansible_product_version']
-        ___sn = info['ansible_product_serial']
+        ___vendor = info.get('ansible_system_vendor', 'Unknown')
+        ___model = info.get('ansible_product_name', 'Unknown')
+        ___sn = info.get('ansible_product_serial', 'Unknown')

-        for ___cpu_model in info['ansible_processor']:
-            if ___cpu_model.endswith('GHz'):
+        for ___cpu_model in info.get('ansible_processor', []):
+            if ___cpu_model.endswith('GHz') or ___cpu_model.startswith("Intel"):
                break
        else:
            ___cpu_model = 'Unknown'
-        ___cpu_count = info['ansible_processor_count']
-        ___cpu_cores = info['ansible_processor_cores']
-        ___memory = '%s %s' % capacity_convert('{} MB'.format(info['ansible_memtotal_mb']))
+        ___cpu_model = ___cpu_model[:64]
+        ___cpu_count = info.get('ansible_processor_count', 0)
+        ___cpu_cores = info.get('ansible_processor_cores', None) or len(info.get('ansible_processor', []))
+        ___cpu_vcpus = info.get('ansible_processor_vcpus', 0)
+        ___memory = '%s %s' % capacity_convert('{} MB'.format(info.get('ansible_memtotal_mb')))
        disk_info = {}
-        for dev, dev_info in info['ansible_devices'].items():
-            if dev_info['removable'] == '0':
+        for dev, dev_info in info.get('ansible_devices', {}).items():
+            if disk_pattern.match(dev) and dev_info['removable'] == '0':
                disk_info[dev] = dev_info['size']
        ___disk_total = '%s %s' % sum_capacity(disk_info.values())
        ___disk_info = json.dumps(disk_info)

-        ___platform = info['ansible_system']
-        ___os = info['ansible_distribution']
-        ___os_version = info['ansible_distribution_version']
-        ___os_arch = info['ansible_architecture']
-        ___hostname_raw = info['ansible_hostname']
+        ___platform = info.get('ansible_system', 'Unknown')
+        ___os = info.get('ansible_distribution', 'Unknown')
+        ___os_version = info.get('ansible_distribution_version', 'Unknown')
+        ___os_arch = info.get('ansible_architecture', 'Unknown')
+        ___hostname_raw = info.get('ansible_hostname', 'Unknown')

        for k, v in locals().items():
            if k.startswith('___'):
                setattr(asset, k.strip('_'), v)
        asset.save()
-    return summary
+        assets_updated.append(asset)
+    return assets_updated


@shared_task
-def update_assets_hardware_period():
-    assets = Asset.objects.filter(type__in=['Server', 'VM'])
-    update_assets_hardware_info(assets)
-
-
-@shared_task
-def test_admin_user_connective_period():
-    assets = Asset.objects.filter(type__in=['Server', 'VM'])
-    task_tuple = (
-        ('ping', ''),
+def update_assets_hardware_info_util(assets, task_name=None):
+    """
+    Using ansible api to update asset hardware info
+    :param assets:  asset seq
+    :param task_name: task_name running
+    :return: result summary ['contacted': {}, 'dark': {}]
+    """
+    from ops.utils import update_or_create_ansible_task
+    if task_name is None:
+        task_name = _("Update some assets hardware info")
+        # task_name = _("更新资产硬件信息")
+    tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
+    hostname_list = [asset.fullname for asset in assets if asset.is_active and asset.is_unixlike()]
+    if not hostname_list:
+        logger.info("Not hosts get, may be asset is not active or not unixlike platform")
+        return {}
+    task, created = update_or_create_ansible_task(
+        task_name, hosts=hostname_list, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
    )
-    summary, _ = run_AdHoc(task_tuple, assets, record=False)
-    for i in summary['success']:
-        cache.set(i, '1', 2*60*60*60)
+    result = task.run()
+    # Todo: may be somewhere using
+    # Manual run callback function
+    set_assets_hardware_info(result)
+    return result

-    for i, msg in summary['failed']:
-        cache.set(i, '0', 60*60*60)
+
+@shared_task
+def update_asset_hardware_info_manual(asset):
+    task_name = _("Update asset hardware info")
+    # task_name = _("更新资产硬件信息")
+    return update_assets_hardware_info_util([asset], task_name=task_name)
+
+
+@celery_app.task
+@register_as_period_task(interval=3600)
+@after_app_ready_start
+@after_app_shutdown_clean
+def update_assets_hardware_info_period():
+    """
+    Update asset hardware period task
+    :return:
+    """
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, update assets hardware info pass")
+        return
+
+    from ops.utils import update_or_create_ansible_task
+    task_name = _("Update assets hardware info period")
+    # task_name = _("定期更新资产硬件信息")
+    hostname_list = [
+        asset.fullname for asset in Asset.objects.all()
+        if asset.is_active and asset.is_unixlike()
+    ]
+    tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
+
+    # Only create, schedule by celery beat
+    update_or_create_ansible_task(
+        task_name, hosts=hostname_list, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
+        interval=60*60*24, is_periodic=True, callback=set_assets_hardware_info.name,
+    )
+
+
+##  ADMIN USER CONNECTIVE  ##
+
+@shared_task
+def set_admin_user_connectability_info(result, **kwargs):
+    admin_user = kwargs.get("admin_user")
+    task_name = kwargs.get("task_name")
+    if admin_user is None and task_name is not None:
+        admin_user = task_name.split(":")[-1]
+
+    raw, summary = result
+    cache_key = const.ADMIN_USER_CONN_CACHE_KEY.format(admin_user)
+    cache.set(cache_key, summary, CACHE_MAX_TIME)
+
+    for i in summary.get('contacted', []):
+        asset_conn_cache_key = const.ASSET_ADMIN_CONN_CACHE_KEY.format(i)
+        cache.set(asset_conn_cache_key, 1, CACHE_MAX_TIME)
+
+    for i, msg in summary.get('dark', {}).items():
+        asset_conn_cache_key = const.ASSET_ADMIN_CONN_CACHE_KEY.format(i)
+        cache.set(asset_conn_cache_key, 0, CACHE_MAX_TIME)
+        logger.error(msg)
+
+
+@shared_task
+def test_admin_user_connectability_util(admin_user, task_name):
+    """
+    Test asset admin user can connect or not. Using ansible api do that
+    :param admin_user:
+    :param task_name:
+    :return:
+    """
+    from ops.utils import update_or_create_ansible_task
+
+    assets = admin_user.get_related_assets()
+    hosts = [asset.fullname for asset in assets
+             if asset.is_active and asset.is_unixlike()]
+    if not hosts:
+        return
+    tasks = const.TEST_ADMIN_USER_CONN_TASKS
+    task, created = update_or_create_ansible_task(
+        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
+    )
+    result = task.run()
+    set_admin_user_connectability_info(result, admin_user=admin_user.name)
+    return result
+
+
+@celery_app.task
+@register_as_period_task(interval=3600)
+@after_app_ready_start
+@after_app_shutdown_clean
+def test_admin_user_connectability_period():
+    """
+    A period task that update the ansible task period
+    """
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, test admin user connectability pass")
+        return
+
+    admin_users = AdminUser.objects.all()
+    for admin_user in admin_users:
+        task_name = _("Test admin user connectability period: {}".format(admin_user.name))
+        # task_name = _("定期测试管理账号可连接性: {}".format(admin_user.name))
+        test_admin_user_connectability_util(admin_user, task_name)
+
+
+@shared_task
+def test_admin_user_connectability_manual(admin_user):
+    task_name = _("Test admin user connectability: {}").format(admin_user.name)
+    # task_name = _("测试管理行号可连接性: {}").format(admin_user.name)
+    return test_admin_user_connectability_util(admin_user, task_name)
+
+
+@shared_task
+def test_asset_connectability_util(assets, task_name=None):
+    from ops.utils import update_or_create_ansible_task
+
+    if task_name is None:
+        task_name = _("Test assets connectability")
+        # task_name = _("测试资产可连接性")
+    hosts = [asset.fullname for asset in assets if asset.is_active and asset.is_unixlike()]
+    if not hosts:
+        logger.info("No hosts, passed")
+        return {}
+    tasks = const.TEST_ADMIN_USER_CONN_TASKS
+    task, created = update_or_create_ansible_task(
+        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
+    )
+    result = task.run()
+    summary = result[1]
+    for k in summary.get('dark'):
+        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 0, CACHE_MAX_TIME)
+
+    for k in summary.get('contacted'):
+        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 1, CACHE_MAX_TIME)
    return summary


+@shared_task
+def test_asset_connectability_manual(asset):
+    summary = test_asset_connectability_util([asset])
+
+    if summary.get('dark'):
+        return False, summary['dark']
+    else:
+        return True, ""
+
+
+##  System user connective ##
+
+@shared_task
+def set_system_user_connectablity_info(result, **kwargs):
+    summary = result[1]
+    task_name = kwargs.get("task_name")
+    system_user = kwargs.get("system_user")
+    if system_user is None:
+        system_user = task_name.split(":")[-1]
+    cache_key = const.SYSTEM_USER_CONN_CACHE_KEY.format(system_user)
+    cache.set(cache_key, summary, CACHE_MAX_TIME)
+
+
+@shared_task
+def test_system_user_connectability_util(system_user, assets, task_name):
+    """
+    Test system cant connect his assets or not.
+    :param system_user:
+    :param assets:
+    :param task_name:
+    :return:
+    """
+    from ops.utils import update_or_create_ansible_task
+    # assets = system_user.get_assets()
+    hosts = [asset.fullname for asset in assets if asset.is_active and asset.is_unixlike()]
+    tasks = const.TEST_SYSTEM_USER_CONN_TASKS
+    if not hosts:
+        logger.info("No hosts, passed")
+        return {}
+    task, created = update_or_create_ansible_task(
+        task_name, hosts=hosts, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS,
+        run_as=system_user.name, created_by="System",
+    )
+    result = task.run()
+    set_system_user_connectablity_info(result, system_user=system_user.name)
+    return result
+
+
+@shared_task
+def test_system_user_connectability_manual(system_user):
+    task_name = _("Test system user connectability: {}").format(system_user)
+    assets = system_user.get_assets()
+    return test_system_user_connectability_util(system_user, assets, task_name)
+
+
+@shared_task
+def test_system_user_connectability_a_asset(system_user, asset):
+    task_name = _("Test system user connectability: {} => {}").format(
+        system_user, asset
+    )
+    return test_system_user_connectability_util(system_user, [asset], task_name)
+
+
+@shared_task
+@register_as_period_task(interval=3600)
+@after_app_ready_start
+@after_app_shutdown_clean
+def test_system_user_connectability_period():
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, test system user connectability pass")
+        return
+
+    system_users = SystemUser.objects.all()
+    for system_user in system_users:
+        task_name = _("Test system user connectability period: {}".format(system_user))
+        # task_name = _("定期测试系统用户可连接性: {}".format(system_user))
+        test_system_user_connectability_util(system_user, task_name)
+
+
+####  Push system user tasks ####
+
+def get_push_system_user_tasks(system_user):
+    # Set root as system user is dangerous
+    if system_user.username == "root":
+        return []
+
+    tasks = []
+    if system_user.password:
+        tasks.append({
+            'name': 'Add user {}'.format(system_user.username),
+            'action': {
+                'module': 'user',
+                'args': 'name={} shell={} state=present password={}'.format(
+                    system_user.username, system_user.shell,
+                    encrypt_password(system_user.password, salt="K3mIlKK"),
+                ),
+            }
+        })
+    if system_user.public_key:
+        tasks.append({
+            'name': 'Set {} authorized key'.format(system_user.username),
+            'action': {
+                'module': 'authorized_key',
+                'args': "user={} state=present key='{}'".format(
+                    system_user.username, system_user.public_key
+                )
+            }
+        })
+    if system_user.sudo:
+        tasks.append({
+            'name': 'Set {} sudo setting'.format(system_user.username),
+            'action': {
+                'module': 'lineinfile',
+                'args': "dest=/etc/sudoers state=present regexp='^{0} ALL=' "
+                        "line='{0} ALL=(ALL) NOPASSWD: {1}' "
+                        "validate='visudo -cf %s'".format(
+                    system_user.username,
+                    system_user.sudo,
+                )
+            }
+        })
+    return tasks
+
+
+@shared_task
+def push_system_user_util(system_users, assets, task_name):
+    from ops.utils import update_or_create_ansible_task
+    tasks = []
+    for system_user in system_users:
+        if not system_user.is_need_push():
+            msg = "push system user `{}` passed, may be not auto push or ssh " \
+                  "protocol is not ssh".format(system_user.name)
+            logger.info(msg)
+            continue
+        tasks.extend(get_push_system_user_tasks(system_user))
+
+    if not tasks:
+        logger.info("Not tasks, passed")
+        return {}
+
+    hosts = [asset.fullname for asset in assets if asset.is_active and asset.is_unixlike()]
+    if not hosts:
+        logger.info("Not hosts, passed")
+        return {}
+    task, created = update_or_create_ansible_task(
+        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System'
+    )
+    return task.run()
+
+
+@shared_task
+def push_system_user_to_assets_manual(system_user):
+    assets = system_user.get_assets()
+    # task_name = "推送系统用户到入资产: {}".format(system_user.name)
+    task_name = _("Push system users to assets: {}").format(system_user.name)
+    return push_system_user_util([system_user], assets, task_name=task_name)
+
+
+@shared_task
+def push_system_user_a_asset_manual(system_user, asset):
+    task_name = _("Push system users to asset: {} => {}").format(
+        system_user.name, asset.fullname
+    )
+    return push_system_user_util([system_user], [asset], task_name=task_name)
+
+
+@shared_task
+def push_system_user_to_assets(system_user, assets):
+    # task_name = _("推送系统用户到入资产: {}").format(system_user.name)
+    task_name = _("Push system users to assets: {}").format(system_user.name)
+    return push_system_user_util.delay([system_user], assets, task_name)
+
+
+# @shared_task
+# @register_as_period_task(interval=3600)
+# @after_app_ready_start
+# # @after_app_shutdown_clean
+# def push_system_user_period():
+#     for system_user in SystemUser.objects.all():
+#         push_system_user_related_nodes(system_user)
+
+
+

--- a/apps/assets/templates/assets/_asset_group_bulk_update_modal.html
+++ b/apps/assets/templates/assets/_asset_group_bulk_update_modal.html
@@ -2,12 +2,11 @@
 {% load i18n %}
 {% block modal_id %}asset_group_bulk_update_modal{% endblock %}
 {% block modal_class %}modal-lg{% endblock %}
-{% block modal_title%}{% trans "Update Asset Group" %}{% endblock %}
+{% block modal_title%}{% trans "Update asset group" %}{% endblock %}
 {% block modal_body %}
 {% load bootstrap3 %}
 <p class="text-success text-center">{% trans "Hint: only change the field you want to update." %}</p>
 <form method="post" class="form-horizontal" action="" id="fm_asset_group_bulk_update">
-
    <div class="form-group">
        <label for="assets" class="col-sm-2 control-label">{% trans 'Assets' %}</label>
        <div class="col-sm-9" id="select2-container">
@@ -32,7 +31,7 @@
    <div class="form-group">
        <div class="col-sm-9 col-lg-9 col-sm-offset-2">
            <div class="checkbox checkbox-success">
-                <input type="checkbox" name="enable_otp" checked id="id_enable_otp"><label for="id_enable_otp">{% trans 'Enable-OTP' %}</label>
+                <input type="checkbox" name="enable_otp" checked id="id_enable_otp"><label for="id_enable_otp">{% trans 'Enable-MFA' %}</label>
            </div>
        </div>
    </div>
--- a/apps/assets/templates/assets/_asset_list_modal.html
+++ b/apps/assets/templates/assets/_asset_list_modal.html
@@ -0,0 +1,131 @@
+{% extends '_modal.html' %}
+{% load i18n %}
+{% load static %}
+
+{% block modal_class %}modal-lg{% endblock %}
+{% block modal_id %}asset_list_modal{% endblock %}
+{% block modal_title%}{% trans "Asset list" %}{% endblock %}
+{% block modal_body %}
+<link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
+<script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
+<script src="{% static 'js/jquery.form.min.js' %}"></script>
+<style>
+.inmodal .modal-header {
+    padding: 10px 10px;
+    text-align: center;
+}
+
+#assetTree2.ztree * {
+    background-color: #f8fafb;
+}
+#assetTree2.ztree {
+    background-color: #f8fafb;
+}
+</style>
+
+<div class="wrapper wrapper-content">
+   <div class="row">
+       <div class="col-lg-3" id="split-left" style="padding-left: 3px">
+           <div class="ibox float-e-margins">
+               <div class="ibox-content mailbox-content" style="padding-top: 0;padding-left: 1px">
+                   <div class="file-manager ">
+                       <div id="assetTree2" class="ztree">
+                       </div>
+                       <div class="clearfix"></div>
+                   </div>
+               </div>
+           </div>
+       </div>
+       <div class="col-lg-9 animated fadeInRight" id="split-right">
+           <div class="mail-box-header">
+               <table class="table table-striped table-bordered table-hover " id="asset_list_modal_table" style="width: 100%">
+                   <thead>
+                       <tr>
+                           <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
+                           <th class="text-center">{% trans 'Hostname' %}</th>
+                           <th class="text-center">{% trans 'IP' %}</th>
+                       </tr>
+                   </thead>
+                   <tbody>
+                   </tbody>
+               </table>
+           </div>
+       </div>
+   </div>
+</div>
+
+<script>
+var zTree2, asset_table2 = 0;
+function initTable2() {
+    var options = {
+        ele: $('#asset_list_modal_table'),
+        ajax_url: '{% url "api-assets:asset-list" %}?show_current_asset=1',
+        columns: [
+            {data: "id"}, {data: "hostname" }, {data: "ip" }
+        ],
+        pageLength: 10
+    };
+    asset_table2 = jumpserver.initServerSideDataTable(options);
+    return asset_table2
+}
+
+function onSelected2(event, treeNode) {
+    var url = asset_table2.ajax.url();
+    url = setUrlParam(url, "node_id", treeNode.node_id);
+    setCookie('node_selected', treeNode.id);
+    asset_table2.ajax.url(url);
+    asset_table2.ajax.reload();
+}
+
+
+function initTree2() {
+    var setting = {
+        view: {
+            dblClickExpand: false,
+            showLine: true
+        },
+        data: {
+            simpleData: {
+                enable: true
+            }
+        },
+        callback: {
+            onSelected: onSelected2
+        }
+    };
+
+    var zNodes = [];
+    $.get("{% url 'api-assets:node-list' %}", function(data, status){
+        $.each(data, function (index, value) {
+            value["node_id"] = value["id"];
+            value["id"] = value["tree_id"];
+            value["pId"] = value["tree_parent"];
+            {#value["open"] = true;#}
+            if (value["key"] === "0") {
+                value["open"] = true;
+            }
+            value["name"] = value["value"] + ' (' + value['assets_amount'] + ')';
+        });
+        zNodes = data;
+        $.fn.zTree.init($("#assetTree2"), setting, zNodes);
+        zTree2 = $.fn.zTree.getZTreeObj("assetTree2");
+        var root = zTree2.getNodes()[0];
+        zTree2.expandNode(root);
+    });
+}
+
+
+$(document).ready(function(){
+    initTable2();
+    initTree2();
+})
+</script>
+{% endblock %}
+
+{% block modal_button %}
+    {{ block.super }}
+{% endblock %}
+{% block modal_confirm_id %}btn_asset_modal_confirm{% endblock %}
+
+
+
--- a/apps/assets/templates/assets/_system_user.html
+++ b/apps/assets/templates/assets/_system_user.html
@@ -3,8 +3,8 @@
 {% load static %}
 {% load bootstrap3 %}
 {% block custom_head_css_js %}
-    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
-    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
 {% endblock %}

 {% block content %}
@@ -13,7 +13,7 @@
            <div class="col-sm-12">
                <div class="ibox float-e-margins">
                    <div class="ibox-title">
-                        <h5>{% trans 'Create system user' %}</h5>
+                        <h5>{{ action }}</h5>
                        <div class="ibox-tools">
                            <a class="collapse-link">
                                <i class="fa fa-chevron-up"></i>
@@ -36,32 +36,36 @@
                            {% endif %}
                            <h3>{% trans 'Basic' %}</h3>
                            {% bootstrap_field form.name layout="horizontal" %}
+                            {% bootstrap_field form.login_mode layout="horizontal" %}
                            {% bootstrap_field form.username layout="horizontal" %}
+                            {% bootstrap_field form.priority layout="horizontal" %}
                            {% bootstrap_field form.protocol layout="horizontal" %}
-                            <h3>{% trans 'Auth' %}</h3>
-                            {% bootstrap_field form.auth_method layout="horizontal" %}
+
+                            <h3 id="auth_title_id">{% trans 'Auth' %}</h3>
                            {% block auth %}
-                            <div class="password-auth hidden">
-                            {% bootstrap_field form.password layout="horizontal" %}
-                            </div>
-                            <div class="public-key-auth">
+                            <div class="auto-generate">
                                <div class="form-group">
                                    <label for="{{ form.auto_generate_key.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto generate key' %}</label>
                                    <div class="col-sm-8">
                                        {{ form.auto_generate_key}}
                                    </div>
                                </div>
-                                <div>
-                                    {% bootstrap_field form.private_key_file layout="horizontal" %}
-                                </div>
                            </div>
-                            {% endblock %}
+                            <div class="auth-fields">
+                                {% bootstrap_field form.password layout="horizontal" %}
+                                {% bootstrap_field form.private_key_file layout="horizontal" %}
+                            </div>
                            <div class="form-group">
-                                <label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
+                                <label for="{{ form.auto_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
                                <div class="col-sm-8">
                                    {{ form.auto_push}}
                                </div>
                            </div>
+                            {% endblock %}
+                            <div id="command-filter-block">
+                                <h3>{% trans 'Command filter' %}</h3>
+                                {% bootstrap_field form.cmd_filters layout="horizontal" %}
+                            </div>
                            <h3>{% trans 'Other' %}</h3>
                            {% bootstrap_field form.sudo layout="horizontal" %}
                            {% bootstrap_field form.shell layout="horizontal" %}
@@ -80,42 +84,87 @@
    </div>
 {% endblock %}
 {% block custom_foot_js %}
-    <script>
-        var auth_method = '#'+'{{ form.auth_method.id_for_label }}';
-        var auto_generate_key = '#'+'{{ form.auto_generate_key.id_for_label }}';
-        function authMethodDisplay() {
-            if ($(auth_method).val() == 'P') {
-                $('.password-auth').removeClass('hidden');
-                $('.public-key-auth').addClass('hidden');
-                $('#'+'{{ form.password.id_for_label }}').attr('required', 'required');
-                $('#'+'{{ form.password.id_for_label }}').removeAttr('disabled');
-                $('#'+'{{ form.private_key_file.id_for_label }}').removeAttr('required');
+<script>
+var protocol_id = '#' + '{{ form.protocol.id_for_label }}';
+var login_mode_id = '#' + '{{ form.login_mode.id_for_label }}';

-            } else if ($(auth_method).val() == 'K') {
-                $('.password-auth').addClass('hidden');
-                $('.public-key-auth').removeClass('hidden');
-                $('#'+'{{ form.password.id_for_label }}').removeAttr('required');
-                $('#'+'{{ form.password.id_for_label }}').attr('disabled', 'disabled');
+var auto_generate_key = '#'+'{{ form.auto_generate_key.id_for_label }}';
+var password_id = '#' + '{{ form.password.id_for_label }}';
+var private_key_id = '#' + '{{ form.private_key_file.id_for_label }}';
+var auto_push_id = '#' + '{{ form.auto_push.id_for_label }}';
+var sudo_id = '#' + '{{ form.sudo.id_for_label }}';
+var shell_id = '#' + '{{ form.shell.id_for_label }}';

-                if ($(auto_generate_key).prop('checked')){
-                    $('#'+'{{ form.private_key_file.id_for_label }}').closest('.form-group').addClass('hidden');
-                } else {
-                    $('#'+'{{ form.private_key_file.id_for_label }}').closest('.form-group').removeClass('hidden');
-                    $('#'+'{{ form.private_key_file.id_for_label }}').closest('.form-group input').attr('required', 'required');
-                }
-            }
+var need_change_field = [
+    auto_generate_key, private_key_id, auto_push_id, sudo_id, shell_id
+];
+var need_change_field_login_mode = [
+    auto_generate_key, private_key_id, auto_push_id, password_id
+];
+
+function protocolChange() {
+    if ($(protocol_id + " option:selected").text() === 'rdp') {
+        $('.auth-fields').removeClass('hidden');
+        $('#command-filter-block').addClass('hidden');
+        $.each(need_change_field, function (index, value) {
+            $(value).closest('.form-group').addClass('hidden')
+        });
+    }
+    else if ($(protocol_id + " option:selected").text() === 'telnet (beta)') {
+        $('.auth-fields').removeClass('hidden');
+        $.each(need_change_field, function (index, value) {
+            $(value).closest('.form-group').addClass('hidden')
+        });
+    }
+    else {
+        if($(login_mode_id).val() === 'manual'){
+            $(sudo_id).closest('.form-group').removeClass('hidden');
+            $(shell_id).closest('.form-group').removeClass('hidden');
+            return
        }
-        $(document).ready(function () {
-            $('.select2').select2();
-            authMethodDisplay();
-            $(auth_method).change(function () {
-                authMethodDisplay();
-            });
-            $(auto_generate_key).change(function () {
-                authMethodDisplay();
-            });
+        authFieldsDisplay();
+        $.each(need_change_field, function (index, value) {
+            $(value).closest('.form-group').removeClass('hidden')
+        });
+    }
+}
+
+function authFieldsDisplay() {
+    if ($(auto_generate_key).prop('checked')) {
+        $('.auth-fields').addClass('hidden');
+    } else {
+        $('.auth-fields').removeClass('hidden');
+    }
+}
+function loginModeChange(){
+    if ($(login_mode_id).val() === 'manual'){
+        $('#auth_title_id').addClass('hidden');
+        $.each(need_change_field_login_mode, function(index, value){
+            $(value).closest('.form-group').addClass('hidden')
        })
+    }
+    else if($(login_mode_id).val() === 'auto'){
+        $('#auth_title_id').removeClass('hidden');
+        $(password_id).closest('.form-group').removeClass('hidden')
+        protocolChange();
+    }
+}

+$(document).ready(function () {
+    $('.select2').select2();
+    authFieldsDisplay();
+    protocolChange();
+    loginModeChange();
+})
+.on('change', protocol_id, function(){
+    protocolChange();
+})
+.on('change', auto_generate_key, function(){
+    authFieldsDisplay();
+})
+.on('change', login_mode_id, function(){
+    loginModeChange();
+})

-    </script>
+</script>
 {% endblock %}
--- a/apps/assets/templates/assets/_user_asset_detail_modal.html
+++ b/apps/assets/templates/assets/_user_asset_detail_modal.html
@@ -0,0 +1,24 @@
+{% extends '_modal.html' %}
+{% load i18n %}
+{% load static %}
+<style>
+    .modal-body {
+        background-color: white !important;
+    }
+</style>
+{% block modal_id %}user_asset_detail_modal{% endblock %}
+
+{% block modal_title %}{% trans "Asset detail" %}{% endblock %}
+
+{% block modal_body %}
+    <div class="ibox-content" style="background-color: inherit">
+        <table class="table">
+            <tbody id="asset_detail_tbody">
+            </tbody>
+        </table>
+    </div>
+{% endblock %}
+
+{% block modal_button %}
+<button data-dismiss="modal" class="btn btn-white" type="button">{% trans "Close" %}</button>
+{% endblock %}
--- a/apps/assets/templates/assets/admin_user_assets.html
+++ b/apps/assets/templates/assets/admin_user_assets.html
@@ -0,0 +1,137 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'assets:admin-user-detail' pk=admin_user.pk %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'assets:admin-user-assets' pk=admin_user.pk %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Assets list' %} </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-8" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span style="float: left">{% trans 'Asset list of ' %} <b>{{ admin_user.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table table-striped table-bordered table-hover" id="asset_list_table">
+                                        <thead>
+                                            <tr>
+                                                <th class="text-center">
+                                                    <input type="checkbox" id="check_all" class="ipt_check_all" >
+                                                </th>
+                                                <th>{% trans 'Hostname' %}</th>
+                                                <th>{% trans 'IP' %}</th>
+                                                <th>{% trans 'Port' %}</th>
+                                                <th>{% trans 'Reachable' %}</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
+                            <div class="panel panel-primary">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Quick update' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                            <td width="50%">{% trans 'Test connective' %}:</td>
+                                            <td>
+                                                <span style="float: right">
+                                                    <button type="button" class="btn btn-primary btn-xs btn-test-connective" style="width: 54px">{% trans 'Test' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+
+function initTable() {
+    var options = {
+		ele: $('#asset_list_table'),
+		buttons: [],
+		order: [],
+		columnDefs: [
+			{targets: 1, createdCell: function (td, cellData, rowData) {
+				var detail_btn = '<a href="{% url "assets:asset-detail" pk=DEFAULT_PK %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
+				$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+			}},
+			{targets: 4, createdCell: function (td, cellData) {
+				if (!cellData) {
+					$(td).html('<i class="fa fa-times text-danger"></i>')
+				} else {
+					$(td).html('<i class="fa fa-check text-navy"></i>')
+				}
+			}}],
+		ajax_url: '{% url "api-assets:asset-list" %}?admin_user_id={{ admin_user.id }}',
+		columns: [
+		    {data: function(){return ""}}, {data: "hostname" }, {data: "ip" },
+            {data: "port" },  {data: "is_connective" }],
+		op_html: $('#actions').html()
+	};
+	jumpserver.initServerSideDataTable(options);
+}
+
+$(document).ready(function () {
+	initTable();
+})
+.on('click', '.btn-test-connective', function () {
+    var the_url = "{% url 'api-assets:admin-user-connective' pk=admin_user.id %}";
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success,
+        flash_message: false
+    });
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/admin_user_create_update.html
+++ b/apps/assets/templates/assets/admin_user_create_update.html
@@ -3,8 +3,8 @@
 {% load static %}
 {% load bootstrap3 %}
 {% block custom_head_css_js %}
-    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
-    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
 {% endblock %}

 {% block content %}
@@ -13,7 +13,7 @@
            <div class="col-sm-12">
                <div class="ibox float-e-margins">
                    <div class="ibox-title">
-                        <h5>{% trans 'Create admin user' %}</h5>
+                        <h5>{{ action }}</h5>
                        <div class="ibox-tools">
                            <a class="collapse-link">
                                <i class="fa fa-chevron-up"></i>
--- a/apps/assets/templates/assets/admin_user_detail.html
+++ b/apps/assets/templates/assets/admin_user_detail.html
@@ -15,20 +15,23 @@
                    <div class="panel-options">
                        <ul class="nav nav-tabs">
                            <li class="active">
-                                <a href="" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                                <a href="{% url 'assets:admin-user-detail' pk=admin_user.pk %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'assets:admin-user-assets' pk=admin_user.pk %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Assets list' %} </a>
                            </li>
                            <li class="pull-right">
-                                <a class="btn btn-outline btn-default" href="{% url 'assets:admin-user-update' pk=admin_user.id %}"><i class="fa fa-edit"></i>Update</a>
+                                <a class="btn btn-outline btn-default" href="{% url 'assets:admin-user-update' pk=admin_user.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
                            </li>
                            <li class="pull-right">
                                <a class="btn btn-outline btn-danger btn-delete-admin-user">
-                                    <i class="fa fa-edit"></i>Delete
+                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
                                </a>
                            </li>
                        </ul>
                    </div>
                    <div class="tab-content">
-                        <div class="col-sm-7" style="padding-left: 0;">
+                        <div class="col-sm-8" style="padding-left: 0;">
                            <div class="ibox float-e-margins">
                                <div class="ibox-title">
                                    <span class="label"><b>{{ admin_user.name }}</b></span>
@@ -73,139 +76,28 @@
                                    </table>
                                </div>
                            </div>
-
-                            <div class="ibox float-e-margins">
-                                <div class="ibox-title">
-                                    <span style="float: left">{% trans 'Asset list of ' %} <b>{{ admin_user.name }}</b> <span class="badge"> {{ paginator.count }}</span></span>
-                                    <div class="ibox-tools">
-                                        <a class="collapse-link">
-                                            <i class="fa fa-chevron-up"></i>
-                                        </a>
-                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                                            <i class="fa fa-wrench"></i>
-                                        </a>
-                                        <ul class="dropdown-menu dropdown-user">
-                                        </ul>
-                                        <a class="close-link">
-                                            <i class="fa fa-times"></i>
-                                        </a>
-                                    </div>
-                                </div>
-                                <div class="ibox-content">
-                                    <table class="table table-hover" id="system_user_assets_table">
-                                        <thead>
-                                            <tr>
-                                                <th>{% trans 'Hostname' %}</th>
-                                                <th>{% trans 'IP' %}</th>
-                                                <th>{% trans 'Port' %}</th>
-                                                <th>{% trans 'Alive' %}</th>
-	                                            <th>{% trans 'Action' %}</th>
-                                            </tr>
-                                        </thead>
-                                        <tbody>
-{#                                            {% for asset in page_obj %}#}
-{#                                            <tr>#}
-{#                                                <td>{{ asset.hostname }}</td>#}
-{#                                                <td>{{ asset.ip }}</td>#}
-{#                                                <td>{{ asset.port }}</td>#}
-{#                                                <td>Alive</td>#}
-{#                                            </tr>#}
-{#                                            {% endfor %}#}
-                                        </tbody>
-                                    </table>
-{#                                    <div class="row">#}
-{#                                        {% include '_pagination.html' %}#}
-{#                                    </div>#}
-                                </div>
-                            </div>
                        </div>
-                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
                            <div class="panel panel-primary">
                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Quick update' %}
+                                    <i class="fa fa-info-circle"></i> {% trans 'Replace node assets admin user with this' %}
                                </div>
                                <div class="panel-body">
-                                    <table class="table">
-                                        <tbody>
-                                        <tr class="no-borders-tr">
-                                            <td width="50%">{% trans 'Get install script' %}:</td>
-                                            <td>
-                                                <span style="float: right">
-                                                    <button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Get' %}</button>
-                                                </span>
-                                            </td>
-                                        </tr>
-
-                                        <tr>
-                                            <td width="50%">{% trans 'Retest asset connectivity' %}:</td>
-                                            <td>
-                                                <span style="float: right">
-                                                    <button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Start' %}</button>
-                                                </span>
-                                            </td>
-                                        </tr>
-
-                                        <tr>
-                                            <td width="50%">{% trans 'Reset private key' %}:</td>
-                                            <td>
-                                                <span style="float: right">
-                                                    <button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Reset' %}</button>
-                                                </span>
-                                            </td>
-                                        </tr>
-                                        </tbody>
-                                    </table>
-                                </div>
-                            </div>
-
-                            <div class="panel panel-info">
-                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Replace asset admin user with this' %}
-                                </div>
-                                <div class="panel-body">
-                                    <table class="table">
+                                    <table class="table group_edit" id="table-clusters">
                                        <tbody>
                                        <form>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <select data-placeholder="{% trans 'Select asset' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for asset in assets_remain %}
-                                                            <option value="{{ asset.id }}">{{ asset.ip }}:{{ asset.port }}</option>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <select data-placeholder="{% trans 'Select nodes' %}"  id="nodes_selected"  class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                        {% for node in nodes %}
+                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node }}</option>
                                                        {% endfor %}
                                                    </select>
                                                </td>
                                            </tr>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <button type="button" class="btn btn-info btn-sm btn-replace-asset-admin_user">{% trans 'Replace' %}</button>
-                                                </td>
-                                            </tr>
-                                        </form>
-                                        </tbody>
-                                    </table>
-                                </div>
-                            </div>
-
-                            <div class="panel panel-warning">
-                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Replace asset admin user with this admin user' %}
-                                </div>
-                                <div class="panel-body">
-                                    <table class="table">
-                                        <tbody>
-                                        <form>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <select data-placeholder="{% trans 'Select asset groups' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for asset_group in asset_groups %}
-                                                            <option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
-                                                        {% endfor %}
-                                                    </select>
-                                                </td>
-                                            </tr>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <button type="button" class="btn btn-warning btn-sm btn-replace-asset_groups-admin_user">{% trans 'Replace' %}</button>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <button type="button" class="btn btn-primary btn-sm" id="btn-change-admin-user">{% trans 'Confirm' %}</button>
                                                </td>
                                            </tr>
                                        </form>
@@ -224,218 +116,56 @@
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-Array.prototype.remove = function(val) {
-	var index = this.indexOf(val);
-		if (index > -1) {
-		this.splice(index, 1);
-	}
-};
-Array.prototype.unique = function(){
-	var res = [];
-	var json = {};
- 	for(var i = 0; i < this.length; i++){
-  		if(!json[this[i]]){
-   			res.push(this[i]);
-   			json[this[i]] = 1;
-  		}
- 	}
- 	return res;
-};
-function objectRemove(obj, name, url, data) {
-    function doRemove() {
-        var body = data;
-        var success = function() {
-            swal('Remove!', "[ "+name+"]"+" has been deleted ", "success");
-            $(obj).parent().parent().remove();
-        };
-        var fail = function() {
-            swal("Failed", "Remove"+"[ "+name+" ]"+"failed", "error");
-        };
-        APIUpdateAttr({
-            url: url,
-            body: JSON.stringify(body),
-            method: 'PATCH',
-            success: success,
-            error: fail
+function replaceNodeAssetsAdminUser(nodes) {
+    var the_url = "{% url 'api-assets:replace-nodes-admin-user' pk=admin_user.id %}";
+    var body = {
+        nodes: nodes
+    };
+    var success = function(data) {
+        // remove all the selected groups from select > option and rendered ul element;
+        $('.select2-selection__rendered').empty();
+        $('#nodes_selected').val('');
+        $.map(jumpserver.nodes_selected, function(value, index) {
+            $('#opt_' + index).remove();
        });
-    }
-    swal({
-        title: 'Are you sure remove ?',
-        text: " [" + name + "] ",
-        type: "warning",
-        showCancelButton: true,
-        cancelButtonText: 'Cancel',
-        confirmButtonColor: "#DD6B55",
-        confirmButtonText: 'Confirm',
-        closeOnConfirm: false
-    }, function () {
-        doRemove()
+        // clear jumpserver.groups_selected
+        jumpserver.nodes_selected = {};
+    };
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(body),
+        success: success
    });
 }
-jumpserver.assets_selected = {};
-jumpserver.asset_groups_selected = {};
+
+jumpserver.nodes_selected = {};
 $(document).ready(function () {
-	$('.select2').select2()
-	.on("select2:select", function (evt) {
-		var data = evt.params.data;
-		jumpserver.assets_selected[data.id] = data.text;
-		jumpserver.asset_groups_selected[data.id] = data.text;
-	})
-	.on('select2:unselect', function(evt) {
-		var data = evt.params.data;
-		delete jumpserver.assets_selected[data.id];
-		delete jumpserver.asset_groups_selected[data.id]
-	});
-	var options = {
-		ele: $('#system_user_assets_table'),
-		buttons: [],
-		order: [],
-		columnDefs: [
-			{targets: 0, createdCell: function (td, cellData, rowData) {
-				var detail_btn = '<a href="{% url "assets:asset-detail" pk=99991937 %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
-				$(td).html(detail_btn.replace('99991937', rowData.id));
-			}},
-			{targets: 3, createdCell: function (td, cellData) {
-				if (!cellData) {
-					$(td).html('<i class="fa fa-times text-danger"></i>')
-				} else {
-					$(td).html('<i class="fa fa-check text-navy"></i>')
-				}
-			}},
-			{targets: 4, createdCell: function (td, cellData, rowData) {
-				var update_btn = '<a href="{% url "assets:asset-update" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', rowData.id);
-				var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_remove" data-aid="99991937">{% trans "Remove" %}</a>'.replace('99991937', rowData.id);
-				$(td).html(update_btn + del_btn)
-			}}
-
-			],
-		ajax_url: '{% url "api-assets:asset-list" %}?admin_user_id={{ admin_user.id }}',
-		columns: [{data: "hostname" }, {data: "ip" }, {data: "port" },
-			{data: "is_active" }, {data: "id"}],
-		op_html: $('#actions').html()
-	};
-	jumpserver.initDataTable(options);
-
-    function adminUserDelete(name, url) {
-        function doDelete() {
-            var body = {};
-            var success = function() {
-                swal('Deleted!', "[ "+name+"]"+" has been deleted ", "success");
-	            window.location.href="{% url 'assets:idc-list' %}";
-            };
-            var fail = function() {
-                swal("Failed", "Delete"+"[ "+name+" ]"+"failed", "error");
-            };
-            APIUpdateAttr({
-                url: url,
-                body: JSON.stringify(body),
-                method: 'DELETE',
-                success: success,
-                error: fail
-            });
-        }
-        swal({
-            title: 'Are you sure delete ?',
-            text: " [" + name + "] ",
-            type: "warning",
-            showCancelButton: true,
-            cancelButtonText: 'Cancel',
-            confirmButtonColor: "#DD6B55",
-            confirmButtonText: 'Confirm',
-            closeOnConfirm: false
-        }, function () {
-            doDelete()
-        });
-    }
+    $('.select2').select2()
+    .on('select2:select', function(evt) {
+        var data = evt.params.data;
+        jumpserver.nodes_selected[data.id] = data.text;
+    }).on('select2:unselect', function(evt) {
+        var data = evt.params.data;
+        delete jumpserver.nodes_selected[data.id]
+    });
 })
-
-.on('click', '.btn-replace-asset-admin_user', function () {
-	if (Object.keys(jumpserver.assets_selected).length === 0) {
-		return false;
-	}
-	jumpserver.asset_groups_selected = {};
-	var $data_table = $("#system_user_assets_table").DataTable();
-	var assets = [];
-	$.map(jumpserver.assets_selected, function(value, index) {
-		assets.push(parseInt(index));
-	});
-	assets.unique();
-	var data = [];
-	var admin_user_id = {{ admin_user.id }};
-	var the_url = '{% url "api-assets:asset-list" %}';
-	for (var i=0; i<assets.length; i++) {
-		data.push({"id": assets[i], "admin_user": admin_user_id});
-	}
-	APIUpdateAttr({
-		url: the_url,
-		body: JSON.stringify(data),
-		method: 'PATCH'
-	});
-	$data_table.ajax.reload();
-})
-
-.on('click', '.btn-replace-asset_groups-admin_user', function () {
-	if (Object.keys(jumpserver.asset_groups_selected).length === 0) {
-		return false;
-	}
-	jumpserver.assets_selected = {};
-	var $data_table = $("#system_user_assets_table").DataTable();
-	var asset_groups = [];
-	var assets = [];
-	var data = [];
-	var the_url = '{% url "api-assets:asset-list" %}';
-	$.map(jumpserver.asset_groups_selected, function(value, index) {
-		asset_groups.push(parseInt(index));
-	});
-	$.ajax({
-		url: '{% url "api-assets:asset-group-list" %}?id__in=['+asset_groups.join(',')+']',
-		method: 'GET',
-		dataType: 'json',
-		success: function (result) {
-			for (var i=0; i<result.length; i++) {
-				for (var j=0; j<result[i]['assets'].length; j++) {
-					assets.push(result[i]['assets'][j])
-				}
-			}
-			for (var z=0; z<assets.length; z++) {
-				data.push({"id":assets[z], "admin_user":{{admin_user.id}} });
-			}
-			APIUpdateAttr({
-				url: the_url,
-				body: JSON.stringify(data),
-				method: 'PATCH'
-			});
-			$data_table.ajax.reload();
-		}
-	});
-})
-	
-.on('click', '.btn_asset_remove', function () {
-	var $this = $(this);
-	var the_url = "{% url 'api-assets:admin-user-detail' pk=admin_user.id %}";
-	var name = $(this).closest("tr").find(":nth-child(1) > a").html();
-	var assets = [];
-	var delete_asset_id = $(this).data('aid');
-	$.ajax({
-		url: the_url,
-		method: 'GET',
-		dataType: 'json',
-		success: function (result) {
-			for (var i=0; i<result['assets'].length; i++) {
-				assets.push(result['assets'][i])
-			}
-			assets.remove(delete_asset_id);
-			var data = {"assets": assets};
-			objectRemove($this, name, the_url, data);
-		}
-	})
-}).on('click', '.btn-delete-admin-user', function () {
+.on('click', '.btn-delete-admin-user', function () {
    var $this = $(this);
    var name = "{{ admin_user.name }}";
    var uid = "{{ admin_user.id }}";
-    var the_url = '{% url "api-assets:admin-user-detail" pk=99991937 %}'.replace('99991937', uid);
+    var the_url = '{% url "api-assets:admin-user-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
    var redirect_url = "{% url 'assets:admin-user-list' %}";
    objectDelete($this, name, the_url, redirect_url);
 })
+.on('click', '#btn-change-admin-user', function () {
+    if (Object.keys(jumpserver.nodes_selected).length === 0) {
+       return false;
+    }
+    var nodes = [];
+    $.map(jumpserver.nodes_selected, function(value, index) {
+        nodes.push(index);
+    });
+    replaceNodeAssetsAdminUser(nodes);
+})
 </script>
 {% endblock %}
--- a/apps/assets/templates/assets/admin_user_list.html
+++ b/apps/assets/templates/assets/admin_user_list.html
@@ -2,8 +2,19 @@
 {% load i18n static %}
 {% block table_search %}
 {% endblock %}
+
+{% block help_message %}
+    <div class="alert alert-info help-message">
+{#    管理用户是资产（被控服务器）上的root，或拥有 NOPASSWD: ALL sudo权限的用户，Jumpserver使用该用户来 `推送系统用户`、`获取资产硬件信息`等。#}
+{#    Windows或其它硬件可以随意设置一个#}
+    {% trans 'Admin users are asset (charged server) on the root, or have NOPASSWD: ALL sudo permissions users, '%}
+    {% trans 'Jumpserver users of the system using the user to `push system user`,  `get assets hardware information`, etc. '%}
+    {% trans 'You can set any one for Windows or other hardware.' %}
+    </div>
+{% endblock %}
+
 {% block table_container %}
-<div class="uc pull-left m-l-5 m-r-5">
+<div class="uc pull-left m-r-5">
    <a href="{% url "assets:admin-user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create admin user" %} </a>
 </div>
 <table class="table table-striped table-bordered table-hover " id="admin_user_list_table" >
@@ -14,7 +25,10 @@
        </th>
        <th class="text-center">{% trans 'Name' %}</th>
        <th class="text-center">{% trans 'Username' %}</th>
-        <th class="text-center">{% trans 'Asset num' %}</th>
+        <th class="text-center">{% trans 'Asset' %}</th>
+        <th class="text-center">{% trans 'Reachable' %}</th>
+        <th class="text-center">{% trans 'Unreachable' %}</th>
+        <th class="text-center">{% trans 'Ratio' %}</th>
        <th class="text-center">{% trans 'Comment' %}</th>
        <th class="text-center">{% trans 'Action' %}</th>
    </tr>
@@ -31,23 +45,53 @@ $(document).ready(function(){
        ele: $('#admin_user_list_table'),
        columnDefs: [
            {targets: 1, createdCell: function (td, cellData, rowData) {
-                var detail_btn = '<a href="{% url "assets:admin-user-detail" pk=99991937 %}">' + cellData + '</a>';
-                $(td).html(detail_btn.replace('99991937', rowData.id));
-             }},
+                var detail_btn = '<a href="{% url "assets:admin-user-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+            }},
            {targets: 4, createdCell: function (td, cellData) {
-                var innerHtml = cellData.length > 8 ? cellData.substring(0, 24) + '...': cellData;
-                $(td).html('<a href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</a>');
-             }},
-            {targets: 5, createdCell: function (td, cellData, rowData) {
-{#                var script_btn = '<a href="{% url "assets:admin-user-update" pk=99991937 %}" class="btn btn-xs btn-primary">{% trans "Script" %}</a>'.replace('99991937', cellData);#}
-                var update_btn = '<a href="{% url "assets:admin-user-update" pk=99991937 %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', cellData);
-                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_admin_user_delete" data-uid="99991937">{% trans "Delete" %}</a>'.replace('99991937', cellData);
-{#                $(td).html(script_btn + update_btn + del_btn)#}
+                var innerHtml = "";
+                if (cellData !== 0) {
+                    innerHtml = "<span class='text-navy'>" + cellData + "</span>";
+                } else {
+                    innerHtml = "<span>" + cellData + "</span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData +'">' + innerHtml + '</span>');
+            }},
+            {targets: 5, createdCell: function (td, cellData) {
+                var innerHtml = "";
+                if (cellData !== 0) {
+                    innerHtml = "<span class='text-danger'>" + cellData + "</span>";
+                } else {
+                    innerHtml = "<span>" + cellData + "</span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
+            }},
+            {targets: 6, createdCell: function (td, cellData, rowData) {
+                var val = 0;
+                var innerHtml = "";
+                var total = rowData.assets_amount;
+                var reachable = rowData.reachable_amount;
+                if (total !== 0) {
+                    val = reachable/total * 100;
+                }
+
+                if (val === 100) {
+                    innerHtml = "<span class='text-navy'>" + val + "% </span>";
+                } else {
+                    var num = new Number(val);
+                    innerHtml = "<span class='text-danger'>" + num.toFixed(1) + "% </span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
+
+            }},
+            {targets: 8, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:admin-user-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_admin_user_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
                $(td).html(update_btn + del_btn)
             }}],
        ajax_url: '{% url "api-assets:admin-user-list" %}',
        columns: [{data: function(){return ""}}, {data: "name" }, {data: "username" }, {data: "assets_amount" },
-                  {data: "comment" }, {data: "id" }],
+                  {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment" }, {data: "id" }]
    };
    jumpserver.initDataTable(options);
 })
@@ -57,7 +101,7 @@ $(document).ready(function(){
 	var $data_table = $("#admin_user_list_table").DataTable();
 	var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
 	var uid = $this.data('uid');
-	var the_url = '{% url "api-assets:admin-user-detail" pk=99991937 %}'.replace('99991937', uid);
+	var the_url = '{% url "api-assets:admin-user-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
 	objectDelete($this, name, the_url);
 	setTimeout( function () {
        $data_table.ajax.reload();
@@ -66,6 +110,3 @@ $(document).ready(function(){
 });
 </script>
 {% endblock %}
-
-
-
--- a/apps/assets/templates/assets/asset_bulk_update.html
+++ b/apps/assets/templates/assets/asset_bulk_update.html
@@ -5,9 +5,9 @@

 {% block form %}
 <div class="ydxbd" id="formlists" style="display: block;">
-    <p id="tags_p" class="mgl-5 c02">选择需要修改属性</p>
+    <p id="tags_p" class="mgl-5 c02">{% trans 'Select properties that need to be modified' %}</p>
    <div class="tagBtnList">
-        <a class="label label-primary" id="change_all" value="1">全选</a>
+        <a class="label label-primary" id="change_all" value="1">{% trans 'Select all' %}</a>
        {% for field in form %}
            {% if field.name != 'assets' %}
             <a data-id="{{ field.id_for_label }}" class="label label-default label-primary field-tag" value="1">{{ field.label }}</a>
--- a/apps/assets/templates/assets/asset_create.html
+++ b/apps/assets/templates/assets/asset_create.html
@@ -2,6 +2,8 @@
 {% load static %}
 {% load bootstrap3 %}
 {% load i18n %}
+{% load asset_tags %}
+{% load common_tags %}

 {% block form %}
    <form action="" method="post" class="form-horizontal">
@@ -14,26 +16,51 @@
    <h3>{% trans 'Basic' %}</h3>
    {% bootstrap_field form.hostname layout="horizontal" %}
    {% bootstrap_field form.ip layout="horizontal" %}
-    {% bootstrap_field form.public_ip layout="horizontal" %}
+    {% bootstrap_field form.protocol layout="horizontal" %}
    {% bootstrap_field form.port layout="horizontal" %}
-    {% bootstrap_field form.type layout="horizontal" %}
-    {% bootstrap_field form.env layout="horizontal" %}
+    {% bootstrap_field form.platform layout="horizontal" %}
+    {% bootstrap_field form.public_ip layout="horizontal" %}
+    {% bootstrap_field form.domain layout="horizontal" %}

    <div class="hr-line-dashed"></div>
-    <h3>{% trans 'Group' %}</h3>
-    {% bootstrap_field form.idc layout="horizontal" %}
-    {% bootstrap_field form.groups layout="horizontal" %}
-
-    <div class="hr-line-dashed"></div>
-    <h3>{% trans 'Asset user' %}</h3>
+    <h3>{% trans 'Auth' %}</h3>
    {% bootstrap_field form.admin_user layout="horizontal" %}

+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Node' %}</h3>
+    {% bootstrap_field form.nodes layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Labels' %}</h3>
+    <div class="form-group {% if form.errors.labels %} has-error {% endif %}">
+        <label for="{{ form.labels.id_for_label }}" class="col-md-2 control-label">{% trans 'Label' %}</label>
+        <div class="col-md-9">
+            <select name="labels" class="select2 labels" data-placeholder="{% trans 'Label' %}" style="width: 100%" multiple="" tabindex="4" id="{{ form.labels.id_for_label }}">
+                {% for name, labels in form.labels.field.queryset|group_labels %}
+                <optgroup label="{{ name }}">
+                    {% for label in labels %}
+                        {% if label in form.labels.initial %}
+                            <option value="{{ label.id }}" selected>{{ label.value }}</option>
+                        {% else %}
+                            <option value="{{ label.id }}">{{ label.value }}</option>
+                        {% endif %}
+                    {% endfor %}
+                </optgroup>
+                {% endfor %}
+            </select>
+            {% if form.errors.labels %}
+                {% for e in form.errors.labels %}
+                    <div class="help-block">{{ e }}</div>
+                {% endfor %}
+            {% endif %}
+        </div>
+    </div>
+
    <div class="hr-line-dashed"></div>
    <h3>{% trans 'Other' %}</h3>
    {% bootstrap_field form.comment layout="horizontal" %}
    {% bootstrap_field form.is_active layout="horizontal" %}

-
    <div class="hr-line-dashed"></div>
    <div class="form-group">
        <div class="col-sm-4 col-sm-offset-2">
@@ -45,14 +72,31 @@
 {% endblock %}

 {% block custom_foot_js %}
-    <script>
-        $(document).ready(function () {
-            $('.select2').select2();
-            $("#id_tags").select2({
-                tags: true,
-                maximumSelectionLength: 8  //最多能够选择的个数
-                //closeOnSelect: false
-            });
-        })
-    </script>
+<script>
+function format(item) {
+   var group = item.element.parentElement.label;
+   return group + ':' + item.text;
+}
+
+$(document).ready(function () {
+    $('.select2').select2({
+        allowClear: true
+    });
+    $(".labels").select2({
+        allowClear: true,
+        templateSelection: format
+    });
+    $("#id_protocol").change(function (){
+        var protocol = $("#id_protocol option:selected").text();
+        var port = 22;
+        if(protocol === 'rdp'){
+            port = 3389;
+        }
+        if(protocol === 'telnet (beta)'){
+            port = 23;
+        }
+        $("#id_port").val(port);
+    });
+})
+</script>
 {% endblock %}
--- a/apps/assets/templates/assets/asset_detail.html
+++ b/apps/assets/templates/assets/asset_detail.html
@@ -21,11 +21,11 @@
                            </li>
                            {% if user.is_superuser %}
                            <li class="pull-right">
-                                <a class="btn btn-outline btn-default" href="{% url 'assets:asset-update' pk=asset.id %}"><i class="fa fa-edit"></i>Update</a>
+                                <a class="btn btn-outline btn-default" href="{% url 'assets:asset-update' pk=asset.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
                            </li>
                            <li class="pull-right">
                                <a class="btn btn-outline btn-danger btn-delete-asset">
-                                    <i class="fa fa-edit"></i>Delete
+                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
                                </a>
                            </li>
                            {% endif %}
@@ -63,7 +63,7 @@
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Public IP' %}:</td>
-                                            <td><b>{{ asset.public_ip }}</b></td>
+                                            <td><b>{{ asset.public_ip|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Port' %}:</td>
@@ -71,79 +71,47 @@
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Admin user' %}:</td>
-                                            {% if asset.admin_user %}
-                                            <td><b>{{ asset.admin_user.name }}</b></td>
-                                            {% else %}
-                                            <td><b>None</b></td>
-                                            {% endif %}
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Remote card IP' %}:</td>
-                                            <td><b>{{ asset.remote_card_ip }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'IDC' %}:</td>
-                                            <td><b>{{ asset.idc.name }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Cabinet number' %}:</td>
-                                            <td><b>{{ asset.cabinet_no }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Cabinet position' %}:</td>
-                                            <td><b>{{ asset.cabinet_pos }}</b></td>
+                                            <td><b>{{ asset.admin_user }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Vendor' %}:</td>
-                                            <td><b>{{ asset.vendor }}</b></td>
+                                            <td><b>{{ asset.vendor|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Model' %}:</td>
-                                            <td><b>{{ asset.model }}</b></td>
+                                            <td><b>{{ asset.model|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'CPU' %}:</td>
-                                            <td><b>{{ asset.cpu_model }} {{ asset.cpu_count }}*{{ asset.cpu_cores }}</b></td>
+                                            <td><b>{{ asset.cpu_model|default:"" }} {{ asset.cpu_count|default:"" }}*{{ asset.cpu_cores|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Memory' %}:</td>
-                                            <td><b>{{ asset.memory }}</b></td>
+                                            <td><b>{{ asset.memory|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Disk' %}:</td>
-                                            <td><b>{{ asset.disk_total }}</b></td>
+                                            <td><b>{{ asset.disk_total|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Platform' %}:</td>
-                                            <td><b>{{ asset.platform }}</b></td>
+                                            <td><b>{{ asset.platform|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'OS' %}:</td>
-                                            <td><b>{{ asset.os }} {{ asset.os_version }} {{ asset.os_arch }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Asset status' %}:</td>
-                                            <td><b>{{ asset.status }}</b></td>
+                                            <td><b>{{ asset.os|default:"" }} {{ asset.os_version|default:"" }} {{ asset.os_arch|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Is active' %}:</td>
-                                            <td><b>{{ asset.is_active }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Asset type' %}:</td>
-                                            <td><b>{{ asset.type }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Asset environment' %}:</td>
-                                            <td><b>{{ asset.env }}</b></td>
+                                            <td><b>{{ asset.is_active|yesno:"Yes,No" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Serial number' %}:</td>
-                                            <td><b>{{ asset.sn }}</b></td>
+                                            <td><b>{{ asset.sn|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Asset number' %}:</td>
-                                            <td><b>{{ asset.number }}</b></td>
+                                            <td><b>{{ asset.number|default:"" }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Created by' %}:</td>
@@ -162,7 +130,7 @@
                                </div>
                            </div>
                        </div>
-                        {% if user.is_superuser %}
+                        {% if user.is_superuser or user.is_org_admin %}
                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
                            <div class="panel panel-primary">
                                <div class="panel-heading">
@@ -173,18 +141,21 @@
                                        <tbody>
                                        <tr class="no-borders-tr">
                                          <td width="50%">{% trans 'Active' %}:</td>
-                                            <td><span class="pull-right">
-                                                <div class="switch">
-                                                    <div class="onoffswitch">
-                                                        <input type="checkbox" {% if asset.is_active %} checked {% endif %}  class="onoffswitch-checkbox" id="is_active">
-                                                        <label class="onoffswitch-label" for="is_active">
-                                                            <span class="onoffswitch-inner"></span>
-                                                            <span class="onoffswitch-switch"></span>
-                                                        </label>
-                                                    </div>
-                                                </div>
-                                            </span></td>
+                                            <td>
+                                              <span class="pull-right">
+                                                  <div class="switch">
+                                                      <div class="onoffswitch">
+                                                          <input type="checkbox" {% if asset.is_active %} checked {% endif %}  class="onoffswitch-checkbox" id="is_active">
+                                                          <label class="onoffswitch-label" for="is_active">
+                                                              <span class="onoffswitch-inner"></span>
+                                                              <span class="onoffswitch-switch"></span>
+                                                          </label>
+                                                      </div>
+                                                  </div>
+                                              </span>
+                                          </td>
                                        </tr>
+                                        {% if asset.is_unixlike %}
                                        <tr>
                                            <td>{% trans 'Refresh hardware' %}:</td>
                                            <td>
@@ -194,13 +165,14 @@
                                            </td>
                                        </tr>
                                        <tr>
-                                            <td>{% trans 'Test admin user' %}:</td>
+                                            <td>{% trans 'Test connective' %}:</td>
                                            <td>
                                                <span class="pull-right">
-                                                    <button type="button" class="btn btn-primary btn-xs" id="btn_test_admin_user" style="width: 54px;">{% trans 'Test' %}</button>
+                                                    <button type="button" class="btn btn-primary btn-xs" id="btn-test-is-alive" style="width: 54px">{% trans 'Test' %}</button>
                                                </span>
                                            </td>
                                        </tr>
+                                        {% endif %}
                                        </tbody>
                                    </table>
                                </div>
@@ -208,7 +180,7 @@

                            <div class="panel panel-info">
                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Asset groups' %}
+                                    <i class="fa fa-info-circle"></i> {% trans 'Nodes' %}
                                </div>
                                <div class="panel-body">
                                    <table class="table group_edit" id="add-asset2group">
@@ -216,25 +188,25 @@
                                        <form>
                                            <tr>
                                                <td colspan="2" class="no-borders">
-                                                    <select data-placeholder="{% trans 'Join asset groups' %}" id="groups_selected" class="select2 groups" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for asset_group in asset_groups_remain %}
-                                                        <option value="{{ asset_group.id }}" id="opt_{{ asset_group.id }}" >{{ asset_group.name }}</option>
+                                                    <select data-placeholder="{% trans 'Nodes' %}" id="groups_selected" class="select2 groups" style="width: 100%" multiple="" tabindex="4">
+                                                        {% for node in nodes_remain %}
+                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node }}</option>
                                                        {% endfor %}
                                                    </select>
                                                </td>
                                            </tr>
                                            <tr>
                                                <td colspan="2" class="no-borders">
-                                                    <button type="button" class="btn btn-info btn-sm" id="btn_add_user_group">{% trans 'Confirm' %}</button>
+                                                    <button type="button" class="btn btn-info btn-sm" id="btn-update-nodes">{% trans 'Confirm' %}</button>
                                                </td>
                                            </tr>
                                        </form>

-                                        {% for asset_group in asset_groups %}
+                                        {% for node in asset.nodes.all %}
                                        <tr>
-                                          <td ><b class="bdg_group" data-gid={{ asset_group.id }}>{{ asset_group.name }}</b></td>
+                                          <td ><b class="bdg_node" data-gid={{ node.id }}>{{ node }}</b></td>
                                          <td>
-                                              <button class="btn btn-danger pull-right btn-xs btn_leave_group" type="button"><i class="fa fa-minus"></i></button>
+                                              <button class="btn btn-danger pull-right btn-xs btn-leave-node" type="button"><i class="fa fa-minus"></i></button>
                                          </td>
                                        </tr>
                                        {% endfor %}
@@ -242,42 +214,20 @@
                                    </table>
                                </div>
                            </div>
+
                            <div class="panel panel-warning">
                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Push system users' %}
+                                    <i class="fa fa-info-circle"></i> {% trans 'Labels' %}
                                </div>
                                <div class="panel-body">
-                                    <table class="table group_edit" id="add-asset2systemuser">
-                                        <tbody>
-                                        <form>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <select data-placeholder="{% trans 'Select system users' %}" class="select2 system-user" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for system_user in system_users_all %}
-                                                            <option value="{{ system_user.id }}" id="opt_{{ system_user.id }}">{{ system_user.name }}</option>
-                                                        {% endfor %}
-                                                    </select>
-                                                </td>
-                                            </tr>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <button type="button" class="btn btn-warning btn-sm btn-system-user">{% trans 'Confirm' %}</button>
-                                                </td>
-                                            </tr>
-                                        </form>
-                                        {% for system_user in system_users %}
-                                        <tr>
-                                            <td ><b class="bdg_group" data-sid={{ system_user.id }}>{{ system_user.name }}</b></td>
-                                            <td>
-                                                <button class="btn btn-danger btn-xs pull-right btn_leave_system" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
-                                            </td>
-                                        </tr>
+                                    <ul class="tag-list" style="padding: 0">
+                                        {% for label in asset.labels.all %}
+                                            <li ><a href=""><i class="fa fa-tag"></i> {{ label.name }}:{{ label.value }}</a></li>
                                        {% endfor %}
-                                        </tbody>
-                                    </table>
+                                    </ul>
                                </div>
                            </div>
-                            {% endif %}
+                        {% endif %}
                        </div>
                    </div>
                </div>
@@ -287,57 +237,28 @@
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-jumpserver.groups_selected = {};
-jumpserver.system_user_selected = {};
-function updateAssetGroups(groups) {
-    var the_url = "{% url 'api-assets:asset-update-group' pk=asset.id %}";
+jumpserver.nodes_selected = {};
+function updateAssetNodes(nodes) {
+    var the_url = "{% url 'api-assets:asset-detail' pk=asset.id %}";
    var body = {
-        groups: Object.assign([], groups)
+        nodes: Object.assign([], nodes)
    };
    var success = function(data) {
        // remove all the selected groups from select > option and rendered ul element;
        $('.select2-selection__rendered').empty();
        $('#groups_selected').val('');
-        $.map(jumpserver.groups_selected, function(group_name, index) {
+        $.map(jumpserver.nodes_selected, function(group_name, index) {
            $('#opt_' + index).remove();
            // change tr html of user groups.
            $('#add-asset2group tbody').append(
                '<tr>' +
-                '<td><b class="bdg_group" data-gid="' + index + '">' + group_name + '</b></td>' +
-                '<td><button class="btn btn-danger btn-xs pull-right btn_leave_group" type="button"><i class="fa fa-minus"></i></button></td>' +
+                '<td><b class="bdg_node" data-gid="' + index + '">' + group_name + '</b></td>' +
+                '<td><button class="btn btn-danger btn-xs pull-right btn-leave-node" type="button"><i class="fa fa-minus"></i></button></td>' +
                '</tr>'
            )
        });
        // clear jumpserver.groups_selected
-        jumpserver.groups_selected = {};
-    };
-    APIUpdateAttr({
-        url: the_url,
-        body: JSON.stringify(body),
-        success: success
-    });
-}
-
-function updateAssetSystemUser(system_users) {
-    var the_url = "{% url 'api-assets:asset-update-system-users' pk=asset.id %}";
-    var body = {
-        system_users: Object.assign([], system_users)
-    };
-    var success = function(data) {
-        $('.select2-selection__rendered').empty();
-        $('#groups_selected').val('');
-        $.map(jumpserver.system_user_selected, function(name, index) {
-            $('#opt_' + index).remove();
-
-            $('#add-asset2systemuser tbody').append(
-                '<tr>' +
-                '<td><b class="bdg_group" data-sid="' + index + '">' + name + '</b></td>' +
-                '<td><button class="btn btn-danger btn-xs pull-right btn_leave_system" type="button"><i class="fa fa-minus"></i></button></td>' +
-                '</tr>'
-            )
-        });
-        // clear jumpserver.groups_selected
-        jumpserver.system_user_selected = {};
+        jumpserver.nodes_selected = {};
    };
    APIUpdateAttr({
        url: the_url,
@@ -348,32 +269,28 @@ function updateAssetSystemUser(system_users) {

 function refreshAssetHardware() {
    var the_url = "{% url 'api-assets:asset-refresh' pk=asset.id %}";
-    var success = function (data) {
-        location.reload();
+    var success = function(data) {
+        console.log(data);
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600')
    };
    APIUpdateAttr({
        url: the_url,
        success: success,
        method: 'GET'
-    })
+    });
 }


 $(document).ready(function () {
    $('.select2.groups').select2().on('select2:select', function(evt) {
        var data = evt.params.data;
-        jumpserver.groups_selected[data.id] = data.text;
+        jumpserver.nodes_selected[data.id] = data.text;
    }).on('select2:unselect', function(evt) {
        var data = evt.params.data;
-        delete jumpserver.groups_selected[data.id]
+        delete jumpserver.nodes_selected[data.id]
    });
-    $('.select2.system-user').select2().on('select2:select', function(evt) {
-        var data = evt.params.data;
-        jumpserver.system_user_selected[data.id] = data.text;
-    }).on('select2:unselect', function(evt) {
-        var data = evt.params.data;
-        delete jumpserver.system_user_selected[data.id]
-    })
 }).on('click', '#is_active', function () {
    var the_url = '{% url "api-assets:asset-detail" pk=asset.id %}';
    var checked = $(this).prop('checked');
@@ -387,85 +304,61 @@ $(document).ready(function () {
        body: JSON.stringify(body),
        success_message: success
    });
-    if (status == "False") {
-            $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('True');
+    if (status === "False") {
+        $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('True');
    }else{
-            $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('False');
+        $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('False');
    }
-}).on('click', '#btn_add_user_group', function () {
-    if (Object.keys(jumpserver.groups_selected).length === 0) {
+}).on('click', '#btn-update-nodes', function () {
+    if (Object.keys(jumpserver.nodes_selected).length === 0) {
       return false;
    }
-    var groups = $('.bdg_group').map(function() {
+    var nodes = $('.bdg_node').map(function() {
        return $(this).data('gid');
    }).get();
-    $.map(jumpserver.groups_selected, function(value, index) {
-        groups.push(parseInt(index));
+    $.map(jumpserver.nodes_selected, function(value, index) {
+        nodes.push(index);
        $('#opt_' + index).remove();
    });
-    updateAssetGroups(groups)
-}).on('click', '.btn_leave_group', function() {
+    updateAssetNodes(nodes)
+}).on('click', '.btn-leave-node', function() {
    var $this = $(this);
    var $tr = $this.closest('tr');
-    var $badge = $tr.find('.bdg_group');
+    var $badge = $tr.find('.bdg_node');
    var gid = $badge.data('gid');
    var group_name = $badge.html() || $badge.text();
    $('#groups_selected').append(
        '<option value="' + gid + '" id="opt_' + gid + '">' + group_name + '</option>'
    );
    $tr.remove();
-    var groups = $('.bdg_group').map(function () {
+    var groups = $('.bdg_node').map(function () {
        return $(this).data('gid');
    }).get();
-    updateAssetGroups(groups)
-}).on('click', '.btn-system-user', function () {
-    if (Object.keys(jumpserver.system_user_selected).length === 0) {
-        return false;
-    }
-    var system_users = $('.bdg_group').map(function() {
-            return $(this).data('sid');
-    }).get();
-    $.map(jumpserver.system_user_selected, function(value, index) {
-        system_users.push(parseInt(index));
-        $('#opt_' + index).remove();
-    });
-    updateAssetSystemUser(system_users)
-
-}).on('click', '.btn_leave_system', function () {
-    var $this = $(this);
-    var $tr = $this.closest('tr');
-    var $badge = $tr.find('.bdg_group');
-    var sid = $badge.data('sid');
-    var name = $badge.html() || $badge.text();
-    $('#groups_selected').append(
-        '<option value="' + sid + '" id="opt_' + sid + '">' + name + '</option>'
-    );
-    $tr.remove();
-    var system_users = $('.bdg_group').map(function () {
-            return $(this).data('sid');
-        }).get();
-    updateAssetSystemUser(system_users)
-
+    updateAssetNodes(groups)
 }).on('click', '.btn-delete-asset', function () {
    var $this = $(this);
    var name = "{{ asset.hostname }}";
    var uid = "{{ asset.id }}";
-    var the_url = '{% url "api-assets:asset-detail" pk=99991937 %}'.replace('99991937', uid);
+    var the_url = '{% url "api-assets:asset-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
    var redirect_url = "{% url 'assets:asset-list' %}";
    objectDelete($this, name, the_url, redirect_url);
 }).on('click', '#btn_refresh_asset', function () {
-    alert('请等待几秒, 等待完成');
    refreshAssetHardware()
-}).on('click', '#btn_test_admin_user', function () {
-    $.ajax({
-        url: '{% url "api-assets:asset-admin-user-test" pk=asset.id %}'
-    }).done(function (data, textStatue, jqXHR) {
-        toastr.success('Success')
-    }).fail(function (data, textStaue, errorThrown) {
-        toastr.error('Error')
-    })
-})
+}).on('click', '#btn-test-is-alive', function () {
+    var the_url = "{% url 'api-assets:asset-alive-test' pk=asset.id %}";

+    var success = function(data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600')
+    };
+
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success
+    });
+})

 </script>
 {% endblock %}
--- a/apps/assets/templates/assets/asset_group_create.html
+++ b/apps/assets/templates/assets/asset_group_create.html
@@ -1,121 +0,0 @@
-{% extends 'base.html' %}
-{% load i18n %}
-{% load static %}
-{% load bootstrap3 %}
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
-{% block content %}
-<div class="wrapper wrapper-content animated fadeInRight">
-    <div class="row">
-        <div class="col-sm-10">
-            <div class="ibox float-e-margins">
-                <div id="ibox-content" class="ibox-title">
-                    <h5> {{ action }}</h5>
-                    <div class="ibox-tools">
-                        <a class="collapse-link">
-                            <i class="fa fa-chevron-up"></i>
-                        </a>
-                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                            <i class="fa fa-wrench"></i>
-                        </a>
-                        <a class="close-link">
-                            <i class="fa fa-times"></i>
-                        </a>
-                    </div>
-                </div>
-
-                <div class="ibox-content">
-                    <div class="panel blank-panel">
-                        <div class="panel-body">
-                            <div class="tab-content">
-                                <div id="tab-1" class="ibox float-e-margins tab-pane active"></div>
-                                    <form id="groupForm" method="post" class="form-horizontal">
-                                        {% csrf_token %}
-                                        <h3 class="widget-head-color-box">资产组信息</h3>
-                                        {% bootstrap_field form.name layout="horizontal" %}
-                                        {% bootstrap_field form.comment layout="horizontal" %}
-                                        <div class="hr-line-dashed"></div>
-                                        <h3 class="widget-head-color-box">用户选择的资产</h3>
-                                            <div class="form-group">
-                                                <label class="col-sm-2 control-label" id="asset_on_count">已选（{{ assets_count }}）</label>
-                                                <div class="col-sm-9" id="asset_sed">
-                                                    <div class="form-asset-on" id="add_asset">
-                                                        <p id="asset_on_p">
-                                                            {% for asset in assets_on_list %}
-                                                            <button name='asset_hostname' title='{{ asset.ip }}' type='button' class='btn btn-default btn-xs'>{{ asset.hostname }}</button>
-                                                           {% endfor %}
-                                                        </p>
-                                                    </div>
-                                                </div>
-                                            </div>
-                                        <div class="hr-line-dashed"></div>
-                                        <div class="form-group">
-                                            <div class="col-sm-4 col-sm-offset-5">
-                                                <button class="btn btn-white" type="reset"> 重置 </button>
-                                                <button class="btn btn-primary" type="submit"> 提交 </button>
-                                                <div id='box2'> </div>
-                                            </div>
-                                        </div>
-                                    </form>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-</div>
-
-<!-- 模态框（Modal） -->
-<div class="modal fade" id="modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
-   <div class="modal-dialog modal-lg">
-      <div class="modal-content" id="box">
-        <!--此部分为主体内容，将远程加载进来-->
-      </div>
-   </div>
-</div>
-
-{% endblock %}
-
-{% block custom_foot_js %}
-<script type="text/javascript">
-    $(document).ready(function () {
-        $('.select2').select2();
-        $('.select2-system-user').select2();
-    });
-
-    $('#add_asset').on('click',function(){
-        $('#modal').modal('show');
-    });
-
-    $('#modal').modal({
-        show: false,
-        backdrop: 'static',
-        keyboard: 'false',
-        remote:"{% url 'assets:asset-modal-list' %}?group_id={{ group_id }}"
-    });
-    $('#modal').on('show.bs.modal',function(){
-        //alert('当调用show方法时，立即触发；')
-    });
-
-    $('#modal').on('shown.bs.modal',function(){
-        //alert('当弹窗完全加载完后，再触发；')
-    });
-
-    $('#modal').on('hide.bs.modal',function(){
-        //alert('当关闭时，立即触发；')
-    });
-
-    $('#modal').on('hidden.bs.modal',function(){
-        //alert('当关完全关闭后，再触发；')
-    });
-
-    $('#modal').on('loaded.bs.modal',function(){
-        //alert('当远程数据加载完毕后，再触发；')
-    });
-
-</script>
-{% endblock %}
--- a/apps/assets/templates/assets/asset_group_detail.html
+++ b/apps/assets/templates/assets/asset_group_detail.html
@@ -1,271 +0,0 @@
-{% extends 'base.html' %}
-{% load static %}
-{% load i18n %}
-
-{% block custom_head_css_js %}
-    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
-    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
-{% endblock %}
-{% block content %}
-    <div class="wrapper wrapper-content animated fadeInRight">
-        <div class="row">
-            <div class="col-sm-12">
-                <div class="ibox float-e-margins">
-                    <div class="panel-options">
-                        <ul class="nav nav-tabs">
-                            <li class="active"><a href="" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a></li>
-                            <li class="pull-right">
-                                <a class="btn btn-outline btn-default" href="{% url 'assets:asset-group-update' pk=asset_group.id %}"><i class="fa fa-edit"></i>Update</a>
-                            </li>
-                        </ul>
-                    </div>
-                    <div class="tab-content">
-                        <div class="col-sm-7" style="padding-left: 0">
-                            <div class="ibox float-e-margins">
-                                <div class="ibox-title">
-                                    <span style="float: left"></span>{% trans 'Asset list of ' %} <b>{{ asset_group.name }}</b></span>
-                                    <div class="ibox-tools">
-                                        <a class="collapse-link">
-                                            <i class="fa fa-chevron-up"></i>
-                                        </a>
-                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                                            <i class="fa fa-wrench"></i>
-                                        </a>
-                                        <ul class="dropdown-menu dropdown-user">
-                                        </ul>
-                                        <a class="close-link">
-                                            <i class="fa fa-times"></i>
-                                        </a>
-                                    </div>
-                                </div>
-                                <div class="ibox-content">
-                                    <table class="table table-hover " id="asset_list_table" >
-                                        <thead>
-                                            <tr>
-                                                <th>{% trans 'Hostname' %}</th>
-                                                <th>{% trans 'IP' %}</th>
-                                                <th>{% trans 'Port' %}</th>
-	                                              <th>{% trans 'Type' %}</th>
-                                                <th>{% trans 'Alive' %}</th>
-	                                              <th>{% trans 'Action' %}</th>
-                                            </tr>
-                                        </thead>
-                                        <tbody>
-                                        </tbody>
-                                    </table>
-                                </div>
-                            </div>
-                        </div>
-
-                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
-                            <div class="panel panel-primary">
-                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Push system users' %}
-                                </div>
-                                <div class="panel-body">
-                                    <table class="table">
-                                        <tbody>
-                                        <form>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <select data-placeholder="{% trans 'Select system users' %}" class="select2 system-user-select" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for system_user in system_users %}
-                                                            <option value="{{ system_user.id }}"> {{ system_user.name }} </option>
-                                                        {% endfor %}
-                                                    </select>
-                                                </td>
-                                            </tr>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <button type="button" class="btn btn-primary btn-sm btn-push-system-user">{% trans 'Push' %}</button>
-                                                </td>
-                                            </tr>
-                                        </form>
-                                        </tbody>
-                                    </table>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-{#    </div>#}
-
-{% endblock %}
-{% block custom_foot_js %}
-<script>
-  jumpserver.assets_selected = {};
-  function updateGroupAssets(assets) {
-    var the_url = "{}";
-    var body = {
-      assets: Object.assign([], assets)
-    };
-    var $data_table = $("#asset_list_table").DataTable();
-    var success = function(data) {
-      $('.select2-selection__rendered').empty();
-      $.map(jumpserver.assets_selected, function(asset_ip, index) {
-        $('#opt_' + index).remove();
-        $data_table.ajax.reload();
-      });
-      jumpserver.groups_selected = {};
-    };
-    APIUpdateAttr({
-      url: the_url,
-      body: JSON.stringify(body),
-      method: 'PUT',
-      success: success
-    });
-  }
-
-function leaveGroup(obj, name, url, data) {
-    function doDelete() {
-        var body = data;
-        var success = function() {
-            swal('Deleted!', "[ "+name+"]"+" has been deleted ", "success");
-            $(obj).parent().parent().remove();
-        };
-        var fail = function() {
-            swal("Failed", "Delete"+"[ "+name+" ]"+"failed", "error");
-        };
-        APIUpdateAttr({
-            url: url,
-            body: JSON.stringify(body),
-            method: 'PATCH',
-            success: success,
-            error: fail
-        });
-    }
-    swal({
-        title: 'Are you sure delete ?',
-        text: " [" + name + "] ",
-        type: "warning",
-        showCancelButton: true,
-        cancelButtonText: 'Cancel',
-        confirmButtonColor: "#DD6B55",
-        confirmButtonText: 'Confirm',
-        closeOnConfirm: false
-    }, function () {
-        doDelete()
-    });
-}
-
-function pushSystemUser(sysUserID) {
-	var the_url = "{% url 'api-assets:asset-group-push-system-user' pk=asset_group.id %}";
-    var body = {
-        system_user: sysUserID
-    };
-    var success = function(data) {
-        var url = "{% url 'ops:task-detail' pk=234234234 %}".replace("234234234", data);
-        setTimeout(function () {
-          location.href = url
-        }, 1000);
-    };
-    APIUpdateAttr({
-        url: the_url,
-        method: 'PATCH',
-        body: JSON.stringify(body),
-        success: success
-    });
-}
-
-Array.prototype.remove = function(val) {
-	var index = this.indexOf(val);
-		if (index > -1) {
-		this.splice(index, 1);
-	}
-};
-
-Array.prototype.unique = function(){
-	var res = [];
-	var json = {};
- 	for(var i = 0; i < this.length; i++){
-  		if(!json[this[i]]){
-   			res.push(this[i]);
-   			json[this[i]] = 1;
-  		}
- 	}
- 	return res;
-};
-
-$(document).ready(function () {
-	$('.select2').select2();
-
-  $('.select2.asset-select').select2()
-    .on('select2:select', function(evt) {
-      var data = evt.params.data;
-      jumpserver.assets_selected[data.id] = data.text;
-      console.log(jumpserver.assets_selected)
-    })
-    .on('select2:unselect', function(evt) {
-      var data = evt.params.data;
-      delete jumpserver.assets_selected[data.id]
-    });
-
-	var options = {
-		ele: $('#asset_list_table'),
-		buttons: [],
-		order: [],
-		columnDefs: [
-			{targets: 0, createdCell: function (td, cellData, rowData) {
-				var detail_btn = '<a href="{% url "assets:asset-detail" pk=99991937 %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
-				$(td).html(detail_btn.replace('99991937', rowData.id));
-			}},
-			{targets: 4, createdCell: function (td, cellData) {
-				if (!cellData) {
-					$(td).html('<i class="fa fa-times text-danger"></i>')
-				} else {
-					$(td).html('<i class="fa fa-check text-navy"></i>')
-				}
-			}},
-			{targets: 5, createdCell: function (td, cellData, rowData) {
-				var update_btn = '<a href="{% url "assets:asset-update" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', rowData.id);
-				var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_delete" data-aid="99991937">{% trans "Remove" %}</a>'.replace('99991937', rowData.id);
-				$(td).html(update_btn + del_btn)
-			}}
-		],
-		ajax_url: '{% url "api-assets:asset-list" %}?asset_group_id={{ asset_group.id }}',
-		columns: [{data: "hostname" }, {data: "ip" }, {data: "port" },
-			{data: "type" }, {data: "is_active" }, {data: "id"}],
-		op_html: $('#actions').html()
-	};
-	jumpserver.initDataTable(options);
-})
-
-.on('click', ".btn-asset-group-add-asset", function () {
-  if (Object.keys(jumpserver.assets_selected).length === 0) {
-    return false;
-  }
-
-  updateGroupAssets(jumpserver.assets_selected);
-
-})
-
-.on('click', '.btn-push-system-user', function () {
-    var data = $('.system-user-select').select2();
-    var system_id = data.val()[0];
-    if (!system_id) {
-        return false
-    }
-    pushSystemUser(system_id)
-})
-
-.on('click', '.btn_asset_delete', function () {
-	var $this = $(this);
-	var the_url = "{% url 'api-assets:asset-groups-update' pk=asset_group.id %}";
-	var name = $(this).closest("tr").find(":nth-child(1) > a").html();
-	var assets = [];
-	$('#asset_list_table > tbody > tr').map(function () {
-		assets.push(parseInt($(this).closest("tr").find(":nth-child(1) > a").attr("data-aid")))
-	});
-	var delete_asset_id = $(this).data('aid');
-	assets.remove(delete_asset_id);
-	var data = {"assets": assets};
-	leaveGroup($this, name, the_url, data);
-})
-
-
-
-</script>
-{% endblock %}
--- a/apps/assets/templates/assets/asset_group_list.html
+++ b/apps/assets/templates/assets/asset_group_list.html
@@ -1,183 +0,0 @@
-{% extends '_base_list.html' %}
-{% load i18n static %}
-{% block table_search %}
-{% endblock %}
-{% block table_container %}
-<div class="uc pull-left m-l-5 m-r-5">
-    <a href="{% url "assets:asset-group-create" %}" class="btn btn-sm btn-primary"> {% trans "Create asset group" %} </a>
-</div>
-<table class="table table-striped table-bordered table-hover " id="asset_groups_list_table" >
-    <thead>
-    <tr>
-        <th class="text-center">
-            <input type="checkbox" id="check_all" class="ipt_check_all" >
-        </th>
-        <th class="text-center">{% trans 'Name' %}</th>
-        <th class="text-center">{% trans 'Asset' %}</th>
-        <th class="text-center">{% trans 'Comment' %}</th>
-        <th class="text-center">{% trans 'Action' %}</th>
-    </tr>
-    </thead>
-    <tbody>
-    </tbody>
-</table>
-<div id="actions" class="hide">
-    <div class="input-group">
-        <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
-            <option value="delete">{% trans 'Delete selected' %}</option>
-            <option value="update">{% trans 'Update selected' %}</option>
-        </select>
-        <div class="input-group-btn pull-left" style="padding-left: 5px;">
-            <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
-             {% trans 'Submit' %}
-            </button>
-        </div>
-    </div>
-</div>
-{% include 'assets/_asset_group_bulk_update_modal.html' %}
-{% endblock %}
-{% block content_bottom_left %}{% endblock %}
-{% block custom_foot_js %}
-<script>
-$(document).ready(function(){
-    var options = {
-        ele: $('#asset_groups_list_table'),
-        columnDefs: [
-            {targets: 1, createdCell: function (td, cellData, rowData) {
-                var detail_btn = '<a href="{% url "assets:asset-group-detail" pk=99991937 %}">' + cellData + '</a>';
-                $(td).html(detail_btn.replace('99991937', rowData.id));
-             }},
-            {targets: 3, createdCell: function (td, cellData) {
-                var innerHtml = cellData.length > 30 ? cellData.substring(0, 30) + '...': cellData;
-                $(td).html('<a href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</a>');
-             }},
-            {targets: 4, createdCell: function (td, cellData, rowData) {
-                var update_btn = '<a href="{% url "assets:asset-group-update" pk=99991937 %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', cellData);
-                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_group_delete" data-uid="99991937">{% trans "Delete" %}</a>'.replace('99991937', cellData);
-                $(td).html(update_btn + del_btn)
-             }}],
-        ajax_url: '{% url "api-assets:asset-group-list" %}',
-        columns: [{data: "id"}, {data: "name" }, {data: "assets_amount" }, {data: "comment" }, {data: "id"}],
-	    op_html: $('#actions').html()
-    };
-    jumpserver.initDataTable(options);
-})
-
-.on('click', '.btn_asset_group_delete', function () {
-	var $this = $(this);
-	var $data_table = $('#asset_groups_list_table').DataTable();
-	var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
-	var uid = $this.data('uid');
-	var the_url = '{% url "api-assets:asset-group-detail" pk=99991937 %}'.replace('99991937', uid);
-	objectDelete($this, name, the_url);
-	setTimeout( function () {
-        $data_table.ajax.reload();
-    }, 3000);
-})
-
-.on('click', '#btn_bulk_update', function () {
-	var action = $('#slct_bulk_update').val();
-	var $data_table = $('#asset_groups_list_table').DataTable();
-	var id_list = [];
-    var plain_id_list = [];
-    $data_table.rows({selected: true}).every(function(){
-        id_list.push({id: this.data().id});
-        plain_id_list.push(this.data().id);
-    });
-    if (id_list === []) {
-        return false;
-    }
-    var the_url = '{% url "api-assets:asset-group-list" %}';
-    console.log(plain_id_list);
-    console.log(the_url);
-    function doDelete() {
-        swal({
-            title: "{% trans 'Are you sure?' %}",
-            text: "{% trans 'This will delete the selected groups !!!' %}",
-            type: "warning",
-            showCancelButton: true,
-            confirmButtonColor: "#DD6B55",
-            confirmButtonText: "{% trans 'Confirm' %}",
-            closeOnConfirm: false
-        }, function() {
-            var success = function() {
-                var msg = "{% trans 'Group deleted' %}";
-                swal("{% trans 'Group Delete' %}", msg, "success");
-                $('#asset_groups_list_table').DataTable().ajax.reload();
-            };
-            var fail = function() {
-                var msg = "{% trans 'Group deleting failed.' %}";
-                swal("{% trans 'Group Delete' %}", msg, "error");
-            };
-            var url_delete = the_url + '?id__in=' + JSON.stringify(plain_id_list);
-            APIUpdateAttr({url: url_delete, method: 'DELETE', success: success, error: fail});
-            $data_table.ajax.reload();
-            jumpserver.checked = false;
-        });
-    }
-	function doUpdate() {
-		$('#asset_group_bulk_update_modal').modal('show');
-	}
-    switch(action) {
-        case 'delete':
-            doDelete();
-            break;
-        case 'update':
-            doUpdate();
-            break;
-        default:
-            break;
-    }
-})
-
-.on('click', '#btn_asset_group_bulk_update', function () {
-	var json_data = $("#fm_asset_group_bulk_update").serializeObject();
-	var body = {};
-    body.enable_otp = (json_data.enable_otp === 'on')? true: false;
-    if (json_data.type != '') {
-        body.type = json_data.type;
-    }
-
-    if (json_data.assets != undefined) {
-        body.assets = json_data.assets;
-    }
-    if (typeof body.assets === 'string') {
-        body.assets = [parseInt(body.assets)]
-    } else if(typeof body.assets === 'array') {
-        var new_assets = body.assets.map(Number);
-        body.assets = new_assets;
-    }
-
-	if (json_data.system_users != undefined) {
-    	body.system_users = json_data.system_users;
-	}
-	if (typeof body.system_users === 'string') {
-    	body.system_users = [parseInt(body.system_users)];
-	} else if (typeof body.system_users === 'array') {
-    	var new_system_users = body.system_users.map(Number);
-    	body.system_users = new_system_users;
-	}
-
-	var post_list = [];
-    var $data_table = $('#asset_groups_list_table').DataTable()
-    $data_table.rows({selected: true}).every(function(){
-        var content = Object.assign({id: this.data().id}, body);
-        post_list.push(content);
-    });
-    if (post_list === []) {
-        return false
-    }
-    var the_url = '{% url "api-assets:asset-group-list" %}';
-    var success = function() {
-        var msg = "{% trans 'The selected asset groups has been updated successfully.' %}";
-        swal("{% trans 'AssetGroup Updated' %}", msg, "success");
-        $('#asset_groups_list_table').DataTable().ajax.reload();
-        jumpserver.checked = false;
-    };
-{#	console.log(JSON.stringify(post_list));#}
-    APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(post_list), success: success});
-    $('#asset_group_bulk_update_modal').modal('hide');
-});
-</script>
-{% endblock %}
-
--- a/apps/assets/templates/assets/asset_list.html
+++ b/apps/assets/templates/assets/asset_list.html
@@ -1,180 +1,578 @@
-{% extends '_base_list.html' %}
-{% load i18n %}
+{% extends 'base.html' %}
 {% load static %}
+{% load i18n %}
+
+{% block help_message %}
+    <div class="alert alert-info help-message">
+{#    左侧是资产树，右击可以新建、删除、更改树节点，授权资产也是以节点方式组织的，右侧是属于该节点下的资产#}
+    {% trans 'The left side is the asset tree, right click to create, delete, and change the tree node, authorization asset is also organized as a node, and the right side is the asset under that node' %}
+    </div>
+{% endblock %}
+
 {% block custom_head_css_js %}
-<link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-<script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+    <link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
+{#    <link href="https://cdn.datatables.net/1.10.19/css/jquery.dataTables.min.css" rel="stylesheet">#}
+    <script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
+    <script src="{% static 'js/jquery.form.min.js' %}"></script>
+	<style type="text/css">
+        div#rMenu {
+            position:absolute;
+            visibility:hidden;
+            text-align: left;
+            {#top: 100%;#}
+            top: 0;
+            left: 0;
+            z-index: 1000;
+            {#float: left;#}
+            padding: 0 0;
+            margin: 2px 0 0;
+            list-style: none;
+            background-clip: padding-box;
+         }
+        .dataTables_wrapper .dataTables_processing {
+            opacity: .9;
+            border: none;
+        }
+        div#rMenu li{
+        	margin: 1px 0;
+        	cursor: pointer;
+        	list-style: none outside none;
+         }
+        .dropdown a:hover {
+            background-color: #f1f1f1
+        }
+	</style>

-{#<style>#}
-{#    .custom{#}
-{#        margin-right:5px;#}
-{#        }#}
-{#    #modal .modal-body { max-height: 200px; }#}
-{#</style>#}
-{% endblock %}
-{% block content_left_head %}{% endblock %}
-
-{% block table_search %}
-    <div class="html5buttons">
-        <div class="dt-buttons btn-group">
-            <a class="btn btn-default btn_import" data-toggle="modal" data-target="#asset_import_modal" tabindex="0">
-                <span>{% trans "Import" %}</span>
-            </a>
-            <a class="btn btn-default btn_export" tabindex="0">
-                <span>{% trans "Export" %}</span>
-            </a>
-        </div>
-    </div>
 {% endblock %}

-
-{% block table_container %}
-<div class="uc pull-left m-l-5 m-r-5"><a href="{% url "assets:asset-create" %}" class="btn btn-sm btn-primary"> {% trans "Create asset" %} </a></div>
-<table class="table table-striped table-bordered table-hover " id="asset_list_table" >
-    <thead>
-        <tr>
-            <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
-            <th class="text-center">{% trans 'Hostname' %}</th>
-            <th class="text-center">{% trans 'IP' %}</th>
-            <th class="text-center">{% trans 'Port' %}</th>
-            <th class="text-center">{% trans 'Type' %}</th>
-            <th class="text-center">{% trans 'Env' %}</th>
-            <th class="text-center">{% trans 'Hardware' %}</th>
-            <th class="text-center">{% trans 'Valid' %}</th>
-            <th class="text-center">{% trans 'Alive' %}</th>
-            <th class="text-center">{% trans 'Action' %}</th>
-        </tr>
-    </thead>
-    <tbody>
-    </tbody>
-</table>
-<div id="actions" class="hide">
-    <div class="input-group">
-        <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
-            <option value="delete">{% trans 'Delete selected' %}</option>
-            <option value="update">{% trans 'Update selected' %}</option>
-            <option value="deactive">{% trans 'Deactive selected' %}</option>
-            <option value="active">{% trans 'Active' %}</option>
-        </select>
-        <div class="input-group-btn pull-left" style="padding-left: 5px;">
-            <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
-             {% trans 'Submit' %}
-            </button>
-        </div>
-    </div>
+{% block content %}
+<div class="wrapper wrapper-content">
+   <div class="row">
+       <div class="col-lg-3" id="split-left" style="padding-left: 3px">
+           <div class="ibox float-e-margins">
+               <div class="ibox-content mailbox-content" style="padding-top: 0;padding-left: 1px">
+                   <div class="file-manager ">
+                       <div id="assetTree" class="ztree">
+                       </div>
+                       <div class="clearfix"></div>
+                   </div>
+               </div>
+           </div>
+       </div>
+       <div class="col-lg-9 animated fadeInRight" id="split-right">
+           <div class="tree-toggle">
+               <div class="btn btn-sm btn-primary tree-toggle-btn" onclick="toggle()">
+                   <i class="fa fa-angle-left fa-x" id="toggle-icon"></i>
+               </div>
+           </div>
+           <div class="mail-box-header">
+               <div class="uc pull-left m-r-5"><a class="btn btn-sm btn-primary btn-create-asset"> {% trans "Create asset" %} </a></div>
+               <div class="html5buttons">
+                   <div class="dt-buttons btn-group">
+                       <a class="btn btn-default btn_import" data-toggle="modal" data-target="#asset_import_modal" tabindex="0">
+                           <span>{% trans "Import" %}</span>
+                       </a>
+                       <a class="btn btn-default btn_export" tabindex="0">
+                           <span>{% trans "Export" %}</span>
+                       </a>
+                   </div>
+               </div>
+               <div class="btn-group" style="float: right">
+                  <button data-toggle="dropdown" class="btn btn-default btn-sm dropdown-toggle">{% trans 'Label' %} <span class="caret"></span></button>
+                  <ul class="dropdown-menu labels">
+                      {% for label in labels %}
+                          <li><a style="font-weight: bolder">{{ label.name }}:{{ label.value }}</a></li>
+                      {% endfor %}
+                  </ul>
+               </div>
+               <table class="table table-striped table-bordered table-hover " id="asset_list_table" style="width: 100%">
+                   <thead>
+                       <tr>
+                           <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
+                           <th class="text-center">{% trans 'Hostname' %}</th>
+                           <th class="text-center">{% trans 'IP' %}</th>
+                           <th class="text-center">{% trans 'Hardware' %}</th>
+                           <th class="text-center">{% trans 'Active' %}</th>
+{#                           <th class="text-center">{% trans 'Reachable' %}</th>#}
+                           <th class="text-center">{% trans 'Action' %}</th>
+                       </tr>
+                   </thead>
+                   <tbody>
+                   </tbody>
+               </table>
+               <div id="actions" class="hide">
+                   <div class="input-group">
+                       <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
+                           <option value="delete">{% trans 'Delete selected' %}</option>
+                           <option value="update">{% trans 'Update selected' %}</option>
+                           <option value="remove">{% trans 'Remove from this node' %}</option>
+                           <option value="deactive">{% trans 'Deactive selected' %}</option>
+                           <option value="active">{% trans 'Active selected' %}</option>
+                       </select>
+                       <div class="input-group-btn pull-left" style="padding-left: 5px;">
+                           <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
+                            {% trans 'Submit' %}
+                           </button>
+                       </div>
+                   </div>
+               </div>
+           </div>
+       </div>
+   </div>
 </div>
+
+<div id="rMenu">
+    <ul class="dropdown-menu">
+        <li class="divider"></li>
+        <li id="m_create" tabindex="-1" onclick="addTreeNode();"><a><i class="fa fa-plus-square-o"></i> {% trans 'Add node' %}</a></li>
+        <li id="m_del" tabindex="-1" onclick="editTreeNode();"><a><i class="fa fa-pencil-square-o"></i> {% trans 'Rename node' %}</a></li>
+        <li id="m_del" tabindex="-1" onclick="removeTreeNode();"><a><i class="fa fa-minus-square"></i> {% trans 'Delete node' %}</a></li>
+        <li class="divider"></li>
+        <li id="menu_asset_add" class="btn-add-asset" data-toggle="modal" data-target="#asset_list_modal" tabindex="0"><a><i class="fa fa-copy"></i> {% trans 'Add assets to node' %}</a></li>
+        <li id="menu_asset_move" class="btn-move-asset" data-toggle="modal" data-target="#asset_list_modal" tabindex="0"><a><i class="fa fa-cut"></i> {% trans 'Move assets to node' %}</a></li>
+        <li class="divider"></li>
+        <li id="menu_refresh_hardware_info" class="btn-refresh-hardware" tabindex="-1"><a><i class="fa fa-refresh"></i> {% trans 'Refresh node hardware info' %}</a></li>
+        <li id="menu_test_connective" class="btn-test-connective" tabindex="-1"><a><i class="fa fa-chain"></i> {% trans 'Test node connective' %}</a></li>
+        <li class="divider"></li>
+        <li id="show_current_asset" class="btn-show-current-asset" style="display: none;" tabindex="-1"><a><i class="fa fa-hand-o-up"></i> {% trans 'Display only current node assets' %}</a></li>
+        <li id="show_all_asset" class="btn-show-all-asset" style="display: none;" tabindex="-1"><a><i class="fa fa-th"></i> {% trans 'Displays all child node assets' %}</a></li>
+    </ul>
+</div>
+
 {% include 'assets/_asset_import_modal.html' %}
-{#{% include 'assets/_asset_bulk_update_modal.html' %}#}
+{% include 'assets/_asset_list_modal.html' %}
 {% endblock %}

 {% block custom_foot_js %}
-<script src="{% static 'js/jquery.form.min.js' %}"></script>
-<script type="text/javascript">
-window.onload = function (){
-        var tag_on = document.getElementsByName("tag_on");
-        var oDiv = document.getElementById("ydxbd");
-        if(tag_on.length > 0){
-            oDiv.style.display = "block";
-        }
-    };
-
-function tagShow() {
-    var oDiv = document.getElementById("ydxbd");
-    if (oDiv.style.display == 'none'){
-        oDiv.style.display = "block";
-    }else{
-        oDiv.style.display = "none";
-    }
-}  //onload;
-
-
-
-$(document).ready(function(){
+<script>
+var zTree, rMenu, asset_table, show = 0;
+var update_node_action = "";
+function initTable() {
    var options = {
        ele: $('#asset_list_table'),
        columnDefs: [
            {targets: 1, createdCell: function (td, cellData, rowData) {
-                var detail_btn = '<a href="{% url "assets:asset-detail" pk=99991937 %}">' + cellData + '</a>';
-                $(td).html(detail_btn.replace('99991937', rowData.id));
+                {% url 'assets:asset-detail' pk=DEFAULT_PK as the_url  %}
+                var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
            }},
-            {targets: 7, createdCell: function (td, cellData) {
+            {targets: 3, createdCell: function (td, cellData, rowData) {
+                $(td).html(rowData.hardware_info)
+            }},
+            {targets: 4, createdCell: function (td, cellData) {
                if (!cellData) {
                    $(td).html('<i class="fa fa-times text-danger"></i>')
                } else {
                    $(td).html('<i class="fa fa-check text-navy"></i>')
                }
            }},
-            {targets: 8, createdCell: function (td, cellData) {
-                if (cellData == 'Unknown'){
-                    $(td).html('<i class="fa fa-circle text-warning"></i>')
-                } else if (!cellData) {
-                    $(td).html('<i class="fa fa-circle text-danger"></i>')
-                } else {
-                    $(td).html('<i class="fa fa-circle text-navy"></i>')
-                }
-            }},
-            {targets: 9, createdCell: function (td, cellData, rowData) {
-                var update_btn = '<a href="{% url "assets:asset-update" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', cellData);
-                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_delete" data-uid="99991937">{% trans "Delete" %}</a>'.replace('99991937', cellData);
+
+            {targets: 5, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:asset-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
                $(td).html(update_btn + del_btn)
            }}
        ],
        ajax_url: '{% url "api-assets:asset-list" %}',
-        columns: [{data: "id"}, {data: "hostname" }, {data: "ip" }, {data: "port" },
-            {data: "get_type_display" }, {data: "get_env_display"}, {data: "hardware"},
-            {data: "is_active" }, {data: "is_online"}, {data: "id" }],
+        columns: [
+            {data: "id"}, {data: "hostname" }, {data: "ip" },
+            {data: "cpu_cores"}, {data: "is_active", orderable: false },
+            {data: "id", orderable: false }
+        ],
        op_html: $('#actions').html()
    };
-    var table = jumpserver.initDataTable(options);
+    asset_table = jumpserver.initServerSideDataTable(options);
+    return asset_table
+}

-    $('.btn_export').click(function () {
-        var assets = [];
-        var rows = table.rows('.selected').data();
-        $.each(rows, function (index, obj) {
-            assets.push(obj.id)
-        });
-        console.log(assets);
-        $.ajax({
-            url: "{% url "assets:asset-export" %}",
-            method: 'POST',
-            data: JSON.stringify({assets_id: assets}),
-            dataType: "json",
-            success: function (data, textStatus) {
-                window.open(data.redirect)
-            },
-            error: function () {
-                toastr.error('Export failed');
-            }
-        })
-    });
-     $('#btn_asset_import').click(function() {
-        var $form = $('#fm_asset_import');
-        $form.find('.help-block').remove();
-        function success (data) {
-            if (data.valid === false) {
-                $('<span />', {class: 'help-block text-danger'}).html(data.msg).insertAfter($('#id_assets'));
-            } else {
-                $('#id_created').html(data.created_info);
-                $('#id_created_detail').html(data.created.join(', '));
-                $('#id_updated').html(data.updated_info);
-                $('#id_updated_detail').html(data.updated.join(', '));
-                $('#id_failed').html(data.failed_info);
-                $('#id_failed_detail').html(data.failed.join(', '));
-                var $data_table = $('#asset_list_table').DataTable();
-                $data_table.ajax.reload();
-            }
+function addTreeNode() {
+	hideRMenu();
+	var parentNode = zTree.getSelectedNodes()[0];
+	if (!parentNode){
+	    return
+    }
+    var url = "{% url 'api-assets:node-children' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", parentNode.node_id );
+    $.post(url,  {}, function (data, status){
+        if (status === "success") {
+            var newNode = {
+                id: data["key"],
+                name: data["value"],
+                node_id: data["id"],
+                pId: parentNode.id
+            };
+            newNode.checked = zTree.getSelectedNodes()[0].checked;
+            zTree.addNodes(parentNode, 0, newNode);
+            var node = zTree.getNodeByParam('id', newNode.node_id, parentNode);
+            zTree.editName(node);
+        } else {
+            alert("{% trans 'Create node failed' %}")
+        }
+    });
+}
+
+function removeTreeNode() {
+	hideRMenu();
+	var current_node = zTree.getSelectedNodes()[0];
+	if (!current_node){
+	    return
+    }
+	if (current_node.children && current_node.children.length > 0) {
+		toastr.error("{% trans 'Have child node, cancel' %}");
+	 } else if (current_node.assets_amount !== 0) {
+        toastr.error("{% trans 'Have assets, cancel' %}");
+    } else {
+        var url = "{% url 'api-assets:node-detail' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", current_node.node_id );
+		$.ajax({
+            url: url,
+            method: "DELETE",
+            success: function () {
+                zTree.removeNode(current_node);
+            }
+        });
+	}
+}
+
+function editTreeNode() {
+    hideRMenu();
+    var current_node = zTree.getSelectedNodes()[0];
+    if (!current_node){
+        return
+    }
+    if (current_node.value) {
+        current_node.name = current_node.value;
+    }
+    zTree.editName(current_node);
+}
+
+function OnRightClick(event, treeId, treeNode) {
+    if (!treeNode && event.target.tagName.toLowerCase() !== "button" && $(event.target).parents("a").length === 0) {
+		zTree.cancelSelectedNode();
+		showRMenu("root", event.clientX, event.clientY);
+	} else if (treeNode && !treeNode.noR) {
+		zTree.selectNode(treeNode);
+		showRMenu("node", event.clientX, event.clientY);
+	}
+}
+
+function showRMenu(type, x, y) {
+	$("#rMenu ul").show();
+    x -= 220;
+    x += document.body.scrollLeft;
+    y += document.body.scrollTop+document.documentElement.scrollTop;
+    rMenu.css({"top":y+"px", "left":x+"px", "visibility":"visible"});
+
+	$("body").bind("mousedown", onBodyMouseDown);
+}
+
+function beforeClick(treeId, treeNode, clickFlag) {
+    return true;
+}
+
+function hideRMenu() {
+	if (rMenu) rMenu.css({"visibility": "hidden"});
+	$("body").unbind("mousedown", onBodyMouseDown);
+}
+
+function onBodyMouseDown(event){
+	if (!(event.target.id === "rMenu" || $(event.target).parents("#rMenu").length>0)) {
+		rMenu.css({"visibility" : "hidden"});
+	}
+}
+
+
+function onRename(event, treeId, treeNode, isCancel){
+    var url = "{% url 'api-assets:node-detail' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", treeNode.node_id);
+    var data = {"value": treeNode.name};
+    if (isCancel){
+        return
+    }
+    APIUpdateAttr({
+        url: url,
+        body: JSON.stringify(data),
+        method: "PATCH",
+        success_message: "{% trans 'Rename success' %}",
+        fail_message: "{% trans 'Rename failed, do not change the root node name' %}"
+    })
+}
+
+function onSelected(event, treeNode) {
+    var url = asset_table.ajax.url();
+    url = setUrlParam(url, "node_id", treeNode.node_id);
+    url = setUrlParam(url, "show_current_asset", getCookie('show_current_asset'));
+    setCookie('node_selected', treeNode.node_id);
+    asset_table.ajax.url(url);
+    asset_table.ajax.reload();
+}
+
+function selectQueryNode() {
+    var query_node_id = $.getUrlParam("node");
+    var cookie_node_id = getCookie('node_selected');
+    var node;
+    var node_id;
+
+    if (query_node_id !== null) {
+        node_id = query_node_id
+    } else if (cookie_node_id !== null) {
+        node_id = cookie_node_id;
+    }
+
+    node = zTree.getNodesByParam("node_id", node_id, null);
+    if (node){
+        zTree.selectNode(node[0]);
+    }
+}
+
+function beforeDrag() {
+    return true
+}
+
+function beforeDrop(treeId, treeNodes, targetNode, moveType) {
+    var treeNodesNames = [];
+    $.each(treeNodes, function (index, value) {
+        treeNodesNames.push(value.value);
+    });
+
+    var msg = "你想移动节点: `" + treeNodesNames.join(",") + "` 到 `" + targetNode.value + "` 下吗?";
+    return confirm(msg);
+}
+
+function onDrag(event, treeId, treeNodes) {
+}
+
+function onDrop(event, treeId, treeNodes, targetNode, moveType) {
+    var treeNodesIds = [];
+    $.each(treeNodes, function (index, value) {
+        treeNodesIds.push(value.node_id);
+    });
+
+    var the_url = "{% url 'api-assets:node-add-children' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", targetNode.node_id);
+    var body = {nodes: treeNodesIds};
+    APIUpdateAttr({
+        url: the_url,
+        method: "PUT",
+        body: JSON.stringify(body)
+    })
+}
+
+function initTree() {
+    var setting = {
+        view: {
+            dblClickExpand: false,
+            showLine: true
+        },
+        data: {
+            simpleData: {
+                enable: true
+            }
+        },
+        edit: {
+            enable: true,
+			showRemoveBtn: false,
+			showRenameBtn: false,
+            drag: {
+                isCopy: true,
+                isMove: true
+            }
+        },
+        callback: {
+            onRightClick: OnRightClick,
+            beforeClick: beforeClick,
+            onRename: onRename,
+            onSelected: onSelected,
+            beforeDrag: beforeDrag,
+            onDrag: onDrag,
+            beforeDrop: beforeDrop,
+            onDrop: onDrop
+        }
+    };
+
+    var zNodes = [];
+    $.get("{% url 'api-assets:node-list' %}", function(data, status){
+        $.each(data, function (index, value) {
+            value["node_id"] = value["id"];
+            value["id"] = value["tree_id"];
+            if (value["tree_id"] !== value["tree_parent"]){
+                value["pId"] = value["tree_parent"];
+            } else {
+                value["isParent"] = true;
+            }
+            value["name"] = value["value"] + ' (' + value['assets_amount'] + ')';
+            value['value'] = value['value'];
+        });
+        zNodes = data;
+        $.fn.zTree.init($("#assetTree"), setting, zNodes);
+        zTree = $.fn.zTree.getZTreeObj("assetTree");
+        var root = zTree.getNodes()[0];
+        zTree.expandNode(root);
+		rMenu = $("#rMenu");
+		selectQueryNode();
+    });
+}
+
+function toggle() {
+    if (show === 0) {
+        $("#split-left").hide(500, function () {
+            $("#split-right").attr("class", "col-lg-12");
+            $("#toggle-icon").attr("class", "fa fa-angle-right fa-x");
+            show = 1;
+        });
+    } else {
+        $("#split-right").attr("class", "col-lg-9");
+        $("#toggle-icon").attr("class", "fa fa-angle-left fa-x");
+        $("#split-left").show(500);
+        show = 0;
+    }
+}
+
+$(document).ready(function(){
+    initTable();
+    initTree();
+
+    if(getCookie('show_current_asset') === '1'){
+        $('#show_all_asset').css('display', 'inline-block');
+    }
+    else{
+        $('#show_current_asset').css('display', 'inline-block');
+    }
+})
+.on('click', '.labels li', function () {
+    var val = $(this).text();
+    $("#asset_list_table_filter input").val(val);
+    asset_table.search(val).draw();
+ })
+.on('click', '.btn_export', function () {
+    var $data_table = $('#asset_list_table').DataTable();
+    var rows = $data_table.rows('.selected').data();
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length === 1) {
+        current_node = nodes[0];
+    }
+    var assets = [];
+    $.each(rows, function (index, obj) {
+        assets.push(obj.id)
+    });
+    var _node_id = current_node ? current_node : null;
+    $.ajax({
+        url: "{% url "assets:asset-export" %}",
+        method: 'POST',
+        data: JSON.stringify({assets_id: assets, node_id: _node_id}),
+        dataType: "json",
+        success: function (data, textStatus) {
+            window.open(data.redirect)
+        },
+        error: function () {
+            toastr.error('Export failed');
        }
-        $form.ajaxSubmit({success: success});
    })
 })
+.on('click', '#btn_asset_import', function () {
+    var $form = $('#fm_asset_import');
+    var action = $form.attr("action");
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length ===1 ){
+        current_node = nodes[0];
+        action = setUrlParam(action, 'node_id', current_node.node_id);
+        {#action += "?node_id=" + current_node.node_id;#}
+        $form.attr("action", action)
+    }
+    $form.find('.help-block').remove();
+    function success (data) {
+        if (data.valid === false) {
+            $('<span />', {class: 'help-block text-danger'}).html(data.msg).insertAfter($('#id_assets'));
+        } else {
+            $('#id_created').html(data.created_info);
+            $('#id_created_detail').html(data.created.join(', '));
+            $('#id_updated').html(data.updated_info);
+            $('#id_updated_detail').html(data.updated.join(', '));
+            $('#id_failed').html(data.failed_info);
+            $('#id_failed_detail').html(data.failed.join(', '));
+            var $data_table = $('#asset_list_table').DataTable();
+            $data_table.ajax.reload();
+        }
+    }
+    $form.ajaxSubmit({success: success});
+})
+.on('click', '.btn-create-asset', function () {
+    var url = "{% url 'assets:asset-create' %}";
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length ===1 ){
+        current_node = nodes[0];
+        url += "?node_id=" + current_node.node_id;
+    }
+    window.open(url, '_self');
+})
+.on('click', '.btn-refresh-hardware', function () {
+    var url = "{% url 'api-assets:node-refresh-hardware-info' pk=DEFAULT_PK %}";
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length ===1 ){
+        current_node = nodes[0];
+    } else {
+        return null;
+    }

+    var the_url = url.replace("{{ DEFAULT_PK }}", current_node.node_id);
+    function success(data) {
+        rMenu.css({"visibility" : "hidden"});
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600')
+    }
+    APIUpdateAttr({
+        url: the_url,
+        method: "GET",
+        success: success,
+        flash_message: false
+    });
+
+})
+.on('click', '.btn-test-connective', function () {
+    var url = "{% url 'api-assets:node-test-connective' pk=DEFAULT_PK %}";
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length ===1 ){
+        current_node = nodes[0];
+    } else {
+        return null;
+    }
+
+    var the_url = url.replace("{{ DEFAULT_PK }}", current_node.node_id);
+    function success(data) {
+        rMenu.css({"visibility" : "hidden"});
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600')
+    }
+    APIUpdateAttr({
+        url: the_url,
+        method: "GET",
+        success: success,
+        flash_message: false
+    });
+})
+.on('click', '.btn-show-current-asset', function(){
+    hideRMenu();
+    $(this).css('display', 'none');
+    $('#show_all_asset').css('display', 'inline-block');
+    setCookie('show_current_asset', '1');
+    location.reload();
+})
+.on('click', '.btn-show-all-asset', function(){
+    hideRMenu();
+    $(this).css('display', 'none');
+    $('#show_current_asset').css('display', 'inline-block');
+    setCookie('show_current_asset', '');
+    location.reload();
+})
 .on('click', '.btn_asset_delete', function () {
    var $this = $(this);
    var $data_table = $("#asset_list_table").DataTable();
    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
    var uid = $this.data('uid');
-    var the_url = '{% url "api-assets:asset-detail" pk=99991937 %}'.replace('99991937', uid);
-    console.log(the_url);
+    var the_url = '{% url "api-assets:asset-detail" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", uid);
    objectDelete($this, name, the_url);
    setTimeout( function () {
        $data_table.ajax.reload();
@@ -187,26 +585,42 @@ $(document).ready(function(){
    $data_table.rows({selected: true}).every(function(){
        id_list.push(this.data().id);
    });
-    if (id_list.length == 0) {
+    if (id_list.length === 0) {
        return false;
    }
    var the_url = "{% url 'api-assets:asset-list' %}";

    function doDeactive() {
-        var body = $.each(id_list, function(index, asset_object) {
-            asset_object['is_active'] = false;
+        var data = [];
+        $.each(id_list, function(index, object_id) {
+            var obj = {"pk": object_id, "is_active": false};
+            data.push(obj);
+        });
+        function success() {
+            asset_table.ajax.reload()
+        }
+        APIUpdateAttr({
+            url: the_url,
+            method: 'PATCH',
+            body: JSON.stringify(data),
+            success: success
        });
-        APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(body)});
-        $data_table.ajax.reload();
-        jumpserver.checked = false;
    }
    function doActive() {
-        var body = $.each(id_list, function(index, asset_object) {
-            asset_object['is_active'] = true;
+        var data = [];
+        $.each(id_list, function(index, object_id) {
+            var obj = {"pk": object_id, "is_active": true};
+            data.push(obj);
+        });
+        function success() {
+            asset_table.ajax.reload()
+        }
+        APIUpdateAttr({
+            url: the_url,
+            method: 'PATCH',
+            body: JSON.stringify(data),
+            success: success
        });
-        APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(body)});
-        $data_table.ajax.reload();
-        jumpserver.checked = false;
    }
    function doDelete() {
        swal({
@@ -214,6 +628,7 @@ $(document).ready(function(){
            text: "{% trans 'This will delete the selected assets !!!' %}",
            type: "warning",
            showCancelButton: true,
+            cancelButtonText: "{% trans 'Cancel' %}",
            confirmButtonColor: "#DD6B55",
            confirmButtonText: "{% trans 'Confirm' %}",
            closeOnConfirm: false
@@ -227,8 +642,13 @@ $(document).ready(function(){
                var msg = "{% trans 'Asset Deleting failed.' %}";
                swal("{% trans 'Asset Delete' %}", msg, "error");
            };
-            var url_delete = the_url + '?id__in=' + JSON.stringify(plain_id_list);
-            APIUpdateAttr({url: url_delete, method: 'DELETE', success: success, error: fail});
+            var url_delete = the_url + '?id__in=' + JSON.stringify(id_list);
+            APIUpdateAttr({
+                url: url_delete,
+                method: 'DELETE',
+                success: success,
+                error: fail
+            });
            $data_table.ajax.reload();
            jumpserver.checked = false;
        });
@@ -238,6 +658,31 @@ $(document).ready(function(){
        var url = "{% url 'assets:asset-bulk-update' %}?assets_id=" + id_list_string;
        location.href = url
    }
+
+    function doRemove() {
+        var current_node;
+        var nodes = zTree.getSelectedNodes();
+        if (nodes && nodes.length === 1) {
+            current_node = nodes[0]
+        } else {
+            return
+        }
+
+        var data = {
+            'assets': id_list
+        };
+
+        var success = function () {
+            asset_table.ajax.reload()
+        };
+
+        APIUpdateAttr({
+            'url': '/api/assets/v1/nodes/' + current_node.node_id + '/assets/remove/',
+            'method': 'PUT',
+            'body': JSON.stringify(data),
+            'success': success
+        })
+    }
    switch(action) {
        case 'deactive':
            doDeactive();
@@ -251,69 +696,50 @@ $(document).ready(function(){
        case 'active':
            doActive();
            break;
+        case 'remove':
+            doRemove();
+            break;
        default:
            break;
    }
-});
-{##}
-{#.on('click', '#btn_asset_bulk_update', function () {#}
-{#    var json_data = $("#fm_asset_bulk_update").serializeObject();#}
-{#    var body = {};#}
-{#    body.enable_otp = (json_data.enable_otp === 'on')? true: false;#}
-{#    if (json_data.type != '') {#}
-{#        body.type = json_data.type;#}
-{#    }#}
-{#    if (json_data.groups != undefined) {#}
-{#        body.groups = json_data.groups;#}
-{#    }#}
-{#    if (typeof body.groups === 'string') {#}
-{#        body.groups = [parseInt(body.groups)]#}
-{#    } else if(typeof body.groups === 'array') {#}
-{#        var new_groups = body.groups.map(Number);#}
-{#        body.groups = new_groups;#}
-{#    }#}
-{##}
-{#    if (json_data.system_users != undefined) {#}
-{#        body.system_users = json_data.system_users;#}
-{#    }#}
-{#    if (typeof body.system_users === 'string') {#}
-{#        body.system_users = [parseInt(body.system_users)]#}
-{#    } else if(typeof body.system_users === 'array') {#}
-{#        var new_users = body.system_users.map(Number);#}
-{#        body.system_users = new_users;#}
-{#    }#}
-{##}
-{#    if (json_data.tags != undefined) {#}
-{#        body.tags = json_data.tags;#}
-{#    }#}
-{#    if (typeof body.tags == 'string') {#}
-{#        body.tags = [parseInt(body.tags)];#}
-{#    } else if (typeof body.tags === 'array') {#}
-{#        var new_tags = body.tags.map(Number);#}
-{#        body.tags = new_tags;#}
-{#    }#}
-{##}
-{#    var $data_table = $('#asset_list_table').DataTable();#}
-{#    var post_list = [];#}
-{#    $data_table.rows({selected: true}).every(function(){#}
-{#        var content = Object.assign({id: this.data().id}, body);#}
-{#        post_list.push(content);#}
-{#    });#}
-{#    if (post_list === []) {#}
-{#        return false#}
-{#    }#}
-{#    var the_url = "{% url 'api-assets:asset-list' %}";#}
-{#    var success = function() {#}
-{#        var msg = "{% trans 'The selected assets has been updated successfully.' %}";#}
-{#        swal("{% trans 'Asset Updated' %}", msg, "success");#}
-{#        $('#asset_list_table').DataTable().ajax.reload();#}
-{#        jumpserver.checked = false;#}
-{#    };#}
-{#    console.log(JSON.stringify(post_list));#}
-{#    console.log(the_url);#}
-{#    APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(post_list), success: success});#}
-{#    $('#asset_bulk_update_modal').modal('hide');#}
-{#})#}
+    $(".ipt_check_all").prop("checked", false)
+})
+.on('click', '#btn_asset_modal_confirm', function () {
+    var assets_selected = asset_table2.selected;
+    var current_node;
+    var nodes = zTree.getSelectedNodes();
+    if (nodes && nodes.length === 1) {
+        current_node = nodes[0]
+    } else {
+        return
+    }

+    var data = {'assets': assets_selected};
+    var success = function () {
+        asset_table2.selected = [];
+        asset_table2.ajax.reload()
+    };
+
+    var url = '';
+    if (update_node_action === "move") {
+        url = "{% url 'api-assets:node-replace-assets' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", current_node.node_id);
+    } else {
+        url = "{% url 'api-assets:node-add-assets' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", current_node.node_id);
+    }
+
+    APIUpdateAttr({
+        'url': url,
+        'method': 'PUT',
+        'body': JSON.stringify(data),
+        'success': success
+    })
+}).on('hidden.bs.modal', '#asset_list_modal', function () {
+    window.location.reload();
+}).on('click', '#menu_asset_add', function () {
+    update_node_action = "add"
+}).on('click', '#menu_asset_move', function () {
+    update_node_action = "move"
+})
 </script>
-{% endblock %}
+
+{% endblock %}
--- a/apps/assets/templates/assets/asset_modal_list.html
+++ b/apps/assets/templates/assets/asset_modal_list.html
@@ -1,127 +0,0 @@
-
-<div class="modal-header">
-    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
-    <h4 class="modal-title" id="myModalLabel">分配/回收资产</h4>
-</div>
-
-<div class="modal-body" style="padding-bottom: 0px;">
-    <table aria-describedby="editable_info" role="grid" class="table table-striped table-bordered table-hover  dataTable" id="editable">
-        <thead>
-            <tr>
-                <th class="text-center" style="background-color:white">
-                    <input type="checkbox" id="check_all" onclick="checkAll()">
-                </th>
-                <th id="th_no">id</th>
-                <th>资产名称</th>
-                <th>IP</th>
-                <th>类型</th>
-            </tr>
-        </thead>
-        <tbody>
-        {% for asset in assets %}
-            {% if asset.id in all_assets %}
-            <tr name="oAssets" class="odd selected text-center">
-                <td class="text-center" ><input type="checkbox" name="checked" value="{{ asset.id }}" checked="checked"></td>
-            {% else %}
-            <tr name="oAssets">
-                <td class="text-center"><input type="checkbox" name="checked" value="{{ asset.id }}" ></td>
-            {% endif %}
-                <td class="text-center">{{ asset.id }}</td>
-                <td class="text-center">{{ asset.hostname }}</td>
-                <td class="text-center">{{ asset.ip }}</td>
-                <td class="text-center">{{ asset.env }}-{{ asset.type }}</td>
-            </tr>
-        {% endfor %}
-        </tbody>
-    </table>
-</div>
-
-<div class="modal-footer">
-    <button type="button" class="btn btn-default" id="close-btn">取消</button>
-    <button type="button" class="btn btn-primary" id="save-btn">保存</button>
-</div>
-
-<script type="text/javascript">
-$(document).ready(function(){
-    var table = $('#editable').DataTable({
-        "aLengthMenu": [[10, 25, 50, -1], ["10", "25", "50", "all"]],
-        "iDisplayLength":25,
-        "aaSorting": [[2, "asc"]],
-        "aoColumnDefs": [ { "bSortable": false, "aTargets": [ 0 ] }],
-        "bAutoWidth": false,
-        "language": {
-            "url": "/static/js/plugins/dataTables/i18n/zh-hans.json"
-        },
-        columns: [
-            {data: "checkbox"},
-            {data: "id"},
-            {data: "hostname"},
-            {data: "ip"},
-            {data: "type"}
-        ]
-    });
-    //将ID列隐藏
-    table.column('1').visible(false);
-
-    $('#editable tbody').on( 'click', 'tr', function () {
-        //alert($(this).hasClass('selected'));
-        if($(this).hasClass('selected')){
-            $(this).removeClass('selected');
-            this.children[0].children[0].checked=0;
-        }else{
-            $(this).addClass('selected');
-            this.children[0].children[0].checked=1;
-        }
-    });
-
-    $('#close-btn').on('click',function(){
-        $('#modal').modal('hide');
-    });
-    var size_name = document.getElementById('asset_on_count').innerText;
-    $('#save-btn').on('click',function(){
-        //alert( table.rows('.selected').data().length +' row(s) selected' );
-        var d = table.rows('.selected').data();
-        var size = d.length;
-        var re = /\d+/;
-        document.getElementById('add_asset').value = size;
-        var str= size_name;
-        var re=/\d+/g;
-        document.getElementById('asset_on_count').innerText = str.replace(re, size);
-        var column2 = table.rows('.selected').data();
-        $("#asset_sed").find("input[name='assets']").remove();
-        $("#asset_sed").find("button[name='asset_hostname']").remove();
-        for(var i=0;i<column2.length;i++){
-            column2[i].checkbox='<input name="checked" value="1" checked="" type="checkbox">';
-            var value = column2[i].id;
-            var ip = column2[i].ip;
-            var hostname = column2[i].hostname;
-            $("#asset_sed").append("<input  type='hidden' name='assets' value='"+value+"'>");
-            $("#asset_on_p").append("<button name='asset_hostname' title='"+ip+"' type='button' class='btn btn-default btn-xs ss'>"+hostname+"</button> ");
-        }
-        $('#modal').modal('hide');
-    });
-
-}); //$(document).ready
-
-var bCheck = 1;
-function checkAll(){
-    if(bCheck){
-        $("tr[name='oAssets']").each(function(){
-            oCheckbox = this.children[0].children[0];
-            $(this).toggleClass('selected',true);
-            oCheckbox.checked=1;
-        });
-        document.getElementById('check_all').checked=1;
-        bCheck = 0;
-    }else{
-        $("tr[name='oAssets']").each(function(){
-            oCheckbox = this.children[0].children[0];
-            $(this).toggleClass('selected',false);
-            oCheckbox.checked=0;
-        });
-        document.getElementById('check_all').checked=0;
-        bCheck = 1;
-    }
-}
-
-</script>
--- a/apps/assets/templates/assets/asset_update.html
+++ b/apps/assets/templates/assets/asset_update.html
@@ -2,6 +2,8 @@
 {% load static %}
 {% load bootstrap3 %}
 {% load i18n %}
+{% load asset_tags %}
+{% load common_tags %}

 {% block custom_head_css_js_create %}
    <link href="{% static "css/plugins/inputTags.css" %}" rel="stylesheet">
@@ -10,7 +12,7 @@

 {% block form %}
    <form action="" method="post" class="form-horizontal">
-    {% if form.no_field_errors %}
+    {% if form.non_field_errors %}
         <div class="alert alert-danger">
             {{ form.non_field_errors }}
         </div>
@@ -19,33 +21,47 @@
    <h3>{% trans 'Basic' %}</h3>
    {% bootstrap_field form.hostname layout="horizontal" %}
    {% bootstrap_field form.ip layout="horizontal" %}
-    {% bootstrap_field form.public_ip layout="horizontal" %}
+    {% bootstrap_field form.protocol layout="horizontal" %}
    {% bootstrap_field form.port layout="horizontal" %}
-    {% bootstrap_field form.type layout="horizontal" %}
+    {% bootstrap_field form.platform layout="horizontal" %}
+    {% bootstrap_field form.public_ip layout="horizontal" %}
+    {% bootstrap_field form.domain layout="horizontal" %}

    <div class="hr-line-dashed"></div>
-    <h3>{% trans 'Group' %}</h3>
-    {% bootstrap_field form.idc layout="horizontal" %}
-    {% bootstrap_field form.groups layout="horizontal" %}
-
-    <div class="hr-line-dashed"></div>
-    <h3>{% trans 'Asset user' %}</h3>
+    <h3>{% trans 'Auth' %}</h3>
    {% bootstrap_field form.admin_user layout="horizontal" %}

+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Node' %}</h3>
+    {% bootstrap_field form.nodes layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Labels' %}</h3>
+    <div class="form-group">
+        <label for="{{ form.labels.id_for_label }}" class="col-md-2 control-label">{% trans 'Label' %}</label>
+        <div class="col-md-9">
+            <select name="labels" class="select2 labels" data-placeholder="{% trans 'Label'  %}" style="width: 100%" multiple="" tabindex="4" id="{{ form.labels.id_for_label }}">
+                {% for name, labels in form.labels.field.queryset|group_labels %}
+                <optgroup label="{{ name }}">
+                    {% for label in labels %}
+                        {% if label in form.labels.initial %}
+                            <option value="{{ label.id }}" selected>{{ label.value }}</option>
+                        {% else %}
+                            <option value="{{ label.id }}">{{ label.value }}</option>
+                        {% endif %}
+                    {% endfor %}
+                </optgroup>
+                {% endfor %}
+            </select>
+        </div>
+    </div>
+
    <div class="hr-line-dashed"></div>
    <h3>{% trans 'Configuration' %}</h3>
    {% bootstrap_field form.number layout="horizontal" %}
-    {% bootstrap_field form.remote_card_ip layout="horizontal" %}
-
-    <div class="hr-line-dashed"></div>
-    <h3>{% trans 'Location' %}</h3>
-    {% bootstrap_field form.cabinet_no layout="horizontal" %}
-    {% bootstrap_field form.cabinet_pos layout="horizontal" %}

    <div class="hr-line-dashed"></div>
    <h3>{% trans 'Other' %}</h3>
-    {% bootstrap_field form.status layout="horizontal" %}
-    {% bootstrap_field form.env layout="horizontal" %}
    {% bootstrap_field form.comment layout="horizontal" %}
    {% bootstrap_field form.is_active layout="horizontal" %}

@@ -62,12 +78,18 @@

 {% block custom_foot_js %}
    <script>
-        $(document).ready(function () {
-            $('.select2').select2();
-            $("#tags").select2({
-                tags: true,
-                maximumSelectionLength: 8  //最多能够选择的个数
-            });
-        })
+    function format(item) {
+        var group = item.element.parentElement.label;
+        return group + ':' + item.text;
+    }
+    $(document).ready(function () {
+        $('.select2').select2({
+            allowClear: true
+        });
+        $(".labels").select2({
+            allowClear: true,
+            templateSelection: format
+        });
+    })
    </script>
 {% endblock %}
--- a/apps/assets/templates/assets/cmd_filter_create_update.html
+++ b/apps/assets/templates/assets/cmd_filter_create_update.html
@@ -0,0 +1,20 @@
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block form %}
+<form id="groupForm" method="post" class="form-horizontal">
+    {% csrf_token %}
+    {% bootstrap_field form.name layout="horizontal" %}
+    {% bootstrap_field form.comment layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <div class="form-group">
+        <div class="col-sm-4 col-sm-offset-2">
+            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+        </div>
+    </div>
+</form>
+{% endblock %}
--- a/apps/assets/templates/assets/cmd_filter_detail.html
+++ b/apps/assets/templates/assets/cmd_filter_detail.html
@@ -0,0 +1,168 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
+    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li class="active">
+                                <a href="{% url 'assets:cmd-filter-detail' pk=object.id %}" class="text-center">
+                                <i class="fa fa-laptop"></i> {% trans 'Detail' %}
+                                </a>
+                            </li>
+                            <li>
+                                <li>
+                                <a href="{% url 'assets:cmd-filter-rule-list' pk=object.id %}" class="text-center">
+                                    <i class="fa fa-laptop"></i> {% trans 'Rules' %}
+                                </a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-default" href="{% url 'assets:cmd-filter-update' pk=object.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-danger btn-del">
+                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
+                                </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-8" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span class="label"><b>{{ object.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                            <td>{% trans 'Name' %}:</td>
+                                            <td><b>{{ object.name }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Comment' %}:</td>
+                                            <td><b>{{ object.comment }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Date created' %}:</td>
+                                            <td><b>{{ object.date_created }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Date updated' %}:</td>
+                                            <td><b>{{ object.date_updated }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Created by' %}:</td>
+                                            <td><b>{{ object.created_by  }}</b></td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+
+                        <div class="col-sm-4" style="padding-left: 0; padding-right: 0">
+                            <div class="panel panel-primary">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'System users' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table group_edit" id="table-clusters">
+                                    <tbody>
+                                    <form>
+                                        <tr>
+                                            <td colspan="2" class="no-borders">
+                                                <select data-placeholder="{% trans 'Binding to system user' %}"  id="system_users_selected"  class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                {% for system_user in system_users_remain %}
+                                                    <option value="{{ system_user.id }}" id="opt_{{ system_user.id }}">{{ system_user }}</option>
+                                                {% endfor %}
+                                                </select>
+                                            </td>
+                                        </tr>
+                                        <tr>
+                                            <td colspan="2" class="no-borders">
+                                                <button type="button" class="btn btn-primary btn-sm" id="btn-binding-system-users">{% trans 'Confirm' %}</button>
+                                            </td>
+                                        </tr>
+                                    </form>
+                                    {% for system_user in object.system_users.all %}
+                                    <tr>
+                                      <td><b class="bdg-system-users" data-gid={{ system_user.id }}>{{ system_user }}</b></td>
+                                      <td>
+                                          <button class="btn btn-danger pull-right btn-xs btn-unbound-system-user" data-gid={{ system_user.id }} type="button"><i class="fa fa-minus"></i></button>
+                                      </td>
+                                    </tr>
+                                    {% endfor %}
+                                    </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+function updateCMDFilterSystemUsers(system_users) {
+    var the_url = "{% url 'api-assets:cmd-filter-detail' pk=object.id %}";
+    var body = {
+        system_users: Object.assign([], system_users)
+    };
+    var success = function(data) {
+        location.reload();
+    };
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(body),
+        method: 'PATCH',
+        success: success
+    });
+}
+$(document).ready(function () {
+    $(".select2").select2();
+}).on('click', '#btn-binding-system-users', function () {
+    var origin_system_users = $.map($(".bdg-system-users"), function (s) {
+        return $(s).data('gid')
+    });
+    var new_selected_system_users_id = $.map($("#system_users_selected").select2('data'), function (s) {
+        return s.id;
+    });
+    var system_users = origin_system_users.concat(new_selected_system_users_id);
+    updateCMDFilterSystemUsers(system_users)
+}).on('click', '.btn-unbound-system-user', function () {
+    var unbound_system_user = $(this).data('gid');
+    var origin_system_users = $.map($(".bdg-system-users"), function (s) {
+        return $(s).data('gid')
+    });
+    var system_users = $.grep(origin_system_users, function (n, i) {
+        return n !== unbound_system_user
+    });
+    updateCMDFilterSystemUsers(system_users)
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/cmd_filter_list.html
+++ b/apps/assets/templates/assets/cmd_filter_list.html
@@ -0,0 +1,89 @@
+{% extends '_base_list.html' %}
+{% load i18n static %}
+{% block table_search %}{% endblock %}
+{% block help_message %}
+    <div class="alert alert-info help-message">
+    {% trans 'System user bound some command filter, each command filter has some rules,'%}
+    {% trans 'When user login asset with this system user, then run a command,' %}
+    {% trans 'The command will be filter by rules, higher priority(lower number) rule run first,' %}
+    {% trans 'When a rule matched, if rule action is allow, then allow command execute,' %}
+    {% trans 'else if action is deny, then command with be deny,' %}
+    {% trans 'else match next rule, if none matched, allowed' %}
+    </div>
+{% endblock %}
+{% block table_container %}
+<div class="uc pull-left  m-r-5">
+    <a href="{% url 'assets:cmd-filter-create' %}" class="btn btn-sm btn-primary"> {% trans "Create command filter" %} </a>
+</div>
+<table class="table table-striped table-bordered table-hover " id="cmd_filter_list_table" >
+    <thead>
+    <tr>
+        <th class="text-center">
+            <input type="checkbox" id="check_all" class="ipt_check_all" >
+        </th>
+        <th class="text-center">{% trans 'Name' %}</th>
+        <th class="text-center">{% trans 'Rules' %}</th>
+        <th class="text-center">{% trans 'System users' %}</th>
+        <th class="text-center">{% trans 'Comment' %}</th>
+        <th class="text-center">{% trans 'Action' %}</th>
+    </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initTable() {
+    var options = {
+        ele: $('#cmd_filter_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url 'assets:cmd-filter-detail' pk=DEFAULT_PK %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+            }},
+            {targets: 2, createdCell: function (td, cellData, rowData) {
+                var filters_list_btn = '<a href="{% url "assets:cmd-filter-rule-list" pk=DEFAULT_PK %}">' + cellData.length + '</a>';
+                filters_list_btn = filters_list_btn.replace("{{ DEFAULT_PK }}", rowData.id);
+                $(td).html(filters_list_btn);
+            }},
+            {targets: 3, createdCell: function (td, cellData, rowData) {
+                var system_users_list_btn = '<a href="{% url "assets:cmd-filter-detail" pk=DEFAULT_PK %}">' + cellData.length + '</a>';
+                system_users_list_btn = system_users_list_btn.replace("{{ DEFAULT_PK }}", rowData.id);
+                $(td).html(system_users_list_btn);
+            }},
+            {targets: 5, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:cmd-filter-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+             }}
+        ],
+        ajax_url: '{% url "api-assets:cmd-filter-list" %}',
+        columns: [
+            {data: "id"}, {data: "name" }, {data: "rules" },
+            {data: "system_users" }, {data: "comment"}, {data: "id"}
+        ],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}
+$(document).ready(function(){
+    initTable();
+})
+.on('click', '.btn-delete', function () {
+    var $this = $(this);
+    var $data_table = $('#cmd_filter_list_table').DataTable();
+    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:cmd-filter-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    objectDelete($this, name, the_url);
+    setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+});
+</script>
+{% endblock %}
+
+
+
--- a/apps/assets/templates/assets/cmd_filter_rule_create_update.html
+++ b/apps/assets/templates/assets/cmd_filter_rule_create_update.html
@@ -0,0 +1,74 @@
+{% extends 'base.html' %}
+{% load i18n %}
+{% load static %}
+{% load bootstrap3 %}
+{% block custom_head_css_js %}
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="ibox-title">
+                        <h5>{{ action }}</h5>
+                        <div class="ibox-tools">
+                            <a class="collapse-link">
+                                <i class="fa fa-chevron-up"></i>
+                            </a>
+                            <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                <i class="fa fa-wrench"></i>
+                            </a>
+                            <a class="close-link">
+                                <i class="fa fa-times"></i>
+                            </a>
+                        </div>
+                    </div>
+                    <div class="ibox-content">
+                        <form enctype="multipart/form-data" method="post" class="form-horizontal" action="" >
+                            {% csrf_token %}
+                            {% if form.non_field_errors %}
+                                <div class="alert alert-danger">
+                                    {{ form.non_field_errors }}
+                                </div>
+                            {% endif %}
+                            {% bootstrap_form form layout="horizontal" %}
+                            <div class="form-group">
+                                <div class="col-sm-4 col-sm-offset-2">
+                                    <button class="btn btn-white" type="reset">{% trans 'Reset' %}</button>
+                                    <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                </div>
+                            </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+
+{% block custom_foot_js %}
+<script>
+var content_origin_placeholder = '';
+var content_origin_help_text = '';
+var content_ref = '';
+var content_help_ref = '';
+
+$(document).ready(function(){
+    content_ref = $('#id_content');
+    content_help_ref = content_ref.next();
+    content_origin_placeholder = content_ref.attr('placeholder');
+    content_origin_help_text = content_help_ref.html();
+}).on('change', '#id_type', function () {
+    if ($('#id_type :selected').val() === 'regex') {
+        content_ref.attr('placeholder', 'rm.*|reboot|shutdown');
+        content_help_ref.html("");
+    } else {
+        content_ref.attr('placeholder', content_origin_placeholder);
+        content_help_ref.html(content_origin_help_text);
+    }
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/cmd_filter_rule_list.html
+++ b/apps/assets/templates/assets/cmd_filter_rule_list.html
@@ -0,0 +1,115 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
+    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'assets:cmd-filter-detail' pk=object.id %}" class="text-center">
+                                    <i class="fa fa-laptop"></i> {% trans 'Detail' %}
+                                </a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'assets:cmd-filter-rule-list' pk=object.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Rules' %} </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-12" style="padding-left: 0;">
+                            <div class="" id="content_start">
+                            </div>
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span style="float: left"><b>{% trans 'Command filter rule list' %}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <div class="uc pull-left  m-r-5">
+                                        <a href="{% url 'assets:cmd-filter-rule-create' filter_pk=object.id %}" class="btn btn-sm btn-primary"> {% trans "Create rule" %} </a>
+                                    </div>
+                                    <table class="table table-striped table-bordered table-hover " id="cmd_filter_rule_list_table" >
+                                        <thead>
+                                        <tr>
+                                            <th class="text-center">
+                                                <input type="checkbox" id="check_all" class="ipt_check_all" >
+                                            </th>
+                                            <th class="text-center">{% trans 'Type' %}</th>
+                                            <th class="text-center">{% trans 'Content' %}</th>
+	                                        <th class="text-center">{% trans 'Priority' %}</th>
+                                            <th class="text-center">{% trans 'Strategy' %}</th>
+                                            <th class="text-center">{% trans 'Comment' %}</th>
+                                            <th class="text-center">{% trans 'Action' %}</th>
+                                        </tr>
+                                        </thead>
+                                        <tbody>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initTable() {
+    var options = {
+        ele: $('#cmd_filter_rule_list_table'),
+        columnDefs: [
+            {targets: 6, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:cmd-filter-rule-update" filter_pk=object.id pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+            }}
+        ],
+        ajax_url: '{% url "api-assets:cmd-filter-rule-list" filter_pk=object.id %}',
+        columns: [
+            {data: "id"}, {data: "type.display" }, {data: 'content'}, {data: 'priority'},
+	        {data: 'action.display'}, {data: "comment" }, {data: "id"}
+        ],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}
+$(document).ready(function(){
+    initTable();
+})
+.on('click', '.btn-delete', function () {
+    var $this = $(this);
+    var $data_table = $('#cmd_filter_rule_list_table').DataTable();
+    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:cmd-filter-rule-detail" filter_pk=object.id pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    objectDelete($this, name, the_url);
+    setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/domain_create_update.html
+++ b/apps/assets/templates/assets/domain_create_update.html
@@ -0,0 +1,42 @@
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block form %}
+<form id="groupForm" method="post" class="form-horizontal">
+    {% csrf_token %}
+    {% bootstrap_field form.name layout="horizontal" %}
+    {% bootstrap_field form.assets layout="horizontal" %}
+    {% bootstrap_field form.comment layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <div class="form-group">
+        <div class="col-sm-4 col-sm-offset-2">
+            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+        </div>
+    </div>
+</form>
+{% include 'assets/_asset_list_modal.html' %}
+{% endblock %}
+
+{% block custom_foot_js %}
+<script type="text/javascript">
+$(document).ready(function () {
+    console.log($.fn.select2.defaults);
+    $('.select2').select2().off("select2:open");
+}).on('click', '.select2-selection__rendered', function (e) {
+    e.preventDefault();
+    $("#asset_list_modal").modal();
+})
+.on('click', '#btn_asset_modal_confirm', function () {
+    var assets = asset_table2.selected;
+    $.each(assets, function (id, data) {
+        $('.select2').val(assets).trigger('change');
+    });
+    $("#asset_list_modal").modal('hide');
+
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/domain_detail.html
+++ b/apps/assets/templates/assets/domain_detail.html
@@ -0,0 +1,132 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
+    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li class="active">
+                                <a href="{% url 'assets:domain-detail' pk=object.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'assets:domain-gateway-list' pk=object.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Gateway' %} </a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-default" href="{% url 'assets:domain-update' pk=object.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-danger btn-del">
+                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
+                                </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-9" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span class="label"><b>{{ object.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                            <td>{% trans 'Name' %}:</td>
+                                            <td><b>{{ object.name }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Asset' %}:</td>
+                                            <td><b>{{ object.assets.count }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Gateway' %}:</td>
+                                            <td><b>{{ object.gateway_set.count }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Date created' %}:</td>
+                                            <td><b>{{ object.date_created }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Created by' %}:</td>
+                                            <td><b>{{ object.created_by  }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Comment' %}:</td>
+                                            <td><b>{{ object.comment }}</b></td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initTable() {
+    var options = {
+        ele: $('#domain_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url "assets:domain-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+             }},
+
+            {targets: 5, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:domain-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+             }}
+        ],
+        ajax_url: '{% url "api-assets:domain-list" %}',
+        columns: [
+            {data: "id"}, {data: "name" }, {data: "asset_count" },
+            {data: "gateway_count" }, {data: "comment" }, {data: "id"}
+        ],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}
+$(document).ready(function(){
+    initTable();
+})
+.on('click', '.btn-delete', function () {
+    var $this = $(this);
+    var $data_table = $('#domain_list_table').DataTable();
+    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:domain-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    objectDelete($this, name, the_url);
+    setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+});
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/domain_gateway_list.html
+++ b/apps/assets/templates/assets/domain_gateway_list.html
@@ -0,0 +1,128 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
+    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'assets:domain-detail' pk=object.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'assets:domain-detail' pk=object.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Gateway' %} </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-12" style="padding-left: 0;">
+                            <div class="" id="content_start">
+                            </div>
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span style="float: left"><b>{% trans 'Gateway list' %}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <div class="uc pull-left  m-r-5">
+                                        <a href="{% url 'assets:domain-gateway-create' pk=object.id %}" class="btn btn-sm btn-primary"> {% trans "Create gateway" %} </a>
+                                    </div>
+                                    <table class="table table-striped table-bordered table-hover " id="domain_list_table" >
+                                        <thead>
+                                        <tr>
+                                            <th class="text-center">
+                                                <input type="checkbox" id="check_all" class="ipt_check_all" >
+                                            </th>
+                                            <th class="text-center">{% trans 'Name' %}</th>
+                                            <th class="text-center">{% trans 'IP' %}</th>
+                                            <th class="text-center">{% trans 'Port' %}</th>
+                                            <th class="text-center">{% trans 'Protocol' %}</th>
+                                            <th class="text-center">{% trans 'Username' %}</th>
+                                            <th class="text-center">{% trans 'Comment' %}</th>
+                                            <th class="text-center">{% trans 'Action' %}</th>
+                                        </tr>
+                                        </thead>
+                                        <tbody>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initTable() {
+    var options = {
+        ele: $('#domain_list_table'),
+        columnDefs: [
+            {targets: 7, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:domain-gateway-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var test_btn = '<a class="btn btn-xs btn-warning m-l-xs btn-test" data-uid="{{ DEFAULT_PK }}">{% trans "Test connection" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                if(rowData.protocol === 'rdp'){
+                    test_btn = '<a class="btn btn-xs btn-warning m-l-xs btn-test" disabled data-uid="{{ DEFAULT_PK }}">{% trans "Test connection" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                }
+                $(td).html(update_btn + test_btn + del_btn)
+             }}
+        ],
+        ajax_url: '{% url "api-assets:gateway-list" %}?domain={{ object.id }}',
+        columns: [
+            {data: "id"}, {data: "name" }, {data: 'ip'}, {data: 'port'},
+            {data: "protocol"}, {data: "username" }, {data: "comment" }, {data: "id"}
+        ],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}
+$(document).ready(function(){
+    initTable();
+})
+.on('click', '.btn-delete', function () {
+    var $this = $(this);
+    var $data_table = $('#domain_list_table').DataTable();
+    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:gateway-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    objectDelete($this, name, the_url);
+    setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+}).on('click', '.btn-test', function () {
+    var $this = $(this);
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:test-gateway-connective" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    APIUpdateAttr({
+        url: the_url,
+        method: "GET",
+        success_message: "{% trans 'Can be connected' %}",
+        fail_message: "{% trans 'The connection fails' %}"
+    })
+});
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/domain_list.html
+++ b/apps/assets/templates/assets/domain_list.html
@@ -0,0 +1,82 @@
+{% extends '_base_list.html' %}
+{% load i18n static %}
+{% block table_search %}{% endblock %}
+
+{% block help_message %}
+    <div class="alert alert-info help-message">
+{#    网域功能是为了解决部分环境（如：混合云）无法直接连接而新增的功能，原理是通过网关服务器进行跳转登录。<br>#}
+{#    JMS => 网域网关 => 目标资产#}
+    {% trans 'The domain function is added to address the fact that some environments (such as the hybrid cloud) cannot be connected directly by jumping on the gateway server.' %}
+    <br>
+    {% trans 'JMS => Domain gateway => Target assets' %}
+    </div>
+{% endblock %}
+
+{% block table_container %}
+<div class="uc pull-left  m-r-5">
+    <a href="{% url 'assets:domain-create' %}" class="btn btn-sm btn-primary"> {% trans "Create domain" %} </a>
+</div>
+<table class="table table-striped table-bordered table-hover " id="domain_list_table" >
+    <thead>
+    <tr>
+        <th class="text-center">
+            <input type="checkbox" id="check_all" class="ipt_check_all" >
+        </th>
+        <th class="text-center">{% trans 'Name' %}</th>
+        <th class="text-center">{% trans 'Asset' %}</th>
+        <th class="text-center">{% trans 'Gateway' %}</th>
+        <th class="text-center">{% trans 'Comment' %}</th>
+        <th class="text-center">{% trans 'Action' %}</th>
+    </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initTable() {
+    var options = {
+        ele: $('#domain_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url "assets:domain-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+             }},
+            {targets: 3, createdCell: function (td, cellData, rowData) {
+                var gateway_list_btn = '<a href="{% url "assets:domain-gateway-list" pk=DEFAULT_PK %}">' + cellData + '</a>';
+                gateway_list_btn = gateway_list_btn.replace("{{ DEFAULT_PK }}", rowData.id);
+                $(td).html(gateway_list_btn);
+             }},
+            {targets: 5, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:domain-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+             }}
+        ],
+        ajax_url: '{% url "api-assets:domain-list" %}',
+        columns: [
+            {data: "id"}, {data: "name" }, {data: "asset_count" },
+            {data: "gateway_count" }, {data: "comment" }, {data: "id"}
+        ],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}
+$(document).ready(function(){
+    initTable();
+})
+.on('click', '.btn-delete', function () {
+    var $this = $(this);
+    var $data_table = $('#domain_list_table').DataTable();
+    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:domain-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    objectDelete($this, name, the_url);
+    setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+});
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/gateway_create_update.html
+++ b/apps/assets/templates/assets/gateway_create_update.html
@@ -0,0 +1,102 @@
+{% extends 'base.html' %}
+{% load i18n %}
+{% load static %}
+{% load bootstrap3 %}
+{% block custom_head_css_js %}
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="ibox-title">
+                        <h5>{{ action }}</h5>
+                        <div class="ibox-tools">
+                            <a class="collapse-link">
+                                <i class="fa fa-chevron-up"></i>
+                            </a>
+                            <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                <i class="fa fa-wrench"></i>
+                            </a>
+                            <a class="close-link">
+                                <i class="fa fa-times"></i>
+                            </a>
+                        </div>
+                    </div>
+                    <div class="ibox-content">
+                        <form enctype="multipart/form-data" method="post" class="form-horizontal" action="" >
+                            {% csrf_token %}
+                            {% if form.non_field_errors %}
+                                <div class="alert alert-danger">
+                                    {{ form.non_field_errors }}
+                                </div>
+                            {% endif %}
+                            <h3>{% trans 'Basic' %}</h3>
+                            {% bootstrap_field form.name layout="horizontal" %}
+                            {% bootstrap_field form.ip layout="horizontal" %}
+                            {% bootstrap_field form.port layout="horizontal" %}
+                            {% bootstrap_field form.protocol layout="horizontal" %}
+                            {% bootstrap_field form.domain layout="horizontal" %}
+
+                            {% block auth %}
+                            <h3 id="auth_title">{% trans 'Auth' %}</h3>
+                            <div class="auth-fields">
+                                {% bootstrap_field form.username layout="horizontal" %}
+                                {% bootstrap_field form.password layout="horizontal" %}
+                                {% bootstrap_field form.private_key_file layout="horizontal" %}
+                            </div>
+                            {% endblock %}
+
+                            <h3>{% trans 'Other' %}</h3>
+                            {% bootstrap_field form.is_active layout="horizontal" %}
+                            {% bootstrap_field form.comment layout="horizontal" %}
+                            <div class="form-group">
+                                <div class="col-sm-4 col-sm-offset-2">
+                                    <button class="btn btn-white" type="reset">{% trans 'Reset' %}</button>
+                                    <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                </div>
+                            </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+
+{% block custom_foot_js %}
+<script>
+var protocol_id = '#' + '{{ form.protocol.id_for_label }}';
+var private_key_id = '#' + '{{ form.private_key_file.id_for_label }}';
+var port = '#' + '{{ form.port.id_for_label }}';
+var username = '#' + '{{ form.username.id_for_label }}';
+var password = '#' + '{{ form.password.id_for_label }}';
+var auth_title = '#auth_title';
+
+function protocolChange() {
+    if ($(protocol_id + " option:selected").text() === 'rdp') {
+        {#$(port).val(3389);#}
+        $(private_key_id).closest('.form-group').addClass('hidden');
+        $(username).closest('.form-group').addClass('hidden');
+        $(password).closest('.form-group').addClass('hidden');
+        $(auth_title).addClass('hidden');
+    } else {
+        {#$(port).val(22);#}
+        $(private_key_id).closest('.form-group').removeClass('hidden');
+        $(username).closest('.form-group').removeClass('hidden');
+        $(password).closest('.form-group').removeClass('hidden');
+        $(auth_title).removeClass('hidden');
+    }
+}
+
+$(document).ready(function(){
+    protocolChange();
+})
+.on('change', protocol_id, function(){
+    protocolChange();
+});
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/idc_assets.html
+++ b/apps/assets/templates/assets/idc_assets.html
@@ -1,364 +0,0 @@
-{% extends 'base.html' %}
-{% load static %}
-{% load i18n %}
-
-{% block custom_head_css_js %}
-    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
-    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
-	<style type="text/css">
-
-	</style>
-{% endblock %}
-{% block content %}
-    <div class="wrapper wrapper-content animated fadeInRight">
-        <div class="row">
-            <div class="col-sm-12">
-                <div class="ibox float-e-margins">
-                    <div class="panel-options">
-                        <ul class="nav nav-tabs">
-                            <li>
-                                <a href="{% url 'assets:idc-detail' pk=idc.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
-                            </li>
-                            <li class="active"><a href="{% url 'assets:idc-assets' pk=idc.id %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'IDC assets' %}</a>
-                            </li>
-                        </ul>
-                    </div>
-                    <div class="tab-content">
-                        <div class="col-sm-7" style="padding-left: 0;">
-                            <div class="ibox float-e-margins">
-                                <div class="ibox-title">
-                                    <span style="float: left">{% trans 'IDC assets' %} <b>{{ idc.name }} </b><span class="badge"></span></span>
-                                    <div class="ibox-tools">
-                                        <a class="collapse-link">
-                                            <i class="fa fa-chevron-up"></i>
-                                        </a>
-                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                                            <i class="fa fa-wrench"></i>
-                                        </a>
-                                        <ul class="dropdown-menu dropdown-user">
-                                        </ul>
-                                        <a class="close-link">
-                                            <i class="fa fa-times"></i>
-                                        </a>
-                                    </div>
-                                </div>
-
-                                <div class="ibox-content">
-                                    <table class="table table-striped table-bordered table-hover " id="idc_assets_table" >
-                                        <thead>
-                                            <tr>
-                                                <th class="text-center">
-                                                    <input type="checkbox" id="check_all" class="ipt_check_all" >
-                                                </th>
-                                                <th>{% trans 'Hostname' %}</th>
-                                                <th>{% trans 'IP' %}</th>
-                                                <th>{% trans 'Port' %}</th>
-                                                <th>{% trans 'Type' %}</th>
-                                                <th>{% trans 'Valid' %}</th>
-                                            </tr>
-                                        </thead>
-                                        <tbody>
-                                        </tbody>
-                                    </table>
-
-	                                  <div id="actions" class="hide">
-									                      <div class="input-group">
-									                          <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
-									                              <option value="delete">{% trans 'Remove selected' %}</option>
-									                          </select>
-									                          <div class="input-group-btn pull-left" style="padding-left: 5px;">
-									                              <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-warning">
-									                               {% trans 'Submit' %}
-									                              </button>
-									                          </div>
-									                      </div>
-									                  </div>
-                                </div>
-                            </div>
-                        </div>
-                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
-                            <div class="panel panel-primary">
-                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Add assets to' %} {{ idc.name }}
-                                </div>
-                                <div class="panel-body">
-                                    <table class="table">
-                                        <tbody>
-                                        <form>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <select data-placeholder="{% trans 'Select asset' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for asset in assets_remain %}
-                                                            <option value="{{ asset.id }}" id="opt_{{ asset.id }}">{{ asset.ip}}:{{ asset.port }}</option>
-                                                        {% endfor %}
-                                                    </select>
-                                                </td>
-                                            </tr>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <button type="button" class="btn btn-primary btn-sm btn-asset-attach">{% trans 'Confirm' %}</button>
-                                                </td>
-                                            </tr>
-                                        </form>
-                                        </tbody>
-                                    </table>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-{% endblock %}
-{% block custom_foot_js %}
-<script src="{% static 'js/jquery.form.min.js' %}"></script>
-<script>
-
-jumpserver.assets_selected = {};
-
-Array.prototype.remove = function(val) {
-	var index = this.indexOf(val);
-		if (index > -1) {
-		this.splice(index, 1);
-	}
-};
-
-function updateIDCAssets(assets) {
-    var the_url = "{% url 'api-assets:idc-update-assets' pk=idc.id %}";
-    var body = {
-        assets: Object.assign([], assets)
-    };
-	var $data_table = $("#idc_assets_table").DataTable();
-    var success = function(data) {
-        $('.select2-selection__rendered').empty();
-        $.map(jumpserver.assets_selected, function(asset_ip, index) {
-	        $('#opt_' + index).remove();
-			$data_table.ajax.reload();
-        });
-        jumpserver.groups_selected = {};
-    };
-    APIUpdateAttr({
-        url: the_url,
-        body: JSON.stringify(body),
-	    method: 'PUT',
-        success: success
-    });
-}
-
-function deleteIDCAssets(assets) {
-	var the_url = "{% url 'api-assets:idc-update-assets' pk=idc.id %}";
-    var body = {
-        assets: Object.assign([], assets)
-    };
-	var $data_table = $("#idc_assets_table").DataTable();
-	var success = function(data) {
-		$data_table.ajax.reload();
-    };
-    APIUpdateAttr({
-        url: the_url,
-        body: JSON.stringify(body),
-	    method: 'PUT',
-        success: success
-    });
-}
-
-$(document).ready(function () {
-	$('.select2').select2()
-	.on("select2:select", function (evt) {
-		var data = evt.params.data;
-		jumpserver.assets_selected[data.id] = data.text;
-	})
-	.on('select2:unselect', function(evt) {
-		var data = evt.params.data;
-		delete jumpserver.assets_selected[data.id];
-	});
-	var options = {
-		ele: $('#idc_assets_table'),
-		buttons: [],
-		order: [],
-		columnDefs: [
-			{targets: 1, createdCell: function (td, cellData, rowData) {
-				var detail_btn = '<a href="{% url "assets:asset-detail" pk=99991937 %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
-				$(td).html(detail_btn.replace('99991937', rowData.id));
-			}},
-			{targets: 5, createdCell: function (td, cellData) {
-				if (!cellData) {
-					$(td).html('<i class="fa fa-times text-danger"></i>')
-				} else {
-					$(td).html('<i class="fa fa-check text-navy"></i>')
-				}
-			}}],
-		ajax_url: '{% url "api-assets:asset-list" %}?idc_id={{ idc.id }}',
-		columns: [{data: function(){return ""}}, {data: "hostname" }, {data: "ip" }, {data: "port" },
-			{data: "type" }, {data: "is_active" }],
-		op_html: $('#actions').html()
-	};
-	jumpserver.initDataTable(options);
-
-})
-
-.on('click', '.btn-asset-attach', function () {
-	if (Object.keys(jumpserver.assets_selected).length === 0) {
-		return false;
-	}
-	var assets=[];
-	var $data_table = $("#idc_assets_table").DataTable();
-	$.ajax({
-		url: '{% url "api-assets:asset-list" %}',
-		method: 'GET',
-		data: {"idc_id": {{ idc.id }}},
-		dataType: 'json',
-		success: function (result) {
-			for(var i in result){
-				if (!isNaN(parseInt(result[i]['id']))) {
-					assets.push(parseInt(result[i]['id']))
-				}
-			}
-			$.map(jumpserver.assets_selected, function(value, index) {
-				assets.push(parseInt(index));
-			});
-			updateIDCAssets(assets);
-
-		}
-	});
-})
-
-.on('click', '#btn_bulk_update', function () {
-	var action = $("#slct_bulk_update").val();
-	var $data_table = $("#idc_assets_table").DataTable();
-	var id_list = [];
-	var plain_id_list = [];
-	var assets = [];
-	$data_table.rows({selected: true}).every(function(){
-        id_list.push({id: this.data().id});
-        plain_id_list.push(this.data().id);
-    });
-    if (id_list === []) {
-        return false;
-    }
-    $.ajax({
-    	url: '{% url "api-assets:asset-list" %}',
-	    data: {"idc_id": {{ idc.id }}},
-	    dataType: 'json',
-	    method: 'GET',
-	    success: function (result) {
-		    for (var i in result) {
-		    	if (!isNaN(result[i]['id'])) {
-		    		assets.push(result[i]['id']);
-			    }
-		    }
-		    for (var j in plain_id_list) {
-		    	assets.remove(plain_id_list[j])
-		    }
-		    function doDelete() {
-				    swal({
-		                title: "{% trans 'Are you sure?' %}",
-		                text: "{% trans 'This will delete the selected assets !!!' %}",
-		                type: "warning",
-		                showCancelButton: true,
-		                confirmButtonColor: "#DD6B55",
-		                confirmButtonText: "{% trans 'Confirm' %}",
-		                closeOnConfirm: false
-		            }, function() {
-		                var success = function() {
-		                    var msg = "{% trans 'Asset Deleted.' %}";
-		                    swal("{% trans 'Asset Delete' %}", msg, "success");
-		                    $('#idc_assets_table').DataTable().ajax.reload();
-		                };
-		                var fail = function() {
-		                    var msg = "{% trans 'Asset Deleting failed.' %}";
-		                    swal("{% trans 'Asset Delete' %}", msg, "error");
-		                };
-		                var url_delete = "{% url 'api-assets:idc-update-assets' pk=idc.id %}";
-		                var body = {
-				            assets: Object.assign([], assets)
-				        };
-		            APIUpdateAttr({url: url_delete, body: JSON.stringify(body),  method: 'PUT', success: success, error: fail});
-		            jumpserver.checked = false;
-                });
-		    }
-		    function doUpdate() {
-				$('#asset_bulk_update_modal').modal('show');
-		    }
-		    switch (action) {
-		        case 'delete':
-		            doDelete();
-		            break;
-		        case 'update':
-		            doUpdate();
-		            break;
-		        default:
-		            break;
-		    }
-
-	    }
-    });
-})
-
-.on('click', '#btn_asset_bulk_update', function () {
-	var json_data = $("#fm_asset_bulk_update").serializeObject();
-	var body = {};
-    body.enable_otp = (json_data.enable_otp === 'on')? true: false;
-    if (json_data.type != '') {
-        body.type = json_data.type;
-    }
-
-    if (json_data.groups != undefined) {
-        body.groups = json_data.groups;
-    }
-    if (typeof body.groups === 'string') {
-        body.groups = [parseInt(body.groups)]
-    } else if(typeof body.groups === 'array') {
-        var new_groups = body.groups.map(Number);
-        body.groups = new_groups;
-    }
-
-    if (json_data.users != undefined) {
-    	body.users = json_data.users;
-    }
-    if (typeof body.users === 'string') {
-    	body.users = [parseInt(body.users)]
-    } else if(typeof body.users === 'array') {
-    	var new_users = body.users.map(Number);
-    	body.users = new_users;
-    }
-
-    if (json_data.tags != undefined) {
-    	body.tags = json_data.tags;
-    }
-    if (typeof body.tags == 'string') {
-    	body.tags = [parseInt(body.tags)];
-    } else if (typeof body.tags === 'array') {
-    	var new_tags = body.tags.map(Number);
-    	body.tags = new_tags;
-    }
-
-    var $data_table = $('#asset_list_table').DataTable();
-    var post_list = [];
-    $data_table.rows({selected: true}).every(function(){
-        var content = Object.assign({id: this.data().id}, body);
-        post_list.push(content);
-    });
-    if (post_list === []) {
-        return false
-    }
-    var the_url = "{% url 'api-assets:asset-list' %}";
-    var success = function() {
-        var msg = "{% trans 'The selected assets has been updated successfully.' %}";
-        swal("{% trans 'Asset Updated' %}", msg, "success");
-        $('#asset_list_table').DataTable().ajax.reload();
-        jumpserver.checked = false;
-    };
-    APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(post_list), success: success});
-    $('#asset_bulk_update_modal').modal('hide');
-});
-
-
-
-
-
-
-</script>
-{% endblock %}
--- a/apps/assets/templates/assets/idc_create_update.html
+++ b/apps/assets/templates/assets/idc_create_update.html
@@ -1,73 +0,0 @@
-{% extends 'base.html' %}
-{% load i18n %}
-{% load static %}
-{% load bootstrap3 %}
-{% block custom_head_css_js %}
-    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
-    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
-{% endblock %}
-{% block content %}
-<div class="wrapper wrapper-content animated fadeInRight">
-    <div class="row">
-        <div class="col-sm-10">
-            <div class="ibox float-e-margins">
-                <div id="ibox-content" class="ibox-title">
-                    <h5> {{ action }}</h5>
-                    <div class="ibox-tools">
-                        <a class="collapse-link">
-                            <i class="fa fa-chevron-up"></i>
-                        </a>
-                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                            <i class="fa fa-wrench"></i>
-                        </a>
-                        <a class="close-link">
-                            <i class="fa fa-times"></i>
-                        </a>
-                    </div>
-                </div>
-
-                <div class="ibox-content">
-                    <div class="panel blank-panel">
-                        <div class="panel-body">
-                            <div class="tab-content">
-                                <div id="tab-1" class="ibox float-e-margins tab-pane active"></div>
-                                    <form id="IDCForm" method="post" class="form-horizontal">
-                                        {% csrf_token %}
-                                        <h3 class="widget-head-color-box">基本信息</h3>
-                                        {% bootstrap_field form.name layout="horizontal" %}
-                                        {% bootstrap_field form.address layout="horizontal" %}
-                                        {% bootstrap_field form.contact layout="horizontal" %}
-                                        {% bootstrap_field form.phone layout="horizontal" %}
-
-                                        <div class="hr-line-dashed"></div>
-                                        <h3 class="widget-head-color-box">IP段</h3>
-                                        {% bootstrap_field form.operator layout="horizontal" %}
-                                        {% bootstrap_field form.intranet layout="horizontal" %}
-                                        {% bootstrap_field form.extranet layout="horizontal" %}
-
-                                        <div class="hr-line-dashed"></div>
-                                        <div class="form-group">
-                                            <div class="col-sm-4 col-sm-offset-2">
-                                                <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
-                                                <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
-                                            </div>
-                                        </div>
-                                    </form>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-</div>
-{% endblock %}
-
-{% block custom_foot_js %}
-    <script>
-        $(document).ready(function () {
-            $('.select2').select2();
-        })
-    </script>
-{% endblock %}
--- a/apps/assets/templates/assets/idc_detail.html
+++ b/apps/assets/templates/assets/idc_detail.html
@@ -1,156 +0,0 @@
-{% extends 'base.html' %}
-{% load static %}
-{% load i18n %}
-
-{% block custom_head_css_js %}
-    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
-    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
-{% endblock %}
-{% block content %}
-    <div class="wrapper wrapper-content animated fadeInRight">
-        <div class="row">
-            <div class="col-sm-12">
-                <div class="ibox float-e-margins">
-                    <div class="panel-options">
-                        <ul class="nav nav-tabs">
-                            <li class="active">
-                                <a href="{% url 'assets:idc-detail' pk=idc.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
-                            </li>
-                            <li>
-                                <a href="{% url 'assets:idc-assets' pk=idc.id %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'IDC assets' %}
-                                </a>
-                            </li>
-                            <li class="pull-right">
-                                <a class="btn btn-outline btn-default" href="{% url 'assets:idc-update' pk=idc.id %}"><i class="fa fa-edit"></i>Update</a>
-                            </li>
-                            <li class="pull-right">
-                                <a class="btn btn-outline btn-danger btn-delete-idc">
-                                    <i class="fa fa-edit"></i>Delete
-                                </a>
-                            </li>
-                        </ul>
-                    </div>
-                    <div class="tab-content">
-                        <div class="col-sm-7" style="padding-left: 0;">
-                            <div class="ibox float-e-margins">
-                                <div class="ibox-title">
-                                    <span class="label"><b>{{ idc.name }}</b></span>
-                                    <div class="ibox-tools">
-                                        <a class="collapse-link">
-                                            <i class="fa fa-chevron-up"></i>
-                                        </a>
-                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                                            <i class="fa fa-wrench"></i>
-                                        </a>
-                                        <ul class="dropdown-menu dropdown-user">
-                                        </ul>
-                                        <a class="close-link">
-                                            <i class="fa fa-times"></i>
-                                        </a>
-                                    </div>
-                                </div>
-                                <div class="ibox-content">
-                                    <table class="table">
-                                        <tbody>
-                                        <tr class="no-borders-tr">
-                                            <td width="20%">{% trans 'Name' %}:</td>
-                                            <td><b>{{ idc.name }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Bandwidth' %}:</td>
-                                            <td><b>{{ idc.bandwidth }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Contact' %}:</td>
-                                            <td><b>{{ idc.contact }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Phone' %}:</td>
-                                            <td><b>{{ idc.phone }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Address' %}:</td>
-                                            <td><b>{{ idc.address }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Intranet' %}:</td>
-                                            <td><b>{{ idc.Intranet }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Extranet' %}:</td>
-                                            <td><b>{{ idc.extranet }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Operator' %}:</td>
-                                            <td><b>{{ idc.operator }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Date created' %}:</td>
-                                            <td><b>{{ system_user.date_created }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Created by' %}:</td>
-                                            <td><b>{{ asset_group.created_by  }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Comment' %}:</td>
-                                            <td><b>{{ system_user.comment }}</b></td>
-                                        </tr>
-                                        </tbody>
-                                    </table>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-
-{% endblock %}
-{% block custom_foot_js %}
-<script>
-function idcDelete(name, url) {
-    function doDelete() {
-        var body = {};
-        var success = function() {
-            swal('Deleted!', "[ "+name+"]"+" has been deleted ", "success");
-	        window.location.href="{% url 'assets:idc-list' %}";
-        };
-        var fail = function() {
-            swal("Failed", "Delete"+"[ "+name+" ]"+"failed", "error");
-        };
-        APIUpdateAttr({
-            url: url,
-            body: JSON.stringify(body),
-            method: 'DELETE',
-            success: success,
-            error: fail
-        });
-    }
-    swal({
-        title: 'Are you sure delete ?',
-        text: " [" + name + "] ",
-        type: "warning",
-        showCancelButton: true,
-        cancelButtonText: 'Cancel',
-        confirmButtonColor: "#DD6B55",
-        confirmButtonText: 'Confirm',
-        closeOnConfirm: false
-    }, function () {
-        doDelete()
-    });
-}
-
-$(document).ready(function () {
-	$('.select2').select2();
-})
-.on('click', '.btn-delete-idc', function () {
-	var name = $('.idc-details > tbody > tr').attr("data-name");
-	var id = {{ idc.id }};
-	var the_url = '{% url "api-assets:idc-detail" pk=99991937 %}'.replace(99991937, id);
-	idcDelete(name, the_url);
-});
-</script>
-{% endblock %}
--- a/apps/assets/templates/assets/idc_list.html
+++ b/apps/assets/templates/assets/idc_list.html
@@ -1,129 +0,0 @@
-{% extends '_base_list.html' %}
-{% load i18n static %}
-{% block custom_head_css_js %}
-<link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-<script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
-{% block table_search %}{% endblock %}
-{% block table_container %}
-<div class="uc pull-left m-l-5 m-r-5">
-    <a href="{% url "assets:idc-create" %}" class="btn btn-sm btn-primary"> {% trans "Create IDC" %} </a>
-</div>
-<table class="table table-striped table-bordered table-hover " id="idc_list_table" >
-    <thead>
-    <tr>
-        <th class="text-center">
-            <input type="checkbox" id="check_all" class="ipt_check_all" >
-        </th>
-        <th class="text-center"><a href="{% url 'assets:idc-list' %}?sort=name">{% trans 'Name' %}</a></th>
-        <th class="text-center">{% trans 'Asset num' %}</th>
-        <th class="text-center">{% trans 'Contact' %}</th>
-        <th class="text-center">{% trans 'Phone' %}</th>
-        <th class="text-center">{% trans 'Operator' %}</th>
-        <th class="text-center">{% trans 'Action' %}</th>
-    </tr>
-    </thead>
-    <tbody>
-    </tbody>
-</table>
-<div id="actions" class="hide">
-    <div class="input-group">
-        <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
-            <option value="delete">{% trans 'Delete selected' %}</option>
-        </select>
-        <div class="input-group-btn pull-left" style="padding-left: 5px;">
-            <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
-                {% trans 'Submit' %}
-            </button>
-        </div>
-    </div>
-</div>
-{% endblock %}
-{% block content_bottom_left %}{% endblock %}
-{% block custom_foot_js %}
-<script>
-$(document).ready(function(){
-    var options = {
-        ele: $('#idc_list_table'),
-        columnDefs: [
-            {targets: 1, createdCell: function (td, cellData, rowData) {
-                var detail_btn = '<a href="{% url "assets:idc-detail" pk=99991937 %}">' + cellData + '</a>';
-                $(td).html(detail_btn.replace('99991937', rowData.id));
-             }},
-
-            {targets: 6, createdCell: function (td, cellData, rowData) {
-                var update_btn = '<a href="{% url "assets:idc-update" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', cellData);
-                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_idc_delete" data-uid="99991937">{% trans "Delete" %}</a>'.replace('99991937', cellData);
-                $(td).html(update_btn + del_btn)
-             }}],
-        ajax_url: '{% url "api-assets:idc-list" %}',
-        columns: [{data: function(){return ""}}, {data: "name" }, {data: "assets_amount" }, {data: "contact" }, {data: "phone" },
-                  {data: "operator" }, {data: "id" }],
-        op_html: $('#actions').html()
-    };
-    jumpserver.initDataTable(options);
-})
-
-.on('click', '.btn_idc_delete', function () {
-    var $this = $(this);
-    var $data_table = $('#idc_list_table').DataTable();
-    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
-    var uid = $this.data('uid');
-    var the_url = '{% url "api-assets:idc-detail" pk=99991937 %}'.replace('99991937', uid);
-    objectDelete($this, name, the_url);
-    setTimeout( function () {
-        $data_table.ajax.reload();
-    }, 3000);
-})
-
-.on('click', '#btn_bulk_update', function () {
-    var action = $('#slct_bulk_update').val();
-    var $data_table = $('#idc_list_table').DataTable();
-    var id_list = [];
-    var plain_id_list = [];
-    $data_table.rows({selected: true}).every(function(){
-        id_list.push({id: this.data().id});
-        plain_id_list.push(this.data().id);
-    });
-    if (id_list === []) {
-        return false;
-    }
-    var the_url = "{% url 'api-assets:idc-list' %}";
-    function doDelete() {
-        swal({
-            title: "{% trans 'Are you sure?' %}",
-            text: "{% trans 'This will delete the selected idc' %}",
-            type: "warning",
-            showCancelButton: true,
-            confirmButtonColor: "#DD6B55",
-            confirmButtonText: "{% trans 'Confirm' %}",
-            closeOnConfirm: false
-        }, function() {
-            var success = function() {
-                var msg = "{% trans 'IDC Deleted.' %}";
-                swal("{% trans 'IDC Delete' %}", msg, "success");
-                $('#idc_list_table').DataTable().ajax.reload();
-            };
-            var fail = function() {
-                var msg = "{% trans 'IDC Deleting failed.' %}";
-                swal("{% trans 'IDC Delete' %}", msg, "error");
-            };
-            var url_delete = the_url + '?id__in=' + JSON.stringify(plain_id_list);
-            APIUpdateAttr({url: url_delete, method: 'DELETE', success: success, error: fail});
-            $data_table.ajax.reload();
-            jumpserver.checked = false;
-        });
-    }
-    switch (action) {
-        case 'delete':
-            doDelete();
-            break;
-        default:
-            break;
-    }
-});
-</script>
-{% endblock %}
-
-
-
--- a/apps/assets/templates/assets/label_create_update.html
+++ b/apps/assets/templates/assets/label_create_update.html
@@ -0,0 +1,47 @@
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+
+
+{% block form %}
+<form id="groupForm" method="post" class="form-horizontal">
+    {% csrf_token %}
+    {% bootstrap_field form.name layout="horizontal" %}
+    {% bootstrap_field form.value layout="horizontal" %}
+    {% bootstrap_field form.assets layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <div class="form-group">
+        <div class="col-sm-4 col-sm-offset-2">
+            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+        </div>
+    </div>
+</form>
+{% include 'assets/_asset_list_modal.html' %}
+{% endblock %}
+
+{% block custom_foot_js %}
+<script type="text/javascript">
+$(document).ready(function () {
+    $('.select2').select2({
+        closeOnSelect: false
+    })
+}).on('click', '.select2-selection__rendered', function (e) {
+    e.preventDefault();
+    $("#asset_list_modal").modal();
+})
+.on('click', '#btn_asset_modal_confirm', function () {
+    var assets = asset_table2.selected;
+    $('.select2 option:selected').each(function (i, data) {
+        assets.push($(data).attr('value'))
+    });
+    $.each(assets, function (id, data) {
+        $('.select2').val(assets).trigger('change');
+    });
+    $("#asset_list_modal").modal('hide');
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/label_list.html
+++ b/apps/assets/templates/assets/label_list.html
@@ -0,0 +1,70 @@
+{% extends '_base_list.html' %}
+{% load i18n static %}
+{% block table_search %}{% endblock %}
+{% block table_container %}
+<div class="uc pull-left  m-r-5">
+    <a href="{% url 'assets:label-create' %}" class="btn btn-sm btn-primary"> {% trans "Create label" %} </a>
+</div>
+<table class="table table-striped table-bordered table-hover " id="label_list_table" >
+    <thead>
+    <tr>
+        <th class="text-center">
+            <input type="checkbox" id="check_all" class="ipt_check_all" >
+        </th>
+        <th class="text-center">{% trans 'Name' %}</th>
+        <th class="text-center">{% trans 'Value' %}</th>
+        <th class="text-center">{% trans 'Asset' %}</th>
+        <th class="text-center">{% trans 'Action' %}</th>
+    </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initTable() {
+    var options = {
+        ele: $('#label_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+{#                var detail_btn = '<a href="{% url "assets:label-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';#}
+                var detail_btn = '<a>' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+             }},
+
+            {targets: 4, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:label-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+             }}
+        ],
+        ajax_url: '{% url "api-assets:label-list" %}?sort=name',
+        columns: [
+            {data: "id"}, {data: "name" }, {data: "value" },
+            {data: "asset_count" }, {data: "id"}
+        ],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}
+$(document).ready(function(){
+    initTable();
+})
+.on('click', '.btn-delete', function () {
+    var $this = $(this);
+    var $data_table = $('#label_list_table').DataTable();
+    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:label-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    objectDelete($this, name, the_url);
+    setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+});
+</script>
+{% endblock %}
+
+
+
--- a/apps/assets/templates/assets/system_user_asset.html
+++ b/apps/assets/templates/assets/system_user_asset.html
@@ -1,10 +1,11 @@
 {% extends 'base.html' %}
+{% load common_tags %}
 {% load static %}
 {% load i18n %}

 {% block custom_head_css_js %}
-    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
-    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
 {% endblock %}
 {% block content %}
    <div class="wrapper wrapper-content animated fadeInRight">
@@ -16,13 +17,15 @@
                            <li>
                                <a href="{% url 'assets:system-user-detail' pk=system_user.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
                            </li>
-                            <li class="active"><a href="{% url 'assets:system-user-asset' pk=system_user.id %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Attached assets' %}</a>
+                            <li class="active">
+                                <a href="{% url 'assets:system-user-asset' pk=system_user.id %}" class="text-center">
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets' %}
+                                </a>
                            </li>
                        </ul>
                    </div>
                    <div class="tab-content">
-                        <div class="col-sm-7" style="padding-left: 0;">
+                        <div class="col-sm-8" style="padding-left: 0;">
                            <div class="ibox float-e-margins">
                                <div class="ibox-title">
                                    <span style="float: left">{% trans 'Assets of ' %} <b>{{ system_user.name }} </b><span class="badge">{{ paginator.count }}</span></span>
@@ -52,85 +55,70 @@
                                            </tr>
                                        </thead>
                                        <tbody>
-                                            {% for asset in page_obj %}
-                                            <tr>
-                                                <td>{{ asset.hostname }}</td>
-                                                <td>{{ asset.ip }}</td>
-                                                <td>{{ asset.port }}</td>
-                                                <td>
-                                                    <i class="fa fa-check text-navy"></i>
-                                                </td>
-                                                <td>
-                                                    <button class="btn btn-danger pull-right btn-xs {% if asset.is_inherit_from_asset_groups %} disabled {% endif %}" type="button"><i class="fa fa-minus"></i></button>
-                                                </td>
-                                            </tr>
-                                            {% endfor %}
                                        </tbody>
                                    </table>
-{#                                    <div class="row">#}
-{#                                        {% include '_pagination.html' %}#}
-{#                                    </div>#}
                                </div>
                            </div>
                        </div>
-                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
                            <div class="panel panel-primary">
                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Attach to assets ' %}
+                                    <i class="fa fa-info-circle"></i> {% trans 'Quick update' %}
                                </div>
                                <div class="panel-body">
                                    <table class="table">
                                        <tbody>
-                                        <form>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <select data-placeholder="{% trans 'Select asset' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for asset in assets_remain %}
-                                                            <option value="{{ asset.id }}">{{ asset.ip}}:{{ asset.port }}</option>
-                                                        {% endfor %}
-                                                    </select>
-                                                </td>
-                                            </tr>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <button type="button" class="btn btn-primary btn-sm btn-add-asset2system-user">{% trans 'Confirm' %}</button>
-                                                </td>
-                                            </tr>
-                                        </form>
+                                        <tr class="no-borders-tr">
+                                            <td width="50%">{% trans 'Test assets connective' %}:</td>
+                                            <td>
+                                                <span style="float: right">
+                                                    <button type="button" class="btn btn-primary btn-xs btn-test-connective" style="width: 54px">{% trans 'Test' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        {% if system_user.auto_push %}
+                                        <tr>
+                                            <td width="50%">{% trans 'Push system user now' %}:</td>
+                                            <td>
+                                                <span style="float: right">
+                                                    <button type="button" class="btn btn-primary btn-xs btn-push" style="width: 54px">{% trans 'Push' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        {% endif %}
                                        </tbody>
                                    </table>
                                </div>
                            </div>
-
                            <div class="panel panel-info">
                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Attach to asset groups' %}
+                                    <i class="fa fa-info-circle"></i> {% trans 'Nodes' %}
                                </div>
                                <div class="panel-body">
-                                    <table class="table group_edit">
+                                    <table class="table node_edit" id="add-asset2group">
                                        <tbody>
                                        <form>
                                            <tr>
                                                <td colspan="2" class="no-borders">
-                                                    <select data-placeholder="{% trans 'Add asset group' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for asset_group in asset_groups_remain %}
-                                                        <option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
+                                                    <select data-placeholder="{% trans 'Add to node' %}" id="node_selected" class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                        {% for node in nodes_remain %}
+                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node }}</option>
                                                        {% endfor %}
                                                    </select>
                                                </td>
                                            </tr>
                                            <tr>
                                                <td colspan="2" class="no-borders">
-                                                    <button type="button" class="btn btn-info btn-sm" id="btn_add_user_group">{% trans 'Attach AssetGroup' %}</button>
+                                                    <button type="button" class="btn btn-info btn-sm" id="btn-add-to-node">{% trans 'Confirm' %}</button>
                                                </td>
                                            </tr>
                                        </form>

-                                        {% for asset_group in asset_groups %}
+                                        {% for node in system_user.nodes.all|sort %}
                                        <tr>
-                                          <td ><b class="bdg_asset_groups" data-gid={{ asset_group.id }}>{{ asset_group.name }}</b></td>
+                                          <td ><b class="bdg_node" data-gid={{ node.id }}>{{ node }}</b></td>
                                          <td>
-                                              <button class="btn btn-danger pull-right btn-xs btn-leave-system_user" type="button"><i class="fa fa-minus"></i></button>
+                                              <button class="btn btn-danger pull-right btn-xs btn-remove-from-node" type="button"><i class="fa fa-minus"></i></button>
                                          </td>
                                        </tr>
                                        {% endfor %}
@@ -144,79 +132,65 @@
            </div>
        </div>
    </div>
-    </div>
-
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-jumpserver.assets_selected = {};
-jumpserver.asset_groups_selected = {};
-Array.prototype.remove = function(val) {
-	var index = this.indexOf(val);
-		if (index > -1) {
-		this.splice(index, 1);
-	}
-};
-Array.prototype.unique = function(){
-	var res = [];
-	var json = {};
- 	for(var i = 0; i < this.length; i++){
-  		if(!json[this[i]]){
-   			res.push(this[i]);
-   			json[this[i]] = 1;
-  		}
- 	}
- 	return res;
-};
-function objectDelete(obj, name, url, data) {
-    function doDelete() {
-        var body = data;
-        var success = function() {
-            swal('Deleted!', "[ "+name+"]"+" has been deleted ", "success");
-            $(obj).parent().parent().remove();
-        };
-        var fail = function() {
-            swal("Failed", "Delete"+"[ "+name+" ]"+"failed", "error");
-        };
-        APIUpdateAttr({
-            url: url,
-            body: JSON.stringify(body),
-            method: 'PATCH',
-            success: success,
-            error: fail
-        });
-    }
-    swal({
-        title: 'Are you sure delete ?',
-        text: " [" + name + "] ",
-        type: "warning",
-        showCancelButton: true,
-        cancelButtonText: 'Cancel',
-        confirmButtonColor: "#DD6B55",
-        confirmButtonText: 'Confirm',
-        closeOnConfirm: false
-    }, function () {
-        doDelete()
-    });
+function initAssetsTable() {
+    var unreachable = {{ system_user.unreachable_assets|safe }};
+    var options = {
+		ele: $('#system_user_list'),
+		buttons: [],
+		order: [],
+		columnDefs: [
+			{targets: 0, createdCell: function (td, cellData, rowData) {
+				var detail_btn = '<a href="{% url "assets:asset-detail" pk=DEFAULT_PK %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
+				$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+			}},
+			{targets: 3, createdCell: function (td, cellData) {
+				if (unreachable.indexOf(cellData) >= 0) {
+					$(td).html('<i class="fa fa-times text-danger"></i>')
+				} else {
+					$(td).html('<i class="fa fa-check text-navy"></i>')
+				}
+			}},
+            {targets: 4, createdCell: function (td, cellData) {
+                var push_btn = '';
+                {% if system_user.auto_push %}
+				push_btn = '<a class="btn btn-xs btn-primary btn-push-asset" data-uid="{{ DEFAULT_PK }}" >{% trans "Push" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
+                {% endif %}
+                var test_btn = ' <a class="btn btn-xs btn-info btn-test-asset" data-uid="{{ DEFAULT_PK }}" >{% trans "Test" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
+                {#var unbound_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-asset-unbound" data-uid="{{ DEFAULT_PK }}">{% trans "Unbound" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);#}
+                $(td).html(push_btn + test_btn);
+			}}
+		],
+		ajax_url: '{% url "api-assets:system-user-assets" pk=system_user.id %}',
+		columns: [{data: "hostname" }, {data: "ip" }, {data: "port" }, {data: "hostname" }, {data: "id"}],
+		op_html: $('#actions').html()
+	};
+	jumpserver.initServerSideDataTable(options);
 }
-function updateSystemUserAssetGroup(asset_groups) {
-	var the_url = "{% url 'api-assets:systemuser-update-assetgroups' pk=system_user.id %}";
+
+function updateSystemUserNode(nodes) {
+    var the_url = "{% url 'api-assets:system-user-detail' pk=system_user.id %}";
    var body = {
-        asset_groups: Object.assign([], asset_groups)
+        nodes: Object.assign([], nodes)
    };
    var success = function(data) {
+        // remove all the selected groups from select > option and rendered ul element;
        $('.select2-selection__rendered').empty();
-        $('#groups_selected').val('');
-        $.map(jumpserver.asset_groups_selected, function(asset_groups, index) {
+        $('#node_selected').val('');
+        $.map(jumpserver.nodes_selected, function(node_name, index) {
            $('#opt_' + index).remove();
-            $('.system-user-table tbody').append(
+            // change tr html of user groups.
+            $('.node_edit tbody').append(
                '<tr>' +
-                '<td><b class="bdg_asset_groups" data-sid="' + index + '">' + asset_groups + '</b></td>' +
-                '<td><button class="btn btn-danger btn-xs pull-right btn-leave-system_user" type="button"><i class="fa fa-minus"></i></button></td>' +
+                '<td><b class="bdg_node" data-gid="' + index + '">' + node_name + '</b></td>' +
+                '<td><button class="btn btn-danger btn-xs pull-right btn-remove-from-node" type="button"><i class="fa fa-minus"></i></button></td>' +
                '</tr>'
            )
        });
-        jumpserver.assets_selected = {};
+        // clear jumpserver.nodes_selected
+        jumpserver.nodes_selected = {};
    };
    APIUpdateAttr({
        url: the_url,
@@ -224,148 +198,121 @@ function updateSystemUserAssetGroup(asset_groups) {
        success: success
    });
 }
+jumpserver.nodes_selected = {};
+
 $(document).ready(function () {
 	$('.select2').select2()
-	.on("select2:select", function (evt) {
-		var data = evt.params.data;
-		jumpserver.assets_selected[data.id] = data.text;
-		jumpserver.asset_groups_selected[data.id] = data.text;
-	})
-	.on('select2:unselect', function(evt) {
-		var data = evt.params.data;
-		delete jumpserver.assets_selected[data.id];
-		delete jumpserver.asset_groups_selected[data.id];
-	});
-	var options = {
-		ele: $('#system_user_list'),
-		buttons: [],
-		order: [],
-		columnDefs: [
-			{targets: 0, createdCell: function (td, cellData, rowData) {
-				var detail_btn = '<a href="{% url "assets:asset-detail" pk=99991937 %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
-				$(td).html(detail_btn.replace('99991937', rowData.id));
-			}},
-			{targets: 3, createdCell: function (td, cellData) {
-				if (!cellData) {
-					$(td).html('<i class="fa fa-times text-danger"></i>')
-				} else {
-					$(td).html('<i class="fa fa-check text-navy"></i>')
-				}
-			}},
-			{targets: 4, createdCell: function (td, cellData, rowData) {
-				var update_btn = '<a href="{% url "assets:asset-update" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', rowData.id);
-				var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_delete" data-aid="99991937">{% trans "Delete" %}</a>'.replace('99991937', rowData.id);
-				$(td).html(update_btn + del_btn)
-			}}
-			],
-		ajax_url: '{% url "api-assets:asset-list" %}?system_user_id={{ system_user.id }}',
-		columns: [{data: "hostname" }, {data: "ip" }, {data: "port" }, {data: function () { return ""; } }, {data: "id"}],
-		op_html: $('#actions').html()
-	};
-	jumpserver.initDataTable(options);
+	.on('select2:select', function(evt) {
+            var data = evt.params.data;
+            jumpserver.nodes_selected[data.id] = data.text;
+    })
+    .on('select2:unselect', function(evt) {
+        var data = evt.params.data;
+        delete jumpserver.nodes_selected[data.id];
+    });
+	initAssetsTable();
 })
-
-.on('click', '.btn-add-asset2system-user', function () {
-	if (Object.keys(jumpserver.assets_selected).length === 0) {
-		return false;
-	}
-	var $data_table = $("#system_user_list").DataTable();
-	var assets = [];
-	$.ajax({
-		url: '{% url "api-assets:asset-list" %}?system_user_id={{ system_user.id }}',
-		method: 'GET',
-		dataType: 'json',
-		success: function (result) {
-			for(var i in result){
-				if (!isNaN(parseInt(result[i]['id']))) {
-					assets.push(parseInt(result[i]['id']))
-				}
-			}
-			$.map(jumpserver.assets_selected, function(value, index) {
-				assets.push(parseInt(index));
-			});
-			assets.unique();
-			var the_url = "{% url 'api-assets:systemuser-update-assets' pk=system_user.id %}";
-			var body = {"assets": assets};
-			APIUpdateAttr({
-				url: the_url,
-	            body: JSON.stringify(body),
-	            method: 'PATCH'
-			});
-			$data_table.ajax.reload();
-		}
-	});
+.on('click', '.btn-push', function () {
+    var the_url = "{% url 'api-assets:system-user-push' pk=system_user.id %}";
+    var error = function (data) {
+        alert(data)
+    };
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    APIUpdateAttr({
+        url: the_url,
+        error: error,
+        method: 'GET',
+        success: success
+    });
 })
-
-.on('click', '.btn_asset_delete', function () {
-	var $this = $(this);
-	var the_url = "{% url 'api-assets:systemuser-update-assets' pk=system_user.id %}";
-	var name = $(this).closest("tr").find(":nth-child(1) > a").html();
-	var $data_table = $("#system_user_list").DataTable();
-	var assets = [];
-	$('#system_user_list > tbody > tr').map(function () {
-		assets.push(parseInt($(this).closest("tr").find(":nth-child(1) > a").attr("data-aid")))
-	});
-	var delete_asset_id = $(this).data('aid');
-	assets.remove(delete_asset_id);
-	assets.unique();
-	var data = {"assets": assets};
-	objectDelete($this, name, the_url, data);
-	$data_table.ajax.reload();
+.on('click', '.btn-test-connective', function () {
+    var the_url = "{% url 'api-assets:system-user-connective' pk=system_user.id %}";
+    var error = function (data) {
+        alert(data)
+    };
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    APIUpdateAttr({
+        url: the_url,
+        error: error,
+        method: 'GET',
+        success: success
+    });
 })
-	
-.on('click', '#btn_add_user_group', function () {
-	jumpserver.assets_selected = {};
-	if (Object.keys(jumpserver.asset_groups_selected).length === 0) {
-		return false;
-	}
-	asset_groups = [];
-	$.ajax({
-		url: '{% url "api-assets:systemuser-update-assetgroups" pk=system_user.id %}',
-		method: 'GET',
-		dataType: 'json',
-		success: function (result) {
-			for (var i in result['asset_groups']) {
-				if (!isNaN(result['asset_groups'][i])) {
-					asset_groups.push(parseInt(result['asset_groups'][i]));
-				}
-			}
-			$.map(jumpserver.asset_groups_selected, function(value, index) {
-				asset_groups.push(parseInt(index));
-			});
-			asset_groups.unique();
-			console.log(asset_groups);
-			var the_url = '{% url "api-assets:systemuser-update-assetgroups" pk=system_user.id %}';
-			var body = {"asset_groups": asset_groups};
-			APIUpdateAttr({
-				url: the_url,
-	            body: JSON.stringify(body),
-	            method: 'PATCH'
-			});
-{#			TODO: reload the table #}
-{#			window.location.href="{% url 'assets:system-user-asset' pk=system_user.id %}"#}
-		}
-	});
+.on('click', '.btn-remove-from-node', function() {
+    var $this = $(this);
+    var $tr = $this.closest('tr');
+    var $badge = $tr.find('.bdg_node');
+    var gid = $badge.data('gid');
+    var node_name = $badge.html() || $badge.text();
+    $('#groups_selected').append(
+        '<option value="' + gid + '" id="opt_' + gid + '">' + node_name + '</option>'
+    );
+    $tr.remove();
+    var nodes = $('.bdg_node').map(function () {
+        return $(this).data('gid');
+    }).get();
+    updateSystemUserNode(nodes);
+})
+.on('click', '#btn-add-to-node', function() {
+    if (Object.keys(jumpserver.nodes_selected).length === 0) {
+        return false;
+    }
+    var nodes = $('.bdg_node').map(function() {
+        return $(this).data('gid');
+    }).get();
+    $.map(jumpserver.nodes_selected, function(value, index) {
+        nodes.push(index);
+    });
+    updateSystemUserNode(nodes);
+})
+.on('click', '.btn-push-asset', function () {
+    var $this = $(this);
+    var asset_id = $this.data('uid');
+    var the_url = "{% url 'api-assets:system-user-push-to-asset' pk=object.id aid=DEFAULT_PK %}";
+    the_url = the_url.replace("{{ DEFAULT_PK }}", asset_id);
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    var error = function (data) {
+        alert(data)
+    };
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success,
+        error: error
+    })
+})
+.on('click', '.btn-test-asset', function () {
+    var $this = $(this);
+    var asset_id = $this.data('uid');
+    var the_url = "{% url 'api-assets:system-user-test-to-asset' pk=object.id aid=DEFAULT_PK %}";
+    the_url = the_url.replace("{{ DEFAULT_PK }}", asset_id);
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    var error = function (data) {
+        alert(data)
+    };
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success,
+        error: error
+    })
 })
-	
-.on('click', '.btn-leave-system_user', function () {
-	var $this = $(this);
-	var $tr = $this.closest('tr');
-	var $badge = $tr.find('.bdg_asset_groups');
-	var sid = $badge.data('gid');
-	var name = $badge.html() || $badge.text();
-	$('system-user-table').append(
-		'<option value="' + sid + '" id="opt_' + sid + '">' + name + '</option>'
-	);
-	$tr.remove();
-	var asset_groups = $('.bdg_asset_groups').map(function () {
-		return $(this).data('gid');
-	}).get();
-	updateSystemUserAssetGroup(asset_groups);
-});
-
-
-

 </script>
 {% endblock %}
--- a/apps/assets/templates/assets/system_user_detail.html
+++ b/apps/assets/templates/assets/system_user_detail.html
@@ -19,16 +19,21 @@
                            </li>
                            <li>
                                <a href="{% url 'assets:system-user-asset' pk=system_user.id %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Attached assets' %}
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets' %}
                                </a>
                            </li>
                            <li class="pull-right">
-                                <a class="btn btn-outline btn-default" href="{% url 'assets:system-user-update' pk=system_user.id %}"><i class="fa fa-edit"></i>Update</a>
+                                <a class="btn btn-outline btn-default" href="{% url 'assets:system-user-update' pk=system_user.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-danger btn-del">
+                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
+                                </a>
                            </li>
                        </ul>
                    </div>
                    <div class="tab-content">
-                        <div class="col-sm-7" style="padding-left: 0;">
+                        <div class="col-sm-8" style="padding-left: 0;">
                            <div class="ibox float-e-margins">
                                <div class="ibox-title">
                                    <span class="label"><b>{{ system_user.name }}</b></span>
@@ -57,20 +62,20 @@
                                            <td>{% trans 'Username' %}:</td>
                                            <td><b>{{ system_user.username }}</b></td>
                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Login mode' %}:</td>
+                                            <td><b>{{ system_user.get_login_mode_display }}</b></td>
+                                        </tr>
                                        <tr>
                                            <td>{% trans 'Protocol' %}:</td>
-                                            <td><b>{{ system_user.protocol }}</b></td>
+                                            <td><b id="id_protocol_type">{{ system_user.protocol }}</b></td>
                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Auto push' %}:</td>
-                                            <td><b>{{ system_user.auto_push|yesno:"Yes,No,Unknown" }}</b></td>
-                                        </tr>
-                                        <tr>
+                                        <tr class="only-ssh">
                                            <td>{% trans 'Sudo' %}:</td>
                                            <td><b>{{ system_user.sudo }}</b></td>
                                        </tr>
                                        {% if system_user.shell %}
-                                        <tr>
+                                        <tr class="only-ssh">
                                            <td>{% trans 'Shell' %}:</td>
                                            <td><b>{{ system_user.shell }}</b></td>
                                        </tr>
@@ -105,37 +110,45 @@
                            </div>
                        </div>

-                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
-                            <div class="panel panel-primary">
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
+                            <div class="panel panel-primary ">
                                <div class="panel-heading">
                                    <i class="fa fa-info-circle"></i> {% trans 'Quick update' %}
                                </div>
                                <div class="panel-body">
                                    <table class="table">
                                        <tbody>
-                                        <tr class="no-borders-tr">
-                                            <td width="50%">{% trans 'Get manual install script' %}:</td>
+                                        <tr class="only-ssh">
+                                            <td width="50%">{% trans 'Auto push' %}:</td>
                                            <td>
-                                                <span style="float: right">
-                                                    <button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Get' %}</button>
+                                                <span class="pull-right">
+                                                    <div class="switch">
+                                                        <div class="onoffswitch">
+                                                            <input type="checkbox" {% if system_user.auto_push %} checked {% endif %} class="onoffswitch-checkbox" id="btn-auto-push">
+                                                            <label class="onoffswitch-label" for="btn-auto-push">
+                                                                <span class="onoffswitch-inner"></span>
+                                                                <span class="onoffswitch-switch"></span>
+                                                            </label>
+                                                        </div>
+                                                    </div>
                                                </span>
                                            </td>
                                        </tr>
-
-                                        <tr>
-                                            <td width="50%">{% trans 'Retest asset connectivity' %}:</td>
+                                        {% if system_user.auto_push %}
+                                        <tr class="only-ssh">
+                                            <td width="50%">{% trans 'Push system user now' %}:</td>
                                            <td>
                                                <span style="float: right">
-                                                    <button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Start' %}</button>
+                                                    <button type="button" class="btn btn-primary btn-xs btn-push" style="width: 54px">{% trans 'Push' %}</button>
                                                </span>
                                            </td>
                                        </tr>
-
-                                        <tr>
-                                            <td width="50%">{% trans 'Reset private key' %}:</td>
+                                        {% endif %}
+                                        <tr class="only-ssh">
+                                            <td width="50%">{% trans 'Test assets connective' %}:</td>
                                            <td>
                                                <span style="float: right">
-                                                    <button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Reset' %}</button>
+                                                    <button type="button" class="btn btn-primary btn-xs btn-test-connective" style="width: 54px">{% trans 'Test' %}</button>
                                                </span>
                                            </td>
                                        </tr>
@@ -145,34 +158,136 @@
                            </div>
                        </div>
                    </div>
+                    {% if system_user.protocol != 'rdp' %}
+                    <div class="col-sm-4" style="padding-left: 0; padding-right: 0">
+                        <div class="panel panel-info">
+                            <div class="panel-heading">
+                                <i class="fa fa-info-circle"></i> {% trans 'Command filter' %}
+                            </div>
+                            <div class="panel-body">
+                                <table class="table">
+                                <tbody>
+                                <form>
+                                    <tr>
+                                        <td colspan="2" class="no-borders">
+                                            <select data-placeholder="{% trans 'Binding command filters' %}"  id="command_filters_selected"  class="select2" style="width: 100%" multiple="" tabindex="4">
+                                            {% for cf in cmd_filters_remain %}
+                                                <option value="{{ cf.id }}" id="opt_{{ cf.id }}" >{{ cf }}</option>
+                                            {% endfor %}
+                                            </select>
+                                        </td>
+                                    </tr>
+                                    <tr>
+                                        <td colspan="2" class="no-borders">
+                                            <button type="button" class="btn btn-info btn-sm" id="btn-binding-command-filters">{% trans 'Confirm' %}</button>
+                                        </td>
+                                    </tr>
+                                </form>
+                                {% for cf in object.cmd_filters.all %}
+                                <tr>
+                                  <td><b class="bdg-command-filters" data-gid={{ cf.id }}>{{ cf }}</b></td>
+                                  <td>
+                                      <button class="btn btn-danger pull-right btn-xs btn-unbound-command-filter" data-gid={{ cf.id }} type="button"><i class="fa fa-minus"></i></button>
+                                  </td>
+                                </tr>
+                                {% endfor %}
+                                </tbody>
+                                </table>
+                            </div>
+                        </div>
+                    </div>
+                    {% endif %}
                </div>
            </div>
        </div>
    </div>
-    </div>
-
 {% endblock %}
 {% block custom_foot_js %}
-    <script>
-{#        function switch_user_status(obj) {#}
-{#            var status = $(obj).prop('checked');#}
-{##}
-{#            $.ajax({#}
-{#                url: "{% url 'users:user-active-api' pk=user.id %}",#}
-{#                type: "PUT",#}
-{#                data: {#}
-{#                    'is_active': status#}
-{#                },#}
-{#                success: function (data, status) {#}
-{#                    console.log(data)#}
-{#                },#}
-{#                error: function () {#}
-{#                    console.log('error')#}
-{#                }#}
-{#            })#}
-{#        }#}
-        $(document).ready(function () {
-            $('.select2').select2();
-        });
-    </script>
+<script>
+function updateCommandFilters(command_filters) {
+    var the_url = "{% url 'api-assets:system-user-detail' pk=system_user.id %}";
+    var body = {
+        cmd_filters: Object.assign([], command_filters)
+    };
+    var success = function(data) {
+        location.reload();
+    };
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(body),
+        success: success
+    });
+}
+$(document).ready(function () {
+    if($('#id_protocol_type').text() === 'rdp'){
+        $('.only-ssh').addClass('hidden')
+    }
+    $(".panel-body .table tr:visible:first").addClass('no-borders-tr');
+    $('.select2').select2()
+})
+.on('click', '#btn-auto-push', function () {
+    var checked = $(this).prop('checked');
+    var the_url = "{% url 'api-assets:system-user-detail' pk=system_user.id %}";
+    var body = {
+        'auto_push': checked
+    };
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(body)
+    });
+}).on('click', '.btn-del', function () {
+    var $this = $(this);
+    var name = "{{ system_user.name}}";
+    var uid = "{{ system_user.id }}";
+    var the_url = '{% url "api-assets:system-user-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    var redirect_url = "{% url 'assets:system-user-list' %}";
+    objectDelete($this, name, the_url, redirect_url);
+})
+.on('click', '.btn-push', function () {
+    var the_url = "{% url 'api-assets:system-user-push' pk=system_user.id %}";
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success,
+        flash_message: false
+    });
+})
+.on('click', '.btn-test-connective', function () {
+    var the_url = "{% url 'api-assets:system-user-connective' pk=system_user.id %}";
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600')
+    };
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success,
+        flash_message: false
+    });
+}).on('click', '#btn-binding-command-filters', function () {
+    var new_selected_cmd_filters = $.map($('#command_filters_selected').select2('data'), function (i) {
+        return i.id;
+    });
+    var origin_cmd_filters = $.map($(".bdg-command-filters"), function (s) {
+        return $(s).data('gid')
+    });
+    var command_filters = new_selected_cmd_filters.concat(origin_cmd_filters);
+    updateCommandFilters(command_filters)
+}).on('click', '.btn-unbound-command-filter', function () {
+    var unbound_command_filter = $(this).data('gid');
+    var origin_command_filters = $.map($(".bdg-command-filters"), function (s) {
+        return $(s).data('gid')
+    });
+    var command_filters = $.grep(origin_command_filters, function (n, i) {
+        return n !== unbound_command_filter
+    });
+    updateCommandFilters(command_filters)
+})
+</script>
 {% endblock %}
--- a/apps/assets/templates/assets/system_user_list.html
+++ b/apps/assets/templates/assets/system_user_list.html
@@ -1,11 +1,23 @@
 {% extends '_base_list.html' %}
 {% load i18n %}

+{% block help_message %}
+    <div class="alert alert-info help-message">
+{#    系统用户是 Jumpserver跳转登录资产时使用的用户，可以理解为登录资产用户，如 web, sa, dba(`ssh web@some-host`), 而不是使用某个用户的用户名跳转登录服务器(`ssh xiaoming@some-host`);#}
+{#    简单来说是 用户使用自己的用户名登录Jumpserver, Jumpserver使用系统用户登录资产。#}
+{#    系统用户创建时，如果选择了自动推送 Jumpserver会使用ansible自动推送系统用户到资产中，如果资产(交换机、windows)不支持ansible, 请手动填写账号密码。#}
+{#    目前还不支持Windows的自动推送#}
+    {% trans 'System user is Jumpserver jump login assets used by the users, can be understood as the user login assets, such as web, sa, the dba (` ssh web@some-host `), rather than using a user the username login server jump (` ssh xiaoming@some-host `); '%}
+    {% trans 'In simple terms, users log into Jumpserver using their own username, and Jumpserver uses system users to log into assets. '%}
+    {% trans 'When system users are created, if you choose auto push Jumpserver to use ansible push system users into the asset, if the asset (Switch, Windows) does not support ansible, please manually fill in the account password. Automatic push for Windows is not currently supported.' %}
+    </div>
+{% endblock %}
+
 {% block table_search %}
 {% endblock %}

 {% block table_container %}
-<div class="uc pull-left m-l-5 m-r-5">
+<div class="uc pull-left m-r-5">
    <a href="{% url 'assets:system-user-create' %}" class="btn btn-sm btn-primary "> {% trans "Create system user" %} </a>
 </div>
 <table class="table table-striped table-bordered table-hover " id="system_user_list_table" >
@@ -16,8 +28,12 @@
        </th>
        <th class="text-center">{% trans 'Name' %}</th>
        <th class="text-center">{% trans 'Username' %}</th>
+        <th class="text-center">{% trans 'Protocol' %}</th>
+        <th class="text-center">{% trans 'Login mode' %}</th>
        <th class="text-center">{% trans 'Asset' %}</th>
+        <th class="text-center">{% trans 'Reachable' %}</th>
        <th class="text-center">{% trans 'Unreachable' %}</th>
+        <th class="text-center">{% trans 'Ratio' %}</th>
        <th class="text-center">{% trans 'Comment' %}</th>
        <th class="text-center">{% trans 'Action' %}</th>
    </tr>
@@ -25,54 +41,78 @@
    <tbody>
    </tbody>
 </table>
-<div id="actions" class="hide">
-    <div class="input-group">
-        <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
-            <option value="delete">{% trans 'Delete selected' %}</option>
-            <option value="update">{% trans 'Update selected' %}</option>
-        </select>
-        <div class="input-group-btn pull-left" style="padding-left: 5px;">
-            <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
-                {% trans 'Submit' %}
-            </button>
-        </div>
-    </div>
-</div>
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-$(document).ready(function(){
+function initTable() {
    var options = {
        ele: $('#system_user_list_table'),
        columnDefs: [
            {targets: 1, createdCell: function (td, cellData, rowData) {
-                var detail_btn = '<a href="{% url "assets:system-user-detail" pk=99991937 %}">' + cellData + '</a>';
-                $(td).html(detail_btn.replace('99991937', rowData.id));
+                var detail_btn = '<a href="{% url "assets:system-user-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
            }},
-            {targets: 5, createdCell: function (td, cellData) {
-                var innerHtml = cellData.length > 30 ? cellData.substring(0, 30) + '...': cellData;
+            {targets: 6, createdCell: function (td, cellData) {
+                var innerHtml = "";
+                if (cellData !== 0) {
+                    innerHtml = "<span class='text-navy'>" + cellData + "</span>";
+                } else {
+                    innerHtml = "<span>" + cellData + "</span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData +'">' + innerHtml + '</span>');
+            }},
+            {targets: 7, createdCell: function (td, cellData) {
+                var innerHtml = "";
+                if (cellData !== 0) {
+                    innerHtml = "<span class='text-danger'>" + cellData + "</span>";
+                } else {
+                    innerHtml = "<span>" + cellData + "</span>";
+                }
                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
            }},
-            {targets: 6, createdCell: function (td, cellData, rowData) {
-{#                var script_btn = '<a href="{% url "assets:system-user-update" pk=99991937 %}" class="btn btn-xs btn-primary">{% trans "Script" %}</a>'.replace('99991937', cellData);#}
-                var update_btn = '<a href="{% url "assets:system-user-update" pk=99991937 %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', cellData);
-                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_admin_user_delete" data-uid="99991937">{% trans "Delete" %}</a>'.replace('99991937', cellData);
+            {targets: 8, createdCell: function (td, cellData, rowData) {
+                var val = 0;
+                var innerHtml = "";
+                var total = rowData.assets_amount;
+                var reachable = rowData.reachable_amount;
+                if (total !== 0) {
+                    val = reachable/total * 100;
+                }
+
+                if (val === 100) {
+                    innerHtml = "<span class='text-navy'>" + val + "% </span>";
+                } else {
+                    var num = new Number(val);
+                    innerHtml = "<span class='text-danger'>" + num.toFixed(1) + "% </span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
+
+            }},
+            {targets: 10, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:system-user-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_admin_user_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
                $(td).html(update_btn + del_btn)
            }}],
        ajax_url: '{% url "api-assets:system-user-list" %}',
-        columns: [{data: "id" }, {data: "name" }, {data: "username" }, {data: "assets_amount" }, {data: function () { return "3"}},
-            {data: "comment" }, {data: "id" }],
+        columns: [
+            {data: "id" }, {data: "name" }, {data: "username" }, {data: "protocol"}, {data: "get_login_mode_display"}, {data: "assets_amount" },
+            {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment" }, {data: "id" }
+        ],
        op_html: $('#actions').html()
        };
    jumpserver.initDataTable(options);
+}
+
+$(document).ready(function(){
+    initTable();
 })

 .on('click', '.btn_admin_user_delete', function () {
    var $this = $(this);
-    var $data_table = $('#idc_list_table').DataTable();
+    var $data_table = $('#cluster_list_table').DataTable();
    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
    var uid = $this.data('uid');
-    var the_url = '{% url "api-assets:system-user-detail" pk=99991937 %}'.replace('99991937', uid);
+    var the_url = '{% url "api-assets:system-user-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
    objectDelete($this, name, the_url);
    setTimeout( function () {
        $data_table.ajax.reload();
@@ -98,6 +138,7 @@ $(document).ready(function(){
            text: "{% trans 'This will delete the selected System Users !!!' %}",
            type: "warning",
            showCancelButton: true,
+            cancelButtonText: "{% trans 'Cancel' %}",
            confirmButtonColor: "#DD6B55",
            confirmButtonText: "{% trans 'Confirm' %}",
            closeOnConfirm: false
--- a/apps/assets/templates/assets/system_user_update.html
+++ b/apps/assets/templates/assets/system_user_update.html
@@ -4,50 +4,13 @@
 {% load bootstrap3 %}

 {% block auth %}
-<div class="password-auth hidden">
    {% bootstrap_field form.password layout="horizontal" %}
-</div>
-<div class="public-key-auth">
-    <div>
-        {% bootstrap_field form.private_key_file layout="horizontal" %}
+    {% bootstrap_field form.private_key_file layout="horizontal" %}
+    <div class="form-group">
+        <label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
+        <div class="col-sm-8">
+            {{ form.auto_push}}
+        </div>
    </div>
-</div>
 {% endblock %}

-{% block custom_foot_js %}
-	<script>
-    var auth_method = '#'+'{{ form.auth_method.id_for_label }}';
-    var auto_generate_key = '#'+'{{ form.auto_generate_key.id_for_label }}';
-    function authMethodDisplay() {
-      if ($(auth_method).val() == 'P') {
-        $('.password-auth').removeClass('hidden');
-        $('.public-key-auth').addClass('hidden');
-        $('#'+'{{ form.password.id_for_label }}').removeAttr('disabled');
-
-      } else if ($(auth_method).val() == 'K') {
-        $('.password-auth').addClass('hidden');
-        $('.public-key-auth').removeClass('hidden');
-        $('#'+'{{ form.password.id_for_label }}').removeAttr('required');
-        $('#'+'{{ form.password.id_for_label }}').attr('disabled', 'disabled');
-
-        if ($(auto_generate_key).prop('checked')){
-          $('#'+'{{ form.private_key_file.id_for_label }}').closest('.form-group').addClass('hidden');
-        } else {
-          $('#'+'{{ form.private_key_file.id_for_label }}').closest('.form-group').removeClass('hidden');
-        }
-      }
-    }
-    $(document).ready(function () {
-      $('.select2').select2();
-      authMethodDisplay();
-      $(auth_method).change(function () {
-        authMethodDisplay();
-      });
-      $(auto_generate_key).change(function () {
-        authMethodDisplay();
-      });
-    })
-
-
-	</script>
-{% endblock %}
--- a/apps/assets/templates/assets/user_asset_list.html
+++ b/apps/assets/templates/assets/user_asset_list.html
@@ -1,264 +1,188 @@
-{% extends '_base_list.html' %}
-{% load i18n %}
+{% extends 'base.html' %}
 {% load static %}
+{% load i18n %}
+
 {% block custom_head_css_js %}
-<link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-<script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-
-<style>
-    .custom{
-        margin-right:5px;
-        }
-    #modal .modal-body { max-height: 200px; }
-</style>
-{% endblock %}
-{% block content_left_head %}{% endblock %}
-
-{% block table_search %}
-{#    <div class="html5buttons">#}
-{#        <div class="dt-buttons btn-group">#}
-{#            <a class="btn btn-default btn_export" tabindex="0">#}
-{#                <span>{% trans "Export" %}</span>#}
-{#            </a>#}
-{#        </div>#}
-{#    </div>#}
+    <link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
+    <script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
+    <script src="{% static 'js/jquery.form.min.js' %}"></script>
 {% endblock %}

+{% block content %}
+<div class="wrapper wrapper-content">
+   <div class="row">
+       <div class="col-lg-3" id="split-left" style="padding-left: 3px">
+           <div class="ibox float-e-margins">
+               <div class="ibox-content mailbox-content" style="padding-top: 0;padding-left: 1px">
+                   <div class="file-manager ">
+                       <div id="assetTree" class="ztree">
+                       </div>

-{% block table_container %}
-<table class="table table-striped table-bordered table-hover " id="asset_list_table" >
-    <thead>
-        <tr>
-            <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
-            <th class="text-center">{% trans 'Hostname' %}</th>
-            <th class="text-center">{% trans 'IP' %}</th>
-            <th class="text-center">{% trans 'Port' %}</th>
-            <th class="text-center">{% trans 'Type' %}</th>
-            <th class="text-center">{% trans 'Env' %}</th>
-            <th class="text-center">{% trans 'Hardware' %}</th>
-            <th class="text-center">{% trans 'Valid' %}</th>
-            <th class="text-center">{% trans 'Alive' %}</th>
-        </tr>
-    </thead>
-    <tbody>
-    </tbody>
-</table>
+                       <div class="clearfix"></div>
+                   </div>
+               </div>
+           </div>
+       </div>
+       <div class="col-lg-9 animated fadeInRight" id="split-right">
+           <div class="tree-toggle">
+               <div class="btn btn-sm btn-primary tree-toggle-btn" onclick="toggle()">
+                   <i class="fa fa-angle-left fa-x" id="toggle-icon"></i>
+               </div>
+           </div>
+           <div class="mail-box-header">
+               <div class="btn-group" style="float: right">
+                   <button data-toggle="dropdown" class="btn btn-default btn-sm dropdown-toggle">{% trans 'Label' %} <span class="caret"></span></button>
+                   <ul class="dropdown-menu labels">
+                       {% for label in labels %}
+                           <li><a style="font-weight: bolder">{{ label.name }}:{{ label.value }}</a></li>
+                       {% endfor %}
+                   </ul>
+               </div>
+               <table class="table table-striped table-bordered table-hover " id="user_assets_table" style="width: 100%">
+                   <thead>
+                       <tr>
+                           <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
+                           <th class="text-center">{% trans 'Hostname' %}</th>
+                           <th class="text-center">{% trans 'IP' %}</th>
+                           <th class="text-center">{% trans 'Active' %}</th>
+                           <th class="text-center">{% trans 'System users' %}</th>
+                       </tr>
+                   </thead>
+                   <tbody>
+                   </tbody>
+               </table>
+           </div>
+       </div>
+   </div>
+</div>
+
+{% include 'assets/_user_asset_detail_modal.html' %}
 {% endblock %}

+
 {% block custom_foot_js %}
-<script src="{% static 'js/jquery.form.min.js' %}"></script>
-<script type="text/javascript">
-$(document).ready(function(){
-	var options = {
-		ele: $('#asset_list_table'),
-		columnDefs: [
-			{targets: 1, createdCell: function (td, cellData, rowData) {
-				var detail_btn = '<a href="{% url "assets:asset-detail" pk=99991937 %}">' + cellData + '</a>';
-				$(td).html(detail_btn.replace('99991937', rowData.id));
-			}},
-			{targets: 7, createdCell: function (td, cellData) {
-				if (!cellData) {
-					$(td).html('<i class="fa fa-times text-danger"></i>')
-				} else {
-					$(td).html('<i class="fa fa-check text-navy"></i>')
-				}
-			}},
-			{targets: 8, createdCell: function (td, cellData) {
-				if (!cellData) {
-					$(td).html('<i class="fa fa-circle text-danger"></i>')
-				} else {
-					$(td).html('<i class="fa fa-circle text-navy"></i>')
-				}
-			}}
-		],
-		ajax_url: '{% url "api-assets:asset-list" %}',
-		columns: [{data: "id"}, {data: "hostname" }, {data: "ip" }, {data: "port" },
-			{data: "get_type_display" }, {data: "get_env_display"}, {data: "hardware"},
-			{data: "is_active" }, {data: "is_active"}],
-	};
-	var table = jumpserver.initDataTable(options);
-	$('.btn_export').click(function () {
-		var assets = [];
-		var rows = table.rows('.selected').data();
-		$.each(rows, function (index, obj) {
-			assets.push(obj.id)
-		});
-		console.log(assets);
-		$.ajax({
-			url: "{% url "assets:asset-export" %}",
-			method: 'POST',
-			data: JSON.stringify({assets_id: assets}),
-			dataType: "json",
-			success: function (data, textStatus) {
-				window.open(data.redirect)
-			},
-			error: function () {
-				toastr.error('Export failed');
-			}
-		})
-	});
- 	$('#btn_asset_import').click(function() {
-		var $form = $('#fm_asset_import');
-		$form.find('.help-block').remove();
-		function success (data) {
-			if (data.valid === false) {
-				$('<span />', {class: 'help-block text-danger'}).html(data.msg).insertAfter($('#id_assets'));
-			} else {
-				$('#id_created').html(data.created_info);
-				$('#id_created_detail').html(data.created.join(', '));
-				$('#id_updated').html(data.updated_info);
-				$('#id_updated_detail').html(data.updated.join(', '));
-				$('#id_failed').html(data.failed_info);
-				$('#id_failed_detail').html(data.failed.join(', '));
-				var $data_table = $('#asset_list_table').DataTable();
-				$data_table.ajax.reload();
-			}
-		}
-		$form.ajaxSubmit({success: success});
-	})
-})
-
-.on('click', '.btn_asset_delete', function () {
-	var $this = $(this);
-	var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
-	var uid = $this.data('uid');
-	var the_url = '{% url "api-assets:asset-detail" pk=99991937 %}'.replace('99991937', uid);
-	objectDelete($this, name, the_url);
-})
-
-.on('click', '#btn_bulk_update', function () {
-	var action = $('#slct_bulk_update').val();
-	var $data_table = $('#asset_list_table').DataTable();
-	var id_list = [];
-    var plain_id_list = [];
-    $data_table.rows({selected: true}).every(function(){
-        id_list.push({id: this.data().id});
-        plain_id_list.push(this.data().id);
-    });
-    if (plain_id_list.length == 0) {
-        return false;
+<script>
+var zTree, asset_table;
+var inited = false;
+var url;
+function initTable() {
+    if (inited){
+        return
+    } else {
+        inited = true;
    }
-    var the_url = "{% url 'api-assets:asset-list' %}";
-    function doDeactive() {
-        var body = $.each(id_list, function(index, asset_object) {
-            asset_object['is_active'] = false;
-        });
-        APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(body)});
-        $data_table.ajax.reload();
-        jumpserver.checked = false;
-    }
-    function doActive() {
-        var body = $.each(id_list, function(index, asset_object) {
-            asset_object['is_active'] = true;
-        });
-        APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(body)});
-        $data_table.ajax.reload();
-        jumpserver.checked = false;
-    }
-    function doDelete() {
-        swal({
-            title: "{% trans 'Are you sure?' %}",
-            text: "{% trans 'This will delete the selected assets !!!' %}",
-            type: "warning",
-            showCancelButton: true,
-            confirmButtonColor: "#DD6B55",
-            confirmButtonText: "{% trans 'Confirm' %}",
-            closeOnConfirm: false
-        }, function() {
-            var success = function() {
-                var msg = "{% trans 'Asset Deleted.' %}";
-                swal("{% trans 'Asset Delete' %}", msg, "success");
-                $('#asset_list_table').DataTable().ajax.reload();
-            };
-            var fail = function() {
-                var msg = "{% trans 'Asset Deleting failed.' %}";
-                swal("{% trans 'Asset Delete' %}", msg, "error");
-            };
-            var url_delete = the_url + '?id__in=' + JSON.stringify(plain_id_list);
-            APIUpdateAttr({url: url_delete, method: 'DELETE', success: success, error: fail});
-            $data_table.ajax.reload();
-            jumpserver.checked = false;
-        });
-    }
-    function doUpdate() {
-        $('#asset_bulk_update_modal').modal('show');
-    }
-    switch(action) {
-        case 'deactive':
-            doDeactive();
-            break;
-        case 'delete':
-            doDelete();
-            break;
-        case 'update':
-            doUpdate();
-            break;
-        case 'active':
-            doActive();
-            break;
-        default:
-            break;
-    }
-})
-
-.on('click', '#btn_asset_bulk_update', function () {
-	var json_data = $("#fm_asset_bulk_update").serializeObject();
-	var body = {};
-    body.enable_otp = (json_data.enable_otp === 'on')? true: false;
-    if (json_data.type != '') {
-        body.type = json_data.type;
-    }
-    if (json_data.groups != undefined) {
-        body.groups = json_data.groups;
-    }
-    if (typeof body.groups === 'string') {
-        body.groups = [parseInt(body.groups)]
-    } else if(typeof body.groups === 'array') {
-        var new_groups = body.groups.map(Number);
-        body.groups = new_groups;
-    }
-
-    if (json_data.system_users != undefined) {
-    	body.system_users = json_data.system_users;
-    }
-    if (typeof body.system_users === 'string') {
-    	body.system_users = [parseInt(body.system_users)]
-    } else if(typeof body.system_users === 'array') {
-    	var new_users = body.system_users.map(Number);
-    	body.system_users = new_users;
-    }
-
-    if (json_data.tags != undefined) {
-    	body.tags = json_data.tags;
-    }
-    if (typeof body.tags == 'string') {
-    	body.tags = [parseInt(body.tags)];
-    } else if (typeof body.tags === 'array') {
-    	var new_tags = body.tags.map(Number);
-    	body.tags = new_tags;
-    }
-
-    var $data_table = $('#asset_list_table').DataTable();
-    var post_list = [];
-    $data_table.rows({selected: true}).every(function(){
-        var content = Object.assign({id: this.data().id}, body);
-        post_list.push(content);
-    });
-    if (post_list === []) {
-        return false
-    }
-    var the_url = "{% url 'api-assets:asset-list' %}";
-    var success = function() {
-        var msg = "{% trans 'The selected assets has been updated successfully.' %}";
-        swal("{% trans 'Asset Updated' %}", msg, "success");
-        $('#asset_list_table').DataTable().ajax.reload();
-        jumpserver.checked = false;
+    console.log("init table")
+    url = "{% url 'api-perms:my-assets' %}";
+    var options = {
+        ele: $('#user_assets_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a class="asset_detail" asset-id="rowData_id" data-toggle="modal" data-target="#user_asset_detail_modal" tabindex="0">'+ cellData +'</a>'
+                $(td).html(detail_btn.replace("rowData_id", rowData.id));
+                }},
+            {targets: 3, createdCell: function (td, cellData) {
+                if (!cellData) {
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                }
+            }},
+            {targets: 4, createdCell: function (td, cellData) {
+                var users = [];
+                $.each(cellData, function (id, data) {
+                    users.push(data.name);
+                });
+                $(td).html(users.join(', '))
+            }}
+        ],
+        ajax_url: url,
+        columns: [
+            {data: "id"}, {data: "hostname" }, {data: "ip" },
+            {data: "is_active", orderable: false },
+            {data: "system_users_granted", orderable: false}
+        ]
    };
-    console.log(JSON.stringify(post_list));
-    console.log(the_url);
-{#    APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(post_list), success: success});#}
-    $('#asset_bulk_update_modal').modal('hide');
+    asset_table = jumpserver.initDataTable(options);
+    return asset_table
+}
+
+function onSelected(event, treeNode) {
+    url = '{% url "api-perms:my-node-assets" node_id=DEFAULT_PK %}';
+    url = url.replace("{{ DEFAULT_PK }}", treeNode.node_id);
+    setCookie('node_selected', treeNode.id);
+    asset_table.ajax.url(url);
+    asset_table.ajax.reload();
+}
+
+function initTree() {
+    var setting = {
+        view: {
+            dblClickExpand: false,
+            showLine: true
+        },
+        data: {
+            simpleData: {
+                enable: true
+            }
+        },
+        callback: {
+            onSelected: onSelected
+        }
+    };
+
+    var zNodes = [];
+    $.get("{% url 'api-perms:my-nodes' %}", function(data, status){
+        $.each(data, function (index, value) {
+            value["node_id"] = value["id"];
+            value["id"] = value["tree_id"];
+            if (value["tree_id"] !== value["tree_parent"]) {
+                value["pId"] = value["tree_parent"];
+            }
+            value["isParent"] = value["is_node"];
+            value['name'] = value['value'];
+        });
+        zNodes = data;
+        $.fn.zTree.init($("#assetTree"), setting, zNodes);
+        zTree = $.fn.zTree.getZTreeObj("assetTree");
+        var root = zTree.getNodes()[0];
+        zTree.expandNode(root);
+    });
+}
+
+$(document).ready(function () {
+    initTree();
+    initTable();
+})
+.on('click', '.asset_detail', function() {
+    var data = asset_table.ajax.json();
+    var asset_id = this.getAttribute("asset-id");
+    var trs = '';
+    var desc = {
+        'hostname': "{% trans 'Hostname' %}",
+        'ip': "{% trans 'IP' %}",
+        'port': "{% trans 'Port' %}",
+        'protocol': "{% trans 'Protocol' %}",
+        'platform': "{% trans 'Platform' %}",
+        'os': "{% trans 'OS' %}",
+        'system_users_join': "{% trans 'System user' %}",
+        'domain': "{% trans 'Domain' %}",
+        'is_active': "{% trans 'Is active' %}",
+        'comment': "{% trans 'Comment' %}"
+        {#'date_joined': "{% trans 'Date joined' %}",#}
+    };
+    $.each(data, function(index, value){
+        if(value.id === asset_id){
+            for(var i in desc){
+                trs += "<tr class='no-borders-tr'>\n" +
+                  "<td>"+ desc[i] + ":</td>"+
+                  "<td><b>"+ (value[i] === null?'':value[i]) + "</b></td>\n" +
+                  "</tr>";
+            }
+        }
+    });
+    $('#asset_detail_tbody').html(trs)
 });

 </script>
-{% endblock %}
+
+{% endblock %}
--- a/apps/assets/templatetags/init.py
+++ b/apps/assets/templatetags/init.py
@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+#
--- a/Show More
+++ b/Show More