fix: 修改缩进

fix: bug
fix: 修复celery日志清除问题
2025-12-17 17:42:37 +00:00 · 2021-01-15 11:15:09 +08:00 · 2021-01-14 10:35:16 +08:00 · 2021-01-11 10:29:32 +08:00 · 2020-12-22 17:19:15 +08:00 · 2020-12-22 15:14:26 +08:00
628 changed files with 18483 additions and 27409 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,17 +0,0 @@
 [简述你的问题]
 ##### 使用版本
 [请提供你使用的Jumpserver版本 1.x.x 注: 0.3.x不再提供支持]
 ##### 问题复现步骤
 1. [步骤1]
 2. [步骤2]
 ##### 具体表现[截图可能会更好些,最好能截全]
 ##### 其他
 [注:] 完成后请关闭 issue
--- a/.github/ISSUE_TEMPLATE/----.md
+++ b/.github/ISSUE_TEMPLATE/----.md
@@ -0,0 +1,10 @@
 ---
 name: 需求建议
 about: 提出针对本项目的想法和建议
 title: "[Feature] "
 labels: 类型:需求
 assignees: ibuler
 ---
 **请描述您的需求或者改进建议.**
--- a/.github/ISSUE_TEMPLATE/bug---.md
+++ b/.github/ISSUE_TEMPLATE/bug---.md
@@ -0,0 +1,22 @@
 ---
 name: Bug 提交
 about: 提交产品缺陷帮助我们更好的改进
 title: "[Bug] "
 labels: 类型:bug
 assignees: wojiushixiaobai
 ---
 **JumpServer 版本(v1.5.9以下不再支持)**
 **浏览器版本**
 **Bug 描述**
 **Bug 重现步骤(有截图更好)**
 1.  
 2. 
 3. 
--- a/.github/ISSUE_TEMPLATE/question.md
+++ b/.github/ISSUE_TEMPLATE/question.md
@@ -0,0 +1,10 @@
 ---
 name: 问题咨询
 about: 提出针对本项目安装部署、使用及其他方面的相关问题
 title: "[Question] "
 labels: 类型:提问
 assignees: wojiushixiaobai
 ---
 **请描述您的问题.**
--- a/.github/release-config.yml
+++ b/.github/release-config.yml
@@ -0,0 +1,44 @@
 name-template: 'v$RESOLVED_VERSION'
 tag-template: 'v$RESOLVED_VERSION'
 categories:
  - title: '🌱 新功能 Features'
    labels:
      - 'feature'
      - 'enhancement'
      - 'feat'
      - '新功能'
  - title: '🚀 性能优化 Optimization'
    labels:
      - 'perf'
      - 'opt'
      - 'refactor'
      - 'Optimization'
      - '优化'
  - title: '🐛 Bug修复 Bug Fixes'
    labels:
      - 'fix'
      - 'bugfix'
      - 'bug'
  - title: '🧰 其它 Maintenance'
    labels:
      - 'chore'
      - 'docs'
 exclude-labels:
  - 'no'
  - '无需处理'
  - 'wontfix'
 change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
 version-resolver:
  major:
    labels:
      - 'major'
  minor:
    labels:
      - 'minor'
  patch:
    labels:
      - 'patch'
  default: patch
 template: |
  ## 版本变化  What’s Changed
  $CHANGES
--- a/.github/workflows/jms-generic-action-handler.yml
+++ b/.github/workflows/jms-generic-action-handler.yml
@@ -0,0 +1,12 @@
 on: [push, pull_request, release]
 name: JumpServer repos generic handler
 jobs:
  generic_handler:
    name: Run generic handler
    runs-on: ubuntu-latest
    steps:
      - uses: jumpserver/action-generic-handler@master
        env:
          GITHUB_TOKEN: ${{ secrets.PRIVATE_TOKEN }}
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -0,0 +1,46 @@
 on:
  push:
    # Sequence of patterns matched against refs/tags
    tags:
      - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
 name: Create Release And Upload assets
 jobs:
  create-realese:
    name: Create Release
    runs-on: ubuntu-latest
    outputs:
      upload_url: ${{ steps.create_release.outputs.upload_url }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Get version
        id: get_version
        run: |
          TAG=$(basename ${GITHUB_REF})
          VERSION=${TAG/v/}
          echo "::set-output name=TAG::$TAG"
          echo "::set-output name=VERSION::$VERSION"
      - name: Create Release
        id: create_release
        uses: release-drafter/release-drafter@v5
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          config-name: release-config.yml
          version: ${{ steps.get_version.outputs.TAG }}
          tag: ${{ steps.get_version.outputs.TAG }}
  build-and-release:
    needs: create-realese
    name: Build and Release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Build it and upload
        uses: jumpserver/action-build-upload-assets@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ needs.create-realese.outputs.upload_url }}
--- a/.gitignore
+++ b/.gitignore
@@ -35,4 +35,6 @@ docs/_build/
 xpack
 logs/*
 ### Vagrant ###
-.vagrant/
+.vagrant/
 release/*
 releashe
--- a/45
+++ b/45
@@ -1,25 +1,46 @@
-FROM registry.fit2cloud.com/public/python:v3
+# 编译代码
-MAINTAINER Jumpserver Team <ibuler@qq.com>
+FROM python:3.8.6-slim as stage-build
 MAINTAINER JumpServer Team <ibuler@qq.com>
 ARG VERSION
 ENV VERSION=$VERSION
 WORKDIR /opt/jumpserver
-RUN useradd jumpserver
+ADD . .
 RUN cd utils && bash -ixeu build.sh
 COPY ./requirements /tmp/requirements
-RUN yum -y install epel-release && \
+# 构建运行时环境
-      echo -e "[mysql]\nname=mysql\nbaseurl=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql57-community-el6/\ngpgcheck=0\nenabled=1" > /etc/yum.repos.d/mysql.repo
+FROM python:3.8.6-slim
-RUN cd /tmp/requirements && yum -y install $(cat rpm_requirements.txt)
+ARG PIP_MIRROR=https://pypi.douban.com/simple
-RUN cd /tmp/requirements && pip install --upgrade pip setuptools && pip install wheel && \
+ENV PIP_MIRROR=$PIP_MIRROR
-    pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -r requirements.txt || pip install -r requirements.txt
+ARG PIP_JMS_MIRROR=https://pypi.douban.com/simple
-RUN mkdir -p /root/.ssh/ && echo -e "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config
+ENV PIP_JMS_MIRROR=$PIP_JMS_MIRROR
 WORKDIR /opt/jumpserver
 COPY ./requirements/deb_buster_requirements.txt ./requirements/deb_buster_requirements.txt
 RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
    && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
    && apt update \
    && grep -v '^#' ./requirements/deb_buster_requirements.txt | xargs apt -y install \
    && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \
    && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 COPY ./requirements/requirements.txt ./requirements/requirements.txt
 RUN pip install --upgrade pip==20.2.4 setuptools==49.6.0 wheel==0.34.2 -i ${PIP_MIRROR} \
    && pip config set global.index-url ${PIP_MIRROR} \
    && pip install --no-cache-dir $(grep 'jms' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \
    && pip install --no-cache-dir -r requirements/requirements.txt
 COPY --from=stage-build /opt/jumpserver/release/jumpserver /opt/jumpserver
 RUN mkdir -p /root/.ssh/ \
    && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config
 COPY . /opt/jumpserver
 RUN echo > config.yml
 VOLUME /opt/jumpserver/data
 VOLUME /opt/jumpserver/logs
 ENV LANG=zh_CN.UTF-8
 ENV LC_ALL=zh_CN.UTF-8
 EXPOSE 8070
 EXPOSE 8080
--- a/README.md
+++ b/README.md
@@ -2,6 +2,11 @@
 [![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
 [![Django](https://img.shields.io/badge/django-2.2-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
 [![Docker Pulls](https://img.shields.io/docker/pulls/jumpserver/jms_all.svg)](https://hub.docker.com/u/jumpserver)
 |Developer Wanted|
 |------------------|
 |JumpServer 正在寻找开发者，一起为改变世界做些贡献吧，哪怕一点点，联系我 <ibuler@fit2cloud.com> |
 JumpServer 是全球首款开源的堡垒机，使用 GNU GPL v2.0 开源协议，是符合 4A 规范的运维安全审计系统。
@@ -20,7 +25,24 @@ JumpServer 采纳分布式架构，支持多机房跨区域部署，支持横向
 - 无插件: 仅需浏览器，极致的 Web Terminal 使用体验；
 - 多云支持: 一套系统，同时管理不同云上面的资产；
 - 云端存储: 审计录像云端存储，永不丢失；
- 多租户: 一套系统，多个子公司和部门同时使用。
+- 多租户: 一套系统，多个子公司和部门同时使用；
 - 多应用支持: 数据库，Windows远程应用，Kubernetes。
 ## 版本说明
 自 v2.0.0 发布后， JumpServer 版本号命名将变更为：v大版本.功能版本.Bug修复版本。比如：
 ```
 v2.0.1 是 v2.0.0 之后的Bug修复版本；
 v2.1.0 是 v2.0.0 之后的功能版本。
 ```
 像其它优秀开源项目一样，JumpServer 每个月会发布一个功能版本，并同时维护 3 个功能版本。比如：
 ```
 在 v2.4 发布前，我们会同时维护 v2.1、v2.2、v2.3；
 在 v2.4 发布后，我们会同时维护 v2.2、v2.3、v2.4；v2.1 会停止维护。
 ```
 ## 功能列表
@@ -177,13 +199,76 @@ JumpServer 采纳分布式架构，支持多机房跨区域部署，支持横向
    <td>文件传输</td>
    <td>可对文件的上传、下载记录进行审计</td>
  </tr>
  <tr>
    <td rowspan="20">数据库审计<br>Database</td>
    <td rowspan="2">连接方式</td>
    <td>命令方式</td>
  </tr>
  <tr>
    <td>Web UI方式 (X-PACK)</td>
  </tr>
  <tr>
    <td rowspan="4">支持的数据库</td>
    <td>MySQL</td>
  </tr>
  <tr>
    <td>Oracle (X-PACK)</td>
  </tr>
  <tr>
    <td>MariaDB (X-PACK)</td>
  </tr>
  <tr>
    <td>PostgreSQL (X-PACK)</td>
  </tr>
  <tr>
    <td rowspan="6">功能亮点</td>
    <td>语法高亮</td>
  </tr>
  <tr>
    <td>SQL格式化</td>
  </tr>
  <tr>
    <td>支持快捷键</td>
  </tr>
  <tr>
    <td>支持选中执行</td>
  </tr>
  <tr>
    <td>SQL历史查询</td>
  </tr>
  <tr>
    <td>支持页面创建 DB, TABLE</td>
  </tr>
  <tr>
    <td rowspan="2">会话审计</td>
    <td>命令记录</td>
  </tr>
  <tr>
    <td>录像回放</td>
  </tr>
 </table>
 ## 快速开始
 - [极速安装](https://docs.jumpserver.org/zh/master/install/setup_by_fast/)
 - [完整文档](https://docs.jumpserver.org)
- [演示视频](https://jumpserver.oss-cn-hangzhou.aliyuncs.com/jms-media/%E3%80%90%E6%BC%94%E7%A4%BA%E8%A7%86%E9%A2%91%E3%80%91Jumpserver%20%E5%A0%A1%E5%9E%92%E6%9C%BA%20V1.5.0%20%E6%BC%94%E7%A4%BA%E8%A7%86%E9%A2%91%20-%20final.mp4)
+- [演示视频](https://www.bilibili.com/video/BV1ZV41127GB)
 ## 组件项目
 - [Lina](https://github.com/jumpserver/lina) JumpServer Web UI 项目
 - [Luna](https://github.com/jumpserver/luna) JumpServer Web Terminal 项目
 - [Koko](https://github.com/jumpserver/koko) JumpServer 字符协议 Connector 项目，替代原来 Python 版本的 [Coco](https://github.com/jumpserver/coco)
 - [Guacamole](https://github.com/jumpserver/docker-guacamole) JumpServer 图形协议 Connector 项目，依赖 [Apache Guacamole](https://guacamole.apache.org/)
 ## 致谢
 - [Apache Guacamole](https://guacamole.apache.org/) Web页面连接 RDP, SSH, VNC协议设备，JumpServer 图形化连接依赖
 - [OmniDB](https://omnidb.org/) Web页面连接使用数据库，JumpServer Web数据库依赖
 ## JumpServer 企业版 
 - [申请企业版试用](https://jinshuju.net/f/kyOYpi)
 > 注：企业版支持离线安装，申请通过后会提供高速下载链接。
 ## 案例研究
--- a/apps/.gitattributes
+++ b/apps/.gitattributes
@@ -0,0 +1,2 @@
 *.js linguist-language=python
 *.html linguist-language=python
--- a/apps/applications/api/init.py
+++ b/apps/applications/api/init.py
@@ -1,2 +1,5 @@
 from .application import *
 from .mixin import *
 from .remote_app import *
 from .database_app import *
 from .k8s_app import *
--- a/apps/applications/api/application.py
+++ b/apps/applications/api/application.py
@@ -0,0 +1,20 @@
 # coding: utf-8
 #
 from orgs.mixins.api import OrgBulkModelViewSet
 from .mixin import ApplicationAttrsSerializerViewMixin
 from ..hands import IsOrgAdminOrAppUser
 from .. import models, serializers
 __all__ = [
    'ApplicationViewSet',
 ]
 class ApplicationViewSet(ApplicationAttrsSerializerViewMixin, OrgBulkModelViewSet):
    model = models.Application
    filter_fields = ('name', 'type', 'category')
    search_fields = filter_fields
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.ApplicationSerializer
--- a/apps/applications/api/k8s_app.py
+++ b/apps/applications/api/k8s_app.py
@@ -0,0 +1,20 @@
 # coding: utf-8
 #
 from orgs.mixins.api import OrgBulkModelViewSet
 from .. import models
 from .. import serializers
 from ..hands import IsOrgAdminOrAppUser
 __all__ = [
    'K8sAppViewSet',
 ]
 class K8sAppViewSet(OrgBulkModelViewSet):
    model = models.K8sApp
    filter_fields = ('name',)
    search_fields = filter_fields
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.K8sAppSerializer
--- a/apps/applications/api/mixin.py
+++ b/apps/applications/api/mixin.py
@@ -0,0 +1,139 @@
 import uuid
 from common.exceptions import JMSException
 from orgs.models import Organization
 from .. import models
 class ApplicationAttrsSerializerViewMixin:
    def get_serializer_class(self):
        serializer_class = super().get_serializer_class()
        if getattr(self, 'swagger_fake_view', False):
            return serializer_class
        app_type = self.request.query_params.get('type')
        app_category = self.request.query_params.get('category')
        type_options = list(dict(models.Category.get_all_type_serializer_mapper()).keys())
        category_options = list(dict(models.Category.get_category_serializer_mapper()).keys())
        # ListAPIView 没有 action 属性
        # 不使用method属性，因为options请求时为method为post
        action = getattr(self, 'action', 'list')
        if app_type and app_type not in type_options:
            raise JMSException(
                'Invalid query parameter `type`, select from the following options: {}'
                ''.format(type_options)
            )
        if app_category and app_category not in category_options:
            raise JMSException(
                'Invalid query parameter `category`, select from the following options: {}'
                ''.format(category_options)
            )
        if action in [
            'create', 'update', 'partial_update', 'bulk_update', 'partial_bulk_update'
        ] and not app_type:
            # action: create / update
            raise JMSException(
                'The `{}` action must take the `type` query parameter'.format(action)
            )
        if app_type:
            # action: create / update / list / retrieve / metadata
            attrs_cls = models.Category.get_type_serializer_cls(app_type)
            class_name = 'ApplicationDynamicSerializer{}'.format(app_type.title())
        elif app_category:
            # action: list / retrieve / metadata
            attrs_cls = models.Category.get_category_serializer_cls(app_category)
            class_name = 'ApplicationDynamicSerializer{}'.format(app_category.title())
        else:
            attrs_cls = models.Category.get_no_password_serializer_cls()
            class_name = 'ApplicationDynamicSerializer'
        cls = type(class_name, (serializer_class,), {'attrs': attrs_cls()})
        return cls
 class SerializeApplicationToTreeNodeMixin:
    @staticmethod
    def _serialize_db(db):
        return {
            'id': db.id,
            'name': db.name,
            'title': db.name,
            'pId': '',
            'open': False,
            'iconSkin': 'database',
            'meta': {'type': 'database_app'}
        }
    @staticmethod
    def _serialize_remote_app(remote_app):
        return {
            'id': remote_app.id,
            'name': remote_app.name,
            'title': remote_app.name,
            'pId': '',
            'open': False,
            'isParent': False,
            'iconSkin': 'chrome',
            'meta': {'type': 'remote_app'}
        }
    @staticmethod
    def _serialize_cloud(cloud):
        return {
            'id': cloud.id,
            'name': cloud.name,
            'title': cloud.name,
            'pId': '',
            'open': False,
            'isParent': False,
            'iconSkin': 'k8s',
            'meta': {'type': 'k8s_app'}
        }
    def _serialize_application(self, application):
        method_name = f'_serialize_{application.category}'
        data = getattr(self, method_name)(application)
        data.update({
            'pId': application.org.id,
            'org_name': application.org_name
        })
        return data
    def serialize_applications(self, applications):
        data = [self._serialize_application(application) for application in applications]
        return data
    @staticmethod
    def _serialize_organization(org):
        return {
            'id': org.id,
            'name': org.name,
            'title': org.name,
            'pId': '',
            'open': True,
            'isParent': True,
            'meta': {
                'type': 'node'
            }
        }
    def serialize_organizations(self, organizations):
        data = [self._serialize_organization(org) for org in organizations]
        return data
    @staticmethod
    def filter_organizations(applications):
        organizations_id = set(applications.values_list('org_id', flat=True))
        organizations = [Organization.get_instance(org_id) for org_id in organizations_id]
        return organizations
    def serialize_applications_with_org(self, applications):
        organizations = self.filter_organizations(applications)
        data_organizations = self.serialize_organizations(organizations)
        data_applications = self.serialize_applications(applications)
        data = data_organizations + data_applications
        return data
--- a/apps/applications/api/remote_app.py
+++ b/apps/applications/api/remote_app.py
@@ -3,8 +3,9 @@
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
 from common.exceptions import JMSException
 from ..hands import IsOrgAdmin, IsAppUser
-from ..models import RemoteApp
+from .. import models
 from ..serializers import RemoteAppSerializer, RemoteAppConnectionInfoSerializer
@@ -14,14 +15,26 @@ __all__ = [
 class RemoteAppViewSet(OrgBulkModelViewSet):
-    model = RemoteApp
+    model = models.RemoteApp
-    filter_fields = ('name',)
+    filter_fields = ('name', 'type', 'comment')
    search_fields = filter_fields
    permission_classes = (IsOrgAdmin,)
    serializer_class = RemoteAppSerializer
 class RemoteAppConnectionInfoApi(generics.RetrieveAPIView):
-    model = RemoteApp
+    model = models.Application
    permission_classes = (IsAppUser, )
    serializer_class = RemoteAppConnectionInfoSerializer
    @staticmethod
    def check_category_allowed(obj):
        if not obj.category_is_remote_app:
            raise JMSException(
                'The request instance(`{}`) is not of category `remote_app`'.format(obj.category)
            )
    def get_object(self):
        obj = super().get_object()
        self.check_category_allowed(obj)
        return obj
--- a/apps/applications/const.py
+++ b/apps/applications/const.py
@@ -23,6 +23,7 @@ REMOTE_APP_TYPE_CHROME_FIELDS = [
 REMOTE_APP_TYPE_MYSQL_WORKBENCH_FIELDS = [
    {'name': 'mysql_workbench_ip'},
    {'name': 'mysql_workbench_name'},
    {'name': 'mysql_workbench_port'},
    {'name': 'mysql_workbench_username'},
    {'name': 'mysql_workbench_password', 'write_only': True}
 ]
--- a/apps/applications/forms/init.py
+++ b/apps/applications/forms/init.py
@@ -1,2 +0,0 @@
 from .remote_app import *
 from .database_app import *
--- a/apps/applications/forms/database_app.py
+++ b/apps/applications/forms/database_app.py
@@ -1,26 +0,0 @@
 # coding: utf-8
 #
 from django import forms
 from django.utils.translation import ugettext_lazy as _
 from .. import models
 __all__ = ['DatabaseAppMySQLForm']
 class BaseDatabaseAppForm(forms.ModelForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.fields['type'].widget.attrs['disabled'] = True
    class Meta:
        model = models.DatabaseApp
        fields = [
            'name', 'type', 'host', 'port', 'database', 'comment'
        ]
 class DatabaseAppMySQLForm(BaseDatabaseAppForm):
    pass
--- a/apps/applications/forms/remote_app.py
+++ b/apps/applications/forms/remote_app.py
@@ -1,120 +0,0 @@
 #  coding: utf-8
 #
 from django.utils.translation import ugettext as _
 from django import forms
 from orgs.mixins.forms import OrgModelForm
 from ..models import RemoteApp
 __all__ = [
    'RemoteAppChromeForm', 'RemoteAppMySQLWorkbenchForm',
    'RemoteAppVMwareForm', 'RemoteAppCustomForm'
 ]
 class BaseRemoteAppForm(OrgModelForm):
    default_initial_data = {}
    def __init__(self, *args, **kwargs):
        # 过滤RDP资产和系统用户
        super().__init__(*args, **kwargs)
        field_asset = self.fields['asset']
        field_asset.queryset = field_asset.queryset.has_protocol('rdp')
        self.fields['type'].widget.attrs['disabled'] = True
        self.fields.move_to_end('comment')
        self.initial_default()
    def initial_default(self):
        for name, value in self.default_initial_data.items():
            field = self.fields.get(name)
            if not field:
                continue
            field.initial = value
    class Meta:
        model = RemoteApp
        fields = [
            'name', 'asset', 'type', 'path', 'comment'
        ]
        widgets = {
            'asset': forms.Select(attrs={
                'class': 'select2', 'data-placeholder': _('Asset')
            }),
        }
 class RemoteAppChromeForm(BaseRemoteAppForm):
    default_initial_data = {
        'path': r'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'
    }
    chrome_target = forms.CharField(
        max_length=128, label=_('Target URL'), required=False
    )
    chrome_username = forms.CharField(
        max_length=128, label=_('Login username'), required=False
    )
    chrome_password = forms.CharField(
        widget=forms.PasswordInput, strip=True,
        max_length=128, label=_('Login password'), required=False
    )
 class RemoteAppMySQLWorkbenchForm(BaseRemoteAppForm):
    default_initial_data = {
        'path': r'C:\Program Files\MySQL\MySQL Workbench 8.0 CE'
                r'\MySQLWorkbench.exe'
    }
    mysql_workbench_ip = forms.CharField(
        max_length=128, label=_('Database IP'), required=False
    )
    mysql_workbench_name = forms.CharField(
        max_length=128, label=_('Database name'), required=False
    )
    mysql_workbench_username = forms.CharField(
        max_length=128, label=_('Database username'), required=False
    )
    mysql_workbench_password = forms.CharField(
        widget=forms.PasswordInput, strip=True,
        max_length=128, label=_('Database password'), required=False
    )
 class RemoteAppVMwareForm(BaseRemoteAppForm):
    default_initial_data = {
        'path': r'C:\Program Files (x86)\VMware\Infrastructure'
                r'\Virtual Infrastructure Client\Launcher\VpxClient.exe'
    }
    vmware_target = forms.CharField(
        max_length=128, label=_('Target address'), required=False
    )
    vmware_username = forms.CharField(
        max_length=128, label=_('Login username'), required=False
    )
    vmware_password = forms.CharField(
        widget=forms.PasswordInput, strip=True,
        max_length=128, label=_('Login password'), required=False
    )
 class RemoteAppCustomForm(BaseRemoteAppForm):
    custom_cmdline = forms.CharField(
        max_length=128, label=_('Operating parameter'), required=False
    )
    custom_target = forms.CharField(
        max_length=128, label=_('Target address'), required=False
    )
    custom_username = forms.CharField(
        max_length=128, label=_('Login username'), required=False
    )
    custom_password = forms.CharField(
        widget=forms.PasswordInput, strip=True,
        max_length=128, label=_('Login password'), required=False
    )
--- a/apps/applications/migrations/0005_k8sapp.py
+++ b/apps/applications/migrations/0005_k8sapp.py
@@ -0,0 +1,34 @@
 # Generated by Django 2.2.13 on 2020-08-07 07:13
 from django.db import migrations, models
 import uuid
 class Migration(migrations.Migration):
    dependencies = [
        ('applications', '0004_auto_20191218_1705'),
    ]
    operations = [
        migrations.CreateModel(
            name='K8sApp',
            fields=[
                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
                ('updated_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Updated by')),
                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
                ('name', models.CharField(max_length=128, verbose_name='Name')),
                ('type', models.CharField(choices=[('k8s', 'Kubernetes')], default='k8s', max_length=128, verbose_name='Type')),
                ('cluster', models.CharField(max_length=1024, verbose_name='Cluster')),
                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
            ],
            options={
                'verbose_name': 'KubernetesApp',
                'ordering': ('name',),
                'unique_together': {('org_id', 'name')},
            },
        ),
    ]
--- a/apps/applications/migrations/0006_application.py
+++ b/apps/applications/migrations/0006_application.py
@@ -0,0 +1,140 @@
 # Generated by Django 2.2.13 on 2020-10-19 12:01
 from django.db import migrations, models
 import django.db.models.deletion
 import django_mysql.models
 import uuid
 CATEGORY_DB_LIST = ['mysql', 'oracle', 'postgresql', 'mariadb']
 CATEGORY_REMOTE_LIST = ['chrome', 'mysql_workbench', 'vmware_client', 'custom']
 CATEGORY_CLOUD_LIST = ['k8s']
 CATEGORY_DB = 'db'
 CATEGORY_REMOTE = 'remote_app'
 CATEGORY_CLOUD = 'cloud'
 CATEGORY_LIST = [CATEGORY_DB, CATEGORY_REMOTE, CATEGORY_CLOUD]
 def get_application_category(old_app):
    _type = old_app.type
    if _type in CATEGORY_DB_LIST:
        category = CATEGORY_DB
    elif _type in CATEGORY_REMOTE_LIST:
        category = CATEGORY_REMOTE
    elif _type in CATEGORY_CLOUD_LIST:
        category = CATEGORY_CLOUD
    else:
        category = None
    return category
 def common_to_application_json(old_app):
    category = get_application_category(old_app)
    date_updated = old_app.date_updated if hasattr(old_app, 'date_updated') else old_app.date_created
    return {
        'id': old_app.id,
        'name': old_app.name,
        'type': old_app.type,
        'category': category,
        'comment': old_app.comment,
        'created_by': old_app.created_by,
        'date_created': old_app.date_created,
        'date_updated': date_updated,
        'org_id': old_app.org_id
    }
 def db_to_application_json(database):
    app_json = common_to_application_json(database)
    app_json.update({
        'attrs': {
            'host': database.host,
            'port': database.port,
            'database': database.database
        }
    })
    return app_json
 def remote_to_application_json(remote):
    app_json = common_to_application_json(remote)
    attrs = {
        'asset': str(remote.asset.id),
        'path': remote.path,
    }
    attrs.update(remote.params)
    app_json.update({
        'attrs': attrs
    })
    return app_json
 def k8s_to_application_json(k8s):
    app_json = common_to_application_json(k8s)
    app_json.update({
        'attrs': {
            'cluster': k8s.cluster
        }
    })
    return app_json
 def migrate_and_integrate_applications(apps, schema_editor):
    db_alias = schema_editor.connection.alias
    database_app_model = apps.get_model("applications", "DatabaseApp")
    remote_app_model = apps.get_model("applications", "RemoteApp")
    k8s_app_model = apps.get_model("applications", "K8sApp")
    database_apps = database_app_model.objects.using(db_alias).all()
    remote_apps = remote_app_model.objects.using(db_alias).all()
    k8s_apps = k8s_app_model.objects.using(db_alias).all()
    database_applications = [db_to_application_json(db_app) for db_app in database_apps]
    remote_applications = [remote_to_application_json(remote_app) for remote_app in remote_apps]
    k8s_applications = [k8s_to_application_json(k8s_app) for k8s_app in k8s_apps]
    applications_json = database_applications + remote_applications + k8s_applications
    application_model = apps.get_model("applications", "Application")
    applications = [
        application_model(**application_json)
        for application_json in applications_json
        if application_json['category'] in CATEGORY_LIST
    ]
    for application in applications:
        if application_model.objects.using(db_alias).filter(name=application.name).exists():
            application.name = '{}-{}'.format(application.name, application.type)
        application.save()
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0057_fill_node_value_assets_amount_and_parent_key'),
        ('applications', '0005_k8sapp'),
    ]
    operations = [
        migrations.CreateModel(
            name='Application',
            fields=[
                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
                ('name', models.CharField(max_length=128, verbose_name='Name')),
                ('category', models.CharField(choices=[('db', 'Database'), ('remote_app', 'Remote app'), ('cloud', 'Cloud')], max_length=16, verbose_name='Category')),
                ('type', models.CharField(choices=[('mysql', 'MySQL'), ('oracle', 'Oracle'), ('postgresql', 'PostgreSQL'), ('mariadb', 'MariaDB'), ('chrome', 'Chrome'), ('mysql_workbench', 'MySQL Workbench'), ('vmware_client', 'vSphere Client'), ('custom', 'Custom'), ('k8s', 'Kubernetes')], max_length=16, verbose_name='Type')),
                ('attrs', django_mysql.models.JSONField(default=dict)),
                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
                ('domain', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='applications', to='assets.Domain', verbose_name='Domain')),
            ],
            options={
                'ordering': ('name',),
                'unique_together': {('org_id', 'name')},
            },
        ),
        migrations.RunPython(migrate_and_integrate_applications),
    ]
--- a/apps/applications/migrations/0007_auto_20201119_1110.py
+++ b/apps/applications/migrations/0007_auto_20201119_1110.py
@@ -0,0 +1,18 @@
 # Generated by Django 3.1 on 2020-11-19 03:10
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('applications', '0006_application'),
    ]
    operations = [
        migrations.AlterField(
            model_name='application',
            name='attrs',
            field=models.JSONField(),
        ),
    ]
--- a/apps/applications/models/init.py
+++ b/apps/applications/models/init.py
@@ -1,2 +1,4 @@
 from .application import *
 from .remote_app import *
 from .database_app import *
 from .k8s_app import *
--- a/apps/applications/models/application.py
+++ b/apps/applications/models/application.py
@@ -0,0 +1,140 @@
 from itertools import chain
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.models import OrgModelMixin
 from common.mixins import CommonModelMixin
 from common.db.models import ChoiceSet
 class DBType(ChoiceSet):
    mysql = 'mysql', 'MySQL'
    oracle = 'oracle', 'Oracle'
    pgsql = 'postgresql', 'PostgreSQL'
    mariadb = 'mariadb', 'MariaDB'
    @classmethod
    def get_type_serializer_cls_mapper(cls):
        from ..serializers import database_app
        mapper = {
            cls.mysql: database_app.MySQLAttrsSerializer,
            cls.oracle: database_app.OracleAttrsSerializer,
            cls.pgsql: database_app.PostgreAttrsSerializer,
            cls.mariadb: database_app.MariaDBAttrsSerializer,
        }
        return mapper
 class RemoteAppType(ChoiceSet):
    chrome = 'chrome', 'Chrome'
    mysql_workbench = 'mysql_workbench', 'MySQL Workbench'
    vmware_client = 'vmware_client',  'vSphere Client'
    custom = 'custom', _('Custom')
    @classmethod
    def get_type_serializer_cls_mapper(cls):
        from ..serializers import remote_app
        mapper = {
            cls.chrome: remote_app.ChromeAttrsSerializer,
            cls.mysql_workbench: remote_app.MySQLWorkbenchAttrsSerializer,
            cls.vmware_client: remote_app.VMwareClientAttrsSerializer,
            cls.custom: remote_app.CustomRemoteAppAttrsSeralizers,
        }
        return mapper
 class CloudType(ChoiceSet):
    k8s = 'k8s', 'Kubernetes'
    @classmethod
    def get_type_serializer_cls_mapper(cls):
        from ..serializers import k8s_app
        mapper = {
            cls.k8s: k8s_app.K8sAttrsSerializer,
        }
        return mapper
 class Category(ChoiceSet):
    db = 'db', _('Database')
    remote_app = 'remote_app', _('Remote app')
    cloud = 'cloud', 'Cloud'
    @classmethod
    def get_category_type_mapper(cls):
        return {
            cls.db: DBType,
            cls.remote_app: RemoteAppType,
            cls.cloud: CloudType
        }
    @classmethod
    def get_category_type_choices_mapper(cls):
        return {
            name: tp.choices
            for name, tp in cls.get_category_type_mapper().items()
        }
    @classmethod
    def get_type_choices(cls, category):
        return cls.get_category_type_choices_mapper().get(category, [])
    @classmethod
    def get_all_type_choices(cls):
        all_grouped_choices = tuple(cls.get_category_type_choices_mapper().values())
        return tuple(chain(*all_grouped_choices))
    @classmethod
    def get_all_type_serializer_mapper(cls):
        mapper = {}
        for tp in cls.get_category_type_mapper().values():
            mapper.update(tp.get_type_serializer_cls_mapper())
        return mapper
    @classmethod
    def get_type_serializer_cls(cls, tp):
        mapper = cls.get_all_type_serializer_mapper()
        return mapper.get(tp, None)
    @classmethod
    def get_category_serializer_mapper(cls):
        from ..serializers import remote_app, database_app, k8s_app
        return {
            cls.db: database_app.DBAttrsSerializer,
            cls.remote_app: remote_app.RemoteAppAttrsSerializer,
            cls.cloud: k8s_app.CloudAttrsSerializer,
        }
    @classmethod
    def get_category_serializer_cls(cls, cg):
        mapper = cls.get_category_serializer_mapper()
        return mapper.get(cg, None)
    @classmethod
    def get_no_password_serializer_cls(cls):
        from ..serializers import common
        return common.NoPasswordSerializer
 class Application(CommonModelMixin, OrgModelMixin):
    name = models.CharField(max_length=128, verbose_name=_('Name'))
    domain = models.ForeignKey('assets.Domain', null=True, blank=True, related_name='applications', verbose_name=_("Domain"), on_delete=models.SET_NULL)
    category = models.CharField(max_length=16, choices=Category.choices, verbose_name=_('Category'))
    type = models.CharField(max_length=16, choices=Category.get_all_type_choices(), verbose_name=_('Type'))
    attrs = models.JSONField()
    comment = models.TextField(
        max_length=128, default='', blank=True, verbose_name=_('Comment')
    )
    class Meta:
        unique_together = [('org_id', 'name')]
        ordering = ('name',)
    def __str__(self):
        category_display = self.get_category_display()
        type_display = self.get_type_display()
        return f'{self.name}({type_display})[{category_display}]'
    def category_is_remote_app(self):
        return self.category == Category.remote_app
--- a/apps/applications/models/k8s_app.py
+++ b/apps/applications/models/k8s_app.py
@@ -0,0 +1,27 @@
 from django.utils.translation import gettext_lazy as _
 from common.db import models
 from orgs.mixins.models import OrgModelMixin
 class K8sApp(OrgModelMixin, models.JMSModel):
    class TYPE(models.ChoiceSet):
        K8S = 'k8s', _('Kubernetes')
    name = models.CharField(max_length=128, verbose_name=_('Name'))
    type = models.CharField(
        default=TYPE.K8S, choices=TYPE.choices,
        max_length=128, verbose_name=_('Type')
    )
    cluster = models.CharField(max_length=1024, verbose_name=_('Cluster'))
    comment = models.TextField(
        max_length=128, default='', blank=True, verbose_name=_('Comment')
    )
    def __str__(self):
        return self.name
    class Meta:
        unique_together = [('org_id', 'name'), ]
        verbose_name = _('KubernetesApp')
        ordering = ('name', )
--- a/apps/applications/serializers/init.py
+++ b/apps/applications/serializers/init.py
@@ -1,2 +1,5 @@
 from .application import *
 from .remote_app import *
 from .database_app import *
 from .k8s_app import *
 from .common import *
--- a/apps/applications/serializers/application.py
+++ b/apps/applications/serializers/application.py
@@ -0,0 +1,42 @@
 # coding: utf-8
 #
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from .. import models
 __all__ = [
    'ApplicationSerializer',
 ]
 class ApplicationSerializer(BulkOrgResourceModelSerializer):
    category_display = serializers.ReadOnlyField(source='get_category_display', label=_('Category'))
    type_display = serializers.ReadOnlyField(source='get_type_display', label=_('Type'))
    class Meta:
        model = models.Application
        fields = [
            'id', 'name', 'category', 'category_display', 'type', 'type_display', 'attrs',
            'domain', 'created_by', 'date_created', 'date_updated', 'comment'
        ]
        read_only_fields = [
            'created_by', 'date_created', 'date_updated', 'get_type_display',
        ]
    def create(self, validated_data):
        validated_data['attrs'] = validated_data.pop('attrs', {})
        instance = super().create(validated_data)
        return instance
    def update(self, instance, validated_data):
        new_attrs = validated_data.pop('attrs', {})
        instance = super().update(instance, validated_data)
        attrs = instance.attrs
        attrs.update(new_attrs)
        instance.attrs = attrs
        instance.save()
        return instance
--- a/apps/applications/serializers/common.py
+++ b/apps/applications/serializers/common.py
@@ -0,0 +1,11 @@
 from rest_framework import serializers
 class NoPasswordSerializer(serializers.JSONField):
    def to_representation(self, value):
        new_value = {}
        for k, v in value.items():
            if 'password' not in k:
                new_value[k] = v
        return new_value
--- a/apps/applications/serializers/database_app.py
+++ b/apps/applications/serializers/database_app.py
@@ -1,14 +1,35 @@
 # coding: utf-8
 #
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from common.serializers import AdaptedBulkListSerializer
 from .. import models
-__all__ = [
+
-    'DatabaseAppSerializer',
+class DBAttrsSerializer(serializers.Serializer):
-]
+    host = serializers.CharField(max_length=128, label=_('Host'))
    port = serializers.IntegerField(label=_('Port'))
    # 添加allow_null=True，兼容之前数据库中database字段为None的情况
    database = serializers.CharField(max_length=128, required=True, allow_null=True, label=_('Database'))
 class MySQLAttrsSerializer(DBAttrsSerializer):
    port = serializers.IntegerField(default=3306, label=_('Port'))
 class PostgreAttrsSerializer(DBAttrsSerializer):
    port = serializers.IntegerField(default=5432, label=_('Port'))
 class OracleAttrsSerializer(DBAttrsSerializer):
    port = serializers.IntegerField(default=1521, label=_('Port'))
 class MariaDBAttrsSerializer(MySQLAttrsSerializer):
    pass
 class DatabaseAppSerializer(BulkOrgResourceModelSerializer):
@@ -24,3 +45,6 @@ class DatabaseAppSerializer(BulkOrgResourceModelSerializer):
            'created_by', 'date_created', 'date_updated'
            'get_type_display',
        ]
        extra_kwargs = {
            'get_type_display': {'label': _('Type for display')},
        }
--- a/apps/applications/serializers/k8s_app.py
+++ b/apps/applications/serializers/k8s_app.py
@@ -0,0 +1,27 @@
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from .. import models
 class CloudAttrsSerializer(serializers.Serializer):
    cluster = serializers.CharField(max_length=1024, label=_('Cluster'))
 class K8sAttrsSerializer(CloudAttrsSerializer):
    pass
 class K8sAppSerializer(BulkOrgResourceModelSerializer):
    type_display = serializers.CharField(source='get_type_display', read_only=True, label=_('Type for display'))
    class Meta:
        model = models.K8sApp
        fields = [
            'id', 'name', 'type', 'type_display', 'comment', 'created_by',
            'date_created', 'date_updated', 'cluster'
        ]
        read_only_fields = [
            'id', 'created_by', 'date_created', 'date_updated',
        ]
--- a/apps/applications/serializers/remote_app.py
+++ b/apps/applications/serializers/remote_app.py
@@ -2,21 +2,138 @@
 #
 import copy
 from django.utils.translation import ugettext_lazy as _
 from django.core.exceptions import ObjectDoesNotExist
 from rest_framework import serializers
 from common.serializers import AdaptedBulkListSerializer
 from common.fields.serializer import CustomMetaDictField
 from common.utils import get_logger
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from assets.models import Asset
 from .. import const
-from ..models import RemoteApp
+from ..models import RemoteApp, Category, Application
 logger = get_logger(__file__)
-__all__ = [
+class CharPrimaryKeyRelatedField(serializers.PrimaryKeyRelatedField):
-    'RemoteAppSerializer', 'RemoteAppConnectionInfoSerializer',
+
-]
+    def to_internal_value(self, data):
        instance = super().to_internal_value(data)
        return str(instance.id)
    def to_representation(self, value):
        # value is instance.id
        if self.pk_field is not None:
            return self.pk_field.to_representation(value)
        return value
 class RemoteAppAttrsSerializer(serializers.Serializer):
    asset_info = serializers.SerializerMethodField()
    asset = CharPrimaryKeyRelatedField(queryset=Asset.objects, required=False, label=_("Asset"))
    path = serializers.CharField(max_length=128, label=_('Application path'))
    @staticmethod
    def get_asset_info(obj):
        asset_info = {}
        asset_id = obj.get('asset')
        if not asset_id:
            return asset_info
        try:
            asset = Asset.objects.get(id=asset_id)
            asset_info.update({
                'id': str(asset.id),
                'hostname': asset.hostname
            })
        except ObjectDoesNotExist as e:
            logger.error(e)
        return asset_info
 class ChromeAttrsSerializer(RemoteAppAttrsSerializer):
    REMOTE_APP_PATH = 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'
    path = serializers.CharField(max_length=128, label=_('Application path'), default=REMOTE_APP_PATH)
    chrome_target = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Target URL'))
    chrome_username = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Username'))
    chrome_password = serializers.CharField(max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'))
 class MySQLWorkbenchAttrsSerializer(RemoteAppAttrsSerializer):
    REMOTE_APP_PATH = 'C:\Program Files\MySQL\MySQL Workbench 8.0 CE\MySQLWorkbench.exe'
    path = serializers.CharField(max_length=128, label=_('Application path'), default=REMOTE_APP_PATH)
    mysql_workbench_ip = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('IP'))
    mysql_workbench_port = serializers.IntegerField(required=False, label=_('Port'))
    mysql_workbench_name = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Database'))
    mysql_workbench_username = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Username'))
    mysql_workbench_password = serializers.CharField(max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'))
 class VMwareClientAttrsSerializer(RemoteAppAttrsSerializer):
    REMOTE_APP_PATH = 'C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe'
    path = serializers.CharField(max_length=128, label=_('Application path'), default=REMOTE_APP_PATH)
    vmware_target = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Target URL'))
    vmware_username = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Username'))
    vmware_password = serializers.CharField(max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'))
 class CustomRemoteAppAttrsSeralizers(RemoteAppAttrsSerializer):
    custom_cmdline = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Operating parameter'))
    custom_target = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Target url'))
    custom_username = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Username'))
    custom_password = serializers.CharField(max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'))
 class RemoteAppConnectionInfoSerializer(serializers.ModelSerializer):
    parameter_remote_app = serializers.SerializerMethodField()
    asset = serializers.SerializerMethodField()
    class Meta:
        model = Application
        fields = [
            'id', 'name', 'asset', 'parameter_remote_app',
        ]
        read_only_fields = ['parameter_remote_app']
    @staticmethod
    def get_parameters(obj):
        """
        返回Guacamole需要的RemoteApp配置参数信息中的parameters参数
        """
        serializer_cls = Category.get_type_serializer_cls(obj.type)
        fields = serializer_cls().get_fields()
        fields.pop('asset', None)
        fields_name = list(fields.keys())
        attrs = obj.attrs
        _parameters = list()
        _parameters.append(obj.type)
        for field_name in list(fields_name):
            value = attrs.get(field_name, None)
            if not value:
                continue
            if field_name == 'path':
                value = '\"%s\"' % value
            _parameters.append(str(value))
        _parameters = ' '.join(_parameters)
        return _parameters
    def get_parameter_remote_app(self, obj):
        parameters = self.get_parameters(obj)
        parameter = {
            'program': const.REMOTE_APP_BOOT_PROGRAM_NAME,
            'working_directory': '',
            'parameters': parameters,
        }
        return parameter
    @staticmethod
    def get_asset(obj):
        return obj.attrs.get('asset')
 # TODO: DELETE
 class RemoteAppParamsDictField(CustomMetaDictField):
    type_fields_map = const.REMOTE_APP_TYPE_FIELDS_MAP
    default_type = const.REMOTE_APP_TYPE_CHROME
@@ -24,8 +141,9 @@ class RemoteAppParamsDictField(CustomMetaDictField):
    convert_key_to_upper = False
 # TODO: DELETE
 class RemoteAppSerializer(BulkOrgResourceModelSerializer):
-    params = RemoteAppParamsDictField()
+    params = RemoteAppParamsDictField(label=_('Parameters'))
    type_fields_map = const.REMOTE_APP_TYPE_FIELDS_MAP
    class Meta:
@@ -39,6 +157,10 @@ class RemoteAppSerializer(BulkOrgResourceModelSerializer):
            'created_by', 'date_created', 'asset_info',
            'get_type_display'
        ]
        extra_kwargs = {
            'asset_info': {'label': _('Asset info')},
            'get_type_display': {'label': _('Type for display')},
        }
    def process_params(self, instance, validated_data):
        new_params = copy.deepcopy(validated_data.get('params', {}))
@@ -66,21 +188,3 @@ class RemoteAppSerializer(BulkOrgResourceModelSerializer):
        return super().update(instance, validated_data)
 class RemoteAppConnectionInfoSerializer(serializers.ModelSerializer):
    parameter_remote_app = serializers.SerializerMethodField()
    class Meta:
        model = RemoteApp
        fields = [
            'id', 'name', 'asset', 'parameter_remote_app',
        ]
        read_only_fields = ['parameter_remote_app']
    @staticmethod
    def get_parameter_remote_app(obj):
        parameter = {
            'program': const.REMOTE_APP_BOOT_PROGRAM_NAME,
            'working_directory': '',
            'parameters': obj.parameters,
        }
        return parameter
--- a/apps/applications/templates/applications/database_app_create_update.html
+++ b/apps/applications/templates/applications/database_app_create_update.html
@@ -1,55 +0,0 @@
 {% extends '_base_create_update.html' %}
 {% load static %}
 {% load bootstrap3 %}
 {% load i18n %}
 {% block form %}
    <form id="DatabaseAppForm" method="post" class="form-horizontal">
        {% bootstrap_form form layout="horizontal" %}
        <div class="hr-line-dashed"></div>
        <div class="form-group">
            <div class="col-sm-4 col-sm-offset-2">
                <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
                <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
            </div>
        </div>
    </form>
 {% endblock %}
 {% block custom_foot_js %}
 <script type="text/javascript">
 var app_type_id = '#' + '{{ form.type.id_for_label }}';
 function getFormDataType(){
    return $(app_type_id+ " option:selected").val();
 }
 function getFormData(form){
    var data = form.serializeObject();
    data['type'] = getFormDataType();
    return data
 }
 $(document).ready(function () {
 })
 .on("submit", "form", function (evt) {
    evt.preventDefault();
    var the_url = '{% url "api-applications:database-app-list" %}';
    var redirect_to = '{% url "applications:database-app-list" %}';
    var method = "POST";
    {% if api_action == "update" %}
        the_url = '{% url "api-applications:database-app-detail" object.id %}';
        method = "PUT";
    {% endif %}
    var form = $("form");
    var data = getFormData(form);
    var props = {
        url: the_url,
        data: data,
        method: method,
        form: form,
        redirect_to: redirect_to
    };
    formSubmit(props);
 });
 </script>
 {% endblock %}
--- a/apps/applications/templates/applications/database_app_detail.html
+++ b/apps/applications/templates/applications/database_app_detail.html
@@ -1,103 +0,0 @@
 {% extends 'base.html' %}
 {% load static %}
 {% load i18n %}
 {% block content %}
    <div class="wrapper wrapper-content animated fadeInRight">
        <div class="row">
            <div class="col-sm-12">
                <div class="ibox float-e-margins">
                    <div class="panel-options">
                        <ul class="nav nav-tabs">
                            <li class="active">
                                <a href="{% url 'applications:database-app-detail' pk=database_app.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
                            </li>
                            <li class="pull-right">
                                <a class="btn btn-outline btn-default" href="{% url 'applications:database-app-update' pk=database_app.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
                            </li>
                            <li class="pull-right">
                                <a class="btn btn-outline btn-danger btn-delete-application">
                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
                                </a>
                            </li>
                        </ul>
                    </div>
                    <div class="tab-content">
                        <div class="col-sm-8" style="padding-left: 0;">
                            <div class="ibox float-e-margins">
                                <div class="ibox-title">
                                    <span class="label"><b>{{ database_app.name }}</b></span>
                                    <div class="ibox-tools">
                                        <a class="collapse-link">
                                            <i class="fa fa-chevron-up"></i>
                                        </a>
                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
                                            <i class="fa fa-wrench"></i>
                                        </a>
                                        <ul class="dropdown-menu dropdown-user">
                                        </ul>
                                        <a class="close-link">
                                            <i class="fa fa-times"></i>
                                        </a>
                                    </div>
                                </div>
                                <div class="ibox-content">
                                    <table class="table">
                                        <tbody>
                                        <tr class="no-borders-tr">
                                            <td>{% trans 'Name' %}:</td>
                                            <td><b>{{ database_app.name }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Type' %}:</td>
                                            <td><b>{{ database_app.get_type_display }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Host' %}:</td>
                                            <td><b>{{ database_app.host }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Port' %}:</td>
                                            <td><b>{{ database_app.port }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Database' %}:</td>
                                            <td><b>{{ database_app.database }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Date created' %}:</td>
                                            <td><b>{{ database_app.date_created }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Created by' %}:</td>
                                            <td><b>{{ database_app.created_by  }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Comment' %}:</td>
                                            <td><b>{{ database_app.comment }}</b></td>
                                        </tr>
                                        </tbody>
                                    </table>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
 {% endblock %}
 {% block custom_foot_js %}
 <script>
 $(document).ready(function () {
 })
 .on('click', '.btn-delete-application', function () {
    var $this = $(this);
    var name = "{{ database_app.name }}";
    var rid = "{{ database_app.id }}";
    var the_url = '{% url "api-applications:database-app-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', rid);
    var redirect_url = "{% url 'applications:database-app-list' %}";
    objectDelete($this, name, the_url, redirect_url);
 })
 </script>
 {% endblock %}
--- a/apps/applications/templates/applications/database_app_list.html
+++ b/apps/applications/templates/applications/database_app_list.html
@@ -1,88 +0,0 @@
 {% extends '_base_list.html' %}
 {% load i18n static %}
 {% block help_message %}
 {% endblock %}
 {% block table_search %}{% endblock %}
 {% block table_container %}
    <div class="btn-group uc pull-left m-r-5">
        <button data-toggle="dropdown" class="btn btn-primary btn-sm dropdown-toggle">
            {% trans "Create DatabaseApp" %}
            <span class="caret"></span></button>
        <ul class="dropdown-menu">
            {% for key, value in type_choices %}
                <li><a class="" href="{% url 'applications:database-app-create' %}?type={{ key }}">{{ value }}</a></li>
            {% endfor %}
        </ul>
    </div>
    <table class="table table-striped table-bordered table-hover " id="database_app_list_table" >
        <thead>
        <tr>
            <th class="text-center">
                <input type="checkbox" id="check_all" class="ipt_check_all" >
            </th>
            <th class="text-center">{% trans 'Name' %}</th>
            <th class="text-center">{% trans 'Type' %}</th>
            <th class="text-center">{% trans 'Host' %}</th>
            <th class="text-center">{% trans 'Port' %}</th>
            <th class="text-center">{% trans 'Database' %}</th>
            <th class="text-center">{% trans 'Comment' %}</th>
            <th class="text-center">{% trans 'Action' %}</th>
        </tr>
        </thead>
        <tbody>
        </tbody>
    </table>
 {% endblock %}
 {% block content_bottom_left %}{% endblock %}
 {% block custom_foot_js %}
 <script>
 function initTable() {
    var options = {
        ele: $('#database_app_list_table'),
        columnDefs: [
            {targets: 1, createdCell: function (td, cellData, rowData) {
                    cellData = htmlEscape(cellData);
                    {% url 'applications:database-app-detail' pk=DEFAULT_PK as the_url  %}
                    var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
                    $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
                }},
            {targets: 2, createdCell: function (td, cellData, rowData) {
                    $(td).html(rowData.get_type_display)
                }},
            {targets: 7, createdCell: function (td, cellData, rowData) {
                    var update_btn = '<a href="{% url "applications:database-app-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
                    var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-rid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
                    $(td).html(update_btn + del_btn)
                }}
        ],
        ajax_url: '{% url "api-applications:database-app-list" %}',
        columns: [
            {data: "id"},
            {data: "name" },
            {data: "type"},
            {data: "host"},
            {data: "port"},
            {data: "database"},
            {data: "comment"},
            {data: "id", orderable: false, width: "120px"}
        ],
        op_html: $('#actions').html()
    };
    jumpserver.initServerSideDataTable(options);
 }
 $(document).ready(function(){
    initTable();
 })
 .on('click', '.btn-delete', function () {
    var $this = $(this);
    var $data_table = $('#database_app_list_table').DataTable();
    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
    var rid = $this.data('rid');
    var the_url = '{% url "api-applications:database-app-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', rid);
    objectDelete($this, name, the_url);
    setTimeout( function () {
        $data_table.ajax.reload();
    }, 3000);
 });
 </script>
 {% endblock %}
--- a/apps/applications/templates/applications/remote_app_create_update.html
+++ b/apps/applications/templates/applications/remote_app_create_update.html
@@ -1,71 +0,0 @@
 {% extends '_base_create_update.html' %}
 {% load static %}
 {% load bootstrap3 %}
 {% load i18n %}
 {% block form %}
    <form id="RemoteAppForm" method="post" class="form-horizontal">
        {% bootstrap_form form layout="horizontal" %}
        <div class="hr-line-dashed"></div>
        <div class="form-group">
            <div class="col-sm-4 col-sm-offset-2">
                <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
                <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
            </div>
        </div>
    </form>
 {% endblock %}
 {% block custom_foot_js %}
 <script type="text/javascript">
 var app_type_id = '#' + '{{ form.type.id_for_label }}';
 function getFormDataType(){
    return $(app_type_id+ " option:selected").val();
 }
 function constructFormDataParams(data){
    var params = {};
    var type =data.type;
    for (var k in data){
        if (k.startsWith(type)){
            params[k] = data[k];
            delete data[k]
        }
    }
    return params
 }
 function getFormData(form){
    var data = form.serializeObject();
    data['type'] = getFormDataType();
    data['params'] = constructFormDataParams(data);
    return data
 }
 $(document).ready(function () {
    $('.select2').select2({
        closeOnSelect: true
    });
 }).on("submit", "form", function (evt) {
    evt.preventDefault();
    var the_url = '{% url "api-applications:remote-app-list" %}';
    var redirect_to = '{% url "applications:remote-app-list" %}';
    var method = "POST";
    {% if api_action == "update" %}
        the_url = '{% url "api-applications:remote-app-detail" object.id %}';
        method = "PUT";
    {% endif %}
    var form = $("form");
    var data = getFormData(form);
    var props = {
        url: the_url,
        data: data,
        method: method,
        form: form,
        redirect_to: redirect_to
     };
    formSubmit(props);
 })
 ;
 </script>
 {% endblock %}
--- a/apps/applications/templates/applications/remote_app_detail.html
+++ b/apps/applications/templates/applications/remote_app_detail.html
@@ -1,100 +0,0 @@
 {% extends 'base.html' %}
 {% load static %}
 {% load i18n %}
 {% block content %}
    <div class="wrapper wrapper-content animated fadeInRight">
        <div class="row">
            <div class="col-sm-12">
                <div class="ibox float-e-margins">
                    <div class="panel-options">
                        <ul class="nav nav-tabs">
                            <li class="active">
                                <a href="{% url 'applications:remote-app-detail' pk=remote_app.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
                            </li>
                            <li class="pull-right">
                                <a class="btn btn-outline btn-default" href="{% url 'applications:remote-app-update' pk=remote_app.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
                            </li>
                            <li class="pull-right">
                                <a class="btn btn-outline btn-danger btn-delete-application">
                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
                                </a>
                            </li>
                        </ul>
                    </div>
                    <div class="tab-content">
                        <div class="col-sm-8" style="padding-left: 0;">
                            <div class="ibox float-e-margins">
                                <div class="ibox-title">
                                    <span class="label"><b>{{ remote_app.name }}</b></span>
                                    <div class="ibox-tools">
                                        <a class="collapse-link">
                                            <i class="fa fa-chevron-up"></i>
                                        </a>
                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
                                            <i class="fa fa-wrench"></i>
                                        </a>
                                        <ul class="dropdown-menu dropdown-user">
                                        </ul>
                                        <a class="close-link">
                                            <i class="fa fa-times"></i>
                                        </a>
                                    </div>
                                </div>
                                <div class="ibox-content">
                                    <table class="table">
                                        <tbody>
                                        <tr class="no-borders-tr">
                                            <td>{% trans 'Name' %}:</td>
                                            <td><b>{{ remote_app.name }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Asset' %}:</td>
                                            <td><b><a href="{% url 'assets:asset-detail' pk=remote_app.asset.id %}">{{ remote_app.asset.hostname }}</a></b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'App type' %}:</td>
                                            <td><b>{{ remote_app.get_type_display }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'App path' %}:</td>
                                            <td><b>{{ remote_app.path }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Date created' %}:</td>
                                            <td><b>{{ remote_app.date_created }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Created by' %}:</td>
                                            <td><b>{{ remote_app.created_by  }}</b></td>
                                        </tr>
                                        <tr>
                                            <td>{% trans 'Comment' %}:</td>
                                            <td><b>{{ remote_app.comment }}</b></td>
                                        </tr>
                                        </tbody>
                                    </table>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
 {% endblock %}
 {% block custom_foot_js %}
 <script>
 jumpserver.nodes_selected = {};
 $(document).ready(function () {
 })
 .on('click', '.btn-delete-application', function () {
    var $this = $(this);
    var name = "{{ remote_app.name }}";
    var rid = "{{ remote_app.id }}";
    var the_url = '{% url "api-applications:remote-app-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', rid);
    var redirect_url = "{% url 'applications:remote-app-list' %}";
    objectDelete($this, name, the_url, redirect_url);
 })
 </script>
 {% endblock %}
--- a/apps/applications/templates/applications/remote_app_list.html
+++ b/apps/applications/templates/applications/remote_app_list.html
@@ -1,92 +0,0 @@
 {% extends '_base_list.html' %}
 {% load i18n static %}
 {% block help_message %}
    {% trans 'Before using this feature, make sure that the application loader has been uploaded to the application server and successfully published as a RemoteApp application' %}
    <b><a href="https://github.com/jumpserver/Jmservisor/releases" target="view_window" >{% trans 'Download application loader' %}</a></b>
 {% endblock %}
 {% block table_search %}{% endblock %}
 {% block table_container %}
    <div class="btn-group uc pull-left m-r-5">
        <button data-toggle="dropdown" class="btn btn-primary btn-sm dropdown-toggle">
            {% trans "Create RemoteApp" %}
            <span class="caret"></span></button>
        <ul class="dropdown-menu">
            {% for key, value in type_choices %}
                <li><a class="" href="{% url 'applications:remote-app-create' %}?type={{ key }}">{{ value }}</a></li>
            {% endfor %}
        </ul>
    </div>
    <table class="table table-striped table-bordered table-hover " id="remote_app_list_table" >
        <thead>
        <tr>
            <th class="text-center">
                <input type="checkbox" id="check_all" class="ipt_check_all" >
            </th>
            <th class="text-center">{% trans 'Name' %}</th>
            <th class="text-center">{% trans 'App type' %}</th>
            <th class="text-center">{% trans 'Asset' %}</th>
            <th class="text-center">{% trans 'Comment' %}</th>
            <th class="text-center">{% trans 'Action' %}</th>
        </tr>
        </thead>
        <tbody>
        </tbody>
    </table>
 {% endblock %}
 {% block content_bottom_left %}{% endblock %}
 {% block custom_foot_js %}
 <script>
 function initTable() {
    var options = {
        ele: $('#remote_app_list_table'),
        columnDefs: [
            {targets: 1, createdCell: function (td, cellData, rowData) {
                    cellData = htmlEscape(cellData);
                    {% url 'applications:remote-app-detail' pk=DEFAULT_PK as the_url  %}
                    var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
                    $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
                }},
            {targets: 3, createdCell: function (td, cellData, rowData) {
                    var hostname = htmlEscape(cellData.hostname);
                    var detail_btn = '<a href="{% url 'assets:asset-detail' pk=DEFAULT_PK %}">' + hostname + '</a>';
                    $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', cellData.id));
                }},
            {targets: 3, createdCell: function (td, cellData, rowData) {
                    var comment = htmlEscape(cellData);
                    $(td).html(comment)
                }},
            {targets: 5, createdCell: function (td, cellData, rowData) {
                    var update_btn = '<a href="{% url "applications:remote-app-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
                    var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-rid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
                    $(td).html(update_btn + del_btn)
                }}
        ],
        ajax_url: '{% url "api-applications:remote-app-list" %}',
        columns: [
            {data: "id"},
            {data: "name" },
            {data: "get_type_display", orderable: false},
            {data: "asset_info", orderable: false},
            {data: "comment"},
            {data: "id", orderable: false, width: "120px"}
        ],
        op_html: $('#actions').html()
    };
    jumpserver.initServerSideDataTable(options);
 }
 $(document).ready(function(){
    initTable();
 })
 .on('click', '.btn-delete', function () {
    var $this = $(this);
    var $data_table = $('#remote_app_list_table').DataTable();
    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
    var rid = $this.data('rid');
    var the_url = '{% url "api-applications:remote-app-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', rid);
    objectDelete($this, name, the_url);
    setTimeout( function () {
        $data_table.ajax.reload();
    }, 3000);
 });
 </script>
 {% endblock %}
--- a/apps/applications/templates/applications/user_database_app_list.html
+++ b/apps/applications/templates/applications/user_database_app_list.html
@@ -1,83 +0,0 @@
 {% extends 'base.html' %}
 {% load i18n static %}
 {% block custom_head_css_js %}
    <script src="{% static 'js/jquery.form.min.js' %}"></script>
 {% endblock %}
 {% block content %}
 <div class="mail-box-header">
    <table class="table table-striped table-bordered table-hover " id="database_app_list_table" >
        <thead>
        <tr>
            <th class="text-center">
                <input type="checkbox" id="check_all" class="ipt_check_all" >
            </th>
            <th class="text-center">{% trans 'Name' %}</th>
            <th class="text-center">{% trans 'Type' %}</th>
            <th class="text-center">{% trans 'Host' %}</th>
            <th class="text-center">{% trans 'Database' %}</th>
            <th class="text-center">{% trans 'Comment' %}</th>
            <th class="text-center">{% trans 'Action' %}</th>
        </tr>
        </thead>
        <tbody>
        </tbody>
    </table>
 </div>
 {% endblock %}
 {% block custom_foot_js %}
 <script>
 var inited = false;
 var database_app_table, url;
 function initTable() {
    if (inited){
        return
    } else {
        inited = true;
    }
    url = '{% url "api-perms:my-database-apps" %}';
    var options = {
        ele: $('#database_app_list_table'),
        columnDefs: [
            {targets: 1, createdCell: function (td, cellData, rowData) {
                    var name = htmlEscape(cellData);
                    $(td).html(name)
                }},
            {targets: 2, createdCell: function (td, cellData, rowData) {
                    var type = htmlEscape(rowData.get_type_display);
                    $(td).html(type);
                }},
            {targets: 3, createdCell: function (td, cellData, rowData) {
                    var host = htmlEscape(cellData);
                    $(td).html(host);
                }},
            {targets: 4, createdCell: function (td, cellData, rowData) {
                    var database = htmlEscape(cellData);
                    $(td).html(database);
                }},
            {targets: 6, createdCell: function (td, cellData, rowData) {
                    var conn_btn = '<a href="{% url "luna-view" %}?type=database_app&login_to=' +  cellData +'" class="btn btn-xs btn-primary" target="_blank">{% trans "Connect" %}</a>';
                    $(td).html(conn_btn)
                }}
        ],
        ajax_url: url,
        columns: [
            {data: "id"},
            {data: "name"},
            {data: "type"},
            {data: "host"},
            {data: "database"},
            {data: "comment", orderable: false},
            {data: "id", orderable: false}
        ]
    };
    database_app_table = jumpserver.initServerSideDataTable(options);
    return database_app_table
 }
 $(document).ready(function(){
    initTable();
 })
 </script>
 {% endblock %}
--- a/apps/applications/templates/applications/user_remote_app_list.html
+++ b/apps/applications/templates/applications/user_remote_app_list.html
@@ -1,73 +0,0 @@
 {% extends 'base.html' %}
 {% load i18n static %}
 {% block custom_head_css_js %}
    <script src="{% static 'js/jquery.form.min.js' %}"></script>
 {% endblock %}
 {% block content %}
 <div class="mail-box-header">
    <table class="table table-striped table-bordered table-hover " id="remote_app_list_table" >
        <thead>
        <tr>
            <th class="text-center">
                <input type="checkbox" id="check_all" class="ipt_check_all" >
            </th>
            <th class="text-center">{% trans 'Name' %}</th>
            <th class="text-center">{% trans 'App type' %}</th>
            <th class="text-center">{% trans 'Asset' %}</th>
            <th class="text-center">{% trans 'Comment' %}</th>
            <th class="text-center">{% trans 'Action' %}</th>
        </tr>
        </thead>
        <tbody>
        </tbody>
    </table>
 </div>
 {% endblock %}
 {% block custom_foot_js %}
 <script>
 var inited = false;
 var remote_app_table, url;
 function initTable() {
    if (inited){
        return
    } else {
        inited = true;
    }
    url = '{% url "api-perms:my-remote-apps" %}';
    var options = {
        ele: $('#remote_app_list_table'),
        columnDefs: [
            {targets: 1, createdCell: function (td, cellData, rowData) {
                    var name = htmlEscape(cellData);
                    $(td).html(name)
                }},
            {targets: 3, createdCell: function (td, cellData, rowData) {
                    var hostname = htmlEscape(cellData.hostname);
                    $(td).html(hostname);
                }},
            {targets: 5, createdCell: function (td, cellData, rowData) {
                    var conn_btn = '<a href="{% url "luna-view" %}?type=remote_app&login_to=' +  cellData +'" class="btn btn-xs btn-primary" target="_blank">{% trans "Connect" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
                    $(td).html(conn_btn)
                }}
        ],
        ajax_url: url,
        columns: [
            {data: "id"},
            {data: "name"},
            {data: "get_type_display", orderable: false},
            {data: "asset_info", orderable: false},
            {data: "comment", orderable: false},
            {data: "id", orderable: false}
        ]
    };
    remote_app_table = jumpserver.initServerSideDataTable(options);
    return remote_app_table
 }
 $(document).ready(function(){
    initTable();
 })
 </script>
 {% endblock %}
--- a/apps/applications/urls/api_urls.py
+++ b/apps/applications/urls/api_urls.py
@@ -10,8 +10,10 @@ from .. import api
 app_name = 'applications'
 router = BulkRouter()
 router.register(r'applications', api.ApplicationViewSet, 'application')
 router.register(r'remote-apps', api.RemoteAppViewSet, 'remote-app')
 router.register(r'database-apps', api.DatabaseAppViewSet, 'database-app')
 router.register(r'k8s-apps', api.K8sAppViewSet, 'k8s-app')
 urlpatterns = [
    path('remote-apps/<uuid:pk>/connection-info/', api.RemoteAppConnectionInfoApi.as_view(), name='remote-app-connection-info'),
--- a/apps/applications/urls/views_urls.py
+++ b/apps/applications/urls/views_urls.py
@@ -1,23 +1,7 @@
 # coding:utf-8
 from django.urls import path
 from .. import views
 app_name = 'applications'
 urlpatterns = [
    # RemoteApp
    path('remote-app/', views.RemoteAppListView.as_view(), name='remote-app-list'),
    path('remote-app/create/', views.RemoteAppCreateView.as_view(), name='remote-app-create'),
    path('remote-app/<uuid:pk>/update/', views.RemoteAppUpdateView.as_view(), name='remote-app-update'),
    path('remote-app/<uuid:pk>/', views.RemoteAppDetailView.as_view(), name='remote-app-detail'),
    # User RemoteApp view
    path('user-remote-app/', views.UserRemoteAppListView.as_view(), name='user-remote-app-list'),
    path('database-app/', views.DatabaseAppListView.as_view(), name='database-app-list'),
    path('database-app/create/', views.DatabaseAppCreateView.as_view(), name='database-app-create'),
    path('database-app/<uuid:pk>/update/', views.DatabaseAppUpdateView.as_view(), name='database-app-update'),
    path('database-app/<uuid:pk>/', views.DatabaseAppDetailView.as_view(), name='database-app-detail'),
    # User DatabaseApp view
    path('user-database-app/', views.UserDatabaseAppListView.as_view(), name='user-database-app-list'),
 ]
--- a/apps/applications/views/init.py
+++ b/apps/applications/views/init.py
@@ -1,2 +0,0 @@
 from .remote_app import *
 from .database_app import *
--- a/apps/applications/views/database_app.py
+++ b/apps/applications/views/database_app.py
@@ -1,115 +0,0 @@
 # coding: utf-8
 #
 from django.http import Http404
 from django.views.generic import TemplateView
 from django.views.generic.edit import CreateView, UpdateView
 from django.utils.translation import ugettext_lazy as _
 from django.views.generic.detail import DetailView
 from common.permissions import PermissionsMixin, IsOrgAdmin, IsValidUser
 from .. import models, const, forms
 __all__ = [
    'DatabaseAppListView', 'DatabaseAppCreateView', 'DatabaseAppUpdateView',
    'DatabaseAppDetailView', 'UserDatabaseAppListView',
 ]
 class DatabaseAppListView(PermissionsMixin, TemplateView):
    template_name = 'applications/database_app_list.html'
    permission_classes = [IsOrgAdmin]
    def get_context_data(self, **kwargs):
        context = {
            'app': _("Application"),
            'action': _('DatabaseApp list'),
            'type_choices': const.DATABASE_APP_TYPE_CHOICES
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
 class BaseDatabaseAppCreateUpdateView:
    template_name = 'applications/database_app_create_update.html'
    model = models.DatabaseApp
    permission_classes = [IsOrgAdmin]
    default_type = const.DATABASE_APP_TYPE_MYSQL
    form_class = forms.DatabaseAppMySQLForm
    form_class_choices = {
        const.DATABASE_APP_TYPE_MYSQL: forms.DatabaseAppMySQLForm,
    }
    def get_initial(self):
        return {'type': self.get_type()}
    def get_type(self):
        return self.default_type
    def get_form_class(self):
        tp = self.get_type()
        form_class = self.form_class_choices.get(tp)
        if not form_class:
            raise Http404()
        return form_class
 class DatabaseAppCreateView(BaseDatabaseAppCreateUpdateView, CreateView):
    def get_type(self):
        tp = self.request.GET.get("type")
        if tp:
            return tp.lower()
        return super().get_type()
    def get_context_data(self, **kwargs):
        context = {
            'app': _('Applications'),
            'action': _('Create DatabaseApp'),
            'api_action': 'create'
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
 class DatabaseAppUpdateView(BaseDatabaseAppCreateUpdateView, UpdateView):
    def get_type(self):
        return self.object.type
    def get_context_data(self, **kwargs):
        context = {
            'app': _('Applications'),
            'action': _('Create DatabaseApp'),
            'api_action': 'update'
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
 class DatabaseAppDetailView(PermissionsMixin, DetailView):
    template_name = 'applications/database_app_detail.html'
    model = models.DatabaseApp
    context_object_name = 'database_app'
    permission_classes = [IsOrgAdmin]
    def get_context_data(self, **kwargs):
        context = {
            'app': _('Applications'),
            'action': _('DatabaseApp detail'),
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
 class UserDatabaseAppListView(PermissionsMixin, TemplateView):
    template_name = 'applications/user_database_app_list.html'
    permission_classes = [IsValidUser]
    def get_context_data(self, **kwargs):
        context = {
            'action': _('My DatabaseApp'),
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
--- a/apps/applications/views/remote_app.py
+++ b/apps/applications/views/remote_app.py
@@ -1,128 +0,0 @@
 #  coding: utf-8
 #
 from django.http import Http404
 from django.utils.translation import ugettext as _
 from django.views.generic import TemplateView
 from django.views.generic.edit import CreateView, UpdateView
 from django.views.generic.detail import DetailView
 from common.permissions import PermissionsMixin, IsOrgAdmin, IsValidUser
 from ..models import RemoteApp
 from .. import forms, const
 __all__ = [
    'RemoteAppListView', 'RemoteAppCreateView', 'RemoteAppUpdateView',
    'RemoteAppDetailView', 'UserRemoteAppListView',
 ]
 class RemoteAppListView(PermissionsMixin, TemplateView):
    template_name = 'applications/remote_app_list.html'
    permission_classes = [IsOrgAdmin]
    def get_context_data(self, **kwargs):
        context = {
            'app': _('Applications'),
            'action': _('RemoteApp list'),
            'type_choices': const.REMOTE_APP_TYPE_CHOICES,
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
 class BaseRemoteAppCreateUpdateView:
    template_name = 'applications/remote_app_create_update.html'
    model = RemoteApp
    permission_classes = [IsOrgAdmin]
    default_type = const.REMOTE_APP_TYPE_CHROME
    form_class = forms.RemoteAppChromeForm
    form_class_choices = {
        const.REMOTE_APP_TYPE_CHROME: forms.RemoteAppChromeForm,
        const.REMOTE_APP_TYPE_MYSQL_WORKBENCH: forms.RemoteAppMySQLWorkbenchForm,
        const.REMOTE_APP_TYPE_VMWARE_CLIENT: forms.RemoteAppVMwareForm,
        const.REMOTE_APP_TYPE_CUSTOM: forms.RemoteAppCustomForm
    }
    def get_initial(self):
        return {'type': self.get_type()}
    def get_type(self):
        return self.default_type
    def get_form_class(self):
        tp = self.get_type()
        form_class = self.form_class_choices.get(tp)
        if not form_class:
            raise Http404()
        return form_class
 class RemoteAppCreateView(BaseRemoteAppCreateUpdateView,
                          PermissionsMixin, CreateView):
    def get_context_data(self, **kwargs):
        context = {
            'app': _('Applications'),
            'action': _('Create RemoteApp'),
            'api_action': 'create'
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
    def get_type(self):
        tp = self.request.GET.get("type")
        if tp:
            return tp.lower()
        return super().get_type()
 class RemoteAppUpdateView(BaseRemoteAppCreateUpdateView,
                          PermissionsMixin, UpdateView):
    def get_initial(self):
        initial_data = super().get_initial()
        params = {k: v for k, v in self.object.params.items()}
        initial_data.update(params)
        return initial_data
    def get_type(self):
        return self.object.type
    def get_context_data(self, **kwargs):
        context = {
            'app': _('Applications'),
            'action': _('Update RemoteApp'),
            'api_action': 'update'
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
 class RemoteAppDetailView(PermissionsMixin, DetailView):
    template_name = 'applications/remote_app_detail.html'
    model = RemoteApp
    context_object_name = 'remote_app'
    permission_classes = [IsOrgAdmin]
    def get_context_data(self, **kwargs):
        context = {
            'app': _('Applications'),
            'action': _('RemoteApp detail'),
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
 class UserRemoteAppListView(PermissionsMixin, TemplateView):
    template_name = 'applications/user_remote_app_list.html'
    permission_classes = [IsValidUser]
    def get_context_data(self, **kwargs):
        context = {
            'action': _('My RemoteApp'),
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
--- a/apps/assets/api/init.py
+++ b/apps/assets/api/init.py
@@ -1,3 +1,4 @@
 from .mixin import *
 from .admin_user import *
 from .asset import *
 from .label import *
--- a/apps/assets/api/admin_user.py
+++ b/apps/assets/api/admin_user.py
@@ -1,17 +1,4 @@
-# ~*~ coding: utf-8 ~*~
+
 # Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
 #
 # Licensed under the GNU General Public License v2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #    http://www.gnu.org/licenses/gpl-2.0.html
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from django.db import transaction
 from django.db.models import Count
@@ -49,7 +36,7 @@ class AdminUserViewSet(OrgBulkModelViewSet):
    def get_queryset(self):
        queryset = super().get_queryset()
-        queryset = queryset.annotate(_assets_amount=Count('assets'))
+        queryset = queryset.annotate(assets_amount=Count('assets'))
        return queryset
    def destroy(self, request, *args, **kwargs):
@@ -107,7 +94,6 @@ class AdminUserAssetsListView(generics.ListAPIView):
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.AssetSimpleSerializer
    filter_fields = ("hostname", "ip")
    http_method_names = ['get']
    search_fields = filter_fields
    def get_object(self):
--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@@ -1,9 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-
+from assets.api import FilterAssetByNodeMixin
 import random
 from rest_framework.response import Response
 from rest_framework.viewsets import ModelViewSet
 from rest_framework.generics import RetrieveAPIView
 from django.shortcuts import get_object_or_404
@@ -17,7 +14,7 @@ from .. import serializers
 from ..tasks import (
    update_asset_hardware_info_manual, test_asset_connectivity_manual
 )
-from ..filters import AssetByNodeFilterBackend, LabelFilterBackend
+from ..filters import FilterAssetByNodeFilterBackend, LabelFilterBackend, IpInFilterBackend
 logger = get_logger(__file__)
@@ -28,12 +25,15 @@ __all__ = [
 ]
-class AssetViewSet(OrgBulkModelViewSet):
+class AssetViewSet(FilterAssetByNodeMixin, OrgBulkModelViewSet):
    """
    API endpoint that allows Asset to be viewed or edited.
    """
    model = Asset
-    filter_fields = ("hostname", "ip", "systemuser__id", "admin_user__id")
+    filter_fields = (
        "hostname", "ip", "systemuser__id", "admin_user__id", "platform__base",
        "is_active"
    )
    search_fields = ("hostname", "ip")
    ordering_fields = ("hostname", "ip", "port", "cpu_cores")
    serializer_classes = {
@@ -41,7 +41,7 @@ class AssetViewSet(OrgBulkModelViewSet):
        'display': serializers.AssetDisplaySerializer,
    }
    permission_classes = (IsOrgAdminOrAppUser,)
-    extra_filter_backends = [AssetByNodeFilterBackend, LabelFilterBackend]
+    extra_filter_backends = [FilterAssetByNodeFilterBackend, LabelFilterBackend, IpInFilterBackend]
    def set_assets_node(self, assets):
        if not isinstance(assets, list):
@@ -74,12 +74,16 @@ class AssetPlatformViewSet(ModelViewSet):
    queryset = Platform.objects.all()
    permission_classes = (IsSuperUser,)
    serializer_class = serializers.PlatformSerializer
-    filterset_fields = ['name', 'base']
+    filter_fields = ['name', 'base']
    search_fields = ['name']
    def get_permissions(self):
        if self.request.method.lower() in ['get', 'options']:
            self.permission_classes = (IsOrgAdmin,)
        return super().get_permissions()
    def check_object_permissions(self, request, obj):
-        if request.method.lower() in ['delete', 'put', 'patch'] and \
+        if request.method.lower() in ['delete', 'put', 'patch'] and obj.internal:
                obj.internal:
            self.permission_denied(
                request, message={"detail": "Internal platform"}
            )
@@ -111,7 +115,6 @@ class AssetTaskCreateApi(generics.CreateAPIView):
 class AssetGatewayListApi(generics.ListAPIView):
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.GatewayWithAuthSerializer
    model = Asset
    def get_queryset(self):
        asset_id = self.kwargs.get('pk')
--- a/apps/assets/api/asset_user.py
+++ b/apps/assets/api/asset_user.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 #
 import coreapi
 from django.conf import settings
 from rest_framework.response import Response
 from rest_framework import generics, filters
@@ -54,6 +55,15 @@ class AssetUserSearchBackend(filters.BaseFilterBackend):
 class AssetUserLatestFilterBackend(filters.BaseFilterBackend):
    def get_schema_fields(self, view):
        return [
            coreapi.Field(
                name='latest', location='query', required=False,
                type='string', example='1',
                description='Only the latest version'
            )
        ]
    def filter_queryset(self, request, queryset, view):
        latest = request.GET.get('latest') == '1'
        if latest:
@@ -64,7 +74,7 @@ class AssetUserLatestFilterBackend(filters.BaseFilterBackend):
 class AssetUserViewSet(CommonApiMixin, BulkModelViewSet):
    serializer_classes = {
        'default': serializers.AssetUserWriteSerializer,
-        'list': serializers.AssetUserReadSerializer,
+        'display': serializers.AssetUserReadSerializer,
        'retrieve': serializers.AssetUserReadSerializer,
    }
    permission_classes = [IsOrgAdminOrAppUser]
@@ -84,12 +94,15 @@ class AssetUserViewSet(CommonApiMixin, BulkModelViewSet):
    def get_object(self):
        pk = self.kwargs.get("pk")
        if pk is None:
            return
        queryset = self.get_queryset()
        obj = queryset.get(id=pk)
        return obj
    def get_exception_handler(self):
        def handler(e, context):
            logger.error(e, exc_info=True)
            return Response({"error": str(e)}, status=400)
        return handler
--- a/apps/assets/api/domain.py
+++ b/apps/assets/api/domain.py
@@ -1,7 +1,9 @@
 # ~*~ coding: utf-8 ~*~
 from rest_framework.views import APIView, Response
 from django.views.generic.detail import SingleObjectMixin
 from django.utils.translation import ugettext as _
 from rest_framework.views import APIView, Response
 from rest_framework.serializers import ValidationError
 from common.utils import get_logger
 from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
@@ -42,6 +44,10 @@ class GatewayTestConnectionApi(SingleObjectMixin, APIView):
    def post(self, request, *args, **kwargs):
        self.object = self.get_object(Gateway.objects.all())
        local_port = self.request.data.get('port') or self.object.port
        try:
            local_port = int(local_port)
        except ValueError:
            raise ValidationError({'port': _('Number required')})
        ok, e = self.object.test_connective(local_port=local_port)
        if ok:
            return Response("ok")
--- a/apps/assets/api/gathered_user.py
+++ b/apps/assets/api/gathered_user.py
@@ -18,5 +18,5 @@ class GatheredUserViewSet(OrgModelViewSet):
    permission_classes = [IsOrgAdmin]
    extra_filter_backends = [AssetRelatedByNodeFilterBackend]
-    filter_fields = ['asset', 'username', 'present']
+    filter_fields = ['asset', 'username', 'present', 'asset__ip', 'asset__hostname', 'asset_id']
    search_fields = ['username', 'asset__ip', 'asset__hostname']
--- a/apps/assets/api/mixin.py
+++ b/apps/assets/api/mixin.py
@@ -0,0 +1,90 @@
 from typing import List
 from assets.models import Node, Asset
 from assets.pagination import AssetLimitOffsetPagination
 from common.utils import lazyproperty, dict_get_any, is_uuid, get_object_or_none
 from assets.utils import get_node, is_query_node_all_assets
 class SerializeToTreeNodeMixin:
    permission_classes = ()
    def serialize_nodes(self, nodes: List[Node], with_asset_amount=False):
        if with_asset_amount:
            def _name(node: Node):
                return '{} ({})'.format(node.value, node.assets_amount)
        else:
            def _name(node: Node):
                return node.value
        data = [
            {
                'id': node.key,
                'name': _name(node),
                'title': _name(node),
                'pId': node.parent_key,
                'isParent': True,
                'open': node.is_org_root(),
                'meta': {
                    'node': {
                        "id": node.id,
                        "key": node.key,
                        "value": node.value,
                    },
                    'type': 'node'
                }
            }
            for node in nodes
        ]
        return data
    def get_platform(self, asset: Asset):
        default = 'file'
        icon = {'windows', 'linux'}
        platform = asset.platform_base.lower()
        if platform in icon:
            return platform
        return default
    def serialize_assets(self, assets, node_key=None):
        if node_key is None:
            get_pid = lambda asset: getattr(asset, 'parent_key', '')
        else:
            get_pid = lambda asset: node_key
        data = [
            {
                'id': str(asset.id),
                'name': asset.hostname,
                'title': asset.ip,
                'pId': get_pid(asset),
                'isParent': False,
                'open': False,
                'iconSkin': self.get_platform(asset),
                'chkDisabled': not asset.is_active,
                'meta': {
                    'type': 'asset',
                    'asset': {
                        'id': asset.id,
                        'hostname': asset.hostname,
                        'ip': asset.ip,
                        'protocols': asset.protocols_as_list,
                        'platform': asset.platform_base,
                        'org_name': asset.org_name
                    },
                }
            }
            for asset in assets
        ]
        return data
 class FilterAssetByNodeMixin:
    pagination_class = AssetLimitOffsetPagination
    @lazyproperty
    def is_query_node_all_assets(self):
        return is_query_node_all_assets(self.request)
    @lazyproperty
    def node(self):
        return get_node(self.request)
--- a/apps/assets/api/node.py
+++ b/apps/assets/api/node.py
@@ -1,16 +1,28 @@
 # ~*~ coding: utf-8 ~*~
 from functools import partial
 from collections import namedtuple, defaultdict
 from collections import namedtuple
 from rest_framework import status
 from rest_framework.serializers import ValidationError
 from rest_framework.response import Response
 from rest_framework.decorators import action
 from django.utils.translation import ugettext_lazy as _
 from django.shortcuts import get_object_or_404, Http404
 from django.utils.decorators import method_decorator
 from django.db.models.signals import m2m_changed
 from common.const.http import POST
 from common.exceptions import SomeoneIsDoingThis
 from common.const.signals import PRE_REMOVE, POST_REMOVE
 from assets.models import Asset
 from common.utils import get_logger, get_object_or_none
 from common.tree import TreeNodeSerializer
 from common.const.distributed_lock_key import UPDATE_NODE_TREE_LOCK_KEY
 from orgs.mixins.api import OrgModelViewSet
 from orgs.mixins import generics
 from orgs.lock import org_level_transaction_lock
 from orgs.utils import current_org
 from assets.tasks import check_node_assets_amount_task
 from ..hands import IsOrgAdmin
 from ..models import Node
 from ..tasks import (
@@ -18,12 +30,13 @@ from ..tasks import (
    test_node_assets_connectivity_manual,
 )
 from .. import serializers
 from .mixin import SerializeToTreeNodeMixin
 logger = get_logger(__file__)
 __all__ = [
    'NodeViewSet', 'NodeChildrenApi', 'NodeAssetsApi',
-    'NodeAddAssetsApi', 'NodeRemoveAssetsApi', 'NodeReplaceAssetsApi',
+    'NodeAddAssetsApi', 'NodeRemoveAssetsApi', 'MoveAssetsToNodeApi',
    'NodeAddChildrenApi', 'NodeListAsTreeApi',
    'NodeChildrenAsTreeApi',
    'NodeTaskCreateApi',
@@ -37,6 +50,11 @@ class NodeViewSet(OrgModelViewSet):
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.NodeSerializer
    @action(methods=[POST], detail=False, url_name='launch-check-assets-amount-task')
    def launch_check_assets_amount_task(self, request):
        task = check_node_assets_amount_task.delay(current_org.id)
        return Response(data={'task': task.id})
    # 仅支持根节点指直接创建，子节点下的节点需要通过children接口创建
    def perform_create(self, serializer):
        child_key = Node.org_root().get_next_child_key()
@@ -52,6 +70,9 @@ class NodeViewSet(OrgModelViewSet):
    def destroy(self, request, *args, **kwargs):
        node = self.get_object()
        if node.is_org_root():
            error = _("You can't delete the root node ({})".format(node.value))
            return Response(data={'error': error}, status=status.HTTP_403_FORBIDDEN)
        if node.has_children_or_has_assets():
            error = _("Deletion failed and the node contains children or assets")
            return Response(data={'error': error}, status=status.HTTP_403_FORBIDDEN)
@@ -136,7 +157,7 @@ class NodeChildrenApi(generics.ListCreateAPIView):
        return queryset
-class NodeChildrenAsTreeApi(NodeChildrenApi):
+class NodeChildrenAsTreeApi(SerializeToTreeNodeMixin, NodeChildrenApi):
    """
    节点子节点作为树返回，
    [
@@ -150,31 +171,23 @@ class NodeChildrenAsTreeApi(NodeChildrenApi):
    """
    model = Node
    serializer_class = TreeNodeSerializer
    http_method_names = ['get']
-    def get_queryset(self):
+    def list(self, request, *args, **kwargs):
-        queryset = super().get_queryset()
+        nodes = self.get_queryset().order_by('value')
-        queryset = [node.as_tree_node() for node in queryset]
+        nodes = self.serialize_nodes(nodes, with_asset_amount=True)
-        queryset = self.add_assets_if_need(queryset)
+        assets = self.get_assets()
-        queryset = sorted(queryset)
+        data = [*nodes, *assets]
-        return queryset
+        return Response(data=data)
-    def add_assets_if_need(self, queryset):
+    def get_assets(self):
        include_assets = self.request.query_params.get('assets', '0') == '1'
        if not include_assets:
-            return queryset
+            return []
        assets = self.instance.get_assets().only(
            "id", "hostname", "ip", "os",
-            "org_id", "protocols",
+            "org_id", "protocols", "is_active"
        )
-        for asset in assets:
+        return self.serialize_assets(assets, self.instance.key)
            queryset.append(asset.as_tree_node(self.instance))
        return queryset
    def check_need_refresh_nodes(self):
        if self.request.query_params.get('refresh', '0') == '1':
            Node.refresh_nodes()
 class NodeAssetsApi(generics.ListAPIView):
@@ -200,14 +213,14 @@ class NodeAddChildrenApi(generics.UpdateAPIView):
    def put(self, request, *args, **kwargs):
        instance = self.get_object()
        nodes_id = request.data.get("nodes")
-        children = [get_object_or_none(Node, id=pk) for pk in nodes_id]
+        children = Node.objects.filter(id__in=nodes_id)
        for node in children:
            if not node:
                continue
            node.parent = instance
        return Response("OK")
@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='patch')
@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='put')
 class NodeAddAssetsApi(generics.UpdateAPIView):
    model = Node
    serializer_class = serializers.NodeAssetsSerializer
@@ -220,6 +233,8 @@ class NodeAddAssetsApi(generics.UpdateAPIView):
        instance.assets.add(*tuple(assets))
@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='patch')
@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='put')
 class NodeRemoveAssetsApi(generics.UpdateAPIView):
    model = Node
    serializer_class = serializers.NodeAssetsSerializer
@@ -228,15 +243,17 @@ class NodeRemoveAssetsApi(generics.UpdateAPIView):
    def perform_update(self, serializer):
        assets = serializer.validated_data.get('assets')
-        instance = self.get_object()
+        node = self.get_object()
-        if instance != Node.org_root():
+        node.assets.remove(*assets)
-            instance.assets.remove(*tuple(assets))
+
-        else:
+        # 把孤儿资产添加到 root 节点
-            assets = [asset for asset in assets if asset.nodes.count() > 1]
+        orphan_assets = Asset.objects.filter(id__in=[a.id for a in assets], nodes__isnull=True).distinct()
-            instance.assets.remove(*tuple(assets))
+        Node.org_root().assets.add(*orphan_assets)
-class NodeReplaceAssetsApi(generics.UpdateAPIView):
+@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='patch')
@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='put')
 class MoveAssetsToNodeApi(generics.UpdateAPIView):
    model = Node
    serializer_class = serializers.NodeAssetsSerializer
    permission_classes = (IsOrgAdmin,)
@@ -244,9 +261,39 @@ class NodeReplaceAssetsApi(generics.UpdateAPIView):
    def perform_update(self, serializer):
        assets = serializer.validated_data.get('assets')
-        instance = self.get_object()
+        node = self.get_object()
-        for asset in assets:
+        self.remove_old_nodes(assets)
-            asset.nodes.set([instance])
+        node.assets.add(*assets)
    def remove_old_nodes(self, assets):
        m2m_model = Asset.nodes.through
        # 查询资产与节点关系表，查出要移动资产与节点的所有关系
        relates = m2m_model.objects.filter(asset__in=assets).values_list('asset_id', 'node_id')
        if relates:
            # 对关系以资产进行分组，用来发 `reverse=False` 信号
            asset_nodes_mapper = defaultdict(set)
            for asset_id, node_id in relates:
                asset_nodes_mapper[asset_id].add(node_id)
            # 组建一个资产 id -> Asset 的 mapper
            asset_mapper = {asset.id: asset for asset in assets}
            # 创建删除关系信号发送函数
            senders = []
            for asset_id, node_id_set in asset_nodes_mapper.items():
                senders.append(partial(m2m_changed.send, sender=m2m_model, instance=asset_mapper[asset_id],
                                       reverse=False, model=Node, pk_set=node_id_set))
            # 发送 pre 信号
            [sender(action=PRE_REMOVE) for sender in senders]
            num = len(relates)
            asset_ids, node_ids = zip(*relates)
            # 删除之前的关系
            rows, _i = m2m_model.objects.filter(asset_id__in=asset_ids, node_id__in=node_ids).delete()
            if rows != num:
                raise SomeoneIsDoingThis
            # 发送 post 信号
            [sender(action=POST_REMOVE) for sender in senders]
 class NodeTaskCreateApi(generics.CreateAPIView):
@@ -267,7 +314,6 @@ class NodeTaskCreateApi(generics.CreateAPIView):
    @staticmethod
    def refresh_nodes_cache():
        Node.refresh_nodes()
        Task = namedtuple('Task', ['id'])
        task = Task(id="0")
        return task
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -3,7 +3,8 @@ from django.shortcuts import get_object_or_404
 from rest_framework.response import Response
 from common.utils import get_logger
-from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, IsAppUser
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
 from common.drf.filters import CustomFilter
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
 from orgs.utils import tmp_to_org
@@ -12,14 +13,14 @@ from .. import serializers
 from ..serializers import SystemUserWithAuthInfoSerializer
 from ..tasks import (
    push_system_user_to_assets_manual, test_system_user_connectivity_manual,
-    push_system_user_a_asset_manual,
+    push_system_user_to_assets
 )
 logger = get_logger(__file__)
 __all__ = [
    'SystemUserViewSet', 'SystemUserAuthInfoApi', 'SystemUserAssetAuthInfoApi',
-    'SystemUserCommandFilterRuleListApi', 'SystemUserTaskApi',
+    'SystemUserCommandFilterRuleListApi', 'SystemUserTaskApi', 'SystemUserAssetsListView',
 ]
@@ -28,7 +29,7 @@ class SystemUserViewSet(OrgBulkModelViewSet):
    System user api set, for add,delete,update,list,retrieve resource
    """
    model = SystemUser
-    filter_fields = ("name", "username")
+    filter_fields = ("name", "username", "protocol")
    search_fields = filter_fields
    serializer_class = serializers.SystemUserSerializer
    serializer_classes = {
@@ -82,18 +83,18 @@ class SystemUserTaskApi(generics.CreateAPIView):
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.SystemUserTaskSerializer
-    def do_push(self, system_user, asset=None):
+    def do_push(self, system_user, assets_id=None):
-        if asset is None:
+        if assets_id is None:
            task = push_system_user_to_assets_manual.delay(system_user)
        else:
            username = self.request.query_params.get('username')
-            task = push_system_user_a_asset_manual.delay(
+            task = push_system_user_to_assets.delay(
-                system_user, asset, username=username
+                system_user.id, assets_id, username=username
            )
        return task
    @staticmethod
-    def do_test(system_user, asset=None):
+    def do_test(system_user):
        task = test_system_user_connectivity_manual.delay(system_user)
        return task
@@ -104,11 +105,16 @@ class SystemUserTaskApi(generics.CreateAPIView):
    def perform_create(self, serializer):
        action = serializer.validated_data["action"]
        asset = serializer.validated_data.get('asset')
        assets = serializer.validated_data.get('assets') or []
        system_user = self.get_object()
        if action == 'push':
-            task = self.do_push(system_user, asset)
+            assets = [asset] if asset else assets
            assets_id = [asset.id for asset in assets]
            assets_id = assets_id if assets_id else None
            task = self.do_push(system_user, assets_id)
        else:
-            task = self.do_test(system_user, asset)
+            task = self.do_test(system_user)
        data = getattr(serializer, '_data', {})
        data["task"] = task.id
        setattr(serializer, '_data', data)
@@ -125,3 +131,18 @@ class SystemUserCommandFilterRuleListApi(generics.ListAPIView):
        pk = self.kwargs.get('pk', None)
        system_user = get_object_or_404(SystemUser, pk=pk)
        return system_user.cmd_filter_rules
 class SystemUserAssetsListView(generics.ListAPIView):
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.AssetSimpleSerializer
    filter_fields = ("hostname", "ip")
    search_fields = filter_fields
    def get_object(self):
        pk = self.kwargs.get('pk')
        return get_object_or_404(SystemUser, pk=pk)
    def get_queryset(self):
        system_user = self.get_object()
        return system_user.get_all_assets()
--- a/apps/assets/api/system_user_relation.py
+++ b/apps/assets/api/system_user_relation.py
@@ -65,7 +65,7 @@ class SystemUserAssetRelationViewSet(BaseRelationViewSet):
    serializer_class = serializers.SystemUserAssetRelationSerializer
    model = models.SystemUser.assets.through
    permission_classes = (IsOrgAdmin,)
-    filterset_fields = [
+    filter_fields = [
        'id', 'asset', 'systemuser',
    ]
    search_fields = [
@@ -91,11 +91,11 @@ class SystemUserNodeRelationViewSet(BaseRelationViewSet):
    serializer_class = serializers.SystemUserNodeRelationSerializer
    model = models.SystemUser.nodes.through
    permission_classes = (IsOrgAdmin,)
-    filterset_fields = [
+    filter_fields = [
        'id', 'node', 'systemuser',
    ]
    search_fields = [
-        "node__value", "systemuser__name", "systemuser_username"
+        "node__value", "systemuser__name", "systemuser__username"
    ]
    def get_objects_attr(self):
@@ -112,7 +112,7 @@ class SystemUserUserRelationViewSet(BaseRelationViewSet):
    serializer_class = serializers.SystemUserUserRelationSerializer
    model = models.SystemUser.users.through
    permission_classes = (IsOrgAdmin,)
-    filterset_fields = [
+    filter_fields = [
        'id', 'user', 'systemuser',
    ]
    search_fields = [
--- a/apps/assets/exceptions.py
+++ b/apps/assets/exceptions.py
@@ -0,0 +1,6 @@
 from rest_framework import status
 from common.exceptions import JMSException
 class NodeIsBeingUpdatedByOthers(JMSException):
    status_code = status.HTTP_409_CONFLICT
--- a/apps/assets/filters.py
+++ b/apps/assets/filters.py
@@ -1,12 +1,12 @@
 # -*- coding: utf-8 -*-
 #
-import coreapi
+from rest_framework.compat import coreapi, coreschema
 from rest_framework import filters
 from django.db.models import Q
-from common.utils import dict_get_any, is_uuid, get_object_or_none
+from .models import Label
-from .models import Node, Label
+from assets.utils import is_query_node_all_assets, get_node
 class AssetByNodeFilterBackend(filters.BaseFilterBackend):
@@ -21,51 +21,58 @@ class AssetByNodeFilterBackend(filters.BaseFilterBackend):
            for field in self.fields
        ]
-    @staticmethod
+    def filter_node_related_all(self, queryset, node):
-    def is_query_all(request):
+        return queryset.filter(
-        query_all_arg = request.query_params.get('all')
+            Q(nodes__key__istartswith=f'{node.key}:') |
-        show_current_asset_arg = request.query_params.get('show_current_asset')
+            Q(nodes__key=node.key)
        ).distinct()
-        query_all = query_all_arg == '1'
+    def filter_node_related_direct(self, queryset, node):
-        if show_current_asset_arg is not None:
+        return queryset.filter(nodes__key=node.key).distinct()
            query_all = show_current_asset_arg != '1'
        return query_all
    @staticmethod
    def get_query_node(request):
        node_id = dict_get_any(request.query_params, ['node', 'node_id'])
        if not node_id:
            return None, False
        if is_uuid(node_id):
            node = get_object_or_none(Node, id=node_id)
        else:
            node = get_object_or_none(Node, key=node_id)
        return node, True
    @staticmethod
    def perform_query(pattern, queryset):
        return queryset.filter(nodes__key__regex=pattern).distinct()
    def filter_queryset(self, request, queryset, view):
-        node, has_query_arg = self.get_query_node(request)
+        node = get_node(request)
        if not has_query_arg:
            return queryset
        if node is None:
            return queryset
-        query_all = self.is_query_all(request)
+
        query_all = is_query_node_all_assets(request)
        if query_all:
-            pattern = node.get_all_children_pattern(with_self=True)
+            return self.filter_node_related_all(queryset, node)
        else:
-            # pattern = node.get_children_key_pattern(with_self=True)
+            return self.filter_node_related_direct(queryset, node)
-            # 只显示当前节点下资产
+
-            pattern = r"^{}$".format(node.key)
+
-        return self.perform_query(pattern, queryset)
+class FilterAssetByNodeFilterBackend(filters.BaseFilterBackend):
    """
    需要与 `assets.api.mixin.FilterAssetByNodeMixin` 配合使用
    """
    fields = ['node', 'all']
    def get_schema_fields(self, view):
        return [
            coreapi.Field(
                name=field, location='query', required=False,
                type='string', example='', description='', schema=None,
            )
            for field in self.fields
        ]
    def filter_queryset(self, request, queryset, view):
        node = view.node
        if node is None:
            return queryset
        query_all = view.is_query_node_all_assets
        if query_all:
            return queryset.filter(
                Q(nodes__key__istartswith=f'{node.key}:') |
                Q(nodes__key=node.key)
            ).distinct()
        else:
            return queryset.filter(nodes__key=node.key).distinct()
 class LabelFilterBackend(filters.BaseFilterBackend):
-    sep = '#'
+    sep = ':'
    query_arg = 'label'
    def get_schema_fields(self, view):
@@ -84,6 +91,8 @@ class LabelFilterBackend(filters.BaseFilterBackend):
        q = None
        for kv in labels_query:
            if '#' in kv:
                self.sep = '#'
            if self.sep not in kv:
                continue
            key, value = kv.strip().split(self.sep)[:2]
@@ -111,7 +120,32 @@ class LabelFilterBackend(filters.BaseFilterBackend):
 class AssetRelatedByNodeFilterBackend(AssetByNodeFilterBackend):
-    @staticmethod
+    def filter_node_related_all(self, queryset, node):
-    def perform_query(pattern, queryset):
+        return queryset.filter(
-        return queryset.filter(asset__nodes__key__regex=pattern).distinct()
+            Q(asset__nodes__key__istartswith=f'{node.key}:') |
            Q(asset__nodes__key=node.key)
        ).distinct()
    def filter_node_related_direct(self, queryset, node):
        return queryset.filter(asset__nodes__key=node.key).distinct()
 class IpInFilterBackend(filters.BaseFilterBackend):
    def filter_queryset(self, request, queryset, view):
        ips = request.query_params.get('ips')
        if not ips:
            return queryset
        ip_list = [i.strip() for i in ips.split(',')]
        queryset = queryset.filter(ip__in=ip_list)
        return queryset
    def get_schema_fields(self, view):
        return [
            coreapi.Field(
                name='ips', location='query', required=False, type='string',
                schema=coreschema.String(
                    title='ips',
                    description='ip in filter'
                )
            )
        ]
--- a/apps/assets/forms/init.py
+++ b/apps/assets/forms/init.py
@@ -1,8 +0,0 @@
 # -*- coding: utf-8 -*-
 #
 from .asset import *
 from .label import *
 from .user import *
 from .domain import *
 from .cmd_filter import *
 from .platform import *
--- a/apps/assets/forms/asset.py
+++ b/apps/assets/forms/asset.py
@@ -1,172 +0,0 @@
 # -*- coding: utf-8 -*-
 #
 from itertools import groupby
 from django import forms
 from django.utils.translation import gettext_lazy as _
 from common.utils import get_logger
 from orgs.mixins.forms import OrgModelForm
 from ..models import Asset, Platform
 logger = get_logger(__file__)
 __all__ = [
    'AssetCreateUpdateForm', 'AssetBulkUpdateForm', 'ProtocolForm',
 ]
 class ProtocolForm(forms.Form):
    name = forms.ChoiceField(
        choices=Asset.PROTOCOL_CHOICES, label=_("Name"), initial='ssh',
        widget=forms.Select(attrs={'class': 'form-control protocol-name'})
    )
    port = forms.IntegerField(
        max_value=65534, min_value=1, label=_("Port"), initial=22,
        widget=forms.TextInput(attrs={'class': 'form-control protocol-port'})
    )
 class AssetCreateUpdateForm(OrgModelForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.set_platform_to_name()
        self.set_fields_queryset()
    def set_fields_queryset(self):
        nodes_field = self.fields['nodes']
        nodes_choices = []
        if self.instance:
            nodes_choices = [
                (n.id, n.full_value) for n in
                self.instance.nodes.all()
            ]
        nodes_field.choices = nodes_choices
    @staticmethod
    def sorted_platform(platform):
        if platform['base'] == 'Other':
            return 'zz'
        return platform['base']
    def set_platform_to_name(self):
        choices = []
        platforms = Platform.objects.all().values('name', 'base')
        platforms_sorted = sorted(platforms, key=self.sorted_platform)
        platforms_grouped = groupby(platforms_sorted, key=lambda x: x['base'])
        for i in platforms_grouped:
            base = i[0]
            grouped = sorted(i[1], key=lambda x: x['name'])
            grouped = [(j['name'], j['name']) for j in grouped]
            choices.append(
                (base, grouped)
            )
        platform_field = self.fields['platform']
        platform_field.choices = choices
        if self.instance:
            self.initial['platform'] = self.instance.platform.name
    def add_nodes_initial(self, node):
        nodes_field = self.fields['nodes']
        nodes_field.choices.append((node.id, node.full_value))
        nodes_field.initial = [node]
    class Meta:
        model = Asset
        fields = [
            'hostname', 'ip', 'public_ip', 'protocols', 'comment',
            'nodes', 'is_active', 'admin_user', 'labels', 'platform',
            'domain', 'number',
        ]
        widgets = {
            'nodes': forms.SelectMultiple(attrs={
                'class': 'nodes-select2', 'data-placeholder': _('Nodes')
            }),
            'admin_user': forms.Select(attrs={
                'class': 'select2', 'data-placeholder': _('Admin user')
            }),
            'labels': forms.SelectMultiple(attrs={
                'class': 'select2', 'data-placeholder': _('Label')
            }),
            'domain': forms.Select(attrs={
                'class': 'select2', 'data-placeholder': _('Domain')
            }),
            'platform': forms.Select(attrs={
                'class': 'select2', 'data-placeholder': _('Platform')
            }),
        }
        labels = {
            'nodes': _("Node"),
        }
        help_texts = {
            'admin_user': _(
                'root or other NOPASSWD sudo privilege user existed in asset,'
                'If asset is windows or other set any one, more see admin user left menu'
            ),
            'platform': _("Windows 2016 RDP protocol is different, If is window 2016, set it"),
            'domain': _("If your have some network not connect with each other, you can set domain")
        }
 class AssetBulkUpdateForm(OrgModelForm):
    assets = forms.ModelMultipleChoiceField(
        required=True,
        label=_('Select assets'), queryset=Asset.objects,
        widget=forms.SelectMultiple(
            attrs={
                'class': 'select2',
                'data-placeholder': _('Select assets')
            }
        )
    )
    class Meta:
        model = Asset
        fields = [
            'assets', 'admin_user', 'labels', 'platform',
            'domain',
        ]
        widgets = {
            'labels': forms.SelectMultiple(
                attrs={'class': 'select2', 'data-placeholder': _('Label')}
            ),
            'nodes': forms.SelectMultiple(
                attrs={'class': 'select2', 'data-placeholder': _('Node')}
            ),
        }
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.set_fields_queryset()
        # 重写其他字段为不再required
        for name, field in self.fields.items():
            if name != 'assets':
                field.required = False
    def set_fields_queryset(self):
        assets_field = self.fields['assets']
        if hasattr(self, 'data'):
            assets_field.queryset = Asset.objects.all()
    def save(self, commit=True):
        changed_fields = []
        for field in self._meta.fields:
            if self.data.get(field) not in [None, '']:
                changed_fields.append(field)
        cleaned_data = {k: v for k, v in self.cleaned_data.items()
                        if k in changed_fields}
        assets = cleaned_data.pop('assets')
        labels = cleaned_data.pop('labels', [])
        nodes = cleaned_data.pop('nodes', None)
        assets = Asset.objects.filter(id__in=[asset.id for asset in assets])
        assets.update(**cleaned_data)
        if labels:
            for asset in assets:
                asset.labels.set(labels)
        if nodes:
            for asset in assets:
                asset.nodes.set(nodes)
        return assets
--- a/apps/assets/forms/cmd_filter.py
+++ b/apps/assets/forms/cmd_filter.py
@@ -1,40 +0,0 @@
 # -*- coding: utf-8 -*-
 #
 from django import forms
 from django.core.exceptions import ValidationError
 from django.utils.translation import ugettext_lazy as _
 import re
 from orgs.mixins.forms import OrgModelForm
 from ..models import CommandFilter, CommandFilterRule
 __all__ = ['CommandFilterForm', 'CommandFilterRuleForm']
 class CommandFilterForm(OrgModelForm):
    class Meta:
        model = CommandFilter
        fields = ['name', 'comment']
 class CommandFilterRuleForm(OrgModelForm):
    invalid_pattern = re.compile(r'[\.\*\+\[\\\?\{\}\^\$\|\(\)\#\<\>]')
    class Meta:
        model = CommandFilterRule
        fields = [
            'filter', 'type', 'content', 'priority', 'action', 'comment'
        ]
        widgets = {
            'content':  forms.Textarea(attrs={
                'placeholder': 'eg:\r\nreboot\r\nrm -rf'
            }),
        }
    def clean_content(self):
        content = self.cleaned_data.get("content")
        if self.invalid_pattern.search(content):
            invalid_char = self.invalid_pattern.pattern.replace('\\', '')
            msg = _("Content should not be contain: {}").format(invalid_char)
            raise ValidationError(msg)
        return content
--- a/apps/assets/forms/domain.py
+++ b/apps/assets/forms/domain.py
@@ -1,79 +0,0 @@
 # -*- coding: utf-8 -*-
 #
 from django import forms
 from django.utils.translation import gettext_lazy as _
 from orgs.mixins.forms import OrgModelForm
 from ..models import Domain, Asset, Gateway
 from .user import PasswordAndKeyAuthForm
 __all__ = ['DomainForm', 'GatewayForm']
 class DomainForm(forms.ModelForm):
    assets = forms.ModelMultipleChoiceField(
        queryset=Asset.objects, label=_('Asset'), required=False,
        widget=forms.SelectMultiple(
            attrs={'class': 'select2', 'data-placeholder': _('Select assets')}
        )
    )
    class Meta:
        model = Domain
        fields = ['name', 'comment', 'assets']
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.set_fields_queryset()
    def set_fields_queryset(self):
        assets_field = self.fields.get('assets')
        # 没有data代表是渲染表单, 有data代表是提交创建/更新表单
        if not self.data:
            # 有instance 代表渲染更新表单, 否则是创建表单
            # 前端渲染优化, 防止过多资产, 设置assets queryset为none
            if self.instance:
                assets_field.initial = self.instance.assets.all()
                assets_field.queryset = self.instance.assets.all()
            else:
                assets_field.queryset = Asset.objects.none()
        else:
            assets_field.queryset = Asset.objects.all()
    def save(self, commit=True):
        instance = super().save(commit=commit)
        assets = self.cleaned_data['assets']
        instance.assets.set(assets)
        return instance
 class GatewayForm(PasswordAndKeyAuthForm, OrgModelForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        password_field = self.fields.get('password')
        password_field.help_text = _('Password should not contain special characters')
        protocol_field = self.fields.get('protocol')
        protocol_field.choices = [Gateway.PROTOCOL_CHOICES[0]]
    def save(self, commit=True):
        # Because we define custom field, so we need rewrite :method: `save`
        instance = super().save()
        password = self.cleaned_data.get('password')
        private_key, public_key = super().gen_keys()
        instance.set_auth(password=password, private_key=private_key)
        return instance
    class Meta:
        model = Gateway
        fields = [
            'name', 'ip', 'port', 'username', 'protocol', 'domain', 'password',
            'private_key',  'is_active', 'comment',
        ]
        help_texts = {
            'protocol': _("SSH gateway support proxy SSH,RDP,VNC")
        }
        widgets = {
            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
        }
--- a/apps/assets/forms/label.py
+++ b/apps/assets/forms/label.py
@@ -1,46 +0,0 @@
 # -*- coding: utf-8 -*-
 #
 from django import forms
 from django.utils.translation import gettext_lazy as _
 from ..models import Label, Asset
 __all__ = ['LabelForm']
 class LabelForm(forms.ModelForm):
    assets = forms.ModelMultipleChoiceField(
        queryset=Asset.objects.none(), label=_('Asset'), required=False,
        widget=forms.SelectMultiple(
            attrs={'class': 'select2', 'data-placeholder': _('Select assets')}
        )
    )
    class Meta:
        model = Label
        fields = ['name', 'value', 'assets']
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.set_fields_queryset()
    def set_fields_queryset(self):
        assets_field = self.fields.get('assets')
        # 没有data代表是渲染表单, 有data代表是提交创建/更新表单
        if not self.data:
            # 有instance 代表渲染更新表单, 否则是创建表单
            # 前端渲染优化, 防止过多资产, 设置assets queryset为none
            if self.instance:
                assets_field.initial = self.instance.assets.all()
                assets_field.queryset = self.instance.assets.all()
            else:
                assets_field.queryset = Asset.objects.none()
        else:
            assets_field.queryset = Asset.objects.all()
    def save(self, commit=True):
        label = super().save(commit=commit)
        assets = self.cleaned_data['assets']
        label.assets.set(assets)
        return label
--- a/apps/assets/forms/platform.py
+++ b/apps/assets/forms/platform.py
@@ -1,42 +0,0 @@
 # -*- coding: utf-8 -*-
 from django import forms
 from django.utils.translation import ugettext_lazy as _
 from ..models import Platform
 __all__ = ['PlatformForm', 'PlatformMetaForm']
 class PlatformMetaForm(forms.Form):
    SECURITY_CHOICES = (
        ('rdp', "RDP"),
        ('nla', "NLA"),
        ('tls', 'TLS'),
        ('any', "Any"),
    )
    CONSOLE_CHOICES = (
        (True, _('Yes')),
        (False, _('No')),
    )
    security = forms.ChoiceField(
        choices=SECURITY_CHOICES, initial='any', label=_("RDP security"),
        required=False,
    )
    console = forms.ChoiceField(
        choices=CONSOLE_CHOICES, initial=False, label=_("RDP console"),
        required=False,
    )
 class PlatformForm(forms.ModelForm):
    class Meta:
        model = Platform
        fields = [
            'name', 'base', 'comment',
        ]
        labels = {
            'base': _("Base platform")
        }
--- a/apps/assets/forms/user.py
+++ b/apps/assets/forms/user.py
@@ -1,115 +0,0 @@
 # -*- coding: utf-8 -*-
 #
 from django import forms
 from django.utils.translation import gettext_lazy as _
 from common.utils import validate_ssh_private_key, ssh_pubkey_gen, get_logger
 from orgs.mixins.forms import OrgModelForm
 from ..models import AdminUser, SystemUser
 logger = get_logger(__file__)
 __all__ = [
    'FileForm', 'SystemUserForm', 'AdminUserForm', 'PasswordAndKeyAuthForm',
 ]
 class FileForm(forms.Form):
    file = forms.FileField()
 class PasswordAndKeyAuthForm(forms.ModelForm):
    # Form field name can not start with `_`, so redefine it,
    password = forms.CharField(
        widget=forms.PasswordInput, max_length=128,
        strip=True, required=False,
        help_text=_('Password or private key passphrase'),
        label=_("Password"),
    )
    # Need use upload private key file except paste private key content
    private_key = forms.FileField(required=False, label=_("Private key"))
    def clean_private_key(self):
        private_key_f = self.cleaned_data['private_key']
        password = self.cleaned_data['password']
        if private_key_f:
            key_string = private_key_f.read()
            private_key_f.seek(0)
            key_string = key_string.decode()
            if not validate_ssh_private_key(key_string, password):
                msg = _('Invalid private key, Only support '
                        'RSA/DSA format key')
                raise forms.ValidationError(msg)
        return private_key_f
    def validate_password_key(self):
        password = self.cleaned_data['password']
        private_key_f = self.cleaned_data.get('private_key', '')
        if not password and not private_key_f:
            raise forms.ValidationError(_(
                'Password and private key file must be input one'
            ))
    def gen_keys(self):
        password = self.cleaned_data.get('password', '') or None
        private_key_f = self.cleaned_data['private_key']
        public_key = private_key = None
        if private_key_f:
            private_key = private_key_f.read().strip().decode('utf-8')
            public_key = ssh_pubkey_gen(private_key=private_key, password=password)
        return private_key, public_key
 class AdminUserForm(PasswordAndKeyAuthForm):
    def save(self, commit=True):
        raise forms.ValidationError("Use api to save")
    class Meta:
        model = AdminUser
        fields = ['name', 'username', 'password', 'private_key', 'comment']
        widgets = {
            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
        }
 class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
    # Admin user assets define, let user select, save it in form not in view
    auto_generate_key = forms.BooleanField(initial=True, required=False)
    def save(self, commit=True):
        raise forms.ValidationError("Use api to save")
    class Meta:
        model = SystemUser
        fields = [
            'name', 'username', 'protocol', 'auto_generate_key',
            'password', 'private_key', 'auto_push', 'sudo',
            'username_same_with_user',
            'comment', 'shell', 'priority', 'login_mode', 'cmd_filters',
            'sftp_root',
        ]
        widgets = {
            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
            'cmd_filters': forms.SelectMultiple(attrs={
                'class': 'select2', 'data-placeholder': _('Command filter')
            }),
        }
        labels = {
            'username_same_with_user': _("Username same with user"),
        }
        help_texts = {
            'auto_push': _('Auto push system user to asset'),
            'priority': _('1-100, High level will be using login asset as default, '
                          'if user was granted more than 2 system user'),
            'login_mode': _('If you choose manual login mode, you do not '
                            'need to fill in the username and password.'),
            'sudo': _("Use comma split multi command, ex: /bin/whoami,/bin/ifconfig"),
            'sftp_root': _("SFTP root dir, tmp, home or custom"),
            'username_same_with_user': _("Username is dynamic, When connect asset, using current user's username"),
            # 'username_same_with_user': _("用户名是动态的，登录资产时使用当前用户的用户名登录"),
        }
--- a/apps/assets/migrations/0050_auto_20200711_1740.py
+++ b/apps/assets/migrations/0050_auto_20200711_1740.py
@@ -0,0 +1,18 @@
 # Generated by Django 2.2.10 on 2020-07-11 09:40
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0049_systemuser_sftp_root'),
    ]
    operations = [
        migrations.AlterField(
            model_name='asset',
            name='created_by',
            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by'),
        ),
    ]
--- a/apps/assets/migrations/0051_auto_20200713_1143.py
+++ b/apps/assets/migrations/0051_auto_20200713_1143.py
@@ -0,0 +1,22 @@
 # Generated by Django 2.2.10 on 2020-07-13 03:43
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0050_auto_20200711_1740'),
    ]
    operations = [
        migrations.AlterField(
            model_name='domain',
            name='name',
            field=models.CharField(max_length=128, verbose_name='Name'),
        ),
        migrations.AlterUniqueTogether(
            name='domain',
            unique_together={('org_id', 'name')},
        ),
    ]
--- a/apps/assets/migrations/0052_auto_20200715_1535.py
+++ b/apps/assets/migrations/0052_auto_20200715_1535.py
@@ -0,0 +1,22 @@
 # Generated by Django 2.2.10 on 2020-07-15 07:35
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0051_auto_20200713_1143'),
    ]
    operations = [
        migrations.AlterField(
            model_name='commandfilter',
            name='name',
            field=models.CharField(max_length=64, verbose_name='Name'),
        ),
        migrations.AlterUniqueTogether(
            name='commandfilter',
            unique_together={('org_id', 'name')},
        ),
    ]
--- a/apps/assets/migrations/0053_auto_20200723_1232.py
+++ b/apps/assets/migrations/0053_auto_20200723_1232.py
@@ -0,0 +1,34 @@
 # Generated by Django 2.2.10 on 2020-07-23 04:32
 import django.core.validators
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0052_auto_20200715_1535'),
    ]
    operations = [
        migrations.AlterField(
            model_name='adminuser',
            name='username',
            field=models.CharField(blank=True, db_index=True, max_length=128, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
        ),
        migrations.AlterField(
            model_name='authbook',
            name='username',
            field=models.CharField(blank=True, db_index=True, max_length=128, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
        ),
        migrations.AlterField(
            model_name='gateway',
            name='username',
            field=models.CharField(blank=True, db_index=True, max_length=128, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
        ),
        migrations.AlterField(
            model_name='systemuser',
            name='username',
            field=models.CharField(blank=True, db_index=True, max_length=128, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
        ),
    ]
--- a/apps/assets/migrations/0054_auto_20200807_1032.py
+++ b/apps/assets/migrations/0054_auto_20200807_1032.py
@@ -0,0 +1,23 @@
 # Generated by Django 2.2.13 on 2020-08-07 02:32
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0053_auto_20200723_1232'),
    ]
    operations = [
        migrations.AddField(
            model_name='systemuser',
            name='token',
            field=models.TextField(default='', verbose_name='Token'),
        ),
        migrations.AlterField(
            model_name='systemuser',
            name='protocol',
            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet'), ('vnc', 'vnc'), ('mysql', 'mysql'), ('k8s', 'k8s')], default='ssh', max_length=16, verbose_name='Protocol'),
        ),
    ]
--- a/apps/assets/migrations/0055_auto_20200811_1845.py
+++ b/apps/assets/migrations/0055_auto_20200811_1845.py
@@ -0,0 +1,23 @@
 # Generated by Django 2.2.13 on 2020-08-11 10:45
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0054_auto_20200807_1032'),
    ]
    operations = [
        migrations.AddField(
            model_name='systemuser',
            name='home',
            field=models.CharField(blank=True, default='', max_length=4096, verbose_name='Home'),
        ),
        migrations.AddField(
            model_name='systemuser',
            name='system_groups',
            field=models.CharField(blank=True, default='', max_length=4096, verbose_name='System groups'),
        ),
    ]
--- a/apps/assets/migrations/0056_auto_20200904_1751.py
+++ b/apps/assets/migrations/0056_auto_20200904_1751.py
@@ -0,0 +1,23 @@
 # Generated by Django 2.2.13 on 2020-09-04 09:51
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0055_auto_20200811_1845'),
    ]
    operations = [
        migrations.AddField(
            model_name='node',
            name='assets_amount',
            field=models.IntegerField(default=0),
        ),
        migrations.AddField(
            model_name='node',
            name='parent_key',
            field=models.CharField(db_index=True, default='', max_length=64, verbose_name='Parent key'),
        ),
    ]
--- a/apps/assets/migrations/0057_fill_node_value_assets_amount_and_parent_key.py
+++ b/apps/assets/migrations/0057_fill_node_value_assets_amount_and_parent_key.py
@@ -0,0 +1,38 @@
 # Generated by Django 2.2.13 on 2020-08-21 08:20
 from django.db import migrations
 from django.db.models import Q
 def fill_node_value(apps, schema_editor):
    Node = apps.get_model('assets', 'Node')
    Asset = apps.get_model('assets', 'Asset')
    node_queryset = Node.objects.all()
    node_amount = node_queryset.count()
    width = len(str(node_amount))
    print('\n')
    for i, node in enumerate(node_queryset):
        print(f'\t{i+1:0>{width}}/{node_amount} compute node[{node.key}]`s assets_amount ...')
        assets_amount = Asset.objects.filter(
            Q(nodes__key__istartswith=f'{node.key}:') | Q(nodes=node)
        ).distinct().count()
        key = node.key
        try:
            parent_key = key[:key.rindex(':')]
        except ValueError:
            parent_key = ''
        node.assets_amount = assets_amount
        node.parent_key = parent_key
        node.save()
    print('  ' + '.'*65, end='')
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0056_auto_20200904_1751'),
    ]
    operations = [
        migrations.RunPython(fill_node_value)
    ]
--- a/apps/assets/migrations/0058_auto_20201023_1115.py
+++ b/apps/assets/migrations/0058_auto_20201023_1115.py
@@ -0,0 +1,27 @@
 # Generated by Django 2.2.13 on 2020-10-23 03:15
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0057_fill_node_value_assets_amount_and_parent_key'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='asset',
            options={'ordering': ['-date_created'], 'verbose_name': 'Asset'},
        ),
        migrations.AlterField(
            model_name='asset',
            name='comment',
            field=models.TextField(blank=True, default='', verbose_name='Comment'),
        ),
        migrations.AlterField(
            model_name='commandfilterrule',
            name='content',
            field=models.TextField(help_text='One line one command', verbose_name='Content'),
        ),
    ]
--- a/apps/assets/migrations/0059_auto_20201027_1905.py
+++ b/apps/assets/migrations/0059_auto_20201027_1905.py
@@ -0,0 +1,28 @@
 # Generated by Django 2.2.13 on 2020-10-27 11:05
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0058_auto_20201023_1115'),
    ]
    operations = [
        migrations.AlterField(
            model_name='systemuser',
            name='protocol',
            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet'), ('vnc', 'vnc'), ('mysql', 'mysql'), ('oracle', 'oracle'), ('mariadb', 'mariadb'), ('postgresql', 'postgresql'), ('k8s', 'k8s')], default='ssh', max_length=16, verbose_name='Protocol'),
        ),
        migrations.AddField(
            model_name='systemuser',
            name='ad_domain',
            field=models.CharField(default='', max_length=256),
        ),
        migrations.AlterField(
            model_name='gateway',
            name='ip',
            field=models.CharField(db_index=True, max_length=128, verbose_name='IP'),
        ),
    ]
--- a/apps/assets/migrations/0060_node_full_value.py
+++ b/apps/assets/migrations/0060_node_full_value.py
@@ -0,0 +1,58 @@
 # Generated by Django 2.2.13 on 2020-10-26 11:31
 from django.db import migrations, models
 def get_node_ancestor_keys(key, with_self=False):
    parent_keys = []
    key_list = key.split(":")
    if not with_self:
        key_list.pop()
    for i in range(len(key_list)):
        parent_keys.append(":".join(key_list))
        key_list.pop()
    return parent_keys
 def migrate_nodes_value_with_slash(apps, schema_editor):
    model = apps.get_model("assets", "Node")
    db_alias = schema_editor.connection.alias
    nodes = model.objects.using(db_alias).filter(value__contains='/')
    print('')
    print("- Start migrate node value if has /")
    for i, node in enumerate(list(nodes)):
        new_value = node.value.replace('/', '|')
        print("{} start migrate node value: {} => {}".format(i, node.value, new_value))
        node.value = new_value
        node.save()
 def migrate_nodes_full_value(apps, schema_editor):
    model = apps.get_model("assets", "Node")
    db_alias = schema_editor.connection.alias
    nodes = model.objects.using(db_alias).all()
    print("- Start migrate node full value")
    for i, node in enumerate(list(nodes)):
        print("{} start migrate {} node full value".format(i, node.value))
        ancestor_keys = get_node_ancestor_keys(node.key, True)
        values = model.objects.filter(key__in=ancestor_keys).values_list('key', 'value')
        values = [v for k, v in sorted(values, key=lambda x: len(x[0]))]
        node.full_value = '/' + '/'.join(values)
        node.save()
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0059_auto_20201027_1905'),
    ]
    operations = [
        migrations.AddField(
            model_name='node',
            name='full_value',
            field=models.CharField(default='', max_length=4096, verbose_name='Full value'),
        ),
        migrations.RunPython(migrate_nodes_value_with_slash),
        migrations.RunPython(migrate_nodes_full_value)
    ]
--- a/apps/assets/migrations/0061_auto_20201116_1757.py
+++ b/apps/assets/migrations/0061_auto_20201116_1757.py
@@ -0,0 +1,17 @@
 # Generated by Django 2.2.13 on 2020-11-16 09:57
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0060_node_full_value'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='node',
            options={'ordering': ['value'], 'verbose_name': 'Node'},
        ),
    ]
--- a/apps/assets/migrations/0062_auto_20201117_1938.py
+++ b/apps/assets/migrations/0062_auto_20201117_1938.py
@@ -0,0 +1,17 @@
 # Generated by Django 2.2.13 on 2020-11-17 11:38
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0061_auto_20201116_1757'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='asset',
            options={'ordering': ['hostname', 'ip'], 'verbose_name': 'Asset'},
        ),
    ]
--- a/apps/assets/migrations/0063_migrate_default_node_key.py
+++ b/apps/assets/migrations/0063_migrate_default_node_key.py
@@ -0,0 +1,72 @@
 # Generated by Jiangjie.Bai on 2020-12-01 10:47
 from django.db import migrations
 from django.db.models import Q
 default_node_value = 'Default'  # Always
 old_default_node_key = '0'  # Version <= 1.4.3
 new_default_node_key = '1'  # Version >= 1.4.4
 def compute_parent_key(key):
    try:
        return key[:key.rindex(':')]
    except ValueError:
        return ''
 def migrate_default_node_key(apps, schema_editor):
    """ 将已经存在的Default节点的key从0修改为1 """
    # 1.4.3版本中Default节点的key为0
    print('')
    Node = apps.get_model('assets', 'Node')
    Asset = apps.get_model('assets', 'Asset')
    # key为0的节点
    old_default_node = Node.objects.filter(key=old_default_node_key, value=default_node_value).first()
    if not old_default_node:
        print(f'Check old default node `key={old_default_node_key} value={default_node_value}` not exists')
        return
    print(f'Check old default node `key={old_default_node_key} value={default_node_value}` exists')
    # key为1的节点
    new_default_node = Node.objects.filter(key=new_default_node_key, value=default_node_value).first()
    if new_default_node:
        print(f'Check new default node `key={new_default_node_key} value={default_node_value}` exists')
        all_assets = Asset.objects.filter(
            Q(nodes__key__startswith=f'{new_default_node_key}:') | Q(nodes__key=new_default_node_key)
        ).distinct()
        if all_assets:
            print(f'Check new default node has assets (count: {len(all_assets)})')
            return
        all_children = Node.objects.filter(key__startswith=f'{new_default_node_key}:')
        if all_children:
            print(f'Check new default node has children nodes (count: {len(all_children)})')
            return
        print(f'Check new default node not has assets and children nodes, delete it.')
        new_default_node.delete()
    # 执行修改
    print(f'Modify old default node `key` from `{old_default_node_key}` to `{new_default_node_key}`')
    nodes = Node.objects.filter(
        Q(key__istartswith=f'{old_default_node_key}:') | Q(key=old_default_node_key)
    )
    for node in nodes:
        old_key = node.key
        key_list = old_key.split(':', maxsplit=1)
        key_list[0] = new_default_node_key
        new_key = ':'.join(key_list)
        node.key = new_key
        node.parent_key = compute_parent_key(node.key)
    # 批量更新
    print(f'Bulk update nodes `key` and `parent_key`, (count: {len(nodes)})')
    Node.objects.bulk_update(nodes, ['key', 'parent_key'])
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0062_auto_20201117_1938'),
    ]
    operations = [
        migrations.RunPython(migrate_default_node_key)
    ]
--- a/apps/assets/migrations/0064_auto_20201203_1100.py
+++ b/apps/assets/migrations/0064_auto_20201203_1100.py
@@ -0,0 +1,17 @@
 # Generated by Django 3.1 on 2020-12-03 03:00
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0063_migrate_default_node_key'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='node',
            options={'ordering': ['parent_key', 'value'], 'verbose_name': 'Node'},
        ),
    ]
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@@ -47,6 +47,10 @@ class AssetManager(OrgManager):
        )
 class AssetOrgManager(OrgManager):
    pass
 class AssetQuerySet(models.QuerySet):
    def active(self):
        return self.filter(is_active=True)
@@ -221,11 +225,12 @@ class Asset(ProtocolsMixin, NodesRelationMixin, OrgModelMixin):
    hostname_raw = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Hostname raw'))
    labels = models.ManyToManyField('assets.Label', blank=True, related_name='assets', verbose_name=_("Labels"))
-    created_by = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Created by'))
+    created_by = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('Created by'))
    date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
-    comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
+    comment = models.TextField(default='', blank=True, verbose_name=_('Comment'))
    objects = AssetManager.from_queryset(AssetQuerySet)()
    org_objects = AssetOrgManager.from_queryset(AssetQuerySet)()
    _connectivity = None
    def __str__(self):
@@ -308,6 +313,12 @@ class Asset(ProtocolsMixin, NodesRelationMixin, OrgModelMixin):
        }
        return info
    def nodes_display(self):
        names = []
        for n in self.nodes.all():
            names.append(n.full_value)
        return names
    def as_node(self):
        from .node import Node
        fake_node = Node()
@@ -350,36 +361,4 @@ class Asset(ProtocolsMixin, NodesRelationMixin, OrgModelMixin):
    class Meta:
        unique_together = [('org_id', 'hostname')]
        verbose_name = _("Asset")
-
+        ordering = ["hostname", "ip"]
    @classmethod
    def generate_fake(cls, count=100):
        from .user import AdminUser, SystemUser
        from random import seed, choice
        from django.db import IntegrityError
        from .node import Node
        from orgs.utils import get_current_org
        from orgs.models import Organization
        org = get_current_org()
        if not org or not org.is_real():
            Organization.default().change_to()
        nodes = list(Node.objects.all())
        seed()
        for i in range(count):
            ip = [str(i) for i in random.sample(range(255), 4)]
            asset = cls(ip='.'.join(ip),
                        hostname='.'.join(ip),
                        admin_user=choice(AdminUser.objects.all()),
                        created_by='Fake')
            try:
                asset.save()
                asset.protocols = 'ssh/22'
                if nodes and len(nodes) > 3:
                    _nodes = random.sample(nodes, 3)
                else:
                    _nodes = [Node.default_node()]
                asset.nodes.set(_nodes)
                logger.debug('Generate fake asset : %s' % asset.ip)
            except IntegrityError:
                print('Error continue')
                continue
--- a/apps/assets/models/authbook.py
+++ b/apps/assets/models/authbook.py
@@ -3,7 +3,6 @@
 from django.db import models, transaction
 from django.db.models import Max
 from django.core.cache import cache
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.models import OrgManager
@@ -59,19 +58,17 @@ class AuthBook(BaseUser):
        """
        username = kwargs['username']
        asset = kwargs['asset']
-        key_lock = 'KEY_LOCK_CREATE_AUTH_BOOK_{}_{}'.format(username, asset.id)
+        with transaction.atomic():
-        with cache.lock(key_lock):
+            # 使用select_for_update限制并发创建相同的username、asset条目
-            with transaction.atomic():
+            instances = cls.objects.select_for_update().filter(username=username, asset=asset)
-                cls.objects.filter(
+            instances.filter(is_latest=True).update(is_latest=False)
-                    username=username, asset=asset, is_latest=True
+            max_version = cls.get_max_version(username, asset)
-                ).update(is_latest=False)
+            kwargs.update({
-                max_version = cls.get_max_version(username, asset)
+                'version': max_version + 1,
-                kwargs.update({
+                'is_latest': True
-                    'version': max_version + 1,
+            })
-                    'is_latest': True
+            obj = cls.objects.create(**kwargs)
-                })
+            return obj
                obj = cls.objects.create(**kwargs)
                return obj
    @property
    def connectivity(self):
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -158,9 +158,11 @@ class AuthMixin:
        if update_fields:
            self.save(update_fields=update_fields)
-    def has_special_auth(self, asset=None):
+    def has_special_auth(self, asset=None, username=None):
        from .authbook import AuthBook
-        queryset = AuthBook.objects.filter(username=self.username)
+        if username is None:
            username = self.username
        queryset = AuthBook.objects.filter(username=username)
        if asset:
            queryset = queryset.filter(asset=asset)
        return queryset.exists()
@@ -230,7 +232,7 @@ class AuthMixin:
 class BaseUser(OrgModelMixin, AuthMixin, ConnectivityMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    name = models.CharField(max_length=128, verbose_name=_('Name'))
-    username = models.CharField(max_length=32, blank=True, verbose_name=_('Username'), validators=[alphanumeric], db_index=True)
+    username = models.CharField(max_length=128, blank=True, verbose_name=_('Username'), validators=[alphanumeric], db_index=True)
    password = fields.EncryptCharField(max_length=256, blank=True, null=True, verbose_name=_('Password'))
    private_key = fields.EncryptTextField(blank=True, null=True, verbose_name=_('SSH private key'))
    public_key = fields.EncryptTextField(blank=True, null=True, verbose_name=_('SSH public key'))
--- a/apps/assets/models/cluster.py
+++ b/apps/assets/models/cluster.py
@@ -38,27 +38,3 @@ class Cluster(models.Model):
    class Meta:
        ordering = ['name']
        verbose_name = _("Cluster")
    @classmethod
    def generate_fake(cls, count=5):
        from random import seed, choice
        import forgery_py
        from django.db import IntegrityError
        seed()
        for i in range(count):
            cluster = cls(name=forgery_py.name.full_name(),
                          bandwidth='200M',
                          contact=forgery_py.name.full_name(),
                          phone=forgery_py.address.phone(),
                          address=forgery_py.address.city() + forgery_py.address.street_address(),
                          # operator=choice(['北京联通', '北京电信', 'BGP全网通']),
                          operator=choice([_('Beijing unicom'), _('Beijing telecom'), _('BGP full netcom')]),
                          comment=forgery_py.lorem_ipsum.sentence(),
                          created_by='Fake')
            try:
                cluster.save()
                logger.debug('Generate fake asset group: %s' % cluster.name)
            except IntegrityError:
                print('Error continue')
                continue
--- a/apps/assets/models/cmd_filter.py
+++ b/apps/assets/models/cmd_filter.py
@@ -18,7 +18,7 @@ __all__ = [
 class CommandFilter(OrgModelMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
-    name = models.CharField(max_length=64, unique=True, verbose_name=_("Name"))
+    name = models.CharField(max_length=64, verbose_name=_("Name"))
    is_active = models.BooleanField(default=True, verbose_name=_('Is active'))
    comment = models.TextField(blank=True, default='', verbose_name=_("Comment"))
    date_created = models.DateTimeField(auto_now_add=True)
@@ -29,6 +29,7 @@ class CommandFilter(OrgModelMixin):
        return self.name
    class Meta:
        unique_together = [('org_id', 'name')]
        verbose_name = _("Command filter")
@@ -51,7 +52,7 @@ class CommandFilterRule(OrgModelMixin):
    type = models.CharField(max_length=16, default=TYPE_COMMAND, choices=TYPE_CHOICES, verbose_name=_("Type"))
    priority = models.IntegerField(default=50, verbose_name=_("Priority"), help_text=_("1-100, the higher will be match first"),
                                   validators=[MinValueValidator(1), MaxValueValidator(100)])
-    content = models.TextField(max_length=1024, verbose_name=_("Content"), help_text=_("One line one command"))
+    content = models.TextField(verbose_name=_("Content"), help_text=_("One line one command"))
    action = models.IntegerField(default=ACTION_DENY, choices=ACTION_CHOICES, verbose_name=_("Action"))
    comment = models.CharField(max_length=64, blank=True, default='', verbose_name=_("Comment"))
    date_created = models.DateTimeField(auto_now_add=True)
--- a/apps/assets/models/domain.py
+++ b/apps/assets/models/domain.py
@@ -9,6 +9,7 @@ import paramiko
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from common.utils.strings import no_special_chars
 from orgs.mixins.models import OrgModelMixin
 from .base import BaseUser
@@ -17,13 +18,14 @@ __all__ = ['Domain', 'Gateway']
 class Domain(OrgModelMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
-    name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
+    name = models.CharField(max_length=128, verbose_name=_('Name'))
    comment = models.TextField(blank=True, verbose_name=_('Comment'))
    date_created = models.DateTimeField(auto_now_add=True, null=True,
                                        verbose_name=_('Date created'))
    class Meta:
        verbose_name = _("Domain")
        unique_together = [('org_id', 'name')]
    def __str__(self):
        return self.name
@@ -46,7 +48,7 @@ class Gateway(BaseUser):
        (PROTOCOL_SSH, 'ssh'),
        (PROTOCOL_RDP, 'rdp'),
    )
-    ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True)
+    ip = models.CharField(max_length=128, verbose_name=_('IP'), db_index=True)
    port = models.IntegerField(default=22, verbose_name=_('Port'))
    protocol = models.CharField(choices=PROTOCOL_CHOICES, max_length=16, default=PROTOCOL_SSH, verbose_name=_("Protocol"))
    domain = models.ForeignKey(Domain, on_delete=models.CASCADE, verbose_name=_("Domain"))
@@ -63,8 +65,8 @@ class Gateway(BaseUser):
    def test_connective(self, local_port=None):
        if local_port is None:
            local_port = self.port
-        if self.password and not re.match(r'\w+$', self.password):
+        if self.password and not no_special_chars(self.password):
-            return False, _("Password should not contain special characters")
+            return False, _("Password should not contains special characters")
        client = paramiko.SSHClient()
        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
--- a/apps/assets/models/favorite_asset.py
+++ b/apps/assets/models/favorite_asset.py
@@ -18,3 +18,15 @@ class FavoriteAsset(CommonModelMixin):
    @classmethod
    def get_user_favorite_assets_id(cls, user):
        return cls.objects.filter(user=user).values_list('asset', flat=True)
    @classmethod
    def get_user_favorite_assets(cls, user, asset_perms_id=None):
        from assets.models import Asset
        from perms.utils.asset.user_permission import get_user_granted_all_assets
        asset_ids = get_user_granted_all_assets(
            user,
            via_mapping_node=False,
            asset_perms_id=asset_perms_id
        ).values_list('id', flat=True)
        query_name = cls.asset.field.related_query_name()
        return Asset.org_objects.filter(**{f'{query_name}__user_id': user.id}, id__in=asset_ids).distinct()
--- a/apps/assets/models/group.py
+++ b/apps/assets/models/group.py
@@ -33,21 +33,3 @@ class AssetGroup(models.Model):
    def initial(cls):
        asset_group = cls(name=_('Default'), comment=_('Default asset group'))
        asset_group.save()
    @classmethod
    def generate_fake(cls, count=100):
        from random import seed
        import forgery_py
        from django.db import IntegrityError
        seed()
        for i in range(count):
            group = cls(name=forgery_py.name.full_name(),
                        comment=forgery_py.lorem_ipsum.sentence(),
                        created_by='Fake')
            try:
                group.save()
                logger.debug('Generate fake asset group: %s' % group.name)
            except IntegrityError:
                print('Error continue')
                continue
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -2,132 +2,35 @@
 #
 import uuid
 import re
 import time
 from django.db import models, transaction
 from django.db.models import Q
 from django.db.utils import IntegrityError
 from django.utils.translation import ugettext_lazy as _
 from django.utils.translation import ugettext
-from django.core.cache import cache
+from django.db.transaction import atomic
-from common.utils import get_logger, lazyproperty
+from common.utils import get_logger
 from common.utils.common import lazyproperty
 from orgs.mixins.models import OrgModelMixin, OrgManager
-from orgs.utils import get_current_org, tmp_to_org, current_org
+from orgs.utils import get_current_org, tmp_to_org
 from orgs.models import Organization
-__all__ = ['Node']
+__all__ = ['Node', 'FamilyMixin', 'compute_parent_key']
 logger = get_logger(__name__)
 def compute_parent_key(key):
    try:
        return key[:key.rindex(':')]
    except ValueError:
        return ''
 class NodeQuerySet(models.QuerySet):
    def delete(self):
-        raise PermissionError("Bulk delete node deny")
+        raise NotImplementedError
 class TreeCache:
    updated_time_cache_key = 'NODE_TREE_UPDATED_AT_{}'
    cache_time = 3600
    assets_updated_time_cache_key = 'NODE_TREE_ASSETS_UPDATED_AT_{}'
    def __init__(self, tree, org_id):
        now = time.time()
        self.created_time = now
        self.assets_created_time = now
        self.tree = tree
        self.org_id = org_id
    def _has_changed(self, tp="tree"):
        if tp == "assets":
            key = self.assets_updated_time_cache_key.format(self.org_id)
        else:
            key = self.updated_time_cache_key.format(self.org_id)
        updated_time = cache.get(key, 0)
        if updated_time > self.created_time:
            return True
        else:
            return False
    @classmethod
    def set_changed(cls, tp="tree", t=None, org_id=None):
        if org_id is None:
            org_id = current_org.id
        if tp == "assets":
            key = cls.assets_updated_time_cache_key.format(org_id)
        else:
            key = cls.updated_time_cache_key.format(org_id)
        ttl = cls.cache_time
        if not t:
            t = time.time()
        cache.set(key, t, ttl)
    def tree_has_changed(self):
        return self._has_changed("tree")
    def set_tree_changed(self, t=None):
        logger.debug("Set tree tree changed")
        self.__class__.set_changed(t=t, tp="tree")
    def assets_has_changed(self):
        return self._has_changed("assets")
    def set_tree_assets_changed(self, t=None):
        logger.debug("Set tree assets changed")
        self.__class__.set_changed(t=t, tp="assets")
    def get(self):
        if self.tree_has_changed():
            self.renew()
            return self.tree
        if self.assets_has_changed():
            self.tree.init_assets()
        return self.tree
    def renew(self):
        new_obj = self.__class__.new(self.org_id)
        self.tree = new_obj.tree
        self.created_time = new_obj.created_time
        self.assets_created_time = new_obj.assets_created_time
    @classmethod
    def new(cls, org_id=None):
        from ..utils import TreeService
        logger.debug("Create node tree")
        if not org_id:
            org_id = current_org.id
        with tmp_to_org(org_id):
            tree = TreeService.new()
            obj = cls(tree, org_id)
            obj.tree = tree
            return obj
 class TreeMixin:
    _org_tree_map = {}
    @classmethod
    def tree(cls):
        org_id = current_org.org_id()
        t = cls.get_local_tree_cache(org_id)
        if t is None:
            t = TreeCache.new()
            cls._org_tree_map[org_id] = t
        return t.get()
    @classmethod
    def get_local_tree_cache(cls, org_id=None):
        t = cls._org_tree_map.get(org_id)
        return t
    @classmethod
    def refresh_tree(cls, t=None):
        TreeCache.set_changed(tp="tree", t=t, org_id=current_org.id)
    @classmethod
    def refresh_node_assets(cls, t=None):
        TreeCache.set_changed(tp="assets", t=t, org_id=current_org.id)
 class FamilyMixin:
@@ -138,16 +41,16 @@ class FamilyMixin:
    @staticmethod
    def clean_children_keys(nodes_keys):
-        nodes_keys = sorted(list(nodes_keys), key=lambda x: (len(x), x))
+        sort_key = lambda k: [int(i) for i in k.split(':')]
        nodes_keys = sorted(list(nodes_keys), key=sort_key)
        nodes_keys_clean = []
-        for key in nodes_keys[::-1]:
+        base_key = ''
-            found = False
+        for key in nodes_keys:
-            for k in nodes_keys:
+            if key.startswith(base_key + ':'):
-                if key.startswith(k + ':'):
+                continue
-                    found = True
+            nodes_keys_clean.append(key)
-                    break
+            base_key = key
            if not found:
                nodes_keys_clean.append(key)
        return nodes_keys_clean
    @classmethod
@@ -175,13 +78,16 @@ class FamilyMixin:
        return re.match(children_pattern, self.key)
    def get_children(self, with_self=False):
-        pattern = self.get_children_key_pattern(with_self=with_self)
+        q = Q(parent_key=self.key)
-        return Node.objects.filter(key__regex=pattern)
+        if with_self:
            q |= Q(key=self.key)
        return Node.objects.filter(q)
    def get_all_children(self, with_self=False):
-        pattern = self.get_all_children_pattern(with_self=with_self)
+        q = Q(key__istartswith=f'{self.key}:')
-        children = Node.objects.filter(key__regex=pattern)
+        if with_self:
-        return children
+            q |= Q(key=self.key)
        return Node.objects.filter(q)
    @property
    def children(self):
@@ -191,14 +97,30 @@ class FamilyMixin:
    def all_children(self):
        return self.get_all_children(with_self=False)
-    def create_child(self, value, _id=None):
+    def create_child(self, value=None, _id=None):
-        with transaction.atomic():
+        with atomic(savepoint=False):
            child_key = self.get_next_child_key()
            if value is None:
                value = child_key
            child = self.__class__.objects.create(
                id=_id, key=child_key, value=value
            )
            return child
    def get_or_create_child(self, value, _id=None):
        """
        :return: Node, bool (created)
        """
        children = self.get_children()
        exist = children.filter(value=value).exists()
        if exist:
            child = children.filter(value=value).first()
            created = False
        else:
            child = self.create_child(value, _id)
            created = True
        return child, created
    def get_next_child_key(self):
        mark = self.child_mark
        self.child_mark += 1
@@ -241,10 +163,13 @@ class FamilyMixin:
        ancestor_keys = self.get_ancestor_keys(with_self=with_self)
        return self.__class__.objects.filter(key__in=ancestor_keys)
-    @property
+    # @property
-    def parent_key(self):
+    # def parent_key(self):
-        parent_key = ":".join(self.key.split(":")[:-1])
+    #     parent_key = ":".join(self.key.split(":")[:-1])
-        return parent_key
+    #     return parent_key
    def compute_parent_key(self):
        return compute_parent_key(self.key)
    def is_parent(self, other):
        return other.is_children(self)
@@ -280,45 +205,63 @@ class FamilyMixin:
            sibling = sibling.exclude(key=self.key)
        return sibling
    @classmethod
    def create_node_by_full_value(cls, full_value):
        if not full_value:
            return []
        nodes_family = full_value.split('/')
        nodes_family = [v for v in nodes_family if v]
        org_root = cls.org_root()
        if nodes_family[0] == org_root.value:
            nodes_family = nodes_family[1:]
        return cls.create_nodes_recurse(nodes_family, org_root)
    @classmethod
    def create_nodes_recurse(cls, values, parent=None):
        values = [v for v in values if v]
        if not values:
            return None
        if parent is None:
            parent = cls.org_root()
        value = values[0]
        child, created = parent.get_or_create_child(value=value)
        if len(values) == 1:
            return child
        return cls.create_nodes_recurse(values[1:], child)
    def get_family(self):
        ancestors = self.get_ancestors()
        children = self.get_all_children()
        return [*tuple(ancestors), self, *tuple(children)]
 class FullValueMixin:
    key = ''
    @lazyproperty
    def full_value(self):
        if self.is_org_root():
            return self.value
        value = self.tree().get_node_full_tag(self.key)
        return value
 class NodeAssetsMixin:
    key = ''
    id = None
    @lazyproperty
    def assets_amount(self):
        amount = self.tree().assets_amount(self.key)
        return amount
    def get_all_assets(self):
        from .asset import Asset
-        if self.is_org_root():
+        q = Q(nodes__key__startswith=f'{self.key}:') | Q(nodes__key=self.key)
-            return Asset.objects.filter(org_id=self.org_id)
+        return Asset.objects.filter(q).distinct()
-        pattern = '^{0}$|^{0}:'.format(self.key)
+
-        return Asset.objects.filter(nodes__key__regex=pattern).distinct()
+    @classmethod
    def get_node_all_assets_by_key_v2(cls, key):
        # 最初的写法是：
        #   Asset.objects.filter(Q(nodes__key__startswith=f'{node.key}:') | Q(nodes__id=node.id))
        #   可是 startswith 会导致表关联时 Asset 索引失效
        from .asset import Asset
        node_ids = cls.objects.filter(
            Q(key__startswith=f'{key}:') |
            Q(key=key)
        ).values_list('id', flat=True).distinct()
        assets = Asset.objects.filter(
            nodes__id__in=list(node_ids)
        ).distinct()
        return assets
    def get_assets(self):
        from .asset import Asset
-        if self.is_org_root():
+        assets = Asset.objects.filter(nodes=self)
            assets = Asset.objects.filter(Q(nodes=self) | Q(nodes__isnull=True))
        else:
            assets = Asset.objects.filter(nodes=self)
        return assets.distinct()
    def get_valid_assets(self):
@@ -327,51 +270,54 @@ class NodeAssetsMixin:
    def get_all_valid_assets(self):
        return self.get_all_assets().valid()
    @classmethod
    def _get_nodes_all_assets(cls, nodes_keys):
        """
        当节点比较多的时候，这种正则方式性能差极了
        :param nodes_keys:
        :return:
        """
        from .asset import Asset
        nodes_keys = cls.clean_children_keys(nodes_keys)
        nodes_children_pattern = set()
        for key in nodes_keys:
            children_pattern = cls.get_node_all_children_key_pattern(key)
            nodes_children_pattern.add(children_pattern)
        pattern = '|'.join(nodes_children_pattern)
        return Asset.objects.filter(nodes__key__regex=pattern).distinct()
    @classmethod
    def get_nodes_all_assets_ids(cls, nodes_keys):
-        nodes_keys = cls.clean_children_keys(nodes_keys)
+        assets_ids = cls.get_nodes_all_assets(nodes_keys).values_list('id', flat=True)
        assets_ids = set()
        for key in nodes_keys:
            node_assets_ids = cls.tree().all_assets(key)
            assets_ids.update(set(node_assets_ids))
        return assets_ids
    @classmethod
    def get_nodes_all_assets(cls, nodes_keys, extra_assets_ids=None):
        from .asset import Asset
        nodes_keys = cls.clean_children_keys(nodes_keys)
-        assets_ids = cls.get_nodes_all_assets_ids(nodes_keys)
+        q = Q()
        node_ids = ()
        for key in nodes_keys:
            q |= Q(key__startswith=f'{key}:')
            q |= Q(key=key)
        if q:
            node_ids = Node.objects.filter(q).distinct().values_list('id', flat=True)
        q = Q(nodes__id__in=list(node_ids))
        if extra_assets_ids:
-            assets_ids.update(set(extra_assets_ids))
+            q |= Q(id__in=extra_assets_ids)
-        return Asset.objects.filter(id__in=assets_ids)
+        if q:
            return Asset.org_objects.filter(q).distinct()
        else:
            return Asset.objects.none()
 class SomeNodesMixin:
    key = ''
    default_key = '1'
    default_value = 'Default'
    ungrouped_key = '-10'
    ungrouped_value = _('ungrouped')
    empty_key = '-11'
    empty_value = _("empty")
-    favorite_key = '-12'
+
-    favorite_value = _("favorite")
+    @classmethod
    def default_node(cls):
        with tmp_to_org(Organization.default()):
            defaults = {'value': cls.default_value}
            try:
                obj, created = cls.objects.get_or_create(
                    defaults=defaults, key=cls.default_key,
                )
            except IntegrityError as e:
                logger.error("Create default node failed: {}".format(e))
                cls.modify_other_org_root_node_key()
                obj, created = cls.objects.get_or_create(
                    defaults=defaults, key=cls.default_key,
                )
            return obj
    def is_default_node(self):
        return self.key == self.default_key
@@ -406,51 +352,18 @@ class SomeNodesMixin:
    @classmethod
    def org_root(cls):
-        root = cls.objects.filter(key__regex=r'^[0-9]+$')
+        root = cls.objects.filter(parent_key='')\
            .filter(key__regex=r'^[0-9]+$')\
            .exclude(key__startswith='-')\
            .order_by('key')
        if root:
            return root[0]
        else:
            return cls.create_org_root_node()
    @classmethod
    def ungrouped_node(cls):
        with tmp_to_org(Organization.system()):
            defaults = {'value': cls.ungrouped_value}
            obj, created = cls.objects.get_or_create(
                defaults=defaults, key=cls.ungrouped_key
            )
            return obj
    @classmethod
    def default_node(cls):
        with tmp_to_org(Organization.default()):
            defaults = {'value': cls.default_value}
            try:
                obj, created = cls.objects.get_or_create(
                    defaults=defaults, key=cls.default_key,
                )
            except IntegrityError as e:
                logger.error("Create default node failed: {}".format(e))
                cls.modify_other_org_root_node_key()
                obj, created = cls.objects.get_or_create(
                    defaults=defaults, key=cls.default_key,
                )
            return obj
    @classmethod
    def favorite_node(cls):
        with tmp_to_org(Organization.system()):
            defaults = {'value': cls.favorite_value}
            obj, created = cls.objects.get_or_create(
                defaults=defaults, key=cls.favorite_key
            )
            return obj
    @classmethod
    def initial_some_nodes(cls):
        cls.default_node()
        cls.ungrouped_node()
        cls.favorite_node()
    @classmethod
    def modify_other_org_root_node_key(cls):
@@ -482,12 +395,16 @@ class SomeNodesMixin:
                    logger.info('Modify key ( {} > {} )'.format(old_key, new_key))
-class Node(OrgModelMixin, SomeNodesMixin, TreeMixin, FamilyMixin, FullValueMixin, NodeAssetsMixin):
+class Node(OrgModelMixin, SomeNodesMixin, FamilyMixin, NodeAssetsMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    key = models.CharField(unique=True, max_length=64, verbose_name=_("Key"))  # '1:1:1:1'
    value = models.CharField(max_length=128, verbose_name=_("Value"))
    full_value = models.CharField(max_length=4096, verbose_name=_('Full value'), default='')
    child_mark = models.IntegerField(default=0)
    date_create = models.DateTimeField(auto_now_add=True)
    parent_key = models.CharField(max_length=64, verbose_name=_("Parent key"),
                                  db_index=True, default='')
    assets_amount = models.IntegerField(default=0)
    objects = OrgManager.from_queryset(NodeQuerySet)()
    is_node = True
@@ -495,10 +412,10 @@ class Node(OrgModelMixin, SomeNodesMixin, TreeMixin, FamilyMixin, FullValueMixin
    class Meta:
        verbose_name = _("Node")
-        ordering = ['key']
+        ordering = ['parent_key', 'value']
    def __str__(self):
-        return self.value
+        return self.full_value
    # def __eq__(self, other):
    #     if not other:
@@ -522,18 +439,19 @@ class Node(OrgModelMixin, SomeNodesMixin, TreeMixin, FamilyMixin, FullValueMixin
    def name(self):
        return self.value
    def computed_full_value(self):
        # 不要在列表中调用该属性
        values = self.__class__.objects.filter(
            key__in=self.get_ancestor_keys()
        ).values_list('key', 'value')
        values = [v for k, v in sorted(values, key=lambda x: len(x[0]))]
        values.append(str(self.value))
        return '/' + '/'.join(values)
    @property
    def level(self):
        return len(self.key.split(':'))
    @classmethod
    def refresh_nodes(cls):
        cls.refresh_tree()
    @classmethod
    def refresh_assets(cls):
        cls.refresh_node_assets()
    def as_tree_node(self):
        from common.tree import TreeNode
        name = '{} ({})'.format(self.value, self.assets_amount)
@@ -568,19 +486,26 @@ class Node(OrgModelMixin, SomeNodesMixin, TreeMixin, FamilyMixin, FullValueMixin
            return
        return super().delete(using=using, keep_parents=keep_parents)
-    @classmethod
+    def update_child_full_value(self):
-    def generate_fake(cls, count=100):
+        nodes = self.get_all_children(with_self=True)
-        import random
+        sort_key_func = lambda n: [int(i) for i in n.key.split(':')]
-        org = get_current_org()
+        nodes_sorted = sorted(list(nodes), key=sort_key_func)
-        if not org or not org.is_real():
+        nodes_mapper = {n.key: n for n in nodes_sorted}
-            Organization.default().change_to()
+        if not self.is_org_root():
-        nodes = list(cls.objects.all())
+            # 如果是org_root，那么parent_key为'', parent为自己，所以这种情况不处理
-        if count > 100:
+            # 更新自己时，自己的parent_key获取不到
-            length = 100
+            nodes_mapper.update({self.parent_key: self.parent})
-        else:
+        for node in nodes_sorted:
-            length = count
+            parent = nodes_mapper.get(node.parent_key)
            if not parent:
                if node.parent_key:
                    logger.error(f'Node parent node in mapper: {node.parent_key} {node.value}')
                continue
            node.full_value = parent.full_value + '/' + node.value
        self.__class__.objects.bulk_update(nodes, ['full_value'])
-        for i in range(length):
+    def save(self, *args, **kwargs):
-            node = random.choice(nodes)
+        self.full_value = self.computed_full_value()
-            child = node.create_child('Node {}'.format(i))
+        instance = super().save(*args, **kwargs)
-            print("{}. {}".format(i, child))
+        self.update_child_full_value()
        return instance
--- a/apps/assets/models/user.py
+++ b/apps/assets/models/user.py
@@ -9,6 +9,7 @@ from django.utils.translation import ugettext_lazy as _
 from django.core.validators import MinValueValidator, MaxValueValidator
 from common.utils import signer
 from common.fields.model import JsonListCharField
 from .base import BaseUser
 from .asset import Asset
@@ -64,26 +65,6 @@ class AdminUser(BaseUser):
        unique_together = [('name', 'org_id')]
        verbose_name = _("Admin user")
    @classmethod
    def generate_fake(cls, count=10):
        from random import seed
        import forgery_py
        from django.db import IntegrityError
        seed()
        for i in range(count):
            obj = cls(name=forgery_py.name.full_name(),
                      username=forgery_py.internet.user_name(),
                      password=forgery_py.lorem_ipsum.word(),
                      comment=forgery_py.lorem_ipsum.sentence(),
                      created_by='Fake')
            try:
                obj.save()
                logger.debug('Generate fake asset group: %s' % obj.name)
            except IntegrityError:
                print('Error continue')
                continue
 class SystemUser(BaseUser):
    PROTOCOL_SSH = 'ssh'
@@ -91,12 +72,20 @@ class SystemUser(BaseUser):
    PROTOCOL_TELNET = 'telnet'
    PROTOCOL_VNC = 'vnc'
    PROTOCOL_MYSQL = 'mysql'
    PROTOCOL_ORACLE = 'oracle'
    PROTOCOL_MARIADB = 'mariadb'
    PROTOCOL_POSTGRESQL = 'postgresql'
    PROTOCOL_K8S = 'k8s'
    PROTOCOL_CHOICES = (
        (PROTOCOL_SSH, 'ssh'),
        (PROTOCOL_RDP, 'rdp'),
        (PROTOCOL_TELNET, 'telnet'),
        (PROTOCOL_VNC, 'vnc'),
        (PROTOCOL_MYSQL, 'mysql'),
        (PROTOCOL_ORACLE, 'oracle'),
        (PROTOCOL_MARIADB, 'mariadb'),
        (PROTOCOL_POSTGRESQL, 'postgresql'),
        (PROTOCOL_K8S, 'k8s'),
    )
    LOGIN_AUTO = 'auto'
@@ -118,6 +107,10 @@ class SystemUser(BaseUser):
    login_mode = models.CharField(choices=LOGIN_MODE_CHOICES, default=LOGIN_AUTO, max_length=10, verbose_name=_('Login mode'))
    cmd_filters = models.ManyToManyField('CommandFilter', related_name='system_users', verbose_name=_("Command filter"), blank=True)
    sftp_root = models.CharField(default='tmp', max_length=128, verbose_name=_("SFTP Root"))
    token = models.TextField(default='', verbose_name=_('Token'))
    home = models.CharField(max_length=4096, default='', verbose_name=_('Home'), blank=True)
    system_groups = models.CharField(default='', max_length=4096, verbose_name=_('System groups'), blank=True)
    ad_domain = models.CharField(default='', max_length=256)
    _prefer = 'system_user'
    def __str__(self):
@@ -140,6 +133,24 @@ class SystemUser(BaseUser):
    def login_mode_display(self):
        return self.get_login_mode_display()
    @property
    def db_application_protocols(self):
        return [
            self.PROTOCOL_MYSQL, self.PROTOCOL_ORACLE, self.PROTOCOL_MARIADB,
            self.PROTOCOL_POSTGRESQL
        ]
    @property
    def cloud_application_protocols(self):
        return [self.PROTOCOL_K8S]
    @property
    def application_category_protocols(self):
        protocols = []
        protocols.extend(self.db_application_protocols)
        protocols.extend(self.cloud_application_protocols)
        return protocols
    def is_need_push(self):
        if self.auto_push and self.protocol in [self.PROTOCOL_SSH, self.PROTOCOL_RDP]:
            return True
@@ -152,11 +163,16 @@ class SystemUser(BaseUser):
    @property
    def is_need_test_asset_connective(self):
-        return self.protocol not in [self.PROTOCOL_MYSQL]
+        return self.protocol not in self.application_category_protocols
    def has_special_auth(self, asset=None, username=None):
        if username is None and self.username_same_with_user:
            raise TypeError('System user is dynamic, username should be pass')
        return super().has_special_auth(asset=asset, username=username)
    @property
    def can_perm_to_asset(self):
-        return self.protocol not in [self.PROTOCOL_MYSQL]
+        return self.protocol not in self.application_category_protocols
    def _merge_auth(self, other):
        super()._merge_auth(other)
@@ -193,23 +209,3 @@ class SystemUser(BaseUser):
        ordering = ['name']
        unique_together = [('name', 'org_id')]
        verbose_name = _("System user")
    @classmethod
    def generate_fake(cls, count=10):
        from random import seed
        import forgery_py
        from django.db import IntegrityError
        seed()
        for i in range(count):
            obj = cls(name=forgery_py.name.full_name(),
                      username=forgery_py.internet.user_name(),
                      password=forgery_py.lorem_ipsum.word(),
                      comment=forgery_py.lorem_ipsum.sentence(),
                      created_by='Fake')
            try:
                obj.save()
                logger.debug('Generate fake asset group: %s' % obj.name)
            except IntegrityError:
                print('Error continue')
                continue
--- a/apps/assets/pagination.py
+++ b/apps/assets/pagination.py
@@ -0,0 +1,39 @@
 from rest_framework.pagination import LimitOffsetPagination
 from rest_framework.request import Request
 from assets.models import Node
 class AssetLimitOffsetPagination(LimitOffsetPagination):
    """
    需要与 `assets.api.mixin.FilterAssetByNodeMixin` 配合使用
    """
    def get_count(self, queryset):
        """
        1. 如果查询节点下的所有资产，那 count 使用 Node.assets_amount
        2. 如果有其他过滤条件使用 super
        3. 如果只查询该节点下的资产使用 super
        """
        exclude_query_params = {
            self.limit_query_param,
            self.offset_query_param,
            'node', 'all', 'show_current_asset',
            'node_id', 'display', 'draw', 'fields_size',
        }
        for k, v in self._request.query_params.items():
            if k not in exclude_query_params and v is not None:
                return super().get_count(queryset)
        is_query_all = self._view.is_query_node_all_assets
        if is_query_all:
            node = self._view.node
            if not node:
                node = Node.org_root()
            return node.assets_amount
        return super().get_count(queryset)
    def paginate_queryset(self, queryset, request: Request, view=None):
        self._request = request
        self._view = view
        return super().paginate_queryset(queryset, request, view=None)
--- a/apps/assets/serializers/asset.py
+++ b/apps/assets/serializers/asset.py
@@ -1,13 +1,12 @@
 # -*- coding: utf-8 -*-
 #
 from rest_framework import serializers
-from django.db.models import Prefetch, F
+from django.db.models import F
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
-from common.serializers import AdaptedBulkListSerializer
+from ..models import Asset, Node, Platform
 from ..models import Asset, Node, Label, Platform
 from .base import ConnectivitySerializer
 __all__ = [
@@ -67,27 +66,41 @@ class AssetSerializer(BulkOrgResourceModelSerializer):
        slug_field='name', queryset=Platform.objects.all(), label=_("Platform")
    )
    protocols = ProtocolsField(label=_('Protocols'), required=False)
    domain_display = serializers.ReadOnlyField(source='domain.name', label=_('Domain name'))
    admin_user_display = serializers.ReadOnlyField(source='admin_user.name', label=_('Admin user name'))
    nodes_display = serializers.ListField(child=serializers.CharField(), label=_('Nodes name'), required=False)
    """
    资产的数据结构
    """
    class Meta:
        model = Asset
-        list_serializer_class = AdaptedBulkListSerializer
+        fields_mini = ['id', 'hostname', 'ip']
-        fields = [
+        fields_small = fields_mini + [
-            'id', 'ip', 'hostname', 'protocol', 'port',
+            'protocol', 'port', 'protocols', 'is_active', 'public_ip',
-            'protocols', 'platform', 'is_active', 'public_ip', 'domain',
+            'number', 'vendor', 'model', 'sn', 'cpu_model', 'cpu_count',
            'admin_user', 'nodes', 'labels', 'number', 'vendor', 'model', 'sn',
            'cpu_model', 'cpu_count', 'cpu_cores', 'cpu_vcpus', 'memory',
            'disk_total', 'disk_info', 'os', 'os_version', 'os_arch',
            'hostname_raw', 'comment', 'created_by', 'date_created',
            'hardware_info',
        ]
        read_only_fields = (
            'vendor', 'model', 'sn', 'cpu_model', 'cpu_count',
            'cpu_cores', 'cpu_vcpus', 'memory', 'disk_total', 'disk_info',
-            'os', 'os_version', 'os_arch', 'hostname_raw',
+            'os', 'os_version', 'os_arch', 'hostname_raw', 'comment',
            'created_by', 'date_created', 'hardware_info',
        ]
        fields_fk = [
            'admin_user', 'admin_user_display', 'domain', 'domain_display', 'platform'
        ]
        fk_only_fields = {
            'platform': ['name']
        }
        fields_m2m = [
            'nodes', 'nodes_display', 'labels',
        ]
        annotates_fields = {
            # 'admin_user_display': 'admin_user__name'
        }
        fields_as = list(annotates_fields.keys())
        fields = fields_small + fields_fk + fields_m2m + fields_as
        read_only_fields = [
            'created_by', 'date_created',
-        )
+        ] + fields_as
        extra_kwargs = {
            'protocol': {'write_only': True},
            'port': {'write_only': True},
@@ -98,11 +111,8 @@ class AssetSerializer(BulkOrgResourceModelSerializer):
    @classmethod
    def setup_eager_loading(cls, queryset):
        """ Perform necessary eager loading of data. """
-        queryset = queryset.prefetch_related(
+        queryset = queryset.select_related('admin_user', 'domain', 'platform')
-            Prefetch('nodes', queryset=Node.objects.all().only('id')),
+        queryset = queryset.prefetch_related('nodes', 'labels')
            Prefetch('labels', queryset=Label.objects.all().only('id')),
        ).select_related('admin_user', 'domain', 'platform') \
         .annotate(platform_base=F('platform__base'))
        return queryset
    def compatible_with_old_protocol(self, validated_data):
@@ -120,33 +130,45 @@ class AssetSerializer(BulkOrgResourceModelSerializer):
        if protocols_data:
            validated_data["protocols"] = ' '.join(protocols_data)
    def perform_nodes_display_create(self, instance, nodes_display):
        if not nodes_display:
            return
        nodes_to_set = []
        for full_value in nodes_display:
            node = Node.objects.filter(full_value=full_value).first()
            if node:
                nodes_to_set.append(node)
            else:
                node = Node.create_node_by_full_value(full_value)
            nodes_to_set.append(node)
        instance.nodes.set(nodes_to_set)
    def create(self, validated_data):
        self.compatible_with_old_protocol(validated_data)
        nodes_display = validated_data.pop('nodes_display', '')
        instance = super().create(validated_data)
        self.perform_nodes_display_create(instance, nodes_display)
        return instance
    def update(self, instance, validated_data):
        nodes_display = validated_data.pop('nodes_display', '')
        self.compatible_with_old_protocol(validated_data)
-        return super().update(instance, validated_data)
+        instance = super().update(instance, validated_data)
        self.perform_nodes_display_create(instance, nodes_display)
        return instance
 class AssetDisplaySerializer(AssetSerializer):
    connectivity = ConnectivitySerializer(read_only=True, label=_("Connectivity"))
    class Meta(AssetSerializer.Meta):
-        fields = [
+        fields = AssetSerializer.Meta.fields + [
-            'id', 'ip', 'hostname', 'protocol', 'port',
+            'connectivity',
            'protocols', 'is_active', 'public_ip',
            'number', 'vendor', 'model', 'sn',
            'cpu_model', 'cpu_count', 'cpu_cores', 'cpu_vcpus', 'memory',
            'disk_total', 'disk_info', 'os', 'os_version', 'os_arch',
            'hostname_raw', 'comment', 'created_by', 'date_created',
            'hardware_info', 'connectivity',
        ]
    @classmethod
    def setup_eager_loading(cls, queryset):
-        """ Perform necessary eager loading of data. """
+        queryset = super().setup_eager_loading(queryset)
        queryset = queryset\
            .annotate(admin_user_username=F('admin_user__username'))
        return queryset
--- a/apps/assets/serializers/cmd_filter.py
+++ b/apps/assets/serializers/cmd_filter.py
@@ -2,7 +2,6 @@
 #
 import re
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from common.fields import ChoiceDisplayField
 from common.serializers import AdaptedBulkListSerializer
@@ -27,11 +26,20 @@ class CommandFilterSerializer(BulkOrgResourceModelSerializer):
 class CommandFilterRuleSerializer(BulkOrgResourceModelSerializer):
-    serializer_choice_field = ChoiceDisplayField
+    # serializer_choice_field = ChoiceDisplayField
    invalid_pattern = re.compile(r'[\.\*\+\[\\\?\{\}\^\$\|\(\)\#\<\>]')
    type_display = serializers.ReadOnlyField(source='get_type_display')
    action_display = serializers.ReadOnlyField(source='get_action_display')
    class Meta:
        model = CommandFilterRule
        fields_mini = ['id']
        fields_small = fields_mini + [
           'type', 'type_display', 'content', 'priority',
           'action', 'action_display',
           'comment', 'created_by', 'date_created', 'date_updated'
        ]
        fields_fk = ['filter']
        fields = '__all__'
        list_serializer_class = AdaptedBulkListSerializer
--- a/apps/assets/serializers/domain.py
+++ b/apps/assets/serializers/domain.py
@@ -1,31 +1,44 @@
 # -*- coding: utf-8 -*-
 #
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from common.serializers import AdaptedBulkListSerializer
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
-
+from common.validators import NoSpecialChars
 from ..models import Domain, Gateway
 from .base import AuthSerializerMixin
 class DomainSerializer(BulkOrgResourceModelSerializer):
-    asset_count = serializers.SerializerMethodField()
+    asset_count = serializers.SerializerMethodField(label=_('Assets count'))
-    gateway_count = serializers.SerializerMethodField()
+    application_count = serializers.SerializerMethodField(label=_('Applications count'))
    gateway_count = serializers.SerializerMethodField(label=_('Gateways count'))
    class Meta:
        model = Domain
-        fields = [
+        fields_mini = ['id', 'name']
-            'id', 'name', 'asset_count', 'gateway_count', 'comment', 'assets',
+        fields_small = fields_mini + [
-            'date_created'
+            'comment', 'date_created'
        ]
-        read_only_fields = ( 'asset_count', 'gateway_count', 'date_created')
+        fields_m2m = [
            'asset_count', 'assets', 'application_count', 'gateway_count',
        ]
        fields = fields_small + fields_m2m
        read_only_fields = ('asset_count', 'gateway_count', 'date_created')
        extra_kwargs = {
            'assets': {'required': False, 'label': _('Assets')},
        }
        list_serializer_class = AdaptedBulkListSerializer
    @staticmethod
    def get_asset_count(obj):
        return obj.assets.count()
    @staticmethod
    def get_application_count(obj):
        return obj.applications.count()
    @staticmethod
    def get_gateway_count(obj):
        return obj.gateway_set.all().count()
@@ -40,6 +53,19 @@ class GatewaySerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
            'private_key', 'public_key', 'domain', 'is_active', 'date_created',
            'date_updated', 'created_by', 'comment',
        ]
        extra_kwargs = {
            'password': {'validators': [NoSpecialChars()]}
        }
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.protocol_limit_to_ssh()
    def protocol_limit_to_ssh(self):
        protocol_field = self.fields['protocol']
        choices = protocol_field.choices
        choices.pop('rdp')
        protocol_field._choices = choices
 class GatewayWithAuthSerializer(GatewaySerializer):
@@ -51,6 +77,8 @@ class GatewayWithAuthSerializer(GatewaySerializer):
        return fields
 class DomainWithGatewaySerializer(BulkOrgResourceModelSerializer):
    gateways = GatewayWithAuthSerializer(many=True, read_only=True)
--- a/apps/assets/serializers/gathered_user.py
+++ b/apps/assets/serializers/gathered_user.py
@@ -16,7 +16,7 @@ class GatheredUserSerializer(OrgResourceModelSerializerMixin):
            'present', 'date_created', 'date_updated'
        ]
        read_only_fields = fields
-        labels = {
+        extra_kwargs = {
-            'hostname': _("Hostname"),
+            'hostname': {'label': _("Hostname")},
-            'ip': "IP"
+            'ip': {'label': 'IP'},
        }
--- a/apps/assets/serializers/label.py
+++ b/apps/assets/serializers/label.py
@@ -20,6 +20,9 @@ class LabelSerializer(BulkOrgResourceModelSerializer):
        read_only_fields = (
            'category', 'date_created', 'asset_count', 'get_category_display'
        )
        extra_kwargs = {
            'assets': {'required': False}
        }
        list_serializer_class = AdaptedBulkListSerializer
    @staticmethod
--- a/apps/assets/serializers/node.py
+++ b/apps/assets/serializers/node.py
@@ -25,6 +25,9 @@ class NodeSerializer(BulkOrgResourceModelSerializer):
        read_only_fields = ['key', 'org_id']
    def validate_value(self, data):
        if '/' in data:
            error = _("Can't contains: " + "/")
            raise serializers.ValidationError(error)
        if self.instance:
            instance = self.instance
            siblings = instance.get_siblings()
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -6,7 +6,6 @@ from common.serializers import AdaptedBulkListSerializer
 from common.mixins.serializers import BulkSerializerMixin
 from common.utils import ssh_pubkey_gen
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from assets.models import Node
 from ..models import SystemUser, Asset
 from .base import AuthSerializerMixin
@@ -33,17 +32,20 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
            'login_mode', 'login_mode_display',
            'priority', 'username_same_with_user',
            'auto_push', 'cmd_filters', 'sudo', 'shell', 'comment',
-            'auto_generate_key', 'sftp_root',
+            'auto_generate_key', 'sftp_root', 'token',
-            'assets_amount',
+            'assets_amount', 'date_created', 'created_by',
            'home', 'system_groups', 'ad_domain'
        ]
        extra_kwargs = {
            'password': {"write_only": True},
            'public_key': {"write_only": True},
            'private_key': {"write_only": True},
-            'nodes_amount': {'label': _('Node')},
+            'token': {"write_only": True},
-            'assets_amount': {'label': _('Asset')},
+            'nodes_amount': {'label': _('Nodes amount')},
            'assets_amount': {'label': _('Assets amount')},
            'login_mode_display': {'label': _('Login mode display')},
            'created_by': {'read_only': True},
            'ad_domain': {'required': False, 'allow_blank': True, 'label': _('Ad domain')},
        }
    def validate_auto_push(self, value):
@@ -143,16 +145,28 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
 class SystemUserListSerializer(SystemUserSerializer):
    class Meta(SystemUserSerializer.Meta):
        fields = [
            'id', 'name', 'username', 'protocol',
            'password', 'public_key', 'private_key',
            'login_mode', 'login_mode_display',
            'priority', "username_same_with_user",
            'auto_push', 'sudo', 'shell', 'comment',
-            "assets_amount",
+            "assets_amount", 'home', 'system_groups',
-            'auto_generate_key',
+            'auto_generate_key', 'ad_domain',
            'sftp_root',
        ]
        extra_kwargs = {
            'password': {"write_only": True},
            'public_key': {"write_only": True},
            'private_key': {"write_only": True},
            'nodes_amount': {'label': _('Nodes amount')},
            'assets_amount': {'label': _('Assets amount')},
            'login_mode_display': {'label': _('Login mode display')},
            'created_by': {'read_only': True},
            'ad_domain': {'label': _('Ad domain')},
        }
    @classmethod
    def setup_eager_loading(cls, queryset):
@@ -169,7 +183,8 @@ class SystemUserWithAuthInfoSerializer(SystemUserSerializer):
            'login_mode', 'login_mode_display',
            'priority', 'username_same_with_user',
            'auto_push', 'sudo', 'shell', 'comment',
-            'auto_generate_key', 'sftp_root',
+            'auto_generate_key', 'sftp_root', 'token',
            'ad_domain',
        ]
        extra_kwargs = {
            'nodes_amount': {'label': _('Node')},
@@ -219,15 +234,8 @@ class SystemUserNodeRelationSerializer(RelationMixin, serializers.ModelSerialize
            'id', 'node', "node_display",
        ]
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.tree = Node.tree()
    def get_node_display(self, obj):
-        if hasattr(obj, 'node_key'):
+        return obj.node.full_value
            return self.tree.get_node_full_tag(obj.node_key)
        else:
            return obj.node.full_value
 class SystemUserUserRelationSerializer(RelationMixin, serializers.ModelSerializer):
@@ -249,4 +257,8 @@ class SystemUserTaskSerializer(serializers.Serializer):
    asset = serializers.PrimaryKeyRelatedField(
        queryset=Asset.objects, allow_null=True, required=False, write_only=True
    )
    assets = serializers.PrimaryKeyRelatedField(
        queryset=Asset.objects, allow_null=True, required=False, write_only=True,
        many=True
    )
    task = serializers.CharField(read_only=True)
--- a/apps/assets/signals_handler.py
+++ b/apps/assets/signals_handler.py
@@ -1,17 +1,20 @@
 # -*- coding: utf-8 -*-
 #
-from collections import defaultdict
+from operator import add, sub
 from assets.utils import is_asset_exists_in_node
 from django.db.models.signals import (
-    post_save, m2m_changed, post_delete
+    post_save, m2m_changed, pre_delete, post_delete, pre_save
 )
-from django.db.models.aggregates import Count
+from django.db.models import Q, F
 from django.dispatch import receiver
 from common.exceptions import M2MReverseNotAllowed
 from common.const.signals import PRE_ADD, POST_ADD, POST_REMOVE, PRE_CLEAR, PRE_REMOVE
 from common.utils import get_logger
 from common.decorator import on_transaction_commit
-from orgs.utils import tmp_to_root_org
+from .models import Asset, SystemUser, Node, compute_parent_key
-from .models import Asset, SystemUser, Node, AuthBook
+from users.models import User
 from .utils import TreeService
 from .tasks import (
    update_assets_hardware_info_util,
    test_asset_connectivity_util,
@@ -34,6 +37,11 @@ def test_asset_conn_on_created(asset):
    test_asset_connectivity_util.delay([asset])
@receiver(pre_save, sender=Node)
 def on_node_pre_save(sender, instance: Node, **kwargs):
    instance.parent_key = instance.compute_parent_key()
@receiver(post_save, sender=Asset)
@on_transaction_commit
 def on_asset_created_or_update(sender, instance=None, created=False, **kwargs):
@@ -54,17 +62,9 @@ def on_asset_created_or_update(sender, instance=None, created=False, **kwargs):
            instance.nodes.add(Node.org_root())
@receiver(post_delete, sender=Asset)
 def on_asset_delete(sender, instance=None, **kwargs):
    """
    当资产删除时，刷新节点，节点中存在节点和资产的关系
    """
    logger.debug("Asset delete signal recv: {}".format(instance))
    Node.refresh_assets()
@receiver(post_save, sender=SystemUser, dispatch_uid="jms")
-def on_system_user_update(sender, instance=None, created=True, **kwargs):
+@on_transaction_commit
 def on_system_user_update(instance: SystemUser, created, **kwargs):
    """
    当系统用户更新时，可能更新了秘钥，用户名等，这时要自动推送系统用户到资产上,
    其实应该当 用户名，密码，秘钥 sudo等更新时再推送，这里偷个懒,
@@ -74,53 +74,57 @@ def on_system_user_update(sender, instance=None, created=True, **kwargs):
    if instance and not created:
        logger.info("System user update signal recv: {}".format(instance))
        assets = instance.assets.all().valid()
-        push_system_user_to_assets.delay(instance, assets)
+        push_system_user_to_assets.delay(instance.id, [_asset.id for _asset in assets])
@receiver(m2m_changed, sender=SystemUser.assets.through)
-def on_system_user_assets_change(sender, instance=None, action='', model=None, pk_set=None, **kwargs):
+@on_transaction_commit
 def on_system_user_assets_change(instance, action, model, pk_set, **kwargs):
    """
    当系统用户和资产关系发生变化时，应该重新推送系统用户到新添加的资产中
    """
-    if action != "post_add":
+    if action != POST_ADD:
        return
    logger.debug("System user assets change signal recv: {}".format(instance))
    queryset = model.objects.filter(pk__in=pk_set)
    if model == Asset:
-        system_users = [instance]
+        system_users_id = [instance.id]
-        assets = queryset
+        assets_id = pk_set
    else:
-        system_users = queryset
+        system_users_id = pk_set
-        assets = [instance]
+        assets_id = [instance.id]
-    for system_user in system_users:
+    for system_user_id in system_users_id:
-        push_system_user_to_assets.delay(system_user, assets)
+        push_system_user_to_assets.delay(system_user_id, assets_id)
@receiver(m2m_changed, sender=SystemUser.users.through)
-def on_system_user_users_change(sender, instance=None, action='', model=None, pk_set=None, **kwargs):
+@on_transaction_commit
 def on_system_user_users_change(sender, instance: SystemUser, action, model, pk_set, reverse, **kwargs):
    """
    当系统用户和用户关系发生变化时，应该重新推送系统用户资产中
    """
-    if action != "post_add":
+    if action != POST_ADD:
        return
    if reverse:
        raise M2MReverseNotAllowed
    if not instance.username_same_with_user:
        return
    logger.debug("System user users change signal recv: {}".format(instance))
-    queryset = model.objects.filter(pk__in=pk_set)
+    usernames = model.objects.filter(pk__in=pk_set).values_list('username', flat=True)
-    if model == SystemUser:
+
-        system_users = queryset
+    for username in usernames:
-    else:
+        push_system_user_to_assets_manual.delay(instance, username)
        system_users = [instance]
    for s in system_users:
        push_system_user_to_assets_manual.delay(s)
@receiver(m2m_changed, sender=SystemUser.nodes.through)
@on_transaction_commit
 def on_system_user_nodes_change(sender, instance=None, action=None, model=None, pk_set=None, **kwargs):
    """
    当系统用户和节点关系发生变化时，应该将节点下资产关联到新的系统用户上
    """
-    if action != "post_add":
+    if action != POST_ADD:
        return
    logger.info("System user nodes update signal recv: {}".format(instance))
@@ -135,102 +139,217 @@ def on_system_user_nodes_change(sender, instance=None, action=None, model=None,
@receiver(m2m_changed, sender=SystemUser.groups.through)
-def on_system_user_groups_change(sender, instance=None, action=None, model=None,
+def on_system_user_groups_change(instance, action, pk_set, reverse, **kwargs):
                                 pk_set=None, reverse=False, **kwargs):
    """
    当系统用户和用户组关系发生变化时，应该将组下用户关联到新的系统用户上
    """
-    if action != "post_add" or reverse:
+    if action != POST_ADD:
        return
    if reverse:
        raise M2MReverseNotAllowed
    logger.info("System user groups update signal recv: {}".format(instance))
-    groups = model.objects.filter(pk__in=pk_set).annotate(users_count=Count("users"))
+
-    users = groups.filter(users_count__gt=0).values_list('users', flat=True)
+    users = User.objects.filter(groups__id__in=pk_set).distinct()
-    instance.users.add(*tuple(users))
+    instance.users.add(*users)
@receiver(m2m_changed, sender=Asset.nodes.through)
-def on_asset_nodes_change(sender, instance=None, action='', **kwargs):
+def on_asset_nodes_add(instance, action, reverse, pk_set, **kwargs):
    """
-    资产节点发生变化时，刷新节点
+    本操作共访问 4 次数据库
    """
    if action.startswith('post'):
        logger.debug("Asset nodes change signal recv: {}".format(instance))
        Node.refresh_assets()
        with tmp_to_root_org():
            Node.refresh_assets()
@receiver(m2m_changed, sender=Asset.nodes.through)
 def on_asset_nodes_add(sender, instance=None, action='', model=None, pk_set=None, **kwargs):
    """
    当资产的节点发生变化时，或者 当节点的资产关系发生变化时，
    节点下新增的资产，添加到节点关联的系统用户中
    """
-    if action != "post_add":
+    if action != POST_ADD:
        return
    logger.debug("Assets node add signal recv: {}".format(action))
-    if model == Node:
+    if reverse:
        nodes = model.objects.filter(pk__in=pk_set).values_list('key', flat=True)
        assets = [instance.id]
    else:
        nodes = [instance.key]
-        assets = model.objects.filter(pk__in=pk_set).values_list('id', flat=True)
+        asset_ids = pk_set
    else:
        nodes = Node.objects.filter(pk__in=pk_set).values_list('key', flat=True)
        asset_ids = [instance.id]
    # 节点资产发生变化时，将资产关联到节点及祖先节点关联的系统用户, 只关注新增的
    nodes_ancestors_keys = set()
    node_tree = TreeService.new()
    for node in nodes:
-        ancestors_keys = node_tree.ancestors_ids(nid=node)
+        nodes_ancestors_keys.update(Node.get_node_ancestor_keys(node, with_self=True))
        nodes_ancestors_keys.update(ancestors_keys)
    system_users = SystemUser.objects.filter(nodes__key__in=nodes_ancestors_keys)
-    system_users_assets = defaultdict(set)
+    # 查询所有祖先节点关联的系统用户，都是要跟资产建立关系的
-    for system_user in system_users:
+    system_user_ids = SystemUser.objects.filter(
-        system_users_assets[system_user].update(set(assets))
+        nodes__key__in=nodes_ancestors_keys
-    for system_user, _assets in system_users_assets.items():
+    ).distinct().values_list('id', flat=True)
-        system_user.assets.add(*tuple(_assets))
+
    # 查询所有已存在的关系
    m2m_model = SystemUser.assets.through
    exist = set(m2m_model.objects.filter(
        systemuser_id__in=system_user_ids, asset_id__in=asset_ids
    ).values_list('systemuser_id', 'asset_id'))
    # TODO 优化
    to_create = []
    for system_user_id in system_user_ids:
        asset_ids_to_push = []
        for asset_id in asset_ids:
            if (system_user_id, asset_id) in exist:
                continue
            asset_ids_to_push.append(asset_id)
            to_create.append(m2m_model(
                systemuser_id=system_user_id,
                asset_id=asset_id
            ))
        push_system_user_to_assets.delay(system_user_id, asset_ids_to_push)
    m2m_model.objects.bulk_create(to_create)
 def _update_node_assets_amount(node: Node, asset_pk_set: set, operator=add):
    """
    一个节点与多个资产关系变化时，更新计数
    :param node: 节点实例
    :param asset_pk_set: 资产的`id`集合, 内部不会修改该值
    :param operator: 操作
    * -> Node
    # -> Asset
           * [3]
          / \
         *   * [2]
        /     \
       *       * [1]
      /       / \
     *   [a] #  # [b]
    """
    # 获取节点[1]祖先节点的 `key` 含自己，也就是[1, 2, 3]节点的`key`
    ancestor_keys = node.get_ancestor_keys(with_self=True)
    ancestors = Node.objects.filter(key__in=ancestor_keys).order_by('-key')
    to_update = []
    for ancestor in ancestors:
        # 迭代祖先节点的`key`，顺序是 [1] -> [2] -> [3]
        # 查询该节点及其后代节点是否包含要操作的资产，将包含的从要操作的
        # 资产集合中去掉，他们是重复节点，无论增加或删除都不会影响节点的资产数量
        asset_pk_set -= set(Asset.objects.filter(
            id__in=asset_pk_set
        ).filter(
            Q(nodes__key__istartswith=f'{ancestor.key}:') |
            Q(nodes__key=ancestor.key)
        ).distinct().values_list('id', flat=True))
        if not asset_pk_set:
            # 要操作的资产集合为空，说明都是重复资产，不用改变节点资产数量
            # 而且既然它包含了，它的祖先节点肯定也包含了，所以祖先节点都不用
            # 处理了
            break
        ancestor.assets_amount = operator(F('assets_amount'), len(asset_pk_set))
        to_update.append(ancestor)
    Node.objects.bulk_update(to_update, fields=('assets_amount', 'parent_key'))
 def _remove_ancestor_keys(ancestor_key, tree_set):
    # 这里判断 `ancestor_key` 不能是空，防止数据错误导致的死循环
    # 判断是否在集合里，来区分是否已被处理过
    while ancestor_key and ancestor_key in tree_set:
        tree_set.remove(ancestor_key)
        ancestor_key = compute_parent_key(ancestor_key)
 def _update_nodes_asset_amount(node_keys, asset_pk, operator):
    """
    一个资产与多个节点关系变化时，更新计数
    :param node_keys: 节点 id 的集合
    :param asset_pk: 资产 id
    :param operator: 操作
    """
    # 所有相关节点的祖先节点，组成一棵局部树
    ancestor_keys = set()
    for key in node_keys:
        ancestor_keys.update(Node.get_node_ancestor_keys(key))
    # 相关节点可能是其他相关节点的祖先节点，如果是从相关节点里干掉
    node_keys -= ancestor_keys
    to_update_keys = []
    for key in node_keys:
        # 遍历相关节点，处理它及其祖先节点
        # 查询该节点是否包含待处理资产
        exists = is_asset_exists_in_node(asset_pk, key)
        parent_key = compute_parent_key(key)
        if exists:
            # 如果资产在该节点，那么他及其祖先节点都不用处理
            _remove_ancestor_keys(parent_key, ancestor_keys)
            continue
        else:
            # 不存在，要更新本节点
            to_update_keys.append(key)
            # 这里判断 `parent_key` 不能是空，防止数据错误导致的死循环
            # 判断是否在集合里，来区分是否已被处理过
            while parent_key and parent_key in ancestor_keys:
                exists = is_asset_exists_in_node(asset_pk, parent_key)
                if exists:
                    _remove_ancestor_keys(parent_key, ancestor_keys)
                    break
                else:
                    to_update_keys.append(parent_key)
                    ancestor_keys.remove(parent_key)
                    parent_key = compute_parent_key(parent_key)
    Node.objects.filter(key__in=to_update_keys).update(
        assets_amount=operator(F('assets_amount'), 1)
    )
@receiver(m2m_changed, sender=Asset.nodes.through)
-def on_asset_nodes_remove(sender, instance=None, action='', model=None,
+def update_nodes_assets_amount(action, instance, reverse, pk_set, **kwargs):
-                          pk_set=None, **kwargs):
+    # 不允许 `pre_clear` ，因为该信号没有 `pk_set`
    # [官网](https://docs.djangoproject.com/en/3.1/ref/signals/#m2m-changed)
    refused = (PRE_CLEAR,)
    if action in refused:
        raise ValueError
-    """
+    mapper = {
-    监控资产删除节点关系, 或节点删除资产，避免产生游离资产
+        PRE_ADD: add,
-    """
+        POST_REMOVE: sub
-    if action not in ["post_remove", "pre_clear", "post_clear"]:
+    }
    if action not in mapper:
        return
-    if action == "pre_clear":
+
-        if model == Node:
+    operator = mapper[action]
-            instance._nodes = list(instance.nodes.all())
+
-        else:
+    if reverse:
-            instance._assets = list(instance.assets.all())
+        node: Node = instance
-        return
+        asset_pk_set = set(pk_set)
-    logger.debug("Assets node remove signal recv: {}".format(action))
+        _update_node_assets_amount(node, asset_pk_set, operator)
    if action == "post_remove":
        queryset = model.objects.filter(pk__in=pk_set)
    else:
-        if model == Node:
+        asset_pk = instance.id
-            queryset = instance._nodes
+        # 与资产直接关联的节点
-        else:
+        node_keys = set(Node.objects.filter(id__in=pk_set).values_list('key', flat=True))
-            queryset = instance._assets
+        _update_nodes_asset_amount(node_keys, asset_pk, operator)
    if model == Node:
        assets = [instance]
    else:
        assets = queryset
    if isinstance(assets, list):
        assets_not_has_node = []
        for asset in assets:
            if asset.nodes.all().count() == 0:
                assets_not_has_node.append(asset.id)
    else:
        assets_not_has_node = assets.annotate(nodes_count=Count('nodes'))\
            .filter(nodes_count=0).values_list('id', flat=True)
    Node.org_root().assets.add(*tuple(assets_not_has_node))
-@receiver([post_save, post_delete], sender=Node)
+RELATED_NODE_IDS = '_related_node_ids'
-def on_node_update_or_created(sender, **kwargs):
+
-    # 刷新节点
+
-    Node.refresh_nodes()
+@receiver(pre_delete, sender=Asset)
-    with tmp_to_root_org():
+def on_asset_delete(instance: Asset, using, **kwargs):
-        Node.refresh_nodes()
+    node_ids = set(Node.objects.filter(
        assets=instance
    ).distinct().values_list('id', flat=True))
    setattr(instance, RELATED_NODE_IDS, node_ids)
    m2m_changed.send(
        sender=Asset.nodes.through, instance=instance, reverse=False,
        model=Node, pk_set=node_ids, using=using, action=PRE_REMOVE
    )
@receiver(post_delete, sender=Asset)
 def on_asset_post_delete(instance: Asset, using, **kwargs):
    node_ids = getattr(instance, RELATED_NODE_IDS, None)
    if node_ids:
        m2m_changed.send(
            sender=Asset.nodes.through, instance=instance, reverse=False,
            model=Node, pk_set=node_ids, using=using, action=POST_REMOVE
        )
--- a/apps/assets/tasks/init.py
+++ b/apps/assets/tasks/init.py
@@ -9,3 +9,4 @@ from .gather_asset_users import *
 from .gather_asset_hardware_info import *
 from .push_system_user import *
 from .system_user_connectivity import *
 from .nodes_amount import *
--- a/apps/assets/tasks/asset_user_connectivity.py
+++ b/apps/assets/tasks/asset_user_connectivity.py
@@ -85,7 +85,7 @@ def test_asset_user_connectivity_util(asset_user, task_name):
        raw, summary = test_user_connectivity(
            task_name=task_name, asset=asset_user.asset,
            username=asset_user.username, password=asset_user.password,
-            private_key=asset_user.private_key
+            private_key=asset_user.private_key_file
        )
    except Exception as e:
        logger.warn("Failed run adhoc {}, {}".format(task_name, e))
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`*.js linguist-language=python`
							`*.html linguist-language=python`
		`@@ -1,2 +0,0 @@`
			`from .remote_app import *`
			`from .database_app import *`