Merge pull request #5034 from jumpserver/dev

fix(perms): nodes-with-assets 接口添加刷新重构树
2025-12-19 10:32:49 +00:00 · 2020-11-18 11:53:12 +08:00 · 2020-11-18 11:47:50 +08:00 · 2020-11-18 11:29:53 +08:00 · 2020-11-18 11:23:39 +08:00 · 2020-11-17 19:46:36 +08:00
161 changed files with 3765 additions and 918 deletions
--- a/.github/ISSUE_TEMPLATE/----.md
+++ b/.github/ISSUE_TEMPLATE/----.md
@@ -2,8 +2,9 @@
 name: 需求建议
 about: 提出针对本项目的想法和建议
 title: "[Feature] "
-labels: 待处理, 需求
+labels: 类型:需求
-assignees: 'ibuler'
+assignees: ibuler
 ---
 **请描述您的需求或者改进建议.**
--- a/.github/ISSUE_TEMPLATE/bug---.md
+++ b/.github/ISSUE_TEMPLATE/bug---.md
@@ -2,7 +2,7 @@
 name: Bug 提交
 about: 提交产品缺陷帮助我们更好的改进
 title: "[Bug] "
-labels: bug, 待处理
+labels: 类型:bug
 assignees: wojiushixiaobai
 ---
--- a/.github/ISSUE_TEMPLATE/question.md
+++ b/.github/ISSUE_TEMPLATE/question.md
@@ -2,7 +2,7 @@
 name: 问题咨询
 about: 提出针对本项目安装部署、使用及其他方面的相关问题
 title: "[Question] "
-labels: 提问, 待处理
+labels: 类型:提问
 assignees: wojiushixiaobai
 ---
--- a/README.md
+++ b/README.md
@@ -25,7 +25,8 @@ JumpServer 采纳分布式架构，支持多机房跨区域部署，支持横向
 - 无插件: 仅需浏览器，极致的 Web Terminal 使用体验；
 - 多云支持: 一套系统，同时管理不同云上面的资产；
 - 云端存储: 审计录像云端存储，永不丢失；
- 多租户: 一套系统，多个子公司和部门同时使用。
+- 多租户: 一套系统，多个子公司和部门同时使用；
 - 多应用支持: 数据库，Windows远程应用，Kubernetes。
 ## 版本说明
@@ -198,13 +199,61 @@ v2.1.0 是 v2.0.0 之后的功能版本。
    <td>文件传输</td>
    <td>可对文件的上传、下载记录进行审计</td>
  </tr>
  <tr>
    <td rowspan="20">数据库审计<br>Database</td>
    <td rowspan="2">连接方式</td>
    <td>命令方式</td>
  </tr>
  <tr>
    <td>Web UI方式 (X-PACK)</td>
  </tr>
  <tr>
    <td rowspan="4">支持的数据库</td>
    <td>MySQL</td>
  </tr>
  <tr>
    <td>Oracle (X-PACK)</td>
  </tr>
  <tr>
    <td>MariaDB (X-PACK)</td>
  </tr>
  <tr>
    <td>PostgreSQL (X-PACK)</td>
  </tr>
  <tr>
    <td rowspan="6">功能亮点</td>
    <td>语法高亮</td>
  </tr>
  <tr>
    <td>SQL格式化</td>
  </tr>
  <tr>
    <td>支持快捷键</td>
  </tr>
  <tr>
    <td>支持选中执行</td>
  </tr>
  <tr>
    <td>SQL历史查询</td>
  </tr>
  <tr>
    <td>支持页面创建 DB, TABLE</td>
  </tr>
  <tr>
    <td rowspan="2">会话审计</td>
    <td>命令记录</td>
  </tr>
  <tr>
    <td>录像回放</td>
  </tr>
 </table>
 ## 快速开始
 - [极速安装](https://docs.jumpserver.org/zh/master/install/setup_by_fast/)
 - [完整文档](https://docs.jumpserver.org)
- [演示视频](https://jumpserver.oss-cn-hangzhou.aliyuncs.com/jms-media/%E3%80%90%E6%BC%94%E7%A4%BA%E8%A7%86%E9%A2%91%E3%80%91Jumpserver%20%E5%A0%A1%E5%9E%92%E6%9C%BA%20V1.5.0%20%E6%BC%94%E7%A4%BA%E8%A7%86%E9%A2%91%20-%20final.mp4)
+- [演示视频](https://www.bilibili.com/video/BV1ZV41127GB)
 ## 组件项目
 - [Lina](https://github.com/jumpserver/lina) JumpServer Web UI 项目
@@ -212,6 +261,11 @@ v2.1.0 是 v2.0.0 之后的功能版本。
 - [Koko](https://github.com/jumpserver/koko) JumpServer 字符协议 Connector 项目，替代原来 Python 版本的 [Coco](https://github.com/jumpserver/coco)
 - [Guacamole](https://github.com/jumpserver/docker-guacamole) JumpServer 图形协议 Connector 项目，依赖 [Apache Guacamole](https://guacamole.apache.org/)
 ## 致谢
 - [Apache Guacamole](https://guacamole.apache.org/) Web页面连接 RDP, SSH, VNC协议设备，JumpServer 图形化连接依赖
 - [OmniDB](https://omnidb.org/) Web页面连接使用数据库，JumpServer Web数据库依赖
 ## JumpServer 企业版 
 - [申请企业版试用](https://jinshuju.net/f/kyOYpi)
 > 注：企业版支持离线安装，申请通过后会提供高速下载链接。
--- a/apps/.gitattributes
+++ b/apps/.gitattributes
@@ -0,0 +1,2 @@
 *.js linguist-language=python
 *.html linguist-language=python
--- a/apps/applications/api/init.py
+++ b/apps/applications/api/init.py
@@ -1,3 +1,5 @@
 from .application import *
 from .mixin import *
 from .remote_app import *
 from .database_app import *
 from .k8s_app import *
--- a/apps/applications/api/application.py
+++ b/apps/applications/api/application.py
@@ -0,0 +1,20 @@
 # coding: utf-8
 #
 from orgs.mixins.api import OrgBulkModelViewSet
 from .mixin import ApplicationAttrsSerializerViewMixin
 from ..hands import IsOrgAdminOrAppUser
 from .. import models, serializers
 __all__ = [
    'ApplicationViewSet',
 ]
 class ApplicationViewSet(ApplicationAttrsSerializerViewMixin, OrgBulkModelViewSet):
    model = models.Application
    filter_fields = ('name', 'type', 'category')
    search_fields = filter_fields
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.ApplicationSerializer
--- a/apps/applications/api/mixin.py
+++ b/apps/applications/api/mixin.py
@@ -0,0 +1,95 @@
 from common.exceptions import JMSException
 from .. import models
 class ApplicationAttrsSerializerViewMixin:
    def get_serializer_class(self):
        serializer_class = super().get_serializer_class()
        app_type = self.request.query_params.get('type')
        app_category = self.request.query_params.get('category')
        type_options = list(dict(models.Category.get_all_type_serializer_mapper()).keys())
        category_options = list(dict(models.Category.get_category_serializer_mapper()).keys())
        # ListAPIView 没有 action 属性
        # 不使用method属性，因为options请求时为method为post
        action = getattr(self, 'action', 'list')
        if app_type and app_type not in type_options:
            raise JMSException(
                'Invalid query parameter `type`, select from the following options: {}'
                ''.format(type_options)
            )
        if app_category and app_category not in category_options:
            raise JMSException(
                'Invalid query parameter `category`, select from the following options: {}'
                ''.format(category_options)
            )
        if action in [
            'create', 'update', 'partial_update', 'bulk_update', 'partial_bulk_update'
        ] and not app_type:
            # action: create / update
            raise JMSException(
                'The `{}` action must take the `type` query parameter'.format(action)
            )
        if app_type:
            # action: create / update / list / retrieve / metadata
            attrs_cls = models.Category.get_type_serializer_cls(app_type)
        elif app_category:
            # action: list / retrieve / metadata
            attrs_cls = models.Category.get_category_serializer_cls(app_category)
        else:
            attrs_cls = models.Category.get_no_password_serializer_cls()
        return type('ApplicationDynamicSerializer', (serializer_class,), {'attrs': attrs_cls()})
 class SerializeApplicationToTreeNodeMixin:
    @staticmethod
    def _serialize_db(db):
        return {
            'id': db.id,
            'name': db.name,
            'title': db.name,
            'pId': '',
            'open': False,
            'iconSkin': 'database',
            'meta': {'type': 'database_app'}
        }
    @staticmethod
    def _serialize_remote_app(remote_app):
        return {
            'id': remote_app.id,
            'name': remote_app.name,
            'title': remote_app.name,
            'pId': '',
            'open': False,
            'isParent': False,
            'iconSkin': 'chrome',
            'meta': {'type': 'remote_app'}
        }
    @staticmethod
    def _serialize_cloud(cloud):
        return {
            'id': cloud.id,
            'name': cloud.name,
            'title': cloud.name,
            'pId': '',
            'open': False,
            'isParent': False,
            'iconSkin': 'k8s',
            'meta': {'type': 'k8s_app'}
        }
    def _serialize(self, application):
        method_name = f'_serialize_{application.category}'
        data = getattr(self, method_name)(application)
        return data
    def serialize_applications(self, applications):
        data = [self._serialize(application) for application in applications]
        return data
--- a/apps/applications/api/remote_app.py
+++ b/apps/applications/api/remote_app.py
@@ -3,8 +3,9 @@
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
 from common.exceptions import JMSException
 from ..hands import IsOrgAdmin, IsAppUser
-from ..models import RemoteApp
+from .. import models
 from ..serializers import RemoteAppSerializer, RemoteAppConnectionInfoSerializer
@@ -14,7 +15,7 @@ __all__ = [
 class RemoteAppViewSet(OrgBulkModelViewSet):
-    model = RemoteApp
+    model = models.RemoteApp
    filter_fields = ('name', 'type', 'comment')
    search_fields = filter_fields
    permission_classes = (IsOrgAdmin,)
@@ -22,6 +23,18 @@ class RemoteAppViewSet(OrgBulkModelViewSet):
 class RemoteAppConnectionInfoApi(generics.RetrieveAPIView):
-    model = RemoteApp
+    model = models.Application
    permission_classes = (IsAppUser, )
    serializer_class = RemoteAppConnectionInfoSerializer
    @staticmethod
    def check_category_allowed(obj):
        if not obj.category_is_remote_app:
            raise JMSException(
                'The request instance(`{}`) is not of category `remote_app`'.format(obj.category)
            )
    def get_object(self):
        obj = super().get_object()
        self.check_category_allowed(obj)
        return obj
--- a/apps/applications/migrations/0006_application.py
+++ b/apps/applications/migrations/0006_application.py
@@ -0,0 +1,140 @@
 # Generated by Django 2.2.13 on 2020-10-19 12:01
 from django.db import migrations, models
 import django.db.models.deletion
 import django_mysql.models
 import uuid
 CATEGORY_DB_LIST = ['mysql', 'oracle', 'postgresql', 'mariadb']
 CATEGORY_REMOTE_LIST = ['chrome', 'mysql_workbench', 'vmware_client', 'custom']
 CATEGORY_CLOUD_LIST = ['k8s']
 CATEGORY_DB = 'db'
 CATEGORY_REMOTE = 'remote_app'
 CATEGORY_CLOUD = 'cloud'
 CATEGORY_LIST = [CATEGORY_DB, CATEGORY_REMOTE, CATEGORY_CLOUD]
 def get_application_category(old_app):
    _type = old_app.type
    if _type in CATEGORY_DB_LIST:
        category = CATEGORY_DB
    elif _type in CATEGORY_REMOTE_LIST:
        category = CATEGORY_REMOTE
    elif _type in CATEGORY_CLOUD_LIST:
        category = CATEGORY_CLOUD
    else:
        category = None
    return category
 def common_to_application_json(old_app):
    category = get_application_category(old_app)
    date_updated = old_app.date_updated if hasattr(old_app, 'date_updated') else old_app.date_created
    return {
        'id': old_app.id,
        'name': old_app.name,
        'type': old_app.type,
        'category': category,
        'comment': old_app.comment,
        'created_by': old_app.created_by,
        'date_created': old_app.date_created,
        'date_updated': date_updated,
        'org_id': old_app.org_id
    }
 def db_to_application_json(database):
    app_json = common_to_application_json(database)
    app_json.update({
        'attrs': {
            'host': database.host,
            'port': database.port,
            'database': database.database
        }
    })
    return app_json
 def remote_to_application_json(remote):
    app_json = common_to_application_json(remote)
    attrs = {
        'asset': str(remote.asset.id),
        'path': remote.path,
    }
    attrs.update(remote.params)
    app_json.update({
        'attrs': attrs
    })
    return app_json
 def k8s_to_application_json(k8s):
    app_json = common_to_application_json(k8s)
    app_json.update({
        'attrs': {
            'cluster': k8s.cluster
        }
    })
    return app_json
 def migrate_and_integrate_applications(apps, schema_editor):
    db_alias = schema_editor.connection.alias
    database_app_model = apps.get_model("applications", "DatabaseApp")
    remote_app_model = apps.get_model("applications", "RemoteApp")
    k8s_app_model = apps.get_model("applications", "K8sApp")
    database_apps = database_app_model.objects.using(db_alias).all()
    remote_apps = remote_app_model.objects.using(db_alias).all()
    k8s_apps = k8s_app_model.objects.using(db_alias).all()
    database_applications = [db_to_application_json(db_app) for db_app in database_apps]
    remote_applications = [remote_to_application_json(remote_app) for remote_app in remote_apps]
    k8s_applications = [k8s_to_application_json(k8s_app) for k8s_app in k8s_apps]
    applications_json = database_applications + remote_applications + k8s_applications
    application_model = apps.get_model("applications", "Application")
    applications = [
        application_model(**application_json)
        for application_json in applications_json
        if application_json['category'] in CATEGORY_LIST
    ]
    for application in applications:
        if application_model.objects.using(db_alias).filter(name=application.name).exists():
            application.name = '{}-{}'.format(application.name, application.type)
        application.save()
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0057_fill_node_value_assets_amount_and_parent_key'),
        ('applications', '0005_k8sapp'),
    ]
    operations = [
        migrations.CreateModel(
            name='Application',
            fields=[
                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
                ('name', models.CharField(max_length=128, verbose_name='Name')),
                ('category', models.CharField(choices=[('db', 'Database'), ('remote_app', 'Remote app'), ('cloud', 'Cloud')], max_length=16, verbose_name='Category')),
                ('type', models.CharField(choices=[('mysql', 'MySQL'), ('oracle', 'Oracle'), ('postgresql', 'PostgreSQL'), ('mariadb', 'MariaDB'), ('chrome', 'Chrome'), ('mysql_workbench', 'MySQL Workbench'), ('vmware_client', 'vSphere Client'), ('custom', 'Custom'), ('k8s', 'Kubernetes')], max_length=16, verbose_name='Type')),
                ('attrs', django_mysql.models.JSONField(default=dict)),
                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
                ('domain', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='applications', to='assets.Domain', verbose_name='Domain')),
            ],
            options={
                'ordering': ('name',),
                'unique_together': {('org_id', 'name')},
            },
        ),
        migrations.RunPython(migrate_and_integrate_applications),
    ]
--- a/apps/applications/models/init.py
+++ b/apps/applications/models/init.py
@@ -1,3 +1,4 @@
 from .application import *
 from .remote_app import *
 from .database_app import *
 from .k8s_app import *
--- a/apps/applications/models/application.py
+++ b/apps/applications/models/application.py
@@ -0,0 +1,141 @@
 from itertools import chain
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from django_mysql.models import JSONField, QuerySet
 from orgs.mixins.models import OrgModelMixin
 from common.mixins import CommonModelMixin
 from common.db.models import ChoiceSet
 class DBType(ChoiceSet):
    mysql = 'mysql', 'MySQL'
    oracle = 'oracle', 'Oracle'
    pgsql = 'postgresql', 'PostgreSQL'
    mariadb = 'mariadb', 'MariaDB'
    @classmethod
    def get_type_serializer_cls_mapper(cls):
        from ..serializers import database_app
        mapper = {
            cls.mysql: database_app.MySQLAttrsSerializer,
            cls.oracle: database_app.OracleAttrsSerializer,
            cls.pgsql: database_app.PostgreAttrsSerializer,
            cls.mariadb: database_app.MariaDBAttrsSerializer,
        }
        return mapper
 class RemoteAppType(ChoiceSet):
    chrome = 'chrome', 'Chrome'
    mysql_workbench = 'mysql_workbench', 'MySQL Workbench'
    vmware_client = 'vmware_client',  'vSphere Client'
    custom = 'custom', _('Custom')
    @classmethod
    def get_type_serializer_cls_mapper(cls):
        from ..serializers import remote_app
        mapper = {
            cls.chrome: remote_app.ChromeAttrsSerializer,
            cls.mysql_workbench: remote_app.MySQLWorkbenchAttrsSerializer,
            cls.vmware_client: remote_app.VMwareClientAttrsSerializer,
            cls.custom: remote_app.CustomRemoteAppAttrsSeralizers,
        }
        return mapper
 class CloudType(ChoiceSet):
    k8s = 'k8s', 'Kubernetes'
    @classmethod
    def get_type_serializer_cls_mapper(cls):
        from ..serializers import k8s_app
        mapper = {
            cls.k8s: k8s_app.K8sAttrsSerializer,
        }
        return mapper
 class Category(ChoiceSet):
    db = 'db', _('Database')
    remote_app = 'remote_app', _('Remote app')
    cloud = 'cloud', 'Cloud'
    @classmethod
    def get_category_type_mapper(cls):
        return {
            cls.db: DBType,
            cls.remote_app: RemoteAppType,
            cls.cloud: CloudType
        }
    @classmethod
    def get_category_type_choices_mapper(cls):
        return {
            name: tp.choices
            for name, tp in cls.get_category_type_mapper().items()
        }
    @classmethod
    def get_type_choices(cls, category):
        return cls.get_category_type_choices_mapper().get(category, [])
    @classmethod
    def get_all_type_choices(cls):
        all_grouped_choices = tuple(cls.get_category_type_choices_mapper().values())
        return tuple(chain(*all_grouped_choices))
    @classmethod
    def get_all_type_serializer_mapper(cls):
        mapper = {}
        for tp in cls.get_category_type_mapper().values():
            mapper.update(tp.get_type_serializer_cls_mapper())
        return mapper
    @classmethod
    def get_type_serializer_cls(cls, tp):
        mapper = cls.get_all_type_serializer_mapper()
        return mapper.get(tp, None)
    @classmethod
    def get_category_serializer_mapper(cls):
        from ..serializers import remote_app, database_app, k8s_app
        return {
            cls.db: database_app.DBAttrsSerializer,
            cls.remote_app: remote_app.RemoteAppAttrsSerializer,
            cls.cloud: k8s_app.CloudAttrsSerializer,
        }
    @classmethod
    def get_category_serializer_cls(cls, cg):
        mapper = cls.get_category_serializer_mapper()
        return mapper.get(cg, None)
    @classmethod
    def get_no_password_serializer_cls(cls):
        from ..serializers import common
        return common.NoPasswordSerializer
 class Application(CommonModelMixin, OrgModelMixin):
    name = models.CharField(max_length=128, verbose_name=_('Name'))
    domain = models.ForeignKey('assets.Domain', null=True, blank=True, related_name='applications', verbose_name=_("Domain"), on_delete=models.SET_NULL)
    category = models.CharField(max_length=16, choices=Category.choices, verbose_name=_('Category'))
    type = models.CharField(max_length=16, choices=Category.get_all_type_choices(), verbose_name=_('Type'))
    attrs = JSONField()
    comment = models.TextField(
        max_length=128, default='', blank=True, verbose_name=_('Comment')
    )
    class Meta:
        unique_together = [('org_id', 'name')]
        ordering = ('name',)
    def __str__(self):
        category_display = self.get_category_display()
        type_display = self.get_type_display()
        return f'{self.name}({type_display})[{category_display}]'
    def category_is_remote_app(self):
        return self.category == Category.remote_app
--- a/apps/applications/serializers/init.py
+++ b/apps/applications/serializers/init.py
@@ -1,3 +1,5 @@
 from .application import *
 from .remote_app import *
 from .database_app import *
 from .k8s_app import *
 from .common import *
--- a/apps/applications/serializers/application.py
+++ b/apps/applications/serializers/application.py
@@ -0,0 +1,44 @@
 # coding: utf-8
 #
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from .. import models
 __all__ = [
    'ApplicationSerializer',
 ]
 class ApplicationSerializer(BulkOrgResourceModelSerializer):
    category_display = serializers.ReadOnlyField(source='get_category_display', label=_('Category'))
    type_display = serializers.ReadOnlyField(source='get_type_display', label=_('Type'))
    class Meta:
        model = models.Application
        fields = [
            'id', 'name', 'category', 'category_display', 'type', 'type_display', 'attrs',
            'domain', 'created_by', 'date_created', 'date_updated', 'comment'
        ]
        read_only_fields = [
            'created_by', 'date_created', 'date_updated', 'get_type_display',
        ]
    def create(self, validated_data):
        attrs = validated_data.pop('attrs', {})
        instance = super().create(validated_data)
        instance.attrs = attrs
        instance.save()
        return instance
    def update(self, instance, validated_data):
        new_attrs = validated_data.pop('attrs', {})
        instance = super().update(instance, validated_data)
        attrs = instance.attrs
        attrs.update(new_attrs)
        instance.attrs = attrs
        instance.save()
        return instance
--- a/apps/applications/serializers/common.py
+++ b/apps/applications/serializers/common.py
@@ -0,0 +1,11 @@
 from rest_framework import serializers
 class NoPasswordSerializer(serializers.JSONField):
    def to_representation(self, value):
        new_value = {}
        for k, v in value.items():
            if 'password' not in k:
                new_value[k] = v
        return new_value
--- a/apps/applications/serializers/database_app.py
+++ b/apps/applications/serializers/database_app.py
@@ -1,14 +1,36 @@
 # coding: utf-8
 #
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from common.serializers import AdaptedBulkListSerializer
 from .. import models
-__all__ = [
+
-    'DatabaseAppSerializer',
+class DBAttrsSerializer(serializers.Serializer):
-]
+    host = serializers.CharField(max_length=128, label=_('Host'))
    port = serializers.IntegerField(label=_('Port'))
    database = serializers.CharField(
        max_length=128, required=False, allow_blank=True, allow_null=True, label=_('Database')
    )
 class MySQLAttrsSerializer(DBAttrsSerializer):
    port = serializers.IntegerField(default=3306, label=_('Port'))
 class PostgreAttrsSerializer(DBAttrsSerializer):
    port = serializers.IntegerField(default=5432, label=_('Port'))
 class OracleAttrsSerializer(DBAttrsSerializer):
    port = serializers.IntegerField(default=1521, label=_('Port'))
 class MariaDBAttrsSerializer(MySQLAttrsSerializer):
    pass
 class DatabaseAppSerializer(BulkOrgResourceModelSerializer):
@@ -24,3 +46,6 @@ class DatabaseAppSerializer(BulkOrgResourceModelSerializer):
            'created_by', 'date_created', 'date_updated'
            'get_type_display',
        ]
        extra_kwargs = {
            'get_type_display': {'label': _('Type for display')},
        }
--- a/apps/applications/serializers/k8s_app.py
+++ b/apps/applications/serializers/k8s_app.py
@@ -1,15 +1,20 @@
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from .. import models
-__all__ = [
+
-    'K8sAppSerializer',
+class CloudAttrsSerializer(serializers.Serializer):
-]
+    cluster = serializers.CharField(max_length=1024, label=_('Cluster'))
 class K8sAttrsSerializer(CloudAttrsSerializer):
    pass
 class K8sAppSerializer(BulkOrgResourceModelSerializer):
-    type_display = serializers.CharField(source='get_type_display', read_only=True)
+    type_display = serializers.CharField(source='get_type_display', read_only=True, label=_('Type for display'))
    class Meta:
        model = models.K8sApp
--- a/apps/applications/serializers/remote_app.py
+++ b/apps/applications/serializers/remote_app.py
@@ -2,21 +2,138 @@
 #
 import copy
 from django.utils.translation import ugettext_lazy as _
 from django.core.exceptions import ObjectDoesNotExist
 from rest_framework import serializers
 from common.serializers import AdaptedBulkListSerializer
 from common.fields.serializer import CustomMetaDictField
 from common.utils import get_logger
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from assets.models import Asset
 from .. import const
-from ..models import RemoteApp
+from ..models import RemoteApp, Category, Application
 logger = get_logger(__file__)
-__all__ = [
+class CharPrimaryKeyRelatedField(serializers.PrimaryKeyRelatedField):
-    'RemoteAppSerializer', 'RemoteAppConnectionInfoSerializer',
+
-]
+    def to_internal_value(self, data):
        instance = super().to_internal_value(data)
        return str(instance.id)
    def to_representation(self, value):
        # value is instance.id
        if self.pk_field is not None:
            return self.pk_field.to_representation(value)
        return value
 class RemoteAppAttrsSerializer(serializers.Serializer):
    asset_info = serializers.SerializerMethodField()
    asset = CharPrimaryKeyRelatedField(queryset=Asset.objects, required=False, label=_("Asset"))
    path = serializers.CharField(max_length=128, label=_('Application path'))
    @staticmethod
    def get_asset_info(obj):
        asset_info = {}
        asset_id = obj.get('asset')
        if not asset_id:
            return asset_info
        try:
            asset = Asset.objects.get(id=asset_id)
            asset_info.update({
                'id': str(asset.id),
                'hostname': asset.hostname
            })
        except ObjectDoesNotExist as e:
            logger.error(e)
        return asset_info
 class ChromeAttrsSerializer(RemoteAppAttrsSerializer):
    REMOTE_APP_PATH = 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'
    path = serializers.CharField(max_length=128, label=_('Application path'), default=REMOTE_APP_PATH)
    chrome_target = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Target URL'))
    chrome_username = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Username'))
    chrome_password = serializers.CharField(max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'))
 class MySQLWorkbenchAttrsSerializer(RemoteAppAttrsSerializer):
    REMOTE_APP_PATH = 'C:\Program Files\MySQL\MySQL Workbench 8.0 CE\MySQLWorkbench.exe'
    path = serializers.CharField(max_length=128, label=_('Application path'), default=REMOTE_APP_PATH)
    mysql_workbench_ip = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('IP'))
    mysql_workbench_port = serializers.IntegerField(required=False, label=_('Port'))
    mysql_workbench_name = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Database'))
    mysql_workbench_username = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Username'))
    mysql_workbench_password = serializers.CharField(max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'))
 class VMwareClientAttrsSerializer(RemoteAppAttrsSerializer):
    REMOTE_APP_PATH = 'C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe'
    path = serializers.CharField(max_length=128, label=_('Application path'), default=REMOTE_APP_PATH)
    vmware_target = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Target URL'))
    vmware_username = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Username'))
    vmware_password = serializers.CharField(max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'))
 class CustomRemoteAppAttrsSeralizers(RemoteAppAttrsSerializer):
    custom_cmdline = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Operating parameter'))
    custom_target = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Target url'))
    custom_username = serializers.CharField(max_length=128, allow_blank=True, required=False, label=_('Username'))
    custom_password = serializers.CharField(max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'))
 class RemoteAppConnectionInfoSerializer(serializers.ModelSerializer):
    parameter_remote_app = serializers.SerializerMethodField()
    asset = serializers.SerializerMethodField()
    class Meta:
        model = Application
        fields = [
            'id', 'name', 'asset', 'parameter_remote_app',
        ]
        read_only_fields = ['parameter_remote_app']
    @staticmethod
    def get_parameters(obj):
        """
        返回Guacamole需要的RemoteApp配置参数信息中的parameters参数
        """
        serializer_cls = Category.get_type_serializer_cls(obj.type)
        fields = serializer_cls().get_fields()
        fields.pop('asset', None)
        fields_name = list(fields.keys())
        attrs = obj.attrs
        _parameters = list()
        _parameters.append(obj.type)
        for field_name in list(fields_name):
            value = attrs.get(field_name, None)
            if not value:
                continue
            if field_name == 'path':
                value = '\"%s\"' % value
            _parameters.append(str(value))
        _parameters = ' '.join(_parameters)
        return _parameters
    def get_parameter_remote_app(self, obj):
        parameters = self.get_parameters(obj)
        parameter = {
            'program': const.REMOTE_APP_BOOT_PROGRAM_NAME,
            'working_directory': '',
            'parameters': parameters,
        }
        return parameter
    @staticmethod
    def get_asset(obj):
        return obj.attrs.get('asset')
 # TODO: DELETE
 class RemoteAppParamsDictField(CustomMetaDictField):
    type_fields_map = const.REMOTE_APP_TYPE_FIELDS_MAP
    default_type = const.REMOTE_APP_TYPE_CHROME
@@ -24,8 +141,9 @@ class RemoteAppParamsDictField(CustomMetaDictField):
    convert_key_to_upper = False
 # TODO: DELETE
 class RemoteAppSerializer(BulkOrgResourceModelSerializer):
-    params = RemoteAppParamsDictField()
+    params = RemoteAppParamsDictField(label=_('Parameters'))
    type_fields_map = const.REMOTE_APP_TYPE_FIELDS_MAP
    class Meta:
@@ -39,6 +157,10 @@ class RemoteAppSerializer(BulkOrgResourceModelSerializer):
            'created_by', 'date_created', 'asset_info',
            'get_type_display'
        ]
        extra_kwargs = {
            'asset_info': {'label': _('Asset info')},
            'get_type_display': {'label': _('Type for display')},
        }
    def process_params(self, instance, validated_data):
        new_params = copy.deepcopy(validated_data.get('params', {}))
@@ -66,21 +188,3 @@ class RemoteAppSerializer(BulkOrgResourceModelSerializer):
        return super().update(instance, validated_data)
 class RemoteAppConnectionInfoSerializer(serializers.ModelSerializer):
    parameter_remote_app = serializers.SerializerMethodField()
    class Meta:
        model = RemoteApp
        fields = [
            'id', 'name', 'asset', 'parameter_remote_app',
        ]
        read_only_fields = ['parameter_remote_app']
    @staticmethod
    def get_parameter_remote_app(obj):
        parameter = {
            'program': const.REMOTE_APP_BOOT_PROGRAM_NAME,
            'working_directory': '',
            'parameters': obj.parameters,
        }
        return parameter
--- a/apps/applications/urls/api_urls.py
+++ b/apps/applications/urls/api_urls.py
@@ -10,6 +10,7 @@ from .. import api
 app_name = 'applications'
 router = BulkRouter()
 router.register(r'applications', api.ApplicationViewSet, 'application')
 router.register(r'remote-apps', api.RemoteAppViewSet, 'remote-app')
 router.register(r'database-apps', api.DatabaseAppViewSet, 'database-app')
 router.register(r'k8s-apps', api.K8sAppViewSet, 'k8s-app')
--- a/apps/assets/api/admin_user.py
+++ b/apps/assets/api/admin_user.py
@@ -94,7 +94,6 @@ class AdminUserAssetsListView(generics.ListAPIView):
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.AssetSimpleSerializer
    filter_fields = ("hostname", "ip")
    http_method_names = ['get']
    search_fields = filter_fields
    def get_object(self):
--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@@ -32,7 +32,7 @@ class AssetViewSet(FilterAssetByNodeMixin, OrgBulkModelViewSet):
    model = Asset
    filter_fields = (
        "hostname", "ip", "systemuser__id", "admin_user__id", "platform__base",
-        "is_active", 'ip'
+        "is_active"
    )
    search_fields = ("hostname", "ip")
    ordering_fields = ("hostname", "ip", "port", "cpu_cores")
--- a/apps/assets/api/domain.py
+++ b/apps/assets/api/domain.py
@@ -1,7 +1,9 @@
 # ~*~ coding: utf-8 ~*~
 from rest_framework.views import APIView, Response
 from django.views.generic.detail import SingleObjectMixin
 from django.utils.translation import ugettext as _
 from rest_framework.views import APIView, Response
 from rest_framework.serializers import ValidationError
 from common.utils import get_logger
 from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
@@ -42,6 +44,10 @@ class GatewayTestConnectionApi(SingleObjectMixin, APIView):
    def post(self, request, *args, **kwargs):
        self.object = self.get_object(Gateway.objects.all())
        local_port = self.request.data.get('port') or self.object.port
        try:
            local_port = int(local_port)
        except ValueError:
            raise ValidationError({'port': _('Number required')})
        ok, e = self.object.test_connective(local_port=local_port)
        if ok:
            return Response("ok")
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -19,7 +19,7 @@ from ..tasks import (
 logger = get_logger(__file__)
 __all__ = [
    'SystemUserViewSet', 'SystemUserAuthInfoApi', 'SystemUserAssetAuthInfoApi',
-    'SystemUserCommandFilterRuleListApi', 'SystemUserTaskApi',
+    'SystemUserCommandFilterRuleListApi', 'SystemUserTaskApi', 'SystemUserAssetsListView',
 ]
@@ -125,3 +125,18 @@ class SystemUserCommandFilterRuleListApi(generics.ListAPIView):
        pk = self.kwargs.get('pk', None)
        system_user = get_object_or_404(SystemUser, pk=pk)
        return system_user.cmd_filter_rules
 class SystemUserAssetsListView(generics.ListAPIView):
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.AssetSimpleSerializer
    filter_fields = ("hostname", "ip")
    search_fields = filter_fields
    def get_object(self):
        pk = self.kwargs.get('pk')
        return get_object_or_404(SystemUser, pk=pk)
    def get_queryset(self):
        system_user = self.get_object()
        return system_user.get_all_assets()
--- a/apps/assets/api/system_user_relation.py
+++ b/apps/assets/api/system_user_relation.py
@@ -95,7 +95,7 @@ class SystemUserNodeRelationViewSet(BaseRelationViewSet):
        'id', 'node', 'systemuser',
    ]
    search_fields = [
-        "node__value", "systemuser__name", "systemuser_username"
+        "node__value", "systemuser__name", "systemuser__username"
    ]
    def get_objects_attr(self):
--- a/apps/assets/migrations/0058_auto_20201023_1115.py
+++ b/apps/assets/migrations/0058_auto_20201023_1115.py
@@ -0,0 +1,27 @@
 # Generated by Django 2.2.13 on 2020-10-23 03:15
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0057_fill_node_value_assets_amount_and_parent_key'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='asset',
            options={'ordering': ['-date_created'], 'verbose_name': 'Asset'},
        ),
        migrations.AlterField(
            model_name='asset',
            name='comment',
            field=models.TextField(blank=True, default='', verbose_name='Comment'),
        ),
        migrations.AlterField(
            model_name='commandfilterrule',
            name='content',
            field=models.TextField(help_text='One line one command', verbose_name='Content'),
        ),
    ]
--- a/apps/assets/migrations/0059_auto_20201027_1905.py
+++ b/apps/assets/migrations/0059_auto_20201027_1905.py
@@ -0,0 +1,28 @@
 # Generated by Django 2.2.13 on 2020-10-27 11:05
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0058_auto_20201023_1115'),
    ]
    operations = [
        migrations.AlterField(
            model_name='systemuser',
            name='protocol',
            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet'), ('vnc', 'vnc'), ('mysql', 'mysql'), ('oracle', 'oracle'), ('mariadb', 'mariadb'), ('postgresql', 'postgresql'), ('k8s', 'k8s')], default='ssh', max_length=16, verbose_name='Protocol'),
        ),
        migrations.AddField(
            model_name='systemuser',
            name='ad_domain',
            field=models.CharField(default='', max_length=256),
        ),
        migrations.AlterField(
            model_name='gateway',
            name='ip',
            field=models.CharField(db_index=True, max_length=128, verbose_name='IP'),
        ),
    ]
--- a/apps/assets/migrations/0060_node_full_value.py
+++ b/apps/assets/migrations/0060_node_full_value.py
@@ -0,0 +1,58 @@
 # Generated by Django 2.2.13 on 2020-10-26 11:31
 from django.db import migrations, models
 def get_node_ancestor_keys(key, with_self=False):
    parent_keys = []
    key_list = key.split(":")
    if not with_self:
        key_list.pop()
    for i in range(len(key_list)):
        parent_keys.append(":".join(key_list))
        key_list.pop()
    return parent_keys
 def migrate_nodes_value_with_slash(apps, schema_editor):
    model = apps.get_model("assets", "Node")
    db_alias = schema_editor.connection.alias
    nodes = model.objects.using(db_alias).filter(value__contains='/')
    print('')
    print("- Start migrate node value if has /")
    for i, node in enumerate(list(nodes)):
        new_value = node.value.replace('/', '|')
        print("{} start migrate node value: {} => {}".format(i, node.value, new_value))
        node.value = new_value
        node.save()
 def migrate_nodes_full_value(apps, schema_editor):
    model = apps.get_model("assets", "Node")
    db_alias = schema_editor.connection.alias
    nodes = model.objects.using(db_alias).all()
    print("- Start migrate node full value")
    for i, node in enumerate(list(nodes)):
        print("{} start migrate {} node full value".format(i, node.value))
        ancestor_keys = get_node_ancestor_keys(node.key, True)
        values = model.objects.filter(key__in=ancestor_keys).values_list('key', 'value')
        values = [v for k, v in sorted(values, key=lambda x: len(x[0]))]
        node.full_value = '/' + '/'.join(values)
        node.save()
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0059_auto_20201027_1905'),
    ]
    operations = [
        migrations.AddField(
            model_name='node',
            name='full_value',
            field=models.CharField(default='', max_length=4096, verbose_name='Full value'),
        ),
        migrations.RunPython(migrate_nodes_value_with_slash),
        migrations.RunPython(migrate_nodes_full_value)
    ]
--- a/apps/assets/migrations/0061_auto_20201116_1757.py
+++ b/apps/assets/migrations/0061_auto_20201116_1757.py
@@ -0,0 +1,17 @@
 # Generated by Django 2.2.13 on 2020-11-16 09:57
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0060_node_full_value'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='node',
            options={'ordering': ['value'], 'verbose_name': 'Node'},
        ),
    ]
--- a/apps/assets/migrations/0062_auto_20201117_1938.py
+++ b/apps/assets/migrations/0062_auto_20201117_1938.py
@@ -0,0 +1,17 @@
 # Generated by Django 2.2.13 on 2020-11-17 11:38
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0061_auto_20201116_1757'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='asset',
            options={'ordering': ['hostname', 'ip'], 'verbose_name': 'Asset'},
        ),
    ]
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@@ -227,7 +227,7 @@ class Asset(ProtocolsMixin, NodesRelationMixin, OrgModelMixin):
    labels = models.ManyToManyField('assets.Label', blank=True, related_name='assets', verbose_name=_("Labels"))
    created_by = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('Created by'))
    date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
-    comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
+    comment = models.TextField(default='', blank=True, verbose_name=_('Comment'))
    objects = AssetManager.from_queryset(AssetQuerySet)()
    org_objects = AssetOrgManager.from_queryset(AssetQuerySet)()
@@ -313,6 +313,12 @@ class Asset(ProtocolsMixin, NodesRelationMixin, OrgModelMixin):
        }
        return info
    def nodes_display(self):
        names = []
        for n in self.nodes.all():
            names.append(n.full_value)
        return names
    def as_node(self):
        from .node import Node
        fake_node = Node()
@@ -355,3 +361,4 @@ class Asset(ProtocolsMixin, NodesRelationMixin, OrgModelMixin):
    class Meta:
        unique_together = [('org_id', 'hostname')]
        verbose_name = _("Asset")
        ordering = ["hostname", "ip"]
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -158,9 +158,11 @@ class AuthMixin:
        if update_fields:
            self.save(update_fields=update_fields)
-    def has_special_auth(self, asset=None):
+    def has_special_auth(self, asset=None, username=None):
        from .authbook import AuthBook
-        queryset = AuthBook.objects.filter(username=self.username)
+        if username is None:
            username = self.username
        queryset = AuthBook.objects.filter(username=username)
        if asset:
            queryset = queryset.filter(asset=asset)
        return queryset.exists()
--- a/apps/assets/models/cmd_filter.py
+++ b/apps/assets/models/cmd_filter.py
@@ -52,7 +52,7 @@ class CommandFilterRule(OrgModelMixin):
    type = models.CharField(max_length=16, default=TYPE_COMMAND, choices=TYPE_CHOICES, verbose_name=_("Type"))
    priority = models.IntegerField(default=50, verbose_name=_("Priority"), help_text=_("1-100, the higher will be match first"),
                                   validators=[MinValueValidator(1), MaxValueValidator(100)])
-    content = models.TextField(max_length=1024, verbose_name=_("Content"), help_text=_("One line one command"))
+    content = models.TextField(verbose_name=_("Content"), help_text=_("One line one command"))
    action = models.IntegerField(default=ACTION_DENY, choices=ACTION_CHOICES, verbose_name=_("Action"))
    comment = models.CharField(max_length=64, blank=True, default='', verbose_name=_("Comment"))
    date_created = models.DateTimeField(auto_now_add=True)
--- a/apps/assets/models/domain.py
+++ b/apps/assets/models/domain.py
@@ -9,6 +9,7 @@ import paramiko
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from common.utils.strings import no_special_chars
 from orgs.mixins.models import OrgModelMixin
 from .base import BaseUser
@@ -47,7 +48,7 @@ class Gateway(BaseUser):
        (PROTOCOL_SSH, 'ssh'),
        (PROTOCOL_RDP, 'rdp'),
    )
-    ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True)
+    ip = models.CharField(max_length=128, verbose_name=_('IP'), db_index=True)
    port = models.IntegerField(default=22, verbose_name=_('Port'))
    protocol = models.CharField(choices=PROTOCOL_CHOICES, max_length=16, default=PROTOCOL_SSH, verbose_name=_("Protocol"))
    domain = models.ForeignKey(Domain, on_delete=models.CASCADE, verbose_name=_("Domain"))
@@ -64,8 +65,8 @@ class Gateway(BaseUser):
    def test_connective(self, local_port=None):
        if local_port is None:
            local_port = self.port
-        if self.password and not re.match(r'\w+$', self.password):
+        if self.password and not no_special_chars(self.password):
-            return False, _("Password should not contain special characters")
+            return False, _("Password should not contains special characters")
        client = paramiko.SSHClient()
        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
--- a/apps/assets/models/favorite_asset.py
+++ b/apps/assets/models/favorite_asset.py
@@ -20,9 +20,13 @@ class FavoriteAsset(CommonModelMixin):
        return cls.objects.filter(user=user).values_list('asset', flat=True)
    @classmethod
-    def get_user_favorite_assets(cls, user):
+    def get_user_favorite_assets(cls, user, asset_perms_id=None):
        from assets.models import Asset
-        from perms.utils.user_asset_permission import get_user_granted_all_assets
+        from perms.utils.asset.user_permission import get_user_granted_all_assets
-        asset_ids = get_user_granted_all_assets(user).values_list('id', flat=True)
+        asset_ids = get_user_granted_all_assets(
            user,
            via_mapping_node=False,
            asset_perms_id=asset_perms_id
        ).values_list('id', flat=True)
        query_name = cls.asset.field.related_query_name()
        return Asset.org_objects.filter(**{f'{query_name}__user_id': user.id}, id__in=asset_ids).distinct()
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -13,7 +13,7 @@ from django.db.transaction import atomic
 from common.utils import get_logger
 from common.utils.common import lazyproperty
 from orgs.mixins.models import OrgModelMixin, OrgManager
-from orgs.utils import get_current_org, tmp_to_org, current_org
+from orgs.utils import get_current_org, tmp_to_org
 from orgs.models import Organization
@@ -205,6 +205,30 @@ class FamilyMixin:
            sibling = sibling.exclude(key=self.key)
        return sibling
    @classmethod
    def create_node_by_full_value(cls, full_value):
        if not full_value:
            return []
        nodes_family = full_value.split('/')
        nodes_family = [v for v in nodes_family if v]
        org_root = cls.org_root()
        if nodes_family[0] == org_root.value:
            nodes_family = nodes_family[1:]
        return cls.create_nodes_recurse(nodes_family, org_root)
    @classmethod
    def create_nodes_recurse(cls, values, parent=None):
        values = [v for v in values if v]
        if not values:
            return None
        if parent is None:
            parent = cls.org_root()
        value = values[0]
        child, created = parent.get_or_create_child(value=value)
        if len(values) == 1:
            return child
        return cls.create_nodes_recurse(values[1:], child)
    def get_family(self):
        ancestors = self.get_ancestors()
        children = self.get_all_children()
@@ -328,7 +352,9 @@ class SomeNodesMixin:
    @classmethod
    def org_root(cls):
-        root = cls.objects.filter(parent_key='').exclude(key__startswith='-')
+        root = cls.objects.filter(parent_key='')\
            .filter(key__regex=r'^[0-9]+$')\
            .exclude(key__startswith='-')
        if root:
            return root[0]
        else:
@@ -372,6 +398,7 @@ class Node(OrgModelMixin, SomeNodesMixin, FamilyMixin, NodeAssetsMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    key = models.CharField(unique=True, max_length=64, verbose_name=_("Key"))  # '1:1:1:1'
    value = models.CharField(max_length=128, verbose_name=_("Value"))
    full_value = models.CharField(max_length=4096, verbose_name=_('Full value'), default='')
    child_mark = models.IntegerField(default=0)
    date_create = models.DateTimeField(auto_now_add=True)
    parent_key = models.CharField(max_length=64, verbose_name=_("Parent key"),
@@ -384,10 +411,10 @@ class Node(OrgModelMixin, SomeNodesMixin, FamilyMixin, NodeAssetsMixin):
    class Meta:
        verbose_name = _("Node")
-        ordering = ['key']
+        ordering = ['value']
    def __str__(self):
-        return self.value
+        return self.full_value
    # def __eq__(self, other):
    #     if not other:
@@ -411,15 +438,14 @@ class Node(OrgModelMixin, SomeNodesMixin, FamilyMixin, NodeAssetsMixin):
    def name(self):
        return self.value
-    @lazyproperty
+    def computed_full_value(self):
    def full_value(self):
        # 不要在列表中调用该属性
        values = self.__class__.objects.filter(
            key__in=self.get_ancestor_keys()
        ).values_list('key', 'value')
        values = [v for k, v in sorted(values, key=lambda x: len(x[0]))]
-        values.append(self.value)
+        values.append(str(self.value))
-        return ' / '.join(values)
+        return '/' + '/'.join(values)
    @property
    def level(self):
@@ -458,3 +484,22 @@ class Node(OrgModelMixin, SomeNodesMixin, FamilyMixin, NodeAssetsMixin):
        if self.has_children_or_has_assets():
            return
        return super().delete(using=using, keep_parents=keep_parents)
    def update_child_full_value(self):
        nodes = self.get_all_children(with_self=True)
        sort_key_func = lambda n: [int(i) for i in n.key.split(':')]
        nodes_sorted = sorted(list(nodes), key=sort_key_func)
        nodes_mapper = {n.key: n for n in nodes_sorted}
        for node in nodes_sorted:
            parent = nodes_mapper.get(node.parent_key)
            if not parent:
                logger.error(f'Node parent node in mapper: {node.parent_key} {node.value}')
                continue
            node.full_value = parent.full_value + '/' + node.value
        self.__class__.objects.bulk_update(nodes, ['full_value'])
    def save(self, *args, **kwargs):
        self.full_value = self.computed_full_value()
        instance = super().save(*args, **kwargs)
        self.update_child_full_value()
        return instance
--- a/apps/assets/models/user.py
+++ b/apps/assets/models/user.py
@@ -72,6 +72,9 @@ class SystemUser(BaseUser):
    PROTOCOL_TELNET = 'telnet'
    PROTOCOL_VNC = 'vnc'
    PROTOCOL_MYSQL = 'mysql'
    PROTOCOL_ORACLE = 'oracle'
    PROTOCOL_MARIADB = 'mariadb'
    PROTOCOL_POSTGRESQL = 'postgresql'
    PROTOCOL_K8S = 'k8s'
    PROTOCOL_CHOICES = (
        (PROTOCOL_SSH, 'ssh'),
@@ -79,6 +82,9 @@ class SystemUser(BaseUser):
        (PROTOCOL_TELNET, 'telnet'),
        (PROTOCOL_VNC, 'vnc'),
        (PROTOCOL_MYSQL, 'mysql'),
        (PROTOCOL_ORACLE, 'oracle'),
        (PROTOCOL_MARIADB, 'mariadb'),
        (PROTOCOL_POSTGRESQL, 'postgresql'),
        (PROTOCOL_K8S, 'k8s'),
    )
@@ -104,6 +110,7 @@ class SystemUser(BaseUser):
    token = models.TextField(default='', verbose_name=_('Token'))
    home = models.CharField(max_length=4096, default='', verbose_name=_('Home'), blank=True)
    system_groups = models.CharField(default='', max_length=4096, verbose_name=_('System groups'), blank=True)
    ad_domain = models.CharField(default='', max_length=256)
    _prefer = 'system_user'
    def __str__(self):
@@ -126,6 +133,24 @@ class SystemUser(BaseUser):
    def login_mode_display(self):
        return self.get_login_mode_display()
    @property
    def db_application_protocols(self):
        return [
            self.PROTOCOL_MYSQL, self.PROTOCOL_ORACLE, self.PROTOCOL_MARIADB,
            self.PROTOCOL_POSTGRESQL
        ]
    @property
    def cloud_application_protocols(self):
        return [self.PROTOCOL_K8S]
    @property
    def application_category_protocols(self):
        protocols = []
        protocols.extend(self.db_application_protocols)
        protocols.extend(self.cloud_application_protocols)
        return protocols
    def is_need_push(self):
        if self.auto_push and self.protocol in [self.PROTOCOL_SSH, self.PROTOCOL_RDP]:
            return True
@@ -138,11 +163,16 @@ class SystemUser(BaseUser):
    @property
    def is_need_test_asset_connective(self):
-        return self.protocol not in [self.PROTOCOL_MYSQL]
+        return self.protocol not in self.application_category_protocols
    def has_special_auth(self, asset=None, username=None):
        if username is None and self.username_same_with_user:
            raise TypeError('System user is dynamic, username should be pass')
        return super().has_special_auth(asset=asset, username=username)
    @property
    def can_perm_to_asset(self):
-        return self.protocol not in [self.PROTOCOL_MYSQL]
+        return self.protocol not in self.application_category_protocols
    def _merge_auth(self, other):
        super()._merge_auth(other)
--- a/apps/assets/serializers/asset.py
+++ b/apps/assets/serializers/asset.py
@@ -1,13 +1,12 @@
 # -*- coding: utf-8 -*-
 #
 from rest_framework import serializers
-from django.db.models import Prefetch, F, Count
+from django.db.models import F
 from django.utils.translation import ugettext_lazy as _
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
-from common.serializers import AdaptedBulkListSerializer
+from ..models import Asset, Node, Platform
 from ..models import Asset, Node, Label, Platform
 from .base import ConnectivitySerializer
 __all__ = [
@@ -67,8 +66,9 @@ class AssetSerializer(BulkOrgResourceModelSerializer):
        slug_field='name', queryset=Platform.objects.all(), label=_("Platform")
    )
    protocols = ProtocolsField(label=_('Protocols'), required=False)
-    domain_display = serializers.ReadOnlyField(source='domain.name')
+    domain_display = serializers.ReadOnlyField(source='domain.name', label=_('Domain name'))
-    admin_user_display = serializers.ReadOnlyField(source='admin_user.name')
+    admin_user_display = serializers.ReadOnlyField(source='admin_user.name', label=_('Admin user name'))
    nodes_display = serializers.ListField(child=serializers.CharField(), label=_('Nodes name'), required=False)
    """
    资产的数据结构
@@ -90,7 +90,7 @@ class AssetSerializer(BulkOrgResourceModelSerializer):
            'platform': ['name']
        }
        fields_m2m = [
-            'nodes', 'labels',
+            'nodes', 'nodes_display', 'labels',
        ]
        annotates_fields = {
            # 'admin_user_display': 'admin_user__name'
@@ -133,14 +133,32 @@ class AssetSerializer(BulkOrgResourceModelSerializer):
        if protocols_data:
            validated_data["protocols"] = ' '.join(protocols_data)
    def perform_nodes_display_create(self, instance, nodes_display):
        if not nodes_display:
            return
        nodes_to_set = []
        for full_value in nodes_display:
            node = Node.objects.filter(full_value=full_value).first()
            if node:
                nodes_to_set.append(node)
            else:
                node = Node.create_node_by_full_value(full_value)
            nodes_to_set.append(node)
        instance.nodes.set(nodes_to_set)
    def create(self, validated_data):
        self.compatible_with_old_protocol(validated_data)
        nodes_display = validated_data.pop('nodes_display', '')
        instance = super().create(validated_data)
        self.perform_nodes_display_create(instance, nodes_display)
        return instance
    def update(self, instance, validated_data):
        nodes_display = validated_data.pop('nodes_display', '')
        self.compatible_with_old_protocol(validated_data)
-        return super().update(instance, validated_data)
+        instance = super().update(instance, validated_data)
        self.perform_nodes_display_create(instance, nodes_display)
        return instance
 class AssetDisplaySerializer(AssetSerializer):
--- a/apps/assets/serializers/domain.py
+++ b/apps/assets/serializers/domain.py
@@ -1,17 +1,19 @@
 # -*- coding: utf-8 -*-
 #
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from common.serializers import AdaptedBulkListSerializer
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
-
+from common.validators import NoSpecialChars
 from ..models import Domain, Gateway
 from .base import AuthSerializerMixin
 class DomainSerializer(BulkOrgResourceModelSerializer):
-    asset_count = serializers.SerializerMethodField()
+    asset_count = serializers.SerializerMethodField(label=_('Assets count'))
-    gateway_count = serializers.SerializerMethodField()
+    application_count = serializers.SerializerMethodField(label=_('Applications count'))
    gateway_count = serializers.SerializerMethodField(label=_('Gateways count'))
    class Meta:
        model = Domain
@@ -20,12 +22,12 @@ class DomainSerializer(BulkOrgResourceModelSerializer):
            'comment', 'date_created'
        ]
        fields_m2m = [
-            'asset_count', 'assets', 'gateway_count',
+            'asset_count', 'assets', 'application_count', 'gateway_count',
        ]
        fields = fields_small + fields_m2m
        read_only_fields = ('asset_count', 'gateway_count', 'date_created')
        extra_kwargs = {
-            'assets': {'required': False}
+            'assets': {'required': False, 'label': _('Assets')},
        }
        list_serializer_class = AdaptedBulkListSerializer
@@ -33,6 +35,10 @@ class DomainSerializer(BulkOrgResourceModelSerializer):
    def get_asset_count(obj):
        return obj.assets.count()
    @staticmethod
    def get_application_count(obj):
        return obj.applications.count()
    @staticmethod
    def get_gateway_count(obj):
        return obj.gateway_set.all().count()
@@ -47,6 +53,9 @@ class GatewaySerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
            'private_key', 'public_key', 'domain', 'is_active', 'date_created',
            'date_updated', 'created_by', 'comment',
        ]
        extra_kwargs = {
            'password': {'validators': [NoSpecialChars()]}
        }
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
--- a/apps/assets/serializers/node.py
+++ b/apps/assets/serializers/node.py
@@ -25,6 +25,9 @@ class NodeSerializer(BulkOrgResourceModelSerializer):
        read_only_fields = ['key', 'org_id']
    def validate_value(self, data):
        if '/' in data:
            error = _("Can't contains: " + "/")
            raise serializers.ValidationError(error)
        if self.instance:
            instance = self.instance
            siblings = instance.get_siblings()
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -6,7 +6,6 @@ from common.serializers import AdaptedBulkListSerializer
 from common.mixins.serializers import BulkSerializerMixin
 from common.utils import ssh_pubkey_gen
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from assets.models import Node
 from ..models import SystemUser, Asset
 from .base import AuthSerializerMixin
@@ -35,17 +34,18 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
            'auto_push', 'cmd_filters', 'sudo', 'shell', 'comment',
            'auto_generate_key', 'sftp_root', 'token',
            'assets_amount', 'date_created', 'created_by',
-            'home', 'system_groups'
+            'home', 'system_groups', 'ad_domain'
        ]
        extra_kwargs = {
            'password': {"write_only": True},
            'public_key': {"write_only": True},
            'private_key': {"write_only": True},
            'token': {"write_only": True},
-            'nodes_amount': {'label': _('Node')},
+            'nodes_amount': {'label': _('Nodes amount')},
-            'assets_amount': {'label': _('Asset')},
+            'assets_amount': {'label': _('Assets amount')},
            'login_mode_display': {'label': _('Login mode display')},
            'created_by': {'read_only': True},
            'ad_domain': {'required': False, 'allow_blank': True, 'label': _('Ad domain')},
        }
    def validate_auto_push(self, value):
@@ -154,14 +154,18 @@ class SystemUserListSerializer(SystemUserSerializer):
            'priority', "username_same_with_user",
            'auto_push', 'sudo', 'shell', 'comment',
            "assets_amount", 'home', 'system_groups',
-            'auto_generate_key',
+            'auto_generate_key', 'ad_domain',
            'sftp_root',
        ]
        extra_kwargs = {
            'password': {"write_only": True},
            'public_key': {"write_only": True},
            'private_key': {"write_only": True},
            'nodes_amount': {'label': _('Nodes amount')},
            'assets_amount': {'label': _('Assets amount')},
            'login_mode_display': {'label': _('Login mode display')},
            'created_by': {'read_only': True},
            'ad_domain': {'label': _('Ad domain')},
        }
    @classmethod
@@ -179,7 +183,8 @@ class SystemUserWithAuthInfoSerializer(SystemUserSerializer):
            'login_mode', 'login_mode_display',
            'priority', 'username_same_with_user',
            'auto_push', 'sudo', 'shell', 'comment',
-            'auto_generate_key', 'sftp_root', 'token'
+            'auto_generate_key', 'sftp_root', 'token',
            'ad_domain',
        ]
        extra_kwargs = {
            'nodes_amount': {'label': _('Node')},
--- a/apps/assets/signals_handler.py
+++ b/apps/assets/signals_handler.py
@@ -58,7 +58,8 @@ def on_asset_created_or_update(sender, instance=None, created=False, **kwargs):
@receiver(post_save, sender=SystemUser, dispatch_uid="jms")
-def on_system_user_update(sender, instance=None, created=True, **kwargs):
+@on_transaction_commit
 def on_system_user_update(instance: SystemUser, created, **kwargs):
    """
    当系统用户更新时，可能更新了秘钥，用户名等，这时要自动推送系统用户到资产上,
    其实应该当 用户名，密码，秘钥 sudo等更新时再推送，这里偷个懒,
@@ -68,26 +69,25 @@ def on_system_user_update(sender, instance=None, created=True, **kwargs):
    if instance and not created:
        logger.info("System user update signal recv: {}".format(instance))
        assets = instance.assets.all().valid()
-        push_system_user_to_assets.delay(instance, assets)
+        push_system_user_to_assets.delay(instance.id, [_asset.id for _asset in assets])
@receiver(m2m_changed, sender=SystemUser.assets.through)
-def on_system_user_assets_change(sender, instance=None, action='', model=None, pk_set=None, **kwargs):
+def on_system_user_assets_change(instance, action, model, pk_set, **kwargs):
    """
    当系统用户和资产关系发生变化时，应该重新推送系统用户到新添加的资产中
    """
    if action != POST_ADD:
        return
    logger.debug("System user assets change signal recv: {}".format(instance))
    queryset = model.objects.filter(pk__in=pk_set)
    if model == Asset:
-        system_users = [instance]
+        system_users_id = [instance.id]
-        assets = queryset
+        assets_id = pk_set
    else:
-        system_users = queryset
+        system_users_id = pk_set
-        assets = [instance]
+        assets_id = [instance.id]
-    for system_user in system_users:
+    for system_user_id in system_users_id:
-        push_system_user_to_assets.delay(system_user, assets)
+        push_system_user_to_assets.delay(system_user_id, assets_id)
@receiver(m2m_changed, sender=SystemUser.users.through)
@@ -140,7 +140,7 @@ def on_system_user_groups_change(instance, action, pk_set, reverse, **kwargs):
    logger.info("System user groups update signal recv: {}".format(instance))
    users = User.objects.filter(groups__id__in=pk_set).distinct()
-    instance.users.add(users)
+    instance.users.add(*users)
@receiver(m2m_changed, sender=Asset.nodes.through)
--- a/apps/assets/tasks/push_system_user.py
+++ b/apps/assets/tasks/push_system_user.py
@@ -2,7 +2,7 @@
 from itertools import groupby
 from celery import shared_task
-from common.db.utils import get_object_if_need, get_objects_if_need
+from common.db.utils import get_object_if_need, get_objects_if_need, get_objects
 from django.utils.translation import ugettext as _
 from django.db.models import Empty
@@ -36,6 +36,7 @@ def get_push_unixlike_system_user_tasks(system_user, username=None):
        username = system_user.username
    password = system_user.password
    public_key = system_user.public_key
    comment = system_user.name
    groups = _split_by_comma(system_user.system_groups)
@@ -47,7 +48,8 @@ def get_push_unixlike_system_user_tasks(system_user, username=None):
        'shell': system_user.shell or Empty,
        'state': 'present',
        'home': system_user.home or Empty,
-        'groups': groups or Empty
+        'groups': groups or Empty,
        'comment': comment
    }
    tasks = [
@@ -64,7 +66,10 @@ def get_push_unixlike_system_user_tasks(system_user, username=None):
                'module': 'group',
                'args': 'name={} state=present'.format(username),
            }
-        },
+        }
    ]
    if not system_user.home:
        tasks.extend([
            {
                'name': 'Check home dir exists',
                'action': {
@@ -81,7 +86,7 @@ def get_push_unixlike_system_user_tasks(system_user, username=None):
                },
                'when': 'home_existed.stat.exists == true'
            }
-    ]
+        ])
    if password:
        tasks.append({
            'name': 'Set {} password'.format(username),
@@ -134,6 +139,7 @@ def get_push_windows_system_user_tasks(system_user, username=None):
    tasks = []
    if not password:
        logger.error("Error: no password found")
        return tasks
    task = {
        'name': 'Add user {}'.format(username),
@@ -209,14 +215,15 @@ def push_system_user_util(system_user, assets, task_name, username=None):
        print(_("Start push system user for platform: [{}]").format(platform))
        print(_("Hosts count: {}").format(len(_hosts)))
-        if not system_user.has_special_auth():
+        # 如果没有特殊密码设置，就不需要单独推送某台机器了
        if not system_user.has_special_auth(username=username):
            logger.debug("System user not has special auth")
            tasks = get_push_system_user_tasks(system_user, platform, username=username)
            run_task(tasks, _hosts)
            continue
        for _host in _hosts:
-            system_user.load_asset_special_auth(_host)
+            system_user.load_asset_special_auth(_host, username=username)
            tasks = get_push_system_user_tasks(system_user, platform, username=username)
            run_task(tasks, [_host])
@@ -240,10 +247,10 @@ def push_system_user_a_asset_manual(system_user, asset, username=None):
@shared_task(queue="ansible")
-def push_system_user_to_assets(system_user, assets, username=None):
+def push_system_user_to_assets(system_user_id, assets_id, username=None):
    system_user = SystemUser.objects.get(id=system_user_id)
    assets = get_objects(Asset, assets_id)
    task_name = _("Push system users to assets: {}").format(system_user.name)
    system_user = get_object_if_need(SystemUser, system_user)
    assets = get_objects_if_need(Asset, assets)
    return push_system_user_util(system_user, assets, task_name, username=username)
 # @shared_task
--- a/apps/assets/urls/api_urls.py
+++ b/apps/assets/urls/api_urls.py
@@ -45,6 +45,7 @@ urlpatterns = [
    path('admin-users/<uuid:pk>/assets/', api.AdminUserAssetsListView.as_view(), name='admin-user-assets'),
    path('system-users/<uuid:pk>/auth-info/', api.SystemUserAuthInfoApi.as_view(), name='system-user-auth-info'),
    path('system-users/<uuid:pk>/assets/', api.SystemUserAssetsListView.as_view(), name='system-user-assets'),
    path('system-users/<uuid:pk>/assets/<uuid:aid>/auth-info/', api.SystemUserAssetAuthInfoApi.as_view(), name='system-user-asset-auth-info'),
    path('system-users/<uuid:pk>/tasks/', api.SystemUserTaskApi.as_view(), name='system-user-task-create'),
    path('system-users/<uuid:pk>/cmd-filter-rules/', api.SystemUserCommandFilterRuleListApi.as_view(), name='system-user-cmd-filter-rule-list'),
--- a/apps/assets/utils.py
+++ b/apps/assets/utils.py
@@ -33,7 +33,7 @@ def is_asset_exists_in_node(asset_pk, node_key):
 def is_query_node_all_assets(request):
    request = request
-    query_all_arg = request.query_params.get('all')
+    query_all_arg = request.query_params.get('all', 'true')
    show_current_asset_arg = request.query_params.get('show_current_asset')
    if show_current_asset_arg is not None:
        return not is_true(show_current_asset_arg)
--- a/apps/audits/serializers.py
+++ b/apps/audits/serializers.py
@@ -12,7 +12,7 @@ from . import models
 class FTPLogSerializer(serializers.ModelSerializer):
-    operate_display = serializers.ReadOnlyField(source='get_operate_display')
+    operate_display = serializers.ReadOnlyField(source='get_operate_display', label=_('Operate for display'))
    class Meta:
        model = models.FTPLog
@@ -23,9 +23,9 @@ class FTPLogSerializer(serializers.ModelSerializer):
 class UserLoginLogSerializer(serializers.ModelSerializer):
-    type_display = serializers.ReadOnlyField(source='get_type_display')
+    type_display = serializers.ReadOnlyField(source='get_type_display', label=_('Type for display'))
-    status_display = serializers.ReadOnlyField(source='get_status_display')
+    status_display = serializers.ReadOnlyField(source='get_status_display', label=_('Status for display'))
-    mfa_display = serializers.ReadOnlyField(source='get_mfa_display')
+    mfa_display = serializers.ReadOnlyField(source='get_mfa_display', label=_('MFA for display'))
    class Meta:
        model = models.UserLoginLog
@@ -33,6 +33,9 @@ class UserLoginLogSerializer(serializers.ModelSerializer):
            'id', 'username', 'type', 'type_display', 'ip', 'city', 'user_agent',
            'mfa', 'reason', 'status', 'status_display', 'datetime', 'mfa_display'
        )
        extra_kwargs = {
            "user_agent": {'label': _('User agent')}
        }
 class OperateLogSerializer(serializers.ModelSerializer):
@@ -75,6 +78,8 @@ class CommandExecutionSerializer(serializers.ModelSerializer):
            'hosts': {'label': _('Hosts')},  # 外键，会生成 sql。不在 model 上修改
            'run_as': {'label': _('Run as')},
            'user': {'label': _('User')},
            'run_as_display': {'label': _('Run as for display')},
            'user_display': {'label': _('User for display')},
        }
    @classmethod
--- a/apps/audits/tasks.py
+++ b/apps/audits/tasks.py
@@ -2,32 +2,44 @@
 #
 import datetime
 from django.utils import timezone
 from django.conf import settings
 from celery import shared_task
-from ops.celery.decorator import register_as_period_task
+from ops.celery.decorator import (
    register_as_period_task, after_app_shutdown_clean_periodic
 )
 from .models import UserLoginLog, OperateLog
 from common.utils import get_log_keep_day
@register_as_period_task(interval=3600*24)
@shared_task
@after_app_shutdown_clean_periodic
 def clean_login_log_period():
    now = timezone.now()
-    try:
+    days = get_log_keep_day('LOGIN_LOG_KEEP_DAYS')
        days = int(settings.LOGIN_LOG_KEEP_DAYS)
    except ValueError:
        days = 9999
    expired_day = now - datetime.timedelta(days=days)
    UserLoginLog.objects.filter(datetime__lt=expired_day).delete()
@register_as_period_task(interval=3600*24)
@shared_task
@after_app_shutdown_clean_periodic
 def clean_operation_log_period():
    now = timezone.now()
-    try:
+    days = get_log_keep_day('OPERATE_LOG_KEEP_DAYS')
        days = int(settings.LOGIN_LOG_KEEP_DAYS)
    except ValueError:
        days = 9999
    expired_day = now - datetime.timedelta(days=days)
    OperateLog.objects.filter(datetime__lt=expired_day).delete()
@shared_task
 def clean_ftp_log_period():
    now = timezone.now()
    days = get_log_keep_day('FTP_LOG_KEEP_DAYS')
    expired_day = now - datetime.timedelta(days=days)
    OperateLog.objects.filter(datetime__lt=expired_day).delete()
@register_as_period_task(interval=3600*24)
@shared_task
 def clean_audits_log_period():
    clean_audits_log_period()
    clean_operation_log_period()
    clean_ftp_log_period()
--- a/apps/authentication/api/sso.py
+++ b/apps/authentication/api/sso.py
@@ -60,6 +60,7 @@ class SSOViewSet(AuthMixin, JmsGenericViewSet):
        此接口违反了 `Restful` 的规范
        `GET` 应该是安全的方法，但此接口是不安全的
        """
        request.META['HTTP_X_JMS_LOGIN_TYPE'] = 'W'
        authkey = request.query_params.get(AUTH_KEY)
        next_url = request.query_params.get(NEXT_URL)
        if not next_url or not next_url.startswith('/'):
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -53,7 +53,7 @@ class AuthMixin:
        ip = ip or get_request_ip(self.request)
        return ip
-    def check_is_block(self):
+    def check_is_block(self, raise_exception=True):
        if hasattr(self.request, 'data'):
            username = self.request.data.get("username")
        else:
@@ -61,7 +61,11 @@ class AuthMixin:
        ip = self.get_request_ip()
        if is_block_login(username, ip):
            logger.warn('Ip was blocked' + ': ' + username + ':' + ip)
            exception = errors.BlockLoginError(username=username, ip=ip)
            if raise_exception:
                raise errors.BlockLoginError(username=username, ip=ip)
            else:
                return exception
    def decrypt_passwd(self, raw_passwd):
        # 获取解密密钥，对密码进行解密
--- a/apps/authentication/templates/authentication/login_otp.html
+++ b/apps/authentication/templates/authentication/login_otp.html
@@ -20,7 +20,7 @@
        <div class="form-group">
            <input type="text" class="form-control" name="otp_code" placeholder="" required="" autofocus="autofocus">
            <span class="help-block">
-                {% trans 'Open Google Authenticator and enter the 6-bit dynamic code' %}
+                {% trans 'Open MFA Authenticator and enter the 6-bit dynamic code' %}
            </span>
        </div>
        <button type="submit" class="btn btn-primary block full-width m-b">{% trans 'Next' %}</button>
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -87,6 +87,7 @@ class UserLoginView(mixins.AuthMixin, FormView):
        try:
            self.check_user_auth(decrypt_passwd=True)
        except errors.AuthFailedError as e:
            e = self.check_is_block(raise_exception=False) or e
            form.add_error(None, e.msg)
            ip = self.get_request_ip()
            cache.set(self.key_prefix_captcha.format(ip), 1, 3600)
--- a/apps/common/db/utils.py
+++ b/apps/common/db/utils.py
@@ -25,3 +25,16 @@ def get_objects_if_need(model, pks):
            logger.error(f'DoesNotExist: <{model.__name__}: {not_found_pks}>')
        return objs
    return pks
 def get_objects(model, pks):
    if not pks:
        return pks
    objs = list(model.objects.filter(id__in=pks))
    if len(objs) != len(pks):
        pks = set(pks)
        exists_pks = {o.id for o in objs}
        not_found_pks = ','.join(pks - exists_pks)
        logger.error(f'DoesNotExist: <{model.__name__}: {not_found_pks}>')
    return objs
--- a/apps/common/drf/exc_handlers.py
+++ b/apps/common/drf/exc_handlers.py
@@ -6,9 +6,10 @@ from rest_framework.views import set_rollback
 from rest_framework.response import Response
 from common.exceptions import JMSObjectDoesNotExist
-from common.utils import get_logger
+from logging import getLogger
-logger = get_logger(__name__)
+logger = getLogger('drf_exception')
 unexpected_exception_logger = getLogger('unexpected_exception')
 def extract_object_name(exc, index=0):
@@ -38,12 +39,14 @@ def common_exception_handler(exc, context):
        if getattr(exc, 'wait', None):
            headers['Retry-After'] = '%d' % exc.wait
-        if isinstance(exc.detail, (list, dict)):
+        if isinstance(exc.detail, str) and isinstance(exc.get_codes(), str):
-            data = exc.detail
+            data = {'detail': exc.detail, 'code': exc.get_codes()}
        else:
-            data = {'detail': exc.detail}
+            data = exc.detail
        set_rollback()
        return Response(data, status=exc.status_code, headers=headers)
    else:
        unexpected_exception_logger.exception('')
    return None
--- a/apps/common/drf/metadata.py
+++ b/apps/common/drf/metadata.py
@@ -7,6 +7,7 @@ from collections import OrderedDict
 from django.core.exceptions import PermissionDenied
 from django.http import Http404
 from django.utils.encoding import force_text
 from rest_framework.fields import empty
 from rest_framework.metadata import SimpleMetadata
 from rest_framework import exceptions, serializers
@@ -58,6 +59,10 @@ class SimpleMetadataWithFilters(SimpleMetadata):
        field_info['type'] = self.label_lookup[field]
        field_info['required'] = getattr(field, 'required', False)
        default = getattr(field, 'default', False)
        if default and isinstance(default, (str, int)):
            field_info['default'] = default
        for attr in self.attrs:
            value = getattr(field, attr, None)
            if value is not None and value != '':
--- a/apps/common/fields/model.py
+++ b/apps/common/fields/model.py
@@ -5,7 +5,7 @@ from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from django.utils.encoding import force_text
-from ..utils import signer, aes_crypto, aes_ecb_crypto
+from ..utils import signer, crypto
 __all__ = [
@@ -116,27 +116,12 @@ class EncryptMixin:
    def decrypt_from_signer(self, value):
        return signer.unsign(value) or ''
    def decrypt_from_aes(self, value):
        """
        先尝试使用GCM模式解密，如果解不开，再尝试使用原来的ECB模式解密
        """
        try:
            return aes_crypto.decrypt(value)
        except ValueError:
            pass
        try:
            return aes_ecb_crypto.decrypt(value)
        except (TypeError, ValueError, UnicodeDecodeError):
            pass
    def from_db_value(self, value, expression, connection, context):
        if value is None:
            return value
        value = force_text(value)
-        # 优先采用 aes 解密
+        plain_value = crypto.decrypt(value)
        plain_value = self.decrypt_from_aes(value)
        # 如果没有解开，使用原来的signer解密
        if not plain_value:
@@ -158,7 +143,7 @@ class EncryptMixin:
            value = sp.get_prep_value(value)
        value = force_text(value)
        # 替换新的加密方式
-        return aes_crypto.encrypt(value)
+        return crypto.encrypt(value)
 class EncryptTextField(EncryptMixin, models.TextField):
--- a/apps/common/utils/common.py
+++ b/apps/common/utils/common.py
@@ -11,8 +11,6 @@ import time
 import ipaddress
 import psutil
 from .timezone import dt_formater
 UUID_PATTERN = re.compile(r'\w{8}(-\w{4}){3}-\w{12}')
 ipip_db = None
--- a/apps/common/utils/crypto.py
+++ b/apps/common/utils/crypto.py
@@ -2,8 +2,58 @@ import base64
 from Crypto.Cipher import AES
 from Crypto.Util.Padding import pad
 from Crypto.Random import get_random_bytes
 from gmssl.sm4 import CryptSM4, SM4_ENCRYPT, SM4_DECRYPT
 from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured
 def process_key(key):
    """
    返回32 bytes 的key
    """
    if not isinstance(key, bytes):
        key = bytes(key, encoding='utf-8')
    if len(key) >= 32:
        return key[:32]
    return pad(key, 32)
 class BaseCrypto:
    def encrypt(self, text):
        return base64.urlsafe_b64encode(
            self._encrypt(bytes(text, encoding='utf8'))
        ).decode('utf8')
    def _encrypt(self, data: bytes) -> bytes:
        raise NotImplementedError
    def decrypt(self, text):
        return self._decrypt(
            base64.urlsafe_b64decode(bytes(text, encoding='utf8'))
        ).decode('utf8')
    def _decrypt(self, data: bytes) -> bytes:
        raise NotImplementedError
 class GMSM4EcbCrypto(BaseCrypto):
    def __init__(self, key):
        self.key = process_key(key)
        self.sm4_encryptor = CryptSM4()
        self.sm4_encryptor.set_key(self.key, SM4_ENCRYPT)
        self.sm4_decryptor = CryptSM4()
        self.sm4_decryptor.set_key(self.key, SM4_DECRYPT)
    def _encrypt(self, data: bytes) -> bytes:
        return self.sm4_encryptor.crypt_ecb(data)
    def _decrypt(self, data: bytes) -> bytes:
        return self.sm4_decryptor.crypt_ecb(data)
 class AESCrypto:
@@ -52,20 +102,7 @@ class AESCryptoGCM:
    """
    def __init__(self, key):
-        self.key = self.process_key(key)
+        self.key = process_key(key)
    @staticmethod
    def process_key(key):
        """
        返回32 bytes 的key
        """
        if not isinstance(key, bytes):
            key = bytes(key, encoding='utf-8')
        if len(key) >= 32:
            return key[:32]
        return pad(key, 32)
    def encrypt(self, text):
        """
@@ -110,5 +147,50 @@ def get_aes_crypto(key=None, mode='GCM'):
    return a
 def get_gm_sm4_ecb_crypto(key=None):
    key = key or settings.SECRET_KEY
    return GMSM4EcbCrypto(key)
 aes_ecb_crypto = get_aes_crypto(mode='ECB')
 aes_crypto = get_aes_crypto(mode='GCM')
 gm_sm4_ecb_crypto = get_gm_sm4_ecb_crypto()
 class Crypto:
    cryptoes = {
        'aes_ecb': aes_ecb_crypto,
        'aes_gcm': aes_crypto,
        'aes': aes_crypto,
        'gm_sm4_ecb': gm_sm4_ecb_crypto,
        'gm': gm_sm4_ecb_crypto,
    }
    def __init__(self):
        cryptoes = self.__class__.cryptoes.copy()
        crypto = cryptoes.pop(settings.SECURITY_DATA_CRYPTO_ALGO, None)
        if crypto is None:
            raise ImproperlyConfigured(
                f'Crypto method not supported {settings.SECURITY_DATA_CRYPTO_ALGO}'
            )
        self.cryptoes = [crypto, *cryptoes.values()]
    @property
    def encryptor(self):
        return self.cryptoes[0]
    def encrypt(self, text):
        return self.encryptor.encrypt(text)
    def decrypt(self, text):
        for decryptor in self.cryptoes:
            try:
                origin_text = decryptor.decrypt(text)
                if origin_text:
                    # 有时不同算法解密不报错，但是返回空字符串
                    return origin_text
            except (TypeError, ValueError, UnicodeDecodeError, IndexError):
                continue
 crypto = Crypto()
--- a/apps/common/utils/django.py
+++ b/apps/common/utils/django.py
@@ -10,13 +10,15 @@ UUID_PATTERN = re.compile(r'[0-9a-zA-Z\-]{36}')
 def reverse(view_name, urlconf=None, args=None, kwargs=None,
-            current_app=None, external=False):
+            current_app=None, external=False, api_to_ui=False):
    url = dj_reverse(view_name, urlconf=urlconf, args=args,
                     kwargs=kwargs, current_app=current_app)
    if external:
        site_url = settings.SITE_URL
        url = site_url.strip('/') + url
    if api_to_ui:
        url = url.replace('api/v1', 'ui/#').rstrip('/')
    return url
@@ -48,3 +50,11 @@ def union_queryset(*args, base_queryset=None):
        base_queryset = args[0].model.objects
    queryset = base_queryset.filter(id__in=queryset_id)
    return queryset
 def get_log_keep_day(s, defaults=200):
    try:
        days = int(getattr(settings, s))
    except ValueError:
        days = defaults
    return days
--- a/apps/common/utils/strings.py
+++ b/apps/common/utils/strings.py
@@ -0,0 +1,5 @@
 import re
 def no_special_chars(s):
    return bool(re.match(r'\w+$', s))
--- a/apps/common/validators.py
+++ b/apps/common/validators.py
@@ -2,10 +2,12 @@
 #
 from django.core.validators import RegexValidator
 from django.utils.translation import ugettext_lazy as _
 from rest_framework.validators import (
    UniqueTogetherValidator, ValidationError
 )
 from rest_framework import serializers
 from common.utils.strings import no_special_chars
 alphanumeric = RegexValidator(r'^[0-9a-zA-Z_@\-\.]*$', _('Special char not allowed'))
@@ -22,3 +24,11 @@ class ProjectUniqueValidator(UniqueTogetherValidator):
                    continue
                errors[field] = _('This field must be unique.')
            raise ValidationError(errors)
 class NoSpecialChars:
    def __call__(self, value):
        if not no_special_chars(value):
            raise serializers.ValidationError(
                _("Should not contains special characters")
            )
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -224,7 +224,7 @@ class Config(dict):
        'TERMINAL_HEARTBEAT_INTERVAL': 20,
        'TERMINAL_ASSET_LIST_SORT_BY': 'hostname',
        'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto',
-        'TERMINAL_SESSION_KEEP_DURATION': 9999,
+        'TERMINAL_SESSION_KEEP_DURATION': 200,
        'TERMINAL_HOST_KEY': '',
        'TERMINAL_TELNET_REGEX': '',
        'TERMINAL_COMMAND_STORAGE': {},
@@ -244,12 +244,18 @@ class Config(dict):
        'SECURITY_PASSWORD_SPECIAL_CHAR': False,
        'SECURITY_LOGIN_CHALLENGE_ENABLED': False,
        'SECURITY_LOGIN_CAPTCHA_ENABLED': True,
        'SECURITY_DATA_CRYPTO_ALGO': 'aes',
        'SECURITY_INSECURE_COMMAND': False,
        'SECURITY_INSECURE_COMMAND_LEVEL': 5,
        'SECURITY_INSECURE_COMMAND_EMAIL_RECEIVER': '',
        'HTTP_BIND_HOST': '0.0.0.0',
        'HTTP_LISTEN_PORT': 8080,
        'WS_LISTEN_PORT': 8070,
-        'LOGIN_LOG_KEEP_DAYS': 9999,
+        'LOGIN_LOG_KEEP_DAYS': 200,
-        'TASK_LOG_KEEP_DAYS': 10,
+        'TASK_LOG_KEEP_DAYS': 90,
        'OPERATE_LOG_KEEP_DAYS': 200,
        'FTP_LOG_KEEP_DAYS': 200,
        'ASSETS_PERM_CACHE_TIME': 3600 * 24,
        'SECURITY_MFA_VERIFY_TTL': 3600,
        'ASSETS_PERM_CACHE_ENABLE': HAS_XPACK,
@@ -366,7 +372,7 @@ class Config(dict):
        tp = type(default_value)
        # 对bool特殊处理
        if tp is bool and isinstance(v, str):
-            if v in ("true", "True", "1"):
+            if v.lower() in ("true", "1"):
                return True
            else:
                return False
--- a/apps/jumpserver/settings/base.py
+++ b/apps/jumpserver/settings/base.py
@@ -242,6 +242,9 @@ CACHES = {
            'host': CONFIG.REDIS_HOST,
            'port': CONFIG.REDIS_PORT,
            'db': CONFIG.REDIS_DB_CACHE,
        },
        'OPTIONS': {
            "REDIS_CLIENT_KWARGS": {"health_check_interval": 30}
        }
    }
 }
--- a/apps/jumpserver/settings/custom.py
+++ b/apps/jumpserver/settings/custom.py
@@ -54,6 +54,10 @@ SECURITY_VIEW_AUTH_NEED_MFA = CONFIG.SECURITY_VIEW_AUTH_NEED_MFA
 SECURITY_SERVICE_ACCOUNT_REGISTRATION = DYNAMIC.SECURITY_SERVICE_ACCOUNT_REGISTRATION
 SECURITY_LOGIN_CAPTCHA_ENABLED = CONFIG.SECURITY_LOGIN_CAPTCHA_ENABLED
 SECURITY_LOGIN_CHALLENGE_ENABLED = CONFIG.SECURITY_LOGIN_CHALLENGE_ENABLED
 SECURITY_DATA_CRYPTO_ALGO = CONFIG.SECURITY_DATA_CRYPTO_ALGO
 SECURITY_INSECURE_COMMAND = DYNAMIC.SECURITY_INSECURE_COMMAND
 SECURITY_INSECURE_COMMAND_LEVEL = CONFIG.SECURITY_INSECURE_COMMAND_LEVEL
 SECURITY_INSECURE_COMMAND_EMAIL_RECEIVER = DYNAMIC.SECURITY_INSECURE_COMMAND_EMAIL_RECEIVER
 # Terminal other setting
 TERMINAL_PASSWORD_AUTH = DYNAMIC.TERMINAL_PASSWORD_AUTH
--- a/apps/jumpserver/settings/logging.py
+++ b/apps/jumpserver/settings/logging.py
@@ -5,6 +5,8 @@ from ..const import PROJECT_DIR, CONFIG
 LOG_DIR = os.path.join(PROJECT_DIR, 'logs')
 JUMPSERVER_LOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
 DRF_EXCEPTION_LOG_FILE = os.path.join(LOG_DIR, 'drf_exception.log')
 UNEXPECTED_EXCEPTION_LOG_FILE = os.path.join(LOG_DIR, 'unexpected_exception.log')
 ANSIBLE_LOG_FILE = os.path.join(LOG_DIR, 'ansible.log')
 GUNICORN_LOG_FILE = os.path.join(LOG_DIR, 'gunicorn.log')
 LOG_LEVEL = CONFIG.LOG_LEVEL
@@ -20,6 +22,10 @@ LOGGING = {
            'datefmt': '%Y-%m-%d %H:%M:%S',
            'format': '%(asctime)s [%(module)s %(levelname)s] %(message)s',
        },
        'exception': {
            'datefmt': '%Y-%m-%d %H:%M:%S',
            'format': '\n%(asctime)s [%(levelname)s] %(message)s',
        },
        'simple': {
            'format': '%(levelname)s %(message)s'
        },
@@ -58,6 +64,24 @@ LOGGING = {
            'backupCount': 7,
            'filename': ANSIBLE_LOG_FILE,
        },
        'drf_exception': {
            'encoding': 'utf8',
            'level': 'DEBUG',
            'class': 'logging.handlers.RotatingFileHandler',
            'formatter': 'exception',
            'maxBytes': 1024 * 1024 * 100,
            'backupCount': 7,
            'filename': DRF_EXCEPTION_LOG_FILE,
        },
        'unexpected_exception': {
            'encoding': 'utf8',
            'level': 'DEBUG',
            'class': 'logging.handlers.RotatingFileHandler',
            'formatter': 'exception',
            'maxBytes': 1024 * 1024 * 100,
            'backupCount': 7,
            'filename': UNEXPECTED_EXCEPTION_LOG_FILE,
        },
        'syslog': {
            'level': 'INFO',
            'class': 'logging.NullHandler',
@@ -84,6 +108,14 @@ LOGGING = {
            'handlers': ['console', 'file'],
            'level': LOG_LEVEL,
        },
        'drf_exception': {
            'handlers': ['console', 'drf_exception'],
            'level': LOG_LEVEL,
        },
        'unexpected_exception': {
            'handlers': ['unexpected_exception'],
            'level': LOG_LEVEL,
        },
        'ops.ansible_api': {
            'handlers': ['console', 'ansible_logs'],
            'level': LOG_LEVEL,
--- a/apps/jumpserver/urls.py
+++ b/apps/jumpserver/urls.py
@@ -4,6 +4,8 @@ from __future__ import unicode_literals
 from django.urls import path, include, re_path
 from django.conf import settings
 from django.conf.urls.static import static
 from django.conf.urls.i18n import i18n_patterns
 from django.views.i18n import JavaScriptCatalog
 from . import views, api
@@ -66,7 +68,11 @@ urlpatterns = [
 urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) \
            + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
-# urlpatterns += js_i18n_patterns
+
 js_i18n_patterns = [
    path('core/jsi18n/', JavaScriptCatalog.as_view(), name='javascript-catalog'),
 ]
 urlpatterns += js_i18n_patterns
 handler404 = 'jumpserver.views.handler404'
 handler500 = 'jumpserver.views.handler500'
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
--- a/apps/ops/ansible/callback.py
+++ b/apps/ops/ansible/callback.py
@@ -65,6 +65,8 @@ class AdHocResultCallback(CallbackMixin, CallbackModule, CMDCallBackModule):
    """
    Task result Callback
    """
    context = None
    def clean_result(self, t, host, task_name, task_result):
        contacted = self.results_summary["contacted"]
        dark = self.results_summary["dark"]
@@ -133,7 +135,11 @@ class AdHocResultCallback(CallbackMixin, CallbackModule, CMDCallBackModule):
        pass
    def set_play_context(self, context):
-        context.ssh_args = '-C -o ControlMaster=no'
+        # for k, v in context._attributes.items():
        #     print("{} ==> {}".format(k, v))
        if self.context and isinstance(self.context, dict):
            for k, v in self.context.items():
                setattr(context, k, v)
 class CommandResultCallback(AdHocResultCallback):
--- a/apps/ops/ansible/runner.py
+++ b/apps/ops/ansible/runner.py
@@ -182,6 +182,13 @@ class AdHocRunner:
            _options.update(options)
        return _options
    def set_control_master_if_need(self, cleaned_tasks):
        modules = [task.get('action', {}).get('module') for task in cleaned_tasks]
        if {'ping', 'win_ping'} & set(modules):
            self.results_callback.context = {
                'ssh_args': '-C -o ControlMaster=no'
            }
    def run(self, tasks, pattern, play_name='Ansible Ad-hoc', gather_facts='no'):
        """
        :param tasks: [{'action': {'module': 'shell', 'args': 'ls'}, ...}, ]
@@ -193,6 +200,7 @@ class AdHocRunner:
        self.check_pattern(pattern)
        self.results_callback = self.get_result_callback()
        cleaned_tasks = self.clean_tasks(tasks)
        self.set_control_master_if_need(cleaned_tasks)
        context.CLIARGS = ImmutableDict(self.options)
        play_source = dict(
--- a/apps/ops/api/adhoc.py
+++ b/apps/ops/api/adhoc.py
@@ -5,6 +5,7 @@ from django.shortcuts import get_object_or_404
 from rest_framework import viewsets, generics
 from rest_framework.views import Response
 from common.drf.api import JMSBulkModelViewSet
 from common.permissions import IsOrgAdmin
 from common.serializers import CeleryTaskSerializer
 from ..models import Task, AdHoc, AdHocExecution
@@ -22,7 +23,7 @@ __all__ = [
 ]
-class TaskViewSet(viewsets.ModelViewSet):
+class TaskViewSet(JMSBulkModelViewSet):
    queryset = Task.objects.all()
    filter_fields = ("name",)
    search_fields = filter_fields
--- a/apps/ops/inventory.py
+++ b/apps/ops/inventory.py
@@ -76,7 +76,7 @@ class JMSInventory(JMSBaseInventory):
    write you own inventory, construct you inventory,
    user_info  is obtained from admin_user or asset_user
    """
-    def __init__(self, assets, run_as_admin=False, run_as=None, become_info=None):
+    def __init__(self, assets, run_as_admin=False, run_as=None, become_info=None, system_user=None):
        """
        :param assets: assets
        :param run_as_admin: True 是否使用管理用户去执行, 每台服务器的管理用户可能不同
@@ -86,6 +86,7 @@ class JMSInventory(JMSBaseInventory):
        self.assets = assets
        self.using_admin = run_as_admin
        self.run_as = run_as
        self.system_user = system_user
        self.become_info = become_info
        host_list = []
@@ -104,18 +105,25 @@ class JMSInventory(JMSBaseInventory):
    def get_run_user_info(self, host):
        from assets.backends import AssetUserManager
-        if self.run_as is None:
+        if not self.run_as and not self.system_user:
            return {}
        asset_id = host.get('id', '')
        asset = self.assets.filter(id=asset_id).first()
        if not asset:
            logger.error('Host not found: ', asset_id)
        if self.system_user:
            self.system_user.load_asset_special_auth(asset=asset, username=self.run_as)
            return self.system_user._to_secret_json()
        try:
            asset = self.assets.get(id=host.get('id'))
            manager = AssetUserManager()
-            run_user = manager.get_latest(username=self.run_as, asset=asset)
+            run_user = manager.get_latest(username=self.run_as, asset=asset, prefer='system_user')
            return run_user._to_secret_json()
        except Exception as e:
            logger.error(e, exc_info=True)
            return {}
        else:
            return run_user._to_secret_json()
 class JMSCustomInventory(JMSBaseInventory):
--- a/apps/ops/models/adhoc.py
+++ b/apps/ops/models/adhoc.py
@@ -184,7 +184,7 @@ class AdHoc(OrgModelMixin):
            hid = str(uuid.uuid4())
        execution = AdHocExecution(
            id=hid, adhoc=self, task=self.task,
-            task_display=str(self.task),
+            task_display=str(self.task)[:128],
            date_start=timezone.now(),
            hosts_amount=self.hosts.count(),
        )
--- a/apps/ops/models/command.py
+++ b/apps/ops/models/command.py
@@ -37,7 +37,7 @@ class CommandExecution(OrgModelMixin):
            username = self.user.username
        else:
            username = self.run_as.username
-        inv = JMSInventory(self.hosts.all(), run_as=username)
+        inv = JMSInventory(self.hosts.all(), run_as=username, system_user=self.run_as)
        return inv
    @lazyproperty
@@ -78,7 +78,7 @@ class CommandExecution(OrgModelMixin):
            runner = CommandRunner(self.inventory)
            try:
                host = self.hosts.first()
-                if host.is_windows():
+                if host and host.is_windows():
                    shell = 'win_shell'
                else:
                    shell = 'shell'
--- a/apps/ops/serializers/adhoc.py
+++ b/apps/ops/serializers/adhoc.py
@@ -3,6 +3,7 @@ from __future__ import unicode_literals
 from rest_framework import serializers
 from django.shortcuts import reverse
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from ..models import Task, AdHoc, AdHocExecution, CommandExecution
@@ -45,7 +46,7 @@ class AdHocExecutionExcludeResultSerializer(AdHocExecutionSerializer):
        ]
-class TaskSerializer(serializers.ModelSerializer):
+class TaskSerializer(BulkOrgResourceModelSerializer):
    summary = serializers.ReadOnlyField(source='history_summary')
    latest_execution = AdHocExecutionExcludeResultSerializer(read_only=True)
--- a/apps/ops/tasks.py
+++ b/apps/ops/tasks.py
@@ -9,7 +9,7 @@ from celery.exceptions import SoftTimeLimitExceeded
 from django.utils import timezone
 from django.utils.translation import ugettext_lazy as _
-from common.utils import get_logger, get_object_or_none, get_disk_usage
+from common.utils import get_logger, get_object_or_none, get_disk_usage, get_log_keep_day
 from orgs.utils import tmp_to_root_org, tmp_to_org
 from .celery.decorator import (
    register_as_period_task, after_app_shutdown_clean_periodic,
@@ -83,10 +83,10 @@ def clean_tasks_adhoc_period():
@after_app_shutdown_clean_periodic
@register_as_period_task(interval=3600*24, description=_("Clean celery log period"))
 def clean_celery_tasks_period():
    expire_days = settings.TASK_LOG_KEEP_DAYS
    logger.debug("Start clean celery task history")
-    one_month_ago = timezone.now() - timezone.timedelta(days=expire_days)
+    expire_days = get_log_keep_day('TASK_LOG_KEEP_DAYS')
-    tasks = CeleryTask.objects.filter(date_start__lt=one_month_ago)
+    days_ago = timezone.now() - timezone.timedelta(days=expire_days)
    tasks = CeleryTask.objects.filter(date_start__lt=days_ago)
    tasks.delete()
    tasks = CeleryTask.objects.filter(date_start__isnull=True)
    tasks.delete()
--- a/apps/ops/urls/api_urls.py
+++ b/apps/ops/urls/api_urls.py
@@ -3,13 +3,16 @@ from __future__ import unicode_literals
 from django.urls import path
 from rest_framework.routers import DefaultRouter
 from rest_framework_bulk.routes import BulkRouter
 from .. import api
 app_name = "ops"
 router = DefaultRouter()
-router.register(r'tasks', api.TaskViewSet, 'task')
+bulk_router = BulkRouter()
 bulk_router.register(r'tasks', api.TaskViewSet, 'task')
 router.register(r'adhoc', api.AdHocViewSet, 'adhoc')
 router.register(r'adhoc-executions', api.AdHocRunHistoryViewSet, 'execution')
 router.register(r'command-executions', api.CommandExecutionViewSet, 'command-execution')
@@ -22,3 +25,4 @@ urlpatterns = [
 ]
 urlpatterns += router.urls
 urlpatterns += bulk_router.urls
--- a/apps/ops/utils.py
+++ b/apps/ops/utils.py
@@ -75,4 +75,3 @@ def send_server_performance_mail(path, usage, usages):
    send_mail_async(subject, message, recipient_list, html_message=message)
--- a/apps/orgs/api.py
+++ b/apps/orgs/api.py
@@ -7,11 +7,12 @@ from rest_framework.views import Response
 from rest_framework_bulk import BulkModelViewSet
 from common.permissions import IsSuperUserOrAppUser
-from common.drf.api import JMSBulkRelationModelViewSet, JMSModelViewSet
+from common.drf.api import JMSBulkRelationModelViewSet
 from .models import Organization, ROLE
 from .serializers import (
    OrgSerializer, OrgReadSerializer,
-    OrgRetrieveSerializer, OrgMemberSerializer
+    OrgRetrieveSerializer, OrgMemberSerializer,
    OrgMemberAdminSerializer, OrgMemberUserSerializer
 )
 from users.models import User, UserGroup
 from assets.models import Asset, Domain, AdminUser, SystemUser, Label
@@ -72,6 +73,55 @@ class OrgMemberRelationBulkViewSet(JMSBulkRelationModelViewSet):
    m2m_field = Organization.members.field
    serializer_class = OrgMemberSerializer
    filterset_class = OrgMemberRelationFilterSet
    search_fields = ('user__name', 'user__username', 'org__name')
    def perform_bulk_create(self, serializer):
        data = serializer.validated_data
        relations = [OrganizationMember(**i) for i in data]
        OrganizationMember.objects.bulk_create(relations, ignore_conflicts=True)
    def perform_bulk_destroy(self, queryset):
        objs = list(queryset.all().prefetch_related('user', 'org'))
        queryset.delete()
        self.send_m2m_changed_signal(objs, action='post_remove')
 class OrgMemberAdminRelationBulkViewSet(JMSBulkRelationModelViewSet):
    permission_classes = (IsSuperUserOrAppUser,)
    m2m_field = Organization.members.field
    serializer_class = OrgMemberAdminSerializer
    filterset_class = OrgMemberRelationFilterSet
    search_fields = ('user__name', 'user__username', 'org__name')
    def get_queryset(self):
        queryset = super().get_queryset()
        org_id = self.kwargs.get('org_id')
        queryset = queryset.filter(org_id=org_id, role=ROLE.ADMIN)
        return queryset
    def perform_bulk_create(self, serializer):
        data = serializer.validated_data
        relations = [OrganizationMember(**i) for i in data]
        OrganizationMember.objects.bulk_create(relations, ignore_conflicts=True)
    def perform_bulk_destroy(self, queryset):
        objs = list(queryset.all().prefetch_related('user', 'org'))
        queryset.delete()
        self.send_m2m_changed_signal(objs, action='post_remove')
 class OrgMemberUserRelationBulkViewSet(JMSBulkRelationModelViewSet):
    permission_classes = (IsSuperUserOrAppUser,)
    m2m_field = Organization.members.field
    serializer_class = OrgMemberUserSerializer
    filterset_class = OrgMemberRelationFilterSet
    search_fields = ('user__name', 'user__username', 'org__name')
    def get_queryset(self):
        queryset = super().get_queryset()
        org_id = self.kwargs.get('org_id')
        queryset = queryset.filter(org_id=org_id, role=ROLE.USER)
        return queryset
    def perform_bulk_create(self, serializer):
        data = serializer.validated_data
--- a/apps/orgs/migrations/0009_auto_20201023_1628.py
+++ b/apps/orgs/migrations/0009_auto_20201023_1628.py
@@ -0,0 +1,18 @@
 # Generated by Django 2.2.13 on 2020-10-23 08:28
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('orgs', '0008_auto_20200819_2041'),
    ]
    operations = [
        migrations.AlterField(
            model_name='organization',
            name='comment',
            field=models.TextField(blank=True, default='', verbose_name='Comment'),
        ),
    ]
--- a/apps/orgs/models.py
+++ b/apps/orgs/models.py
@@ -23,7 +23,7 @@ class Organization(models.Model):
    name = models.CharField(max_length=128, unique=True, verbose_name=_("Name"))
    created_by = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Created by'))
    date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
-    comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
+    comment = models.TextField(default='', blank=True, verbose_name=_('Comment'))
    members = models.ManyToManyField('users.User', related_name='orgs', through='orgs.OrganizationMember',
                                     through_fields=('org', 'user'))
--- a/apps/orgs/serializers.py
+++ b/apps/orgs/serializers.py
@@ -1,12 +1,13 @@
 from django.db.models import F
 from rest_framework.serializers import ModelSerializer
 from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from users.models.user import User
 from common.serializers import AdaptedBulkListSerializer
 from common.drf.serializers import BulkModelSerializer
 from common.db.models import concated_display as display
-from .models import Organization, OrganizationMember
+from .models import Organization, OrganizationMember, ROLE
 class OrgSerializer(ModelSerializer):
@@ -26,12 +27,12 @@ class OrgSerializer(ModelSerializer):
        read_only_fields = ['created_by', 'date_created']
    def create(self, validated_data):
-        members = self._pop_memebers(validated_data)
+        members = self._pop_members(validated_data)
        instance = Organization.objects.create(**validated_data)
        OrganizationMember.objects.add_users_by_role(instance, *members)
        return instance
-    def _pop_memebers(self, validated_data):
+    def _pop_members(self, validated_data):
        return (
            validated_data.pop('users', None),
            validated_data.pop('admins', None),
@@ -39,7 +40,7 @@ class OrgSerializer(ModelSerializer):
        )
    def update(self, instance, validated_data):
-        members = self._pop_memebers(validated_data)
+        members = self._pop_members(validated_data)
        for attr, value in validated_data.items():
            setattr(instance, attr, value)
        instance.save()
@@ -73,6 +74,28 @@ class OrgMemberSerializer(BulkModelSerializer):
        ).distinct()
 class OrgMemberAdminSerializer(BulkModelSerializer):
    role = serializers.HiddenField(default=ROLE.ADMIN)
    organization = serializers.PrimaryKeyRelatedField(
        label=_('Organization'), queryset=Organization.objects.all(), required=True, source='org'
    )
    class Meta:
        model = OrganizationMember
        fields = ('id', 'organization', 'user', 'role')
 class OrgMemberUserSerializer(BulkModelSerializer):
    role = serializers.HiddenField(default=ROLE.USER)
    organization = serializers.PrimaryKeyRelatedField(
        label=_('Organization'), queryset=Organization.objects.all(), required=True, source='org'
    )
    class Meta:
        model = OrganizationMember
        fields = ('id', 'organization', 'user', 'role')
 class OrgRetrieveSerializer(OrgReadSerializer):
    admins = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
    auditors = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
--- a/apps/orgs/urls/api_urls.py
+++ b/apps/orgs/urls/api_urls.py
@@ -14,7 +14,12 @@ router = DefaultRouter()
 bulk_router = BulkRouter()
 router.register(r'orgs', api.OrgViewSet, 'org')
-bulk_router.register(r'org-memeber-relation', api.OrgMemberRelationBulkViewSet, 'org-memeber-relation')
+bulk_router.register(r'org-member-relation', api.OrgMemberRelationBulkViewSet, 'org-member-relation')
 router.register(r'orgs/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/admins',
                api.OrgMemberAdminRelationBulkViewSet, 'membership-admins')
 router.register(r'orgs/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/users',
                api.OrgMemberUserRelationBulkViewSet, 'membership-users'),
 old_version_urlpatterns = [
    re_path('(?P<resource>org)/.*', capi.redirect_plural_name_api)
--- a/apps/perms/api/init.py
+++ b/apps/perms/api/init.py
@@ -1,10 +1,10 @@
 # -*- coding: utf-8 -*-
 #
-from .asset_permission import *
+from .asset import *
-from .user_permission import *
+from .application import *
-from .asset_permission_relation import *
+
-from .user_group_permission import *
+# TODO: 删除
 from .remote_app_permission import *
 from .remote_app_permission_relation import *
 from .user_remote_app_permission import *
--- a/apps/perms/api/application/init.py
+++ b/apps/perms/api/application/init.py
@@ -0,0 +1,4 @@
 from .user_permission import *
 from .application_permission import *
 from .application_permission_relation import *
 from .user_group_permission import *
--- a/apps/perms/api/application/application_permission.py
+++ b/apps/perms/api/application/application_permission.py
@@ -0,0 +1,24 @@
 # -*- coding: utf-8 -*-
 #
 from common.permissions import IsOrgAdmin
 from orgs.mixins.api import OrgBulkModelViewSet
 from perms.models import ApplicationPermission
 from perms import serializers
 class ApplicationPermissionViewSet(OrgBulkModelViewSet):
    """
    应用授权列表的增删改查API
    """
    model = ApplicationPermission
    serializer_class = serializers.ApplicationPermissionSerializer
    filter_fields = ['name', 'category', 'type']
    search_fields = filter_fields
    permission_classes = (IsOrgAdmin,)
    def get_queryset(self):
        queryset = super().get_queryset().prefetch_related(
            "applications", "users", "user_groups", "system_users"
        )
        return queryset
--- a/apps/perms/api/application/application_permission_relation.py
+++ b/apps/perms/api/application/application_permission_relation.py
@@ -0,0 +1,128 @@
 # -*- coding: utf-8 -*-
 #
 from rest_framework import generics
 from django.db.models import F, Value
 from django.db.models.functions import Concat
 from django.shortcuts import get_object_or_404
 from applications.models import Application
 from orgs.mixins.api import OrgRelationMixin
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.utils import current_org
 from common.permissions import IsOrgAdmin
 from perms import serializers
 from perms import models
 __all__ = [
    'ApplicationPermissionUserRelationViewSet',
    'ApplicationPermissionUserGroupRelationViewSet',
    'ApplicationPermissionApplicationRelationViewSet',
    'ApplicationPermissionSystemUserRelationViewSet',
    'ApplicationPermissionAllApplicationListApi',
    'ApplicationPermissionAllUserListApi',
 ]
 class RelationMixin(OrgRelationMixin, OrgBulkModelViewSet):
    def get_queryset(self):
        queryset = super().get_queryset()
        org_id = current_org.org_id()
        if org_id is not None:
            queryset = queryset.filter(applicationpermission__org_id=org_id)
        queryset = queryset.annotate(applicationpermission_display=F('applicationpermission__name'))
        return queryset
 class ApplicationPermissionUserRelationViewSet(RelationMixin):
    serializer_class = serializers.ApplicationPermissionUserRelationSerializer
    m2m_field = models.ApplicationPermission.users.field
    permission_classes = (IsOrgAdmin,)
    filter_fields = [
        'id', "user", "applicationpermission",
    ]
    search_fields = ("user__name", "user__username", "applicationpermission__name")
    def get_queryset(self):
        queryset = super().get_queryset()
        queryset = queryset.annotate(user_display=F('user__name'))
        return queryset
 class ApplicationPermissionUserGroupRelationViewSet(RelationMixin):
    serializer_class = serializers.ApplicationPermissionUserGroupRelationSerializer
    m2m_field = models.ApplicationPermission.user_groups.field
    permission_classes = (IsOrgAdmin,)
    filter_fields = [
        'id', "usergroup", "applicationpermission"
    ]
    search_fields = ["usergroup__name", "applicationpermission__name"]
    def get_queryset(self):
        queryset = super().get_queryset()
        queryset = queryset.annotate(usergroup_display=F('usergroup__name'))
        return queryset
 class ApplicationPermissionApplicationRelationViewSet(RelationMixin):
    serializer_class = serializers.ApplicationPermissionApplicationRelationSerializer
    m2m_field = models.ApplicationPermission.applications.field
    permission_classes = (IsOrgAdmin,)
    filter_fields = [
        'id', 'application', 'applicationpermission',
    ]
    search_fields = ["id", "application__name", "applicationpermission__name"]
    def get_queryset(self):
        queryset = super().get_queryset()
        queryset = queryset.annotate(application_display=F('application__name'))
        return queryset
 class ApplicationPermissionSystemUserRelationViewSet(RelationMixin):
    serializer_class = serializers.ApplicationPermissionSystemUserRelationSerializer
    m2m_field = models.ApplicationPermission.system_users.field
    permission_classes = (IsOrgAdmin,)
    filter_fields = [
        'id', 'systemuser', 'applicationpermission',
    ]
    search_fields = [
        "applicactionpermission__name", "systemuser__name", "systemuser__username"
    ]
    def get_queryset(self):
        queryset = super().get_queryset()
        queryset = queryset \
            .annotate(systemuser_display=Concat(
                F('systemuser__name'), Value('('), F('systemuser__username'),
                Value(')')
            ))
        return queryset
 class ApplicationPermissionAllApplicationListApi(generics.ListAPIView):
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.ApplicationPermissionAllApplicationSerializer
    only_fields = serializers.ApplicationPermissionAllApplicationSerializer.Meta.only_fields
    filter_fields = ('name',)
    search_fields = filter_fields
    def get_queryset(self):
        pk = self.kwargs.get('pk')
        perm = get_object_or_404(models.ApplicationPermission, pk=pk)
        applications = Application.objects.filter(granted_by_permissions=perm)\
            .only(*self.only_fields).distinct()
        return applications
 class ApplicationPermissionAllUserListApi(generics.ListAPIView):
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.ApplicationPermissionAllUserSerializer
    only_fields = serializers.ApplicationPermissionAllUserSerializer.Meta.only_fields
    filter_fields = ('username', 'name')
    search_fields = filter_fields
    def get_queryset(self):
        pk = self.kwargs.get('pk')
        perm = get_object_or_404(models.ApplicationPermission, pk=pk)
        users = perm.get_all_users().only(*self.only_fields).distinct()
        return users
--- a/apps/perms/api/application/user_group_permission.py
+++ b/apps/perms/api/application/user_group_permission.py
@@ -0,0 +1,32 @@
 # -*- coding: utf-8 -*-
 #
 from django.db.models import Q
 from rest_framework.generics import ListAPIView
 from common.permissions import IsOrgAdminOrAppUser
 from applications.models import Application
 from applications.api.mixin import ApplicationAttrsSerializerViewMixin
 from perms import serializers
 __all__ = [
    'UserGroupGrantedApplicationsApi'
 ]
 class UserGroupGrantedApplicationsApi(ApplicationAttrsSerializerViewMixin, ListAPIView):
    """
    获取用户组直接授权的资产
    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.ApplicationGrantedSerializer
    only_fields = serializers.ApplicationGrantedSerializer.Meta.only_fields
    filter_fields = ['id', 'name', 'category', 'type', 'comment']
    search_fields = ['name', 'comment']
    def get_queryset(self):
        user_group_id = self.kwargs.get('pk', '')
        queryset = Application.objects\
            .filter(Q(granted_by_permissions__user_groups__id=user_group_id))\
            .distinct().only(*self.only_fields)
        return queryset
--- a/apps/perms/api/application/user_permission/init.py
+++ b/apps/perms/api/application/user_permission/init.py
@@ -0,0 +1,2 @@
 from .user_permission_applications import *
 from .common import *
--- a/apps/perms/api/application/user_permission/common.py
+++ b/apps/perms/api/application/user_permission/common.py
@@ -0,0 +1,75 @@
 # -*- coding: utf-8 -*-
 #
 import uuid
 from django.shortcuts import get_object_or_404
 from rest_framework.views import APIView, Response
 from rest_framework.generics import (
    ListAPIView, get_object_or_404
 )
 from applications.models import Application
 from perms.utils.application.permission import (
    get_application_system_users_id
 )
 from perms.api.asset.user_permission.mixin import ForAdminMixin, ForUserMixin
 from common.permissions import IsOrgAdminOrAppUser
 from perms.hands import User, SystemUser
 from perms import serializers
 __all__ = [
    'UserGrantedApplicationSystemUsersApi',
    'MyGrantedApplicationSystemUsersApi',
    'ValidateUserApplicationPermissionApi'
 ]
 class GrantedApplicationSystemUsersMixin(ListAPIView):
    serializer_class = serializers.ApplicationSystemUserSerializer
    only_fields = serializers.ApplicationSystemUserSerializer.Meta.only_fields
    user: None
    def get_application_system_users_id(self, application):
        return get_application_system_users_id(self.user, application)
    def get_queryset(self):
        application_id = self.kwargs.get('application_id')
        application = get_object_or_404(Application, id=application_id)
        system_users_id = self.get_application_system_users_id(application)
        system_users = SystemUser.objects.filter(id__in=system_users_id)\
            .only(*self.only_fields).order_by('priority')
        return system_users
 class UserGrantedApplicationSystemUsersApi(ForAdminMixin, GrantedApplicationSystemUsersMixin):
    pass
 class MyGrantedApplicationSystemUsersApi(ForUserMixin, GrantedApplicationSystemUsersMixin):
    pass
 class ValidateUserApplicationPermissionApi(APIView):
    permission_classes = (IsOrgAdminOrAppUser,)
    def get(self, request, *args, **kwargs):
        user_id = request.query_params.get('user_id', '')
        application_id = request.query_params.get('application_id', '')
        system_user_id = request.query_params.get('system_user_id', '')
        try:
            user_id = uuid.UUID(user_id)
            application_id = uuid.UUID(application_id)
            system_user_id = uuid.UUID(system_user_id)
        except ValueError:
            return Response({'msg': False}, status=403)
        user = get_object_or_404(User, id=user_id)
        application = get_object_or_404(Application, id=application_id)
        system_user = get_object_or_404(SystemUser, id=system_user_id)
        system_users_id = get_application_system_users_id(user, application)
        if system_user.id in system_users_id:
            return Response({'msg': True}, status=200)
        return Response({'msg': False}, status=403)
--- a/apps/perms/api/application/user_permission/user_permission_applications.py
+++ b/apps/perms/api/application/user_permission/user_permission_applications.py
@@ -0,0 +1,60 @@
 # -*- coding: utf-8 -*-
 #
 from rest_framework.generics import ListAPIView
 from rest_framework.response import Response
 from applications.api.mixin import (
    SerializeApplicationToTreeNodeMixin, ApplicationAttrsSerializerViewMixin
 )
 from perms import serializers
 from perms.api.asset.user_permission.mixin import ForAdminMixin, ForUserMixin
 from perms.utils.application.user_permission import (
    get_user_granted_all_applications
 )
 __all__ = [
    'UserAllGrantedApplicationsApi',
    'MyAllGrantedApplicationsApi',
    'UserAllGrantedApplicationsAsTreeApi',
    'MyAllGrantedApplicationsAsTreeApi',
 ]
 class AllGrantedApplicationsMixin(ApplicationAttrsSerializerViewMixin, ListAPIView):
    only_fields = serializers.ApplicationGrantedSerializer.Meta.only_fields
    serializer_class = serializers.ApplicationGrantedSerializer
    filter_fields = ['id', 'name', 'category', 'type', 'comment']
    search_fields = ['name', 'comment']
    user: None
    def get_queryset(self):
        queryset = get_user_granted_all_applications(self.user)
        return queryset.only(*self.only_fields)
 class UserAllGrantedApplicationsApi(ForAdminMixin, AllGrantedApplicationsMixin):
    pass
 class MyAllGrantedApplicationsApi(ForUserMixin, AllGrantedApplicationsMixin):
    pass
 class ApplicationsAsTreeMixin(SerializeApplicationToTreeNodeMixin):
    """
    将应用序列化成树的结构返回
    """
    def list(self, request, *args, **kwargs):
        queryset = self.filter_queryset(self.get_queryset())
        data = self.serialize_applications(queryset)
        return Response(data=data)
 class UserAllGrantedApplicationsAsTreeApi(ApplicationsAsTreeMixin, UserAllGrantedApplicationsApi):
    pass
 class MyAllGrantedApplicationsAsTreeApi(ApplicationsAsTreeMixin, MyAllGrantedApplicationsApi):
    pass
--- a/apps/perms/api/asset/init.py
+++ b/apps/perms/api/asset/init.py
@@ -0,0 +1,4 @@
 from .user_permission import *
 from .asset_permission import *
 from .asset_permission_relation import *
 from .user_group_permission import *
--- a/apps/perms/api/asset/asset_permission.py
+++ b/apps/perms/api/asset/asset_permission.py
@@ -3,13 +3,13 @@
 from django.db.models import Q
 from common.permissions import IsOrgAdmin
-from orgs.mixins.api import OrgModelViewSet
+from orgs.mixins.api import OrgBulkModelViewSet
 from common.utils import get_object_or_none
-from ..models import AssetPermission
+from perms.models import AssetPermission
-from ..hands import (
+from perms.hands import (
    User, UserGroup, Asset, Node, SystemUser,
 )
-from .. import serializers
+from perms import serializers
 __all__ = [
@@ -17,7 +17,7 @@ __all__ = [
 ]
-class AssetPermissionViewSet(OrgModelViewSet):
+class AssetPermissionViewSet(OrgBulkModelViewSet):
    """
    资产授权列表的增删改查api
    """
--- a/apps/perms/api/asset/asset_permission_relation.py
+++ b/apps/perms/api/asset/asset_permission_relation.py
@@ -11,8 +11,8 @@ from orgs.mixins.api import OrgRelationMixin
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.utils import current_org
 from common.permissions import IsOrgAdmin
-from .. import serializers
+from perms import serializers
-from .. import models
+from perms import models
 __all__ = [
    'AssetPermissionUserRelationViewSet', 'AssetPermissionUserGroupRelationViewSet',
--- a/apps/perms/api/asset/user_group_permission.py
+++ b/apps/perms/api/asset/user_group_permission.py
@@ -10,9 +10,9 @@ from common.permissions import IsOrgAdminOrAppUser
 from common.utils import lazyproperty
 from perms.models import AssetPermission
 from assets.models import Asset, Node
-from . import user_permission as uapi
+from perms.api.asset import user_permission as uapi
 from perms import serializers
-from perms.utils.asset_permission import get_asset_system_users_id_with_actions_by_group
+from perms.utils.asset.permission import get_asset_system_users_id_with_actions_by_group
 from assets.api.mixin import SerializeToTreeNodeMixin
 from users.models import UserGroup
--- a/apps/perms/api/asset/user_permission/init.py
+++ b/apps/perms/api/asset/user_permission/init.py
--- a/apps/perms/api/asset/user_permission/common.py
+++ b/apps/perms/api/asset/user_permission/common.py
@@ -10,13 +10,13 @@ from rest_framework.generics import (
 )
 from orgs.utils import tmp_to_root_org
-from perms.utils.asset_permission import get_asset_system_users_id_with_actions_by_user
+from perms.utils.asset.permission import get_asset_system_users_id_with_actions_by_user
 from common.permissions import IsOrgAdminOrAppUser, IsOrgAdmin, IsValidUser
 from common.utils import get_logger, lazyproperty
-from ...hands import User, Asset, SystemUser
+from perms.hands import User, Asset, SystemUser
-from ... import serializers
+from perms import serializers
-from ...models import Action
+from perms.models import Action
 logger = get_logger(__name__)
--- a/apps/perms/api/asset/user_permission/mixin.py
+++ b/apps/perms/api/asset/user_permission/mixin.py
@@ -4,6 +4,7 @@ from rest_framework.request import Request
 from common.permissions import IsOrgAdminOrAppUser, IsValidUser
 from common.utils import lazyproperty
 from orgs.utils import tmp_to_root_org
 from users.models import User
 from perms.models import UserGrantedMappingNode
@@ -47,6 +48,10 @@ class ForUserMixin:
    permission_classes = (IsValidUser,)
    request: Request
    def get(self, request, *args, **kwargs):
        with tmp_to_root_org():
            return super().get(request, *args, **kwargs)
    @lazyproperty
    def user(self):
        return self.request.user
--- a/apps/perms/api/asset/user_permission/user_permission_assets.py
+++ b/apps/perms/api/asset/user_permission/user_permission_assets.py
@@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-from django.utils.decorators import method_decorator
+from perms.api.asset.user_permission.mixin import UserNodeGrantStatusDispatchMixin
 from perms.api.user_permission.mixin import UserNodeGrantStatusDispatchMixin
 from rest_framework.generics import ListAPIView
 from rest_framework.response import Response
 from django.conf import settings
@@ -10,9 +9,8 @@ from assets.api.mixin import SerializeToTreeNodeMixin
 from common.utils import get_logger
 from perms.pagination import GrantedAssetLimitOffsetPagination
 from assets.models import Asset, Node, FavoriteAsset
-from orgs.utils import tmp_to_root_org
+from perms import serializers
-from ... import serializers
+from perms.utils.asset.user_permission import (
 from ...utils.user_asset_permission import (
    get_node_all_granted_assets, get_user_direct_granted_assets,
    get_user_granted_all_assets
 )
@@ -22,7 +20,6 @@ from .mixin import ForAdminMixin, ForUserMixin
 logger = get_logger(__name__)
@method_decorator(tmp_to_root_org(), name='list')
 class UserDirectGrantedAssetsApi(ListAPIView):
    """
    用户直接授权的资产的列表，也就是授权规则上直接授权的资产，并非是来自节点的
@@ -40,7 +37,6 @@ class UserDirectGrantedAssetsApi(ListAPIView):
        return assets
@method_decorator(tmp_to_root_org(), name='list')
 class UserFavoriteGrantedAssetsApi(ListAPIView):
    serializer_class = serializers.AssetGrantedSerializer
    only_fields = serializers.AssetGrantedSerializer.Meta.only_fields
@@ -55,7 +51,6 @@ class UserFavoriteGrantedAssetsApi(ListAPIView):
        return assets
@method_decorator(tmp_to_root_org(), name='list')
 class AssetsAsTreeMixin(SerializeToTreeNodeMixin):
    """
    将 资产 序列化成树的结构返回
@@ -82,12 +77,10 @@ class MyFavoriteGrantedAssetsApi(ForUserMixin, UserFavoriteGrantedAssetsApi):
    pass
@method_decorator(tmp_to_root_org(), name='list')
 class UserDirectGrantedAssetsAsTreeForAdminApi(ForAdminMixin, AssetsAsTreeMixin, UserDirectGrantedAssetsApi):
    pass
@method_decorator(tmp_to_root_org(), name='list')
 class MyUngroupAssetsAsTreeApi(ForUserMixin, AssetsAsTreeMixin, UserDirectGrantedAssetsApi):
    def get_queryset(self):
        queryset = super().get_queryset()
@@ -96,9 +89,11 @@ class MyUngroupAssetsAsTreeApi(ForUserMixin, AssetsAsTreeMixin, UserDirectGrante
        return queryset
-@method_decorator(tmp_to_root_org(), name='list')
+class UserAllGrantedAssetsApi(ForAdminMixin, ListAPIView):
 class UserAllGrantedAssetsApi(ListAPIView):
    only_fields = serializers.AssetGrantedSerializer.Meta.only_fields
    serializer_class = serializers.AssetGrantedSerializer
    filter_fields = ['hostname', 'ip', 'id', 'comment']
    search_fields = ['hostname', 'ip', 'comment']
    def get_queryset(self):
        queryset = get_user_granted_all_assets(self.user)
@@ -106,11 +101,14 @@ class UserAllGrantedAssetsApi(ListAPIView):
        return queryset.only(*self.only_fields)
 class MyAllGrantedAssetsApi(ForUserMixin, UserAllGrantedAssetsApi):
    pass
 class MyAllAssetsAsTreeApi(ForUserMixin, AssetsAsTreeMixin, UserAllGrantedAssetsApi):
    search_fields = ['hostname', 'ip']
@method_decorator(tmp_to_root_org(), name='list')
 class UserGrantedNodeAssetsApi(UserNodeGrantStatusDispatchMixin, ListAPIView):
    serializer_class = serializers.AssetGrantedSerializer
    only_fields = serializers.AssetGrantedSerializer.Meta.only_fields
--- a/apps/perms/api/asset/user_permission/user_permission_nodes.py
+++ b/apps/perms/api/asset/user_permission/user_permission_nodes.py
@@ -1,23 +1,24 @@
 # -*- coding: utf-8 -*-
 #
 import abc
 from django.conf import settings
 from rest_framework.generics import (
    ListAPIView
 )
 from rest_framework.response import Response
 from rest_framework.request import Request
 from orgs.utils import tmp_to_root_org
 from assets.api.mixin import SerializeToTreeNodeMixin
 from common.utils import get_logger
 from .mixin import ForAdminMixin, ForUserMixin, UserNodeGrantStatusDispatchMixin
-from ...hands import Node, User
+from perms.hands import Node, User
-from ... import serializers
+from perms import serializers
-from ...utils.user_asset_permission import (
+from perms.utils.asset.user_permission import (
    get_indirect_granted_node_children,
    get_user_granted_nodes_list_via_mapping_node,
    get_top_level_granted_nodes,
-    rebuild_user_tree_if_need,
+    rebuild_user_tree_if_need, get_favorite_node,
    get_ungrouped_node
 )
@@ -59,7 +60,6 @@ class NodeChildrenMixin:
 class BaseGrantedNodeApi(_GrantedNodeStructApi, metaclass=abc.ABCMeta):
    serializer_class = serializers.NodeGrantedSerializer
    @tmp_to_root_org()
    def list(self, request, *args, **kwargs):
        rebuild_user_tree_if_need(request, self.user)
        nodes = self.get_nodes()
@@ -72,7 +72,6 @@ class BaseNodeChildrenApi(NodeChildrenMixin, BaseGrantedNodeApi, metaclass=abc.A
 class BaseGrantedNodeAsTreeApi(SerializeToTreeNodeMixin, _GrantedNodeStructApi, metaclass=abc.ABCMeta):
    @tmp_to_root_org()
    def list(self, request: Request, *args, **kwargs):
        rebuild_user_tree_if_need(request, self.user)
        nodes = self.get_nodes()
@@ -116,7 +115,12 @@ class UserGrantedNodesMixin:
    user: User
    def get_nodes(self):
-        return get_user_granted_nodes_list_via_mapping_node(self.user)
+        nodes = []
        if settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
            nodes.append(get_ungrouped_node(self.user))
        nodes.append(get_favorite_node(self.user))
        nodes.extend(get_user_granted_nodes_list_via_mapping_node(self.user))
        return nodes
 # ------------------------------------------
--- a/apps/perms/api/asset/user_permission/user_permission_nodes_with_assets.py
+++ b/apps/perms/api/asset/user_permission/user_permission_nodes_with_assets.py
@@ -0,0 +1,207 @@
 # -*- coding: utf-8 -*-
 #
 from itertools import chain
 from rest_framework.generics import ListAPIView
 from rest_framework.request import Request
 from rest_framework.response import Response
 from django.db.models import F, Value, CharField, Q
 from django.conf import settings
 from orgs.utils import tmp_to_root_org
 from common.permissions import IsValidUser
 from common.utils import get_logger, get_object_or_none
 from .mixin import UserNodeGrantStatusDispatchMixin, ForUserMixin, ForAdminMixin
 from perms.utils.asset.user_permission import (
    get_indirect_granted_node_children, UNGROUPED_NODE_KEY, FAVORITE_NODE_KEY,
    get_user_direct_granted_assets, get_top_level_granted_nodes,
    get_user_granted_nodes_list_via_mapping_node,
    get_user_granted_all_assets, rebuild_user_tree_if_need,
    get_user_all_assetpermissions_id, get_favorite_node,
    get_ungrouped_node, compute_tmp_mapping_node_from_perm,
    TMP_GRANTED_FIELD, count_direct_granted_node_assets,
    count_node_all_granted_assets
 )
 from perms.models import AssetPermission
 from assets.models import Asset, FavoriteAsset
 from assets.api import SerializeToTreeNodeMixin
 from perms.hands import Node
 logger = get_logger(__name__)
 class MyGrantedNodesWithAssetsAsTreeApi(SerializeToTreeNodeMixin, ListAPIView):
    permission_classes = (IsValidUser,)
    def add_ungrouped_resource(self, data: list, user, asset_perms_id):
        if not settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
            return
        ungrouped_node = get_ungrouped_node(user, asset_perms_id=asset_perms_id)
        direct_granted_assets = get_user_direct_granted_assets(
            user, asset_perms_id=asset_perms_id
        ).annotate(
            parent_key=Value(ungrouped_node.key, output_field=CharField())
        ).prefetch_related('platform')
        data.extend(self.serialize_nodes([ungrouped_node], with_asset_amount=True))
        data.extend(self.serialize_assets(direct_granted_assets))
    def add_favorite_resource(self, data: list, user, asset_perms_id):
        favorite_node = get_favorite_node(user, asset_perms_id)
        favorite_assets = FavoriteAsset.get_user_favorite_assets(
            user, asset_perms_id=asset_perms_id
        ).annotate(
            parent_key=Value(favorite_node.key, output_field=CharField())
        ).prefetch_related('platform')
        data.extend(self.serialize_nodes([favorite_node], with_asset_amount=True))
        data.extend(self.serialize_assets(favorite_assets))
    def add_node_filtered_by_system_user(self, data: list, user, asset_perms_id):
        tmp_nodes = compute_tmp_mapping_node_from_perm(user, asset_perms_id=asset_perms_id)
        granted_nodes_key = []
        for _node in tmp_nodes:
            _granted = getattr(_node, TMP_GRANTED_FIELD, False)
            if not _granted:
                if settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
                    assets_amount = count_direct_granted_node_assets(user, _node.key, asset_perms_id)
                else:
                    assets_amount = count_node_all_granted_assets(user, _node.key, asset_perms_id)
                _node.assets_amount = assets_amount
            else:
                granted_nodes_key.append(_node.key)
        # 查询他们的子节点
        q = Q()
        for _key in granted_nodes_key:
            q |= Q(key__startswith=f'{_key}:')
        if q:
            descendant_nodes = Node.objects.filter(q).distinct()
        else:
            descendant_nodes = Node.objects.none()
        data.extend(self.serialize_nodes(chain(tmp_nodes, descendant_nodes), with_asset_amount=True))
    def add_assets(self, data: list, user, asset_perms_id):
        if settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
            all_assets = get_user_granted_all_assets(
                user,
                via_mapping_node=False,
                include_direct_granted_assets=False,
                asset_perms_id=asset_perms_id
            )
        else:
            all_assets = get_user_granted_all_assets(
                user,
                via_mapping_node=False,
                include_direct_granted_assets=True,
                asset_perms_id=asset_perms_id
            )
        all_assets = all_assets.annotate(
            parent_key=F('nodes__key')
        ).prefetch_related('platform')
        data.extend(self.serialize_assets(all_assets))
    @tmp_to_root_org()
    def list(self, request: Request, *args, **kwargs):
        """
        此算法依赖 UserGrantedMappingNode
        获取所有授权的节点和资产
        Node = UserGrantedMappingNode + 授权节点的子节点
        Asset = 授权节点的资产 + 直接授权的资产
        """
        user = request.user
        data = []
        asset_perms_id = get_user_all_assetpermissions_id(user)
        system_user_id = request.query_params.get('system_user')
        if system_user_id:
            asset_perms_id = list(AssetPermission.objects.valid().filter(
                id__in=asset_perms_id, system_users__id=system_user_id, actions__gt=0
            ).values_list('id', flat=True).distinct())
        self.add_ungrouped_resource(data, user, asset_perms_id)
        self.add_favorite_resource(data, user, asset_perms_id)
        if system_user_id:
            self.add_node_filtered_by_system_user(data, user, asset_perms_id)
        else:
            rebuild_user_tree_if_need(request, user)
            all_nodes = get_user_granted_nodes_list_via_mapping_node(user)
            data.extend(self.serialize_nodes(all_nodes, with_asset_amount=True))
        self.add_assets(data, user, asset_perms_id)
        return Response(data=data)
 class UserGrantedNodeChildrenWithAssetsAsTreeForAdminApi(ForAdminMixin, UserNodeGrantStatusDispatchMixin,
                                                         SerializeToTreeNodeMixin, ListAPIView):
    """
    带资产的授权树
    """
    def get_data_on_node_direct_granted(self, key):
        nodes = Node.objects.filter(parent_key=key)
        assets = Asset.org_objects.filter(nodes__key=key).distinct()
        assets = assets.prefetch_related('platform')
        return nodes, assets
    def get_data_on_node_indirect_granted(self, key):
        user = self.user
        asset_perms_id = get_user_all_assetpermissions_id(user)
        nodes = get_indirect_granted_node_children(user, key)
        assets = Asset.org_objects.filter(
            nodes__key=key,
        ).filter(
            granted_by_permissions__id__in=asset_perms_id
        ).distinct()
        assets = assets.prefetch_related('platform')
        return nodes, assets
    def get_data_on_node_not_granted(self, key):
        return Node.objects.none(), Asset.objects.none()
    def get_data(self, key, user):
        assets, nodes = [], []
        if not key:
            root_nodes = get_top_level_granted_nodes(user)
            nodes.extend(root_nodes)
        elif key == UNGROUPED_NODE_KEY:
            assets = get_user_direct_granted_assets(user)
            assets = assets.prefetch_related('platform')
        elif key == FAVORITE_NODE_KEY:
            assets = FavoriteAsset.get_user_favorite_assets(user)
        else:
            nodes, assets = self.dispatch_get_data(key, user)
        return nodes, assets
    def id2key_if_have(self):
        id = self.request.query_params.get('id')
        if id is not None:
            node = get_object_or_none(Node, id=id)
            if node:
                return node.key
    def list(self, request: Request, *args, **kwargs):
        key = self.request.query_params.get('key')
        if key is None:
            key = self.id2key_if_have()
        user = self.user
        rebuild_user_tree_if_need(request, user)
        nodes, assets = self.get_data(key, user)
        tree_nodes = self.serialize_nodes(nodes, with_asset_amount=True)
        tree_assets = self.serialize_assets(assets, key)
        return Response(data=[*tree_nodes, *tree_assets])
 class MyGrantedNodeChildrenWithAssetsAsTreeApi(ForUserMixin, UserGrantedNodeChildrenWithAssetsAsTreeForAdminApi):
    pass
--- a/apps/perms/api/user_permission/user_permission_nodes_with_assets.py
+++ b/apps/perms/api/user_permission/user_permission_nodes_with_assets.py
@@ -1,121 +0,0 @@
 # -*- coding: utf-8 -*-
 #
 from rest_framework.generics import ListAPIView
 from rest_framework.request import Request
 from rest_framework.response import Response
 from django.db.models import F
 from common.permissions import IsValidUser
 from common.utils import get_logger, get_object_or_none
 from .mixin import UserNodeGrantStatusDispatchMixin, ForUserMixin, ForAdminMixin
 from ...utils.user_asset_permission import (
    get_user_resources_q_granted_by_permissions,
    get_indirect_granted_node_children, UNGROUPED_NODE_KEY, FAVORITE_NODE_KEY,
    get_user_direct_granted_assets, get_top_level_granted_nodes,
    get_user_granted_nodes_list_via_mapping_node,
    get_user_granted_all_assets, rebuild_user_tree_if_need,
    get_user_all_assetpermission_ids,
 )
 from assets.models import Asset, FavoriteAsset
 from assets.api import SerializeToTreeNodeMixin
 from orgs.utils import tmp_to_root_org
 from ...hands import Node
 logger = get_logger(__name__)
 class MyGrantedNodesWithAssetsAsTreeApi(SerializeToTreeNodeMixin, ListAPIView):
    permission_classes = (IsValidUser,)
    @tmp_to_root_org()
    def list(self, request: Request, *args, **kwargs):
        """
        此算法依赖 UserGrantedMappingNode
        获取所有授权的节点和资产
        Node = UserGrantedMappingNode + 授权节点的子节点
        Asset = 授权节点的资产 + 直接授权的资产
        """
        user = request.user
        rebuild_user_tree_if_need(request, user)
        all_nodes = get_user_granted_nodes_list_via_mapping_node(user)
        all_assets = get_user_granted_all_assets(user)
        all_assets = all_assets.annotate(parent_key=F('nodes__key'))
        all_assets = all_assets.prefetch_related('platform')
        data = [
            *self.serialize_nodes(all_nodes, with_asset_amount=True),
            *self.serialize_assets(all_assets)
        ]
        return Response(data=data)
 class UserGrantedNodeChildrenWithAssetsAsTreeForAdminApi(ForAdminMixin, UserNodeGrantStatusDispatchMixin,
                                                         SerializeToTreeNodeMixin, ListAPIView):
    """
    带资产的授权树
    """
    def get_data_on_node_direct_granted(self, key):
        nodes = Node.objects.filter(parent_key=key)
        assets = Asset.org_objects.filter(nodes__key=key).distinct()
        assets = assets.prefetch_related('platform')
        return nodes, assets
    def get_data_on_node_indirect_granted(self, key):
        user = self.user
        asset_perm_ids = get_user_all_assetpermission_ids(user)
        nodes = get_indirect_granted_node_children(user, key)
        assets = Asset.org_objects.filter(
            nodes__key=key,
        ).filter(
            granted_by_permissions__id__in=asset_perm_ids
        ).distinct()
        assets = assets.prefetch_related('platform')
        return nodes, assets
    def get_data_on_node_not_granted(self, key):
        return Node.objects.none(), Asset.objects.none()
    def get_data(self, key, user):
        assets, nodes = [], []
        if not key:
            root_nodes = get_top_level_granted_nodes(user)
            nodes.extend(root_nodes)
        elif key == UNGROUPED_NODE_KEY:
            assets = get_user_direct_granted_assets(user)
            assets = assets.prefetch_related('platform')
        elif key == FAVORITE_NODE_KEY:
            assets = FavoriteAsset.get_user_favorite_assets(user)
        else:
            nodes, assets = self.dispatch_get_data(key, user)
        return nodes, assets
    def id2key_if_have(self):
        id = self.request.query_params.get('id')
        if id is not None:
            node = get_object_or_none(Node, id=id)
            if node:
                return node.key
    @tmp_to_root_org()
    def list(self, request: Request, *args, **kwargs):
        key = self.request.query_params.get('key')
        if key is None:
            key = self.id2key_if_have()
        user = self.user
        rebuild_user_tree_if_need(request, user)
        nodes, assets = self.get_data(key, user)
        tree_nodes = self.serialize_nodes(nodes, with_asset_amount=True)
        tree_assets = self.serialize_assets(assets, key)
        return Response(data=[*tree_nodes, *tree_assets])
 class MyGrantedNodeChildrenWithAssetsAsTreeApi(ForUserMixin, UserGrantedNodeChildrenWithAssetsAsTreeForAdminApi):
    pass
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jiangjie.Bai	9685a25dc6	Merge pull request #5034 from jumpserver/dev fix(perms): nodes-with-assets 接口添加刷新重构树	2020-11-18 11:53:12 +08:00
xinwen	1af4fcd381	fix(perms): nodes-with-assets 接口添加刷新重构树	2020-11-18 11:47:50 +08:00
Jiangjie.Bai	177055acdc	Merge pull request #5032 from jumpserver/dev fix(assets): 修复获取org_root的问题	2020-11-18 11:29:53 +08:00
ibuler	6ec0b3ad54	fix(assets): 修复获取org_root的问题	2020-11-18 11:23:39 +08:00
Orange	49dd611292	Merge pull request #5029 from jumpserver/dev Dev	2020-11-17 19:46:36 +08:00
xinwen	f557c1dace	fix(assets): model 添加 asset 默认排序	2020-11-17 19:40:49 +08:00
xinwen	6e87b94789	fix(command): 系统设置-安全设置-告警接收邮件字段如果为空，则更新不了	2020-11-17 19:19:08 +08:00
xinwen	b0dba35e5a	fix(public-api): 缺少SECURITY_PASSWORD_EXPIRATION_TIME字段	2020-11-17 19:11:39 +08:00
ibuler	d0b19f20c3	perf(tickets): 优化授权申请工单	2020-11-17 19:10:23 +08:00
xinwen	3e78d627f8	fix(perms): 作业中心-批量命令-选择系统用户之后，左侧资产列表未筛选，还是全部资产	2020-11-17 18:45:45 +08:00
Jiangjie.Bai	0763404235	Merge pull request #5021 from jumpserver/dev Dev	2020-11-17 16:48:07 +08:00
ibuler	31cd441a34	fix(assets): 修复资产导入时填写节点引起的空节点名称的问题	2020-11-17 16:41:17 +08:00
ibuler	40c0aac5a9	fix(ops): 修复run as 可能引起的返回多个asset user	2020-11-17 16:39:13 +08:00
ibuler	83099dcd16	fix(ops): 修复task run as的问题	2020-11-17 16:39:13 +08:00
ibuler	0db72bd00f	fix(i18n): 修复js18n的问题	2020-11-17 16:29:09 +08:00
Bai	732b8cc0b8	fix(ops): 修复AdHocExecution字段task_display长度问题	2020-11-17 16:27:41 +08:00
Bai	a9f90b4e31	perf(terminal): 修改数据库字段长度(command_stroage/replay_storage name 128)	2020-11-17 15:59:42 +08:00
Bai	cf1fbabca1	fix(command): 修复批量命令执行可能获取到host为None的问题	2020-11-17 15:25:11 +08:00
ibuler	cbcefe8bd3	fix(ops): 修复因为更改controlmaster引起的连接不服用维内托	2020-11-16 15:22:25 +08:00
ibuler	133a2e4714	fix(assets): 修复动态系统用户推送的bug	2020-11-16 15:07:01 +08:00
fit2bot	b4b9149d5d	chore(docs): 修改readme (#5005 ) * chore(docs): 修改readme * chore(docs): 修改文档拼写 Co-authored-by: ibuler <ibuler@qq.com>	2020-11-16 14:52:07 +08:00
fit2bot	9af4d5f76f	fix(crypto): 有时解密失败 (#5003 ) * fix(nodes): 节点默认按 value 排序 * fix(crypto): 有时解密失败 Co-authored-by: xinwen <coderWen@126.com>	2020-11-16 14:47:27 +08:00
Orange	96d26cc96f	Merge pull request #4991 from jumpserver/dev fix(system_user): 修复更新系统用户时ad_domain字段为空提交失败的问题	2020-11-13 14:57:23 +08:00
Bai	18d8f59bb5	fix(system_user): 修复更新系统用户时ad_domain字段为空提交失败的问题	2020-11-13 14:56:15 +08:00
老广	841f707b6d	Merge pull request #4982 from jumpserver/dev Dev	2020-11-12 14:12:35 +08:00
xinwen	448c5db3bb	fix(orgs): 添加旧的 member 相关 api	2020-11-12 11:20:42 +08:00
Bai	75b886675e	perf(i18n): 更新翻译	2020-11-12 11:14:23 +08:00
Bai	24e22115de	perf(i18n): 更新翻译	2020-11-12 11:14:23 +08:00
Bai	b18ead0ffa	perf(i18n): 更新翻译	2020-11-12 11:01:48 +08:00
xinwen	6e8922da1c	fix(trans): 完善翻译	2020-11-12 10:12:25 +08:00
Bai	dcb38ef534	perf(session): 修改变量名terminate	2020-11-11 19:10:53 +08:00
Bai	8a693d9fa7	feat(session): session列表返回can_termination字段值；设置所有db协议类型会话不可被终断和监控	2020-11-11 17:49:54 +08:00
xinwen	487932590b	fix(terminal): 扩展 Terminal name 长度	2020-11-11 15:01:30 +08:00
peijianbo	79b5aa68c8	feat(terminal):危险命令告警功能	2020-11-10 18:31:16 +08:00
Bai	50a4735b07	pref(cloud): 添加 Azure 依赖包	2020-11-10 11:13:00 +08:00
Bai	1183109354	perf(github): 更新github issue模版	2020-11-10 10:30:15 +08:00
xinwen	202e619c4b	feat(assets): 添加系统用户资产列表 api	2020-11-10 10:23:51 +08:00
xinwen	179cb7531c	feat(assets): 管理用户的资产列表增加 options 方法	2020-11-10 10:23:51 +08:00
ibuler	987f840431	fix(i18n): 修复重置密码那的i18n问题	2020-11-10 10:17:55 +08:00
fit2bot	f04544e8df	feat(MFA): 修改文案Google Authenticator为手机验证器 (#4964 ) * feat(MFA): 修改文案Google Authenticator为手机验证器 * feat(MFA): 修改文案手机验证器为 MFA验证器 * feat(MFA): 修改文案手机验证器为 MFA验证器2 Co-authored-by: Bai <bugatti_it@163.com>	2020-11-09 19:08:24 +08:00
fit2bot	cd6dc6a722	fix(perms): 由于组织不对，导致生成或显示授权树错误 (#4957 ) * perf(perms): 优化授权树生成速度 * fix(perms): 由于组织不对，导致生成或显示授权树错误 Co-authored-by: xinwen <coderWen@126.com>	2020-11-09 17:30:50 +08:00
Bai	150552d734	perf(requirements): 升级依赖版本jms-storage==0.0.35	2020-11-09 17:29:10 +08:00
Bai	388314ca5a	fix(applications): 修复应用列表会返回所有组织下数据的问题	2020-11-09 16:46:38 +08:00
Bai	26d00329e7	fix(assets): 修复计算node full value时，获取node value 有可能为 __proxy__ 的问题	2020-11-06 10:20:48 +08:00
xinwen	e93be8f828	feat(crypto): 支持国密算法	2020-11-05 19:04:50 +08:00
Bai	2690092faf	perf(ldap): LDAP用户搜索，本地忽略大小写，远端支持模糊	2020-11-05 14:57:08 +08:00
Bai	eabaae81ac	perf(application): 优化RemoteApp应用Chrome序列类的字符串主键关联字段	2020-11-05 14:13:45 +08:00
Bai	6df331cbed	perf(perms): 用户/用户组授权的所有应用API返回attrs属性	2020-11-05 11:25:32 +08:00
xinwen	0390e37fd5	feat(orgs): relation 增加搜索功能	2020-11-05 10:40:00 +08:00
xinwen	44d9aff573	fix(orgs): 改正单词拼写	2020-11-05 09:58:58 +08:00
xinwen	2b4f8bd11c	feat(ops): Task 支持批量操作	2020-11-05 09:54:51 +08:00
xinwen	231332585d	fix(perms): 重建授权树冲突时，响应里加 code	2020-11-03 17:53:49 +08:00
ibuler	531de188d6	perf(systemuser): 优化系统用户家目录权限更改	2020-11-03 17:51:02 +08:00
ibuler	0c1f717fb2	feat(assets): 推送系统用户增加comment	2020-11-03 17:51:02 +08:00
xinwen	9d9177ed05	refactor(terminal): 去掉 Session 中 Terminal 的外键关系	2020-11-03 15:00:44 +08:00
xinwen	ab77d5db4b	fix(orgs): `org-member-relation` url 拼写错误	2020-11-03 14:49:50 +08:00
ibuler	eadecb83ed	fix: 修改系统用户节点关系的抖索	2020-11-03 14:33:15 +08:00
ibuler	5d6088abd3	fix(assets): 修复nodes display pop 引起的bug	2020-11-03 11:22:36 +08:00
xinwen	38f7c123e5	fix(audits): sso 登录日志没有 type	2020-11-03 11:18:56 +08:00
xinwen	d7daf7071a	fix(ticket): 工单申请资产的时候审批人不能搜索	2020-11-03 10:53:31 +08:00
Bai	795245d7f4	perf(perms): 授权给用户应用列表API添加dispaly字段	2020-11-02 10:26:39 +08:00
Bai	7ea2a0d6a5	perf(perms): 应用授权规则序列类添加applications类型校验	2020-10-30 17:25:34 +08:00
xinwen	c90b9d70dc	perf(perms): 优化根据资产获取授权的系统用户	2020-10-30 15:59:19 +08:00
Bai	f6c24f809c	perf(application): 修改DoaminAPI返回application数量;修改Application数据库datbase字段required=False	2020-10-30 15:58:46 +08:00
Bai	e369a8d51f	perf(readme): 修改Readme	2020-10-30 15:44:42 +08:00
Bai	c74c9f51f0	perf(readme): 修改Readme	2020-10-30 15:44:05 +08:00
ibuler	57bf9ca8b1	perf(assets): 优化更新子节点名称的算法	2020-10-30 14:17:09 +08:00
Bai	ddc2d1106b	perf(perms): 修改授权授权应用API，添加category/type过滤字段	2020-10-30 12:54:33 +08:00
ibuler	15992c636a	perf: 优化node full value	2020-10-30 10:50:45 +08:00
Bai	36cd18ab9a	perf(perms): 修改变量名	2020-10-30 10:47:32 +08:00
Bai	676ee93837	perf(perms): 优化方法名称；授权查询语句；	2020-10-30 10:47:32 +08:00
fit2bot	c02f8e499b	feat: 添加资产导入时可以直接写节点 (#4868 ) * feat: 优化资产导入, 可以添加节点全称，并自动创建 * feat: 添加资产导入时可以直接写节点 * fix: 修改错误 * fix: 添加node value校验，不能包含/ * chore: merge migrations * perf: 去掉full value replace Co-authored-by: ibuler <ibuler@qq.com>	2020-10-30 10:16:49 +08:00
ibuler	4ebb4d1b6d	chore: resolve conflict	2020-10-29 19:19:20 +08:00
Bai	5e7650d719	perf(application): RemoteApp应用序列类返回asset_info字段	2020-10-29 05:48:01 -05:00
Bai	bf302f47e5	perf(application): 修改RemoteA序列类asset required=False	2020-10-29 05:48:01 -05:00
Bai	1ddc228449	perf(application): RemoteApp序列类字段asset，设置为CharPrimaryKeyRelatedField，修改其他字段的required=Flase	2020-10-29 05:48:01 -05:00
Bai	c9065fd96e	perf(application): 优化一些小细节	2020-10-29 05:48:01 -05:00
Bai	4a09dc6e3e	feat(assets): 修改GatewayModel ip字段类型为CharField	2020-10-29 05:48:01 -05:00
Bai	55bfb942e2	perf(applications): 修改应用序列类字段label	2020-10-29 05:48:01 -05:00
Bai	9aed51ffe9	perf(applications): 修改应用序列类字段长度限制	2020-10-29 05:48:01 -05:00
Bai	a98816462f	perf(applications): 添加DB序列类字段翻译	2020-10-29 05:48:01 -05:00
Bai	abe32e6c79	perf(perms): 添加应用/应用授权API的type_display/category_display字段	2020-10-29 05:48:01 -05:00
Bai	77c8ca5863	perf(perms): 应用授权表添加字段，type和category	2020-10-29 05:48:01 -05:00
Bai	8fa15b3378	perf(assets/terminal): 资产系统用户和Session会话添加协议选项: mysql/oracle/postgresql	2020-10-29 05:48:01 -05:00
Bai	a3507975fb	perf(application): 修改获取远程应用连接参数的API(2)	2020-10-29 05:48:01 -05:00
Bai	76ca6d587d	perf(application): 修改获取远程应用连接参数的API	2020-10-29 05:48:01 -05:00
Bai	038582a8c1	feat(applications): 修改应用/应用授权的迁移文件，解决多种应用/应用授权name字段重复的问题	2020-10-29 05:48:01 -05:00
Bai	ca2fc3cb5e	feat(applications): 修改ApplicationAPI方法获取序列类的逻辑	2020-10-29 05:48:01 -05:00
Bai	cc30b766f8	feat(applications): 修改ApplicationAPI方法method判断->action	2020-10-29 05:48:01 -05:00
Michael Bai	b7bd88b8a0	feat(applications): 修改ApplicationAPI方法options	2020-10-29 05:48:01 -05:00
Bai	5518e1e00f	perf(application): 优化Application获取序列类attrs字段适配	2020-10-29 05:48:01 -05:00
Bai	0632e88f5d	feat(application): 修改Application Model的domain字段选项2	2020-10-29 05:48:01 -05:00
Bai	9dc2255894	feat(application): 修改Application Model的domain字段选项	2020-10-29 05:48:01 -05:00
Bai	1baf35004d	refactor(perms): 添加应用授权规则迁移文件；迁移旧的应用授权(db/remoteapp/k8sapp)到新的应用授权	2020-10-29 05:48:01 -05:00
Bai	5acff310f7	perf(application): 修改迁移文件，迁移应用包含id字段	2020-10-29 05:48:01 -05:00
Bai	fdded8b90f	refactor(perms): 修改授权规则的目录结构（asset、application)	2020-10-29 05:48:01 -05:00
Bai	1d550cbe64	feat(perms): 添加ApplicationPermission API（包含用户/用户组/授权/校验等API)	2020-10-29 05:48:01 -05:00
Bai	4847b7a680	feat(perms): 添加ApplicationPermission Model 和 API（包含ViewSet和RelationViewSet)	2020-10-29 05:48:01 -05:00
Bai	1c551b4fe8	feat(application): 迁移old_application到new_application	2020-10-29 05:48:01 -05:00
Bai	6ffba739f2	perf(requirements): 添加依赖django-mysql==3.9.0	2020-10-29 05:48:01 -05:00
ibuler	0282346945	perf: 修改创建	2020-10-29 05:48:01 -05:00
ibuler	f6d9af8beb	perf(application): 优化type优先级	2020-10-29 05:48:01 -05:00
ibuler	ba4e6e9a9f	refacter: 重构application	2020-10-29 05:48:01 -05:00
ibuler	874a3eeebf	perf(sessions): 优化命令	2020-10-29 18:27:36 +08:00
ibuler	dd793a4eca	perf: 优化日志保存策略	2020-10-29 18:27:36 +08:00
xinwen	f7e6c14bc5	fix(assets): 向资产推送系统用户bug	2020-10-28 21:40:40 -05:00
xinwen	f6031d6f5d	fix(logger): 把 drf 异常放到单独的日志文件中	2020-10-28 21:26:35 -05:00
xinwen	5e779e6542	fix(systemuser): 系统用户添加 ad_domain 字段	2020-10-28 21:23:29 -05:00
xinwen	7031b7f28b	fix(auth): 修复用户登录失败次数出现0次	2020-10-28 06:06:57 -05:00
xinwen	e2f540a1f4	fix(assets): 网关的密码不能包含特殊字符	2020-10-28 06:05:53 -05:00
ibuler	108a1da212	chore: 修改github 语言识别	2020-10-26 20:51:09 -05:00
xinwen	b4a8cb768b	fix(assets): 系统用户与用户组发生变化时报错	2020-10-26 05:31:30 -05:00
xinwen	6b2f606430	fix(tickets): 工单申请资产授权通过人显示不对	2020-10-26 02:03:12 -05:00
xinwen	70a8db895d	fix(migrations): 生成一下遗漏的 migrations	2020-10-23 17:00:37 +08:00
xinwen	0043dc6110	fix(assets): 资产列表添加默认 `date_created` 排序	2020-10-23 17:00:37 +08:00
xinwen	87d2798612	fix(assets): 资产列表不能用到`assets_amount`字段	2020-10-23 16:54:19 +08:00
ibuler	e2d8eee629	fix(i18n): 修改收藏夹的翻译	2020-10-23 16:52:06 +08:00
xinwen	8404db8cef	fix(assets): 修改 `AssetViewSet.filter_fields`	2020-10-23 02:25:04 -05:00
Bai	fd7f379b10	perf(requirements): 升级依赖django-timezone-field==4.0	2020-10-21 13:01:28 +08:00
ibuler	111c63ee6a	perf: 修改beat版本	2020-10-20 15:02:11 +08:00
ibuler	4eb5d51840	fix: domain端口可能随便填写的问题	2020-10-20 15:01:06 +08:00
ibuler	7f53a80855	fix: 修改textfield 不再限制长度	2020-10-20 15:00:22 +08:00
ibuler	90afabdcb2	fix(perms): 修复用户的资产不区分组织的问题	2020-10-20 14:56:23 +08:00
ibuler	de405be753	fix(perms): 修复asset permission导入的bug	2020-10-20 14:46:31 +08:00
Bai	f84b845385	perf(config): 升级依赖redis==3.5.3; 添加CACHES配置: health_check_interval=30; 解决因网络不稳定导致的redis连接失败异常	2020-10-19 04:45:34 -05:00
xinwen	b1ac3fa94f	fix(orgs): 更新用户时`org_roles`参数为`None`时不更新组织角色	2020-10-15 04:59:25 -05:00
		`@@ -0,0 +1,2 @@`
							`*.js linguist-language=python`
							`*.html linguist-language=python`
`@@ -75,4 +75,3 @@ def send_server_performance_mail(path, usage, usages):`
	`send_mail_async(subject, message, recipient_list, html_message=message)`	`send_mail_async(subject, message, recipient_list, html_message=message)`
		`@@ -0,0 +1,2 @@`
							`from .user_permission_applications import *`
							`from .common import *`