Merge with user-perm

apps/assets/forms.py

@@ -12,7 +12,7 @@ class AssetForm(forms.ModelForm):
         fields = [
             "ip", "other_ip", "remote_card_ip", "hostname", "port", "groups", "username", "password",
             "idc", "mac_address", "brand", "cpu", "memory", "disk", "os", "cabinet_no", "cabinet_pos",
-            "number", "status", "type", "env", "sn", "is_active", "comment", "admin_user", "system_user"
+            "number", "status", "type", "env", "sn", "is_active", "comment", "admin_user", "system_users"
         ]
 
         widgets = {

apps/assets/models.py

@@ -194,6 +194,21 @@ class SystemUser(models.Model):
     def public_key(self, public_key_raw):
         self._public_key = encrypt(public_key_raw)
 
+    def get_assets_inherit_from_asset_groups(self):
+        assets = set()
+        asset_groups = self.asset_groups.all()
+        for asset_group in asset_groups:
+            for asset in asset_group.assets.all():
+                setattr(asset, 'is_inherit_from_asset_groups', True)
+                setattr(asset, 'inherit_from_asset_groups',
+                        getattr(asset, b'inherit_from_asset_groups', set()).add(asset_group))
+                assets.add(asset)
+        return assets
+
+    def get_assets(self):
+        assets = set(self.assets.all()) | self.get_assets_inherit_from_asset_groups()
+        return list(assets)
+
     class Meta:
         db_table = 'system_user'
 
@@ -266,8 +281,8 @@ class Asset(models.Model):
     password = models.CharField(max_length=256, null=True, blank=True, verbose_name=_("Admin password"))
     admin_user = models.ForeignKey(AdminUser, null=True, blank=True, related_name='assets',
                                    on_delete=models.SET_NULL, verbose_name=_("Admin user"))
-    system_user = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User"))
-    idc = models.ForeignKey(IDC, null=True, blank=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_('IDC'))
+    system_users = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User"))
+    idc = models.ForeignKey(IDC, null=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_('IDC'))
     mac_address = models.CharField(max_length=20, null=True, blank=True, verbose_name=_("Mac address"))
     brand = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Brand'))
     cpu = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('CPU'))
@@ -301,7 +316,7 @@ class Asset(models.Model):
 
     @classmethod
     def generate_fake(cls, count=100):
-        from random import seed
+        from random import seed, choice
         import forgery_py
         from django.db import IntegrityError
 
@@ -309,10 +324,14 @@ class Asset(models.Model):
         for i in range(count):
             asset = cls(ip='%s.%s.%s.%s' % tuple([forgery_py.forgery.basic.text(length=3, digits=True)
                                                   for i in range(0, 4)]),
+                        admin_user=choice(AdminUser.objects.all()),
+                        idc=choice(IDC.objects.all()),
                         port=22,
                         created_by='Fake')
             try:
                 asset.save()
+                asset.system_users = [choice(SystemUser.objects.all()) for i in range(3)]
+                asset.groups = [choice(AssetGroup.objects.all()) for i in range(3)]
                 logger.debug('Generate fake asset : %s' % asset.ip)
             except IntegrityError:
                 print('Error continue')
@@ -335,5 +354,5 @@ class Label(models.Model):
 
 
 def generate_fake():
-    for cls in (Asset, AssetGroup, IDC):
-        cls.generate_fake()
+    for cls in (AssetGroup, IDC, AdminUser, SystemUser, Asset):
+        cls.generate_fake()
\ No newline at end of file

apps/assets/templates/assets/admin_user_detail.html

@@ -15,9 +15,9 @@
                 <div class="ibox float-e-margins">
                     <div class="panel-options">
                         <ul class="nav nav-tabs">
-                            <li class="active"><a href="" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                            <li class="active">
+                                <a href="" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
                             </li>
-                            <li><a href="" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'Associate assets' %}</a></li>
                         </ul>
                     </div>
                     <div class="tab-content">
@@ -33,10 +33,6 @@
                                             <i class="fa fa-wrench"></i>
                                         </a>
                                         <ul class="dropdown-menu dropdown-user">
-                                            <li><a href="#"></a>
-                                            </li>
-                                            <li><a href="#"></a>
-                                            </li>
                                         </ul>
                                         <a class="close-link">
                                             <i class="fa fa-times"></i>
@@ -73,7 +69,7 @@
 
                             <div class="ibox float-e-margins">
                                 <div class="ibox-title">
-                                    <span style="float: left">{% trans 'Asset list of ' %} <b>{{ admin_user.name }}</b></span>
+                                    <span style="float: left">{% trans 'Asset list of ' %} <b>{{ admin_user.name }}</b> <span class="badge"> {{ paginator.count }}</span></span>
                                     <div class="ibox-tools">
                                         <a class="collapse-link">
                                             <i class="fa fa-chevron-up"></i>
@@ -82,10 +78,6 @@
                                             <i class="fa fa-wrench"></i>
                                         </a>
                                         <ul class="dropdown-menu dropdown-user">
-                                            <li><a href="#"></a>
-                                            </li>
-                                            <li><a href="#"></a>
-                                            </li>
                                         </ul>
                                         <a class="close-link">
                                             <i class="fa fa-times"></i>
@@ -185,6 +177,34 @@
                                     </table>
                                 </div>
                             </div>
+
+                            <div class="panel panel-warning">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Replace asset admin user with this admin user' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table">
+                                        <tbody>
+                                        <form>
+                                            <tr class="no-borders-tr">
+                                                <td colspan="2">
+                                                    <select data-placeholder="{% trans 'Select asset groups' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                        {% for group in groups %}
+                                                            <option value="{{ group.id }}">{{ group.name }}</option>
+                                                        {% endfor %}
+                                                    </select>
+                                                </td>
+                                            </tr>
+                                            <tr class="no-borders-tr">
+                                                <td colspan="2">
+                                                    <button type="button" class="btn btn-warning btn-sm">{% trans 'Replace' %}</button>
+                                                </td>
+                                            </tr>
+                                        </form>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
                         </div>
                     </div>
                 </div>

apps/assets/templates/assets/system_user_asset.html

@@ -19,10 +19,7 @@
                                 <a href="{% url 'assets:system-user-detail' pk=system_user.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
                             </li>
                             <li class="active"><a href="{% url 'assets:system-user-asset' pk=system_user.id %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Associate assets' %}</a>
-                            </li>
-                            <li><a href="{% url 'assets:system-user-asset-group' pk=system_user.id %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Associate asset groups' %}</a>
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Associate assets and asset groups' %}</a>
                             </li>
                         </ul>
                     </div>
@@ -30,7 +27,7 @@
                         <div class="col-sm-7" style="padding-left: 0;">
                             <div class="ibox float-e-margins">
                                 <div class="ibox-title">
-                                    <span style="float: left">{% trans 'Asset list of ' %} <b>{{ admin_user.name }}</b></span>
+                                    <span style="float: left">{% trans 'Assets attached of ' %} <b>{{ system_user.name }} </b><span class="badge">{{ paginator.count }}</span></span>
                                     <div class="ibox-tools">
                                         <a class="collapse-link">
                                             <i class="fa fa-chevron-up"></i>
@@ -52,7 +49,8 @@
                                                 <th>{% trans 'Hostname' %}</th>
                                                 <th>{% trans 'IP' %}</th>
                                                 <th>{% trans 'Port' %}</th>
-                                                <th>{% trans 'Alive' %}</th>
+                                                <th>{% trans 'Reachable' %}</th>
+                                                <th></th>
                                             </tr>
                                         </thead>
                                         <tbody>
@@ -61,7 +59,12 @@
                                                 <td>{{ asset.hostname }}</td>
                                                 <td>{{ asset.ip }}</td>
                                                 <td>{{ asset.port }}</td>
-                                                <td>Alive</td>
+                                                <td>
+                                                    <i class="fa fa-check text-navy"></i>
+                                                </td>
+                                                <td>
+                                                    <button class="btn btn-danger pull-right btn-xs {% if asset.is_inherit_from_asset_groups %} disabled {% endif %}" type="button"><i class="fa fa-minus"></i></button>
+                                                </td>
                                             </tr>
                                             {% endfor %}
                                         </tbody>
@@ -75,7 +78,7 @@
                         <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
                             <div class="panel panel-primary">
                                 <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'Add asset to this system user' %}
+                                    <i class="fa fa-info-circle"></i> {% trans 'Attach to assets ' %}
                                 </div>
                                 <div class="panel-body">
                                     <table class="table">
@@ -84,7 +87,7 @@
                                             <tr class="no-borders-tr">
                                                 <td colspan="2">
                                                     <select data-placeholder="{% trans 'Select asset' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for asset in assets %}
+                                                        {% for asset in assets_remain %}
                                                             <option value="{{ asset.id }}">{{ asset.ip}}:{{ asset.port }}</option>
                                                         {% endfor %}
                                                     </select>
@@ -92,7 +95,7 @@
                                             </tr>
                                             <tr class="no-borders-tr">
                                                 <td colspan="2">
-                                                    <button type="button" class="btn btn-primary btn-sm">{% trans 'Add' %}</button>
+                                                    <button type="button" class="btn btn-primary btn-sm">{% trans 'Attach' %}</button>
                                                 </td>
                                             </tr>
                                         </form>
@@ -100,6 +103,43 @@
                                     </table>
                                 </div>
                             </div>
+
+                            <div class="panel panel-info">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Attach to asset groups' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table group_edit">
+                                        <tbody>
+                                        <form>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <select data-placeholder="{% trans 'Add asset group' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                        {% for asset_group in asset_groups_remain %}
+                                                        <option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
+                                                        {% endfor %}
+                                                    </select>
+                                                </td>
+                                            </tr>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <button type="button" class="btn btn-info btn-sm" id="btn_add_user_group">{% trans 'Attach' %}</button>
+                                                </td>
+                                            </tr>
+                                        </form>
+
+                                        {% for asset_group in asset_groups %}
+                                        <tr>
+                                          <td ><b data-gid={{ asset_group.id }}>{{ asset_group.name }}</b></td>
+                                          <td>
+                                              <button class="btn btn-danger pull-right btn-xs" type="button"><i class="fa fa-minus"></i></button>
+                                          </td>
+                                        </tr>
+                                        {% endfor %}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
                         </div>
                     </div>
                 </div>

apps/assets/templates/assets/system_user_detail.html

@@ -20,13 +20,9 @@
                             </li>
                             <li>
                                 <a href="{% url 'assets:system-user-asset' pk=system_user.id %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Associate assets' %}
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Associate assets and asset groups' %}
                                 </a>
                             </li>
-                            <li>
-                                <a href="{% url 'assets:system-user-asset-group' pk=system_user.id %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Associate asset groups' %}</a>
-                            </li>
                         </ul>
                     </div>
                     <div class="tab-content">

apps/assets/templates/assets/system_user_list.html

@@ -11,7 +11,7 @@
     <th class="text-center"><a href="{% url 'assets:system-user-list' %}?sort=username">{% trans 'Username' %}</a></th>
     <th class="text-center">{% trans 'Asset num' %}</th>
     <th class="text-center">{% trans 'Asset group num' %}</th>
-    <th class="text-center">{% trans 'Unavailable' %}</th>
+    <th class="text-center">{% trans 'Unreachable' %}</th>
     <th class="text-center">{% trans 'Comment' %}</th>
     <th class="text-center"></th>
 {% endblock %}
@@ -26,7 +26,7 @@
                  </a>
              </td>
              <td class="text-center">{{ system_user.username }}</td>
-             <td class="text-center">{{ system_user.assets.count }}</td>
+             <td class="text-center">{{ system_user.get_assets|length }}</td>
              <td class="text-center">{{ system_user.asset_groups.count }}</td>
              <td class="text-center">{{ system_user.assets.count }}</td>
              <td class="text-center">{{ system_user.comment|truncatewords:4 }}</td>

apps/assets/urls.py

@@ -48,7 +48,7 @@ urlpatterns = [
     url(r'^system-user/(?P<pk>[0-9]+)/update', views.SystemUserUpdateView.as_view(), name='system-user-update'),
     url(r'^system-user/(?P<pk>[0-9]+)/delete$', views.SystemUserDeleteView.as_view(), name='system-user-delete'),
     url(r'^system-user/(?P<pk>[0-9]+)/asset$', views.SystemUserAssetView.as_view(), name='system-user-asset'),
-    url(r'^system-user/(?P<pk>[0-9]+)/asset-group$', views.SystemUserAssetGroupView.as_view(),
-        name='system-user-asset-group'),
+    # url(r'^system-user/(?P<pk>[0-9]+)/asset-group$', views.SystemUserAssetGroupView.as_view(),
+    #     name='system-user-asset-group'),
     # url(r'^api/v1.0/', include(router.urls)),
 ]

apps/assets/views.py

@@ -368,14 +368,13 @@ class SystemUserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateVi
                                 self.object.name,
                             ))
 
-        return self.success_message
+        return success_message
 
 
 class SystemUserUpdateView(AdminUserRequiredMixin, UpdateView):
     model = SystemUser
     form_class = SystemUserForm
     template_name = 'assets/system_user_create_update.html'
-    success_message = _('Update system user <a href="%s">%s</a> successfully.')
 
     def get_context_data(self, **kwargs):
         context = {
@@ -386,7 +385,7 @@ class SystemUserUpdateView(AdminUserRequiredMixin, UpdateView):
         return super(SystemUserUpdateView, self).get_context_data(**kwargs)
 
     def get_success_url(self):
-        success_url = reverse_lazy('assets:system-user-detail', pk=self.object.pk)
+        success_url = reverse_lazy('assets:system-user-detail', kwargs={'pk': self.object.pk})
         return success_url
 
 
@@ -419,39 +418,47 @@ class SystemUserAssetView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
         self.object = self.get_object(queryset=SystemUser.objects.all())
         return super(SystemUserAssetView, self).get(request, *args, **kwargs)
 
+    def get_asset_groups(self):
+        return self.object.asset_groups.all()
+
     # Todo: queryset default order by connectivity, need ops support
     def get_queryset(self):
-        return self.object.assets.all()
+        return list(self.object.get_assets())
 
     def get_context_data(self, **kwargs):
+        asset_groups = self.get_asset_groups()
+        assets = self.get_queryset()
         context = {
             'app': 'assets',
             'action': 'System user asset',
-            'assets': self.get_queryset(),
+            'assets_remain': [asset for asset in Asset.objects.all() if asset not in assets],
+            'asset_groups': asset_groups,
+            'asset_groups_remain': [asset_group for asset_group in AssetGroup.objects.all()
+                                    if asset_group not in asset_groups]
         }
         kwargs.update(context)
         return super(SystemUserAssetView, self).get_context_data(**kwargs)
 
 
-class SystemUserAssetGroupView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
-    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
-    template_name = 'assets/system_user_asset_group.html'
-    context_object_name = 'system_user'
-
-    def get(self, request, *args, **kwargs):
-        self.object = self.get_object(queryset=SystemUser.objects.all())
-        return super(SystemUserAssetGroupView, self).get(request, *args, **kwargs)
-
+# class SystemUserAssetGroupView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
+#     paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
+#     template_name = 'assets/system_user_asset_group.html'
+#     context_object_name = 'system_user'
+#
+#     def get(self, request, *args, **kwargs):
+#         self.object = self.get_object(queryset=SystemUser.objects.all())
+#         return super(SystemUserAssetGroupView, self).get(request, *args, **kwargs)
+#
     # Todo: queryset default order by connectivity, need ops support
-    def get_queryset(self):
-        return self.object.asset_groups.all()
-
-    def get_context_data(self, **kwargs):
-        context = {
-            'app': 'assets',
-            'action': 'System user asset group',
-            'asset_groups': self.get_queryset(),
-        }
-        kwargs.update(context)
-        return super(SystemUserAssetGroupView, self).get_context_data(**kwargs)
+    # def get_queryset(self):
+    #     return self.object.asset_groups.all()
+    #
+    # def get_context_data(self, **kwargs):
+    #     context = {
+    #         'app': 'assets',
+    #         'action': 'System user asset group',
+    #         'asset_groups': self.get_queryset(),
+    #     }
+    #     kwargs.update(context)
+    #     return super(SystemUserAssetGroupView, self).get_context_data(**kwargs)
 

apps/common/templatetags/common_tags.py

@@ -32,4 +32,14 @@ def pagination_range(total_page, current_num=1, display=5):
     start = current_num - display/2 if current_num > display/2 else 1
     end = start + display if start + display <= total_page else total_page + 1
 
-    return range(start, end)
+    return range(start, end)
\ No newline at end of file
+
+
+@register.filter
+def join_attr(seq, attr=None, sep=None):
+    if sep is None:
+        sep = ', '
+    if attr is not None:
+        seq = [getattr(obj, attr) for obj in seq]
+    print(seq)
+    return sep.join(seq)

apps/perms/forms.py

@@ -14,7 +14,7 @@ class AssetPermissionForm(forms.ModelForm):
         model = AssetPermission
         fields = [
             'name', 'users', 'user_groups', 'assets', 'asset_groups',
-            'system_users', 'action', 'is_active', 'date_expired', 'comment',
+            'system_users', 'is_active', 'date_expired', 'comment',
         ]
         widgets = {
             'users': forms.SelectMultiple(attrs={'class': 'select2',

apps/perms/models.py

@@ -11,18 +11,19 @@ from common.utils import date_expired_default, combine_seq
 
 
 class AssetPermission(models.Model):
-    ACTION_CHOICE = (
-        ('1', 'Allow'),
-        ('0', 'Deny'),
+    PRIVATE_FOR_CHOICE = (
+        ('N', 'None'),
+        ('U', 'user'),
+        ('G', 'user group'),
     )
-
-    name = models.CharField(max_length=128, verbose_name=_('Name'))
+    name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
     users = models.ManyToManyField(User, related_name='asset_permissions', blank=True)
     user_groups = models.ManyToManyField(UserGroup, related_name='asset_permissions', blank=True)
     assets = models.ManyToManyField(Asset, related_name='granted_by_permissions', blank=True)
     asset_groups = models.ManyToManyField(AssetGroup, related_name='granted_by_permissions', blank=True)
     system_users = models.ManyToManyField(SystemUser, related_name='granted_by_permissions')
-    action = models.CharField(choices=ACTION_CHOICE, max_length=8, default='1')
+    private_for = models.CharField(choices=PRIVATE_FOR_CHOICE, max_length=1, default='N', blank=True,
+                                   verbose_name=_('Private for'))
     is_active = models.BooleanField(default=True, verbose_name=_('Active'))
     date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_('Date expired'))
     created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
@@ -30,7 +31,7 @@ class AssetPermission(models.Model):
     comment = models.TextField(verbose_name=_('Comment'), blank=True)
 
     def __unicode__(self):
-        return '%(name)s: %(action)s' % {'name': self.name, 'action': self.action}
+        return self.name
 
     @property
     def is_valid(self):
@@ -38,32 +39,31 @@ class AssetPermission(models.Model):
             return True
         return True
 
-    @staticmethod
-    def set_inherit(obj):
-        setattr(obj, 'inherited', True)
-        return obj
-
     def get_granted_users(self):
-        return list(set(self.users.all() or []) | set(self.get_granted_user_groups_member()))
+        return list(set(self.users.all()) | self.get_granted_user_groups_member())
 
     def get_granted_user_groups_member(self):
-        combine_users = functools.partial(combine_seq, callback=AssetPermission.set_inherit)
-        try:
-            return functools.reduce(combine_users, [user_group.users.all()
-                                                    for user_group in self.user_groups.iterator()])
-        except TypeError:
-            return []
+        users = set()
+        for user_group in self.user_groups.all():
+            for user in user_group.users.all():
+                setattr(user, 'is_inherit_from_user_groups', True)
+                setattr(user, 'inherit_from_user_groups',
+                        getattr(user, b'inherit_from_user_groups', set()).add(user_group))
+                users.add(user)
+        return users
 
     def get_granted_assets(self):
-        return list(set(self.assets.all() or []) | set(self.get_granted_asset_groups_member()))
+        return list(set(self.assets.all()) | self.get_granted_asset_groups_member())
 
     def get_granted_asset_groups_member(self):
-        combine_assets = functools.partial(combine_seq, callback=AssetPermission.set_inherit)
-        try:
-            return functools.reduce(combine_assets, [asset_group.users.all()
-                                                     for asset_group in self.asset_groups.iterator()])
-        except TypeError:
-            return []
+        assets = set()
+        for asset_group in self.asset_groups.all():
+            for asset in asset_group.assets.all():
+                setattr(asset, 'is_inherit_from_asset_groups', True)
+                setattr(asset, 'inherit_from_asset_groups',
+                        getattr(asset, b'inherit_from_user_groups', set()).add(asset_group))
+                assets.add(asset)
+        return assets
 
     class Meta:
         db_table = 'asset_permission'

apps/perms/templates/perms/asset_permission_asset_list.html → apps/perms/templates/perms/asset_permission_asset.html

@@ -26,7 +26,7 @@
                             </li>
                             <li class="active">
                                 <a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id  %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset gruops' %}</a>
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
                             </li>
                             <form id="search_form" method="get" action="" class="pull-right mail-search">
                             <div class="input-group">
@@ -85,7 +85,7 @@
                                                 </td>
 
                                                 <td>
-                                                    <button class="btn btn-danger btn-xs btn_delete_user_group" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
+                                                    <button title="{{ asset.inherit_from_asset_groups }}" class="btn btn-danger btn-xs {% if asset.is_inherit_from_asset_groups %} disabled {% endif %}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
                                                 </td>
                                             </tr>
                                             {% endfor %}

apps/perms/templates/perms/asset_permission_create_update.html

@@ -43,8 +43,6 @@
                             {{ form.system_users |bootstrap_horizontal }}
                             <div class="hr-line-dashed"></div>
                             <h3>{% trans 'Other' %}</h3>
-                            {{ form.action|bootstrap_horizontal }}
-
                             <div class="form-group">
                                 <label for="{{ form.is_active.id_for_label }}" class="col-sm-2 control-label">{% trans 'Active' %}</label>
                                 <div class="col-sm-8">

apps/perms/templates/perms/asset_permission_detail.html

@@ -26,7 +26,7 @@
                             </li>
                             <li>
                                 <a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id  %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset gruops' %}</a>
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
                             </li>
                         </ul>
                     </div>
@@ -76,14 +76,6 @@
                                             <td>{% trans 'System user count' %}:</td>
                                             <td><b>{{ asset_permission.system_users.count }}</b></td>
                                         </tr>
-                                        <tr>
-                                            <td>{% trans 'Action' %}:</td>
-                                            <td><b>{{ asset_permission.get_action_display }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Is active' %}:</td>
-                                            <td><b>{{ asset_permission.is_active|yesno:'Yes, No, Unkown' }}</b></td>
-                                        </tr>
                                         <tr>
                                             <td>{% trans 'Date expired' %}:</td>
                                             <td><b>{{ asset_permission.date_expired }}</b></td>

apps/perms/templates/perms/asset_permission_user_list.html → apps/perms/templates/perms/asset_permission_user.html

@@ -26,7 +26,7 @@
                             </li>
                             <li>
                                 <a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id  %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset gruops' %}</a>
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
                             </li>
                             <form id="search_form" method="get" action="" class="pull-right mail-search">
                             <div class="input-group">
@@ -85,7 +85,7 @@
                                                 </td>
 
                                                 <td>
-                                                    <button class="btn btn-danger btn-xs btn_delete_user_group {% if user.inherited %} disabled {% endif %}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
+                                                    <button class="btn btn-danger btn-xs btn_delete_user_group {% if user.is_inherit_from_user_groups %} disabled {% endif %}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
                                                 </td>
                                             </tr>
                                             {% endfor %}

apps/perms/templates/perms/perm_user_asset_list.html

-{% extends '_list_base.html' %}
-{% load i18n %}
-{% load common_tags %}
-{% block content_left_head %}
-    <a href="{% url 'users:user-create' %}" class="btn btn-sm btn-primary "> {% trans "Create perm " %} </a>
-{% endblock %}
-
-{% block table_head %}
-    <th class="text-center">
-        <input type="checkbox" id="check_all" onclick="checkAll('check_all', 'checked')">
-    </th>
-    <th class="text-center"><a href="{% url 'users:user-list' %}?sort=name">{% trans 'Name' %}</a></th>
-    <th class="text-center"><a href="{% url 'users:user-list' %}?sort=username">{% trans 'Username' %}</a></th>
-    <th class="text-center">{% trans 'Role' %}</th>
-    <th class="text-center">{% trans 'Asset num' %}</th>
-    <th class="text-center">{% trans 'Asset group' %}</th>
-    <th class="text-center">{% trans 'System user' %}</th>
-    <th class="text-center"><a href="{% url 'users:user-list' %}?sort=date_expired">{% trans 'Active' %}</a></th>
-    <th class="text-center"></th>
-{% endblock %}
-
-{% block table_body %}
-     {% for perm in page_obj %}
-         <tr class="gradeX">
-             <td class="text-center">
-                 <input type="checkbox" name="checked" value="{{ user.id }}">
-             </td>
-             <td class="text-center">
-                 <a href="{% url 'users:user-detail' pk=user.id %}">
-                     {{ user.name }}
-                 </a>
-             </td>
-             <td class="text-center">{{ user.username }}</td>
-             <td class="text-center">{{ user.get_role_display }}</td>
-             <th class="text-center">35/40</th>
-             <th class="text-center">20</th>
-             <th class="text-center">3</th>
-             <td class="text-center">
-                 <a href="{% url 'perms:perm-user-asset-create' pk=user.id %}" class="btn btn-xs btn-info">{% trans 'Create perm' %}</a>
-                 <a href="{% url 'users:user-delete' pk=user.id %}" class="btn btn-xs btn-danger del {% if user.id == request.user.id or user.username == 'admin' %} disabled {% endif %}">{% trans 'Flush' %}</a>
-             </td>
-         </tr>
-     {% endfor %}
-{% endblock %}
-
-{% block content_bottom_left %}
-    <form id="" method="get" action="" class=" mail-search">
-        <div class="input-group">
-            <select class="form-control m-b" style="width: auto">
-                <option>{% trans 'Delete selected' %}</option>
-                <option>{% trans 'Update selected' %}</option>
-                <option>{% trans 'Deactive selected' %}</option>
-                <option>{% trans 'Export selected' %}</option>
-            </select>
-
-            <div class="input-group-btn pull-left" style="padding-left: 5px;">
-                <button id='search_btn' type="submit" style="height: 32px;"  class="btn btn-sm btn-primary">
-                 {% trans 'Submit' %}
-                </button>
-            </div>
-
-        </div>
-   </form>
-{% endblock %}
-
-

apps/perms/urls.py

@@ -14,9 +14,9 @@ urlpatterns = [
         name='asset-permission-detail'),
     url(r'^asset-permission/(?P<pk>[0-9]+)/delete$', views.AssetPermissionDeleteView.as_view(),
         name='asset-permission-delete'),
-    url(r'^asset-permission/(?P<pk>[0-9]+)/user$', views.AssetPermissionUserListView.as_view(),
+    url(r'^asset-permission/(?P<pk>[0-9]+)/user$', views.AssetPermissionUserView.as_view(),
         name='asset-permission-user-list'),
-    url(r'^asset-permission/(?P<pk>[0-9]+)/asset$', views.AssetPermissionAssetListView.as_view(),
+    url(r'^asset-permission/(?P<pk>[0-9]+)/asset$', views.AssetPermissionAssetView.as_view(),
         name='asset-permission-asset-list'),
 ]
 

apps/perms/utils.py

-# ~*~ coding: utf-8 ~*~
-#
+from __future__ import absolute_import, unicode_literals
+
+from .hands import User, UserGroup, Asset, AssetGroup, SystemUser
+
+
+def get_user_group_granted_asset_groups(user_group):
+    """Return asset groups granted of the user group
+
+     :param user_group: Instance of :class: ``UserGroup``
+     :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]}
+    """
+    asset_groups = {}
+    asset_permissions = user_group.asset_permissions.all()
+
+    for asset_permission in asset_permissions:
+        if not asset_permission.is_valid:
+            continue
+        for asset_group in asset_permission.asset_groups.all():
+            if asset_group in asset_groups:
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
+            else:
+                asset_groups[asset_group] = set(asset_permission.system_users.all())
+
+    return asset_groups
+
+
+def get_user_group_granted_assets(user_group):
+    """Return assets granted of the user group
+
+    :param user_group: Instance of :class: ``UserGroup``
+    :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]}
+    """
+    assets = {}
+    asset_permissions = user_group.asset_permissions.all()
+
+    for asset_permission in asset_permissions:
+        if not asset_permission.is_valid:
+            continue
+        for asset in asset_permission.get_granted_assets():
+            if asset in assets:
+                assets[asset] |= set(asset_permission.system_users.all())
+            else:
+                assets[asset] = set(asset_permission.system_users.all())
+
+    return assets
+
+
+def get_user_granted_asset_groups_direct(user):
+    """Return asset groups granted of the user direct nor inherit from user group
+
+        :param user: Instance of :class: ``User``
+        :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
+        """
+    asset_groups = {}
+    asset_permissions_direct = user.asset_permissions.all()
+
+    for asset_permission in asset_permissions_direct:
+        if not asset_permission.is_valid:
+            continue
+        for asset_group in asset_permission.asset_groups.all():
+            if asset_group in asset_groups:
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
+            else:
+                setattr(asset_group, 'is_inherit_from_user_group', False)
+                asset_groups[asset_group] = set(asset_permission.system_users.all())
+
+    return asset_groups
+
+
+def get_user_granted_asset_groups_inherit_from_user_groups(user):
+    """Return asset groups granted of the user and inherit from user group
+
+    :param user: Instance of :class: ``User``
+    :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
+    """
+    asset_groups = {}
+    user_groups = user.groups.all()
+    asset_permissions = set()
+
+    # Get asset permission list of user groups for this user
+    for user_group in user_groups:
+        asset_permissions |= set(user_group.asset_permissions.all())
+
+    # Get asset groups granted from user groups
+    for asset_permission in asset_permissions:
+        if not asset_permission.is_valid:
+            continue
+        for asset_group in asset_permission.asset_groups.all():
+            if asset_group in asset_groups:
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
+            else:
+                setattr(asset_group, 'is_inherit_from_user_group', True)
+                asset_groups[asset_group] = set(asset_permission.system_users.all())
+
+    return asset_groups
+
+
+def get_user_granted_asset_groups(user):
+    """Get user granted asset groups all, include direct and inherit from user group
+
+    :param user: Instance of :class: ``User``
+    :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+
+    asset_groups_inherit_from_user_groups = get_user_granted_asset_groups_inherit_from_user_groups(user)
+    asset_groups_direct = get_user_granted_asset_groups_direct(user)
+    asset_groups = asset_groups_inherit_from_user_groups
+
+    # Merge direct granted and inherit from user group
+    for asset_group, system_users in asset_groups_direct.items():
+        if asset_group in asset_groups:
+            asset_groups[asset_group] |= asset_groups_direct[asset_group]
+        else:
+            asset_groups[asset_group] = asset_groups_direct[asset_group]
+
+    return asset_groups
+
+
+def get_user_granted_assets_direct(user):
+    """Return assets granted of the user directly
+
+     :param user: Instance of :class: ``User``
+     :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+    assets = {}
+    asset_permissions_direct = user.asset_permissions.all()
+
+    for asset_permission in asset_permissions_direct:
+        if not asset_permission.is_valid:
+            continue
+        for asset in asset_permission.get_granted_assets():
+            if asset in assets:
+                assets[asset] |= set(asset_permission.system_users.all())
+            else:
+                setattr(asset, 'is_inherit_from_user_groups', False)
+                setattr(asset, 'is_inherit_from_user_groups', False)
+                assets[asset] = set(asset_permission.system_users.all())
+
+    return assets
+
+
+def get_user_granted_assets_inherit_from_user_groups(user):
+    """Return assets granted of the user inherit from user groups
+
+    :param user: Instance of :class: ``User``
+    :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+    assets = {}
+    user_groups = user.groups.all()
+
+    for user_group in user_groups:
+        assets_inherited = get_user_group_granted_assets(user_group)
+        for asset in assets_inherited:
+            if asset in assets:
+                assets[asset] |= assets_inherited[asset]
+            else:
+                setattr(asset, 'is_inherit_from_user_groups', True)
+                assets[asset] = assets_inherited[asset]
+
+    return assets
+
+
+def get_user_granted_assets(user):
+    """Return assets granted of the user inherit from user groups
+
+    :param user: Instance of :class: ``User``
+    :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+    assets_direct = get_user_granted_assets_direct(user)
+    assets_inherited = get_user_granted_assets_inherit_from_user_groups(user)
+    assets = assets_inherited
+
+    for asset in assets_direct:
+        if asset in assets:
+            assets[asset] |= assets_direct[asset]
+        else:
+            assets[asset] = assets_direct[asset]
+
+    return assets
+
+
+def get_user_groups_granted_in_asset(asset):
+    pass
+
+
+def get_users_granted_in_asset(asset):
+    pass
+
+
+def get_user_groups_granted_in_asset_group(asset):
+    pass
+
+
+def get_users_granted_in_asset_group(asset):
+    pass

apps/perms/views.py

@@ -120,15 +120,15 @@ class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
     success_url = reverse_lazy('perms:asset-permission-list')
 
 
-class AssetPermissionUserListView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
-    template_name = 'perms/asset_permission_user_list.html'
+class AssetPermissionUserView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
+    template_name = 'perms/asset_permission_user.html'
     context_object_name = 'asset_permission'
     paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(queryset=AssetPermission.objects.all())
         self.keyword = self.request.GET.get('keyword', '')
-        return super(AssetPermissionUserListView, self).get(request, *args, **kwargs)
+        return super(AssetPermissionUserView, self).get(request, *args, **kwargs)
 
     def get_queryset(self):
         queryset = self.object.get_granted_users()
@@ -152,18 +152,18 @@ class AssetPermissionUserListView(AdminUserRequiredMixin, SingleObjectMixin, Lis
             'keyword': self.keyword,
         }
         kwargs.update(context)
-        return super(AssetPermissionUserListView, self).get_context_data(**kwargs)
+        return super(AssetPermissionUserView, self).get_context_data(**kwargs)
 
 
-class AssetPermissionAssetListView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
-    template_name = 'perms/asset_permission_asset_list.html'
+class AssetPermissionAssetView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
+    template_name = 'perms/asset_permission_asset.html'
     context_object_name = 'asset_permission'
     paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(queryset=AssetPermission.objects.all())
         self.keyword = self.request.GET.get('keyword', '')
-        return super(AssetPermissionAssetListView, self).get(request, *args, **kwargs)
+        return super(AssetPermissionAssetView, self).get(request, *args, **kwargs)
 
     def get_queryset(self):
         queryset = self.object.get_granted_assets()
@@ -187,4 +187,4 @@ class AssetPermissionAssetListView(AdminUserRequiredMixin, SingleObjectMixin, Li
             'keyword': self.keyword,
         }
         kwargs.update(context)
-        return super(AssetPermissionAssetListView, self).get_context_data(**kwargs)
+        return super(AssetPermissionAssetView, self).get_context_data(**kwargs)

apps/static/css/jumpserver.css

@@ -77,3 +77,5 @@ th a {
 .no-borders-tr td {
   border-top: none !important;
 }
+
+

apps/static/css/style.css

-/*
-@import url("https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700");
-@import url("https://fonts.googleapis.com/css?family=Roboto:400,300,500,700");
-*/
+@import url("https://fonts.useso.com/css?family=Open+Sans:300,400,600,700");
+@import url("https://fonts.useso.com/css?family=Roboto:400,300,500,700");
 /*
  *
  *   INSPINIA - Responsive Admin Theme

apps/users/forms.py

@@ -3,10 +3,10 @@
 from django import forms
 from django.contrib.auth.forms import AuthenticationForm
 from django.utils.translation import gettext_lazy as _
-
 from captcha.fields import CaptchaField
 
 from .models import User, UserGroup
+from .hands import AssetPermission
 
 
 class UserLoginForm(AuthenticationForm):
@@ -25,12 +25,10 @@ class UserCreateForm(forms.ModelForm):
             'username', 'name', 'email', 'groups', 'wechat',
             'phone', 'enable_otp', 'role', 'date_expired', 'comment',
         ]
-
         help_texts = {
             'username': '* required',
             'email': '* required',
         }
-
         widgets = {
             'groups': forms.SelectMultiple(attrs={'class': 'select2', 'data-placeholder': _('Join user groups')}),
         }
@@ -44,13 +42,11 @@ class UserUpdateForm(forms.ModelForm):
             'name', 'email', 'groups', 'wechat',
             'phone', 'enable_otp', 'role', 'date_expired', 'comment',
         ]
-
         help_texts = {
             'username': '* required',
             'email': '* required',
             'groups': '* required'
         }
-
         widgets = {
             'groups': forms.SelectMultiple(attrs={'class': 'select2', 'data-placeholder': _('Join user groups')}),
         }
@@ -60,11 +56,9 @@ class UserGroupForm(forms.ModelForm):
 
     class Meta:
         model = UserGroup
-
         fields = [
             'name', 'comment',
         ]
-
         help_texts = {
             'name': '* required'
         }
@@ -98,3 +92,27 @@ class UserKeyForm(forms.Form):
             print e
             raise forms.ValidationError(_('Not a valid ssh public key'))
         return public_key
+
+
+class UserPrivateAssetPermissionForm(forms.ModelForm):
+
+    def save(self, commit=True):
+        self.instance = super(UserPrivateAssetPermissionForm, self).save(commit=commit)
+        self.instance.private_for = 'U'
+        self.instance.users = [self.user]
+        self.instance.save()
+        return self.instance
+
+    class Meta:
+        model = AssetPermission
+        fields = [
+            'assets', 'asset_groups', 'system_users', 'private_for', 'name',
+        ]
+        widgets = {
+            'assets': forms.SelectMultiple(attrs={'class': 'select2',
+                                                  'data-placeholder': _('Select assets')}),
+            'asset_groups': forms.SelectMultiple(attrs={'class': 'select2',
+                                                        'data-placeholder': _('Select asset groups')}),
+            'system_users': forms.SelectMultiple(attrs={'class': 'select2',
+                                                        'data-placeholder': _('Select system users')}),
+        }

apps/users/hands.py

@@ -10,5 +10,5 @@
     :license: GPL v2, see LICENSE for more details.
 """
 
-
-
+from perms.models import AssetPermission
+from perms.utils import get_user_granted_assets, get_user_granted_asset_groups

apps/users/templates/users/user_detail.html

@@ -17,10 +17,14 @@
                 <div class="ibox float-e-margins">
                     <div class="panel-options">
                         <ul class="nav nav-tabs">
-                            <li class="active"><a href="" class="text-center"><i class="fa fa-laptop"></i> {% trans 'User detail' %} </a>
+                            <li class="active">
+                                <a href="{% url 'users:user-detail' pk=user_object.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'User detail' %} </a>
                             </li>
-                            <li><a href="" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'User assets' %}</a></li>
-                            <li><a href="" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'User log' %}</a></li>
+                            <li>
+                                <a href="{% url 'users:user-asset-permission' pk=user_object.id %}" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'Asset permission' %}</a>
+                            </li>
+                            <li><a href="{% url 'users:user-granted-asset' pk=user_object.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset granted' %}</a></li>
+                            <li><a href="{% url 'users:user-login-history' pk=user_object.id %}" class="text-center"><i class="fa fa-calculator-o"></i> {% trans 'Login history' %}</a></li>
                         </ul>
                     </div>
                     <div class="tab-content">
@@ -189,7 +193,7 @@
                                         <tr>
                                           <td ><b class="bdg_user_group" data-gid={{ group.id }}>{{ group.name }}</b></td>
                                           <td>
-                                              <button class="btn btn-danger pull-right btn-sm btn_delete_user_group" type="button"><i class="fa fa-minus"></i></button>
+                                              <button class="btn btn-danger pull-right btn-xs btn_delete_user_group" type="button"><i class="fa fa-minus"></i></button>
                                           </td>
                                         </tr>
                                         {% endfor %}

apps/users/urls.py

@@ -16,6 +16,12 @@ urlpatterns = [
         name='reset-password-success'),
     url(r'^user$', views.UserListView.as_view(), name='user-list'),
     url(r'^user/(?P<pk>[0-9]+)$', views.UserDetailView.as_view(), name='user-detail'),
+    url(r'^user/(?P<pk>[0-9]+)/asset-permission$', views.UserAssetPermissionView.as_view(),
+        name='user-asset-permission'),
+    url(r'^user/(?P<pk>[0-9]+)/asset-permission/create$', views.UserAssetPermissionCreateView.as_view(),
+        name='user-asset-permission-create'),
+    url(r'^user/(?P<pk>[0-9]+)/granted-asset', views.UserGrantedAssetView.as_view(), name='user-granted-asset'),
+    url(r'^user/(?P<pk>[0-9]+)/login-history', views.UserDetailView.as_view(), name='user-login-history'),
     url(r'^first-login/$', views.UserFirstLoginView.as_view(), name='user-first-login'),
     url(r'^user/(?P<pk>[0-9]+)/assets-perm$', views.UserDetailView.as_view(), name='user-detail'),
     url(r'^user/create$', views.UserCreateView.as_view(), name='user-create'),

apps/users/views.py

@@ -18,16 +18,17 @@ from django.views.decorators.csrf import csrf_protect
 from django.views.decorators.debug import sensitive_post_parameters
 from django.views.generic.base import TemplateView
 from django.views.generic.list import ListView
-from django.views.generic.edit import CreateView, DeleteView, UpdateView, FormView
+from django.views.generic.edit import CreateView, DeleteView, UpdateView, FormView, SingleObjectMixin, \
+    FormMixin, ModelFormMixin, ProcessFormView, BaseCreateView
 from django.views.generic.detail import DetailView
-
 from formtools.wizard.views import SessionWizardView
 
 from common.utils import get_object_or_none, get_logger
-
 from .models import User, UserGroup
-from .forms import UserCreateForm, UserUpdateForm, UserGroupForm, UserLoginForm, UserInfoForm, UserKeyForm
+from .forms import UserCreateForm, UserUpdateForm, UserGroupForm, UserLoginForm, UserInfoForm, UserKeyForm, \
+    UserPrivateAssetPermissionForm
 from .utils import AdminUserRequiredMixin, user_add_success_next, send_reset_password_mail
+from .hands import AssetPermission, get_user_granted_asset_groups, get_user_granted_assets
 
 
 logger = get_logger(__name__)
@@ -349,3 +350,93 @@ class UserFirstLoginView(LoginRequiredMixin, SessionWizardView):
                 'phone': user.phone or ''
             }
         return super(UserFirstLoginView, self).get_form_initial(step)
+
+
+class UserAssetPermissionView(AdminUserRequiredMixin, FormMixin, SingleObjectMixin, ListView):
+    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
+    template_name = 'users/user_asset_permission.html'
+    context_object_name = 'user_object'
+    form_class = UserPrivateAssetPermissionForm
+
+    def get(self, request, *args, **kwargs):
+        self.object = self.get_object(queryset=User.objects.all())
+        return super(UserAssetPermissionView, self).get(request, *args, **kwargs)
+
+    def get_asset_permission_inherit_from_user_group(self):
+        asset_permissions = set()
+        user_groups = self.object.groups.all()
+
+        for user_group in user_groups:
+            for asset_permission in user_group.asset_permissions.all():
+                setattr(asset_permission, 'is_inherit_from_user_groups', True)
+                setattr(asset_permission, 'inherit_from_user_groups',
+                        getattr(asset_permission, b'inherit_from_user_groups', set()).add(user_group))
+                asset_permissions.add(asset_permission)
+        return asset_permissions
+
+    def get_queryset(self):
+        asset_permissions = set(self.object.asset_permissions.all()) \
+                            | self.get_asset_permission_inherit_from_user_group()
+        return list(asset_permissions)
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': 'Users',
+            'action': 'User asset permissions',
+        }
+        kwargs.update(context)
+        return super(UserAssetPermissionView, self).get_context_data(**kwargs)
+
+
+class UserAssetPermissionCreateView(AdminUserRequiredMixin, CreateView):
+    form_class = UserPrivateAssetPermissionForm
+    model = AssetPermission
+
+    def get(self, request, *args, **kwargs):
+        user_object = self.get_object(queryset=User.objects.all())
+        return redirect(reverse('users:user-asset-permission', kwargs={'pk': user_object.id}))
+
+    def post(self, request, *args, **kwargs):
+        self.user_object = self.get_object(queryset=User.objects.all())
+        return super(UserAssetPermissionCreateView, self).post(request, *args, **kwargs)
+
+    def get_form(self, form_class=None):
+        form = super(UserAssetPermissionCreateView, self).get_form(form_class=form_class)
+        form.user = self.user_object
+        return form
+
+    def form_invalid(self, form):
+        print(form.errors)
+        return redirect(reverse('users:user-asset-permission', kwargs={'pk': self.user_object.id}))
+
+    def get_success_url(self):
+        return reverse('users:user-asset-permission', kwargs={'pk': self.user_object.id})
+
+
+class UserGrantedAssetView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
+    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
+    template_name = 'users/user_granted_asset.html'
+    context_object_name = 'user_object'
+
+    def get(self, request, *args, **kwargs):
+        self.object = self.get_object(queryset=User.objects.all())
+        return super(UserGrantedAssetView, self).get(request, *args, **kwargs)
+
+    def get_queryset(self):
+        # Convert format from {'asset': ['system_users'], ..} to
+        #     [('asset', ['system_users']), ('asset', ['system_users']))
+        assets_granted = [(asset, system_users) for asset, system_users in
+                          get_user_granted_assets(self.object).items()]
+
+        return assets_granted
+
+    def get_context_data(self, **kwargs):
+        asset_groups = [(asset_group, system_users) for asset_group, system_users in
+                        get_user_granted_asset_groups(self.object).items()]
+        context = {
+            'app': 'User',
+            'action': 'User granted asset',
+            'asset_groups': asset_groups,
+        }
+        kwargs.update(context)
+        return super(UserGrantedAssetView, self).get_context_data(**kwargs)