Merge remote-tracking branch 'github/dev' into dev

e38d0890 · ibuler · 6e19b9d5 · f9e9bf0b · e38d0890 · e38d0890
Commit e38d0890 authored Nov 05, 2018 by ibuler
64 changed files
--- a/apps/assets/api/admin_user.py
+++ b/apps/assets/api/admin_user.py
@@ -17,6 +17,7 @@ from django.db import transaction
 from rest_framework import generics
 from rest_framework.response import Response
 from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination

 from common.mixins import IDInFilterMixin
 from common.utils import get_logger
@@ -37,9 +38,17 @@ class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
    """
    Admin user api set, for add,delete,update,list,retrieve resource
    """
+
+    filter_fields = ("name", "username")
+    search_fields = filter_fields
    queryset = AdminUser.objects.all()
    serializer_class = serializers.AdminUserSerializer
    permission_classes = (IsOrgAdmin,)
+    pagination_class = LimitOffsetPagination
+
+    def get_queryset(self):
+        queryset = super().get_queryset().all()
+        return queryset


 class AdminUserAuthApi(generics.UpdateAPIView):

--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@@ -53,14 +53,14 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet):
            if show_current_asset:
                self.queryset = self.queryset.filter(
                    Q(nodes=node_id) | Q(nodes__isnull=True)
-                ).distinct()
+                )
            return
        if show_current_asset:
-            self.queryset = self.queryset.filter(nodes=node).distinct()
+            self.queryset = self.queryset.filter(nodes=node)
        else:
            self.queryset = self.queryset.filter(
                nodes__key__regex='^{}(:[0-9]+)*$'.format(node.key),
-            ).distinct()
+            )

    def filter_admin_user_id(self):
        admin_user_id = self.request.query_params.get('admin_user_id')

--- a/apps/assets/api/cmd_filter.py
+++ b/apps/assets/api/cmd_filter.py
@@ -2,6 +2,7 @@
 #

 from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination
 from django.shortcuts import get_object_or_404

 from ..hands import IsOrgAdmin
@@ -13,14 +14,20 @@ __all__ = ['CommandFilterViewSet', 'CommandFilterRuleViewSet']


 class CommandFilterViewSet(BulkModelViewSet):
+    filter_fields = ("name",)
+    search_fields = filter_fields
    permission_classes = (IsOrgAdmin,)
    queryset = CommandFilter.objects.all()
    serializer_class = serializers.CommandFilterSerializer
+    pagination_class = LimitOffsetPagination


 class CommandFilterRuleViewSet(BulkModelViewSet):
+    filter_fields = ("content",)
+    search_fields = filter_fields
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.CommandFilterRuleSerializer
+    pagination_class = LimitOffsetPagination

    def get_queryset(self):
        fpk = self.kwargs.get('filter_pk')

--- a/apps/assets/api/domain.py
+++ b/apps/assets/api/domain.py
@@ -2,6 +2,7 @@

 from rest_framework_bulk import BulkModelViewSet
 from rest_framework.views import APIView, Response
+from rest_framework.pagination import LimitOffsetPagination

 from django.views.generic.detail import SingleObjectMixin

@@ -20,6 +21,11 @@ class DomainViewSet(BulkModelViewSet):
    queryset = Domain.objects.all()
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.DomainSerializer
+    pagination_class = LimitOffsetPagination
+
+    def get_queryset(self):
+        queryset = super().get_queryset().all()
+        return queryset

    def get_serializer_class(self):
        if self.request.query_params.get('gateway'):
@@ -33,11 +39,12 @@ class DomainViewSet(BulkModelViewSet):


 class GatewayViewSet(BulkModelViewSet):
-    filter_fields = ("domain",)
+    filter_fields = ("domain__name", "name", "username", "ip")
    search_fields = filter_fields
    queryset = Gateway.objects.all()
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.GatewaySerializer
+    pagination_class = LimitOffsetPagination


 class GatewayTestConnectionApi(SingleObjectMixin, APIView):

--- a/apps/assets/api/label.py
+++ b/apps/assets/api/label.py
@@ -14,6 +14,7 @@
 # limitations under the License.

 from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination
 from django.db.models import Count

 from common.utils import get_logger
@@ -27,8 +28,11 @@ __all__ = ['LabelViewSet']


 class LabelViewSet(BulkModelViewSet):
+    filter_fields = ("name", "value")
+    search_fields = filter_fields
    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.LabelSerializer
+    pagination_class = LimitOffsetPagination

    def list(self, request, *args, **kwargs):
        if request.query_params.get("distinct"):

--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -42,9 +42,16 @@ class SystemUserViewSet(BulkModelViewSet):
    """
    System user api set, for add,delete,update,list,retrieve resource
    """
+    filter_fields = ("name", "username")
+    search_fields = filter_fields
    queryset = SystemUser.objects.all()
    serializer_class = serializers.SystemUserSerializer
    permission_classes = (IsOrgAdminOrAppUser,)
+    pagination_class = LimitOffsetPagination
+
+    def get_queryset(self):
+        queryset = super().get_queryset().all()
+        return queryset


 class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):

--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -121,10 +121,10 @@ class Node(OrgModelMixin):
    def get_assets(self):
        from .asset import Asset
        if self.is_default_node():
-            assets = Asset.objects.filter(nodes__isnull=True)
+            assets = Asset.objects.filter(Q(nodes__id=self.id) | Q(nodes__isnull=True))
        else:
            assets = Asset.objects.filter(nodes__id=self.id)
-        return assets
+        return assets.distinct()

    def get_valid_assets(self):
        return self.get_assets().valid()

--- a/apps/assets/templates/assets/admin_user_list.html
+++ b/apps/assets/templates/assets/admin_user_list.html
@@ -93,7 +93,7 @@ $(document).ready(function(){
        columns: [{data: function(){return ""}}, {data: "name" }, {data: "username" }, {data: "assets_amount" },
                  {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment" }, {data: "id" }]
    };
-    jumpserver.initDataTable(options);
+    jumpserver.initServerSideDataTable(options)
 })

 .on('click', '.btn_admin_user_delete', function () {

--- a/apps/assets/templates/assets/cmd_filter_list.html
+++ b/apps/assets/templates/assets/cmd_filter_list.html
@@ -66,7 +66,7 @@ function initTable() {
        ],
        op_html: $('#actions').html()
    };
-    jumpserver.initDataTable(options);
+    jumpserver.initServerSideDataTable(options);
 }
 $(document).ready(function(){
    initTable();

--- a/apps/assets/templates/assets/cmd_filter_rule_list.html
+++ b/apps/assets/templates/assets/cmd_filter_rule_list.html
@@ -95,7 +95,7 @@ function initTable() {
        ],
        op_html: $('#actions').html()
    };
-    jumpserver.initDataTable(options);
+    jumpserver.initServerSideDataTable(options);
 }
 $(document).ready(function(){
    initTable();

--- a/apps/assets/templates/assets/domain_gateway_list.html
+++ b/apps/assets/templates/assets/domain_gateway_list.html
@@ -98,7 +98,7 @@ function initTable() {
        ],
        op_html: $('#actions').html()
    };
-    jumpserver.initDataTable(options);
+    jumpserver.initServerSideDataTable(options);
 }
 $(document).ready(function(){
    initTable();

--- a/apps/assets/templates/assets/domain_list.html
+++ b/apps/assets/templates/assets/domain_list.html
@@ -62,7 +62,7 @@ function initTable() {
        ],
        op_html: $('#actions').html()
    };
-    jumpserver.initDataTable(options);
+    jumpserver.initServerSideDataTable(options);
 }
 $(document).ready(function(){
    initTable();

--- a/apps/assets/templates/assets/label_list.html
+++ b/apps/assets/templates/assets/label_list.html
@@ -47,7 +47,7 @@ function initTable() {
        ],
        op_html: $('#actions').html()
    };
-    jumpserver.initDataTable(options);
+    jumpserver.initServerSideDataTable(options);
 }
 $(document).ready(function(){
    initTable();

--- a/apps/assets/templates/assets/system_user_list.html
+++ b/apps/assets/templates/assets/system_user_list.html
@@ -100,7 +100,7 @@ function initTable() {
        ],
        op_html: $('#actions').html()
        };
-    jumpserver.initDataTable(options);
+    jumpserver.initServerSideDataTable(options);
 }

 $(document).ready(function(){

--- a/apps/assets/templates/assets/user_asset_list.html
+++ b/apps/assets/templates/assets/user_asset_list.html
@@ -62,7 +62,7 @@

 {% block custom_foot_js %}
 <script>
-var zTree, asset_table;
+var zTree, asset_table, show=0;
 var inited = false;
 var url;
 function initTable() {
@@ -102,7 +102,7 @@ function initTable() {
            {data: "system_users_granted", orderable: false}
        ]
    };
-    asset_table = jumpserver.initDataTable(options);
+    asset_table = jumpserver.initServerSideDataTable(options);
    return asset_table
 }

@@ -183,6 +183,21 @@ $(document).ready(function () {
    $('#asset_detail_tbody').html(trs)
 });

+function toggle() {
+    if (show === 0) {
+        $("#split-left").hide(500, function () {
+            $("#split-right").attr("class", "col-lg-12");
+            $("#toggle-icon").attr("class", "fa fa-angle-right fa-x");
+            show = 1;
+        });
+    } else {
+        $("#split-right").attr("class", "col-lg-9");
+        $("#toggle-icon").attr("class", "fa fa-angle-left fa-x");
+        $("#split-left").show(500);
+        show = 0;
+    }
+}
+
 </script>

 {% endblock %}
\ No newline at end of file
--- a/apps/assets/views/label.py
+++ b/apps/assets/views/label.py
@@ -36,6 +36,7 @@ class LabelCreateView(AdminUserRequiredMixin, CreateView):
    form_class = LabelForm
    success_url = reverse_lazy('assets:label-list')
    success_message = create_success_msg
+    disable_name = ['draw', 'search', 'limit', 'offset', '_']

    def get_context_data(self, **kwargs):
        context = {
@@ -45,6 +46,16 @@ class LabelCreateView(AdminUserRequiredMixin, CreateView):
        kwargs.update(context)
        return super().get_context_data(**kwargs)

+    def form_valid(self, form):
+        name = form.cleaned_data.get('name')
+        if name in self.disable_name:
+            msg = _(
+                'Tips: Avoid using label names reserved internally: {}'
+            ).format(', '.join(self.disable_name))
+            form.add_error("name", msg)
+            return self.form_invalid(form)
+        return super().form_valid(form)
+

 class LabelUpdateView(AdminUserRequiredMixin, UpdateView):
    model = Label

--- a/apps/audits/views.py
+++ b/apps/audits/views.py
@@ -160,8 +160,12 @@ class LoginLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
        return users

    def get_queryset(self):
-        users = self.get_org_users()
-        queryset = super().get_queryset().filter(username__in=users)
+        if current_org.is_default():
+            queryset = super().get_queryset()
+        else:
+            users = self.get_org_users()
+            queryset = super().get_queryset().filter(username__in=users)
+
        self.user = self.request.GET.get('user', '')
        self.keyword = self.request.GET.get("keyword", '')


--- a/apps/common/api.py
+++ b/apps/common/api.py
 # -*- coding: utf-8 -*-
 #
+
+import os
 import json
+import jms_storage

 from rest_framework.views import Response, APIView
 from ldap3 import Server, Connection
@@ -8,8 +11,9 @@ from django.core.mail import get_connection, send_mail
 from django.utils.translation import ugettext_lazy as _
 from django.conf import settings

-from .permissions import IsOrgAdmin
+from .permissions import IsOrgAdmin, IsSuperUser
 from .serializers import MailTestSerializer, LDAPTestSerializer
+from .models import Setting


 class MailTestingAPI(APIView):
@@ -85,6 +89,79 @@ class LDAPTestingAPI(APIView):
            return Response({"error": str(serializer.errors)}, status=401)


+class ReplayStorageCreateAPI(APIView):
+    permission_classes = (IsSuperUser,)
+
+    def post(self, request):
+        storage_data = request.data
+
+        if storage_data.get('TYPE') == 'ceph':
+            port = storage_data.get('PORT')
+            if port.isdigit():
+                storage_data['PORT'] = int(storage_data.get('PORT'))
+
+        storage_name = storage_data.pop('NAME')
+        data = {storage_name: storage_data}
+
+        if not self.is_valid(storage_data):
+            return Response({"error": _("Error: Account invalid")}, status=401)
+
+        Setting.save_storage('TERMINAL_REPLAY_STORAGE', data)
+        return Response({"msg": _('Create succeed')}, status=200)
+
+    @staticmethod
+    def is_valid(storage_data):
+        if storage_data.get('TYPE') == 'server':
+            return True
+        storage = jms_storage.get_object_storage(storage_data)
+        target = 'tests.py'
+        src = os.path.join(settings.BASE_DIR, 'common', target)
+        return storage.is_valid(src, target)
+
+
+class ReplayStorageDeleteAPI(APIView):
+    permission_classes = (IsSuperUser,)
+
+    def post(self, request):
+        storage_name = str(request.data.get('name'))
+        Setting.delete_storage('TERMINAL_REPLAY_STORAGE', storage_name)
+        return Response({"msg": _('Delete succeed')}, status=200)
+
+
+class CommandStorageCreateAPI(APIView):
+    permission_classes = (IsSuperUser,)
+
+    def post(self, request):
+        storage_data = request.data
+        storage_name = storage_data.pop('NAME')
+        data = {storage_name: storage_data}
+        if not self.is_valid(storage_data):
+            return Response({"error": _("Error: Account invalid")}, status=401)
+
+        Setting.save_storage('TERMINAL_COMMAND_STORAGE', data)
+        return Response({"msg": _('Create succeed')}, status=200)
+
+    @staticmethod
+    def is_valid(storage_data):
+        if storage_data.get('TYPE') == 'server':
+            return True
+        try:
+            storage = jms_storage.get_log_storage(storage_data)
+        except Exception:
+            return False
+
+        return storage.ping()
+
+
+class CommandStorageDeleteAPI(APIView):
+    permission_classes = (IsSuperUser,)
+
+    def post(self, request):
+        storage_name = str(request.data.get('name'))
+        Setting.delete_storage('TERMINAL_COMMAND_STORAGE', storage_name)
+        return Response({"msg": _('Delete succeed')}, status=200)
+
+
 class DjangoSettingsAPI(APIView):
    def get(self, request):
        if not settings.DEBUG:

--- a/apps/common/forms.py
+++ b/apps/common/forms.py
@@ -135,32 +135,24 @@ class TerminalSettingForm(BaseForm):
        ('hostname', _('Hostname')),
        ('ip', _('IP')),
    )
-    TERMINAL_ASSET_LIST_SORT_BY = forms.ChoiceField(
-        choices=SORT_BY_CHOICES, initial='hostname', label=_("List sort by")
-    )
-    TERMINAL_HEARTBEAT_INTERVAL = forms.IntegerField(
-        initial=5, label=_("Heartbeat interval"), help_text=_("Units: seconds")
-    )
    TERMINAL_PASSWORD_AUTH = forms.BooleanField(
        initial=True, required=False, label=_("Password auth")
    )
    TERMINAL_PUBLIC_KEY_AUTH = forms.BooleanField(
        initial=True, required=False, label=_("Public key auth")
    )
-    TERMINAL_COMMAND_STORAGE = FormEncryptDictField(
-        label=_("Command storage"), help_text=_(
-            "Set terminal storage setting, `default` is the using as default,"
-            "You can set other storage and some terminal using"
-        )
+    TERMINAL_HEARTBEAT_INTERVAL = forms.IntegerField(
+        initial=5, label=_("Heartbeat interval"), help_text=_("Units: seconds")
    )
-    TERMINAL_REPLAY_STORAGE = FormEncryptDictField(
-        label=_("Replay storage"), help_text=_(
-            "Set replay storage setting, `default` is the using as default,"
-            "You can set other storage and some terminal using"
-        )
+    TERMINAL_ASSET_LIST_SORT_BY = forms.ChoiceField(
+        choices=SORT_BY_CHOICES, initial='hostname', label=_("List sort by")
    )


+class TerminalCommandStorage(BaseForm):
+    pass
+
+
 class SecuritySettingForm(BaseForm):
    # MFA global setting
    SECURITY_MFA_AUTH = forms.BooleanField(

--- a/apps/common/mixins.py
+++ b/apps/common/mixins.py
@@ -117,6 +117,3 @@ class DatetimeSearchMixin:
    def get(self, request, *args, **kwargs):
        self.get_date_range()
        return super().get(request, *args, **kwargs)
-
-
-
--- a/apps/common/models.py
+++ b/apps/common/models.py
@@ -67,6 +67,30 @@ class Setting(models.Model):
        except json.JSONDecodeError as e:
            raise ValueError("Json dump error: {}".format(str(e)))

+    @classmethod
+    def save_storage(cls, name, data):
+        obj = cls.objects.filter(name=name).first()
+        if not obj:
+            obj = cls()
+            obj.name = name
+            obj.encrypted = True
+            obj.cleaned_value = data
+        else:
+            value = obj.cleaned_value
+            value.update(data)
+            obj.cleaned_value = value
+        obj.save()
+        return obj
+
+    @classmethod
+    def delete_storage(cls, name, storage_name):
+        obj = cls.objects.get(name=name)
+        value = obj.cleaned_value
+        value.pop(storage_name, '')
+        obj.cleaned_value = value
+        obj.save()
+        return True
+
    @classmethod
    def refresh_all_settings(cls):
        try:

--- a/apps/common/tasks.py
+++ b/apps/common/tasks.py
@@ -3,6 +3,7 @@ from django.conf import settings
 from celery import shared_task
 from .utils import get_logger
 from .models import Setting
+from common.models import common_settings


 logger = get_logger(__file__)
@@ -28,7 +29,7 @@ def send_mail_async(*args, **kwargs):

    if len(args) == 3:
        args = list(args)
-        args[0] = settings.EMAIL_SUBJECT_PREFIX + args[0]
+        args[0] = common_settings.EMAIL_SUBJECT_PREFIX + args[0]
        args.insert(2, settings.EMAIL_HOST_USER)
        args = tuple(args)


--- a/apps/common/templates/common/basic_setting.html
+++ b/apps/common/templates/common/basic_setting.html
@@ -75,32 +75,6 @@
 {% block custom_foot_js %}
 <script>
 $(document).ready(function () {
-})
-.on("click", ".btn-test", function () {
-    var data = {};
-    var form = $("form").serializeArray();
-    $.each(form, function (i, field) {
-        data[field.name] = field.value;
-    });
-
-    var the_url = "{% url 'api-common:mail-testing' %}";
-
-    function error(message) {
-        toastr.error(message)
-    }
-
-    function success(message) {
-        toastr.success(message.msg)
-    }
-    APIUpdateAttr({
-        url: the_url,
-        body: JSON.stringify(data),
-        method: "POST",
-        flash_message: false,
-        success: success,
-        error: error
-    });
-
 })
 </script>
 {% endblock %}
--- a/apps/common/templates/common/command_storage_create.html
+++ b/apps/common/templates/common/command_storage_create.html
+{#{% extends 'base.html' %}#}
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+{% load common_tags %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="ibox-title">
+                        <h5>{{ action }}</h5>
+                        <div class="ibox-tools">
+                            <a class="collapse-link">
+                                <i class="fa fa-chevron-up"></i>
+                            </a>
+                            <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                <i class="fa fa-wrench"></i>
+                            </a>
+                            <a class="close-link">
+                                <i class="fa fa-times"></i>
+                            </a>
+                        </div>
+                    </div>
+
+                    <div class="ibox-content">
+                        <form action="" method="POST" class="form-horizontal">
+                            <div class="form-group">
+                                <label class="col-md-2 control-label" for="id_type">{% trans "Type" %}</label>
+                                <div class="col-md-9">
+                                    <select id="id_type" class="selector form-control">
+                                        <option value ="server" selected="selected">server</option>
+                                        <option value ="es">es (elasticsearch)</option>
+                                    </select>
+                                </div>
+                            </div>
+
+                            <div class="form-group">
+                                <label class="col-md-2 control-label" for="id_name">{% trans "Name" %}</label>
+                                <div class="col-md-9">
+                                    <input id="id_name" class="form-control" type="text" name="NAME" value="">
+                                    <div class="help-block">* required</div>
+                                    <div id="id_error" style="color: red;"></div>
+                                </div>
+                            </div>
+
+                            <div class="form-group" style="display: none;" >
+                                <label class="col-md-2 control-label" for="id_hosts">{% trans "Hosts" %}</label>
+                                <div class="col-md-9">
+                                    <input id="id_hosts" class="form-control" type="text" name="HOSTS" value="">
+                                    <div class="help-block">{% trans 'Tips: If there are multiple hosts, separate them with a comma (,)' %}</div>
+                                    <div class="help-block">eg: http://www.jumpserver.a.com, http://www.jumpserver.b.com</div>
+                                </div>
+                            </div>
+{#                            <div class="form-group" style="display: none;" >#}
+{#                                <label class="col-md-2 control-label" for="id_other">{% trans "Other" %}</label>#}
+{#                                <div class="col-md-9">#}
+{#                                    <input id="id_other" class="form-control" type="text" name="OTHER" value="">#}
+{#                                </div>#}
+{#                            </div>#}
+                            <div class="form-group" style="display: none;" >
+                                <label class="col-md-2 control-label" for="id_bucket">{% trans "Index" %}</label>
+                                <div class="col-md-9">
+                                    <input id="id_index" class="form-control" type="text" name="INDEX" value="jumpserver">
+                                </div>
+                            </div>
+
+                            <div class="form-group" style="display: none;" >
+                                <label class="col-md-2 control-label" for="id_doc_type">{% trans "Doc type" %}</label>
+                                <div class="col-md-9">
+                                    <input id="id_doc_type" class="form-control" type="text" name="DOC_TYPE" value="command_store">
+                                </div>
+                            </div>
+
+                            <div class="hr-line-dashed"></div>
+                            <div class="form-group">
+                                <div class="col-sm-4 col-sm-offset-2">
+                                    <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+                                    <a class="btn btn-primary" type="" id="id_submit_button" >{% trans 'Submit' %}</a>
+                                </div>
+                            </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+
+{% block custom_foot_js %}
+<script>
+
+var field_of_all, need_get_field_of_server, need_get_field_of_es;
+
+function showField(field){
+    $.each(field, function(index, value){
+        $(value).parent('div').parent('div').css('display', '');
+    });
+}
+
+function hiddenField(field){
+    $.each(field, function(index, value){
+        $(value).parent('div').parent('div').css('display', 'none');
+    })
+}
+
+function getFieldByType(type){
+
+    if(type === 'server'){
+        return need_get_field_of_server
+    }
+    else if(type === 'es'){
+        return need_get_field_of_es
+    }
+}
+
+function ajaxAPI(url, data, success, error){
+    $.ajax({
+        url: url,
+        data: data,
+        method: 'POST',
+        contentType: 'application/json; charset=utf-8',
+        success: success,
+        error: error
+    })
+}
+
+$(document).ready(function() {
+    var name_id = '#id_name';
+    var hosts_id = '#id_hosts';
+    {#var other_id = '#id_other';#}
+    var index_id = '#id_index';
+    var doc_type_id = '#id_doc_type';
+
+    field_of_all = [name_id, hosts_id, index_id, doc_type_id];
+    need_get_field_of_server = [name_id];
+    need_get_field_of_es = [name_id, hosts_id, index_id, doc_type_id];
+})
+.on('change', '.selector', function(){
+    var type = $('.selector').val();
+    console.log(type);
+    hiddenField(field_of_all);
+    var field = getFieldByType(type);
+    showField(field)
+})
+
+.on('click', '#id_submit_button', function(){
+    var type = $('.selector').val();
+    var field = getFieldByType(type);
+    var data = {'TYPE': type};
+    $.each(field, function(index, id_field){
+        var name = $(id_field).attr('name');
+        var value =  $(id_field).val();
+        if(name === 'HOSTS'){
+            data[name] = value.split(',');
+        }
+        else{
+            data[name] = value
+        }
+    });
+    var url = "{% url 'api-common:command-storage-create' %}";
+    var success = function(data, textStatus) {
+        console.log(data, textStatus);
+        location = "{% url 'common:terminal-setting' %}";
+    };
+    var error = function(data,  textStatus) {
+        var error_msg = data.responseJSON.error;
+        $('#id_error').html(error_msg)
+    };
+    ajaxAPI(url, JSON.stringify(data), success, error)
+
+})
+</script>
+{% endblock %}
--- a/apps/common/templates/common/replay_storage_create.html
+++ b/apps/common/templates/common/replay_storage_create.html
--- a/apps/common/templates/common/terminal_setting.html
+++ b/apps/common/templates/common/terminal_setting.html
@@ -63,6 +63,14 @@
                                        {% endif %}
                                    {% endfor %}

+                                    <div class="form-group">
+                                        <div class="col-sm-4 col-sm-offset-2">
+                                            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+                                            <button id="submit_button" class="btn btn-primary"
+                                                    type="submit">{% trans 'Submit' %}</button>
+                                        </div>
+                                    </div>
+
                                    <div class="hr-line-dashed"></div>

                                    <h3>{% trans "Command storage" %}</h3>
@@ -71,6 +79,7 @@
                                        <tr>
                                            <th>{% trans 'Name' %}</th>
                                            <th>{% trans 'Type' %}</th>
+                                            <th>{% trans 'Action' %}</th>
                                        </tr>
                                        </thead>
                                        <tbody>
@@ -78,10 +87,13 @@
                                            <tr>
                                                <td>{{ name }}</td>
                                                <td>{{ setting.TYPE }}</td>
+                                                <td><a class="btn btn-xs btn-danger m-l-xs btn-del-command" data-name="{{ name }}">{% trans 'Delete' %}</a></td>
                                            </tr>
                                        {% endfor %}
                                        </tbody>
                                    </table>
+                                    <a href="{% url 'common:command-storage-create' %}" class="btn btn-primary">{% trans 'Add' %}</a>
+
                                    <div class="hr-line-dashed"></div>
                                    <h3>{% trans "Replay storage" %}</h3>
                                    <table class="table table-hover " id="task-history-list-table">
@@ -89,6 +101,7 @@
                                        <tr>
                                            <th>{% trans 'Name' %}</th>
                                            <th>{% trans 'Type' %}</th>
+                                            <th>{% trans 'Action' %}</th>
                                        </tr>
                                        </thead>
                                        <tbody>
@@ -96,18 +109,14 @@
                                            <tr>
                                                <td>{{ name }}</td>
                                                <td>{{ setting.TYPE }}</td>
+                                                <td><a class="btn btn-xs btn-danger m-l-xs btn-del-replay" data-name="{{ name }}">{% trans 'Delete' %}</a></td>
                                            </tr>
                                        {% endfor %}
                                        </tbody>
                                    </table>
+                                    <a href="{% url 'common:replay-storage-create' %}" class="btn btn-primary">{% trans 'Add' %}</a>
+
                                    <div class="hr-line-dashed"></div>
-                                    <div class="form-group">
-                                        <div class="col-sm-4 col-sm-offset-2">
-                                            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
-                                            <button id="submit_button" class="btn btn-primary"
-                                                    type="submit">{% trans 'Submit' %}</button>
-                                        </div>
-                                    </div>
                                </form>
                            </div>
                        </div>
@@ -116,40 +125,63 @@
            </div>
        </div>
    </div>
-    </div>
 {% endblock %}
 {% block custom_foot_js %}
-    <script>
-        $(document).ready(function () {
-        })
-            .on("click", ".btn-test", function () {
-                var data = {};
-                var form = $("form").serializeArray();
-                $.each(form, function (i, field) {
-                    data[field.name] = field.value;
-                });
+<script>

-                var the_url = "{% url 'api-common:ldap-testing' %}";
+function ajaxAPI(url, data, success, error, method){
+    $.ajax({
+        url: url,
+        data: data,
+        method: method,
+        contentType: 'application/json; charset=utf-8',
+        success: success,
+        error: error
+    })
+}

-                function error(message) {
-                    toastr.error(message)
-                }
+function deleteStorage($this, the_url){
+    var name = $this.data('name');
+    function doDelete(){
+        console.log('delete storage');
+        var data = {"name": name};
+        var method = 'POST';
+        var success = function(){
+            $this.parent().parent().remove();
+            toastr.success("{% trans 'Delete succeed' %}");
+        };
+        var error = function(){
+            toastr.error("{% trans 'Delete failed' %}}");
+        };
+        ajaxAPI(the_url, JSON.stringify(data), success, error, method);
+    }
+    swal({
+        title: "{% trans  'Are you sure about deleting it?' %}",
+        text: " [" + name + "] ",
+        type: "warning",
+        showCancelButton: true,
+        cancelButtonText: "{% trans 'Cancel' %}",
+        confirmButtonColor: "#ed5565",
+        confirmButtonText: "{% trans 'Confirm' %}",
+        closeOnConfirm: true
+    }, function () {
+        doDelete()
+    });
+}

-                function success(message) {
-                    toastr.success(message.msg)
-                }
+$(document).ready(function () {

-                APIUpdateAttr({
-                    url: the_url,
-                    body: JSON.stringify(data),
-                    method: "POST",
-                    flash_message: false,
-                    success: success,
-                    error: error
-                });
-            })
-            .on('click', '', function () {
+})
+.on('click', '.btn-del-replay', function(){
+    var $this = $(this);
+    var the_url = "{% url 'api-common:replay-storage-delete' %}";
+    deleteStorage($this, the_url);
+})
+.on('click', '.btn-del-command', function() {
+    var $this = $(this);
+    var the_url = "{% url 'api-common:command-storage-delete' %}";
+    deleteStorage($this, the_url)
+});

-            })
-    </script>
+</script>
 {% endblock %}
--- a/apps/common/urls/api_urls.py
+++ b/apps/common/urls/api_urls.py
@@ -9,5 +9,9 @@ app_name = 'common'
 urlpatterns = [
    path('mail/testing/', api.MailTestingAPI.as_view(), name='mail-testing'),
    path('ldap/testing/', api.LDAPTestingAPI.as_view(), name='ldap-testing'),
+    path('terminal/replay-storage/create/', api.ReplayStorageCreateAPI.as_view(), name='replay-storage-create'),
+    path('terminal/replay-storage/delete/', api.ReplayStorageDeleteAPI.as_view(), name='replay-storage-delete'),
+    path('terminal/command-storage/create/', api.CommandStorageCreateAPI.as_view(), name='command-storage-create'),
+    path('terminal/command-storage/delete/', api.CommandStorageDeleteAPI.as_view(), name='command-storage-delete'),
    # path('django-settings/', api.DjangoSettingsAPI.as_view(), name='django-settings'),
 ]
--- a/apps/common/urls/view_urls.py
+++ b/apps/common/urls/view_urls.py
@@ -11,5 +11,7 @@ urlpatterns = [
    url(r'^email/$', views.EmailSettingView.as_view(), name='email-setting'),
    url(r'^ldap/$', views.LDAPSettingView.as_view(), name='ldap-setting'),
    url(r'^terminal/$', views.TerminalSettingView.as_view(), name='terminal-setting'),
+    url(r'^terminal/replay-storage/create$', views.ReplayStorageCreateView.as_view(), name='replay-storage-create'),
+    url(r'^terminal/command-storage/create$', views.CommandStorageCreateView.as_view(), name='command-storage-create'),
    url(r'^security/$', views.SecuritySettingView.as_view(), name='security-setting'),
 ]
--- a/apps/common/utils.py
+++ b/apps/common/utils.py
@@ -37,7 +37,8 @@ def reverse(view_name, urlconf=None, args=None, kwargs=None,
                     kwargs=kwargs, current_app=current_app)

    if external:
-        url = settings.SITE_URL.strip('/') + url
+        from common.models import common_settings
+        url = common_settings.SITE_URL.strip('/') + url
    return url


@@ -387,6 +388,49 @@ def get_request_ip(request):
    return login_ip


+def get_command_storage_or_create_default_storage():
+    from common.models import common_settings, Setting
+    name = 'TERMINAL_COMMAND_STORAGE'
+    default = {'default': {'TYPE': 'server'}}
+    command_storage = common_settings.TERMINAL_COMMAND_STORAGE
+    if command_storage is None:
+        obj = Setting()
+        obj.name = name
+        obj.encrypted = True
+        obj.cleaned_value = default
+        obj.save()
+    if isinstance(command_storage, dict) and not command_storage:
+        obj = Setting.objects.get(name=name)
+        value = obj.cleaned_value
+        value.update(default)
+        obj.cleaned_value = value
+        obj.save()
+    command_storage = common_settings.TERMINAL_COMMAND_STORAGE
+    return command_storage
+
+
+def get_replay_storage_or_create_default_storage():
+    from common.models import common_settings, Setting
+    name = 'TERMINAL_REPLAY_STORAGE'
+    default = {'default': {'TYPE': 'server'}}
+    replay_storage = common_settings.TERMINAL_REPLAY_STORAGE
+    if replay_storage is None:
+        obj = Setting()
+        obj.name = name
+        obj.encrypted = True
+        obj.cleaned_value = default
+        obj.save()
+        replay_storage = common_settings.TERMINAL_REPLAY_STORAGE
+    if isinstance(replay_storage, dict) and not replay_storage:
+        obj = Setting.objects.get(name=name)
+        value = obj.cleaned_value
+        value.update(default)
+        obj.cleaned_value = value
+        obj.save()
+    replay_storage = common_settings.TERMINAL_REPLAY_STORAGE
+    return replay_storage
+
+
 class TeeObj:
    origin_stdout = sys.stdout


--- a/apps/common/views.py
+++ b/apps/common/views.py
@@ -4,10 +4,12 @@ from django.contrib import messages
 from django.utils.translation import ugettext as _
 from django.conf import settings

+from common.models import common_settings
 from .forms import EmailSettingForm, LDAPSettingForm, BasicSettingForm, \
    TerminalSettingForm, SecuritySettingForm
 from common.permissions import SuperUserRequiredMixin
 from .signals import ldap_auth_enable
+from . import utils


 class BasicSettingView(SuperUserRequiredMixin, TemplateView):
@@ -95,14 +97,15 @@ class TerminalSettingView(SuperUserRequiredMixin, TemplateView):
    template_name = "common/terminal_setting.html"

    def get_context_data(self, **kwargs):
-        command_storage = settings.TERMINAL_COMMAND_STORAGE
-        replay_storage = settings.TERMINAL_REPLAY_STORAGE
+        command_storage = utils.get_command_storage_or_create_default_storage()
+        replay_storage = utils.get_replay_storage_or_create_default_storage()
+
        context = {
            'app': _('Settings'),
            'action': _('Terminal setting'),
            'form': self.form_class(),
            'replay_storage': replay_storage,
-            'command_storage': command_storage,
+            'command_storage': command_storage
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
@@ -120,6 +123,30 @@ class TerminalSettingView(SuperUserRequiredMixin, TemplateView):
            return render(request, self.template_name, context)


+class ReplayStorageCreateView(SuperUserRequiredMixin, TemplateView):
+    template_name = 'common/replay_storage_create.html'
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Settings'),
+            'action': _('Create replay storage')
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class CommandStorageCreateView(SuperUserRequiredMixin, TemplateView):
+    template_name = 'common/command_storage_create.html'
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Settings'),
+            'action': _('Create command storage')
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
 class SecuritySettingView(SuperUserRequiredMixin, TemplateView):
    form_class = SecuritySettingForm
    template_name = "common/security_setting.html"

--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
--- a/apps/ops/inventory.py
+++ b/apps/ops/inventory.py
@@ -50,7 +50,7 @@ class JMSInventory(BaseInventory):
    def convert_to_ansible(self, asset, run_as_admin=False):
        info = {
            'id': asset.id,
-            'hostname': asset.hostname,
+            'hostname': asset.fullname,
            'ip': asset.ip,
            'port': asset.port,
            'vars': dict(),

--- a/apps/ops/views.py
+++ b/apps/ops/views.py
@@ -6,7 +6,7 @@ from django.views.generic import ListView, DetailView, TemplateView

 from common.mixins import DatetimeSearchMixin
 from .models import Task, AdHoc, AdHocRunHistory, CeleryTask
-from common.permissions import SuperUserRequiredMixin
+from common.permissions import SuperUserRequiredMixin, AdminUserRequiredMixin


 class TaskListView(SuperUserRequiredMixin, DatetimeSearchMixin, ListView):
@@ -121,6 +121,6 @@ class AdHocHistoryDetailView(SuperUserRequiredMixin, DetailView):
        return super().get_context_data(**kwargs)


-class CeleryTaskLogView(SuperUserRequiredMixin, DetailView):
+class CeleryTaskLogView(AdminUserRequiredMixin, DetailView):
    template_name = 'ops/celery_task_log.html'
    model = CeleryTask
--- a/apps/orgs/api.py
+++ b/apps/orgs/api.py
 # -*- coding: utf-8 -*-
 #

-from rest_framework import viewsets
+from rest_framework import status
+from rest_framework.views import Response
+from rest_framework_bulk import BulkModelViewSet

 from common.permissions import IsSuperUserOrAppUser
 from .models import Organization
-from .serializers import OrgSerializer
+from .serializers import OrgSerializer, OrgReadSerializer, \
+    OrgMembershipUserSerializer, OrgMembershipAdminSerializer
+from users.models import User, UserGroup
+from assets.models import Asset, Domain, AdminUser, SystemUser, Label
+from perms.models import AssetPermission
+from orgs.utils import current_org
+from common.utils import get_logger
+from .mixins import OrgMembershipModelViewSetMixin

+logger = get_logger(__file__)

-class OrgViewSet(viewsets.ModelViewSet):
+
+class OrgViewSet(BulkModelViewSet):
    queryset = Organization.objects.all()
    serializer_class = OrgSerializer
    permission_classes = (IsSuperUserOrAppUser,)
+    org = None
+
+    def get_serializer_class(self):
+        if self.action in ('list', 'retrieve'):
+            return OrgReadSerializer
+        else:
+            return super().get_serializer_class()
+
+    def get_data_from_model(self, model):
+        if model == User:
+            data = model.objects.filter(orgs__id=self.org.id)
+        else:
+            data = model.objects.filter(org_id=self.org.id)
+        return data
+
+    def destroy(self, request, *args, **kwargs):
+        self.org = self.get_object()
+        models = [
+            User, UserGroup,
+            Asset, Domain, AdminUser, SystemUser, Label,
+            AssetPermission,
+        ]
+        for model in models:
+            data = self.get_data_from_model(model)
+            if data:
+                return Response(status=status.HTTP_400_BAD_REQUEST)
+        else:
+            if str(current_org) == str(self.org):
+                return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
+            self.org.delete()
+            return Response({'msg': True}, status=status.HTTP_200_OK)
+
+
+class OrgMembershipAdminsViewSet(OrgMembershipModelViewSetMixin, BulkModelViewSet):
+    serializer_class = OrgMembershipAdminSerializer
+    membership_class = Organization.admins.through
+    permission_classes = (IsSuperUserOrAppUser, )
+
+
+class OrgMembershipUsersViewSet(OrgMembershipModelViewSetMixin, BulkModelViewSet):
+    serializer_class = OrgMembershipUserSerializer
+    membership_class = Organization.users.through
+    permission_classes = (IsSuperUserOrAppUser, )
--- a/apps/orgs/mixins.py
+++ b/apps/orgs/mixins.py
@@ -9,7 +9,6 @@ from django.forms import ModelForm
 from django.http.response import HttpResponseForbidden
 from django.core.exceptions import ValidationError

-
 from common.utils import get_logger
 from .utils import current_org, set_current_org, set_to_root_org
 from .models import Organization
@@ -19,7 +18,7 @@ tl = Local()

 __all__ = [
    'OrgManager', 'OrgViewGenericMixin', 'OrgModelMixin', 'OrgModelForm',
-    'RootOrgViewMixin',
+    'RootOrgViewMixin', 'OrgMembershipSerializerMixin', 'OrgMembershipModelViewSetMixin'
 ]


@@ -176,3 +175,29 @@ class OrgModelForm(ModelForm):
                continue
            model = field.queryset.model
            field.queryset = model.objects.all()
+
+
+class OrgMembershipSerializerMixin:
+    def run_validation(self, initial_data=None):
+        initial_data['organization'] = str(self.context['org'].id)
+        return super().run_validation(initial_data)
+
+
+class OrgMembershipModelViewSetMixin:
+    org = None
+    membership_class = None
+    lookup_field = 'user'
+    lookup_url_kwarg = 'user_id'
+    http_method_names = ['get', 'post', 'delete', 'head', 'options']
+
+    def dispatch(self, request, *args, **kwargs):
+        self.org = Organization.objects.get(pk=kwargs.get('org_id'))
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_serializer_context(self):
+        context = super().get_serializer_context()
+        context['org'] = self.org
+        return context
+
+    def get_queryset(self):
+        return self.membership_class.objects.filter(organization=self.org)
--- a/apps/orgs/serializers.py
+++ b/apps/orgs/serializers.py

 from rest_framework.serializers import ModelSerializer
+from rest_framework import serializers
+from rest_framework_bulk import BulkListSerializer
+
+from users.models import User, UserGroup
+from assets.models import Asset, Domain, AdminUser, SystemUser, Label
+from perms.models import AssetPermission
+from .utils import set_current_org, get_current_org
 from .models import Organization
+from .mixins import OrgMembershipSerializerMixin


 class OrgSerializer(ModelSerializer):
    class Meta:
        model = Organization
+        list_serializer_class = BulkListSerializer
        fields = '__all__'
        read_only_fields = ['id', 'created_by', 'date_created']
+
+
+class OrgReadSerializer(ModelSerializer):
+    admins = serializers.SlugRelatedField(slug_field='name', many=True, read_only=True)
+    users = serializers.SlugRelatedField(slug_field='name', many=True, read_only=True)
+    user_groups = serializers.SerializerMethodField()
+    assets = serializers.SerializerMethodField()
+    domains = serializers.SerializerMethodField()
+    admin_users = serializers.SerializerMethodField()
+    system_users = serializers.SerializerMethodField()
+    labels = serializers.SerializerMethodField()
+    perms = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Organization
+        fields = '__all__'
+
+    @staticmethod
+    def get_data_from_model(obj, model):
+        current_org = get_current_org()
+        set_current_org(Organization.root())
+        if model == Asset:
+            data = [o.hostname for o in model.objects.filter(org_id=obj.id)]
+        else:
+            data = [o.name for o in model.objects.filter(org_id=obj.id)]
+        set_current_org(current_org)
+        return data
+
+    def get_user_groups(self, obj):
+        return self.get_data_from_model(obj, UserGroup)
+
+    def get_assets(self, obj):
+        return self.get_data_from_model(obj, Asset)
+
+    def get_domains(self, obj):
+        return self.get_data_from_model(obj, Domain)
+
+    def get_admin_users(self, obj):
+        return self.get_data_from_model(obj, AdminUser)
+
+    def get_system_users(self, obj):
+        return self.get_data_from_model(obj, SystemUser)
+
+    def get_labels(self, obj):
+        return self.get_data_from_model(obj, Label)
+
+    def get_perms(self, obj):
+        return self.get_data_from_model(obj, AssetPermission)
+
+
+class OrgMembershipAdminSerializer(OrgMembershipSerializerMixin, ModelSerializer):
+    class Meta:
+        model = Organization.admins.through
+        list_serializer_class = BulkListSerializer
+        fields = '__all__'
+
+
+class OrgMembershipUserSerializer(OrgMembershipSerializerMixin, ModelSerializer):
+    class Meta:
+        model = Organization.users.through
+        list_serializer_class = BulkListSerializer
+        fields = '__all__'
--- a/apps/orgs/urls/api_urls.py
+++ b/apps/orgs/urls/api_urls.py
 # -*- coding: utf-8 -*-
 #

+from django.urls import path
 from rest_framework.routers import DefaultRouter
 from .. import api


 app_name = 'orgs'
 router = DefaultRouter()
+
+router.register(r'org/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/admins',
+                api.OrgMembershipAdminsViewSet, 'membership-admins')
+
+router.register(r'org/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/users',
+                api.OrgMembershipUsersViewSet, 'membership-users'),
+
 router.register(r'orgs', api.OrgViewSet, 'org')



--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@@ -5,6 +5,7 @@ from django.shortcuts import get_object_or_404
 from rest_framework.views import APIView, Response
 from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView
 from rest_framework import viewsets
+from rest_framework.pagination import LimitOffsetPagination

 from common.utils import set_or_append_attr_bulk
 from common.permissions import IsValidUser, IsOrgAdmin, IsOrgAdminOrAppUser
@@ -15,6 +16,7 @@ from .hands import AssetGrantedSerializer, User, UserGroup, Asset, Node, \
    NodeGrantedSerializer, SystemUser, NodeSerializer
 from orgs.utils import set_to_root_org
 from . import serializers
+from .mixins import AssetsFilterMixin


 __all__ = [
@@ -32,6 +34,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
    """
    queryset = AssetPermission.objects.all()
    serializer_class = serializers.AssetPermissionCreateUpdateSerializer
+    pagination_class = LimitOffsetPagination
    permission_classes = (IsOrgAdmin,)

    def get_serializer_class(self):
@@ -40,10 +43,15 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
        return self.serializer_class

    def get_queryset(self):
-        queryset = super().get_queryset()
+        queryset = super().get_queryset().all()
+        search = self.request.query_params.get('search')
        asset_id = self.request.query_params.get('asset')
        node_id = self.request.query_params.get('node')
        inherit_nodes = set()
+
+        if search:
+            queryset = queryset.filter(name__icontains=search)
+
        if not asset_id and not node_id:
            return queryset

@@ -62,15 +70,17 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
            _permissions = queryset.filter(nodes=n)
            set_or_append_attr_bulk(_permissions, "inherit", n.value)
            permissions.update(_permissions)
-        return permissions
+
+        return list(permissions)


-class UserGrantedAssetsApi(ListAPIView):
+class UserGrantedAssetsApi(AssetsFilterMixin, ListAPIView):
    """
    用户授权的所有资产
    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = AssetGrantedSerializer
+    pagination_class = LimitOffsetPagination
    
    def change_org_if_need(self):
        if self.request.user.is_superuser or \
@@ -93,6 +103,7 @@ class UserGrantedAssetsApi(ListAPIView):
            system_users_granted = [s for s in v if s.protocol == k.protocol]
            k.system_users_granted = system_users_granted
            queryset.append(k)
+
        return queryset

    def get_permissions(self):
@@ -131,7 +142,7 @@ class UserGrantedNodesApi(ListAPIView):
        return super().get_permissions()


-class UserGrantedNodesWithAssetsApi(ListAPIView):
+class UserGrantedNodesWithAssetsApi(AssetsFilterMixin, ListAPIView):
    """
    用户授权的节点并带着节点下资产的api
    """
@@ -166,19 +177,25 @@ class UserGrantedNodesWithAssetsApi(ListAPIView):
            queryset.append(node)
        return queryset

+    def sort_assets(self, queryset):
+        for node in queryset:
+            node.assets_granted = super().sort_assets(node.assets_granted)
+        return queryset
+
    def get_permissions(self):
        if self.kwargs.get('pk') is None:
            self.permission_classes = (IsValidUser,)
        return super().get_permissions()


-class UserGrantedNodeAssetsApi(ListAPIView):
+class UserGrantedNodeAssetsApi(AssetsFilterMixin, ListAPIView):
    """
    查询用户授权的节点下的资产的api, 与上面api不同的是，只返回某个节点下的资产
    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = AssetGrantedSerializer
-    
+    pagination_class = LimitOffsetPagination
+
    def change_org_if_need(self):
        if self.request.user.is_superuser or \
                self.request.user.is_app or \
@@ -200,6 +217,8 @@ class UserGrantedNodeAssetsApi(ListAPIView):
        assets = nodes.get(node, [])
        for asset, system_users in assets.items():
            asset.system_users_granted = system_users
+
+        assets = list(assets.keys())
        return assets

    def get_permissions(self):

--- a/apps/perms/mixins.py
+++ b/apps/perms/mixins.py
+# ~*~ coding: utf-8 ~*~
+#
+
+
+class AssetsFilterMixin(object):
+    """
+    对资产进行过滤(查询，排序)
+    """
+
+    def filter_queryset(self, queryset):
+        queryset = self.search_assets(queryset)
+        queryset = self.sort_assets(queryset)
+        return queryset
+
+    def search_assets(self, queryset):
+        from perms.utils import is_obj_attr_has
+        value = self.request.query_params.get('search')
+        if not value:
+            return queryset
+        queryset = [asset for asset in queryset if is_obj_attr_has(asset, value)]
+        return queryset
+
+    def sort_assets(self, queryset):
+        from perms.utils import sort_assets
+        order_by = self.request.query_params.get('order')
+        if not order_by:
+            order_by = 'hostname'
+
+        if order_by.startswith('-'):
+            order_by = order_by.lstrip('-')
+            reverse = True
+        else:
+            reverse = False
+
+        queryset = sort_assets(queryset, order_by=order_by, reverse=reverse)
+        return queryset
--- a/apps/perms/templates/perms/asset_permission_asset.html
+++ b/apps/perms/templates/perms/asset_permission_asset.html
@@ -24,7 +24,7 @@
                            </li>
                            <li class="active">
                                <a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id  %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and node' %}</a>
                            </li>
                        </ul>
                    </div>

--- a/apps/perms/templates/perms/asset_permission_create_update.html
+++ b/apps/perms/templates/perms/asset_permission_create_update.html
@@ -54,9 +54,9 @@
                                <div class="col-sm-9">
                                    <div class="input-daterange input-group" id="datepicker">
                                        <span class="input-group-addon"><i class="fa fa-calendar"></i></span>
-                                        <input type="text" class="input-sm form-control" name="date_start" value="{{ form.date_start.value|date:'Y-m-d' }}">
+                                        <input type="text" class="input-sm form-control" id="date_start" name="date_start" value="{{ form.date_start.value|date:'Y-m-d H:i' }}">
                                        <span class="input-group-addon">to</span>
-                                        <input type="text" class="input-sm form-control" name="date_expired" value="{{ form.date_expired.value|date:'Y-m-d' }}">
+                                        <input type="text" class="input-sm form-control" id="date_expired" name="date_expired" value="{{ form.date_expired.value|date:'Y-m-d H:i' }}">
                                    </div>
                                    <span class="help-block ">{{ form.date_expired.errors }}</span>
                                    <span class="help-block ">{{ form.date_start.errors }}</span>
@@ -70,6 +70,7 @@
                                    <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
                                </div>
                            </div>
+
                        </form>
                    </div>
                </div>
@@ -80,19 +81,27 @@
 {% endblock %}
 {% block custom_foot_js %}
 <script src="{% static 'js/plugins/datepicker/bootstrap-datepicker.js' %}"></script>
+<script type="text/javascript" src='{% static "js/plugins/daterangepicker/moment.min.js" %}'></script>
+<script type="text/javascript" src='{% static "js/plugins/daterangepicker/daterangepicker.min.js" %}'></script>
+<link rel="stylesheet" type="text/css" href={% static "css/plugins/daterangepicker/daterangepicker.css" %} />
+
 <script>
+var dateOptions = {
+    singleDatePicker: true,
+    showDropdowns: true,
+    timePicker: true,
+    timePicker24Hour: true,
+    autoApply: true,
+    locale: {
+        format: 'YYYY-MM-DD HH:mm'
+    }
+};
 $(document).ready(function () {
    $('.select2').select2({
        closeOnSelect: false
    });
-    $('#datepicker').datepicker({
-        format: "yyyy-mm-dd",
-        todayBtn: "linked",
-        keyboardNavigation: false,
-        forceParse: false,
-        calendarWeeks: true,
-        autoclose: true
-    });
+    $('#date_start').daterangepicker(dateOptions);
+    $('#date_expired').daterangepicker(dateOptions);
    $("#id_assets").parent().find(".select2-selection").on('click', function (e) {
        if ($(e.target).attr('class') !== 'select2-selection__choice__remove'){
            e.preventDefault();
@@ -110,6 +119,6 @@ $(document).ready(function () {
        $('.select2').val(assets).trigger('change');
    });
    $("#asset_list_modal").modal('hide');
-})
+});
 </script>
 {% endblock %}
\ No newline at end of file
--- a/apps/perms/templates/perms/asset_permission_detail.html
+++ b/apps/perms/templates/perms/asset_permission_detail.html
@@ -24,7 +24,7 @@
                            </li>
                            <li>
                                <a href="{% url 'perms:asset-permission-asset-list' pk=object.id %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and node' %}</a>
                            </li>
                            <li class="pull-right">
                                <a class="btn btn-outline btn-default" href="{% url 'perms:asset-permission-update' pk=object.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>

--- a/apps/perms/templates/perms/asset_permission_list.html
+++ b/apps/perms/templates/perms/asset_permission_list.html
@@ -217,7 +217,7 @@ function initTable() {
        select: {},
        op_html: $('#actions').html()
    };
-    table = jumpserver.initDataTable(options);
+    table = jumpserver.initServerSideDataTable(options);
    return table
 }


--- a/apps/perms/templates/perms/asset_permission_user.html
+++ b/apps/perms/templates/perms/asset_permission_user.html
@@ -24,7 +24,7 @@
                            </li>
                            <li>
                                <a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id  %}" class="text-center">
-                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets and node' %}</a>
                            </li>
                        </ul>
                    </div>

--- a/apps/perms/utils.py
+++ b/apps/perms/utils.py
@@ -156,3 +156,22 @@ class AssetPermissionUtil:
        return tree.nodes


+def is_obj_attr_has(obj, val, attrs=("hostname", "ip", "comment")):
+    if not attrs:
+        vals = [val for val in obj.__dict__.values() if isinstance(val, (str, int))]
+    else:
+        vals = [getattr(obj, attr) for attr in attrs if
+                hasattr(obj, attr) and isinstance(hasattr(obj, attr), (str, int))]
+
+    for v in vals:
+        if str(v).find(val) != -1:
+            return True
+    return False
+
+
+def sort_assets(assets, order_by='hostname', reverse=False):
+    if order_by == 'ip':
+        assets = sorted(assets, key=lambda asset: [int(d) for d in asset.ip.split('.') if d.isdigit()], reverse=reverse)
+    else:
+        assets = sorted(assets, key=lambda asset: getattr(asset, order_by), reverse=reverse)
+    return assets
--- a/apps/static/css/plugins/daterangepicker/daterangepicker.css
+++ b/apps/static/css/plugins/daterangepicker/daterangepicker.css
+.daterangepicker {
+  position: absolute;
+  color: inherit;
+  background-color: #fff;
+  border-radius: 4px;
+  border: 1px solid #ddd;
+  width: 278px;
+  max-width: none;
+  padding: 0;
+  margin-top: 7px;
+  top: 100px;
+  left: 20px;
+  z-index: 3001;
+  display: none;
+  font-family: arial;
+  font-size: 15px;
+  line-height: 1em;
+}
+
+.daterangepicker:before, .daterangepicker:after {
+  position: absolute;
+  display: inline-block;
+  border-bottom-color: rgba(0, 0, 0, 0.2);
+  content: '';
+}
+
+.daterangepicker:before {
+  top: -7px;
+  border-right: 7px solid transparent;
+  border-left: 7px solid transparent;
+  border-bottom: 7px solid #ccc;
+}
+
+.daterangepicker:after {
+  top: -6px;
+  border-right: 6px solid transparent;
+  border-bottom: 6px solid #fff;
+  border-left: 6px solid transparent;
+}
+
+.daterangepicker.opensleft:before {
+  right: 9px;
+}
+
+.daterangepicker.opensleft:after {
+  right: 10px;
+}
+
+.daterangepicker.openscenter:before {
+  left: 0;
+  right: 0;
+  width: 0;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.daterangepicker.openscenter:after {
+  left: 0;
+  right: 0;
+  width: 0;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.daterangepicker.opensright:before {
+  left: 9px;
+}
+
+.daterangepicker.opensright:after {
+  left: 10px;
+}
+
+.daterangepicker.drop-up {
+  margin-top: -7px;
+}
+
+.daterangepicker.drop-up:before {
+  top: initial;
+  bottom: -7px;
+  border-bottom: initial;
+  border-top: 7px solid #ccc;
+}
+
+.daterangepicker.drop-up:after {
+  top: initial;
+  bottom: -6px;
+  border-bottom: initial;
+  border-top: 6px solid #fff;
+}
+
+.daterangepicker.single .daterangepicker .ranges, .daterangepicker.single .drp-calendar {
+  float: none;
+}
+
+.daterangepicker.single .drp-selected {
+  display: none;
+}
+
+.daterangepicker.show-calendar .drp-calendar {
+  display: block;
+}
+
+.daterangepicker.show-calendar .drp-buttons {
+  display: block;
+}
+
+.daterangepicker.auto-apply .drp-buttons {
+  display: none;
+}
+
+.daterangepicker .drp-calendar {
+  display: none;
+  max-width: 270px;
+}
+
+.daterangepicker .drp-calendar.left {
+  padding: 8px 0 8px 8px;
+}
+
+.daterangepicker .drp-calendar.right {
+  padding: 8px;
+}
+
+.daterangepicker .drp-calendar.single .calendar-table {
+  border: none;
+}
+
+.daterangepicker .calendar-table .next span, .daterangepicker .calendar-table .prev span {
+  color: #fff;
+  border: solid black;
+  border-width: 0 2px 2px 0;
+  border-radius: 0;
+  display: inline-block;
+  padding: 3px;
+}
+
+.daterangepicker .calendar-table .next span {
+  transform: rotate(-45deg);
+  -webkit-transform: rotate(-45deg);
+}
+
+.daterangepicker .calendar-table .prev span {
+  transform: rotate(135deg);
+  -webkit-transform: rotate(135deg);
+}
+
+.daterangepicker .calendar-table th, .daterangepicker .calendar-table td {
+  white-space: nowrap;
+  text-align: center;
+  vertical-align: middle;
+  min-width: 32px;
+  width: 32px;
+  height: 24px;
+  line-height: 24px;
+  font-size: 12px;
+  border-radius: 4px;
+  border: 1px solid transparent;
+  white-space: nowrap;
+  cursor: pointer;
+}
+
+.daterangepicker .calendar-table {
+  border: 1px solid #fff;
+  border-radius: 4px;
+  background-color: #fff;
+}
+
+.daterangepicker .calendar-table table {
+  width: 100%;
+  margin: 0;
+  border-spacing: 0;
+  border-collapse: collapse;
+}
+
+.daterangepicker td.available:hover, .daterangepicker th.available:hover {
+  background-color: #eee;
+  border-color: transparent;
+  color: inherit;
+}
+
+.daterangepicker td.week, .daterangepicker th.week {
+  font-size: 80%;
+  color: #ccc;
+}
+
+.daterangepicker td.off, .daterangepicker td.off.in-range, .daterangepicker td.off.start-date, .daterangepicker td.off.end-date {
+  background-color: #fff;
+  border-color: transparent;
+  color: #999;
+}
+
+.daterangepicker td.in-range {
+  background-color: #ebf4f8;
+  border-color: transparent;
+  color: #000;
+  border-radius: 0;
+}
+
+.daterangepicker td.start-date {
+  border-radius: 4px 0 0 4px;
+}
+
+.daterangepicker td.end-date {
+  border-radius: 0 4px 4px 0;
+}
+
+.daterangepicker td.start-date.end-date {
+  border-radius: 4px;
+}
+
+.daterangepicker td.active, .daterangepicker td.active:hover {
+  background-color: #357ebd;
+  border-color: transparent;
+  color: #fff;
+}
+
+.daterangepicker th.month {
+  width: auto;
+}
+
+.daterangepicker td.disabled, .daterangepicker option.disabled {
+  color: #999;
+  cursor: not-allowed;
+  text-decoration: line-through;
+}
+
+.daterangepicker select.monthselect, .daterangepicker select.yearselect {
+  font-size: 12px;
+  padding: 1px;
+  height: auto;
+  margin: 0;
+  cursor: default;
+}
+
+.daterangepicker select.monthselect {
+  margin-right: 2%;
+  width: 56%;
+}
+
+.daterangepicker select.yearselect {
+  width: 40%;
+}
+
+.daterangepicker select.hourselect, .daterangepicker select.minuteselect, .daterangepicker select.secondselect, .daterangepicker select.ampmselect {
+  width: 50px;
+  margin: 0 auto;
+  background: #eee;
+  border: 1px solid #eee;
+  padding: 2px;
+  outline: 0;
+  font-size: 12px;
+}
+
+.daterangepicker .calendar-time {
+  text-align: center;
+  margin: 4px auto 0 auto;
+  line-height: 30px;
+  position: relative;
+}
+
+.daterangepicker .calendar-time select.disabled {
+  color: #ccc;
+  cursor: not-allowed;
+}
+
+.daterangepicker .drp-buttons {
+  clear: both;
+  text-align: right;
+  padding: 8px;
+  border-top: 1px solid #ddd;
+  display: none;
+  line-height: 12px;
+  vertical-align: middle;
+}
+
+.daterangepicker .drp-selected {
+  display: inline-block;
+  font-size: 12px;
+  padding-right: 8px;
+}
+
+.daterangepicker .drp-buttons .btn {
+  margin-left: 8px;
+  font-size: 12px;
+  font-weight: bold;
+  padding: 4px 8px;
+}
+
+.daterangepicker.show-ranges .drp-calendar.left {
+  border-left: 1px solid #ddd;
+}
+
+.daterangepicker .ranges {
+  float: none;
+  text-align: left;
+  margin: 0;
+}
+
+.daterangepicker.show-calendar .ranges {
+  margin-top: 8px;
+}
+
+.daterangepicker .ranges ul {
+  list-style: none;
+  margin: 0 auto;
+  padding: 0;
+  width: 100%;
+}
+
+.daterangepicker .ranges li {
+  font-size: 12px;
+  padding: 8px 12px;
+  cursor: pointer;
+}
+
+.daterangepicker .ranges li:hover {
+  background-color: #eee;
+}
+
+.daterangepicker .ranges li.active {
+  background-color: #08c;
+  color: #fff;
+}
+
+/*  Larger Screen Styling */
+@media (min-width: 564px) {
+  .daterangepicker {
+    width: auto; }
+    .daterangepicker .ranges ul {
+      width: 140px; }
+    .daterangepicker.single .ranges ul {
+      width: 100%; }
+    .daterangepicker.single .drp-calendar.left {
+      clear: none; }
+    .daterangepicker.single.ltr .ranges, .daterangepicker.single.ltr .drp-calendar {
+      float: left; }
+    .daterangepicker.single.rtl .ranges, .daterangepicker.single.rtl .drp-calendar {
+      float: right; }
+    .daterangepicker.ltr {
+      direction: ltr;
+      text-align: left; }
+      .daterangepicker.ltr .drp-calendar.left {
+        clear: left;
+        margin-right: 0; }
+        .daterangepicker.ltr .drp-calendar.left .calendar-table {
+          border-right: none;
+          border-top-right-radius: 0;
+          border-bottom-right-radius: 0; }
+      .daterangepicker.ltr .drp-calendar.right {
+        margin-left: 0; }
+        .daterangepicker.ltr .drp-calendar.right .calendar-table {
+          border-left: none;
+          border-top-left-radius: 0;
+          border-bottom-left-radius: 0; }
+      .daterangepicker.ltr .drp-calendar.left .calendar-table {
+        padding-right: 8px; }
+      .daterangepicker.ltr .ranges, .daterangepicker.ltr .drp-calendar {
+        float: left; }
+    .daterangepicker.rtl {
+      direction: rtl;
+      text-align: right; }
+      .daterangepicker.rtl .drp-calendar.left {
+        clear: right;
+        margin-left: 0; }
+        .daterangepicker.rtl .drp-calendar.left .calendar-table {
+          border-left: none;
+          border-top-left-radius: 0;
+          border-bottom-left-radius: 0; }
+      .daterangepicker.rtl .drp-calendar.right {
+        margin-right: 0; }
+        .daterangepicker.rtl .drp-calendar.right .calendar-table {
+          border-right: none;
+          border-top-right-radius: 0;
+          border-bottom-right-radius: 0; }
+      .daterangepicker.rtl .drp-calendar.left .calendar-table {
+        padding-left: 12px; }
+      .daterangepicker.rtl .ranges, .daterangepicker.rtl .drp-calendar {
+        text-align: right;
+        float: right; } }
+@media (min-width: 730px) {
+  .daterangepicker .ranges {
+    width: auto; }
+  .daterangepicker.ltr .ranges {
+    float: left; }
+  .daterangepicker.rtl .ranges {
+    float: right; }
+  .daterangepicker .drp-calendar.left {
+    clear: none !important; } }
\ No newline at end of file
--- a/apps/static/js/jumpserver.js
+++ b/apps/static/js/jumpserver.js
@@ -146,12 +146,15 @@ function activeNav() {
    if (app === ''){
        $('#index').addClass('active');
    }
-    else if (app === 'xpack') {
+    else if (app === 'xpack' && resource === 'cloud') {
        var item = url_array[3];
        $("#" + app).addClass('active');
        $('#' + app + ' #' + resource).addClass('active');
        $('#' + app + ' #' + resource + ' #' + item + ' a').css('color', '#ffffff');
    }
+    else if (app === 'settings'){
+        $("#" + app).addClass('active');
+    }
    else {
        $("#" + app).addClass('active');
        $('#' + app + ' #' + resource).addClass('active');

--- a/apps/static/js/plugins/daterangepicker/daterangepicker.min.js
+++ b/apps/static/js/plugins/daterangepicker/daterangepicker.min.js
--- a/apps/static/js/plugins/daterangepicker/moment.min.js
+++ b/apps/static/js/plugins/daterangepicker/moment.min.js
--- a/apps/templates/_base_create_update.html
+++ b/apps/templates/_base_create_update.html
@@ -31,8 +31,8 @@
                    <div class="ibox-content">
                        {% if form.errors.all %}
                            <div class="alert alert-danger" style="margin: 20px auto 0px">
-                            {{ form.errors.all }}
-                        </div>
+                                {{ form.errors.all }}
+                            </div>
                        {% endif %}
                        {% block form %}
                        {% endblock %}

--- a/apps/terminal/backends/__init__.py
+++ b/apps/terminal/backends/__init__.py
@@ -2,6 +2,9 @@ from importlib import import_module
 from django.conf import settings
 from .command.serializers import SessionCommandSerializer

+from common import utils
+from common.models import common_settings, Setting
+
 TYPE_ENGINE_MAPPING = {
    'elasticsearch': 'terminal.backends.command.es',
 }
@@ -16,7 +19,9 @@ def get_command_storage():

 def get_terminal_command_storages():
    storage_list = {}
-    for name, params in settings.TERMINAL_COMMAND_STORAGE.items():
+    command_storage = utils.get_command_storage_or_create_default_storage()
+
+    for name, params in command_storage.items():
        tp = params['TYPE']
        if tp == 'server':
            storage = get_command_storage()

--- a/apps/terminal/forms.py
+++ b/apps/terminal/forms.py
@@ -2,36 +2,33 @@
 #

 from django import forms
-from django.conf import settings
 from django.utils.translation import ugettext_lazy as _

 from .models import Terminal


 def get_all_command_storage():
-    # storage_choices = []
-    from common.models import Setting
-    Setting.refresh_all_settings()
-    for k, v in settings.TERMINAL_COMMAND_STORAGE.items():
+    from common import utils
+    command_storage = utils.get_command_storage_or_create_default_storage()
+    for k, v in command_storage.items():
        yield (k, k)


 def get_all_replay_storage():
-    # storage_choices = []
-    from common.models import Setting
-    Setting.refresh_all_settings()
-    for k, v in settings.TERMINAL_REPLAY_STORAGE.items():
+    from common import utils
+    replay_storage = utils.get_replay_storage_or_create_default_storage()
+    for k, v in replay_storage.items():
        yield (k, k)


 class TerminalForm(forms.ModelForm):
    command_storage = forms.ChoiceField(
-        choices=get_all_command_storage(),
+        choices=get_all_command_storage,
        label=_("Command storage"),
        help_text=_("Command can store in server db or ES, default to server, more see docs"),
    )
    replay_storage = forms.ChoiceField(
-        choices=get_all_replay_storage(),
+        choices=get_all_replay_storage,
        label=_("Replay storage"),
        help_text=_("Replay file can store in server disk, AWS S3, Aliyun OSS, default to server, more see docs"),
    )

--- a/apps/users/api/auth.py
+++ b/apps/users/api/auth.py
@@ -43,10 +43,13 @@ class UserAuthApi(RootOrgViewMixin, APIView):

        user, msg = self.check_user_valid(request)
        if not user:
+            username = request.data.get('username', '')
+            exist = User.objects.filter(username=username).first()
+            reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST
            data = {
-                'username': request.data.get('username', ''),
+                'username': username,
                'mfa': LoginLog.MFA_UNKNOWN,
-                'reason': LoginLog.REASON_PASSWORD,
+                'reason': reason,
                'status': False
            }
            self.write_login_log(request, data)

--- a/apps/users/api/group.py
+++ b/apps/users/api/group.py
@@ -3,6 +3,7 @@

 from rest_framework import generics
 from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination

 from ..serializers import UserGroupSerializer, \
    UserGroupUpdateMemeberSerializer
@@ -15,9 +16,12 @@ __all__ = ['UserGroupViewSet', 'UserGroupUpdateUserApi']


 class UserGroupViewSet(IDInFilterMixin, BulkModelViewSet):
+    filter_fields = ("name",)
+    search_fields = filter_fields
    queryset = UserGroup.objects.all()
    serializer_class = UserGroupSerializer
    permission_classes = (IsOrgAdmin,)
+    pagination_class = LimitOffsetPagination


 class UserGroupUpdateUserApi(generics.RetrieveUpdateAPIView):

--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -9,6 +9,7 @@ from rest_framework import generics
 from rest_framework.response import Response
 from rest_framework.permissions import IsAuthenticated
 from rest_framework_bulk import BulkModelViewSet
+from rest_framework.pagination import LimitOffsetPagination

 from ..serializers import UserSerializer, UserPKUpdateSerializer, \
    UserUpdateGroupSerializer, ChangeUserPasswordSerializer
@@ -28,10 +29,12 @@ __all__ = [


 class UserViewSet(IDInFilterMixin, BulkModelViewSet):
+    filter_fields = ('username', 'email', 'name', 'id')
+    search_fields = filter_fields
    queryset = User.objects.exclude(role="App")
    serializer_class = UserSerializer
    permission_classes = (IsOrgAdmin,)
-    filter_fields = ('username', 'email', 'name', 'id')
+    pagination_class = LimitOffsetPagination

    def get_queryset(self):
        queryset = super().get_queryset()

--- a/apps/users/models/authentication.py
+++ b/apps/users/models/authentication.py
@@ -55,11 +55,13 @@ class LoginLog(models.Model):
    REASON_NOTHING = 0
    REASON_PASSWORD = 1
    REASON_MFA = 2
+    REASON_NOT_EXIST = 3

    REASON_CHOICE = (
        (REASON_NOTHING, _('-')),
        (REASON_PASSWORD, _('Username/password check failed')),
        (REASON_MFA, _('MFA authentication failed')),
+        (REASON_NOT_EXIST, _("Username does not exist")),
    )

    STATUS_CHOICE = (
@@ -67,7 +69,7 @@ class LoginLog(models.Model):
        (False, _('Failed'))
    )
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
-    username = models.CharField(max_length=20, verbose_name=_('Username'))
+    username = models.CharField(max_length=128, verbose_name=_('Username'))
    type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=2, verbose_name=_('Login type'))
    ip = models.GenericIPAddressField(verbose_name=_('Login ip'))
    city = models.CharField(max_length=254, blank=True, null=True, verbose_name=_('Login city'))

--- a/apps/users/templates/users/_user.html
+++ b/apps/users/templates/users/_user.html
@@ -30,7 +30,7 @@
            <div class="col-sm-9">
                <div class="input-group date">
                    <span class="input-group-addon"><i class="fa fa-calendar"></i></span>
-                    <input id="{{ form.date_expired.id_for_label }}" name="{{ form.date_expired.html_name }}" type="text" class="form-control" value="{{ form.date_expired.value|date:'Y-m-d' }}">
+                    <input id="{{ form.date_expired.id_for_label }}" name="{{ form.date_expired.html_name }}" type="text" class="form-control" value="{{ form.date_expired.value|date:'Y-m-d H:i' }}">
                </div>
                <span class="help-block ">{{ form.date_expired.errors }}</span>
            </div>
@@ -52,18 +52,24 @@
 {% endblock %}
 {% block custom_foot_js %}
    <script src="{% static 'js/plugins/datepicker/bootstrap-datepicker.js' %}"></script>
+    <script type="text/javascript" src='{% static "js/plugins/daterangepicker/moment.min.js" %}'></script>
+    <script type="text/javascript" src='{% static "js/plugins/daterangepicker/daterangepicker.min.js" %}'></script>
+    <link rel="stylesheet" type="text/css" href={% static "css/plugins/daterangepicker/daterangepicker.css" %} />
+
    <script>
+        var dateOptions = {
+            singleDatePicker: true,
+            showDropdowns: true,
+            timePicker: true,
+            timePicker24Hour: true,
+            autoApply: true,
+            locale: {
+                format: 'YYYY-MM-DD HH:mm'
+            }
+        };
        $(document).ready(function () {
            $('.select2').select2();
-
-            $('.input-group.date').datepicker({
-                format: "yyyy-mm-dd",
-                todayBtn: "linked",
-                keyboardNavigation: false,
-                forceParse: false,
-                calendarWeeks: true,
-                autoclose: true
-            });
+            $('#id_date_expired').daterangepicker(dateOptions);
        })
    </script>
 {% endblock %}
--- a/apps/users/templates/users/user_granted_asset.html
+++ b/apps/users/templates/users/user_granted_asset.html
@@ -103,7 +103,7 @@ function initTable() {
            {data: "system_users_granted", orderable: false}
        ]
    };
-    asset_table = jumpserver.initDataTable(options);
+    asset_table = jumpserver.initServerSideDataTable(options)
 }

 function onSelected(event, treeNode) {

--- a/apps/users/templates/users/user_group_list.html
+++ b/apps/users/templates/users/user_group_list.html
@@ -58,7 +58,8 @@ $(document).ready(function() {
        order: [],
        op_html: $('#actions').html()
    };
-    jumpserver.initDataTable(options);
+    jumpserver.initServerSideDataTable(options);
+
 }).on('click', '.btn_delete_user_group', function(){
    var $this = $(this);
    var group_id = $this.data('gid');

--- a/apps/users/templates/users/user_list.html
+++ b/apps/users/templates/users/user_list.html
@@ -95,7 +95,7 @@ function initTable() {
        ],
        op_html: $('#actions').html()
    };
-    table = jumpserver.initDataTable(options);
+    var table = jumpserver.initServerSideDataTable(options);
    return table
 }


--- a/apps/users/views/login.py
+++ b/apps/users/views/login.py
@@ -21,6 +21,7 @@ from formtools.wizard.views import SessionWizardView
 from django.conf import settings

 from common.utils import get_object_or_none, get_request_ip
+from common.models import common_settings
 from ..models import User, LoginLog
 from ..utils import send_reset_password_mail, check_otp_code, \
    redirect_user_first_login_or_index, get_user_or_tmp_user, \
@@ -78,12 +79,15 @@ class UserLoginView(FormView):
    def form_invalid(self, form):
        # write login failed log
        username = form.cleaned_data.get('username')
+        exist = User.objects.filter(username=username).first()
+        reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST
        data = {
            'username': username,
            'mfa': LoginLog.MFA_UNKNOWN,
-            'reason': LoginLog.REASON_PASSWORD,
+            'reason': reason,
            'status': False
        }
+
        self.write_login_log(data)

        # limit user login failed count
@@ -318,7 +322,7 @@ class UserFirstLoginView(LoginRequiredMixin, SessionWizardView):
        user.is_public_key_valid = True
        user.save()
        context = {
-            'user_guide_url': settings.USER_GUIDE_URL
+            'user_guide_url': common_settings.USER_GUIDE_URL
        }
        return render(self.request, 'users/first_login_done.html', context)


--- a/requirements/deb_requirements.txt
+++ b/requirements/deb_requirements.txt
-libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev python-tk python-dev openssl libssl-dev libldap2-dev libsasl2-dev sqlite gcc automake libkrb5-dev
+libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev python-tk python-dev openssl libssl-dev libldap2-dev libsasl2-dev sqlite gcc automake libkrb5-dev sshpass
--- a/requirements/rpm_requirements.txt
+++ b/requirements/rpm_requirements.txt
-libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel libffi-devel openssh-clients
+libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mariadb-devel libffi-devel openssh-clients