From 4944ac8e751268ce73c74bc1cce8fde1d720d406 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= <ibuler@qq.com>
Date: Thu, 5 Dec 2019 15:09:25 +0800
Subject: [PATCH] Config (#3502)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Update] 修改config

* [Update] 移动存储设置到到terminal中

* [Update] 修改permission 查看

* [Update] pre merge

* [Update] 录像存储

* [Update] 命令存储

* [Update] 添加存储测试可连接性

* [Update] 修改 meta 值的 key 为大写

* [Update] 修改 Terminal 相关 Storage 配置

* [Update] 删除之前获取录像/命令存储的代码

* [Update] 修改导入失败

* [Update] 迁移文件添加default存储

* [Update] 删除之前代码，添加help_text信息

* [Update] 删除之前代码

* [Update] 删除之前代码

* [Update] 抽象命令/录像存储 APIView

* [Update] 抽象命令/录像存储 APIView 1

* [Update] 抽象命令/录像存储 DictField

* [Update] 抽象命令/录像存储列表页面

* [Update] 修复CustomDictField的bug

* [Update] RemoteApp 页面添加 hidden

* [Update] 用户页面添加用户关联授权

* [Update] 修改存储测试可连接性 target

* [Update] 修改配置

* [Update] 修改存储前端 Form 渲染逻辑

* [Update] 修改存储细节

* [Update] 统一存储类型到 const 文件

* [Update] 修改迁移文件及Model，创建默认存储

* [Update] 修改迁移文件及Model初始化默认数据

* [Update] 修改迁移文件

* [Update] 修改迁移文件

* [Update] 修改迁移文件

* [Update] 修改迁移文件

* [Update] 修改迁移文件

* [Update] 修改迁移文件

* [Update] 修改迁移文件

* [Update] 限制删除默认存储配置，只允许创建扩展的存储类型

* [Update] 修改ip字段长度

* [Update] 修改ip字段长度

* [Update] 修改一些css

* [Update] 修改关联

* [Update] 添加操作日志定时清理

* [Update] 修改记录syslog的instance encoder

* [Update] 忽略登录产生的操作日志

* [Update] 限制更新存储时不覆盖原有AK SK 等字段

* [Update] 修改迁移文件添加comment字段

* [Update] 修改迁移文件

* [Update] 添加 comment 字段

* [Update] 修改默认存储no -> null

* [Update] 修改细节

* [Update] 更新翻译（存储配置

* [Update] 修改定时任务注册，修改系统用户资产、节点关系api

* [Update] 添加监控磁盘任务

* [Update] 修改session

* [Update] 拆分serializer

* [Update] 还原setting原来的manager
---
 apps/applications/serializers/remote_app.py   |   52 +-
 .../remote_app_create_update.html             |    8 +-
 .../applications/remote_app_detail.html       |    7 +-
 apps/assets/api/__init__.py                   |    1 +
 apps/assets/api/admin_user.py                 |    6 +
 apps/assets/api/asset_user.py                 |    4 +-
 apps/assets/api/system_user.py                |    7 +-
 apps/assets/api/system_user_relation.py       |   65 +
 apps/assets/models/base.py                    |    3 +
 apps/assets/serializers/system_user.py        |   47 +
 .../templates/assets/_asset_list_modal.html   |   10 +
 .../assets/templates/assets/_system_user.html |    6 +-
 .../templates/assets/admin_user_assets.html   |    5 -
 .../assets/admin_user_create_update.html      |    6 +-
 .../templates/assets/admin_user_detail.html   |    5 -
 .../templates/assets/asset_bulk_update.html   |    8 +-
 .../assets/templates/assets/asset_detail.html |    2 -
 apps/assets/templates/assets/asset_list.html  |    3 -
 .../templates/assets/cmd_filter_detail.html   |    5 -
 .../assets/cmd_filter_rule_create_update.html |    6 +-
 .../assets/cmd_filter_rule_list.html          |    5 -
 .../assets/domain_create_update.html          |    6 +-
 .../templates/assets/domain_detail.html       |    7 +-
 .../templates/assets/domain_gateway_list.html |    5 -
 .../assets/gateway_create_update.html         |    6 +-
 .../templates/assets/label_create_update.html |    6 +-
 .../templates/assets/system_user_assets.html  |  185 +-
 .../templates/assets/system_user_detail.html  |    5 -
 apps/assets/urls/api_urls.py                  |    2 +
 apps/audits/api.py                            |    2 +-
 .../migrations/0007_auto_20191202_1010.py     |   28 +
 apps/audits/models.py                         |    6 +-
 apps/audits/signals_handler.py                |   18 +-
 apps/audits/tasks.py                          |   14 +-
 .../audits/templates/audits/ftp_log_list.html |    5 +-
 .../templates/audits/operate_log_list.html    |    2 -
 .../audits/password_change_log_list.html      |    2 -
 apps/authentication/backends/api.py           |    2 +-
 apps/authentication/backends/ldap.py          |   18 +-
 apps/authentication/backends/openid/views.py  |    3 +-
 apps/authentication/mixins.py                 |    2 +-
 apps/authentication/views/login.py            |    3 +-
 apps/common/drf/__init__.py                   |    2 +
 apps/common/{ => drf}/filters.py              |    2 +-
 .../{drfmetadata.py => drf/metadata.py}       |    0
 apps/common/{ => drf}/parsers/__init__.py     |    0
 apps/common/{ => drf}/parsers/csv.py          |    2 +-
 apps/common/{ => drf}/renders/__init__.py     |    0
 apps/common/{ => drf}/renders/csv.py          |    2 +-
 apps/common/drf/routers.py                    |   10 +
 apps/common/fields/serializer.py              |   65 +-
 apps/common/mixins/api.py                     |    4 +-
 apps/common/signals_handlers.py               |   17 +-
 apps/common/tasks.py                          |    1 +
 apps/common/utils/common.py                   |    8 +
 apps/common/utils/django.py                   |   17 -
 apps/common/utils/encode.py                   |   36 +
 apps/common/utils/ipip/__init__.py            |    2 +-
 apps/common/utils/ipip/{ipdb.py => utils.py}  |    8 +-
 apps/jumpserver/conf.py                       |  498 ++--
 apps/jumpserver/const.py                      |    9 +
 apps/jumpserver/context_processor.py          |    4 +-
 apps/jumpserver/settings.py                   |  660 ------
 apps/jumpserver/settings/__init__.py          |    8 +
 apps/jumpserver/settings/_xpack.py            |   19 +
 apps/jumpserver/settings/auth.py              |   70 +
 apps/jumpserver/settings/base.py              |  247 ++
 apps/jumpserver/settings/custom.py            |   84 +
 apps/jumpserver/settings/libs.py              |  120 +
 apps/jumpserver/settings/logging.py           |  116 +
 apps/jumpserver/urls.py                       |   21 +-
 apps/jumpserver/views/__init__.py             |    7 +
 apps/jumpserver/{ => views}/celery_flower.py  |    2 +
 apps/jumpserver/{ => views}/error_views.py    |    2 +
 apps/jumpserver/{views.py => views/index.py}  |   67 +-
 apps/jumpserver/views/other.py                |   75 +
 apps/jumpserver/{ => views}/swagger.py        |    2 +-
 apps/locale/zh/LC_MESSAGES/django.mo          |  Bin 83937 -> 83853 bytes
 apps/locale/zh/LC_MESSAGES/django.po          | 2036 +++++++++--------
 apps/ops/api/celery.py                        |   20 +-
 apps/ops/celery/decorator.py                  |   32 +-
 apps/ops/celery/signal_handler.py             |    2 +
 apps/ops/celery/utils.py                      |   38 +-
 apps/ops/serializers/__init__.py              |    5 +
 .../{serializers.py => serializers/adhoc.py}  |   13 +-
 apps/ops/serializers/celery.py                |   29 +
 apps/ops/tasks.py                             |   22 +-
 apps/ops/templates/ops/adhoc_detail.html      |    2 -
 apps/ops/templates/ops/adhoc_history.html     |    2 -
 .../templates/ops/adhoc_history_detail.html   |    2 -
 .../ops/command_execution_create.html         |    3 -
 .../templates/ops/command_execution_list.html |    7 +-
 apps/ops/templates/ops/task_adhoc.html        |    2 -
 apps/ops/templates/ops/task_detail.html       |    2 -
 apps/ops/templates/ops/task_history.html      |    2 -
 apps/ops/urls/api_urls.py                     |    1 +
 apps/ops/utils.py                             |   12 +
 apps/ops/views/celery.py                      |    2 +-
 apps/ops/views/command.py                     |    2 +-
 apps/orgs/mixins/api.py                       |    6 +-
 apps/orgs/models.py                           |    8 +
 apps/perms/api/__init__.py                    |    1 +
 apps/perms/api/asset_permission.py            |  137 +-
 apps/perms/api/asset_permission_relation.py   |  144 ++
 apps/perms/models/base.py                     |   11 +-
 apps/perms/serializers/__init__.py            |    1 +
 apps/perms/serializers/asset_permission.py    |   23 +-
 .../serializers/asset_permission_relation.py  |  128 ++
 .../perms/asset_permission_asset.html         |  226 +-
 .../perms/asset_permission_create_update.html |   17 +-
 .../perms/asset_permission_detail.html        |   83 +-
 .../perms/asset_permission_list.html          |   11 +-
 .../perms/asset_permission_user.html          |  201 +-
 .../remote_app_permission_create_update.html  |    2 -
 .../perms/remote_app_permission_detail.html   |    7 +-
 .../remote_app_permission_remote_app.html     |    6 +-
 .../perms/remote_app_permission_user.html     |    6 +-
 apps/perms/urls/api_urls.py                   |  109 +-
 apps/perms/urls/application_permission.py     |   38 +
 apps/perms/urls/asset_permission.py           |   83 +
 apps/perms/views/asset_permission.py          |   21 +-
 apps/settings/api.py                          |   81 -
 apps/settings/forms.py                        |  289 ---
 apps/settings/forms/__init__.py               |    9 +
 apps/settings/forms/base.py                   |   57 +
 apps/settings/forms/basic.py                  |   24 +
 apps/settings/forms/email.py                  |   65 +
 apps/settings/forms/ldap.py                   |   46 +
 apps/settings/forms/security.py               |   93 +
 apps/settings/forms/terminal.py               |   50 +
 apps/settings/models.py                       |   73 +-
 apps/settings/serializers/__init__.py         |    6 +
 apps/settings/serializers/email.py            |   17 +
 .../{serializers.py => serializers/ldap.py}   |   17 +-
 apps/settings/serializers/public.py           |   10 +
 apps/settings/signals_handler.py              |   56 +-
 .../settings/command_storage_create.html      |  175 --
 .../settings/replay_storage_create.html       |  277 ---
 .../templates/settings/security_setting.html  |    2 +-
 .../templates/settings/terminal_setting.html  |  107 +-
 apps/settings/urls/api_urls.py                |    5 +-
 apps/settings/urls/view_urls.py               |    2 -
 apps/settings/views.py                        |   32 +-
 apps/static/js/jumpserver.js                  |   97 +-
 apps/static/js/plugins/select2/i18n/zh-CN.js  |    2 +
 apps/templates/_base_create_update.html       |    2 -
 apps/templates/_base_list.html                |    4 -
 apps/templates/_foot_js.html                  |    6 +
 apps/templates/_head_css_js.html              |    2 +
 apps/templates/index.html                     |    2 +-
 apps/terminal/api/__init__.py                 |    1 +
 apps/terminal/api/session.py                  |    2 +-
 apps/terminal/api/storage.py                  |   74 +
 apps/terminal/backends/__init__.py            |   15 +-
 apps/terminal/const.py                        |   83 +
 apps/terminal/forms/__init__.py               |    5 +
 apps/terminal/forms/storage.py                |  121 +
 apps/terminal/{forms.py => forms/terminal.py} |   18 +-
 .../0016_commandstorage_replaystorage.py      |   47 +
 .../migrations/0017_auto_20191125_0931.py     |   86 +
 .../migrations/0018_auto_20191202_1010.py     |   67 +
 apps/terminal/models.py                       |  124 +-
 apps/terminal/serializers/__init__.py         |    4 +-
 apps/terminal/serializers/session.py          |   24 +
 apps/terminal/serializers/storage.py          |   73 +
 .../serializers/{v1.py => terminal.py}        |   28 +-
 .../terminal/base_storage_create_update.html  |   59 +
 .../templates/terminal/base_storage_list.html |  130 ++
 .../command_storage_create_update.html        |   30 +
 .../terminal/command_storage_list.html        |   15 +
 .../replay_storage_create_update.html         |   25 +
 .../terminal/replay_storage_list.html         |   14 +
 .../templates/terminal/session_list.html      |    2 -
 .../templates/terminal/terminal_list.html     |    1 +
 .../templates/terminal/terminal_update.html   |    2 -
 apps/terminal/urls/api_urls.py                |    6 +-
 apps/terminal/urls/views_urls.py              |   10 +
 apps/terminal/views/__init__.py               |    4 +
 apps/terminal/views/storage.py                |  179 ++
 apps/tickets/serializers/ticket.py            |    2 -
 apps/users/api/relation.py                    |    4 +-
 apps/users/models/user.py                     |    7 +-
 apps/users/serializers/realtion.py            |    8 +-
 .../users/user_asset_permission.html          |  226 ++
 apps/users/templates/users/user_detail.html   |    5 +-
 .../templates/users/user_granted_asset.html   |    3 +
 .../users/user_group_create_update.html       |    4 -
 .../templates/users/user_group_detail.html    |   11 +-
 apps/users/urls/views_urls.py                 |    1 +
 apps/users/views/__init__.py                  |    1 +
 apps/users/views/profile.py                   |  272 +++
 apps/users/views/user.py                      |  259 +--
 jms                                           |   26 +-
 193 files changed, 5609 insertions(+), 4357 deletions(-)
 create mode 100644 apps/assets/api/system_user_relation.py
 create mode 100644 apps/audits/migrations/0007_auto_20191202_1010.py
 create mode 100644 apps/common/drf/__init__.py
 rename apps/common/{ => drf}/filters.py (99%)
 rename apps/common/{drfmetadata.py => drf/metadata.py} (100%)
 rename apps/common/{ => drf}/parsers/__init__.py (100%)
 rename apps/common/{ => drf}/parsers/csv.py (98%)
 rename apps/common/{ => drf}/renders/__init__.py (100%)
 rename apps/common/{ => drf}/renders/csv.py (98%)
 create mode 100644 apps/common/drf/routers.py
 rename apps/common/utils/ipip/{ipdb.py => utils.py} (61%)
 delete mode 100644 apps/jumpserver/settings.py
 create mode 100644 apps/jumpserver/settings/__init__.py
 create mode 100644 apps/jumpserver/settings/_xpack.py
 create mode 100644 apps/jumpserver/settings/auth.py
 create mode 100644 apps/jumpserver/settings/base.py
 create mode 100644 apps/jumpserver/settings/custom.py
 create mode 100644 apps/jumpserver/settings/libs.py
 create mode 100644 apps/jumpserver/settings/logging.py
 create mode 100644 apps/jumpserver/views/__init__.py
 rename apps/jumpserver/{ => views}/celery_flower.py (95%)
 rename apps/jumpserver/{ => views}/error_views.py (94%)
 rename apps/jumpserver/{views.py => views/index.py} (75%)
 create mode 100644 apps/jumpserver/views/other.py
 rename apps/jumpserver/{ => views}/swagger.py (98%)
 create mode 100644 apps/ops/serializers/__init__.py
 rename apps/ops/{serializers.py => serializers/adhoc.py} (88%)
 create mode 100644 apps/ops/serializers/celery.py
 create mode 100644 apps/perms/api/asset_permission_relation.py
 create mode 100644 apps/perms/serializers/asset_permission_relation.py
 create mode 100644 apps/perms/urls/application_permission.py
 create mode 100644 apps/perms/urls/asset_permission.py
 delete mode 100644 apps/settings/forms.py
 create mode 100644 apps/settings/forms/__init__.py
 create mode 100644 apps/settings/forms/base.py
 create mode 100644 apps/settings/forms/basic.py
 create mode 100644 apps/settings/forms/email.py
 create mode 100644 apps/settings/forms/ldap.py
 create mode 100644 apps/settings/forms/security.py
 create mode 100644 apps/settings/forms/terminal.py
 create mode 100644 apps/settings/serializers/__init__.py
 create mode 100644 apps/settings/serializers/email.py
 rename apps/settings/{serializers.py => serializers/ldap.py} (54%)
 create mode 100644 apps/settings/serializers/public.py
 delete mode 100644 apps/settings/templates/settings/command_storage_create.html
 delete mode 100644 apps/settings/templates/settings/replay_storage_create.html
 create mode 100644 apps/static/js/plugins/select2/i18n/zh-CN.js
 create mode 100644 apps/terminal/api/storage.py
 create mode 100644 apps/terminal/forms/__init__.py
 create mode 100644 apps/terminal/forms/storage.py
 rename apps/terminal/{forms.py => forms/terminal.py} (69%)
 create mode 100644 apps/terminal/migrations/0016_commandstorage_replaystorage.py
 create mode 100644 apps/terminal/migrations/0017_auto_20191125_0931.py
 create mode 100644 apps/terminal/migrations/0018_auto_20191202_1010.py
 create mode 100644 apps/terminal/serializers/session.py
 create mode 100644 apps/terminal/serializers/storage.py
 rename apps/terminal/serializers/{v1.py => terminal.py} (55%)
 create mode 100644 apps/terminal/templates/terminal/base_storage_create_update.html
 create mode 100644 apps/terminal/templates/terminal/base_storage_list.html
 create mode 100644 apps/terminal/templates/terminal/command_storage_create_update.html
 create mode 100644 apps/terminal/templates/terminal/command_storage_list.html
 create mode 100644 apps/terminal/templates/terminal/replay_storage_create_update.html
 create mode 100644 apps/terminal/templates/terminal/replay_storage_list.html
 create mode 100644 apps/terminal/views/storage.py
 create mode 100644 apps/users/templates/users/user_asset_permission.html
 create mode 100644 apps/users/views/profile.py

diff --git a/apps/applications/serializers/remote_app.py b/apps/applications/serializers/remote_app.py
index 168a02280..a6c1c557c 100644
--- a/apps/applications/serializers/remote_app.py
+++ b/apps/applications/serializers/remote_app.py
@@ -5,6 +5,7 @@
 from rest_framework import serializers
 
 from common.serializers import AdaptedBulkListSerializer
+from common.fields.serializer import CustomMetaDictField
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 
 from .. import const
@@ -16,54 +17,9 @@ __all__ = [
 ]
 
 
-class RemoteAppParamsDictField(serializers.DictField):
-    """
-    RemoteApp field => params
-    """
-    @staticmethod
-    def filter_attribute(attribute, instance):
-        """
-        过滤掉params字段值中write_only特性的key-value值
-        For example, the chrome_password field is not returned when serializing
-        {
-            'chrome_target': 'http://www.jumpserver.org/',
-            'chrome_username': 'admin',
-            'chrome_password': 'admin',
-        }
-        """
-        for field in const.REMOTE_APP_TYPE_MAP_FIELDS[instance.type]:
-            if field.get('write_only', False):
-                attribute.pop(field['name'], None)
-        return attribute
-
-    def get_attribute(self, instance):
-        """
-        序列化时调用
-        """
-        attribute = super().get_attribute(instance)
-        attribute = self.filter_attribute(attribute, instance)
-        return attribute
-
-    @staticmethod
-    def filter_value(dictionary, value):
-        """
-        过滤掉不属于当前app_type所包含的key-value值
-        """
-        app_type = dictionary.get('type', const.REMOTE_APP_TYPE_CHROME)
-        fields = const.REMOTE_APP_TYPE_MAP_FIELDS[app_type]
-        fields_names = [field['name'] for field in fields]
-        no_need_keys = [k for k in value.keys() if k not in fields_names]
-        for k in no_need_keys:
-            value.pop(k)
-        return value
-
-    def get_value(self, dictionary):
-        """
-        反序列化时调用
-        """
-        value = super().get_value(dictionary)
-        value = self.filter_value(dictionary, value)
-        return value
+class RemoteAppParamsDictField(CustomMetaDictField):
+    type_map_fields = const.REMOTE_APP_TYPE_MAP_FIELDS
+    default_type = const.REMOTE_APP_TYPE_CHROME
 
 
 class RemoteAppSerializer(BulkOrgResourceModelSerializer):
diff --git a/apps/applications/templates/applications/remote_app_create_update.html b/apps/applications/templates/applications/remote_app_create_update.html
index b193dfff5..ad7a65545 100644
--- a/apps/applications/templates/applications/remote_app_create_update.html
+++ b/apps/applications/templates/applications/remote_app_create_update.html
@@ -19,14 +19,14 @@
         <div class="hr-line-dashed"></div>
 
         {# chrome #}
-        <div class="chrome-fields">
+        <div class="chrome-fields hidden">
         {% bootstrap_field form.chrome_target layout="horizontal" %}
         {% bootstrap_field form.chrome_username layout="horizontal" %}
         {% bootstrap_field form.chrome_password layout="horizontal" %}
         </div>
 
         {# mysql workbench #}
-        <div class="mysql_workbench-fields">
+        <div class="mysql_workbench-fields hidden">
             {% bootstrap_field form.mysql_workbench_ip layout="horizontal" %}
             {% bootstrap_field form.mysql_workbench_name layout="horizontal" %}
             {% bootstrap_field form.mysql_workbench_username layout="horizontal" %}
@@ -34,14 +34,14 @@
         </div>
 
         {# vmware #}
-        <div class="vmware_client-fields">
+        <div class="vmware_client-fields hidden">
         {% bootstrap_field form.vmware_target layout="horizontal" %}
         {% bootstrap_field form.vmware_username layout="horizontal" %}
         {% bootstrap_field form.vmware_password layout="horizontal" %}
         </div>
 
         {# custom #}
-        <div class="custom-fields">
+        <div class="custom-fields hidden">
         {% bootstrap_field form.custom_cmdline layout="horizontal" %}
         {% bootstrap_field form.custom_target layout="horizontal" %}
         {% bootstrap_field form.custom_username layout="horizontal" %}
diff --git a/apps/applications/templates/applications/remote_app_detail.html b/apps/applications/templates/applications/remote_app_detail.html
index 19105da89..da7c2e72d 100644
--- a/apps/applications/templates/applications/remote_app_detail.html
+++ b/apps/applications/templates/applications/remote_app_detail.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
@@ -102,4 +97,4 @@ $(document).ready(function () {
     objectDelete($this, name, the_url, redirect_url);
 })
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/assets/api/__init__.py b/apps/assets/api/__init__.py
index e7126878d..342f71bd4 100644
--- a/apps/assets/api/__init__.py
+++ b/apps/assets/api/__init__.py
@@ -2,6 +2,7 @@ from .admin_user import *
 from .asset import *
 from .label import *
 from .system_user import *
+from .system_user_relation import *
 from .node import *
 from .domain import *
 from .cmd_filter import *
diff --git a/apps/assets/api/admin_user.py b/apps/assets/api/admin_user.py
index b91f10c65..52b05fcd4 100644
--- a/apps/assets/api/admin_user.py
+++ b/apps/assets/api/admin_user.py
@@ -14,6 +14,7 @@
 # limitations under the License.
 
 from django.db import transaction
+from django.db.models import Count
 from django.shortcuts import get_object_or_404
 from rest_framework.response import Response
 from orgs.mixins.api import OrgBulkModelViewSet
@@ -44,6 +45,11 @@ class AdminUserViewSet(OrgBulkModelViewSet):
     serializer_class = serializers.AdminUserSerializer
     permission_classes = (IsOrgAdmin,)
 
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.annotate(_assets_amount=Count('assets'))
+        return queryset
+
 
 class AdminUserAuthApi(generics.UpdateAPIView):
     model = AdminUser
diff --git a/apps/assets/api/asset_user.py b/apps/assets/api/asset_user.py
index a07544e57..a3b9d8906 100644
--- a/apps/assets/api/asset_user.py
+++ b/apps/assets/api/asset_user.py
@@ -114,7 +114,7 @@ class AssetUserExportViewSet(AssetUserViewSet):
     permission_classes = [IsOrgAdminOrAppUser]
 
     def get_permissions(self):
-        if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA:
+        if settings.SECURITY_VIEW_AUTH_NEED_MFA:
             self.permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
         return super().get_permissions()
 
@@ -124,7 +124,7 @@ class AssetUserAuthInfoApi(generics.RetrieveAPIView):
     permission_classes = [IsOrgAdminOrAppUser]
 
     def get_permissions(self):
-        if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA:
+        if settings.SECURITY_VIEW_AUTH_NEED_MFA:
             self.permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
         return super().get_permissions()
 
diff --git a/apps/assets/api/system_user.py b/apps/assets/api/system_user.py
index f1213f0a3..e3dddd6f5 100644
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -14,8 +14,8 @@
 # limitations under the License.
 
 from django.shortcuts import get_object_or_404
-from django.conf import settings
 from rest_framework.response import Response
+from django.db.models import Count
 
 from common.serializers import CeleryTaskSerializer
 from common.utils import get_logger
@@ -50,6 +50,11 @@ class SystemUserViewSet(OrgBulkModelViewSet):
     serializer_class = serializers.SystemUserSerializer
     permission_classes = (IsOrgAdminOrAppUser,)
 
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.annotate(_assets_amount=Count('assets'))
+        return queryset
+
 
 class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
     """
diff --git a/apps/assets/api/system_user_relation.py b/apps/assets/api/system_user_relation.py
new file mode 100644
index 000000000..de88cfe38
--- /dev/null
+++ b/apps/assets/api/system_user_relation.py
@@ -0,0 +1,65 @@
+# -*- coding: utf-8 -*-
+#
+from django.db.models import F, Value
+from django.db.models.functions import Concat
+
+from common.permissions import IsOrgAdmin
+from orgs.mixins.api import OrgBulkModelViewSet
+from orgs.utils import current_org
+from .. import models, serializers
+
+__all__ = ['SystemUserAssetRelationViewSet', 'SystemUserNodeRelationViewSet']
+
+
+class RelationMixin(OrgBulkModelViewSet):
+    def get_queryset(self):
+        queryset = self.model.objects.all()
+        org_id = current_org.org_id()
+        if org_id is not None:
+            queryset = queryset.filter(systemuser__org_id=org_id)
+        queryset = queryset.annotate(systemuser_display=Concat(
+            F('systemuser__name'), Value('('), F('systemuser__username'),
+            Value(')')
+        ))
+        return queryset
+
+
+class SystemUserAssetRelationViewSet(RelationMixin):
+    serializer_class = serializers.SystemUserAssetRelationSerializer
+    model = models.SystemUser.assets.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', 'asset', 'systemuser',
+    ]
+    search_fields = [
+        "id", "asset__hostname", "asset__ip",
+        "systemuser__name", "systemuser__username"
+    ]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.annotate(
+            asset_display=Concat(
+                F('asset__hostname'), Value('('),
+                F('asset__ip'), Value(')')
+            )
+        )
+        return queryset
+
+
+class SystemUserNodeRelationViewSet(RelationMixin):
+    serializer_class = serializers.SystemUserNodeRelationSerializer
+    model = models.SystemUser.nodes.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', 'node', 'systemuser',
+    ]
+    search_fields = [
+        "node__value", "systemuser__name", "systemuser_username"
+    ]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset \
+            .annotate(node_key=F('node__key'))
+        return queryset
diff --git a/apps/assets/models/base.py b/apps/assets/models/base.py
index 2e591c940..b49813c27 100644
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -41,6 +41,7 @@ class AssetUser(OrgModelMixin):
     ASSET_USER_CACHE_TIME = 3600 * 24
 
     _prefer = "system_user"
+    _assets_amount = None
 
     @property
     def private_key_obj(self):
@@ -143,6 +144,8 @@ class AssetUser(OrgModelMixin):
 
     @property
     def assets_amount(self):
+        if self._assets_amount is not None:
+            return self._assets_amount
         cache_key = self.ASSETS_AMOUNT_CACHE_KEY.format(self.id)
         cached = cache.get(cache_key)
         if not cached:
diff --git a/apps/assets/serializers/system_user.py b/apps/assets/serializers/system_user.py
index 648af01a7..2eedc15d8 100644
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -4,8 +4,10 @@ from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 
 from common.serializers import AdaptedBulkListSerializer
+from common.mixins.serializers import BulkSerializerMixin
 from common.utils import ssh_pubkey_gen
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
+from assets.models import Node
 from ..models import SystemUser
 from ..const import (
     GENERAL_FORBIDDEN_SPECIAL_CHARACTERS_PATTERN,
@@ -13,6 +15,12 @@ from ..const import (
 )
 from .base import AuthSerializer, AuthSerializerMixin
 
+__all__ = [
+    'SystemUserSerializer', 'SystemUserAuthSerializer',
+    'SystemUserSimpleSerializer', 'SystemUserAssetRelationSerializer',
+    'SystemUserNodeRelationSerializer',
+]
+
 
 class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
     """
@@ -143,4 +151,43 @@ class SystemUserSimpleSerializer(serializers.ModelSerializer):
         fields = ('id', 'name', 'username')
 
 
+class RelationMixin(BulkSerializerMixin, serializers.Serializer):
+    systemuser_display = serializers.ReadOnlyField()
 
+    def get_field_names(self, declared_fields, info):
+        fields = super().get_field_names(declared_fields, info)
+        fields.extend(['systemuser', "systemuser_display"])
+        return fields
+
+    class Meta:
+        list_serializer_class = AdaptedBulkListSerializer
+
+
+class SystemUserAssetRelationSerializer(RelationMixin, serializers.ModelSerializer):
+    asset_display = serializers.ReadOnlyField()
+
+    class Meta(RelationMixin.Meta):
+        model = SystemUser.assets.through
+        fields = [
+            'id', "asset", "asset_display",
+        ]
+
+
+class SystemUserNodeRelationSerializer(RelationMixin, serializers.ModelSerializer):
+    node_display = serializers.SerializerMethodField()
+
+    class Meta(RelationMixin.Meta):
+        model = SystemUser.nodes.through
+        fields = [
+            'id', 'node', "node_display",
+        ]
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.tree = Node.tree()
+
+    def get_node_display(self, obj):
+        if hasattr(obj, 'node_key'):
+            return self.tree.get_node_full_tag(obj.node_key)
+        else:
+            return obj.node.full_value
diff --git a/apps/assets/templates/assets/_asset_list_modal.html b/apps/assets/templates/assets/_asset_list_modal.html
index 7c3e03f17..a50934e9c 100644
--- a/apps/assets/templates/assets/_asset_list_modal.html
+++ b/apps/assets/templates/assets/_asset_list_modal.html
@@ -190,6 +190,16 @@ function setAssetModalOptions(options) {
     assetModalOption = options;
 }
 
+function initAssetTreeModel(selector) {
+    $(selector).parent().find(".select2-selection").on('click', function (e) {
+        if ($(e.target).attr('class') !== 'select2-selection__choice__remove'){
+            e.preventDefault();
+            e.stopPropagation();
+            $("#asset_list_modal").modal();
+        }
+    })
+}
+
 
 $(document).ready(function(){
 
diff --git a/apps/assets/templates/assets/_system_user.html b/apps/assets/templates/assets/_system_user.html
index 078877cfa..3d1223ea2 100644
--- a/apps/assets/templates/assets/_system_user.html
+++ b/apps/assets/templates/assets/_system_user.html
@@ -2,10 +2,6 @@
 {% load i18n %}
 {% load static %}
 {% load bootstrap3 %}
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
@@ -247,4 +243,4 @@ $(document).ready(function () {
 })
 
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/assets/templates/assets/admin_user_assets.html b/apps/assets/templates/assets/admin_user_assets.html
index a2a52e0e2..e77cbb689 100644
--- a/apps/assets/templates/assets/admin_user_assets.html
+++ b/apps/assets/templates/assets/admin_user_assets.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
diff --git a/apps/assets/templates/assets/admin_user_create_update.html b/apps/assets/templates/assets/admin_user_create_update.html
index c94a67a9e..213f038d1 100644
--- a/apps/assets/templates/assets/admin_user_create_update.html
+++ b/apps/assets/templates/assets/admin_user_create_update.html
@@ -2,10 +2,6 @@
 {% load i18n %}
 {% load static %}
 {% load bootstrap3 %}
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
@@ -87,4 +83,4 @@ $(document).ready(function () {
     })
 })
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/assets/templates/assets/admin_user_detail.html b/apps/assets/templates/assets/admin_user_detail.html
index 66480a2cb..e3f618d93 100644
--- a/apps/assets/templates/assets/admin_user_detail.html
+++ b/apps/assets/templates/assets/admin_user_detail.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
diff --git a/apps/assets/templates/assets/asset_bulk_update.html b/apps/assets/templates/assets/asset_bulk_update.html
index 08df48e91..207d5eb52 100644
--- a/apps/assets/templates/assets/asset_bulk_update.html
+++ b/apps/assets/templates/assets/asset_bulk_update.html
@@ -32,13 +32,7 @@
 <script>
     $(document).ready(function () {
         $('.select2').select2();
-        $("#id_assets").parent().find(".select2-selection").on('click', function (e) {
-            if ($(e.target).attr('class') !== 'select2-selection__choice__remove'){
-                e.preventDefault();
-                e.stopPropagation();
-                $("#asset_list_modal").modal();
-            }
-        })
+        initAssetTreeModel("#id_assets");
     }).on('click', '.field-tag', function() {
         changeField(this);
     }).on('click', '#change_all', function () {
diff --git a/apps/assets/templates/assets/asset_detail.html b/apps/assets/templates/assets/asset_detail.html
index b0d35f382..3cbfe96ed 100644
--- a/apps/assets/templates/assets/asset_detail.html
+++ b/apps/assets/templates/assets/asset_detail.html
@@ -3,9 +3,7 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
     <link href='{% static "css/plugins/sweetalert/sweetalert.css" %}' rel="stylesheet">
-    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
     <script src='{% static "js/plugins/sweetalert/sweetalert.min.js" %}'></script>
 {% endblock %}
 
diff --git a/apps/assets/templates/assets/asset_list.html b/apps/assets/templates/assets/asset_list.html
index d52532848..a014cbcb4 100644
--- a/apps/assets/templates/assets/asset_list.html
+++ b/apps/assets/templates/assets/asset_list.html
@@ -382,9 +382,6 @@ $(document).ready(function(){
     var data = {
         'resources': id_list
     };
-    function refreshPage() {
-        setTimeout( function () {window.location.reload();}, 300);
-    }
 
     function reloadTable() {
         asset_table.ajax.reload();
diff --git a/apps/assets/templates/assets/cmd_filter_detail.html b/apps/assets/templates/assets/cmd_filter_detail.html
index 8ef5d5b75..24e192253 100644
--- a/apps/assets/templates/assets/cmd_filter_detail.html
+++ b/apps/assets/templates/assets/cmd_filter_detail.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
-    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
diff --git a/apps/assets/templates/assets/cmd_filter_rule_create_update.html b/apps/assets/templates/assets/cmd_filter_rule_create_update.html
index 2edaa97dc..21279b410 100644
--- a/apps/assets/templates/assets/cmd_filter_rule_create_update.html
+++ b/apps/assets/templates/assets/cmd_filter_rule_create_update.html
@@ -2,10 +2,6 @@
 {% load i18n %}
 {% load static %}
 {% load bootstrap3 %}
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
@@ -91,4 +87,4 @@ $(document).ready(function(){
     formSubmit(props);
 })
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/assets/templates/assets/cmd_filter_rule_list.html b/apps/assets/templates/assets/cmd_filter_rule_list.html
index 4bdf5ff2b..6076cb2ac 100644
--- a/apps/assets/templates/assets/cmd_filter_rule_list.html
+++ b/apps/assets/templates/assets/cmd_filter_rule_list.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
-    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
diff --git a/apps/assets/templates/assets/domain_create_update.html b/apps/assets/templates/assets/domain_create_update.html
index 96bfd02aa..39939c8ca 100644
--- a/apps/assets/templates/assets/domain_create_update.html
+++ b/apps/assets/templates/assets/domain_create_update.html
@@ -25,9 +25,7 @@
 <script type="text/javascript">
 $(document).ready(function () {
     $('.select2').select2().off("select2:open");
-}).on('click', '.select2-selection__rendered', function (e) {
-    e.preventDefault();
-    $("#asset_list_modal").modal();
+    initAssetTreeModel('#id_assets');
 })
 .on("submit", "form", function (evt) {
     evt.preventDefault();
@@ -51,4 +49,4 @@ $(document).ready(function () {
     formSubmit(props);
  })
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/assets/templates/assets/domain_detail.html b/apps/assets/templates/assets/domain_detail.html
index c05e0ed80..5b01c30fe 100644
--- a/apps/assets/templates/assets/domain_detail.html
+++ b/apps/assets/templates/assets/domain_detail.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
-    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
@@ -138,4 +133,4 @@ $(document).ready(function(){
 })
 ;
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/assets/templates/assets/domain_gateway_list.html b/apps/assets/templates/assets/domain_gateway_list.html
index 79636a2bc..8917ef810 100644
--- a/apps/assets/templates/assets/domain_gateway_list.html
+++ b/apps/assets/templates/assets/domain_gateway_list.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
-    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
diff --git a/apps/assets/templates/assets/gateway_create_update.html b/apps/assets/templates/assets/gateway_create_update.html
index 315302b6f..43dc07b1b 100644
--- a/apps/assets/templates/assets/gateway_create_update.html
+++ b/apps/assets/templates/assets/gateway_create_update.html
@@ -2,10 +2,6 @@
 {% load i18n %}
 {% load static %}
 {% load bootstrap3 %}
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
@@ -125,4 +121,4 @@ $(document).ready(function(){
     protocolChange();
 });
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/assets/templates/assets/label_create_update.html b/apps/assets/templates/assets/label_create_update.html
index 41646003c..62732d6ba 100644
--- a/apps/assets/templates/assets/label_create_update.html
+++ b/apps/assets/templates/assets/label_create_update.html
@@ -29,9 +29,7 @@ $(document).ready(function () {
     $('.select2').select2({
         closeOnSelect: false
     })
-}).on('click', '.select2-selection__rendered', function (e) {
-    e.preventDefault();
-    $("#asset_list_modal").modal();
+    initAssetTreeModel("#id_assets");
 })
 .on("submit", "form", function (evt) {
     evt.preventDefault();
@@ -55,4 +53,4 @@ $(document).ready(function () {
     formSubmit(props);
 })
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/assets/templates/assets/system_user_assets.html b/apps/assets/templates/assets/system_user_assets.html
index 4229d12ab..ec024c1a7 100644
--- a/apps/assets/templates/assets/system_user_assets.html
+++ b/apps/assets/templates/assets/system_user_assets.html
@@ -4,9 +4,13 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+    <style>
+    .table.node_edit {
+        margin-bottom: 0;
+    }
+    </style>
 {% endblock %}
+
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
@@ -98,15 +102,8 @@
                                                 </td>
                                             </tr>
                                         </form>
-
-                                        {% for node in system_user.nodes.all|sort %}
-                                        <tr>
-                                          <td ><b class="bdg_node" data-gid={{ node.id }}>{{ node.full_value }}</b></td>
-                                          <td>
-                                              <button class="btn btn-danger pull-right btn-xs btn-remove-from-node" type="button"><i class="fa fa-minus"></i></button>
-                                          </td>
-                                        </tr>
-                                        {% endfor %}
+                                        <table class="table" id="node_list_table">
+                                        </table>
                                         </tbody>
                                     </table>
                                 </div>
@@ -120,91 +117,115 @@
 {% endblock %}
 {% block custom_foot_js %}
 <script>
+var assetsRelationUrl = "{% url 'api-assets:system-users-assets-relation-list' %}";
+var nodesRelationUrl = "{% url 'api-assets:system-users-nodes-relation-list' %}";
 
-function updateSystemUserNode(nodes) {
-    var the_url = "{% url 'api-assets:system-user-detail' pk=system_user.id %}";
-    var body = {
-        nodes: Object.assign([], nodes)
-    };
-    var success = function(data) {
-        // remove all the selected groups from select > option and rendered ul element;
-        $('.select2-selection__rendered').empty();
-        $('#node_selected').val('');
-        $.map(jumpserver.nodes_selected, function(node_name, index) {
-            $('#opt_' + index).remove();
-            // change tr html of user groups.
-            $('.node_edit tbody').append(
-                '<tr>' +
-                '<td><b class="bdg_node" data-gid="' + index + '">' + node_name + '</b></td>' +
-                '<td><button class="btn btn-danger btn-xs pull-right btn-remove-from-node" type="button"><i class="fa fa-minus"></i></button></td>' +
-                '</tr>'
-            )
-        });
-        // clear jumpserver.nodes_selected
-        jumpserver.nodes_selected = {};
-    };
+function getRelationUrl(type) {
+    var theUrl = "";
+    switch (type) {
+        case "asset":
+            theUrl = assetsRelationUrl;
+            break;
+        case "node":
+            theUrl = nodesRelationUrl;
+            break;
+    }
+    return theUrl;
+}
+
+function addObjects(objectsId, type) {
+    if (!objectsId || objectsId.length === 0) {
+        return
+    }
+    var theUrl = getRelationUrl(type);
+    var body = [];
+    objectsId.forEach(function (v) {
+        var data = {systemuser: "{{ object.id }}"};
+        data[type] = v;
+        body.push(data)
+    });
     requestApi({
-        url: the_url,
+        url: theUrl,
         body: JSON.stringify(body),
+        method: "POST",
+        success: reloadPage
+    });
+}
+
+function removeObject(objectId, type, success) {
+    if (!objectId)  {
+        return
+    }
+    var theUrl = getRelationUrl(type);
+    theUrl = setUrlParam(theUrl, 'systemuser', "{{ object.id }}");
+    theUrl = setUrlParam(theUrl, type, objectId);
+    if (!success) {
+        success = reloadPage
+    }
+    requestApi({
+        url: theUrl,
+        method: "DELETE",
         success: success
     });
 }
-jumpserver.nodes_selected = {};
+
+function initNodeTable() {
+    var theUrl = setUrlParam(nodesRelationUrl, "systemuser", "{{ object.id }}");
+    var options = {
+        ele: $('#node_list_table'),
+        toggle: true,
+        columnDefs: [
+             {targets: 1, createdCell: function (td, cellData) {
+                  var removeBtn = '<button class="btn btn-danger pull-right btn-xs btn-remove-from-node" data-uid="UID" type="button"><i class="fa fa-minus"></i></button>'
+                      .replace('UID', cellData);
+		  		  $(td).html(removeBtn);
+             }}
+        ],
+        ajax_url: theUrl,
+        dom: "trp",
+        hideDefaultDefs: true,
+        columns: [
+            {data: "node_display", orderable: false},
+            {data: "node", orderable: false},
+        ],
+    };
+    table = jumpserver.initServerSideDataTable(options);
+    return table
+}
+
 
 $(document).ready(function () {
-	$('.select2').select2()
-    nodesSelect2Init(".nodes-select2")
-	.on('select2:select', function(evt) {
-            var data = evt.params.data;
-            jumpserver.nodes_selected[data.id] = data.text;
-    })
-    .on('select2:unselect', function(evt) {
-        var data = evt.params.data;
-        delete jumpserver.nodes_selected[data.id];
-    });
+	$('.select2').select2();
+    nodesSelect2Init(".nodes-select2");
 	assetUserListUrl = setUrlParam(assetUserListUrl, "system_user_id", "{{ system_user.id }}");
     needPush = true;
     initAssetUserTable();
-
+    initNodeTable();
 })
 .on('click', '.btn-remove-from-node', function() {
     var $this = $(this);
-    var $tr = $this.closest('tr');
-    var $badge = $tr.find('.bdg_node');
-    var gid = $badge.data('gid');
-    var node_name = $badge.html() || $badge.text();
-    $('#groups_selected').append(
-        '<option value="' + gid + '" id="opt_' + gid + '">' + node_name + '</option>'
-    );
-    $tr.remove();
-    var nodes = $('.bdg_node').map(function () {
-        return $(this).data('gid');
-    }).get();
-    updateSystemUserNode(nodes);
+    var nodeId = $(this).data('uid');
+    var success = function() {
+        var $tr = $this.closest('tr');
+        $tr.remove();
+    };
+    removeObject(nodeId, "node", success)
 })
 .on('click', '#btn-add-to-node', function() {
-    if (Object.keys(jumpserver.nodes_selected).length === 0) {
-        return false;
-    }
-    var nodes = $('.bdg_node').map(function() {
-        return $(this).data('gid');
-    }).get();
-    $.map(jumpserver.nodes_selected, function(value, index) {
-        nodes.push(index);
-    });
-    updateSystemUserNode(nodes);
+    var nodes = $("#node_selected").val();
+    addObjects(nodes, "node");
 })
 .on('click', '.btn-push', function () {
-    var the_url = "{% url 'api-assets:system-user-push' pk=system_user.id %}";
+    var theUrl = "{% url 'api-assets:system-user-push' pk=system_user.id %}";
     var error = function (data) {
         alert(data)
     };
     var success = function (data) {
-        var task_id = data.task;
-        showCeleryTaskLog(task_id);
+        var taskId = data.task;
+        showCeleryTaskLog(taskId);
     };
     requestApi({
-        url: the_url,
+        url: theUrl,
         error: error,
         method: 'GET',
         success: success
@@ -213,39 +234,37 @@ $(document).ready(function () {
 .on('click', '.btn-push-auth', function () {
     var $this = $(this);
     var asset_id = $this.data('asset');
-    var the_url = "{% url 'api-assets:system-user-push-to-asset' pk=object.id aid=DEFAULT_PK %}";
-    the_url = the_url.replace("{{ DEFAULT_PK }}", asset_id);
+    var theUrl = "{% url 'api-assets:system-user-push-to-asset' pk=object.id aid=DEFAULT_PK %}";
+    theUrl = theUrl.replace("{{ DEFAULT_PK }}", asset_id);
     var success = function (data) {
-        var task_id = data.task;
-        showCeleryTaskLog(task_id);
+        var taskId = data.task;
+        showCeleryTaskLog(taskId);
     };
     var error = function (data) {
         alert(data)
     };
     requestApi({
-        url: the_url,
+        url: theUrl,
         method: 'GET',
         success: success,
         error: error
     })
 })
 .on('click', '.btn-test-connective', function () {
-    var the_url = "{% url 'api-assets:system-user-connective' pk=system_user.id %}";
+    var theUrl = "{% url 'api-assets:system-user-connective' pk=system_user.id %}";
     var error = function (data) {
         alert(data)
     };
     var success = function (data) {
-        var task_id = data.task;
-        showCeleryTaskLog(task_id);
+        var taskId = data.task;
+        showCeleryTaskLog(taskId);
     };
     requestApi({
-        url: the_url,
+        url: theUrl,
         error: error,
         method: 'GET',
         success: success
     });
 })
-
-
 </script>
 {% endblock %}
diff --git a/apps/assets/templates/assets/system_user_detail.html b/apps/assets/templates/assets/system_user_detail.html
index 9c0557fde..8e05cf604 100644
--- a/apps/assets/templates/assets/system_user_detail.html
+++ b/apps/assets/templates/assets/system_user_detail.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
-    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
diff --git a/apps/assets/urls/api_urls.py b/apps/assets/urls/api_urls.py
index 35651429b..055f2dc7a 100644
--- a/apps/assets/urls/api_urls.py
+++ b/apps/assets/urls/api_urls.py
@@ -23,6 +23,8 @@ router.register(r'asset-users', api.AssetUserViewSet, 'asset-user')
 router.register(r'asset-users-info', api.AssetUserExportViewSet, 'asset-user-info')
 router.register(r'gathered-users', api.GatheredUserViewSet, 'gathered-user')
 router.register(r'favorite-assets', api.FavoriteAssetViewSet, 'favorite-asset')
+router.register(r'system-users-assets-relations', api.SystemUserAssetRelationViewSet, 'system-users-assets-relation')
+router.register(r'system-users-nodes-relations', api.SystemUserNodeRelationViewSet, 'system-users-nodes-relation')
 
 cmd_filter_router = routers.NestedDefaultRouter(router, r'cmd-filters', lookup='filter')
 cmd_filter_router.register(r'rules', api.CommandFilterRuleViewSet, 'cmd-filter-rule')
diff --git a/apps/audits/api.py b/apps/audits/api.py
index 4d7165b4b..3677a8e8e 100644
--- a/apps/audits/api.py
+++ b/apps/audits/api.py
@@ -11,4 +11,4 @@ class FTPLogViewSet(OrgModelViewSet):
     model = FTPLog
     serializer_class = FTPLogSerializer
     permission_classes = (IsOrgAdminOrAppUser | IsOrgAuditor,)
-
+    http_method_names = ['get', 'post', 'head', 'options']
diff --git a/apps/audits/migrations/0007_auto_20191202_1010.py b/apps/audits/migrations/0007_auto_20191202_1010.py
new file mode 100644
index 000000000..3c355ff69
--- /dev/null
+++ b/apps/audits/migrations/0007_auto_20191202_1010.py
@@ -0,0 +1,28 @@
+# Generated by Django 2.2.7 on 2019-12-02 02:10
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('audits', '0006_auto_20190726_1753'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='ftplog',
+            name='remote_addr',
+            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Remote addr'),
+        ),
+        migrations.AlterField(
+            model_name='operatelog',
+            name='remote_addr',
+            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Remote addr'),
+        ),
+        migrations.AlterField(
+            model_name='passwordchangelog',
+            name='remote_addr',
+            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Remote addr'),
+        ),
+    ]
diff --git a/apps/audits/models.py b/apps/audits/models.py
index eb3489a7c..81866bb1d 100644
--- a/apps/audits/models.py
+++ b/apps/audits/models.py
@@ -16,7 +16,7 @@ __all__ = [
 class FTPLog(OrgModelMixin):
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
     user = models.CharField(max_length=128, verbose_name=_('User'))
-    remote_addr = models.CharField(max_length=15, verbose_name=_("Remote addr"), blank=True, null=True)
+    remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True)
     asset = models.CharField(max_length=1024, verbose_name=_("Asset"))
     system_user = models.CharField(max_length=128, verbose_name=_("System user"))
     operate = models.CharField(max_length=16, verbose_name=_("Operate"))
@@ -39,7 +39,7 @@ class OperateLog(OrgModelMixin):
     action = models.CharField(max_length=16, choices=ACTION_CHOICES, verbose_name=_("Action"))
     resource_type = models.CharField(max_length=64, verbose_name=_("Resource Type"))
     resource = models.CharField(max_length=128, verbose_name=_("Resource"))
-    remote_addr = models.CharField(max_length=15, verbose_name=_("Remote addr"), blank=True, null=True)
+    remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True)
     datetime = models.DateTimeField(auto_now=True)
 
     def __str__(self):
@@ -50,7 +50,7 @@ class PasswordChangeLog(models.Model):
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
     user = models.CharField(max_length=128, verbose_name=_('User'))
     change_by = models.CharField(max_length=128, verbose_name=_("Change by"))
-    remote_addr = models.CharField(max_length=15, verbose_name=_("Remote addr"), blank=True, null=True)
+    remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True)
     datetime = models.DateTimeField(auto_now=True)
 
     def __str__(self):
diff --git a/apps/audits/signals_handler.py b/apps/audits/signals_handler.py
index 95ce8c05b..a1c17a8bc 100644
--- a/apps/audits/signals_handler.py
+++ b/apps/audits/signals_handler.py
@@ -13,8 +13,8 @@ from common.utils import get_request_ip, get_logger, get_syslogger
 from users.models import User
 from authentication.signals import post_auth_failed, post_auth_success
 from terminal.models import Session, Command
-from terminal.backends.command.serializers import SessionCommandSerializer
-from . import models, serializers
+from common.utils.encode import model_to_json
+from . import models
 from .tasks import write_login_log_async
 
 logger = get_logger(__name__)
@@ -51,7 +51,10 @@ def create_operate_log(action, sender, resource):
 
 
 @receiver(post_save, dispatch_uid="my_unique_identifier")
-def on_object_created_or_update(sender, instance=None, created=False, **kwargs):
+def on_object_created_or_update(sender, instance=None, created=False, update_fields=None, **kwargs):
+    if instance._meta.object_name == 'User' and \
+            update_fields and 'last_login' in update_fields:
+        return
     if created:
         action = models.OperateLog.ACTION_CREATE
     else:
@@ -79,27 +82,20 @@ def on_user_change_password(sender, instance=None, **kwargs):
 def on_audits_log_create(sender, instance=None, **kwargs):
     if sender == models.UserLoginLog:
         category = "login_log"
-        serializer = serializers.LoginLogSerializer
     elif sender == models.FTPLog:
-        serializer = serializers.FTPLogSerializer
         category = "ftp_log"
     elif sender == models.OperateLog:
         category = "operation_log"
-        serializer = serializers.OperateLogSerializer
     elif sender == models.PasswordChangeLog:
         category = "password_change_log"
-        serializer = serializers.PasswordChangeLogSerializer
     elif sender == Session:
         category = "host_session_log"
-        serializer = serializers.SessionAuditSerializer
     elif sender == Command:
         category = "session_command_log"
-        serializer = SessionCommandSerializer
     else:
         return
 
-    s = serializer(instance=instance)
-    data = json_render.render(s.data).decode(errors='ignore')
+    data = model_to_json(instance)
     msg = "{} - {}".format(category, data)
     sys_logger.info(msg)
 
diff --git a/apps/audits/tasks.py b/apps/audits/tasks.py
index 5f8da0bc0..c69a24e08 100644
--- a/apps/audits/tasks.py
+++ b/apps/audits/tasks.py
@@ -6,7 +6,7 @@ from django.conf import settings
 from celery import shared_task
 
 from ops.celery.decorator import register_as_period_task
-from .models import UserLoginLog
+from .models import UserLoginLog, OperateLog
 from .utils import write_login_log
 
 
@@ -22,6 +22,18 @@ def clean_login_log_period():
     UserLoginLog.objects.filter(datetime__lt=expired_day).delete()
 
 
+@register_as_period_task(interval=3600*24)
+@shared_task
+def clean_operation_log_period():
+    now = timezone.now()
+    try:
+        days = int(settings.LOGIN_LOG_KEEP_DAYS)
+    except ValueError:
+        days = 90
+    expired_day = now - datetime.timedelta(days=days)
+    OperateLog.objects.filter(datetime__lt=expired_day).delete()
+
+
 @shared_task
 def write_login_log_async(*args, **kwargs):
     write_login_log(*args, **kwargs)
diff --git a/apps/audits/templates/audits/ftp_log_list.html b/apps/audits/templates/audits/ftp_log_list.html
index 9e92f8481..e0399ca73 100644
--- a/apps/audits/templates/audits/ftp_log_list.html
+++ b/apps/audits/templates/audits/ftp_log_list.html
@@ -5,8 +5,6 @@
 {% load common_tags %}
 {% block custom_head_css_js %}
     <link href="{% static 'css/plugins/datepicker/datepicker3.css' %}" rel="stylesheet">
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <style>
         #search_btn {
             margin-bottom: 0;
@@ -14,6 +12,9 @@
         .form-control {
             height: 30px;
         }
+        .select2-selection__rendered span.select2-selection, .select2-container .select2-selection--single {
+            height: 30px !important;
+        }
     </style>
 {% endblock %}
 
diff --git a/apps/audits/templates/audits/operate_log_list.html b/apps/audits/templates/audits/operate_log_list.html
index 31e219a85..d4d2eeb7f 100644
--- a/apps/audits/templates/audits/operate_log_list.html
+++ b/apps/audits/templates/audits/operate_log_list.html
@@ -5,8 +5,6 @@
 {% load common_tags %}
 {% block custom_head_css_js %}
     <link href="{% static 'css/plugins/datepicker/datepicker3.css' %}" rel="stylesheet">
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <style>
         #search_btn {
             margin-bottom: 0;
diff --git a/apps/audits/templates/audits/password_change_log_list.html b/apps/audits/templates/audits/password_change_log_list.html
index d079d0797..506366cbf 100644
--- a/apps/audits/templates/audits/password_change_log_list.html
+++ b/apps/audits/templates/audits/password_change_log_list.html
@@ -5,8 +5,6 @@
 {% load common_tags %}
 {% block custom_head_css_js %}
     <link href="{% static 'css/plugins/datepicker/datepicker3.css' %}" rel="stylesheet">
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <style>
         #search_btn {
             margin-bottom: 0;
diff --git a/apps/authentication/backends/api.py b/apps/authentication/backends/api.py
index 4f481f778..599351d0a 100644
--- a/apps/authentication/backends/api.py
+++ b/apps/authentication/backends/api.py
@@ -109,7 +109,7 @@ class AccessKeyAuthentication(authentication.BaseAuthentication):
 
 class AccessTokenAuthentication(authentication.BaseAuthentication):
     keyword = 'Bearer'
-    expiration = settings.TOKEN_EXPIRATION or 3600
+    # expiration = settings.TOKEN_EXPIRATION or 3600
     model = get_user_model()
 
     def authenticate(self, request):
diff --git a/apps/authentication/backends/ldap.py b/apps/authentication/backends/ldap.py
index 07ec0f375..bd1ce68b8 100644
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@@ -1,10 +1,11 @@
 # coding:utf-8
 #
 
+import warnings
 import ldap
 from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist
-from django_auth_ldap.backend import _LDAPUser, LDAPBackend
+from django_auth_ldap.backend import _LDAPUser, LDAPBackend, LDAPSettings
 from django_auth_ldap.config import _LDAPConfig, LDAPSearch, LDAPSearchUnion
 
 from users.utils import construct_user_email
@@ -17,7 +18,6 @@ class LDAPAuthorizationBackend(LDAPBackend):
     """
     Override this class to override _LDAPUser to LDAPUser
     """
-
     @staticmethod
     def user_can_authenticate(user):
         """
@@ -27,18 +27,26 @@ class LDAPAuthorizationBackend(LDAPBackend):
         is_valid = getattr(user, 'is_valid', None)
         return is_valid or is_valid is None
 
-    def authenticate(self, request=None, username=None, password=None, **kwargs):
+    def pre_check(self, username):
+        if not settings.AUTH_LDAP:
+            return False
         logger.info('Authentication LDAP backend')
         if not username:
             logger.info('Authenticate failed: username is None')
-            return None
+            return False
         if settings.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS:
             user_model = self.get_user_model()
             exist = user_model.objects.filter(username=username).exists()
             if not exist:
                 msg = 'Authentication failed: user ({}) is not in the user list'
                 logger.info(msg.format(username))
-                return None
+                return False
+        return True
+
+    def authenticate(self, request=None, username=None, password=None, **kwargs):
+        match = self.pre_check(username)
+        if not match:
+            return None
         ldap_user = LDAPUser(self, username=username.strip(), request=request)
         user = self.authenticate_ldap_user(ldap_user, password)
         logger.info('Authenticate user: {}'.format(user))
diff --git a/apps/authentication/backends/openid/views.py b/apps/authentication/backends/openid/views.py
index 5e51e7a38..89c935452 100644
--- a/apps/authentication/backends/openid/views.py
+++ b/apps/authentication/backends/openid/views.py
@@ -25,7 +25,8 @@ __all__ = ['OpenIDLoginView', 'OpenIDLoginCompleteView']
 
 class OpenIDLoginView(RedirectView):
     def get_redirect_url(self, *args, **kwargs):
-        redirect_uri = settings.BASE_SITE_URL + str(settings.LOGIN_COMPLETE_URL)
+        redirect_uri = settings.BASE_SITE_URL + \
+                       str(settings.AUTH_OPENID_LOGIN_COMPLETE_URL)
         nonce = Nonce(
             redirect_uri=redirect_uri,
             next_path=self.request.GET.get('next')
diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py
index 499625ae2..6bd10c4c4 100644
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -141,7 +141,7 @@ class AuthMixin:
             )
 
     def check_user_login_confirm_if_need(self, user):
-        if not settings.CONFIG.LOGIN_CONFIRM_ENABLE:
+        if not settings.LOGIN_CONFIRM_ENABLE:
             return
         confirm_setting = user.get_login_confirm_setting()
         if self.request.session.get('auth_confirm') or not confirm_setting:
diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py
index e24314717..85244e85d 100644
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -60,7 +60,8 @@ class UserLoginView(mixins.AuthMixin, FormView):
         # show jumpserver login page if request http://{JUMP-SERVER}/?admin=1
         if settings.AUTH_OPENID and not self.request.GET.get('admin', 0):
             query_string = request.GET.urlencode()
-            login_url = "{}?{}".format(settings.LOGIN_URL, query_string)
+            openid_login_url = reverse_lazy("authentication:openid:openid-login")
+            login_url = "{}?{}".format(openid_login_url, query_string)
             return redirect(login_url)
         request.session.set_test_cookie()
         return super().get(request, *args, **kwargs)
diff --git a/apps/common/drf/__init__.py b/apps/common/drf/__init__.py
new file mode 100644
index 000000000..ec51c5a2b
--- /dev/null
+++ b/apps/common/drf/__init__.py
@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+#
diff --git a/apps/common/filters.py b/apps/common/drf/filters.py
similarity index 99%
rename from apps/common/filters.py
rename to apps/common/drf/filters.py
index 81138120b..c11a7864d 100644
--- a/apps/common/filters.py
+++ b/apps/common/drf/filters.py
@@ -7,7 +7,7 @@ from rest_framework.serializers import ValidationError
 from django.core.cache import cache
 import logging
 
-from . import const
+from common import const
 
 __all__ = ["DatetimeRangeFilter", "IDSpmFilter", "CustomFilter"]
 
diff --git a/apps/common/drfmetadata.py b/apps/common/drf/metadata.py
similarity index 100%
rename from apps/common/drfmetadata.py
rename to apps/common/drf/metadata.py
diff --git a/apps/common/parsers/__init__.py b/apps/common/drf/parsers/__init__.py
similarity index 100%
rename from apps/common/parsers/__init__.py
rename to apps/common/drf/parsers/__init__.py
diff --git a/apps/common/parsers/csv.py b/apps/common/drf/parsers/csv.py
similarity index 98%
rename from apps/common/parsers/csv.py
rename to apps/common/drf/parsers/csv.py
index 7cd7e1648..254c73375 100644
--- a/apps/common/parsers/csv.py
+++ b/apps/common/drf/parsers/csv.py
@@ -9,7 +9,7 @@ import unicodecsv
 from rest_framework.parsers import BaseParser
 from rest_framework.exceptions import ParseError
 
-from ..utils import get_logger
+from common.utils import get_logger
 
 logger = get_logger(__file__)
 
diff --git a/apps/common/renders/__init__.py b/apps/common/drf/renders/__init__.py
similarity index 100%
rename from apps/common/renders/__init__.py
rename to apps/common/drf/renders/__init__.py
diff --git a/apps/common/renders/csv.py b/apps/common/drf/renders/csv.py
similarity index 98%
rename from apps/common/renders/csv.py
rename to apps/common/drf/renders/csv.py
index 7eaac2b47..d4ae9e6b8 100644
--- a/apps/common/renders/csv.py
+++ b/apps/common/drf/renders/csv.py
@@ -9,7 +9,7 @@ from six import BytesIO
 from rest_framework.renderers import BaseRenderer
 from rest_framework.utils import encoders, json
 
-from ..utils import get_logger
+from common.utils import get_logger
 
 logger = get_logger(__file__)
 
diff --git a/apps/common/drf/routers.py b/apps/common/drf/routers.py
new file mode 100644
index 000000000..053a0590e
--- /dev/null
+++ b/apps/common/drf/routers.py
@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework_nested.routers import NestedMixin
+from rest_framework_bulk.routes import BulkRouter
+
+__all__ = ['BulkNestDefaultRouter']
+
+
+class BulkNestDefaultRouter(NestedMixin, BulkRouter):
+    pass
diff --git a/apps/common/fields/serializer.py b/apps/common/fields/serializer.py
index 339be075c..8931bad39 100644
--- a/apps/common/fields/serializer.py
+++ b/apps/common/fields/serializer.py
@@ -5,7 +5,10 @@ from rest_framework import serializers
 from django.utils import six
 
 
-__all__ = ['StringIDField', 'StringManyToManyField', 'ChoiceDisplayField']
+__all__ = [
+    'StringIDField', 'StringManyToManyField', 'ChoiceDisplayField',
+    'CustomMetaDictField'
+]
 
 
 class StringIDField(serializers.Field):
@@ -39,3 +42,63 @@ class DictField(serializers.DictField):
         if not value or not isinstance(value, dict):
             value = {}
         return super().to_representation(value)
+
+
+class CustomMetaDictField(serializers.DictField):
+    """
+    In use:
+    RemoteApp params field
+    CommandStorage meta field
+    ReplayStorage meta field
+    """
+    type_map_fields = {}
+    default_type = None
+    need_convert_key = False
+
+    def filter_attribute(self, attribute, instance):
+        fields = self.type_map_fields.get(instance.type, [])
+        for field in fields:
+            if field.get('write_only', False):
+                attribute.pop(field['name'], None)
+        return attribute
+
+    def get_attribute(self, instance):
+        """
+        序列化时调用
+        """
+        attribute = super().get_attribute(instance)
+        attribute = self.filter_attribute(attribute, instance)
+        return attribute
+
+    def convert_value_key(self, dictionary, value):
+        if not self.need_convert_key:
+            # remote app
+            return value
+        tp = dictionary.get('type')
+        _value = {}
+        for k, v in value.items():
+            prefix = '{}_'.format(tp)
+            _k = k
+            if k.lower().startswith(prefix):
+                _k = k.lower().split(prefix, 1)[1]
+            _k = _k.upper()
+            _value[_k] = value[k]
+        return _value
+
+    def filter_value_key(self, dictionary, value):
+        tp = dictionary.get('type', self.default_type)
+        fields = self.type_map_fields.get(tp, [])
+        fields_names = [field['name'] for field in fields]
+        no_need_keys = [k for k in value.keys() if k not in fields_names]
+        for k in no_need_keys:
+            value.pop(k)
+        return value
+
+    def get_value(self, dictionary):
+        """
+        反序列化时调用
+        """
+        value = super().get_value(dictionary)
+        value = self.convert_value_key(dictionary, value)
+        value = self.filter_value_key(dictionary, value)
+        return value
diff --git a/apps/common/mixins/api.py b/apps/common/mixins/api.py
index 1328b4c96..64a26fdcb 100644
--- a/apps/common/mixins/api.py
+++ b/apps/common/mixins/api.py
@@ -3,11 +3,11 @@
 from django.http import JsonResponse
 from rest_framework.settings import api_settings
 
-from ..filters import IDSpmFilter, CustomFilter
+from common.drf.filters import IDSpmFilter, CustomFilter
 
 __all__ = [
     "JSONResponseMixin", "CommonApiMixin",
-    "IDSpmFilterMixin", "CommonApiMixin",
+    "IDSpmFilterMixin",
 ]
 
 
diff --git a/apps/common/signals_handlers.py b/apps/common/signals_handlers.py
index 1fbfd536f..2c4a95c7a 100644
--- a/apps/common/signals_handlers.py
+++ b/apps/common/signals_handlers.py
@@ -7,10 +7,13 @@ from django.conf import settings
 from django.dispatch import receiver
 from django.core.signals import request_finished
 from django.db import connection
+from django.conf import LazySettings
+from django.db.utils import ProgrammingError, OperationalError
 
 
 from common.utils import get_logger
 from .local import thread_local
+from .signals import django_ready
 
 pattern = re.compile(r'FROM `(\w+)`')
 logger = get_logger(__name__)
@@ -62,7 +65,15 @@ if settings.DEBUG and DEBUG_DB:
     request_finished.connect(on_request_finished_logging_db_query)
 
 
+@receiver(django_ready)
+def monkey_patch_settings(sender, **kwargs):
+    def monkey_patch_getattr(self, name):
+        val = getattr(self._wrapped, name)
+        if callable(val):
+            val = val()
+        return val
 
-
-
-
+    try:
+        LazySettings.__getattr__ = monkey_patch_getattr
+    except (ProgrammingError, OperationalError):
+        pass
diff --git a/apps/common/tasks.py b/apps/common/tasks.py
index 912ef28c3..aecc54ca7 100644
--- a/apps/common/tasks.py
+++ b/apps/common/tasks.py
@@ -1,6 +1,7 @@
 from django.core.mail import send_mail
 from django.conf import settings
 from celery import shared_task
+
 from .utils import get_logger
 
 
diff --git a/apps/common/utils/common.py b/apps/common/utils/common.py
index 29f3b471c..a024b7ac6 100644
--- a/apps/common/utils/common.py
+++ b/apps/common/utils/common.py
@@ -9,6 +9,7 @@ import uuid
 from functools import wraps
 import time
 import ipaddress
+import psutil
 
 
 UUID_PATTERN = re.compile(r'\w{8}(-\w{4}){3}-\w{12}')
@@ -234,3 +235,10 @@ class lazyproperty:
             value = self.func(instance)
             setattr(instance, self.func.__name__, value)
             return value
+
+
+def get_disk_usage():
+    partitions = psutil.disk_partitions()
+    mount_points = [p.mountpoint for p in partitions]
+    usages = {p: psutil.disk_usage(p) for p in mount_points}
+    return usages
diff --git a/apps/common/utils/django.py b/apps/common/utils/django.py
index 9a0af8f7d..815bb16b1 100644
--- a/apps/common/utils/django.py
+++ b/apps/common/utils/django.py
@@ -35,20 +35,3 @@ def date_expired_default():
         years = 70
     return timezone.now() + timezone.timedelta(days=365*years)
 
-
-def get_command_storage_setting():
-    default = settings.DEFAULT_TERMINAL_COMMAND_STORAGE
-    value = settings.TERMINAL_COMMAND_STORAGE
-    if not value:
-        return default
-    value.update(default)
-    return value
-
-
-def get_replay_storage_setting():
-    default = settings.DEFAULT_TERMINAL_REPLAY_STORAGE
-    value = settings.TERMINAL_REPLAY_STORAGE
-    if not value:
-        return default
-    value.update(default)
-    return value
diff --git a/apps/common/utils/encode.py b/apps/common/utils/encode.py
index d4e9c4cbe..6da79ff48 100644
--- a/apps/common/utils/encode.py
+++ b/apps/common/utils/encode.py
@@ -1,12 +1,14 @@
 # -*- coding: utf-8 -*-
 #
 import re
+import json
 from six import string_types
 import base64
 import os
 import time
 import hashlib
 from io import StringIO
+from itertools import chain
 
 import paramiko
 import sshpubkeys
@@ -15,6 +17,8 @@ from itsdangerous import (
     BadSignature, SignatureExpired
 )
 from django.conf import settings
+from django.core.serializers.json import DjangoJSONEncoder
+from django.db.models.fields.files import FileField
 
 from .http import http_date
 
@@ -186,3 +190,35 @@ def get_signer():
 
 def ensure_last_char_is_ascii(data):
     remain = ''
+
+
+secret_pattern = re.compile(r'password|secret|key', re.IGNORECASE)
+
+
+def model_to_dict_pro(instance, fields=None, exclude=None):
+    from ..fields.model import EncryptMixin
+    opts = instance._meta
+    data = {}
+    for f in chain(opts.concrete_fields, opts.private_fields):
+        if not getattr(f, 'editable', False):
+            continue
+        if fields and f.name not in fields:
+            continue
+        if exclude and f.name in exclude:
+            continue
+        if isinstance(f, FileField):
+            continue
+        if isinstance(f, EncryptMixin):
+            continue
+        if secret_pattern.search(f.name):
+            continue
+        value = f.value_from_object(instance)
+        data[f.name] = value
+    return data
+
+
+def model_to_json(instance, sort_keys=True, indent=2, cls=None):
+    data = model_to_dict_pro(instance)
+    if cls is None:
+        cls = DjangoJSONEncoder
+    return json.dumps(data, sort_keys=sort_keys, indent=indent, cls=cls)
diff --git a/apps/common/utils/ipip/__init__.py b/apps/common/utils/ipip/__init__.py
index 864ac8d44..103b36654 100644
--- a/apps/common/utils/ipip/__init__.py
+++ b/apps/common/utils/ipip/__init__.py
@@ -1,3 +1,3 @@
 # -*- coding: utf-8 -*-
 #
-from .ipdb import *
+from .utils import *
diff --git a/apps/common/utils/ipip/ipdb.py b/apps/common/utils/ipip/utils.py
similarity index 61%
rename from apps/common/utils/ipip/ipdb.py
rename to apps/common/utils/ipip/utils.py
index e17fb523c..9dd571a8f 100644
--- a/apps/common/utils/ipip/ipdb.py
+++ b/apps/common/utils/ipip/utils.py
@@ -1,18 +1,24 @@
 # -*- coding: utf-8 -*-
 #
 import os
+from django.utils.translation import ugettext as _
 
 import ipdb
 
+__all__ = ['get_ip_city']
 ipip_db = None
 
 
 def get_ip_city(ip):
     global ipip_db
+    if not ip or not isinstance(ip, str):
+        return _("Invalid ip")
+    if ':' in ip:
+        return 'IPv6'
     if ipip_db is None:
         ipip_db_path = os.path.join(os.path.dirname(__file__), 'ipipfree.ipdb')
         ipip_db = ipdb.City(ipip_db_path)
     info = list(set(ipip_db.find(ip, 'CN')))
     if '' in info:
         info.remove('')
-    return ' '.join(info)
\ No newline at end of file
+    return ' '.join(info)
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 9a8a1c5f9..094f8b9c1 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -1,6 +1,12 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 #
+"""
+配置分类：
+1. Django使用的配置文件，写到settings中
+2. 程序需要, 用户不需要更改的写到settings中
+3. 程序需要, 用户需要更改的写到本config中
+"""
 import os
 import sys
 import types
@@ -8,6 +14,7 @@ import errno
 import json
 import yaml
 from importlib import import_module
+from django.urls import reverse_lazy
 
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 PROJECT_DIR = os.path.dirname(BASE_DIR)
@@ -29,6 +36,10 @@ def import_string(dotted_path):
         ) from err
 
 
+class DoesNotExist(Exception):
+    pass
+
+
 class Config(dict):
     """Works exactly like a dict but provides ways to fill it from files
     or special dictionaries.  There are two common patterns to populate the
@@ -72,34 +83,233 @@ class Config(dict):
                       the application's :attr:`~flask.Flask.root_path`.
     :param defaults: an optional dictionary of default values
     """
+    defaults = {
+        # Django Config
+        'SECRET_KEY': '',
+        'BOOTSTRAP_TOKEN': '',
+        'DEBUG': True,
+        'SITE_URL': 'http://localhost:8080',
+        'LOG_LEVEL': 'DEBUG',
+        'LOG_DIR': os.path.join(PROJECT_DIR, 'logs'),
+        'DB_ENGINE': 'mysql',
+        'DB_NAME': 'jumpserver',
+        'DB_HOST': '127.0.0.1',
+        'DB_PORT': 3306,
+        'DB_USER': 'root',
+        'DB_PASSWORD': '',
+        'REDIS_HOST': '127.0.0.1',
+        'REDIS_PORT': 6379,
+        'REDIS_PASSWORD': '',
+        'REDIS_DB_CELERY': 3,
+        'REDIS_DB_CACHE': 4,
+        'REDIS_DB_SESSION': 5,
+        'REDIS_DB_WS': 6,
+        'CAPTCHA_TEST_MODE': None,
+        'TOKEN_EXPIRATION': 3600 * 24,
+        'DISPLAY_PER_PAGE': 25,
+        'DEFAULT_EXPIRED_YEARS': 70,
+        'SESSION_COOKIE_DOMAIN': None,
+        'CSRF_COOKIE_DOMAIN': None,
+        'SESSION_COOKIE_AGE': 3600 * 24,
+        'SESSION_EXPIRE_AT_BROWSER_CLOSE': False,
+        'LOGIN_URL': reverse_lazy('authentication:login'),
 
-    def __init__(self, root_path=None, defaults=None):
-        self.defaults = defaults or {}
-        self.root_path = root_path
-        super().__init__({})
+        # Custom Config
+        # Auth LDAP settings
+        'AUTH_LDAP': False,
+        'AUTH_LDAP_SERVER_URI': 'ldap://localhost:389',
+        'AUTH_LDAP_BIND_DN': 'cn=admin,dc=jumpserver,dc=org',
+        'AUTH_LDAP_BIND_PASSWORD': '',
+        'AUTH_LDAP_SEARCH_OU': 'ou=tech,dc=jumpserver,dc=org',
+        'AUTH_LDAP_SEARCH_FILTER': '(cn=%(user)s)',
+        'AUTH_LDAP_START_TLS': False,
+        'AUTH_LDAP_USER_ATTR_MAP': {"username": "cn", "name": "sn", "email": "mail"},
+        'AUTH_LDAP_CONNECT_TIMEOUT': 30,
+        'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
+        'AUTH_LDAP_SYNC_IS_PERIODIC': False,
+        'AUTH_LDAP_SYNC_INTERVAL': None,
+        'AUTH_LDAP_SYNC_CRONTAB': None,
+        'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
+        'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1,
 
-    def from_envvar(self, variable_name, silent=False):
-        """Loads a configuration from an environment variable pointing to
-        a configuration file.  This is basically just a shortcut with nicer
-        error messages for this line of code::
+        'AUTH_OPENID': False,
+        'BASE_SITE_URL': 'http://localhost:8080',
+        'AUTH_OPENID_SERVER_URL': 'http://openid',
+        'AUTH_OPENID_REALM_NAME': 'jumpserver',
+        'AUTH_OPENID_CLIENT_ID': 'jumpserver',
+        'AUTH_OPENID_CLIENT_SECRET': '',
+        'AUTH_OPENID_IGNORE_SSL_VERIFICATION': True,
+        'AUTH_OPENID_SHARE_SESSION': True,
 
-            app.config.from_pyfile(os.environ['YOURAPPLICATION_SETTINGS'])
+        'AUTH_RADIUS': False,
+        'RADIUS_SERVER': 'localhost',
+        'RADIUS_PORT': 1812,
+        'RADIUS_SECRET': '',
+        'RADIUS_ENCRYPT_PASSWORD': True,
+        'OTP_IN_RADIUS': False,
 
-        :param variable_name: name of the environment variable
-        :param silent: set to ``True`` if you want silent failure for missing
-                       files.
-        :return: bool. ``True`` if able to load config, ``False`` otherwise.
-        """
-        rv = os.environ.get(variable_name)
-        if not rv:
-            if silent:
+        'OTP_VALID_WINDOW': 2,
+        'OTP_ISSUER_NAME': 'Jumpserver',
+        'EMAIL_SUFFIX': 'jumpserver.org',
+
+        'TERMINAL_PASSWORD_AUTH': True,
+        'TERMINAL_PUBLIC_KEY_AUTH': True,
+        'TERMINAL_HEARTBEAT_INTERVAL': 20,
+        'TERMINAL_ASSET_LIST_SORT_BY': 'hostname',
+        'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto',
+        'TERMINAL_SESSION_KEEP_DURATION': 9999,
+        'TERMINAL_HOST_KEY': '',
+        'TERMINAL_TELNET_REGEX': '',
+        'TERMINAL_COMMAND_STORAGE': {},
+
+        'SECURITY_MFA_AUTH': False,
+        'SECURITY_SERVICE_ACCOUNT_REGISTRATION': True,
+        'SECURITY_VIEW_AUTH_NEED_MFA': True,
+        'SECURITY_LOGIN_LIMIT_COUNT': 7,
+        'SECURITY_LOGIN_LIMIT_TIME': 30,
+        'SECURITY_MAX_IDLE_TIME': 30,
+        'SECURITY_PASSWORD_EXPIRATION_TIME': 9999,
+        'SECURITY_PASSWORD_MIN_LENGTH': 6,
+        'SECURITY_PASSWORD_UPPER_CASE': False,
+        'SECURITY_PASSWORD_LOWER_CASE': False,
+        'SECURITY_PASSWORD_NUMBER': False,
+        'SECURITY_PASSWORD_SPECIAL_CHAR': False,
+
+        'HTTP_BIND_HOST': '0.0.0.0',
+        'HTTP_LISTEN_PORT': 8080,
+        'WS_LISTEN_PORT': 8070,
+        'LOGIN_LOG_KEEP_DAYS': 90,
+        'ASSETS_PERM_CACHE_TIME': 3600 * 24,
+        'SECURITY_MFA_VERIFY_TTL': 3600,
+        'ASSETS_PERM_CACHE_ENABLE': False,
+        'SYSLOG_ADDR': '',  # '192.168.0.1:514'
+        'SYSLOG_FACILITY': 'user',
+        'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
+        'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
+        'FLOWER_URL': "127.0.0.1:5555",
+        'DEFAULT_ORG_SHOW_ALL_USERS': True,
+        'PERIOD_TASK_ENABLE': True,
+        'FORCE_SCRIPT_NAME': '',
+        'LOGIN_CONFIRM_ENABLE': False,
+        'WINDOWS_SKIP_ALL_MANUAL_PASSWORD': False,
+    }
+
+    def convert_type(self, k, v):
+        default_value = self.defaults.get(k)
+        if default_value is None:
+            return v
+        tp = type(default_value)
+        # 对bool特殊处理
+        if tp is bool and isinstance(v, str):
+            if v in ("true", "True", "1"):
+                return True
+            else:
                 return False
-            raise RuntimeError('The environment variable %r is not set '
-                               'and as such configuration could not be '
-                               'loaded.  Set this variable and make it '
-                               'point to a configuration file' %
-                               variable_name)
-        return self.from_pyfile(rv, silent=silent)
+        if tp in [list, dict] and isinstance(v, str):
+            try:
+                v = json.loads(v)
+                return v
+            except json.JSONDecodeError:
+                return v
+
+        try:
+            if tp in [list, dict]:
+                v = json.loads(v)
+            else:
+                v = tp(v)
+        except Exception:
+            pass
+        return v
+
+    def __repr__(self):
+        return '<%s %s>' % (self.__class__.__name__, dict.__repr__(self))
+
+    def get_from_config(self, item):
+        try:
+            value = super().__getitem__(item)
+        except KeyError:
+            value = None
+        return value
+
+    def get_from_env(self, item):
+        value = os.environ.get(item, None)
+        if value is not None:
+            value = self.convert_type(item, value)
+        return value
+
+    def get(self, item):
+        # 再从配置文件中获取
+        value = self.get_from_config(item)
+        if value is not None:
+            return value
+        # 其次从环境变量来
+        value = self.get_from_env(item)
+        if value is not None:
+            return value
+        return self.defaults.get(item)
+
+    def __getitem__(self, item):
+        return self.get(item)
+
+    def __getattr__(self, item):
+        return self.get(item)
+
+
+class DynamicConfig:
+    def __init__(self, static_config):
+        self.static_config = static_config
+        self.db_setting = None
+
+    def __getitem__(self, item):
+        return self.dynamic(item)
+
+    def __getattr__(self, item):
+        return self.dynamic(item)
+
+    def dynamic(self, item):
+        return lambda: self.get(item)
+
+    def LOGIN_URL(self):
+        auth_openid = self.get('AUTH_OPENID')
+        if auth_openid:
+            return reverse_lazy("authentication:openid:openid-login")
+        return self.get('LOGIN_URL')
+
+    def AUTHENTICATION_BACKENDS(self):
+        backends = [
+            'authentication.backends.pubkey.PublicKeyAuthBackend',
+            'django.contrib.auth.backends.ModelBackend',
+        ]
+        if self.get('AUTH_LDAP'):
+            backends.insert(0, 'authentication.backends.ldap.LDAPAuthorizationBackend')
+        if self.get('AUTH_OPENID'):
+            backends.insert(0, 'authentication.backends.openid.backends.OpenIDAuthorizationPasswordBackend')
+            backends.insert(0, 'authentication.backends.openid.backends.OpenIDAuthorizationCodeBackend')
+        if self.get('AUTH_RADIUS'):
+            backends.insert(0, 'authentication.backends.radius.RadiusBackend')
+        return backends
+
+    def get_from_db(self, item):
+        if self.db_setting is not None:
+            value = self.db_setting.get(item)
+            if value is not None:
+                return value
+        return None
+
+    def get(self, item):
+        # 先从数据库中获取
+        value = self.get_from_db(item)
+        if value is not None:
+            return value
+        return self.static_config.get(item)
+
+
+class ConfigManager:
+    config_class = Config
+
+    def __init__(self, root_path=None):
+        self.root_path = root_path
+        self.config = self.config_class()
 
     def from_pyfile(self, filename, silent=False):
         """Updates the values in the config from a Python file.  This function
@@ -162,7 +372,7 @@ class Config(dict):
             obj = import_string(obj)
         for key in dir(obj):
             if key.isupper():
-                self[key] = getattr(obj, key)
+                self.config[key] = getattr(obj, key)
 
     def from_json(self, filename, silent=False):
         """Updates the values in the config from a JSON file. This function
@@ -224,218 +434,50 @@ class Config(dict):
         for mapping in mappings:
             for (key, value) in mapping:
                 if key.isupper():
-                    self[key] = value
+                    self.config[key] = value
         return True
 
-    def get_namespace(self, namespace, lowercase=True, trim_namespace=True):
-        """Returns a dictionary containing a subset of configuration options
-        that match the specified namespace/prefix. Example usage::
-
-            app.config['IMAGE_STORE_TYPE'] = 'fs'
-            app.config['IMAGE_STORE_PATH'] = '/var/app/images'
-            app.config['IMAGE_STORE_BASE_URL'] = 'http://img.website.com'
-            image_store_config = app.config.get_namespace('IMAGE_STORE_')
-
-        The resulting dictionary `image_store_config` would look like::
-
-            {
-                'types': 'fs',
-                'path': '/var/app/images',
-                'base_url': 'http://img.website.com'
-            }
-
-        This is often useful when configuration options map directly to
-        keyword arguments in functions or class constructors.
-
-        :param namespace: a configuration namespace
-        :param lowercase: a flag indicating if the keys of the resulting
-                          dictionary should be lowercase
-        :param trim_namespace: a flag indicating if the keys of the resulting
-                          dictionary should not include the namespace
-
-        .. versionadded:: 0.11
-        """
-        rv = {}
-        for k, v in self.items():
-            if not k.startswith(namespace):
-                continue
-            if trim_namespace:
-                key = k[len(namespace):]
-            else:
-                key = k
-            if lowercase:
-                key = key.lower()
-            rv[key] = v
-        return rv
-
-    def convert_type(self, k, v):
-        default_value = self.defaults.get(k)
-        if default_value is None:
-            return v
-        tp = type(default_value)
-        # 对bool特殊处理
-        if tp is bool and isinstance(v, str):
-            if v in ("true", "True", "1"):
-                return True
-            else:
-                return False
-        if tp in [list, dict] and isinstance(v, str):
-            try:
-                v = json.loads(v)
-                return v
-            except json.JSONDecodeError:
-                return v
-
+    def load_from_object(self):
+        sys.path.insert(0, PROJECT_DIR)
         try:
-            if tp in [list, dict]:
-                v = json.loads(v)
-            else:
-                v = tp(v)
-        except Exception:
+            from config import config as c
+            self.from_object(c)
+            return self.config
+        except ImportError:
             pass
-        return v
+        return None
 
-    def __repr__(self):
-        return '<%s %s>' % (self.__class__.__name__, dict.__repr__(self))
+    def load_from_yml(self):
+        for i in ['config.yml', 'config.yaml']:
+            if not os.path.isfile(os.path.join(self.root_path, i)):
+                continue
+            loaded = self.from_yaml(i)
+            if loaded:
+                return self.config
+        return False
 
-    def __getitem__(self, item):
-        # 先从设置的来
-        try:
-            value = super().__getitem__(item)
-        except KeyError:
-            value = None
-        if value is not None:
-            return value
-        # 其次从环境变量来
-        value = os.environ.get(item, None)
-        if value is not None:
-            return self.convert_type(item, value)
-        return self.defaults.get(item)
-
-    def __getattr__(self, item):
-        return self.__getitem__(item)
-
-
-defaults = {
-    'SECRET_KEY': '',
-    'BOOTSTRAP_TOKEN': '',
-    'DEBUG': True,
-    'SITE_URL': 'http://localhost',
-    'LOG_LEVEL': 'DEBUG',
-    'LOG_DIR': os.path.join(PROJECT_DIR, 'logs'),
-    'DB_ENGINE': 'mysql',
-    'DB_NAME': 'jumpserver',
-    'DB_HOST': '127.0.0.1',
-    'DB_PORT': 3306,
-    'DB_USER': 'root',
-    'DB_PASSWORD': '',
-    'REDIS_HOST': '127.0.0.1',
-    'REDIS_PORT': 6379,
-    'REDIS_PASSWORD': '',
-    'REDIS_DB_CELERY': 3,
-    'REDIS_DB_CACHE': 4,
-    'REDIS_DB_SESSION': 5,
-    'REDIS_DB_WS': 6,
-    'CAPTCHA_TEST_MODE': None,
-    'TOKEN_EXPIRATION': 3600 * 24,
-    'DISPLAY_PER_PAGE': 25,
-    'DEFAULT_EXPIRED_YEARS': 70,
-    'SESSION_COOKIE_DOMAIN': None,
-    'CSRF_COOKIE_DOMAIN': None,
-    'SESSION_COOKIE_AGE': 3600 * 24,
-    'SESSION_EXPIRE_AT_BROWSER_CLOSE': False,
-    'AUTH_OPENID': False,
-    'AUTH_OPENID_IGNORE_SSL_VERIFICATION': True,
-    'AUTH_OPENID_SHARE_SESSION': True,
-    'OTP_VALID_WINDOW': 2,
-    'OTP_ISSUER_NAME': 'Jumpserver',
-    'EMAIL_SUFFIX': 'jumpserver.org',
-    'TERMINAL_PASSWORD_AUTH': True,
-    'TERMINAL_PUBLIC_KEY_AUTH': True,
-    'TERMINAL_HEARTBEAT_INTERVAL': 20,
-    'TERMINAL_ASSET_LIST_SORT_BY': 'hostname',
-    'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto',
-    'TERMINAL_SESSION_KEEP_DURATION': 9999,
-    'TERMINAL_HOST_KEY': '',
-    'TERMINAL_TELNET_REGEX': '',
-    'TERMINAL_COMMAND_STORAGE': {},
-    'SECURITY_MFA_AUTH': False,
-    'SECURITY_SERVICE_ACCOUNT_REGISTRATION': True,
-    'SECURITY_VIEW_AUTH_NEED_MFA': True,
-    'SECURITY_LOGIN_LIMIT_COUNT': 7,
-    'SECURITY_LOGIN_LIMIT_TIME': 30,
-    'SECURITY_MAX_IDLE_TIME': 30,
-    'SECURITY_PASSWORD_EXPIRATION_TIME': 9999,
-    'SECURITY_PASSWORD_MIN_LENGTH': 6,
-    'SECURITY_PASSWORD_UPPER_CASE': False,
-    'SECURITY_PASSWORD_LOWER_CASE': False,
-    'SECURITY_PASSWORD_NUMBER': False,
-    'SECURITY_PASSWORD_SPECIAL_CHAR': False,
-    'AUTH_RADIUS': False,
-    'RADIUS_SERVER': 'localhost',
-    'RADIUS_PORT': 1812,
-    'RADIUS_SECRET': '',
-    'RADIUS_ENCRYPT_PASSWORD': True,
-    'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
-    'AUTH_LDAP_SYNC_IS_PERIODIC': False,
-    'AUTH_LDAP_SYNC_INTERVAL': None,
-    'AUTH_LDAP_SYNC_CRONTAB': None,
-    'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
-    'AUTH_LDAP_OPTIONS_OPT_REFERRALS': -1,
-    'HTTP_BIND_HOST': '0.0.0.0',
-    'HTTP_LISTEN_PORT': 8080,
-    'WS_LISTEN_PORT': 8070,
-    'LOGIN_LOG_KEEP_DAYS': 90,
-    'ASSETS_PERM_CACHE_TIME': 3600*24,
-    'SECURITY_MFA_VERIFY_TTL': 3600,
-    'ASSETS_PERM_CACHE_ENABLE': False,
-    'SYSLOG_ADDR': '',  # '192.168.0.1:514'
-    'SYSLOG_FACILITY': 'user',
-    'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
-    'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
-    'FLOWER_URL': "127.0.0.1:5555",
-    'DEFAULT_ORG_SHOW_ALL_USERS': True,
-    'PERIOD_TASK_ENABLE': True,
-    'FORCE_SCRIPT_NAME': '',
-    'LOGIN_CONFIRM_ENABLE': False,
-    'WINDOWS_SKIP_ALL_MANUAL_PASSWORD': False,
-    'OTP_IN_RADIUS': False,
-}
-
-
-def load_from_object(config):
-    try:
-        from config import config as c
-        config.from_object(c)
-        return True
-    except ImportError:
-        pass
-    return False
-
-
-def load_from_yml(config):
-    for i in ['config.yml', 'config.yaml']:
-        if not os.path.isfile(os.path.join(config.root_path, i)):
-            continue
-        loaded = config.from_yaml(i)
-        if loaded:
-            return True
-    return False
-
-
-def load_user_config():
-    sys.path.insert(0, PROJECT_DIR)
-    config = Config(PROJECT_DIR, defaults)
-
-    loaded = load_from_object(config)
-    if not loaded:
-        loaded = load_from_yml(config)
-    if not loaded:
+    @classmethod
+    def load_user_config(cls, root_path=None, config_class=None):
+        config_class = config_class or Config
+        cls.config_class = config_class
+        if not root_path:
+            root_path = PROJECT_DIR
+        manager = cls(root_path=root_path)
+        config = manager.load_from_object()
+        if config:
+            return config
+        config = manager.load_from_yml()
+        if config:
+            return config
         msg = """
-    
+
         Error: No config file found.
-    
+
         You can run `cp config_example.yml config.yml`, and edit it.
         """
         raise ImportError(msg)
-    return config
+
+    @classmethod
+    def get_dynamic_config(cls, config):
+        return DynamicConfig(config)
+
diff --git a/apps/jumpserver/const.py b/apps/jumpserver/const.py
index 48293bdac..3f940f1b3 100644
--- a/apps/jumpserver/const.py
+++ b/apps/jumpserver/const.py
@@ -1,3 +1,12 @@
 # -*- coding: utf-8 -*-
 #
+import os
+from .conf import ConfigManager
+
+__all__ = ['BASE_DIR', 'PROJECT_DIR', 'VERSION', 'CONFIG', 'DYNAMIC']
+
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+PROJECT_DIR = os.path.dirname(BASE_DIR)
 VERSION = '1.5.5'
+CONFIG = ConfigManager.load_user_config()
+DYNAMIC = ConfigManager.get_dynamic_config(CONFIG)
diff --git a/apps/jumpserver/context_processor.py b/apps/jumpserver/context_processor.py
index e940f06f6..7879edeb4 100644
--- a/apps/jumpserver/context_processor.py
+++ b/apps/jumpserver/context_processor.py
@@ -19,8 +19,8 @@ def jumpserver_processor(request):
         'SECURITY_COMMAND_EXECUTION': settings.SECURITY_COMMAND_EXECUTION,
         'SECURITY_MFA_VERIFY_TTL': settings.SECURITY_MFA_VERIFY_TTL,
         'FORCE_SCRIPT_NAME': settings.FORCE_SCRIPT_NAME,
-        'SECURITY_VIEW_AUTH_NEED_MFA': settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA,
-        'LOGIN_CONFIRM_ENABLE': settings.CONFIG.LOGIN_CONFIRM_ENABLE,
+        'SECURITY_VIEW_AUTH_NEED_MFA': settings.SECURITY_VIEW_AUTH_NEED_MFA,
+        'LOGIN_CONFIRM_ENABLE': settings.LOGIN_CONFIRM_ENABLE,
     }
     return context
 
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
deleted file mode 100644
index 5c5a741b3..000000000
--- a/apps/jumpserver/settings.py
+++ /dev/null
@@ -1,660 +0,0 @@
-"""
-Django settings for jumpserver project.
-
-Generated by 'django-admin startproject' using Django 1.10.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/1.10/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.10/ref/settings/
-"""
-
-import os
-import sys
-
-import ldap
-from django.urls import reverse_lazy
-
-from . import const
-from .conf import load_user_config
-
-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-PROJECT_DIR = os.path.dirname(BASE_DIR)
-sys.path.append(PROJECT_DIR)
-
-CONFIG = load_user_config()
-LOG_DIR = os.path.join(PROJECT_DIR, 'logs')
-JUMPSERVER_LOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
-ANSIBLE_LOG_FILE = os.path.join(LOG_DIR, 'ansible.log')
-GUNICORN_LOG_FILE = os.path.join(LOG_DIR, 'gunicorn.log')
-VERSION = const.VERSION
-
-if not os.path.isdir(LOG_DIR):
-    os.makedirs(LOG_DIR)
-
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
-
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = CONFIG.SECRET_KEY
-
-# SECURITY WARNING: keep the token secret, remove it if all coco, guacamole ok
-BOOTSTRAP_TOKEN = CONFIG.BOOTSTRAP_TOKEN
-
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = CONFIG.DEBUG
-
-# Absolute url for some case, for example email link
-SITE_URL = CONFIG.SITE_URL
-
-# LOG LEVEL
-LOG_LEVEL = CONFIG.LOG_LEVEL
-
-ALLOWED_HOSTS = ['*']
-
-# Max post update field num
-DATA_UPLOAD_MAX_NUMBER_FIELDS = 10000
-
-# Application definition
-
-INSTALLED_APPS = [
-    'orgs.apps.OrgsConfig',
-    'users.apps.UsersConfig',
-    'assets.apps.AssetsConfig',
-    'perms.apps.PermsConfig',
-    'ops.apps.OpsConfig',
-    'settings.apps.SettingsConfig',
-    'common.apps.CommonConfig',
-    'terminal.apps.TerminalConfig',
-    'audits.apps.AuditsConfig',
-    'authentication.apps.AuthenticationConfig',  # authentication
-    'applications.apps.ApplicationsConfig',
-    'tickets.apps.TicketsConfig',
-    'rest_framework',
-    'rest_framework_swagger',
-    'drf_yasg',
-    'channels',
-    'django_filters',
-    'bootstrap3',
-    'captcha',
-    'django_celery_beat',
-    'django.contrib.auth',
-    'django.contrib.admin',
-    'django.contrib.contenttypes',
-    'django.contrib.sessions',
-    'django.contrib.messages',
-    'django.contrib.staticfiles',
-]
-
-
-XPACK_DIR = os.path.join(BASE_DIR, 'xpack')
-XPACK_ENABLED = os.path.isdir(XPACK_DIR)
-XPACK_TEMPLATES_DIR = []
-XPACK_CONTEXT_PROCESSOR = []
-
-if XPACK_ENABLED:
-    from xpack.utils import get_xpack_templates_dir, get_xpack_context_processor
-    INSTALLED_APPS.append('xpack.apps.XpackConfig')
-    XPACK_TEMPLATES_DIR = get_xpack_templates_dir(BASE_DIR)
-    XPACK_CONTEXT_PROCESSOR = get_xpack_context_processor()
-
-MIDDLEWARE = [
-    'django.middleware.security.SecurityMiddleware',
-    'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.middleware.locale.LocaleMiddleware',
-    'django.middleware.common.CommonMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'django.contrib.messages.middleware.MessageMiddleware',
-    'django.middleware.clickjacking.XFrameOptionsMiddleware',
-    'authentication.backends.openid.middleware.OpenIDAuthenticationMiddleware',
-    'jumpserver.middleware.TimezoneMiddleware',
-    'jumpserver.middleware.DemoMiddleware',
-    'jumpserver.middleware.RequestMiddleware',
-    'orgs.middleware.OrgMiddleware',
-]
-
-
-ROOT_URLCONF = 'jumpserver.urls'
-
-TEMPLATES = [
-    {
-        'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [os.path.join(BASE_DIR, 'templates'), *XPACK_TEMPLATES_DIR],
-        'APP_DIRS': True,
-        'OPTIONS': {
-            'context_processors': [
-                'django.template.context_processors.i18n',
-                'django.template.context_processors.debug',
-                'django.template.context_processors.request',
-                'django.contrib.auth.context_processors.auth',
-                'django.contrib.messages.context_processors.messages',
-                'django.template.context_processors.static',
-                'django.template.context_processors.request',
-                'django.template.context_processors.media',
-                'jumpserver.context_processor.jumpserver_processor',
-                'orgs.context_processor.org_processor',
-                *XPACK_CONTEXT_PROCESSOR,
-            ],
-        },
-    },
-]
-
-WSGI_APPLICATION = 'jumpserver.wsgi.application'
-ASGI_APPLICATION = 'jumpserver.routing.application'
-
-LOGIN_REDIRECT_URL = reverse_lazy('index')
-LOGIN_URL = reverse_lazy('authentication:login')
-
-SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN
-CSRF_COOKIE_DOMAIN = CONFIG.CSRF_COOKIE_DOMAIN
-SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE
-SESSION_EXPIRE_AT_BROWSER_CLOSE = CONFIG.SESSION_EXPIRE_AT_BROWSER_CLOSE
-SESSION_ENGINE = 'redis_sessions.session'
-SESSION_REDIS = {
-    'host': CONFIG.REDIS_HOST,
-    'port': CONFIG.REDIS_PORT,
-    'password': CONFIG.REDIS_PASSWORD,
-    'db': CONFIG.REDIS_DB_SESSION,
-    'prefix': 'auth_session',
-    'socket_timeout': 1,
-    'retry_on_timeout': False
-}
-
-MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage'
-# Database
-# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-
-DB_OPTIONS = {}
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.{}'.format(CONFIG.DB_ENGINE.lower()),
-        'NAME': CONFIG.DB_NAME,
-        'HOST': CONFIG.DB_HOST,
-        'PORT': CONFIG.DB_PORT,
-        'USER': CONFIG.DB_USER,
-        'PASSWORD': CONFIG.DB_PASSWORD,
-        'ATOMIC_REQUESTS': True,
-        'OPTIONS': DB_OPTIONS
-    }
-}
-DB_CA_PATH = os.path.join(PROJECT_DIR, 'data', 'certs', 'db_ca.pem')
-if CONFIG.DB_ENGINE.lower() == 'mysql':
-    DB_OPTIONS['init_command'] = "SET sql_mode='STRICT_TRANS_TABLES'"
-    if os.path.isfile(DB_CA_PATH):
-        DB_OPTIONS['ssl'] = {'ca': DB_CA_PATH}
-
-
-# Password validation
-# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
-#
-AUTH_PASSWORD_VALIDATORS = [
-    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
-    },
-]
-
-# Logging setting
-LOGGING = {
-    'version': 1,
-    'disable_existing_loggers': False,
-    'formatters': {
-        'verbose': {
-            'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
-        },
-        'main': {
-            'datefmt': '%Y-%m-%d %H:%M:%S',
-            'format': '%(asctime)s [%(module)s %(levelname)s] %(message)s',
-        },
-        'simple': {
-            'format': '%(levelname)s %(message)s'
-        },
-        'syslog': {
-            'format': 'jumpserver: %(message)s'
-        },
-        'msg': {
-            'format': '%(message)s'
-        }
-    },
-    'handlers': {
-        'null': {
-            'level': 'DEBUG',
-            'class': 'logging.NullHandler',
-        },
-        'console': {
-            'level': 'DEBUG',
-            'class': 'logging.StreamHandler',
-            'formatter': 'main'
-        },
-        'file': {
-            'encoding': 'utf8',
-            'level': 'DEBUG',
-            'class': 'logging.handlers.RotatingFileHandler',
-            'maxBytes': 1024*1024*100,
-            'backupCount': 7,
-            'formatter': 'main',
-            'filename': JUMPSERVER_LOG_FILE,
-        },
-        'ansible_logs': {
-            'encoding': 'utf8',
-            'level': 'DEBUG',
-            'class': 'logging.handlers.RotatingFileHandler',
-            'formatter': 'main',
-            'maxBytes': 1024*1024*100,
-            'backupCount': 7,
-            'filename': ANSIBLE_LOG_FILE,
-        },
-        'syslog': {
-            'level': 'INFO',
-            'class': 'logging.NullHandler',
-            'formatter': 'syslog'
-        },
-    },
-    'loggers': {
-        'django': {
-            'handlers': ['null'],
-            'propagate': False,
-            'level': LOG_LEVEL,
-        },
-        'django.request': {
-            'handlers': ['console', 'file', 'syslog'],
-            'level': LOG_LEVEL,
-            'propagate': False,
-        },
-        'django.server': {
-            'handlers': ['console', 'file', 'syslog'],
-            'level': LOG_LEVEL,
-            'propagate': False,
-        },
-        'jumpserver': {
-            'handlers': ['console', 'file', 'syslog'],
-            'level': LOG_LEVEL,
-        },
-        'ops.ansible_api': {
-            'handlers': ['console', 'ansible_logs'],
-            'level': LOG_LEVEL,
-        },
-        'django_auth_ldap': {
-            'handlers': ['console', 'file'],
-            'level': "INFO",
-        },
-        'jms.audits': {
-            'handlers': ['syslog'],
-            'level': 'INFO'
-        },
-        # 'django.db': {
-        #     'handlers': ['console', 'file'],
-        #     'level': 'DEBUG'
-        # }
-    }
-}
-
-SYSLOG_ENABLE = False
-
-if CONFIG.SYSLOG_ADDR != '' and len(CONFIG.SYSLOG_ADDR.split(':')) == 2:
-    host, port = CONFIG.SYSLOG_ADDR.split(':')
-    SYSLOG_ENABLE = True
-    LOGGING['handlers']['syslog'].update({
-        'class': 'logging.handlers.SysLogHandler',
-        'facility': CONFIG.SYSLOG_FACILITY,
-        'address': (host, int(port)),
-    })
-
-# Internationalization
-# https://docs.djangoproject.com/en/1.10/topics/i18n/
-# LANGUAGE_CODE = 'en'
-LANGUAGE_CODE = 'zh'
-
-TIME_ZONE = 'Asia/Shanghai'
-
-USE_I18N = True
-
-USE_L10N = True
-
-USE_TZ = True
-
-# I18N translation
-LOCALE_PATHS = [
-    os.path.join(BASE_DIR, 'locale'),
-]
-
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/1.10/howto/static-files/
-
-STATIC_URL = '{}/static/'.format(CONFIG.FORCE_SCRIPT_NAME)
-STATIC_ROOT = os.path.join(PROJECT_DIR, "data", "static")
-STATIC_DIR = os.path.join(BASE_DIR, "static")
-
-STATICFILES_DIRS = (
-    os.path.join(BASE_DIR, "static"),
-)
-
-# Media files (File, ImageField) will be save these
-
-MEDIA_URL = '/media/'
-
-MEDIA_ROOT = os.path.join(PROJECT_DIR, 'data', 'media').replace('\\', '/') + '/'
-
-# Use django-bootstrap-form to format template, input max width arg
-# BOOTSTRAP_COLUMN_COUNT = 11
-
-# Init data or generate fake data source for development
-FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'), ]
-
-# Email config
-EMAIL_HOST = 'smtp.jumpserver.org'
-EMAIL_PORT = 25
-EMAIL_HOST_USER = 'noreply@jumpserver.org'
-EMAIL_HOST_PASSWORD = ''
-EMAIL_FROM = ''
-EMAIL_RECIPIENT = ''
-EMAIL_USE_SSL = False
-EMAIL_USE_TLS = False
-EMAIL_SUBJECT_PREFIX = '[JMS] '
-
-# Email custom content
-EMAIL_CUSTOM_USER_CREATED_SUBJECT = ''
-EMAIL_CUSTOM_USER_CREATED_HONORIFIC = ''
-EMAIL_CUSTOM_USER_CREATED_BODY = ''
-EMAIL_CUSTOM_USER_CREATED_SIGNATURE = ''
-
-REST_FRAMEWORK = {
-    # Use Django's standard `django.contrib.auth` permissions,
-    # or allow read-only access for unauthenticated users.
-    'DEFAULT_PERMISSION_CLASSES': (
-        'common.permissions.IsOrgAdmin',
-    ),
-    'DEFAULT_RENDERER_CLASSES': (
-        'rest_framework.renderers.JSONRenderer',
-        'rest_framework.renderers.BrowsableAPIRenderer',
-        'common.renders.JMSCSVRender',
-    ),
-    'DEFAULT_PARSER_CLASSES': (
-        'rest_framework.parsers.JSONParser',
-        'rest_framework.parsers.FormParser',
-        'rest_framework.parsers.MultiPartParser',
-        'common.parsers.JMSCSVParser',
-        'rest_framework.parsers.FileUploadParser',
-    ),
-    'DEFAULT_AUTHENTICATION_CLASSES': (
-        # 'rest_framework.authentication.BasicAuthentication',
-        'authentication.backends.api.AccessKeyAuthentication',
-        'authentication.backends.api.AccessTokenAuthentication',
-        'authentication.backends.api.PrivateTokenAuthentication',
-        'authentication.backends.api.SignatureAuthentication',
-        'authentication.backends.api.SessionAuthentication',
-    ),
-    'DEFAULT_FILTER_BACKENDS': (
-        'django_filters.rest_framework.DjangoFilterBackend',
-        'rest_framework.filters.SearchFilter',
-        'rest_framework.filters.OrderingFilter',
-    ),
-    'DEFAULT_METADATA_CLASS': 'common.drfmetadata.SimpleMetadataWithFilters',
-    'ORDERING_PARAM': "order",
-    'SEARCH_PARAM': "search",
-    'DATETIME_FORMAT': '%Y-%m-%d %H:%M:%S %z',
-    'DATETIME_INPUT_FORMATS': ['iso-8601', '%Y-%m-%d %H:%M:%S %z'],
-    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
-    # 'PAGE_SIZE': 15
-}
-
-AUTHENTICATION_BACKENDS = [
-    'django.contrib.auth.backends.ModelBackend',
-    'authentication.backends.pubkey.PublicKeyAuthBackend',
-]
-
-# Custom User Auth model
-AUTH_USER_MODEL = 'users.User'
-
-# File Upload Permissions
-FILE_UPLOAD_PERMISSIONS = 0o644
-FILE_UPLOAD_DIRECTORY_PERMISSIONS = 0o755
-
-# OTP settings
-OTP_ISSUER_NAME = CONFIG.OTP_ISSUER_NAME
-OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW
-
-# Auth LDAP settings
-AUTH_LDAP = False
-AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
-AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
-AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
-AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
-AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS = CONFIG.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS
-
-AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
-AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
-AUTH_LDAP_BIND_PASSWORD = ''
-AUTH_LDAP_SEARCH_OU = 'ou=tech,dc=jumpserver,dc=org'
-AUTH_LDAP_SEARCH_FILTER = '(cn=%(user)s)'
-AUTH_LDAP_START_TLS = False
-AUTH_LDAP_USER_ATTR_MAP = {"username": "cn", "name": "sn", "email": "mail"}
-AUTH_LDAP_GLOBAL_OPTIONS = {
-    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
-    ldap.OPT_REFERRALS: CONFIG.AUTH_LDAP_OPTIONS_OPT_REFERRALS
-}
-LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem")
-if os.path.isfile(LDAP_CERT_FILE):
-    AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = LDAP_CERT_FILE
-# AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
-# AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
-# AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
-#    AUTH_LDAP_GROUP_SEARCH_OU, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
-# )
-AUTH_LDAP_CONNECTION_OPTIONS = {
-    ldap.OPT_TIMEOUT: 30
-}
-AUTH_LDAP_GROUP_CACHE_TIMEOUT = 1
-AUTH_LDAP_ALWAYS_UPDATE_USER = True
-AUTH_LDAP_BACKEND = 'authentication.backends.ldap.LDAPAuthorizationBackend'
-
-if AUTH_LDAP:
-    AUTHENTICATION_BACKENDS.insert(0, AUTH_LDAP_BACKEND)
-
-# openid
-# Auth OpenID settings
-BASE_SITE_URL = CONFIG.BASE_SITE_URL
-AUTH_OPENID = CONFIG.AUTH_OPENID
-AUTH_OPENID_SERVER_URL = CONFIG.AUTH_OPENID_SERVER_URL
-AUTH_OPENID_REALM_NAME = CONFIG.AUTH_OPENID_REALM_NAME
-AUTH_OPENID_CLIENT_ID = CONFIG.AUTH_OPENID_CLIENT_ID
-AUTH_OPENID_CLIENT_SECRET = CONFIG.AUTH_OPENID_CLIENT_SECRET
-AUTH_OPENID_IGNORE_SSL_VERIFICATION = CONFIG.AUTH_OPENID_IGNORE_SSL_VERIFICATION
-AUTH_OPENID_SHARE_SESSION = CONFIG.AUTH_OPENID_SHARE_SESSION
-AUTH_OPENID_BACKENDS = [
-    'authentication.backends.openid.backends.OpenIDAuthorizationPasswordBackend',
-    'authentication.backends.openid.backends.OpenIDAuthorizationCodeBackend',
-]
-
-if AUTH_OPENID:
-    LOGIN_URL = reverse_lazy("authentication:openid:openid-login")
-    LOGIN_COMPLETE_URL = reverse_lazy("authentication:openid:openid-login-complete")
-    AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[0])
-    AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[1])
-
-# Radius Auth
-AUTH_RADIUS = CONFIG.AUTH_RADIUS
-AUTH_RADIUS_BACKEND = 'authentication.backends.radius.RadiusBackend'
-RADIUS_SERVER = CONFIG.RADIUS_SERVER
-RADIUS_PORT = CONFIG.RADIUS_PORT
-RADIUS_SECRET = CONFIG.RADIUS_SECRET
-
-if AUTH_RADIUS:
-    AUTHENTICATION_BACKENDS.insert(0, AUTH_RADIUS_BACKEND)
-
-# Dump all celery log to here
-CELERY_LOG_DIR = os.path.join(PROJECT_DIR, 'data', 'celery')
-
-# Celery using redis as broker
-CELERY_BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/%(db)s' % {
-    'password': CONFIG.REDIS_PASSWORD,
-    'host': CONFIG.REDIS_HOST,
-    'port': CONFIG.REDIS_PORT,
-    'db': CONFIG.REDIS_DB_CELERY,
-}
-CELERY_TASK_SERIALIZER = 'pickle'
-CELERY_RESULT_SERIALIZER = 'pickle'
-CELERY_RESULT_BACKEND = CELERY_BROKER_URL
-CELERY_ACCEPT_CONTENT = ['json', 'pickle']
-CELERY_RESULT_EXPIRES = 3600
-# CELERY_WORKER_LOG_FORMAT = '%(asctime)s [%(module)s %(levelname)s] %(message)s'
-# CELERY_WORKER_LOG_FORMAT = '%(message)s'
-# CELERY_WORKER_TASK_LOG_FORMAT = '%(task_id)s %(task_name)s %(message)s'
-CELERY_WORKER_TASK_LOG_FORMAT = '%(message)s'
-# CELERY_WORKER_LOG_FORMAT = '%(asctime)s [%(module)s %(levelname)s] %(message)s'
-CELERY_WORKER_LOG_FORMAT = '%(message)s'
-CELERY_TASK_EAGER_PROPAGATES = True
-CELERY_WORKER_REDIRECT_STDOUTS = True
-CELERY_WORKER_REDIRECT_STDOUTS_LEVEL = "INFO"
-# CELERY_WORKER_HIJACK_ROOT_LOGGER = True
-# CELERY_WORKER_MAX_TASKS_PER_CHILD = 40
-CELERY_TASK_SOFT_TIME_LIMIT = 3600
-
-# Cache use redis
-CACHES = {
-    'default': {
-        'BACKEND': 'redis_cache.RedisCache',
-        'LOCATION': 'redis://:%(password)s@%(host)s:%(port)s/%(db)s' % {
-            'password': CONFIG.REDIS_PASSWORD,
-            'host': CONFIG.REDIS_HOST,
-            'port': CONFIG.REDIS_PORT,
-            'db': CONFIG.REDIS_DB_CACHE,
-        }
-    }
-}
-
-# Captcha settings, more see https://django-simple-captcha.readthedocs.io/en/latest/advanced.html
-CAPTCHA_IMAGE_SIZE = (80, 33)
-CAPTCHA_FOREGROUND_COLOR = '#001100'
-CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_dots',)
-CAPTCHA_TEST_MODE = CONFIG.CAPTCHA_TEST_MODE
-
-COMMAND_STORAGE = {
-    'ENGINE': 'terminal.backends.command.db',
-}
-
-DEFAULT_TERMINAL_COMMAND_STORAGE = {
-    "default": {
-        "TYPE": "server",
-    },
-}
-
-TERMINAL_COMMAND_STORAGE = CONFIG.TERMINAL_COMMAND_STORAGE
-
-DEFAULT_TERMINAL_REPLAY_STORAGE = {
-    "default": {
-        "TYPE": "server",
-    },
-}
-
-TERMINAL_REPLAY_STORAGE = {
-}
-
-
-SECURITY_MFA_AUTH = False
-SECURITY_COMMAND_EXECUTION = True
-SECURITY_LOGIN_LIMIT_COUNT = 7
-SECURITY_LOGIN_LIMIT_TIME = 30  # Unit: minute
-SECURITY_MAX_IDLE_TIME = 30  # Unit: minute
-SECURITY_PASSWORD_EXPIRATION_TIME = 9999  # Unit: day
-SECURITY_PASSWORD_MIN_LENGTH = 6  # Unit: bit
-SECURITY_PASSWORD_UPPER_CASE = False
-SECURITY_PASSWORD_LOWER_CASE = False
-SECURITY_PASSWORD_NUMBER = False
-SECURITY_PASSWORD_SPECIAL_CHAR = False
-SECURITY_PASSWORD_RULES = [
-    'SECURITY_PASSWORD_MIN_LENGTH',
-    'SECURITY_PASSWORD_UPPER_CASE',
-    'SECURITY_PASSWORD_LOWER_CASE',
-    'SECURITY_PASSWORD_NUMBER',
-    'SECURITY_PASSWORD_SPECIAL_CHAR'
-]
-SECURITY_MFA_VERIFY_TTL = CONFIG.SECURITY_MFA_VERIFY_TTL
-SECURITY_SERVICE_ACCOUNT_REGISTRATION = CONFIG.SECURITY_SERVICE_ACCOUNT_REGISTRATION
-TERMINAL_PASSWORD_AUTH = CONFIG.TERMINAL_PASSWORD_AUTH
-TERMINAL_PUBLIC_KEY_AUTH = CONFIG.TERMINAL_PUBLIC_KEY_AUTH
-TERMINAL_HEARTBEAT_INTERVAL = CONFIG.TERMINAL_HEARTBEAT_INTERVAL
-TERMINAL_ASSET_LIST_SORT_BY = CONFIG.TERMINAL_ASSET_LIST_SORT_BY
-TERMINAL_ASSET_LIST_PAGE_SIZE = CONFIG.TERMINAL_ASSET_LIST_PAGE_SIZE
-TERMINAL_SESSION_KEEP_DURATION = CONFIG.TERMINAL_SESSION_KEEP_DURATION
-TERMINAL_HOST_KEY = CONFIG.TERMINAL_HOST_KEY
-TERMINAL_HEADER_TITLE = CONFIG.TERMINAL_HEADER_TITLE
-TERMINAL_TELNET_REGEX = CONFIG.TERMINAL_TELNET_REGEX
-
-# Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
-BOOTSTRAP3 = {
-    'horizontal_label_class': 'col-md-2',
-    # Field class to use in horizontal forms
-    'horizontal_field_class': 'col-md-9',
-    # Set placeholder attributes to label if no placeholder is provided
-    'set_placeholder': False,
-    'success_css_class': '',
-    'required_css_class': 'required',
-}
-
-TOKEN_EXPIRATION = CONFIG.TOKEN_EXPIRATION
-DISPLAY_PER_PAGE = CONFIG.DISPLAY_PER_PAGE
-DEFAULT_EXPIRED_YEARS = 70
-USER_GUIDE_URL = ""
-
-
-SWAGGER_SETTINGS = {
-    'DEFAULT_AUTO_SCHEMA_CLASS': 'jumpserver.swagger.CustomSwaggerAutoSchema',
-    'USE_SESSION_AUTH': True,
-    'SECURITY_DEFINITIONS': {
-        'Bearer': {
-            'type': 'apiKey',
-            'name': 'Authorization',
-            'in': 'header'
-        }
-    },
-}
-
-
-# Default email suffix
-EMAIL_SUFFIX = CONFIG.EMAIL_SUFFIX
-LOGIN_LOG_KEEP_DAYS = CONFIG.LOGIN_LOG_KEEP_DAYS
-
-# User or user group permission cache time, default 3600 seconds
-ASSETS_PERM_CACHE_ENABLE = CONFIG.ASSETS_PERM_CACHE_ENABLE
-ASSETS_PERM_CACHE_TIME = CONFIG.ASSETS_PERM_CACHE_TIME
-
-# Asset user auth external backend, default AuthBook backend
-BACKEND_ASSET_USER_AUTH_VAULT = False
-
-DEFAULT_ORG_SHOW_ALL_USERS = CONFIG.DEFAULT_ORG_SHOW_ALL_USERS
-
-PERM_SINGLE_ASSET_TO_UNGROUP_NODE = CONFIG.PERM_SINGLE_ASSET_TO_UNGROUP_NODE
-WINDOWS_SSH_DEFAULT_SHELL = CONFIG.WINDOWS_SSH_DEFAULT_SHELL
-FLOWER_URL = CONFIG.FLOWER_URL
-
-
-# Django channels support websocket
-CHANNEL_REDIS = "redis://:{}@{}:{}/{}".format(
-    CONFIG.REDIS_PASSWORD, CONFIG.REDIS_HOST, CONFIG.REDIS_PORT,
-    CONFIG.REDIS_DB_WS,
-)
-
-CHANNEL_LAYERS = {
-    'default': {
-        'BACKEND': 'channels_redis.core.RedisChannelLayer',
-        'CONFIG': {
-            "hosts": [CHANNEL_REDIS],
-        },
-    },
-}
-
-# Enable internal period task
-PERIOD_TASK_ENABLED = CONFIG.PERIOD_TASK_ENABLED
-FORCE_SCRIPT_NAME = CONFIG.FORCE_SCRIPT_NAME
diff --git a/apps/jumpserver/settings/__init__.py b/apps/jumpserver/settings/__init__.py
new file mode 100644
index 000000000..a82b2ceb1
--- /dev/null
+++ b/apps/jumpserver/settings/__init__.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+#
+from .base import *
+from .logging import *
+from .libs import *
+from .auth import *
+from .custom import *
+from ._xpack import *
diff --git a/apps/jumpserver/settings/_xpack.py b/apps/jumpserver/settings/_xpack.py
new file mode 100644
index 000000000..8957d83c4
--- /dev/null
+++ b/apps/jumpserver/settings/_xpack.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+#
+
+import os
+from .. import const
+from .base import INSTALLED_APPS, TEMPLATES
+
+XPACK_DIR = os.path.join(const.BASE_DIR, 'xpack')
+XPACK_ENABLED = os.path.isdir(XPACK_DIR)
+XPACK_TEMPLATES_DIR = []
+XPACK_CONTEXT_PROCESSOR = []
+
+if XPACK_ENABLED:
+    from xpack.utils import get_xpack_templates_dir, get_xpack_context_processor
+    INSTALLED_APPS.append('xpack.apps.XpackConfig')
+    XPACK_TEMPLATES_DIR = get_xpack_templates_dir(const.BASE_DIR)
+    XPACK_CONTEXT_PROCESSOR = get_xpack_context_processor()
+    TEMPLATES[0]['DIRS'].extend(XPACK_TEMPLATES_DIR)
+    TEMPLATES[0]['OPTIONS']['context_processors'].extend(XPACK_CONTEXT_PROCESSOR)
diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py
new file mode 100644
index 000000000..978faa751
--- /dev/null
+++ b/apps/jumpserver/settings/auth.py
@@ -0,0 +1,70 @@
+# -*- coding: utf-8 -*-
+#
+import os
+import ldap
+from django.urls import reverse_lazy
+
+from ..const import CONFIG, DYNAMIC, PROJECT_DIR
+
+# OTP settings
+OTP_ISSUER_NAME = CONFIG.OTP_ISSUER_NAME
+OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW
+
+# Auth LDAP settings
+AUTH_LDAP = DYNAMIC.AUTH_LDAP
+AUTH_LDAP_SERVER_URI = DYNAMIC.AUTH_LDAP_SERVER_URI
+AUTH_LDAP_BIND_DN = DYNAMIC.AUTH_LDAP_BIND_DN
+AUTH_LDAP_BIND_PASSWORD = DYNAMIC.AUTH_LDAP_BIND_PASSWORD
+AUTH_LDAP_SEARCH_OU = DYNAMIC.AUTH_LDAP_SEARCH_OU
+AUTH_LDAP_SEARCH_FILTER = DYNAMIC.AUTH_LDAP_SEARCH_FILTER
+AUTH_LDAP_START_TLS = DYNAMIC.AUTH_LDAP_START_TLS
+AUTH_LDAP_USER_ATTR_MAP = DYNAMIC.AUTH_LDAP_USER_ATTR_MAP
+AUTH_LDAP_GLOBAL_OPTIONS = {
+    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
+    ldap.OPT_REFERRALS: CONFIG.AUTH_LDAP_OPTIONS_OPT_REFERRALS
+}
+LDAP_CERT_FILE = os.path.join(PROJECT_DIR, "data", "certs", "ldap_ca.pem")
+if os.path.isfile(LDAP_CERT_FILE):
+    AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = LDAP_CERT_FILE
+# AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
+# AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
+# AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+#    AUTH_LDAP_GROUP_SEARCH_OU, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
+# )
+AUTH_LDAP_CONNECTION_OPTIONS = {
+    ldap.OPT_TIMEOUT: CONFIG.AUTH_LDAP_CONNECT_TIMEOUT
+}
+AUTH_LDAP_CACHE_TIMEOUT = 1
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+
+AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
+AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
+AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
+AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
+AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS = CONFIG.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS
+
+# openid
+# Auth OpenID settings
+BASE_SITE_URL = CONFIG.BASE_SITE_URL
+AUTH_OPENID = CONFIG.AUTH_OPENID
+AUTH_OPENID_SERVER_URL = CONFIG.AUTH_OPENID_SERVER_URL
+AUTH_OPENID_REALM_NAME = CONFIG.AUTH_OPENID_REALM_NAME
+AUTH_OPENID_CLIENT_ID = CONFIG.AUTH_OPENID_CLIENT_ID
+AUTH_OPENID_CLIENT_SECRET = CONFIG.AUTH_OPENID_CLIENT_SECRET
+AUTH_OPENID_IGNORE_SSL_VERIFICATION = CONFIG.AUTH_OPENID_IGNORE_SSL_VERIFICATION
+AUTH_OPENID_SHARE_SESSION = CONFIG.AUTH_OPENID_SHARE_SESSION
+AUTH_OPENID_LOGIN_URL = reverse_lazy("authentication:openid:openid-login")
+AUTH_OPENID_LOGIN_COMPLETE_URL = reverse_lazy("authentication:openid:openid-login-complete")
+
+
+# Radius Auth
+AUTH_RADIUS = CONFIG.AUTH_RADIUS
+AUTH_RADIUS_BACKEND = 'authentication.backends.radius.RadiusBackend'
+RADIUS_SERVER = CONFIG.RADIUS_SERVER
+RADIUS_PORT = CONFIG.RADIUS_PORT
+RADIUS_SECRET = CONFIG.RADIUS_SECRET
+
+
+TOKEN_EXPIRATION = CONFIG.TOKEN_EXPIRATION
+LOGIN_CONFIRM_ENABLE = CONFIG.LOGIN_CONFIRM_ENABLE
+OTP_IN_RADIUS = CONFIG.OTP_IN_RADIUS
diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py
new file mode 100644
index 000000000..49425b488
--- /dev/null
+++ b/apps/jumpserver/settings/base.py
@@ -0,0 +1,247 @@
+import os
+
+from django.urls import reverse_lazy
+
+from .. import const
+from ..const import CONFIG, DYNAMIC
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+VERSION = const.VERSION
+BASE_DIR = const.BASE_DIR
+PROJECT_DIR = const.PROJECT_DIR
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = CONFIG.SECRET_KEY
+
+# SECURITY WARNING: keep the token secret, remove it if all coco, guacamole ok
+BOOTSTRAP_TOKEN = CONFIG.BOOTSTRAP_TOKEN
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = CONFIG.DEBUG
+
+# Absolute url for some case, for example email link
+SITE_URL = DYNAMIC.SITE_URL
+
+# LOG LEVEL
+LOG_LEVEL = CONFIG.LOG_LEVEL
+
+ALLOWED_HOSTS = ['*']
+
+# Max post update field num
+DATA_UPLOAD_MAX_NUMBER_FIELDS = 10000
+
+# Application definition
+
+INSTALLED_APPS = [
+    'orgs.apps.OrgsConfig',
+    'users.apps.UsersConfig',
+    'assets.apps.AssetsConfig',
+    'perms.apps.PermsConfig',
+    'ops.apps.OpsConfig',
+    'settings.apps.SettingsConfig',
+    'common.apps.CommonConfig',
+    'terminal.apps.TerminalConfig',
+    'audits.apps.AuditsConfig',
+    'authentication.apps.AuthenticationConfig',  # authentication
+    'applications.apps.ApplicationsConfig',
+    'tickets.apps.TicketsConfig',
+    'rest_framework',
+    'rest_framework_swagger',
+    'drf_yasg',
+    'channels',
+    'django_filters',
+    'bootstrap3',
+    'captcha',
+    'django_celery_beat',
+    'django.contrib.auth',
+    'django.contrib.admin',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+]
+
+
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.locale.LocaleMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'authentication.backends.openid.middleware.OpenIDAuthenticationMiddleware',
+    'jumpserver.middleware.TimezoneMiddleware',
+    'jumpserver.middleware.DemoMiddleware',
+    'jumpserver.middleware.RequestMiddleware',
+    'orgs.middleware.OrgMiddleware',
+]
+
+
+ROOT_URLCONF = 'jumpserver.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [os.path.join(BASE_DIR, 'templates')],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.i18n',
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+                'django.template.context_processors.static',
+                'django.template.context_processors.request',
+                'django.template.context_processors.media',
+                'jumpserver.context_processor.jumpserver_processor',
+                'orgs.context_processor.org_processor',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'jumpserver.wsgi.application'
+
+LOGIN_REDIRECT_URL = reverse_lazy('index')
+LOGIN_URL = reverse_lazy('authentication:login')
+
+SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN
+CSRF_COOKIE_DOMAIN = CONFIG.CSRF_COOKIE_DOMAIN
+SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE
+SESSION_EXPIRE_AT_BROWSER_CLOSE = CONFIG.SESSION_EXPIRE_AT_BROWSER_CLOSE
+SESSION_ENGINE = 'redis_sessions.session'
+SESSION_REDIS = {
+    'host': CONFIG.REDIS_HOST,
+    'port': CONFIG.REDIS_PORT,
+    'password': CONFIG.REDIS_PASSWORD,
+    'db': CONFIG.REDIS_DB_SESSION,
+    'prefix': 'auth_session',
+    'socket_timeout': 1,
+    'retry_on_timeout': False
+}
+
+MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage'
+# Database
+# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+
+DB_OPTIONS = {}
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.{}'.format(CONFIG.DB_ENGINE.lower()),
+        'NAME': CONFIG.DB_NAME,
+        'HOST': CONFIG.DB_HOST,
+        'PORT': CONFIG.DB_PORT,
+        'USER': CONFIG.DB_USER,
+        'PASSWORD': CONFIG.DB_PASSWORD,
+        'ATOMIC_REQUESTS': True,
+        'OPTIONS': DB_OPTIONS
+    }
+}
+DB_CA_PATH = os.path.join(PROJECT_DIR, 'data', 'certs', 'db_ca.pem')
+if CONFIG.DB_ENGINE.lower() == 'mysql':
+    DB_OPTIONS['init_command'] = "SET sql_mode='STRICT_TRANS_TABLES'"
+    if os.path.isfile(DB_CA_PATH):
+        DB_OPTIONS['ssl'] = {'ca': DB_CA_PATH}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
+#
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+# Internationalization
+# https://docs.djangoproject.com/en/1.10/topics/i18n/
+# LANGUAGE_CODE = 'en'
+LANGUAGE_CODE = 'zh'
+
+TIME_ZONE = 'Asia/Shanghai'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+# I18N translation
+LOCALE_PATHS = [
+    os.path.join(BASE_DIR, 'locale'),
+]
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/1.10/howto/static-files/
+
+STATIC_URL = '{}/static/'.format(CONFIG.FORCE_SCRIPT_NAME)
+STATIC_ROOT = os.path.join(PROJECT_DIR, "data", "static")
+STATIC_DIR = os.path.join(BASE_DIR, "static")
+
+STATICFILES_DIRS = (
+    os.path.join(BASE_DIR, "static"),
+)
+
+# Media files (File, ImageField) will be save these
+
+MEDIA_URL = '/media/'
+
+MEDIA_ROOT = os.path.join(PROJECT_DIR, 'data', 'media').replace('\\', '/') + '/'
+
+# Use django-bootstrap-form to format template, input max width arg
+# BOOTSTRAP_COLUMN_COUNT = 11
+
+# Init data or generate fake data source for development
+FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'), ]
+
+# Email config
+EMAIL_HOST = DYNAMIC.EMAIL_HOST
+EMAIL_PORT = DYNAMIC.EMAIL_PORT
+EMAIL_HOST_USER = DYNAMIC.EMAIL_HOST_USER
+EMAIL_HOST_PASSWORD = DYNAMIC.EMAIL_HOST_PASSWORD
+EMAIL_FROM = DYNAMIC.EMAIL_FROM
+EMAIL_RECIPIENT = DYNAMIC.EMAIL_RECIPIENT
+EMAIL_USE_SSL = DYNAMIC.EMAIL_USE_SSL
+EMAIL_USE_TLS = DYNAMIC.EMAIL_USE_TLS
+
+
+AUTHENTICATION_BACKENDS = DYNAMIC.AUTHENTICATION_BACKENDS
+
+# Custom User Auth model
+AUTH_USER_MODEL = 'users.User'
+
+# File Upload Permissions
+FILE_UPLOAD_PERMISSIONS = 0o644
+FILE_UPLOAD_DIRECTORY_PERMISSIONS = 0o755
+
+# Cache use redis
+CACHES = {
+    'default': {
+        'BACKEND': 'redis_cache.RedisCache',
+        'LOCATION': 'redis://:%(password)s@%(host)s:%(port)s/%(db)s' % {
+            'password': CONFIG.REDIS_PASSWORD,
+            'host': CONFIG.REDIS_HOST,
+            'port': CONFIG.REDIS_PORT,
+            'db': CONFIG.REDIS_DB_CACHE,
+        }
+    }
+}
+
+
+FORCE_SCRIPT_NAME = CONFIG.FORCE_SCRIPT_NAME
+
diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py
new file mode 100644
index 000000000..0a910f984
--- /dev/null
+++ b/apps/jumpserver/settings/custom.py
@@ -0,0 +1,84 @@
+# -*- coding: utf-8 -*-
+#
+from ..const import CONFIG, DYNAMIC
+
+# Storage settings
+COMMAND_STORAGE = {
+    'ENGINE': 'terminal.backends.command.db',
+}
+DEFAULT_TERMINAL_COMMAND_STORAGE = {
+    "default": {
+        "TYPE": "server",
+    },
+}
+TERMINAL_COMMAND_STORAGE = DYNAMIC.TERMINAL_COMMAND_STORAGE or {}
+DEFAULT_TERMINAL_REPLAY_STORAGE = {
+    "default": {
+        "TYPE": "server",
+    },
+}
+TERMINAL_REPLAY_STORAGE = DYNAMIC.TERMINAL_REPLAY_STORAGE
+
+# Security settings
+SECURITY_MFA_AUTH = DYNAMIC.SECURITY_MFA_AUTH
+SECURITY_COMMAND_EXECUTION = DYNAMIC.SECURITY_COMMAND_EXECUTION
+SECURITY_LOGIN_LIMIT_COUNT = DYNAMIC.SECURITY_LOGIN_LIMIT_COUNT
+SECURITY_LOGIN_LIMIT_TIME = DYNAMIC.SECURITY_LOGIN_LIMIT_TIME  # Unit: minute
+SECURITY_MAX_IDLE_TIME = DYNAMIC.SECURITY_MAX_IDLE_TIME  # Unit: minute
+SECURITY_PASSWORD_EXPIRATION_TIME = DYNAMIC.SECURITY_PASSWORD_EXPIRATION_TIME # Unit: day
+SECURITY_PASSWORD_MIN_LENGTH = DYNAMIC.SECURITY_PASSWORD_MIN_LENGTH  # Unit: bit
+SECURITY_PASSWORD_UPPER_CASE = DYNAMIC.SECURITY_PASSWORD_UPPER_CASE
+SECURITY_PASSWORD_LOWER_CASE = DYNAMIC.SECURITY_PASSWORD_LOWER_CASE
+SECURITY_PASSWORD_NUMBER = DYNAMIC.SECURITY_PASSWORD_NUMBER
+SECURITY_PASSWORD_SPECIAL_CHAR = DYNAMIC.SECURITY_PASSWORD_SPECIAL_CHAR
+SECURITY_PASSWORD_RULES = [
+    'SECURITY_PASSWORD_MIN_LENGTH',
+    'SECURITY_PASSWORD_UPPER_CASE',
+    'SECURITY_PASSWORD_LOWER_CASE',
+    'SECURITY_PASSWORD_NUMBER',
+    'SECURITY_PASSWORD_SPECIAL_CHAR'
+]
+SECURITY_MFA_VERIFY_TTL = CONFIG.SECURITY_MFA_VERIFY_TTL
+SECURITY_VIEW_AUTH_NEED_MFA = CONFIG.SECURITY_VIEW_AUTH_NEED_MFA
+SECURITY_SERVICE_ACCOUNT_REGISTRATION = DYNAMIC.SECURITY_SERVICE_ACCOUNT_REGISTRATION
+
+# Terminal other setting
+TERMINAL_PASSWORD_AUTH = DYNAMIC.TERMINAL_PASSWORD_AUTH
+TERMINAL_PUBLIC_KEY_AUTH = DYNAMIC.TERMINAL_PUBLIC_KEY_AUTH
+TERMINAL_HEARTBEAT_INTERVAL = DYNAMIC.TERMINAL_HEARTBEAT_INTERVAL
+TERMINAL_ASSET_LIST_SORT_BY = DYNAMIC.TERMINAL_ASSET_LIST_SORT_BY
+TERMINAL_ASSET_LIST_PAGE_SIZE = DYNAMIC.TERMINAL_ASSET_LIST_PAGE_SIZE
+TERMINAL_SESSION_KEEP_DURATION = DYNAMIC.TERMINAL_SESSION_KEEP_DURATION
+TERMINAL_HOST_KEY = DYNAMIC.TERMINAL_HOST_KEY
+TERMINAL_HEADER_TITLE = DYNAMIC.TERMINAL_HEADER_TITLE
+TERMINAL_TELNET_REGEX = DYNAMIC.TERMINAL_TELNET_REGEX
+
+# User or user group permission cache time, default 3600 seconds
+ASSETS_PERM_CACHE_ENABLE = CONFIG.ASSETS_PERM_CACHE_ENABLE
+ASSETS_PERM_CACHE_TIME = CONFIG.ASSETS_PERM_CACHE_TIME
+
+# Asset user auth external backend, default AuthBook backend
+BACKEND_ASSET_USER_AUTH_VAULT = False
+
+DEFAULT_ORG_SHOW_ALL_USERS = CONFIG.DEFAULT_ORG_SHOW_ALL_USERS
+PERM_SINGLE_ASSET_TO_UNGROUP_NODE = CONFIG.PERM_SINGLE_ASSET_TO_UNGROUP_NODE
+WINDOWS_SSH_DEFAULT_SHELL = CONFIG.WINDOWS_SSH_DEFAULT_SHELL
+FLOWER_URL = CONFIG.FLOWER_URL
+
+# Enable internal period task
+PERIOD_TASK_ENABLED = CONFIG.PERIOD_TASK_ENABLED
+
+# Email custom content
+EMAIL_SUBJECT_PREFIX = DYNAMIC.EMAIL_SUBJECT_PREFIX
+EMAIL_SUFFIX = DYNAMIC.EMAIL_SUFFIX
+EMAIL_CUSTOM_USER_CREATED_SUBJECT = DYNAMIC.EMAIL_CUSTOM_USER_CREATED_SUBJECT
+EMAIL_CUSTOM_USER_CREATED_HONORIFIC = DYNAMIC.EMAIL_CUSTOM_USER_CREATED_HONORIFIC
+EMAIL_CUSTOM_USER_CREATED_BODY = DYNAMIC.EMAIL_CUSTOM_USER_CREATED_BODY
+EMAIL_CUSTOM_USER_CREATED_SIGNATURE = DYNAMIC.EMAIL_CUSTOM_USER_CREATED_SIGNATURE
+
+DISPLAY_PER_PAGE = CONFIG.DISPLAY_PER_PAGE
+DEFAULT_EXPIRED_YEARS = 70
+USER_GUIDE_URL = DYNAMIC.USER_GUIDE_URL
+HTTP_LISTEN_PORT = CONFIG.HTTP_LISTEN_PORT
+WS_LISTEN_PORT = CONFIG.WS_LISTEN_PORT
+LOGIN_LOG_KEEP_DAYS = DYNAMIC.LOGIN_LOG_KEEP_DAYS
diff --git a/apps/jumpserver/settings/libs.py b/apps/jumpserver/settings/libs.py
new file mode 100644
index 000000000..5debccc65
--- /dev/null
+++ b/apps/jumpserver/settings/libs.py
@@ -0,0 +1,120 @@
+# -*- coding: utf-8 -*-
+#
+import os
+from ..const import CONFIG, PROJECT_DIR
+
+REST_FRAMEWORK = {
+    # Use Django's standard `django.contrib.auth` permissions,
+    # or allow read-only access for unauthenticated users.
+    'DEFAULT_PERMISSION_CLASSES': (
+        'common.permissions.IsOrgAdmin',
+    ),
+    'DEFAULT_RENDERER_CLASSES': (
+        'rest_framework.renderers.JSONRenderer',
+        'rest_framework.renderers.BrowsableAPIRenderer',
+        'common.drf.renders.JMSCSVRender',
+    ),
+    'DEFAULT_PARSER_CLASSES': (
+        'rest_framework.parsers.JSONParser',
+        'rest_framework.parsers.FormParser',
+        'rest_framework.parsers.MultiPartParser',
+        'common.drf.parsers.JMSCSVParser',
+        'rest_framework.parsers.FileUploadParser',
+    ),
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        # 'rest_framework.authentication.BasicAuthentication',
+        'authentication.backends.api.AccessKeyAuthentication',
+        'authentication.backends.api.AccessTokenAuthentication',
+        'authentication.backends.api.PrivateTokenAuthentication',
+        'authentication.backends.api.SignatureAuthentication',
+        'authentication.backends.api.SessionAuthentication',
+    ),
+    'DEFAULT_FILTER_BACKENDS': (
+        'django_filters.rest_framework.DjangoFilterBackend',
+        'rest_framework.filters.SearchFilter',
+        'rest_framework.filters.OrderingFilter',
+    ),
+    'DEFAULT_METADATA_CLASS': 'common.drf.metadata.SimpleMetadataWithFilters',
+    'ORDERING_PARAM': "order",
+    'SEARCH_PARAM': "search",
+    'DATETIME_FORMAT': '%Y-%m-%d %H:%M:%S %z',
+    'DATETIME_INPUT_FORMATS': ['iso-8601', '%Y-%m-%d %H:%M:%S %z'],
+    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
+    # 'PAGE_SIZE': 15
+}
+
+SWAGGER_SETTINGS = {
+    'DEFAULT_AUTO_SCHEMA_CLASS': 'jumpserver.swagger.CustomSwaggerAutoSchema',
+    'USE_SESSION_AUTH': True,
+    'SECURITY_DEFINITIONS': {
+        'Bearer': {
+            'type': 'apiKey',
+            'name': 'Authorization',
+            'in': 'header'
+        }
+    },
+}
+
+
+# Captcha settings, more see https://django-simple-captcha.readthedocs.io/en/latest/advanced.html
+CAPTCHA_IMAGE_SIZE = (80, 33)
+CAPTCHA_FOREGROUND_COLOR = '#001100'
+CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_dots',)
+CAPTCHA_TEST_MODE = CONFIG.CAPTCHA_TEST_MODE
+
+# Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
+BOOTSTRAP3 = {
+    'horizontal_label_class': 'col-md-2',
+    # Field class to use in horizontal forms
+    'horizontal_field_class': 'col-md-9',
+    # Set placeholder attributes to label if no placeholder is provided
+    'set_placeholder': False,
+    'success_css_class': '',
+    'required_css_class': 'required',
+}
+
+
+# Django channels support websocket
+CHANNEL_REDIS = "redis://:{}@{}:{}/{}".format(
+    CONFIG.REDIS_PASSWORD, CONFIG.REDIS_HOST, CONFIG.REDIS_PORT,
+    CONFIG.REDIS_DB_WS,
+)
+
+CHANNEL_LAYERS = {
+    'default': {
+        'BACKEND': 'channels_redis.core.RedisChannelLayer',
+        'CONFIG': {
+            "hosts": [CHANNEL_REDIS],
+        },
+    },
+}
+ASGI_APPLICATION = 'jumpserver.routing.application'
+
+
+# Dump all celery log to here
+CELERY_LOG_DIR = os.path.join(PROJECT_DIR, 'data', 'celery')
+
+# Celery using redis as broker
+CELERY_BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/%(db)s' % {
+    'password': CONFIG.REDIS_PASSWORD,
+    'host': CONFIG.REDIS_HOST,
+    'port': CONFIG.REDIS_PORT,
+    'db': CONFIG.REDIS_DB_CELERY,
+}
+CELERY_TASK_SERIALIZER = 'pickle'
+CELERY_RESULT_SERIALIZER = 'pickle'
+CELERY_RESULT_BACKEND = CELERY_BROKER_URL
+CELERY_ACCEPT_CONTENT = ['json', 'pickle']
+CELERY_RESULT_EXPIRES = 3600
+# CELERY_WORKER_LOG_FORMAT = '%(asctime)s [%(module)s %(levelname)s] %(message)s'
+# CELERY_WORKER_LOG_FORMAT = '%(message)s'
+# CELERY_WORKER_TASK_LOG_FORMAT = '%(task_id)s %(task_name)s %(message)s'
+CELERY_WORKER_TASK_LOG_FORMAT = '%(message)s'
+# CELERY_WORKER_LOG_FORMAT = '%(asctime)s [%(module)s %(levelname)s] %(message)s'
+CELERY_WORKER_LOG_FORMAT = '%(message)s'
+CELERY_TASK_EAGER_PROPAGATES = True
+CELERY_WORKER_REDIRECT_STDOUTS = True
+CELERY_WORKER_REDIRECT_STDOUTS_LEVEL = "INFO"
+# CELERY_WORKER_HIJACK_ROOT_LOGGER = True
+# CELERY_WORKER_MAX_TASKS_PER_CHILD = 40
+CELERY_TASK_SOFT_TIME_LIMIT = 3600
diff --git a/apps/jumpserver/settings/logging.py b/apps/jumpserver/settings/logging.py
new file mode 100644
index 000000000..0fef4e6f9
--- /dev/null
+++ b/apps/jumpserver/settings/logging.py
@@ -0,0 +1,116 @@
+# -*- coding: utf-8 -*-
+#
+import os
+from ..const import PROJECT_DIR, CONFIG
+
+LOG_DIR = os.path.join(PROJECT_DIR, 'logs')
+JUMPSERVER_LOG_FILE = os.path.join(LOG_DIR, 'jumpserver.log')
+ANSIBLE_LOG_FILE = os.path.join(LOG_DIR, 'ansible.log')
+GUNICORN_LOG_FILE = os.path.join(LOG_DIR, 'gunicorn.log')
+LOG_LEVEL = CONFIG.LOG_LEVEL
+
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'formatters': {
+        'verbose': {
+            'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
+        },
+        'main': {
+            'datefmt': '%Y-%m-%d %H:%M:%S',
+            'format': '%(asctime)s [%(module)s %(levelname)s] %(message)s',
+        },
+        'simple': {
+            'format': '%(levelname)s %(message)s'
+        },
+        'syslog': {
+            'format': 'jumpserver: %(message)s'
+        },
+        'msg': {
+            'format': '%(message)s'
+        }
+    },
+    'handlers': {
+        'null': {
+            'level': 'DEBUG',
+            'class': 'logging.NullHandler',
+        },
+        'console': {
+            'level': 'DEBUG',
+            'class': 'logging.StreamHandler',
+            'formatter': 'main'
+        },
+        'file': {
+            'encoding': 'utf8',
+            'level': 'DEBUG',
+            'class': 'logging.handlers.RotatingFileHandler',
+            'maxBytes': 1024*1024*100,
+            'backupCount': 7,
+            'formatter': 'main',
+            'filename': JUMPSERVER_LOG_FILE,
+        },
+        'ansible_logs': {
+            'encoding': 'utf8',
+            'level': 'DEBUG',
+            'class': 'logging.handlers.RotatingFileHandler',
+            'formatter': 'main',
+            'maxBytes': 1024*1024*100,
+            'backupCount': 7,
+            'filename': ANSIBLE_LOG_FILE,
+        },
+        'syslog': {
+            'level': 'INFO',
+            'class': 'logging.NullHandler',
+            'formatter': 'syslog'
+        },
+    },
+    'loggers': {
+        'django': {
+            'handlers': ['null'],
+            'propagate': False,
+            'level': LOG_LEVEL,
+        },
+        'django.request': {
+            'handlers': ['console', 'file', 'syslog'],
+            'level': LOG_LEVEL,
+            'propagate': False,
+        },
+        'django.server': {
+            'handlers': ['console', 'file', 'syslog'],
+            'level': LOG_LEVEL,
+            'propagate': False,
+        },
+        'jumpserver': {
+            'handlers': ['console', 'file', 'syslog'],
+            'level': LOG_LEVEL,
+        },
+        'ops.ansible_api': {
+            'handlers': ['console', 'ansible_logs'],
+            'level': LOG_LEVEL,
+        },
+        'django_auth_ldap': {
+            'handlers': ['console', 'file'],
+            'level': "INFO",
+        },
+        'jms.audits': {
+            'handlers': ['syslog'],
+            'level': 'INFO'
+        },
+        # 'django.db': {
+        #     'handlers': ['console', 'file'],
+        #     'level': 'DEBUG'
+        # }
+    }
+}
+SYSLOG_ENABLE = CONFIG.SYSLOG_ENABLE
+
+if CONFIG.SYSLOG_ADDR != '' and len(CONFIG.SYSLOG_ADDR.split(':')) == 2:
+    host, port = CONFIG.SYSLOG_ADDR.split(':')
+    LOGGING['handlers']['syslog'].update({
+        'class': 'logging.handlers.SysLogHandler',
+        'facility': CONFIG.SYSLOG_FACILITY,
+        'address': (host, int(port)),
+    })
+
+if not os.path.isdir(LOG_DIR):
+    os.makedirs(LOG_DIR)
diff --git a/apps/jumpserver/urls.py b/apps/jumpserver/urls.py
index 4d5e96671..c4653969b 100644
--- a/apps/jumpserver/urls.py
+++ b/apps/jumpserver/urls.py
@@ -7,10 +7,7 @@ from django.conf.urls.static import static
 from django.conf.urls.i18n import i18n_patterns
 from django.views.i18n import JavaScriptCatalog
 
-# from .views import IndexView, LunaView, I18NView, HealthCheckView, redirect_format_api
 from . import views
-from .celery_flower import celery_flower_view
-from .swagger import get_swagger_view
 
 api_v1 = [
     path('users/', include('users.urls.api_urls', namespace='api-users')),
@@ -44,7 +41,7 @@ app_view_patterns = [
     path('auth/', include('authentication.urls.view_urls'), name='auth'),
     path('applications/', include('applications.urls.views_urls', namespace='applications')),
     path('tickets/', include('tickets.urls.views_urls', namespace='tickets')),
-    re_path(r'flower/(?P<path>.*)', celery_flower_view, name='flower-view'),
+    re_path(r'flower/(?P<path>.*)', views.celery_flower_view, name='flower-view'),
 ]
 
 
@@ -82,19 +79,19 @@ urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) \
             + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
 urlpatterns += js_i18n_patterns
 
-handler404 = 'jumpserver.error_views.handler404'
-handler500 = 'jumpserver.error_views.handler500'
+handler404 = 'jumpserver.views.handler404'
+handler500 = 'jumpserver.views.handler500'
 
 if settings.DEBUG:
     urlpatterns += [
         re_path('^swagger(?P<format>\.json|\.yaml)$',
-                get_swagger_view().without_ui(cache_timeout=1), name='schema-json'),
-        path('docs/', get_swagger_view().with_ui('swagger', cache_timeout=1), name="docs"),
-        path('redoc/', get_swagger_view().with_ui('redoc', cache_timeout=1), name='redoc'),
+                views.get_swagger_view().without_ui(cache_timeout=1), name='schema-json'),
+        path('docs/', views.get_swagger_view().with_ui('swagger', cache_timeout=1), name="docs"),
+        path('redoc/', views.get_swagger_view().with_ui('redoc', cache_timeout=1), name='redoc'),
 
         re_path('^v2/swagger(?P<format>\.json|\.yaml)$',
-                get_swagger_view().without_ui(cache_timeout=1), name='schema-json'),
-        path('docs/v2/', get_swagger_view("v2").with_ui('swagger', cache_timeout=1), name="docs"),
-        path('redoc/v2/', get_swagger_view("v2").with_ui('redoc', cache_timeout=1), name='redoc'),
+                views.get_swagger_view().without_ui(cache_timeout=1), name='schema-json'),
+        path('docs/v2/', views.get_swagger_view("v2").with_ui('swagger', cache_timeout=1), name="docs"),
+        path('redoc/v2/', views.get_swagger_view("v2").with_ui('redoc', cache_timeout=1), name='redoc'),
     ]
 
diff --git a/apps/jumpserver/views/__init__.py b/apps/jumpserver/views/__init__.py
new file mode 100644
index 000000000..c30537520
--- /dev/null
+++ b/apps/jumpserver/views/__init__.py
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+#
+from .index import *
+from .other import *
+from .celery_flower import *
+from .swagger import *
+from .error_views import *
diff --git a/apps/jumpserver/celery_flower.py b/apps/jumpserver/views/celery_flower.py
similarity index 95%
rename from apps/jumpserver/celery_flower.py
rename to apps/jumpserver/views/celery_flower.py
index 480745ada..befd3c5f0 100644
--- a/apps/jumpserver/celery_flower.py
+++ b/apps/jumpserver/views/celery_flower.py
@@ -9,6 +9,8 @@ from proxy.views import proxy_view
 
 flower_url = settings.FLOWER_URL
 
+__all__ = ['celery_flower_view']
+
 
 @csrf_exempt
 def celery_flower_view(request, path):
diff --git a/apps/jumpserver/error_views.py b/apps/jumpserver/views/error_views.py
similarity index 94%
rename from apps/jumpserver/error_views.py
rename to apps/jumpserver/views/error_views.py
index 0d154d52b..833da9e42 100644
--- a/apps/jumpserver/error_views.py
+++ b/apps/jumpserver/views/error_views.py
@@ -3,6 +3,8 @@
 from django.shortcuts import render
 from django.http import JsonResponse
 
+__all__ = ['handler404', 'handler500']
+
 
 def handler404(request, *args, **argv):
     if request.content_type.find('application/json') > -1:
diff --git a/apps/jumpserver/views.py b/apps/jumpserver/views/index.py
similarity index 75%
rename from apps/jumpserver/views.py
rename to apps/jumpserver/views/index.py
index 1c5d2167a..2a3304a8c 100644
--- a/apps/jumpserver/views.py
+++ b/apps/jumpserver/views/index.py
@@ -1,17 +1,10 @@
 import datetime
-import re
-import time
 
-from django.http import HttpResponseRedirect, JsonResponse
-from django.conf import settings
-from django.views.generic import TemplateView, View
+from django.views.generic import TemplateView
 from django.utils import timezone
 from django.utils.translation import ugettext_lazy as _
 from django.db.models import Count
 from django.shortcuts import redirect
-from rest_framework.views import APIView
-from django.views.decorators.csrf import csrf_exempt
-from django.http import HttpResponse
 
 
 from users.models import User
@@ -19,7 +12,8 @@ from assets.models import Asset
 from terminal.models import Session
 from orgs.utils import current_org
 from common.permissions import PermissionsMixin, IsValidUser
-from common.http import HttpResponseTemporaryRedirect
+
+__all__ = ['IndexView']
 
 
 class IndexView(PermissionsMixin, TemplateView):
@@ -186,58 +180,3 @@ class IndexView(PermissionsMixin, TemplateView):
 
         kwargs.update(context)
         return super(IndexView, self).get_context_data(**kwargs)
-
-
-class LunaView(View):
-    def get(self, request):
-        msg = _("<div>Luna is a separately deployed program, you need to deploy Luna, koko, configure nginx for url distribution,</div> "
-                "</div>If you see this page, prove that you are not accessing the nginx listening port. Good luck.</div>")
-        return HttpResponse(msg)
-
-
-class I18NView(View):
-    def get(self, request, lang):
-        referer_url = request.META.get('HTTP_REFERER', '/')
-        response = HttpResponseRedirect(referer_url)
-        response.set_cookie(settings.LANGUAGE_COOKIE_NAME, lang)
-        return response
-
-
-api_url_pattern = re.compile(r'^/api/(?P<app>\w+)/(?P<version>v\d)/(?P<extra>.*)$')
-
-
-@csrf_exempt
-def redirect_format_api(request, *args, **kwargs):
-    _path, query = request.path, request.GET.urlencode()
-    matched = api_url_pattern.match(_path)
-    if matched:
-        kwargs = matched.groupdict()
-        kwargs["query"] = query
-        _path = '/api/{version}/{app}/{extra}?{query}'.format(**kwargs).rstrip("?")
-        return HttpResponseTemporaryRedirect(_path)
-    else:
-        return JsonResponse({"msg": "Redirect url failed: {}".format(_path)}, status=404)
-
-
-class HealthCheckView(APIView):
-    permission_classes = ()
-
-    def get(self, request):
-        return JsonResponse({"status": 1, "time": int(time.time())})
-
-
-class WsView(APIView):
-    ws_port = settings.CONFIG.HTTP_LISTEN_PORT + 1
-
-    def get(self, request):
-        msg = _("Websocket server run on port: {}, you should proxy it on nginx"
-                .format(self.ws_port))
-        return JsonResponse({"msg": msg})
-
-
-class KokoView(View):
-    def get(self, request):
-        msg = _(
-            "<div>Koko is a separately deployed program, you need to deploy Koko, configure nginx for url distribution,</div> "
-            "</div>If you see this page, prove that you are not accessing the nginx listening port. Good luck.</div>")
-        return HttpResponse(msg)
diff --git a/apps/jumpserver/views/other.py b/apps/jumpserver/views/other.py
new file mode 100644
index 000000000..a1db94e77
--- /dev/null
+++ b/apps/jumpserver/views/other.py
@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+#
+import re
+import time
+
+from django.http import HttpResponseRedirect, JsonResponse
+from django.conf import settings
+from django.views.generic import View
+from django.utils.translation import ugettext_lazy as _
+from rest_framework.views import APIView
+from django.views.decorators.csrf import csrf_exempt
+from django.http import HttpResponse
+
+from common.http import HttpResponseTemporaryRedirect
+
+
+__all__ = [
+    'LunaView', 'I18NView', 'KokoView', 'WsView', 'HealthCheckView',
+    'redirect_format_api'
+]
+
+
+class LunaView(View):
+    def get(self, request):
+        msg = _("<div>Luna is a separately deployed program, you need to deploy Luna, koko, configure nginx for url distribution,</div> "
+                "</div>If you see this page, prove that you are not accessing the nginx listening port. Good luck.</div>")
+        return HttpResponse(msg)
+
+
+class I18NView(View):
+    def get(self, request, lang):
+        referer_url = request.META.get('HTTP_REFERER', '/')
+        response = HttpResponseRedirect(referer_url)
+        response.set_cookie(settings.LANGUAGE_COOKIE_NAME, lang)
+        return response
+
+
+api_url_pattern = re.compile(r'^/api/(?P<app>\w+)/(?P<version>v\d)/(?P<extra>.*)$')
+
+
+@csrf_exempt
+def redirect_format_api(request, *args, **kwargs):
+    _path, query = request.path, request.GET.urlencode()
+    matched = api_url_pattern.match(_path)
+    if matched:
+        kwargs = matched.groupdict()
+        kwargs["query"] = query
+        _path = '/api/{version}/{app}/{extra}?{query}'.format(**kwargs).rstrip("?")
+        return HttpResponseTemporaryRedirect(_path)
+    else:
+        return JsonResponse({"msg": "Redirect url failed: {}".format(_path)}, status=404)
+
+
+class HealthCheckView(APIView):
+    permission_classes = ()
+
+    def get(self, request):
+        return JsonResponse({"status": 1, "time": int(time.time())})
+
+
+class WsView(APIView):
+    ws_port = settings.HTTP_LISTEN_PORT + 1
+
+    def get(self, request):
+        msg = _("Websocket server run on port: {}, you should proxy it on nginx"
+                .format(self.ws_port))
+        return JsonResponse({"msg": msg})
+
+
+class KokoView(View):
+    def get(self, request):
+        msg = _(
+            "<div>Koko is a separately deployed program, you need to deploy Koko, configure nginx for url distribution,</div> "
+            "</div>If you see this page, prove that you are not accessing the nginx listening port. Good luck.</div>")
+        return HttpResponse(msg)
diff --git a/apps/jumpserver/swagger.py b/apps/jumpserver/views/swagger.py
similarity index 98%
rename from apps/jumpserver/swagger.py
rename to apps/jumpserver/views/swagger.py
index b68733b63..4aed12663 100644
--- a/apps/jumpserver/swagger.py
+++ b/apps/jumpserver/views/swagger.py
@@ -50,7 +50,7 @@ class CustomSwaggerAutoSchema(SwaggerAutoSchema):
 
 
 def get_swagger_view(version='v1'):
-    from .urls import api_v1, api_v2
+    from ..urls import api_v1, api_v2
     from django.urls import path, include
     api_v1_patterns = [
         path('api/v1/', include(api_v1))
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index 1c086dd7f5bfea6b0cc81d0d7b64cd28cd50d0db..8db79ed9c6a55e61ca069a6c1dcb58678317ed97 100644
GIT binary patch
delta 25238
zcmb{4Wpozj_V@9L5hNkF6M|cUySo?HQY1it;1Zx%Z=^T{N^rNLMM|JSODRQ4vEmeI
zkr1RsS}27=dA`4UHs{Y->%4qst;y%w`_j2)=8lweZq5w&Y-Yf$N}ipL<Ais1oYuaM
za|<sJm+$I0ZG9Xkq?_YRCGHvJIAicnyoxd19p@zVO?x;_I{Jl1JI)#MC3`zg8uahu
zILR<0rpKI^1j}MDR>2h5sE^}uGEitsA}97YKgS%zap;fdusB}EN|?N_;}pZXSQtM>
z^<RSp@d$?E6D))w{T!zVRxqQHYjhU$^Eggk3a?3M#ku-335Meh3>e@zL3jtX;-{Dv
z-=MB2^+3nThM6!Omc~GAfGM##s$V2(oWAA=)Hsto6g1FcRL4~oZ^U5YuP_7;U`9NR
z8YmI{@EL~T->3`7Jjh*8Zq&|JL*0@#m=t?qRve7FHJ+Iiw8Af}!B?1zcn@kzucNN;
zEvjR-!R{?7hgxuDOog>kJJ1>fus0^hf#xVoO*{#8K?|`9^E(?T=t_fP948-ULEXdZ
z$X#%HBTbyE*c_V-ahw*o%KQtJZ!nYx440x7Z~?WmS5Z543k%>~%#R_%)Q<aKmV&Od
zGPc7`SPOS!5&Rdm@`#V!Ev#zRL+xBM)Gg_N+L2zE76+j&Y$EC*o`YK0LR9<Zn3DOO
zFDYcey{G}tT7w&?0UlcZCFUUx818OuA=E=w8Y8e4>KPb>nqU;F{S?$K+Jd@;2QVXE
zMUNhWKPhCvWFy>rlgBKDnxGbHD_dCpL)2T-3pK$k)WUb7?)gEBPoN&U%cyy7q89i9
zb-_L(*?--eOe5W`%Z9r5c~BEJMr~ay)D?Y*8mNcmN26}dIMl#%Q1AUR)I+u(i{VMD
z{}(lG(oyb0Lq@UxYM6zD?p-0&KqXN3suJoJ)G(W(R^Aac&=7MJt|A_f8ZX~ycjwBW
zE}%AQ{06A4Z;l$Lm&Y26MNK>r)o>PSf(59pU5>iaO_&+?qweV?%!Kz)JL&U@J5GQZ
zVrDjTn-Qp6<0(r)169NF*bFuCG}Nt_jatw?)RldY>UbX2?>c6|N2t$@WbCLG7>>H2
zI;gj(DHcT!YDcyrJM3|GP|$>XP+NTvb+1pOCccJxsP0(&7&XxgEQMLdFbOt6?a(~b
z)~-iAD+f>y@db<TpkB{cUKu3iSa%C^p{}qZY5@%`Zj0%Nd!nv<G-_cJF%8Z@O}G+u
z0lTdJ2x{U}=-nyvk=4J&bj<Grj&m1~4K-kC)IG0<T1ZROgpp=6YT$tukHMV8lTi!Y
zh}!x%RR8^`@s49jyolQI<m1_Ytt>T#te6Y6HC0d(G`D;tYHLTM2Aqj{ikF}!+JV~Y
zZ&1&|dDM<PM(s$FPu=m-q59`WU1+gSx&OMiHA!fT8>1%bidyjy)WBmco{xICR-5}#
z16{KE2dD}Eve<uu+dh?92sM5!)VQrDu>V>>9}?Q)VW=JPptfih>Y1328h9P*ig%(G
zc);>Mq6WT#+PQ}oze0cFpo#94r$*hPP>b_>C}^NksEMngCTxZpC=#{60jRAVY4JSN
zLRO--bQ5aeU8sc|L|xE1)Oc4>xAq|>!MCV+JxM0H4bos?61lJ(Hb$*{5~{;=+=sCk
zh)pNE6Sp;^PzxA@nrI}d|4h_E=b$cR8HV8o4AuL8oI(Q<_wfmqn&J+Wcd9!;5!3=o
zqHaM2)CBcVSMU+m#h$2#cpIwS3CxB+V-0*^afNB@GI1MB%KXj(3c8||7=Rm4593xW
zh~J|gmPe?8{inO_(x4WW33cmoU~(*m8m}TI#hPX#)U9ZRdT66CQ1Ac86m+l0pkAAq
zsD-S>6!;}-pk3&_x2Orup%!oz)&CZ%-BVQmSEzQ*XKuTss0#?eAk2;)6$(*M$Fisa
ztD!p9MJ=F-<=dkc*ag*oxYds{XP`ck7ok3oPNT+uioy6V>H>mhxH}O#gZ<Y;MM$V&
z8PvV4iQ3XOs4eY@8elML>&Bw`%|U%0EJ5}A8nwXVsE6++>KV9;x)8sa?!y>@x`50x
z*?$e3i-ZO!hWccyg_`IiOo{zb1AbzT$D+iOQCGAJHNkPzgcnim|3p3ge_QN3%bhq7
zb-}4T6m+k$qZ;PMd>Dbg*wSo+TIh$E3wxT=url!$)RzB-tuf{2j#D3_P#3lpb!!h{
zYCMh_&vT7}uJ8fsieH*Rv)vWuFvF4e)hUm=u`TjroRcP&#p7qFE!~8=H9Jrjwhy%v
z-&y{s<xgW#z5f@iB4Ca?Krm`S8BjZt7gJ+VOoP=?6SXuuU@7A6sP>Cd&&(I7Te1x`
z-agC!X!(oiegAJ!C`^NgsIAX9*Bzh=YUTAY6*k5%u@m;gpn2|(Tq98vc~JLs8fwA?
zs2x~`TF_?HE!c(H`U99j@Bc|_a0k;9KSo_)z<f7Oi6O*!FawrCP0$cE;D@L!kF<O=
zY9SwETAYCTWL${a!JVjQ=oor5&_fF9@CtP$feYLL)1s~*EBawhi}Rwcs4(hE%Agij
z3pG)D)HuUXJ31cKek1A@?L=MRfd$-uC5~Bxv#1qbM=k6LYGH4!K4_tv&xpFRe3%g{
zpmw6U)we^v4Lwl{pNd-849tuhQP0%(3)z3I<RXcJ_zP;~$ria2q(@yrLDa&UVqWZu
zTHqAav#|iRfDPt0)Hv~|9Xy1(g+HL)mMfSEUwEvLYO(uGry%MXsDhfXCF)9hpgvee
zqF%!Vm;>X@OQ;E6pmr>9iM!S5P+K30dYB7hRxE<La8CmY>d*q!ursP*Z`23S0MsoS
zjOB4OX2W>Y0OwIVa2?hE5o&8+Vs1>a)Sa*>YJm+=<F`lpd7RD^)Nvqct45)=avW-)
zDX0k+V;20<Jc<p7Z=n_%vCMsFi=oCVhq|zu=)HBQTh<lR;UElQerFN|HJp!H*%~Z~
z8&I#+b=18~K;4R`s4EXx?mk>8QSH*8Cdz`^u?SSZvZw{sMD=TIw!t6|iOv-C8udl(
zz(~{%j74>vjOrMRx`HKG6gQ#zT}3VIzWE0AR-|5G4=?IrYl_;*XmbR5bWf&HP>02+
zEssNeKpe&}yoZ`N*-H0!xlE{bb<K9DaeAX3u94<^)Xv12dr=p12(^$CE7^Zt@pTgN
zHhQlFwc<CZt<12>?HGo71`49yl3J)O{}A(IU(ADZt$vTypTQF3Z=-H;hSl!Evaa^H
z1Lr28m4&0Wv^478)wG69P*>On)vgEX6K?=!!%3)xuCe+p7RRG*;XzdY6R3q;L+xOQ
zXN|j}oT#TVA2!E|m<MNI4va%R6X#G5>(6E)YUiGz7Vrwy&i@N{2UDPKK_1kFg`>8<
z0%|8c4Jl}=yQ5a<!2q0z8fY$RrAtr)ZL#=kt3QT%Hcq2<>;`Hf4^ZPhLrv(v)@_#_
zb<6S~7wmD$QpioB5$fR?fSGYRhT>Y(y*`YZ;3{guL@a=RVG_)-j^_aLq3Xw)vrx~}
zaty#Y)B<;7I=%mgC=@4g8PzfQdiUOD#&F_dm>oM<ek3L(o{iel#i%RYfO?B|quT$3
zTG(UM#D7`*8npnw4eSc@JHZsRMQKnKxltV=&<{(Z1}clX_f;?%HbgyKtx!AD8MU>2
zP`AuuevZkASDTwr3y(*SDh^x4X{)$`Ny#T-UVLJ4hK=r(=0NRKQPje!U>Mf6xI1bA
zebM_&p)PPH>ejA6UC5q|?7u3GlF&W6j2iei)C&K><d|%e8>d6n=R)->jw!GPYQV-=
z2-~CDO+<}57j;WEU=uuwDKO)g?7y}w_m}PfWl$@wiT>CE^>(zyS~w8(kbaH2*Jm*q
zK0qz_8S3-EceDGp<UlPXzgY(LFxN)S)81nhy-_P2f!g{R7=iOK5D#Mzp0xO9RJ&WK
zXXPPk!B0^O`U`c1&KCC;1)<`!s0+%0+Cfh_3fkiOsC(HGwZitO2?knzggF+q^2w-$
zEx=%0VeuABN&Gbyz{9A8Jwmnn6Sd<$TfKUmbQJVSlpnRFHBeXjA?iwcpjJ8%^-zsN
zEp!fQ#}=a&ycKni52LR1Hmdz&Y=A!7+_({H0UhyAz5fF#q#_aZl{@iJ)Q*hDlsE%*
z1xrx_uR`t27SsacEk1}^_;Jf$LXCS9HQpaq{|2=a$+vUs^!{g}peqPPt*jJkg1Q)j
zO;H^>qXz7Un%IMBa0;fzB^ZWVPzyed`SHBvUz^$E+z+@a=+VQ_ih`cney9njnTyR$
zsIA?LTEG=l`v+JW19!L!sEoOYn;@U<&LGqdPC|`45A{r}#hiG02m7xTJ|)osGw<Z5
z6C8#$@Fv#6JYVzY8H~n{F-5%lz2Q^T_m0)L2ajSp9Jh;K-Els~;4>_Y(Yw7bgfka6
z64%lno%2z6OmBTMW!URJjK#1BaYNLKN0_To3qFBm@fnuK@O^IF9rac$L*25qm>zea
zo}J@Xe-U+yZg?o@;kb=s@ew}90sGyjyZblp7LP!E6mP@oco8Eo(*gGfiaPia@o@ZH
z_1G1Ae(UbQ35+DJevsz~SEDY><Nuxe=ko~Ex6c?XiKnp~`W<pVU@Bo+;u@F<TVqD-
zkNQby66y+<nH$ZoQP044s4M;neeojtF~4(#f;wJDz1R0qTlfU^I{l4$+5^6KuP_8P
zU>{Vwk*NCdsBu0+y$uUd<84Ci@OIS0yC1XSDNL{T{{aPk06B-<fwQ6pD1=%-B}{|$
zF%&;SUHM4VmB*s)^+wda-h~?Pl-1w2dgq8ceoEB1*|8AwJB27{g{@GpNoUlR3_vYp
z6l&lZR=);y1v@Yd&!C?Ar>KWG$x(N~VW@FRq83~gHGUh*_dt&(7;F_2tYR((l3!_V
zz)Hklp|<)F_Qt<a6L&l2-rM1*2|q#Y$W+wA7ocw077WDws2w_djQ!V@|4Kp~9%2-}
z#KPF=2lq#_X{dJlQ4<_P4R{`P0k=^P?Q_&aTJX5rzB1~b*F&{yhkAH>qjuuc<Lti%
zoMVX<s1Dn(9v;MGnEXd~f$6X?aW2e_jZyW3P|wIH)RoOdO}G)YpnaGW&!BF_71Xoz
z)I%YFLaGz)R%O7d#Nnt8eNZbMf@(LxoQ6q=KSyop0@RMIKux$6)&CF%;R#HES5OO1
zK!5Z+rl5QH40~g;lkP7bLr_<=2v_1}{0f_#ay$B*b_Y&kro}4MhoKhM3H8a?9gE-!
z%!#M5K0Zap^EegHxc_+McN|K^H$OQ}H7tGB{iGX;e#E;_TfPr9z^|x<7dq!|c~#WI
z_93eM0MtTaP**w<v-vpA7%V}&^t=|v{XauNTl*GsV88`;i}Iqjuqf)DmP0)oEieST
zVOosA@i-ZE3xY1XTb&iP)%j857snthi^;JTre=Pp2?ceGR00R!2ds3QBtCOV`@{ot
znMrXO#-raAwwuq=y~yS{*RJwz({J-Nz7G%w++Ym!Am2_L-(UEX8};AfEA7Nh>UK~u
z^0s?r#qPK(tBz^NH$s2xgnD?op>|{dYN5k1Jx()MVh-YXRJ%)92!F+JOp(BEQ&<j_
zk51sa^n=A568UgDYOAkc7(PSQr@!l362}lX!`gTjwZ)kd`AooE7>5rr7?<C3w|uj?
z2a}LLin_p4_t;n6lbcrY$QnL3eeb*VA!atSAZnm8W@Su9TnjZ`W3xT#1E;6OV^RHP
zpcXLKLqQMIdTX%DJdE1fvlibopPRl9+<qab33FH+ZdS5<BeNZ9;_hZ&(-UKbk(i7I
z<4^-mHy5H-y4Ku{J%~@B+LwCheqL0;0>oXh4Nk|-cn7Ou?cZD{n1@~Y`_J$02Sshv
z3O%TSCt5rU^ApcE4_H1C^%43AKfvHe{8a<nqw@1mujfwG1^r-NG;e$5{y(9hiQk|)
z_&;_Zo=m8GJ~P5Bg&MG;S<h@`cEJ$p`=c(zgW8!XsD9hc1IjbMbHWnOP2VT(6@;KV
z6hS>i6;ZdMrP;&sBP@<J*P{CEHjiKk@j2Aa+%|omvN$!&NkLay1hwMQW>r+j`lxp8
zPz&ge`iLElYCjtD;3QPLFHz&|w)k7~q~(7`jdSxU@4q@cBast*{%{A#jaq3j)Id$l
z)>hxa>}C03<|pO^tDkNzG}l^v9O?r0{K5XmQ253gl>F0OKs8KG{sT;kZBegdq&W<=
zu+LBzFbB00E6q)o--&6+e}}q-7c72cv5)7OyOJ!Z0Yc3JW(l*BSqC+7Q;XYRDdI@W
z&qM9xQq*_{P`B_0tG|L;@UN(ad48v$A13u%hZ5OP9gCvwX?ZMz9Z?g{HJ6yHQSCRP
z2Hs)$gBBmN_yXpm{u=6a_WR5GU(q~HVG8QF2(^H97Vkl={3xc!OXlyWc78A1g=awZ
zFM-NewYa&(oh%-Nx&V*G6TNc(W36I^xy~AFK`mgf#Xnm8Wy}A9x~Gq=KIz}?PNYXo
zl*7zt`3TfP%UZq`djI=hLrZkA2GQnF%a6y3bewAO5!98QM7<@yTKpC@L7JCteGan(
zDqq{;=BQg1h2DSv*Pnu(feF@NC91;?^PqXk>aSY-$o$9hNng4BvZ5APz~YLSiMXB_
zY4sys+57*QHC$w_LoH~Bc?NYWezW*B>IyRb<NoxU3sqkTm9JoNE!2gyw0tC{AntAX
zVgGRd)$vmja*nwMbq{w~!@cG)^MZK`b)}C@-`8%O9yM_R)RmXExUt#Z?CGJPiH2BW
zl*LmpnEWi%!j@Tn3u@q<=69&~{WM14Q}jN3Z(Q@?Lh=z7A4T;)WqPh!#XZzSk1c*{
z4U+upc1Vj^sSh(NVR_=VxCm#X299{^PF%sPj>^|Vjo-@RD6GKq=M18t_j|Kd971jB
z87zjkEl%h7c;o!2D{O0aGP`4H@_kV|;z5nG619LGsL%X^sQ!mB6|I~T6!g$sw~9nm
zhesCwW3jJ~+b+b+jB1zLEQT7mvRMl?ZbPeYWp=Up{)(C38ET2~s4JL?>bS)6Yf%$z
zws?=l2T|=#nU}5pmU-WNf_eyFSe(k&9WNt#zyIf<pwHyusL%X%*5DI!8tUFHuy{S{
zN_Sek4>iFLs4c%``RAsupPLUs^~;6Xv7n!i$J?<ki7X^KTZ55Uh<F@&uN?L5c#qW|
zw)_dyLwN;5@ww&G`MV3wiJGvuSq}AVR7EW`(%<7w5JN&&Fc!6?i%=ccn42uW9kmnt
zEPn#Euyd&XH&B1wdSSl8l*Dha2nGeXR>bDSy*w23o6LT!fqqGRobFf$wZhG)g?wxA
zQPht7j9N&d<zHBwJkYJrV&=!pv@3=B9B7Pv@gC}}^R!OtPSD33Y>qI;nv>0$Se=gZ
zPz$+i`2>r9v-qXOPBOP$FzQ0Gm^rbO-qHe==z#jf>xLS5km)g}qXt-r+L;xodl`qh
z@dB#fOH{ig$=!CrIE^?ATjQ6g&jG&_x^=vNf!+ciI;ht#J8FQUr~%8EHBl2cMQv$U
z%a6AFREw9Qo`sF5aSmC0-0E*z{s|`2`~QN1?xjzVYiiWJ$!V5FP5c3B;Lhf7%g;tF
z^b6F(yWQM}TEG$WB&ywc^Co&U@FNP|1q8bdQloxj3AMN`YT%ZrpN2bHzK0ou8fUD<
zbIg_I7IQDAqTMm`N-*!gR`h^`26%yb?~|u=?@?(~hw^3v)I!>$o|PypgM%%<5!HSN
z=EcJnKSW*7Yt(#sLwvly>XiuL{nr-NAt66NHE3yZq}da-!2aeqb1rJ<)|<O5e++dC
zucB_*Q!{xgH_mNV@=(x(txywmv3Q6%4z;kEsE_D*s2%vmJZ7FXuc4mqyXf6n)aS|z
z)JJ=T)NZ~LYCcaN3c3OhYNaz#AEoOpK8kAiD{3KsqOR-}YJya0+<bO352}4()UBvu
zaTC;A(*+ygD5Sr~IqDXi^X5(S5o(}+Pzy|%){R3^6BjqDpcd8;t73DDXIuS3b1iD;
z;w;{eN%a07r=V{lKcOc2-F$<ZC^(&K7BfF;!crDjw78zx#B6PLKwU^T)Cbit)VPbK
z-v9O1U?*w;$50EpZ24!F4@~dgqKv2kieXx;jOy16b!#F~pNzv$?G~bL?OKZupxU26
z@Av;}6g1&|Ga!R|g*nXvsDX-_mCX89-`e61s4MMd@n~}@YGL!OezWDj&A|JwhwUT@
zt@t<8%2H-@Ck#cs$AwW_-pp)^x|f~IXmhYR8nxg_s0GbI^<Rg2D7RStKt|qw4Rn@-
zI$T42!re#Z|FHaP)IyVGa@!R^4OkjAK_zU9O;8^+>oFJpgc|1=YW#oA6q()rnLHHK
zAcrLiqV82Oi|eC0HbqU;0kx0;7SFW$Rj8fYidxtKi;q}*5jD<riyv6*d1{4!%@kSO
zi87gm%_?Ryvm5FIWf*F~OU#|91)f4J=y&st8JyK^pB-7K$0<W$JPj+OR(Q}ng}UOa
zs4IGe+NtNLf#0G&`$PDnzWUWcwQqs?9?~7Pu+LEs-$v9p-=f+d^~(Eq-WuFAU!WQW
zXLn6!W<@O^m&M_z2}@eOj^&%0ZBP?+G<%yLn-iqo|Jf8Y&~kITc~}j|Uq=0qnP5IK
z|1pz<x;v5@wZNR{eQPXkX0|t@P#4%AJ^DF(s3qp0CR}W;H+P~I_?^WUEWTwvw|vqZ
z?n2U|Cdi8#FWmCwEv|32&SBsGyOPko8ekPuP!rCx{06K={GHVYhPe}^Lrsv!;^L@@
ztE0xNhdnXU;^XFRRKM3@9(T)<<#ZEiQ3HfooZl>kT2OV1Tbhw(KXW98({3{AR_wI=
z0o1rBEIx+;#J_s1;;#8S>RvxXt?(`CX%EWfUQssGz@<_3RZ#;svbcrCol!pr^su-$
z>KBng7LPSOldUilHQ+qd>#`dCaku5aLG8eg<_**qKQ)u*cKhcxi=o<AHk+ar+STG-
z$b24WGzASb)lE37t-&^IL;jG(S@XC97D4`8>{Pe7WL|gTI;fp#VQ~l4guN^tXntZ&
z^UC|Tz!G1W+sy;!3DnkILEVabsDb~s`nQ;kI4GaHkb-6zv!>Y;)vtra-K5_CffV%J
z?-OgV0`*N~9qOCN8S_unPG!jNS`;;LJ=Cp>LT&jV)Pg6Veyg5?`mVRt>c2&ee-6F>
z`@h!|a*zlv;C^;TpsutLYT%Dh9imYSnr-n;tV4VQ%VXYxKHh&b(g}6z7T`R5V)3Lx
z?!tdD|1QM)uLh|LyDMCe`b^)A`fJt`)Xs#4`#7_)8V<&Ds2^DBMz~kp)f|f2p(z%x
zLS4vC%z%fn9$v%Rn70V;zkaOlUBrEOVo_JT6t$HbE#7Y)N8Q6q7T>`B#1HW>wlC`5
zlAOidKUP)2aPs|8JGBH$<85q(nLWjQy#M>1{-~YUj4iQN2_OB><DG@r4qxMk*t(><
zGhbmN;$N^WhL`g3{*8Eoc@VYGH>eBoFYV*~ujLt0zvPCSo+=d7uqo=w+nC+VfmZ(s
z>Jw`M>VsvP<!7Qku;y935;fs^)a$qxN8n-9pI)n#ap!A<)O(y3Zo%n*>e#~?jIjJz
z%TGi7V6hB!PxqTAQ47D0>i@vvH&&m#tb0qcpz6z_#%X{-`uRVaf<Ezvq8_U0=)D4O
z1Fpb4W?n$O1-C2?DCaI9jhVv?M~ze7;zky?Lp`K@l-K(|!4k8r!6sFZ{|5Ec{%G+n
z^D$}%URxYg-ff>5wdMKDVpxs10_qlz#1=RXwXlomQN?|0@B}sS3v1wC!JQ~0CMBOA
zH9;}dvrqx`!BP!B!Dd(v&zQ+7y5rR_o1hl{5o!T_D)RnUpy08@9@GRUt>Gmz5p|1R
zSR7o*ZI>N2V1BbK>Vv2*>O#hvGf<x=i&38^KUn@@CEkAx@HYufkhHQJhnhuD3#x)z
zaXr*eOzlw<47dD5tVz5OwWHTj{qCUNmPe@ee^~x4s$DWq6}KXlnH^P8$SiJ_Gpm|)
zPz(P6`(OvuLv<Xr(Azj1|3W=u1FE_Ud4gKlGt`1S|59j3Aw@NJ;x<@}xFhDpnOGQi
zqCS9b;^$bYx{q@dPhkg~SHt~ieTJ2YE7x=<9D#bPK0)1rMW_WHbMqeOswG~awkmlo
zcV#J2JCPML`0!&lRwXW9+x>(bj%t4jwXn0OD~qV(S{5}?b+aYvihH1TE(Z0#KXX2%
zppMz=x()K9;!>yys-PB9!|Lm!e(i3J8mJd)q7leCy`OSdai1?=I0l+3S7N|VG$==A
ze!Q9%8&NlHv(iL75Kb@7W3)bDJx0=UBj>-~_U@Oy)_XbONZS8E9E#V7*#V~t@$T5q
z>!$TACfY?dB^G*b4X@uTyJPYnQ|NV-GYNGiEm@OzJ$;{8`xW>dvF`2x>i$99`Q=vM
zlDa=AkEQN_{+Zlo1fN^wzf|g&VcsQQm<`xUuAXmfvw9gk83`{F&ZNqp@<GafQ$B;E
z>6V7vTH=2hUq=^mNyyE#A=6PlMmgB()#e%PFLNd#mlqFn>I3545ly}<!7g9^<Mc}#
zNR`d4yxa!+la6(mpuTr&(_8IhY6nryMol)guzXt^e=hN6^4mC@Sx&U4eLl`{)W2ek
zKRKtqSO3<=`P*_kh%Zsz#5f!trzIV#Gl1UIOeFOKaWrQG@>yxDH*^SRKjKtwC#M{a
zpzb31ah!7~zrwY+5Ot(t%<|UW&G5%n#`y1pmnM?T2Q(ardl{ex9m9xyIdgO7B;H4U
z2K6P0&ten<U8LNLa|EZ3)uzh4KTZeQbhTV+n|LDm?P|cWi(DYz_nf~t^}R>0^jDNW
zrs8+XBRO?Muz>xT%LeH|oAB758l>&p(=v0s?c9G1*pJ#R#6zh23V*|ou{!?B`4Q#s
zSynkl?ML}G?H_P<Aa}r)Tb{c9ly8!sLK_{WVw*Kg>v=?}G_?=#2&2W);$Q2vkXXla
za*fGlAihJ)kIYU6;z3qFhw>CFXQ!-BsLsSsa5rtUbLv>-;!Lo3o-dEfPnL|PV@E0~
zU^#NBS(FYR;tW=fVbG+snTlI%kfX>?JKm!N`NFi<5BNnnn{%cl)^VIR{OsTiBR<Lb
zfVO&E9glU^=VSxQi>c%%SLe33ff{k=$fY3ejXLym`6$XB&TX_kh}&@%r;dKaZ>+4J
zPILs){}=LED1V5jm1KVBGz}kOMjA9wlH&ur;^#E1O1=j<ezD*`=<*Pd(@_)mP}i7p
z9@;m;<5m|(IfX5NqW4%z+vGOxyIgGN50ZLH(CIOaTUm!9G~CWPomT0o)AvXnZ7H|n
z{F`<+QAZ_=r0p&1dxx@qIiHW$t&Q5fc(2@&GXJ#4`>k<@_8<!#s#t>+8o-XL49d4w
zXSEHkbPmq6wCTgyigHfXV`s)#&lnNpD^sq-S(Ngh)ZarLv7F5)Pp92o%J(U+*F9)M
zLO)}@e=MTo@0>mi6idV6RQ^P}&&j3byk(7psozBW?ntCOl;G@pxmC7+M&xqQUI)KT
zIo&DO&;!`alDVkZ;H~D$@KYu{&-sEjI$pXs>1nTDd%IAVk8_DlP#mjLw~O}QQSQb$
zjq?eoj!v{4Wo0+R{{L<XA9DkZHZVXa23xDIsY^<nj{HVEfq6L#kUv6viSiB3tac&4
z&~E^F9f`EDq1^;uUs1Qsjr0!i6w@LNXKKoMZIFr#*p6Hw&f+%MSp1N@j^^Y8ICY#t
zeslF6eXV~7+(RxYbp<H@LHRNL9}yS9@>s)<`4<vABxp#3FDQS<Fz4N|ykDn~kLIk#
zAUiGJgZ4d$V~7t@ZbrW_+`_q#wykj;b%i)@QPxp~JU^5=J?W>PTqko5)cqgBsiPDP
zYvb<>)(M-EPe$%F<pnm#U2<W>H5udtt|8`+5ze=q3A7nOt|ezZ%AFbKQ@n=n4u1Lc
z9!W4cb?*L?8bc6B!_AayU|r6`<TBE5BWFkAG1QeMr=y9Bvlr`8zl`%+>eA8fXL7f#
zUPQ839m}YnMty$To}|2tshrMKoKr2w7gR*hU?*o)&Nv!XAa@2=63?fcn|6tu{^UwA
z@bK82%`<xHP<x#04ze9+)s=E?$~!r05?3VdPx(CMiIn?r>R3j<zMK!qKfqa>`jznl
z@pRf>r(BR(zM$L=J8_Pu&DWedzQNOewvA~m*_Fnv8Q=$E{XSZZ_yf-R<Qm~q?8QKt
zGyr8CS2z#RzA*LKIPX*b3w>#~nKp^UvuX1Uxg5l`$=}C&oTq%bjqNoG$6gxhs6vBb
zG}aF#{1)jwCh&DKxl#BMpK|I5r%w*rXD7Zu{MMW0CB}2sca62}Nn1b8<(BV`Z}q+K
zM@zh+ywb{*t<w^6y_vwDd_3no&fDaYGeM-a)tvfGOvhTznw-g~^W$tn+trLUopM&n
zwK=2IkmDdZ?_+#`!elC@VM!Y2QX|R}aSsh!b6%kwf+5rg;(Dx3?jsgAiMCCM-yLVj
zPbIhiz1&oCI{qg2Gj;K97(2giaD5-*FwP3rek<ivoY`peGr8=T6PI8f&LYfN4c{Fx
zw2h~JOKh@MSv{ASX%<zR$b3Y3DC+nU%eY1F|1f60tth}uYjyAVo>6De=Q1{8#vsnQ
z#G&}^$YFh*cWOt!Blv($ztZYD9bRzO<?KhtljL_$AAnKB!IXDW?oGXpk1#KG@kZ{K
zHq`$~agya)(dG^1aEn(GH({&^jMc<Pzx{CR;~YT6S<bH+pd;!yhM(bJa`ou+6YBUl
zHnMeE&mY!mC7BRv>Juk0?5~tNTgz{$tHP<{8o6JouVwv|`-NN<Vn5E~oO!5Uha)&U
zai-#YcSKS*ocJ+`+WIv3$tthgWItHTcEkZJw>}-du-r}jp7xooPeUxoIg2wV?FM2;
z`c$A@2F_lbM>xw;mxH>Z)Rkb|2+ktp3+aEnzm1AgG?>e&Bb2iYxxO^g(U5#q>_X=|
z<Z|OERP&Gd@*Ee_{@wA6av$>fNCa8Fg;iE0f7f!Q8Doq-4ZfkWkvfn#!g-H!YEB)y
zt#KJ9O=;!Sw0TMWDtvbgCcbI)Z_K^sD{EJjHs?4SGuFGq`)Sacq>hQ!A&DD0zQoO}
z^I?2SyF=FIy)nG4zqB!4({3Y~^R&|+rP2_8#@U-w$5HFwmI223@>iEns2F0MyJ4N!
zmu<6p`qDJq<`_)*OIoe9u6eN{bqmOkC7=IYZ*pykV~H12cZgHRX4;SA+`y@$p^dwp
zcIn9-#e$qYIA2hIOs{kn26}hQvyPvV$VUD*8tRzIxrg!si+?08LVYsgJh*`KwABrv
z+)kZ1I&$V`5f{nLrhWzfZ0#!JR$snDWhVI>4Zr7{zyh9gcBk?m&JS%tC$KT?`g2aQ
z+%T1CvxxH!r;bwObTlCTB)0E|89im0{t=O{)$FIdj&e7Pz0GaJO$2p0CsUWgMpS(Z
z;sKl~8S7iie{OxM+BlueQ1bb#u7#iX9pf#b@)_q`jm8mdjZ4SoY@gASi70_H7iSx~
zwzuwjWV?IY|KFE$)TLnw#aW7ubS~bn-K<=U`UY12f#rUDcR9=vPq`Q4RO1}2Po_*X
z-cN;&p;Ufk<v)mnC@-R6R!$w)usLnkxS{voNnNnI!{qufRy*ojVn*U6^!KA&+1iW0
zbke36`4!CX)FN2N`R-_H<xlBc-I7OfDREOe#Zg}pzhdHoR$q;}*|v}jlv`8({t-f-
z-^eE={|~-9Zs?OKIf)rqhXH1CHnoBBm@(8n<kT_G#ryRvx%Tf3reqd!i?FUOAUiH4
zH~hVJC%wJ-Es60xt!R+h2CrciU1@xQ+<07r?KvyZt_<pELwO&af3QKTk#E6Skz5zf
z%bevnzjT{BKT=Mx@<qx)w0(^QeBb+iJe0w@le}e<T%p{YiKbY5iU9^uK1I8XmeZJ}
zX;%+Za(+hn9zLSYFO*l&uBrDAk+aEMeXmy>@eNv(U<Mrph?7&_6Tc=tgz2acv3h^%
zJjD4q$5THZcau9qyFl8^A=VK^?h3gloWtCdzJ@xr_}Y`RD~<0f#W9-3Tj`i7?r_He
zKK@}Gv5&r~9vGHf#jx0)ZltZ|Ek*UH5Y{s$W<Z6aMTZR=R;1UEz5@nF4H_CXs7Pdy
zuKoLl|L?jks*4NlyeVVc{b5J_<Gvqt%{M%<U$?O4Q3Lu!4i6g~(|=H8kEpP&{rh!~
z?lELgWK4Abeqnv1dr*q%78cV#Za)9&BKSY;`a}<oiQ6`&s9)Tp@m+jlJ5J1!C%Rvc
zu$Z1vVcnv-M-J%|^Pi^CgTwmuj|q$H)2IKiIM2ki0kM0hWli#N*FHnKMa9jV9^mH}
zH7F`>;mo4`nY=lte!p%}AM>?)f4=mL8WbH9cP4gfU|grgnSJ7BEji~CH+5NuWU2pa
z-QM-wS@+r}uFA%TeuW1QX8D7|BC3S7j2hH8x?f};m0SF;i;T^;WntR?aq+SHwq%XF
zwWV}G!S0dKeTEE*st{JaYuElm`o)Ar_Zu47C%T){GHP&4*netAj*d;eBQDvHu3e)B
z5AHssPu%_;Ws}F1Igl<eC41jjo9*s$Z1p4aQx5vCeUCeHq*SWpB_fKI3@cu|LaEYm
zDK8cF4c7g>J9Adznmv#AEt>yxF`tS_{y#nqv7w#AW2;?D64&xd`SfusAC>lxyZ^^N
z-<%1vrzh;6n=pQ6!sZ1D<JRAw@LA&iEeY}4?;RMMxNdL4<ZW@wo>%lq;npTho_}v;
z+)sbq@QuCjGIQL8mo0r`%e+pP^Uki%5+;njw`Ett<Q4Z9uDQQ=!M!bO-XAco_3KRj
zSrTT=NZdEZxwCKVon4C(r%ZO#Z~BCUS)1bP`1oY-OLFhP!uyk^$G7+QDea%tt#J}}
ztV-B7*ST|G<=wGcoy5KC?oK%nzci^&wZQm0AwHRX;?t$}3G|Jxk=Ez;q^aM(6z^i=
zBeMCt@`;}q>a)r({La2b_qHxg+_Exp)<iuaiF+p}Zrb{P@%t;DpFfw+^3eA)PU7Zy
ziTr<kCG6YdaG&n%SrdOVmrucfya{W*y0_zt3Sswlti3xq{_gx0cjr!a?(Up+Z|mH5
zRU=2w_bcGDG|0`~ojfaH>hk#I1$-(bjn7uxCnzu|;q(1>_S%-s&solAOzOou?#|ox
O{`JH!FXvMu<o^L3U;ZKh

delta 25390
zcmcKCcX(Ar+wbwULlP1?3B88UTj;&_CcO&?Ap{5|kpNNzHcfgDy%zzICIko|phy)2
zMT#JTf>fyjDpk+-x7Y3a@V@6<=Q{tKbvb<IzGv3VtXXT91fFO5%z$e%17=nAw)1nG
zV%;3)yyH0Ix;st>kK=TVa-1o|+j}_9Xsj0PIG6DNo}ztmPsho?dA)l(&UfTT_HmpL
zY}VItf-w>^VqXlzF_;=BVM?5jnQ(Pq$Lr*wvWJAcjJfd*`eV+1j#CQ5u`0H~k~kZS
z;#a8i9%5lk*WYn+VP!0W9WesOn~BJ^IoB~i){phNEAAKTI2TELfLF13oa3azi1*zU
zSHV!?2B<6QggLM~W<W0{$GMmWmtsoXh#Du!Jd7IW3~HR4|DJf?63;L-4X-dQ1`lwY
z%$OB5P$^7?)iDffqqaN>wV?i}t(}6pC95z9cVKqhkGeINPz&@vvJS5>oP>Y8yQKwD
z12#gP*b{Y2#-grtBBsNcs2x~|0k{)W;OFL1Oiz3UbwR%(kD2onxlpguZlL27AkhPL
z52qr#@9aeWbMg;zoL0C9TjPDR=3qBJ7b}pzjaoqN58SQIkJ_nXSO`mELF|a?HwN=C
zzcZ0aM-m&bE+!k|J~RzcD<6W|!pY_w)YdIQ-IDdF9od0;c=ur_{)D=fk5N1KH)`T!
zL*4U&F%9!OnW$vK{HTGeT8D<H0oqzV3iA=ip|*G~>S0@f#c>PjS@;RHuv@79Pf@oj
z%P{v=7RJoP_0X$_p$nC4I1qJ@W|+%S6Kp{}t@|y181oaKLrw4!weZ}--GvoJ#pO{u
zR~t1?6Vw7DQ5W2IIQy@AG?s+6a02QXn1PybH)`v?KwZ&c)Iet}e;aj+?xP0&8}<4R
z`p~_Qf>@Hc0;;_?YTS6#4i5W}{nr(bC!qz*wT??s_i7#L7Hl&2qE>z!HPFxIEnH3f
z05#sM5$?{dL_G^zQ5SLuHP3O>E%?q$MFZZk4*#H5>Oa!$m<BabCe)VZL|t)V%!*Y|
z_qHu&!Jeoc^`gcZXHGX4n5#_hMk=~TJ5d82z)JWnYU1Eg_STA8d1cfU)<&Jz3Uyv5
z%!d6??;{gY3;Yzdki!^(r?CXSL3YIJ6z3Lbt4pIMtccq38mN2T6gBa?sC(Ak;{K?K
z24j6(h}xN-Q9JrO>RAaI?cR!9sJJ-lmelb{r}k8|b$wA+HXb$cTvWUYb*0--3)zby
z_!VlR^QZ;iN4391y=wf%xI2^H3`ez>LA_&E!7R-0w4kB^V^H^a1Zn}3P$$eYm!Sq;
zYw-@uL%a{Qz^kaOzKuHnchq=)V;M{_*4^Ris9RPKz1gX>qoOT|M@=vRm7j;&(ru^#
z525d=MNM=EwWUu`_daNxyCZo~J5m`nUPILR?NJxn19dBhjN|@mE5?%0L<>+W-hdi-
zr^P2x1O0${sBW3gcz3{TsPl@WCaz?0162RkW`EQ?6H((Y8qfY~C0j}O?k#F-zCt~W
zXHn0<kEnrvLtXiE)P#N?x%o7xfpef18ewrY^e1kP+JQExTNP<>A1@URGz2yAIMjr5
zQ3HL9T3{k-iw{_Q3AK<LsDU4%27ZNFi2nrlf-<4T%Z0kd5g3TIQ5WQGL`4f|kLnnO
zns^{q#IdL=_#6ZAOWcRYP&+n$qPu`;<|5QW)}bcciaP%gYQe`*7xX=b>GgkwN-h$A
zV`I!YiH}U|jT)%qWOsn>s0H*wtvnVr!3fj^%)$n^6!q}lK=so%*&L7tYhzK1W3eXl
zJ5#A>qHi!cp2q;Zf_gZA#lrX;_0WV*bqB79>Q^7Nuy;_mur;Q@9;or+P~#6VM`I!4
z$(UBJ|Ls(KZzvc|d>)Hom1*u<W^dFjS%7-OS%;c<Kc>V(s0qGB-TRBEiGM>a><Q}p
z7pQ(g)7|saqgNd>Q&Gp<m>LUUDlBW(LY>$Q)vrD3y!TKG=xO<Q)B=a0`p>fVMdn&8
zOMV;X!CTYWe@zrL!<{%I>I(9r9>#L0iRz*HHAUU?cTrm%i`r^0rp76#om_}IZzJmU
zpNKl|6l#IjP!Hwv8SK9vjyEK9CD~@WPiX<v6_i8`TnRNm1JpZUC)7j(F%3>Y4LA==
z;9}H;oIs8H6KbA2sD1&n+<8)XsVI>FHDOlNm4>74aS05@a##Rspda=$V^9n1hv7Kf
zT!z(%zeH{I-`EbrX7iOEhoCOVdytCm>3K|#KcNPEh`O@Zs4Go5$2Avffu+pqsF!aO
z+=G2^IOa>>rHm_37q%aDK}S&+{EZuXoikKQkoW<0&yvq|Pe_YeKo-;v6htks6oz0O
z)WGe`u2`11H>&?K)U&Z3bqltm#yep7Q@%X+{~{F)bOVdx1JqV$o#zfv6Sd+dm=0Uu
zCXB>bOf%p8$~6)-(HPVYO-D_*7<J_vPz&0M+VQ=ZTCe|uR5IbWs1CO<BmRzBSn>sK
zoDS0x7eMtdkD8z<YQWB@9gMPkU(`Z|V<=8Uy)!OB?O+mm_0XK4qJbWuPI!&FlHi5z
zfEiI&kQ0+(UW*H&7F-<l%v3}ztUhX@E~s&ap?35mRR2w=Ta>hr*T1gtpe0UNhjXYE
z{)}4K6V$>yi`)Uypz>K!S5^o!V^!2nw6XS1sHeXVYT?sR3!8;manmC9Uk}w$5?aVb
zER5GsD^I!Dogg#n3W}l@)(Z1uG-@GJQP0L=)B-k|+fn1}LG9oX)Ga)TdUag(QprN)
zg&DHM{m?0jdIoBu9=>*{i94aLI2QGWG8XmnTY<UpfO!=)(ch?@OS9D7^6aQvkRLU!
zw<MM9RLY@tpe5>rcTpXCp*qH+ws;8Y4QM9n9?ro^xD<2X1=KiCQ9JS)HBRbf?oMaH
zyu?M2dA&|EDq3kD)I`HkCwfsQ&O&Y764chNLfx`YQ2q8|HauzG!p6j&<?ce?LA@%P
zqsD8Gx|Q8Al|KI`Q_<GWN8QT}m;raA7Iq4?BUexh{0+<CBh<ioSGf1MDC*W!K<z*i
z)I-+>)vp6;o^Gg}8;B{rR7O(K$|j>uoNF#aO}q~E@=8SQ#6i?f97COV8g<?!)CF9}
z68JmnygV!2g_SVtpl)S*^lB^OsOTY_kJ{3$=9j1)ID<Oj8fxobpx!r9u5y0~6@i+#
zIY!`nsD9JU6{vBxp`Nva=9N|KzqaND3F%qwUP&-&At9(M&TAG%ZE*?Ig6p8RvNLK2
zdZM0%IMl0W3Tn$&VnIyAe0bT~oi$#!L#8$S07^q))IIKuT2Lfv;21L=wWS}TUe}XR
z{pO*ra2cxqX4E_3F3f?aPz(Ld+Mikc#!E%_F!{&s03oP_grl~wE&5|G)I-@1Tj3bY
zhvzUizCb+_S=YMHOqf|5wS$#W3#f_e*BG^f-j-B!1$|Ig7LVHc(WtGQjq11wb%jST
z0MDZax{O-rb<{Y|EPie6Y1X;VMn=?*<wGr`Br=}YsZ2!^Hby-}oly6z59*3XVqTns
zdU$qWR{S1w;eFJ-PPyKlAP;Js;#df)VjxE2yV%d#kNM>OU!W2|!%fu6?x80B1506w
zPuu~kqV8!EEQZ}NC(g9|W(*=ejM~Xls2#hEdiC5x^-s3JT~HnjV1B2NB_c4GxE%Up
z4b;xmwR~IDLc3xzj7D8q4C;O2eGJBtsAp;-YRl)Kc62%FR&6s6p*NVsc`ABG`xy&k
z=%?;L)lgT`z~Z)MSIfs>5bZ-SKaRF|9qP)rqHe_(sD+-!Fg$PZpPzF7wW2p9bVAyV
z?iJ@o-Q$v|D{E}|_Ndo?Z`8mePz#)jDR7a+A6xr&)D9lRl=wYrysKCQ?`>rNHBhEa
z?!fs`_oxy!$M&cb*Q2&D5mVt&)Pm2VZq=`-SIHf$i=NHy!&)D8@4KURdN`)W@u>HO
zIbJHsscc0pB*{FAdaBQ(Cc0<&SEwCGvBll`T&VL4Vk#_QaaC)ti+X07q88d3wU7>|
z3-flTqI(l-iNUBV8H3uo#i*^_i0Zcsb<g)(eAGOJ>UR#c;Ga<odxWX+FN*`Vx)+)n
z3+eTrgNjyG57n_TYO6b#eNk^jqflG92z8~~P*-vQwb0|JXXz4Zq4!Wb^#rw(fuFgz
zHV5j;D`R@*cj{AVOrnD?;W%qh3)qQI@i?Z#ecRlLPob{#M@)k^Q5WzGHSi164h3v?
z7nlYWXF)AIkL4pUonHSHsc67P)}ak*Cn8bzE)I1CgE0iBq6S=!X>mQOe-dh;M^HO+
z0YmT?Opi}73<DC~1s6bXK@vr&sG+qv2=z`k4}I_bsHgP^YQpR06Vq>p+a7}DXfJ`9
zFdD;g2xh>=s2$si+<WK14)#9}mD?n=kl>yC(14{d24`Yze1UpdRo%t+KOBQYF>jLl
z8L$-f8Sy#p#h=kP;ch<4iMQe)Otr`T5pN9gJUW~Au>YS@>C9OLF!|^18&3r4p=*c{
z7=>E#9P@M3f^T32OtsJb7F-t<k3v2DyHL000A|E*P|wJ9Yk%maqKD^C)HCo3$6(-o
zK7eo%hT^CL?$*vhz11GaTKLc``30YN#PL`fS7K*8i?gxhms|vXh1!V%2YJ5GyM#(N
zDsNC%_}*9UuhS>uyTqrl3>H4*{ywk^>Y<#ETG&$5Gx8Z`#;;M&&NbAPJ~#ajyKy?y
zGmr!Q_4+SL#g9ZuOonApCsshcj_aVdvN7uA(+c%;cST)c3~IomsD9_I{R(QF+vt1x
zQR4+1ad$curqk;`GnMQ#6hhsjx~O~qE^6Sxr~$^K7BC<6vRZ?=a2M*z&!evV0qUOn
zA9cqIL5)`km9K*uw<V@xey1CiBG@1G3@k*w%+{c;AQ82IFD!oswcu+QhHp?$d#+>d
z!&?Tmz^174yP+1?4>j(1%g;rx23~0m+pXa%Oiuo^c>${uUqx+w_T&6*3Fb#lJRALS
z9csdjs4GoE?dTEI6<<b;`x|OUo*ZZYb;YT_c2CHH(ZmI?C{DvtxEs~)H`D}wpa%4u
zaCash>LCqBJ(TS*1@=L`BMwGg=mgZmx)8M!+fK0m8t|YcPN7b?f(`K@24jVj?gDFJ
zQR3#97e7R`uRv}22Go`9LrwStYC(4~2;ZP?Mc_B?vy;n9C4fXV)K=BO8rTta!Xng4
zSEKrEH+N$o@d4D99zpHMDb$2Nq0WDdsqh7+#K2STf<sWZ%$tLX?qMG6i{&vNu0~za
zF<gZ|;x-&{+C4GiTX*0xW=*V4dsEcHreP&azz95rdGIwh!d&0^#`8M8sqmkZ?F|3?
z0`Fl>?Eby`4z~vNzHk$@<#$m7q(18|ygh2m`=NGlBC7u~)IwIFuJjYk;o&_WOB0_s
zr-gC<-%!!k7CZ0$C{-GDPg|k3urq3cXw<VY8q?xz48>JA4tJt%L8S}sRyRbA(*`yE
zd#GE{15@AtOt07f2r4>ph7!08o3hfalK9OJdY|M6kBgj)Cozn-%#xSfoojiSFRJtp
z|A}9<(LVeNzZb%1$j65><SOqSw3qvtznsKBe&HW0kbiugadky&e|1;13qyzxqPFZD
z>Y=%W+KHQ}1wO=#=-hD4gt-Zeq58dpMX)Uv!_in0H(UNH<|Gcj$#oT=Qt+m`#mz8`
zI0n^WiunnSCO(Swu)!^NYp3IJ;suz9-EO-t(+qdqtqwO!U?A;PQ5RUp^6l=huWE?0
zL?3gAIo_OYE=Tp>Xl_T{<2}}X$ovlVMsvmDKT+o;yX!6>1?m~f>7}BFqPSTZwY3c_
z?qc>ahoDXzZ}D7<SDD)^f6zRQn)tGL-MnjhA5#gY!(XU{cz$zDgW9U>W(4*ku7&Eq
z0rO!Z7Q&0z9zFNC4cHND;9m2kS^2)3AC9~~c%8jew8CeofnQl1@WB0wmC7uO>em_d
zu^WX=aV%EG?<}A4q5HBdf~m+?H=CFp%xDbMTV6aBy^e>O(=j#iDqja)hUPAFKWgB^
z<{9&<c@K4qo}(@(=#jfaAqja3hI+MEZOLeaQRY<CB`vf#3H9_GM%{xe=3~nzd+g?O
zm?co-)i#@BTH?;Aar>E5AG6=;_$dkPWfE$M2h8KB6Te6GyN+7GBTR;Vzq|bdQ8zyw
zs$V(Oc(pBVWVW+>6l$D4`bQZ$VI+w>IK?_{LalTUYM_he&(?m+d}?{;iQ6x^nFcj(
zMl;+jVeM5>7f{DbWe}AH)?uIdHHMJCfGO}U2H`W*>+y{l`qZ7cFlxe*s2!|kHn4n4
z3?cs>>Q)Z0*gM4%%TO!Yg&JV5dDuK{UNo<xcILjtPq8fV8_Sn|=I&@E)Oejxw=x=a
z-e6?GUS|Xqt!y&tTjWxUccV@`iMqGvu{^#+4N&S2*NSEhRR8*@ooHeCE*AH&cmNil
zeJI8<zq7(Rr1{fbNOsf!5vUbc!Hn3%j6^MX2x`GoQ2p0gKGEW%=2_H&f3f(s`Am7{
zcRYW&9fD8;rA1Ag!{TDrUdi$`QTMQgwa1{Y`~%cPqs@typMe^8q2<?NCgM%#)d`2J
z!wK^TRQ?85!Fv`LeC}R(1nSjM%i?aR2?km`+Dx$gI*Sug3q6Y3(eIwK|JuS^*1_+E
zJ5WY5+$@3G@~Rd$H#=KC#^MncPquiexdF3q{x0)d)OdGZ*z5n5bqsoG3qUO_+^mke
zCGT3?2X!SAP+xavS^GlEe`4`=)Xscm`EM~L@g>XO^it8lPfWj8ZXANT1>vXx3Y+E4
zI%W&hm2@%RH^*7~eAJb%v3Q^PwduV;MHBsMiQg>#3-zh<H)?^YUc3Erpca(ZENNCV
z8)I?W+oQ()$ef0Yh!ZR>{>C?s*D32(oLZ<8nxQ6aYjL!-_cMoKcG@SHtFaRC0bGpF
zQ437?+Z}JExgM3@f*SvGU(EeKNu@H0i>RkE^dGllVbs=^$CB8{;^7ugM=kh(dBpq%
z)001o`b@cr8Yj8q@hu=5>YcVA`d<G<siY%O8ud`sQ3Ezbt+<WFk(igbx8<jy`Y*!f
zxCZrc{uGN~4v%|&1G5ck+(@%G`hMRYXB~!_6Rbmm#fvRokGirgsENO{{0Y=T&scob
z;+v>`Pt4cW9_Z&TB(<N%>swI<5_(FrTSHmYfK|+fSdh3a>a$>^<yV_qQTKG8#owT=
z^peHDpvHfIx)p)R-0`y}^SYG+B-Bs_bz*(YiA_-__Qh;C-r857ws;--t{n9-ebw6U
zTK+NWVSR(SFsr}YzanbE^}JLxVO!M0(iydoQK*4uqZY6nwUtSz{s+zDmj4zt;3do7
zMJ?zt>ik#8k7!PY0N2czhS-~pN(7a{W(RCVJQ4My&5u|c!vZ}{PmDq>@C0fhS1i7P
zTJT?}h4?3T`(;4I1ySu4%(|FWpZ_hX=#8N-_Q!xAkMCtT5H-PMbC$WlT#mJ9UyB;}
zw&kB${L12>V7EQ3nFBR$VV_=J+f>Sus9+8KQ15&LQ3H=LXP8S+1AKzoiLIzx_Z8~p
zc>{G`PztwSMpVBXI2B7^JNz7zF~1X%(!E!i%si-<SuxZ^)lmc1Gh3ks?22rm6L0xx
zmS1G?Ce*#(gBs_1i!WLG6ZC!l|3gI&S70jlUZpd`Q16H(&HAW`JEI1UGbdSo6>6b7
zP~#mmPofrZ-uwyG@7Gkk{#AKQLIb}+JuK-`yB)$%?`Xv>ZigB;3iWNczvVwL$DziV
zW$_yGGjqRr0`-pjLuy|Cs@$=L7pMUO)3~qitf=?ux~P5)&5o#r^g%r<gRne~wfr7b
z|3jD`&sqEubwMf9x))g1OC^*<Ez}mZH9K2}D2v}WhoBZX%A9R}jM}**^B8KpAFTZ<
z>Q?@ax^>CZxq8E_Qps$Ex+Q&46AiU^s<{v~@LJSc@+Q<yoHMVQcg!cKFPpDXI~khZ
z9X~VjzT$QAQPF#PFKd{Fns^cFiZ-EEybtvjdfwt^sD7zK+y#Z9uCO5L0;*ZQvDp&U
zzXR&l^!3HO{zg#I%V;Jx#to<eo|&FdH%@~E$Y-~>Hfq4;sD*a7INsVnGUuRnYz5Z9
zbr#=JyI%hfRKb_1txTT5jnkt}%!T?8$&Z?-me~?@UZfdoeuz46lEpJEUTUr}KSkf`
ze;XBD$!^p;*h$pDkIdKB9-Pr#Kn~P`ilNSHX!%a4Th$kJ{&>{GJ=@yXqHfVn)H~+M
zjQ09}Ktd<JM4cF#$(<++6_-R!Sk3H+y28Qc2vomu<}7oWwSQ{yHq?R-SbQdveg0o1
zp_SdU4xY^JfEiE^T^`hmYohO7TYEg}_3cG1Xsx*kbt@Ci{pK<A3~Irbb)r^u2Q|Pe
z)YIvg#m$GJ1}cEQoj|?wRkM73%eO!+w2Q?fP~%NTjXw)J;2P8$&}$4wZ~m<A1PxIW
zv@*M*2Iyz)11%njx>e&XUWPjFW7I_3PzyP1@vqkYCu--CWpl?3MPjd$%@RdW1C_G4
zy2bU(R%Tb!MEy*!ImcXU?nb?@oJ1}7u^F7*U0^t-WqzlYufpGdnUSay2B3Ce3Xa3s
zs0C)^xArm|)m{R1i^`*}uqNuWparVmMAU-kqP{b(M~(kIX4LEd9u*Db$?2XDWM)J?
zl;LJYRKI3sTeCB20Z|tBM@=}$@)IpT+gylR*b4NjvdI#A%%kR6)Ih(OPtCww?f_X)
z-<%3yVeEwZ()p1&%UoivL+#Ku)PfJ@;`OhW&q+)CZoV=Da=TZY7WH*Jlf`9G3$J1}
zG~1#U+}+~A7LPUOS^g8$LU!i%x)U6+hHtFllErt;Kh0!e?!8NgT0mjcgyk*Y2<vJA
z*1jG!(GH6bTYLs}E3bK}=wY~nz0s4$jr*A6P!lahZP^Bk6Hx<vY4I`h9BM(=EPiHs
z!rgJwnAuU|c?(&hG-|*a7T3oB;?|b$Xm&&0<6fwR#iOp!i@K1RsDVGR_U))~zc7!Y
zz6YFgWB$E86`gPq^%Kc;x54?{d~W`OnlLc0`>F^<f8xTZd<5#stC-DD3yL&{qxvP7
zD=|c`|INM%TZvlfS&M%}o$vrP&`XO$^SKj+VSDmrES_pEM}95rY_oVxes`Q*s0%%0
z@hSBE{QsjRu9*+bS7uNFcYus$xLLxiirTqGs9Vtibs@d2Jq~jakFa==xek4=|3piC
zi8}F=#pldxs87F#)}F4Q`yrAU^&wKzj6&_y1ak#y;@zm7Jde6X*HH`pqad$;CHxE7
zfT&NunwT3~qCQLppss8d>eFi_YT~agzK`{ZGZyyveizgkD-zE~-J)-CJ{BzE#s^Rf
z%~aIuR!S6gJ2XTs;Ahl(_+!*>vkDe-cc3lKAs&JQF-39ri^(X|g)BBVqbB&$;!CIt
zxR1VX!`P5G)EnXcnB5umb$T`GAvuBCvU8|`uUY)e^ptRKRT@;kj2MUEcm(I5w!TA2
zkMEaPgRvO#I^=7&a~8E@-b|%DzJDXt1>2HHz-o9GeOp%A!!Mxt%7oo9w2a61zfS)E
z-zEMIwL?YAdYpH#BX+=bSOxzvtCVvWJOp(?qcDR$|7TOtPrK{P-KdA~1nSDpm{-kv
z*8Uvz2K5i>4JDwwdtNZ=4Jw_**-;aQqjt6&4#ygpQm_BLR5amH>u}2a0exF<?awU#
z%JKmf+=nv@>fTl`8=w~69(8^Xi-%bIc+{<#t9E_<Z=>S-%7i-cSJdbJW7N0az>01@
z+$>>MMZF3dS=`SYW==2@%$2AGZARb2iN4qWB}?404*#GQ5>m;1T63e~@@5^>6}Pas
zo7o?=#ly|<Sd(}LYKOnY)_4K6kRp|N{i~r`Ww%3J)I?2C9Xg;U>We}6A!>s0sCz#H
z^>Uqyqi`)&#C%m;yP(FKZ>~X&_Ze#ZFRSqS*YAGMS|UwVcY-{qjz!HXs9Vy+;z-m&
z23Y)|ITb6BUxJ$Wym=k<DtUx@C(T*SZLi^_qKV!?P0-omcylajqB*D)FGYP5+KQUs
zl;wZKI>Zl9J6fu`dtOD<tD`ome|^ihM)mV{v4$Sz0Baa!eq>HF6U@b^g|EVXxDEAC
z<*MN>v;qzzZj5@!52F@Rx2C(WhRA}vPAe)+Xy}Ss(MBwZ+c7`>ibXNFmivZN4rde3
z!eba-+vEE;n!lmmQXAIs`2KO&Y}ACOQLm!!QMceBYA18lRi34lprS+*)CupQwyHa7
zL2;PL!(Xpq4dUtb+;_xNsQ%&g-GvoE-KsI>RMfch%ui6`evaC?<Ea0W0OukV-^0|v
z?eHNgo`jlU4r(Fut$i8l$Ldc}106t3bQ)Qw@7=EgUyZ)>Bj6Zps$P=;$7)cHtn^7J
z)*wSmeTV0{ar#oeq4Rf?hIH~$Hd5aBy1Rc2u#;C1dg*_XI2Zmz%yl@miT5VVZV>8S
zL9~Z#YApKJ68?Fs?vBZ0&skR}$!RNX$@;|Ka_&>>|1lmR)~AY&mz2(wHP+siwm+zU
z#Cc!ppT*54m}iau(5PdMd6#@qu74}JCVpCP!pa8zx*L}$3AFmt`W5w8)X(4;&I}><
zDe>P-p(Bc1pmxzl%|QL6`dPdB{6+ttC@IMmz^^HKkNWrMPhMX&_L0y3(gspvYpbuc
z!TzK}eI{t=+uaP-`k2;(lpM6=qzBJ{@6gvC9gB#!k>5dS;ii0lJ|Ql^ITL7q$@xzy
zQ{HNKXxG7C{rZk1`dy^9)y;dI4xCVn0ZNd}O7b!GrZgj;oz8lV4yMEtr?<f><0#sG
zAU~F}kopV!6c?e6bc|WW`nwsvZZXDxKe$uf$h4s206f3|wK*{laWYCiN*>}b$j_j?
zEb&>ak3UjkDWfPl)|;v~)Hsx0mdj)lPa&764jg;Q=_A?si=x+`{z7*L^$|4Or~V;D
zM{yQ#01Mh6z3Edb;Y{Pu{{1X7*Vm6M#?iV3htakjAK*}Iz$n+LccOlrWmP2ZPyGh{
z?@=Pj9kS(CqHQ4c>*OcXM@N~2mQ6yv52%%+^)4P~v<37?hB_9Tf0Ap-+1ZJ2kmpOY
zlbQGfYhOrxs?~E**C%oh;zziTzBws6R=YTpEne)$+wAw2?9Yi^X{d@7$fajdI{b(;
zS$!yjCa2GD<hI!$Cy?($z9XD|#b|3s6hUc8NlUEb6n*%5;e1GZhH}rhU>=uoc5-?;
zHKD$OM!vf`H|>gavX@*s;yBb%fHIo;I7%XYkKj(6OVJTe{I}JUyD29X=U*qEmADIj
zr@Y=+bo@riL5D`Zh`(R7D}GMLI^=tj=SK@CFJ&h=9rbV@ZB41?qrW~ZPg~m#>M3ji
zzRwEc<@8Nq;}ZIggl<iPyk$7)F`e7l31#S*NSQ{LOtfXQ&Yh@tpuC{p4b)K`qv`vr
zoqLPAe*9jDzgQpjd-+zqJ@u#LI#PCO53+GWP3y2q1K9BsgDxRnZ-XnXFT`2My-#UF
zJr8Ybup47+VvN${t5L5?DNFqs?Z2Up1WH@#v*>rrm*Mvjx(Dx)$Y2Rkj(9mIKBRaU
zXf7w|yGLf~^T_cx0M2#mpPJkj;(w1j)IT6N`&MoZ=kKI6CD)MtI`}!t=}Engmr6@Z
z=AmJOui0_Ja1sl-NO?{l9nW2yjP%!!g*|C2NLj|<I?7`W+CHcMVd}jp-HCs<_9*&}
zwz_);`~Q%{G)kZ~4C3TXl-zXI7ZV-3X$vL}CBFsFQ}{K6Q=I$>>KCd1Ov!E+@-ycQ
zBCq2veQao7ypG@vZQFd2y#`v5%uGo~GQSPNmv5&Fxe}DpoY02y5v3D(9qq`cpy>Dx
z`PtQX^tbc7;C^zcX)8qiDfP{q|A@E*R>OMwtJY-%_X*yi!v^Yy80I|XGj}{^I{7}7
znhdhba((IFi+B+6A?mT1AGcDL(f3_kPp&ZK26Y|P$@BHp>CJgXh$m47>i&<X=%`4?
zy7-tyyoW8xry=)>`XU?THo4rybr|FnenMQ7a)@%9KKdcHHRT=ZJs771{oX$KG1Yej
zU|RZc{q8ZIAczw-6V}DXlw;)dC3iEWJMn1Rs*uys%*FSAv(t$7)f62W>311_^+oO<
zk+z5xoI8{Dg7p2C`f@&3ov!pbXPr0D5J87Mlv<P>bmFHs=X+dByo7o<eQ#5O$(3c`
zkqLQPW%f3r^(5I{WZ$D#cj|?xCsFu{?)!O;ujbBq$^_c_Qgp25yaAN^<R9Q%$|&*|
zh^KSz73zhVWeoL>*p)JoK6@!TzQQxfY#TFJvKO7(Gr%e080zIHEh&x3wZJFXhk-IP
zz(MLdexw|ue@WW&Q0`Oz6aDD-8GSyW%%RVh<Z@H5NB%dwOZnc9+xV_V;rPN9QJoGS
z(pg_h_yN;*e8itq$c?}k_=KXPIOpW1e>m|4;=g@a-e>Wgox9fh_M@*qWsT)~p}&48
zIBf|(>T9iD%T8L!34NI$8Tq}G#gtp*f|;PZ_0^ok^asZ}N^MFIZGMzi^!=EzW>L>U
zy&<KCI&vH)=X;F5qB4z!nOK3&d8zlLJ_SFgV_V7<>S-_o?SZ%f>yYcr;-=EKHSxd4
zIr1~eeeqUq200zi$z7&xw;Q%|BH!wyAGpFO)h)N3dRj_$I{!pYzvwA|OEE7cg2`*(
zzsFGe?xB5qLU7yc-pfomi>6Ivx=|mFIyPfDx9ar4CAPFcGsN2d<rt&R<eW?R4l|~r
z%qPx;{~lp>uE!+rb&e7=<D_4Re&&RMlqQr|J8?Jd{<KFEr=h-^dK~RKx?w(y^hJCf
zq)!LhpAb*9Tu1u6re4(I)x^!|H<__o@XH|Iv7bK&(QuBkhXJ~yjuSW?hmh0py*a`h
zY`U%PpQ|7Z`L8(l4wGD?9%=m!(pJqnUm^FazWz0^$+D36g_4^%i1H03Kkc93C`uG1
zBjw*CnzoU|4@oq_v(|Q%F?5`8ao!~k;ELa&|60pk!=v=~=CYHTV+3V3C7h0f@jXte
zM8}Mj7|Jn9CED`QrlT|i7gwQPgudIzm#2LZMMq9bWpc6f(b0^2b+_u=B$wBp`#+kB
z`j6m`XSmb`SHEY}-zTqM%A~h^D>ZObBY($o<rrf;@fYNqV*%o?Dfg&{P;`85eao}Z
zP^+iY{eMk|b#(ss7()E3b$Da$H(y!5lJxn3(u~30K01=qG0FM|xS^ArxRsrI9G}te
zi28J<{Eso5&uox4bo`X|3v_IZ>4|4k`cZUzZIg6hfC-#4mi#a~w>Q>Hc+nxdw;w%=
z*%Sk*Z>86IJF^H@p=}}gkH{CYvwM*1NW6e}32lcdI=0Y%0_9UXzln{zi+<V2ox~!P
zzLY=d|FvG=*%;{GV}YGGo<t7vkLajlCglM2r51lf96@^u;(WN2a@N|0QSYFWIJ!^@
zvWOqZ&8PiiylVYwV4`0qek>w+kB&zu6Is9?ls+{6O?l52bQ+t}?|sT-%Y8_FDt(qy
zZc}uWC8wh)@z{j^?`HPBf&5P7v6h3>H&TzbSiJ*m#EsPJQ>M|D%0^Us8{&9M8ZPCq
z<>%NrHEf)2W?u3|t*w1B-w!SPbWY<RlzAGBBb9ZokdUWSX8nT?=N2WL(uq^M+UZ(*
zw6Fhv{y0xtC`%}1w>I=YO-_{6OVQrg+TXF<x3=tmh(D(u%Q$r@UG<ZA7CL`vOBzmN
z7pwnH=ag0tqqB~y*p@yYyP@wlygyjmQF8qlt26CwFca}g&QC_Ys`VFtP+ridB>9!h
z?=&FTNcs0@ZS_f<T+@=raTRe3PD-M^3~p!QLe^fBwgg*9M(XWofBQ(sIS<GOk$;W<
z9@q39A53BnHfDfXlr}a{VRI;L4=Fn4yZHXRK(6y!gDIJv+~T+T44{1#xsh-6J8kWk
z7~k8L6=k!*Ygt1NI$t6;5kJBAD3$3~(fYNget?s|u|aE-Z%3&?t|#S3N>$1x8}AhL
zn^wO_JvDt_V_`qOE&oNO69W!sus-T&lU%0Wiu`n95A|;u-~;O4(Jzbj(U_HJYk;XK
zGpIMEJfhDvTt~m=zTZ#IC-d`LXYC^Xg&w7uK}R9tl(ffS67f;YN_$#s51?%vaWTp`
z-x>UjNA3*$lGA4%c^xt2ekAuhWr&;7pShem{Mm~VMdv$8ag3q!XPlTb@yL7cdlK(;
zo0~Z#vU}X%L18_j`$Z3miR~2@GpI)5fT8F8L!x8)5LXV1iY*=+7eA<X@luI(M_%<y
zY(F}SCvp6kg2@60M@2<P_efklzOP?k&&Zg5(LE9ZCWa@E4jZVJ#3mC%19HdGBP=Q|
zc2HzYY}otpaf9Nb;`$W}iym4ztoNWn?<cgGmfss69~WOatX5Q1+~C+jVKK2EMD~m6
z5mu;0zv#$;(P8}~`)b7a=&(V(qiO9K7vDc}P)uB`rs*9PIZ$Ut4;&cQH+ooDTzpvT
z=&1PULB1$vAXCT3M@J1R?9>|?+5i21(eAXBOO%KkIIuXE);lt`R<Gf`;|51C>9E1E
zQ3E5Q;`;w@y$6<w_|HB>MD~vy9v2%q#MhUGMDMhKWQmh!7WWV85k1st#2OP%CrnA6
z*qVR&lZjm%8WZ`SjT{m^a1fgrxAeRxf9ux&wV)4M)oakGd9$v~YBjAl^1rPnvG($=
z!HGN9zwmS}Q>aewnApg||8*7%`yVI%kF`0i%ltofPTaKNL9&Eno98DC+>#}E|Cm8~
z9ug;RsT7d#C~<SbUpq1<Jl>u@;m;j85+ColADmF5Tb0D~2eKzmNPcui;>M%J(xoU>
zymZO1Ql%@GES-4mLQ%hjd)+c7Ub<8xW1|0~M*bl;r!Ba#chi6NfjxNV>3+Y&Qh%29
zBo6)Sf?wdRNwaQFS&`7~Wmsabmu>tKnmtNh;O3;2cNcwpXUf>yWA`|>ChxgBai*Jc
zT-<XKAHUAxpY!h0(RbF3xjF5lo3l3FoIdl;mMxF=O}n{ntnX1<;PH5}c<;_#bZ6_<
zNBb7v*|F}{q@-I5R^FO7DeTd{Nq4p;-Cnij#uv-pew=Pin*a9mbbIsU8(*xtHD>Fr
z&1>lVXy0Uq(f@0E|MN)wAD$?;V?LgF9=`wk<CGNc@nlMtRKwp>)<5;_9jkBdo9DRm
zCd~-))J&elKW+~5WZW|5=EpPtvz_i^m2@+mC)lq*^Z%y@E9pUq=V4IN!|a~to-Sny
z-PpbP=92yYU!JX`8#z56CtI*Hk7s%I+neX#p10Pyxo@v?Yv!yQdp|aqK50O>r*Oc6
oqXj+llVS>aDg}8eCuF@;C22`XPiXQ52P=4nB{i++shReF0jzr*&j0`b

diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index f09593c4f..06a0c7222 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Jumpserver 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2019-11-20 12:02+0800\n"
+"POT-Creation-Date: 2019-12-03 11:45+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: Jumpserver team<ibuler@qq.com>\n"
@@ -72,7 +72,7 @@ msgid "Operating parameter"
 msgstr "运行参数"
 
 #: applications/forms/remote_app.py:100 applications/models/remote_app.py:23
-#: applications/templates/applications/remote_app_detail.html:57
+#: applications/templates/applications/remote_app_detail.html:52
 #: applications/templates/applications/remote_app_list.html:20
 #: applications/templates/applications/user_remote_app_list.html:18
 #: assets/forms/domain.py:15 assets/forms/label.py:13
@@ -80,21 +80,24 @@ msgstr "运行参数"
 #: assets/models/gathered_user.py:14 assets/serializers/admin_user.py:32
 #: assets/serializers/asset_user.py:82 assets/serializers/system_user.py:37
 #: assets/templates/assets/admin_user_list.html:44
-#: assets/templates/assets/domain_detail.html:60
+#: assets/templates/assets/domain_detail.html:55
 #: assets/templates/assets/domain_list.html:22
 #: assets/templates/assets/label_list.html:16
 #: assets/templates/assets/system_user_list.html:49 audits/models.py:20
-#: audits/templates/audits/ftp_log_list.html:44
-#: audits/templates/audits/ftp_log_list.html:74
+#: audits/templates/audits/ftp_log_list.html:42
+#: audits/templates/audits/ftp_log_list.html:72
 #: perms/forms/asset_permission.py:84 perms/models/asset_permission.py:80
-#: perms/templates/perms/asset_permission_create_update.html:45
-#: perms/templates/perms/asset_permission_list.html:52
-#: perms/templates/perms/asset_permission_list.html:112
-#: terminal/backends/command/models.py:13 terminal/models.py:157
+#: perms/templates/perms/asset_permission_asset.html:53
+#: perms/templates/perms/asset_permission_create_update.html:43
+#: perms/templates/perms/asset_permission_list.html:50
+#: perms/templates/perms/asset_permission_list.html:107
+#: terminal/backends/command/models.py:13 terminal/models.py:160
 #: terminal/templates/terminal/command_list.html:30
 #: terminal/templates/terminal/command_list.html:66
-#: terminal/templates/terminal/session_list.html:28
-#: terminal/templates/terminal/session_list.html:72
+#: terminal/templates/terminal/session_list.html:26
+#: terminal/templates/terminal/session_list.html:70
+#: users/templates/users/user_asset_permission.html:57
+#: users/templates/users/user_asset_permission.html:90
 #: xpack/plugins/change_auth_plan/forms.py:73
 #: xpack/plugins/change_auth_plan/models.py:419
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:44
@@ -109,45 +112,45 @@ msgid "Asset"
 msgstr "资产"
 
 #: applications/models/remote_app.py:21
-#: applications/templates/applications/remote_app_detail.html:53
+#: applications/templates/applications/remote_app_detail.html:48
 #: applications/templates/applications/remote_app_list.html:18
 #: applications/templates/applications/user_remote_app_list.html:16
 #: assets/forms/asset.py:21 assets/forms/domain.py:77 assets/forms/user.py:75
 #: assets/forms/user.py:95 assets/models/base.py:28 assets/models/cluster.py:18
 #: assets/models/cmd_filter.py:21 assets/models/domain.py:20
 #: assets/models/group.py:20 assets/models/label.py:18
-#: assets/templates/assets/admin_user_detail.html:56
+#: assets/templates/assets/admin_user_detail.html:51
 #: assets/templates/assets/admin_user_list.html:42
-#: assets/templates/assets/cmd_filter_detail.html:61
+#: assets/templates/assets/cmd_filter_detail.html:56
 #: assets/templates/assets/cmd_filter_list.html:22
-#: assets/templates/assets/domain_detail.html:56
-#: assets/templates/assets/domain_gateway_list.html:67
+#: assets/templates/assets/domain_detail.html:51
+#: assets/templates/assets/domain_gateway_list.html:62
 #: assets/templates/assets/domain_list.html:21
 #: assets/templates/assets/label_list.html:14
-#: assets/templates/assets/system_user_detail.html:58
+#: assets/templates/assets/system_user_detail.html:53
 #: assets/templates/assets/system_user_list.html:45 ops/models/adhoc.py:37
-#: ops/templates/ops/task_detail.html:60 ops/templates/ops/task_list.html:11
+#: ops/templates/ops/task_detail.html:58 ops/templates/ops/task_list.html:11
 #: orgs/models.py:12 perms/models/base.py:48
-#: perms/templates/perms/asset_permission_detail.html:62
-#: perms/templates/perms/asset_permission_list.html:49
-#: perms/templates/perms/asset_permission_list.html:208
-#: perms/templates/perms/asset_permission_user.html:54
-#: perms/templates/perms/remote_app_permission_detail.html:62
+#: perms/templates/perms/asset_permission_detail.html:57
+#: perms/templates/perms/asset_permission_list.html:47
+#: perms/templates/perms/asset_permission_list.html:203
+#: perms/templates/perms/asset_permission_user.html:53
+#: perms/templates/perms/remote_app_permission_detail.html:57
 #: perms/templates/perms/remote_app_permission_list.html:14
-#: perms/templates/perms/remote_app_permission_remote_app.html:53
-#: perms/templates/perms/remote_app_permission_user.html:53
-#: settings/models.py:29
+#: perms/templates/perms/remote_app_permission_remote_app.html:49
+#: perms/templates/perms/remote_app_permission_user.html:49
+#: settings/models.py:14
 #: settings/templates/settings/_ldap_list_users_modal.html:32
-#: settings/templates/settings/command_storage_create.html:41
-#: settings/templates/settings/replay_storage_create.html:44
-#: settings/templates/settings/terminal_setting.html:83
-#: settings/templates/settings/terminal_setting.html:105 terminal/models.py:23
-#: terminal/models.py:260 terminal/templates/terminal/terminal_detail.html:43
-#: terminal/templates/terminal/terminal_list.html:29 users/forms.py:162
+#: terminal/models.py:26 terminal/models.py:263 terminal/models.py:295
+#: terminal/models.py:332 terminal/templates/terminal/base_storage_list.html:32
+#: terminal/templates/terminal/terminal_detail.html:43
+#: terminal/templates/terminal/terminal_list.html:30 users/forms.py:162
 #: users/models/group.py:14 users/models/user.py:429
 #: users/templates/users/_select_user_modal.html:13
-#: users/templates/users/user_detail.html:63
-#: users/templates/users/user_group_detail.html:55
+#: users/templates/users/user_asset_permission.html:54
+#: users/templates/users/user_asset_permission.html:174
+#: users/templates/users/user_detail.html:64
+#: users/templates/users/user_group_detail.html:50
 #: users/templates/users/user_group_list.html:35
 #: users/templates/users/user_list.html:35
 #: users/templates/users/user_profile.html:51
@@ -169,14 +172,14 @@ msgid "Name"
 msgstr "名称"
 
 #: applications/models/remote_app.py:28
-#: applications/templates/applications/remote_app_detail.html:61
+#: applications/templates/applications/remote_app_detail.html:56
 #: applications/templates/applications/remote_app_list.html:19
 #: applications/templates/applications/user_remote_app_list.html:17
 msgid "App type"
 msgstr "应用类型"
 
 #: applications/models/remote_app.py:32
-#: applications/templates/applications/remote_app_detail.html:65
+#: applications/templates/applications/remote_app_detail.html:60
 msgid "App path"
 msgstr "应用路径"
 
@@ -185,21 +188,21 @@ msgid "Parameters"
 msgstr "参数"
 
 #: applications/models/remote_app.py:39
-#: applications/templates/applications/remote_app_detail.html:73
+#: applications/templates/applications/remote_app_detail.html:68
 #: assets/models/asset.py:174 assets/models/base.py:36
 #: assets/models/cluster.py:28 assets/models/cmd_filter.py:26
 #: assets/models/cmd_filter.py:59 assets/models/group.py:21
-#: assets/templates/assets/admin_user_detail.html:68
-#: assets/templates/assets/asset_detail.html:122
-#: assets/templates/assets/cmd_filter_detail.html:77
-#: assets/templates/assets/domain_detail.html:72
-#: assets/templates/assets/system_user_detail.html:100
-#: common/mixins/models.py:50 ops/templates/ops/adhoc_detail.html:86
+#: assets/templates/assets/admin_user_detail.html:63
+#: assets/templates/assets/asset_detail.html:120
+#: assets/templates/assets/cmd_filter_detail.html:72
+#: assets/templates/assets/domain_detail.html:67
+#: assets/templates/assets/system_user_detail.html:95
+#: common/mixins/models.py:50 ops/templates/ops/adhoc_detail.html:84
 #: orgs/models.py:16 perms/models/base.py:54
-#: perms/templates/perms/asset_permission_detail.html:98
-#: perms/templates/perms/remote_app_permission_detail.html:90
+#: perms/templates/perms/asset_permission_detail.html:93
+#: perms/templates/perms/remote_app_permission_detail.html:85
 #: users/models/user.py:470 users/serializers/group.py:32
-#: users/templates/users/user_detail.html:111
+#: users/templates/users/user_detail.html:112
 #: xpack/plugins/change_auth_plan/models.py:109
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:113
 #: xpack/plugins/cloud/models.py:80 xpack/plugins/cloud/models.py:179
@@ -210,22 +213,22 @@ msgstr "创建者"
 # msgid "Created by"
 # msgstr "创建者"
 #: applications/models/remote_app.py:42
-#: applications/templates/applications/remote_app_detail.html:69
+#: applications/templates/applications/remote_app_detail.html:64
 #: assets/models/asset.py:175 assets/models/base.py:34
 #: assets/models/cluster.py:26 assets/models/domain.py:23
 #: assets/models/gathered_user.py:19 assets/models/group.py:22
-#: assets/models/label.py:25 assets/templates/assets/admin_user_detail.html:64
-#: assets/templates/assets/cmd_filter_detail.html:69
-#: assets/templates/assets/domain_detail.html:68
-#: assets/templates/assets/system_user_detail.html:96
+#: assets/models/label.py:25 assets/templates/assets/admin_user_detail.html:59
+#: assets/templates/assets/cmd_filter_detail.html:64
+#: assets/templates/assets/domain_detail.html:63
+#: assets/templates/assets/system_user_detail.html:91
 #: common/mixins/models.py:51 ops/models/adhoc.py:45
-#: ops/templates/ops/adhoc_detail.html:90 ops/templates/ops/task_detail.html:64
+#: ops/templates/ops/adhoc_detail.html:88 ops/templates/ops/task_detail.html:62
 #: orgs/models.py:17 perms/models/base.py:55
-#: perms/templates/perms/asset_permission_detail.html:94
-#: perms/templates/perms/remote_app_permission_detail.html:86
+#: perms/templates/perms/asset_permission_detail.html:89
+#: perms/templates/perms/remote_app_permission_detail.html:81
 #: terminal/templates/terminal/terminal_detail.html:59
 #: tickets/templates/tickets/ticket_detail.html:52 users/models/group.py:17
-#: users/templates/users/user_group_detail.html:63
+#: users/templates/users/user_group_detail.html:58
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:105
 #: xpack/plugins/cloud/models.py:83 xpack/plugins/cloud/models.py:182
 #: xpack/plugins/cloud/templates/cloud/account_detail.html:66
@@ -237,32 +240,33 @@ msgstr "创建日期"
 # msgid "Date created"
 # msgstr "创建日期"
 #: applications/models/remote_app.py:45
-#: applications/templates/applications/remote_app_detail.html:77
+#: applications/templates/applications/remote_app_detail.html:72
 #: applications/templates/applications/remote_app_list.html:21
 #: applications/templates/applications/user_remote_app_list.html:19
 #: assets/models/asset.py:176 assets/models/base.py:33
 #: assets/models/cluster.py:29 assets/models/cmd_filter.py:23
 #: assets/models/cmd_filter.py:56 assets/models/domain.py:21
 #: assets/models/domain.py:53 assets/models/group.py:23
-#: assets/models/label.py:23 assets/templates/assets/admin_user_detail.html:72
+#: assets/models/label.py:23 assets/templates/assets/admin_user_detail.html:67
 #: assets/templates/assets/admin_user_list.html:48
-#: assets/templates/assets/asset_detail.html:130
-#: assets/templates/assets/cmd_filter_detail.html:65
+#: assets/templates/assets/asset_detail.html:128
+#: assets/templates/assets/cmd_filter_detail.html:60
 #: assets/templates/assets/cmd_filter_list.html:25
-#: assets/templates/assets/cmd_filter_rule_list.html:62
-#: assets/templates/assets/domain_detail.html:76
-#: assets/templates/assets/domain_gateway_list.html:72
+#: assets/templates/assets/cmd_filter_rule_list.html:57
+#: assets/templates/assets/domain_detail.html:71
+#: assets/templates/assets/domain_gateway_list.html:67
 #: assets/templates/assets/domain_list.html:24
-#: assets/templates/assets/system_user_detail.html:104
+#: assets/templates/assets/system_user_detail.html:99
 #: assets/templates/assets/system_user_list.html:53 ops/models/adhoc.py:43
 #: orgs/models.py:18 perms/models/base.py:56
-#: perms/templates/perms/asset_permission_detail.html:102
-#: perms/templates/perms/remote_app_permission_detail.html:94
-#: settings/models.py:34 terminal/models.py:33
+#: perms/templates/perms/asset_permission_detail.html:97
+#: perms/templates/perms/remote_app_permission_detail.html:89
+#: settings/models.py:19 terminal/models.py:36 terminal/models.py:302
+#: terminal/models.py:339 terminal/templates/terminal/base_storage_list.html:34
 #: terminal/templates/terminal/terminal_detail.html:63
 #: tickets/templates/tickets/ticket_detail.html:104 users/models/group.py:15
-#: users/models/user.py:462 users/templates/users/user_detail.html:129
-#: users/templates/users/user_group_detail.html:67
+#: users/models/user.py:462 users/templates/users/user_detail.html:130
+#: users/templates/users/user_group_detail.html:62
 #: users/templates/users/user_group_list.html:37
 #: users/templates/users/user_profile.html:138
 #: xpack/plugins/change_auth_plan/models.py:105
@@ -281,40 +285,39 @@ msgstr "备注"
 
 #: applications/models/remote_app.py:49 perms/forms/remote_app_permission.py:40
 #: perms/models/remote_app_permission.py:15
-#: perms/templates/perms/remote_app_permission_create_update.html:48
-#: perms/templates/perms/remote_app_permission_detail.html:27
+#: perms/templates/perms/remote_app_permission_create_update.html:46
+#: perms/templates/perms/remote_app_permission_detail.html:22
 #: perms/templates/perms/remote_app_permission_list.html:17
-#: perms/templates/perms/remote_app_permission_remote_app.html:26
-#: perms/templates/perms/remote_app_permission_user.html:26
+#: perms/templates/perms/remote_app_permission_remote_app.html:22
+#: perms/templates/perms/remote_app_permission_user.html:22
 #: templates/_nav.html:60 templates/_nav.html:76 templates/_nav_user.html:16
 msgid "RemoteApp"
 msgstr "远程应用"
 
 #: applications/templates/applications/remote_app_create_update.html:55
-#: assets/templates/assets/_system_user.html:75
-#: assets/templates/assets/admin_user_create_update.html:45
+#: assets/templates/assets/_system_user.html:71
+#: assets/templates/assets/admin_user_create_update.html:41
 #: assets/templates/assets/asset_bulk_update.html:23
 #: assets/templates/assets/asset_create.html:81
 #: assets/templates/assets/cmd_filter_create_update.html:15
-#: assets/templates/assets/cmd_filter_rule_create_update.html:40
+#: assets/templates/assets/cmd_filter_rule_create_update.html:36
 #: assets/templates/assets/domain_create_update.html:16
-#: assets/templates/assets/gateway_create_update.html:58
+#: assets/templates/assets/gateway_create_update.html:54
 #: assets/templates/assets/label_create_update.html:18
-#: perms/templates/perms/asset_permission_create_update.html:83
-#: perms/templates/perms/remote_app_permission_create_update.html:84
+#: perms/templates/perms/asset_permission_create_update.html:81
+#: perms/templates/perms/remote_app_permission_create_update.html:82
 #: settings/templates/settings/basic_setting.html:64
-#: settings/templates/settings/command_storage_create.html:79
 #: settings/templates/settings/email_content_setting.html:54
 #: settings/templates/settings/email_setting.html:65
 #: settings/templates/settings/ldap_setting.html:64
-#: settings/templates/settings/replay_storage_create.html:152
 #: settings/templates/settings/security_setting.html:73
-#: settings/templates/settings/terminal_setting.html:71
-#: terminal/templates/terminal/terminal_update.html:45
+#: settings/templates/settings/terminal_setting.html:76
+#: terminal/templates/terminal/base_storage_create_update.html:12
+#: terminal/templates/terminal/terminal_update.html:43
 #: users/templates/users/_user.html:51
 #: users/templates/users/user_bulk_update.html:23
-#: users/templates/users/user_detail.html:180
-#: users/templates/users/user_group_create_update.html:31
+#: users/templates/users/user_detail.html:181
+#: users/templates/users/user_group_create_update.html:27
 #: users/templates/users/user_password_update.html:75
 #: users/templates/users/user_profile.html:209
 #: users/templates/users/user_profile_update.html:67
@@ -331,30 +334,29 @@ msgid "Reset"
 msgstr "重置"
 
 #: applications/templates/applications/remote_app_create_update.html:57
-#: assets/templates/assets/_system_user.html:76
-#: assets/templates/assets/admin_user_create_update.html:46
+#: assets/templates/assets/_system_user.html:72
+#: assets/templates/assets/admin_user_create_update.html:42
 #: assets/templates/assets/asset_bulk_update.html:24
 #: assets/templates/assets/asset_create.html:82
 #: assets/templates/assets/asset_list.html:117
 #: assets/templates/assets/cmd_filter_create_update.html:16
-#: assets/templates/assets/cmd_filter_rule_create_update.html:41
+#: assets/templates/assets/cmd_filter_rule_create_update.html:37
 #: assets/templates/assets/domain_create_update.html:17
-#: assets/templates/assets/gateway_create_update.html:59
+#: assets/templates/assets/gateway_create_update.html:55
 #: assets/templates/assets/label_create_update.html:19
 #: audits/templates/audits/login_log_list.html:95
-#: perms/templates/perms/asset_permission_create_update.html:84
-#: perms/templates/perms/remote_app_permission_create_update.html:85
+#: perms/templates/perms/asset_permission_create_update.html:82
+#: perms/templates/perms/remote_app_permission_create_update.html:83
 #: settings/templates/settings/basic_setting.html:65
-#: settings/templates/settings/command_storage_create.html:80
 #: settings/templates/settings/email_content_setting.html:55
 #: settings/templates/settings/email_setting.html:66
 #: settings/templates/settings/ldap_setting.html:67
-#: settings/templates/settings/replay_storage_create.html:153
 #: settings/templates/settings/security_setting.html:74
-#: settings/templates/settings/terminal_setting.html:73
+#: settings/templates/settings/terminal_setting.html:78
+#: terminal/templates/terminal/base_storage_create_update.html:13
 #: terminal/templates/terminal/command_list.html:47
-#: terminal/templates/terminal/session_list.html:52
-#: terminal/templates/terminal/terminal_update.html:46
+#: terminal/templates/terminal/session_list.html:50
+#: terminal/templates/terminal/terminal_update.html:44
 #: users/templates/users/_user.html:52
 #: users/templates/users/forgot_password.html:42
 #: users/templates/users/user_bulk_update.html:24
@@ -368,24 +370,24 @@ msgstr "重置"
 msgid "Submit"
 msgstr "提交"
 
-#: applications/templates/applications/remote_app_detail.html:18
-#: assets/templates/assets/admin_user_assets.html:18
-#: assets/templates/assets/admin_user_detail.html:18
-#: assets/templates/assets/cmd_filter_detail.html:19
-#: assets/templates/assets/cmd_filter_rule_list.html:19
-#: assets/templates/assets/domain_detail.html:18
-#: assets/templates/assets/domain_gateway_list.html:20
-#: assets/templates/assets/system_user_assets.html:18
-#: assets/templates/assets/system_user_detail.html:18
-#: ops/templates/ops/adhoc_history.html:130
-#: ops/templates/ops/task_adhoc.html:116
-#: ops/templates/ops/task_history.html:137
-#: perms/templates/perms/asset_permission_asset.html:18
-#: perms/templates/perms/asset_permission_detail.html:18
-#: perms/templates/perms/asset_permission_user.html:18
-#: perms/templates/perms/remote_app_permission_detail.html:18
-#: perms/templates/perms/remote_app_permission_remote_app.html:17
-#: perms/templates/perms/remote_app_permission_user.html:17
+#: applications/templates/applications/remote_app_detail.html:13
+#: assets/templates/assets/admin_user_assets.html:13
+#: assets/templates/assets/admin_user_detail.html:13
+#: assets/templates/assets/cmd_filter_detail.html:14
+#: assets/templates/assets/cmd_filter_rule_list.html:14
+#: assets/templates/assets/domain_detail.html:13
+#: assets/templates/assets/domain_gateway_list.html:15
+#: assets/templates/assets/system_user_assets.html:14
+#: assets/templates/assets/system_user_detail.html:13
+#: ops/templates/ops/adhoc_history.html:128
+#: ops/templates/ops/task_adhoc.html:114
+#: ops/templates/ops/task_history.html:135
+#: perms/templates/perms/asset_permission_asset.html:14
+#: perms/templates/perms/asset_permission_detail.html:13
+#: perms/templates/perms/asset_permission_user.html:14
+#: perms/templates/perms/remote_app_permission_detail.html:13
+#: perms/templates/perms/remote_app_permission_remote_app.html:13
+#: perms/templates/perms/remote_app_permission_user.html:13
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:17
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:20
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:17
@@ -394,34 +396,37 @@ msgstr "提交"
 msgid "Detail"
 msgstr "详情"
 
-#: applications/templates/applications/remote_app_detail.html:21
+#: applications/templates/applications/remote_app_detail.html:16
 #: applications/templates/applications/remote_app_list.html:52
 #: assets/templates/assets/_asset_user_list.html:75
-#: assets/templates/assets/admin_user_detail.html:24
+#: assets/templates/assets/admin_user_detail.html:19
 #: assets/templates/assets/admin_user_list.html:24
 #: assets/templates/assets/admin_user_list.html:72
-#: assets/templates/assets/asset_detail.html:26
+#: assets/templates/assets/asset_detail.html:24
 #: assets/templates/assets/asset_list.html:78
 #: assets/templates/assets/asset_list.html:167
-#: assets/templates/assets/cmd_filter_detail.html:29
+#: assets/templates/assets/cmd_filter_detail.html:24
 #: assets/templates/assets/cmd_filter_list.html:56
-#: assets/templates/assets/cmd_filter_rule_list.html:86
-#: assets/templates/assets/domain_detail.html:24
-#: assets/templates/assets/domain_detail.html:103
-#: assets/templates/assets/domain_gateway_list.html:97
+#: assets/templates/assets/cmd_filter_rule_list.html:81
+#: assets/templates/assets/domain_detail.html:19
+#: assets/templates/assets/domain_detail.html:98
+#: assets/templates/assets/domain_gateway_list.html:92
 #: assets/templates/assets/domain_list.html:50
 #: assets/templates/assets/label_list.html:39
-#: assets/templates/assets/system_user_detail.html:26
+#: assets/templates/assets/system_user_detail.html:21
 #: assets/templates/assets/system_user_list.html:27
 #: assets/templates/assets/system_user_list.html:79 audits/models.py:34
-#: perms/templates/perms/asset_permission_detail.html:30
-#: perms/templates/perms/asset_permission_list.html:169
-#: perms/templates/perms/remote_app_permission_detail.html:30
+#: perms/templates/perms/asset_permission_detail.html:25
+#: perms/templates/perms/asset_permission_list.html:164
+#: perms/templates/perms/remote_app_permission_detail.html:25
 #: perms/templates/perms/remote_app_permission_list.html:64
+#: terminal/templates/terminal/base_storage_list.html:64
+#: terminal/templates/terminal/base_storage_list.html:71
 #: terminal/templates/terminal/terminal_detail.html:16
-#: terminal/templates/terminal/terminal_list.html:73
-#: users/templates/users/user_detail.html:25
-#: users/templates/users/user_group_detail.html:28
+#: terminal/templates/terminal/terminal_list.html:74
+#: users/templates/users/user_asset_permission.html:147
+#: users/templates/users/user_detail.html:26
+#: users/templates/users/user_group_detail.html:23
 #: users/templates/users/user_group_list.html:20
 #: users/templates/users/user_group_list.html:71
 #: users/templates/users/user_list.html:20
@@ -442,33 +447,34 @@ msgstr "详情"
 msgid "Update"
 msgstr "更新"
 
-#: applications/templates/applications/remote_app_detail.html:25
+#: applications/templates/applications/remote_app_detail.html:20
 #: applications/templates/applications/remote_app_list.html:53
-#: assets/templates/assets/admin_user_detail.html:28
+#: assets/templates/assets/admin_user_detail.html:23
 #: assets/templates/assets/admin_user_list.html:73
-#: assets/templates/assets/asset_detail.html:30
+#: assets/templates/assets/asset_detail.html:28
 #: assets/templates/assets/asset_list.html:168
-#: assets/templates/assets/cmd_filter_detail.html:33
+#: assets/templates/assets/cmd_filter_detail.html:28
 #: assets/templates/assets/cmd_filter_list.html:57
-#: assets/templates/assets/cmd_filter_rule_list.html:87
-#: assets/templates/assets/domain_detail.html:28
-#: assets/templates/assets/domain_detail.html:104
-#: assets/templates/assets/domain_gateway_list.html:98
+#: assets/templates/assets/cmd_filter_rule_list.html:82
+#: assets/templates/assets/domain_detail.html:23
+#: assets/templates/assets/domain_detail.html:99
+#: assets/templates/assets/domain_gateway_list.html:93
 #: assets/templates/assets/domain_list.html:51
 #: assets/templates/assets/label_list.html:40
-#: assets/templates/assets/system_user_detail.html:30
+#: assets/templates/assets/system_user_detail.html:25
 #: assets/templates/assets/system_user_list.html:80 audits/models.py:35
 #: authentication/templates/authentication/_access_key_modal.html:65
 #: ops/templates/ops/task_list.html:69
-#: perms/templates/perms/asset_permission_detail.html:34
-#: perms/templates/perms/asset_permission_list.html:170
-#: perms/templates/perms/remote_app_permission_detail.html:34
+#: perms/templates/perms/asset_permission_detail.html:29
+#: perms/templates/perms/asset_permission_list.html:165
+#: perms/templates/perms/remote_app_permission_detail.html:29
 #: perms/templates/perms/remote_app_permission_list.html:65
-#: settings/templates/settings/terminal_setting.html:93
-#: settings/templates/settings/terminal_setting.html:115
-#: terminal/templates/terminal/terminal_list.html:75
-#: users/templates/users/user_detail.html:30
-#: users/templates/users/user_group_detail.html:32
+#: terminal/templates/terminal/base_storage_list.html:61
+#: terminal/templates/terminal/base_storage_list.html:68
+#: terminal/templates/terminal/terminal_list.html:76
+#: users/templates/users/user_asset_permission.html:148
+#: users/templates/users/user_detail.html:31
+#: users/templates/users/user_group_detail.html:27
 #: users/templates/users/user_group_list.html:73
 #: users/templates/users/user_list.html:111
 #: users/templates/users/user_list.html:115
@@ -509,27 +515,30 @@ msgstr "创建远程应用"
 #: assets/templates/assets/admin_user_list.html:49
 #: assets/templates/assets/asset_list.html:100
 #: assets/templates/assets/cmd_filter_list.html:26
-#: assets/templates/assets/cmd_filter_rule_list.html:63
-#: assets/templates/assets/domain_gateway_list.html:73
+#: assets/templates/assets/cmd_filter_rule_list.html:58
+#: assets/templates/assets/domain_gateway_list.html:68
 #: assets/templates/assets/domain_list.html:25
 #: assets/templates/assets/label_list.html:17
 #: assets/templates/assets/system_user_list.html:54 audits/models.py:39
-#: audits/templates/audits/operate_log_list.html:47
-#: audits/templates/audits/operate_log_list.html:73
+#: audits/templates/audits/operate_log_list.html:45
+#: audits/templates/audits/operate_log_list.html:71
 #: authentication/templates/authentication/_access_key_modal.html:34
-#: ops/templates/ops/adhoc_history.html:59 ops/templates/ops/task_adhoc.html:64
-#: ops/templates/ops/task_history.html:65 ops/templates/ops/task_list.html:18
+#: ops/templates/ops/adhoc_history.html:57 ops/templates/ops/task_adhoc.html:62
+#: ops/templates/ops/task_history.html:63 ops/templates/ops/task_list.html:18
 #: perms/forms/asset_permission.py:21
-#: perms/templates/perms/asset_permission_create_update.html:50
-#: perms/templates/perms/asset_permission_list.html:56
-#: perms/templates/perms/asset_permission_list.html:121
+#: perms/templates/perms/asset_permission_asset.html:54
+#: perms/templates/perms/asset_permission_create_update.html:48
+#: perms/templates/perms/asset_permission_list.html:54
+#: perms/templates/perms/asset_permission_list.html:116
+#: perms/templates/perms/asset_permission_user.html:54
 #: perms/templates/perms/remote_app_permission_list.html:20
-#: settings/templates/settings/terminal_setting.html:85
-#: settings/templates/settings/terminal_setting.html:107
-#: terminal/templates/terminal/session_list.html:36
-#: terminal/templates/terminal/terminal_list.html:36
+#: terminal/templates/terminal/base_storage_list.html:35
+#: terminal/templates/terminal/session_list.html:34
+#: terminal/templates/terminal/terminal_list.html:37
 #: tickets/templates/tickets/ticket_list.html:105
 #: users/templates/users/_granted_assets.html:34
+#: users/templates/users/user_asset_permission.html:61
+#: users/templates/users/user_asset_permission.html:99
 #: users/templates/users/user_group_list.html:38
 #: users/templates/users/user_list.html:41
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:60
@@ -596,15 +605,14 @@ msgstr "* 包含不被允许的字符"
 
 #: assets/forms/asset.py:25 assets/models/asset.py:140
 #: assets/models/domain.py:50
-#: assets/templates/assets/domain_gateway_list.html:69
-#: settings/templates/settings/replay_storage_create.html:59
+#: assets/templates/assets/domain_gateway_list.html:64
 msgid "Port"
 msgstr "端口"
 
 #: assets/forms/asset.py:56 assets/models/asset.py:145
-#: assets/models/user.py:110 assets/templates/assets/asset_detail.html:188
-#: assets/templates/assets/asset_detail.html:196
-#: assets/templates/assets/system_user_assets.html:83
+#: assets/models/user.py:110 assets/templates/assets/asset_detail.html:186
+#: assets/templates/assets/asset_detail.html:194
+#: assets/templates/assets/system_user_assets.html:79
 #: perms/models/asset_permission.py:81
 #: xpack/plugins/change_auth_plan/models.py:75
 #: xpack/plugins/gathered_user/models.py:31
@@ -614,7 +622,7 @@ msgstr "节点"
 
 #: assets/forms/asset.py:59 assets/forms/asset.py:106
 #: assets/models/asset.py:149 assets/models/cluster.py:19
-#: assets/models/user.py:68 assets/templates/assets/asset_detail.html:74
+#: assets/models/user.py:68 assets/templates/assets/asset_detail.html:72
 #: templates/_nav.html:44 xpack/plugins/cloud/models.py:161
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_detail.html:68
 #: xpack/plugins/orgs/templates/orgs/org_list.html:19
@@ -631,7 +639,7 @@ msgstr "标签"
 
 #: assets/forms/asset.py:65 assets/forms/asset.py:112
 #: assets/models/asset.py:144 assets/models/domain.py:26
-#: assets/models/domain.py:52 assets/templates/assets/asset_detail.html:78
+#: assets/models/domain.py:52 assets/templates/assets/asset_detail.html:76
 #: assets/templates/assets/user_asset_list.html:80
 #: xpack/plugins/orgs/templates/orgs/org_list.html:18
 msgid "Domain"
@@ -642,9 +650,12 @@ msgstr "网域"
 #: assets/serializers/system_user.py:36
 #: assets/templates/assets/asset_create.html:42
 #: perms/forms/asset_permission.py:87 perms/forms/asset_permission.py:94
-#: perms/templates/perms/asset_permission_list.html:53
-#: perms/templates/perms/asset_permission_list.html:115
-#: perms/templates/perms/asset_permission_list.html:214
+#: perms/templates/perms/asset_permission_list.html:51
+#: perms/templates/perms/asset_permission_list.html:110
+#: perms/templates/perms/asset_permission_list.html:209
+#: users/templates/users/user_asset_permission.html:58
+#: users/templates/users/user_asset_permission.html:93
+#: users/templates/users/user_asset_permission.html:178
 #: xpack/plugins/change_auth_plan/forms.py:74
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:55
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:15
@@ -673,7 +684,7 @@ msgstr "如果有多个的互相隔离的网络，设置资产属于的网域，
 
 #: assets/forms/asset.py:132 assets/forms/asset.py:136
 #: assets/forms/domain.py:17 assets/forms/label.py:15
-#: perms/templates/perms/asset_permission_asset.html:78
+#: perms/templates/perms/asset_permission_asset.html:74
 #: xpack/plugins/change_auth_plan/forms.py:64
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:74
 msgid "Select assets"
@@ -696,21 +707,20 @@ msgstr "SSH网关，支持代理SSH,RDP和VNC"
 #: assets/templates/assets/_asset_user_auth_update_modal.html:15
 #: assets/templates/assets/_asset_user_auth_view_modal.html:21
 #: assets/templates/assets/_asset_user_list.html:21
-#: assets/templates/assets/admin_user_detail.html:60
+#: assets/templates/assets/admin_user_detail.html:55
 #: assets/templates/assets/admin_user_list.html:43
-#: assets/templates/assets/domain_gateway_list.html:71
-#: assets/templates/assets/system_user_detail.html:62
+#: assets/templates/assets/domain_gateway_list.html:66
+#: assets/templates/assets/system_user_detail.html:57
 #: assets/templates/assets/system_user_list.html:46 audits/models.py:81
 #: audits/templates/audits/login_log_list.html:57 authentication/forms.py:13
 #: authentication/templates/authentication/login.html:58
 #: authentication/templates/authentication/xpack_login.html:93
-#: ops/models/adhoc.py:189 perms/templates/perms/asset_permission_list.html:210
-#: perms/templates/perms/asset_permission_user.html:55
-#: perms/templates/perms/remote_app_permission_user.html:54
+#: ops/models/adhoc.py:189 perms/templates/perms/asset_permission_list.html:205
+#: perms/templates/perms/remote_app_permission_user.html:50
 #: settings/templates/settings/_ldap_list_users_modal.html:31 users/forms.py:14
 #: users/forms.py:161 users/models/user.py:427
 #: users/templates/users/_select_user_modal.html:14
-#: users/templates/users/user_detail.html:67
+#: users/templates/users/user_detail.html:68
 #: users/templates/users/user_list.html:36
 #: users/templates/users/user_profile.html:47
 #: xpack/plugins/change_auth_plan/forms.py:58
@@ -735,7 +745,7 @@ msgstr "密码或密钥密码"
 #: authentication/forms.py:15
 #: authentication/templates/authentication/login.html:66
 #: authentication/templates/authentication/xpack_login.html:101
-#: settings/forms.py:114 users/forms.py:16 users/forms.py:42
+#: settings/forms/ldap.py:22 users/forms.py:16 users/forms.py:42
 #: users/templates/users/reset_password.html:53
 #: users/templates/users/user_password_authentication.html:18
 #: users/templates/users/user_password_update.html:44
@@ -762,8 +772,8 @@ msgid "Password and private key file must be input one"
 msgstr "密码和私钥, 必须输入一个"
 
 #: assets/forms/user.py:98 assets/models/cmd_filter.py:32
-#: assets/models/user.py:118 assets/templates/assets/_system_user.html:66
-#: assets/templates/assets/system_user_detail.html:165
+#: assets/models/user.py:118 assets/templates/assets/_system_user.html:62
+#: assets/templates/assets/system_user_detail.html:160
 msgid "Command filter"
 msgstr "命令过滤器"
 
@@ -793,14 +803,14 @@ msgstr "使用逗号分隔多个命令，如: /bin/whoami,/sbin/ifconfig"
 #: assets/serializers/asset_user.py:28
 #: assets/templates/assets/_asset_list_modal.html:47
 #: assets/templates/assets/_asset_user_list.html:20
-#: assets/templates/assets/asset_detail.html:62
+#: assets/templates/assets/asset_detail.html:60
 #: assets/templates/assets/asset_list.html:97
-#: assets/templates/assets/domain_gateway_list.html:68
+#: assets/templates/assets/domain_gateway_list.html:63
 #: assets/templates/assets/user_asset_list.html:76
 #: audits/templates/audits/login_log_list.html:60
-#: perms/templates/perms/asset_permission_asset.html:58
-#: perms/templates/perms/asset_permission_list.html:212 settings/forms.py:144
-#: users/templates/users/_granted_assets.html:31
+#: perms/templates/perms/asset_permission_list.html:207
+#: settings/forms/terminal.py:16 users/templates/users/_granted_assets.html:31
+#: users/templates/users/user_asset_permission.html:176
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:54
 #: xpack/plugins/gathered_user/templates/gathered_user/gathered_user_list.html:63
 msgid "IP"
@@ -812,24 +822,24 @@ msgstr "IP"
 #: assets/templates/assets/_asset_user_auth_update_modal.html:9
 #: assets/templates/assets/_asset_user_auth_view_modal.html:15
 #: assets/templates/assets/_asset_user_list.html:19
-#: assets/templates/assets/asset_detail.html:58
+#: assets/templates/assets/asset_detail.html:56
 #: assets/templates/assets/asset_list.html:96
 #: assets/templates/assets/user_asset_list.html:75
-#: perms/templates/perms/asset_permission_asset.html:57
-#: perms/templates/perms/asset_permission_list.html:213 settings/forms.py:143
-#: users/templates/users/_granted_assets.html:30
+#: perms/templates/perms/asset_permission_list.html:208
+#: settings/forms/terminal.py:15 users/templates/users/_granted_assets.html:30
+#: users/templates/users/user_asset_permission.html:177
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:53
 #: xpack/plugins/gathered_user/templates/gathered_user/gathered_user_list.html:62
 msgid "Hostname"
 msgstr "主机名"
 
 #: assets/models/asset.py:139 assets/models/domain.py:51
-#: assets/models/user.py:113 assets/templates/assets/asset_detail.html:70
-#: assets/templates/assets/domain_gateway_list.html:70
-#: assets/templates/assets/system_user_detail.html:70
+#: assets/models/user.py:113 assets/templates/assets/asset_detail.html:68
+#: assets/templates/assets/domain_gateway_list.html:65
+#: assets/templates/assets/system_user_detail.html:65
 #: assets/templates/assets/system_user_list.html:47
-#: terminal/templates/terminal/session_list.html:31
-#: terminal/templates/terminal/session_list.html:75
+#: terminal/templates/terminal/session_list.html:29
+#: terminal/templates/terminal/session_list.html:73
 msgid "Protocol"
 msgstr "协议"
 
@@ -840,35 +850,35 @@ msgstr "协议"
 msgid "Protocols"
 msgstr "协议组"
 
-#: assets/models/asset.py:143 assets/templates/assets/asset_detail.html:102
+#: assets/models/asset.py:143 assets/templates/assets/asset_detail.html:100
 #: assets/templates/assets/user_asset_list.html:78
 msgid "Platform"
 msgstr "系统平台"
 
 #: assets/models/asset.py:146 assets/models/authbook.py:27
 #: assets/models/cmd_filter.py:22 assets/models/domain.py:54
-#: assets/models/label.py:22 assets/templates/assets/asset_detail.html:110
+#: assets/models/label.py:22 assets/templates/assets/asset_detail.html:108
 #: authentication/models.py:45
 msgid "Is active"
 msgstr "激活"
 
-#: assets/models/asset.py:152 assets/templates/assets/asset_detail.html:66
+#: assets/models/asset.py:152 assets/templates/assets/asset_detail.html:64
 msgid "Public IP"
 msgstr "公网IP"
 
-#: assets/models/asset.py:153 assets/templates/assets/asset_detail.html:118
+#: assets/models/asset.py:153 assets/templates/assets/asset_detail.html:116
 msgid "Asset number"
 msgstr "资产编号"
 
-#: assets/models/asset.py:156 assets/templates/assets/asset_detail.html:82
+#: assets/models/asset.py:156 assets/templates/assets/asset_detail.html:80
 msgid "Vendor"
 msgstr "制造商"
 
-#: assets/models/asset.py:157 assets/templates/assets/asset_detail.html:86
+#: assets/models/asset.py:157 assets/templates/assets/asset_detail.html:84
 msgid "Model"
 msgstr "型号"
 
-#: assets/models/asset.py:158 assets/templates/assets/asset_detail.html:114
+#: assets/models/asset.py:158 assets/templates/assets/asset_detail.html:112
 msgid "Serial number"
 msgstr "序列号"
 
@@ -877,7 +887,7 @@ msgid "CPU model"
 msgstr "CPU型号"
 
 #: assets/models/asset.py:161
-#: xpack/plugins/license/templates/license/license_detail.html:80
+#: xpack/plugins/license/templates/license/license_detail.html:71
 msgid "CPU count"
 msgstr "CPU数量"
 
@@ -889,7 +899,7 @@ msgstr "CPU核数"
 msgid "CPU vcpus"
 msgstr "CPU总数"
 
-#: assets/models/asset.py:164 assets/templates/assets/asset_detail.html:94
+#: assets/models/asset.py:164 assets/templates/assets/asset_detail.html:92
 msgid "Memory"
 msgstr "内存"
 
@@ -901,7 +911,7 @@ msgstr "硬盘大小"
 msgid "Disk info"
 msgstr "硬盘信息"
 
-#: assets/models/asset.py:168 assets/templates/assets/asset_detail.html:106
+#: assets/models/asset.py:168 assets/templates/assets/asset_detail.html:104
 msgid "OS"
 msgstr "操作系统"
 
@@ -918,19 +928,19 @@ msgid "Hostname raw"
 msgstr "主机名原始"
 
 #: assets/models/asset.py:173 assets/templates/assets/asset_create.html:46
-#: assets/templates/assets/asset_detail.html:222 templates/_nav.html:46
+#: assets/templates/assets/asset_detail.html:220 templates/_nav.html:46
 msgid "Labels"
 msgstr "标签管理"
 
-#: assets/models/authbook.py:25 ops/templates/ops/task_detail.html:72
+#: assets/models/authbook.py:25 ops/templates/ops/task_detail.html:70
 msgid "Latest version"
 msgstr "最新版本"
 
 #: assets/models/authbook.py:26
 #: assets/templates/assets/_asset_user_list.html:22
-#: ops/templates/ops/adhoc_history.html:58
-#: ops/templates/ops/adhoc_history_detail.html:57
-#: ops/templates/ops/task_adhoc.html:58 ops/templates/ops/task_history.html:64
+#: ops/templates/ops/adhoc_history.html:56
+#: ops/templates/ops/adhoc_history_detail.html:55
+#: ops/templates/ops/task_adhoc.html:56 ops/templates/ops/task_history.html:62
 msgid "Version"
 msgstr "版本"
 
@@ -949,7 +959,7 @@ msgid "SSH public key"
 msgstr "ssh公钥"
 
 #: assets/models/base.py:35 assets/models/gathered_user.py:20
-#: assets/templates/assets/cmd_filter_detail.html:73 common/mixins/models.py:52
+#: assets/templates/assets/cmd_filter_detail.html:68 common/mixins/models.py:52
 #: ops/models/adhoc.py:46
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:109
 #: xpack/plugins/gathered_user/templates/gathered_user/gathered_user_list.html:68
@@ -965,7 +975,7 @@ msgid "Contact"
 msgstr "联系人"
 
 #: assets/models/cluster.py:22 users/models/user.py:448
-#: users/templates/users/user_detail.html:76
+#: users/templates/users/user_detail.html:77
 msgid "Phone"
 msgstr "手机"
 
@@ -1019,11 +1029,11 @@ msgid "Regex"
 msgstr "正则表达式"
 
 #: assets/models/cmd_filter.py:40 ops/models/command.py:22
-#: ops/templates/ops/command_execution_list.html:64 terminal/models.py:163
+#: ops/templates/ops/command_execution_list.html:62 terminal/models.py:166
 #: terminal/templates/terminal/command_list.html:28
 #: terminal/templates/terminal/command_list.html:68
 #: terminal/templates/terminal/session_detail.html:48
-#: terminal/templates/terminal/session_list.html:33
+#: terminal/templates/terminal/session_list.html:31
 msgid "Command"
 msgstr "命令"
 
@@ -1040,20 +1050,18 @@ msgid "Filter"
 msgstr "过滤器"
 
 #: assets/models/cmd_filter.py:51
-#: assets/templates/assets/cmd_filter_rule_list.html:58
+#: assets/templates/assets/cmd_filter_rule_list.html:53
 #: audits/templates/audits/login_log_list.html:58
-#: perms/templates/perms/remote_app_permission_remote_app.html:54
-#: settings/templates/settings/command_storage_create.html:31
-#: settings/templates/settings/replay_storage_create.html:31
-#: settings/templates/settings/terminal_setting.html:84
-#: settings/templates/settings/terminal_setting.html:106
+#: perms/templates/perms/remote_app_permission_remote_app.html:50
+#: terminal/models.py:297 terminal/models.py:334
+#: terminal/templates/terminal/base_storage_list.html:33
 #: tickets/models/ticket.py:43 tickets/templates/tickets/ticket_detail.html:33
 #: tickets/templates/tickets/ticket_list.html:35
 msgid "Type"
 msgstr "类型"
 
 #: assets/models/cmd_filter.py:52 assets/models/user.py:112
-#: assets/templates/assets/cmd_filter_rule_list.html:60
+#: assets/templates/assets/cmd_filter_rule_list.html:55
 msgid "Priority"
 msgstr "优先级"
 
@@ -1062,7 +1070,7 @@ msgid "1-100, the higher will be match first"
 msgstr "优先级可选范围为1-100，1最低优先级，100最高优先级"
 
 #: assets/models/cmd_filter.py:54
-#: assets/templates/assets/cmd_filter_rule_list.html:59
+#: assets/templates/assets/cmd_filter_rule_list.html:54
 #: xpack/plugins/license/models.py:29
 msgid "Content"
 msgstr "内容"
@@ -1075,9 +1083,9 @@ msgstr "每行一个命令"
 msgid "Command filter rule"
 msgstr "命令过滤规则"
 
-#: assets/models/domain.py:61 assets/templates/assets/domain_detail.html:21
-#: assets/templates/assets/domain_detail.html:64
-#: assets/templates/assets/domain_gateway_list.html:26
+#: assets/models/domain.py:61 assets/templates/assets/domain_detail.html:16
+#: assets/templates/assets/domain_detail.html:59
+#: assets/templates/assets/domain_gateway_list.html:21
 #: assets/templates/assets/domain_list.html:23
 msgid "Gateway"
 msgstr "网关"
@@ -1110,33 +1118,35 @@ msgid "Default asset group"
 msgstr "默认资产组"
 
 #: assets/models/label.py:15 audits/models.py:18 audits/models.py:38
-#: audits/models.py:51 audits/templates/audits/ftp_log_list.html:36
-#: audits/templates/audits/ftp_log_list.html:73
-#: audits/templates/audits/operate_log_list.html:39
-#: audits/templates/audits/operate_log_list.html:72
-#: audits/templates/audits/password_change_log_list.html:39
-#: audits/templates/audits/password_change_log_list.html:56
-#: authentication/models.py:43 ops/templates/ops/command_execution_list.html:38
-#: ops/templates/ops/command_execution_list.html:63
+#: audits/models.py:51 audits/templates/audits/ftp_log_list.html:34
+#: audits/templates/audits/ftp_log_list.html:71
+#: audits/templates/audits/operate_log_list.html:37
+#: audits/templates/audits/operate_log_list.html:70
+#: audits/templates/audits/password_change_log_list.html:37
+#: audits/templates/audits/password_change_log_list.html:54
+#: authentication/models.py:43 ops/templates/ops/command_execution_list.html:36
+#: ops/templates/ops/command_execution_list.html:61
 #: perms/forms/asset_permission.py:78 perms/forms/remote_app_permission.py:34
 #: perms/models/base.py:49
-#: perms/templates/perms/asset_permission_create_update.html:41
-#: perms/templates/perms/asset_permission_list.html:50
-#: perms/templates/perms/asset_permission_list.html:106
-#: perms/templates/perms/remote_app_permission_create_update.html:43
+#: perms/templates/perms/asset_permission_create_update.html:39
+#: perms/templates/perms/asset_permission_list.html:48
+#: perms/templates/perms/asset_permission_list.html:101
+#: perms/templates/perms/remote_app_permission_create_update.html:41
 #: perms/templates/perms/remote_app_permission_list.html:15
 #: templates/index.html:87 terminal/backends/command/models.py:12
-#: terminal/models.py:156 terminal/templates/terminal/command_list.html:29
+#: terminal/models.py:159 terminal/templates/terminal/command_list.html:29
 #: terminal/templates/terminal/command_list.html:65
-#: terminal/templates/terminal/session_list.html:27
-#: terminal/templates/terminal/session_list.html:71 tickets/models/ticket.py:33
+#: terminal/templates/terminal/session_list.html:25
+#: terminal/templates/terminal/session_list.html:69 tickets/models/ticket.py:33
 #: tickets/models/ticket.py:128 tickets/templates/tickets/ticket_detail.html:32
 #: tickets/templates/tickets/ticket_list.html:34
 #: tickets/templates/tickets/ticket_list.html:100 users/forms.py:339
 #: users/models/user.py:148 users/models/user.py:164 users/models/user.py:556
 #: users/serializers/group.py:21
-#: users/templates/users/user_group_detail.html:78
-#: users/templates/users/user_group_list.html:36 users/views/user.py:250
+#: users/templates/users/user_asset_permission.html:55
+#: users/templates/users/user_asset_permission.html:84
+#: users/templates/users/user_group_detail.html:73
+#: users/templates/users/user_group_list.html:36 users/views/profile.py:68
 #: xpack/plugins/orgs/forms.py:28
 #: xpack/plugins/orgs/templates/orgs/org_detail.html:113
 #: xpack/plugins/orgs/templates/orgs/org_list.html:15
@@ -1144,7 +1154,7 @@ msgid "User"
 msgstr "用户"
 
 #: assets/models/label.py:19 assets/models/node.py:453
-#: assets/templates/assets/label_list.html:15 settings/models.py:30
+#: assets/templates/assets/label_list.html:15 settings/models.py:15
 msgid "Value"
 msgstr "值"
 
@@ -1182,8 +1192,8 @@ msgstr "手动登录"
 
 #: assets/models/user.py:111
 #: assets/templates/assets/_asset_group_bulk_update_modal.html:11
-#: assets/templates/assets/system_user_assets.html:22
-#: assets/templates/assets/system_user_detail.html:22
+#: assets/templates/assets/system_user_assets.html:18
+#: assets/templates/assets/system_user_detail.html:17
 #: assets/views/admin_user.py:30 assets/views/admin_user.py:49
 #: assets/views/admin_user.py:67 assets/views/admin_user.py:84
 #: assets/views/admin_user.py:108 assets/views/asset.py:37
@@ -1203,42 +1213,45 @@ msgstr "手动登录"
 msgid "Assets"
 msgstr "资产管理"
 
-#: assets/models/user.py:114 assets/templates/assets/_system_user.html:59
-#: assets/templates/assets/system_user_detail.html:122
+#: assets/models/user.py:114 assets/templates/assets/_system_user.html:55
+#: assets/templates/assets/system_user_detail.html:117
 #: assets/templates/assets/system_user_update.html:10
 msgid "Auto push"
 msgstr "自动推送"
 
-#: assets/models/user.py:115 assets/templates/assets/system_user_detail.html:74
+#: assets/models/user.py:115 assets/templates/assets/system_user_detail.html:69
 msgid "Sudo"
 msgstr "Sudo"
 
-#: assets/models/user.py:116 assets/templates/assets/system_user_detail.html:79
+#: assets/models/user.py:116 assets/templates/assets/system_user_detail.html:74
 msgid "Shell"
 msgstr "Shell"
 
-#: assets/models/user.py:117 assets/templates/assets/system_user_detail.html:66
+#: assets/models/user.py:117 assets/templates/assets/system_user_detail.html:61
 #: assets/templates/assets/system_user_list.html:48
 msgid "Login mode"
 msgstr "登录模式"
 
 #: assets/models/user.py:166 assets/templates/assets/user_asset_list.html:79
-#: audits/models.py:21 audits/templates/audits/ftp_log_list.html:52
-#: audits/templates/audits/ftp_log_list.html:75
+#: audits/models.py:21 audits/templates/audits/ftp_log_list.html:50
+#: audits/templates/audits/ftp_log_list.html:73
 #: perms/forms/asset_permission.py:90 perms/forms/remote_app_permission.py:43
 #: perms/models/asset_permission.py:82 perms/models/remote_app_permission.py:16
-#: perms/templates/perms/asset_permission_detail.html:140
-#: perms/templates/perms/asset_permission_list.html:54
-#: perms/templates/perms/asset_permission_list.html:118
-#: perms/templates/perms/asset_permission_list.html:215
-#: perms/templates/perms/remote_app_permission_detail.html:131
+#: perms/templates/perms/asset_permission_asset.html:124
+#: perms/templates/perms/asset_permission_list.html:52
+#: perms/templates/perms/asset_permission_list.html:113
+#: perms/templates/perms/asset_permission_list.html:210
+#: perms/templates/perms/remote_app_permission_detail.html:126
 #: perms/templates/perms/remote_app_permission_list.html:18
 #: templates/_nav.html:45 terminal/backends/command/models.py:14
-#: terminal/models.py:158 terminal/templates/terminal/command_list.html:31
+#: terminal/models.py:161 terminal/templates/terminal/command_list.html:31
 #: terminal/templates/terminal/command_list.html:67
-#: terminal/templates/terminal/session_list.html:29
-#: terminal/templates/terminal/session_list.html:73
+#: terminal/templates/terminal/session_list.html:27
+#: terminal/templates/terminal/session_list.html:71
 #: users/templates/users/_granted_assets.html:32
+#: users/templates/users/user_asset_permission.html:59
+#: users/templates/users/user_asset_permission.html:96
+#: users/templates/users/user_asset_permission.html:179
 #: xpack/plugins/orgs/templates/orgs/org_list.html:20
 msgid "System user"
 msgstr "系统用户"
@@ -1436,7 +1449,7 @@ msgid "Select Asset"
 msgstr "选择资产"
 
 #: assets/templates/assets/_asset_group_bulk_update_modal.html:21
-#: assets/templates/assets/cmd_filter_detail.html:89
+#: assets/templates/assets/cmd_filter_detail.html:84
 #: assets/templates/assets/cmd_filter_list.html:24
 msgid "System users"
 msgstr "系统用户"
@@ -1460,8 +1473,8 @@ msgstr "资产列表"
 
 #: assets/templates/assets/_asset_list_modal.html:33
 #: assets/templates/assets/_node_tree.html:39
-#: ops/templates/ops/command_execution_create.html:70
-#: ops/templates/ops/command_execution_create.html:127
+#: ops/templates/ops/command_execution_create.html:67
+#: ops/templates/ops/command_execution_create.html:124
 #: settings/templates/settings/_ldap_list_users_modal.html:41
 #: users/templates/users/_granted_assets.html:7
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_create_update.html:66
@@ -1482,9 +1495,10 @@ msgid "Please input password"
 msgstr "请输入密码"
 
 #: assets/templates/assets/_asset_user_auth_update_modal.html:68
-#: assets/templates/assets/asset_detail.html:302
-#: users/templates/users/user_detail.html:367
-#: users/templates/users/user_detail.html:394
+#: assets/templates/assets/asset_detail.html:300
+#: users/templates/users/user_asset_permission.html:193
+#: users/templates/users/user_detail.html:368
+#: users/templates/users/user_detail.html:395
 #: xpack/plugins/interface/views.py:35
 msgid "Update successfully!"
 msgstr "更新成功"
@@ -1513,9 +1527,9 @@ msgid "Close"
 msgstr "关闭"
 
 #: assets/templates/assets/_asset_user_list.html:24
-#: audits/templates/audits/operate_log_list.html:77
-#: audits/templates/audits/password_change_log_list.html:59
-#: ops/templates/ops/task_adhoc.html:63
+#: audits/templates/audits/operate_log_list.html:75
+#: audits/templates/audits/password_change_log_list.html:57
+#: ops/templates/ops/task_adhoc.html:61
 #: terminal/templates/terminal/command_list.html:33
 #: terminal/templates/terminal/session_detail.html:50
 #: tickets/templates/tickets/ticket_list.html:37
@@ -1532,17 +1546,18 @@ msgid "View"
 msgstr "查看"
 
 #: assets/templates/assets/_asset_user_list.html:76
-#: assets/templates/assets/admin_user_assets.html:61
+#: assets/templates/assets/admin_user_assets.html:56
 #: assets/templates/assets/asset_asset_user_list.html:57
-#: assets/templates/assets/asset_detail.html:176
-#: assets/templates/assets/system_user_assets.html:63
-#: assets/templates/assets/system_user_detail.html:151
+#: assets/templates/assets/asset_detail.html:174
+#: assets/templates/assets/system_user_assets.html:59
+#: assets/templates/assets/system_user_detail.html:146
+#: terminal/templates/terminal/base_storage_list.html:73
 msgid "Test"
 msgstr "测试"
 
 #: assets/templates/assets/_asset_user_list.html:77
-#: assets/templates/assets/system_user_assets.html:72
-#: assets/templates/assets/system_user_detail.html:142
+#: assets/templates/assets/system_user_assets.html:68
+#: assets/templates/assets/system_user_detail.html:137
 msgid "Push"
 msgstr "推送"
 
@@ -1550,7 +1565,7 @@ msgstr "推送"
 msgid "Test gateway test connection"
 msgstr "测试连接网关"
 
-#: assets/templates/assets/_gateway_test_modal.html:10 terminal/models.py:25
+#: assets/templates/assets/_gateway_test_modal.html:10 terminal/models.py:28
 msgid "SSH Port"
 msgstr "SSH端口"
 
@@ -1586,34 +1601,34 @@ msgstr "存在资产，不能删除"
 msgid "Rename success"
 msgstr "重命名成功"
 
-#: assets/templates/assets/_system_user.html:37
+#: assets/templates/assets/_system_user.html:33
 #: assets/templates/assets/asset_create.html:16
-#: assets/templates/assets/gateway_create_update.html:37
-#: perms/templates/perms/asset_permission_create_update.html:38
-#: perms/templates/perms/remote_app_permission_create_update.html:39
+#: assets/templates/assets/gateway_create_update.html:33
+#: perms/templates/perms/asset_permission_create_update.html:36
+#: perms/templates/perms/remote_app_permission_create_update.html:37
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:41
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_create_update.html:27
 #: xpack/plugins/gathered_user/templates/gathered_user/task_create_update.html:27
 msgid "Basic"
 msgstr "基本"
 
-#: assets/templates/assets/_system_user.html:44
+#: assets/templates/assets/_system_user.html:40
 #: assets/templates/assets/asset_create.html:38
-#: assets/templates/assets/gateway_create_update.html:45
+#: assets/templates/assets/gateway_create_update.html:41
 #: users/templates/users/_user.html:21
 msgid "Auth"
 msgstr "认证"
 
-#: assets/templates/assets/_system_user.html:48
+#: assets/templates/assets/_system_user.html:44
 msgid "Auto generate key"
 msgstr "自动生成密钥"
 
-#: assets/templates/assets/_system_user.html:69
+#: assets/templates/assets/_system_user.html:65
 #: assets/templates/assets/asset_create.html:74
-#: assets/templates/assets/gateway_create_update.html:53
-#: perms/templates/perms/asset_permission_create_update.html:53
-#: perms/templates/perms/remote_app_permission_create_update.html:53
-#: terminal/templates/terminal/terminal_update.html:40
+#: assets/templates/assets/gateway_create_update.html:49
+#: perms/templates/perms/asset_permission_create_update.html:51
+#: perms/templates/perms/remote_app_permission_create_update.html:51
+#: terminal/templates/terminal/terminal_update.html:38
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:65
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_create_update.html:48
 #: xpack/plugins/gathered_user/templates/gathered_user/task_create_update.html:39
@@ -1631,63 +1646,62 @@ msgstr "更新系统用户"
 
 #: assets/templates/assets/_user_asset_detail_modal.html:11
 #: assets/templates/assets/asset_asset_user_list.html:13
-#: assets/templates/assets/asset_detail.html:20 assets/views/asset.py:200
+#: assets/templates/assets/asset_detail.html:18 assets/views/asset.py:200
 msgid "Asset detail"
 msgstr "资产详情"
 
-#: assets/templates/assets/admin_user_assets.html:21
-#: assets/templates/assets/admin_user_detail.html:21
+#: assets/templates/assets/admin_user_assets.html:16
+#: assets/templates/assets/admin_user_detail.html:16
 msgid "Assets list"
 msgstr "资产列表"
 
-#: assets/templates/assets/admin_user_assets.html:29
-#: perms/templates/perms/asset_permission_asset.html:35
+#: assets/templates/assets/admin_user_assets.html:24
+#: perms/templates/perms/asset_permission_asset.html:31
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:31
 msgid "Asset list of "
 msgstr "资产列表"
 
-#: assets/templates/assets/admin_user_assets.html:52
-#: assets/templates/assets/system_user_assets.html:54
-#: assets/templates/assets/system_user_detail.html:116
-#: perms/templates/perms/asset_permission_detail.html:114
-#: perms/templates/perms/remote_app_permission_detail.html:106
+#: assets/templates/assets/admin_user_assets.html:47
+#: assets/templates/assets/system_user_assets.html:50
+#: assets/templates/assets/system_user_detail.html:111
+#: perms/templates/perms/asset_permission_detail.html:109
+#: perms/templates/perms/remote_app_permission_detail.html:101
 msgid "Quick update"
 msgstr "快速更新"
 
-#: assets/templates/assets/admin_user_assets.html:58
+#: assets/templates/assets/admin_user_assets.html:53
 #: assets/templates/assets/asset_asset_user_list.html:54
-#: assets/templates/assets/asset_detail.html:173
+#: assets/templates/assets/asset_detail.html:171
 msgid "Test connective"
 msgstr "测试可连接性"
 
-#: assets/templates/assets/admin_user_detail.html:83
+#: assets/templates/assets/admin_user_detail.html:78
 msgid "Replace node assets admin user with this"
 msgstr "替换资产的管理员"
 
-#: assets/templates/assets/admin_user_detail.html:91
-#: perms/templates/perms/asset_permission_asset.html:103
+#: assets/templates/assets/admin_user_detail.html:86
+#: perms/templates/perms/asset_permission_asset.html:99
 #: xpack/plugins/change_auth_plan/forms.py:68
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:99
 #: xpack/plugins/gathered_user/forms.py:36
 msgid "Select nodes"
 msgstr "选择节点"
 
-#: assets/templates/assets/admin_user_detail.html:100
-#: assets/templates/assets/asset_detail.html:202
-#: assets/templates/assets/asset_list.html:427
-#: assets/templates/assets/cmd_filter_detail.html:106
-#: assets/templates/assets/system_user_assets.html:97
-#: assets/templates/assets/system_user_detail.html:182
+#: assets/templates/assets/admin_user_detail.html:95
+#: assets/templates/assets/asset_detail.html:200
+#: assets/templates/assets/asset_list.html:424
+#: assets/templates/assets/cmd_filter_detail.html:101
+#: assets/templates/assets/system_user_assets.html:93
+#: assets/templates/assets/system_user_detail.html:177
 #: assets/templates/assets/system_user_list.html:133
 #: authentication/templates/authentication/_mfa_confirm_modal.html:20
-#: settings/templates/settings/terminal_setting.html:168
 #: templates/_modal.html:23 terminal/templates/terminal/session_detail.html:112
-#: users/templates/users/user_detail.html:272
-#: users/templates/users/user_detail.html:448
-#: users/templates/users/user_detail.html:474
-#: users/templates/users/user_detail.html:497
-#: users/templates/users/user_detail.html:542
-#: users/templates/users/user_group_create_update.html:32
+#: users/templates/users/user_detail.html:273
+#: users/templates/users/user_detail.html:449
+#: users/templates/users/user_detail.html:475
+#: users/templates/users/user_detail.html:498
+#: users/templates/users/user_detail.html:543
+#: users/templates/users/user_group_create_update.html:28
 #: users/templates/users/user_group_list.html:120
 #: users/templates/users/user_list.html:256
 #: xpack/plugins/cloud/templates/cloud/account_create_update.html:34
@@ -1728,7 +1742,7 @@ msgstr "导出"
 #: settings/templates/settings/_ldap_list_users_modal.html:172
 #: users/templates/users/user_group_list.html:15
 #: users/templates/users/user_list.html:15
-#: xpack/plugins/license/templates/license/license_detail.html:110
+#: xpack/plugins/license/templates/license/license_detail.html:101
 #: xpack/plugins/vault/templates/vault/vault.html:52
 msgid "Import"
 msgstr "导入"
@@ -1753,7 +1767,7 @@ msgid "Please select file"
 msgstr "选择文件"
 
 #: assets/templates/assets/asset_asset_user_list.html:16
-#: assets/templates/assets/asset_detail.html:23 assets/views/asset.py:55
+#: assets/templates/assets/asset_detail.html:21 assets/views/asset.py:55
 msgid "Asset user list"
 msgstr "资产用户列表"
 
@@ -1762,13 +1776,13 @@ msgid "Asset users of"
 msgstr "资产用户"
 
 #: assets/templates/assets/asset_asset_user_list.html:47
-#: assets/templates/assets/asset_detail.html:142
+#: assets/templates/assets/asset_detail.html:140
 #: terminal/templates/terminal/session_detail.html:85
-#: users/templates/users/user_detail.html:140
+#: users/templates/users/user_detail.html:141
 #: users/templates/users/user_profile.html:150
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:128
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_detail.html:132
-#: xpack/plugins/license/templates/license/license_detail.html:102
+#: xpack/plugins/license/templates/license/license_detail.html:93
 msgid "Quick modify"
 msgstr "快速修改"
 
@@ -1782,39 +1796,39 @@ msgstr "选择需要修改属性"
 msgid "Select all"
 msgstr "全选"
 
-#: assets/templates/assets/asset_detail.html:90
+#: assets/templates/assets/asset_detail.html:88
 msgid "CPU"
 msgstr "CPU"
 
-#: assets/templates/assets/asset_detail.html:98
+#: assets/templates/assets/asset_detail.html:96
 msgid "Disk"
 msgstr "硬盘"
 
-#: assets/templates/assets/asset_detail.html:126
-#: users/templates/users/user_detail.html:115
+#: assets/templates/assets/asset_detail.html:124
+#: users/templates/users/user_detail.html:116
 #: users/templates/users/user_profile.html:106
 msgid "Date joined"
 msgstr "创建日期"
 
-#: assets/templates/assets/asset_detail.html:148 authentication/models.py:19
+#: assets/templates/assets/asset_detail.html:146 authentication/models.py:19
 #: authentication/templates/authentication/_access_key_modal.html:32
 #: perms/models/base.py:51
-#: perms/templates/perms/asset_permission_create_update.html:55
-#: perms/templates/perms/asset_permission_detail.html:120
-#: perms/templates/perms/remote_app_permission_create_update.html:55
-#: perms/templates/perms/remote_app_permission_detail.html:112
-#: terminal/templates/terminal/terminal_list.html:34
+#: perms/templates/perms/asset_permission_create_update.html:53
+#: perms/templates/perms/asset_permission_detail.html:115
+#: perms/templates/perms/remote_app_permission_create_update.html:53
+#: perms/templates/perms/remote_app_permission_detail.html:107
+#: terminal/templates/terminal/terminal_list.html:35
 #: users/templates/users/_select_user_modal.html:18
-#: users/templates/users/user_detail.html:146
+#: users/templates/users/user_detail.html:147
 #: users/templates/users/user_profile.html:63
 msgid "Active"
 msgstr "激活中"
 
-#: assets/templates/assets/asset_detail.html:165
+#: assets/templates/assets/asset_detail.html:163
 msgid "Refresh hardware"
 msgstr "更新硬件信息"
 
-#: assets/templates/assets/asset_detail.html:168
+#: assets/templates/assets/asset_detail.html:166
 #: authentication/templates/authentication/login_wait_confirm.html:42
 msgid "Refresh"
 msgstr "刷新"
@@ -1884,43 +1898,42 @@ msgstr "仅显示当前节点资产"
 msgid "Displays all child node assets"
 msgstr "显示所有子节点资产"
 
-#: assets/templates/assets/asset_list.html:421
+#: assets/templates/assets/asset_list.html:418
 #: assets/templates/assets/system_user_list.html:127
-#: users/templates/users/user_detail.html:442
-#: users/templates/users/user_detail.html:468
-#: users/templates/users/user_detail.html:536
+#: users/templates/users/user_detail.html:443
+#: users/templates/users/user_detail.html:469
+#: users/templates/users/user_detail.html:537
 #: users/templates/users/user_group_list.html:114
 #: users/templates/users/user_list.html:250
 #: xpack/plugins/interface/templates/interface/interface.html:97
 msgid "Are you sure?"
 msgstr "你确认吗?"
 
-#: assets/templates/assets/asset_list.html:422
+#: assets/templates/assets/asset_list.html:419
 msgid "This will delete the selected assets !!!"
 msgstr "删除选择资产"
 
-#: assets/templates/assets/asset_list.html:425
+#: assets/templates/assets/asset_list.html:422
 #: assets/templates/assets/system_user_list.html:131
-#: settings/templates/settings/terminal_setting.html:166
-#: users/templates/users/user_detail.html:446
-#: users/templates/users/user_detail.html:472
-#: users/templates/users/user_detail.html:540
+#: users/templates/users/user_detail.html:447
+#: users/templates/users/user_detail.html:473
+#: users/templates/users/user_detail.html:541
 #: users/templates/users/user_group_list.html:118
 #: users/templates/users/user_list.html:254
 #: xpack/plugins/interface/templates/interface/interface.html:101
 msgid "Cancel"
 msgstr "取消"
 
-#: assets/templates/assets/asset_list.html:436
+#: assets/templates/assets/asset_list.html:433
 msgid "Asset Deleted."
 msgstr "已被删除"
 
-#: assets/templates/assets/asset_list.html:437
-#: assets/templates/assets/asset_list.html:445
+#: assets/templates/assets/asset_list.html:434
+#: assets/templates/assets/asset_list.html:442
 msgid "Asset Delete"
 msgstr "删除"
 
-#: assets/templates/assets/asset_list.html:444
+#: assets/templates/assets/asset_list.html:441
 msgid "Asset Deleting failed."
 msgstr "删除失败"
 
@@ -1928,13 +1941,13 @@ msgstr "删除失败"
 msgid "Configuration"
 msgstr "配置"
 
-#: assets/templates/assets/cmd_filter_detail.html:25
+#: assets/templates/assets/cmd_filter_detail.html:20
 #: assets/templates/assets/cmd_filter_list.html:23
-#: assets/templates/assets/cmd_filter_rule_list.html:23
+#: assets/templates/assets/cmd_filter_rule_list.html:18
 msgid "Rules"
 msgstr "规则"
 
-#: assets/templates/assets/cmd_filter_detail.html:97
+#: assets/templates/assets/cmd_filter_detail.html:92
 msgid "Binding to system user"
 msgstr "绑定到系统用户"
 
@@ -1969,16 +1982,16 @@ msgstr "否则就匹配下一个规则，如果最后没有匹配到规则，则
 msgid "Create command filter"
 msgstr "创建命令过滤器"
 
-#: assets/templates/assets/cmd_filter_rule_list.html:33
+#: assets/templates/assets/cmd_filter_rule_list.html:28
 #: assets/views/cmd_filter.py:105
 msgid "Command filter rule list"
 msgstr "命令过滤器规则列表"
 
-#: assets/templates/assets/cmd_filter_rule_list.html:50
+#: assets/templates/assets/cmd_filter_rule_list.html:45
 msgid "Create rule"
 msgstr "创建规则"
 
-#: assets/templates/assets/cmd_filter_rule_list.html:61
+#: assets/templates/assets/cmd_filter_rule_list.html:56
 msgid "Strategy"
 msgstr "策略"
 
@@ -1992,23 +2005,23 @@ msgstr "确认删除"
 msgid "Are you sure delete"
 msgstr "您确定删除吗?"
 
-#: assets/templates/assets/domain_gateway_list.html:37
+#: assets/templates/assets/domain_gateway_list.html:32
 msgid "Gateway list"
 msgstr "网关列表"
 
-#: assets/templates/assets/domain_gateway_list.html:56
+#: assets/templates/assets/domain_gateway_list.html:51
 #: assets/views/domain.py:136
 msgid "Create gateway"
 msgstr "创建网关"
 
-#: assets/templates/assets/domain_gateway_list.html:99
-#: assets/templates/assets/domain_gateway_list.html:101
+#: assets/templates/assets/domain_gateway_list.html:94
+#: assets/templates/assets/domain_gateway_list.html:96
 #: settings/templates/settings/email_setting.html:64
 #: settings/templates/settings/ldap_setting.html:65
 msgid "Test connection"
 msgstr "测试连接"
 
-#: assets/templates/assets/domain_gateway_list.html:141
+#: assets/templates/assets/domain_gateway_list.html:136
 msgid "Can be connected"
 msgstr "可连接"
 
@@ -2033,33 +2046,33 @@ msgstr "创建网域"
 msgid "Create label"
 msgstr "创建标签"
 
-#: assets/templates/assets/system_user_assets.html:31
+#: assets/templates/assets/system_user_assets.html:27
 msgid "Assets of "
 msgstr "资产"
 
-#: assets/templates/assets/system_user_assets.html:60
-#: assets/templates/assets/system_user_detail.html:148
+#: assets/templates/assets/system_user_assets.html:56
+#: assets/templates/assets/system_user_detail.html:143
 msgid "Test assets connective"
 msgstr "测试资产可连接性"
 
-#: assets/templates/assets/system_user_assets.html:69
-#: assets/templates/assets/system_user_detail.html:139
+#: assets/templates/assets/system_user_assets.html:65
+#: assets/templates/assets/system_user_detail.html:134
 msgid "Push system user now"
 msgstr "立刻推送系统"
 
-#: assets/templates/assets/system_user_assets.html:91
+#: assets/templates/assets/system_user_assets.html:87
 msgid "Add to node"
 msgstr "添加到节点"
 
-#: assets/templates/assets/system_user_detail.html:85
+#: assets/templates/assets/system_user_detail.html:80
 msgid "Home"
 msgstr "家目录"
 
-#: assets/templates/assets/system_user_detail.html:91
+#: assets/templates/assets/system_user_detail.html:86
 msgid "Uid"
 msgstr "Uid"
 
-#: assets/templates/assets/system_user_detail.html:173
+#: assets/templates/assets/system_user_detail.html:168
 msgid "Binding command filters"
 msgstr "绑定命令过滤器"
 
@@ -2206,29 +2219,29 @@ msgid "System user asset"
 msgstr "系统用户资产"
 
 #: audits/models.py:19 audits/models.py:42 audits/models.py:53
-#: audits/templates/audits/ftp_log_list.html:76
-#: audits/templates/audits/operate_log_list.html:76
-#: audits/templates/audits/password_change_log_list.html:58
-#: terminal/models.py:160 terminal/templates/terminal/session_list.html:30
-#: terminal/templates/terminal/session_list.html:74
+#: audits/templates/audits/ftp_log_list.html:74
+#: audits/templates/audits/operate_log_list.html:74
+#: audits/templates/audits/password_change_log_list.html:56
+#: terminal/models.py:163 terminal/templates/terminal/session_list.html:28
+#: terminal/templates/terminal/session_list.html:72
 #: terminal/templates/terminal/terminal_detail.html:47
 msgid "Remote addr"
 msgstr "远端地址"
 
-#: audits/models.py:22 audits/templates/audits/ftp_log_list.html:77
+#: audits/models.py:22 audits/templates/audits/ftp_log_list.html:75
 msgid "Operate"
 msgstr "操作"
 
-#: audits/models.py:23 audits/templates/audits/ftp_log_list.html:59
-#: audits/templates/audits/ftp_log_list.html:78
+#: audits/models.py:23 audits/templates/audits/ftp_log_list.html:57
+#: audits/templates/audits/ftp_log_list.html:76
 msgid "Filename"
 msgstr "文件名"
 
 #: audits/models.py:24 audits/models.py:77
-#: audits/templates/audits/ftp_log_list.html:79
-#: ops/templates/ops/command_execution_list.html:68
+#: audits/templates/audits/ftp_log_list.html:77
+#: ops/templates/ops/command_execution_list.html:66
 #: ops/templates/ops/task_list.html:15
-#: users/templates/users/user_detail.html:518
+#: users/templates/users/user_detail.html:519
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:14
 #: xpack/plugins/cloud/api.py:61
 msgid "Success"
@@ -2240,25 +2253,25 @@ msgstr "成功"
 msgid "Create"
 msgstr "创建"
 
-#: audits/models.py:40 audits/templates/audits/operate_log_list.html:55
-#: audits/templates/audits/operate_log_list.html:74
+#: audits/models.py:40 audits/templates/audits/operate_log_list.html:53
+#: audits/templates/audits/operate_log_list.html:72
 msgid "Resource Type"
 msgstr "资源类型"
 
-#: audits/models.py:41 audits/templates/audits/operate_log_list.html:75
+#: audits/models.py:41 audits/templates/audits/operate_log_list.html:73
 msgid "Resource"
 msgstr "资源"
 
-#: audits/models.py:52 audits/templates/audits/password_change_log_list.html:57
+#: audits/models.py:52 audits/templates/audits/password_change_log_list.html:55
 msgid "Change by"
 msgstr "修改者"
 
-#: audits/models.py:71 users/templates/users/user_detail.html:98
+#: audits/models.py:71 users/templates/users/user_detail.html:99
 msgid "Disabled"
 msgstr "禁用"
 
-#: audits/models.py:72 settings/models.py:33
-#: users/templates/users/user_detail.html:96
+#: audits/models.py:72 settings/models.py:18
+#: users/templates/users/user_detail.html:97
 msgid "Enabled"
 msgstr "启用"
 
@@ -2316,14 +2329,14 @@ msgstr "状态"
 msgid "Date login"
 msgstr "登录日期"
 
-#: audits/templates/audits/ftp_log_list.html:80
-#: ops/templates/ops/adhoc_history.html:52
-#: ops/templates/ops/adhoc_history_detail.html:61
-#: ops/templates/ops/command_execution_list.html:69
-#: ops/templates/ops/task_history.html:58 perms/models/base.py:52
-#: perms/templates/perms/asset_permission_detail.html:86
-#: perms/templates/perms/remote_app_permission_detail.html:78
-#: terminal/models.py:167 terminal/templates/terminal/session_list.html:34
+#: audits/templates/audits/ftp_log_list.html:78
+#: ops/templates/ops/adhoc_history.html:50
+#: ops/templates/ops/adhoc_history_detail.html:59
+#: ops/templates/ops/command_execution_list.html:67
+#: ops/templates/ops/task_history.html:56 perms/models/base.py:52
+#: perms/templates/perms/asset_permission_detail.html:81
+#: perms/templates/perms/remote_app_permission_detail.html:73
+#: terminal/models.py:170 terminal/templates/terminal/session_list.html:32
 #: xpack/plugins/change_auth_plan/models.py:250
 #: xpack/plugins/change_auth_plan/models.py:426
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:59
@@ -2333,18 +2346,18 @@ msgid "Date start"
 msgstr "开始日期"
 
 #: audits/templates/audits/login_log_list.html:34
-#: perms/templates/perms/asset_permission_user.html:88
-#: perms/templates/perms/remote_app_permission_user.html:87
+#: perms/templates/perms/asset_permission_user.html:74
+#: perms/templates/perms/remote_app_permission_user.html:83
 msgid "Select user"
 msgstr "选择用户"
 
 #: audits/templates/audits/login_log_list.html:41
 #: audits/templates/audits/login_log_list.html:46
-#: audits/templates/audits/operate_log_list.html:64
-#: audits/templates/audits/password_change_log_list.html:48
-#: ops/templates/ops/command_execution_list.html:46
-#: ops/templates/ops/command_execution_list.html:51
-#: templates/_base_list.html:41 templates/_user_profile.html:23
+#: audits/templates/audits/operate_log_list.html:62
+#: audits/templates/audits/password_change_log_list.html:46
+#: ops/templates/ops/command_execution_list.html:44
+#: ops/templates/ops/command_execution_list.html:49
+#: templates/_base_list.html:37 templates/_user_profile.html:23
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_history.html:52
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_instance.html:48
 msgid "Search"
@@ -2352,10 +2365,10 @@ msgstr "搜索"
 
 #: audits/templates/audits/login_log_list.html:56
 #: authentication/templates/authentication/_access_key_modal.html:30
-#: ops/templates/ops/adhoc_detail.html:49
-#: ops/templates/ops/adhoc_history_detail.html:49
-#: ops/templates/ops/task_detail.html:56
-#: terminal/templates/terminal/session_list.html:26
+#: ops/templates/ops/adhoc_detail.html:47
+#: ops/templates/ops/adhoc_history_detail.html:47
+#: ops/templates/ops/task_detail.html:54
+#: terminal/templates/terminal/session_list.html:24
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_history.html:64
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_instance.html:60
 msgid "ID"
@@ -2495,7 +2508,8 @@ msgid ""
 "after {} minutes)"
 msgstr "账号已被锁定（请联系管理员解锁 或 {}分钟后重试）"
 
-#: authentication/errors.py:46 users/views/user.py:398 users/views/user.py:423
+#: authentication/errors.py:46 users/views/profile.py:211
+#: users/views/profile.py:236
 msgid "MFA code invalid, or ntp sync server time"
 msgstr "MFA验证码不正确，或者服务器端时间不对"
 
@@ -2523,12 +2537,12 @@ msgstr "MFA 验证码"
 msgid "Private Token"
 msgstr "ssh密钥"
 
-#: authentication/models.py:44 users/templates/users/user_detail.html:266
+#: authentication/models.py:44 users/templates/users/user_detail.html:267
 msgid "Reviewers"
 msgstr "审批人"
 
 #: authentication/models.py:53 tickets/models/ticket.py:25
-#: users/templates/users/user_detail.html:258
+#: users/templates/users/user_detail.html:259
 msgid "Login confirm"
 msgstr "登录复核"
 
@@ -2649,7 +2663,7 @@ msgid "Keycloak"
 msgstr ""
 
 #: authentication/templates/authentication/login_otp.html:46
-#: users/templates/users/user_detail.html:91
+#: users/templates/users/user_detail.html:92
 #: users/templates/users/user_profile.html:87
 msgid "MFA certification"
 msgstr "MFA认证"
@@ -2698,11 +2712,11 @@ msgstr "返回"
 msgid "Welcome back, please enter username and password to login"
 msgstr "欢迎回来，请输入用户名和密码登录"
 
-#: authentication/views/login.py:70
+#: authentication/views/login.py:71
 msgid "Please enable cookies and try again."
 msgstr "设置你的浏览器支持cookie"
 
-#: authentication/views/login.py:157
+#: authentication/views/login.py:158
 msgid ""
 "Wait for <b>{}</b> confirm, You also can copy link to her/him <br/>\n"
 "                  Don't close this page"
@@ -2710,15 +2724,15 @@ msgstr ""
 "等待 <b>{}</b> 确认, 你也可以复制链接发给他/她 <br/>\n"
 "                  不要关闭本页面"
 
-#: authentication/views/login.py:162
+#: authentication/views/login.py:163
 msgid "No ticket found"
 msgstr "没有发现工单"
 
-#: authentication/views/login.py:185
+#: authentication/views/login.py:186
 msgid "Logout success"
 msgstr "退出登录成功"
 
-#: authentication/views/login.py:186
+#: authentication/views/login.py:187
 msgid "Logout success, return login page"
 msgstr "退出登录成功，返回到登录页面"
 
@@ -2784,15 +2798,15 @@ msgstr "不能包含特殊字符"
 msgid "This field must be unique."
 msgstr "字段必须唯一"
 
-#: jumpserver/celery_flower.py:21
+#: jumpserver/views/celery_flower.py:23
 msgid "<h1>Flow service unavailable, check it</h1>"
 msgstr ""
 
-#: jumpserver/views.py:184 templates/_nav.html:7
+#: jumpserver/views/index.py:178 templates/_nav.html:7
 msgid "Dashboard"
 msgstr "仪表盘"
 
-#: jumpserver/views.py:193
+#: jumpserver/views/other.py:25
 msgid ""
 "<div>Luna is a separately deployed program, you need to deploy Luna, koko, "
 "configure nginx for url distribution,</div> </div>If you see this page, "
@@ -2801,11 +2815,11 @@ msgstr ""
 "<div>Luna是单独部署的一个程序，你需要部署luna，koko, </div><div>如果你看到了"
 "这个页面，证明你访问的不是nginx监听的端口，祝你好运</div>"
 
-#: jumpserver/views.py:233
+#: jumpserver/views/other.py:65
 msgid "Websocket server run on port: {}, you should proxy it on nginx"
 msgstr "Websocket 服务运行在端口: {}, 请检查nginx是否代理是否设置"
 
-#: jumpserver/views.py:241
+#: jumpserver/views/other.py:73
 msgid ""
 "<div>Koko is a separately deployed program, you need to deploy Koko, "
 "configure nginx for url distribution,</div> </div>If you see this page, "
@@ -2827,7 +2841,7 @@ msgstr "没有该主机 {} 权限"
 msgid "Interval"
 msgstr "间隔"
 
-#: ops/models/adhoc.py:38 settings/forms.py:162
+#: ops/models/adhoc.py:38 settings/forms/terminal.py:34
 msgid "Units: seconds"
 msgstr "单位: 秒"
 
@@ -2843,29 +2857,27 @@ msgstr "5 * * * *"
 msgid "Callback"
 msgstr "回调"
 
-#: ops/models/adhoc.py:183 ops/templates/ops/adhoc_detail.html:114
+#: ops/models/adhoc.py:183 ops/templates/ops/adhoc_detail.html:112
 msgid "Tasks"
 msgstr "任务"
 
-#: ops/models/adhoc.py:184 ops/templates/ops/adhoc_detail.html:57
-#: ops/templates/ops/task_adhoc.html:60
+#: ops/models/adhoc.py:184 ops/templates/ops/adhoc_detail.html:55
+#: ops/templates/ops/task_adhoc.html:58
 msgid "Pattern"
 msgstr "模式"
 
-#: ops/models/adhoc.py:185 ops/templates/ops/adhoc_detail.html:61
+#: ops/models/adhoc.py:185 ops/templates/ops/adhoc_detail.html:59
 msgid "Options"
 msgstr "选项"
 
-#: ops/models/adhoc.py:186 ops/templates/ops/adhoc_detail.html:53
-#: ops/templates/ops/command_execution_list.html:62
-#: ops/templates/ops/task_adhoc.html:59 ops/templates/ops/task_list.html:14
-#: settings/templates/settings/command_storage_create.html:49
+#: ops/models/adhoc.py:186 ops/templates/ops/adhoc_detail.html:51
+#: ops/templates/ops/command_execution_list.html:60
+#: ops/templates/ops/task_adhoc.html:57 ops/templates/ops/task_list.html:14
+#: terminal/forms/storage.py:107
 msgid "Hosts"
 msgstr "主机"
 
-#: ops/models/adhoc.py:187
-#: settings/templates/settings/replay_storage_create.html:52
-#: templates/index.html:91
+#: ops/models/adhoc.py:187 templates/index.html:91
 msgid "Host"
 msgstr "主机"
 
@@ -2873,12 +2885,12 @@ msgstr "主机"
 msgid "Run as admin"
 msgstr "再次执行"
 
-#: ops/models/adhoc.py:190 ops/templates/ops/adhoc_detail.html:82
-#: ops/templates/ops/task_adhoc.html:62
+#: ops/models/adhoc.py:190 ops/templates/ops/adhoc_detail.html:80
+#: ops/templates/ops/task_adhoc.html:60
 msgid "Become"
 msgstr "Become"
 
-#: ops/models/adhoc.py:191 users/templates/users/user_group_detail.html:59
+#: ops/models/adhoc.py:191 users/templates/users/user_group_detail.html:54
 #: xpack/plugins/cloud/templates/cloud/account_detail.html:62
 #: xpack/plugins/orgs/templates/orgs/org_detail.html:56
 msgid "Create by"
@@ -2900,8 +2912,8 @@ msgstr "开始时间"
 msgid "End time"
 msgstr "完成时间"
 
-#: ops/models/adhoc.py:362 ops/templates/ops/adhoc_history.html:57
-#: ops/templates/ops/task_history.html:63 ops/templates/ops/task_list.html:17
+#: ops/models/adhoc.py:362 ops/templates/ops/adhoc_history.html:55
+#: ops/templates/ops/task_history.html:61 ops/templates/ops/task_list.html:17
 #: xpack/plugins/change_auth_plan/models.py:253
 #: xpack/plugins/change_auth_plan/models.py:429
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:58
@@ -2910,15 +2922,15 @@ msgstr "完成时间"
 msgid "Time"
 msgstr "时间"
 
-#: ops/models/adhoc.py:363 ops/templates/ops/adhoc_detail.html:106
-#: ops/templates/ops/adhoc_history.html:55
-#: ops/templates/ops/adhoc_history_detail.html:69
-#: ops/templates/ops/task_detail.html:84 ops/templates/ops/task_history.html:61
+#: ops/models/adhoc.py:363 ops/templates/ops/adhoc_detail.html:104
+#: ops/templates/ops/adhoc_history.html:53
+#: ops/templates/ops/adhoc_history_detail.html:67
+#: ops/templates/ops/task_detail.html:82 ops/templates/ops/task_history.html:59
 msgid "Is finished"
 msgstr "是否完成"
 
-#: ops/models/adhoc.py:364 ops/templates/ops/adhoc_history.html:56
-#: ops/templates/ops/task_history.html:62
+#: ops/models/adhoc.py:364 ops/templates/ops/adhoc_history.html:54
+#: ops/templates/ops/task_history.html:60
 msgid "Is success"
 msgstr "是否成功"
 
@@ -2948,105 +2960,105 @@ msgstr "命令 `{}` 不允许被执行 ......."
 msgid "Task end"
 msgstr "任务结束"
 
-#: ops/templates/ops/adhoc_detail.html:19
-#: ops/templates/ops/adhoc_history.html:19
+#: ops/templates/ops/adhoc_detail.html:17
+#: ops/templates/ops/adhoc_history.html:17
 msgid "Version detail"
 msgstr "版本详情"
 
-#: ops/templates/ops/adhoc_detail.html:22
-#: ops/templates/ops/adhoc_history.html:22 ops/views/adhoc.py:111
+#: ops/templates/ops/adhoc_detail.html:20
+#: ops/templates/ops/adhoc_history.html:20 ops/views/adhoc.py:111
 msgid "Version run history"
 msgstr "执行历史"
 
-#: ops/templates/ops/adhoc_detail.html:72
-#: ops/templates/ops/adhoc_detail.html:77
-#: ops/templates/ops/command_execution_list.html:65
-#: ops/templates/ops/task_adhoc.html:61
+#: ops/templates/ops/adhoc_detail.html:70
+#: ops/templates/ops/adhoc_detail.html:75
+#: ops/templates/ops/command_execution_list.html:63
+#: ops/templates/ops/task_adhoc.html:59
 msgid "Run as"
 msgstr "运行用户"
 
-#: ops/templates/ops/adhoc_detail.html:94 ops/templates/ops/task_list.html:12
+#: ops/templates/ops/adhoc_detail.html:92 ops/templates/ops/task_list.html:12
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:18
 #: xpack/plugins/gathered_user/templates/gathered_user/task_list.html:19
 msgid "Run times"
 msgstr "执行次数"
 
-#: ops/templates/ops/adhoc_detail.html:98 ops/templates/ops/task_detail.html:76
+#: ops/templates/ops/adhoc_detail.html:96 ops/templates/ops/task_detail.html:74
 msgid "Last run"
 msgstr "最后运行"
 
-#: ops/templates/ops/adhoc_detail.html:102
-#: ops/templates/ops/adhoc_history_detail.html:65
-#: ops/templates/ops/task_detail.html:80
+#: ops/templates/ops/adhoc_detail.html:100
+#: ops/templates/ops/adhoc_history_detail.html:63
+#: ops/templates/ops/task_detail.html:78
 msgid "Time delta"
 msgstr "运行时间"
 
-#: ops/templates/ops/adhoc_detail.html:110
-#: ops/templates/ops/adhoc_history_detail.html:73
-#: ops/templates/ops/task_detail.html:88
+#: ops/templates/ops/adhoc_detail.html:108
+#: ops/templates/ops/adhoc_history_detail.html:71
+#: ops/templates/ops/task_detail.html:86
 msgid "Is success "
 msgstr "成功"
 
-#: ops/templates/ops/adhoc_detail.html:131
-#: ops/templates/ops/task_detail.html:109
+#: ops/templates/ops/adhoc_detail.html:129
+#: ops/templates/ops/task_detail.html:107
 msgid "Last run failed hosts"
 msgstr "最后运行失败主机"
 
-#: ops/templates/ops/adhoc_detail.html:151
-#: ops/templates/ops/adhoc_detail.html:176
-#: ops/templates/ops/task_detail.html:129
-#: ops/templates/ops/task_detail.html:154
+#: ops/templates/ops/adhoc_detail.html:149
+#: ops/templates/ops/adhoc_detail.html:174
+#: ops/templates/ops/task_detail.html:127
+#: ops/templates/ops/task_detail.html:152
 msgid "No hosts"
 msgstr "没有主机"
 
-#: ops/templates/ops/adhoc_detail.html:161
-#: ops/templates/ops/task_detail.html:139
+#: ops/templates/ops/adhoc_detail.html:159
+#: ops/templates/ops/task_detail.html:137
 msgid "Last run success hosts"
 msgstr "最后运行成功主机"
 
-#: ops/templates/ops/adhoc_history.html:30
-#: ops/templates/ops/task_history.html:36
+#: ops/templates/ops/adhoc_history.html:28
+#: ops/templates/ops/task_history.html:34
 msgid "History of "
 msgstr "执行历史"
 
-#: ops/templates/ops/adhoc_history.html:53
-#: ops/templates/ops/task_history.html:59
+#: ops/templates/ops/adhoc_history.html:51
+#: ops/templates/ops/task_history.html:57
 msgid "F/S/T"
 msgstr "失败/成功/总"
 
-#: ops/templates/ops/adhoc_history.html:54
-#: ops/templates/ops/task_history.html:60
+#: ops/templates/ops/adhoc_history.html:52
+#: ops/templates/ops/task_history.html:58
 msgid "Ratio"
 msgstr "比例"
 
-#: ops/templates/ops/adhoc_history_detail.html:19 ops/views/adhoc.py:125
+#: ops/templates/ops/adhoc_history_detail.html:17 ops/views/adhoc.py:125
 msgid "Run history detail"
 msgstr "执行历史详情"
 
-#: ops/templates/ops/adhoc_history_detail.html:22
-#: ops/templates/ops/command_execution_list.html:66
+#: ops/templates/ops/adhoc_history_detail.html:20
+#: ops/templates/ops/command_execution_list.html:64
 #: terminal/backends/command/models.py:16
 msgid "Output"
 msgstr "输出"
 
-#: ops/templates/ops/adhoc_history_detail.html:30
+#: ops/templates/ops/adhoc_history_detail.html:28
 msgid "History detail of"
 msgstr "执行历史详情"
 
-#: ops/templates/ops/adhoc_history_detail.html:53
+#: ops/templates/ops/adhoc_history_detail.html:51
 msgid "Task name"
 msgstr "任务名称"
 
-#: ops/templates/ops/adhoc_history_detail.html:84
+#: ops/templates/ops/adhoc_history_detail.html:82
 msgid "Failed assets"
 msgstr "失败资产"
 
-#: ops/templates/ops/adhoc_history_detail.html:104
-#: ops/templates/ops/adhoc_history_detail.html:129
+#: ops/templates/ops/adhoc_history_detail.html:102
+#: ops/templates/ops/adhoc_history_detail.html:127
 msgid "No assets"
 msgstr "没有资产"
 
-#: ops/templates/ops/adhoc_history_detail.html:114
+#: ops/templates/ops/adhoc_history_detail.html:112
 msgid "Success assets"
 msgstr "成功资产"
 
@@ -3054,75 +3066,75 @@ msgstr "成功资产"
 msgid "Task log"
 msgstr "任务列表"
 
-#: ops/templates/ops/command_execution_create.html:109
+#: ops/templates/ops/command_execution_create.html:106
 #: terminal/templates/terminal/session_detail.html:95
 #: terminal/templates/terminal/session_detail.html:104
 msgid "Go"
 msgstr ""
 
-#: ops/templates/ops/command_execution_create.html:194
+#: ops/templates/ops/command_execution_create.html:191
 msgid "Selected assets"
 msgstr "已选择资产"
 
-#: ops/templates/ops/command_execution_create.html:197
+#: ops/templates/ops/command_execution_create.html:194
 msgid "In total"
 msgstr "总共"
 
-#: ops/templates/ops/command_execution_create.html:234
+#: ops/templates/ops/command_execution_create.html:231
 msgid ""
 "Select the left asset, select the running system user, execute command in "
 "batch"
 msgstr "选择左侧资产, 选择运行的系统用户，批量执行命令"
 
-#: ops/templates/ops/command_execution_create.html:278
+#: ops/templates/ops/command_execution_create.html:275
 msgid "Unselected assets"
 msgstr "没有选中资产"
 
-#: ops/templates/ops/command_execution_create.html:282
+#: ops/templates/ops/command_execution_create.html:279
 msgid "No input command"
 msgstr "没有输入命令"
 
-#: ops/templates/ops/command_execution_create.html:286
+#: ops/templates/ops/command_execution_create.html:283
 msgid "No system user was selected"
 msgstr "没有选择系统用户"
 
-#: ops/templates/ops/command_execution_create.html:296
+#: ops/templates/ops/command_execution_create.html:293
 msgid "Pending"
 msgstr "等待"
 
-#: ops/templates/ops/command_execution_list.html:67
+#: ops/templates/ops/command_execution_list.html:65
 msgid "Finished"
 msgstr "结束"
 
-#: ops/templates/ops/task_adhoc.html:19 ops/templates/ops/task_detail.html:20
-#: ops/templates/ops/task_history.html:19 ops/views/adhoc.py:55
+#: ops/templates/ops/task_adhoc.html:17 ops/templates/ops/task_detail.html:18
+#: ops/templates/ops/task_history.html:17 ops/views/adhoc.py:55
 msgid "Task detail"
 msgstr "任务详情"
 
-#: ops/templates/ops/task_adhoc.html:22 ops/templates/ops/task_detail.html:23
-#: ops/templates/ops/task_history.html:22 ops/views/adhoc.py:69
+#: ops/templates/ops/task_adhoc.html:20 ops/templates/ops/task_detail.html:21
+#: ops/templates/ops/task_history.html:20 ops/views/adhoc.py:69
 msgid "Task versions"
 msgstr "任务各版本"
 
-#: ops/templates/ops/task_adhoc.html:25 ops/templates/ops/task_detail.html:26
-#: ops/templates/ops/task_history.html:25
+#: ops/templates/ops/task_adhoc.html:23 ops/templates/ops/task_detail.html:24
+#: ops/templates/ops/task_history.html:23
 msgid "Run history"
 msgstr "执行历史"
 
-#: ops/templates/ops/task_adhoc.html:28 ops/templates/ops/task_detail.html:29
-#: ops/templates/ops/task_history.html:28
+#: ops/templates/ops/task_adhoc.html:26 ops/templates/ops/task_detail.html:27
+#: ops/templates/ops/task_history.html:26
 msgid "Last run output"
 msgstr "输出"
 
-#: ops/templates/ops/task_adhoc.html:36
+#: ops/templates/ops/task_adhoc.html:34
 msgid "Versions of "
 msgstr "版本"
 
-#: ops/templates/ops/task_detail.html:68
+#: ops/templates/ops/task_detail.html:66
 msgid "Total versions"
 msgstr "版本数量"
 
-#: ops/templates/ops/task_detail.html:92
+#: ops/templates/ops/task_detail.html:90
 msgid "Contents"
 msgstr "内容"
 
@@ -3189,13 +3201,15 @@ msgid ""
 msgstr "提示：RDP 协议不支持单独控制上传或下载文件"
 
 #: perms/forms/asset_permission.py:81 perms/forms/remote_app_permission.py:37
-#: perms/models/base.py:50 perms/templates/perms/asset_permission_list.html:51
-#: perms/templates/perms/asset_permission_list.html:109
-#: perms/templates/perms/asset_permission_list.html:211
+#: perms/models/base.py:50 perms/templates/perms/asset_permission_list.html:49
+#: perms/templates/perms/asset_permission_list.html:104
+#: perms/templates/perms/asset_permission_list.html:206
 #: perms/templates/perms/remote_app_permission_list.html:16
 #: templates/_nav.html:21 users/forms.py:313 users/models/group.py:26
 #: users/models/user.py:435 users/templates/users/_select_user_modal.html:16
-#: users/templates/users/user_detail.html:219
+#: users/templates/users/user_asset_permission.html:56
+#: users/templates/users/user_asset_permission.html:87
+#: users/templates/users/user_detail.html:220
 #: users/templates/users/user_list.html:38
 #: xpack/plugins/orgs/templates/orgs/org_list.html:16
 msgid "User group"
@@ -3209,7 +3223,7 @@ msgstr "用户和用户组至少选一个"
 msgid "Asset or group at least one required"
 msgstr "资产和节点至少选一个"
 
-#: perms/models/asset_permission.py:31 settings/forms.py:147
+#: perms/models/asset_permission.py:31 settings/forms/terminal.py:19
 msgid "All"
 msgstr "全部"
 
@@ -3231,13 +3245,16 @@ msgstr "动作"
 
 #: perms/models/asset_permission.py:87 templates/_nav.html:72
 #: tickets/templates/tickets/ticket_list.html:22
+#: users/templates/users/user_asset_permission.html:23
+#: users/templates/users/user_detail.html:23
+#: users/templates/users/user_granted_asset.html:24 users/views/user.py:219
 msgid "Asset permission"
 msgstr "资产授权"
 
 #: perms/models/base.py:53
-#: perms/templates/perms/asset_permission_detail.html:90
-#: perms/templates/perms/remote_app_permission_detail.html:82
-#: users/models/user.py:467 users/templates/users/user_detail.html:107
+#: perms/templates/perms/asset_permission_detail.html:85
+#: perms/templates/perms/remote_app_permission_detail.html:77
+#: users/models/user.py:467 users/templates/users/user_detail.html:108
 #: users/templates/users/user_profile.html:120
 msgid "Date expired"
 msgstr "失效日期"
@@ -3246,156 +3263,171 @@ msgstr "失效日期"
 msgid "RemoteApp permission"
 msgstr "远程应用授权"
 
-#: perms/templates/perms/asset_permission_asset.html:22
-#: perms/templates/perms/asset_permission_detail.html:22
-#: perms/templates/perms/asset_permission_user.html:22
-#: perms/templates/perms/remote_app_permission_detail.html:22
-#: perms/templates/perms/remote_app_permission_remote_app.html:21
-#: perms/templates/perms/remote_app_permission_user.html:21
+#: perms/templates/perms/asset_permission_asset.html:18
+#: perms/templates/perms/asset_permission_detail.html:17
+#: perms/templates/perms/asset_permission_user.html:18
+#: perms/templates/perms/remote_app_permission_detail.html:17
+#: perms/templates/perms/remote_app_permission_remote_app.html:17
+#: perms/templates/perms/remote_app_permission_user.html:17
 msgid "Users and user groups"
 msgstr "用户或用户组"
 
-#: perms/templates/perms/asset_permission_asset.html:27
-#: perms/templates/perms/asset_permission_detail.html:27
-#: perms/templates/perms/asset_permission_user.html:27
+#: perms/templates/perms/asset_permission_asset.html:23
+#: perms/templates/perms/asset_permission_detail.html:22
+#: perms/templates/perms/asset_permission_user.html:23
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:20
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:23
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:20
 msgid "Assets and node"
 msgstr "资产或节点"
 
-#: perms/templates/perms/asset_permission_asset.html:70
+#: perms/templates/perms/asset_permission_asset.html:66
 msgid "Add asset to this permission"
 msgstr "添加资产"
 
-#: perms/templates/perms/asset_permission_asset.html:84
-#: perms/templates/perms/asset_permission_detail.html:157
-#: perms/templates/perms/asset_permission_user.html:97
-#: perms/templates/perms/asset_permission_user.html:125
-#: perms/templates/perms/remote_app_permission_detail.html:148
-#: perms/templates/perms/remote_app_permission_remote_app.html:96
-#: perms/templates/perms/remote_app_permission_user.html:96
-#: perms/templates/perms/remote_app_permission_user.html:124
-#: settings/templates/settings/terminal_setting.html:98
-#: settings/templates/settings/terminal_setting.html:120
-#: users/templates/users/user_group_detail.html:92
+#: perms/templates/perms/asset_permission_asset.html:80
+#: perms/templates/perms/asset_permission_asset.html:141
+#: perms/templates/perms/asset_permission_user.html:80
+#: perms/templates/perms/asset_permission_user.html:108
+#: perms/templates/perms/remote_app_permission_detail.html:143
+#: perms/templates/perms/remote_app_permission_remote_app.html:92
+#: perms/templates/perms/remote_app_permission_user.html:92
+#: perms/templates/perms/remote_app_permission_user.html:120
+#: users/templates/users/user_group_detail.html:87
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:80
 #: xpack/plugins/orgs/templates/orgs/org_detail.html:93
 #: xpack/plugins/orgs/templates/orgs/org_detail.html:130
 msgid "Add"
 msgstr "添加"
 
-#: perms/templates/perms/asset_permission_asset.html:95
+#: perms/templates/perms/asset_permission_asset.html:91
 msgid "Add node to this permission"
 msgstr "添加节点"
 
-#: perms/templates/perms/asset_permission_asset.html:109
-#: users/templates/users/user_detail.html:236
+#: perms/templates/perms/asset_permission_asset.html:105
+#: users/templates/users/user_detail.html:237
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:105
 msgid "Join"
 msgstr "加入"
 
-#: perms/templates/perms/asset_permission_create_update.html:61
-#: perms/templates/perms/remote_app_permission_create_update.html:61
-msgid "Validity period"
-msgstr "有效期"
-
-#: perms/templates/perms/asset_permission_detail.html:66
-#: perms/templates/perms/remote_app_permission_detail.html:66
-#: xpack/plugins/license/templates/license/license_detail.html:76
-msgid "User count"
-msgstr "用户数量"
-
-#: perms/templates/perms/asset_permission_detail.html:70
-#: perms/templates/perms/remote_app_permission_detail.html:70
-msgid "User group count"
-msgstr "用户组数量"
-
-#: perms/templates/perms/asset_permission_detail.html:74
-#: xpack/plugins/license/templates/license/license_detail.html:72
-msgid "Asset count"
-msgstr "资产数量"
-
-#: perms/templates/perms/asset_permission_detail.html:78
-msgid "Node count"
-msgstr "节点数量"
-
-#: perms/templates/perms/asset_permission_detail.html:82
-msgid "System user count"
-msgstr "系统用户数量"
-
-#: perms/templates/perms/asset_permission_detail.html:148
-#: perms/templates/perms/remote_app_permission_detail.html:139
+#: perms/templates/perms/asset_permission_asset.html:132
+#: perms/templates/perms/remote_app_permission_detail.html:134
 msgid "Select system users"
 msgstr "选择系统用户"
 
-#: perms/templates/perms/asset_permission_list.html:38
+#: perms/templates/perms/asset_permission_create_update.html:59
+#: perms/templates/perms/remote_app_permission_create_update.html:59
+msgid "Validity period"
+msgstr "有效期"
+
+#: perms/templates/perms/asset_permission_detail.html:61
+#: perms/templates/perms/remote_app_permission_detail.html:61
+#: xpack/plugins/license/templates/license/license_detail.html:67
+msgid "User count"
+msgstr "用户数量"
+
+#: perms/templates/perms/asset_permission_detail.html:65
+#: perms/templates/perms/remote_app_permission_detail.html:65
+msgid "User group count"
+msgstr "用户组数量"
+
+#: perms/templates/perms/asset_permission_detail.html:69
+#: xpack/plugins/license/templates/license/license_detail.html:63
+msgid "Asset count"
+msgstr "资产数量"
+
+#: perms/templates/perms/asset_permission_detail.html:73
+msgid "Node count"
+msgstr "节点数量"
+
+#: perms/templates/perms/asset_permission_detail.html:77
+msgid "System user count"
+msgstr "系统用户数量"
+
+#: perms/templates/perms/asset_permission_list.html:36
 #: perms/templates/perms/remote_app_permission_list.html:6
 msgid "Create permission"
 msgstr "创建授权规则"
 
-#: perms/templates/perms/asset_permission_list.html:42
+#: perms/templates/perms/asset_permission_list.html:40
 msgid "Refresh permission cache"
 msgstr "刷新授权缓存"
 
-#: perms/templates/perms/asset_permission_list.html:55
-#: perms/templates/perms/asset_permission_list.html:209
+#: perms/templates/perms/asset_permission_list.html:53
+#: perms/templates/perms/asset_permission_list.html:204
 #: perms/templates/perms/remote_app_permission_list.html:19
+#: users/templates/users/user_asset_permission.html:60
+#: users/templates/users/user_asset_permission.html:175
 #: users/templates/users/user_list.html:40 xpack/plugins/cloud/models.py:74
 #: xpack/plugins/cloud/templates/cloud/account_detail.html:58
 #: xpack/plugins/cloud/templates/cloud/account_list.html:14
 msgid "Validity"
 msgstr "有效"
 
-#: perms/templates/perms/asset_permission_list.html:232
+#: perms/templates/perms/asset_permission_list.html:211
+#: users/templates/users/user_asset_permission.html:180
+msgid "Inherit"
+msgstr "继承"
+
+#: perms/templates/perms/asset_permission_list.html:212
+#: users/templates/users/user_asset_permission.html:181
+msgid "Include"
+msgstr "包含"
+
+#: perms/templates/perms/asset_permission_list.html:213
+#: users/templates/users/user_asset_permission.html:182
+msgid "Exclude"
+msgstr "不包含"
+
+#: perms/templates/perms/asset_permission_list.html:231
 msgid "Refresh success"
 msgstr "刷新成功"
 
-#: perms/templates/perms/asset_permission_user.html:35
-#: perms/templates/perms/remote_app_permission_user.html:34
+#: perms/templates/perms/asset_permission_user.html:31
+#: perms/templates/perms/remote_app_permission_user.html:30
 msgid "User list of "
 msgstr "用户列表"
 
-#: perms/templates/perms/asset_permission_user.html:80
+#: perms/templates/perms/asset_permission_user.html:66
 msgid "Add user to asset permission"
 msgstr "添加用户"
 
-#: perms/templates/perms/asset_permission_user.html:108
+#: perms/templates/perms/asset_permission_user.html:91
 msgid "Add user group to asset permission"
 msgstr "添加用户组"
 
-#: perms/templates/perms/asset_permission_user.html:116
-#: perms/templates/perms/remote_app_permission_user.html:115
+#: perms/templates/perms/asset_permission_user.html:99
+#: perms/templates/perms/remote_app_permission_user.html:111
 msgid "Select user groups"
 msgstr "选择用户组"
 
-#: perms/templates/perms/remote_app_permission_detail.html:74
+#: perms/templates/perms/remote_app_permission_detail.html:69
 msgid "RemoteApp count"
 msgstr "远程应用数量"
 
-#: perms/templates/perms/remote_app_permission_remote_app.html:34
+#: perms/templates/perms/remote_app_permission_remote_app.html:30
 msgid "RemoteApp list of "
 msgstr "远程应用列表"
 
-#: perms/templates/perms/remote_app_permission_remote_app.html:79
+#: perms/templates/perms/remote_app_permission_remote_app.html:75
 msgid "Add RemoteApp to this permission"
 msgstr "添加远程应用"
 
-#: perms/templates/perms/remote_app_permission_remote_app.html:87
+#: perms/templates/perms/remote_app_permission_remote_app.html:83
 msgid "Select RemoteApp"
 msgstr "选择远程应用"
 
-#: perms/templates/perms/remote_app_permission_user.html:79
+#: perms/templates/perms/remote_app_permission_user.html:75
 msgid "Add user to this permission"
 msgstr "添加用户"
 
-#: perms/templates/perms/remote_app_permission_user.html:107
+#: perms/templates/perms/remote_app_permission_user.html:103
 msgid "Add user group to this permission"
 msgstr "添加用户组"
 
 #: perms/views/asset_permission.py:33 perms/views/asset_permission.py:65
 #: perms/views/asset_permission.py:82 perms/views/asset_permission.py:99
-#: perms/views/asset_permission.py:139 perms/views/asset_permission.py:170
+#: perms/views/asset_permission.py:136 perms/views/asset_permission.py:166
 #: perms/views/remote_app_permission.py:33
 #: perms/views/remote_app_permission.py:49
 #: perms/views/remote_app_permission.py:66
@@ -3422,11 +3454,11 @@ msgstr "更新资产授权"
 msgid "Asset permission detail"
 msgstr "资产授权详情"
 
-#: perms/views/asset_permission.py:140
+#: perms/views/asset_permission.py:137
 msgid "Asset permission user list"
 msgstr "资产授权用户列表"
 
-#: perms/views/asset_permission.py:171
+#: perms/views/asset_permission.py:168
 msgid "Asset permission asset list"
 msgstr "资产授权资产列表"
 
@@ -3478,123 +3510,142 @@ msgstr "获取 LDAP 用户为 None"
 msgid "Imported {} users successfully"
 msgstr "导入 {} 个用户成功"
 
-#: settings/api.py:264 settings/api.py:300
-msgid ""
-"Error: Account invalid (Please make sure the information such as Access key "
-"or Secret key is correct)"
-msgstr "错误：账户无效 （请确保 Access key 或 Secret key 等信息正确）"
-
-#: settings/api.py:270 settings/api.py:306
-msgid "Create succeed"
-msgstr "创建成功"
-
-#: settings/api.py:288 settings/api.py:326
-#: settings/templates/settings/terminal_setting.html:154
-msgid "Delete succeed"
-msgstr "删除成功"
-
-#: settings/forms.py:60
+#: settings/forms/basic.py:13
 msgid "Current SITE URL"
 msgstr "当前站点URL"
 
-#: settings/forms.py:64
+#: settings/forms/basic.py:17
 msgid "User Guide URL"
 msgstr "用户向导URL"
 
-#: settings/forms.py:65
+#: settings/forms/basic.py:18
 msgid "User first login update profile done redirect to it"
 msgstr "用户第一次登录，修改profile后重定向到地址"
 
-#: settings/forms.py:68
+#: settings/forms/basic.py:21
 msgid "Email Subject Prefix"
 msgstr "Email主题前缀"
 
-#: settings/forms.py:69
+#: settings/forms/basic.py:22
 msgid "Tips: Some word will be intercept by mail provider"
 msgstr "提示: 一些关键字可能会被邮件提供商拦截，如 跳板机、Jumpserver"
 
-#: settings/forms.py:75
+#: settings/forms/email.py:15
 msgid "SMTP host"
 msgstr "SMTP主机"
 
-#: settings/forms.py:77
+#: settings/forms/email.py:17
 msgid "SMTP port"
 msgstr "SMTP端口"
 
-#: settings/forms.py:79
+#: settings/forms/email.py:19
 msgid "SMTP user"
 msgstr "SMTP账号"
 
-#: settings/forms.py:82
+#: settings/forms/email.py:22
 msgid "SMTP password"
 msgstr "SMTP密码"
 
-#: settings/forms.py:84
+#: settings/forms/email.py:24
 msgid "Tips: Some provider use token except password"
 msgstr "提示：一些邮件提供商需要输入的是Token"
 
-#: settings/forms.py:87
+#: settings/forms/email.py:27
 msgid "Send user"
 msgstr "发送账号"
 
-#: settings/forms.py:89
+#: settings/forms/email.py:29
 msgid "Tips: Send mail account, default SMTP account as the send account"
 msgstr "提示：发送邮件账号，默认使用SMTP账号作为发送账号"
 
-#: settings/forms.py:93
+#: settings/forms/email.py:33
 msgid "Test recipient"
 msgstr "测试收件人"
 
-#: settings/forms.py:94
+#: settings/forms/email.py:34
 msgid "Tips: Used only as a test mail recipient"
 msgstr "提示：仅用来作为测试邮件收件人"
 
-#: settings/forms.py:97
+#: settings/forms/email.py:37
 msgid "Use SSL"
 msgstr "使用SSL"
 
-#: settings/forms.py:98
+#: settings/forms/email.py:38
 msgid "If SMTP port is 465, may be select"
 msgstr "如果SMTP端口是465，通常需要启用SSL"
 
-#: settings/forms.py:101
+#: settings/forms/email.py:41
 msgid "Use TLS"
 msgstr "使用TLS"
 
-#: settings/forms.py:102
+#: settings/forms/email.py:42
 msgid "If SMTP port is 587, may be select"
 msgstr "如果SMTP端口是587，通常需要启用TLS"
 
-#: settings/forms.py:108
+#: settings/forms/email.py:48
+msgid "Create user email subject"
+msgstr "创建用户邮件的主题"
+
+#: settings/forms/email.py:49
+msgid ""
+"Tips: When creating a user, send the subject of the email (eg:Create account "
+"successfully)"
+msgstr "提示: 创建用户时，发送设置密码邮件的主题 (例如: 创建用户成功)"
+
+#: settings/forms/email.py:53
+msgid "Create user honorific"
+msgstr "创建用户邮件的敬语"
+
+#: settings/forms/email.py:54
+msgid "Tips: When creating a user, send the honorific of the email (eg:Hello)"
+msgstr "提示: 创建用户时，发送设置密码邮件的敬语 (例如: 您好)"
+
+#: settings/forms/email.py:59
+msgid "Create user email content"
+msgstr "创建用户邮件的内容"
+
+#: settings/forms/email.py:60
+msgid "Tips:When creating a user, send the content of the email"
+msgstr "提示: 创建用户时，发送设置密码邮件的内容"
+
+#: settings/forms/email.py:63
+msgid "Signature"
+msgstr "署名"
+
+#: settings/forms/email.py:64
+msgid "Tips: Email signature (eg:jumpserver)"
+msgstr "提示: 邮件的署名 (例如: jumpserver)"
+
+#: settings/forms/ldap.py:16
 msgid "LDAP server"
 msgstr "LDAP地址"
 
-#: settings/forms.py:111
+#: settings/forms/ldap.py:19
 msgid "Bind DN"
 msgstr "绑定DN"
 
-#: settings/forms.py:118
+#: settings/forms/ldap.py:26
 msgid "User OU"
 msgstr "用户OU"
 
-#: settings/forms.py:119
+#: settings/forms/ldap.py:27
 msgid "Use | split User OUs"
 msgstr "使用|分隔各OU"
 
-#: settings/forms.py:123
+#: settings/forms/ldap.py:31
 msgid "User search filter"
 msgstr "用户过滤器"
 
-#: settings/forms.py:124
+#: settings/forms/ldap.py:32
 #, python-format
 msgid "Choice may be (cn|uid|sAMAccountName)=%(user)s)"
 msgstr "可能的选项是(cn或uid或sAMAccountName=%(user)s)"
 
-#: settings/forms.py:127
+#: settings/forms/ldap.py:35
 msgid "User attr map"
 msgstr "LDAP属性映射"
 
-#: settings/forms.py:129
+#: settings/forms/ldap.py:37
 msgid ""
 "User attr map present how to map LDAP user attr to jumpserver, username,name,"
 "email is jumpserver attr"
@@ -3602,111 +3653,66 @@ msgstr ""
 "用户属性映射代表怎样将LDAP中用户属性映射到jumpserver用户上，username, name,"
 "email 是jumpserver的属性"
 
-#: settings/forms.py:138
+#: settings/forms/ldap.py:46
 msgid "Enable LDAP auth"
 msgstr "启用LDAP认证"
 
-#: settings/forms.py:148
-msgid "Auto"
-msgstr "自动"
-
-#: settings/forms.py:155
-msgid "Password auth"
-msgstr "密码认证"
-
-#: settings/forms.py:158
-msgid "Public key auth"
-msgstr "密钥认证"
-
-#: settings/forms.py:161
-msgid "Heartbeat interval"
-msgstr "心跳间隔"
-
-#: settings/forms.py:165
-msgid "List sort by"
-msgstr "资产列表排序"
-
-#: settings/forms.py:168
-msgid "List page size"
-msgstr "资产分页每页数量"
-
-#: settings/forms.py:171
-msgid "Session keep duration"
-msgstr "会话保留时长"
-
-#: settings/forms.py:172
-msgid ""
-"Units: days, Session, record, command will be delete if more than duration, "
-"only in database"
-msgstr ""
-"单位：天。 会话、录像、命令记录超过该时长将会被删除(仅影响数据库存储, oss等不"
-"受影响)"
-
-#: settings/forms.py:176
-msgid "Telnet login regex"
-msgstr "Telnet 成功正则表达式"
-
-#: settings/forms.py:177
-msgid "ex: Last\\s*login|success|成功"
-msgstr ""
-"登录telnet服务器成功后的提示正则表达式，如: Last\\s*login|success|成功 "
-
-#: settings/forms.py:188
+#: settings/forms/security.py:16
 msgid "MFA Secondary certification"
 msgstr "MFA 二次认证"
 
-#: settings/forms.py:190
+#: settings/forms/security.py:18
 msgid ""
 "After opening, the user login must use MFA secondary authentication (valid "
 "for all users, including administrators)"
 msgstr "开启后，用户登录必须使用MFA二次认证（对所有用户有效，包括管理员）"
 
-#: settings/forms.py:196
+#: settings/forms/security.py:24
 msgid "Batch execute commands"
 msgstr "批量命令"
 
-#: settings/forms.py:197
+#: settings/forms/security.py:25
 msgid "Allow user batch execute commands"
 msgstr "允许用户批量执行命令"
 
-#: settings/forms.py:200
+#: settings/forms/security.py:28
 msgid "Service account registration"
 msgstr "终端注册"
 
-#: settings/forms.py:201
+#: settings/forms/security.py:29
 msgid ""
 "Allow using bootstrap token register service account, when terminal setup, "
 "can disable it"
 msgstr "允许使用bootstrap token注册终端, 当终端注册成功后可以禁止"
 
-#: settings/forms.py:207
+#: settings/forms/security.py:35
 msgid "Limit the number of login failures"
 msgstr "限制登录失败次数"
 
-#: settings/forms.py:211
+#: settings/forms/security.py:39
 msgid "No logon interval"
 msgstr "禁止登录时间间隔"
 
-#: settings/forms.py:213
+#: settings/forms/security.py:41
 msgid ""
 "Tip: (unit/minute) if the user has failed to log in for a limited number of "
 "times, no login is allowed during this time interval."
 msgstr ""
 "提示：（单位：分）当用户登录失败次数达到限制后，那么在此时间间隔内禁止登录"
 
-#: settings/forms.py:220
+#: settings/forms/security.py:48
 msgid "Connection max idle time"
 msgstr "连接最大空闲时间"
 
-#: settings/forms.py:222
+#: settings/forms/security.py:50
 msgid "If idle time more than it, disconnect connection Unit: minute"
 msgstr "提示：如果超过该配置没有操作，连接会被断开 （单位：分）"
 
-#: settings/forms.py:228
+#: settings/forms/security.py:56
 msgid "Password expiration time"
 msgstr "密码过期时间"
 
-#: settings/forms.py:230
+#: settings/forms/security.py:58
 msgid ""
 "Tip: (unit: day) If the user does not update the password during the time, "
 "the user password will expire failure;The password expiration reminder mail "
@@ -3716,85 +3722,96 @@ msgstr ""
 "提示：（单位：天）如果用户在此期间没有更新密码，用户密码将过期失效； 密码过期"
 "提醒邮件将在密码过期前5天内由系统（每天）自动发送给用户"
 
-#: settings/forms.py:239
+#: settings/forms/security.py:67
 msgid "Password minimum length"
 msgstr "密码最小长度 "
 
-#: settings/forms.py:243
+#: settings/forms/security.py:71
 msgid "Must contain capital letters"
 msgstr "必须包含大写字母"
 
-#: settings/forms.py:245
+#: settings/forms/security.py:73
 msgid ""
 "After opening, the user password changes and resets must contain uppercase "
 "letters"
 msgstr "开启后，用户密码修改、重置必须包含大写字母"
 
-#: settings/forms.py:250
+#: settings/forms/security.py:78
 msgid "Must contain lowercase letters"
 msgstr "必须包含小写字母"
 
-#: settings/forms.py:251
+#: settings/forms/security.py:79
 msgid ""
 "After opening, the user password changes and resets must contain lowercase "
 "letters"
 msgstr "开启后，用户密码修改、重置必须包含小写字母"
 
-#: settings/forms.py:256
+#: settings/forms/security.py:84
 msgid "Must contain numeric characters"
 msgstr "必须包含数字字符"
 
-#: settings/forms.py:257
+#: settings/forms/security.py:85
 msgid ""
 "After opening, the user password changes and resets must contain numeric "
 "characters"
 msgstr "开启后，用户密码修改、重置必须包含数字字符"
 
-#: settings/forms.py:262
+#: settings/forms/security.py:90
 msgid "Must contain special characters"
 msgstr "必须包含特殊字符"
 
-#: settings/forms.py:263
+#: settings/forms/security.py:91
 msgid ""
 "After opening, the user password changes and resets must contain special "
 "characters"
 msgstr "开启后，用户密码修改、重置必须包含特殊字符"
 
-#: settings/forms.py:270
-msgid "Create user email subject"
-msgstr "创建用户邮件的主题"
+#: settings/forms/terminal.py:20
+msgid "Auto"
+msgstr "自动"
 
-#: settings/forms.py:271
+#: settings/forms/terminal.py:27
+msgid "Password auth"
+msgstr "密码认证"
+
+#: settings/forms/terminal.py:30
+msgid "Public key auth"
+msgstr "密钥认证"
+
+#: settings/forms/terminal.py:33
+msgid "Heartbeat interval"
+msgstr "心跳间隔"
+
+#: settings/forms/terminal.py:37
+msgid "List sort by"
+msgstr "资产列表排序"
+
+#: settings/forms/terminal.py:40
+msgid "List page size"
+msgstr "资产分页每页数量"
+
+#: settings/forms/terminal.py:43
+msgid "Session keep duration"
+msgstr "会话保留时长"
+
+#: settings/forms/terminal.py:44
 msgid ""
-"Tips: When creating a user, send the subject of the email (eg:Create account "
-"successfully)"
-msgstr "提示: 创建用户时，发送设置密码邮件的主题 (例如: 创建用户成功)"
+"Units: days, Session, record, command will be delete if more than duration, "
+"only in database"
+msgstr ""
+"单位：天。 会话、录像、命令记录超过该时长将会被删除(仅影响数据库存储, oss等不"
+"受影响)"
 
-#: settings/forms.py:275
-msgid "Create user honorific"
-msgstr "创建用户邮件的敬语"
+#: settings/forms/terminal.py:48
+msgid "Telnet login regex"
+msgstr "Telnet 成功正则表达式"
 
-#: settings/forms.py:276
-msgid "Tips: When creating a user, send the honorific of the email (eg:Hello)"
-msgstr "提示: 创建用户时，发送设置密码邮件的敬语 (例如: 您好)"
+#: settings/forms/terminal.py:49
+msgid "ex: Last\\s*login|success|成功"
+msgstr ""
+"登录telnet服务器成功后的提示正则表达式，如: Last\\s*login|success|成功 "
 
-#: settings/forms.py:281
-msgid "Create user email content"
-msgstr "创建用户邮件的内容"
-
-#: settings/forms.py:282
-msgid "Tips:When creating a user, send the content of the email"
-msgstr "提示: 创建用户时，发送设置密码邮件的内容"
-
-#: settings/forms.py:285
-msgid "Signature"
-msgstr "署名"
-
-#: settings/forms.py:286
-msgid "Tips: Email signature (eg:jumpserver)"
-msgstr "提示: 邮件的署名 (例如: jumpserver)"
-
-#: settings/models.py:128 users/templates/users/reset_password.html:68
+#: settings/models.py:82 users/templates/users/reset_password.html:68
 #: users/templates/users/user_profile.html:20
 msgid "Setting"
 msgstr "设置"
@@ -3812,7 +3829,7 @@ msgid "Refresh cache"
 msgstr "刷新缓存"
 
 #: settings/templates/settings/_ldap_list_users_modal.html:33
-#: users/models/user.py:431 users/templates/users/user_detail.html:71
+#: users/models/user.py:431 users/templates/users/user_detail.html:72
 #: users/templates/users/user_profile.html:59
 msgid "Email"
 msgstr "邮件"
@@ -3831,8 +3848,8 @@ msgstr "当前无勾选用户，请勾选你想要导入的用户"
 #: settings/templates/settings/email_setting.html:15
 #: settings/templates/settings/ldap_setting.html:15
 #: settings/templates/settings/security_setting.html:15
-#: settings/templates/settings/terminal_setting.html:16
-#: settings/templates/settings/terminal_setting.html:49 settings/views.py:21
+#: settings/templates/settings/terminal_setting.html:21
+#: settings/templates/settings/terminal_setting.html:54 settings/views.py:20
 msgid "Basic setting"
 msgstr "基本设置"
 
@@ -3841,7 +3858,7 @@ msgstr "基本设置"
 #: settings/templates/settings/email_setting.html:18
 #: settings/templates/settings/ldap_setting.html:18
 #: settings/templates/settings/security_setting.html:18
-#: settings/templates/settings/terminal_setting.html:20 settings/views.py:48
+#: settings/templates/settings/terminal_setting.html:25 settings/views.py:47
 msgid "Email setting"
 msgstr "邮件设置"
 
@@ -3850,7 +3867,7 @@ msgstr "邮件设置"
 #: settings/templates/settings/email_setting.html:21
 #: settings/templates/settings/ldap_setting.html:21
 #: settings/templates/settings/security_setting.html:21
-#: settings/templates/settings/terminal_setting.html:23 settings/views.py:188
+#: settings/templates/settings/terminal_setting.html:28 settings/views.py:162
 msgid "Email content setting"
 msgstr "邮件内容设置"
 
@@ -3859,7 +3876,7 @@ msgstr "邮件内容设置"
 #: settings/templates/settings/email_setting.html:24
 #: settings/templates/settings/ldap_setting.html:24
 #: settings/templates/settings/security_setting.html:24
-#: settings/templates/settings/terminal_setting.html:27 settings/views.py:75
+#: settings/templates/settings/terminal_setting.html:32 settings/views.py:74
 msgid "LDAP setting"
 msgstr "LDAP设置"
 
@@ -3868,7 +3885,7 @@ msgstr "LDAP设置"
 #: settings/templates/settings/email_setting.html:27
 #: settings/templates/settings/ldap_setting.html:27
 #: settings/templates/settings/security_setting.html:27
-#: settings/templates/settings/terminal_setting.html:31 settings/views.py:106
+#: settings/templates/settings/terminal_setting.html:36 settings/views.py:106
 msgid "Terminal setting"
 msgstr "终端设置"
 
@@ -3878,22 +3895,10 @@ msgstr "终端设置"
 #: settings/templates/settings/ldap_setting.html:30
 #: settings/templates/settings/security_setting.html:30
 #: settings/templates/settings/security_setting.html:45
-#: settings/templates/settings/terminal_setting.html:34 settings/views.py:161
+#: settings/templates/settings/terminal_setting.html:39 settings/views.py:135
 msgid "Security setting"
 msgstr "安全设置"
 
-#: settings/templates/settings/command_storage_create.html:52
-msgid "Tips: If there are multiple hosts, separate them with a comma (,)"
-msgstr "提示: 如果有多台主机，请使用逗号 ( , ) 进行分割"
-
-#: settings/templates/settings/command_storage_create.html:63
-msgid "Index"
-msgstr "索引"
-
-#: settings/templates/settings/command_storage_create.html:70
-msgid "Doc type"
-msgstr "文档类型"
-
 #: settings/templates/settings/email_content_setting.html:45
 msgid "Create User setting"
 msgstr "创建用户设置"
@@ -3902,133 +3907,37 @@ msgstr "创建用户设置"
 msgid "Bulk import"
 msgstr "一键导入"
 
-#: settings/templates/settings/replay_storage_create.html:66
-msgid "Bucket"
-msgstr "桶名称"
-
-#: settings/templates/settings/replay_storage_create.html:73
-msgid "Access key"
-msgstr ""
-
-#: settings/templates/settings/replay_storage_create.html:80
-msgid "Secret key"
-msgstr ""
-
-#: settings/templates/settings/replay_storage_create.html:87
-msgid "Container name"
-msgstr "容器名称"
-
-#: settings/templates/settings/replay_storage_create.html:94
-msgid "Account name"
-msgstr "账户名称"
-
-#: settings/templates/settings/replay_storage_create.html:101
-msgid "Account key"
-msgstr "账户密钥"
-
-#: settings/templates/settings/replay_storage_create.html:108
-msgid "Endpoint"
-msgstr "端点"
-
-#: settings/templates/settings/replay_storage_create.html:114
-#, python-brace-format
-msgid "OSS: http://{REGION_NAME}.aliyuncs.com"
-msgstr "OSS: http://{REGION_NAME}.aliyuncs.com"
-
-#: settings/templates/settings/replay_storage_create.html:116
-msgid "Example: http://oss-cn-hangzhou.aliyuncs.com"
-msgstr "如: http://oss-cn-hangzhou.aliyuncs.com"
-
-#: settings/templates/settings/replay_storage_create.html:118
-#, python-brace-format
-msgid "S3: http://s3.{REGION_NAME}.amazonaws.com"
-msgstr "S3: http://s3.{REGION_NAME}.amazonaws.com"
-
-#: settings/templates/settings/replay_storage_create.html:119
-#, python-brace-format
-msgid "S3(China): http://s3.{REGION_NAME}.amazonaws.com.cn"
-msgstr "S3(中国): http://s3.{REGION_NAME}.amazonaws.com.cn"
-
-#: settings/templates/settings/replay_storage_create.html:120
-msgid "Example: http://s3.cn-north-1.amazonaws.com.cn"
-msgstr "如: http://s3.cn-north-1.amazonaws.com.cn"
-
-#: settings/templates/settings/replay_storage_create.html:126
-msgid "Endpoint suffix"
-msgstr "端点后缀"
-
-#: settings/templates/settings/replay_storage_create.html:136
-#: xpack/plugins/cloud/models.py:304
-#: xpack/plugins/cloud/templates/cloud/sync_instance_task_detail.html:109
-#: xpack/plugins/cloud/templates/cloud/sync_instance_task_instance.html:62
-msgid "Region"
-msgstr "地域"
-
-#: settings/templates/settings/replay_storage_create.html:141
-msgid "Beijing: cn-north-1"
-msgstr "北京: cn-north-1"
-
-#: settings/templates/settings/replay_storage_create.html:142
-msgid "Ningxia: cn-northwest-1"
-msgstr "宁夏: cn-northwest-1"
-
-#: settings/templates/settings/replay_storage_create.html:143
-msgid "More"
-msgstr "更多"
-
-#: settings/templates/settings/replay_storage_create.html:247
-msgid "Submitting"
-msgstr "提交中"
-
-#: settings/templates/settings/replay_storage_create.html:256
-msgid "Endpoint need contain protocol, ex: http"
-msgstr "端点需要包含协议，如 http"
-
 #: settings/templates/settings/security_setting.html:49
 msgid "Password check rule"
 msgstr "密码校验规则"
 
-#: settings/templates/settings/terminal_setting.html:79 terminal/forms.py:27
-#: terminal/models.py:27
-msgid "Command storage"
-msgstr "命令存储"
+#: settings/templates/settings/terminal_setting.html:7
+msgid "Command and Replay storage configuration migrated to"
+msgstr "命令和录像存储配置已迁移到"
 
-#: settings/templates/settings/terminal_setting.html:101 terminal/forms.py:32
-#: terminal/models.py:28
-msgid "Replay storage"
-msgstr "录像存储"
+#: settings/templates/settings/terminal_setting.html:8
+msgid "Sessions -> Terminal -> Storage configuration"
+msgstr "会话管理 -> 终端管理 -> 存储配置"
 
-#: settings/templates/settings/terminal_setting.html:157
-msgid "Delete failed"
-msgstr "删除失败"
-
-#: settings/templates/settings/terminal_setting.html:162
-msgid "Are you sure about deleting it?"
-msgstr "您确定删除吗?"
+#: settings/templates/settings/terminal_setting.html:9
+msgid "Here"
+msgstr "这里"
 
 #: settings/utils/ldap.py:128
 msgid "Search no entry matched in ou {}"
 msgstr "在ou:{}中没有匹配条目"
 
-#: settings/views.py:20 settings/views.py:47 settings/views.py:74
-#: settings/views.py:105 settings/views.py:133 settings/views.py:146
-#: settings/views.py:160 settings/views.py:187 templates/_nav.html:178
+#: settings/views.py:19 settings/views.py:46 settings/views.py:73
+#: settings/views.py:105 settings/views.py:134 settings/views.py:161
+#: templates/_nav.html:178
 msgid "Settings"
 msgstr "系统设置"
 
-#: settings/views.py:31 settings/views.py:58 settings/views.py:85
-#: settings/views.py:118 settings/views.py:171 settings/views.py:198
+#: settings/views.py:30 settings/views.py:57 settings/views.py:84
+#: settings/views.py:118 settings/views.py:145 settings/views.py:172
 msgid "Update setting successfully"
 msgstr "更新设置成功"
 
-#: settings/views.py:134
-msgid "Create replay storage"
-msgstr "创建录像存储"
-
-#: settings/views.py:147
-msgid "Create command storage"
-msgstr "创建命令存储"
-
 #: templates/_header_bar.html:12
 msgid "Help"
 msgstr "帮助"
@@ -4049,7 +3958,7 @@ msgstr "商业支持"
 #: users/templates/users/user_profile.html:17
 #: users/templates/users/user_profile_update.html:37
 #: users/templates/users/user_profile_update.html:61
-#: users/templates/users/user_pubkey_update.html:37 users/views/user.py:231
+#: users/templates/users/user_pubkey_update.html:37 users/views/profile.py:49
 msgid "Profile"
 msgstr "个人信息"
 
@@ -4156,13 +4065,14 @@ msgstr ""
 
 #: templates/_nav.html:17 users/views/group.py:28 users/views/group.py:45
 #: users/views/group.py:63 users/views/group.py:82 users/views/group.py:99
-#: users/views/login.py:154 users/views/user.py:61 users/views/user.py:78
-#: users/views/user.py:122 users/views/user.py:189 users/views/user.py:217
-#: users/views/user.py:270 users/views/user.py:305
+#: users/views/login.py:154 users/views/profile.py:88
+#: users/views/profile.py:123 users/views/user.py:48 users/views/user.py:65
+#: users/views/user.py:109 users/views/user.py:176 users/views/user.py:204
+#: users/views/user.py:218
 msgid "Users"
 msgstr "用户管理"
 
-#: templates/_nav.html:20 users/views/user.py:62
+#: templates/_nav.html:20 users/views/user.py:49
 msgid "User list"
 msgstr "用户列表"
 
@@ -4197,7 +4107,10 @@ msgstr "Web终端"
 msgid "File manager"
 msgstr "文件管理"
 
-#: templates/_nav.html:101
+#: templates/_nav.html:101 terminal/views/storage.py:27
+#: terminal/views/storage.py:42 terminal/views/storage.py:94
+#: terminal/views/storage.py:118 terminal/views/storage.py:147
+#: terminal/views/storage.py:173
 msgid "Terminal"
 msgstr "终端管理"
 
@@ -4408,22 +4321,122 @@ msgstr "月未登录主机"
 msgid "Filters"
 msgstr "过滤"
 
+#: terminal/api/storage.py:24
+msgid "Deleting the default storage is not allowed"
+msgstr "不允许删除默认存储配置"
+
+#: terminal/api/storage.py:54
+msgid "Test failure: {}"
+msgstr "测试失败: {}"
+
+#: terminal/api/storage.py:57
+msgid "Test successful"
+msgstr "测试成功"
+
+#: terminal/api/storage.py:59
+msgid "Test failure: Account invalid"
+msgstr "测试失败: 账户无效"
+
 #: terminal/backends/command/models.py:15
 msgid "Input"
 msgstr "输入"
 
 #: terminal/backends/command/models.py:17
 #: terminal/templates/terminal/command_list.html:32
-#: terminal/templates/terminal/terminal_list.html:33
+#: terminal/templates/terminal/terminal_list.html:34
 msgid "Session"
 msgstr "会话"
 
-#: terminal/forms.py:28
+#: terminal/forms/storage.py:40
+msgid "Container name"
+msgstr "容器名称"
+
+#: terminal/forms/storage.py:43
+msgid "Account name"
+msgstr "账户名称"
+
+#: terminal/forms/storage.py:46
+msgid "Account key"
+msgstr "账户密钥"
+
+#: terminal/forms/storage.py:54
+msgid "Endpoint suffix"
+msgstr "端点后缀"
+
+#: terminal/forms/storage.py:60 terminal/forms/storage.py:83
+msgid "Bucket"
+msgstr "桶名称"
+
+#: terminal/forms/storage.py:63 terminal/forms/storage.py:86
+msgid "Access key"
+msgstr ""
+
+#: terminal/forms/storage.py:67 terminal/forms/storage.py:90
+msgid "Secret key"
+msgstr ""
+
+#: terminal/forms/storage.py:71 terminal/forms/storage.py:94
+msgid "Endpoint"
+msgstr "端点"
+
+#: terminal/forms/storage.py:73
+#, python-brace-format
+msgid ""
+"\n"
+"            OSS: http://{REGION_NAME}.aliyuncs.com <br>\n"
+"            Example: http://oss-cn-hangzhou.aliyuncs.com\n"
+"            "
+msgstr ""
+
+#: terminal/forms/storage.py:96
+#, python-brace-format
+msgid ""
+"\n"
+"            S3: http://s3.{REGION_NAME}.amazonaws.com <br>\n"
+"            S3(China): http://s3.{REGION_NAME}.amazonaws.com.cn <br>\n"
+"            Example: http://s3.cn-north-1.amazonaws.com.cn\n"
+"            "
+msgstr ""
+
+#: terminal/forms/storage.py:109
+msgid ""
+"\n"
+"            Tips: If there are multiple hosts, separate them with a comma "
+"(,) \n"
+"            <br>\n"
+"            eg: http://www.jumpserver.a.com,http://www.jumpserver.b.com\n"
+"            "
+msgstr ""
+"\n"
+"            提示： 如果有多台主机，请使用逗号 ( , ) 进行分割\n"
+"            <br>\n"
+"            eg: http://www.jumpserver.a.com,http://www.jumpserver.b.com\n"
+"            "
+
+#: terminal/forms/storage.py:117
+msgid "Index"
+msgstr "索引"
+
+#: terminal/forms/storage.py:120
+msgid "Doc type"
+msgstr "文档类型"
+
+#: terminal/forms/terminal.py:25 terminal/models.py:30
+#: terminal/templates/terminal/base_storage_list.html:10
+msgid "Command storage"
+msgstr "命令存储"
+
+#: terminal/forms/terminal.py:26
 msgid "Command can store in server db or ES, default to server, more see docs"
 msgstr ""
 "命令支持存储到服务器端数据库、ES中，默认存储的服务器端数据库，更多查看文档"
 
-#: terminal/forms.py:33
+#: terminal/forms/terminal.py:30 terminal/models.py:31
+#: terminal/templates/terminal/base_storage_list.html:9
+msgid "Replay storage"
+msgstr "录像存储"
+
+#: terminal/forms/terminal.py:31
 msgid ""
 "Replay file can store in server disk, AWS S3, Aliyun OSS, default to server, "
 "more see docs"
@@ -4431,51 +4444,51 @@ msgstr ""
 "录像文件支持存储到服务器端硬盘、AWS S3、 阿里云 OSS 中，默认存储到服务器端硬"
 "盘, 更多查看文档"
 
-#: terminal/models.py:24
+#: terminal/models.py:27
 msgid "Remote Address"
 msgstr "远端地址"
 
-#: terminal/models.py:26
+#: terminal/models.py:29
 msgid "HTTP Port"
 msgstr "HTTP端口"
 
-#: terminal/models.py:126
+#: terminal/models.py:129
 msgid "Session Online"
 msgstr "在线会话"
 
-#: terminal/models.py:127
+#: terminal/models.py:130
 msgid "CPU Usage"
 msgstr "CPU使用"
 
-#: terminal/models.py:128
+#: terminal/models.py:131
 msgid "Memory Used"
 msgstr "内存使用"
 
-#: terminal/models.py:129
+#: terminal/models.py:132
 msgid "Connections"
 msgstr "连接数"
 
-#: terminal/models.py:130
+#: terminal/models.py:133
 msgid "Threads"
 msgstr "线程数"
 
-#: terminal/models.py:131
+#: terminal/models.py:134
 msgid "Boot Time"
 msgstr "运行时间"
 
-#: terminal/models.py:162 terminal/templates/terminal/session_list.html:137
+#: terminal/models.py:165 terminal/templates/terminal/session_list.html:135
 msgid "Replay"
 msgstr "回放"
 
-#: terminal/models.py:166
+#: terminal/models.py:169
 msgid "Date last active"
 msgstr "最后活跃日期"
 
-#: terminal/models.py:168
+#: terminal/models.py:171
 msgid "Date end"
 msgstr "结束日期"
 
-#: terminal/models.py:261
+#: terminal/models.py:264
 msgid "Args"
 msgstr "参数"
 
@@ -4487,6 +4500,16 @@ msgstr "导出命令"
 msgid "Goto"
 msgstr "转到"
 
+#: terminal/templates/terminal/command_storage_list.html:5
+#: terminal/views/storage.py:148
+msgid "Create command storage"
+msgstr "创建命令存储"
+
+#: terminal/templates/terminal/replay_storage_list.html:5
+#: terminal/views/storage.py:95
+msgid "Create replay storage"
+msgstr "创建录像存储"
+
 #: terminal/templates/terminal/session_detail.html:17
 #: terminal/views/session.py:79
 msgid "Session detail"
@@ -4513,31 +4536,31 @@ msgstr "监控"
 msgid "Terminate session"
 msgstr "终止会话"
 
-#: terminal/templates/terminal/session_list.html:32
+#: terminal/templates/terminal/session_list.html:30
 msgid "Login from"
 msgstr "登录来源"
 
-#: terminal/templates/terminal/session_list.html:35
+#: terminal/templates/terminal/session_list.html:33
 msgid "Duration"
 msgstr "时长"
 
-#: terminal/templates/terminal/session_list.html:47
+#: terminal/templates/terminal/session_list.html:45
 msgid "Terminate selected"
 msgstr "终断所选"
 
-#: terminal/templates/terminal/session_list.html:48
+#: terminal/templates/terminal/session_list.html:46
 msgid "Confirm finished"
 msgstr "确认已完成"
 
-#: terminal/templates/terminal/session_list.html:92
+#: terminal/templates/terminal/session_list.html:90
 msgid "Terminate task send, waiting ..."
 msgstr "终断任务已发送，请等待"
 
-#: terminal/templates/terminal/session_list.html:143
+#: terminal/templates/terminal/session_list.html:141
 msgid "Terminate"
 msgstr "终断"
 
-#: terminal/templates/terminal/session_list.html:174
+#: terminal/templates/terminal/session_list.html:172
 msgid "Finish session success"
 msgstr "标记会话完成成功"
 
@@ -4554,19 +4577,23 @@ msgstr "SSH端口"
 msgid "Http port"
 msgstr "HTTP端口"
 
-#: terminal/templates/terminal/terminal_list.html:30
+#: terminal/templates/terminal/terminal_list.html:21
+msgid "Storage configuration"
+msgstr "存储配置"
+
+#: terminal/templates/terminal/terminal_list.html:31
 msgid "Addr"
 msgstr "地址"
 
-#: terminal/templates/terminal/terminal_list.html:35
+#: terminal/templates/terminal/terminal_list.html:36
 msgid "Alive"
 msgstr "在线"
 
-#: terminal/templates/terminal/terminal_list.html:78
+#: terminal/templates/terminal/terminal_list.html:79
 msgid "Accept"
 msgstr "接受"
 
-#: terminal/templates/terminal/terminal_list.html:80
+#: terminal/templates/terminal/terminal_list.html:81
 #: tickets/models/ticket.py:31 tickets/templates/tickets/ticket_detail.html:101
 #: tickets/templates/tickets/ticket_list.html:107
 msgid "Reject"
@@ -4576,7 +4603,7 @@ msgstr "拒绝"
 msgid "Accept terminal registration"
 msgstr "接受终端注册"
 
-#: terminal/templates/terminal/terminal_update.html:33
+#: terminal/templates/terminal/terminal_update.html:31
 msgid "Info"
 msgstr "信息"
 
@@ -4584,6 +4611,22 @@ msgstr "信息"
 msgid "Session online list"
 msgstr "在线会话"
 
+#: terminal/views/storage.py:28
+msgid "Replay storage list"
+msgstr "录像存储列表"
+
+#: terminal/views/storage.py:43
+msgid "Command storage list"
+msgstr "命令存储列表"
+
+#: terminal/views/storage.py:119
+msgid "Update replay storage"
+msgstr "更新录像存储"
+
+#: terminal/views/storage.py:174
+msgid "Update command storage"
+msgstr "更新命令存储"
+
 #: terminal/views/terminal.py:33
 msgid "Terminal list"
 msgstr "终端列表"
@@ -4759,14 +4802,14 @@ msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
 
 #: users/forms.py:47 users/models/user.py:439
 #: users/templates/users/_select_user_modal.html:15
-#: users/templates/users/user_detail.html:87
+#: users/templates/users/user_detail.html:88
 #: users/templates/users/user_list.html:37
 #: users/templates/users/user_profile.html:55
 msgid "Role"
 msgstr "角色"
 
 #: users/forms.py:51 users/models/user.py:474
-#: users/templates/users/user_detail.html:103
+#: users/templates/users/user_detail.html:104
 #: users/templates/users/user_list.html:39
 #: users/templates/users/user_profile.html:102
 msgid "Source"
@@ -4785,7 +4828,7 @@ msgstr ""
 msgid "Paste user id_rsa.pub here."
 msgstr "复制用户公钥到这里"
 
-#: users/forms.py:71 users/templates/users/user_detail.html:227
+#: users/forms.py:71 users/templates/users/user_detail.html:228
 msgid "Join user groups"
 msgstr "添加到用户组"
 
@@ -4797,7 +4840,7 @@ msgstr "不能和原来的密钥相同"
 msgid "Not a valid ssh public key"
 msgstr "ssh密钥不合法"
 
-#: users/forms.py:123 users/views/login.py:114 users/views/user.py:287
+#: users/forms.py:123 users/views/login.py:114 users/views/profile.py:105
 msgid "* Your password does not meet the requirements"
 msgstr "* 您的密码不符合要求"
 
@@ -4916,7 +4959,7 @@ msgstr "数据库"
 msgid "Avatar"
 msgstr "头像"
 
-#: users/models/user.py:445 users/templates/users/user_detail.html:82
+#: users/models/user.py:445 users/templates/users/user_detail.html:83
 msgid "Wechat"
 msgstr "微信"
 
@@ -5018,7 +5061,7 @@ msgid "Import users"
 msgstr "导入用户"
 
 #: users/templates/users/_user_update_modal.html:4
-#: users/templates/users/user_update.html:4 users/views/user.py:123
+#: users/templates/users/user_update.html:4 users/views/user.py:110
 msgid "Update user"
 msgstr "更新用户"
 
@@ -5096,7 +5139,7 @@ msgid "Always young, always with tears in my eyes. Stay foolish Stay hungry"
 msgstr "永远年轻，永远热泪盈眶 stay foolish stay hungry"
 
 #: users/templates/users/reset_password.html:46
-#: users/templates/users/user_detail.html:433 users/utils.py:83
+#: users/templates/users/user_detail.html:434 users/utils.py:83
 msgid "Reset password"
 msgstr "重置密码"
 
@@ -5160,117 +5203,119 @@ msgstr "强"
 msgid "Very strong"
 msgstr "很强"
 
-#: users/templates/users/user_create.html:4
-#: users/templates/users/user_list.html:28 users/views/user.py:79
-msgid "Create user"
-msgstr "创建用户"
-
-#: users/templates/users/user_detail.html:19
-#: users/templates/users/user_granted_asset.html:18 users/views/user.py:190
+#: users/templates/users/user_asset_permission.html:17
+#: users/templates/users/user_detail.html:17
+#: users/templates/users/user_granted_asset.html:18 users/views/user.py:177
 msgid "User detail"
 msgstr "用户详情"
 
-#: users/templates/users/user_detail.html:22
+#: users/templates/users/user_asset_permission.html:20
+#: users/templates/users/user_detail.html:20
 #: users/templates/users/user_granted_asset.html:21
-#: users/templates/users/user_group_detail.html:25
+#: users/templates/users/user_group_detail.html:20
 #: users/templates/users/user_group_granted_asset.html:21
 msgid "Asset granted"
 msgstr "授权的资产"
 
-#: users/templates/users/user_detail.html:94
+#: users/templates/users/user_create.html:4
+#: users/templates/users/user_list.html:28 users/views/user.py:66
+msgid "Create user"
+msgstr "创建用户"
+
+#: users/templates/users/user_detail.html:95
 msgid "Force enabled"
 msgstr "强制启用"
 
-#: users/templates/users/user_detail.html:119
+#: users/templates/users/user_detail.html:120
 #: users/templates/users/user_profile.html:110
 msgid "Last login"
 msgstr "最后登录"
 
-#: users/templates/users/user_detail.html:124
+#: users/templates/users/user_detail.html:125
 #: users/templates/users/user_profile.html:115
 msgid "Last password updated"
 msgstr "最后更新密码"
 
-#: users/templates/users/user_detail.html:160
+#: users/templates/users/user_detail.html:161
 msgid "Force enabled MFA"
 msgstr "强制启用MFA"
 
-#: users/templates/users/user_detail.html:177
+#: users/templates/users/user_detail.html:178
 msgid "Reset MFA"
 msgstr "重置MFA"
 
-#: users/templates/users/user_detail.html:186
+#: users/templates/users/user_detail.html:187
 msgid "Send reset password mail"
 msgstr "发送重置密码邮件"
 
-#: users/templates/users/user_detail.html:189
-#: users/templates/users/user_detail.html:199
+#: users/templates/users/user_detail.html:190
+#: users/templates/users/user_detail.html:200
 msgid "Send"
 msgstr "发送"
 
-#: users/templates/users/user_detail.html:196
+#: users/templates/users/user_detail.html:197
 msgid "Send reset ssh key mail"
 msgstr "发送重置密钥邮件"
 
-#: users/templates/users/user_detail.html:205
-#: users/templates/users/user_detail.html:521
+#: users/templates/users/user_detail.html:206
+#: users/templates/users/user_detail.html:522
 msgid "Unblock user"
 msgstr "解除登录限制"
 
-#: users/templates/users/user_detail.html:208
+#: users/templates/users/user_detail.html:209
 msgid "Unblock"
 msgstr "解除"
 
-#: users/templates/users/user_detail.html:376
+#: users/templates/users/user_detail.html:377
 msgid "Goto profile page enable MFA"
 msgstr "请去个人信息页面启用自己的MFA"
 
-#: users/templates/users/user_detail.html:432
+#: users/templates/users/user_detail.html:433
 msgid "An e-mail has been sent to the user`s mailbox."
 msgstr "已发送邮件到用户邮箱"
 
-#: users/templates/users/user_detail.html:443
+#: users/templates/users/user_detail.html:444
 msgid "This will reset the user password and send a reset mail"
 msgstr "将失效用户当前密码，并发送重设密码邮件到用户邮箱"
 
-#: users/templates/users/user_detail.html:458
+#: users/templates/users/user_detail.html:459
 msgid ""
 "The reset-ssh-public-key E-mail has been sent successfully. Please inform "
 "the user to update his new ssh public key."
 msgstr "重设密钥邮件将会发送到用户邮箱"
 
-#: users/templates/users/user_detail.html:459
+#: users/templates/users/user_detail.html:460
 msgid "Reset SSH public key"
 msgstr "重置SSH密钥"
 
-#: users/templates/users/user_detail.html:469
+#: users/templates/users/user_detail.html:470
 msgid "This will reset the user public key and send a reset mail"
 msgstr "将会失效用户当前密钥，并发送重置邮件到用户邮箱"
 
-#: users/templates/users/user_detail.html:487
+#: users/templates/users/user_detail.html:488
 msgid "Successfully updated the SSH public key."
 msgstr "更新ssh密钥成功"
 
-#: users/templates/users/user_detail.html:488
-#: users/templates/users/user_detail.html:492
+#: users/templates/users/user_detail.html:489
+#: users/templates/users/user_detail.html:493
 msgid "User SSH public key update"
 msgstr "ssh密钥"
 
-#: users/templates/users/user_detail.html:537
+#: users/templates/users/user_detail.html:538
 msgid "After unlocking the user, the user can log in normally."
 msgstr "解除用户登录限制后，此用户即可正常登录"
 
-#: users/templates/users/user_detail.html:551
+#: users/templates/users/user_detail.html:552
 msgid "Reset user MFA success"
 msgstr "重置用户MFA成功"
 
-#: users/templates/users/user_group_detail.html:22
+#: users/templates/users/user_group_detail.html:17
 #: users/templates/users/user_group_granted_asset.html:18
 #: users/views/group.py:83
 msgid "User group detail"
 msgstr "用户组详情"
 
-#: users/templates/users/user_group_detail.html:86
+#: users/templates/users/user_group_detail.html:81
 #: xpack/plugins/orgs/templates/orgs/org_detail.html:121
 msgid "Add user"
 msgstr "添加用户"
@@ -5655,50 +5700,50 @@ msgstr "密码不一致"
 msgid "First login"
 msgstr "首次登录"
 
-#: users/views/user.py:141
-msgid "Bulk update user success"
-msgstr "批量更新用户成功"
-
-#: users/views/user.py:169
-msgid "Bulk update user"
-msgstr "批量更新用户"
-
-#: users/views/user.py:218
-msgid "User granted assets"
-msgstr "用户授权资产"
-
-#: users/views/user.py:251
+#: users/views/profile.py:69
 msgid "Profile setting"
 msgstr "个人信息设置"
 
-#: users/views/user.py:271
+#: users/views/profile.py:89
 msgid "Password update"
 msgstr "密码更新"
 
-#: users/views/user.py:306
+#: users/views/profile.py:124
 msgid "Public key update"
 msgstr "密钥更新"
 
-#: users/views/user.py:348
+#: users/views/profile.py:166
 msgid "Password invalid"
 msgstr "用户名或密码无效"
 
-#: users/views/user.py:453
+#: users/views/profile.py:266
 msgid "MFA enable success"
 msgstr "MFA 绑定成功"
 
-#: users/views/user.py:454
+#: users/views/profile.py:267
 msgid "MFA enable success, return login page"
 msgstr "MFA 绑定成功，返回到登录页面"
 
-#: users/views/user.py:456
+#: users/views/profile.py:269
 msgid "MFA disable success"
 msgstr "MFA 解绑成功"
 
-#: users/views/user.py:457
+#: users/views/profile.py:270
 msgid "MFA disable success, return login page"
 msgstr "MFA 解绑成功，返回登录页面"
 
+#: users/views/user.py:128
+msgid "Bulk update user success"
+msgstr "批量更新用户成功"
+
+#: users/views/user.py:156
+msgid "Bulk update user"
+msgstr "批量更新用户"
+
+#: users/views/user.py:205
+msgid "User granted assets"
+msgstr "用户授权资产"
+
 #: xpack/plugins/change_auth_plan/forms.py:20
 msgid "Password length"
 msgstr "密码长度"
@@ -6039,6 +6084,12 @@ msgstr "同步实例任务历史"
 msgid "Instance"
 msgstr "实例"
 
+#: xpack/plugins/cloud/models.py:304
+#: xpack/plugins/cloud/templates/cloud/sync_instance_task_detail.html:109
+#: xpack/plugins/cloud/templates/cloud/sync_instance_task_instance.html:62
+msgid "Region"
+msgstr "地域"
+
 #: xpack/plugins/cloud/providers/aliyun.py:14
 msgid "Aliyun"
 msgstr "阿里云"
@@ -6277,8 +6328,8 @@ msgid "It is already in the default setting state!"
 msgstr "当前已经是初始化状态！"
 
 #: xpack/plugins/license/meta.py:11 xpack/plugins/license/models.py:94
-#: xpack/plugins/license/templates/license/license_detail.html:50
-#: xpack/plugins/license/templates/license/license_detail.html:55
+#: xpack/plugins/license/templates/license/license_detail.html:41
+#: xpack/plugins/license/templates/license/license_detail.html:46
 #: xpack/plugins/license/views.py:32
 msgid "License"
 msgstr "许可证"
@@ -6292,7 +6343,7 @@ msgid "Enterprise edition"
 msgstr "企业版"
 
 #: xpack/plugins/license/templates/license/_license_import_modal.html:4
-#: xpack/plugins/license/templates/license/license_detail.html:108
+#: xpack/plugins/license/templates/license/license_detail.html:99
 msgid "Import license"
 msgstr "导入许可证"
 
@@ -6300,64 +6351,64 @@ msgstr "导入许可证"
 msgid "License file"
 msgstr "许可证文件"
 
-#: xpack/plugins/license/templates/license/license_detail.html:12
+#: xpack/plugins/license/templates/license/license_detail.html:11
 msgid "Please Import License"
 msgstr "请导入许可证"
 
-#: xpack/plugins/license/templates/license/license_detail.html:17
-#: xpack/plugins/license/templates/license/license_detail.html:56
+#: xpack/plugins/license/templates/license/license_detail.html:13
+#: xpack/plugins/license/templates/license/license_detail.html:47
 msgid "License has expired"
 msgstr "许可证已经过期"
 
-#: xpack/plugins/license/templates/license/license_detail.html:22
+#: xpack/plugins/license/templates/license/license_detail.html:15
 msgid "The license will at "
 msgstr "许可证将在 "
 
-#: xpack/plugins/license/templates/license/license_detail.html:22
+#: xpack/plugins/license/templates/license/license_detail.html:15
 msgid " expired."
 msgstr " 过期。"
 
-#: xpack/plugins/license/templates/license/license_detail.html:37
+#: xpack/plugins/license/templates/license/license_detail.html:28
 #: xpack/plugins/license/views.py:33
 msgid "License detail"
 msgstr "许可证详情"
 
-#: xpack/plugins/license/templates/license/license_detail.html:51
+#: xpack/plugins/license/templates/license/license_detail.html:42
 msgid "No license"
 msgstr "暂无许可证"
 
-#: xpack/plugins/license/templates/license/license_detail.html:60
+#: xpack/plugins/license/templates/license/license_detail.html:51
 msgid "Subscription ID"
 msgstr "订阅授权ID"
 
-#: xpack/plugins/license/templates/license/license_detail.html:64
+#: xpack/plugins/license/templates/license/license_detail.html:55
 msgid "Corporation"
 msgstr "公司"
 
-#: xpack/plugins/license/templates/license/license_detail.html:68
+#: xpack/plugins/license/templates/license/license_detail.html:59
 msgid "Expired"
 msgstr "过期时间"
 
-#: xpack/plugins/license/templates/license/license_detail.html:73
-#: xpack/plugins/license/templates/license/license_detail.html:77
-#: xpack/plugins/license/templates/license/license_detail.html:81
-#: xpack/plugins/license/templates/license/license_detail.html:85
+#: xpack/plugins/license/templates/license/license_detail.html:64
+#: xpack/plugins/license/templates/license/license_detail.html:68
+#: xpack/plugins/license/templates/license/license_detail.html:72
+#: xpack/plugins/license/templates/license/license_detail.html:76
 msgid "Unlimited"
 msgstr "无限制"
 
-#: xpack/plugins/license/templates/license/license_detail.html:84
+#: xpack/plugins/license/templates/license/license_detail.html:75
 msgid "Concurrent connections"
 msgstr "并发连接"
 
-#: xpack/plugins/license/templates/license/license_detail.html:89
+#: xpack/plugins/license/templates/license/license_detail.html:80
 msgid "Edition"
 msgstr "版本"
 
-#: xpack/plugins/license/templates/license/license_detail.html:115
+#: xpack/plugins/license/templates/license/license_detail.html:106
 msgid "Technology consulting"
 msgstr "技术咨询"
 
-#: xpack/plugins/license/templates/license/license_detail.html:118
+#: xpack/plugins/license/templates/license/license_detail.html:109
 msgid "Consult"
 msgstr "咨询"
 
@@ -6427,6 +6478,56 @@ msgstr "密码匣子"
 msgid "vault create"
 msgstr "创建"
 
+#~ msgid ""
+#~ "Error: Account invalid (Please make sure the information such as Access "
+#~ "key or Secret key is correct)"
+#~ msgstr "错误：账户无效 （请确保 Access key 或 Secret key 等信息正确）"
+
+#~ msgid "Create succeed"
+#~ msgstr "创建成功"
+
+#~ msgid "Delete succeed"
+#~ msgstr "删除成功"
+
+#~ msgid "Tips: If there are multiple hosts, separate them with a comma (,)"
+#~ msgstr "提示: 如果有多台主机，请使用逗号 ( , ) 进行分割"
+
+#~ msgid "OSS: http://{REGION_NAME}.aliyuncs.com"
+#~ msgstr "OSS: http://{REGION_NAME}.aliyuncs.com"
+
+#~ msgid "Example: http://oss-cn-hangzhou.aliyuncs.com"
+#~ msgstr "如: http://oss-cn-hangzhou.aliyuncs.com"
+
+#~ msgid "S3: http://s3.{REGION_NAME}.amazonaws.com"
+#~ msgstr "S3: http://s3.{REGION_NAME}.amazonaws.com"
+
+#~ msgid "S3(China): http://s3.{REGION_NAME}.amazonaws.com.cn"
+#~ msgstr "S3(中国): http://s3.{REGION_NAME}.amazonaws.com.cn"
+
+#~ msgid "Example: http://s3.cn-north-1.amazonaws.com.cn"
+#~ msgstr "如: http://s3.cn-north-1.amazonaws.com.cn"
+
+#~ msgid "Beijing: cn-north-1"
+#~ msgstr "北京: cn-north-1"
+
+#~ msgid "Ningxia: cn-northwest-1"
+#~ msgstr "宁夏: cn-northwest-1"
+
+#~ msgid "More"
+#~ msgstr "更多"
+
+#~ msgid "Submitting"
+#~ msgstr "提交中"
+
+#~ msgid "Endpoint need contain protocol, ex: http"
+#~ msgstr "端点需要包含协议，如 http"
+
+#~ msgid "Delete failed"
+#~ msgstr "删除失败"
+
+#~ msgid "Are you sure about deleting it?"
+#~ msgstr "您确定删除吗?"
+
 #~ msgid "The connection fails"
 #~ msgstr "连接失败"
 
@@ -6702,9 +6803,6 @@ msgstr "创建"
 #~ msgid "Valid"
 #~ msgstr "账户状态"
 
-#~ msgid "Error: Account invalid"
-#~ msgstr "错误: 账户无效"
-
 #~ msgid "Asset has been disabled, skip: {}"
 #~ msgstr "资产被禁用，跳过：{}"
 
diff --git a/apps/ops/api/celery.py b/apps/ops/api/celery.py
index 6be58770f..814835465 100644
--- a/apps/ops/api/celery.py
+++ b/apps/ops/api/celery.py
@@ -5,17 +5,20 @@ import os
 import re
 
 from django.utils.translation import ugettext as _
+from rest_framework import viewsets
 from celery.result import AsyncResult
 from rest_framework import generics
+from django_celery_beat.models import PeriodicTask
 
-from common.permissions import IsValidUser
+from common.permissions import IsValidUser, IsSuperUser
 from common.api import LogTailApi
 from ..models import CeleryTask
-from ..serializers import CeleryResultSerializer
+from ..serializers import CeleryResultSerializer, CeleryPeriodTaskSerializer
 from ..celery.utils import get_celery_task_log_path
+from common.mixins.api import CommonApiMixin
 
 
-__all__ = ['CeleryTaskLogApi', 'CeleryResultApi']
+__all__ = ['CeleryTaskLogApi', 'CeleryResultApi', 'CeleryPeriodTaskViewSet']
 
 
 class CeleryTaskLogApi(LogTailApi):
@@ -62,3 +65,14 @@ class CeleryResultApi(generics.RetrieveAPIView):
         pk = self.kwargs.get('pk')
         return AsyncResult(pk)
 
+
+class CeleryPeriodTaskViewSet(CommonApiMixin, viewsets.ModelViewSet):
+    queryset = PeriodicTask.objects.all()
+    serializer_class = CeleryPeriodTaskSerializer
+    permission_classes = (IsSuperUser,)
+    http_method_names = ('get', 'head', 'options', 'patch')
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.exclude(description='')
+        return queryset
diff --git a/apps/ops/celery/decorator.py b/apps/ops/celery/decorator.py
index c2052f832..c60c02b6a 100644
--- a/apps/ops/celery/decorator.py
+++ b/apps/ops/celery/decorator.py
@@ -9,51 +9,37 @@ _after_app_shutdown_clean_periodic_tasks = []
 
 def add_register_period_task(task):
     _need_registered_period_tasks.append(task)
-    # key = "__REGISTER_PERIODIC_TASKS"
-    # value = cache.get(key, [])
-    # value.append(name)
-    # cache.set(key, value)
 
 
 def get_register_period_tasks():
-    # key = "__REGISTER_PERIODIC_TASKS"
-    # return cache.get(key, [])
     return _need_registered_period_tasks
 
 
 def add_after_app_shutdown_clean_task(name):
-    # key = "__AFTER_APP_SHUTDOWN_CLEAN_TASKS"
-    # value = cache.get(key, [])
-    # value.append(name)
-    # cache.set(key, value)
     _after_app_shutdown_clean_periodic_tasks.append(name)
 
 
 def get_after_app_shutdown_clean_tasks():
-    # key = "__AFTER_APP_SHUTDOWN_CLEAN_TASKS"
-    # return cache.get(key, [])
     return _after_app_shutdown_clean_periodic_tasks
 
 
 def add_after_app_ready_task(name):
-    # key = "__AFTER_APP_READY_RUN_TASKS"
-    # value = cache.get(key, [])
-    # value.append(name)
-    # cache.set(key, value)
     _after_app_ready_start_tasks.append(name)
 
 
 def get_after_app_ready_tasks():
-    # key = "__AFTER_APP_READY_RUN_TASKS"
-    # return cache.get(key, [])
     return _after_app_ready_start_tasks
 
 
-def register_as_period_task(crontab=None, interval=None):
+def register_as_period_task(
+        crontab=None, interval=None, name=None,
+        description=''):
     """
     Warning: Task must be have not any args and kwargs
     :param crontab:  "* * * * *"
     :param interval:  60*60*60
+    :param description: "
+    :param name: ""
     :return:
     """
     if crontab is None and interval is None:
@@ -65,14 +51,16 @@ def register_as_period_task(crontab=None, interval=None):
 
         # Because when this decorator run, the task was not created,
         # So we can't use func.name
-        name = '{func.__module__}.{func.__name__}'.format(func=func)
+        task = '{func.__module__}.{func.__name__}'.format(func=func)
+        _name = name if name else task
         add_register_period_task({
-           name: {
-               'task': name,
+           _name: {
+               'task': task,
                'interval': interval,
                'crontab': crontab,
                'args': (),
                'enabled': True,
+               'description': description
            }
         })
 
diff --git a/apps/ops/celery/signal_handler.py b/apps/ops/celery/signal_handler.py
index 0f6312a24..5d5fc4227 100644
--- a/apps/ops/celery/signal_handler.py
+++ b/apps/ops/celery/signal_handler.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 #
 import logging
+from django.dispatch import receiver
 
 from django.core.cache import cache
 from celery import subtask
@@ -11,6 +12,7 @@ from kombu.utils.encoding import safe_str
 from django_celery_beat.models import PeriodicTask
 
 from common.utils import get_logger
+from common.signals import django_ready
 from .decorator import get_after_app_ready_tasks, get_after_app_shutdown_clean_tasks
 from .logger import CeleryTaskFileHandler
 
diff --git a/apps/ops/celery/utils.py b/apps/ops/celery/utils.py
index f9a80e794..2c46f225f 100644
--- a/apps/ops/celery/utils.py
+++ b/apps/ops/celery/utils.py
@@ -10,6 +10,10 @@ from django_celery_beat.models import (
     PeriodicTask, IntervalSchedule, CrontabSchedule, PeriodicTasks
 )
 
+from common.utils import get_logger
+
+logger = get_logger(__name__)
+
 
 def create_or_update_celery_periodic_tasks(tasks):
     """
@@ -21,6 +25,7 @@ def create_or_update_celery_periodic_tasks(tasks):
             'args': (16, 16),
             'kwargs': {},
             'enabled': False,
+            'description': ''
         },
     }
     :return:
@@ -35,34 +40,30 @@ def create_or_update_celery_periodic_tasks(tasks):
             return None
 
         if isinstance(detail.get("interval"), int):
-            intervals = IntervalSchedule.objects.filter(
-                every=detail["interval"], period=IntervalSchedule.SECONDS
+            kwargs = dict(
+                every=detail['interval'],
+                period=IntervalSchedule.SECONDS,
             )
-            if intervals:
-                interval = intervals[0]
-            else:
-                interval = IntervalSchedule.objects.create(
-                    every=detail['interval'],
-                    period=IntervalSchedule.SECONDS,
-                )
+            # 不能使用 get_or_create，因为可能会有多个
+            interval = IntervalSchedule.objects.filter(**kwargs).first()
+            if interval is None:
+                interval = IntervalSchedule.objects.create(**kwargs)
         elif isinstance(detail.get("crontab"), str):
             try:
                 minute, hour, day, month, week = detail["crontab"].split()
             except ValueError:
-                raise SyntaxError("crontab is not valid")
+                logger.error("crontab is not valid")
+                return
             kwargs = dict(
                 minute=minute, hour=hour, day_of_week=week,
                 day_of_month=day, month_of_year=month, timezone=get_current_timezone()
             )
-            contabs = CrontabSchedule.objects.filter(
-                **kwargs
-            )
-            if contabs:
-                crontab = contabs[0]
-            else:
+            crontab = CrontabSchedule.objects.filter(**kwargs).first()
+            if crontab is None:
                 crontab = CrontabSchedule.objects.create(**kwargs)
         else:
-            raise SyntaxError("Schedule is not valid")
+            logger.error("Schedule is not valid")
+            return
 
         defaults = dict(
             interval=interval,
@@ -71,8 +72,9 @@ def create_or_update_celery_periodic_tasks(tasks):
             task=detail['task'],
             args=json.dumps(detail.get('args', [])),
             kwargs=json.dumps(detail.get('kwargs', {})),
-            enabled=detail.get('enabled', True),
+            description=detail.get('description') or ''
         )
+        print(defaults)
 
         task = PeriodicTask.objects.update_or_create(
             defaults=defaults, name=name,
diff --git a/apps/ops/serializers/__init__.py b/apps/ops/serializers/__init__.py
new file mode 100644
index 000000000..166827b4b
--- /dev/null
+++ b/apps/ops/serializers/__init__.py
@@ -0,0 +1,5 @@
+# -*- coding: utf-8 -*-
+#
+
+from .celery import *
+from .adhoc import *
diff --git a/apps/ops/serializers.py b/apps/ops/serializers/adhoc.py
similarity index 88%
rename from apps/ops/serializers.py
rename to apps/ops/serializers/adhoc.py
index c3df9d1ef..a737af1c4 100644
--- a/apps/ops/serializers.py
+++ b/apps/ops/serializers/adhoc.py
@@ -3,17 +3,7 @@ from __future__ import unicode_literals
 from rest_framework import serializers
 from django.shortcuts import reverse
 
-from .models import Task, AdHoc, AdHocRunHistory, CommandExecution
-
-
-class CeleryResultSerializer(serializers.Serializer):
-    id = serializers.UUIDField()
-    result = serializers.JSONField()
-    state = serializers.CharField(max_length=16)
-
-
-class CeleryTaskSerializer(serializers.Serializer):
-    pass
+from ..models import Task, AdHoc, AdHocRunHistory, CommandExecution
 
 
 class TaskSerializer(serializers.ModelSerializer):
@@ -87,3 +77,4 @@ class CommandExecutionSerializer(serializers.ModelSerializer):
     @staticmethod
     def get_log_url(obj):
         return reverse('api-ops:celery-task-log', kwargs={'pk': obj.id})
+
diff --git a/apps/ops/serializers/celery.py b/apps/ops/serializers/celery.py
new file mode 100644
index 000000000..8015c2482
--- /dev/null
+++ b/apps/ops/serializers/celery.py
@@ -0,0 +1,29 @@
+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals
+from rest_framework import serializers
+
+from django_celery_beat.models import PeriodicTask
+
+__all__ = [
+    'CeleryResultSerializer', 'CeleryTaskSerializer',
+    'CeleryPeriodTaskSerializer'
+]
+
+
+class CeleryResultSerializer(serializers.Serializer):
+    id = serializers.UUIDField()
+    result = serializers.JSONField()
+    state = serializers.CharField(max_length=16)
+
+
+class CeleryTaskSerializer(serializers.Serializer):
+    pass
+
+
+class CeleryPeriodTaskSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = PeriodicTask
+        fields = [
+            'name', 'task', 'enabled', 'description',
+            'last_run_at', 'total_run_count'
+        ]
diff --git a/apps/ops/tasks.py b/apps/ops/tasks.py
index 9e582959f..9746fdbe7 100644
--- a/apps/ops/tasks.py
+++ b/apps/ops/tasks.py
@@ -1,21 +1,22 @@
 # coding: utf-8
 import os
 import subprocess
-import datetime
 import time
 
 from django.conf import settings
 from celery import shared_task, subtask
 from celery.exceptions import SoftTimeLimitExceeded
 from django.utils import timezone
+from django.utils.translation import ugettext_lazy as _
 
-from common.utils import get_logger, get_object_or_none
+from common.utils import get_logger, get_object_or_none, get_disk_usage
 from .celery.decorator import (
     register_as_period_task, after_app_shutdown_clean_periodic,
     after_app_ready_start
 )
 from .celery.utils import create_or_update_celery_periodic_tasks
 from .models import Task, CommandExecution, CeleryTask
+from .utils import send_server_performance_mail
 
 logger = get_logger(__file__)
 
@@ -59,7 +60,7 @@ def run_command_execution(cid, **kwargs):
 
 @shared_task
 @after_app_shutdown_clean_periodic
-@register_as_period_task(interval=3600*24)
+@register_as_period_task(interval=3600*24, description=_("Clean task history period"))
 def clean_tasks_adhoc_period():
     logger.debug("Start clean task adhoc and run history")
     tasks = Task.objects.all()
@@ -72,7 +73,7 @@ def clean_tasks_adhoc_period():
 
 @shared_task
 @after_app_shutdown_clean_periodic
-@register_as_period_task(interval=3600*24)
+@register_as_period_task(interval=3600*24, description=_("Clean celery log period"))
 def clean_celery_tasks_period():
     expire_days = 30
     logger.debug("Start clean celery task history")
@@ -103,6 +104,19 @@ def create_or_update_registered_periodic_tasks():
         create_or_update_celery_periodic_tasks(task)
 
 
+@shared_task
+@register_as_period_task(interval=3600)
+def check_server_performance_period():
+    usages = get_disk_usage()
+    usages = {path: usage for path, usage in usages.items()
+              if not path.startswith('/etc')}
+
+    for path, usage in usages.items():
+        if usage.percent > 80:
+            send_server_performance_mail(path, usage, usages)
+            return
+
+
 @shared_task(queue="ansible")
 def hello(name, callback=None):
     import time
diff --git a/apps/ops/templates/ops/adhoc_detail.html b/apps/ops/templates/ops/adhoc_detail.html
index e3a13b548..55c0960a2 100644
--- a/apps/ops/templates/ops/adhoc_detail.html
+++ b/apps/ops/templates/ops/adhoc_detail.html
@@ -3,9 +3,7 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
     <link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
 {% endblock %}
 {% block content %}
diff --git a/apps/ops/templates/ops/adhoc_history.html b/apps/ops/templates/ops/adhoc_history.html
index 11c52ae44..8272279d4 100644
--- a/apps/ops/templates/ops/adhoc_history.html
+++ b/apps/ops/templates/ops/adhoc_history.html
@@ -3,9 +3,7 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
     <link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
 {% endblock %}
 {% block content %}
diff --git a/apps/ops/templates/ops/adhoc_history_detail.html b/apps/ops/templates/ops/adhoc_history_detail.html
index ccc4fce4c..88dde9ec2 100644
--- a/apps/ops/templates/ops/adhoc_history_detail.html
+++ b/apps/ops/templates/ops/adhoc_history_detail.html
@@ -3,9 +3,7 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
     <link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
 {% endblock %}
 {% block content %}
diff --git a/apps/ops/templates/ops/command_execution_create.html b/apps/ops/templates/ops/command_execution_create.html
index cd1867c74..86c489c09 100644
--- a/apps/ops/templates/ops/command_execution_create.html
+++ b/apps/ops/templates/ops/command_execution_create.html
@@ -11,8 +11,6 @@
           rel="stylesheet">
     <link href="{% static 'css/plugins/codemirror/ambiance.css' %}"
           rel="stylesheet">
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}"
-          rel="stylesheet">
     <script type="text/javascript"
             src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
     <script type="text/javascript"
@@ -22,7 +20,6 @@
     <script src="{% static 'js/plugins/xterm/addons/fit/fit.js' %}"></script>
     <script src="{% static 'js/plugins/codemirror/codemirror.js' %}"></script>
     <script src="{% static 'js/plugins/codemirror/mode/shell/shell.js' %}"></script>
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <style type="text/css">
         .xterm .xterm-screen canvas {
             position: absolute;
diff --git a/apps/ops/templates/ops/command_execution_list.html b/apps/ops/templates/ops/command_execution_list.html
index 81e9635c6..29cd16c21 100644
--- a/apps/ops/templates/ops/command_execution_list.html
+++ b/apps/ops/templates/ops/command_execution_list.html
@@ -6,8 +6,6 @@
 {% block custom_head_css_js %}
     <link href="{% static "css/plugins/footable/footable.core.css" %}" rel="stylesheet">
     <link href="{% static 'css/plugins/datepicker/datepicker3.css' %}" rel="stylesheet">
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <style>
         .form-control {
             height: 30px;
@@ -16,6 +14,11 @@
         #search_btn {
             margin-bottom: 0;
         }
+
+        .select2-selection__rendered span.select2-selection, .select2-container .select2-selection--single {
+            height: 30px !important;
+        }
+
     </style>
 {% endblock %}
 
diff --git a/apps/ops/templates/ops/task_adhoc.html b/apps/ops/templates/ops/task_adhoc.html
index 866ef4255..9e544d6c5 100644
--- a/apps/ops/templates/ops/task_adhoc.html
+++ b/apps/ops/templates/ops/task_adhoc.html
@@ -3,9 +3,7 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
     <link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
 {% endblock %}
 {% block content %}
diff --git a/apps/ops/templates/ops/task_detail.html b/apps/ops/templates/ops/task_detail.html
index c29fc2c4e..07036b58a 100644
--- a/apps/ops/templates/ops/task_detail.html
+++ b/apps/ops/templates/ops/task_detail.html
@@ -3,9 +3,7 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
     <link href="{% static 'css/plugins/sweetalert/sweetalert.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <script src="{% static 'js/plugins/sweetalert/sweetalert.min.js' %}"></script>
 {% endblock %}
 
diff --git a/apps/ops/templates/ops/task_history.html b/apps/ops/templates/ops/task_history.html
index dea4c9324..5121a8045 100644
--- a/apps/ops/templates/ops/task_history.html
+++ b/apps/ops/templates/ops/task_history.html
@@ -3,9 +3,7 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
     <link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
 {% endblock %}
 {% block content %}
diff --git a/apps/ops/urls/api_urls.py b/apps/ops/urls/api_urls.py
index 5f955540d..cc242f649 100644
--- a/apps/ops/urls/api_urls.py
+++ b/apps/ops/urls/api_urls.py
@@ -13,6 +13,7 @@ router.register(r'tasks', api.TaskViewSet, 'task')
 router.register(r'adhoc', api.AdHocViewSet, 'adhoc')
 router.register(r'history', api.AdHocRunHistoryViewSet, 'history')
 router.register(r'command-executions', api.CommandExecutionViewSet, 'command-execution')
+router.register(r'celery/period-tasks', api.CeleryPeriodTaskViewSet, 'celery-period-task')
 
 urlpatterns = [
     path('tasks/<uuid:pk>/run/', api.TaskRun.as_view(), name='task-run'),
diff --git a/apps/ops/utils.py b/apps/ops/utils.py
index 70cba27ba..3322890f2 100644
--- a/apps/ops/utils.py
+++ b/apps/ops/utils.py
@@ -1,6 +1,8 @@
 # ~*~ coding: utf-8 ~*~
 from django.utils.translation import ugettext_lazy as _
+
 from common.utils import get_logger, get_object_or_none
+from common.tasks import send_mail_async
 from orgs.utils import set_to_root_org
 from .models import Task, AdHoc
 
@@ -56,4 +58,14 @@ def update_or_create_ansible_task(
     return task, created
 
 
+def send_server_performance_mail(path, usage, usages):
+    from users.models import User
+    subject = _("Disk used more than 80%: {} => {}").format(path, usage.percent)
+    message = subject
+    admins = User.objects.filter(role=User.ROLE_ADMIN)
+    recipient_list = [u.email for u in admins if u.email]
+    logger.info(subject)
+    send_mail_async(subject, message, recipient_list, html_message=message)
+
+
 
diff --git a/apps/ops/views/celery.py b/apps/ops/views/celery.py
index 1fcd18d08..9ae2d9755 100644
--- a/apps/ops/views/celery.py
+++ b/apps/ops/views/celery.py
@@ -17,6 +17,6 @@ class CeleryTaskLogView(PermissionsMixin, TemplateView):
         context = super().get_context_data(**kwargs)
         context.update({
             'task_id': self.kwargs.get('pk'),
-            'ws_port': settings.CONFIG.WS_LISTEN_PORT
+            'ws_port': settings.WS_LISTEN_PORT
         })
         return context
diff --git a/apps/ops/views/command.py b/apps/ops/views/command.py
index 0824b4b93..d9b1f61be 100644
--- a/apps/ops/views/command.py
+++ b/apps/ops/views/command.py
@@ -80,7 +80,7 @@ class CommandExecutionStartView(PermissionsMixin, TemplateView):
             'action': _('Command execution'),
             'form': self.get_form(),
             'system_users': system_users,
-            'ws_port': settings.CONFIG.WS_LISTEN_PORT
+            'ws_port': settings.WS_LISTEN_PORT
         }
         kwargs.update(context)
         return super().get_context_data(**kwargs)
diff --git a/apps/orgs/mixins/api.py b/apps/orgs/mixins/api.py
index 8fb7f30dd..64314a3f8 100644
--- a/apps/orgs/mixins/api.py
+++ b/apps/orgs/mixins/api.py
@@ -46,7 +46,11 @@ class OrgModelViewSet(CommonApiMixin, OrgQuerySetMixin, ModelViewSet):
 
 class OrgBulkModelViewSet(CommonApiMixin, OrgQuerySetMixin, BulkModelViewSet):
     def allow_bulk_destroy(self, qs, filtered):
-        if qs.count() <= filtered.count():
+        qs_count = qs.count()
+        filtered_count = filtered.count()
+        if filtered_count == 1:
+            return True
+        if qs_count <= filtered_count:
             return False
         if self.request.query_params.get('spm', ''):
             return True
diff --git a/apps/orgs/models.py b/apps/orgs/models.py
index 544e50712..a9040b378 100644
--- a/apps/orgs/models.py
+++ b/apps/orgs/models.py
@@ -95,6 +95,14 @@ class Organization(models.Model):
     def get_org_admins(self):
         return self.org_admins
 
+    def org_id(self):
+        if self.is_real():
+            return self.id
+        elif self.is_root():
+            return None
+        else:
+            return ''
+
     @lazyproperty
     def org_auditors(self):
         from users.models import User
diff --git a/apps/perms/api/__init__.py b/apps/perms/api/__init__.py
index 00dd28776..cc6ce8229 100644
--- a/apps/perms/api/__init__.py
+++ b/apps/perms/api/__init__.py
@@ -3,6 +3,7 @@
 
 from .asset_permission import *
 from .user_permission import *
+from .asset_permission_relation import *
 from .user_group_permission import *
 from .remote_app_permission import *
 from .user_remote_app_permission import *
diff --git a/apps/perms/api/asset_permission.py b/apps/perms/api/asset_permission.py
index 0243f8f1b..4acdc1936 100644
--- a/apps/perms/api/asset_permission.py
+++ b/apps/perms/api/asset_permission.py
@@ -2,12 +2,9 @@
 #
 
 from django.db.models import Q
-from rest_framework.views import Response
-from django.shortcuts import get_object_or_404
 
 from common.permissions import IsOrgAdmin
 from orgs.mixins.api import OrgModelViewSet
-from orgs.mixins import generics
 from common.utils import get_object_or_none
 from ..models import AssetPermission
 from ..hands import (
@@ -17,9 +14,7 @@ from .. import serializers
 
 
 __all__ = [
-    'AssetPermissionViewSet', 'AssetPermissionRemoveUserApi',
-    'AssetPermissionAddUserApi', 'AssetPermissionRemoveAssetApi',
-    'AssetPermissionAddAssetApi', 'AssetPermissionAssetsApi',
+    'AssetPermissionViewSet',
 ]
 
 
@@ -29,6 +24,7 @@ class AssetPermissionViewSet(OrgModelViewSet):
     """
     model = AssetPermission
     serializer_class = serializers.AssetPermissionCreateUpdateSerializer
+    serializer_display_class = serializers.AssetPermissionListSerializer
     filter_fields = ['name']
     permission_classes = (IsOrgAdmin,)
 
@@ -38,11 +34,9 @@ class AssetPermissionViewSet(OrgModelViewSet):
         )
         return queryset
 
-    def get_serializer_class(self):
-        if self.action in ("list", 'retrieve') and \
-                self.request.query_params.get("display"):
-            return serializers.AssetPermissionListSerializer
-        return self.serializer_class
+    def is_query_all(self):
+        query_all = self.request.query_params.get('all', '1') == '1'
+        return query_all
 
     def filter_valid(self, queryset):
         valid_query = self.request.query_params.get('is_valid', None)
@@ -81,7 +75,10 @@ class AssetPermissionViewSet(OrgModelViewSet):
         if not _nodes:
             return queryset.none()
 
-        nodes = set()
+        if not self.is_query_all():
+            queryset = queryset.filter(nodes__in=_nodes)
+            return queryset
+        nodes = set(_nodes)
         for node in _nodes:
             nodes |= set(node.get_ancestors(with_self=True))
         queryset = queryset.filter(nodes__in=nodes)
@@ -101,6 +98,9 @@ class AssetPermissionViewSet(OrgModelViewSet):
             return queryset
         if not assets:
             return queryset.none()
+        if not self.is_query_all():
+            queryset = queryset.filter(assets__in=assets)
+            return queryset
         inherit_all_nodes = set()
         inherit_nodes_keys = assets.all().values_list('nodes__key', flat=True)
 
@@ -117,7 +117,6 @@ class AssetPermissionViewSet(OrgModelViewSet):
     def filter_user(self, queryset):
         user_id = self.request.query_params.get('user_id')
         username = self.request.query_params.get('username')
-        query_group = self.request.query_params.get('all')
         if user_id:
             user = get_object_or_none(User, pk=user_id)
         elif username:
@@ -126,14 +125,14 @@ class AssetPermissionViewSet(OrgModelViewSet):
             return queryset
         if not user:
             return queryset.none()
-        kwargs = {}
-        args = []
-        if query_group:
-            groups = user.groups.all()
-            args.append(Q(users=user) | Q(user_groups__in=groups))
-        else:
-            kwargs["users"] = user
-        return queryset.filter(*args, **kwargs).distinct()
+        if not self.is_query_all():
+            queryset = queryset.filter(users=user)
+            return queryset
+        groups = user.groups.all()
+        queryset = queryset.filter(
+            Q(users=user) | Q(user_groups__in=groups)
+        ).distinct()
+        return queryset
 
     def filter_user_group(self, queryset):
         user_group_id = self.request.query_params.get('user_group_id')
@@ -167,99 +166,3 @@ class AssetPermissionViewSet(OrgModelViewSet):
         queryset = self.filter_user_group(queryset)
         queryset = queryset.distinct()
         return queryset
-
-
-class AssetPermissionRemoveUserApi(generics.RetrieveUpdateAPIView):
-    """
-    将用户从授权中移除，Detail页面会调用
-    """
-    model = AssetPermission
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.AssetPermissionUpdateUserSerializer
-
-    def update(self, request, *args, **kwargs):
-        perm = self.get_object()
-        serializer = self.serializer_class(data=request.data)
-        if serializer.is_valid():
-            users = serializer.validated_data.get('users')
-            if users:
-                perm.users.remove(*tuple(users))
-                perm.save()
-            return Response({"msg": "ok"})
-        else:
-            return Response({"error": serializer.errors})
-
-
-class AssetPermissionAddUserApi(generics.RetrieveUpdateAPIView):
-    model = AssetPermission
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.AssetPermissionUpdateUserSerializer
-
-    def update(self, request, *args, **kwargs):
-        perm = self.get_object()
-        serializer = self.serializer_class(data=request.data)
-        if serializer.is_valid():
-            users = serializer.validated_data.get('users')
-            if users:
-                perm.users.add(*tuple(users))
-                perm.save()
-            return Response({"msg": "ok"})
-        else:
-            return Response({"error": serializer.errors})
-
-
-class AssetPermissionRemoveAssetApi(generics.RetrieveUpdateAPIView):
-    """
-    将用户从授权中移除，Detail页面会调用
-    """
-    model = AssetPermission
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.AssetPermissionUpdateAssetSerializer
-
-    def update(self, request, *args, **kwargs):
-        perm = self.get_object()
-        serializer = self.serializer_class(data=request.data)
-        if serializer.is_valid():
-            assets = serializer.validated_data.get('assets')
-            if assets:
-                perm.assets.remove(*tuple(assets))
-                perm.save()
-            return Response({"msg": "ok"})
-        else:
-            return Response({"error": serializer.errors})
-
-
-class AssetPermissionAddAssetApi(generics.RetrieveUpdateAPIView):
-    model = AssetPermission
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.AssetPermissionUpdateAssetSerializer
-
-    def update(self, request, *args, **kwargs):
-        perm = self.get_object()
-        serializer = self.serializer_class(data=request.data)
-        if serializer.is_valid():
-            assets = serializer.validated_data.get('assets')
-            if assets:
-                perm.assets.add(*tuple(assets))
-                perm.save()
-            return Response({"msg": "ok"})
-        else:
-            return Response({"error": serializer.errors})
-
-
-class AssetPermissionAssetsApi(generics.ListAPIView):
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.AssetPermissionAssetsSerializer
-    filter_fields = ("hostname", "ip")
-    search_fields = filter_fields
-
-    def get_object(self):
-        pk = self.kwargs.get('pk')
-        return get_object_or_404(AssetPermission, pk=pk)
-
-    def get_queryset(self):
-        perm = self.get_object()
-        assets = perm.get_all_assets().only(
-            *self.serializer_class.Meta.only_fields
-        )
-        return assets
diff --git a/apps/perms/api/asset_permission_relation.py b/apps/perms/api/asset_permission_relation.py
new file mode 100644
index 000000000..3b68af775
--- /dev/null
+++ b/apps/perms/api/asset_permission_relation.py
@@ -0,0 +1,144 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import generics
+from django.db.models import F, Value
+from django.db.models.functions import Concat
+from django.shortcuts import get_object_or_404
+
+from orgs.mixins.api import OrgBulkModelViewSet
+from orgs.utils import current_org
+from common.permissions import IsOrgAdmin
+from .. import serializers
+from .. import models
+
+__all__ = [
+    'AssetPermissionUserRelationViewSet', 'AssetPermissionUserGroupRelationViewSet',
+    'AssetPermissionAssetRelationViewSet', 'AssetPermissionNodeRelationViewSet',
+    'AssetPermissionSystemUserRelationViewSet', 'AssetPermissionAllAssetListApi',
+    'AssetPermissionAllUserListApi',
+]
+
+
+class RelationMixin(OrgBulkModelViewSet):
+    def get_queryset(self):
+        queryset = self.model.objects.all()
+        org_id = current_org.org_id()
+        if org_id is not None:
+            queryset = queryset.filter(assetpermission__org_id=org_id)
+        queryset = queryset.annotate(assetpermission_display=F('assetpermission__name'))
+        return queryset
+
+
+class AssetPermissionUserRelationViewSet(RelationMixin):
+    serializer_class = serializers.AssetPermissionUserRelationSerializer
+    model = models.AssetPermission.users.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', "user", "assetpermission",
+    ]
+    search_fields = ("user__name", "user__username", "assetpermission__name")
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset \
+            .annotate(user_display=F('user__name'))
+        return queryset
+
+
+class AssetPermissionAllUserListApi(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.AssetPermissionAllUserSerializer
+    filter_fields = ("username", "name")
+    search_fields = filter_fields
+
+    def get_queryset(self):
+        pk = self.kwargs.get("pk")
+        perm = get_object_or_404(models.AssetPermission, pk=pk)
+        users = perm.get_all_users().only(
+            *self.serializer_class.Meta.only_fields
+        )
+        return users
+
+
+class AssetPermissionUserGroupRelationViewSet(RelationMixin):
+    serializer_class = serializers.AssetPermissionUserGroupRelationSerializer
+    model = models.AssetPermission.user_groups.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', "usergroup", "assetpermission"
+    ]
+    search_fields = ["usergroup__name", "assetpermission__name"]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset \
+            .annotate(usergroup_display=F('usergroup__name'))
+        return queryset
+
+
+class AssetPermissionAssetRelationViewSet(RelationMixin):
+    serializer_class = serializers.AssetPermissionAssetRelationSerializer
+    model = models.AssetPermission.assets.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', 'asset', 'assetpermission',
+    ]
+    search_fields = ["id", "asset__hostname", "asset__ip", "assetpermission__name"]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset \
+            .annotate(asset_display=F('asset__hostname'))
+        return queryset
+
+
+class AssetPermissionAllAssetListApi(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.AssetPermissionAllAssetSerializer
+    filter_fields = ("hostname", "ip")
+    search_fields = filter_fields
+
+    def get_queryset(self):
+        pk = self.kwargs.get("pk")
+        perm = get_object_or_404(models.AssetPermission, pk=pk)
+        assets = perm.get_all_assets().only(
+            *self.serializer_class.Meta.only_fields
+        )
+        return assets
+
+
+class AssetPermissionNodeRelationViewSet(RelationMixin):
+    serializer_class = serializers.AssetPermissionNodeRelationSerializer
+    model = models.AssetPermission.nodes.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', 'node', 'assetpermission',
+    ]
+    search_fields = ["node__value", "assetpermission__name"]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset \
+            .annotate(node_key=F('node__key'))
+        return queryset
+
+
+class AssetPermissionSystemUserRelationViewSet(RelationMixin):
+    serializer_class = serializers.AssetPermissionSystemUserRelationSerializer
+    model = models.AssetPermission.system_users.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', 'systemuser', 'assetpermission',
+    ]
+    search_fields = [
+        "assetpermission__name", "systemuser__name", "systemuser__username"
+    ]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset \
+            .annotate(systemuser_display=Concat(
+                F('systemuser__name'), Value('('), F('systemuser__username'),
+                Value(')')
+            ))
+        return queryset
diff --git a/apps/perms/models/base.py b/apps/perms/models/base.py
index 878d9d739..950d54b10 100644
--- a/apps/perms/models/base.py
+++ b/apps/perms/models/base.py
@@ -80,9 +80,10 @@ class BasePermission(OrgModelMixin):
         return False
 
     def get_all_users(self):
-        users = set(self.users.all())
-        for group in self.user_groups.all():
-            _users = group.users.all()
-            set_or_append_attr_bulk(_users, 'inherit', group.name)
-            users.update(set(_users))
+        from users.models import User
+        users_id = self.users.all().values_list('id', flat=True)
+        groups_id = self.user_groups.all().values_list('id', flat=True)
+        users = User.objects.filter(
+            Q(id__in=users_id) | Q(groups__id__in=groups_id)
+        ).distinct()
         return users
diff --git a/apps/perms/serializers/__init__.py b/apps/perms/serializers/__init__.py
index 1d099cb33..e464b4cc6 100644
--- a/apps/perms/serializers/__init__.py
+++ b/apps/perms/serializers/__init__.py
@@ -4,3 +4,4 @@
 from .asset_permission import *
 from .user_permission import *
 from .remote_app_permission import *
+from .asset_permission_relation import *
diff --git a/apps/perms/serializers/asset_permission.py b/apps/perms/serializers/asset_permission.py
index 94a7dfdbd..73612a7e6 100644
--- a/apps/perms/serializers/asset_permission.py
+++ b/apps/perms/serializers/asset_permission.py
@@ -6,12 +6,10 @@ from rest_framework import serializers
 from common.fields import StringManyToManyField
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from perms.models import AssetPermission, Action
-from assets.models import Asset
 
 __all__ = [
     'AssetPermissionCreateUpdateSerializer', 'AssetPermissionListSerializer',
-    'AssetPermissionUpdateUserSerializer', 'AssetPermissionUpdateAssetSerializer',
-    'ActionsField', 'AssetPermissionAssetsSerializer',
+    'ActionsField',
 ]
 
 
@@ -59,23 +57,4 @@ class AssetPermissionListSerializer(BulkOrgResourceModelSerializer):
         fields = '__all__'
 
 
-class AssetPermissionUpdateUserSerializer(serializers.ModelSerializer):
 
-    class Meta:
-        model = AssetPermission
-        fields = ['id', 'users']
-
-
-class AssetPermissionUpdateAssetSerializer(serializers.ModelSerializer):
-
-    class Meta:
-        model = AssetPermission
-        fields = ['id', 'assets']
-
-
-class AssetPermissionAssetsSerializer(serializers.ModelSerializer):
-
-    class Meta:
-        model = Asset
-        only_fields = ['id', 'hostname', 'ip']
-        fields = tuple(only_fields)
diff --git a/apps/perms/serializers/asset_permission_relation.py b/apps/perms/serializers/asset_permission_relation.py
new file mode 100644
index 000000000..eaa38afe2
--- /dev/null
+++ b/apps/perms/serializers/asset_permission_relation.py
@@ -0,0 +1,128 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import serializers
+
+from common.mixins import BulkSerializerMixin
+from common.serializers import AdaptedBulkListSerializer
+from assets.models import Asset, Node
+from ..models import AssetPermission
+
+__all__ = [
+    'AssetPermissionUserRelationSerializer',
+    'AssetPermissionUserGroupRelationSerializer',
+    "AssetPermissionAssetRelationSerializer",
+    'AssetPermissionNodeRelationSerializer',
+    'AssetPermissionSystemUserRelationSerializer',
+    'AssetPermissionAllAssetSerializer',
+    'AssetPermissionAllUserSerializer',
+]
+
+
+class CurrentAssetPermission(object):
+    permission = None
+
+    def set_context(self, serializer_field):
+        self.permission = serializer_field.context['permission']
+
+    def __call__(self):
+        return self.permission
+
+
+class RelationMixin(BulkSerializerMixin, serializers.Serializer):
+    assetpermission_display = serializers.ReadOnlyField()
+
+    def get_field_names(self, declared_fields, info):
+        fields = super().get_field_names(declared_fields, info)
+        fields.extend(['assetpermission', "assetpermission_display"])
+        return fields
+
+    class Meta:
+        list_serializer_class = AdaptedBulkListSerializer
+
+
+class AssetPermissionUserRelationSerializer(RelationMixin, serializers.ModelSerializer):
+    user_display = serializers.ReadOnlyField()
+
+    class Meta(RelationMixin.Meta):
+        model = AssetPermission.users.through
+        fields = [
+            'id', 'user', 'user_display',
+        ]
+
+
+class AssetPermissionAllUserSerializer(serializers.ModelSerializer):
+    user = serializers.UUIDField(read_only=True, source='id')
+    user_display = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Asset
+        only_fields = ['id', 'username', 'name']
+        fields = ['user', 'user_display']
+
+    @staticmethod
+    def get_user_display(obj):
+        return str(obj)
+
+
+class AssetPermissionUserGroupRelationSerializer(RelationMixin, serializers.ModelSerializer):
+    usergroup_display = serializers.ReadOnlyField()
+
+    class Meta(RelationMixin.Meta):
+        model = AssetPermission.user_groups.through
+        fields = [
+            'id', 'usergroup', "usergroup_display",
+        ]
+
+
+class AssetPermissionAssetRelationSerializer(RelationMixin, serializers.ModelSerializer):
+    asset_display = serializers.ReadOnlyField()
+
+    class Meta(RelationMixin.Meta):
+        model = AssetPermission.assets.through
+        fields = [
+            'id', "asset", "asset_display",
+        ]
+
+
+class AssetPermissionAllAssetSerializer(serializers.ModelSerializer):
+    asset = serializers.UUIDField(read_only=True, source='id')
+    asset_display = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Asset
+        only_fields = ['id', 'hostname', 'ip']
+        fields = ['asset', 'asset_display']
+
+    @staticmethod
+    def get_asset_display(obj):
+        return str(obj)
+
+
+class AssetPermissionNodeRelationSerializer(RelationMixin, serializers.ModelSerializer):
+    node_display = serializers.SerializerMethodField()
+
+    class Meta(RelationMixin.Meta):
+        model = AssetPermission.nodes.through
+        fields = [
+            'id', 'node', "node_display",
+        ]
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.tree = Node.tree()
+
+    def get_node_display(self, obj):
+        if hasattr(obj, 'node_key'):
+            return self.tree.get_node_full_tag(obj.node_key)
+        else:
+            return obj.node.full_value
+
+
+class AssetPermissionSystemUserRelationSerializer(RelationMixin, serializers.ModelSerializer):
+    systemuser_display = serializers.ReadOnlyField()
+
+    class Meta(RelationMixin.Meta):
+        model = AssetPermission.system_users.through
+        fields = [
+            'id', 'systemuser', 'systemuser_display'
+        ]
diff --git a/apps/perms/templates/perms/asset_permission_asset.html b/apps/perms/templates/perms/asset_permission_asset.html
index f01f7cec8..b6079cdaa 100644
--- a/apps/perms/templates/perms/asset_permission_asset.html
+++ b/apps/perms/templates/perms/asset_permission_asset.html
@@ -2,10 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
@@ -54,8 +50,8 @@
                                             <th class="text-center">
                                                 <input type="checkbox" id="check_all" class="ipt_check_all" >
                                             </th>
-                                            <th class="text-center">{% trans 'Hostname' %}</th>
-                                            <th class="text-center">{% trans 'IP' %}</th>
+                                            <th class="text-center">{% trans 'Asset' %}</th>
+                                            <th class="text-center">{% trans 'Action' %}</th>
                                         </tr>
                                         </thead>
                                         <tbody>
@@ -75,7 +71,7 @@
                                         <form>
                                             <tr class="no-borders-tr">
                                                 <td colspan="2">
-                                                    <select data-placeholder="{% trans 'Select assets' %}" class="select2" id="id_assets" style="width: 100%" multiple="" tabindex="4">
+                                                    <select data-placeholder="{% trans 'Select assets' %}" class="select2 assets-select2" id="id_assets" style="width: 100%" multiple="" tabindex="4">
                                                     </select>
                                                 </td>
                                             </tr>
@@ -112,10 +108,46 @@
                                         </form>
 
                                         {% for node in asset_permission.nodes.all %}
-                                        <tr>
+                                        <tr {% if forloop.counter == 1 %} class="no-borders-tr" {% endif %} >
                                           <td ><b class="bdg_group" data-gid={{ node.id }}>{{ node.full_value }}</b></td>
                                           <td>
-                                              <button class="btn btn-danger btn-xs btn-remove-node" type="button" data-gid="{{ node.id }}" style="float: right;"><i class="fa fa-minus"></i></button>
+                                              <button class="btn btn-danger btn-xs btn-remove-node" type="button" data-uid="{{ node.id }}" style="float: right;"><i class="fa fa-minus"></i></button>
+                                          </td>
+                                        </tr>
+                                        {% endfor %}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                            <div class="panel panel-warning">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'System user' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table" id="system-user-table">
+                                        <tbody>
+                                        <form>
+                                            <tr class="no-borders-tr">
+                                                <td colspan="2">
+                                                    <select data-placeholder="{% trans 'Select system users' %}" class="select2 system-users" id="system_users_select2" style="width: 100%" multiple="" tabindex="4">
+                                                        {% for system_user in system_users_remain %}
+                                                        <option value="{{ system_user.id }}" id="opt_{{ system_user.id }}">{{ system_user }}</option>
+                                                        {% endfor %}
+                                                    </select>
+                                                </td>
+                                            </tr>
+                                            <tr class="no-borders-tr">
+                                                <td colspan="2">
+                                                    <button type="button" class="btn btn-warning btn-sm" id="btn-add-system-user">{% trans 'Add' %}</button>
+                                                </td>
+                                            </tr>
+                                        </form>
+
+                                        {% for system_user in object.system_users.all %}
+                                        <tr {% if forloop.counter == 1 %} class="no-borders-tr" {% endif %} >
+                                          <td ><b class="bdg-system-user" data-uid={{ system_user.id }}>{{ system_user|truncatechars:21}}</b></td>
+                                          <td>
+                                              <button class="btn btn-danger btn-xs btn-remove-sys-user" data-uid="{{ system_user.id }}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
                                           </td>
                                         </tr>
                                         {% endfor %}
@@ -129,69 +161,83 @@
             </div>
         </div>
     </div>
-
 {% include 'assets/_asset_list_modal.html' %}
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-function addAssets(assets) {
-    var the_url = "{% url 'api-perms:asset-permission-add-asset' pk=asset_permission.id %}";
-    var body = {
-        assets: assets
-    };
-    var success = function(data) {
-        location.reload();
-    };
-    requestApi({
-        url: the_url,
-        body: JSON.stringify(body),
-        success: success
-    });
- }
 
-function removeAssets(assets) {
-    var the_url = "{% url 'api-perms:asset-permission-remove-asset' pk=asset_permission.id %}";
-    var body = {
-        assets: assets
-    };
-    var success = function(data) {
-        location.reload();
-    };
+var assetsRelationUrl = "{% url 'api-perms:asset-permissions-assets-relation-list' %}";
+var nodesRelationUrl = "{% url 'api-perms:asset-permissions-nodes-relation-list' %}";
+var systemUsersRelationUrl = "{% url 'api-perms:asset-permissions-system-users-relation-list' %}";
+
+function getRelationUrl(type) {
+    var theUrl = "";
+    switch (type) {
+        case "asset":
+            theUrl = assetsRelationUrl;
+            break;
+        case "node":
+            theUrl = nodesRelationUrl;
+            break;
+        case "systemuser":
+            theUrl = systemUsersRelationUrl;
+            break;
+    }
+    return theUrl;
+}
+
+function addObjects(objectsId, type) {
+    if (!objectsId || objectsId.length === 0) {
+        return
+    }
+    var theUrl = getRelationUrl(type);
+    var body = [];
+    objectsId.forEach(function (v) {
+        var data = {assetpermission: "{{ object.id }}"};
+        data[type] = v;
+        body.push(data)
+    });
     requestApi({
-        url: the_url,
+        url: theUrl,
         body: JSON.stringify(body),
-        success: success
+        method: "POST",
+        success: reloadPage
     });
 }
 
-function updateNodes(nodes, success) {
-    var the_url = "{% url 'api-perms:asset-permission-detail' pk=asset_permission.id %}";
-    var body = {
-        nodes: nodes
-    };
+function removeObject(objectId, type) {
+    if (!objectId)  {
+        return
+    }
+    var theUrl = getRelationUrl(type);
+    theUrl = setUrlParam(theUrl, 'assetpermission', "{{ object.id }}");
+    theUrl = setUrlParam(theUrl, type, objectId);
     requestApi({
-        url: the_url,
-        body: JSON.stringify(body),
-        success: success
+        url: theUrl,
+        method: "DELETE",
+        success: reloadPage
     });
 }
 
+
 var table;
 function initAssetTable() {
     var options = {
         ele: $('#asset_list_table'),
         toggle: true,
         columnDefs: [
-            {
-                targets: 0, createdCell: function (td, cellData, rowData) {
-                    var html = '<input type="checkbox" class="text-center ipt_check" id="id_' + cellData + '">';
-                    $(td).html(html);
-                }
-            },
+             {targets: 2, createdCell: function (td, cellData, rowData) {
+                  var removeBtn = '<a class="btn btn-xs btn-danger m-l-xs btn-remove-asset" disabled data-uid="{{ DEFAULT_PK }}"><i class="fa fa-minus"></i></a>'
+                      .replace('{{ DEFAULT_PK }}', cellData);
+                  if (assetDirectRelated.indexOf(cellData) !== -1) {
+                      removeBtn = removeBtn.replace('disabled', '')
+                  }
+		  		  $(td).html(removeBtn);
+             }}
         ],
-        ajax_url: "{% url 'api-perms:asset-permission-assets' pk=object.id %}",
+        ajax_url: "{% url 'api-perms:asset-permission-all-assets' pk=object.id %}",
         columns: [
-            {data: "id"}, {data: "hostname"}, {data: "ip"}
+            {data: "asset"}, {data: "asset_display"}, {data: "asset", width: "30px"}
         ],
         op_html: $('#actions').html()
     };
@@ -199,76 +245,38 @@ function initAssetTable() {
     return table
 }
 
+var assetDirectRelated = {{ assets | safe }};
+
 
 $(document).ready(function () {
     $('.select2').select2();
-    table = initAssetTable();
-
     nodesSelect2Init(".nodes-select2");
-
-    $("#id_assets").parent().find(".select2-selection").on('click', function (e) {
-        if ($(e.target).attr('class') !== 'select2-selection__choice__remove'){
-            e.preventDefault();
-            e.stopPropagation();
-            $("#asset_list_modal").modal();
-        }
-    })
+    initAssetTable();
+    initAssetTreeModel('#id_assets');
 })
 .on('click', '.btn-add-assets', function () {
-    var assets_selected = $("#id_assets option:selected").map(function () {
-        return $(this).attr('value');
-    }).get();
-    if (assets_selected.length === 0) {
-		return false;
-	}
-    addAssets(assets_selected);
+    var assetsId = $("#id_assets").val();
+    addObjects(assetsId, "asset");
 })
 .on('click', '.btn-remove-asset', function () {
-    var asset_id = $(this).data("gid");
-    if (asset_id === "") {
-        return
-    }
-    var assets = [asset_id];
-    removeAssets(assets)
+    var assetId = $(this).data("uid");
+    removeObject(assetId, "asset")
 })
 .on('click', '#btn-add-node', function () {
-    var nodes_selected = {};
-    $("#nodes_select2 option:selected").each(function (i, data) {
-        nodes_selected[$(data).attr('value')] = $(data).text();
-    });
-    if (Object.keys(nodes_selected).length === 0) {
-		return false;
-	}
-    var nodes_origin = $('.bdg_group').map(function() {
-        return $(this).data('gid');
-    }).get();
-
-    var nodes = nodes_origin.concat(Object.keys(nodes_selected));
-    var success = function () {
-        $.map(nodes_selected, function(name, id) {
-            $('#opt_' + id).remove();
-            $('.group_edit tbody').append(
-               '<tr>' +
-               '<td><b class="bdg_group" data-gid="' + id + '">' + name + '</b></td>' +
-               '<td><button class="btn btn-danger btn-xs pull-right btn-leave-group" type="button"><i class="fa fa-minus"></i></button></td>' +
-               '</tr>'
-            )
-        });
-    };
-    updateNodes(nodes, success);
- })
+    var nodesId = $("#nodes_select2").val();
+    addObjects(nodesId, "node");
+})
 .on('click', '.btn-remove-node', function () {
-    var $this = $(this);
-    var $tr = $this.closest('tr');
-    var nodes = $('.bdg_group').map(function() {
-        if ($(this).data('gid') !== $this.data('gid')){
-            return $(this).data('gid');
-        }
-    }).get();
-    var success = function () {
-        $tr.remove()
-    };
-    updateNodes(nodes, success);
+    var nodeId = $(this).data("uid");
+    removeObject(nodeId, "node")
+})
+.on('click', '#btn-add-system-user', function () {
+    var systemUsersId = $("#system_users_select2").val();
+    addObjects(systemUsersId, "systemuser");
+})
+.on('click', '.btn-remove-sys-user', function () {
+    var systemUserId = $(this).data("uid");
+    removeObject(systemUserId, "systemuser")
 })
 </script>
 {% endblock %}
diff --git a/apps/perms/templates/perms/asset_permission_create_update.html b/apps/perms/templates/perms/asset_permission_create_update.html
index 0c05de831..4cb5928eb 100644
--- a/apps/perms/templates/perms/asset_permission_create_update.html
+++ b/apps/perms/templates/perms/asset_permission_create_update.html
@@ -3,8 +3,6 @@
 {% load static %}
 {% load bootstrap3 %}
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <link href="{% static 'css/plugins/datepicker/datepicker3.css' %}" rel="stylesheet">
 {% endblock %}
 
@@ -111,21 +109,14 @@ $(document).ready(function () {
 
     initDateRangePicker('#date_start');
     initDateRangePicker('#date_expired');
-
-    $("#id_assets").parent().find(".select2-selection").on('click', function (e) {
-        if ($(e.target).attr('class') !== 'select2-selection__choice__remove'){
-            e.preventDefault();
-            e.stopPropagation();
-            $("#asset_list_modal").modal();
-        }
-    })
+    initAssetTreeModel('#id_assets');
 })
 .on("submit", "form", function (evt) {
     evt.preventDefault();
-    var the_url = '{% url 'api-perms:asset-permission-list' %}';
+    var theUrl = '{% url 'api-perms:asset-permission-list' %}';
     var method = "POST";
     {% if api_action == "update" %}
-        the_url = '{% url 'api-perms:asset-permission-detail' pk=object.id %}';
+        theUrl = '{% url 'api-perms:asset-permission-detail' pk=object.id %}';
         method = "PUT";
     {% endif %}
     var redirect_to = '{% url "perms:asset-permission-list" %}';
@@ -135,7 +126,7 @@ $(document).ready(function () {
     objectAttrsIsDatetime(data, ['date_start', 'date_expired']);
     objectAttrsIsBool(data, ['is_active']);
     var props = {
-        url: the_url,
+        url: theUrl,
         data: data,
         method: method,
         form: form,
diff --git a/apps/perms/templates/perms/asset_permission_detail.html b/apps/perms/templates/perms/asset_permission_detail.html
index 044438c43..6930cfc5a 100644
--- a/apps/perms/templates/perms/asset_permission_detail.html
+++ b/apps/perms/templates/perms/asset_permission_detail.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
@@ -135,42 +130,7 @@
                                 </div>
                             </div>
 
-                            <div class="panel panel-info">
-                                <div class="panel-heading">
-                                    <i class="fa fa-info-circle"></i> {% trans 'System user' %}
-                                </div>
-                                <div class="panel-body">
-                                    <table class="table" id="system-user-table">
-                                        <tbody>
-                                        <form>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <select data-placeholder="{% trans 'Select system users' %}" class="select2" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for system_user in system_users_remain %}
-                                                        <option value="{{ system_user.id }}" id="opt_{{ system_user.id }}">{{ system_user }}</option>
-                                                        {% endfor %}
-                                                    </select>
-                                                </td>
-                                            </tr>
-                                            <tr class="no-borders-tr">
-                                                <td colspan="2">
-                                                    <button type="button" class="btn btn-info btn-small" id="btn-add-system-user">{% trans 'Add' %}</button>
-                                                </td>
-                                            </tr>
-                                        </form>
 
-                                        {% for system_user in object.system_users.all %}
-                                        <tr {% if forloop.counter == 1 %} class="no-borders-tr" {% endif %} >
-                                          <td ><b class="bdg-system-user" data-uid={{ system_user.id }}>{{ system_user }}</b></td>
-                                          <td>
-                                              <button class="btn btn-danger btn-xs btn-remove-user" data-uid="{{ system_user.id }}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
-                                          </td>
-                                        </tr>
-                                        {% endfor %}
-                                        </tbody>
-                                    </table>
-                                </div>
-                            </div>
                         </div>
                     </div>
                 </div>
@@ -182,17 +142,7 @@
 <script>
 jumpserver.system_users_selected = {};
 
-function updateSystemUser(system_users) {
-    var the_url = "{% url 'api-perms:asset-permission-detail' pk=object.id %}";
-    var body = {
-        system_users: Object.assign([], system_users)
-    };
-    requestApi({
-        url: the_url,
-        body: JSON.stringify(body),
-        success: function () {window.location.reload()}
-    });
-}
+
 
 $(document).ready(function () {
     $('.select2').select2()
@@ -213,36 +163,7 @@ $(document).ready(function () {
     var redirect_url = "{% url 'perms:asset-permission-list' %}";
     objectDelete($this, name, the_url, redirect_url);
 })
-.on('click', '#btn-add-system-user', function () {
-    if (Object.keys(jumpserver.system_users_selected).length === 0) {
-		return false;
-	}
-    var system_users = $('.bdg-system-user').map(function() {
-        return $(this).data('uid');
-    }).get();
-
-    $.map(jumpserver.system_users_selected, function(name, index) {
-        system_users.push(index);
-        $('#opt_' + index).remove();
-        $('.group_edit tbody').append(
-           '<tr>' +
-           '<td><b class="bdg-system-user" data-gid="' + index + '">' + name + '</b></td>' +
-           '<td><button class="btn btn-danger btn-xs pull-right btn-remove-user" type="button"><i class="fa fa-minus"></i></button></td>' +
-           '</tr>'
-        )
-    });
-    updateSystemUser(system_users);
-}).on('click', '.btn-remove-user', function () {
-    var $this = $(this);
-    var $tr = $this.closest('tr');
-    var system_users = $('.bdg-system-user').map(function() {
-        if ($(this).data('uid') !== $this.data('uid')){
-            return $(this).data('uid');
-        }
-    }).get();
-    updateSystemUser(system_users);
-    $tr.remove()
-}).on('click', '#is_active', function () {
+.on('click', '#is_active', function () {
     var the_url = '{% url "api-perms:asset-permission-detail" pk=object.id %}';
     var checked = $(this).prop('checked');
     var body = {
diff --git a/apps/perms/templates/perms/asset_permission_list.html b/apps/perms/templates/perms/asset_permission_list.html
index f3d46a4f0..d67bb7009 100644
--- a/apps/perms/templates/perms/asset_permission_list.html
+++ b/apps/perms/templates/perms/asset_permission_list.html
@@ -5,8 +5,6 @@
 {% block custom_head_css_js %}
     <link href="{% static "css/plugins/footable/footable.core.css" %}" rel="stylesheet">
     <link href="{% static 'css/plugins/datepicker/datepicker3.css' %}" rel="stylesheet">
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <link href="{% static 'css/plugins/jstree/style.min.css' %}" rel="stylesheet">
     <link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
     <script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
@@ -96,9 +94,6 @@ function beforeNodeAsync(treeId, treeNode) {
     return true
 }
 
-function makeLabel(data) {
-    return "<label class='detail-key'><b>" + data[0] + ": </b></label>" + data[1] + "</br>"
-}
 
 function format(d) {
     var data = "";
@@ -176,7 +171,7 @@ function initTable() {
 				$(td).html(update_btn + del_btn);
             }}
         ],
-        ajax_url: '{% url "api-perms:asset-permission-list" %}?display=1',
+        ajax_url: '{% url "api-perms:asset-permission-list" %}',
         columns: [
             {data: "id"}, {data: "name"}, {data: "users", orderable: false},
             {data: "user_groups", orderable: false}, {data: "assets", orderable: false},
@@ -213,6 +208,10 @@ $(document).ready(function(){
         {title: "{% trans 'Hostname' %}", value: "hostname"},
         {title: "{% trans 'Node' %}", value: "node"},
         {title: "{% trans 'System user' %}", value: "system_user"},
+        {title: "{% trans 'Inherit' %}", value: "all", submenu: [
+            {title: "{% trans 'Include' %}", value: "1"},
+            {title: "{% trans 'Exclude' %}", value: "0"},
+        ]},
     ];
     initTableFilterDropdown('#permission_list_table_filter input', filterMenu)
 })
diff --git a/apps/perms/templates/perms/asset_permission_user.html b/apps/perms/templates/perms/asset_permission_user.html
index f06c3409c..bb9ca375a 100644
--- a/apps/perms/templates/perms/asset_permission_user.html
+++ b/apps/perms/templates/perms/asset_permission_user.html
@@ -2,10 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
@@ -48,29 +44,19 @@
                                     </div>
                                 </div>
                                 <div class="ibox-content">
-                                    <table class="table table-hover">
+                                    <table class="table table-hover" id="user_list_table">
                                         <thead>
                                             <tr>
+                                                <th class="text-center">
+                                                    <input type="checkbox" id="check_all" class="ipt_check_all" >
+                                                </th>
                                                 <th>{% trans 'Name' %}</th>
-                                                <th>{% trans 'Username' %}</th>
-                                                <th></th>
+                                                <th class="text-center">{% trans 'Action' %}</th>
                                             </tr>
                                         </thead>
                                         <tbody>
-                                            {% for user in object_list %}
-                                            <tr>
-                                                <td>{{ user.name }}</td>
-                                                <td>{{ user.username }}</td>
-                                                <td>
-                                                    <button class="btn btn-danger btn-xs btn-remove-user {% if user.inherit %} disabled {% endif %}" data-gid="{{ user.id }}" type="button" style="float: right;"><i class="fa fa-minus"></i></button>
-                                                </td>
-                                            </tr>
-                                            {% endfor %}
                                         </tbody>
                                     </table>
-                                    <div class="row">
-                                        {% include '_pagination.html' %}
-                                    </div>
                                 </div>
                             </div>
                         </div>
@@ -85,10 +71,7 @@
                                         <form>
                                             <tr class="no-borders-tr">
                                                 <td colspan="2">
-                                                    <select data-placeholder="{% trans 'Select user' %}" class="select2 user" style="width: 100%" multiple="" tabindex="4">
-                                                        {% for user in users_remain %}
-                                                            <option value="{{ user.id }}">{{ user }}</option>
-                                                        {% endfor %}
+                                                    <select data-placeholder="{% trans 'Select user' %}" class="select2 users-select2" style="width: 100%" multiple="" tabindex="4">
                                                     </select>
                                                 </td>
                                             </tr>
@@ -113,7 +96,7 @@
                                         <form>
                                             <tr>
                                                 <td colspan="2" class="no-borders">
-                                                    <select data-placeholder="{% trans 'Select user groups' %}" class="select2 user-group" style="width: 100%" multiple="" tabindex="4">
+                                                    <select data-placeholder="{% trans 'Select user groups' %}" class="select2 user-groups-select2" style="width: 100%" multiple="" tabindex="4">
                                                         {% for user_group in user_groups_remain %}
                                                         <option value="{{ user_group.id }}" id="opt_{{ user_group.id }}">{{ user_group }}</option>
                                                         {% endfor %}
@@ -128,7 +111,7 @@
                                         </form>
 
                                         {% for user_group in asset_permission.user_groups.all %}
-                                        <tr>
+                                        <tr {% if forloop.counter == 1 %} class="no-borders-tr" {% endif %}>
                                           <td ><b class="bdg_group" data-gid={{ user_group.id }}>{{ user_group }}</b></td>
                                           <td>
                                               <button class="btn btn-danger btn-xs btn-remove-group" type="button" data-gid="{{ user_group.id }}" style="float: right;"><i class="fa fa-minus"></i></button>
@@ -145,120 +128,124 @@
             </div>
         </div>
     </div>
-
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-jumpserver.users_selected = {};
-jumpserver.nodes_selected = {};
+var usersDirectRelated = {{ users | safe }};
 
-function addUsers(users) {
-    var the_url = "{% url 'api-perms:asset-permission-add-user' pk=asset_permission.id %}";
-    var body = {
-        users: users
+var table;
+function initUsersTable() {
+    var options = {
+        ele: $('#user_list_table'),
+        toggle: true,
+        columnDefs: [
+             {targets: 2, createdCell: function (td, cellData, rowData) {
+                  var removeBtn = '<a class="btn btn-xs btn-danger m-l-xs btn-remove-user" disabled data-uid="{{ DEFAULT_PK }}"><i class="fa fa-minus"></i></a>'
+                      .replace('{{ DEFAULT_PK }}', cellData);
+                  if (usersDirectRelated.indexOf(cellData) !== -1) {
+                      removeBtn = removeBtn.replace('disabled', '')
+                  }
+		  		  $(td).html(removeBtn);
+             }}
+        ],
+        ajax_url: "{% url 'api-perms:asset-permission-all-users' pk=object.id %}",
+        columns: [
+            {data: "user"}, {data: "user_display"}, {data: "user", width: "30px"}
+        ],
+        op_html: $('#actions').html()
     };
+    table = jumpserver.initServerSideDataTable(options);
+    return table
+}
+
+function addUsers(usersId) {
+    if (!usersId || usersId.length === 0) {
+        return
+    }
+    var theUrl = "{% url 'api-perms:asset-permissions-users-relation-list' %}";
+    var body = [];
+    usersId.forEach(function (v, i) {
+        body.push({
+            "user": v,
+            "assetpermission": "{{ object.id }}"
+        })
+    });
     var success = function(data) {
         location.reload();
     };
     requestApi({
-        url: the_url,
+        url: theUrl,
         body: JSON.stringify(body),
+        method: "POST",
         success: success
     });
 }
 
-function removeUser(users) {
-    var the_url = "{% url 'api-perms:asset-permission-remove-user' pk=asset_permission.id %}";
-    var body = {
-        users: users
-    };
+function removeUser(userId) {
+    var theUrl = "{% url 'api-perms:asset-permissions-users-relation-list' %}?user=userId&assetpermission={{ object.id }}";
+    theUrl = theUrl.replace("userId", userId);
     var success = function(data) {
         location.reload();
     };
     requestApi({
-        url: the_url,
-        body: JSON.stringify(body),
+        url: theUrl,
+        method: "DELETE",
         success: success
     });
 }
 
-function updateGroup(groups) {
-    var the_url = "{% url 'api-perms:asset-permission-detail' pk=asset_permission.id %}";
-    var body = {
-        user_groups: groups
+function addGroups(groupsId) {
+    if (!groupsId || groupsId.length === 0) {
+        return
+    }
+    var theUrl = "{% url 'api-perms:asset-permissions-user-groups-relation-list' %}";
+    var body = [];
+    groupsId.forEach(function (v, i) {
+        body.push({
+            "usergroup": v,
+            "assetpermission": "{{ object.id }}"
+        })
+    });
+    var success = function(data) {
+        location.reload();
     };
     requestApi({
-        url: the_url,
-        body: JSON.stringify(body)
+        url: theUrl,
+        body: JSON.stringify(body),
+        method: "POST",
+        success: success
+    });
+}
+
+function removeGroup(groupId) {
+    var theUrl = "{% url 'api-perms:asset-permissions-user-groups-relation-list' %}?assetpermission={{ object.id }}";
+    theUrl = theUrl.replace("groupId", groupId);
+    var success = function(data) {
+        location.reload();
+    };
+    requestApi({
+        url: theUrl,
+        method: "DELETE",
+        success: success
     });
 }
 
 $(document).ready(function () {
-    $('.select2.user').select2()
-        .on('select2:select', function(evt) {
-             var data = evt.params.data;
-             jumpserver.users_selected[data.id] = data.text;
-        })
-        .on('select2:unselect', function(evt) {
-            var data = evt.params.data;
-            delete jumpserver.users_selected[data.id]
-        });
-    $('.select2.user-group').select2()
-        .on('select2:select', function(evt) {
-             var data = evt.params.data;
-             jumpserver.nodes_selected[data.id] = data.text;
-        })
-        .on('select2:unselect', function(evt) {
-            var data = evt.params.data;
-            delete jumpserver.nodes_selected[data.id]
-        })
+    $(".select2").select2();
+    initUsersTable();
+    usersSelect2Init(".users-select2", null, usersDirectRelated);
 }).on('click', '.btn-add-user', function () {
-    if (Object.keys(jumpserver.users_selected).length === 0) {
-		return false;
-	}
-	var users_id = [];
-    $.map(jumpserver.users_selected, function(value, index) {
-        users_id.push(index);
-    });
-    addUsers(users_id);
+	var usersSelected = $(".users-select2").val();
+    addUsers(usersSelected);
 }).on('click', '.btn-remove-user', function () {
-    var user_id = $(this).data("gid");
-    if (user_id === "") {
-        return
-    }
-    var users = [user_id];
-    removeUser(users)
+    var userId = $(this).data("uid");
+    removeUser(userId)
 }).on('click', '#btn-add-group', function () {
-    if (Object.keys(jumpserver.nodes_selected).length === 0) {
-		return false;
-	}
-
-    var groups = $('.bdg_group').map(function() {
-        return $(this).data('gid');
-    }).get();
-
-    $.map(jumpserver.nodes_selected, function(group_name, index) {
-        groups.push(index);
-        $('#opt_' + index).remove();
-        $('.group_edit tbody').append(
-           '<tr>' +
-           '<td><b class="bdg_group" data-gid="' + index + '">' + group_name + '</b></td>' +
-           '<td><button class="btn btn-danger btn-xs pull-right btn-leave-group" type="button"><i class="fa fa-minus"></i></button></td>' +
-           '</tr>'
-        )
-    });
-
-    updateGroup(groups);
+    var groupsSelected = $(".user-groups-select2").val();
+    addGroups(groupsSelected);
 }).on('click', '.btn-remove-group', function () {
-    var $this = $(this);
-    var $tr = $this.closest('tr');
-    var groups = $('.bdg_group').map(function() {
-        if ($(this).data('gid') !== $this.data('gid')){
-            return $(this).data('gid');
-        }
-    }).get();
-    updateGroup(groups);
-    $tr.remove()
+    var groupId = $(this).data("gid");
+    removeGroup(groupId);
 })
 </script>
 {% endblock %}
diff --git a/apps/perms/templates/perms/remote_app_permission_create_update.html b/apps/perms/templates/perms/remote_app_permission_create_update.html
index b7652a59b..a551e48ba 100644
--- a/apps/perms/templates/perms/remote_app_permission_create_update.html
+++ b/apps/perms/templates/perms/remote_app_permission_create_update.html
@@ -3,8 +3,6 @@
 {% load static %}
 {% load bootstrap3 %}
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <link href="{% static 'css/plugins/datepicker/datepicker3.css' %}" rel="stylesheet">
 {% endblock %}
 
diff --git a/apps/perms/templates/perms/remote_app_permission_detail.html b/apps/perms/templates/perms/remote_app_permission_detail.html
index f2ec8fa35..aedef832e 100644
--- a/apps/perms/templates/perms/remote_app_permission_detail.html
+++ b/apps/perms/templates/perms/remote_app_permission_detail.html
@@ -2,11 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
-
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
@@ -244,4 +239,4 @@ $(document).ready(function () {
     });
 })
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/perms/templates/perms/remote_app_permission_remote_app.html b/apps/perms/templates/perms/remote_app_permission_remote_app.html
index 091613317..991489033 100644
--- a/apps/perms/templates/perms/remote_app_permission_remote_app.html
+++ b/apps/perms/templates/perms/remote_app_permission_remote_app.html
@@ -2,10 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
@@ -161,4 +157,4 @@
             removeRemoteApps(remote_apps)
         })
     </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/perms/templates/perms/remote_app_permission_user.html b/apps/perms/templates/perms/remote_app_permission_user.html
index e18e4f694..d222dfb7c 100644
--- a/apps/perms/templates/perms/remote_app_permission_user.html
+++ b/apps/perms/templates/perms/remote_app_permission_user.html
@@ -2,10 +2,6 @@
 {% load static %}
 {% load i18n %}
 
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
         <div class="row">
@@ -253,4 +249,4 @@
         $tr.remove()
     })
 </script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/perms/urls/api_urls.py b/apps/perms/urls/api_urls.py
index 5ffa0d14f..696d34882 100644
--- a/apps/perms/urls/api_urls.py
+++ b/apps/perms/urls/api_urls.py
@@ -1,115 +1,18 @@
 # coding:utf-8
 
-from django.urls import path, re_path
-from rest_framework import routers
+from django.urls import re_path
 from common import api as capi
-from .. import api
+from .asset_permission import asset_permission_urlpatterns
+from .application_permission import remote_app_permission_urlpatterns
 
 app_name = 'perms'
 
-router = routers.DefaultRouter()
-router.register('asset-permissions', api.AssetPermissionViewSet, 'asset-permission')
-router.register('remote-app-permissions', api.RemoteAppPermissionViewSet, 'remote-app-permission')
-
-
-asset_permission_urlpatterns = [
-    # Assets
-    path('users/<uuid:pk>/assets/', api.UserGrantedAssetsApi.as_view(), name='user-assets'),
-    path('users/assets/', api.UserGrantedAssetsApi.as_view(), name='my-assets'),
-
-    # Assets as tree
-    path('users/<uuid:pk>/assets/tree/', api.UserGrantedAssetsAsTreeApi.as_view(), name='user-assets-as-tree'),
-    path('users/assets/tree/', api.UserGrantedAssetsAsTreeApi.as_view(), name='my-assets-as-tree'),
-
-    # Nodes
-    path('users/<uuid:pk>/nodes/', api.UserGrantedNodesApi.as_view(), name='user-nodes'),
-    path('users/nodes/', api.UserGrantedNodesApi.as_view(), name='my-nodes'),
-
-    # Node children
-    path('users/<uuid:pk>/nodes/children/', api.UserGrantedNodesApi.as_view(), name='user-nodes-children'),
-    path('users/nodes/children/', api.UserGrantedNodesApi.as_view(), name='my-nodes-children'),
-
-    # Node as tree
-    path('users/<uuid:pk>/nodes/tree/', api.UserGrantedNodesAsTreeApi.as_view(), name='user-nodes-as-tree'),
-    path('users/nodes/tree/', api.UserGrantedNodesAsTreeApi.as_view(), name='my-nodes-as-tree'),
-
-    # Node with assets as tree
-    path('users/<uuid:pk>/nodes-with-assets/tree/', api.UserGrantedNodesWithAssetsAsTreeApi.as_view(), name='user-nodes-with-assets-as-tree'),
-    path('users/nodes-with-assets/tree/', api.UserGrantedNodesWithAssetsAsTreeApi.as_view(), name='my-nodes-with-assets-as-tree'),
-
-    # Node children as tree
-    path('users/<uuid:pk>/nodes/children/tree/', api.UserGrantedNodeChildrenAsTreeApi.as_view(), name='user-nodes-children-as-tree'),
-    path('users/nodes/children/tree/', api.UserGrantedNodeChildrenAsTreeApi.as_view(), name='my-nodes-children-as-tree'),
-
-    # Node children with assets as tree
-    path('users/<uuid:pk>/nodes/children-with-assets/tree/', api.UserGrantedNodeChildrenWithAssetsAsTreeApi.as_view(), name='user-nodes-children-with-assets-as-tree'),
-    path('users/nodes/children-with-assets/tree/', api.UserGrantedNodeChildrenWithAssetsAsTreeApi.as_view(), name='my-nodes-children-with-assets-as-tree'),
-
-    # Node assets
-    path('users/<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'),
-    path('users/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsApi.as_view(), name='my-node-assets'),
-
-    # Asset System users
-    path('users/<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGrantedAssetSystemUsersApi.as_view(), name='user-asset-system-users'),
-    path('users/assets/<uuid:asset_id>/system-users/', api.UserGrantedAssetSystemUsersApi.as_view(), name='my-asset-system-users'),
-
-    # 查询某个用户组授权的资产和资产组
-    path('user-groups/<uuid:pk>/assets/', api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
-    path('user-groups/<uuid:pk>/nodes/', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes'),
-    path('user-groups/<uuid:pk>/nodes/children/', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes-children'),
-    path('user-groups/<uuid:pk>/nodes/children/tree/', api.UserGroupGrantedNodeChildrenAsTreeApi.as_view(), name='user-group-nodes-children-as-tree'),
-    path('user-groups/<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGroupGrantedNodeAssetsApi.as_view(), name='user-group-node-assets'),
-    path('user-groups/<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGroupGrantedAssetSystemUsersApi.as_view(), name='user-group-asset-system-users'),
-
-    # 用户和资产授权变更
-    path('asset-permissions/<uuid:pk>/users/remove/', api.AssetPermissionRemoveUserApi.as_view(), name='asset-permission-remove-user'),
-    path('asset-permissions/<uuid:pk>/users/add/', api.AssetPermissionAddUserApi.as_view(), name='asset-permission-add-user'),
-    path('asset-permissions/<uuid:pk>/assets/remove/', api.AssetPermissionRemoveAssetApi.as_view(), name='asset-permission-remove-asset'),
-    path('asset-permissions/<uuid:pk>/assets/add/', api.AssetPermissionAddAssetApi.as_view(), name='asset-permission-add-asset'),
-
-    # 授权规则中授权的资产
-    path('asset-permissions/<uuid:pk>/assets/', api.AssetPermissionAssetsApi.as_view(), name='asset-permission-assets'),
-
-    # 验证用户是否有某个资产和系统用户的权限
-    path('asset-permissions/user/validate/', api.ValidateUserAssetPermissionApi.as_view(), name='validate-user-asset-permission'),
-    path('asset-permissions/user/actions/', api.GetUserAssetPermissionActionsApi.as_view(), name='get-user-asset-permission-actions'),
-
-    # 刷新缓存
-    path('asset-permissions/cache/refresh/', api.RefreshAssetPermissionCacheApi.as_view(), name='refresh-asset-permission-cache'),
-]
-
-
-remote_app_permission_urlpatterns = [
-    # 查询用户授权的RemoteApp
-    path('users/<uuid:pk>/remote-apps/', api.UserGrantedRemoteAppsApi.as_view(), name='user-remote-apps'),
-    path('users/remote-apps/', api.UserGrantedRemoteAppsApi.as_view(), name='my-remote-apps'),
-
-    # 获取用户授权的RemoteApp树
-    path('users/<uuid:pk>/remote-apps/tree/', api.UserGrantedRemoteAppsAsTreeApi.as_view(), name='user-remote-apps-as-tree'),
-    path('users/remote-apps/tree/', api.UserGrantedRemoteAppsAsTreeApi.as_view(), name='my-remote-apps-as-tree'),
-
-    # 查询用户组授权的RemoteApp
-    path('user-groups/<uuid:pk>/remote-apps/', api.UserGroupGrantedRemoteAppsApi.as_view(), name='user-group-remote-apps'),
-
-    # RemoteApp System users
-    path('users/<uuid:pk>/remote-apps/<uuid:remote_app_id>/system-users/', api.UserGrantedRemoteAppSystemUsersApi.as_view(), name='user-remote-app-system-users'),
-    path('users/remote-apps/<uuid:remote_app_id>/system-users/', api.UserGrantedRemoteAppSystemUsersApi.as_view(), name='my-remote-app-system-users'),
-
-    # 校验用户对RemoteApp的权限
-    path('remote-app-permissions/user/validate/', api.ValidateUserRemoteAppPermissionApi.as_view(), name='validate-user-remote-app-permission'),
-
-    # 用户和RemoteApp变更
-    path('remote-app-permissions/<uuid:pk>/users/add/', api.RemoteAppPermissionAddUserApi.as_view(), name='remote-app-permission-add-user'),
-    path('remote-app-permissions/<uuid:pk>/users/remove/', api.RemoteAppPermissionRemoveUserApi.as_view(), name='remote-app-permission-remove-user'),
-    path('remote-app-permissions/<uuid:pk>/remote-apps/remove/', api.RemoteAppPermissionRemoveRemoteAppApi.as_view(), name='remote-app-permission-remove-remote-app'),
-    path('remote-app-permissions/<uuid:pk>/remote-apps/add/', api.RemoteAppPermissionAddRemoteAppApi.as_view(), name='remote-app-permission-add-remote-app'),
-]
 
 old_version_urlpatterns = [
     re_path('(?P<resource>user|user-group|asset-permission|remote-app-permission)/.*', capi.redirect_plural_name_api)
 ]
 
-urlpatterns = asset_permission_urlpatterns + remote_app_permission_urlpatterns + old_version_urlpatterns
-
-urlpatterns += router.urls
+urlpatterns = asset_permission_urlpatterns + \
+              remote_app_permission_urlpatterns \
+              + old_version_urlpatterns
 
diff --git a/apps/perms/urls/application_permission.py b/apps/perms/urls/application_permission.py
new file mode 100644
index 000000000..8f83d72d0
--- /dev/null
+++ b/apps/perms/urls/application_permission.py
@@ -0,0 +1,38 @@
+# coding:utf-8
+
+from django.urls import path
+from rest_framework_bulk.routes import BulkRouter
+from .. import api
+
+
+router = BulkRouter()
+router.register('remote-app-permissions', api.RemoteAppPermissionViewSet, 'remote-app-permission')
+
+remote_app_permission_urlpatterns = [
+    # 查询用户授权的RemoteApp
+    path('users/<uuid:pk>/remote-apps/', api.UserGrantedRemoteAppsApi.as_view(), name='user-remote-apps'),
+    path('users/remote-apps/', api.UserGrantedRemoteAppsApi.as_view(), name='my-remote-apps'),
+
+    # 获取用户授权的RemoteApp树
+    path('users/<uuid:pk>/remote-apps/tree/', api.UserGrantedRemoteAppsAsTreeApi.as_view(), name='user-remote-apps-as-tree'),
+    path('users/remote-apps/tree/', api.UserGrantedRemoteAppsAsTreeApi.as_view(), name='my-remote-apps-as-tree'),
+
+    # 查询用户组授权的RemoteApp
+    path('user-groups/<uuid:pk>/remote-apps/', api.UserGroupGrantedRemoteAppsApi.as_view(), name='user-group-remote-apps'),
+
+    # RemoteApp System users
+    path('users/<uuid:pk>/remote-apps/<uuid:remote_app_id>/system-users/', api.UserGrantedRemoteAppSystemUsersApi.as_view(), name='user-remote-app-system-users'),
+    path('users/remote-apps/<uuid:remote_app_id>/system-users/', api.UserGrantedRemoteAppSystemUsersApi.as_view(), name='my-remote-app-system-users'),
+
+    # 校验用户对RemoteApp的权限
+    path('remote-app-permissions/user/validate/', api.ValidateUserRemoteAppPermissionApi.as_view(), name='validate-user-remote-app-permission'),
+
+    # 用户和RemoteApp变更
+    path('remote-app-permissions/<uuid:pk>/users/add/', api.RemoteAppPermissionAddUserApi.as_view(), name='remote-app-permission-add-user'),
+    path('remote-app-permissions/<uuid:pk>/users/remove/', api.RemoteAppPermissionRemoveUserApi.as_view(), name='remote-app-permission-remove-user'),
+    path('remote-app-permissions/<uuid:pk>/remote-apps/remove/', api.RemoteAppPermissionRemoveRemoteAppApi.as_view(), name='remote-app-permission-remove-remote-app'),
+    path('remote-app-permissions/<uuid:pk>/remote-apps/add/', api.RemoteAppPermissionAddRemoteAppApi.as_view(), name='remote-app-permission-add-remote-app'),
+]
+
+remote_app_permission_urlpatterns += router.urls
+
diff --git a/apps/perms/urls/asset_permission.py b/apps/perms/urls/asset_permission.py
new file mode 100644
index 000000000..bcc7262cf
--- /dev/null
+++ b/apps/perms/urls/asset_permission.py
@@ -0,0 +1,83 @@
+# coding:utf-8
+
+from django.urls import path, include
+from rest_framework_bulk.routes import BulkRouter
+from .. import api
+
+router = BulkRouter()
+router.register('asset-permissions', api.AssetPermissionViewSet, 'asset-permission')
+router.register('asset-permissions-users-relations', api.AssetPermissionUserRelationViewSet, 'asset-permissions-users-relation')
+router.register('asset-permissions-user-groups-relations', api.AssetPermissionUserGroupRelationViewSet, 'asset-permissions-user-groups-relation')
+router.register('asset-permissions-assets-relations', api.AssetPermissionAssetRelationViewSet, 'asset-permissions-assets-relation')
+router.register('asset-permissions-nodes-relations', api.AssetPermissionNodeRelationViewSet, 'asset-permissions-nodes-relation')
+router.register('asset-permissions-system-users-relations', api.AssetPermissionSystemUserRelationViewSet, 'asset-permissions-system-users-relation')
+
+user_permission_urlpatterns = [
+    path('users/<uuid:pk>/assets/', api.UserGrantedAssetsApi.as_view(), name='user-assets'),
+    path('users/assets/', api.UserGrantedAssetsApi.as_view(), name='my-assets'),
+
+    # Assets as tree
+    path('users/<uuid:pk>/assets/tree/', api.UserGrantedAssetsAsTreeApi.as_view(), name='user-assets-as-tree'),
+    path('users/assets/tree/', api.UserGrantedAssetsAsTreeApi.as_view(), name='my-assets-as-tree'),
+
+    # Nodes
+    path('users/<uuid:pk>/nodes/', api.UserGrantedNodesApi.as_view(), name='user-nodes'),
+    path('users/nodes/', api.UserGrantedNodesApi.as_view(), name='my-nodes'),
+
+    # Node children
+    path('users/<uuid:pk>/nodes/children/', api.UserGrantedNodesApi.as_view(), name='user-nodes-children'),
+    path('users/nodes/children/', api.UserGrantedNodesApi.as_view(), name='my-nodes-children'),
+
+    # Node as tree
+    path('users/<uuid:pk>/nodes/tree/', api.UserGrantedNodesAsTreeApi.as_view(), name='user-nodes-as-tree'),
+    path('users/nodes/tree/', api.UserGrantedNodesAsTreeApi.as_view(), name='my-nodes-as-tree'),
+
+    # Node with assets as tree
+    path('users/<uuid:pk>/nodes-with-assets/tree/', api.UserGrantedNodesWithAssetsAsTreeApi.as_view(), name='user-nodes-with-assets-as-tree'),
+    path('users/nodes-with-assets/tree/', api.UserGrantedNodesWithAssetsAsTreeApi.as_view(), name='my-nodes-with-assets-as-tree'),
+
+    # Node children as tree
+    path('users/<uuid:pk>/nodes/children/tree/', api.UserGrantedNodeChildrenAsTreeApi.as_view(), name='user-nodes-children-as-tree'),
+    path('users/nodes/children/tree/', api.UserGrantedNodeChildrenAsTreeApi.as_view(), name='my-nodes-children-as-tree'),
+
+    # Node children with assets as tree
+    path('users/<uuid:pk>/nodes/children-with-assets/tree/', api.UserGrantedNodeChildrenWithAssetsAsTreeApi.as_view(), name='user-nodes-children-with-assets-as-tree'),
+    path('users/nodes/children-with-assets/tree/', api.UserGrantedNodeChildrenWithAssetsAsTreeApi.as_view(), name='my-nodes-children-with-assets-as-tree'),
+
+    # Node assets
+    path('users/<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'),
+    path('users/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsApi.as_view(), name='my-node-assets'),
+
+    # Asset System users
+    path('users/<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGrantedAssetSystemUsersApi.as_view(), name='user-asset-system-users'),
+    path('users/assets/<uuid:asset_id>/system-users/', api.UserGrantedAssetSystemUsersApi.as_view(), name='my-asset-system-users'),
+]
+
+user_group_permission_urlpatterns = [
+    # 查询某个用户组授权的资产和资产组
+    path('user-groups/<uuid:pk>/assets/', api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
+    path('user-groups/<uuid:pk>/nodes/', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes'),
+    path('user-groups/<uuid:pk>/nodes/children/', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes-children'),
+    path('user-groups/<uuid:pk>/nodes/children/tree/', api.UserGroupGrantedNodeChildrenAsTreeApi.as_view(), name='user-group-nodes-children-as-tree'),
+    path('user-groups/<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGroupGrantedNodeAssetsApi.as_view(), name='user-group-node-assets'),
+    path('user-groups/<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGroupGrantedAssetSystemUsersApi.as_view(), name='user-group-asset-system-users'),
+]
+
+asset_permission_urlpatterns = [
+    # Assets
+    path('', include(user_permission_urlpatterns)),
+
+
+    # 授权规则中授权的资产
+    path('asset-permissions/<uuid:pk>/assets/all/', api.AssetPermissionAllAssetListApi.as_view(), name='asset-permission-all-assets'),
+    path('asset-permissions/<uuid:pk>/users/all/', api.AssetPermissionAllUserListApi.as_view(), name='asset-permission-all-users'),
+
+    # 验证用户是否有某个资产和系统用户的权限
+    path('asset-permissions/user/validate/', api.ValidateUserAssetPermissionApi.as_view(), name='validate-user-asset-permission'),
+    path('asset-permissions/user/actions/', api.GetUserAssetPermissionActionsApi.as_view(), name='get-user-asset-permission-actions'),
+
+    # 刷新缓存
+    path('asset-permissions/cache/refresh/', api.RefreshAssetPermissionCacheApi.as_view(), name='refresh-asset-permission-cache'),
+]
+
+asset_permission_urlpatterns += router.urls
diff --git a/apps/perms/views/asset_permission.py b/apps/perms/views/asset_permission.py
index 6130ad2e3..48a7f2aa3 100644
--- a/apps/perms/views/asset_permission.py
+++ b/apps/perms/views/asset_permission.py
@@ -98,9 +98,7 @@ class AssetPermissionDetailView(PermissionsMixin, DetailView):
         context = {
             'app': _('Perms'),
             'action': _('Asset permission detail'),
-            'system_users_remain': SystemUser.objects.exclude(
-                granted_by_permissions=self.object
-            ),
+
         }
         kwargs.update(context)
         return super().get_context_data(**kwargs)
@@ -131,14 +129,13 @@ class AssetPermissionUserView(PermissionsMixin,
         return queryset
 
     def get_context_data(self, **kwargs):
-        user_remain = current_org.get_org_members(exclude=('Auditor',)).exclude(
-            assetpermission=self.object)
+        users = [str(i) for i in self.object.users.all().values_list('id', flat=True)]
         user_groups_remain = UserGroup.objects.exclude(
             assetpermission=self.object)
         context = {
             'app': _('Perms'),
             'action': _('Asset permission user list'),
-            'users_remain': user_remain,
+            'users': users,
             'user_groups_remain': user_groups_remain,
         }
         kwargs.update(context)
@@ -163,13 +160,15 @@ class AssetPermissionAssetView(PermissionsMixin,
         return queryset
 
     def get_context_data(self, **kwargs):
-        nodes_remain = Node.objects.exclude(
-            id__in=self.object.nodes.all().values_list('id', flat=True)
-        ).only('key')
+        assets = self.object.assets.all().values_list('id', flat=True)
+        assets = [str(i) for i in assets]
         context = {
             'app': _('Perms'),
+            'assets': assets,
             'action': _('Asset permission asset list'),
-            'nodes_remain': nodes_remain,
+            'system_users_remain': SystemUser.objects.exclude(
+                granted_by_permissions=self.object
+            ),
         }
         kwargs.update(context)
-        return super().get_context_data(**kwargs)
\ No newline at end of file
+        return super().get_context_data(**kwargs)
diff --git a/apps/settings/api.py b/apps/settings/api.py
index 1c65dc12c..354cbdd1d 100644
--- a/apps/settings/api.py
+++ b/apps/settings/api.py
@@ -245,87 +245,6 @@ class LDAPCacheRefreshAPI(generics.RetrieveAPIView):
         return Response(data={'msg': 'success'})
 
 
-class ReplayStorageCreateAPI(APIView):
-    permission_classes = (IsSuperUser,)
-
-    def post(self, request):
-        storage_data = request.data
-
-        if storage_data.get('TYPE') == 'ceph':
-            port = storage_data.get('PORT')
-            if port.isdigit():
-                storage_data['PORT'] = int(storage_data.get('PORT'))
-
-        storage_name = storage_data.pop('NAME')
-        data = {storage_name: storage_data}
-
-        if not self.is_valid(storage_data):
-            return Response({
-                "error": _("Error: Account invalid (Please make sure the "
-                           "information such as Access key or Secret key is correct)")},
-                status=401
-            )
-
-        Setting.save_storage('TERMINAL_REPLAY_STORAGE', data)
-        return Response({"msg": _('Create succeed')}, status=200)
-
-    @staticmethod
-    def is_valid(storage_data):
-        if storage_data.get('TYPE') == 'server':
-            return True
-        storage = jms_storage.get_object_storage(storage_data)
-        target = 'tests.py'
-        src = os.path.join(settings.BASE_DIR, 'common', target)
-        return storage.is_valid(src, target)
-
-
-class ReplayStorageDeleteAPI(APIView):
-    permission_classes = (IsSuperUser,)
-
-    def post(self, request):
-        storage_name = str(request.data.get('name'))
-        Setting.delete_storage('TERMINAL_REPLAY_STORAGE', storage_name)
-        return Response({"msg": _('Delete succeed')}, status=200)
-
-
-class CommandStorageCreateAPI(APIView):
-    permission_classes = (IsSuperUser,)
-
-    def post(self, request):
-        storage_data = request.data
-        storage_name = storage_data.pop('NAME')
-        data = {storage_name: storage_data}
-        if not self.is_valid(storage_data):
-            return Response(
-                {"error": _("Error: Account invalid (Please make sure the "
-                            "information such as Access key or Secret key is correct)")},
-                status=401
-            )
-
-        Setting.save_storage('TERMINAL_COMMAND_STORAGE', data)
-        return Response({"msg": _('Create succeed')}, status=200)
-
-    @staticmethod
-    def is_valid(storage_data):
-        if storage_data.get('TYPE') == 'server':
-            return True
-        try:
-            storage = jms_storage.get_log_storage(storage_data)
-        except Exception:
-            return False
-
-        return storage.ping()
-
-
-class CommandStorageDeleteAPI(APIView):
-    permission_classes = (IsSuperUser,)
-
-    def post(self, request):
-        storage_name = str(request.data.get('name'))
-        Setting.delete_storage('TERMINAL_COMMAND_STORAGE', storage_name)
-        return Response({"msg": _('Delete succeed')}, status=200)
-
-
 class PublicSettingApi(generics.RetrieveAPIView):
     permission_classes = ()
     serializer_class = PublicSettingSerializer
diff --git a/apps/settings/forms.py b/apps/settings/forms.py
deleted file mode 100644
index 5b55091cb..000000000
--- a/apps/settings/forms.py
+++ /dev/null
@@ -1,289 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-import json
-from django import forms
-from django.utils.translation import ugettext_lazy as _
-from django.db import transaction
-
-from .models import Setting, settings
-from common.fields import (
-    FormDictField, FormEncryptCharField, FormEncryptMixin
-)
-
-
-class BaseForm(forms.Form):
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        for name, field in self.fields.items():
-            value = getattr(settings, name, None)
-            if value is None:  # and django_value is None:
-                continue
-
-            if value is not None:
-                if isinstance(value, dict):
-                    value = json.dumps(value)
-                initial_value = value
-            else:
-                initial_value = ''
-            field.initial = initial_value
-
-    def save(self, category="default"):
-        if not self.is_bound:
-            raise ValueError("Form is not bound")
-
-        # db_settings = Setting.objects.all()
-        if not self.is_valid():
-            raise ValueError(self.errors)
-
-        with transaction.atomic():
-            for name, value in self.cleaned_data.items():
-                field = self.fields[name]
-                if isinstance(field.widget, forms.PasswordInput) and not value:
-                    continue
-                # if value == getattr(settings, name):
-                #     continue
-
-                encrypted = True if isinstance(field, FormEncryptMixin) else False
-                try:
-                    setting = Setting.objects.get(name=name)
-                except Setting.DoesNotExist:
-                    setting = Setting()
-                setting.name = name
-                setting.category = category
-                setting.encrypted = encrypted
-                setting.cleaned_value = value
-                setting.save()
-
-
-class BasicSettingForm(BaseForm):
-    SITE_URL = forms.URLField(
-        label=_("Current SITE URL"),
-        help_text="eg: http://jumpserver.abc.com:8080"
-    )
-    USER_GUIDE_URL = forms.URLField(
-        label=_("User Guide URL"), required=False,
-        help_text=_("User first login update profile done redirect to it")
-    )
-    EMAIL_SUBJECT_PREFIX = forms.CharField(
-        max_length=1024, label=_("Email Subject Prefix"),
-        help_text=_("Tips: Some word will be intercept by mail provider")
-    )
-
-
-class EmailSettingForm(BaseForm):
-    EMAIL_HOST = forms.CharField(
-        max_length=1024, label=_("SMTP host"), initial='smtp.jumpserver.org'
-    )
-    EMAIL_PORT = forms.CharField(max_length=5, label=_("SMTP port"), initial=25)
-    EMAIL_HOST_USER = forms.CharField(
-        max_length=128, label=_("SMTP user"), initial='noreply@jumpserver.org'
-    )
-    EMAIL_HOST_PASSWORD = FormEncryptCharField(
-        max_length=1024, label=_("SMTP password"), widget=forms.PasswordInput,
-        required=False,
-        help_text=_("Tips: Some provider use token except password")
-    )
-    EMAIL_FROM = forms.CharField(
-        max_length=128, label=_("Send user"), initial='', required=False,
-        help_text=_(
-            "Tips: Send mail account, default SMTP account as the send account"
-        )
-    )
-    EMAIL_RECIPIENT = forms.CharField(
-        max_length=128, label=_("Test recipient"), initial='', required=False,
-        help_text=_("Tips: Used only as a test mail recipient")
-    )
-    EMAIL_USE_SSL = forms.BooleanField(
-        label=_("Use SSL"), initial=False, required=False,
-        help_text=_("If SMTP port is 465, may be select")
-    )
-    EMAIL_USE_TLS = forms.BooleanField(
-        label=_("Use TLS"), initial=False, required=False,
-        help_text=_("If SMTP port is 587, may be select")
-    )
-
-
-class LDAPSettingForm(BaseForm):
-    AUTH_LDAP_SERVER_URI = forms.CharField(
-        label=_("LDAP server"),
-    )
-    AUTH_LDAP_BIND_DN = forms.CharField(
-        required=False, label=_("Bind DN"),
-    )
-    AUTH_LDAP_BIND_PASSWORD = FormEncryptCharField(
-        label=_("Password"),
-        widget=forms.PasswordInput, required=False
-    )
-    AUTH_LDAP_SEARCH_OU = forms.CharField(
-        label=_("User OU"),
-        help_text=_("Use | split User OUs"),
-        required=False,
-    )
-    AUTH_LDAP_SEARCH_FILTER = forms.CharField(
-        label=_("User search filter"),
-        help_text=_("Choice may be (cn|uid|sAMAccountName)=%(user)s)")
-    )
-    AUTH_LDAP_USER_ATTR_MAP = FormDictField(
-        label=_("User attr map"),
-        help_text=_(
-            "User attr map present how to map LDAP user attr to jumpserver, "
-            "username,name,email is jumpserver attr"
-        ),
-    )
-    # AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
-    # AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
-    # AUTH_LDAP_START_TLS = forms.BooleanField(
-    #     label=_("Use SSL"), required=False
-    # )
-    AUTH_LDAP = forms.BooleanField(label=_("Enable LDAP auth"), required=False)
-
-
-class TerminalSettingForm(BaseForm):
-    SORT_BY_CHOICES = (
-        ('hostname', _('Hostname')),
-        ('ip', _('IP')),
-    )
-    PAGE_SIZE_CHOICES = (
-        ('all', _('All')),
-        ('auto', _('Auto')),
-        (10, 10),
-        (15, 15),
-        (25, 25),
-        (50, 50),
-    )
-    TERMINAL_PASSWORD_AUTH = forms.BooleanField(
-        required=False, label=_("Password auth")
-    )
-    TERMINAL_PUBLIC_KEY_AUTH = forms.BooleanField(
-        required=False, label=_("Public key auth")
-    )
-    TERMINAL_HEARTBEAT_INTERVAL = forms.IntegerField(
-        min_value=5, max_value=99999, label=_("Heartbeat interval"),
-        help_text=_("Units: seconds")
-    )
-    TERMINAL_ASSET_LIST_SORT_BY = forms.ChoiceField(
-        choices=SORT_BY_CHOICES, label=_("List sort by")
-    )
-    TERMINAL_ASSET_LIST_PAGE_SIZE = forms.ChoiceField(
-        choices=PAGE_SIZE_CHOICES, label=_("List page size"),
-    )
-    TERMINAL_SESSION_KEEP_DURATION = forms.IntegerField(
-        min_value=1, max_value=99999, label=_("Session keep duration"),
-        help_text=_("Units: days, Session, record, command will be delete "
-                    "if more than duration, only in database")
-    )
-    TERMINAL_TELNET_REGEX = forms.CharField(
-        required=False, label=_("Telnet login regex"),
-        help_text=_("ex: Last\s*login|success|成功")
-    )
-
-
-class TerminalCommandStorage(BaseForm):
-    pass
-
-
-class SecuritySettingForm(BaseForm):
-    # MFA global setting
-    SECURITY_MFA_AUTH = forms.BooleanField(
-        required=False, label=_("MFA Secondary certification"),
-        help_text=_(
-            'After opening, the user login must use MFA secondary '
-            'authentication (valid for all users, including administrators)'
-        )
-    )
-    # Execute commands for user
-    SECURITY_COMMAND_EXECUTION = forms.BooleanField(
-        required=False, label=_("Batch execute commands"),
-        help_text=_("Allow user batch execute commands")
-    )
-    SECURITY_SERVICE_ACCOUNT_REGISTRATION = forms.BooleanField(
-        required=False, label=_("Service account registration"),
-        help_text=_("Allow using bootstrap token register service account, "
-                    "when terminal setup, can disable it")
-    )
-    # limit login count
-    SECURITY_LOGIN_LIMIT_COUNT = forms.IntegerField(
-        min_value=3, max_value=99999,
-        label=_("Limit the number of login failures")
-    )
-    # limit login time
-    SECURITY_LOGIN_LIMIT_TIME = forms.IntegerField(
-        min_value=5, max_value=99999, label=_("No logon interval"),
-        help_text=_(
-            "Tip: (unit/minute) if the user has failed to log in for a limited "
-            "number of times, no login is allowed during this time interval."
-        )
-    )
-    # ssh max idle time
-    SECURITY_MAX_IDLE_TIME = forms.IntegerField(
-        min_value=1, max_value=99999, required=False,
-        label=_("Connection max idle time"),
-        help_text=_(
-            'If idle time more than it, disconnect connection '
-            'Unit: minute'
-        ),
-    )
-    # password expiration time
-    SECURITY_PASSWORD_EXPIRATION_TIME = forms.IntegerField(
-        min_value=1, max_value=99999, label=_("Password expiration time"),
-        help_text=_(
-            "Tip: (unit: day) "
-            "If the user does not update the password during the time, "
-            "the user password will expire failure;"
-            "The password expiration reminder mail will be automatic sent to the user "
-            "by system within 5 days (daily) before the password expires"
-        )
-    )
-    # min length
-    SECURITY_PASSWORD_MIN_LENGTH = forms.IntegerField(
-        min_value=6, max_value=30, label=_("Password minimum length"),
-    )
-    # upper case
-    SECURITY_PASSWORD_UPPER_CASE = forms.BooleanField(
-        required=False, label=_("Must contain capital letters"),
-        help_text=_(
-            'After opening, the user password changes '
-            'and resets must contain uppercase letters')
-    )
-    # lower case
-    SECURITY_PASSWORD_LOWER_CASE = forms.BooleanField(
-        required=False, label=_("Must contain lowercase letters"),
-        help_text=_('After opening, the user password changes '
-                    'and resets must contain lowercase letters')
-    )
-    # number
-    SECURITY_PASSWORD_NUMBER = forms.BooleanField(
-        required=False, label=_("Must contain numeric characters"),
-        help_text=_('After opening, the user password changes '
-                    'and resets must contain numeric characters')
-    )
-    # special char
-    SECURITY_PASSWORD_SPECIAL_CHAR = forms.BooleanField(
-        required=False, label=_("Must contain special characters"),
-        help_text=_('After opening, the user password changes '
-                    'and resets must contain special characters')
-    )
-
-
-class EmailContentSettingForm(BaseForm):
-    EMAIL_CUSTOM_USER_CREATED_SUBJECT = forms.CharField(
-        max_length=1024,  required=False, label=_("Create user email subject"),
-        help_text=_("Tips: When creating a user, send the subject of the email"
-                    " (eg:Create account successfully)")
-    )
-    EMAIL_CUSTOM_USER_CREATED_HONORIFIC = forms.CharField(
-        max_length=1024, required=False, label=_("Create user honorific"),
-        help_text=_("Tips: When creating a user, send the honorific of the "
-                    "email (eg:Hello)")
-    )
-    EMAIL_CUSTOM_USER_CREATED_BODY = forms.CharField(
-        max_length=4096, required=False, widget=forms.Textarea(),
-        label=_('Create user email content'),
-        help_text=_('Tips:When creating a user, send the content of the email')
-    )
-    EMAIL_CUSTOM_USER_CREATED_SIGNATURE = forms.CharField(
-        max_length=512, required=False, label=_("Signature"),
-        help_text=_("Tips: Email signature (eg:jumpserver)")
-    )
-
-
diff --git a/apps/settings/forms/__init__.py b/apps/settings/forms/__init__.py
new file mode 100644
index 000000000..4c5a69e8c
--- /dev/null
+++ b/apps/settings/forms/__init__.py
@@ -0,0 +1,9 @@
+# coding: utf-8
+# 
+
+from .base import *
+from .basic import *
+from .email import *
+from .ldap import *
+from .security import *
+from .terminal import *
diff --git a/apps/settings/forms/base.py b/apps/settings/forms/base.py
new file mode 100644
index 000000000..b7b32dea6
--- /dev/null
+++ b/apps/settings/forms/base.py
@@ -0,0 +1,57 @@
+# coding: utf-8
+#
+
+import json
+from django import forms
+from django.db import transaction
+from django.conf import settings
+
+from ..models import Setting
+from common.fields import FormEncryptMixin
+
+__all__ = ['BaseForm']
+
+
+class BaseForm(forms.Form):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        for name, field in self.fields.items():
+            value = getattr(settings, name, None)
+            if value is None:  # and django_value is None:
+                continue
+
+            if value is not None:
+                if isinstance(value, dict):
+                    value = json.dumps(value)
+                initial_value = value
+            else:
+                initial_value = ''
+            field.initial = initial_value
+
+    def save(self, category="default"):
+        if not self.is_bound:
+            raise ValueError("Form is not bound")
+
+        # db_settings = Setting.objects.all()
+        if not self.is_valid():
+            raise ValueError(self.errors)
+
+        with transaction.atomic():
+            for name, value in self.cleaned_data.items():
+                field = self.fields[name]
+                if isinstance(field.widget, forms.PasswordInput) and not value:
+                    continue
+                # if value == getattr(settings, name):
+                #     continue
+
+                encrypted = True if isinstance(field, FormEncryptMixin) else False
+                try:
+                    setting = Setting.objects.get(name=name)
+                except Setting.DoesNotExist:
+                    setting = Setting()
+                setting.name = name
+                setting.category = category
+                setting.encrypted = encrypted
+                setting.cleaned_value = value
+                setting.save()
+
diff --git a/apps/settings/forms/basic.py b/apps/settings/forms/basic.py
new file mode 100644
index 000000000..dd93c9537
--- /dev/null
+++ b/apps/settings/forms/basic.py
@@ -0,0 +1,24 @@
+# coding: utf-8
+#
+
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+from .base import BaseForm
+
+__all__ = ['BasicSettingForm']
+
+
+class BasicSettingForm(BaseForm):
+    SITE_URL = forms.URLField(
+        label=_("Current SITE URL"),
+        help_text="eg: http://jumpserver.abc.com:8080"
+    )
+    USER_GUIDE_URL = forms.URLField(
+        label=_("User Guide URL"), required=False,
+        help_text=_("User first login update profile done redirect to it")
+    )
+    EMAIL_SUBJECT_PREFIX = forms.CharField(
+        max_length=1024, label=_("Email Subject Prefix"),
+        help_text=_("Tips: Some word will be intercept by mail provider")
+    )
+
diff --git a/apps/settings/forms/email.py b/apps/settings/forms/email.py
new file mode 100644
index 000000000..6fa61148a
--- /dev/null
+++ b/apps/settings/forms/email.py
@@ -0,0 +1,65 @@
+# coding: utf-8
+#
+
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+
+from common.fields import FormEncryptCharField
+from .base import BaseForm
+
+__all__ = ['EmailSettingForm', 'EmailContentSettingForm']
+
+
+class EmailSettingForm(BaseForm):
+    EMAIL_HOST = forms.CharField(
+        max_length=1024, label=_("SMTP host"), initial='smtp.jumpserver.org'
+    )
+    EMAIL_PORT = forms.CharField(max_length=5, label=_("SMTP port"), initial=25)
+    EMAIL_HOST_USER = forms.CharField(
+        max_length=128, label=_("SMTP user"), initial='noreply@jumpserver.org'
+    )
+    EMAIL_HOST_PASSWORD = FormEncryptCharField(
+        max_length=1024, label=_("SMTP password"), widget=forms.PasswordInput,
+        required=False,
+        help_text=_("Tips: Some provider use token except password")
+    )
+    EMAIL_FROM = forms.CharField(
+        max_length=128, label=_("Send user"), initial='', required=False,
+        help_text=_(
+            "Tips: Send mail account, default SMTP account as the send account"
+        )
+    )
+    EMAIL_RECIPIENT = forms.CharField(
+        max_length=128, label=_("Test recipient"), initial='', required=False,
+        help_text=_("Tips: Used only as a test mail recipient")
+    )
+    EMAIL_USE_SSL = forms.BooleanField(
+        label=_("Use SSL"), initial=False, required=False,
+        help_text=_("If SMTP port is 465, may be select")
+    )
+    EMAIL_USE_TLS = forms.BooleanField(
+        label=_("Use TLS"), initial=False, required=False,
+        help_text=_("If SMTP port is 587, may be select")
+    )
+
+
+class EmailContentSettingForm(BaseForm):
+    EMAIL_CUSTOM_USER_CREATED_SUBJECT = forms.CharField(
+        max_length=1024,  required=False, label=_("Create user email subject"),
+        help_text=_("Tips: When creating a user, send the subject of the email"
+                    " (eg:Create account successfully)")
+    )
+    EMAIL_CUSTOM_USER_CREATED_HONORIFIC = forms.CharField(
+        max_length=1024, required=False, label=_("Create user honorific"),
+        help_text=_("Tips: When creating a user, send the honorific of the "
+                    "email (eg:Hello)")
+    )
+    EMAIL_CUSTOM_USER_CREATED_BODY = forms.CharField(
+        max_length=4096, required=False, widget=forms.Textarea(),
+        label=_('Create user email content'),
+        help_text=_('Tips:When creating a user, send the content of the email')
+    )
+    EMAIL_CUSTOM_USER_CREATED_SIGNATURE = forms.CharField(
+        max_length=512, required=False, label=_("Signature"),
+        help_text=_("Tips: Email signature (eg:jumpserver)")
+    )
diff --git a/apps/settings/forms/ldap.py b/apps/settings/forms/ldap.py
new file mode 100644
index 000000000..c44d1c3e4
--- /dev/null
+++ b/apps/settings/forms/ldap.py
@@ -0,0 +1,46 @@
+# coding: utf-8
+# 
+
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+
+from common.fields import FormDictField, FormEncryptCharField
+from .base import BaseForm
+
+
+__all__ = ['LDAPSettingForm']
+
+
+class LDAPSettingForm(BaseForm):
+    AUTH_LDAP_SERVER_URI = forms.CharField(
+        label=_("LDAP server"),
+    )
+    AUTH_LDAP_BIND_DN = forms.CharField(
+        required=False, label=_("Bind DN"),
+    )
+    AUTH_LDAP_BIND_PASSWORD = FormEncryptCharField(
+        label=_("Password"),
+        widget=forms.PasswordInput, required=False
+    )
+    AUTH_LDAP_SEARCH_OU = forms.CharField(
+        label=_("User OU"),
+        help_text=_("Use | split User OUs"),
+        required=False,
+    )
+    AUTH_LDAP_SEARCH_FILTER = forms.CharField(
+        label=_("User search filter"),
+        help_text=_("Choice may be (cn|uid|sAMAccountName)=%(user)s)")
+    )
+    AUTH_LDAP_USER_ATTR_MAP = FormDictField(
+        label=_("User attr map"),
+        help_text=_(
+            "User attr map present how to map LDAP user attr to jumpserver, "
+            "username,name,email is jumpserver attr"
+        ),
+    )
+    # AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
+    # AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
+    # AUTH_LDAP_START_TLS = forms.BooleanField(
+    #     label=_("Use SSL"), required=False
+    # )
+    AUTH_LDAP = forms.BooleanField(label=_("Enable LDAP auth"), required=False)
diff --git a/apps/settings/forms/security.py b/apps/settings/forms/security.py
new file mode 100644
index 000000000..7b7cc247d
--- /dev/null
+++ b/apps/settings/forms/security.py
@@ -0,0 +1,93 @@
+# coding: utf-8
+#
+
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+
+from .base import BaseForm
+
+
+__all__ = ['SecuritySettingForm']
+
+
+class SecuritySettingForm(BaseForm):
+    # MFA global setting
+    SECURITY_MFA_AUTH = forms.BooleanField(
+        required=False, label=_("MFA Secondary certification"),
+        help_text=_(
+            'After opening, the user login must use MFA secondary '
+            'authentication (valid for all users, including administrators)'
+        )
+    )
+    # Execute commands for user
+    SECURITY_COMMAND_EXECUTION = forms.BooleanField(
+        required=False, label=_("Batch execute commands"),
+        help_text=_("Allow user batch execute commands")
+    )
+    SECURITY_SERVICE_ACCOUNT_REGISTRATION = forms.BooleanField(
+        required=False, label=_("Service account registration"),
+        help_text=_("Allow using bootstrap token register service account, "
+                    "when terminal setup, can disable it")
+    )
+    # limit login count
+    SECURITY_LOGIN_LIMIT_COUNT = forms.IntegerField(
+        min_value=3, max_value=99999,
+        label=_("Limit the number of login failures")
+    )
+    # limit login time
+    SECURITY_LOGIN_LIMIT_TIME = forms.IntegerField(
+        min_value=5, max_value=99999, label=_("No logon interval"),
+        help_text=_(
+            "Tip: (unit/minute) if the user has failed to log in for a limited "
+            "number of times, no login is allowed during this time interval."
+        )
+    )
+    # ssh max idle time
+    SECURITY_MAX_IDLE_TIME = forms.IntegerField(
+        min_value=1, max_value=99999, required=False,
+        label=_("Connection max idle time"),
+        help_text=_(
+            'If idle time more than it, disconnect connection '
+            'Unit: minute'
+        ),
+    )
+    # password expiration time
+    SECURITY_PASSWORD_EXPIRATION_TIME = forms.IntegerField(
+        min_value=1, max_value=99999, label=_("Password expiration time"),
+        help_text=_(
+            "Tip: (unit: day) "
+            "If the user does not update the password during the time, "
+            "the user password will expire failure;"
+            "The password expiration reminder mail will be automatic sent to the user "
+            "by system within 5 days (daily) before the password expires"
+        )
+    )
+    # min length
+    SECURITY_PASSWORD_MIN_LENGTH = forms.IntegerField(
+        min_value=6, max_value=30, label=_("Password minimum length"),
+    )
+    # upper case
+    SECURITY_PASSWORD_UPPER_CASE = forms.BooleanField(
+        required=False, label=_("Must contain capital letters"),
+        help_text=_(
+            'After opening, the user password changes '
+            'and resets must contain uppercase letters')
+    )
+    # lower case
+    SECURITY_PASSWORD_LOWER_CASE = forms.BooleanField(
+        required=False, label=_("Must contain lowercase letters"),
+        help_text=_('After opening, the user password changes '
+                    'and resets must contain lowercase letters')
+    )
+    # number
+    SECURITY_PASSWORD_NUMBER = forms.BooleanField(
+        required=False, label=_("Must contain numeric characters"),
+        help_text=_('After opening, the user password changes '
+                    'and resets must contain numeric characters')
+    )
+    # special char
+    SECURITY_PASSWORD_SPECIAL_CHAR = forms.BooleanField(
+        required=False, label=_("Must contain special characters"),
+        help_text=_('After opening, the user password changes '
+                    'and resets must contain special characters')
+    )
diff --git a/apps/settings/forms/terminal.py b/apps/settings/forms/terminal.py
new file mode 100644
index 000000000..d879e88d2
--- /dev/null
+++ b/apps/settings/forms/terminal.py
@@ -0,0 +1,50 @@
+# coding: utf-8
+# 
+
+
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+
+from .base import BaseForm
+
+__all__ = ['TerminalSettingForm']
+
+
+class TerminalSettingForm(BaseForm):
+    SORT_BY_CHOICES = (
+        ('hostname', _('Hostname')),
+        ('ip', _('IP')),
+    )
+    PAGE_SIZE_CHOICES = (
+        ('all', _('All')),
+        ('auto', _('Auto')),
+        (10, 10),
+        (15, 15),
+        (25, 25),
+        (50, 50),
+    )
+    TERMINAL_PASSWORD_AUTH = forms.BooleanField(
+        required=False, label=_("Password auth")
+    )
+    TERMINAL_PUBLIC_KEY_AUTH = forms.BooleanField(
+        required=False, label=_("Public key auth")
+    )
+    TERMINAL_HEARTBEAT_INTERVAL = forms.IntegerField(
+        min_value=5, max_value=99999, label=_("Heartbeat interval"),
+        help_text=_("Units: seconds")
+    )
+    TERMINAL_ASSET_LIST_SORT_BY = forms.ChoiceField(
+        choices=SORT_BY_CHOICES, label=_("List sort by")
+    )
+    TERMINAL_ASSET_LIST_PAGE_SIZE = forms.ChoiceField(
+        choices=PAGE_SIZE_CHOICES, label=_("List page size"),
+    )
+    TERMINAL_SESSION_KEEP_DURATION = forms.IntegerField(
+        min_value=1, max_value=99999, label=_("Session keep duration"),
+        help_text=_("Units: days, Session, record, command will be delete "
+                    "if more than duration, only in database")
+    )
+    TERMINAL_TELNET_REGEX = forms.CharField(
+        required=False, label=_("Telnet login regex"),
+        help_text=_("ex: Last\s*login|success|成功")
+    )
diff --git a/apps/settings/models.py b/apps/settings/models.py
index 524fa9349..0cbd9dd0e 100644
--- a/apps/settings/models.py
+++ b/apps/settings/models.py
@@ -1,10 +1,9 @@
 import json
 
 from django.db import models
-from django.core.cache import cache
 from django.db.utils import ProgrammingError, OperationalError
 from django.utils.translation import ugettext_lazy as _
-from django.conf import settings
+from django.core.cache import cache
 
 from common.utils import get_signer
 
@@ -34,12 +33,28 @@ class Setting(models.Model):
     comment = models.TextField(verbose_name=_("Comment"))
 
     objects = SettingManager()
+    cache_key_prefix = '_SETTING_'
 
     def __str__(self):
         return self.name
 
-    def __getattr__(self, item):
-        return cache.get(item)
+    @classmethod
+    def get(cls, item):
+        cached = cls.get_from_cache(item)
+        if cached is not None:
+            return cached
+        instances = cls.objects.filter(name=item)
+        if len(instances) == 1:
+            s = instances[0]
+            s.refresh_setting()
+            return s.cleaned_value
+        return None
+
+    @classmethod
+    def get_from_cache(cls, item):
+        key = cls.cache_key_prefix + item
+        cached = cache.get(key)
+        return cached
 
     @property
     def cleaned_value(self):
@@ -64,44 +79,6 @@ class Setting(models.Model):
         except json.JSONDecodeError as e:
             raise ValueError("Json dump error: {}".format(str(e)))
 
-    @classmethod
-    def save_storage(cls, name, data):
-        """
-        :param name: TERMINAL_REPLAY_STORAGE or TERMINAL_COMMAND_STORAGE
-        :param data: {}
-        :return: Setting object
-        """
-        obj = cls.objects.filter(name=name).first()
-        if not obj:
-            obj = cls()
-            obj.name = name
-            obj.encrypted = True
-            obj.cleaned_value = data
-        else:
-            value = obj.cleaned_value
-            if value is None:
-                value = {}
-            value.update(data)
-            obj.cleaned_value = value
-        obj.save()
-        return obj
-
-    @classmethod
-    def delete_storage(cls, name, storage_name):
-        """
-        :param name: TERMINAL_REPLAY_STORAGE or TERMINAL_COMMAND_STORAGE
-        :param storage_name: ""
-        :return: bool
-        """
-        obj = cls.objects.filter(name=name).first()
-        if not obj:
-            return False
-        value = obj.cleaned_value
-        value.pop(storage_name, '')
-        obj.cleaned_value = value
-        obj.save()
-        return True
-
     @classmethod
     def refresh_all_settings(cls):
         try:
@@ -112,16 +89,8 @@ class Setting(models.Model):
             pass
 
     def refresh_setting(self):
-        setattr(settings, self.name, self.cleaned_value)
-        if self.name == "AUTH_LDAP":
-            if self.cleaned_value and settings.AUTH_LDAP_BACKEND not in settings.AUTHENTICATION_BACKENDS:
-                old_setting = settings.AUTHENTICATION_BACKENDS
-                old_setting.insert(0, settings.AUTH_LDAP_BACKEND)
-                settings.AUTHENTICATION_BACKENDS = old_setting
-            elif not self.cleaned_value and settings.AUTH_LDAP_BACKEND in settings.AUTHENTICATION_BACKENDS:
-                old_setting = settings.AUTHENTICATION_BACKENDS
-                old_setting.remove(settings.AUTH_LDAP_BACKEND)
-                settings.AUTHENTICATION_BACKENDS = old_setting
+        key = self.cache_key_prefix + self.name
+        cache.set(key, self.cleaned_value, None)
 
     class Meta:
         db_table = "settings_setting"
diff --git a/apps/settings/serializers/__init__.py b/apps/settings/serializers/__init__.py
new file mode 100644
index 000000000..045763364
--- /dev/null
+++ b/apps/settings/serializers/__init__.py
@@ -0,0 +1,6 @@
+# coding: utf-8
+#
+
+from .email import *
+from .ldap import *
+from .public import *
diff --git a/apps/settings/serializers/email.py b/apps/settings/serializers/email.py
new file mode 100644
index 000000000..6d033f6aa
--- /dev/null
+++ b/apps/settings/serializers/email.py
@@ -0,0 +1,17 @@
+# coding: utf-8
+# 
+
+from rest_framework import serializers
+
+__all__ = ['MailTestSerializer']
+
+
+class MailTestSerializer(serializers.Serializer):
+    EMAIL_HOST = serializers.CharField(max_length=1024, required=True)
+    EMAIL_PORT = serializers.IntegerField(default=25)
+    EMAIL_HOST_USER = serializers.CharField(max_length=1024)
+    EMAIL_HOST_PASSWORD = serializers.CharField(required=False, allow_blank=True)
+    EMAIL_FROM = serializers.CharField(required=False, allow_blank=True)
+    EMAIL_RECIPIENT = serializers.CharField(required=False, allow_blank=True)
+    EMAIL_USE_SSL = serializers.BooleanField(default=False)
+    EMAIL_USE_TLS = serializers.BooleanField(default=False)
diff --git a/apps/settings/serializers.py b/apps/settings/serializers/ldap.py
similarity index 54%
rename from apps/settings/serializers.py
rename to apps/settings/serializers/ldap.py
index 1717634f4..4009c0705 100644
--- a/apps/settings/serializers.py
+++ b/apps/settings/serializers/ldap.py
@@ -1,15 +1,9 @@
+# coding: utf-8
+# 
+
 from rest_framework import serializers
 
-
-class MailTestSerializer(serializers.Serializer):
-    EMAIL_HOST = serializers.CharField(max_length=1024, required=True)
-    EMAIL_PORT = serializers.IntegerField(default=25)
-    EMAIL_HOST_USER = serializers.CharField(max_length=1024)
-    EMAIL_HOST_PASSWORD = serializers.CharField(required=False, allow_blank=True)
-    EMAIL_FROM = serializers.CharField(required=False, allow_blank=True)
-    EMAIL_RECIPIENT = serializers.CharField(required=False, allow_blank=True)
-    EMAIL_USE_SSL = serializers.BooleanField(default=False)
-    EMAIL_USE_TLS = serializers.BooleanField(default=False)
+__all__ = ['LDAPTestSerializer', 'LDAPUserSerializer']
 
 
 class LDAPTestSerializer(serializers.Serializer):
@@ -29,6 +23,3 @@ class LDAPUserSerializer(serializers.Serializer):
     email = serializers.CharField()
     existing = serializers.BooleanField(read_only=True)
 
-
-class PublicSettingSerializer(serializers.Serializer):
-    data = serializers.DictField(read_only=True)
diff --git a/apps/settings/serializers/public.py b/apps/settings/serializers/public.py
new file mode 100644
index 000000000..52e39a954
--- /dev/null
+++ b/apps/settings/serializers/public.py
@@ -0,0 +1,10 @@
+# coding: utf-8
+# 
+
+from rest_framework import serializers
+
+__all__ = ['PublicSettingSerializer']
+
+
+class PublicSettingSerializer(serializers.Serializer):
+    data = serializers.DictField(read_only=True)
diff --git a/apps/settings/signals_handler.py b/apps/settings/signals_handler.py
index c131cc214..026d60a78 100644
--- a/apps/settings/signals_handler.py
+++ b/apps/settings/signals_handler.py
@@ -4,9 +4,6 @@ import json
 
 from django.dispatch import receiver
 from django.db.models.signals import post_save, pre_save
-from django.conf import LazySettings, empty, global_settings
-from django.db.utils import ProgrammingError, OperationalError
-from django.core.cache import cache
 
 from jumpserver.utils import current_request
 from common.utils import get_logger, ssh_key_gen
@@ -23,56 +20,9 @@ def refresh_settings_on_changed(sender, instance=None, **kwargs):
 
 
 @receiver(django_ready)
-def monkey_patch_settings(sender, **kwargs):
-    logger.debug("Monkey patch settings")
-    cache_key_prefix = '_SETTING_'
-    custom_need_cache_settings = [
-        'AUTHENTICATION_BACKENDS', 'TERMINAL_HOST_KEY',
-    ]
-    custom_no_cache_settings = [
-        'BASE_DIR', 'VERSION', 'AUTH_OPENID',
-    ]
-    django_settings = dir(global_settings)
-    uncached_settings = [i for i in django_settings if i.isupper()]
-    uncached_settings = [i for i in uncached_settings if not i.startswith('EMAIL')]
-    uncached_settings = [i for i in uncached_settings if not i.startswith('SESSION_REDIS')]
-    uncached_settings = [i for i in uncached_settings if i not in custom_need_cache_settings]
-    uncached_settings.extend(custom_no_cache_settings)
-
-    def monkey_patch_getattr(self, name):
-        if name not in uncached_settings:
-            key = cache_key_prefix + name
-            cached = cache.get(key)
-            if cached is not None:
-                return cached
-        if self._wrapped is empty:
-            self._setup(name)
-        val = getattr(self._wrapped, name)
-        return val
-
-    def monkey_patch_setattr(self, name, value):
-        key = cache_key_prefix + name
-        cache.set(key, value, None)
-        if name == '_wrapped':
-            self.__dict__.clear()
-        else:
-            self.__dict__.pop(name, None)
-        super(LazySettings, self).__setattr__(name, value)
-
-    def monkey_patch_delattr(self, name):
-        super(LazySettings, self).__delattr__(name)
-        self.__dict__.pop(name, None)
-        key = cache_key_prefix + name
-        cache.delete(key)
-
-    try:
-        cache.delete_pattern(cache_key_prefix+'*')
-        LazySettings.__getattr__ = monkey_patch_getattr
-        LazySettings.__setattr__ = monkey_patch_setattr
-        LazySettings.__delattr__ = monkey_patch_delattr
-        Setting.refresh_all_settings()
-    except (ProgrammingError, OperationalError):
-        pass
+def on_django_ready_add_db_config(sender, **kwargs):
+    from django.conf import settings
+    settings.DYNAMIC.db_setting = Setting
 
 
 @receiver(django_ready)
diff --git a/apps/settings/templates/settings/command_storage_create.html b/apps/settings/templates/settings/command_storage_create.html
deleted file mode 100644
index 9c60e2d85..000000000
--- a/apps/settings/templates/settings/command_storage_create.html
+++ /dev/null
@@ -1,175 +0,0 @@
-{#{% extends 'base.html' %}#}
-{% extends '_base_create_update.html' %}
-{% load static %}
-{% load bootstrap3 %}
-{% load i18n %}
-{% load common_tags %}
-
-{% block content %}
-    <div class="wrapper wrapper-content animated fadeInRight">
-        <div class="row">
-            <div class="col-sm-12">
-                <div class="ibox float-e-margins">
-                    <div class="ibox-title">
-                        <h5>{{ action }}</h5>
-                        <div class="ibox-tools">
-                            <a class="collapse-link">
-                                <i class="fa fa-chevron-up"></i>
-                            </a>
-                            <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                                <i class="fa fa-wrench"></i>
-                            </a>
-                            <a class="close-link">
-                                <i class="fa fa-times"></i>
-                            </a>
-                        </div>
-                    </div>
-
-                    <div class="ibox-content">
-                        <form action="" method="POST" class="form-horizontal">
-                            <div class="form-group">
-                                <label class="col-md-2 control-label" for="id_type">{% trans "Type" %}</label>
-                                <div class="col-md-9">
-                                    <select id="id_type" class="selector form-control">
-                                        <option value ="server" selected="selected">server</option>
-                                        <option value ="es">es (elasticsearch)</option>
-                                    </select>
-                                </div>
-                            </div>
-
-                            <div class="form-group">
-                                <label class="col-md-2 control-label" for="id_name">{% trans "Name" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_name" class="form-control" type="text" name="NAME" value="">
-                                    <div id="id_error" style="color: red;"></div>
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_hosts">{% trans "Hosts" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_hosts" class="form-control" type="text" name="HOSTS" value="">
-                                    <div class="help-block">{% trans 'Tips: If there are multiple hosts, separate them with a comma (,)' %}</div>
-                                    <div class="help-block">eg: http://www.jumpserver.a.com, http://www.jumpserver.b.com</div>
-                                </div>
-                            </div>
-{#                            <div class="form-group" style="display: none;" >#}
-{#                                <label class="col-md-2 control-label" for="id_other">{% trans "Other" %}</label>#}
-{#                                <div class="col-md-9">#}
-{#                                    <input id="id_other" class="form-control" type="text" name="OTHER" value="">#}
-{#                                </div>#}
-{#                            </div>#}
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_bucket">{% trans "Index" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_index" class="form-control" type="text" name="INDEX" value="jumpserver">
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_doc_type">{% trans "Doc type" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_doc_type" class="form-control" type="text" name="DOC_TYPE" value="command_store">
-                                </div>
-                            </div>
-
-                            <div class="hr-line-dashed"></div>
-                            <div class="form-group">
-                                <div class="col-sm-4 col-sm-offset-2">
-                                    <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
-                                    <a class="btn btn-primary" type="" id="id_submit_button" >{% trans 'Submit' %}</a>
-                                </div>
-                            </div>
-                        </form>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-{% endblock %}
-
-{% block custom_foot_js %}
-<script>
-
-var field_of_all, need_get_field_of_server, need_get_field_of_es;
-
-function showField(field){
-    $.each(field, function(index, value){
-        $(value).parent('div').parent('div').css('display', '');
-    });
-}
-
-function hiddenField(field){
-    $.each(field, function(index, value){
-        $(value).parent('div').parent('div').css('display', 'none');
-    })
-}
-
-function getFieldByType(type){
-
-    if(type === 'server'){
-        return need_get_field_of_server
-    }
-    else if(type === 'es'){
-        return need_get_field_of_es
-    }
-}
-
-function ajaxAPI(url, data, success, error){
-    $.ajax({
-        url: url,
-        data: data,
-        method: 'POST',
-        contentType: 'application/json; charset=utf-8',
-        success: success,
-        error: error
-    })
-}
-
-$(document).ready(function() {
-    var name_id = '#id_name';
-    var hosts_id = '#id_hosts';
-    {#var other_id = '#id_other';#}
-    var index_id = '#id_index';
-    var doc_type_id = '#id_doc_type';
-
-    field_of_all = [name_id, hosts_id, index_id, doc_type_id];
-    need_get_field_of_server = [name_id];
-    need_get_field_of_es = [name_id, hosts_id, index_id, doc_type_id];
-})
-.on('change', '.selector', function(){
-    var type = $('.selector').val();
-    console.log(type);
-    hiddenField(field_of_all);
-    var field = getFieldByType(type);
-    showField(field)
-})
-
-.on('click', '#id_submit_button', function(){
-    var type = $('.selector').val();
-    var field = getFieldByType(type);
-    var data = {'TYPE': type};
-    $.each(field, function(index, id_field){
-        var name = $(id_field).attr('name');
-        var value =  $(id_field).val();
-        if(name === 'HOSTS'){
-            data[name] = value.split(',');
-        }
-        else{
-            data[name] = value
-        }
-    });
-    var url = "{% url 'api-settings:command-storage-create' %}";
-    var success = function(data, textStatus) {
-        console.log(data, textStatus);
-        location = "{% url 'settings:terminal-setting' %}";
-    };
-    var error = function(data,  textStatus) {
-        var error_msg = data.responseJSON.error;
-        $('#id_error').html(error_msg)
-    };
-    ajaxAPI(url, JSON.stringify(data), success, error)
-
-})
-</script>
-{% endblock %}
diff --git a/apps/settings/templates/settings/replay_storage_create.html b/apps/settings/templates/settings/replay_storage_create.html
deleted file mode 100644
index 6521a730a..000000000
--- a/apps/settings/templates/settings/replay_storage_create.html
+++ /dev/null
@@ -1,277 +0,0 @@
-{#{% extends 'base.html' %}#}
-{% extends '_base_create_update.html' %}
-{% load static %}
-{% load bootstrap3 %}
-{% load i18n %}
-{% load common_tags %}
-
-{% block content %}
-    <div class="wrapper wrapper-content animated fadeInRight">
-        <div class="row">
-            <div class="col-sm-12">
-                <div class="ibox float-e-margins">
-                    <div class="ibox-title">
-                        <h5>{{ action }}</h5>
-                        <div class="ibox-tools">
-                            <a class="collapse-link">
-                                <i class="fa fa-chevron-up"></i>
-                            </a>
-                            <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                                <i class="fa fa-wrench"></i>
-                            </a>
-                            <a class="close-link">
-                                <i class="fa fa-times"></i>
-                            </a>
-                        </div>
-                    </div>
-
-                    <div class="ibox-content">
-                        <form action="" method="POST" class="form-horizontal">
-                            <div class="form-group">
-                                <label class="col-md-2 control-label" for="id_type">{% trans "Type" %}</label>
-                                <div class="col-md-9">
-                                    <select id="id_type" class="selector form-control">
-                                        <option value ="server" selected="selected">server</option>
-                                        <option value ="s3">s3</option>
-                                        <option value="oss">oss</option>
-                                        <option value ="azure">azure</option>
-{#                                        <option value="ceph">ceph</option>#}
-                                    </select>
-                                </div>
-                            </div>
-
-                            <div class="form-group">
-                                <label class="col-md-2 control-label" for="id_name">{% trans "Name" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_name" class="form-control" type="text" name="NAME" value="">
-                                    <div id="id_error" style="color: red;"></div>
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_host">{% trans "Host" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_host" class="form-control" type="text" name="HOSTNAME" value="" placeholder="Host">
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_port">{% trans "Port" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_port" class="form-control" type="text" name="PORT" value="" placeholder="7480">
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_bucket">{% trans "Bucket" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_bucket" class="form-control" type="text" name="BUCKET" value="" placeholder="Bucket">
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_access_key">{% trans "Access key" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_access_key" class="form-control" type="text" name="ACCESS_KEY" value="" placeholder="Access key">
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_secret_key">{% trans "Secret key" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_secret_key" class="form-control" type="text" name="SECRET_KEY" value="", placeholder="Secret key">
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_container_name">{% trans "Container name" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_container_name" class="form-control" type="text" name="CONTAINER_NAME" value="" placeholder="Container">
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_account_name">{% trans "Account name" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_account_name" class="form-control" type="text" name="ACCOUNT_NAME" value="" placeholder="Account name">
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_account_key">{% trans "Account key" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_account_key" class="form-control" type="text" name="ACCOUNT_KEY" value="" placeholder="Account key">
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_endpoint">{% trans "Endpoint" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_endpoint" class="form-control" type="text" name="ENDPOINT" value="" placeholder="Endpoint">
-                                    <div id="endpoint_error" style="color: red;"></div>
-                                    <div class="help-block">
-                                        <span class="oss">
-                                            {% trans 'OSS: http://{REGION_NAME}.aliyuncs.com' %}
-                                            <br>
-                                            {% trans 'Example: http://oss-cn-hangzhou.aliyuncs.com' %}
-                                        </span>
-                                        <span class="s3">{% trans 'S3: http://s3.{REGION_NAME}.amazonaws.com' %}<br></span>
-                                        <span class="s3">{% trans 'S3(China): http://s3.{REGION_NAME}.amazonaws.com.cn' %}<br></span>
-                                        <span class="s3">{% trans 'Example: http://s3.cn-north-1.amazonaws.com.cn' %}<br></span>
-                                    </div>
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_endpoint_suffix">{% trans "Endpoint suffix" %}</label>
-                                <div class="col-md-9">
-                                    <select id="id_endpoint_suffix" name="ENDPOINT_SUFFIX" class="endpoint-suffix-selector form-control">
-                                        <option value="core.chinacloudapi.cn" selected="selected">core.chinacloudapi.cn</option>
-                                        <option value="core.windows.net">core.windows.net</option>
-                                    </select>
-                                </div>
-                            </div>
-
-                            <div class="form-group" style="display: none;" >
-                                <label class="col-md-2 control-label" for="id_region">{% trans "Region" %}</label>
-                                <div class="col-md-9">
-                                    <input id="id_region" class="form-control" type="text" name="REGION" value="" placeholder="">
-                                    <div class="help-block">
-                                        <span class="s3">
-                                            {% trans 'Beijing: cn-north-1' %}
-                                            {% trans 'Ningxia: cn-northwest-1' %}
-                                            <a href="https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande.html">{% trans 'More' %}</a>
-                                        </span>
-                                    </div>
-                                </div>
-                            </div>
-
-                            <div class="hr-line-dashed"></div>
-                            <div class="form-group">
-                                <div class="col-sm-4 col-sm-offset-2">
-                                    <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
-                                    <a class="btn btn-primary" type="" id="id_submit_button" >{% trans 'Submit' %}</a>
-                                </div>
-                            </div>
-                        </form>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-{% endblock %}
-
-{% block custom_foot_js %}
-<script>
-
-var field_of_all, need_get_field_of_server, need_get_field_of_s3,
-    need_get_field_of_oss, need_get_field_of_azure, need_get_field_of_ceph;
-
-function showField(field){
-    $.each(field, function(index, value){
-        $(value).parent('div').parent('div').css('display', '');
-    });
-}
-
-function hiddenField(field){
-    $.each(field, function(index, value){
-        $(value).parent('div').parent('div').css('display', 'none');
-    })
-}
-
-function getFieldByType(type){
-    if(type === 'server'){
-        return need_get_field_of_server
-    }
-    else if(type === 's3'){
-        return need_get_field_of_s3
-    }
-    else if(type === 'oss'){
-        return need_get_field_of_oss
-    }
-    else if(type === 'azure'){
-        return need_get_field_of_azure
-    }
-    else if(type === 'ceph'){
-        return need_get_field_of_ceph
-    }
-}
-
-function ajaxAPI(url, data, success, error){
-    $.ajax({
-        url: url,
-        data: data,
-        method: 'POST',
-        contentType: 'application/json; charset=utf-8',
-        success: success,
-        error: error
-    })
-}
-
-$(document).ready(function() {
-    var name_id = '#id_name';
-    var host_id = '#id_host';
-    var port_id = '#id_port';
-    var bucket_id = '#id_bucket';
-    var access_key_id = '#id_access_key';
-    var secret_key_id = '#id_secret_key';
-    var container_name_id = '#id_container_name';
-    var account_name_id = '#id_account_name';
-    var account_key_id = '#id_account_key';
-    var endpoint_id = '#id_endpoint';
-    var endpoint_suffix_id = '#id_endpoint_suffix';
-    var region_id = '#id_region';
-
-    field_of_all = [name_id, host_id, port_id, bucket_id, access_key_id, secret_key_id, container_name_id, account_name_id, account_key_id, endpoint_id, endpoint_suffix_id, region_id];
-    need_get_field_of_server = [name_id];
-    need_get_field_of_s3 = [name_id, bucket_id, access_key_id, secret_key_id, endpoint_id];
-    need_get_field_of_oss = [name_id, bucket_id, access_key_id, secret_key_id, endpoint_id];
-    need_get_field_of_azure = [name_id, container_name_id, account_name_id, account_key_id, endpoint_suffix_id];
-    need_get_field_of_ceph = [name_id, host_id, port_id, bucket_id, access_key_id, secret_key_id, region_id];
-})
-.on('change', '.selector', function(){
-    var type = $('.selector').val();
-    $("." + type).show();
-    hiddenField(field_of_all);
-    $('.help-block').children().hide();
-    $('.help-block ' + '.' + type).show();
-    var field = getFieldByType(type);
-    showField(field)
-})
-
-.on('click', '#id_submit_button', function(){
-    $('#id_error').html('');
-    var submitBtn = $("#id_submit_button");
-    var origin_text = submitBtn.html();
-    submitBtn.addClass('disabled');
-    submitBtn.html("{% trans 'Submitting' %}");
-    var type = $('.selector').val();
-    var field = getFieldByType(type);
-    var data = {'TYPE': type};
-    $.each(field, function(index, id_field){
-        var name = $(id_field).attr('name');
-        data[name] = $(id_field).val();
-    });
-    if (data['ENDPOINT'] && data['ENDPOINT'].indexOf('http') === -1) {
-        var msg = "{% trans 'Endpoint need contain protocol, ex: http' %}";
-        $("#endpoint_error").html(msg);
-        submitBtn.removeClass('disabled');
-        submitBtn.html(origin_text);
-        return
-    }
-    var url = "{% url 'api-settings:replay-storage-create' %}";
-    var success = function(data, textStatus) {
-        location = "{% url 'settings:terminal-setting' %}";
-        submitBtn.removeClass('disabled');
-        submitBtn.html(origin_text);
-    };
-    var error = function(data,  textStatus) {
-        var error_msg = data.responseJSON.error;
-        $('#id_error').html(error_msg);
-        submitBtn.removeClass('disabled');
-        submitBtn.html(origin_text);
-    };
-    ajaxAPI(url, JSON.stringify(data), success, error);
-})
-</script>
-{% endblock %}
diff --git a/apps/settings/templates/settings/security_setting.html b/apps/settings/templates/settings/security_setting.html
index 48206676d..4d9f340f3 100644
--- a/apps/settings/templates/settings/security_setting.html
+++ b/apps/settings/templates/settings/security_setting.html
@@ -44,7 +44,7 @@
 
                                     <h3>{% trans "Security setting" %}</h3>
                                     {% for field in form %}
-                                        {% if forloop.counter == 6 %}
+                                        {% if forloop.counter == 8 %}
                                             <div class="hr-line-dashed"></div>
                                             <h3>{% trans "Password check rule" %}</h3>
                                         {% endif %}
diff --git a/apps/settings/templates/settings/terminal_setting.html b/apps/settings/templates/settings/terminal_setting.html
index 3a9a4973d..156ba2638 100644
--- a/apps/settings/templates/settings/terminal_setting.html
+++ b/apps/settings/templates/settings/terminal_setting.html
@@ -3,6 +3,11 @@
 {% load bootstrap3 %}
 {% load i18n %}
 {% load common_tags %}
+{% block help_message %}
+    {% trans "Command and Replay storage configuration migrated to" %}
+    {% trans "Sessions -> Terminal -> Storage configuration" %}
+    <b><a href="{% url 'terminal:replay-storage-list' %}">{% trans 'Here' %}</a></b>
+{% endblock %}
 
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
@@ -65,7 +70,7 @@
                                             </div>
                                         {% endif %}
                                     {% endfor %}
-
+                                    <div class="hr-line-dashed"></div>
                                     <div class="form-group">
                                         <div class="col-sm-4 col-sm-offset-2">
                                             <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
@@ -73,53 +78,6 @@
                                                     type="submit">{% trans 'Submit' %}</button>
                                         </div>
                                     </div>
-
-                                    <div class="hr-line-dashed"></div>
-
-                                    <h3>{% trans "Command storage" %}</h3>
-                                    <table class="table table-hover " id="task-history-list-table">
-                                        <thead>
-                                        <tr>
-                                            <th>{% trans 'Name' %}</th>
-                                            <th>{% trans 'Type' %}</th>
-                                            <th>{% trans 'Action' %}</th>
-                                        </tr>
-                                        </thead>
-                                        <tbody>
-                                        {% for name, setting in command_storage.items %}
-                                            <tr>
-                                                <td>{{ name }}</td>
-                                                <td>{{ setting.TYPE }}</td>
-                                                <td><a class="btn btn-xs btn-danger m-l-xs btn-del-command"  {% if setting.TYPE == 'server' and name == 'default' %} disabled {% endif %} data-name="{{ name }}">{% trans 'Delete' %}</a></td>
-                                            </tr>
-                                        {% endfor %}
-                                        </tbody>
-                                    </table>
-                                    <a href="{% url 'settings:command-storage-create' %}" class="btn btn-primary btn-xs">{% trans 'Add' %}</a>
-
-                                    <div class="hr-line-dashed"></div>
-                                    <h3>{% trans "Replay storage" %}</h3>
-                                    <table class="table table-hover " id="task-history-list-table">
-                                        <thead>
-                                        <tr>
-                                            <th>{% trans 'Name' %}</th>
-                                            <th>{% trans 'Type' %}</th>
-                                            <th>{% trans 'Action' %}</th>
-                                        </tr>
-                                        </thead>
-                                        <tbody>
-                                        {% for name, setting in replay_storage.items %}
-                                            <tr>
-                                                <td>{{ name }}</td>
-                                                <td>{{ setting.TYPE }}</td>
-                                                <td><a class="btn btn-xs btn-danger m-l-xs btn-del-replay" {% if setting.TYPE == 'server' and name == 'default' %} disabled {% endif %} data-name="{{ name }}">{% trans 'Delete' %}</a></td>
-                                            </tr>
-                                        {% endfor %}
-                                        </tbody>
-                                    </table>
-                                    <a href="{% url 'settings:replay-storage-create' %}" class="btn btn-primary btn-xs">{% trans 'Add' %}</a>
-
-                                    <div class="hr-line-dashed"></div>
                                 </form>
                             </div>
                         </div>
@@ -131,60 +89,7 @@
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-
-function ajaxAPI(url, data, success, error, method){
-    $.ajax({
-        url: url,
-        data: data,
-        method: method,
-        contentType: 'application/json; charset=utf-8',
-        success: success,
-        error: error
-    })
-}
-
-function deleteStorage($this, the_url){
-    var name = $this.data('name');
-    function doDelete(){
-        console.log('delete storage');
-        var data = {"name": name};
-        var method = 'POST';
-        var success = function(){
-            $this.parent().parent().remove();
-            toastr.success("{% trans 'Delete succeed' %}");
-        };
-        var error = function(){
-            toastr.error("{% trans 'Delete failed' %}");
-        };
-        ajaxAPI(the_url, JSON.stringify(data), success, error, method);
-    }
-    swal({
-        title: "{% trans  'Are you sure about deleting it?' %}",
-        text: " [" + name + "] ",
-        type: "warning",
-        showCancelButton: true,
-        cancelButtonText: "{% trans 'Cancel' %}",
-        confirmButtonColor: "#ed5565",
-        confirmButtonText: "{% trans 'Confirm' %}",
-        closeOnConfirm: true
-    }, function () {
-        doDelete()
-    });
-}
-
 $(document).ready(function () {
-
 })
-.on('click', '.btn-del-replay', function(){
-    var $this = $(this);
-    var the_url = "{% url 'api-settings:replay-storage-delete' %}";
-    deleteStorage($this, the_url);
-})
-.on('click', '.btn-del-command', function() {
-    var $this = $(this);
-    var the_url = "{% url 'api-settings:command-storage-delete' %}";
-    deleteStorage($this, the_url)
-});
-
 </script>
 {% endblock %}
diff --git a/apps/settings/urls/api_urls.py b/apps/settings/urls/api_urls.py
index 544de3941..abee1c0d0 100644
--- a/apps/settings/urls/api_urls.py
+++ b/apps/settings/urls/api_urls.py
@@ -12,9 +12,6 @@ urlpatterns = [
     path('ldap/users/', api.LDAPUserListApi.as_view(), name='ldap-user-list'),
     path('ldap/users/import/', api.LDAPUserImportAPI.as_view(), name='ldap-user-import'),
     path('ldap/cache/refresh/', api.LDAPCacheRefreshAPI.as_view(), name='ldap-cache-refresh'),
-    path('terminal/replay-storage/create/', api.ReplayStorageCreateAPI.as_view(), name='replay-storage-create'),
-    path('terminal/replay-storage/delete/', api.ReplayStorageDeleteAPI.as_view(), name='replay-storage-delete'),
-    path('terminal/command-storage/create/', api.CommandStorageCreateAPI.as_view(), name='command-storage-create'),
-    path('terminal/command-storage/delete/', api.CommandStorageDeleteAPI.as_view(), name='command-storage-delete'),
+
     path('public/', api.PublicSettingApi.as_view(), name='public-setting'),
 ]
diff --git a/apps/settings/urls/view_urls.py b/apps/settings/urls/view_urls.py
index eac18a432..6a1c5baaf 100644
--- a/apps/settings/urls/view_urls.py
+++ b/apps/settings/urls/view_urls.py
@@ -12,7 +12,5 @@ urlpatterns = [
     url(r'^email-content/$', views.EmailContentSettingView.as_view(), name='email-content-setting'),
     url(r'^ldap/$', views.LDAPSettingView.as_view(), name='ldap-setting'),
     url(r'^terminal/$', views.TerminalSettingView.as_view(), name='terminal-setting'),
-    url(r'^terminal/replay-storage/create$', views.ReplayStorageCreateView.as_view(), name='replay-storage-create'),
-    url(r'^terminal/command-storage/create$', views.CommandStorageCreateView.as_view(), name='command-storage-create'),
     url(r'^security/$', views.SecuritySettingView.as_view(), name='security-setting'),
 ]
diff --git a/apps/settings/views.py b/apps/settings/views.py
index 2442f074e..6ebbeef97 100644
--- a/apps/settings/views.py
+++ b/apps/settings/views.py
@@ -4,7 +4,6 @@ from django.contrib import messages
 from django.utils.translation import ugettext as _
 
 from common.permissions import PermissionsMixin, IsSuperUser
-from common import utils
 from .utils import LDAPSyncUtil
 from .forms import EmailSettingForm, LDAPSettingForm, BasicSettingForm, \
     TerminalSettingForm, SecuritySettingForm, EmailContentSettingForm
@@ -98,8 +97,9 @@ class TerminalSettingView(PermissionsMixin, TemplateView):
     permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
-        command_storage = utils.get_command_storage_setting()
-        replay_storage = utils.get_replay_storage_setting()
+        from terminal.models import CommandStorage, ReplayStorage
+        command_storage = CommandStorage.objects.all()
+        replay_storage = ReplayStorage.objects.all()
 
         context = {
             'app': _('Settings'),
@@ -124,32 +124,6 @@ class TerminalSettingView(PermissionsMixin, TemplateView):
             return render(request, self.template_name, context)
 
 
-class ReplayStorageCreateView(PermissionsMixin, TemplateView):
-    template_name = 'settings/replay_storage_create.html'
-    permission_classes = [IsSuperUser]
-
-    def get_context_data(self, **kwargs):
-        context = {
-            'app': _('Settings'),
-            'action': _('Create replay storage')
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-
-class CommandStorageCreateView(PermissionsMixin, TemplateView):
-    template_name = 'settings/command_storage_create.html'
-    permission_classes = [IsSuperUser]
-
-    def get_context_data(self, **kwargs):
-        context = {
-            'app': _('Settings'),
-            'action': _('Create command storage')
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-
 class SecuritySettingView(PermissionsMixin, TemplateView):
     form_class = SecuritySettingForm
     template_name = "settings/security_setting.html"
diff --git a/apps/static/js/jumpserver.js b/apps/static/js/jumpserver.js
index 773023f16..4d695e65b 100644
--- a/apps/static/js/jumpserver.js
+++ b/apps/static/js/jumpserver.js
@@ -413,7 +413,7 @@ $.fn.serializeObject = function () {
 };
 
 function makeLabel(data) {
-    return "<label class='detail-key'><b>" + data[0] + ": </b></label>" + data[1] + "</br>"
+    return "<label class='detail-key'><b>" + data[0] + ": </b></label> " + data[1] + "</br>"
 }
 
 function parseTableFilter(value) {
@@ -600,6 +600,7 @@ jumpserver.initServerSideDataTable = function (options) {
     //    op_html: 'div.btn-group?',
     //    paging: true,
     //    paging_numbers_length: 5;
+    //    hideDefaultDefs: false;
     // }
     var pagingNumbersLength = 5;
     if (options.paging_numbers_length){
@@ -613,7 +614,8 @@ jumpserver.initServerSideDataTable = function (options) {
             orderable: false,
             width: "20px",
             createdCell: function (td, cellData) {
-                $(td).html('<input type="checkbox" class="text-center ipt_check" id=99991937>'.replace('99991937', cellData));
+                var data = '<input type="checkbox" class="text-center ipt_check" id=Id>'.replace('Id', cellData);
+                $(td).html(data);
             }
         },
         {
@@ -622,6 +624,9 @@ jumpserver.initServerSideDataTable = function (options) {
             render: $.fn.dataTable.render.text()
         }
     ];
+    if (options.hideDefaultDefs) {
+        columnDefs = [];
+    }
     var select_style = options.select_style || 'multi';
     columnDefs = options.columnDefs ? options.columnDefs.concat(columnDefs) : columnDefs;
     var select = {
@@ -635,7 +640,7 @@ jumpserver.initServerSideDataTable = function (options) {
         pageLength: options.pageLength || 15,
         // dom: options.dom || '<"#uc.pull-left">fltr<"row m-t"<"col-md-8"<"#op.col-md-6"><"col-md-6 text-center"i>><"col-md-4"p>>',
         // dom: options.dom || '<"#uc.pull-left"><"pull-right"<"inline"l><"#fb.inline"><"inline"<"table-filter"f>><"#fa.inline">>tr<"row m-t"<"col-md-8"<"#op.col-md-6"><"col-md-6 text-center"i>><"col-md-4"p>>',
-        dom: dom,
+        dom: options.dom || dom,
         order: options.order || [],
         buttons: [],
         columnDefs: columnDefs,
@@ -1241,10 +1246,28 @@ function readFile(ref) {
     return ref
 }
 
-function nodesSelect2Init(selector, url) {
-    if (!url) {
-        url = '/api/v1/assets/nodes/'
+
+
+function select2AjaxInit(option) {
+    /*
+    {
+      selector:
+      url: ,
+      disabledData: ,
+      displayFormat,
+      idFormat,
     }
+     */
+    var selector = option.selector;
+    var url = option.url;
+    var disabledData = option.disabledData;
+    var displayFormat = option.displayFormat || function (data) {
+        return data.name;
+    };
+    var idFormat = option.idFormat || function (data) {
+        return data.id;
+    };
+
     return $(selector).select2({
         closeOnSelect: false,
         ajax: {
@@ -1260,43 +1283,53 @@ function nodesSelect2Init(selector, url) {
             },
             processResults: function (data) {
                 var results = $.map(data.results, function (v, i) {
-                    return {id: v.id, text: v.full_value}
+                    var display = displayFormat(v);
+                    var id = idFormat(v);
+                    var d = {id: id, text: display};
+                    if (disabledData && disabledData.indexOf(v.id) !== -1) {
+                        d.disabled = true;
+                    }
+                    return d;
                 });
                 var more = !!data.next;
                 return {results: results, pagination: {"more": more}}
             }
         },
     })
+
 }
 
-function usersSelect2Init(selector, url) {
+function usersSelect2Init(selector, url, disabledData) {
     if (!url) {
         url = '/api/v1/users/users/'
     }
-    return $(selector).select2({
-        closeOnSelect: false,
-        ajax: {
-            url: url,
-            data: function (params) {
-                var page = params.page || 1;
-                var query = {
-                    search: params.term,
-                    offset: (page - 1) * 10,
-                    limit: 10
-                };
-                return query
-            },
-            processResults: function (data) {
-                var results = $.map(data.results, function (v, i) {
-                    var display = v.name + '(' + v.username +')';
-                    return {id: v.id, text: display}
-                });
-                var more = !!data.next;
-                return {results: results, pagination: {"more": more}}
-            }
-        },
-    })
+    function displayFormat(v) {
+        return v.name + '(' + v.username +')';
+    }
+    var option = {
+        url: url,
+        selector: selector,
+        disabledData: disabledData,
+        displayFormat: displayFormat
+    };
+    return select2AjaxInit(option)
+}
 
+
+function nodesSelect2Init(selector, url, disabledData) {
+    if (!url) {
+        url = '/api/v1/assets/nodes/'
+    }
+    function displayFormat(v) {
+        return v.full_value;
+    }
+    var option = {
+        url: url,
+        selector: selector,
+        disabledData: disabledData,
+        displayFormat: displayFormat
+    };
+    return select2AjaxInit(option)
 }
 
 function showCeleryTaskLog(taskId) {
@@ -1324,7 +1357,7 @@ function initDateRangePicker(selector, options) {
         timePicker24Hour: true,
         autoApply: true,
     };
-    var userLang = navigator.language || navigator.userLanguage;;
+    var userLang = navigator.language || navigator.userLanguage;
     if (userLang.indexOf('zh') !== -1) {
         defaultOption.locale = zhLocale;
     }
diff --git a/apps/static/js/plugins/select2/i18n/zh-CN.js b/apps/static/js/plugins/select2/i18n/zh-CN.js
new file mode 100644
index 000000000..c71aa3f60
--- /dev/null
+++ b/apps/static/js/plugins/select2/i18n/zh-CN.js
@@ -0,0 +1,2 @@
+/*! Select2 4.0.12 | https://github.com/select2/select2/blob/master/LICENSE.md */
+!function(){if(jQuery&&jQuery.fn&&jQuery.fn.select2&&jQuery.fn.select2.amd)var n=jQuery.fn.select2.amd;n.define("select2/i18n/zh-CN",[],function(){return{errorLoading:function(){return"无法载入结果。"},inputTooLong:function(n){return"请删除"+(n.input.length-n.maximum)+"个字符"},inputTooShort:function(n){return"请再输入至少"+(n.minimum-n.input.length)+"个字符"},loadingMore:function(){return"载入更多结果…"},maximumSelected:function(n){return"最多只能选择"+n.maximum+"个项目"},noResults:function(){return"未找到结果"},searching:function(){return"搜索中…"},removeAllItems:function(){return"删除所有项目"}}}),n.define,n.require}();
diff --git a/apps/templates/_base_create_update.html b/apps/templates/_base_create_update.html
index be3813804..d206d40b2 100644
--- a/apps/templates/_base_create_update.html
+++ b/apps/templates/_base_create_update.html
@@ -3,8 +3,6 @@
 {% load static %}
 {% load bootstrap3 %}
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <script type="text/javascript" src="{% static 'js/pwstrength-bootstrap.js' %}"></script>
     {% block custom_head_css_js_create %} {% endblock %}
 {% endblock %}
diff --git a/apps/templates/_base_list.html b/apps/templates/_base_list.html
index c5314af4e..9759081bd 100644
--- a/apps/templates/_base_list.html
+++ b/apps/templates/_base_list.html
@@ -1,10 +1,6 @@
 {% extends 'base.html' %}
 {% load static %}
 {% load i18n %}
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 {% block content %}
 <div class="wrapper wrapper-content animated fadeInRight">
     <div class="row">
diff --git a/apps/templates/_foot_js.html b/apps/templates/_foot_js.html
index 509b23ad3..3c570aef2 100644
--- a/apps/templates/_foot_js.html
+++ b/apps/templates/_foot_js.html
@@ -8,6 +8,8 @@
 <script src="{% static "js/inspinia.js" %}"></script>
 <script type="text/javascript" src="{% url 'javascript-catalog' %}"></script>
 <script src="{% static "js/jumpserver.js" %}?v=5"></script>
+<script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+<script src="{% static 'js/plugins/select2/i18n/zh-CN.js' %}"></script>
 <script>
 activeNav("{{ FORCE_SCRIPT_NAME }}");
 $(document).ready(function(){
@@ -16,5 +18,9 @@ $(document).ready(function(){
     if ($('.tooltip')[0]) {
         $('.tooltip').tooltip();
     }
+    var userLang = navigator.language || navigator.userLanguage;
+    if (userLang.indexOf('zh') !== -1) {
+        $.fn.select2.defaults.set('language', 'zh-CN')
+    }
 });
 </script>
diff --git a/apps/templates/_head_css_js.html b/apps/templates/_head_css_js.html
index 45694e6fc..b4fbcd47b 100644
--- a/apps/templates/_head_css_js.html
+++ b/apps/templates/_head_css_js.html
@@ -13,3 +13,5 @@
 <script src="{% static 'js/plugins/sweetalert/sweetalert.min.js' %}"></script>
 <script src="{% static 'js/bootstrap.min.js' %}"></script>
 <script src="{% static 'js/plugins/datatables/datatables.min.js' %}"></script>
+<link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+
diff --git a/apps/templates/index.html b/apps/templates/index.html
index c97b6e849..76b6ddddd 100644
--- a/apps/templates/index.html
+++ b/apps/templates/index.html
@@ -477,4 +477,4 @@ $(document).ready(function(){
     );
 </script>
 
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/terminal/api/__init__.py b/apps/terminal/api/__init__.py
index d33905b78..640dacb6a 100644
--- a/apps/terminal/api/__init__.py
+++ b/apps/terminal/api/__init__.py
@@ -4,3 +4,4 @@ from .terminal import *
 from .session import *
 from .command import *
 from .task import *
+from .storage import *
diff --git a/apps/terminal/api/session.py b/apps/terminal/api/session.py
index 264502959..84ddc21be 100644
--- a/apps/terminal/api/session.py
+++ b/apps/terminal/api/session.py
@@ -12,7 +12,7 @@ import jms_storage
 
 from common.utils import is_uuid, get_logger
 from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor
-from common.filters import DatetimeRangeFilter
+from common.drf.filters import DatetimeRangeFilter
 from orgs.mixins.api import OrgBulkModelViewSet
 from ..hands import SystemUser
 from ..models import Session
diff --git a/apps/terminal/api/storage.py b/apps/terminal/api/storage.py
new file mode 100644
index 000000000..ec85b95f7
--- /dev/null
+++ b/apps/terminal/api/storage.py
@@ -0,0 +1,74 @@
+# coding: utf-8
+#
+
+from rest_framework import viewsets, generics, status
+from rest_framework.response import Response
+from django.utils.translation import ugettext_lazy as _
+
+from common.permissions import IsSuperUser
+from ..models import CommandStorage, ReplayStorage
+from ..serializers import CommandStorageSerializer, ReplayStorageSerializer
+
+
+__all__ = [
+    'CommandStorageViewSet', 'CommandStorageTestConnectiveApi',
+    'ReplayStorageViewSet', 'ReplayStorageTestConnectiveApi'
+]
+
+
+class BaseStorageViewSetMixin:
+
+    def destroy(self, request, *args, **kwargs):
+        instance = self.get_object()
+        if not instance.can_delete():
+            data = {'msg': _('Deleting the default storage is not allowed')}
+            return Response(data=data, status=status.HTTP_400_BAD_REQUEST)
+        return super().destroy(request, *args, **kwargs)
+
+
+class CommandStorageViewSet(BaseStorageViewSetMixin, viewsets.ModelViewSet):
+    filter_fields = ('name', 'type',)
+    search_fields = filter_fields
+    queryset = CommandStorage.objects.all()
+    serializer_class = CommandStorageSerializer
+    permission_classes = (IsSuperUser,)
+
+
+class ReplayStorageViewSet(BaseStorageViewSetMixin, viewsets.ModelViewSet):
+    filter_fields = ('name', 'type',)
+    search_fields = filter_fields
+    queryset = ReplayStorage.objects.all()
+    serializer_class = ReplayStorageSerializer
+    permission_classes = (IsSuperUser,)
+
+
+class BaseStorageTestConnectiveMixin:
+    permission_classes = (IsSuperUser,)
+
+    def retrieve(self, request, *args, **kwargs):
+        instance = self.get_object()
+        try:
+            is_valid = instance.is_valid()
+        except Exception as e:
+            is_valid = False
+            msg = _("Test failure: {}".format(str(e)))
+        else:
+            if is_valid:
+                msg = _("Test successful")
+            else:
+                msg = _("Test failure: Account invalid")
+        data = {
+            'is_valid': is_valid,
+            'msg': msg
+        }
+        return Response(data)
+
+
+class CommandStorageTestConnectiveApi(BaseStorageTestConnectiveMixin,
+                                      generics.RetrieveAPIView):
+    queryset = CommandStorage.objects.all()
+
+
+class ReplayStorageTestConnectiveApi(BaseStorageTestConnectiveMixin,
+                                     generics.RetrieveAPIView):
+    queryset = ReplayStorage.objects.all()
diff --git a/apps/terminal/backends/__init__.py b/apps/terminal/backends/__init__.py
index 1aec6b3be..b2a9c557c 100644
--- a/apps/terminal/backends/__init__.py
+++ b/apps/terminal/backends/__init__.py
@@ -1,8 +1,8 @@
 from importlib import import_module
 from django.conf import settings
 from .command.serializers import SessionCommandSerializer
+from ..const import COMMAND_STORAGE_TYPE_SERVER
 
-from common import utils
 
 TYPE_ENGINE_MAPPING = {
     'elasticsearch': 'terminal.backends.command.es',
@@ -18,19 +18,18 @@ def get_command_storage():
 
 
 def get_terminal_command_storages():
+    from ..models import CommandStorage
     storage_list = {}
-    command_storage = utils.get_command_storage_setting()
-
-    for name, params in command_storage.items():
-        tp = params['TYPE']
-        if tp == 'server':
+    for s in CommandStorage.objects.all():
+        tp = s.type
+        if tp == COMMAND_STORAGE_TYPE_SERVER:
             storage = get_command_storage()
         else:
             if not TYPE_ENGINE_MAPPING.get(tp):
                 continue
             engine_class = import_module(TYPE_ENGINE_MAPPING[tp])
-            storage = engine_class.CommandStore(params)
-        storage_list[name] = storage
+            storage = engine_class.CommandStore(s.config)
+        storage_list[s.name] = storage
     return storage_list
 
 
diff --git a/apps/terminal/const.py b/apps/terminal/const.py
index 2d74e00c1..4701fcb75 100644
--- a/apps/terminal/const.py
+++ b/apps/terminal/const.py
@@ -5,3 +5,86 @@ ASSETS_CACHE_KEY = "terminal__session__assets"
 USERS_CACHE_KEY = "terminal__session__users"
 SYSTEM_USER_CACHE_KEY = "terminal__session__system_users"
 
+
+# Replay Storage
+
+REPLAY_STORAGE_TYPE_NULL = 'null'
+REPLAY_STORAGE_TYPE_SERVER = 'server'
+REPLAY_STORAGE_TYPE_S3 = 's3'
+REPLAY_STORAGE_TYPE_OSS = 'oss'
+REPLAY_STORAGE_TYPE_AZURE = 'azure'
+
+REPLAY_STORAGE_TYPE_EMPTY_FIELDS = []
+REPLAY_STORAGE_TYPE_S3_FIELDS = [
+    {'name': 'BUCKET'},
+    {'name': 'ACCESS_KEY', 'write_only': True},
+    {'name': 'SECRET_KEY', 'write_only': True},
+    {'name': 'ENDPOINT'}
+]
+REPLAY_STORAGE_TYPE_OSS_FIELDS = [
+    {'name': 'BUCKET'},
+    {'name': 'ACCESS_KEY', 'write_only': True},
+    {'name': 'SECRET_KEY', 'write_only': True},
+    {'name': 'ENDPOINT'}
+]
+REPLAY_STORAGE_TYPE_AZURE_FIELDS = [
+    {'name': 'CONTAINER_NAME'},
+    {'name': 'ACCOUNT_NAME'},
+    {'name': 'ACCOUNT_KEY', 'write_only': True},
+    {'name': 'ENDPOINT_SUFFIX'}
+]
+
+REPLAY_STORAGE_TYPE_MAP_FIELDS = {
+    REPLAY_STORAGE_TYPE_NULL: REPLAY_STORAGE_TYPE_EMPTY_FIELDS,
+    REPLAY_STORAGE_TYPE_SERVER: REPLAY_STORAGE_TYPE_EMPTY_FIELDS,
+    REPLAY_STORAGE_TYPE_S3: REPLAY_STORAGE_TYPE_S3_FIELDS,
+    REPLAY_STORAGE_TYPE_OSS: REPLAY_STORAGE_TYPE_OSS_FIELDS,
+    REPLAY_STORAGE_TYPE_AZURE: REPLAY_STORAGE_TYPE_AZURE_FIELDS
+}
+
+REPLAY_STORAGE_TYPE_CHOICES_DEFAULT = [
+    (REPLAY_STORAGE_TYPE_NULL, 'Null'),
+    (REPLAY_STORAGE_TYPE_SERVER, 'Server'),
+]
+
+REPLAY_STORAGE_TYPE_CHOICES_EXTENDS = [
+    (REPLAY_STORAGE_TYPE_S3, 'S3'),
+    (REPLAY_STORAGE_TYPE_OSS, 'OSS'),
+    (REPLAY_STORAGE_TYPE_AZURE, 'Azure')
+]
+
+REPLAY_STORAGE_TYPE_CHOICES = REPLAY_STORAGE_TYPE_CHOICES_DEFAULT + \
+                              REPLAY_STORAGE_TYPE_CHOICES_EXTENDS
+
+
+# Command Storage
+
+COMMAND_STORAGE_TYPE_NULL = 'null'
+COMMAND_STORAGE_TYPE_SERVER = 'server'
+COMMAND_STORAGE_TYPE_ES = 'es'
+
+COMMAND_STORAGE_TYPE_EMPTY_FIELDS = []
+COMMAND_STORAGE_TYPE_ES_FIELDS = [
+    {'name': 'HOSTS'},
+    {'name': 'INDEX'},
+    {'name': 'DOC_TYPE'}
+]
+
+COMMAND_STORAGE_TYPE_MAP_FIELDS = {
+    COMMAND_STORAGE_TYPE_NULL: COMMAND_STORAGE_TYPE_EMPTY_FIELDS,
+    COMMAND_STORAGE_TYPE_SERVER: COMMAND_STORAGE_TYPE_EMPTY_FIELDS,
+    COMMAND_STORAGE_TYPE_ES: COMMAND_STORAGE_TYPE_ES_FIELDS,
+}
+
+COMMAND_STORAGE_TYPE_CHOICES_DEFAULT = [
+    (COMMAND_STORAGE_TYPE_NULL, 'Null'),
+    (COMMAND_STORAGE_TYPE_SERVER, 'Server'),
+]
+
+COMMAND_STORAGE_TYPE_CHOICES_EXTENDS = [
+    (COMMAND_STORAGE_TYPE_ES, 'Elasticsearch')
+]
+
+COMMAND_STORAGE_TYPE_CHOICES = COMMAND_STORAGE_TYPE_CHOICES_DEFAULT + \
+                               COMMAND_STORAGE_TYPE_CHOICES_EXTENDS
+
diff --git a/apps/terminal/forms/__init__.py b/apps/terminal/forms/__init__.py
new file mode 100644
index 000000000..23c06a94c
--- /dev/null
+++ b/apps/terminal/forms/__init__.py
@@ -0,0 +1,5 @@
+# coding: utf-8
+#
+
+from .terminal import *
+from .storage import *
diff --git a/apps/terminal/forms/storage.py b/apps/terminal/forms/storage.py
new file mode 100644
index 000000000..621c5acb6
--- /dev/null
+++ b/apps/terminal/forms/storage.py
@@ -0,0 +1,121 @@
+# coding: utf-8
+# 
+
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+
+from terminal.models import ReplayStorage, CommandStorage
+
+
+__all__ = [
+    'ReplayStorageAzureForm', 'ReplayStorageOSSForm', 'ReplayStorageS3Form',
+    'CommandStorageTypeESForm',
+]
+
+
+class BaseStorageForm(forms.Form):
+
+    def __init__(self, *args, **kwargs):
+        super(BaseStorageForm, self).__init__(*args, **kwargs)
+        self.fields['type'].widget.attrs['disabled'] = True
+        self.fields.move_to_end('comment')
+
+
+class BaseReplayStorageForm(BaseStorageForm, forms.ModelForm):
+
+    class Meta:
+        model = ReplayStorage
+        fields = ['name', 'type', 'comment']
+
+
+class BaseCommandStorageForm(BaseStorageForm, forms.ModelForm):
+
+    class Meta:
+        model = CommandStorage
+        fields = ['name', 'type', 'comment']
+
+
+class ReplayStorageAzureForm(BaseReplayStorageForm):
+    azure_container_name = forms.CharField(
+        max_length=128, label=_('Container name'), required=False
+    )
+    azure_account_name = forms.CharField(
+        max_length=128, label=_('Account name'), required=False
+    )
+    azure_account_key = forms.CharField(
+        max_length=128, label=_('Account key'), required=False,
+        widget=forms.PasswordInput
+    )
+    azure_endpoint_suffix = forms.ChoiceField(
+        choices=(
+            ('core.chinacloudapi.cn', 'core.chinacloudapi.cn'),
+            ('core.windows.net', 'core.windows.net')
+        ),
+        label=_('Endpoint suffix'), required=False,
+    )
+
+
+class ReplayStorageOSSForm(BaseReplayStorageForm):
+    oss_bucket = forms.CharField(
+        max_length=128, label=_('Bucket'), required=False
+    )
+    oss_access_key = forms.CharField(
+        max_length=128, label=_('Access key'), required=False,
+        widget=forms.PasswordInput
+    )
+    oss_secret_key = forms.CharField(
+        max_length=128, label=_('Secret key'), required=False,
+        widget=forms.PasswordInput
+    )
+    oss_endpoint = forms.CharField(
+        max_length=128, label=_('Endpoint'), required=False,
+        help_text=_(
+            """
+            OSS: http://{REGION_NAME}.aliyuncs.com <br>
+            Example: http://oss-cn-hangzhou.aliyuncs.com
+            """
+        )
+    )
+
+
+class ReplayStorageS3Form(BaseReplayStorageForm):
+    s3_bucket = forms.CharField(
+        max_length=128, label=_('Bucket'), required=False
+    )
+    s3_access_key = forms.CharField(
+        max_length=128, label=_('Access key'), required=False,
+        widget=forms.PasswordInput
+    )
+    s3_secret_key = forms.CharField(
+        max_length=128, label=_('Secret key'), required=False,
+        widget=forms.PasswordInput
+    )
+    s3_endpoint = forms.CharField(
+        max_length=128, label=_('Endpoint'), required=False,
+        help_text=_(
+            """
+            S3: http://s3.{REGION_NAME}.amazonaws.com <br>
+            S3(China): http://s3.{REGION_NAME}.amazonaws.com.cn <br>
+            Example: http://s3.cn-north-1.amazonaws.com.cn
+            """
+        )
+    )
+
+
+class CommandStorageTypeESForm(BaseCommandStorageForm):
+    es_hosts = forms.CharField(
+        max_length=128, label=_('Hosts'), required=False,
+        help_text=_(
+            """
+            Tips: If there are multiple hosts, separate them with a comma (,) 
+            <br>
+            eg: http://www.jumpserver.a.com,http://www.jumpserver.b.com
+            """
+        )
+    )
+    es_index = forms.CharField(
+        max_length=128, label=_('Index'), required=False
+    )
+    es_doc_type = forms.CharField(
+        max_length=128, label=_('Doc type'), required=False
+    )
diff --git a/apps/terminal/forms.py b/apps/terminal/forms/terminal.py
similarity index 69%
rename from apps/terminal/forms.py
rename to apps/terminal/forms/terminal.py
index b2f81fbb5..6051532d9 100644
--- a/apps/terminal/forms.py
+++ b/apps/terminal/forms/terminal.py
@@ -1,24 +1,22 @@
-# ~*~ coding: utf-8 ~*~
+# coding: utf-8
 #
 
+__all__ = ['TerminalForm']
+
 from django import forms
 from django.utils.translation import ugettext_lazy as _
 
-from .models import Terminal
+from ..models import Terminal, ReplayStorage, CommandStorage
 
 
 def get_all_command_storage():
-    from common import utils
-    command_storage = utils.get_command_storage_setting()
-    for k, v in command_storage.items():
-        yield (k, k)
+    for c in CommandStorage.objects.all():
+        yield (c.name, c.name)
 
 
 def get_all_replay_storage():
-    from common import utils
-    replay_storage = utils.get_replay_storage_setting()
-    for k, v in replay_storage.items():
-        yield (k, k)
+    for r in ReplayStorage.objects.all():
+        yield (r.name, r.name)
 
 
 class TerminalForm(forms.ModelForm):
diff --git a/apps/terminal/migrations/0016_commandstorage_replaystorage.py b/apps/terminal/migrations/0016_commandstorage_replaystorage.py
new file mode 100644
index 000000000..bb73b1c46
--- /dev/null
+++ b/apps/terminal/migrations/0016_commandstorage_replaystorage.py
@@ -0,0 +1,47 @@
+# Generated by Django 2.2.5 on 2019-11-22 10:07
+
+import common.fields.model
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('terminal', '0015_auto_20190923_1529'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CommandStorage',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('name', models.CharField(max_length=32, unique=True, verbose_name='Name')),
+                ('type', models.CharField(choices=[('null', 'Null'), ('server', 'Server'), ('es', 'Elasticsearch')], default='server', max_length=16, verbose_name='Type')),
+                ('meta', common.fields.model.EncryptJsonDictTextField(default={})),
+                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.CreateModel(
+            name='ReplayStorage',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('name', models.CharField(max_length=32, unique=True, verbose_name='Name')),
+                ('type', models.CharField(choices=[('null', 'Null'), ('server', 'Server'), ('s3', 'S3'), ('oss', 'OSS'), ('azure', 'Azure')], default='server', max_length=16, verbose_name='Type')),
+                ('meta', common.fields.model.EncryptJsonDictTextField(default={})),
+                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+    ]
diff --git a/apps/terminal/migrations/0017_auto_20191125_0931.py b/apps/terminal/migrations/0017_auto_20191125_0931.py
new file mode 100644
index 000000000..db340afd7
--- /dev/null
+++ b/apps/terminal/migrations/0017_auto_20191125_0931.py
@@ -0,0 +1,86 @@
+# Generated by Django 2.2.5 on 2019-11-25 01:31
+
+from django.db import migrations
+
+
+def get_storage_data(s):
+    from common.utils import get_signer
+    import json
+    signer = get_signer()
+    value = s.value
+    encrypted = s.encrypted
+    if encrypted:
+        value = signer.unsign(value)
+    try:
+        value = json.loads(value)
+    except:
+        value = {}
+    return value
+
+
+def get_setting(apps, schema_editor, key):
+    model = apps.get_model('settings', 'Setting')
+    db_alias = schema_editor.connection.alias
+    setting = model.objects.using(db_alias).filter(name=key)
+    if not setting:
+        return
+    return setting[0]
+
+
+def init_storage_data(model):
+    model.objects.update_or_create(
+        name='null', type='null',
+        defaults={
+            'name': 'null', 'type': 'null',
+            'comment': "Do not save"
+        }
+    )
+    model.objects.update_or_create(
+        name='default', type='server',
+        defaults={
+            'name': 'default', 'type': 'server',
+            'comment': "Store locally"
+        }
+    )
+
+
+def migrate_command_storage(apps, schema_editor):
+    model = apps.get_model("terminal", "CommandStorage")
+    init_storage_data(model)
+
+    setting = get_setting(apps, schema_editor, "TERMINAL_COMMAND_STORAGE")
+    if not setting:
+        return
+    values = get_storage_data(setting)
+    for name, meta in values.items():
+        tp = meta.pop("TYPE")
+        if not tp or name in ['default', 'null']:
+            continue
+        model.objects.create(name=name, type=tp, meta=meta)
+
+
+def migrate_replay_storage(apps, schema_editor):
+    model = apps.get_model("terminal", "ReplayStorage")
+    init_storage_data(model)
+
+    setting = get_setting(apps, schema_editor, "TERMINAL_REPLAY_STORAGE")
+    if not setting:
+        return
+    values = get_storage_data(setting)
+    for name, meta in values.items():
+        tp = meta.pop("TYPE", None)
+        if not tp or name in ['default', 'null']:
+            continue
+        model.objects.create(name=name, type=tp, meta=meta)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('terminal', '0016_commandstorage_replaystorage'),
+    ]
+
+    operations = [
+        migrations.RunPython(migrate_command_storage),
+        migrations.RunPython(migrate_replay_storage),
+    ]
diff --git a/apps/terminal/migrations/0018_auto_20191202_1010.py b/apps/terminal/migrations/0018_auto_20191202_1010.py
new file mode 100644
index 000000000..d3dd8bc4c
--- /dev/null
+++ b/apps/terminal/migrations/0018_auto_20191202_1010.py
@@ -0,0 +1,67 @@
+# Generated by Django 2.2.7 on 2019-12-02 02:10
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('terminal', '0017_auto_20191125_0931'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='session',
+            name='date_last_active',
+        ),
+        migrations.AlterField(
+            model_name='session',
+            name='remote_addr',
+            field=models.CharField(blank=True, max_length=128, null=True,
+                                   verbose_name='Remote addr'),
+        ),
+        migrations.AddField(
+            model_name='session',
+            name='asset_id',
+            field=models.CharField(blank=True, db_index=True, default='',
+                                   max_length=36),
+        ),
+        migrations.AddField(
+            model_name='session',
+            name='system_user_id',
+            field=models.CharField(blank=True, db_index=True, default='',
+                                   max_length=36),
+        ),
+        migrations.AddField(
+            model_name='session',
+            name='user_id',
+            field=models.CharField(blank=True, db_index=True, default='',
+                                   max_length=36),
+        ),
+        migrations.AlterField(
+            model_name='session',
+            name='asset',
+            field=models.CharField(db_index=True, max_length=1024,
+                                   verbose_name='Asset'),
+        ),
+        migrations.AlterField(
+            model_name='session',
+            name='protocol',
+            field=models.CharField(
+                choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('vnc', 'vnc'),
+                         ('telnet', 'telnet')], db_index=True, default='ssh',
+                max_length=8),
+        ),
+        migrations.AlterField(
+            model_name='session',
+            name='system_user',
+            field=models.CharField(db_index=True, max_length=128,
+                                   verbose_name='System user'),
+        ),
+        migrations.AlterField(
+            model_name='session',
+            name='user',
+            field=models.CharField(db_index=True, max_length=128,
+                                   verbose_name='User'),
+        ),
+    ]
diff --git a/apps/terminal/models.py b/apps/terminal/models.py
index f7f2994ed..63590204c 100644
--- a/apps/terminal/models.py
+++ b/apps/terminal/models.py
@@ -2,6 +2,7 @@ from __future__ import unicode_literals
 
 import os
 import uuid
+import jms_storage
 
 from django.db import models
 from django.db.models.signals import post_save
@@ -13,9 +14,11 @@ from django.core.cache import cache
 
 from users.models import User
 from orgs.mixins.models import OrgModelMixin
-from common.utils import get_command_storage_setting, get_replay_storage_setting
+from common.mixins import CommonModelMixin
+from common.fields.model import EncryptJsonDictTextField
 from .backends import get_multi_command_storage
 from .backends.command.models import AbstractSessionCommand
+from . import const
 
 
 class Terminal(models.Model):
@@ -55,21 +58,21 @@ class Terminal(models.Model):
             self.user.is_active = active
             self.user.save()
 
-    def get_command_storage_setting(self):
-        storage_all = get_command_storage_setting()
-        if self.command_storage in storage_all:
-            storage = storage_all.get(self.command_storage)
+    def get_command_storage_config(self):
+        s = CommandStorage.objects.filter(name=self.command_storage).first()
+        if s:
+            config = s.config
         else:
-            storage = storage_all.get('default')
-        return {"TERMINAL_COMMAND_STORAGE": storage}
+            config = settings.DEFAULT_TERMINAL_COMMAND_STORAGE
+        return {"TERMINAL_COMMAND_STORAGE": config}
 
-    def get_replay_storage_setting(self):
-        storage_all = get_replay_storage_setting()
-        if self.replay_storage in storage_all:
-            storage = storage_all.get(self.replay_storage)
+    def get_replay_storage_config(self):
+        s = ReplayStorage.objects.filter(name=self.replay_storage).first()
+        if s:
+            config = s.config
         else:
-            storage = storage_all.get('default')
-        return {"TERMINAL_REPLAY_STORAGE": storage}
+            config = settings.DEFAULT_TERMINAL_REPLAY_STORAGE
+        return {"TERMINAL_REPLAY_STORAGE": config}
 
     @property
     def config(self):
@@ -78,8 +81,8 @@ class Terminal(models.Model):
             if not k.startswith('TERMINAL'):
                 continue
             configs[k] = getattr(settings, k)
-        configs.update(self.get_command_storage_setting())
-        configs.update(self.get_replay_storage_setting())
+        configs.update(self.get_command_storage_config())
+        configs.update(self.get_replay_storage_config())
         configs.update({
             'SECURITY_MAX_IDLE_TIME': settings.SECURITY_MAX_IDLE_TIME
         })
@@ -153,17 +156,19 @@ class Session(OrgModelMixin):
     )
 
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
-    user = models.CharField(max_length=128, verbose_name=_("User"))
-    asset = models.CharField(max_length=1024, verbose_name=_("Asset"))
-    system_user = models.CharField(max_length=128, verbose_name=_("System user"))
+    user = models.CharField(max_length=128, verbose_name=_("User"), db_index=True)
+    user_id = models.CharField(blank=True, default='', max_length=36, db_index=True)
+    asset = models.CharField(max_length=1024, verbose_name=_("Asset"), db_index=True)
+    asset_id = models.CharField(blank=True, default='', max_length=36, db_index=True)
+    system_user = models.CharField(max_length=128, verbose_name=_("System user"), db_index=True)
+    system_user_id = models.CharField(blank=True, default='', max_length=36, db_index=True)
     login_from = models.CharField(max_length=2, choices=LOGIN_FROM_CHOICES, default="ST")
-    remote_addr = models.CharField(max_length=15, verbose_name=_("Remote addr"), blank=True, null=True)
+    remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True)
     is_finished = models.BooleanField(default=False)
     has_replay = models.BooleanField(default=False, verbose_name=_("Replay"))
     has_command = models.BooleanField(default=False, verbose_name=_("Command"))
     terminal = models.ForeignKey(Terminal, null=True, on_delete=models.SET_NULL)
-    protocol = models.CharField(choices=PROTOCOL_CHOICES, default='ssh', max_length=8)
-    date_last_active = models.DateTimeField(verbose_name=_("Date last active"), default=timezone.now)
+    protocol = models.CharField(choices=PROTOCOL_CHOICES, default='ssh', max_length=8, db_index=True)
     date_start = models.DateTimeField(verbose_name=_("Date start"), db_index=True, default=timezone.now)
     date_end = models.DateTimeField(verbose_name=_("Date end"), null=True)
 
@@ -282,3 +287,80 @@ class Command(AbstractSessionCommand):
     class Meta:
         db_table = "terminal_command"
         ordering = ('-timestamp',)
+
+
+class CommandStorage(CommonModelMixin):
+    TYPE_CHOICES = const.COMMAND_STORAGE_TYPE_CHOICES
+    TYPE_DEFAULTS = dict(const.REPLAY_STORAGE_TYPE_CHOICES_DEFAULT).keys()
+    TYPE_SERVER = const.COMMAND_STORAGE_TYPE_SERVER
+
+    name = models.CharField(max_length=32, verbose_name=_("Name"), unique=True)
+    type = models.CharField(
+        max_length=16, choices=TYPE_CHOICES, verbose_name=_('Type'),
+        default=TYPE_SERVER
+    )
+    meta = EncryptJsonDictTextField(default={})
+    comment = models.TextField(
+        max_length=128, default='', blank=True, verbose_name=_('Comment')
+    )
+
+    def __str__(self):
+        return self.name
+
+    @property
+    def config(self):
+        config = self.meta
+        config.update({'TYPE': self.type})
+        return config
+
+    def in_defaults(self):
+        return self.type in self.TYPE_DEFAULTS
+
+    def is_valid(self):
+        if self.in_defaults():
+            return True
+        storage = jms_storage.get_log_storage(self.config)
+        return storage.ping()
+
+    def can_delete(self):
+        return not self.in_defaults()
+
+
+class ReplayStorage(CommonModelMixin):
+    TYPE_CHOICES = const.REPLAY_STORAGE_TYPE_CHOICES
+    TYPE_SERVER = const.REPLAY_STORAGE_TYPE_SERVER
+    TYPE_DEFAULTS = dict(const.REPLAY_STORAGE_TYPE_CHOICES_DEFAULT).keys()
+
+    name = models.CharField(max_length=32, verbose_name=_("Name"), unique=True)
+    type = models.CharField(
+        max_length=16, choices=TYPE_CHOICES, verbose_name=_('Type'),
+        default=TYPE_SERVER
+    )
+    meta = EncryptJsonDictTextField(default={})
+    comment = models.TextField(
+        max_length=128, default='', blank=True, verbose_name=_('Comment')
+    )
+
+    def __str__(self):
+        return self.name
+
+    @property
+    def config(self):
+        config = self.meta
+        config.update({'TYPE': self.type})
+        return config
+
+    def in_defaults(self):
+        return self.type in self.TYPE_DEFAULTS
+
+    def is_valid(self):
+        if self.in_defaults():
+            return True
+        storage = jms_storage.get_object_storage(self.config)
+        target = 'tests.py'
+        src = os.path.join(settings.BASE_DIR, 'common', target)
+        return storage.is_valid(src, target)
+
+    def can_delete(self):
+        return not self.in_defaults()
+
diff --git a/apps/terminal/serializers/__init__.py b/apps/terminal/serializers/__init__.py
index e198ec278..83e851bae 100644
--- a/apps/terminal/serializers/__init__.py
+++ b/apps/terminal/serializers/__init__.py
@@ -1,3 +1,5 @@
 # -*- coding: utf-8 -*-
 #
-from .v1 import *
+from .terminal import *
+from .session import *
+from .storage import *
diff --git a/apps/terminal/serializers/session.py b/apps/terminal/serializers/session.py
new file mode 100644
index 000000000..8d71b2a95
--- /dev/null
+++ b/apps/terminal/serializers/session.py
@@ -0,0 +1,24 @@
+from rest_framework import serializers
+
+from orgs.mixins.serializers import BulkOrgResourceModelSerializer
+from common.serializers import AdaptedBulkListSerializer
+from ..models import Session
+
+
+class SessionSerializer(BulkOrgResourceModelSerializer):
+    command_amount = serializers.IntegerField(read_only=True)
+    org_id = serializers.CharField(allow_blank=True)
+
+    class Meta:
+        model = Session
+        list_serializer_class = AdaptedBulkListSerializer
+        fields = [
+            "id", "user", "asset", "system_user", "login_from",
+            "login_from_display", "remote_addr", "is_finished",
+            "has_replay", "can_replay", "protocol", "date_start", "date_end",
+            "terminal", "command_amount",
+        ]
+
+
+class ReplaySerializer(serializers.Serializer):
+    file = serializers.FileField(allow_empty_file=True)
diff --git a/apps/terminal/serializers/storage.py b/apps/terminal/serializers/storage.py
new file mode 100644
index 000000000..6e96faf41
--- /dev/null
+++ b/apps/terminal/serializers/storage.py
@@ -0,0 +1,73 @@
+# -*- coding: utf-8 -*-
+#
+import copy
+from rest_framework import serializers
+
+from common.fields.serializer import CustomMetaDictField
+from ..models import ReplayStorage, CommandStorage
+from .. import const
+
+
+class ReplayStorageMetaDictField(CustomMetaDictField):
+    type_map_fields = const.REPLAY_STORAGE_TYPE_MAP_FIELDS
+    default_type = const.REPLAY_STORAGE_TYPE_SERVER
+    need_convert_key = True
+
+
+class BaseStorageSerializerMixin:
+    type_map_fields = None
+
+    def process_meta(self, instance, validated_data):
+        new_meta = copy.deepcopy(validated_data.get('meta', {}))
+        tp = validated_data.get('type', '')
+
+        if tp != instance.type:
+            return new_meta
+
+        old_meta = instance.meta
+        fields = self.type_map_fields.get(instance.type, [])
+        for field in fields:
+            if not field.get('write_only', False):
+                continue
+            field_name = field['name']
+            new_value = new_meta.get(field_name, '')
+            old_value = old_meta.get(field_name, '')
+            field_value = new_value if new_value else old_value
+            new_meta[field_name] = field_value
+
+        return new_meta
+
+    def update(self, instance, validated_data):
+        meta = self.process_meta(instance, validated_data)
+        validated_data['meta'] = meta
+        return super().update(instance, validated_data)
+
+
+class ReplayStorageSerializer(BaseStorageSerializerMixin,
+                              serializers.ModelSerializer):
+
+    meta = ReplayStorageMetaDictField()
+
+    type_map_fields = const.REPLAY_STORAGE_TYPE_MAP_FIELDS
+
+    class Meta:
+        model = ReplayStorage
+        fields = ['id', 'name', 'type', 'meta', 'comment']
+
+
+class CommandStorageMetaDictField(CustomMetaDictField):
+    type_map_fields = const.COMMAND_STORAGE_TYPE_MAP_FIELDS
+    default_type = const.COMMAND_STORAGE_TYPE_SERVER
+    need_convert_key = True
+
+
+class CommandStorageSerializer(BaseStorageSerializerMixin,
+                               serializers.ModelSerializer):
+
+    meta = CommandStorageMetaDictField()
+
+    type_map_fields = const.COMMAND_STORAGE_TYPE_MAP_FIELDS
+
+    class Meta:
+        model = CommandStorage
+        fields = ['id', 'name', 'type', 'meta', 'comment']
diff --git a/apps/terminal/serializers/v1.py b/apps/terminal/serializers/terminal.py
similarity index 55%
rename from apps/terminal/serializers/v1.py
rename to apps/terminal/serializers/terminal.py
index 96560e374..1df4b40e6 100644
--- a/apps/terminal/serializers/v1.py
+++ b/apps/terminal/serializers/terminal.py
@@ -1,11 +1,10 @@
-# -*- coding: utf-8 -*-
-#
 from rest_framework import serializers
 
-from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from common.mixins import BulkSerializerMixin
 from common.serializers import AdaptedBulkListSerializer
-from ..models import Terminal, Status, Session, Task
+from ..models import (
+    Terminal, Status, Session, Task
+)
 
 
 class TerminalSerializer(serializers.ModelSerializer):
@@ -25,21 +24,6 @@ class TerminalSerializer(serializers.ModelSerializer):
         return Session.objects.filter(terminal=obj, is_finished=False).count()
 
 
-class SessionSerializer(BulkOrgResourceModelSerializer):
-    command_amount = serializers.IntegerField(read_only=True)
-    org_id = serializers.CharField(allow_blank=True)
-
-    class Meta:
-        model = Session
-        list_serializer_class = AdaptedBulkListSerializer
-        fields = [
-            "id", "user", "asset", "system_user", "login_from",
-            "login_from_display", "remote_addr", "is_finished",
-            "has_replay", "can_replay", "protocol", "date_start", "date_end",
-            "terminal", "command_amount",
-        ]
-
-
 class StatusSerializer(serializers.ModelSerializer):
     class Meta:
         fields = ['id', 'terminal']
@@ -52,9 +36,3 @@ class TaskSerializer(BulkSerializerMixin, serializers.ModelSerializer):
         fields = '__all__'
         model = Task
         list_serializer_class = AdaptedBulkListSerializer
-
-
-class ReplaySerializer(serializers.Serializer):
-    file = serializers.FileField(allow_empty_file=True)
-
-
diff --git a/apps/terminal/templates/terminal/base_storage_create_update.html b/apps/terminal/templates/terminal/base_storage_create_update.html
new file mode 100644
index 000000000..e432ecfda
--- /dev/null
+++ b/apps/terminal/templates/terminal/base_storage_create_update.html
@@ -0,0 +1,59 @@
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block form %}
+    <form id="StorageForm" method="post" class="form-horizontal">
+        {% bootstrap_form form layout="horizontal"%}
+        <div class="hr-line-dashed"></div>
+        <div class="form-group">
+            <div class="col-sm-4 col-sm-offset-2">
+                <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+                <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+            </div>
+        </div>
+
+    </form>
+{% endblock %}
+
+{% block custom_foot_js %}
+<script type="text/javascript">
+var storageCreateUrl, storageUpdateUrl, storageListUrl = null;
+var type_id = '#' + '{{ form.type.id_for_label }}';
+var api_action = "{{ api_action }}";
+
+function getFormDataType(){
+    return $(type_id+ " option:selected").val();
+}
+function getFormData(form){
+    var data = form.serializeObject();
+    data['type'] = getFormDataType();
+    data['meta'] = constructFormDataMeta(data);
+    return data
+}
+
+$(document).ready(function () {
+})
+.on("submit", "form", function (evt) {
+    evt.preventDefault();
+    var the_url = storageCreateUrl;
+    var method = "POST";
+    {% if api_action == "update" %}
+        the_url = storageUpdateUrl.replace('{{ DEFAULT_PK }}', '{{ object.id }}');
+        method = "PUT";
+    {% endif %}
+    var redirect_to = storageListUrl;
+    var form = $("form");
+    var data = getFormData(form);
+    var props = {
+        url: the_url,
+        data: data,
+        method: method,
+        form: form,
+        redirect_to: redirect_to
+    };
+    formSubmit(props);
+})
+</script>
+{% endblock %}
diff --git a/apps/terminal/templates/terminal/base_storage_list.html b/apps/terminal/templates/terminal/base_storage_list.html
new file mode 100644
index 000000000..40e93664b
--- /dev/null
+++ b/apps/terminal/templates/terminal/base_storage_list.html
@@ -0,0 +1,130 @@
+{% extends 'base.html' %}
+{% load i18n static %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeIn">
+        <div class="col-lg-12">
+            <div class="tabs-container">
+                <ul class="nav nav-tabs">
+                    <li {% if is_replay %}class="active" {% endif %}><a href="{% url 'terminal:replay-storage-list' %}"> {% trans 'Replay storage' %}</a></li>
+                    <li {% if is_command %}class="active" {% endif %}><a href="{% url 'terminal:command-storage-list' %}" >{% trans 'Command storage' %}</a></li>
+                </ul>
+                <div class="tab-content">
+                    <div id="my-tickets" class="tab-pane active">
+                        <div class="panel-body">
+                            <div class="btn-group uc pull-left m-r-5">
+                                <button class="btn btn-sm btn-primary">
+                                    {% block create_storage_info %}{% endblock %}
+                                </button>
+                                <button data-toggle="dropdown" class="btn btn-primary btn-sm dropdown-toggle"><span class="caret"></span></button>
+                                <ul class="dropdown-menu">
+                                {% for key, value in type_choices %}
+                                    <li><a class="" href="{% block create_storage_url %}{% endblock %}?type={{ key }}">{{ value }}</a></li>
+                                {% endfor %}
+                                </ul>
+                            </div>
+                            <table class="table table-striped table-bordered table-hover" id="storage_list_table" >
+                                <thead>
+                                <tr>
+                                    <th class="text-center">
+                                        <input id="" type="checkbox" class="ipt_check_all">
+                                    </th>
+                                    <th class="text-center">{% trans 'Name' %}</th>
+                                    <th class="text-center">{% trans 'Type' %}</th>
+                                    <th class="text-center">{% trans 'Comment' %}</th>
+                                    <th class="text-center" style="width: 150px">{% trans 'Action' %}</th>
+                                </tr>
+                                </thead>
+                                <tbody>
+                                </tbody>
+                            </table>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script>
+var storage_table , storageTableAjaxUrl , storageUpdateUrl , storageDeleteUrl , storageTestConnectiveUrl = null ;
+
+function initTable() {
+    var options = {
+        ele: $('#storage_list_table'),
+        columnDefs: [
+            {targets: 4, createdCell: function (td, cellData, rowData) {
+                    var name = htmlEscape(rowData.name);
+                    var del_btn, update_btn;
+                    if (['server', 'null'].indexOf(rowData.type) === -1){
+                        del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del" data-uid="{{ DEFAULT_PK }}" mark=1 data-name="99991938">{% trans "Delete" %}</a>'
+                            .replace('{{ DEFAULT_PK }}', cellData)
+                            .replace('99991938', name);
+                        update_btn = '<a class="btn btn-xs m-l-xs btn-info btn-update" data-uid="{{ DEFAULT_PK }}">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+
+                    }
+                    else{
+                        del_btn = '<a class="btn btn-xs btn-danger disabled m-l-xs btn-del" data-uid="{{ DEFAULT_PK }}" mark=1 data-name="99991938">{% trans "Delete" %}</a>'
+                            .replace('{{ DEFAULT_PK }}', cellData)
+                            .replace('99991938', name);
+                        update_btn = '<a class="btn btn-xs m-l-xs disabled btn-info btn-update" data-uid="{{ DEFAULT_PK }}">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                    }
+                    var test_btn = '<a class="btn btn-xs btn-primary m-l-xs btn-test-connective" data-uid="{{ DEFAULT_PK }}">{% trans 'Test' %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                    $(td).html(update_btn + del_btn + test_btn);
+                }
+            }
+        ],
+        ajax_url: storageTableAjaxUrl,
+        columns: [
+            {data: "id"}, {data: "name" }, {data: "type"}, {data: "comment"},
+            {data: "id", orderable: false,}
+        ],
+        op_html: $('#actions').html()
+    };
+    storage_table = jumpserver.initServerSideDataTable(options);
+    return storage_table
+}
+
+$(document).ready(function(){
+    initTable()
+})
+.on('click', '.btn-update', function (){
+    var $this = $(this);
+    var uid = $this.data('uid');
+    window.location.href = storageUpdateUrl.replace('{{ DEFAULT_PK }}', uid);
+})
+.on('click', '.btn-del', function () {
+    var $this = $(this);
+    var uid = $this.data('uid');
+    var name = $this.data('name');
+    var the_url = storageDeleteUrl.replace('{{ DEFAULT_PK }}', uid);
+    objectDelete($this, name, the_url);
+})
+.on('click', '.btn-test-connective', function () {
+    var $this = $(this);
+    var uid = $this.data('uid');
+    var the_url = storageTestConnectiveUrl.replace('{{ DEFAULT_PK }}', uid);
+    var error = function (data) {
+        toastr.error(data)
+    };
+    var success = function(data) {
+        var isValid = data.is_valid;
+        if (isValid){
+            toastr.success(data.msg)
+        }
+        else{
+            toastr.error(data.msg)
+        }
+    };
+    requestApi({
+        url: the_url,
+        error: error,
+        method: 'GET',
+        success: success,
+        flash_message: false
+    });
+})
+</script>
+{% endblock %}
+
diff --git a/apps/terminal/templates/terminal/command_storage_create_update.html b/apps/terminal/templates/terminal/command_storage_create_update.html
new file mode 100644
index 000000000..8abb976ae
--- /dev/null
+++ b/apps/terminal/templates/terminal/command_storage_create_update.html
@@ -0,0 +1,30 @@
+{% extends 'terminal/base_storage_create_update.html' %}
+{% load i18n static %}
+
+{% block custom_foot_js %}
+{{ block.super }}
+
+<script type="text/javascript">
+
+storageCreateUrl = "{% url 'api-terminal:command-storage-list' %}";
+storageUpdateUrl = "{% url 'api-terminal:command-storage-detail' pk=DEFAULT_PK %}";
+storageListUrl = "{% url "terminal:command-storage-list" %}";
+
+function constructFormDataMeta(data){
+    var meta = {};
+    var type = data.type;
+    for (var k in data){
+        if (k.startsWith(type)){
+            var v = data[k];
+            if (k === 'es_hosts'){
+                v = v.split(',');
+            }
+            meta[k] = v;
+            delete data[k]
+        }
+    }
+    return meta
+}
+
+</script>
+{% endblock %}
diff --git a/apps/terminal/templates/terminal/command_storage_list.html b/apps/terminal/templates/terminal/command_storage_list.html
new file mode 100644
index 000000000..724425cca
--- /dev/null
+++ b/apps/terminal/templates/terminal/command_storage_list.html
@@ -0,0 +1,15 @@
+{% extends 'terminal/base_storage_list.html' %}
+{% load i18n static %}
+
+{% block create_storage_url %}{% url "terminal:command-storage-create" %}{% endblock%}
+{% block create_storage_info %}{% trans 'Create command storage' %}{% endblock %}
+{% block custom_foot_js %}
+{{ block.super }}
+<script>
+storageTableAjaxUrl = '{% url "api-terminal:command-storage-list" %}';
+storageUpdateUrl = '{% url "terminal:command-storage-update" pk=DEFAULT_PK %}';
+storageDeleteUrl = '{% url "api-terminal:command-storage-detail" pk=DEFAULT_PK %}';
+storageTestConnectiveUrl = '{% url "api-terminal:command-storage-test-connective" pk=DEFAULT_PK %}';
+</script>
+{% endblock %}
+
diff --git a/apps/terminal/templates/terminal/replay_storage_create_update.html b/apps/terminal/templates/terminal/replay_storage_create_update.html
new file mode 100644
index 000000000..878301d93
--- /dev/null
+++ b/apps/terminal/templates/terminal/replay_storage_create_update.html
@@ -0,0 +1,25 @@
+{% extends 'terminal/base_storage_create_update.html' %}
+{% load i18n static %}
+
+{% block custom_foot_js %}
+{{ block.super }}
+
+<script type="text/javascript">
+storageCreateUrl = "{% url 'api-terminal:replay-storage-list' %}";
+storageUpdateUrl = "{% url 'api-terminal:replay-storage-detail' pk=DEFAULT_PK %}";
+storageListUrl = "{% url "terminal:replay-storage-list" %}";
+
+function constructFormDataMeta(data){
+    var meta = {};
+    var type = data.type;
+    for (var k in data){
+        if (k.startsWith(type)){
+            meta[k] = data[k];
+            delete data[k]
+        }
+    }
+    return meta
+}
+
+</script>
+{% endblock %}
diff --git a/apps/terminal/templates/terminal/replay_storage_list.html b/apps/terminal/templates/terminal/replay_storage_list.html
new file mode 100644
index 000000000..786f4c844
--- /dev/null
+++ b/apps/terminal/templates/terminal/replay_storage_list.html
@@ -0,0 +1,14 @@
+{% extends 'terminal/base_storage_list.html' %}
+{% load i18n static %}
+
+{% block create_storage_url %}{% url "terminal:replay-storage-create" %}{% endblock%}
+{% block create_storage_info %}{% trans 'Create replay storage' %}{% endblock %}
+{% block custom_foot_js %}
+{{ block.super }}
+<script>
+    storageTableAjaxUrl = '{% url "api-terminal:replay-storage-list" %}';
+    storageUpdateUrl = '{% url "terminal:replay-storage-update" pk=DEFAULT_PK %}';
+    storageDeleteUrl = '{% url "api-terminal:replay-storage-detail" pk=DEFAULT_PK %}';
+    storageTestConnectiveUrl = '{% url "api-terminal:replay-storage-test-connective" pk=DEFAULT_PK %}';
+</script>
+{% endblock %}
diff --git a/apps/terminal/templates/terminal/session_list.html b/apps/terminal/templates/terminal/session_list.html
index 1393bd241..965b8f556 100644
--- a/apps/terminal/templates/terminal/session_list.html
+++ b/apps/terminal/templates/terminal/session_list.html
@@ -5,8 +5,6 @@
 {% load common_tags %}
 {% block custom_head_css_js %}
     <link href="{% static 'css/plugins/datepicker/datepicker3.css' %}" rel="stylesheet">
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
 {% endblock %}
 
 {% block content_left_head %}
diff --git a/apps/terminal/templates/terminal/terminal_list.html b/apps/terminal/templates/terminal/terminal_list.html
index 53325694b..f77949bfa 100644
--- a/apps/terminal/templates/terminal/terminal_list.html
+++ b/apps/terminal/templates/terminal/terminal_list.html
@@ -18,6 +18,7 @@
 {% block table_search %}{% endblock %}
 
 {% block table_container %}
+<div class="uc pull-left m-r-5"><a href="{% url "terminal:replay-storage-list" %}" class="btn btn-sm btn-primary"> {% trans "Storage configuration" %} </a></div>
 <table class="table table-striped table-bordered table-hover " id="terminal_list_table" >
     <thead>
         <tr>
diff --git a/apps/terminal/templates/terminal/terminal_update.html b/apps/terminal/templates/terminal/terminal_update.html
index f9554fda4..e140cd678 100644
--- a/apps/terminal/templates/terminal/terminal_update.html
+++ b/apps/terminal/templates/terminal/terminal_update.html
@@ -3,8 +3,6 @@
 {% load static %}
 {% load bootstrap3 %}
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <link href="{% static "css/plugins/datepicker/datepicker3.css" %}" rel="stylesheet">
 {% endblock %}
 
diff --git a/apps/terminal/urls/api_urls.py b/apps/terminal/urls/api_urls.py
index 96db7d31f..8c19fa685 100644
--- a/apps/terminal/urls/api_urls.py
+++ b/apps/terminal/urls/api_urls.py
@@ -18,6 +18,8 @@ router.register(r'terminals', api.TerminalViewSet, 'terminal')
 router.register(r'tasks', api.TaskViewSet, 'tasks')
 router.register(r'commands', api.CommandViewSet, 'command')
 router.register(r'status', api.StatusViewSet, 'status')
+router.register(r'replay-storages', api.ReplayStorageViewSet, 'replay-storage')
+router.register(r'command-storages', api.CommandStorageViewSet, 'command-storage')
 
 urlpatterns = [
     path('sessions/<uuid:pk>/replay/',
@@ -27,7 +29,9 @@ urlpatterns = [
     path('terminals/<uuid:terminal>/access-key/', api.TerminalTokenApi.as_view(),
          name='terminal-access-key'),
     path('terminals/config/', api.TerminalConfig.as_view(), name='terminal-config'),
-    path('commands/export/', api.CommandExportApi.as_view(), name="command-export")
+    path('commands/export/', api.CommandExportApi.as_view(), name="command-export"),
+    path('replay-storages/<uuid:pk>/test-connective/', api.ReplayStorageTestConnectiveApi.as_view(), name='replay-storage-test-connective'),
+    path('command-storages/<uuid:pk>/test-connective/', api.CommandStorageTestConnectiveApi.as_view(), name='command-storage-test-connective')
     # v2: get session's replay
     # path('v2/sessions/<uuid:pk>/replay/',
     #     api.SessionReplayV2ViewSet.as_view({'get': 'retrieve'}),
diff --git a/apps/terminal/urls/views_urls.py b/apps/terminal/urls/views_urls.py
index 61db49c45..5caec1e75 100644
--- a/apps/terminal/urls/views_urls.py
+++ b/apps/terminal/urls/views_urls.py
@@ -26,4 +26,14 @@ urlpatterns = [
     # Command view
     path('command/', views.CommandListView.as_view(), name='command-list'),
 
+    # replay-storage
+    path('terminal/replay-storage/', views.ReplayStorageListView.as_view(), name='replay-storage-list'),
+    path('terminal/replay-storage/create/', views.ReplayStorageCreateView.as_view(), name='replay-storage-create'),
+    path('terminal/replay-storage/<uuid:pk>/update/', views.ReplayStorageUpdateView.as_view(), name='replay-storage-update'),
+
+    # command-storage
+    path('terminal/command-storage/', views.CommandStorageListView.as_view(), name='command-storage-list'),
+    path('terminal/command-storage/create/', views.CommandStorageCreateView.as_view(), name='command-storage-create'),
+    path('terminal/command-storage/<uuid:pk>/update/', views.CommandStorageUpdateView.as_view(), name='command-storage-update'),
+
 ]
diff --git a/apps/terminal/views/__init__.py b/apps/terminal/views/__init__.py
index 8267a40bc..a63c3cf9a 100644
--- a/apps/terminal/views/__init__.py
+++ b/apps/terminal/views/__init__.py
@@ -3,3 +3,7 @@
 from .terminal import *
 from .session import *
 from .command import *
+from .storage import *
+
+# from .replay_storage import *
+# from .command_storage import *
diff --git a/apps/terminal/views/storage.py b/apps/terminal/views/storage.py
new file mode 100644
index 000000000..ae68d508f
--- /dev/null
+++ b/apps/terminal/views/storage.py
@@ -0,0 +1,179 @@
+# coding: utf-8
+#
+
+from django.http import Http404
+from django.views.generic import TemplateView
+from django.views.generic.edit import CreateView, UpdateView
+from django.utils.translation import ugettext as _
+
+from common.permissions import PermissionsMixin, IsSuperUser
+from terminal.models import ReplayStorage, CommandStorage
+from .. import forms, const
+
+
+__all__ = [
+    'ReplayStorageListView', 'ReplayStorageCreateView',
+    'ReplayStorageUpdateView', 'CommandStorageListView',
+    'CommandStorageCreateView', 'CommandStorageUpdateView'
+]
+
+
+class ReplayStorageListView(PermissionsMixin, TemplateView):
+    template_name = 'terminal/replay_storage_list.html'
+    permission_classes = [IsSuperUser]
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Terminal'),
+            'action': _('Replay storage list'),
+            'is_replay': True,
+            'type_choices': const.REPLAY_STORAGE_TYPE_CHOICES_EXTENDS,
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class CommandStorageListView(PermissionsMixin, TemplateView):
+    template_name = 'terminal/command_storage_list.html'
+    permission_classes = [IsSuperUser]
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Terminal'),
+            'action': _('Command storage list'),
+            'type_choices': const.COMMAND_STORAGE_TYPE_CHOICES_EXTENDS,
+            'is_command': True,
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class BaseStorageCreateUpdateViewMixin:
+    permission_classes = [IsSuperUser]
+    default_type = None
+    form_class = None
+    form_class_choices = {}
+
+    def get_initial(self):
+        return {'type': self.get_type()}
+
+    def get_type(self):
+        return self.default_type
+
+    def get_form_class(self):
+        tp = self.get_type()
+        form_class = self.form_class_choices.get(tp)
+        if not form_class:
+            raise Http404()
+        return form_class
+
+
+class ReplayStorageCreateUpdateViewMixin(BaseStorageCreateUpdateViewMixin):
+    model = ReplayStorage
+    default_type = const.REPLAY_STORAGE_TYPE_S3
+    form_class = forms.ReplayStorageS3Form
+    form_class_choices = {
+        const.REPLAY_STORAGE_TYPE_S3: forms.ReplayStorageS3Form,
+        const.REPLAY_STORAGE_TYPE_OSS: forms.ReplayStorageOSSForm,
+        const.REPLAY_STORAGE_TYPE_AZURE: forms.ReplayStorageAzureForm
+    }
+
+
+class ReplayStorageCreateView(ReplayStorageCreateUpdateViewMixin,
+                              PermissionsMixin, CreateView):
+    template_name = 'terminal/replay_storage_create_update.html'
+
+    def get_type(self):
+        tp = self.request.GET.get("type")
+        if tp:
+            return tp.lower()
+        return super().get_type()
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Terminal'),
+            'action': _('Create replay storage'),
+            'api_action': 'create'
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class ReplayStorageUpdateView(ReplayStorageCreateUpdateViewMixin,
+                              PermissionsMixin, UpdateView):
+    template_name = 'terminal/replay_storage_create_update.html'
+
+    def get_initial(self):
+        initial_data = super().get_initial()
+        for k, v in self.object.meta.items():
+            _k = "{}_{}".format(self.object.type, k.lower())
+            initial_data[_k] = v
+        return initial_data
+
+    def get_type(self):
+        return self.object.type
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Terminal'),
+            'action': _('Update replay storage'),
+            'api_action': 'update'
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class CommandStorageCreateUpdateViewMixin(BaseStorageCreateUpdateViewMixin):
+    model = CommandStorage
+    default_type = const.COMMAND_STORAGE_TYPE_ES
+    form_class = forms.CommandStorageTypeESForm
+    form_class_choices = {
+        const.COMMAND_STORAGE_TYPE_ES: forms.CommandStorageTypeESForm
+    }
+
+
+class CommandStorageCreateView(CommandStorageCreateUpdateViewMixin,
+                               PermissionsMixin, CreateView):
+    template_name = 'terminal/command_storage_create_update.html'
+
+    def get_type(self):
+        tp = self.request.GET.get("type")
+        if tp:
+            return tp.lower()
+        return super().get_type()
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Terminal'),
+            'action': _('Create command storage'),
+            'api_action': 'create'
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class CommandStorageUpdateView(CommandStorageCreateUpdateViewMixin,
+                               PermissionsMixin, UpdateView):
+    template_name = 'terminal/command_storage_create_update.html'
+
+    def get_initial(self):
+        initial_data = super().get_initial()
+        for k, v in self.object.meta.items():
+            _k = "{}_{}".format(self.object.type, k.lower())
+            if k == 'HOSTS':
+                v = ','.join(v)
+            initial_data[_k] = v
+        return initial_data
+
+    def get_type(self):
+        return self.object.type
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Terminal'),
+            'action': _('Update command storage'),
+            'api_action': 'update'
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
diff --git a/apps/tickets/serializers/ticket.py b/apps/tickets/serializers/ticket.py
index f148c6375..e6ca13a2b 100644
--- a/apps/tickets/serializers/ticket.py
+++ b/apps/tickets/serializers/ticket.py
@@ -32,8 +32,6 @@ class TicketSerializer(serializers.ModelSerializer):
         if action and user not in instance.assignees.all():
             error = {"action": "Only assignees can update"}
             raise serializers.ValidationError(error)
-        print(validated_data)
-        print(instance.status)
         if instance.status == instance.STATUS_CLOSED:
             validated_data.pop('action')
         instance = super().update(instance, validated_data)
diff --git a/apps/users/api/relation.py b/apps/users/api/relation.py
index a579419d5..fbab92ee9 100644
--- a/apps/users/api/relation.py
+++ b/apps/users/api/relation.py
@@ -19,8 +19,8 @@ class UserUserGroupRelationViewSet(BulkModelViewSet):
 
     def get_queryset(self):
         queryset = User.groups.through.objects.all()\
-            .annotate(user_name=F('user__name'))\
-            .annotate(usergroup_name=F('usergroup__name'))
+            .annotate(user_display=F('user__name'))\
+            .annotate(usergroup_display=F('usergroup__name'))
         return queryset
 
     def allow_bulk_destroy(self, qs, filtered):
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index ba4668f7f..a59e4b332 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -384,7 +384,7 @@ class MFAMixin:
 
     @staticmethod
     def mfa_is_otp():
-        if settings.CONFIG.OTP_IN_RADIUS:
+        if settings.OTP_IN_RADIUS:
             return False
         return True
 
@@ -401,7 +401,7 @@ class MFAMixin:
         return check_otp_code(self.otp_secret_key, code)
 
     def check_mfa(self, code):
-        if settings.CONFIG.OTP_IN_RADIUS:
+        if settings.OTP_IN_RADIUS:
             return self.check_radius(code)
         else:
             return self.check_otp(code)
@@ -540,6 +540,9 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser):
             return True
         return False
 
+    def set_avatar(self, f):
+        self.avatar.save(self.username, f)
+
     def avatar_url(self):
         admin_default = settings.STATIC_URL + "img/avatar/admin.png"
         user_default = settings.STATIC_URL + "img/avatar/user.png"
diff --git a/apps/users/serializers/realtion.py b/apps/users/serializers/realtion.py
index 15cc9e43c..b768c57fc 100644
--- a/apps/users/serializers/realtion.py
+++ b/apps/users/serializers/realtion.py
@@ -8,9 +8,11 @@ __all__ = ['UserUserGroupRelationSerializer']
 
 
 class UserUserGroupRelationSerializer(serializers.ModelSerializer):
-    user_name = serializers.CharField(read_only=True)
-    usergroup_name = serializers.CharField(read_only=True)
+    user_display = serializers.CharField(read_only=True)
+    usergroup_display = serializers.CharField(read_only=True)
 
     class Meta:
         model = User.groups.through
-        fields = ['id', 'user', 'user_name', 'usergroup', 'usergroup_name']
+        fields = [
+            'id', 'user', 'user_display', 'usergroup', 'usergroup_display'
+        ]
diff --git a/apps/users/templates/users/user_asset_permission.html b/apps/users/templates/users/user_asset_permission.html
new file mode 100644
index 000000000..f75196bdd
--- /dev/null
+++ b/apps/users/templates/users/user_asset_permission.html
@@ -0,0 +1,226 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
+    <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
+{% endblock %}
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'users:user-detail' pk=object.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'User detail' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'users:user-granted-asset' pk=object.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset granted' %}</a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'users:user-asset-permission' pk=object.id %}" class="text-center"><i class="fa fa-edit"></i> {% trans 'Asset permission' %}</a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-10" style="padding-left: 0">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span class="label"><b>{{ object.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <div class="mail-box-header">
+                                        <table class="table table-striped table-bordered table-hover"
+                                               id="permission_list_table"
+                                               style="width: 100%">
+                                            <thead>
+                                            <tr>
+                                                <th></th>
+                                                <th>{% trans 'Name' %}</th>
+                                                <th class="text-center">{% trans 'User' %}</th>
+                                                <th class="text-center">{% trans 'User group' %}</th>
+                                                <th class="text-center">{% trans 'Asset' %}</th>
+                                                <th class="text-center">{% trans 'Node' %}</th>
+                                                <th class="text-center">{% trans 'System user' %}</th>
+                                                <th class="text-center">{% trans 'Validity' %}</th>
+                                                <th class="text-center">{% trans 'Action' %}</th>
+                                            </tr>
+                                            </thead>
+                                            <tbody>
+                                            </tbody>
+                                        </table>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+    {% include '_filter_dropdown.html' %}
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+jumpserver.nodes_selected = {};
+function format(d) {
+    var data = "";
+    if (d.users.length > 0 ) {
+        data += makeLabel(["{% trans 'User' %}", d.users.join(", ")])
+    }
+    if (d.user_groups.length > 0) {
+        data += makeLabel(["{% trans 'User group' %}", d.user_groups.join(", ")])
+    }
+    if (d.assets.length > 0) {
+       data += makeLabel(["{% trans 'Asset' %}", d.assets.join(", ")])
+    }
+    if (d.nodes.length > 0) {
+        data += makeLabel(["{% trans 'Node' %}", d.nodes.join(", ")])
+    }
+    if (d.system_users.length > 0) {
+        data += makeLabel(["{% trans 'System user' %}", d.system_users.join(", ")])
+    }
+    if (d.actions.length > 0) {
+        data += makeLabel(["{% trans 'Action' %}", d.actions.join(", ")])
+    }
+    return data
+}
+
+function initTable() {
+    var options = {
+        ele: $('#permission_list_table'),
+        toggle: true,
+        columnDefs: [
+            {targets: 0, createdCell: function (td, cellData, rowData) {
+                $(td).addClass("toggle");
+                $(td).html("<i class='fa fa-angle-right'></i>");
+            }},
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                cellData = htmlEscape(cellData);
+                var detail_btn = '<a href="{% url "perms:asset-permission-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+            }},
+            {targets: 2, createdCell: function (td, cellData) {
+                var num = cellData.length;
+                $(td).html(num);
+            }},
+            {targets: 3, createdCell: function (td, cellData) {
+                var num = cellData.length;
+                $(td).html(num);
+            }},
+            {targets: 4, createdCell: function (td, cellData) {
+                var num = cellData.length;
+                $(td).html(num);
+            }},
+            {targets: 5, createdCell: function (td, cellData) {
+                var num = cellData.length;
+                $(td).html(num);
+            }},
+            {targets: 6, createdCell: function (td, cellData) {
+                var num = cellData.length;
+                $(td).html(num);
+            }},
+            {targets: 7, createdCell: function (td, cellData) {
+                if (!cellData) {
+					$(td).html('<i class="fa fa-times text-danger"></i>')
+				} else {
+					$(td).html('<i class="fa fa-check text-navy"></i>')
+				}
+            }},
+            {targets: 8, createdCell: function (td, cellData, rowData) {
+                var name = htmlEscape(rowData.name);
+                var update_btn = '<a href="{% url "perms:asset-permission-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del" data-uid="{{ DEFAULT_PK }}" mark=1 data-name="99991938">{% trans "Delete" %}</a>'
+                    .replace('{{ DEFAULT_PK }}', cellData)
+                    .replace('99991938', name);
+                if (rowData.inherit) {
+                    del_btn = del_btn.replace("mark", "disabled")
+                }
+				$(td).html(update_btn + del_btn);
+            }}
+        ],
+        ajax_url: '{% url "api-perms:asset-permission-list" %}?user_id={{ object.id }}',
+        columns: [
+            {data: "id"}, {data: "name"}, {data: "users", orderable: false},
+            {data: "user_groups", orderable: false}, {data: "assets", orderable: false},
+            {data: "nodes", orderable: false}, {data: "system_users", orderable: false},
+            {data: "is_valid", orderable: false}, {data: "id", orderable: false, width: "100px"}
+        ],
+        select: {},
+        op_html: $('#actions').html()
+    };
+    table = jumpserver.initServerSideDataTable(options);
+    return table
+}
+
+$(document).ready(function() {
+   initTable();
+   var filterMenu = [
+        {title: "{% trans 'Name' %}", value: "name"},
+        {title: "{% trans 'Validity' %}", value: "is_valid"},
+        {title: "{% trans 'IP' %}", value: "ip"},
+        {title: "{% trans 'Hostname' %}", value: "hostname"},
+        {title: "{% trans 'Node' %}", value: "node"},
+        {title: "{% trans 'System user' %}", value: "system_user"},
+        {title: "{% trans 'Inherit' %}", value: "all", submenu: [
+            {title: "{% trans 'Include' %}", value: "1"},
+            {title: "{% trans 'Exclude' %}", value: "0"},
+        ]},
+    ];
+    initTableFilterDropdown('#permission_list_table_filter input', filterMenu)
+})
+.on('click', '#is_active', function() {
+    var the_url = "{% url 'api-users:user-detail' pk=object.id %}";
+    var checked = $(this).prop('checked');
+    var body = {
+        'is_active': checked
+    };
+    var success = '{% trans "Update successfully!" %}';
+    requestApi({
+        url: the_url,
+        body: JSON.stringify(body),
+        success_message: success
+    });
+})
+.on('click', '.toggle', function (e) {
+    e.preventDefault();
+    var detailRows = [];
+    var tr = $(this).closest('tr');
+    var row = table.row(tr);
+    var idx = $.inArray(tr.attr('id'), detailRows);
+
+    if (row.child.isShown()) {
+        tr.removeClass('details');
+        $(this).children('i:first-child').removeClass('fa-angle-down').addClass('fa-angle-right');
+        row.child.hide();
+
+        // Remove from the 'open' array
+        detailRows.splice(idx, 1);
+    }
+    else {
+        tr.addClass('details');
+        $(this).children('i:first-child').removeClass('fa-angle-right').addClass('fa-angle-down');
+        row.child(format(row.data())).show();
+        // Add to the 'open' array
+        if ( idx === -1 ) {
+            detailRows.push(tr.attr('id'));
+        }
+    }
+})
+</script>
+{% endblock %}
diff --git a/apps/users/templates/users/user_detail.html b/apps/users/templates/users/user_detail.html
index 2a6ed62b1..246232279 100644
--- a/apps/users/templates/users/user_detail.html
+++ b/apps/users/templates/users/user_detail.html
@@ -3,9 +3,7 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
     <link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
 {% endblock %}
 {% block content %}
@@ -21,6 +19,9 @@
                             <li>
                                 <a href="{% url 'users:user-granted-asset' pk=user_object.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset granted' %}</a>
                             </li>
+                            <li>
+                                <a href="{% url 'users:user-asset-permission' pk=user_object.id %}" class="text-center"><i class="fa fa-edit"></i> {% trans 'Asset permission' %}</a>
+                            </li>
                             <li class="pull-right">
                                 <a class="btn btn-outline {% if can_update %} btn-default {% else %} disabled {% endif %}" href="{% url 'users:user-update' pk=user_object.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
                             </li>
diff --git a/apps/users/templates/users/user_granted_asset.html b/apps/users/templates/users/user_granted_asset.html
index 184537cd4..5e2c990e9 100644
--- a/apps/users/templates/users/user_granted_asset.html
+++ b/apps/users/templates/users/user_granted_asset.html
@@ -20,6 +20,9 @@
                             <li class="active">
                                 <a href="{% url 'users:user-granted-asset' pk=object.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset granted' %}</a>
                             </li>
+                            <li>
+                                <a href="{% url 'users:user-asset-permission' pk=object.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset permission' %}</a>
+                            </li>
                         </ul>
                     </div>
                     <div class="tab-content">
diff --git a/apps/users/templates/users/user_group_create_update.html b/apps/users/templates/users/user_group_create_update.html
index 25f027ad5..09030eca8 100644
--- a/apps/users/templates/users/user_group_create_update.html
+++ b/apps/users/templates/users/user_group_create_update.html
@@ -2,10 +2,6 @@
 {% load static %}
 {% load i18n %}
 {% load bootstrap3 %}
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
 
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
diff --git a/apps/users/templates/users/user_group_detail.html b/apps/users/templates/users/user_group_detail.html
index 8f5cccf29..22a74cbb9 100644
--- a/apps/users/templates/users/user_group_detail.html
+++ b/apps/users/templates/users/user_group_detail.html
@@ -3,13 +3,8 @@
 {% load i18n %}
 
 {% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
     <link href="{% static "css/plugins/sweetalert/sweetalert.css" %}" rel="stylesheet">
-    <link href="{% static "css/plugins/datatables/datatables.min.css" %}" rel="stylesheet">
-    <link href="{% static "css/plugins/awesome-bootstrap-checkbox/awesome-bootstrap-checkbox.css" %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
     <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
-    <script src="{% static "js/plugins/datatables/datatables.min.js" %}"></script>
 {% endblock %}
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
@@ -98,7 +93,7 @@
                                         <tr>
                                           <td ><b class="bdg_user" data-uid={{ user.id }}>{{ user.name }}</b></td>
                                           <td>
-                                              <button class="btn btn-danger pull-right btn-xs btn_remove_user" type="button"><i class="fa fa-minus"></i></button>
+                                              <button class="btn btn-danger pull-right btn-xs btn-remove-user" type="button"><i class="fa fa-minus"></i></button>
                                           </td>
                                         </tr>
                                         {% endfor %}
@@ -132,7 +127,7 @@ function updateGroupMember(users) {
             $('.user_edit tbody').append(
                 '<tr>' +
                 '<td><b class="bdg_user" data-uid="' + index + '">' + user_name + '</b></td>' +
-                '<td><button class="btn btn-danger btn-xs pull-right btn_remove_user" type="button"><i class="fa fa-minus"></i></button></td>' +
+                '<td><button class="btn btn-danger btn-xs pull-right btn-remove-user" type="button"><i class="fa fa-minus"></i></button></td>' +
                 '</tr>'
             )
         });
@@ -156,7 +151,7 @@ $(document).ready(function () {
             delete jumpserver.users_selected[data.id]
         });
     usersSelect2Init('#slct_users')
-}).on('click', '.btn_remove_user', function() {
+}).on('click', '.btn-remove-user', function() {
     var $this = $(this);
     var $tr = $this.closest('tr');
     var $badge = $tr.find('.bdg_user');
diff --git a/apps/users/urls/views_urls.py b/apps/users/urls/views_urls.py
index dbed09888..e7b18e2d3 100644
--- a/apps/users/urls/views_urls.py
+++ b/apps/users/urls/views_urls.py
@@ -35,6 +35,7 @@ urlpatterns = [
     path('user/update/', views.UserBulkUpdateView.as_view(), name='user-bulk-update'),
     path('user/<uuid:pk>/', views.UserDetailView.as_view(), name='user-detail'),
     path('user/<uuid:pk>/assets/', views.UserGrantedAssetView.as_view(), name='user-granted-asset'),
+    path('user/<uuid:pk>/asset-permissions/', views.UserAssetPermissionListView.as_view(), name='user-asset-permission'),
     path('user/<uuid:pk>/login-history/', views.UserDetailView.as_view(), name='user-login-history'),
 
     # User group view
diff --git a/apps/users/views/__init__.py b/apps/users/views/__init__.py
index b178ac710..17d4f4110 100644
--- a/apps/users/views/__init__.py
+++ b/apps/users/views/__init__.py
@@ -2,4 +2,5 @@
 
 from .login import *
 from .user import *
+from .profile import *
 from .group import *
diff --git a/apps/users/views/profile.py b/apps/users/views/profile.py
new file mode 100644
index 000000000..c78656cb4
--- /dev/null
+++ b/apps/users/views/profile.py
@@ -0,0 +1,272 @@
+# ~*~ coding: utf-8 ~*~
+
+from __future__ import unicode_literals
+
+
+from django.contrib.auth import authenticate
+from django.core.cache import cache
+from django.conf import settings
+from django.http import HttpResponse
+from django.shortcuts import redirect
+from django.urls import reverse_lazy, reverse
+from django.utils.translation import ugettext as _
+from django.views import View
+from django.views.generic.base import TemplateView
+from django.views.generic.edit import (
+    UpdateView, FormView
+)
+from django.contrib.auth import logout as auth_logout
+
+from common.utils import get_logger, ssh_key_gen
+from common.permissions import (
+    PermissionsMixin, IsValidUser,
+    UserCanUpdatePassword, UserCanUpdateSSHKey,
+)
+from .. import forms
+from ..models import User
+from ..utils import generate_otp_uri, check_otp_code, \
+    get_user_or_tmp_user, get_password_check_rules, check_password_rules
+
+__all__ = [
+    'UserProfileView',
+    'UserProfileUpdateView', 'UserPasswordUpdateView',
+    'UserPublicKeyUpdateView', 'UserPublicKeyGenerateView',
+    'UserOtpEnableAuthenticationView', 'UserOtpEnableInstallAppView',
+    'UserOtpEnableBindView', 'UserOtpSettingsSuccessView',
+    'UserOtpDisableAuthenticationView', 'UserOtpUpdateView',
+]
+
+logger = get_logger(__name__)
+
+
+class UserProfileView(PermissionsMixin, TemplateView):
+    template_name = 'users/user_profile.html'
+    permission_classes = [IsValidUser]
+
+    def get_context_data(self, **kwargs):
+        mfa_setting = settings.SECURITY_MFA_AUTH
+        context = {
+            'action': _('Profile'),
+            'mfa_setting': mfa_setting if mfa_setting is not None else False,
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class UserProfileUpdateView(PermissionsMixin, UpdateView):
+    template_name = 'users/user_profile_update.html'
+    model = User
+    permission_classes = [IsValidUser]
+    form_class = forms.UserProfileForm
+    success_url = reverse_lazy('users:user-profile')
+
+    def get_object(self, queryset=None):
+        return self.request.user
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('User'),
+            'action': _('Profile setting'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class UserPasswordUpdateView(PermissionsMixin, UpdateView):
+    template_name = 'users/user_password_update.html'
+    model = User
+    form_class = forms.UserPasswordForm
+    success_url = reverse_lazy('users:user-profile')
+    permission_classes = [IsValidUser, UserCanUpdatePassword]
+
+    def get_object(self, queryset=None):
+        return self.request.user
+
+    def get_context_data(self, **kwargs):
+        check_rules = get_password_check_rules()
+        context = {
+            'app': _('Users'),
+            'action': _('Password update'),
+            'password_check_rules': check_rules,
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+    def get_success_url(self):
+        auth_logout(self.request)
+        return super().get_success_url()
+
+    def form_valid(self, form):
+        password = form.cleaned_data.get('new_password')
+        is_ok = check_password_rules(password)
+        if not is_ok:
+            form.add_error(
+                "new_password",
+                _("* Your password does not meet the requirements")
+            )
+            return self.form_invalid(form)
+        return super().form_valid(form)
+
+
+class UserPublicKeyUpdateView(PermissionsMixin, UpdateView):
+    template_name = 'users/user_pubkey_update.html'
+    model = User
+    form_class = forms.UserPublicKeyForm
+    permission_classes = [IsValidUser, UserCanUpdateSSHKey]
+    success_url = reverse_lazy('users:user-profile')
+
+    def get_object(self, queryset=None):
+        return self.request.user
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Users'),
+            'action': _('Public key update'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class UserPublicKeyGenerateView(PermissionsMixin, View):
+    permission_classes = [IsValidUser]
+
+    def get(self, request, *args, **kwargs):
+        private, public = ssh_key_gen(username=request.user.username, hostname='jumpserver')
+        request.user.public_key = public
+        request.user.save()
+        response = HttpResponse(private, content_type='text/plain')
+        filename = "{0}-jumpserver.pem".format(request.user.username)
+        response['Content-Disposition'] = 'attachment; filename={}'.format(filename)
+        return response
+
+
+class UserOtpEnableAuthenticationView(FormView):
+    template_name = 'users/user_password_authentication.html'
+    form_class = forms.UserCheckPasswordForm
+
+    def get_form(self, form_class=None):
+        user = get_user_or_tmp_user(self.request)
+        form = super().get_form(form_class=form_class)
+        form['username'].initial = user.username
+        return form
+
+    def get_context_data(self, **kwargs):
+        user = get_user_or_tmp_user(self.request)
+        context = {
+            'user': user
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+    def form_valid(self, form):
+        user = get_user_or_tmp_user(self.request)
+        password = form.cleaned_data.get('password')
+        user = authenticate(username=user.username, password=password)
+        if not user:
+            form.add_error("password", _("Password invalid"))
+            return self.form_invalid(form)
+        return redirect(self.get_success_url())
+
+    def get_success_url(self):
+        return reverse('users:user-otp-enable-install-app')
+
+
+class UserOtpEnableInstallAppView(TemplateView):
+    template_name = 'users/user_otp_enable_install_app.html'
+
+    def get_context_data(self, **kwargs):
+        user = get_user_or_tmp_user(self.request)
+        context = {
+            'user': user
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class UserOtpEnableBindView(TemplateView, FormView):
+    template_name = 'users/user_otp_enable_bind.html'
+    form_class = forms.UserCheckOtpCodeForm
+    success_url = reverse_lazy('users:user-otp-settings-success')
+
+    def get_context_data(self, **kwargs):
+        user = get_user_or_tmp_user(self.request)
+        otp_uri, otp_secret_key = generate_otp_uri(self.request)
+        context = {
+            'otp_uri': otp_uri,
+            'otp_secret_key': otp_secret_key,
+            'user': user
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+    def form_valid(self, form):
+        otp_code = form.cleaned_data.get('otp_code')
+        otp_secret_key = cache.get(self.request.session.session_key+'otp_key', '')
+
+        if check_otp_code(otp_secret_key, otp_code):
+            self.save_otp(otp_secret_key)
+            return super().form_valid(form)
+
+        else:
+            form.add_error("otp_code", _("MFA code invalid, or ntp sync server time"))
+            return self.form_invalid(form)
+
+    def save_otp(self, otp_secret_key):
+        user = get_user_or_tmp_user(self.request)
+        user.enable_otp()
+        user.otp_secret_key = otp_secret_key
+        user.save()
+
+
+class UserOtpDisableAuthenticationView(FormView):
+    template_name = 'users/user_otp_authentication.html'
+    form_class = forms.UserCheckOtpCodeForm
+    success_url = reverse_lazy('users:user-otp-settings-success')
+
+    def form_valid(self, form):
+        user = self.request.user
+        otp_code = form.cleaned_data.get('otp_code')
+        otp_secret_key = user.otp_secret_key
+
+        if check_otp_code(otp_secret_key, otp_code):
+            user.disable_otp()
+            user.save()
+            return super().form_valid(form)
+        else:
+            form.add_error('otp_code', _('MFA code invalid, or ntp sync server time'))
+            return super().form_invalid(form)
+
+
+class UserOtpUpdateView(UserOtpDisableAuthenticationView):
+    success_url = reverse_lazy('users:user-otp-enable-bind')
+
+
+class UserOtpSettingsSuccessView(TemplateView):
+    template_name = 'flash_message_standalone.html'
+
+    # def get(self, request, *args, **kwargs):
+    #     return super().get(request, *args, **kwargs)
+
+    def get_context_data(self, **kwargs):
+        title, describe = self.get_title_describe()
+        context = {
+            'title': title,
+            'messages': describe,
+            'interval': 1,
+            'redirect_url': reverse('authentication:login'),
+            'auto_redirect': True,
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+    def get_title_describe(self):
+        user = get_user_or_tmp_user(self.request)
+        if self.request.user.is_authenticated:
+            auth_logout(self.request)
+        title = _('MFA enable success')
+        describe = _('MFA enable success, return login page')
+        if not user.otp_enabled:
+            title = _('MFA disable success')
+            describe = _('MFA disable success, return login page')
+
+        return title, describe
diff --git a/apps/users/views/user.py b/apps/users/views/user.py
index 6063c55e9..f1230d464 100644
--- a/apps/users/views/user.py
+++ b/apps/users/views/user.py
@@ -4,48 +4,35 @@ from __future__ import unicode_literals
 
 
 from django.contrib import messages
-from django.contrib.auth import authenticate
 from django.contrib.messages.views import SuccessMessageMixin
 from django.core.cache import cache
-from django.conf import settings
-from django.http import HttpResponse
 from django.shortcuts import redirect
-from django.urls import reverse_lazy, reverse
+from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
-from django.views import View
 from django.views.generic.base import TemplateView
 from django.views.generic.edit import (
-    CreateView, UpdateView, FormView
+    CreateView, UpdateView
 )
 from django.views.generic.detail import DetailView
-from django.contrib.auth import logout as auth_logout
 
 from common.const import (
     create_success_msg, update_success_msg, KEY_CACHE_RESOURCES_ID
 )
-from common.utils import get_logger, ssh_key_gen
+from common.utils import get_logger
 from common.permissions import (
-    PermissionsMixin, IsOrgAdmin, IsValidUser,
-    UserCanUpdatePassword, UserCanUpdateSSHKey,
+    PermissionsMixin, IsOrgAdmin,
     CanUpdateDeleteUser,
 )
 from orgs.utils import current_org
 from .. import forms
 from ..models import User, UserGroup
-from ..utils import generate_otp_uri, check_otp_code, \
-    get_user_or_tmp_user, get_password_check_rules, check_password_rules, \
-    is_need_unblock
+from ..utils import get_password_check_rules, is_need_unblock
 from ..signals import post_user_create
 
 __all__ = [
     'UserListView', 'UserCreateView', 'UserDetailView',
-    'UserUpdateView', 'UserGrantedAssetView', 'UserProfileView',
-    'UserProfileUpdateView', 'UserPasswordUpdateView',
-    'UserPublicKeyUpdateView', 'UserBulkUpdateView',
-    'UserPublicKeyGenerateView',
-    'UserOtpEnableAuthenticationView', 'UserOtpEnableInstallAppView',
-    'UserOtpEnableBindView', 'UserOtpSettingsSuccessView',
-    'UserOtpDisableAuthenticationView', 'UserOtpUpdateView'
+    'UserUpdateView', 'UserGrantedAssetView',
+    'UserBulkUpdateView', 'UserAssetPermissionListView',
 ]
 
 logger = get_logger(__name__)
@@ -221,239 +208,15 @@ class UserGrantedAssetView(PermissionsMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class UserProfileView(PermissionsMixin, TemplateView):
-    template_name = 'users/user_profile.html'
-    permission_classes = [IsValidUser]
-
-    def get_context_data(self, **kwargs):
-        mfa_setting = settings.SECURITY_MFA_AUTH
-        context = {
-            'action': _('Profile'),
-            'mfa_setting': mfa_setting if mfa_setting is not None else False,
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-
-class UserProfileUpdateView(PermissionsMixin, UpdateView):
-    template_name = 'users/user_profile_update.html'
+class UserAssetPermissionListView(PermissionsMixin, DetailView):
     model = User
-    permission_classes = [IsValidUser]
-    form_class = forms.UserProfileForm
-    success_url = reverse_lazy('users:user-profile')
-
-    def get_object(self, queryset=None):
-        return self.request.user
-
-    def get_context_data(self, **kwargs):
-        context = {
-            'app': _('User'),
-            'action': _('Profile setting'),
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-
-class UserPasswordUpdateView(PermissionsMixin, UpdateView):
-    template_name = 'users/user_password_update.html'
-    model = User
-    form_class = forms.UserPasswordForm
-    success_url = reverse_lazy('users:user-profile')
-    permission_classes = [IsValidUser, UserCanUpdatePassword]
-
-    def get_object(self, queryset=None):
-        return self.request.user
-
-    def get_context_data(self, **kwargs):
-        check_rules = get_password_check_rules()
-        context = {
-            'app': _('Users'),
-            'action': _('Password update'),
-            'password_check_rules': check_rules,
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-    def get_success_url(self):
-        auth_logout(self.request)
-        return super().get_success_url()
-
-    def form_valid(self, form):
-        password = form.cleaned_data.get('new_password')
-        is_ok = check_password_rules(password)
-        if not is_ok:
-            form.add_error(
-                "new_password",
-                _("* Your password does not meet the requirements")
-            )
-            return self.form_invalid(form)
-        return super().form_valid(form)
-
-
-class UserPublicKeyUpdateView(PermissionsMixin, UpdateView):
-    template_name = 'users/user_pubkey_update.html'
-    model = User
-    form_class = forms.UserPublicKeyForm
-    permission_classes = [IsValidUser, UserCanUpdateSSHKey]
-    success_url = reverse_lazy('users:user-profile')
-
-    def get_object(self, queryset=None):
-        return self.request.user
+    template_name = 'users/user_asset_permission.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
             'app': _('Users'),
-            'action': _('Public key update'),
+            'action': _('Asset permission'),
         }
         kwargs.update(context)
         return super().get_context_data(**kwargs)
-
-
-class UserPublicKeyGenerateView(PermissionsMixin, View):
-    permission_classes = [IsValidUser]
-
-    def get(self, request, *args, **kwargs):
-        private, public = ssh_key_gen(username=request.user.username, hostname='jumpserver')
-        request.user.public_key = public
-        request.user.save()
-        response = HttpResponse(private, content_type='text/plain')
-        filename = "{0}-jumpserver.pem".format(request.user.username)
-        response['Content-Disposition'] = 'attachment; filename={}'.format(filename)
-        return response
-
-
-class UserOtpEnableAuthenticationView(FormView):
-    template_name = 'users/user_password_authentication.html'
-    form_class = forms.UserCheckPasswordForm
-
-    def get_form(self, form_class=None):
-        user = get_user_or_tmp_user(self.request)
-        form = super().get_form(form_class=form_class)
-        form['username'].initial = user.username
-        return form
-
-    def get_context_data(self, **kwargs):
-        user = get_user_or_tmp_user(self.request)
-        context = {
-            'user': user
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-    def form_valid(self, form):
-        user = get_user_or_tmp_user(self.request)
-        password = form.cleaned_data.get('password')
-        user = authenticate(username=user.username, password=password)
-        if not user:
-            form.add_error("password", _("Password invalid"))
-            return self.form_invalid(form)
-        if user.mfa_is_otp():
-            return redirect(self.get_success_url())
-        else:
-            user.enable_mfa()
-            user.save()
-            return redirect('users:user-otp-settings-success')
-
-    def get_success_url(self):
-        return reverse('users:user-otp-enable-install-app')
-
-
-class UserOtpEnableInstallAppView(TemplateView):
-    template_name = 'users/user_otp_enable_install_app.html'
-
-    def get_context_data(self, **kwargs):
-        user = get_user_or_tmp_user(self.request)
-        context = {
-            'user': user
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-
-class UserOtpEnableBindView(TemplateView, FormView):
-    template_name = 'users/user_otp_enable_bind.html'
-    form_class = forms.UserCheckOtpCodeForm
-    success_url = reverse_lazy('users:user-otp-settings-success')
-
-    def get_context_data(self, **kwargs):
-        user = get_user_or_tmp_user(self.request)
-        otp_uri, otp_secret_key = generate_otp_uri(self.request)
-        context = {
-            'otp_uri': otp_uri,
-            'otp_secret_key': otp_secret_key,
-            'user': user
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-    def form_valid(self, form):
-        otp_code = form.cleaned_data.get('otp_code')
-        otp_secret_key = cache.get(self.request.session.session_key+'otp_key', '')
-
-        if check_otp_code(otp_secret_key, otp_code):
-            self.save_otp(otp_secret_key)
-            return super().form_valid(form)
-
-        else:
-            form.add_error("otp_code", _("MFA code invalid, or ntp sync server time"))
-            return self.form_invalid(form)
-
-    def save_otp(self, otp_secret_key):
-        user = get_user_or_tmp_user(self.request)
-        user.enable_mfa()
-        user.otp_secret_key = otp_secret_key
-        user.save()
-
-
-class UserOtpDisableAuthenticationView(FormView):
-    template_name = 'users/user_otp_authentication.html'
-    form_class = forms.UserCheckOtpCodeForm
-    success_url = reverse_lazy('users:user-otp-settings-success')
-
-    def form_valid(self, form):
-        user = self.request.user
-        otp_code = form.cleaned_data.get('otp_code')
-        otp_secret_key = user.otp_secret_key
-
-        if check_otp_code(otp_secret_key, otp_code):
-            user.disable_mfa()
-            user.save()
-            return super().form_valid(form)
-        else:
-            form.add_error('otp_code', _('MFA code invalid, or ntp sync server time'))
-            return super().form_invalid(form)
-
-
-class UserOtpUpdateView(UserOtpDisableAuthenticationView):
-    success_url = reverse_lazy('users:user-otp-enable-bind')
-
-
-class UserOtpSettingsSuccessView(TemplateView):
-    template_name = 'flash_message_standalone.html'
-
-    # def get(self, request, *args, **kwargs):
-    #     return super().get(request, *args, **kwargs)
-
-    def get_context_data(self, **kwargs):
-        title, describe = self.get_title_describe()
-        context = {
-            'title': title,
-            'messages': describe,
-            'interval': 1,
-            'redirect_url': reverse('authentication:login'),
-            'auto_redirect': True,
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-    def get_title_describe(self):
-        user = get_user_or_tmp_user(self.request)
-        if self.request.user.is_authenticated:
-            auth_logout(self.request)
-        title = _('MFA enable success')
-        describe = _('MFA enable success, return login page')
-        if not user.mfa_enabled:
-            title = _('MFA disable success')
-            describe = _('MFA disable success, return login page')
-
-        return title, describe
diff --git a/jms b/jms
index 7d0c3d334..a57f40eab 100755
--- a/jms
+++ b/jms
@@ -19,28 +19,23 @@ from daemon import pidfile
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 sys.path.insert(0, BASE_DIR)
 
+logging.basicConfig(level=logging.DEBUG)
+
 try:
     from apps.jumpserver import const
     __version__ = const.VERSION
 except ImportError as e:
-    logging.info("Not found __version__: {}".format(e))
-    logging.info("Sys path: {}".format(sys.path))
-    logging.info("Python is: ")
+    print("Not found __version__: {}".format(e))
+    print("Python is: ")
     logging.info(subprocess.call('which python', shell=True))
     __version__ = 'Unknown'
-    try:
-        import apps
-        logging.info("List apps: {}".format(os.listdir('apps')))
-        logging.info('apps is: {}'.format(apps))
-    except:
-        pass
+    sys.exit(1)
 
 try:
-    from apps.jumpserver.conf import load_user_config
-    CONFIG = load_user_config()
+    from apps.jumpserver.const import CONFIG
 except ImportError as e:
-    logging.info("Import error: {}".format(e))
-    logging.info("Could not find config file, `cp config_example.yml config.yml`")
+    print("Import error: {}".format(e))
+    print("Could not find config file, `cp config_example.yml config.yml`")
     sys.exit(1)
 
 os.environ["PYTHONIOENCODING"] = "UTF-8"
@@ -445,7 +440,10 @@ def stop_service(srv, sig=15):
         if process is None:
             print("\033[31m No process found\033[0m")
             continue
-        process.wait(1)
+        try:
+            process.wait(1)
+        except:
+            pass
         for i in range(STOP_TIMEOUT):
             if i == STOP_TIMEOUT - 1:
                 print("\033[31m Error\033[0m")