From a609f1707834aee935096bdb8802acc2cd857bee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= <ibuler@qq.com>
Date: Tue, 18 Dec 2018 17:28:45 +0800
Subject: [PATCH] [Update] Stash it (#2197)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Update] Stash it

* [Bugfix] 修复错误

* [Update] 修改jms
---
 apps/assets/api/admin_user.py                 |  25 +-
 apps/assets/api/asset.py                      |   6 +-
 apps/assets/api/node.py                       |   4 +-
 apps/assets/api/system_user.py                |  15 +-
 apps/assets/forms/user.py                     |   6 +-
 apps/assets/models/asset.py                   | 107 +++----
 apps/assets/models/base.py                    |   7 +
 apps/assets/models/user.py                    |  99 ++++--
 apps/assets/serializers/asset.py              |  10 +-
 apps/assets/serializers/system_user.py        |  15 +-
 apps/assets/signals_handler.py                |   6 +-
 apps/assets/tasks.py                          | 289 +++++++-----------
 .../templates/assets/admin_user_assets.html   |  47 ++-
 .../templates/assets/system_user_asset.html   |  10 +-
 .../templates/assets/system_user_list.html    |   2 +-
 apps/assets/urls/api_urls.py                  |  14 +-
 apps/assets/views/admin_user.py               |   2 +-
 apps/jumpserver/conf.py                       |   3 +-
 apps/locale/zh/LC_MESSAGES/django.mo          | Bin 60196 -> 60280 bytes
 apps/locale/zh/LC_MESSAGES/django.po          |  18 +-
 apps/ops/api/adhoc.py                         |   4 +-
 apps/ops/views/adhoc.py                       |   2 +-
 apps/users/api/user.py                        |   3 +
 23 files changed, 361 insertions(+), 333 deletions(-)

diff --git a/apps/assets/api/admin_user.py b/apps/assets/api/admin_user.py
index 8d30ee9d9..263d669fd 100644
--- a/apps/assets/api/admin_user.py
+++ b/apps/assets/api/admin_user.py
@@ -14,6 +14,7 @@
 # limitations under the License.
 
 from django.db import transaction
+from django.shortcuts import get_object_or_404
 from rest_framework import generics
 from rest_framework.response import Response
 from rest_framework_bulk import BulkModelViewSet
@@ -24,13 +25,14 @@ from common.utils import get_logger
 from ..hands import IsOrgAdmin
 from ..models import AdminUser, Asset
 from .. import serializers
-from ..tasks import test_admin_user_connectability_manual
+from ..tasks import test_admin_user_connectivity_manual
 
 
 logger = get_logger(__file__)
 __all__ = [
     'AdminUserViewSet', 'ReplaceNodesAdminUserApi',
     'AdminUserTestConnectiveApi', 'AdminUserAuthApi',
+    'AdminUserAssetsListView',
 ]
 
 
@@ -81,12 +83,29 @@ class ReplaceNodesAdminUserApi(generics.UpdateAPIView):
 
 class AdminUserTestConnectiveApi(generics.RetrieveAPIView):
     """
-    Test asset admin user connectivity
+    Test asset admin user assets_connectivity
     """
     queryset = AdminUser.objects.all()
     permission_classes = (IsOrgAdmin,)
 
     def retrieve(self, request, *args, **kwargs):
         admin_user = self.get_object()
-        task = test_admin_user_connectability_manual.delay(admin_user)
+        task = test_admin_user_connectivity_manual.delay(admin_user)
         return Response({"task": task.id})
+
+
+class AdminUserAssetsListView(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.AssetSimpleSerializer
+    pagination_class = LimitOffsetPagination
+    filter_fields = ("hostname", "ip")
+    http_method_names = ['get']
+    search_fields = filter_fields
+
+    def get_object(self):
+        pk = self.kwargs.get('pk')
+        return get_object_or_404(AdminUser, pk=pk)
+
+    def get_queryset(self):
+        admin_user = self.get_object()
+        return admin_user.get_related_assets()
diff --git a/apps/assets/api/asset.py b/apps/assets/api/asset.py
index 986829def..cd343b2a5 100644
--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@@ -17,7 +17,7 @@ from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
 from ..models import Asset, AdminUser, Node
 from .. import serializers
 from ..tasks import update_asset_hardware_info_manual, \
-    test_asset_connectability_manual
+    test_asset_connectivity_manual
 from ..utils import LabelFilter
 
 
@@ -109,7 +109,7 @@ class AssetRefreshHardwareApi(generics.RetrieveAPIView):
 
 class AssetAdminUserTestApi(generics.RetrieveAPIView):
     """
-    Test asset admin user connectivity
+    Test asset admin user assets_connectivity
     """
     queryset = Asset.objects.all()
     permission_classes = (IsOrgAdmin,)
@@ -117,7 +117,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView):
     def retrieve(self, request, *args, **kwargs):
         asset_id = kwargs.get('pk')
         asset = get_object_or_404(Asset, pk=asset_id)
-        task = test_asset_connectability_manual.delay(asset)
+        task = test_asset_connectivity_manual.delay(asset)
         return Response({"task": task.id})
 
 
diff --git a/apps/assets/api/node.py b/apps/assets/api/node.py
index 84ba4c69f..4295b2618 100644
--- a/apps/assets/api/node.py
+++ b/apps/assets/api/node.py
@@ -24,7 +24,7 @@ from common.utils import get_logger, get_object_or_none
 from common.tree import TreeNodeSerializer
 from ..hands import IsOrgAdmin
 from ..models import Node
-from ..tasks import update_assets_hardware_info_util, test_asset_connectability_util
+from ..tasks import update_assets_hardware_info_util, test_asset_connectivity_util
 from .. import serializers
 
 
@@ -273,5 +273,5 @@ class TestNodeConnectiveApi(APIView):
         assets = node.assets.all()
         # task_name = _("测试节点下资产是否可连接: {}".format(node.name))
         task_name = _("Test if the assets under the node are connectable: {}".format(node.name))
-        task = test_asset_connectability_util.delay(assets, task_name=task_name)
+        task = test_asset_connectivity_util.delay(assets, task_name=task_name)
         return Response({"task": task.id})
diff --git a/apps/assets/api/system_user.py b/apps/assets/api/system_user.py
index 3c1d0b3bd..e66e4bfc9 100644
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -24,8 +24,8 @@ from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
 from ..models import SystemUser, Asset
 from .. import serializers
 from ..tasks import push_system_user_to_assets_manual, \
-    test_system_user_connectability_manual, push_system_user_a_asset_manual, \
-    test_system_user_connectability_a_asset
+    test_system_user_connectivity_manual, push_system_user_a_asset_manual, \
+    test_system_user_connectivity_a_asset
 
 
 logger = get_logger(__file__)
@@ -33,7 +33,7 @@ __all__ = [
     'SystemUserViewSet', 'SystemUserAuthInfoApi',
     'SystemUserPushApi', 'SystemUserTestConnectiveApi',
     'SystemUserAssetsListView', 'SystemUserPushToAssetApi',
-    'SystemUserTestAssetConnectabilityApi', 'SystemUserCommandFilterRuleListApi',
+    'SystemUserTestAssetConnectivityApi', 'SystemUserCommandFilterRuleListApi',
 
 ]
 
@@ -93,15 +93,16 @@ class SystemUserTestConnectiveApi(generics.RetrieveAPIView):
 
     def retrieve(self, request, *args, **kwargs):
         system_user = self.get_object()
-        task = test_system_user_connectability_manual.delay(system_user)
+        task = test_system_user_connectivity_manual.delay(system_user)
         return Response({"task": task.id})
 
 
 class SystemUserAssetsListView(generics.ListAPIView):
     permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.AssetSerializer
+    serializer_class = serializers.AssetSimpleSerializer
     pagination_class = LimitOffsetPagination
     filter_fields = ("hostname", "ip")
+    http_method_names = ['get']
     search_fields = filter_fields
 
     def get_object(self):
@@ -125,7 +126,7 @@ class SystemUserPushToAssetApi(generics.RetrieveAPIView):
         return Response({"task": task.id})
 
 
-class SystemUserTestAssetConnectabilityApi(generics.RetrieveAPIView):
+class SystemUserTestAssetConnectivityApi(generics.RetrieveAPIView):
     queryset = SystemUser.objects.all()
     permission_classes = (IsOrgAdmin,)
 
@@ -133,7 +134,7 @@ class SystemUserTestAssetConnectabilityApi(generics.RetrieveAPIView):
         system_user = self.get_object()
         asset_id = self.kwargs.get('aid')
         asset = get_object_or_404(Asset, id=asset_id)
-        task = test_system_user_connectability_a_asset.delay(system_user, asset)
+        task = test_system_user_connectivity_a_asset.delay(system_user, asset)
         return Response({"task": task.id})
 
 
diff --git a/apps/assets/forms/user.py b/apps/assets/forms/user.py
index f5c62a4ff..70fcdafad 100644
--- a/apps/assets/forms/user.py
+++ b/apps/assets/forms/user.py
@@ -99,8 +99,8 @@ class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
         auto_generate_key = self.cleaned_data.get('auto_generate_key', False)
         private_key, public_key = super().gen_keys()
 
-        if login_mode == SystemUser.MANUAL_LOGIN or \
-                protocol in [SystemUser.RDP_PROTOCOL, SystemUser.TELNET_PROTOCOL]:
+        if login_mode == SystemUser.LOGIN_MANUAL or \
+                protocol in [SystemUser.PROTOCOL_RDP, SystemUser.PROTOCOL_TELNET]:
             system_user.auto_push = 0
             auto_generate_key = False
             system_user.save()
@@ -124,7 +124,7 @@ class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
         validated = super().is_valid()
         username = self.cleaned_data.get('username')
         login_mode = self.cleaned_data.get('login_mode')
-        if login_mode == SystemUser.AUTO_LOGIN and not username:
+        if login_mode == SystemUser.LOGIN_AUTO and not username:
             self.add_error(
                 "username", _('* Automatic login mode,'
                               ' must fill in the username.')
diff --git a/apps/assets/models/asset.py b/apps/assets/models/asset.py
index 06fb29a51..ccff0fff5 100644
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@@ -13,7 +13,6 @@ from django.db.models import Q
 from django.utils.translation import ugettext_lazy as _
 from django.core.cache import cache
 
-from ..const import ASSET_ADMIN_CONN_CACHE_KEY
 from .user import AdminUser, SystemUser
 from orgs.mixins import OrgModelMixin, OrgManager
 
@@ -75,63 +74,48 @@ class Asset(OrgModelMixin):
     protocol = models.CharField(max_length=128, default=SSH_PROTOCOL, choices=PROTOCOL_CHOICES, verbose_name=_('Protocol'))
     port = models.IntegerField(default=22, verbose_name=_('Port'))
     platform = models.CharField(max_length=128, choices=PLATFORM_CHOICES, default='Linux', verbose_name=_('Platform'))
-    domain = models.ForeignKey("assets.Domain", null=True, blank=True,
-                               related_name='assets', verbose_name=_("Domain"),
-                               on_delete=models.SET_NULL)
-    nodes = models.ManyToManyField('assets.Node', default=default_node,
-                                   related_name='assets',
-                                   verbose_name=_("Nodes"))
+    domain = models.ForeignKey("assets.Domain", null=True, blank=True, related_name='assets', verbose_name=_("Domain"), on_delete=models.SET_NULL)
+    nodes = models.ManyToManyField('assets.Node', default=default_node, related_name='assets', verbose_name=_("Nodes"))
     is_active = models.BooleanField(default=True, verbose_name=_('Is active'))
 
     # Auth
-    admin_user = models.ForeignKey('assets.AdminUser', on_delete=models.PROTECT,
-                                   null=True, verbose_name=_("Admin user"))
+    admin_user = models.ForeignKey('assets.AdminUser', on_delete=models.PROTECT, null=True, verbose_name=_("Admin user"))
 
     # Some information
     public_ip = models.GenericIPAddressField(max_length=32, blank=True, null=True, verbose_name=_('Public IP'))
     number = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Asset number'))
 
     # Collect
-    vendor = models.CharField(max_length=64, null=True, blank=True,
-                              verbose_name=_('Vendor'))
-    model = models.CharField(max_length=54, null=True, blank=True,
-                             verbose_name=_('Model'))
-    sn = models.CharField(max_length=128, null=True, blank=True,
-                          verbose_name=_('Serial number'))
+    vendor = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Vendor'))
+    model = models.CharField(max_length=54, null=True, blank=True, verbose_name=_('Model'))
+    sn = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('Serial number'))
 
-    cpu_model = models.CharField(max_length=64, null=True, blank=True,
-                                 verbose_name=_('CPU model'))
+    cpu_model = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('CPU model'))
     cpu_count = models.IntegerField(null=True, verbose_name=_('CPU count'))
     cpu_cores = models.IntegerField(null=True, verbose_name=_('CPU cores'))
     cpu_vcpus = models.IntegerField(null=True, verbose_name=_('CPU vcpus'))
-    memory = models.CharField(max_length=64, null=True, blank=True,
-                              verbose_name=_('Memory'))
-    disk_total = models.CharField(max_length=1024, null=True, blank=True,
-                                  verbose_name=_('Disk total'))
-    disk_info = models.CharField(max_length=1024, null=True, blank=True,
-                                 verbose_name=_('Disk info'))
+    memory = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Memory'))
+    disk_total = models.CharField(max_length=1024, null=True, blank=True, verbose_name=_('Disk total'))
+    disk_info = models.CharField(max_length=1024, null=True, blank=True, verbose_name=_('Disk info'))
 
-    os = models.CharField(max_length=128, null=True, blank=True,
-                          verbose_name=_('OS'))
-    os_version = models.CharField(max_length=16, null=True, blank=True,
-                                  verbose_name=_('OS version'))
-    os_arch = models.CharField(max_length=16, blank=True, null=True,
-                               verbose_name=_('OS arch'))
-    hostname_raw = models.CharField(max_length=128, blank=True, null=True,
-                                    verbose_name=_('Hostname raw'))
+    os = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('OS'))
+    os_version = models.CharField(max_length=16, null=True, blank=True, verbose_name=_('OS version'))
+    os_arch = models.CharField(max_length=16, blank=True, null=True, verbose_name=_('OS arch'))
+    hostname_raw = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Hostname raw'))
 
-    labels = models.ManyToManyField('assets.Label', blank=True,
-                                    related_name='assets',
-                                    verbose_name=_("Labels"))
-    created_by = models.CharField(max_length=32, null=True, blank=True,
-                                  verbose_name=_('Created by'))
-    date_created = models.DateTimeField(auto_now_add=True, null=True,
-                                        blank=True,
-                                        verbose_name=_('Date created'))
-    comment = models.TextField(max_length=128, default='', blank=True,
-                               verbose_name=_('Comment'))
+    labels = models.ManyToManyField('assets.Label', blank=True, related_name='assets', verbose_name=_("Labels"))
+    created_by = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Created by'))
+    date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
+    comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
 
     objects = OrgManager.from_queryset(AssetQuerySet)()
+    CONNECTIVITY_CACHE_KEY = '_JMS_ASSET_CONNECTIVITY_{}'
+    UNREACHABLE, REACHABLE, UNKNOWN = range(0, 3)
+    CONNECTIVITY_CHOICES = (
+        (UNREACHABLE, _("Unreachable")),
+        (REACHABLE, _('Reachable')),
+        (UNKNOWN, _("Unknown")),
+    )
 
     def __str__(self):
         return '{0.hostname}({0.ip})'.format(self)
@@ -197,25 +181,17 @@ class Asset(OrgModelMixin):
             return ''
 
     @property
-    def is_connective(self):
+    def connectivity(self):
         if not self.is_unixlike():
-            return True
-        val = cache.get(ASSET_ADMIN_CONN_CACHE_KEY.format(self.hostname))
-        if val == 1:
-            return True
-        else:
-            return False
+            return self.UNKNOWN
+        key = self.CONNECTIVITY_CACHE_KEY.format(str(self.id))
+        cached = cache.get(key, None)
+        return cached if cached is not None else self.UNKNOWN
 
-    def to_json(self):
-        info = {
-            'id': self.id,
-            'hostname': self.hostname,
-            'ip': self.ip,
-            'port': self.port,
-        }
-        if self.domain and self.domain.gateway_set.all():
-            info["gateways"] = [d.id for d in self.domain.gateway_set.all()]
-        return info
+    @connectivity.setter
+    def connectivity(self, value):
+        key = self.CONNECTIVITY_CACHE_KEY.format(str(self.id))
+        cache.set(key, value, 3600*2)
 
     def get_auth_info(self):
         if self.admin_user:
@@ -236,11 +212,20 @@ class Asset(OrgModelMixin):
         fake_node.is_node = False
         return fake_node
 
+    def to_json(self):
+        info = {
+            'id': self.id,
+            'hostname': self.hostname,
+            'ip': self.ip,
+            'port': self.port,
+        }
+        if self.domain and self.domain.gateway_set.all():
+            info["gateways"] = [d.id for d in self.domain.gateway_set.all()]
+        return info
+
     def _to_secret_json(self):
         """
-        Ansible use it create inventory, First using asset user,
-        otherwise using cluster admin user
-
+        Ansible use it create inventory
         Todo: May be move to ops implements it
         """
         data = self.to_json()
diff --git a/apps/assets/models/base.py b/apps/assets/models/base.py
index af59f000c..37e099e99 100644
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -29,6 +29,13 @@ class AssetUser(OrgModelMixin):
     date_updated = models.DateTimeField(auto_now=True)
     created_by = models.CharField(max_length=128, null=True, verbose_name=_('Created by'))
 
+    UNREACHABLE, REACHABLE, UNKNOWN = range(0, 3)
+    CONNECTIVITY_CHOICES = (
+        (UNREACHABLE, _("Unreachable")),
+        (REACHABLE, _('Reachable')),
+        (UNKNOWN, _("Unknown")),
+    )
+
     @property
     def password(self):
         if self._password:
diff --git a/apps/assets/models/user.py b/apps/assets/models/user.py
index f5c8e17a1..147687471 100644
--- a/apps/assets/models/user.py
+++ b/apps/assets/models/user.py
@@ -14,7 +14,7 @@ from ..const import SYSTEM_USER_CONN_CACHE_KEY
 from .base import AssetUser
 
 
-__all__ = ['AdminUser', 'SystemUser',]
+__all__ = ['AdminUser', 'SystemUser']
 logger = logging.getLogger(__name__)
 signer = get_signer()
 
@@ -31,6 +31,7 @@ class AdminUser(AssetUser):
     become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4)
     become_user = models.CharField(default='root', max_length=64)
     _become_pass = models.CharField(default='', max_length=128)
+    CONNECTIVE_CACHE_KEY = '_JMS_ADMIN_USER_CONNECTIVE_{}'
 
     def __str__(self):
         return self.name
@@ -67,6 +68,23 @@ class AdminUser(AssetUser):
     def assets_amount(self):
         return self.get_related_assets().count()
 
+    @property
+    def connectivity(self):
+        from .asset import Asset
+        assets = self.get_related_assets().values_list('id', 'hostname', flat=True)
+        data = {
+            'unreachable': [],
+            'reachable': [],
+        }
+        for asset_id, hostname in assets:
+            key = Asset.CONNECTIVITY_CACHE_KEY.format(str(self.id))
+            value = cache.get(key, Asset.UNKNOWN)
+            if value == Asset.REACHABLE:
+                data['reachable'].append(hostname)
+            elif value == Asset.UNREACHABLE:
+                data['unreachable'].append(hostname)
+        return data
+
     class Meta:
         ordering = ['name']
         unique_together = [('name', 'org_id')]
@@ -94,34 +112,34 @@ class AdminUser(AssetUser):
 
 
 class SystemUser(AssetUser):
-    SSH_PROTOCOL = 'ssh'
-    RDP_PROTOCOL = 'rdp'
-    TELNET_PROTOCOL = 'telnet'
+    PROTOCOL_SSH = 'ssh'
+    PROTOCOL_RDP = 'rdp'
+    PROTOCOL_TELNET = 'telnet'
     PROTOCOL_CHOICES = (
-        (SSH_PROTOCOL, 'ssh'),
-        (RDP_PROTOCOL, 'rdp'),
-        (TELNET_PROTOCOL, 'telnet (beta)'),
+        (PROTOCOL_SSH, 'ssh'),
+        (PROTOCOL_RDP, 'rdp'),
+        (PROTOCOL_TELNET, 'telnet (beta)'),
     )
 
-    AUTO_LOGIN = 'auto'
-    MANUAL_LOGIN = 'manual'
+    LOGIN_AUTO = 'auto'
+    LOGIN_MANUAL = 'manual'
     LOGIN_MODE_CHOICES = (
-        (AUTO_LOGIN, _('Automatic login')),
-        (MANUAL_LOGIN, _('Manually login'))
+        (LOGIN_AUTO, _('Automatic login')),
+        (LOGIN_MANUAL, _('Manually login'))
     )
 
     nodes = models.ManyToManyField('assets.Node', blank=True, verbose_name=_("Nodes"))
     assets = models.ManyToManyField('assets.Asset', blank=True, verbose_name=_("Assets"))
-    priority = models.IntegerField(default=20, verbose_name=_("Priority"),
-                                   validators=[MinValueValidator(1), MaxValueValidator(100)])
+    priority = models.IntegerField(default=20, verbose_name=_("Priority"), validators=[MinValueValidator(1), MaxValueValidator(100)])
     protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
     auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))
     sudo = models.TextField(default='/bin/whoami', verbose_name=_('Sudo'))
     shell = models.CharField(max_length=64,  default='/bin/bash', verbose_name=_('Shell'))
-    login_mode = models.CharField(choices=LOGIN_MODE_CHOICES, default=AUTO_LOGIN, max_length=10, verbose_name=_('Login mode'))
+    login_mode = models.CharField(choices=LOGIN_MODE_CHOICES, default=LOGIN_AUTO, max_length=10, verbose_name=_('Login mode'))
     cmd_filters = models.ManyToManyField('CommandFilter', related_name='system_users', verbose_name=_("Command filter"), blank=True)
 
-    cache_key = "__SYSTEM_USER_CACHED_{}"
+    SYSTEM_USER_CACHE_KEY = "__SYSTEM_USER_CACHED_{}"
+    CONNECTIVE_CACHE_KEY = '_JMS_SYSTEM_USER_CONNECTIVE_{}'
 
     def __str__(self):
         return '{0.name}({0.username})'.format(self)
@@ -136,34 +154,61 @@ class SystemUser(AssetUser):
             'auto_push': self.auto_push,
         }
 
-    def get_assets(self):
+    def get_related_assets(self):
         assets = set(self.assets.all())
         return assets
 
     @property
-    def assets_connective(self):
-        _result = cache.get(SYSTEM_USER_CONN_CACHE_KEY.format(self.name), {})
-        return _result
+    def connectivity(self):
+        cache_key = self.CONNECTIVE_CACHE_KEY.format(str(self.id))
+        value = cache.get(cache_key, None)
+        if not value or 'unreachable' not in value:
+            return {'unreachable': [], 'reachable': []}
+        else:
+            return value
+
+    @connectivity.setter
+    def connectivity(self, value):
+        data = self.connectivity
+        unreachable = data['unreachable']
+        reachable = data['reachable']
+
+        for host in value.get('dark', {}).keys():
+            if host not in unreachable:
+                unreachable.append(host)
+            if host in reachable:
+                reachable.remove(host)
+        for host in value.get('contacted'):
+            if host not in reachable:
+                reachable.append(host)
+            if host in unreachable:
+                unreachable.remove(host)
+        cache_key = self.CONNECTIVE_CACHE_KEY.format(str(self.id))
+        cache.set(cache_key, data, 3600)
 
     @property
-    def unreachable_assets(self):
-        return list(self.assets_connective.get('dark', {}).keys())
+    def assets_unreachable(self):
+        return self.connectivity.get('unreachable')
 
     @property
-    def reachable_assets(self):
-        return self.assets_connective.get('contacted', [])
+    def assets_reachable(self):
+        return self.connectivity.get('reachable')
+
+    @property
+    def login_mode_display(self):
+        return self.get_login_mode_display()
 
     def is_need_push(self):
-        if self.auto_push and self.protocol == self.__class__.SSH_PROTOCOL:
+        if self.auto_push and self.protocol == self.PROTOCOL_SSH:
             return True
         else:
             return False
 
     def set_cache(self):
-        cache.set(self.cache_key.format(self.id), self, 3600)
+        cache.set(self.SYSTEM_USER_CACHE_KEY.format(self.id), self, 3600)
 
     def expire_cache(self):
-        cache.delete(self.cache_key.format(self.id))
+        cache.delete(self.SYSTEM_USER_CACHE_KEY.format(self.id))
 
     @property
     def cmd_filter_rules(self):
@@ -184,7 +229,7 @@ class SystemUser(AssetUser):
 
     @classmethod
     def get_system_user_by_id_or_cached(cls, sid):
-        cached = cache.get(cls.cache_key.format(sid))
+        cached = cache.get(cls.SYSTEM_USER_CACHE_KEY.format(sid))
         if cached:
             return cached
         try:
diff --git a/apps/assets/serializers/asset.py b/apps/assets/serializers/asset.py
index 1066ae0b7..9640aff7f 100644
--- a/apps/assets/serializers/asset.py
+++ b/apps/assets/serializers/asset.py
@@ -9,7 +9,7 @@ from .system_user import AssetSystemUserSerializer
 
 __all__ = [
     'AssetSerializer', 'AssetGrantedSerializer', 'MyAssetGrantedSerializer',
-    'AssetAsNodeSerializer',
+    'AssetAsNodeSerializer', 'AssetSimpleSerializer',
 ]
 
 
@@ -33,7 +33,7 @@ class AssetSerializer(BulkSerializerMixin, serializers.ModelSerializer):
     def get_field_names(self, declared_fields, info):
         fields = super().get_field_names(declared_fields, info)
         fields.extend([
-            'hardware_info', 'is_connective', 'org_name'
+            'hardware_info', 'connectivity', 'org_name'
         ])
         return fields
 
@@ -78,3 +78,9 @@ class MyAssetGrantedSerializer(AssetGrantedSerializer):
             "is_active", "system_users_join", "org_name",
             "os", "platform", "comment", "org_id", "protocol"
         )
+
+
+class AssetSimpleSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Asset
+        fields = ['id', 'hostname', 'port', 'ip', 'connectivity']
diff --git a/apps/assets/serializers/system_user.py b/apps/assets/serializers/system_user.py
index a295f245c..be1f594ec 100644
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -1,6 +1,6 @@
 from rest_framework import serializers
 
-from ..models import SystemUser
+from ..models import SystemUser, Asset
 from .base import AuthSerializer
 
 
@@ -21,17 +21,17 @@ class SystemUserSerializer(serializers.ModelSerializer):
     def get_field_names(self, declared_fields, info):
         fields = super(SystemUserSerializer, self).get_field_names(declared_fields, info)
         fields.extend([
-            'get_login_mode_display',
+            'login_mode_display',
         ])
         return fields
 
     @staticmethod
     def get_unreachable_assets(obj):
-        return obj.unreachable_assets
+        return obj.assets_unreachable
 
     @staticmethod
     def get_reachable_assets(obj):
-        return obj.reachable_assets
+        return obj.assets_reachable
 
     def get_unreachable_amount(self, obj):
         return len(self.get_unreachable_assets(obj))
@@ -41,7 +41,7 @@ class SystemUserSerializer(serializers.ModelSerializer):
 
     @staticmethod
     def get_assets_amount(obj):
-        return len(obj.get_assets())
+        return len(obj.get_related_assets())
 
 
 class SystemUserAuthSerializer(AuthSerializer):
@@ -75,4 +75,7 @@ class SystemUserSimpleSerializer(serializers.ModelSerializer):
     """
     class Meta:
         model = SystemUser
-        fields = ('id', 'name', 'username')
\ No newline at end of file
+        fields = ('id', 'name', 'username')
+
+
+
diff --git a/apps/assets/signals_handler.py b/apps/assets/signals_handler.py
index 08ee6e670..85156c60d 100644
--- a/apps/assets/signals_handler.py
+++ b/apps/assets/signals_handler.py
@@ -7,7 +7,7 @@ from django.dispatch import receiver
 from common.utils import get_logger
 from .models import Asset, SystemUser, Node
 from .tasks import update_assets_hardware_info_util, \
-    test_asset_connectability_util, push_system_user_to_assets
+    test_asset_connectivity_util, push_system_user_to_assets
 
 
 logger = get_logger(__file__)
@@ -19,8 +19,8 @@ def update_asset_hardware_info_on_created(asset):
 
 
 def test_asset_conn_on_created(asset):
-    logger.debug("Test asset `{}` connectability".format(asset))
-    test_asset_connectability_util.delay([asset])
+    logger.debug("Test asset `{}` connectivity".format(asset))
+    test_asset_connectivity_util.delay([asset])
 
 
 def set_asset_root_node(asset):
diff --git a/apps/assets/tasks.py b/apps/assets/tasks.py
index 846964d94..0e6a6ec99 100644
--- a/apps/assets/tasks.py
+++ b/apps/assets/tasks.py
@@ -26,6 +26,23 @@ disk_pattern = re.compile(r'^hd|sd|xvd|vd')
 PERIOD_TASK = os.environ.get("PERIOD_TASK", "off")
 
 
+def clean_hosts(assets):
+    clean_assets = []
+    for asset in assets:
+        if not asset.is_active:
+            msg = _("Asset has been disabled, skipped: {}").format(asset)
+            logger.info(msg)
+            continue
+        if not asset.support_ansible():
+            msg = _("Asset may not be support ansible, skipped: {}").format(asset)
+            logger.info(msg)
+            continue
+        clean_assets.append(asset)
+    if not clean_assets:
+        logger.info(_("No assets matched, stop task"))
+    return clean_assets
+
+
 @shared_task
 def set_assets_hardware_info(assets, result, **kwargs):
     """
@@ -60,9 +77,12 @@ def set_assets_hardware_info(assets, result, **kwargs):
             ___cpu_model = 'Unknown'
         ___cpu_model = ___cpu_model[:64]
         ___cpu_count = info.get('ansible_processor_count', 0)
-        ___cpu_cores = info.get('ansible_processor_cores', None) or len(info.get('ansible_processor', []))
+        ___cpu_cores = info.get('ansible_processor_cores', None) or \
+                       len(info.get('ansible_processor', []))
         ___cpu_vcpus = info.get('ansible_processor_vcpus', 0)
-        ___memory = '%s %s' % capacity_convert('{} MB'.format(info.get('ansible_memtotal_mb')))
+        ___memory = '%s %s' % capacity_convert(
+            '{} MB'.format(info.get('ansible_memtotal_mb'))
+        )
         disk_info = {}
         for dev, dev_info in info.get('ansible_devices', {}).items():
             if disk_pattern.match(dev) and dev_info['removable'] == '0':
@@ -96,19 +116,8 @@ def update_assets_hardware_info_util(assets, task_name=None):
     if task_name is None:
         task_name = _("Update some assets hardware info")
     tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
-    hosts = []
-    for asset in assets:
-        if not asset.is_active:
-            msg = _("Asset has been disabled, skipped: {}").format(asset)
-            logger.info(msg)
-            continue
-        if not asset.support_ansible():
-            msg = _("Asset may not be support ansible, skipped: {}").format(asset)
-            logger.info(msg)
-            continue
-        hosts.append(asset)
+    hosts = clean_hosts(assets)
     if not hosts:
-        logger.info(_("No assets matched, stop task"))
         return {}
     created_by = str(assets[0].org_id)
     task, created = update_or_create_ansible_task(
@@ -125,7 +134,6 @@ def update_assets_hardware_info_util(assets, task_name=None):
 @shared_task
 def update_asset_hardware_info_manual(asset):
     task_name = _("Update asset hardware info: {}").format(asset.hostname)
-    # task_name = _("更新资产硬件信息")
     return update_assets_hardware_info_util(
         [asset], task_name=task_name
     )
@@ -141,123 +149,18 @@ def update_assets_hardware_info_period():
         logger.debug("Period task disabled, update assets hardware info pass")
         return
 
-    # from ops.utils import update_or_create_ansible_task
-    # from orgs.models import Organization
-    # orgs = Organization.objects.all().values_list('id', flat=True)
-    # orgs.append('')
-    # task_name = _("Update assets hardware info period")
-    # for org_id in orgs:
-    #     org_id = str(org_id)
-    #     hostname_list = [
-    #         asset for asset in Asset.objects.all()
-    #         if asset.is_active and asset.is_unixlike()
-    #     ]
-    #     tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
-    #
-    #     # Only create, schedule by celery beat
-    #     update_or_create_ansible_task(
-    #         task_name, hosts=hostname_list, tasks=tasks, pattern='all',
-    #         options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
-    #         interval=60*60*24, is_periodic=True, callback=set_assets_hardware_info.name,
-    # )
-
 
 ##  ADMIN USER CONNECTIVE  ##
 
-def set_admin_user_connectability_info(result, **kwargs):
-    admin_user = kwargs.get("admin_user")
-    task_name = kwargs.get("task_name")
-    if admin_user is None and task_name is not None:
-        admin_user = task_name.split(":")[-1]
-
-    raw, summary = result
-    cache_key = const.ADMIN_USER_CONN_CACHE_KEY.format(admin_user)
-    cache.set(cache_key, summary, CACHE_MAX_TIME)
-
-    for i in summary.get('contacted', []):
-        asset_conn_cache_key = const.ASSET_ADMIN_CONN_CACHE_KEY.format(i)
-        cache.set(asset_conn_cache_key, 1, CACHE_MAX_TIME)
-
-    for i, msg in summary.get('dark', {}).items():
-        asset_conn_cache_key = const.ASSET_ADMIN_CONN_CACHE_KEY.format(i)
-        cache.set(asset_conn_cache_key, 0, CACHE_MAX_TIME)
-        logger.error(msg)
-
 
 @shared_task
-def test_admin_user_connectability_util(admin_user, task_name):
-    """
-    Test asset admin user can connect or not. Using ansible api do that
-    :param admin_user:
-    :param task_name:
-    :return:
-    """
-    from ops.utils import update_or_create_ansible_task
-
-    assets = admin_user.get_related_assets()
-    hosts = []
-    for asset in assets:
-        if not asset.is_active:
-            msg = _("Asset has been disabled, skipped: {}").format(asset)
-            logger.info(msg)
-            continue
-        if not asset.support_ansible():
-            msg = _("Asset may not be support ansible, skipped: {}").format(asset)
-            logger.info(msg)
-            continue
-        hosts.append(asset)
-    if not hosts:
-        logger.info(_("No assets matched, stop task"))
-        return {}
-    tasks = const.TEST_ADMIN_USER_CONN_TASKS
-    task, created = update_or_create_ansible_task(
-        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
-        options=const.TASK_OPTIONS, run_as_admin=True, created_by=admin_user.org_id,
-    )
-    result = task.run()
-    set_admin_user_connectability_info(result, admin_user=admin_user.name)
-    return result
-
-
-@shared_task
-@register_as_period_task(interval=3600)
-def test_admin_user_connectability_period():
-    """
-    A period task that update the ansible task period
-    """
-    admin_users = AdminUser.objects.all()
-    for admin_user in admin_users:
-        task_name = _("Test admin user connectability period: {}").format(admin_user.name)
-        test_admin_user_connectability_util(admin_user, task_name)
-
-
-@shared_task
-def test_admin_user_connectability_manual(admin_user):
-    task_name = _("Test admin user connectability: {}").format(admin_user.name)
-    # task_name = _("测试管理行号可连接性: {}").format(admin_user.name)
-    return test_admin_user_connectability_util(admin_user, task_name)
-
-
-@shared_task
-def test_asset_connectability_util(assets, task_name=None):
+def test_asset_connectivity_util(assets, task_name=None):
     from ops.utils import update_or_create_ansible_task
 
     if task_name is None:
-        task_name = _("Test assets connectability")
-        # task_name = _("测试资产可连接性")
-    hosts = []
-    for asset in assets:
-        if not asset.is_active:
-            msg = _("Asset has been disabled, skip: {}").format(asset)
-            logger.info(msg)
-            continue
-        if not asset.support_ansible():
-            msg = _("Asset may not be support ansible, skip: {}").format(asset)
-            logger.info(msg)
-            continue
-        hosts.append(asset)
+        task_name = _("Test assets connectivity")
+    hosts = clean_hosts(assets)
     if not hosts:
-        logger.info(_("No assets, task stop"))
         return {}
     tasks = const.TEST_ADMIN_USER_CONN_TASKS
     created_by = assets[0].org_id
@@ -267,18 +170,20 @@ def test_asset_connectability_util(assets, task_name=None):
     )
     result = task.run()
     summary = result[1]
-    for k in summary.get('dark'):
-        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 0, CACHE_MAX_TIME)
-
-    for k in summary.get('contacted'):
-        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 1, CACHE_MAX_TIME)
+    for asset in assets:
+        if asset.hostname in summary.get('dark', {}):
+            asset.connectivity = asset.UNREACHABLE
+        elif asset.hostname in summary.get('contacted', []):
+            asset.connectivity = asset.REACHABLE
+        else:
+            asset.connectivity = asset.UNKNOWN
     return summary
 
 
 @shared_task
-def test_asset_connectability_manual(asset):
-    task_name = _("Test assets connectability: {}").format(asset)
-    summary = test_asset_connectability_util([asset], task_name=task_name)
+def test_asset_connectivity_manual(asset):
+    task_name = _("Test assets connectivity: {}").format(asset)
+    summary = test_asset_connectivity_util([asset], task_name=task_name)
 
     if summary.get('dark'):
         return False, summary['dark']
@@ -286,21 +191,50 @@ def test_asset_connectability_manual(asset):
         return True, ""
 
 
+@shared_task
+def test_admin_user_connectivity_util(admin_user, task_name):
+    """
+    Test asset admin user can connect or not. Using ansible api do that
+    :param admin_user:
+    :param task_name:
+    :return:
+    """
+    assets = admin_user.get_related_assets()
+    hosts = clean_hosts(assets)
+    if not hosts:
+        return {}
+    summary = test_asset_connectivity_util(hosts, task_name)
+    return summary
+
+
+@shared_task
+@register_as_period_task(interval=3600)
+def test_admin_user_connectivity_period():
+    """
+    A period task that update the ansible task period
+    """
+    admin_users = AdminUser.objects.all()
+    for admin_user in admin_users:
+        task_name = _("Test admin user connectivity period: {}").format(admin_user.name)
+        test_admin_user_connectivity_util(admin_user, task_name)
+
+
+@shared_task
+def test_admin_user_connectivity_manual(admin_user):
+    task_name = _("Test admin user connectivity: {}").format(admin_user.name)
+    return test_admin_user_connectivity_util(admin_user, task_name)
+
+
 ##  System user connective ##
 
 @shared_task
-def set_system_user_connectablity_info(result, **kwargs):
+def set_system_user_connectivity_info(system_user, result):
     summary = result[1]
-    task_name = kwargs.get("task_name")
-    system_user = kwargs.get("system_user")
-    if system_user is None:
-        system_user = task_name.split(":")[-1]
-    cache_key = const.SYSTEM_USER_CONN_CACHE_KEY.format(str(system_user.id))
-    cache.set(cache_key, summary, CACHE_MAX_TIME)
+    system_user.connectivity = summary
 
 
 @shared_task
-def test_system_user_connectability_util(system_user, assets, task_name):
+def test_system_user_connectivity_util(system_user, assets, task_name):
     """
     Test system cant connect his assets or not.
     :param system_user:
@@ -309,20 +243,9 @@ def test_system_user_connectability_util(system_user, assets, task_name):
     :return:
     """
     from ops.utils import update_or_create_ansible_task
-    hosts = []
     tasks = const.TEST_SYSTEM_USER_CONN_TASKS
-    for asset in assets:
-        if not asset.is_active:
-            msg = _("Asset has been disabled, skip: {}").format(asset)
-            logger.info(msg)
-            continue
-        if not asset.support_ansible():
-            msg = _("Asset may not be support ansible, skip: {}").format(asset)
-            logger.info(msg)
-            continue
-        hosts.append(asset)
+    hosts = clean_hosts(assets)
     if not hosts:
-        logger.info(_("No assets matched, stop task"))
         return {}
     task, created = update_or_create_ansible_task(
         task_name, hosts=hosts, tasks=tasks, pattern='all',
@@ -330,36 +253,35 @@ def test_system_user_connectability_util(system_user, assets, task_name):
         run_as=system_user, created_by=system_user.org_id,
     )
     result = task.run()
-    set_system_user_connectablity_info(result, system_user=system_user)
+    set_system_user_connectivity_info(system_user, result)
     return result
 
 
 @shared_task
-def test_system_user_connectability_manual(system_user):
-    task_name = _("Test system user connectability: {}").format(system_user)
-    assets = system_user.get_assets()
-    return test_system_user_connectability_util(system_user, assets, task_name)
+def test_system_user_connectivity_manual(system_user):
+    task_name = _("Test system user connectivity: {}").format(system_user)
+    assets = system_user.get_related_assets()
+    return test_system_user_connectivity_util(system_user, assets, task_name)
 
 
 @shared_task
-def test_system_user_connectability_a_asset(system_user, asset):
-    task_name = _("Test system user connectability: {} => {}").format(
+def test_system_user_connectivity_a_asset(system_user, asset):
+    task_name = _("Test system user connectivity: {} => {}").format(
         system_user, asset
     )
-    return test_system_user_connectability_util(system_user, [asset], task_name)
+    return test_system_user_connectivity_util(system_user, [asset], task_name)
 
 
 @shared_task
-def test_system_user_connectability_period():
+def test_system_user_connectivity_period():
     if PERIOD_TASK != "on":
-        logger.debug("Period task disabled, test system user connectability pass")
+        logger.debug("Period task disabled, test system user connectivity pass")
         return
-    # Todo: 暂时禁用定期测试
-    # system_users = SystemUser.objects.all()
-    # for system_user in system_users:
-    #     task_name = _("Test system user connectability period: {}").format(system_user)
-    #     # task_name = _("定期测试系统用户可连接性: {}".format(system_user))
-    #     test_system_user_connectability_util(system_user, task_name)
+    system_users = SystemUser.objects.all()
+    for system_user in system_users:
+        task_name = _("Test system user connectivity period: {}").format(system_user)
+        assets = system_user.get_related_assets()
+        test_system_user_connectivity_util(system_user, assets, task_name)
 
 
 ####  Push system user tasks ####
@@ -381,6 +303,24 @@ def get_push_system_user_tasks(system_user):
                 ),
             }
         })
+        tasks.extend([
+            {
+               'name': 'Check home dir exists',
+               'action': {
+                   'module': 'stat',
+                   'args': 'path=/home/{}'.format(system_user.username)
+               },
+               'register': 'home_existed'
+            },
+            {
+                'name': "Set home dir permission",
+                'action': {
+                    'module': 'file',
+                    'args': "path=/home/{0} owner={0} group={0} mode=700".format(system_user.username)
+                },
+                'when': 'home_existed.stat.exists == true'
+            }
+        ])
     if system_user.public_key:
         tasks.append({
             'name': 'Set {} authorized key'.format(system_user.username),
@@ -417,19 +357,8 @@ def push_system_user_util(system_user, assets, task_name):
         return
 
     tasks = get_push_system_user_tasks(system_user)
-    hosts = []
-    for asset in assets:
-        if not asset.is_active:
-            msg = _("Asset has been disabled, skip: {}").format(asset)
-            logger.info(msg)
-            continue
-        if not asset.support_ansible():
-            msg = _("Asset may not be support ansible, skip: {}").format(asset)
-            logger.info(msg)
-            continue
-        hosts.append(asset)
+    hosts = clean_hosts(assets)
     if not hosts:
-        logger.info(_("No assets matched, stop task"))
         return {}
     task, created = update_or_create_ansible_task(
         task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
@@ -441,7 +370,7 @@ def push_system_user_util(system_user, assets, task_name):
 
 @shared_task
 def push_system_user_to_assets_manual(system_user):
-    assets = system_user.get_assets()
+    assets = system_user.get_related_assets()
     task_name = _("Push system users to assets: {}").format(system_user.name)
     return push_system_user_util(system_user, assets, task_name=task_name)
 
diff --git a/apps/assets/templates/assets/admin_user_assets.html b/apps/assets/templates/assets/admin_user_assets.html
index 31314392f..7a9882563 100644
--- a/apps/assets/templates/assets/admin_user_assets.html
+++ b/apps/assets/templates/assets/admin_user_assets.html
@@ -45,13 +45,11 @@
                                     <table class="table table-striped table-bordered table-hover" id="asset_list_table">
                                         <thead>
                                             <tr>
-                                                <th class="text-center">
-                                                    <input type="checkbox" id="check_all" class="ipt_check_all" >
-                                                </th>
                                                 <th>{% trans 'Hostname' %}</th>
                                                 <th>{% trans 'IP' %}</th>
                                                 <th>{% trans 'Port' %}</th>
                                                 <th>{% trans 'Reachable' %}</th>
+                                                <th>{% trans 'Action' %}</th>
                                             </tr>
                                         </thead>
                                         <tbody>
@@ -91,26 +89,36 @@
 <script>
 
 function initTable() {
+    var reachable = {{ admin_user.REACHABLE }};
+    var unreachable = {{ admin_user.UNREACHABLE }};
     var options = {
 		ele: $('#asset_list_table'),
 		buttons: [],
 		order: [],
 		columnDefs: [
-			{targets: 1, createdCell: function (td, cellData, rowData) {
+			{targets: 0, createdCell: function (td, cellData, rowData) {
 				var detail_btn = '<a href="{% url "assets:asset-detail" pk=DEFAULT_PK %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
 				$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
 			}},
-			{targets: 4, createdCell: function (td, cellData) {
-				if (!cellData) {
+			{targets: 3, createdCell: function (td, cellData) {
+				if (cellData === unreachable) {
 					$(td).html('<i class="fa fa-times text-danger"></i>')
-				} else {
+				} else if (cellData === reachable) {
 					$(td).html('<i class="fa fa-check text-navy"></i>')
-				}
-			}}],
-		ajax_url: '{% url "api-assets:asset-list" %}?admin_user_id={{ admin_user.id }}',
+				} else {
+                    $(td).html('')
+                }
+			}},
+            {targets: 4, createdCell: function (td, cellData) {
+                var test_btn = ' <a class="btn btn-xs btn-info btn-test-asset" data-uid="{{ DEFAULT_PK }}" >{% trans "Test" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
+                $(td).html(test_btn);
+			}}
+        ],
+
+		ajax_url: '{% url "api-assets:admin-user-assets" pk=admin_user.id %}',
 		columns: [
-		    {data: function(){return ""}}, {data: "hostname" }, {data: "ip" },
-            {data: "port" },  {data: "is_connective" }],
+		    {data: "hostname" }, {data: "ip" },
+            {data: "port" },  {data: "connectivity" }, {data: "id"}],
 		op_html: $('#actions').html()
 	};
 	jumpserver.initServerSideDataTable(options);
@@ -119,6 +127,21 @@ function initTable() {
 $(document).ready(function () {
 	initTable();
 })
+.on('click', '.btn-test-asset', function () {
+    var asset_id = $(this).data('uid');
+    var the_url = "{% url 'api-assets:asset-alive-test' pk=DEFAULT_PK %}".replace('{{ DEFAULT_PK }}', asset_id);
+    var success = function (data) {
+        var task_id = data.task;
+        var url = '{% url "ops:celery-task-log" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", task_id);
+        window.open(url, '', 'width=800,height=600,left=400,top=400')
+    };
+    APIUpdateAttr({
+        url: the_url,
+        method: 'GET',
+        success: success,
+        flash_message: false
+    });
+})
 .on('click', '.btn-test-connective', function () {
     var the_url = "{% url 'api-assets:admin-user-connective' pk=admin_user.id %}";
     var success = function (data) {
diff --git a/apps/assets/templates/assets/system_user_asset.html b/apps/assets/templates/assets/system_user_asset.html
index bf778d46f..9bcf6b5aa 100644
--- a/apps/assets/templates/assets/system_user_asset.html
+++ b/apps/assets/templates/assets/system_user_asset.html
@@ -136,7 +136,7 @@
 {% block custom_foot_js %}
 <script>
 function initAssetsTable() {
-    var unreachable = {{ system_user.unreachable_assets|safe }};
+    var connectivity = {{ system_user.connectivity | safe }};
     var options = {
 		ele: $('#system_user_list'),
 		buttons: [],
@@ -147,11 +147,13 @@ function initAssetsTable() {
 				$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
 			}},
 			{targets: 3, createdCell: function (td, cellData) {
-				if (unreachable.indexOf(cellData) >= 0) {
+				if (connectivity.unreachable.indexOf(cellData) >= 0) {
 					$(td).html('<i class="fa fa-times text-danger"></i>')
-				} else {
+				 } else if (connectivity.reachable.indexOf(cellData) >= 0 ) {
 					$(td).html('<i class="fa fa-check text-navy"></i>')
-				}
+				 } else {
+                    $(td).html('')
+                }
 			}},
             {targets: 4, createdCell: function (td, cellData) {
                 var push_btn = '';
diff --git a/apps/assets/templates/assets/system_user_list.html b/apps/assets/templates/assets/system_user_list.html
index f7c2a613b..6ed0d0d26 100644
--- a/apps/assets/templates/assets/system_user_list.html
+++ b/apps/assets/templates/assets/system_user_list.html
@@ -95,7 +95,7 @@ function initTable() {
             }}],
         ajax_url: '{% url "api-assets:system-user-list" %}',
         columns: [
-            {data: "id" }, {data: "name" }, {data: "username" }, {data: "protocol"}, {data: "get_login_mode_display"}, {data: "assets_amount" },
+            {data: "id" }, {data: "name" }, {data: "username" }, {data: "protocol"}, {data: "login_mode_display"}, {data: "assets_amount" },
             {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment" }, {data: "id" }
         ],
         op_html: $('#actions').html()
diff --git a/apps/assets/urls/api_urls.py b/apps/assets/urls/api_urls.py
index efb09c8cc..ca426a833 100644
--- a/apps/assets/urls/api_urls.py
+++ b/apps/assets/urls/api_urls.py
@@ -24,32 +24,34 @@ cmd_filter_router.register(r'rules', api.CommandFilterRuleViewSet, 'cmd-filter-r
 
 urlpatterns = [
     path('assets-bulk/', api.AssetListUpdateApi.as_view(), name='asset-bulk-update'),
-    path('system-user/<uuid:pk>/auth-info/',
-         api.SystemUserAuthInfoApi.as_view(), name='system-user-auth-info'),
-    path('system-user/<uuid:pk>/assets/',
-         api.SystemUserAssetsListView.as_view(), name='system-user-assets'),
     path('assets/<uuid:pk>/refresh/',
          api.AssetRefreshHardwareApi.as_view(), name='asset-refresh'),
     path('assets/<uuid:pk>/alive/',
          api.AssetAdminUserTestApi.as_view(), name='asset-alive-test'),
     path('assets/<uuid:pk>/gateway/',
          api.AssetGatewayApi.as_view(), name='asset-gateway'),
+
     path('admin-user/<uuid:pk>/nodes/',
          api.ReplaceNodesAdminUserApi.as_view(), name='replace-nodes-admin-user'),
     path('admin-user/<uuid:pk>/auth/',
          api.AdminUserAuthApi.as_view(), name='admin-user-auth'),
     path('admin-user/<uuid:pk>/connective/',
          api.AdminUserTestConnectiveApi.as_view(), name='admin-user-connective'),
+    path('admin-user/<uuid:pk>/assets/',
+         api.AdminUserAssetsListView.as_view(), name='admin-user-assets'),
 
+    path('system-user/<uuid:pk>/auth-info/',
+         api.SystemUserAuthInfoApi.as_view(), name='system-user-auth-info'),
+    path('system-user/<uuid:pk>/assets/',
+         api.SystemUserAssetsListView.as_view(), name='system-user-assets'),
     path('system-user/<uuid:pk>/push/',
          api.SystemUserPushApi.as_view(), name='system-user-push'),
     path('system-user/<uuid:pk>/asset/<uuid:aid>/push/',
          api.SystemUserPushToAssetApi.as_view(), name='system-user-push-to-asset'),
     path('system-user/<uuid:pk>/asset/<uuid:aid>/test/',
-         api.SystemUserTestAssetConnectabilityApi.as_view(), name='system-user-test-to-asset'),
+         api.SystemUserTestAssetConnectivityApi.as_view(), name='system-user-test-to-asset'),
     path('system-user/<uuid:pk>/connective/',
          api.SystemUserTestConnectiveApi.as_view(), name='system-user-connective'),
-
     path('system-user/<uuid:pk>/cmd-filter-rules/',
          api.SystemUserCommandFilterRuleListApi.as_view(), name='system-user-cmd-filter-rule-list'),
 
diff --git a/apps/assets/views/admin_user.py b/apps/assets/views/admin_user.py
index e325e4f08..fe00e29ac 100644
--- a/apps/assets/views/admin_user.py
+++ b/apps/assets/views/admin_user.py
@@ -102,7 +102,7 @@ class AdminUserAssetsView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
             'app': _('Assets'),
             'action': _('Admin user detail'),
             "total_amount": len(self.queryset),
-            'unreachable_amount': len([asset for asset in self.queryset if asset.is_connective is False])
+            'unreachable_amount': len([asset for asset in self.queryset if asset.connectivity is False])
         }
         kwargs.update(context)
         return super().get_context_data(**kwargs)
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index d537b9e16..d9eeb48cf 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -304,7 +304,7 @@ defaults = {
     'REDIS_DB_CELERY': 3,
     'REDIS_DB_CACHE': 4,
     'CAPTCHA_TEST_MODE': None,
-    'TOKEN_EXPIRATION': 3600,
+    'TOKEN_EXPIRATION': 3600 * 24,
     'DISPLAY_PER_PAGE': 25,
     'DEFAULT_EXPIRED_YEARS': 70,
     'SESSION_COOKIE_DOMAIN': None,
@@ -312,6 +312,7 @@ defaults = {
     'SESSION_COOKIE_AGE': 3600 * 24,
     'SESSION_EXPIRE_AT_BROWSER_CLOSE': False,
     'AUTH_OPENID': False,
+    'OTP_ISSUER_NAME': 'Jumpserver',
     'EMAIL_SUFFIX': 'jumpserver.org',
     'TERMINAL_PASSWORD_AUTH': True,
     'TERMINAL_PUBLIC_KEY_AUTH': True,
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index 2192ac16e338d572c34aa4c8f2faf64acb2b7b62..3f494f8c21701de14f1138558a1b5f97ced82da8 100644
GIT binary patch
delta 18067
zcmZ|W2Xs|MyT<Vip(Jzyp_kA?XrTuPy>}_ndkYw8N&xAHCLIJKT|Pj1M=1uRND!on
zbVa21rU;0NAou^AdHF8uu66fX<8R(~W>4GuoCH{|I3MuW`2gSL;3RWAuId4vmjm->
z^Sq8pJg;aOWj$|cZO@yI%WxPLuj6@Ba2<}uvUNT0Od`+QfeARJzUO66?0JnFlBYeU
zu^YGYJDwLz+zvyqFDCOmpEr(5Y7$d0CC<l8xB_$I*T{Oji&zS;VkOMb#PcGsDRxI6
z7Qh=AjzLYGrSLLwd(`+*&A1oqU^3?S+ELNYyJAKhg~>4v)8Hc1jq5NK?l2Fa20DrC
z#Jg!eKyBy=rbVy0=VgX;sQbf_!}iKz5c7K#sAvH-F&MjGAjV>L9D)9mvHS|mOMWBj
zzLTgEdW2f|6HJFMP#a45uIDAiP)vbgW=Zs=CsB!tR{9Qh!%nCj?8h+t0Sn=C?2n->
zSRBqo=J1lV^gNop*5-Ot{xz1v=B?ZUrl3x0Ch7#{wc`A>vPC3n;WE@Sy^UH}NNczA
zf~a?)G-kkeQ48#a+W8>VIKxm!JR0@rreh}j40VEAEx!-d??h|PUjtpV4)-t*@gJBU
zGq-U^RtYs=T`Y{Puo#ZPAl!@^a3|`%L#Rja0QCr8VhCnw>v?>@ya?1u)b~-*(Kkh{
zunX!L^+6rcN2rd&Q9B)rnrNcMpQ27`0cs)ZF&Az}je8bL;7w}}Y3IhvjcWIWQPGW&
zs3WX~I*~f4iCdWMQ8#o$ox}jtg2td;x(S#WXP}OJ6>8i)sBykSE%XFt#jD5(`MeiY
zvXDsG-t9O)>c()hlv&BFV>U&7O4^~0x;s|Dfv5>Lp%%6sweUTt{@<g<KaUam{9mO~
zoJ86VZbwy7Cs7M^)D2JrwKhAWK7PHh4o*Ss>=bI}H&7?^0`<&;I=YuOH)^A$Q44B>
zsr32pV2K#i3WuU59E-s?1@%Z4TYf!if~}~XCzxkYpZA-niT*~tQ^B3wc)3vbg;`t{
zeVVW`mC{%Tb#%i}9mimHoQc}u2Goh{MLp|dsH41r+UX<Ah5?=3N#sH;yew+GnyCAm
zqc+yLGv}|jeE<oqd?ae3*{A_mpmwkeHNYX%%X7~B4K+|u7uPQb>i%%lxKXH+tc^OU
z#;65%LcP52b@90s^(CQ`7=~KmIMl>5Q8#{uTEIrsz`Id9{m$a+sDU4$?*9`tUXreE
zL8(y-$&GsU1yNsQ<$P3h<PA|r)f_c(7gWbSsEJ3QRy-Bee<tq6d8mO~@V%{xJD4%3
z1q?<_<U`#bhg#@-)JA-tQwgQA5p&@QY=DpOF_!0Ns|G66!wpahwSaP{1y?~$&<Ont
zNA>T6b#V|D#yyt5i~4l^jy!Uo_a~J?BvM7Y0V7cp)IuG7L)1z;pmy2|H9>!K2<oK9
zU{aigTF5-qILlEdxDIvSPE3jkm|UO#!&KDqBx*-LqK@(whT;>8GxT%=grfQvLM^BS
zYQplCuZ8*^Xo#Ayo3-~gKf*HP$D#l8A5TRSA4I*qXHYx3g___G)Pi22-u@K5+@r{k
zIfx6Po@pJ_giTS8q%G=W+86aH`52Snd@PQO(f{-Rdn($&71V$aP#pu`a|5SF#hFnP
z<UlQ`04Bv!s0EbAFsy-zF~;nJd5Qa*v#}xZ_V+md5>yh!xD}PcR>a+~KJLV181TNE
zFa>I%nQ<rP!(n&{b7Gs`Zb5@l3m#$d7}Sm@VsiWn194w(p1)p>!z6<6M{Brd-bX!}
zr>G-M)W`J;!IZ?gF$ET}I1>FQVEGu-LI$E<=ApO&r(i!U=j-c!>a9WzxDHd{4%E>e
zKuvH2brNSWHC{x$WcN_*8cpArDN#GiV{u{ByHpL;zbU4{UZ_Xn8*GUMsEOC07P1{R
z@O~_S$59J<V)?&N{Q~;C9j8V0k3^khb<{!{THM0gJE7)@ak0-EOhr2zgK2OQ=D~TW
z-+*?aehBSBz5N$ZpOUAjpK?h*a1-UiLc|48kE$8!QADHO{%NR<EJ4k45Yy@Nf0l|C
zaLas%+Syaoj$fl*nxr4PqfCu@*>a*5P|<9G`XSaA^(e-oCZ3O4(0bITYai;H_7}{}
z{N6vRVD<s-=qjRKn%bx%Y=AnlcP-xqb;QxA0sEsSo`&kb4AbK})Hu7*|0q!#I*!`#
zY4m^oFHlKG;sNTX+Dp{uH*>7pc{bDlc~J`~hQSzxI?BeV1$4l)_#vv_7%Yu5P$!sx
zI@zPBg`SV){Pm2lSce;^fghmq|Dq;NJkZ^c8Z~ex)TbaHYKJ9JJBvi^tP*O1ny3Xf
z!s6H-b>CFXfC~n4{;F&wp|8sQsAqZsbs|s9fI+T3BkE|2qCP%V%&r(gJl@*3qE6x<
z>g7FW{*F3{)PvoELwr`rj#_aZ)FUX2I*Hm?729AzoR9hO8`OliP$!V_BX@sRGcRhV
zMNmgx0X1=L)WRC0=JR#5N>9{F)gN`_Ls1>aV=4R;we#;#6JEfKco`ewQ`Ew$4skDY
z57eU=k9uTN&H1QDwGx@n=dGurj@vN{?nbTj9O@BVLY>I3s2hWZy8dZV{W4jc3-zoE
zpmtmaL$Dg^*|)O%1XRD-7_QI%GAdfYQEZ2&tV7XZu46^i#0^j<)D*Szc32wwqXt}#
znea<2ibqi26VEN5akxA3BB)1G29q(rS3?!7k2>0>s0mx5J_YTqy))`4d!iN+i`wZ(
z)Vng-@}HTjP!nyjc&~Zb@~6@N`~OucdKvDap7|5hjuMY>3rmlo#92`9Km}C4hNwr>
z9<yQ})B-1<K2>q3aaN-ivIF&QeQWU#BRGHmGbW*({E8aj1s2BSBi#U{Py<#+^=paR
zaaUCTfvA%kgIRC_*1{#29dBZ0^hUXbWI??<VWT*ItuTUwtc-eT8liUB4fU)CSo=iO
zLgu1QY#nN#t>)L3KY)6K$59JDjRo;C>QU>tYoV!qRCFX^sD_fLfy-N5-K>Y2s0r#Q
z^%ob4qfra*i{Ur|brLI4{nnvQD&9PX*@!QrPQ>>&6&+#v(e9<ng?c36=zrFzg*8O&
zygBNGdSXr-f!g6hRR2}j0OKtV7~>WYf=|hZqsGrM)<3V$D@H{FM4@(G2laM0G25bU
z=#Dz6fv5%hP&=H4I_ia}`<I$)QIGITRKEn&I44o#U&CO1{vS}$%KybsOgGLQVM)|8
zi$vu+p+4U})U%t5IdC&-qT}W-SeE!9YTUfz-Oq|LsCTI~=D|K#komnCRAO)k*22(_
zUB_r#Mm!9MV2%my7l%2Rk9ZsI!k@4M#!cjO@G<JqL{D;m_cIRH5pTmV>^#~1?3jSQ
za1z_8$jhi5C!gZ}-mW-SAnt|9aTzATwU`1o;TYVBe_+L_YywM8b0=^Ys}tv%?tX@J
zL7iM2>gC%oo%7d`eoI2{z(w<p`4shbzeY`*W`_I4Bm)KzXF}bV4U=IQYN5qY??_qH
z$<)9!xCGUI6RQ8N8Jxd%vY&+B>f@-7$8}7DuTal0)hBMiT&Ryz5zK{EP&?^}x_=Pr
z{;8N6SE0t)hFZ`8EQ}{n^Zw(bl9o!cnQo#?s5l(;%~c*lu?6bo8H8HE6x76vQT?~0
zc6Jc8;8UoRxM4oPAmXRk8(*Qu^To_^M>`5Nz&O;(KSAwiF=_`}Q3EERc6b!EgIlQn
zk1-nm#Uj{awrih>8g~(DoYhzwcOc&<KJPvi4fHRj!=N~~gKVgmr6_8LwNV4Lw74s(
z|A(lZjYTbF8fpOxQ4=0QeOk_;`u&Z;81Sh!!t>8WB|V9fm;q~IAht#waTnCH9)d}6
z9{NuP{U?L!pMYBEF;u^csF&;->g4XC`aed^^BM#7`Oh%Ny&O4EJ1m4+X<5|gzbbx#
z*HE8=xVf(XeAEOhF#<PW9=wS4@fD^^#9zbA<F_E<HuK%baRHW6KlG_%ng#Bew!skM
zSky`<qb8V-x?u@wqSL4aCR*qoK}zJy&dY(iZz(or;?1ZHzFNflfFnQS_e#8ueA#*(
z7Snu?j#n1*$0A(0gh3PYA}!<3=yd3{+`av|SGb9)p`KkcOoBa7Cl-Tx1cOkIaunvq
znU>#z`q=F>Z=${-)9T0MXez~4@`B+e%z@9$^sD#_W8w(Z=l7)<wA!6aCe(s*qS{MX
zzOu!&%w}dMv$r|KM@2{cG3rRCS;Jg&IqFle#o{BV{^wCI+a=3CLOr?{7N=X|7L*g!
zudu~Y7T2}d*P4n3>|ypc2be=q3mc8v;S_ToYUeA=uP~bUD5`&nweHUYQ5a6#8C&Bd
z?1ERZs$P%k>)fAk#+dufMC;uTpX#Uu4#yxIYw<KQ4x`8~M14%pp*~*EPzw&+;NlRo
z5bArPGW!4huc5!fZ#HIIOhtz-W?yp{>L@2#JkR14sD*7qy;OTqJN^YzVbYDxU{pT0
zSx<T1Kkq~9FbcJUsTQw8J^QavM}5-b8`l03wV<F)Zi1|+lM2HCEN1zVmak%QZHt?u
zPXo8LhCY~wc&NpTPzzdv8u&Z&gtecu__}$|@{cWkg<43G&2E8#W(cMrpLa9QKaff>
z5_)?h%|_O-8|rBLqZT?8bt2O&UTJYWYNAu9{^!gq<~{SN`3kk6<Xbp@-H>LB`#aez
zsD{R<d<#sAoh;wa@`Erxc^^jN3TwY;UPnFqdlo-8Utt*eBz&Lu!y-N^>bMZK!_}w>
zccD(?sCgCj`@nNl|KKlO|J<m!lvx$Efkqa;YjGE|m*xAR=J5@;#8gYnM@_s2bpm_M
z!>EZ)qb9gw-o}c=k1Q^<)%7cZ!Q?BOO)cNu;t!DV`S*V+ns7R5hs&+QKJ-s$UNIk9
z``;F)+UELYMNJrHR<L{{vn}e~>1q1V|NH-Z>#!bmB=M-7AI9W(+VVeJ{yypio}m`_
zj~Te##UW;1)PjneH7wr}wUBO#_4yxe4U^0{s0lu|c&)`dFg5u-sD&Q0{6*A4uA9G^
zFU_DGZoEupPUI)JmmhtaXfG8FaL_!B{%4Gu=(fert^Jjmf}hcPWSPy<Sb?|+@}u9I
zj2bt8yc@5iSss<I8qf3B1dS}w!8*jCzSBRzg1FxDXUv~5J^5>>FRZ7i0Yi4WiSlAP
z;zFoL8D;resD2GCZnKl~SE92e`k1liFjV^(i)WxFo`V{AwdKD+^^3RoAnMs4xBL}U
z|A*#t)CqgOU9OVcOoLg-hgcke8n~=k19c)zEdIzGk2=X&7B53hu*u@>s2@%VmcNRH
ziG6pd=({-hYj;CV)HBVG`tGlW{u4qC*avmwv8Wx+vGz5ng>Ogg^aQH^Pv#ZN-$pI;
zvCDJ*yWIkkqXq~@eg*W3m=PF3T+-}<9f?1|YWT>E*u$Umi2Gwt{1UZ*tb5%CLQ!!s
zT!3Y;H}9W!f=UR9sC}+OQ?s?%39Hi{jXH_dmfvRa*A^c(e=yIZc6teQQjaX}edESS
zE`2m)q@tDO!F(8wny3*f-xf7M7o3W**aBape(JT@?@q9d*&TIXKh!vb%(19(KEbT`
zIr`LLw>2C=#lN5)#XZzOi4$BLglf-gadERAYT&NcKF}P4*~rg8jkDJBTg*KPoWFi0
zI%<ihsF%k(;C`P^ftoOb8EO_Yqs+Rf1++lD)x9tPXQRFc=9;Tf<Hw^OO~L`rUtg)G
zNkrmR>zMgl_m4&4r~%$VEwnRgL6a~8&O!gq%q`abmBrth$IR2Hg<dcp`mFLAwW8pI
z&b+9OrBE+tZPX)aZw@r4o2yU@+lN}vanw%Fn3v2usD8g=e)Room3)U>Lp{_)El~sY
zv-}`)tmQvJEpRUCgw|TT3pK&_=FjFG^BL;CMBn*0>hm&EQ6fL;#&TvYtV-Mrli@7O
z&qwWSrNx`AeK%$&f574^)_&W3YI=v=JgL$D`+qing^!;ZZWc!^EE4l!ebfT`n!~Jp
zBI?mCw0NDh??Ij9QPjI~1J&<O%O^j=qt)j>l!`h=qB=A|P1G5+qdw*&)Jd$c_VpIW
zTf7hTt{k`cIu<1U4Rc}UqwcFa67}rcp#SIpNGd@j#+x(D`R3=S1#Li`$WGKkj$8f=
z1`=OIjdRcPPf-(l$K3t7QTG)^jZ^v<pa14m>W~P>1(+8TPy^jUP5hhr5;Z{3ao3&>
z6=y@8U>=L3P!m)~EuaPJWMi#;oH^w<=dS@~kw}H}&6TJdzQmH4VDU3E$@gx;jHvsI
z;W#XVsW9F=Xziy_8@hlR_Xg_w=Bba0ZYX@ht+*T(CT@V*(IC__oq?KY1*-pgi{s6G
z<{|TY^DL_WMf0xthv`fFgPS-ls$*VEfyK=zv$ok3)6(7^wWHqVAk$|~MlCoFbK*kO
z`0?gJr_Vc0MbGMrH9WESwZ*|F-GsSO0~SXO6lvBpo0=U_C-=U^<51(zw0JqDCEntX
zD|+5HR5bASs2k7Xd-%xWR;OIPKWfL5Q2l4e{a!SK|Ig1`$!JN3%roXy^O5-iHA3>!
zZiMux`?6qCEPy)uB3Kk7t-U*HWgl2P8MT7Br}_M-vY12wuCRtR=4Nw;xd%1jx2U)3
z6ehttmVb!B#DANq&bWzlo8?jWH#0k(;q#*#dXtc&Pz#!6@qFvJ9<_sbi%(hmWo%9U
zcZ=(vb>nov8|3?2{O&n7aZfYW935zt>2b3nvis6-%YHI?z9&&jxoY0Ap1+#^n1Scr
z&>^V)c`YtvMq(cFHLX1w^<C8m^<6aw{aZWF!%*cEi5z$zby&%NbbHE(y0IXp!={)U
zyQ03N#-IjVit2X&E8s(HiD5sv@kZcW;>p+=Loc`m47tF=&;n+WP=|FGiPeAR3kru|
z2(H2+xEo{fF6!q@hl@54>S4}8o#YD4gxjzl9>dz0@fY_xw?my=4<8lnxHtC4A;_;6
z-d&uJn=ZM3kg9vx{i;3$wX?4=Bc{LN{&W>)mPZZT0R69>*~#o}?L$zXAD@qkJ_jFL
z!(`M4YNo}DP&@k^hv9Zii6ySOom4_iSjXbVs1s;y_ChV>Bh)zKEuM$;^LZ<%<e*_2
zs>3PNk>AAZ_yRRRrfbf8W(m}@uWWG_v#&YKoQN9tQ`DngZTWBfc^_Y5RP?N_TEm}a
zlIw0K=}})ndCVfH9hb#-u@Y*6nU-H}u0t*S3v1ttI+;@#h}Y2nKQr8?qG$08^_IWD
zQJC@u|CohSPy-z>Pof68gi-hiwSe%OZlM)X?X}I8s1uF0csOc9Q_-i6bF5({YNG9C
z0_s!ngSEfHJjAJQxqih__g6wq(8%I$<^a@0V^Is7hWf#_1U1i|TReX?93|o3ku^L*
z-S`3nFv)Ef2cnKX7&SmvGtBa(%_y_FSr3QOzX|fhy(6e`>)#>LM2+vbfm>q%;!dc~
z`*>`FTkuy5y6ZmAe_<u!>i68Av`3*%Y9s2Uy@=Y_pQweVxbMu2RfzLr3+(Qr5=12)
zbwdK`bAQhA{T}dpKXI<a{EkS`^^e2<-@5#FDIHeO_B-~%zbL0EC5d;_o{ze&CFWS_
zt*ED`-B*~(11g97U3jZGmr(0Cg#0|KXE&{zcaBPO`qsen^sA4>h(qX?k@5@WM~bdL
zX>Ut;M2Vp+xBQjFJdNqDkN;oA2U>$tCFuAo<sV96;+B+1+S^fTk<*t@0ZdOk5Or0h
zd}Z}p<c|`kXHiS3C!zdG`GJy)K6mhJBA)+nyFmlIr0k_Z*GBx#RlQO4sX_b|@htp-
zcrs3>=vqds=Ukh(CnbzHo_H6fAoaJe3AAUS{Gq(w#yZxaAS>-?^%HdXmr{jTAFW{O
z{3!5-5!a=>pk$-0A$N+l#rPhvuEvy%jHRnMZGEsH>dK7iu_)~oD4O4Y<tO-@0eTZ<
zw1IqBl^dE+z9!$<b^Y&uXVE^0=qBy_;PlF4VhSG??+?65dpKnX@dv~$sh6bwociC$
z_22ou5+rv}!pTnZxA7>rAqflXkHu)KW%+N3cT*CG^OFCavYnETTnI&<q%*`jv9H=O
zJ9%9Vh{sXdQ%b*?e}FZ1CiyS*C3H+j{XX@-DRqc1;K!67DQQ_$Y04MWD^otx$XvU*
zCl&d3$dxCqhV>}5Da~oq)x{i4J*$rR&Gm|gPYC8xu8^NiIZR1y9p+NsMCnGqlavq1
zcfgsHqLiz&?ZfZz7_PPZB3aPeR|?wl(<g%Bt3vSh)r#N?${`w;S;Hjiuc$}s2Fr!M
zHRw~u7-9K^)T>)t2K<8fKirp=lGE}-$aN!rsNt?rIcPVhqCr<8{1orfwhFT<$@Led
z6Qvz_UER&+c!an$_r2q9;p0i}U28vvoowvkv_GaKp;QidvmJsabPB|uC>tsFD7w~@
zpM!~Pung1(QGaUjmo~8aj;20>a@yLCk()>TTP#OuNIe&)upM90FOQ!8=QcnD9WGMd
zTruR^TcF=scM*@WzAd;<zqI6FusY<{Q4&#KOTHobny4RSnaE9}t}6p3$Lo|ul<CC&
z{qG~tHIzhB25M?IDEBdO8REy7mBDnKqRc10>yP+Fg8EoWar%v<=oiyDHb!yk;j~S~
z5W8Qu#ZeaM`#--Tu6O8El$-ivC~+^!htzwKn}+=;x_VL?S>2!DKR?swYjV#p3-M0s
zTddDj;t3R8?P;$?J{ZU2IPJfvYjeL5P>;47-^HcGc_~S`;RZ!lZt_8xnNoxuRU`hM
z`WA|=<HRehugma7Megk@H|?z`v)_9EykF??tp<Cm^Jp6=fQc4by&~45Z}GQ|^EYxi
zDF3m0zrvw5V-u`K-|ws~-COs?EvgX|x3oqQt)n9O<cx8derN371H{RRj}xDx9z?wm
z_3F5lSXTt~Db$;~(Er~B)>e$@Guo38Kf?ce)g$*lNnb^4oQrqpe1qfx%RR$+#9<ac
zr2SLMNOBV`*MNF1%4*8b<f^clll0Lq)Y|U`a{9CGe<)k+o*lG5p>X-UZ1gHe&{Ik4
z&;}dPngLT&p7{H^Uj^GxFRi>Az~3^Mcs4~>2lD#kK`Co5j4!OMJHF@d_2xfu|EZD8
zSCMFub$?EME!{R_8A@%+ZQ}j7()#d+P;U(N88{9DX#d9A(o%nOZK57ez8QXC$xp34
zvGu>N&tg`RrAf@EB;!09;C*fgre5AUF2<{Nb0P9=h`%9TZ#j*BTRHp?OVH=d^*4Ry
zP=d&B!|XIPqkaO*CFUJWL9mCioJ3z7MyDe<33a`sei{c@tX%wC_3O0fA-5m<kUyXf
zT!n})Q=U<O<j?SLLB!RlZ^7a8ou$t}Agc`^@%EL6+*T4fDcdOph;{v9{l;Qtm-7F&
z4DCIrMcKkC(LRWJV@iGMn`ryQ?%hj0r`3J82-;F=khnqTym%0U7%(U5I!ifdHz@wd
z@~SVO>><vL`M4(=^_tYTQQllx$QR-Mu9V3nWB>Pl?Vp#)1}|j|sfb^Yf9-GOg(IJz
z5<@%%BN(t0^~`o(WxH=C@geGaXnRF{CHBKB*va}Xq~6y0`+pWCv*1hXK)W}BdUsX0
z)=_#}+coMf=%13fANBDRU2BL7v#5_S2XSudx>iuCP?A!Ha$iZx14?4rKcH`Ow}0MB
z5-BM^(O87?CpTQALv>tDT!Hc)B{O|~Bd4pQ!>dFt8};+F>sp3uD4$R=S*{Ob4W{V&
zn6k?9zHKCb@Tc7$0?!Z^qja?nf7wmyl7)H+?1CL>kF@(HSf4m@NvJoqdyi5t#o}~z
zrBop9ZEebBO2p@X8kJo%+@;|XuA}I>Wvc#^(wg{t%Wc3J^#2JLW0Xx2j#VkYk!z+K
zx$;rc(eE|6>y$DSU8~4_tv`#6w1kr9s3*`+g!*!fRg$ZuO`!U1%1lZcaz84;m4f;;
z?oCF$1tpYwb=||8_&Mb>>f<T<tWE9b_56==V+GugZ?5BSb?RaHvNV2a9fsi_l#`S&
z%e`;+JjPR$s+9NN8nXcP2lOpxn>kDD+eoKBsXU|{q3GH{sZQP_E<{Pn4XG(<tX+M&
zQKqU7R~O0vN*dxQ)K$shUE-dBR$onfTI&B&%DS<9-exL2XqZS@LW!j`qMV?p&qPWf
zmGUg$F!f6AMr!=wkUswq`zR@h1Bs)tEOx*tl*6>Oq~zuP^~9qny26P4pZ^OqHs^+q
z2p3V;)zIwkLjT`~^rfD|@)t3Zdp216XpAGyW9>C@B_$=LAZ?9lYll&&t1kJS)a$3B
zve}ZC<7U;!pkItswsxtVEIgoL^w6!*eX}JB?AjxyU$2OWh^-^~jm?-iW^i2Mabcq9
zxa<{T21k1>qGJb!c8!gV9vB<iy??)c(cK5e42~H%^#5&$3LQQ&Zv42N8l?L8P}mwh
tenX{zd!KIFnr?sLM5%5~S$cQRo}2L-HEV^04jJP{oG-9-*ZKD|{twRC)&>9o

delta 17968
zcmZ|VcX&_d|HttYi4Z~}iJ2g=V>dRjHytsfXlsNbM2SrtrKqh!OHo>*wOX21OHsR3
zvnaKT+NH(UsL}qOug`hsy86%WT-V*l{eIu~xz{<LPm;EePxvoC;qRUg3z+9{)%SOt
zD2yoNI2{5UC%CGzj?=BF<IKSBI12y7so1ZX<BY=xc+AgnhBbGbo!F|S<3wh0oLsHR
z(;oYhH|}!`BQEr^<K)E(80a{z)0j#w60I;NcEWs^ghg>QvL0t4#^F+o$75I#Ltk;6
zo>(7C;xa6Q`^<ZIo;WhW8~+K069=}@0$f%^MLUnd2&{+MupQ>cE~tg|!(bd{PCyMb
z8`+7o++2g&(3cp3+c7^LLEV2HIc(<v1~I?$Hx(_wzpZyf(U_gM3Pxf)`cB63Nmz{h
z0Mvc6Q75zxweT-76gQ(bv>&tLZ<qtGns?F7L*f|~tu%K#$LWDZP&;@VOW`bx#f>-+
zf5TKvXzw`O>g+~RPW}#_$*BDISOdd4dJAZUI;jNI2_$yp{I#+!B${A%)H7X)TG%hB
zonJ$}3->V`!xOy)mPYNo8fu){s3UHGdUP*gKJ1DbC)M&Us^82+&R;uSXdPBz4Dr`k
z0#Blj>=|mnY@HmZEat-s*bswoAZoyosQV_N9>E&aBiw>|>wiT)V9p)XNd&pCdPg6M
zT46M5!t$sis)6cQ2es2isEL|e+#YpOuc8)`j74xL>XFXH%DCLxe?g6R!P?!c*6<K@
zgidGgL;_JABg{zDfW=TJ5r<k(L)1&x4D;j5s3Y%<T2LBloXMz#&cuSa6geT+*-WJX
ziT$V@|Bkxxx_QrhW(Icg+Cx#Fl0vAXE{?UZDr&+M)WU|M7M_OcKLa)X`&dz*|D{wa
zkvNRn(Z8sZ2<Yk^bq>@(`OTuJk6&qQhOJOLdk?kqWvCO{jC$t#P%rHT)JE^478Lv%
zMW6pDDoVtnR#*!)VIvH~R;ZWsHOnWXCP+o?e7u>C`n)ekO|%L1P8~&!cOG@$Rf`{>
zs|lY|se*y8dq-Cr)v+N)VghQ1{ZTL9Sk$wghC0e+sGY9ELbwZc66aA1e}Ed#{|)c{
zFx1A1zQOtHZI2_NmDfd0)D|^h5^4vdPy<Xty*%^GFHi&RL-jk0y8k+A+$X4=XYJ;l
zR4&wli=ZBLnQpGPq6#E*617n~Y>XN(0d>S(Q41J=8h8w9r;{!I1U2wF)cxO}#@mfr
z&_UEfE}$OuHPk!t$fcsUHD`D4sKQVaN25BHM@<}$T5)Ss{{-BEiKu}i_}<pUQD!V^
z0o73x)kodm4z<uusExQis6<m4fJJa7w!(Gz7d}P}bfc#?z&+Fg9-*G?Kd1?UlWgIr
z{^hYbR>QKGX8F%hpRNtaBX^x|sKk;ufEw^2YJz}X-qGhotuzX?)6%F3Dw#D=C)E(M
zVjI*6CZfjai8{f4sQX4@RveGnnBRGqiaO3lE#L#xQLeyf{L<oMr~!UM^}m5y&|jzt
zA6q`4xA*qvMD;I*YA<Kjz^cTJ(f9cuK}8c!M7=EOs2#09P4G2pL0eI8|4$fzzhe~M
zKt0pIH@yi%QIDh`>SI~~^(kqJx~~&f!q?FE^M3{vt#Aoyz%{6jKcWUcXz@wZj?SVM
zbOp2GJygHPSPHZBp<t|89*YrIGTUNn;-P&w|H@Q$kkE?mVMi?1*Ku0nNDRbXs0n{U
zE%YRA!pk@c7x#0V!dM{LTTpe>2I4Jlh#J2+X2ao_9o=M}zg~`aNd(~s*6^{p8ue&0
zP)E80)$bR~i5E~W=PipLqVELyd-+(@LaL&^M{40(Y=tTK$fcrzdJph+I2d)LE^6S3
zs1ultx$pzjSL+H?`xewU<qxPGowN8V>K%H9>L1K(+GugqqlmNE?LZ}%L=tKtgRmr~
zp%$_XHPI?-{|dFk?UuiWI+1&*1w6Aj>p<_m5Y+gEEG~`OP#osg=f4(}7!obeAN!$x
z=%k?D_Nk~(#d6e7wT-BW4r46-ih49z-trcf5B0X!MQtPjnaCN2p*Rt>fcJg!{1;Qv
z&X=QhydL$EY{U@UhI+XUp%(CmnRSr&L#qht5mZ4<+!D2*uBcDbTc~f=8CVq8ng`JL
z`~M$Q^pZS8?d&P)$N~m?`8=p2&W9Q>8ht-4QT^Lu9_)e|X8`Jv4MuG!4YlJ5sD4v1
z6c?eZpJMB%==1s`YUle=0~|vw<UEGqE!0u|gIYkYRPTg}q58#P6|9dMClz(FqfrZ;
zjC#bgt$l7P&tC&CvW72E6K9}q*oGST2h4@XQ9HbZ+SxVK&Tgan{|~jm=U54Yhj{nJ
zV>odu^L5lW<KQ7Ye?8NwBy=Rp%&)A&9@LSYLw#)iG{c5^f2dSLwI`w8m0_rtcar%D
z>Lj+I7QELyfLicTmx><28PrKU#QGRCjGuJa5=-D9tcdTUPGApefS=4`s1rJiI`W&S
zi65dC_7AFm?%|&KQSX!+O+`mu7S*vD#$i*`&PJdnoQe@R3tQuI)WZHkz14X~c#onQ
z>XF5pEm1q~h?=k~>XG%v0{Z+9prVydLOp_+s1sR&x^Xk=hV7_+KUjPi^{h{zc6<f%
z;$76U&o<J_*Fg1ajAgJbYP`|dnfaaZ*5RD_2WsM{s1^J16Gl7FiB&KfHDG(phdr@8
zjzWD;d}{eUs3Sj%dNfy16W=$VU;y(wextn!15qE3U{uFY)KTU~Eu;i$rxj7}N^Q%(
zWG12}>TdBsbEM@bpceF=`60S`=F6yPM;WMzcVaZ|L%jnxQT?8w9#QZZ@2j~mYJoLS
zAFn2;aXO(E@+Rut8fx)4^gUwKMwX1>{58ND5@qpQ)Bu-J1KzWafoa~3!%+Q8qF%~4
zEPyqz2_|49&cpn;0kx2QsCVZiYWxf4oixs0FU@lj+F|%u?^zc|b*zb6NORQDbwLf3
zWcIiG5Y#)9hT7Q#ERC~JC;AO)q1#X=a?<jbTq+v)h9&Nqf1@VS3#uJtN5%P23oC+U
zumb8NI->e@LA@J&%`sSrcoynJR-;aEC;C4BhpFh9oI>BTMy>c6YUlpryc5cgg^4Sm
zcGw!#KM`ADUyHv&EnqL+$5W{B55Db9d>(cGEo9@a^N5O8;*9sqfx00AbyOu$E3S;%
zVO`Www?>^@8?!U&5%xs&OGS<IHfsDisD&*;E&L0N*75G3q9eS7v3L!OVV()z(N)DF
z#IK+}?<uH>CYtlG8u1F$z-LhR-$s3JgucVCU04z|eoO3&sn~@1opV&wvDie%`50>;
zUt-QF)WmHkc>@f>&BXJtD<({KoFTXl^=OK{>;1c)2DqAd5SGHIDc;YH##n}Uu(=T3
z(j<0MseylBEi5tBd)Z#c0OH=51Cx=b<qX3I_!u|hooRLg)A=)u_zcEj;ThgrpMZM#
z`l3$oZPYt3e+K8T%5qDrN4?!!P!sRREO-R{@ffQANeslxm<?~D-jRE#lld1lPS=@U
z|72AE;i!#_MSbk2%;fy_@mNA4H*Q8f!+od$&!AqK>!?TZ6t$B=v%CS~Q1`dMT-XzH
z;~>=i<FG8wKu!EDhTtyLJjYy1TtR(vJ-}$pGuwM7;!q1{j+(eLhTve-NsLDgG!u0a
zOU=(Ph<H6F<7U)5R_Z<PWb2^rcN<XA%3nksNoUj!-a-xNqINhLwS!Mk{nueH{0_@u
z%p9-%CDg#3P~#+F6->o&{1i3LcNog>&R!~cNSs7{MczQ|FiW~OP#7vMg52O#MD46T
zY9TFA3rIvwI05x>n}h1N5yNmhY9q%`^WDL4eg2)f-WN#(>WB-Yo^>_MitW*NGUz)Q
z%ue1#E$m%Xzxk+_>?734tw8l(hvB#db>9)xyKxG0YW}NKw9<R1&;K*rfFI5Co>jv8
z-VGg46ZF7}*cW4PKDNZo80yD8AMkI$iSy3)K8_tRPW@2*_M=WB?*cZVomHlyl{Q07
z&;fNrSJXtaPz&6KdIUcrUvADR)P1jg$iHf5;{K=&ZC=Q8$J&ed6CRh~cr3V>UtH<8
z2*1Z3OX%*$2fWzF{D`DOiDll~e-<^-bJVlTz1%yA7}U#E3U!omsApLRi{eX`AAtJU
z4KqJReM26=ad;D(V)6=>8%1Tq3eQ7$koXqr8EsnWxfgXZ$50D8ZTZ`le`2xUr(XZu
zW~5ohtcHQy-w1W0EnRD9XLiE^Gz_qK66%I@)XVmv<yWH~-8U8=G*6@YU9<R+#Q~pr
z3yVOF7h}3*tWwFWj#^n=)Cn{<+oN{g-5i3wh$o}^-^LR72+Ls9Dn63f6uaSKtdIYg
z^;Y|0*BR?ooNZW39Z)N*xyBo~J}Pc$CSYyiMAXN04(j8z0kz;g79TaQqP{1dpvK9*
z)-%K>&p#g(-B{QxYt}#=WfP0rTihLk$PYrjRHIQlUVy>4(>!eXvu4(HUVBBe4(iu9
zr-dcnL_PZ<sH2`?@ltEwgj&#Ei%+0-bQ%5erseNg{;9=TKDQmC#?6OXXe_!hRH|E|
z6Y5BNp$2}(oM!EFEM8)+wEQ}YH=`D^!}5E~qnLyI1<Z~&Q7`ZP&-whT67+?)qN1py
zEst7hb<~Npw77@GLs1jWMD?FzE;3h|>&?xm4ehpgKUO9F<qOVV4LR0(1LeUG;z(4!
zoaN(CZ+ARa$L`iX-&}$^(v=oxn47T_`5l;o*HQfv`F__1lUypAa5(BDCYy^<zYk=f
zZa9p(;jG1fn$J)R4f@jS7mA7tn<Xq?4mD3ri(6RicA%n(d!deUv^fzq@hsGUi_B$M
zhj_KcS5f_LV;DX$b7gq>XjHxeYWxPM`C1_xbe(S2VGQ~vG#8nxtbL=!`^*!Tzid9V
ze9%|kIQdZTPH{6HwU7?h-UmbU<7y}st!yG@!&$xt{#C2xKSiCu2Gjz-HTRfD%?qdr
z{xJWweAw6CLW-j9uW2@w`uw-0q6yxxhTayZVlMKdP|xmN%g;v*w8UI%ZZh|x#ye)7
zMt)K|7cCyW(Yt><y1pZ);(NxZiI!QMfok7u{(yQZkDGs?zOsY)+0BoBrx~jMMbvnA
z%m<c#h8jQUTd!ZiZ#jQ;EJZ@!=@qav_Ce)mn;&2v;*U^YSnE*}9kuog7)pE<^(Y@%
z-fxrFFFR_yycS1U9J|Rr|CKFK!#dQnxHW3xwy1%VET4i}z)*|Fqn`Z~%P&IpUu9;X
z7O>UaZSHre6rka#C2pYxzGwc6I+5VbUcRc?5OtI<Tl_j|f@F&aqkcHKmS2oziI=0k
ziVs`fJxxW=^djoJ|2b*_QQvt3#-fhAGHQoyQSH4@3m=Ty=`_>==9!BuzYMj|b(Y_X
zTEK4Pe%ConMStU6H*aA@;yY&HE&PH>{315M)#fd1L|lF=f1u(()B;YR7I@C$o4A1Z
zE+*r&ZQd8qBlP|MKe@j5Zj3M^u^}Ccp$1B_{2+@*SUl03Zl<Gl`XTD1R$G26YMkBX
z&z3)r#a$Y%SVPcuZz1_m0~E$-SQ*>n7Sz$@+2I+5+Hq;r1QpFXsQX)BLF{7rp_U(S
z@jP_(3_qcwfxbh<JFUYRi?5r0JH3Gmp(d<=g|Ig2{tlM!YW79_W;D#=C8&30E$a7x
zjXQb%8t8lLaKJoeUN!HdcI52x-r{i7&;NR;&wV4a9r`||s7H~4`UV|~)p0ti|1K<v
z$9Hl5N<1N<mFC>-?W`(>6E{TP&djdX-qYf@%;Dx()Iukk^UXD=1#L4AS^m6BB`*zk
zQAeL`k7u-5%WR7}sbtiGMxb`;np4blRKLYo0#}=dE&o5%Jbrt<aoj>wbVH0;(HiQY
zcG3uSLLDsbjp{$roMfh(OHuc&L+yCG#Ye3DviTR**XRE^l|VYy{lOc!32J9;EbfA8
z?}L#z(Bf&<KF3^Qt~EEI?%Qh~G>@BSFpT+~OH_)}@d0XQ1%LD`h1y9K)J~dN+|k<m
zqK<MH>Rp+I>bK1D8K_5lz~W2R{uDJ&&V6i%`JDo)U{%zL6HpxzEl#pH88zSti)UhK
z;)STM?p+vzmr&0>;3sdqSPUYrY}PiLpsR+Lsc6DZs2%r0Eo6k{UCd5A9o2uH<(Hr)
zUTg7w)P29A#<_rP@gA1Jru+F;#T3*y@9nqG|3VU4z-OodzP1iqEZ&Pc>Vp<vMNM!U
zwE*XUcl1S3_g6Bjn{_dmd=s+`>QTLZfb)NWN{S_xn(I*$ZbuDx3Mb%i7>r2=JqMxM
z$D(#L5jF5E)ECYYRR0sG1z*Op_z*RIjC;s?rnON6C7^Cdv^dF3HV2y{&2gyylg+v2
z$L8m#iNCY>5au90W4c$Za@Tx@+CjF%-j4E{F=jcl8fwAyu`o76-^rMR%(18iOtbhS
zi`RIu>ujSELWljR0nd01&L#6t^O+fR#5=lts0k~fCWyEA6$~NnYH@$mxFb<VJ`Vff
z0$<#kUp{{J8X{58uqx_?dZ-DSnr%@Ny<zcS(>153Uo0Q)`#fck(Fj|uWjAIe{uy=n
zC$T(Uvi6Xp-U^~nGgd?0-^gr<{=^9uw>P_(J<PsG?ep{&34K$fVF0G12A+>$xWfDv
zbte1G-%<UZn>mho{qvh;Q46bUaT8SkMASG*$M`%ck!BsHVj}TkiyxTTkMmg|ABkc3
zFY3OqUp$MN<;_}VGqau94Rdqf0MtVt6G}xZoNlJ4kE|H!`y*$EWe%aH`o+A2`quo@
z+Vh<7zN`wMzN{LeZ*LeyoM!QdsBtn-TiA~Jk~@Z>_za6;u9G|zeMwa~=?(ZIs^dVc
zh4Zlk9z_jU=2!kRKUTv;Jb+q2iBq0+QSBYEI^M<#YCr8g^tM=zxDTe{+|xW1{d~!O
z#s)&IxGw6@5-=Zj!xlIko8orV2O{vScc!7J1?I<rSOWQV!kLTnvGX~8#^8Nyr1taP
z#@=+PM3C5udGM(DJL+LQL=F7h%yGdcLbaDbeSXTJJ_j#Yz8dQD6mM~J)W%-MQP>@G
zqI;H#c5)px;601~MxB8FZ=T_(g%n2(RN3Oj=sPKlBHs<wo`!jGHb&w~)crfn!=A2l
zmWp1c8`cnf(d$^yEM-<f4cq|r%-dPMzvV}w9@TWqFEiJp7Pu9)(Sznm^!<@@kxDxn
zuA?T1zvP|7D`rR3%3njZ_d^YshS_ljYT)-#k76n6EnkUa@f)m()%jFwoPp*T3~@<J
zp;8+cpe8tu8t|Gr;9b-2ckf8^pz@_r{c2d;&}@U6sJoeh`V@?|_Ei`|ya|1u|1;Kb
z9rer}Tb%ofH&GGPL={mBtcm);)*3ZYU&{|eEo_SA7ohH2iT=3W;;&He+O{k9rM!oP
z20CgD7tE{XZS#LPl73H7CpYw}H}C`0M1P|O_P^%+5t9S;d9RF}uq)oduTdZ8<<}V{
zp33d(-e1;bZ+J)bD(bDBjN0)s)B-n}yRaVd5p0hkH@yWUq57wwKKE~1zR)fHt{~Pm
zno89yUfs8gj#kg)TPlO;(2WvKJ&?0I&rSEJZzJ~}&Y@&phchdvFPT5+qi;uD0XFMU
z>MxRSOqop4<;S=>Mc)-b@GA|Eh-RSvBh=@VIO<<g9+E#wT!*@@8uYJ-UsA%UPr&)K
zm!b@#=&E9Nr@otdUG8mRxgUK!n13wElLV)&VFC4vUZd}yxA~`@-8xD`$`1OKrL>}+
zc}22-*^D#a7N?`vHIVoauE1Q}v)bBwQU8tlEI-?SYio#RAYJvay5(-uc`@Y#@kz>C
z)b%dtMH)ohnpjs7>W4}eY)sKmjc^k3<HBi1ou5a(|IC+!MJYL4lDb~=aHcb0En7r$
z+9HX^VKVNg&j!p!DMT(*ZInsW@1U-t_@~vg<92duXxEk7@~StZl%%+P5}Ym8aNZnG
zPS;uDd6?4%@NJ2>5cw(ASN-l%77<ssg{M;gkb5?h&yGik(`}4HcHhsK)t~1-+!ASY
zs7M*jO$)3uRi_Mt7Nk6&o=pB9CAsun-``i`1Q??hrGkwWO};SopXlG2Qj~IuvfBFh
z!LMlFoB94{vxe?;T2H+w6S{PGg_57RH2Lo+rKo>HX+=KsYE9)n@ofBnKDss{Kl+`6
z<o8(LBgA^#hpbOE@}DU259L*YHk5;OdJ~J-QFf)Cd3{B{69hrzo?&2S1D2$%J^8n>
z7;$k7!YA07d_L6mnfU>^kra0}iH4ReWRs4j;U7v>@?U%R`F=osNWF-~ZD@<3J_?)B
zx3A@2qaH#jMqXD8V;&%`g7?UM>ZP4E<hWcX3zavheT`9+XI_I7LFY5n-=jRI+##+-
zzu~B_+yba868ZLa{IE2BN8d8mb`q<S>q$;m3%o$C1d9o#-YE0=zew_XI`p%SbBJe9
zhEo1}EhQLW34c2+{hZMCIVHgEU+K$u|A?aBbBjk=``=~`m&WQ$vXMk9e4mbGsn4+v
z<!k|eV_(Ya<a^^y%4z!M<^J{5KcM~&>bgOn{N(*{jE$rGHLE|NK9IiSiQR$(^$BWV
zHg3{SFJ1d6+sW^z(`VEl;4~a!lcW&$q5dwp$G8E<V`av;kBf+hQ`XZjnv!|_M%%9h
zl_=Y@aQ-#9L02N3W>MDtr!zk_onyqWa+9u+l%3QAtxsL<-9_$WHFAw0Ux1Q@{4^|Q
zV^6UD>hmV00dZ|#&c6REFlY~(M4blEc$iX?`c_{@W%*;w>gTNQJmPM?7XE57KQh0-
zhP2P6bfN!MyVshXO5~pE^IzT?UZo|J71t-eW)rj_7i+t?Wx3q=5~VQt8#slMLBDYn
zUE3&$<bI}PUK6OFx1b317nno8__#UwM*@j~nLY8o)tCJzr)nPhHNbChBxQ&#ya~Cc
z#JO#u&#CK*!eDacsJEp46a6RSD#{jebN%e|_qKX-6{E9$vCK+|qrQ}m-`gZHm_b|<
zKc*D0$u^ODpP1jYeE;Sk3X_PRQhuPW>krCa`t894@?)r{Q2J!C=l>=_=Jl6VI?{2h
z<#&_2OnjZvi}Hxlg4_<&H57AFUZ?+N?5#TatXS3-s(zO!6Y2A%jhj`^KlA#C&Pyqu
zP>N7G(iYFnUtn`OO(pj;-o^^}-hb}>mYl9U^gl(uEcHN)^<};P3=~RygE)*n%cy_B
zJ?;_`KM?2|VZKbmDB^<_Z^0_W5#%qZBbN^D82RPoexzhjE>UzPQ{JK8lya0(kP>EN
zeMY?t?FT3W^!!)SP=H`F?xS3$zL-v>SY=++^}B}?ZG$N6O8qg0<NvHZi27FQ6}k5*
zcCh|`U<u-E_#%#_RHDxb{r(q1ay8{Ul1(XnnKTZwQ#z5?RgY4e8+83b?k0VnVGdhh
zHQEwrd&k#<kEhuVLn*)0Zz5$3^>*C%0{wGSU!mvUlS=0GFY$89OcJTM38!L9tZtnO
z6TeIOm9mE1Ta;kxgDC0Lb20csTbOQHNWDIm!<TWol3eQIzQIjpd?Ek&o_Y<+U5c*C
zHpokulR?|!Y04_fMeFkr9~1AO|1Qh<Zss4Ci4RapbFZ$v)c^FV&K2sV^!@)el_d=D
zgi?sc7byQ)r(EPRuY1%#q;&dEt_$^o++TqS@=)JOT~|Ho`K;eUax2Ik$42DZ;yL2~
zQ4jLx`R5?`gtChA$Oecr!{}6p`f>aew^3G7*EP|@`5Qkc*V*Dt*4_crtzObjKwa*V
zdxP>5^<}Pg2shQCpG~g1u64u_Ue)){+W%=U&3&gRB`9xG=FyghALCleNB`-Y&lXXf
zc3oX5xvmiWM&&AHYWkq~aJLD!Os5<r(~j1^s4t{GnDRUIX_R+uh_&QuP#=P4$Y)*w
zRyjvoJo#9B0V}HyC5GZp`Gx#mN`A^@ns(`p@FUQ5!K{M&D8nc_EjNtzi`0)}9m-$^
zTSEDha*SA4cJ@0L-=bd#^{ceaq+W^gfcg*0)7~AMP!^H%eX-S|(x1d2#azoNbt$ir
zZ;LxART*#reTw5u@_EU<?;C($#>pS1euZ2=imq?S>DrC`tzUl3<E4H7SG%uT&=T=<
z{FE}o;u3y5o&3D7PI+#tMtOx&ksh}wJt*y!x8BW(j}Vt<c@Y#{Ur}E1)%b+a_9I1C
zG5Y#0tV`~HloS%N)^4r7|DRp+JBuk(EL+BI-azMB<QiMPCUFPqEotvby_*eo7XKnw
zoVNYc>#(>qyC;)eRIbyu*2eBZT;JP7i0}WbY+!@E?3eLT)9ht3Ru3rXmvJb?jR@%8
zqi_H8S0<FIr%K-;BWp*GPIKD#N*xm2JvFu0kksg&15;9Z^&Dc&|6f!3@ChZ-f1Z%x
ljW_9?XkR7cvv=0UXLQ;T>z6TeXP1cdj1wg@a-ZxM@qaA3#?Jr%

diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index fda3df537..0b8740cca 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -637,7 +637,7 @@ msgstr "分类"
 
 #: assets/models/node.py:20
 msgid "Key"
-msgstr ""
+msgstr "键"
 
 #: assets/models/node.py:127
 msgid "New node"
@@ -739,15 +739,15 @@ msgid "Update asset hardware info: {}"
 msgstr "更新资产硬件信息: {}"
 
 #: assets/tasks.py:230
-msgid "Test admin user connectability period: {}"
+msgid "Test admin user connectivity period: {}"
 msgstr "定期测试管理账号可连接性: {}"
 
 #: assets/tasks.py:236
-msgid "Test admin user connectability: {}"
+msgid "Test admin user connectivity: {}"
 msgstr "测试管理行号可连接性: {}"
 
 #: assets/tasks.py:246
-msgid "Test assets connectability"
+msgid "Test assets connectivity"
 msgstr "测试资产可连接性"
 
 #: assets/tasks.py:251 assets/tasks.py:316 assets/tasks.py:423
@@ -763,15 +763,15 @@ msgid "No assets, task stop"
 msgstr "没有匹配到资产，结束任务"
 
 #: assets/tasks.py:280
-msgid "Test assets connectability: {}"
+msgid "Test assets connectivity: {}"
 msgstr "测试资产可连接性: {}"
 
 #: assets/tasks.py:339
-msgid "Test system user connectability: {}"
+msgid "Test system user connectivity: {}"
 msgstr "测试系统用户可连接性: {}"
 
 #: assets/tasks.py:346
-msgid "Test system user connectability: {} => {}"
+msgid "Test system user connectivity: {} => {}"
 msgstr "测试系统用户可连接性: {} => {}"
 
 #: assets/tasks.py:414
@@ -4508,7 +4508,7 @@ msgstr "创建账户"
 
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_create.html:91
 msgid "Loading..."
-msgstr ""
+msgstr "加载中..."
 
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_create.html:106
 msgid "Load failed"
@@ -4634,7 +4634,7 @@ msgstr "更新组织"
 #~ msgid "Update assets hardware info period"
 #~ msgstr "定期更新资产硬件信息"
 
-#~ msgid "Test system user connectability period: {}"
+#~ msgid "Test system user connectivity period: {}"
 #~ msgstr "定期测试系统用户可连接性: {}"
 
 #~ msgid "Date finished"
diff --git a/apps/ops/api/adhoc.py b/apps/ops/api/adhoc.py
index e1121a7af..ded0da2e6 100644
--- a/apps/ops/api/adhoc.py
+++ b/apps/ops/api/adhoc.py
@@ -24,8 +24,10 @@ class TaskViewSet(viewsets.ModelViewSet):
 
     def get_queryset(self):
         queryset = super().get_queryset()
-        if current_org:
+        if current_org.is_real():
             queryset = queryset.filter(created_by=current_org.id)
+        else:
+            queryset = queryset.filter(created_by='')
         return queryset
 
 
diff --git a/apps/ops/views/adhoc.py b/apps/ops/views/adhoc.py
index f3efbcc70..abebfdbde 100644
--- a/apps/ops/views/adhoc.py
+++ b/apps/ops/views/adhoc.py
@@ -27,7 +27,7 @@ class TaskListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
 
     def get_queryset(self):
         queryset = super().get_queryset()
-        if current_org:
+        if current_org.is_real():
             queryset = queryset.filter(created_by=current_org.id)
         else:
             queryset = queryset.filter(created_by='')
diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index 583a8c557..f838554e1 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -46,6 +46,9 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet):
             self.permission_classes = (IsOrgAdminOrAppUser,)
         return super().get_permissions()
 
+    def allow_bulk_destroy(self, qs, filtered):
+        return qs.count() == filtered.count()
+
 
 class UserChangePasswordApi(generics.RetrieveUpdateAPIView):
     permission_classes = (IsOrgAdmin,)