From db8b0022fc32ce21a520354220a33479c05cb04c Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 15 Nov 2016 19:33:04 +0800
Subject: [PATCH] Update usergroup detail

---
 apps/assets/forms.py                          |   2 -
 apps/assets/serializers.py                    |   2 +-
 .../templates/assets/asset_group_create.html  |  11 +-
 .../templates/assets/asset_modal_list.html    |   2 -
 apps/assets/views.py                          |   8 +-
 apps/common/views.py                          |   3 -
 apps/perms/api.py                             |  82 ++++++--
 apps/perms/hands.py                           |   2 +-
 apps/perms/urls.py                            |  17 +-
 apps/users/forms.py                           |  27 ++-
 apps/users/templates/users/user_detail.html   |  60 +++---
 .../users/user_group_asset_permission.html    | 182 +++++++++++++++++
 ...ate.html => user_group_create_update.html} |  14 +-
 .../templates/users/user_group_detail.html    | 185 +++++-------------
 .../users/user_group_granted_asset.html       | 158 +++++++++++++++
 apps/users/templates/users/user_update.html   |   8 -
 apps/users/urls.py                            |   6 +
 apps/users/views.py                           |  82 ++++++--
 18 files changed, 615 insertions(+), 236 deletions(-)
 create mode 100644 apps/users/templates/users/user_group_asset_permission.html
 rename apps/users/templates/users/{user_group_create.html => user_group_create_update.html} (78%)
 create mode 100644 apps/users/templates/users/user_group_granted_asset.html

diff --git a/apps/assets/forms.py b/apps/assets/forms.py
index 62460146e..09fcc9a24 100644
--- a/apps/assets/forms.py
+++ b/apps/assets/forms.py
@@ -24,12 +24,10 @@ from common.utils import validate_ssh_private_key, ssh_pubkey_gen
 #
 
 class AssetCreateForm(forms.ModelForm):
-
     def __init__(self, *args, **kwargs):
         instance = kwargs.get('instance', None)
         if instance:
             initial = kwargs.get('initial', {})
-            #tags = instance.tags.all()
             initial['tags'] = [t.pk for t in kwargs['instance'].tags.all()]
         super(AssetCreateForm, self).__init__(*args, **kwargs)
 
diff --git a/apps/assets/serializers.py b/apps/assets/serializers.py
index be4183619..86acbff37 100644
--- a/apps/assets/serializers.py
+++ b/apps/assets/serializers.py
@@ -8,7 +8,7 @@ from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
 
 class AssetGroupSerializer(serializers.ModelSerializer):
     assets_amount = serializers.SerializerMethodField()
-    assets = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
+    # assets = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
 
     class Meta:
         model = AssetGroup
diff --git a/apps/assets/templates/assets/asset_group_create.html b/apps/assets/templates/assets/asset_group_create.html
index f1df67d53..f2dbfd3ee 100644
--- a/apps/assets/templates/assets/asset_group_create.html
+++ b/apps/assets/templates/assets/asset_group_create.html
@@ -5,13 +5,6 @@
 {% block custom_head_css_js %}
     <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
     <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-<style>
-div.dataTables_wrapper div.dataTables_filter,
-.dataTables_length {
-    float: left;
-}
-
-</style>
 {% endblock %}
 {% block content %}
 <div class="wrapper wrapper-content animated fadeInRight">
@@ -94,7 +87,7 @@ div.dataTables_wrapper div.dataTables_filter,
     $(document).ready(function () {
         $('.select2').select2();
         $('.select2-system-user').select2();
-    })
+    });
 
     $('#add_asset').on('click',function(){
         $('#modal').modal('show');
@@ -104,7 +97,7 @@ div.dataTables_wrapper div.dataTables_filter,
         show: false,
         backdrop: 'static',
         keyboard: 'false',
-        remote:"{% url 'assets:asset-modal-list' %}?group_id={{ group_id }}",
+        remote:"{% url 'assets:asset-modal-list' %}?group_id={{ group_id }}"
     });
 
     $('#modal').on('show.bs.modal',function(){
diff --git a/apps/assets/templates/assets/asset_modal_list.html b/apps/assets/templates/assets/asset_modal_list.html
index f408149f5..c24452c0e 100644
--- a/apps/assets/templates/assets/asset_modal_list.html
+++ b/apps/assets/templates/assets/asset_modal_list.html
@@ -46,9 +46,7 @@
 </div>
 
 <script type="text/javascript">
-
 $(document).ready(function(){
-
     var table = $('#editable').DataTable({
         "aLengthMenu": [[10, 25, 50, -1], ["10", "25", "50", "all"]],
         "iDisplayLength":25,
diff --git a/apps/assets/views.py b/apps/assets/views.py
index f1c1d85bb..ea8981ba9 100644
--- a/apps/assets/views.py
+++ b/apps/assets/views.py
@@ -208,7 +208,7 @@ class AssetModalListView(AdminUserRequiredMixin, ListView):
         plain_id_lists = self.request.GET.get('plain_id_lists')
         self.s = self.request.GET.get('plain_id_lists')
         if "," in str(self.s):
-            self.plain_id_lists  = [int(x) for x in self.s.split(',')]
+            self.plain_id_lists = [int(x) for x in self.s.split(',')]
         else:
             self.plain_id_lists = [self.s]
 
@@ -218,19 +218,19 @@ class AssetModalListView(AdminUserRequiredMixin, ListView):
             else:
                 plain_id_lists = [int(self.s)]
             context = {
-                'all_assets':plain_id_lists
+                'all_assets' :plain_id_lists
             }
             kwargs.update(context)
         if group_id:
             group = AssetGroup.objects.get(id=group_id)
             context = {
-                'all_assets':[x.id for x in group.assets.all()]
+                'all_assets': [x.id for x in group.assets.all()]
             }
             kwargs.update(context)
         if tag_id:
             tag = Tag.objects.get(id=tag_id)
             context = {
-                'all_assets':[x.id for x in tag.asset_set.all()]
+                'all_assets': [x.id for x in tag.asset_set.all()]
             }
             kwargs.update(context)
         return super(AssetModalListView, self).get_context_data(**kwargs)
diff --git a/apps/common/views.py b/apps/common/views.py
index 870cfbf79..5663b8b19 100644
--- a/apps/common/views.py
+++ b/apps/common/views.py
@@ -2,6 +2,3 @@ from __future__ import absolute_import, unicode_literals
 
 from django.shortcuts import render
 from django.views.generic import TemplateView
-
-
-
diff --git a/apps/perms/api.py b/apps/perms/api.py
index eefb8a448..2da014580 100644
--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@@ -2,13 +2,14 @@
 # 
 
 from rest_framework.views import APIView, Response
-from rest_framework.generics import ListAPIView
+from rest_framework.generics import ListAPIView, get_object_or_404
 from rest_framework import viewsets
 from users.backends import IsValidUser, IsSuperUser
 from common.utils import get_object_or_none
-from .utils import get_user_granted_assets, get_user_granted_asset_groups, get_user_asset_permissions
+from .utils import get_user_granted_assets, get_user_granted_asset_groups, get_user_asset_permissions, \
+    get_user_group_asset_permissions, get_user_group_granted_assets
 from .models import AssetPermission
-from .hands import AssetGrantedSerializer, User, AssetGroup, Asset, AssetGroup
+from .hands import AssetGrantedSerializer, User, UserGroup, AssetGroup, Asset, AssetGroup, AssetGroupSerializer
 from . import serializers
 
 
@@ -20,12 +21,15 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
     def get_queryset(self):
         queryset = super(AssetPermissionViewSet, self).get_queryset()
         user_id = self.request.query_params.get('user', '')
+        user_group_id = self.request.query_params.get('user-group', '')
+
         if user_id and user_id.isdigit():
-            self.user_id = user_id
-            user = get_object_or_none(User, id=int(user_id))
-            if user:
-                queryset = get_user_asset_permissions(user)
-                print(queryset)
+            user = get_object_or_404(User, id=int(user_id))
+            queryset = get_user_asset_permissions(user)
+
+        if user_group_id:
+            user_group = get_object_or_404(UserGroup, id=user_group_id)
+            queryset = get_user_group_asset_permissions(user_group)
         return queryset
 
     def get_serializer_class(self):
@@ -42,8 +46,8 @@ class RevokeUserAssetPermission(APIView):
         user_id = str(request.data.get('user_id', ''))
 
         if permission_id and user_id and permission_id.isdigit() and user_id.isdigit():
-            asset_permission = get_object_or_none(AssetPermission, id=int(permission_id))
-            user = get_object_or_none(User, id=int(user_id))
+            asset_permission = get_object_or_404(AssetPermission, id=int(permission_id))
+            user = get_object_or_404(User, id=int(user_id))
 
             if asset_permission and user:
                 asset_permission.users.remove(user)
@@ -51,7 +55,54 @@ class RevokeUserAssetPermission(APIView):
         return Response({'msg': 'failed'}, status=404)
 
 
-class UserAssetsApi(ListAPIView):
+class RevokeUserGroupAssetPermission(APIView):
+    permission_classes = (IsSuperUser,)
+
+    def put(self, request, *args, **kwargs):
+        permission_id = str(request.data.get('id', ''))
+        user_group_id = str(request.data.get('user_group_id', ''))
+
+        if permission_id and user_group_id and permission_id.isdigit() and user_group_id.isdigit():
+            asset_permission = get_object_or_404(AssetPermission, id=int(permission_id))
+            user_group = get_object_or_404(UserGroup, id=int(user_group_id))
+
+            if asset_permission and user_group:
+                asset_permission.user_groups.remove(user_group)
+                return Response({'msg': 'success'})
+        return Response({'msg': 'failed'}, status=404)
+
+
+class UserGrantedAssetsApi(ListAPIView):
+    permission_classes = (IsSuperUser,)
+    serializer_class = AssetGrantedSerializer
+
+    def get_queryset(self):
+        user_id = self.kwargs.get('pk', '')
+
+        if user_id:
+            user = get_object_or_404(User, id=user_id)
+            queryset = get_user_granted_assets(user)
+        else:
+            queryset = []
+        return queryset
+
+
+class UserGrantedAssetGroupsApi(ListAPIView):
+    permission_classes = (IsSuperUser,)
+    serializer_class = AssetGroupSerializer
+
+    def get_queryset(self):
+        user_id = self.kwargs.get('pk', '')
+
+        if user_id:
+            user = get_object_or_404(User, id=user_id)
+            queryset = get_user_granted_asset_groups(user)
+        else:
+            queryset = []
+        return queryset
+
+
+class MyGrantedAssetsApi(ListAPIView):
     permission_classes = (IsValidUser,)
     serializer_class = AssetGrantedSerializer
 
@@ -59,11 +110,12 @@ class UserAssetsApi(ListAPIView):
         user = self.request.user
         if user:
             queryset = get_user_granted_assets(user)
-            return queryset
-        return []
+        else:
+            queryset = []
+        return queryset
 
 
-class UserAssetsGroupsApi(APIView):
+class MyGrantedAssetsGroupsApi(APIView):
     permission_classes = (IsValidUser,)
 
     def get(self, request, *args, **kwargs):
@@ -87,7 +139,7 @@ class UserAssetsGroupsApi(APIView):
         return Response(asset_groups_json, status=200)
 
 
-class UserAssetsGroupAssetsApi(ListAPIView):
+class MyAssetGroupAssetsApi(ListAPIView):
     permission_classes = (IsValidUser,)
     serializer_class = AssetGrantedSerializer
 
diff --git a/apps/perms/hands.py b/apps/perms/hands.py
index 714aa39d5..eac38f7d0 100644
--- a/apps/perms/hands.py
+++ b/apps/perms/hands.py
@@ -4,7 +4,7 @@
 from users.utils import AdminUserRequiredMixin
 from users.models import User, UserGroup
 from assets.models import Asset, AssetGroup, SystemUser
-from assets.serializers import AssetGrantedSerializer
+from assets.serializers import AssetGrantedSerializer, AssetGroupSerializer
 
 
 def associate_system_users_with_assets(system_users, assets, asset_groups):
diff --git a/apps/perms/urls.py b/apps/perms/urls.py
index 10bb972cd..1c23b5987 100644
--- a/apps/perms/urls.py
+++ b/apps/perms/urls.py
@@ -26,12 +26,21 @@ router = routers.DefaultRouter()
 router.register('v1/asset-permissions', api.AssetPermissionViewSet, 'api-asset-permission')
 
 urlpatterns += [
-    url(r'^v1/user/assets/$', api.UserAssetsApi.as_view(), name='api-user-assets'),
+    url(r'^v1/user/my/assets/$', api.MyGrantedAssetsApi.as_view(), name='api-my-assets'),
+    url(r'^v1/user/my/asset-groups/$', api.MyGrantedAssetsGroupsApi.as_view(), name='api-my-asset-groups'),
+    url(r'^v1/user/my/asset-group/(?P<pk>[0-9]+)/assets/$', api.MyAssetGroupAssetsApi.as_view(),
+        name='user-my-asset-group-assets'),
+
+    # Select user or user group permission of asset or asset group
+    url(r'^v1/user/(?P<pk>[0-9]+)/assets/$', api.UserGrantedAssetsApi.as_view(), name='api-user-assets'),
+    url(r'^v1/user/(?P<pk>[0-9]+)/asset-groups/$', api.UserGrantedAssetGroupsApi.as_view(),
+        name='api-user-asset-groups'),
+
+    # Revoke permission api
     url(r'^v1/asset-permissions/user/revoke/', api.RevokeUserAssetPermission.as_view(),
         name='revoke-user-asset-permission'),
-    url(r'^v1/user/asset-groups/$', api.UserAssetsGroupsApi.as_view(), name='api-user-asset-groups'),
-    url(r'^v1/user/asset-group/(?P<pk>[0-9]+)/assets/$', api.UserAssetsGroupAssetsApi.as_view(),
-        name='user-asset-groups-assets'),
+    url(r'^v1/asset-permissions/user-group/revoke/', api.RevokeUserGroupAssetPermission.as_view(),
+        name='revoke-user-group-asset-permission'),
 ]
 
 urlpatterns += router.urls
diff --git a/apps/users/forms.py b/apps/users/forms.py
index bc8079f3b..a5827d960 100644
--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -19,7 +19,6 @@ class UserLoginForm(AuthenticationForm):
 
 
 class UserCreateUpdateForm(forms.ModelForm):
-
     class Meta:
         model = User
         fields = [
@@ -37,7 +36,6 @@ class UserCreateUpdateForm(forms.ModelForm):
 
 
 class UserBulkImportForm(forms.ModelForm):
-
     class Meta:
         model = User
         fields = ['username', 'email', 'enable_otp', 'role']
@@ -62,7 +60,6 @@ class UserBulkImportForm(forms.ModelForm):
 
 
 class UserGroupForm(forms.ModelForm):
-
     class Meta:
         model = UserGroup
         fields = [
@@ -101,7 +98,6 @@ class UserPrivateAssetPermissionForm(forms.ModelForm):
 
     def save(self, commit=True):
         self.instance = super(UserPrivateAssetPermissionForm, self).save(commit=commit)
-        self.instance.private_for = 'U'
         self.instance.users = [self.user]
         self.instance.save()
         return self.instance
@@ -121,5 +117,28 @@ class UserPrivateAssetPermissionForm(forms.ModelForm):
         }
 
 
+class UserGroupPrivateAssetPermissionForm(forms.ModelForm):
+
+    def save(self, commit=True):
+        self.instance = super(UserGroupPrivateAssetPermissionForm, self).save(commit=commit)
+        self.instance.user_groups = [self.user_group]
+        self.instance.save()
+        return self.instance
+
+    class Meta:
+        model = AssetPermission
+        fields = [
+            'assets', 'asset_groups', 'system_users', 'name',
+        ]
+        widgets = {
+            'assets': forms.SelectMultiple(attrs={'class': 'select2',
+                                                  'data-placeholder': _('Select assets')}),
+            'asset_groups': forms.SelectMultiple(attrs={'class': 'select2',
+                                                        'data-placeholder': _('Select asset groups')}),
+            'system_users': forms.SelectMultiple(attrs={'class': 'select2',
+                                                        'data-placeholder': _('Select system users')}),
+        }
+
+
 class FileForm(forms.Form):
     excel = forms.FileField()
diff --git a/apps/users/templates/users/user_detail.html b/apps/users/templates/users/user_detail.html
index 9b7a48761..3b05450b6 100644
--- a/apps/users/templates/users/user_detail.html
+++ b/apps/users/templates/users/user_detail.html
@@ -23,7 +23,9 @@
                             <li>
                                 <a href="{% url 'users:user-asset-permission' pk=user.id %}" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'Asset permission' %}</a>
                             </li>
-                            <li><a href="{% url 'users:user-granted-asset' pk=user.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset granted' %}</a></li>
+                            <li>
+                                <a href="{% url 'users:user-granted-asset' pk=user.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset granted' %}</a>
+                            </li>
                             <li class="pull-right">
                                 <a class="btn btn-outline btn-default" href="{% url 'users:user-update' pk=user.id %}"><i class="fa fa-edit"></i>Update</a>
                             </li>
@@ -53,7 +55,7 @@
                                         <tbody>
                                         <tr class="no-borders-tr">
                                             <td colspan="2">
-                                                <img src="{{ user | user_avatar_url }}" class="img-circle" width="64" height="64">
+                                                <img src="{{ user|user_avatar_url }}" class="img-circle" width="64" height="64">
                                             </td>
                                         </tr>
                                         <tr>
@@ -185,7 +187,7 @@
                                         <form>
                                             <tr>
                                                 <td colspan="2" class="no-borders">
-                                                    <select data-placeholder="{% trans 'Join user groups' %}" id="slct_groups" class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                    <select data-placeholder="{% trans 'Join user groups' %}" id="groups_selected" class="select2" style="width: 100%" multiple="" tabindex="4">
                                                         {% for group in groups %}
                                                         <option value="{{ group.id }}" id="opt_{{ group.id }}">{{ group.name }}</option>
                                                         {% endfor %}
@@ -194,16 +196,18 @@
                                             </tr>
                                             <tr>
                                                 <td colspan="2" class="no-borders">
-                                                    <button type="button" class="btn btn-info btn-small" id="btn_add_user_group">{% trans 'Join' %}</button>
+                                                    <button type="button" class="btn btn-info btn-small" id="btn_join_group">{% trans 'Join' %}</button>
                                                 </td>
                                             </tr>
                                         </form>
 
                                         {% for group in user.groups.all %}
                                         <tr>
-                                          <td ><b class="bdg_user_group" data-gid={{ group.id }}>{{ group.name }}</b></td>
+                                          <td >
+                                              <b class="bdg_group" data-gid={{ group.id }}>{{ group.name }}</b>
+                                          </td>
                                           <td>
-                                              <button class="btn btn-danger pull-right btn-xs btn_delete_user_group" type="button"><i class="fa fa-minus"></i></button>
+                                              <button class="btn btn-danger pull-right btn-xs btn_leave_group" type="button"><i class="fa fa-minus"></i></button>
                                           </td>
                                         </tr>
                                         {% endfor %}
@@ -221,29 +225,29 @@
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-jumpserver.selected_groups = {};
+jumpserver.groups_selected = {};
 
-function updateUserGroups(user_groups) {
+function updateUserGroups(groups) {
     var the_url = "{% url 'users:api-user-update-group' pk=user.id %}";
     var body = {
-        groups: Object.assign([], user_groups)
+        groups: Object.assign([], groups)
     };
     var success = function(data) {
         // remove all the selected groups from select > option and rendered ul element;
         $('.select2-selection__rendered').empty();
-        $('#slct_groups').val('');
-        $.map(jumpserver.selected_groups, function(group_name, index) {
+        $('#groups_selected').val('');
+        $.map(jumpserver.groups_selected, function(group_name, index) {
             $('#opt_' + index).remove();
             // change tr html of user groups.
             $('.group_edit tbody').append(
                 '<tr>' +
-                '<td><b class="bdg_user_group" data-gid="' + index + '">' + group_name + '</b></td>' +
-                '<td><button class="btn btn-danger btn-xs pull-right btn_delete_user_group" type="button"><i class="fa fa-minus"></i></button></td>' +
+                '<td><b class="bdg_group" data-gid="' + index + '">' + group_name + '</b></td>' +
+                '<td><button class="btn btn-danger btn-xs pull-right btn_leave_group" type="button"><i class="fa fa-minus"></i></button></td>' +
                 '</tr>'
             )
         });
-        // clear jumpserver.selected_groups
-        jumpserver.selected_groups = {};
+        // clear jumpserver.groups_selected
+        jumpserver.groups_selected = {};
     };
     APIUpdateAttr({
         url: the_url,
@@ -255,10 +259,10 @@ $(document).ready(function() {
     $('.select2').select2()
         .on('select2:select', function(evt) {
             var data = evt.params.data;
-            jumpserver.selected_groups[data.id] = data.text;
+            jumpserver.groups_selected[data.id] = data.text;
         }).on('select2:unselect', function(evt) {
             var data = evt.params.data;
-            delete jumpserver.selected_groups[data.id]
+            delete jumpserver.groups_selected[data.id]
         })
 }).on('click', '#is_active', function() {
     var the_url = "{% url 'users:api-user-detail' pk=user.id %}";
@@ -284,32 +288,32 @@ $(document).ready(function() {
         body: JSON.stringify(body),
         success_message: success
     });
-}).on('click', '#btn_add_user_group', function() {
-    if (Object.keys(jumpserver.selected_groups).length === 0) {
+}).on('click', '#btn_join_group', function() {
+    if (Object.keys(jumpserver.groups_selected).length === 0) {
         return false;
     }
-    var user_groups = $('.bdg_user_group').map(function() {
+    var groups = $('.bdg_group').map(function() {
         return $(this).data('gid');
     }).get();
-    $.map(jumpserver.selected_groups, function(value, index) {
-        user_groups.push(parseInt(index));
+    $.map(jumpserver.groups_selected, function(value, index) {
+        groups.push(parseInt(index));
         $('#opt_' + index).remove();
     });
-    updateUserGroups(user_groups)
-}).on('click', '.btn_delete_user_group', function() {
+    updateUserGroups(groups)
+}).on('click', '.btn_leave_group', function() {
     var $this = $(this);
     var $tr = $this.closest('tr');
-    var $badge = $tr.find('.bdg_user_group');
+    var $badge = $tr.find('.bdg_group');
     var gid = $badge.data('gid');
     var group_name = $badge.html() || $badge.text();
-    $('#slct_groups').append(
+    $('#groups_selected').append(
         '<option value="' + gid + '" id="opt_' + gid + '">' + group_name + '</option>'
     );
     $tr.remove();
-    var user_groups = $('.bdg_user_group').map(function() {
+    var groups = $('.bdg_group').map(function() {
         return $(this).data('gid');
     }).get();
-    updateUserGroups(user_groups)
+    updateUserGroups(groups)
 }).on('click', '#btn_reset_password', function() {
     function doReset() {
         var the_url = '{% url "users:api-user-reset-password" pk=user.id %}';
diff --git a/apps/users/templates/users/user_group_asset_permission.html b/apps/users/templates/users/user_group_asset_permission.html
new file mode 100644
index 000000000..e2458ffa4
--- /dev/null
+++ b/apps/users/templates/users/user_group_asset_permission.html
@@ -0,0 +1,182 @@
+{% extends 'base.html' %}
+{% load common_tags %}
+{% load users_tags %}
+{% load bootstrap %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
+    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
+{% endblock %}
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'users:user-group-detail' pk=user_group.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'User detail' %} </a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'users:user-group-asset-permission' pk=user_group.id %}" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'Asset permission' %}</a>
+                            </li>
+                            <li>
+                                <a href="{% url 'users:user-granted-asset' pk=user_group.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset granted' %}</a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-7" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span style="float: left">{% trans 'Asset permission of ' %} <b>{{ user_group.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table table-hover " id="user_group_permissions_table" >
+                                        <thead>
+                                            <tr>
+                                                <th class="text-center">
+                                                    <input type="checkbox" id="check_all" class="ipt_check_all" >
+                                                </th>
+                                                <th>{% trans 'Name' %}</th>
+                                                <th>{% trans 'Asset' %}</th>
+                                                <th>{% trans 'Asset group' %}</th>
+                                                <th>{% trans 'System user' %}</th>
+                                                <th>{% trans 'Valid' %}</th>
+                                                <th></th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
+                            <div class="panel panel-primary">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Quick create permission for user group' %}
+                                </div>
+                                <div class="panel-body">
+                                    <form method="post" action="{% url 'users:user-group-asset-permission-create' pk=user_group.id %}">
+                                        <table class="table">
+                                            <tbody>
+                                                {% csrf_token %}
+                                                <tr class="no-borders-tr">
+                                                    <td colspan="1" style="padding-top: 0">
+                                                        {{ form.name|bootstrap }}
+                                                    </td>
+                                                </tr>
+                                                <tr class="no-borders-tr">
+                                                    <td colspan="1" style="padding-top: 0">
+                                                        {{ form.assets|bootstrap }}
+                                                    </td>
+                                                </tr>
+                                                <tr class="no-borders-tr">
+                                                    <td colspan="1" style="padding-top: 0">
+                                                        {{ form.asset_groups|bootstrap }}
+                                                    </td>
+                                                </tr>
+                                                <tr class="no-borders-tr">
+                                                    <td colspan="1" style="padding-top: 0">
+                                                        {{ form.system_users|bootstrap }}
+                                                    </td>
+                                                </tr>
+                                                <tr class="no-borders-tr">
+                                                    <td>
+                                                        <button type="submit" class="btn btn-primary btn-sm">{% trans 'Submit' %}</button>
+                                                    </td>
+                                                </tr>
+                                            </tbody>
+                                        </table>
+                                    </form>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+{% endblock %}
+{% block custom_foot_js %}
+    <script>
+        $(document).ready(function () {
+            $('.select2').select2();
+            var options = {
+                ele: $('#user_group_permissions_table'),
+                buttons: [],
+                order: [],
+                select: [],
+                columnDefs: [
+                    {targets: 1, createdCell: function (td, cellData, rowData) {
+                        var detail_btn = '<a href="{% url "perms:asset-permission-detail" pk=99991937 %}">' + cellData + '</a>';
+                        $(td).html(detail_btn.replace('99991937', rowData.id));
+                     }},
+                    {targets: 2, createdCell: function (td, cellData, rowData) {
+                        var dataLength = cellData.length;
+                        $(td).html(dataLength);
+                    }},
+                    {targets: 3, createdCell: function (td, cellData, rowData) {
+                        var dataLength = cellData.length;
+                        $(td).html(dataLength);
+                    }},
+                    {targets: 4, createdCell: function (td, cellData, rowData) {
+                        var dataLength = cellData.length;
+                        $(td).html(dataLength);
+                    }},
+                    {targets: 5, createdCell: function (td, cellData) {
+                        if (!cellData) {
+                            $(td).html('<i class="fa fa-times text-danger"></i>')
+                        } else {
+                            $(td).html('<i class="fa fa-check text-navy"></i>')
+                        }
+                    }},
+                    {targets: 6, createdCell: function (td, cellData, rowData) {
+                        var btn = '<button class="btn btn-danger btn-xs btn_del_permission" id=99991937 type="button" style="float: right;"><i class="fa fa-minus"></i></button>';
+                        btn = btn.replace('99991937', cellData);
+                        $(td).html(btn)
+                     }}
+                ],
+                ajax_url: '{% url "perms:api-asset-permission-list" %}?user-group={{ user_group.id }}',
+                columns: [{data: function(){return ""}}, {data: "name" }, {data: "assets" }, {data: "asset_groups"},
+                    {data: "system_users"}, {data: "is_active"}, {data: "id"}]
+            };
+            jumpserver.initDataTable(options);
+        }).on('click', '.btn_del_permission', function () {
+            var $this = $(this);
+            var body = {
+                id: $this.attr('id'),
+                user_group_id: {{ user_group.id }}
+            };
+            console.log(body);
+            var the_url = "{% url 'perms:revoke-user-group-asset-permission' %}";
+            var success = function () {
+                $this.closest('tr').remove();
+            };
+            APIUpdateAttr({
+                url: the_url,
+                body: JSON.stringify(body),
+                method: 'PUT',
+                success_message: '{% trans "Revoke Successfully!" %}',
+                success: success
+            });
+        })
+    </script>
+{% endblock %}
\ No newline at end of file
diff --git a/apps/users/templates/users/user_group_create.html b/apps/users/templates/users/user_group_create_update.html
similarity index 78%
rename from apps/users/templates/users/user_group_create.html
rename to apps/users/templates/users/user_group_create_update.html
index 2cc835ee4..abb18a239 100644
--- a/apps/users/templates/users/user_group_create.html
+++ b/apps/users/templates/users/user_group_create_update.html
@@ -19,20 +19,21 @@
                         <form method="post" class="form-horizontal" action="" >
                             {% csrf_token %}
                             {{ form.name|bootstrap_horizontal }}
-
                             <div class="form-group">
                               <label for="users" class="col-sm-2 control-label">{% trans 'Users' %}</label>
                                 <div class="col-sm-9">
-                                    <select name="users" id="users" data-placeholder="{% trans 'Select User' %}" class="select2 form-control m-b" multiple  tabindex="2">
+                                    <select name="users" id="id_users" data-placeholder="{% trans 'Select User' %}" class="select2 form-control m-b" multiple  tabindex="2">
                                         {% for user in users %}
-                                            <option value="{{ user.id }}">{{ user.name }}</option>
+                                            {% if user.id in group_users %}
+                                            <option value="{{ user.id }}" selected>{{ user.name }}</option>
+                                            {% else %}
+                                                <option value="{{ user.id }}">{{ user.name }}</option>
+                                            {% endif %}
                                         {% endfor %}
                                     </select>
                                 </div>
                             </div>
-
                             {{ form.comment|bootstrap_horizontal }}
-
                             <div class="form-group">
                                 <div class="col-sm-4 col-sm-offset-2">
                                     <button class="btn btn-white" type="reset">{% trans 'Cancel' %}</button>
@@ -45,11 +46,12 @@
             </div>
         </div>
     </div>
+    {% include "users/_select_user_modal.html" %}
 {% endblock %}
 {% block custom_foot_js %}
 <script>
 $(document).ready(function () {
-    $('.select2').select2().val([{{ group_users }}]).trigger("change");
+    $('.select2').select2();
 })
 </script>
 {% endblock %}
diff --git a/apps/users/templates/users/user_group_detail.html b/apps/users/templates/users/user_group_detail.html
index 349233efc..cffa9930a 100644
--- a/apps/users/templates/users/user_group_detail.html
+++ b/apps/users/templates/users/user_group_detail.html
@@ -10,54 +10,6 @@
     <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
     <script src="{% static "js/plugins/sweetalert/sweetalert.min.js" %}"></script>
     <script src="{% static "js/plugins/dataTables/dataTables.min.js" %}"></script>
-    <style>
-        .user_div {
-            color: #5e5e5e;
-            font-family: "Open Sans";
-            padding: 3px 8px;
-            text-shadow: none;
-        }
-        .user_div .ui_container {
-            background-color: #d1dade;
-            width: 100%;
-        }
-        .user_div a {
-            color: #5e5e5e;
-        }
-        .user_div .remove {
-            color: #fff;
-        }
-        dl {
-          width: 100%;
-          overflow: hidden;
-          padding: 0;
-          margin: 10px;
-          border-bottom: 1px solid #e7eaec;
-        }
-        dt {
-          float: left;
-          width: 30%;
-          padding: 0;
-          margin: 0
-        }
-        dd {
-          float: left;
-          width: 70%;
-          padding: 0;
-          margin: 0
-        }
-        
-        #group_user_row dt {
-          border-bottom: 1px solid #e7eaec;
-          width: 100%;
-          margin-bottom: 20px;
-        }
-        
-        #group_user_row dd {
-          width: 100%;
-          overflow: auto;
-        }
-    </style>
 {% endblock %}
 {% block content %}
     <div class="wrapper wrapper-content animated fadeInRight">
@@ -69,6 +21,15 @@
                             <li class="active">
                                 <a href="{% url 'users:user-group-detail' pk=user_group.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'User Group Detail' %} </a>
                             </li>
+                            <li>
+                                <a href="{% url 'users:user-group-asset-permission' pk=user_group.id %}" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'Asset permission' %}</a>
+                            </li>
+                            <li>
+                                <a href="{% url 'users:user-granted-asset' pk=user.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset granted' %}</a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-default" href="{% url 'users:user-group-update' pk=user_group.id %}"><i class="fa fa-edit"></i>Update</a>
+                            </li>
                         </ul>
                     </div>
                     <div class="tab-content">
@@ -110,7 +71,7 @@
                             </div>
                         </div>
                         <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
-                            <div class="panel panel-info">
+                            <div class="panel panel-primary">
                                 <div class="panel-heading">
                                     <i class="fa fa-info-circle"></i> {% trans 'User' %}
                                 </div>
@@ -120,7 +81,7 @@
                                         <form>
                                             <tr>
                                                 <td colspan="2" class="no-borders">
-                                                    <select data-placeholder="{% trans 'Add user' %}" id="slct_groups" class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                    <select data-placeholder="{% trans 'Add user' %}" id="slct_users" class="select2" style="width: 100%" multiple="" tabindex="4">
                                                         {% for user in users %}
                                                         <option value="{{ user.id }}" id="opt_{{ user.id }}">{{ user.name }}</option>
                                                         {% endfor %}
@@ -129,7 +90,7 @@
                                             </tr>
                                             <tr>
                                                 <td colspan="2" class="no-borders">
-                                                    <button type="button" class="btn btn-info btn-small" id="btn_add_user_group">{% trans 'Add' %}</button>
+                                                    <button type="button" class="btn btn-primary btn-small" id="btn_add_user">{% trans 'Add' %}</button>
                                                 </td>
                                             </tr>
                                         </form>
@@ -138,7 +99,7 @@
                                         <tr>
                                           <td ><b class="bdg_user" data-uid={{ user.id }}>{{ user.name }}</b></td>
                                           <td>
-                                              <button class="btn btn-danger pull-right btn-xs btn_delete_user" type="button"><i class="fa fa-minus"></i></button>
+                                              <button class="btn btn-danger pull-right btn-xs btn_remove_user" type="button"><i class="fa fa-minus"></i></button>
                                           </td>
                                         </tr>
                                         {% endfor %}
@@ -152,33 +113,32 @@
             </div>
         </div>
     </div>
-    {% include "users/_select_user_modal.html" %}
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-jumpserver.selected_groups = {};
+jumpserver.users_selected = {};
 
 function updateGroupMember(users) {
     var the_url = "{% url 'users:api-user-group-update-user' pk=user_group.id %}";
     var body = {
-        groups: Object.assign([], users)
+        users: Object.assign([], users)
     };
     var success = function(data) {
         // remove all the selected groups from select > option and rendered ul element;
         $('.select2-selection__rendered').empty();
         $('#slct_users').val('');
-        $.map(jumpserver.selected_groups, function(user_name, index) {
+        $.map(jumpserver.users_selected, function(user_name, index) {
             $('#opt_' + index).remove();
             // change tr html of users
             $('.user_edit tbody').append(
                 '<tr>' +
                 '<td><b class="bdg_user" data-uid="' + index + '">' + user_name + '</b></td>' +
-                '<td><button class="btn btn-danger btn-xs pull-right btn_delete_user" type="button"><i class="fa fa-minus"></i></button></td>' +
+                '<td><button class="btn btn-danger btn-xs pull-right btn_remove_user" type="button"><i class="fa fa-minus"></i></button></td>' +
                 '</tr>'
             )
         });
         // clear jumpserver.selected_groups
-        jumpserver.selected_users = {};
+        jumpserver.users_selected = {};
     };
     APIUpdateAttr({
         url: the_url,
@@ -188,93 +148,42 @@ function updateGroupMember(users) {
 }
 
 $(document).ready(function () {
-   $('.select2').select2();
-}).on('click', '.btn_remove', function(){
-    var $this = $(this);
-    var uid = $this.data('uid');
-    var the_url = '{% url "users:api-user-group-detail" pk=user_group.id %}'.replace('99991937', uid);
-    var success = function(){
-        $this.closest('.user_div').remove();
-    };
-    var error = function(){};
-    APIUpdateAttr({url: the_url, body: "{}", method: "DELETE", success: success, error: error});
-    return false;
-}).on('click', '.btn_delete_user', function() {
+   $('.select2').select2()
+          .on('select2:select', function(evt) {
+            var data = evt.params.data;
+            jumpserver.users_selected[data.id] = data.text;
+        }).on('select2:unselect', function(evt) {
+            var data = evt.params.data;
+            delete jumpserver.users_selected[data.id]
+        })
+}).on('click', '.btn_remove_user', function() {
     var $this = $(this);
     var $tr = $this.closest('tr');
-    var $badge = $tr.find('.bdg_user_group');
-    var gid = $badge.data('gid');
-    var group_name = $badge.html() || $badge.text();
-    $('#slct_groups').append(
-        '<option value="' + gid + '" id="opt_' + gid + '">' + group_name + '</option>'
+    var $badge = $tr.find('.bdg_user');
+    var uid = $badge.data('uid');
+    var user_name = $badge.html() || $badge.text();
+    $('#slct_users').append(
+        '<option value="' + uid + '" id="opt_' + uid + '">' + user_name + '</option>'
     );
     $tr.remove();
-    var user_groups = $('.bdg_user_group').map(function() {
-        return $(this).data('gid');
+    var users = $('.bdg_user').map(function() {
+        return $(this).data('uid');
     }).get();
-    updateUserGroups(user_groups)
-}).on('shown.bs.modal', '#select_user_modal', function() {
-    if ($.fn.dataTable.isDataTable('#select_user_table')) {
-        return true;
+    console.log(users);
+    updateGroupMember(users)
+}).on('click', '#btn_add_user', function() {
+    if (Object.keys(jumpserver.users_selected).length === 0) {
+        return false;
     }
-    var options = {
-        ele: $('#select_user_table'),
-        pageLength: 10,
-        buttons: [],
-        columnDefs: [
-            {targets: 6, createdCell: function (td, cellData) {
-                if (!cellData) {
-                    $(td).html('<i class="fa fa-times text-danger"></i>')
-                } else {
-                    $(td).html('<i class="fa fa-check text-navy"></i>')
-                }
-             }},
-            {targets: 4, createdCell: function (td, cellData) {
-                var innerHtml = cellData.length > 8 ? cellData.substring(0, 8) + '...': cellData;
-                $(td).html('<a href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</a>');
-             }}
-        ],
-        ajax_url: '{% url "users:api-user-list" %}',
-        columns: [{data: function(){return ""}}, {data: "username" }, {data: "name" }, {data: "get_role_display" }, {data: "group_display" },
-                  {data: function(){return 999}}, {data: "active_display" }],
-    };
-    jumpserver.initDataTable(options);
-}).on('click', '#btn_select_user', function() {
-    var $data_table = $('#select_user_table').DataTable();
-    var plain_id_list = [];
-    var selected_users = [];
-    $data_table.rows({selected: true}).every(function(){
-        plain_id_list.push(this.data().id);
-        selected_users.push({id: this.data().id, name: this.data().name});
+    var users = $('.bdg_user').map(function() {
+        return $(this).data('uid');
+    }).get();
+    $.map(jumpserver.users_selected, function(value, index) {
+        users.push(parseInt(index));
+        $('#opt_' + index).remove();
     });
-    if (plain_id_list === []) {
-        return false;
-    };
-    var body = {
-        id: {{ user_group.id }},
-        users: plain_id_list.map(Number)
-    };
-    $('#select_user_modal').modal('hide');
-    var the_url = "{% url 'users:api-user-group-detail' pk=user_group.id %}";
-    var success = function() {
-        toastr.success('{% trans "The selected users has been added to current group." %}');
-        var html = "";
-        $.each(selected_users, function(index, user) {
-            html += [
-                '<div class="col-sm-4 user_div"><div class="ui_container row"><div class="col-xs-9"><a title="',
-                user.name,
-                '" data-toggle="tooltip" href="',
-                '{% url "users:user-detail" pk=99991937 %}'.replace(99991937, user.id),
-                '">',
-                user.name.length >=13 ? user.name.substring(0, 12) + '...' : user.name,
-                '</a></div><div class="col-xs-3"><a data-uid="',
-                user.id,
-                '" class="btn_remove m-l-5"><i class="remove fa fa-times-circle"></i></a></div></div></div>\n',
-            ].join("");
-        });
-        $(html).appendTo($('#group_user_container'));
-    };
-    APIUpdateAttr({url: the_url, body: JSON.stringify(body), success: success});
+    console.log(users);
+    updateGroupMember(users)
 })
 </script>
 {% endblock %}
diff --git a/apps/users/templates/users/user_group_granted_asset.html b/apps/users/templates/users/user_group_granted_asset.html
new file mode 100644
index 000000000..dbe031904
--- /dev/null
+++ b/apps/users/templates/users/user_group_granted_asset.html
@@ -0,0 +1,158 @@
+{% extends 'base.html' %}
+{% load common_tags %}
+{% load users_tags %}
+{% load bootstrap %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
+    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
+{% endblock %}
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'users:user-group-detail' pk=user_group.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'User detail' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'users:user-group-asset-permission' pk=user_group.id %}" class="text-center"><i class="fa fa-bar-chart-o"></i> {% trans 'Asset permission' %}</a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'users:user-group-granted-asset' pk=user_group.id %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Asset granted' %}</a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-7" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span style="float: left">{% trans 'Assets granted of ' %} <b>{{ user_group.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table table-hover " id="user_assets_table" >
+                                        <thead>
+                                            <tr>
+                                                <th class="text-center"></th>
+                                                <th>{% trans 'Hostname' %}</th>
+                                                <th>{% trans 'IP' %}</th>
+                                                <th>{% trans 'Port' %}</th>
+                                                <th>{% trans 'System user' %}</th>
+                                                <th>{% trans 'Valid' %}</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span style="float: left">{% trans 'Asset groups granted of ' %} <b>{{ user_group.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table table-hover" id="user_asset_groups_table" >
+                                        <thead>
+                                            <tr>
+                                                <th></th>
+                                                <th>{% trans 'Name' %}</th>
+                                                <th>{% trans 'Asset' %}</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+{% endblock %}
+{% block custom_foot_js %}
+    <script>
+        $(document).ready(function () {
+            $('.select2').select2();
+            var options = {
+                ele: $('#user_assets_table'),
+                buttons: [],
+                order: [],
+                select: [],
+                columnDefs: [
+                    {targets: 1, createdCell: function (td, cellData, rowData) {
+                        var detail_btn = '<a href="{% url "assets:asset-detail" pk=99991937 %}">' + cellData + '</a>';
+                        $(td).html(detail_btn.replace('99991937', rowData.id));
+                     }},
+                    {targets: 4, createdCell: function (td, cellData, rowData) {
+                        if (cellData.length > 10){
+                            $(td).html(cellData.substring(1, 10) + '..')
+                        } else {
+                            $(td).html(cellData)
+                        }
+                    }},
+                    {targets: 5, createdCell: function (td, cellData) {
+                        if (!cellData) {
+                            $(td).html('<i class="fa fa-times text-danger"></i>')
+                        } else {
+                            $(td).html('<i class="fa fa-check text-navy"></i>')
+                        }
+                    }}
+                ],
+                ajax_url: '{% url "perms:api-user-assets" %}',
+                columns: [{data: function(){return ""}}, {data: "hostname" }, {data: "ip" }, {data: "port"},
+                    {data: "system_users_join"}, {data: "is_active"}]
+            };
+            var options2 = {
+                ele: $('#user_asset_groups_table'),
+                buttons: [],
+                order: [],
+                select: [],
+                columnDefs: [
+                    {targets: 1, createdCell: function (td, cellData, rowData) {
+                        var detail_btn = '<a href="{% url "assets:asset-group-detail" pk=99991937 %}">' + cellData + '</a>';
+                        $(td).html(detail_btn.replace('99991937', rowData.id));
+                     }}
+                ],
+                ajax_url: '{% url "perms:api-user-asset-groups" %}',
+                columns: [{data: function(){return ""}}, {data: "name" }, {data: "asset_amount" }]
+            };
+            jumpserver.initDataTable(options);
+            jumpserver.initDataTable(options2);
+        });
+    </script>
+{% endblock %}
\ No newline at end of file
diff --git a/apps/users/templates/users/user_update.html b/apps/users/templates/users/user_update.html
index b431fb013..95dbb680f 100644
--- a/apps/users/templates/users/user_update.html
+++ b/apps/users/templates/users/user_update.html
@@ -1,14 +1,6 @@
 {% extends 'users/_user.html' %}
 {% load i18n %}
 {% block user_template_title %}{% trans "Update user" %}{% endblock %}
-{#{% block username %}#}
-{#    <div class="form-group">#}
-{#        <label for="{{ form.username.id_for_label }}" class="col-sm-2 control-label">{% trans 'Username' %}</label>#}
-{#        <div class="col-sm-9 controls" >#}
-{#            <input id="{{ form.username.id_for_label }}" name="{{ form.username.html_name }}" type="text" value="{{ user_object.username }}" readonly class="form-control">#}
-{#        </div>#}
-{#    </div>#}
-{#{% endblock %}#}
 {% block password %}
     <h3>{% trans 'Password' %}</h3>
     <div class="form-group">
diff --git a/apps/users/urls.py b/apps/users/urls.py
index a4af64bd1..7ede4e38c 100644
--- a/apps/users/urls.py
+++ b/apps/users/urls.py
@@ -34,6 +34,12 @@ urlpatterns = [
     url(r'^user-group/(?P<pk>[0-9]+)$', views.UserGroupDetailView.as_view(), name='user-group-detail'),
     url(r'^user-group/create$', views.UserGroupCreateView.as_view(), name='user-group-create'),
     url(r'^user-group/(?P<pk>[0-9]+)/update$', views.UserGroupUpdateView.as_view(), name='user-group-update'),
+    url(r'^user-group/(?P<pk>[0-9]+)/asset-permission$', views.UserGroupAssetPermissionView.as_view(),
+        name='user-group-asset-permission'),
+    url(r'^user-group/(?P<pk>[0-9]+)/asset-permission/create$', views.UserAssetPermissionCreateView.as_view(),
+        name='user-group-asset-permission-create'),
+    url(r'^user-group/(?P<pk>[0-9]+)/assets', views.UserGroupGrantedAssetView.as_view(),
+        name='user-group-granted-asset'),
 ]
 
 
diff --git a/apps/users/views.py b/apps/users/views.py
index 90468e5bb..0a0f4ff75 100644
--- a/apps/users/views.py
+++ b/apps/users/views.py
@@ -166,7 +166,7 @@ class UserGroupListView(AdminUserRequiredMixin, TemplateView):
 class UserGroupCreateView(AdminUserRequiredMixin, CreateView):
     model = UserGroup
     form_class = forms.UserGroupForm
-    template_name = 'users/user_group_create.html'
+    template_name = 'users/user_group_create_update.html'
     success_url = reverse_lazy('users:user-group-list')
 
     def get_context_data(self, **kwargs):
@@ -188,14 +188,14 @@ class UserGroupCreateView(AdminUserRequiredMixin, CreateView):
 class UserGroupUpdateView(AdminUserRequiredMixin, UpdateView):
     model = UserGroup
     form_class = forms.UserGroupForm
-    template_name = 'users/user_group_create.html'
+    template_name = 'users/user_group_create_update.html'
     success_url = reverse_lazy('users:user-group-list')
 
     def get_context_data(self, **kwargs):
-        self.object = self.get_object()
+        # self.object = self.get_object()
         context = super(UserGroupUpdateView, self).get_context_data(**kwargs)
         users = User.objects.all()
-        group_users = ",".join([str(u.id) for u in self.object.users.all()])
+        group_users = [user.id for user in self.object.users.all()]
         context.update({
             'app': _('Users'),
             'action': _('Update User Group'),
@@ -370,29 +370,71 @@ class UserAssetPermissionView(AdminUserRequiredMixin, FormMixin, SingleObjectMix
         return super(UserAssetPermissionView, self).get_context_data(**kwargs)
 
 
+class UserGroupAssetPermissionView(AdminUserRequiredMixin, FormMixin, SingleObjectMixin, ListView):
+    model = UserGroup
+    template_name = 'users/user_group_asset_permission.html'
+    context_object_name = 'user_group'
+    form_class = forms.UserPrivateAssetPermissionForm
+
+    def get(self, request, *args, **kwargs):
+        self.object = self.get_object(queryset=UserGroup.objects.all())
+        return super(UserGroupAssetPermissionView, self).get(request, *args, **kwargs)
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': 'Users',
+            'action': 'User group asset permissions',
+        }
+        kwargs.update(context)
+        return super(UserGroupAssetPermissionView, self).get_context_data(**kwargs)
+
+
 class UserAssetPermissionCreateView(AdminUserRequiredMixin, CreateView):
     form_class = forms.UserPrivateAssetPermissionForm
     model = AssetPermission
 
     def get(self, request, *args, **kwargs):
-        user_object = self.get_object(queryset=User.objects.all())
-        return redirect(reverse('users:user-asset-permission', kwargs={'pk': user_object.id}))
+        user = self.get_object(queryset=User.objects.all())
+        return redirect(reverse('users:user-asset-permission', kwargs={'pk': user.id}))
 
     def post(self, request, *args, **kwargs):
-        self.user_object = self.get_object(queryset=User.objects.all())
+        self.user = self.get_object(queryset=User.objects.all())
         return super(UserAssetPermissionCreateView, self).post(request, *args, **kwargs)
 
     def get_form(self, form_class=None):
         form = super(UserAssetPermissionCreateView, self).get_form(form_class=form_class)
-        form.user = self.user_object
+        form.user = self.user
+        return form
+
+    def form_invalid(self, form):
+        return redirect(reverse('users:user-asset-permission', kwargs={'pk': self.user.id}))
+
+    def get_success_url(self):
+        return reverse('users:user-asset-permission', kwargs={'pk': self.user.id})
+
+
+class UserGroupAssetPermissionCreateView(AdminUserRequiredMixin, CreateView):
+    form_class = forms.UserPrivateAssetPermissionForm
+    model = AssetPermission
+
+    def get(self, request, *args, **kwargs):
+        user_group = self.get_object(queryset=UserGroup.objects.all())
+        return redirect(reverse('users:user-group-asset-permission', kwargs={'pk': user_group.id}))
+
+    def post(self, request, *args, **kwargs):
+        self.user_group = self.get_object(queryset=UserGroup.objects.all())
+        return super(UserGroupAssetPermissionCreateView, self).post(request, *args, **kwargs)
+
+    def get_form(self, form_class=None):
+        form = super(UserGroupAssetPermissionCreateView, self).get_form(form_class=form_class)
+        form.user_group = self.user_group
         return form
 
     def form_invalid(self, form):
-        print(form.errors)
-        return redirect(reverse('users:user-asset-permission', kwargs={'pk': self.user_object.id}))
+        return redirect(reverse('users:user-group-asset-permission', kwargs={'pk': self.user_group.id}))
 
     def get_success_url(self):
-        return reverse('users:user-asset-permission', kwargs={'pk': self.user_object.id})
+        return reverse('users:user-group-asset-permission', kwargs={'pk': self.user_group.id})
 
 
 class UserGrantedAssetView(AdminUserRequiredMixin, DetailView):
@@ -413,6 +455,24 @@ class UserGrantedAssetView(AdminUserRequiredMixin, DetailView):
         return super(UserGrantedAssetView, self).get_context_data(**kwargs)
 
 
+class UserGroupGrantedAssetView(AdminUserRequiredMixin, DetailView):
+    model = User
+    template_name = 'users/user_group_granted_asset.html'
+    context_object_name = 'user_group'
+
+    def get(self, request, *args, **kwargs):
+        self.object = self.get_object(queryset=UserGroup.objects.all())
+        return super(UserGroupGrantedAssetView, self).get(request, *args, **kwargs)
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': 'User',
+            'action': 'User group granted asset',
+        }
+        kwargs.update(context)
+        return super(UserGroupGrantedAssetView, self).get_context_data(**kwargs)
+
+
 class BulkImportUserView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
     form_class = forms.FileForm
 
-- 
GitLab