chore: release v2.5.4

fix(ui): resource views - fix page display during initialization
feat(ui): attribute association - many-to-many cannot all be multi-value
2025-09-03 19:26:56 +08:00 · 2025-08-15 21:54:46 +08:00 · 2025-08-15 21:37:07 +08:00 · 2025-08-15 21:34:01 +08:00 · 2025-08-15 20:32:22 +08:00 · 2025-08-15 16:09:41 +08:00
357 changed files with 36109 additions and 6448 deletions
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of the level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
--- a/README.md
+++ b/README.md
@@ -1,119 +1,138 @@

 <p align="center">
-  <a href="https://veops.cn"><img src="docs/images/logo.png" alt="维易CMDB" width="300"/></a>
+  <a href="https://veops.cn">
+    <img src="https://github.com/user-attachments/assets/c5cfb272-899b-418d-9e69-8e1dd07db0f6" alt="维易CMDB"/>
+  </a>
 </p>
-<h3 align="center">简单、轻量、通用的运维配置管理数据库</h3>
+
+<h4 align="center">简单、轻量、通用的运维配置管理数据库</h4>
+
 <p align="center">
  <a href="https://github.com/veops/cmdb/blob/master/LICENSE"><img src="https://img.shields.io/badge/License-AGPLv3-brightgreen" alt="License: GPLv3"></a>
-  <a href="https:https://github.com/sendya/ant-design-pro-vue"><img src="https://img.shields.io/badge/UI-Ant%20Design%20Pro%20Vue-brightgreen" alt="UI"></a>
-  <a href="https://github.com/pallets/flask"><img src="https://img.shields.io/badge/API-Flask-brightgreen" alt="API"></a>
+  <a href="https://github.com/veops/cmdb/releases"><img alt="the latest release version" src="https://img.shields.io/github/v/release/veops/cmdb?color=75C1C4&include_prereleases&label=Release&logo=github&logoColor=white"></a>
+  <a href="https:https://github.com/sendya/ant-design-pro-vue"><img src="https://img.shields.io/badge/UI-Ant%20Design%20Pro%20Vue-green" alt="UI"></a>
+  <a href="https://github.com/pallets/flask"><img src="https://img.shields.io/badge/API-Flask-bright" alt="API"></a>
+  <a href="https://github.com/veops/cmdb/stargazers"><img src="https://img.shields.io/github/stars/veops/cmdb" alt="Stars Badge"/></a>
+  <a href="https://github.com/veops/cmdb"><img src="https://img.shields.io/github/forks/veops/cmdb" alt="Forks Badge"/></a>
+</p>
+<p align="center">
+  中文(简体) · <a href="docs/README_en.md">English</a>
 </p>
-
-
------------------------------
-
-[English](docs/README_en.md) / [中文](README.md)
- 产品文档：https://veops.cn/docs/
- 在线体验：<a href="https://cmdb.veops.cn" target="_blank">CMDB</a>
-  - username: demo 或者 admin
-  - password: 123456
-
-> **重要提示**: `master` 分支在开发过程中可能处于 _不稳定的状态_ 。
-> 请通过[releases](https://github.com/veops/cmdb/releases)获取

 ## 系统介绍

-### 系统概览
+维易CMDB是一个简洁、轻量且高度可定制的运维配置管理数据库（CMDB）。它支持灵活的模型配置和资源自动发现，旨在为企业提供便捷的资产管理解决方案，帮助运维团队高效地管理 IT 基础设施和服务。

-<img src=docs/images/dashboard.png />
-
-[查看更多展示](docs/screenshot.md)
-
-### 相关文章
-
- <a href="https://mp.weixin.qq.com/s/v3eANth64UBW5xdyOkK3tg" target="_blank">概要设计</a>
- <a href="https://github.com/veops/cmdb/tree/master/docs/cmdb_api.md" target="_blank">API 文档</a>
- <a href="https://mp.weixin.qq.com/s/rQaf4AES7YJsyNQG_MKOLg" target="_blank">自动发现</a>
- 更多文章可以在公众号 **维易科技OneOps** 里查看
-
-### 特点
-
- 灵活性
-  1. 配置灵活，不设定任何运维场景，有内置模板
-  2. 自动发现、入库 IT 资产
- 安全性
-  1. 细粒度权限控制
-  2. 完备操作日志
- 多应用
-  1. 丰富视图展示维度
-  2. API简单强大
-  3. 支持定义属性触发器、计算属性
+- 产品文档：[https://veops.cn/docs/](https://veops.cn/docs/)
+- 在线体验：[https://cmdb.veops.cn](https://cmdb.veops.cn)
+  - 用户名：demo 或者 admin
+  - 密码：123456
+- **重要提示**：`master` 分支在开发过程中可能处于**不稳定的状态**。请通过 [releases](https://github.com/veops/cmdb/releases) 获取最新稳定版本。

 ### 主要功能

- 模型属性支持索引、多值、默认排序、字体颜色，支持计算属性
- 支持自动发现、定时巡检、文件导入
- 支持资源、层级、关系视图展示
- 支持模型间关系配置和展示
- 细粒度访问控制，完备的操作日志
- 支持跨模型搜索
+- **自定义模型和模型关系**：支持模型属性的自定义，包括下拉列表、字体颜色、计算属性等高级功能，满足不同业务需求。
+- **自动发现资源**：支持计算机、网络设备、存储设备、数据库、中间件、公有云资源等自动发现。
+- **多维度视图展示**：包括资源视图、层级视图、关系视图等，帮助运维人员全面管理资源。
+- **细粒度权限控制**：通过精确的访问控制和完备的操作日志保障系统的安全性。
+- **全面的资源搜索功能**：支持灵活的资源和关系搜索，快速定位和操作资源。
+- **集成 IP 地址管理（IPAM）和数据中心基础设施管理（DCIM）**：简化网络资源和数据中心设备的管理。

+更多详细功能，请移步 [维易科技官网](https://veops.cn) 进行了解。

+### 系统优势

+- 灵活性
+  + 无需指定固定运维场景，支持自由配置并内置多种模板
+  + 支持自动发现和入库 IT 资产，快速搭建资产管理系统
+- 安全性
+  + 细粒度的权限控制机制，确保资源管理的安全性
+  + 完整的操作日志记录，便于审计和问题追踪
+- 多应用
+  + 提供多种视图展示方式，满足不同场景的需求
+  + 强大的 API 接口，支持深度集成
+  + 支持定义属性触发器和计算属性，增强数据处理能力

+### 技术栈

-### 更多功能
+ 后端：Python [3.8-3.11]
+ 数据存储：MySQL、Redis
+ 前端：Vue.js
+ UI组件库：Ant Design Vue

-> 也欢迎移步[维易科技官网](https://veops.cn)，发现更多免费运维系统。
+### 系统概览
+
+<table style="border-collapse: collapse;">
+  <tr>
+    <td style="padding: 5px;background-color:#fff;">
+      <img width="400" src="https://github.com/user-attachments/assets/6d2df835-ae93-4d91-9bd9-213c270eca7a"/>
+    </td>
+    <td style="padding: 5px;background-color:#fff;">
+      <img width="400" src="https://github.com/user-attachments/assets/cb8b598a-a1f9-4c74-adf1-6e59aea2c9b3"/>
+    </td>
+  </tr>
+
+  <tr>
+    <td style="padding: 5px;background-color:#fff;">
+      <img width="400" src="https://github.com/user-attachments/assets/b440224f-53c3-4b7f-a9be-285d7a4b848f"/>
+    </td>
+    <td style="padding: 5px;background-color:#fff;">
+      <img width="400" src="https://github.com/user-attachments/assets/f457d5a0-b60b-4949-b94e-020f4c61444b"/>
+    </td>
+  </tr>
+</table>
+
+## 关注我们
+
+欢迎 Star 加关注，第一时间获取更新动态！
+
+![star us](https://github.com/user-attachments/assets/f9056d5a-171c-4f53-9fec-d40c9e5ff94d)
+
+## 快速开始
+
+### 1. 搭建
+
+ 方案一：Docker 一键快速构建
+
+  - 第1步: 安装 Docker 环境和 Docker Compose（v2）
+  - 第2步: 拷贝项目代码, `git clone https://github.com/veops/cmdb.git`
+  - 第3步：进入主目录并启动, `docker compose up -d`
+
+ 方案二：[本地开发环境搭建](docs/local.md)
+ 方案三：[Makefile 安装](docs/makefile.md)
+
+### 2. 访问
+- 打开浏览器并访问: [http://127.0.0.1:8000](http://127.0.0.1:8000)
+- 用户名: demo 或者 admin
+- 密码: 123456

 ## 接入公司

-> 欢迎使用开源CMDB的公司，在 [#112](https://github.com/veops/cmdb/issues/112) 登记
+ 欢迎使用开源CMDB的公司和团队，在 [#112](https://github.com/veops/cmdb/issues/112) 登记

-## 安装
+## 代码贡献
+我们欢迎所有开发者贡献代码，改善和扩展这个项目。请先阅读我们的[贡献指南](docs/CONTRIBUTING.md)。此外，您还可以通过社交媒体、活动和分享来支持 Veops 的开源。

-### Docker 一键快速构建
+<a href="https://github.com/veops/cmdb/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=veops/cmdb" />
+</a>

-[//]: # (> 方法一)
- 第一步: 先安装 Docker 环境, 以及Docker Compose (v2)
- 第二步: 拷贝项目
-```shell 
-git clone https://github.com/veops/cmdb.git
-```
- 第三步：进入主目录，执行:
-```
-docker compose up -d
-```
+## 更多开源

-[//]: # (> 方法二, 该方法适用于linux系统)
+- [OneTerm](https://github.com/veops/oneterm): 一款简单、轻量、灵活的堡垒机服务。
+- [messenger](https://github.com/veops/messenger): 一个简单轻量的消息发送服务。
+- [ACL](https://github.com/veops/acl): 一个简单通用的权限管理系统设计与实践。

-[//]: # (- 第一步： 先安装 Docker 环境, 以及Docker Compose &#40;v2&#41;)
+## 相关文章

-[//]: # (- 第二步： 直接使用项目根目录下的install.sh 文件进行 `安装`、`启动`、`暂停`、`查状态`、`删除`、`卸载`)
+- <a href="https://mp.weixin.qq.com/s/v3eANth64UBW5xdyOkK3tg" target="_blank">尽可能通用的运维CMDB的设计与实践(Ⅰ) - 概览</a>
+- <a href="https://mp.weixin.qq.com/s/rQaf4AES7YJsyNQG_MKOLg" target="_blank">尽可能通用的运维CMDB的设计与实践(ⅠⅠ) - 自动发现</a>
+- <a href="https://github.com/veops/cmdb/tree/master/docs/cmdb_api.md" target="_blank">CMDB接口文档</a>

-[//]: # (```shell)
+更多文章可以在公众号 **维易科技OneOps** 里查看

-[//]: # (curl -so install.sh https://raw.githubusercontent.com/veops/cmdb/deploy_on_kylin_docker/install.sh)
+## 与我联系

-[//]: # (sh install.sh install)
-
-[//]: # (```)
-
-### [本地开发环境搭建](docs/local.md)
-
-### [Makefile 安装](docs/makefile.md)
-
-## 验证
- 浏览器打开: [http://127.0.0.1:8000](http://127.0.0.1:8000)
- username: demo 或者 admin
- password: 123456
-
-
---
-
-_**欢迎关注公众号(维易科技OneOps)，关注后可加入微信群，进行产品和技术交流。**_
-
-
-<p align="center">
-  <img src="docs/images/wechat.png" alt="公众号: 维易科技OneOps" />
-</p>
+ 邮箱: <a href="mailto:bd@veops.cn">bd@veops.cn</a>
+ 公众号：**维易科技OneOps**。关注后可以加入微信群，参与产品和技术交流  
+  <img src="docs/images/wechat.png" alt="公众号: 维易科技OneOps" />
--- a/cmdb-api/.ruff.toml
+++ b/cmdb-api/.ruff.toml
@@ -0,0 +1,79 @@
+line-length = 120
+cache-dir = ".ruff_cache"
+target-version = "py310"
+unsafe-fixes = true
+show-fixes = true
+
+[lint]
+select = [
+    "E",
+    "F",
+    "I",
+    "TCH",
+    # W
+    "W505",
+    # PT
+    "PT018",
+    # SIM
+    "SIM101",
+    "SIM114",
+    # PGH
+    "PGH004",
+    # PL
+    "PLE1142",
+    # RUF
+    "RUF100",
+    # UP
+    "UP007"
+]
+preview = true
+ignore = ["FURB101"]
+
+[lint.flake8-pytest-style]
+mark-parentheses = false
+parametrize-names-type = "list"
+parametrize-values-row-type = "list"
+parametrize-values-type = "tuple"
+
+[lint.flake8-unused-arguments]
+ignore-variadic-names = true
+
+[lint.isort]
+lines-between-types = 1
+order-by-type = true
+
+[lint.per-file-ignores]
+"**/api/v1/*.py" = ["TCH"]
+"**/model/*.py" = ["TCH003"]
+"**/models/__init__.py" = ["F401", "F403"]
+"**/tests/*.py" = ["E402"]
+"celery_worker.py" = ["F401"]
+"api/views/entry.py" = ["I001"]
+"migrations/*.py" = ["I001", "E402"]
+"*.py" = ["I001"]
+"api/views/common_setting/department.py" = ["F841"]
+"api/lib/common_setting/upload_file.py" = ["F841"]
+"api/lib/common_setting/acl.py" = ["F841"]
+"**/__init__.py" = ["F822"]
+"api/tasks/*.py" = ["E722"]
+"api/views/cmdb/*.py" = ["E722"]
+"api/views/acl/*.py" = ["E722"]
+"api/lib/secrets/*.py" = ["E722", "F841"]
+"api/lib/utils.py" = ["E722", "E731"]
+"api/lib/perm/authentication/cas/*" = ["E113", "F841"]
+"api/lib/perm/acl/*" = ["E722"]
+"api/lib/*" = ["E721", "F722"]
+"api/lib/cmdb/*" = ["F722", "E722"]
+"api/lib/cmdb/search/ci/es/search.py" = ["F841", "SIM114"]
+"api/lib/cmdb/search/ci/db/search.py" = ["F841"]
+"api/lib/cmdb/value.py" = ["F841"]
+"api/lib/cmdb/history.py" = ["E501"]
+"api/commands/common.py" = ["E722"]
+"api/commands/click_cmdb.py" = ["E722"]
+"api/lib/perm/auth.py" = ["SIM114"]
+
+[format]
+preview = true
+quote-style = "single"
+docstring-code-format = true
+skip-magic-trailing-comma = false
--- a/cmdb-api/Pipfile
+++ b/cmdb-api/Pipfile
@@ -11,7 +11,7 @@ click = ">=5.0"
 # Api
 Flask-RESTful = "==0.3.10"
 # Database
-Flask-SQLAlchemy = "==2.5.0"
+Flask-SQLAlchemy = "==3.0.5"
 SQLAlchemy = "==1.4.49"
 PyMySQL = "==1.1.0"
 redis = "==4.6.0"
@@ -68,6 +68,8 @@ pycryptodomex = ">=3.19.0"
 lz4 = ">=4.3.2"
 python-magic = "==0.4.27"
 jsonpath = "==0.82.2"
+networkx = ">=3.1"
+ipaddress = ">=1.0.23"

 [dev-packages]
 # Testing
--- a/cmdb-api/api/commands/click_acl.py
+++ b/cmdb-api/api/commands/click_acl.py
@@ -1,6 +1,8 @@
 import click
+from flask import current_app
 from flask.cli import with_appcontext

+from api.lib.exception import AbortException
 from api.lib.perm.acl.user import UserCRUD


@@ -46,11 +48,18 @@ def add_user():
    email = click.prompt('Enter email   ', confirmation_prompt=False)
    is_admin = click.prompt('Admin (Y/N)   ', confirmation_prompt=False, type=bool, default=False)

-    UserCRUD.add(username=username, password=password, email=email)
+    current_app.test_request_context().push()

-    if is_admin:
-        app = AppCache.get('acl') or App.create(name='acl')
-        acl_admin = RoleCache.get_by_name(app.id, 'acl_admin') or RoleCRUD.add_role('acl_admin', app.id, True)
-        rid = RoleCache.get_by_name(None, username).id
+    try:

-        RoleRelationCRUD.add(acl_admin, acl_admin.id, [rid], app.id)
+        UserCRUD.add(username=username, password=password, email=email)
+
+        if is_admin:
+            app = AppCache.get('acl') or App.create(name='acl')
+            acl_admin = RoleCache.get_by_name(None, 'acl_admin') or RoleCRUD.add_role('acl_admin', app.id, True)
+            rid = RoleCache.get_by_name(None, username).id
+
+            RoleRelationCRUD.add(acl_admin, acl_admin.id, [rid], app.id)
+
+    except AbortException as e:
+        print(f"Failed: {e}")
--- a/cmdb-api/api/commands/click_cmdb.py
+++ b/cmdb-api/api/commands/click_cmdb.py
@@ -1,14 +1,13 @@
 # -*- coding:utf-8 -*-


+import click
 import copy
 import datetime
 import json
+import requests
 import time
 import uuid
-
-import click
-import requests
 from flask import current_app
 from flask.cli import with_appcontext
 from flask_login import login_user
@@ -24,6 +23,7 @@ from api.lib.cmdb.const import REDIS_PREFIX_CI_RELATION2
 from api.lib.cmdb.const import ResourceTypeEnum
 from api.lib.cmdb.const import RoleEnum
 from api.lib.cmdb.const import ValueTypeEnum
+from api.lib.cmdb.dcim.rack import RackManager
 from api.lib.exception import AbortException
 from api.lib.perm.acl.acl import ACLManager
 from api.lib.perm.acl.acl import UserCache
@@ -37,11 +37,14 @@ from api.lib.secrets.secrets import InnerKVManger
 from api.models.acl import App
 from api.models.acl import ResourceType
 from api.models.cmdb import Attribute
+from api.models.cmdb import AttributeHistory
 from api.models.cmdb import CI
 from api.models.cmdb import CIRelation
 from api.models.cmdb import CIType
 from api.models.cmdb import CITypeTrigger
+from api.models.cmdb import OperationRecord
 from api.models.cmdb import PreferenceRelationView
+from api.tasks.cmdb import batch_ci_cache


@click.command()
@@ -193,7 +196,7 @@ def cmdb_counter():
    today = datetime.date.today()
    while True:
        try:
-            db.session.remove()
+            db.session.commit()

            CMDBCounterCache.reset()

@@ -207,6 +210,8 @@ def cmdb_counter():

            CMDBCounterCache.flush_sub_counter()

+            RackManager().check_u_slot()
+
            i += 1
        except:
            import traceback
@@ -223,6 +228,12 @@ def cmdb_trigger():
    """
    from api.lib.cmdb.ci import CITriggerManager

+    current_app.test_request_context().push()
+    if not UserCache.get('worker'):
+        from api.lib.perm.acl.user import UserCRUD
+        UserCRUD.add(username='worker', password=uuid.uuid4().hex, email='worker@xxx.com')
+    login_user(UserCache.get('worker'))
+
    current_day = datetime.datetime.today().strftime("%Y-%m-%d")
    trigger2cis = dict()
    trigger2completed = dict()
@@ -251,10 +262,10 @@ def cmdb_trigger():
                        trigger2cis[trigger.id] = (trigger, ready_cis)
                    else:
                        cur = trigger2cis[trigger.id]
-                        cur_ci_ids = {i.ci_id for i in cur[1]}
+                        cur_ci_ids = {_ci.ci_id for _ci in cur[1]}
                        trigger2cis[trigger.id] = (
-                            trigger, cur[1] + [i for i in ready_cis if i.ci_id not in cur_ci_ids
-                                               and i.ci_id not in trigger2completed.get(trigger.id, {})])
+                            trigger, cur[1] + [_ci for _ci in ready_cis if _ci.ci_id not in cur_ci_ids
+                                               and _ci.ci_id not in trigger2completed.get(trigger.id, {})])

            for tid in trigger2cis:
                trigger, cis = trigger2cis[tid]
@@ -341,7 +352,7 @@ def cmdb_inner_secrets_init(address):
    if valid_address(address):
        token = current_app.config.get("INNER_TRIGGER_TOKEN", "") if not token else token
        if not token:
-            token = click.prompt(f'Enter root token', hide_input=True, confirmation_prompt=False)
+            token = click.prompt('Enter root token', hide_input=True, confirmation_prompt=False)
        assert token is not None
        resp = requests.post("{}/api/v0.1/secrets/auto_seal".format(address.strip("/")),
                             headers={"Inner-Token": token})
@@ -557,5 +568,20 @@ def cmdb_patch(version):
                        existed.update(option=option, commit=False)

            db.session.commit()
+
+        if version >= "2.4.14":  # update ci columns: updated_at and updated_by
+            ci_ids = []
+            for i in CI.get_by(only_query=True).filter(CI.updated_at.is_(None)):
+                hist = AttributeHistory.get_by(ci_id=i.id, only_query=True).order_by(AttributeHistory.id.desc()).first()
+                if hist is not None:
+                    record = OperationRecord.get_by_id(hist.record_id)
+                    if record is not None:
+                        u = UserCache.get(record.uid)
+                        i.update(updated_at=record.created_at, updated_by=u and u.nickname, flush=True)
+                        ci_ids.append(i.id)
+
+            db.session.commit()
+
+            batch_ci_cache.apply_async(args=(ci_ids,))
    except Exception as e:
        print("cmdb patch failed: {}".format(e))
--- a/cmdb-api/api/lib/cmdb/attribute.py
+++ b/cmdb-api/api/lib/cmdb/attribute.py
@@ -108,7 +108,8 @@ class AttributeManager(object):
            return []
        choice_values = choice_table.get_by(fl=["value", "option"], attr_id=attr_id)

-        return [[ValueTypeMap.serialize[value_type](choice_value['value']), choice_value['option']]
+        return [[ValueTypeMap.serialize[value_type](choice_value['value']), choice_value['option'] or
+                 {"label": ValueTypeMap.serialize[value_type](choice_value['value'])}]
                for choice_value in choice_values]

    @staticmethod
@@ -140,7 +141,7 @@ class AttributeManager(object):
        attr = AttributeCache.get(_attr_id) if _attr_id else _attr
        if attr and attr.is_choice:
            choice_values = cls.get_choice_values(attr.id, attr.value_type, None, None)
-            return {i[0]: i[1]['label'] for i in choice_values if i[1].get('label')}
+            return {i[0]: i[1]['label'] for i in choice_values if i[1] and i[1].get('label')}

        return {}

@@ -414,7 +415,7 @@ class AttributeManager(object):
            db.session.rollback()
            current_app.logger.error("update attribute error, {0}".format(str(e)))

-            return abort(400, ErrFormat.update_attribute_failed.format(("id=".format(_id))))
+            return abort(400, ErrFormat.update_attribute_failed.format(("id={}".format(_id))))

        new = attr.to_dict()
        if not new['choice_web_hook'] and new['is_choice']:
--- a/cmdb-api/api/lib/cmdb/auto_discovery/auto_discovery.py
+++ b/cmdb-api/api/lib/cmdb/auto_discovery/auto_discovery.py
@@ -12,6 +12,7 @@ from sqlalchemy import func
 from api.extensions import db
 from api.lib.cmdb.auto_discovery.const import CLOUD_MAP
 from api.lib.cmdb.auto_discovery.const import DEFAULT_INNER
+from api.lib.cmdb.auto_discovery.const import NET_DEVICE_NAMES
 from api.lib.cmdb.auto_discovery.const import PRIVILEGED_USERS
 from api.lib.cmdb.cache import AttributeCache
 from api.lib.cmdb.cache import AutoDiscoveryMappingCache
@@ -252,6 +253,7 @@ class AutoDiscoveryCITypeCRUD(DBMixin):
        :return:
        """
        result = []
+        db.session.commit()
        rules = cls.cls.get_by(to_dict=True)

        for rule in rules:
@@ -718,6 +720,12 @@ class AutoDiscoveryCICRUD(DBMixin):

        build_relations_for_ad_accept.apply_async(args=(adc.to_dict(), ci_id, ad_key2attr), queue=CMDB_QUEUE)

+        ci_type = CITypeCache.get(adc.type_id)
+        if ci_type and ci_type.name in NET_DEVICE_NAMES and 'ports' in adc.instance:
+            from api.tasks.cmdb import add_net_device_ports
+            add_net_device_ports.apply_async(args=(ci_id, adc.instance['ports']),
+                                             queue=CMDB_QUEUE)
+            
        adc.update(is_accept=True,
                   accept_by=nickname or current_user.nickname,
                   accept_time=datetime.datetime.now(),
--- a/cmdb-api/api/lib/cmdb/auto_discovery/const.py
+++ b/cmdb-api/api/lib/cmdb/auto_discovery/const.py
@@ -4,6 +4,8 @@ from api.lib.cmdb.const import AutoDiscoveryType

 PRIVILEGED_USERS = ("cmdb_agent", "worker", "admin")

+NET_DEVICE_NAMES = {"switch", 'router', 'firewall', 'printer'}
+
 DEFAULT_INNER = [
    dict(name="阿里云", en="aliyun", type=AutoDiscoveryType.HTTP, is_inner=True, is_plugin=False,
         option={'icon': {'name': 'caise-aliyun'}, "en": "aliyun"}),
@@ -41,8 +43,12 @@ DEFAULT_INNER = [
         option={'icon': {'name': 'caise-luyouqi'}}),
    dict(name="防火墙", type=AutoDiscoveryType.SNMP, is_inner=True, is_plugin=False,
         option={'icon': {'name': 'caise-fanghuoqiang'}}),
-    dict(name="打印机", type=AutoDiscoveryType.SNMP, is_inner=True, is_plugin=False,
-         option={'icon': {'name': 'caise-dayinji'}}),
+    # dict(name="打印机", type=AutoDiscoveryType.SNMP, is_inner=True, is_plugin=False,
+    #      option={'icon': {'name': 'caise-dayinji'}}),
+    dict(name="光纤交换机", type=AutoDiscoveryType.SNMP, is_inner=True, is_plugin=False,
+         option={'icon': {'name': 'caise-fiber'}}),
+    dict(name="F5", type=AutoDiscoveryType.SNMP, is_inner=True, is_plugin=False,
+         option={'icon': {'name': 'caise-F5'}}),
 ]

 CLOUD_MAP = {
--- a/cmdb-api/api/lib/cmdb/auto_discovery/templates/net_device.json
+++ b/cmdb-api/api/lib/cmdb/auto_discovery/templates/net_device.json
@@ -1,37 +1,74 @@
-[{
-  "name":"manufacturer",
-  "type": "文本",
-  "example":"HUAWEI Technology Co.,Ltd",
-  "desc":"制造产商"
-},{
-  "name":"sn",
-  "type": "文本",
-  "example":"102030059898",
-  "desc":"设备序列号"
-},{
-  "name":"device_name",
-  "type": "文本",
-  "example":"USG6525E",
-  "desc":"设备名称"
-},{
-  "name":"device_model",
-  "type": "文本",
-  "example":"2011.2.321.1.205",
-  "desc":"设备细分类型 结合相关产商获取相应的产品类型"
-},{
-  "name":"description",
-  "type": "文本",
-  "example":"Huawei Vwersatile Routing Platform Software",
-  "desc":"设备描述"
-},{
-  "name":"manager_ip",
-  "type": "文本",
-  "example":"192.168.1.1",
-  "desc":"管理ip"
-}, {
-  "name":"ips",
-  "type": "文本、多值",
-  "example":"192.168.1.1, 192.168.1.2",
-  "desc":"ips"
-}
+[
+  {
+    "name": "manufacturer",
+    "type": "文本",
+    "example": "Huawei",
+    "desc": "制造产商"
+  },
+  {
+    "name": "sn",
+    "type": "文本",
+    "example": "102030059898",
+    "desc": "设备序列号"
+  },
+  {
+    "name": "name",
+    "type": "文本",
+    "example": "USG6525E",
+    "desc": "设备名称"
+  },
+  {
+    "name": "model",
+    "type": "文本",
+    "example": "2011.2.321.1.205",
+    "desc": "设备细分类型 结合相关产商获取相应的产品类型"
+  },
+  {
+    "name": "description",
+    "type": "文本",
+    "example": "Huawei Vwersatile Routing Platform Software",
+    "desc": "设备描述"
+  },
+  {
+    "name": "manager_ip",
+    "type": "文本",
+    "example": "192.168.1.1",
+    "desc": "管理ip"
+  },
+  {
+    "name": "ips",
+    "type": "文本、多值",
+    "example": "192.168.1.1, 192.168.1.2",
+    "desc": "ips"
+  },
+  {
+    "name": "uptime",
+    "type": "文本",
+    "example": "2023-04-15 10:00:00",
+    "desc": "启动时间"
+  },
+  {
+    "name": "snmp_version",
+    "type": "文本",
+    "example": "v2c",
+    "desc": "SNMP版本"
+  },
+  {
+    "name": "port_num",
+    "type": "整数",
+    "example": 24,
+    "desc": "端口数量"
+  },
+  {
+    "name": "ports",
+    "type": "json",
+    "example": "",
+    "desc": "设备的端口列表"
+  },
+  {
+    "name": "neighbors",
+    "type": "json",
+    "example": "",
+    "desc": "设备的邻居列表"
+  }
 ]
--- a/cmdb-api/api/lib/cmdb/cache.py
+++ b/cmdb-api/api/lib/cmdb/cache.py
@@ -512,7 +512,7 @@ class CMDBCounterCache(object):
                result[i.type_id]['rule_count'] = len(adts) + AutoDiscoveryCITypeRelation.get_by(
                    ad_type_id=i.type_id, only_query=True).count()
                result[i.type_id]['exec_target_count'] = len(
-                    set([i.oneagent_id for adt in adts for i in db.session.query(
+                    set([j.oneagent_id for adt in adts for j in db.session.query(
                        AutoDiscoveryRuleSyncHistory.oneagent_id).filter(
                        AutoDiscoveryRuleSyncHistory.adt_id == adt.id)]))

--- a/cmdb-api/api/lib/cmdb/ci.py
+++ b/cmdb-api/api/lib/cmdb/ci.py
@@ -45,6 +45,7 @@ from api.lib.notify import notify_send
 from api.lib.perm.acl.acl import ACLManager
 from api.lib.perm.acl.acl import is_app_admin
 from api.lib.perm.acl.acl import validate_permission
+from api.lib.perm.acl.cache import UserCache
 from api.lib.secrets.inner import InnerCrypt
 from api.lib.secrets.vault import VaultClient
 from api.lib.utils import handle_arg_list
@@ -113,7 +114,8 @@ class CIManager(object):
        ci_type = CITypeCache.get(ci.type_id)
        res["ci_type"] = ci_type.name

-        res.update(cls.get_cis_by_ids([str(ci_id)], fields=fields, ret_key=ret_key))
+        ci_list = cls.get_cis_by_ids([str(ci_id)], fields=fields, ret_key=ret_key)
+        ci_list and res.update(ci_list[0])

        res['_type'] = ci_type.id
        res['_id'] = ci_id
@@ -206,6 +208,8 @@ class CIManager(object):
        res['_type'] = ci_type.id
        res['ci_type_alias'] = ci_type.alias
        res['_id'] = ci_id
+        res['_updated_at'] = str(ci.updated_at or '')
+        res['_updated_by'] = ci.updated_by

        return res

@@ -291,7 +295,7 @@ class CIManager(object):
        db.session.commit()

        value_table = TableMap(attr_name=attr.name).table
-        with redis_lock.Lock(rd.r, "auto_inc_id_{}".format(attr.name)):
+        with redis_lock.Lock(rd.r, "auto_inc_id_{}".format(attr.name), expire=10):
            max_v = value_table.get_by(attr_id=attr.id, only_query=True).order_by(
                getattr(value_table, 'value').desc()).first()
            if max_v is not None:
@@ -353,17 +357,31 @@ class CIManager(object):
            is_auto_discovery=False,
            _is_admin=False,
            ticket_id=None,
+            _sync=False,
            **ci_dict):
        """
-        add ci
-        :param ci_type_name:
-        :param exist_policy: replace or reject or need
-        :param _no_attribute_policy: ignore or reject
-        :param is_auto_discovery: default is False
-        :param _is_admin: default is False
-        :param ticket_id:
-        :param ci_dict:
-        :return:
+        Create a new Configuration Item (CI) or update existing based on unique constraints.
+
+        Handles complete CI creation workflow including validation, uniqueness checks,
+        password encryption, computed attributes, relationship creation, and caching.
+
+        Args:
+            ci_type_name (str): Name of the CI type to create
+            exist_policy (ExistPolicy): How to handle existing CIs (REPLACE/REJECT/NEED)
+            _no_attribute_policy (ExistPolicy): How to handle unknown attributes (IGNORE/REJECT)
+            is_auto_discovery (bool): Whether CI is created by auto-discovery process
+            _is_admin (bool): Whether to skip permission checks
+            ticket_id (int, optional): Associated ticket ID for audit trail
+            _sync (bool): Whether to execute cache/relation tasks synchronously
+            **ci_dict: CI attribute values as key-value pairs
+
+        Returns:
+            int: ID of the created or updated CI
+
+        Raises:
+            400: If unique constraints violated, required attributes missing, or validation fails
+            403: If user lacks permissions for restricted attributes
+            404: If CI type not found or referenced CI not exists
        """
        now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        ci_type = CITypeManager.check_is_existed(ci_type_name)
@@ -387,7 +405,7 @@ class CIManager(object):
        ci = None
        record_id = None
        password_dict = {}
-        with redis_lock.Lock(rd.r, ci_type.name):
+        with redis_lock.Lock(rd.r, ci_type.name, expire=10):
            db.session.commit()

            if (unique_key.default and unique_key.default.get('default') == AttributeDefaultValueEnum.AUTO_INC_ID and
@@ -492,14 +510,38 @@ class CIManager(object):
                record_id = cls.save_password(ci.id, attr_id, password_dict[attr_id], record_id, ci_type.id)

        if record_id or has_dynamic:  # has changed
-            ci_cache.apply_async(args=(ci.id, operate_type, record_id), queue=CMDB_QUEUE)
+            if not _sync:
+                ci_cache.apply_async(args=(ci.id, operate_type, record_id), queue=CMDB_QUEUE)
+            else:
+                ci_cache(ci.id, operate_type, record_id)

        if ref_ci_dict:  # add relations
-            ci_relation_add.apply_async(args=(ref_ci_dict, ci.id, current_user.uid), queue=CMDB_QUEUE)
+            if not _sync:
+                ci_relation_add.apply_async(args=(ref_ci_dict, ci.id, current_user.uid), queue=CMDB_QUEUE)
+            else:
+                ci_relation_add(ref_ci_dict, ci.id, current_user.uid)

        return ci.id

    def update(self, ci_id, _is_admin=False, ticket_id=None, _sync=False, **ci_dict):
+        """
+        Update an existing Configuration Item with new attribute values.
+
+        Performs comprehensive CI update including validation, constraint checks,
+        password handling, computed attributes processing, and change tracking.
+
+        Args:
+            ci_id (int): ID of the CI to update
+            _is_admin (bool): Whether to skip permission checks
+            ticket_id (int, optional): Associated ticket ID for audit trail
+            _sync (bool): Whether to execute cache/relation tasks synchronously
+            **ci_dict: CI attribute values to update as key-value pairs
+
+        Raises:
+            400: If unique constraints violated or validation fails
+            403: If user lacks permissions for restricted attributes
+            404: If CI not found
+        """
        now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        ci = self.confirm_ci_existed(ci_id)
        ci_type = ci.ci_type
@@ -512,10 +554,14 @@ class CIManager(object):
        raw_dict = copy.deepcopy(ci_dict)

        ci_attr2type_attr = {type_attr.attr_id: type_attr for type_attr, _ in attrs}
+        unique_name = None
        for _, attr in attrs:
            if attr.default and attr.default.get('default') == AttributeDefaultValueEnum.UPDATED_AT:
                ci_dict[attr.name] = now

+            if attr.id == ci_type.unique_id:
+                unique_name = attr.name
+
        value_manager = AttributeValueManager()

        password_dict = dict()
@@ -538,14 +584,15 @@ class CIManager(object):
        limit_attrs = self._valid_ci_for_no_read(ci) if not _is_admin else {}

        record_id = None
-        with redis_lock.Lock(rd.r, ci_type.name):
+        with redis_lock.Lock(rd.r, ci_type.name, expire=10):
            db.session.commit()

            self._valid_unique_constraint(ci.type_id, ci_dict, ci_id)

            ci_dict = {k: v for k, v in ci_dict.items() if k in ci_type_attrs_name}
            key2attr = value_manager.valid_attr_value(ci_dict, ci.type_id, ci.id, ci_type_attrs_name,
-                                                      ci_attr2type_attr=ci_attr2type_attr)
+                                                      ci_attr2type_attr=ci_attr2type_attr,
+                                                      unique_name=unique_name)

            if computed_attrs:
                value_manager.handle_ci_compute_attributes(ci_dict, computed_attrs, ci)
@@ -568,6 +615,9 @@ class CIManager(object):
            for attr_id in password_dict:
                record_id = self.save_password(ci.id, attr_id, password_dict[attr_id], record_id, ci.type_id)

+        u = UserCache.get(current_user.uid)
+        ci.update(updated_at=now, updated_by=u and u.nickname)
+
        if record_id or has_dynamic:  # has changed
            if not _sync:
                ci_cache.apply_async(args=(ci_id, OperateType.UPDATE, record_id), queue=CMDB_QUEUE)
@@ -581,6 +631,9 @@ class CIManager(object):
            else:
                ci_relation_add(ref_ci_dict, ci.id)

+        u = UserCache.get(current_user.uid)
+        ci.update(updated_at=now, updated_by=u and u.nickname)
+
    @staticmethod
    def update_unique_value(ci_id, unique_name, unique_value):
        ci = CI.get_by_id(ci_id) or abort(404, ErrFormat.ci_not_found.format("id={}".format(ci_id)))
@@ -709,13 +762,18 @@ class CIManager(object):
            elif fields:
                _res = []
                for d in res:
+                    if isinstance(fields, dict) and d.get("_type") not in fields:
+                        _res.append(d)
+                        continue
+
                    _d = dict()
                    _d["_id"], _d["_type"] = d.get("_id"), d.get("_type")
                    _d["ci_type"] = d.get("ci_type")
                    if unique_required:
                        _d[d.get('unique')] = d.get(d.get('unique'))

-                    for field in fields + ['ci_type_alias', 'unique', 'unique_alias']:
+                    _fields = list(fields.get(_d['_type']) or [] if isinstance(fields, dict) else fields)
+                    for field in _fields + ['ci_type_alias', 'unique', 'unique_alias']:
                        _d[field] = d.get(field)
                    _res.append(_d)
                return _res
@@ -732,9 +790,8 @@ class CIManager(object):
        from api.lib.cmdb.search.ci.db.query_sql import QUERY_CIS_BY_IDS
        from api.lib.cmdb.search.ci.db.query_sql import QUERY_CIS_BY_VALUE_TABLE

-        if not fields:
-            filter_fields_sql = ""
-        else:
+        filter_fields_sql = ""
+        if fields and isinstance(fields, list):
            _fields = list()
            for field in fields:
                attr = AttributeCache.get(field)
@@ -776,6 +833,10 @@ class CIManager(object):
                ci_set.add(ci_id)
                res[ci2pos[ci_id]] = ci_dict

+            if isinstance(fields, dict) and fields.get(type_id):
+                if attr_name not in fields[type_id]:
+                    continue
+
            if ret_key == RetKey.NAME:
                attr_key = attr_name
            elif ret_key == RetKey.ALIAS:
@@ -813,7 +874,7 @@ class CIManager(object):
        if not ci_ids:
            return []

-        fields = [] if fields is None or not isinstance(fields, list) else fields
+        fields = [] if not fields else fields

        ci_id_tuple = tuple(map(int, ci_ids))
        res = cls._get_cis_from_cache(ci_id_tuple, ret_key, fields, unique_required, excludes=excludes)
@@ -1242,7 +1303,9 @@ class CIRelationManager(object):
            else:
                type_relation = CITypeRelation.get_by_id(relation_type_id)

-            with redis_lock.Lock(rd.r, "ci_relation_add_{}_{}".format(first_ci.type_id, second_ci.type_id)):
+            with redis_lock.Lock(rd.r,
+                                 "ci_relation_add_{}_{}".format(first_ci.type_id, second_ci.type_id),
+                                 expire=10):

                cls._check_constraint(first_ci_id, first_ci.type_id, second_ci_id, second_ci.type_id, type_relation)

@@ -1263,10 +1326,10 @@ class CIRelationManager(object):
        return existed.id

    @staticmethod
-    def delete(cr_id, apply_async=True):
+    def delete(cr_id, apply_async=True, valid=True):
        cr = CIRelation.get_by_id(cr_id) or abort(404, ErrFormat.relation_not_found.format("id={}".format(cr_id)))

-        if current_app.config.get('USE_ACL') and current_user.username != 'worker':
+        if current_app.config.get('USE_ACL') and current_user.username != 'worker' and valid:
            resource_name = CITypeRelationManager.acl_resource_name(cr.first_ci.ci_type.name, cr.second_ci.ci_type.name)
            if not ACLManager().has_permission(
                    resource_name,
@@ -1305,7 +1368,7 @@ class CIRelationManager(object):
        return cr

    @classmethod
-    def delete_3(cls, first_ci_id, second_ci_id, apply_async=True):
+    def delete_3(cls, first_ci_id, second_ci_id, apply_async=True, valid=True):
        cr = CIRelation.get_by(first_ci_id=first_ci_id,
                               second_ci_id=second_ci_id,
                               to_dict=False,
@@ -1315,7 +1378,7 @@ class CIRelationManager(object):
            # ci_relation_delete.apply_async(args=(first_ci_id, second_ci_id, cr.ancestor_ids), queue=CMDB_QUEUE)
            # delete_id_filter.apply_async(args=(second_ci_id,), queue=CMDB_QUEUE)

-            cls.delete(cr.id, apply_async=apply_async)
+            cls.delete(cr.id, apply_async=apply_async, valid=valid)

        return cr

@@ -1387,14 +1450,31 @@ class CIRelationManager(object):
                parent_attr = AttributeCache.get(parent_attr_id)
                child_attr = AttributeCache.get(child_attr_id)
                attr_value = ci_dict.get(parent_attr.name)
+                if attr_value != 0 and not attr_value:
+                    continue
                value_table = TableMap(attr=child_attr).table
-                for child in value_table.get_by(attr_id=child_attr.id, value=attr_value, only_query=True).join(
-                        CI, CI.id == value_table.ci_id).filter(CI.type_id == item.child_id):
-                    _relations.add((ci_dict['_id'], child.ci_id))
+                attr_value_list = [attr_value] if not isinstance(attr_value, list) else attr_value
+
+                matching_cis = value_table.get_by(
+                    attr_id=child_attr.id,
+                    only_query=True
+                ).join(
+                    CI, CI.id == value_table.ci_id
+                ).filter(
+                    CI.type_id == item.child_id,
+                    value_table.value.in_(attr_value_list)
+                ).all()
+
+                for ci in matching_cis:
+                    _relations.add((ci_dict['_id'], ci.ci_id))
+
                if relations is None:
                    relations = _relations
                else:
-                    relations &= _relations
+                    if item.constraint == ConstraintEnum.Many2Many:
+                        relations |= _relations
+                    else:
+                        relations &= _relations

            cls.delete_relations_by_source(RelationSourceEnum.ATTRIBUTE_VALUES,
                                           first_ci_id=ci_dict['_id'],
@@ -1414,14 +1494,31 @@ class CIRelationManager(object):
                parent_attr = AttributeCache.get(parent_attr_id)
                child_attr = AttributeCache.get(child_attr_id)
                attr_value = ci_dict.get(child_attr.name)
+                if attr_value != 0 and not attr_value:
+                    continue
                value_table = TableMap(attr=parent_attr).table
-                for parent in value_table.get_by(attr_id=parent_attr.id, value=attr_value, only_query=True).join(
-                        CI, CI.id == value_table.ci_id).filter(CI.type_id == item.parent_id):
-                    _relations.add((parent.ci_id, ci_dict['_id']))
+                attr_value_list = [attr_value] if not isinstance(attr_value, list) else attr_value
+
+                matching_cis = value_table.get_by(
+                    attr_id=parent_attr.id,
+                    only_query=True
+                ).join(
+                    CI, CI.id == value_table.ci_id
+                ).filter(
+                    CI.type_id == item.parent_id,
+                    value_table.value.in_(attr_value_list)
+                ).all()
+
+                for ci in matching_cis:
+                    _relations.add((ci.ci_id, ci_dict['_id']))
+
                if relations is None:
                    relations = _relations
                else:
-                    relations &= _relations
+                    if item.constraint == ConstraintEnum.Many2Many:
+                        relations |= _relations
+                    else:
+                        relations &= _relations

            cls.delete_relations_by_source(RelationSourceEnum.ATTRIBUTE_VALUES,
                                           second_ci_id=ci_dict['_id'],
@@ -1508,7 +1605,8 @@ class CITriggerManager(object):
        ci_dict.update(attr_dict)

    @classmethod
-    def _exec_webhook(cls, operate_type, webhook, ci_dict, trigger_id, trigger_name, record_id, ci_id=None, app=None):
+    def _exec_webhook(cls, operate_type, webhook, ci_dict, trigger_id, trigger_name, record_id,
+                      ci_id=None, app=None, record_history=True):
        app = app or current_app

        with app.app_context():
@@ -1526,19 +1624,20 @@ class CITriggerManager(object):
                current_app.logger.warning("exec webhook failed: {}".format(e))
                response = e
                is_ok = False
-
-            CITriggerHistoryManager.add(operate_type,
-                                        record_id,
-                                        ci_dict.get('_id'),
-                                        trigger_id,
-                                        trigger_name,
-                                        is_ok=is_ok,
-                                        webhook=response)
+            if record_history:
+                CITriggerHistoryManager.add(operate_type,
+                                            record_id,
+                                            ci_dict.get('_id'),
+                                            trigger_id,
+                                            trigger_name,
+                                            is_ok=is_ok,
+                                            webhook=response)

            return is_ok

    @classmethod
-    def _exec_notify(cls, operate_type, notify, ci_dict, trigger_id, trigger_name, record_id, ci_id=None, app=None):
+    def _exec_notify(cls, operate_type, notify, ci_dict, trigger_id, trigger_name, record_id,
+                     ci_id=None, app=None, record_history=True):
        app = app or current_app

        with app.app_context():
@@ -1562,13 +1661,14 @@ class CITriggerManager(object):
                    response = "{}\n{}".format(response, e)
                    is_ok = False

-            CITriggerHistoryManager.add(operate_type,
-                                        record_id,
-                                        ci_dict.get('_id'),
-                                        trigger_id,
-                                        trigger_name,
-                                        is_ok=is_ok,
-                                        notify=response.strip())
+            if record_history:
+                CITriggerHistoryManager.add(operate_type,
+                                            record_id,
+                                            ci_dict.get('_id'),
+                                            trigger_id,
+                                            trigger_name,
+                                            is_ok=is_ok,
+                                            notify=response.strip())

            return is_ok

@@ -1645,25 +1745,47 @@ class CITriggerManager(object):
        return result

    @classmethod
-    def trigger_notify(cls, trigger, ci):
+    def trigger_notify(cls, trigger, ci, only_test=False):
        """
        only for date attribute
        :param trigger:
        :param ci:
+        :param only_test:
        :return:
        """
        if (trigger.option.get('notifies', {}).get('notify_at') == datetime.datetime.now().strftime("%H:%M") or
-                not trigger.option.get('notifies', {}).get('notify_at')):
+            not trigger.option.get('notifies', {}).get('notify_at')) or only_test:

            if trigger.option.get('webhooks'):
-                threading.Thread(target=cls._exec_webhook, args=(
-                    None, trigger.option['webhooks'], None, trigger.id, trigger.option.get('name'), None, ci.ci_id,
-                    current_app._get_current_object())).start()
+                threading.Thread(
+                    target=cls._exec_webhook,
+                    args=(None, trigger.option['webhooks'], None, trigger.id,
+                          trigger.option.get('name'), None,
+                          ci and ci.ci_id,
+                          current_app._get_current_object(), not only_test)).start()
            elif trigger.option.get('notifies'):
                threading.Thread(target=cls._exec_notify, args=(
-                    None, trigger.option['notifies'], None, trigger.id, trigger.option.get('name'), None, ci.ci_id,
-                    current_app._get_current_object())).start()
+                    None, trigger.option['notifies'], None, trigger.id,
+                    trigger.option.get('name'), None,
+                    ci and ci.ci_id,
+                    current_app._get_current_object(), not only_test)).start()

            return True

        return False
+
+    @classmethod
+    def trigger_notify_test(cls, type_id, trigger_id):
+        trigger = CITypeTrigger.get_by_id(trigger_id) or abort(
+            404, ErrFormat.ci_type_trigger_not_found.format(trigger_id))
+
+        ci_type = CITypeCache.get(type_id) or abort(404, ErrFormat.ci_type_not_found.format(type_id))
+        attr = AttributeCache.get(ci_type.unique_id)
+        value_table = TableMap(attr=attr).table
+        if not value_table:
+            return
+
+        value = value_table.get_by(attr_id=attr.id, only_query=True).join(
+            CI, value_table.ci_id == CI.id).filter(CI.type_id == type_id).first()
+
+        cls.trigger_notify(trigger, value, only_test=True)
--- a/cmdb-api/api/lib/cmdb/ci_type.py
+++ b/cmdb-api/api/lib/cmdb/ci_type.py
@@ -3,6 +3,7 @@
 from collections import defaultdict

 import copy
+import networkx as nx
 import toposort
 from flask import abort
 from flask import current_app
@@ -16,12 +17,14 @@ from api.lib.cmdb.cache import AttributeCache
 from api.lib.cmdb.cache import CITypeAttributeCache
 from api.lib.cmdb.cache import CITypeAttributesCache
 from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.const import BuiltinModelEnum
 from api.lib.cmdb.const import CITypeOperateType
 from api.lib.cmdb.const import CMDB_QUEUE
 from api.lib.cmdb.const import ConstraintEnum
 from api.lib.cmdb.const import PermEnum
 from api.lib.cmdb.const import ResourceTypeEnum
 from api.lib.cmdb.const import RoleEnum
+from api.lib.cmdb.const import SysComputedAttributes
 from api.lib.cmdb.const import ValueTypeEnum
 from api.lib.cmdb.history import CITypeHistoryManager
 from api.lib.cmdb.perms import CIFilterPermsCRUD
@@ -63,6 +66,7 @@ class CITypeManager(object):
    """
    manage CIType
    """
+
    cls = CIType

    def __init__(self):
@@ -185,6 +189,9 @@ class CITypeManager(object):

        ci_type = cls.check_is_existed(type_id)

+        if ci_type.name in BuiltinModelEnum.all() and kwargs.get('name', ci_type.name) != ci_type.name:
+            return abort(400, ErrFormat.builtin_type_cannot_update_name)
+
        cls._validate_unique(type_id=type_id, name=kwargs.get('name'))
        # cls._validate_unique(type_id=type_id, alias=kwargs.get('alias') or kwargs.get('name'))

@@ -414,7 +421,10 @@ class CITypeGroupManager(object):
        group_types = set()
        for group in groups:
            for t in sorted(CITypeGroupItem.get_by(group_id=group['id']), key=lambda x: x['order'] or 0):
-                ci_type = CITypeCache.get(t['type_id']).to_dict()
+                ci_type = CITypeCache.get(t['type_id'])
+                if ci_type is None:
+                    continue
+                ci_type = ci_type.to_dict()
                if type_ids is not None and ci_type['id'] not in type_ids:
                    continue
                if resources is None or (ci_type and ci_type['name'] in resources):
@@ -524,7 +534,14 @@ class CITypeAttributeManager(object):
        for _type_id in parent_ids + [type_id]:
            result.extend(CITypeAttributesCache.get2(_type_id))

-        return result
+        attr_ids = set()
+        result2 = []
+        for i in result:
+            if i[1].id not in attr_ids:
+                result2.append(i)
+                attr_ids.add(i[1].id)
+
+        return result2

    @classmethod
    def get_attr_names_by_type_id(cls, type_id):
@@ -705,9 +722,6 @@ class CITypeAttributeManager(object):

                    ci_cache.apply_async(args=(ci.id, None, None), queue=CMDB_QUEUE)

-                for item in PreferenceShowAttributes.get_by(type_id=type_id, attr_id=attr_id, to_dict=False):
-                    item.soft_delete(commit=False)
-
                child_ids = CITypeInheritanceManager.recursive_children(type_id)
                for _type_id in [type_id] + child_ids:
                    for item in CITypeUniqueConstraint.get_by(type_id=_type_id, to_dict=False):
@@ -723,6 +737,9 @@ class CITypeAttributeManager(object):
                    item = CITypeTrigger.get_by(type_id=_type_id, attr_id=attr_id, to_dict=False, first=True)
                    item and item.soft_delete(commit=False)

+                    for item in PreferenceShowAttributes.get_by(type_id=_type_id, attr_id=attr_id, to_dict=False):
+                        item.soft_delete(commit=False)
+                    
                for item in (CITypeRelation.get_by(parent_id=type_id, to_dict=False) +
                             CITypeRelation.get_by(child_id=type_id, to_dict=False)):
                    if item.parent_id == type_id and attr_id in (item.parent_attr_ids or []):
@@ -838,10 +855,35 @@ class CITypeRelationManager(object):

        return ids

+    @staticmethod
+    def find_path(source_type_id, target_type_ids):
+        source_type_id = int(source_type_id)
+        target_type_ids = map(int, target_type_ids)
+
+        graph = nx.DiGraph()
+
+        def get_children(_id, _graph):
+            children = CITypeRelation.get_by(parent_id=_id, to_dict=False)
+
+            for i in children:
+                if i.child_id != _id:
+                    _graph.add_edge(i.parent_id, i.child_id)
+                    get_children(i.child_id, _graph)
+
+        get_children(source_type_id, graph)
+
+        paths = list(nx.all_simple_paths(graph, source_type_id, target_type_ids))
+
+        del graph
+
+        return paths
+
    @staticmethod
    def _wrap_relation_type_dict(type_id, relation_inst):
        ci_type_dict = CITypeCache.get(type_id).to_dict()
        ci_type_dict["ctr_id"] = relation_inst.id
+        show_key = AttributeCache.get(ci_type_dict.get('show_id') or ci_type_dict['unique_id'])
+        ci_type_dict["show_key"] = show_key and show_key.name
        ci_type_dict["attributes"] = CITypeAttributeManager.get_attributes_by_type_id(ci_type_dict["id"])
        attr_filter = CIFilterPermsCRUD.get_attr_filter(type_id)
        if attr_filter:
@@ -1064,6 +1106,7 @@ class CITypeAttributeGroupManager(object):

    @staticmethod
    def get_by_type_id(type_id, need_other=False):
+        _type = CITypeCache.get(type_id) or abort(404, ErrFormat.ci_type_not_found)
        parent_ids = CITypeInheritanceManager.base(type_id)

        groups = []
@@ -1102,17 +1145,24 @@ class CITypeAttributeGroupManager(object):
            else:
                group_pos = group2pos[group['name']]

-            attr = None
            for i in items:
                if i.attr_id in id2attr:
                    attr = id2attr[i.attr_id]
                    attr['inherited'] = group['inherited']
                    attr['inherited_from'] = group.get('inherited_from')
                    result[group_pos]['attributes'].append(attr)
+                else:
+                    continue

                if i.attr_id in attr2pos:
                    result[attr2pos[i.attr_id][0]]['attributes'].remove(attr2pos[i.attr_id][1])

+                if (_type.name in SysComputedAttributes.type2attr and
+                        attr['name'] in SysComputedAttributes.type2attr[_type.name]):
+                    attr['sys_computed'] = True
+                else:
+                    attr['sys_computed'] = False
+
                attr2pos[i.attr_id] = [group_pos, attr]

            group.pop('inherited_from', None)
@@ -1349,6 +1399,7 @@ class CITypeTemplateManager(object):
            i.pop('order', None)
            i.pop('choice_web_hook', None)
            i.pop('choice_other', None)
+            i.pop('choice_builtin', None)
            i.pop('order', None)
            i.pop('inherited_from', None)
            choice_value = i.pop('choice_value', None)
@@ -1399,6 +1450,10 @@ class CITypeTemplateManager(object):
                payload = dict(group_id=group_id_map.get(group['id'], group['id']),
                               type_id=type_id_map.get(ci_type['id'], ci_type['id']),
                               order=order)
+                for i in CITypeGroupItem.get_by(type_id=payload['type_id'], to_dict=False):
+                    if i.group_id != payload['group_id']:
+                        i.soft_delete(flush=True)
+
                existed = CITypeGroupItem.get_by(group_id=payload['group_id'], type_id=payload['type_id'],
                                                 first=True, to_dict=False)
                if existed is None:
@@ -1503,7 +1558,10 @@ class CITypeTemplateManager(object):
                if existed is None:
                    _group['type_id'] = type_id_map.get(_group['type_id'], _group['type_id'])

-                    existed = CITypeAttributeGroup.create(flush=True, **_group)
+                    try:
+                        existed = CITypeAttributeGroup.create(flush=True, **_group)
+                    except:
+                        continue

                for order, attr in enumerate(group['attributes'] or []):
                    item_existed = CITypeAttributeGroupItem.get_by(group_id=existed.id,
--- a/cmdb-api/api/lib/cmdb/const.py
+++ b/cmdb-api/api/lib/cmdb/const.py
@@ -1,6 +1,8 @@
 # -*- coding:utf-8 -*- 


+from flask_babel import lazy_gettext as _l
+
 from api.lib.utils import BaseEnum


@@ -110,17 +112,47 @@ class ExecuteStatusEnum(BaseEnum):
    FAILED = '1'
    RUNNING = '2'

+
 class RelationSourceEnum(BaseEnum):
    ATTRIBUTE_VALUES = "0"
    AUTO_DISCOVERY = "1"


+class BuiltinModelEnum(BaseEnum):
+    IPAM_SUBNET = "ipam_subnet"
+    IPAM_ADDRESS = "ipam_address"
+    IPAM_SCOPE = "ipam_scope"
+
+    DCIM_REGION = "dcim_region"
+    DCIM_IDC = "dcim_idc"
+    DCIM_SERVER_ROOM = "dcim_server_room"
+    DCIM_RACK = "dcim_rack"
+
+
+BUILTIN_ATTRIBUTES = {
+    "_updated_at": _l("Update Time"),
+    "_updated_by": _l("Updated By"),
+}
+
 CMDB_QUEUE = "one_cmdb_async"
 REDIS_PREFIX_CI = "ONE_CMDB"
 REDIS_PREFIX_CI_RELATION = "CMDB_CI_RELATION"
 REDIS_PREFIX_CI_RELATION2 = "CMDB_CI_RELATION2"

-BUILTIN_KEYWORDS = {'id', '_id', 'ci_id', 'type', '_type', 'ci_type', 'ticket_id'}
+BUILTIN_KEYWORDS = {'id', '_id', 'ci_id', 'type', '_type', 'ci_type', 'ticket_id', *BUILTIN_ATTRIBUTES.keys()}
+
+
+class SysComputedAttributes(object):
+    from api.lib.cmdb.ipam.const import SubnetBuiltinAttributes
+    type2attr = {
+        BuiltinModelEnum.IPAM_SUBNET: {
+            SubnetBuiltinAttributes.HOSTS_COUNT,
+            SubnetBuiltinAttributes.ASSIGN_COUNT,
+            SubnetBuiltinAttributes.USED_COUNT,
+            SubnetBuiltinAttributes.FREE_COUNT
+        }
+    }
+

 L_TYPE = None
 L_CI = None
--- a/cmdb-api/api/lib/cmdb/dcim/init.py
+++ b/cmdb-api/api/lib/cmdb/dcim/init.py
@@ -0,0 +1 @@
+# -*- coding:utf-8 -*-
--- a/cmdb-api/api/lib/cmdb/dcim/base.py
+++ b/cmdb-api/api/lib/cmdb/dcim/base.py
@@ -0,0 +1,33 @@
+# -*- coding:utf-8 -*-
+
+from api.lib.cmdb.ci import CIManager
+from api.lib.cmdb.ci import CIRelationManager
+from api.lib.cmdb.const import ExistPolicy
+
+
+class DCIMBase(object):
+    def __init__(self):
+        self.type_id = None
+
+    @staticmethod
+    def add_relation(parent_id, child_id):
+        if not parent_id or not child_id:
+            return
+
+        CIRelationManager().add(parent_id, child_id, valid=False, apply_async=False)
+
+    def add(self, parent_id, **kwargs):
+        ci_id = CIManager().add(self.type_id, exist_policy=ExistPolicy.REJECT, **kwargs)
+
+        if parent_id:
+            self.add_relation(parent_id, ci_id)
+
+        return ci_id
+
+    @classmethod
+    def update(cls, _id, **kwargs):
+        CIManager().update(_id, **kwargs)
+
+    @classmethod
+    def delete(cls, _id):
+        CIManager().delete(_id)
--- a/cmdb-api/api/lib/cmdb/dcim/const.py
+++ b/cmdb-api/api/lib/cmdb/dcim/const.py
@@ -0,0 +1,17 @@
+# -*- coding:utf-8 -*-
+
+
+from api.lib.utils import BaseEnum
+
+
+class RackBuiltinAttributes(BaseEnum):
+    U_COUNT = 'u_count'
+    U_START = 'u_start'
+    FREE_U_COUNT = 'free_u_count'
+    U_SLOT_ABNORMAL = 'u_slot_abnormal'
+
+
+class OperateTypeEnum(BaseEnum):
+    ADD_DEVICE = "0"
+    REMOVE_DEVICE = "1"
+    MOVE_DEVICE = "2"
--- a/cmdb-api/api/lib/cmdb/dcim/history.py
+++ b/cmdb-api/api/lib/cmdb/dcim/history.py
@@ -0,0 +1,40 @@
+from flask_login import current_user
+
+from api.lib.cmdb.cache import AttributeCache
+from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.ci import CIManager
+from api.lib.mixin import DBMixin
+from api.models.cmdb import DCIMOperationHistory
+
+
+class OperateHistoryManager(DBMixin):
+    cls = DCIMOperationHistory
+
+    @classmethod
+    def search(cls, page, page_size, fl=None, only_query=False, reverse=False, count_query=False,
+               last_size=None, **kwargs):
+        numfound, result = super(OperateHistoryManager, cls).search(page, page_size, fl, only_query, reverse,
+                                                                    count_query, last_size, **kwargs)
+
+        ci_ids = [i['ci_id'] for i in result]
+        id2ci = {i['_id']: i for i in (CIManager.get_cis_by_ids(ci_ids) or []) if i}
+        type2show_key = dict()
+        for i in id2ci.values():
+            if i.get('_type') not in type2show_key:
+                ci_type = CITypeCache.get(i.get('_type'))
+                if ci_type:
+                    show_key = AttributeCache.get(ci_type.show_id or ci_type.unique_id)
+                    type2show_key[i['_type']] = show_key and show_key.name
+
+        return numfound, result, id2ci, type2show_key
+
+    def _can_add(self, **kwargs):
+        kwargs['uid'] = current_user.uid
+
+        return kwargs
+
+    def _can_update(self, **kwargs):
+        pass
+
+    def _can_delete(self, **kwargs):
+        pass
--- a/cmdb-api/api/lib/cmdb/dcim/idc.py
+++ b/cmdb-api/api/lib/cmdb/dcim/idc.py
@@ -0,0 +1,19 @@
+# -*- coding:utf-8 -*-
+
+
+from flask import abort
+
+from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.const import BuiltinModelEnum
+from api.lib.cmdb.dcim.base import DCIMBase
+from api.lib.cmdb.resp_format import ErrFormat
+
+
+class IDCManager(DCIMBase):
+    def __init__(self):
+        super(IDCManager, self).__init__()
+
+        self.ci_type = CITypeCache.get(BuiltinModelEnum.DCIM_IDC) or abort(
+            404, ErrFormat.dcim_builtin_model_not_found.format(BuiltinModelEnum.DCIM_IDC))
+
+        self.type_id = self.ci_type.id
--- a/cmdb-api/api/lib/cmdb/dcim/rack.py
+++ b/cmdb-api/api/lib/cmdb/dcim/rack.py
@@ -0,0 +1,182 @@
+# -*- coding:utf-8 -*-
+
+import itertools
+import redis_lock
+from flask import abort
+
+from api.extensions import rd
+from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.ci import CIManager
+from api.lib.cmdb.ci import CIRelationManager
+from api.lib.cmdb.const import BuiltinModelEnum
+from api.lib.cmdb.dcim.base import DCIMBase
+from api.lib.cmdb.dcim.const import OperateTypeEnum
+from api.lib.cmdb.dcim.const import RackBuiltinAttributes
+from api.lib.cmdb.dcim.history import OperateHistoryManager
+from api.lib.cmdb.resp_format import ErrFormat
+from api.lib.cmdb.search.ci.db.search import Search as SearchFromDB
+from api.lib.cmdb.search.ci_relation.search import Search as RelationSearch
+
+
+class RackManager(DCIMBase):
+    def __init__(self):
+        super(RackManager, self).__init__()
+
+        self.ci_type = CITypeCache.get(BuiltinModelEnum.DCIM_RACK) or abort(
+            404, ErrFormat.dcim_builtin_model_not_found.format(BuiltinModelEnum.DCIM_RACK))
+
+        self.type_id = self.ci_type.id
+
+    @classmethod
+    def update(cls, _id, **kwargs):
+        if RackBuiltinAttributes.U_COUNT in kwargs:
+            devices, _, _, _, _, _ = RelationSearch(
+                [_id],
+                level=[1],
+                fl=[RackBuiltinAttributes.U_COUNT, RackBuiltinAttributes.U_START],
+                count=1000000).search()
+            for device in devices:
+                u_start = device.get(RackBuiltinAttributes.U_START)
+                u_count = device.get(RackBuiltinAttributes.U_COUNT) or 2
+                if u_start and u_start + u_count - 1 > kwargs[RackBuiltinAttributes.U_COUNT]:
+                    return abort(400, ErrFormat.dcim_rack_u_count_invalid)
+
+        CIManager().update(_id, _sync=True, **kwargs)
+
+        if RackBuiltinAttributes.U_COUNT in kwargs:
+            payload = {RackBuiltinAttributes.FREE_U_COUNT: cls.calc_u_free_count(_id)}
+
+            CIManager().update(_id, _sync=True, **payload)
+
+    def delete(self, _id):
+        super(RackManager, self).delete(_id)
+
+        payload = {RackBuiltinAttributes.U_START: None}
+        _, _, second_cis = CIRelationManager.get_second_cis(_id, per_page='all')
+        for ci in second_cis:
+            CIManager().update(ci['_id'], **payload)
+
+    @staticmethod
+    def calc_u_free_count(rack_id, device_id=None, u_start=None, u_count=None):
+        rack = CIManager.get_ci_by_id(rack_id, need_children=False)
+        if not rack.get(RackBuiltinAttributes.U_COUNT):
+            return 0
+
+        if device_id is not None and u_count is None:
+            ci = CIManager().get_ci_by_id(device_id, need_children=False)
+            u_count = ci.get(RackBuiltinAttributes.U_COUNT) or 2
+
+        if u_start and u_start + u_count - 1 > rack.get(RackBuiltinAttributes.U_COUNT):
+            return abort(400, ErrFormat.dcim_rack_u_slot_invalid)
+
+        devices, _, _, _, _, _ = RelationSearch(
+            [rack_id],
+            level=[1],
+            fl=[RackBuiltinAttributes.U_COUNT, RackBuiltinAttributes.U_START],
+            count=1000000).search()
+
+        u_count_sum = 0
+        for device in devices:
+            u_count_sum += (device.get(RackBuiltinAttributes.U_COUNT) or 2)
+            if device_id is not None:
+                _u_start = device.get(RackBuiltinAttributes.U_START)
+                _u_count = device.get(RackBuiltinAttributes.U_COUNT) or 2
+                if not _u_start:
+                    continue
+
+                if device.get('_id') != device_id and set(range(u_start, u_start + u_count)) & set(
+                        range(_u_start, _u_start + _u_count)):
+                    return abort(400, ErrFormat.dcim_rack_u_slot_invalid)
+
+        return rack[RackBuiltinAttributes.U_COUNT] - u_count_sum
+
+    def check_u_slot(self):
+        racks, _, _, _, _, _ = SearchFromDB(
+            "_type:{}".format(self.type_id),
+            count=10000000,
+            fl=[RackBuiltinAttributes.U_START, RackBuiltinAttributes.U_COUNT, RackBuiltinAttributes.U_SLOT_ABNORMAL],
+            parent_node_perm_passed=True).search()
+
+        for rack in racks:
+            devices, _, _, _, _, _ = RelationSearch(
+                [rack['_id']],
+                level=[1],
+                fl=[RackBuiltinAttributes.U_COUNT, RackBuiltinAttributes.U_START],
+                count=1000000).search()
+
+            u_slot_sets = []
+            for device in devices:
+                u_start = device.get(RackBuiltinAttributes.U_START)
+                u_count = device.get(RackBuiltinAttributes.U_COUNT) or 2
+                if u_start is not None and str(u_start).isdigit():
+                    u_slot_sets.append(set(range(u_start, u_start + u_count)))
+
+            if len(u_slot_sets) > 1:
+                u_slot_abnormal = False
+                for a, b in itertools.combinations(u_slot_sets, 2):
+                    if a.intersection(b):
+                        u_slot_abnormal = True
+                        break
+                if u_slot_abnormal != rack.get(RackBuiltinAttributes.U_SLOT_ABNORMAL):
+                    payload = {RackBuiltinAttributes.U_SLOT_ABNORMAL: u_slot_abnormal}
+                    CIManager().update(rack['_id'], **payload)
+
+    def add_device(self, rack_id, device_id, u_start, u_count=None):
+        with (redis_lock.Lock(rd.r, "DCIM_RACK_OPERATE_{}".format(rack_id), expire=10)):
+            self.calc_u_free_count(rack_id, device_id, u_start, u_count)
+
+            self.add_relation(rack_id, device_id)
+
+            payload = {RackBuiltinAttributes.U_START: u_start}
+            if u_count:
+                payload[RackBuiltinAttributes.U_COUNT] = u_count
+            CIManager().update(device_id, _sync=True, **payload)
+
+            payload = {
+                RackBuiltinAttributes.FREE_U_COUNT: self.calc_u_free_count(rack_id, device_id, u_start, u_count)}
+            CIManager().update(rack_id, _sync=True, **payload)
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.ADD_DEVICE, rack_id=rack_id, ci_id=device_id)
+
+    def remove_device(self, rack_id, device_id):
+        with (redis_lock.Lock(rd.r, "DCIM_RACK_OPERATE_{}".format(rack_id), expire=10)):
+            CIRelationManager.delete_3(rack_id, device_id, apply_async=False, valid=False)
+
+            payload = {RackBuiltinAttributes.FREE_U_COUNT: self.calc_u_free_count(rack_id)}
+            CIManager().update(rack_id, _sync=True, **payload)
+
+            payload = {RackBuiltinAttributes.U_START: None}
+            CIManager().update(device_id, _sync=True, **payload)
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.REMOVE_DEVICE, rack_id=rack_id, ci_id=device_id)
+
+    def move_device(self, rack_id, device_id, to_u_start):
+        with (redis_lock.Lock(rd.r, "DCIM_RACK_OPERATE_{}".format(rack_id), expire=10)):
+            payload = {RackBuiltinAttributes.FREE_U_COUNT: self.calc_u_free_count(rack_id, device_id, to_u_start)}
+            CIManager().update(rack_id, _sync=True, **payload)
+
+            CIManager().update(device_id, _sync=True, **{RackBuiltinAttributes.U_START: to_u_start})
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.MOVE_DEVICE, rack_id=rack_id, ci_id=device_id)
+
+    def migrate_device(self, rack_id, device_id, to_rack_id, to_u_start):
+        with (redis_lock.Lock(rd.r, "DCIM_RACK_OPERATE_{}".format(rack_id), expire=10)):
+            self.calc_u_free_count(to_rack_id, device_id, to_u_start)
+
+            if rack_id != to_rack_id:
+                CIRelationManager.delete_3(rack_id, device_id, apply_async=False, valid=False)
+
+                self.add_relation(to_rack_id, device_id)
+
+                payload = {
+                    RackBuiltinAttributes.FREE_U_COUNT: self.calc_u_free_count(to_rack_id, device_id, to_u_start)}
+                CIManager().update(to_rack_id, _sync=True, **payload)
+
+            CIManager().update(device_id, _sync=True, **{RackBuiltinAttributes.U_START: to_u_start})
+
+            if rack_id != to_rack_id:
+                payload = {RackBuiltinAttributes.FREE_U_COUNT: self.calc_u_free_count(rack_id)}
+                CIManager().update(rack_id, _sync=True, **payload)
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.REMOVE_DEVICE, rack_id=rack_id, ci_id=device_id)
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.ADD_DEVICE, rack_id=to_rack_id, ci_id=device_id)
--- a/cmdb-api/api/lib/cmdb/dcim/region.py
+++ b/cmdb-api/api/lib/cmdb/dcim/region.py
@@ -0,0 +1,29 @@
+# -*- coding:utf-8 -*-
+
+
+from flask import abort
+
+from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.ci import CIManager
+from api.lib.cmdb.const import BuiltinModelEnum
+from api.lib.cmdb.const import ExistPolicy
+from api.lib.cmdb.resp_format import ErrFormat
+
+
+class RegionManager(object):
+    def __init__(self):
+        self.ci_type = CITypeCache.get(BuiltinModelEnum.DCIM_REGION) or abort(
+            404, ErrFormat.dcim_builtin_model_not_found.format(BuiltinModelEnum.DCIM_REGION))
+
+        self.type_id = self.ci_type.id
+
+    def add(self, **kwargs):
+        return CIManager().add(self.type_id, exist_policy=ExistPolicy.REJECT, **kwargs)
+
+    @classmethod
+    def update(cls, _id, **kwargs):
+        CIManager().update(_id, **kwargs)
+
+    @classmethod
+    def delete(cls, _id):
+        CIManager().delete(_id)
--- a/cmdb-api/api/lib/cmdb/dcim/server_room.py
+++ b/cmdb-api/api/lib/cmdb/dcim/server_room.py
@@ -0,0 +1,56 @@
+# -*- coding:utf-8 -*-
+
+
+from flask import abort
+
+from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.const import BuiltinModelEnum
+from api.lib.cmdb.dcim.base import DCIMBase
+from api.lib.cmdb.dcim.const import RackBuiltinAttributes
+from api.lib.cmdb.resp_format import ErrFormat
+from api.lib.cmdb.search.ci.db.search import Search as SearchFromDB
+from api.models.cmdb import CI
+from api.models.cmdb import CIRelation
+
+
+class ServerRoomManager(DCIMBase):
+    def __init__(self):
+        super(ServerRoomManager, self).__init__()
+
+        self.ci_type = CITypeCache.get(BuiltinModelEnum.DCIM_SERVER_ROOM) or abort(
+            404, ErrFormat.dcim_builtin_model_not_found.format(BuiltinModelEnum.DCIM_SERVER_ROOM))
+        self.type_id = self.ci_type.id
+
+    @staticmethod
+    def get_racks(_id, q=None):
+        rack_type = CITypeCache.get(BuiltinModelEnum.DCIM_RACK) or abort(
+            404, ErrFormat.dcim_builtin_model_not_found.format(BuiltinModelEnum.DCIM_RACK))
+
+        relations = CIRelation.get_by(first_ci_id=_id, only_query=True).join(
+            CI, CI.id == CIRelation.second_ci_id).filter(CI.type_id == rack_type.id)
+        rack_ids = [i.second_ci_id for i in relations]
+
+        q = "_type:{}".format(rack_type.id) if not q else "_type:{},{}".format(rack_type.id, q)
+        if rack_ids:
+            response, _, _, _, numfound, _ = SearchFromDB(
+                q,
+                ci_ids=list(rack_ids),
+                count=1000000,
+                parent_node_perm_passed=True).search()
+        else:
+            response, numfound = [], 0
+
+        counter = dict(rack_count=numfound)
+        u_count = 0
+        free_u_count = 0
+        for i in response:
+            _u_count = i.get(RackBuiltinAttributes.U_COUNT) or 0
+            u_count += _u_count
+            free_u_count += (_u_count if i.get(RackBuiltinAttributes.FREE_U_COUNT) is None else
+                             i.get(RackBuiltinAttributes.FREE_U_COUNT))
+        counter["u_count"] = u_count
+        counter["u_used_count"] = u_count - free_u_count
+        counter["device_count"] = CIRelation.get_by(only_query=True).filter(
+            CIRelation.first_ci_id.in_(rack_ids)).count()
+
+        return counter, response
--- a/cmdb-api/api/lib/cmdb/dcim/tree_view.py
+++ b/cmdb-api/api/lib/cmdb/dcim/tree_view.py
@@ -0,0 +1,85 @@
+# -*- coding:utf-8 -*-
+
+from collections import defaultdict
+
+from flask import abort
+
+from api.lib.cmdb.cache import AttributeCache
+from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.const import BuiltinModelEnum
+from api.lib.cmdb.resp_format import ErrFormat
+from api.lib.cmdb.search.ci.db.search import Search as SearchFromDB
+from api.models.cmdb import CI
+from api.models.cmdb import CIRelation
+
+
+class TreeViewManager(object):
+    @classmethod
+    def get(cls):
+        region_type = CITypeCache.get(BuiltinModelEnum.DCIM_REGION) or abort(
+            404, ErrFormat.dcim_builtin_model_not_found.format(BuiltinModelEnum.DCIM_REGION))
+
+        idc_type = CITypeCache.get(BuiltinModelEnum.DCIM_IDC) or abort(
+            404, ErrFormat.dcim_builtin_model_not_found.format(BuiltinModelEnum.DCIM_IDC))
+
+        server_room_type = CITypeCache.get(BuiltinModelEnum.DCIM_SERVER_ROOM) or abort(
+            404, ErrFormat.dcim_builtin_model_not_found.format(BuiltinModelEnum.DCIM_SERVER_ROOM))
+
+        rack_type = CITypeCache.get(BuiltinModelEnum.DCIM_RACK) or abort(
+            404, ErrFormat.dcim_builtin_model_not_found.format(BuiltinModelEnum.DCIM_RACK))
+
+        relations = defaultdict(set)
+        ids = set()
+        has_parent_ids = set()
+
+        for i in CIRelation.get_by(only_query=True).join(CI, CI.id == CIRelation.first_ci_id).filter(
+                CI.type_id.in_([region_type.id, idc_type.id])):
+            relations[i.first_ci_id].add(i.second_ci_id)
+            ids.add(i.first_ci_id)
+            ids.add(i.second_ci_id)
+            has_parent_ids.add(i.second_ci_id)
+
+        for i in CIRelation.get_by(only_query=True).join(
+                CI, CI.id == CIRelation.second_ci_id).filter(CI.type_id.in_([idc_type.id, server_room_type.id])):
+            relations[i.first_ci_id].add(i.second_ci_id)
+            ids.add(i.first_ci_id)
+            ids.add(i.second_ci_id)
+            has_parent_ids.add(i.second_ci_id)
+
+        for i in CI.get_by(only_query=True).filter(CI.type_id.in_([region_type.id, idc_type.id])):
+            ids.add(i.id)
+
+        for _id in ids:
+            if _id not in has_parent_ids:
+                relations[None].add(_id)
+
+        type2name = dict()
+        type2name[region_type.id] = AttributeCache.get(region_type.show_id or region_type.unique_id).name
+        type2name[idc_type.id] = AttributeCache.get(idc_type.show_id or idc_type.unique_id).name
+        type2name[server_room_type.id] = AttributeCache.get(server_room_type.show_id or server_room_type.unique_id).name
+
+        response, _, _, _, _, _ = SearchFromDB(
+            "_type:({})".format(";".join(map(str, [region_type.id, idc_type.id, server_room_type.id]))),
+            ci_ids=list(ids),
+            count=1000000,
+            fl=list(type2name.values()),
+            parent_node_perm_passed=True).search()
+        id2ci = {i['_id']: i for i in response}
+
+        def _build_tree(_tree, parent_id=None):
+            tree = []
+            for child_id in _tree.get(parent_id, []):
+                children = sorted(_build_tree(_tree, child_id), key=lambda x: x['_id'])
+                if not id2ci.get(child_id):
+                    continue
+                ci = id2ci[child_id]
+                if ci['ci_type'] == BuiltinModelEnum.DCIM_SERVER_ROOM:
+                    ci['rack_count'] = CIRelation.get_by(first_ci_id=child_id, only_query=True).join(
+                        CI, CI.id == CIRelation.second_ci_id).filter(CI.type_id == rack_type.id).count()
+
+                tree.append({'children': children, **ci})
+            return tree
+
+        result = sorted(_build_tree(relations), key=lambda x: x['_id'])
+
+        return result, type2name
--- a/cmdb-api/api/lib/cmdb/history.py
+++ b/cmdb-api/api/lib/cmdb/history.py
@@ -10,6 +10,7 @@ from api.extensions import db
 from api.lib.cmdb.cache import AttributeCache
 from api.lib.cmdb.cache import RelationTypeCache
 from api.lib.cmdb.const import OperateType
+from api.lib.cmdb.cache import CITypeCache
 from api.lib.cmdb.perms import CIFilterPermsCRUD
 from api.lib.cmdb.resp_format import ErrFormat
 from api.lib.perm.acl.cache import UserCache
@@ -22,6 +23,7 @@ from api.models.cmdb import CITypeHistory
 from api.models.cmdb import CITypeTrigger
 from api.models.cmdb import CITypeUniqueConstraint
 from api.models.cmdb import OperationRecord
+from api.lib.cmdb.utils import TableMap


 class AttributeHistoryManger(object):
@@ -59,8 +61,23 @@ class AttributeHistoryManger(object):
        total = len(records)

        res = {}
+        show_attr_set = {}
+        show_attr_cache = {}
        for record in records:
            record_id = record.OperationRecord.id
+            type_id = record.OperationRecord.type_id
+            ci_id = record.AttributeHistory.ci_id
+            show_attr_set[ci_id] = None
+            show_attr = show_attr_cache.setdefault(
+                type_id, 
+                AttributeCache.get(
+                    CITypeCache.get(type_id).show_id or CITypeCache.get(type_id).unique_id) if CITypeCache.get(type_id) else None
+            )
+            if show_attr:
+                attr_table = TableMap(attr=show_attr).table
+                attr_record = attr_table.get_by(attr_id=show_attr.id, ci_id=ci_id, first=True, to_dict=False)
+                show_attr_set[ci_id] = attr_record.value if attr_record else None
+    
            attr_hist = record.AttributeHistory.to_dict()
            attr_hist['attr'] = AttributeCache.get(attr_hist['attr_id'])
            if attr_hist['attr']:
@@ -76,6 +93,7 @@ class AttributeHistoryManger(object):

            if record_id not in res:
                record_dict = record.OperationRecord.to_dict()
+                record_dict['show_attr_value'] = show_attr_set.get(ci_id)
                record_dict["user"] = UserCache.get(record_dict.get("uid"))
                if record_dict["user"]:
                    record_dict['user'] = record_dict['user'].nickname
--- a/cmdb-api/api/lib/cmdb/ipam/init.py
+++ b/cmdb-api/api/lib/cmdb/ipam/init.py
@@ -0,0 +1 @@
+# -*- coding:utf-8 -*-
--- a/cmdb-api/api/lib/cmdb/ipam/address.py
+++ b/cmdb-api/api/lib/cmdb/ipam/address.py
@@ -0,0 +1,133 @@
+# -*- coding:utf-8 -*-
+
+import redis_lock
+from flask import abort
+
+from api.extensions import rd
+from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.ci import CIManager
+from api.lib.cmdb.ci import CIRelationManager
+from api.lib.cmdb.const import BuiltinModelEnum
+from api.lib.cmdb.ipam.const import IPAddressAssignStatus
+from api.lib.cmdb.ipam.const import IPAddressBuiltinAttributes
+from api.lib.cmdb.ipam.const import OperateTypeEnum
+from api.lib.cmdb.ipam.const import SubnetBuiltinAttributes
+from api.lib.cmdb.ipam.history import OperateHistoryManager
+from api.lib.cmdb.resp_format import ErrFormat
+from api.lib.cmdb.search.ci.db.search import Search as SearchFromDB
+from api.lib.cmdb.search.ci_relation.search import Search as RelationSearch
+
+
+class IpAddressManager(object):
+    def __init__(self):
+        self.ci_type = CITypeCache.get(BuiltinModelEnum.IPAM_ADDRESS) or abort(
+            404, ErrFormat.ipam_address_model_not_found.format(BuiltinModelEnum.IPAM_ADDRESS))
+
+        self.type_id = self.ci_type.id
+
+    @staticmethod
+    def list_ip_address(parent_id):
+        numfound, _, result = CIRelationManager.get_second_cis(parent_id, per_page="all")
+
+        return numfound, result
+
+    def _get_cis(self, subnet_id, ips):
+
+        q = "_type:{},{}:({})".format(self.type_id, IPAddressBuiltinAttributes.IP, ";".join(ips or []))
+
+        response, _, _, _, _, _ = RelationSearch([subnet_id], level=[1], query=q, count=1000000).search()
+
+        return response
+
+    @staticmethod
+    def _add_relation(parent_id, child_id):
+        if not parent_id or not child_id:
+            return
+
+        CIRelationManager().add(parent_id, child_id, valid=False, apply_async=False)
+
+    @staticmethod
+    def calc_used_count(subnet_id):
+        q = "{}:(0;2),-{}:true".format(IPAddressBuiltinAttributes.ASSIGN_STATUS, IPAddressBuiltinAttributes.IS_USED)
+
+        return len(set(RelationSearch([subnet_id], level=[1], query=q, count=1000000).search(only_ids=True) or []))
+
+    @staticmethod
+    def _calc_assign_count(subnet_id):
+        q = "{}:(0;2)".format(IPAddressBuiltinAttributes.ASSIGN_STATUS)
+
+        return len(set(RelationSearch([subnet_id], level=[1], query=q, count=1000000).search(only_ids=True) or []))
+
+    def _update_subnet_count(self, subnet_id, assign_count_computed, used_count=None):
+        payload = {}
+
+        cur = CIManager.get_ci_by_id(subnet_id, need_children=False)
+        if assign_count_computed:
+            payload[SubnetBuiltinAttributes.ASSIGN_COUNT] = self._calc_assign_count(subnet_id)
+        if used_count is not None:
+            payload[SubnetBuiltinAttributes.USED_COUNT] = used_count
+
+        payload[SubnetBuiltinAttributes.FREE_COUNT] = (cur[SubnetBuiltinAttributes.HOSTS_COUNT] -
+                                                       self.calc_used_count(subnet_id))
+        CIManager().update(subnet_id, **payload)
+
+    def assign_ips(self, ips, subnet_id, cidr, **kwargs):
+        """
+
+        :param ips: ip list
+        :param subnet_id: subnet id
+        :param cidr: subnet cidr
+        :param kwargs: other attributes for ip address
+        :return:
+        """
+        if subnet_id is not None:
+            subnet = CIManager.get_ci_by_id(subnet_id)
+        else:
+            cis, _, _, _, _, _ = SearchFromDB("_type:{},{}:{}".format(
+                BuiltinModelEnum.IPAM_SUBNET, SubnetBuiltinAttributes.CIDR, cidr),
+                parent_node_perm_passed=True).search()
+            if cis:
+                subnet = cis[0]
+                subnet_id = subnet['_id']
+            else:
+                return abort(400, ErrFormat.ipam_address_model_not_found)
+
+        with (redis_lock.Lock(rd.r, "IPAM_ASSIGN_ADDRESS_{}".format(subnet_id),
+                              expire=60, auto_renewal=True)):
+            cis = self._get_cis(subnet_id, ips)
+            ip2ci = {ci[IPAddressBuiltinAttributes.IP]: ci for ci in cis}
+
+            ci_ids = []
+            for ip in ips:
+                kwargs['name'] = ip
+                kwargs[IPAddressBuiltinAttributes.IP] = ip
+                if ip not in ip2ci:
+                    ci_id = CIManager.add(self.type_id, _sync=True, **kwargs)
+                else:
+                    ci_id = ip2ci[ip]['_id']
+                    CIManager().update(ci_id, _sync=True, **kwargs)
+                ci_ids.append(ci_id)
+
+                self._add_relation(subnet_id, ci_id)
+
+            if ips and IPAddressBuiltinAttributes.ASSIGN_STATUS in kwargs:
+                self._update_subnet_count(subnet_id, True)
+
+            if ips and IPAddressBuiltinAttributes.IS_USED in kwargs:
+                q = "{}:true".format(IPAddressBuiltinAttributes.IS_USED)
+                cur_used_ids = RelationSearch([subnet_id], level=[1], query=q).search(only_ids=True)
+                for _id in set(cur_used_ids) - set(ci_ids):
+                    CIManager().update(_id, **{IPAddressBuiltinAttributes.IS_USED: False})
+
+                self._update_subnet_count(subnet_id, False, used_count=len(ips))
+
+        if kwargs.get(IPAddressBuiltinAttributes.ASSIGN_STATUS) in (
+                IPAddressAssignStatus.ASSIGNED, IPAddressAssignStatus.RESERVED):
+            OperateHistoryManager().add(operate_type=OperateTypeEnum.ASSIGN_ADDRESS,
+                                        cidr=subnet.get(SubnetBuiltinAttributes.CIDR),
+                                        description=" | ".join(ips))
+
+        elif kwargs.get(IPAddressBuiltinAttributes.ASSIGN_STATUS) == IPAddressAssignStatus.UNASSIGNED:
+            OperateHistoryManager().add(operate_type=OperateTypeEnum.REVOKE_ADDRESS,
+                                        cidr=subnet.get(SubnetBuiltinAttributes.CIDR),
+                                        description=" | ".join(ips))
--- a/cmdb-api/api/lib/cmdb/ipam/const.py
+++ b/cmdb-api/api/lib/cmdb/ipam/const.py
@@ -0,0 +1,35 @@
+# -*- coding:utf-8 -*-
+
+from api.lib.utils import BaseEnum
+
+
+class IPAddressAssignStatus(BaseEnum):
+    ASSIGNED = 0
+    UNASSIGNED = 1
+    RESERVED = 2
+
+
+class OperateTypeEnum(BaseEnum):
+    ADD_SCOPE = "0"
+    UPDATE_SCOPE = "1"
+    DELETE_SCOPE = "2"
+    ADD_SUBNET = "3"
+    UPDATE_SUBNET = "4"
+    DELETE_SUBNET = "5"
+    ASSIGN_ADDRESS = "6"
+    REVOKE_ADDRESS = "7"
+
+
+class SubnetBuiltinAttributes(BaseEnum):
+    NAME = 'name'
+    CIDR = 'cidr'
+    HOSTS_COUNT = 'hosts_count'
+    ASSIGN_COUNT = 'assign_count'
+    USED_COUNT = 'used_count'
+    FREE_COUNT = 'free_count'
+
+
+class IPAddressBuiltinAttributes(BaseEnum):
+    IP = 'ip'
+    ASSIGN_STATUS = 'assign_status'  # enum: 0 - assigned   1 - unassigned   2 - reserved
+    IS_USED = 'is_used'  # bool
--- a/cmdb-api/api/lib/cmdb/ipam/history.py
+++ b/cmdb-api/api/lib/cmdb/ipam/history.py
@@ -0,0 +1,61 @@
+# -*- coding:utf-8 -*-
+
+from flask_login import current_user
+
+from api.lib.cmdb.ipam.const import IPAddressBuiltinAttributes
+from api.lib.mixin import DBMixin
+from api.models.cmdb import IPAMOperationHistory
+from api.models.cmdb import IPAMSubnetScan
+from api.models.cmdb import IPAMSubnetScanHistory
+
+
+class OperateHistoryManager(DBMixin):
+    cls = IPAMOperationHistory
+
+    def _can_add(self, **kwargs):
+        kwargs['uid'] = current_user.uid
+
+        return kwargs
+
+    def _can_update(self, **kwargs):
+        pass
+
+    def _can_delete(self, **kwargs):
+        pass
+
+
+class ScanHistoryManager(DBMixin):
+    cls = IPAMSubnetScanHistory
+
+    def _can_add(self, **kwargs):
+        return kwargs
+
+    def add(self, **kwargs):
+        kwargs.pop('_key', None)
+        kwargs.pop('_secret', None)
+        ci_id = kwargs.pop('ci_id', None)
+
+        existed = self.cls.get_by(exec_id=kwargs['exec_id'], first=True, to_dict=False)
+        if existed is None:
+            self.cls.create(**kwargs)
+        else:
+            existed.update(**kwargs)
+
+        if kwargs.get('ips'):
+            from api.lib.cmdb.ipam.address import IpAddressManager
+            IpAddressManager().assign_ips(kwargs['ips'], ci_id, kwargs.get('cidr'),
+                                          **{IPAddressBuiltinAttributes.IS_USED: 1})
+
+            scan_rule = IPAMSubnetScan.get_by(ci_id=ci_id, first=True, to_dict=False)
+            if scan_rule is not None:
+                scan_rule.update(last_scan_time=kwargs.get('start_at'))
+
+        for i in self.cls.get_by(subnet_scan_id=kwargs.get('subnet_scan_id'), only_query=True).order_by(
+                self.cls.id.desc()).offset(100):
+            i.delete()
+
+    def _can_update(self, **kwargs):
+        pass
+
+    def _can_delete(self, **kwargs):
+        pass
--- a/cmdb-api/api/lib/cmdb/ipam/stats.py
+++ b/cmdb-api/api/lib/cmdb/ipam/stats.py
@@ -0,0 +1,104 @@
+# -*- coding:utf-8 -*-
+
+
+import json
+from flask import abort
+
+from api.extensions import rd
+from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.ci import CIManager
+from api.lib.cmdb.const import BuiltinModelEnum
+from api.lib.cmdb.const import REDIS_PREFIX_CI_RELATION
+from api.lib.cmdb.resp_format import ErrFormat
+from api.lib.cmdb.search.ci.db.search import Search as SearchFromDB
+from api.models.cmdb import CI
+from api.models.cmdb import CIRelation
+from api.models.cmdb import IPAMSubnetScan
+
+
+class Stats(object):
+    def __init__(self):
+        self.address_type = CITypeCache.get(BuiltinModelEnum.IPAM_ADDRESS) or abort(
+            404, ErrFormat.ipam_address_model_not_found.format(BuiltinModelEnum.IPAM_ADDRESS))
+
+        self.address_type_id = self.address_type.id
+
+        self.subnet_type = CITypeCache.get(BuiltinModelEnum.IPAM_SUBNET) or abort(
+            404, ErrFormat.ipam_address_model_not_found.format(BuiltinModelEnum.IPAM_ADDRESS))
+
+        self.subnet_type_id = self.subnet_type.id
+
+    def leaf_nodes(self, parent_id):
+        if str(parent_id) == '0':  # all
+            ci_ids = [i.id for i in CI.get_by(type_id=self.subnet_type_id, to_dict=False)]
+            has_children_ci_ids = [i.first_ci_id for i in CIRelation.get_by(
+                only_query=True).join(CI, CIRelation.second_ci_id == CI.id).filter(
+                CIRelation.first_ci_id.in_(ci_ids)).filter(CI.type_id == self.subnet_type_id)]
+
+            return list(set(ci_ids) - set(has_children_ci_ids))
+
+        else:
+            _type = CIManager().get_by_id(parent_id)
+            if not _type:
+                return abort(404, ErrFormat.ipam_subnet_not_found)
+            key = [(str(parent_id), _type.type_id)]
+            result = []
+            while True:
+                res = [json.loads(x).items() for x in [i or '{}' for i in rd.get(
+                    [i[0] for i in key], REDIS_PREFIX_CI_RELATION) or []]]
+
+                for idx, i in enumerate(res):
+                    if (not i or list(i)[0][1] == self.address_type_id) and key[idx][1] == self.subnet_type_id:
+                        result.append(int(key[idx][0]))
+
+                res = [j for i in res for j in i]  # [(id, type_id)]
+
+                if not res:
+                    return result
+
+                key = res
+
+    def statistic_subnets(self, subnet_ids):
+        if subnet_ids:
+            response, _, _, _, _, _ = SearchFromDB(
+                "_type:{}".format(self.subnet_type_id),
+                ci_ids=subnet_ids,
+                count=1000000,
+                parent_node_perm_passed=True,
+            ).search()
+        else:
+            response = []
+
+        scans = IPAMSubnetScan.get_by(only_query=True).filter(IPAMSubnetScan.ci_id.in_(list(map(int, subnet_ids))))
+        id2scan = {i.ci_id: i for i in scans}
+
+        address_num, address_free_num, address_assign_num, address_used_num = 0, 0, 0, 0
+        for subnet in response:
+            address_num += (subnet.get('hosts_count') or 0)
+            address_free_num += (subnet.get('free_count') or 0)
+            address_assign_num += (subnet.get('assign_count') or 0)
+            address_used_num += (subnet.get('used_count') or 0)
+
+            if id2scan.get(subnet['_id']):
+                subnet['scan_enabled'] = id2scan[subnet['_id']].scan_enabled
+                subnet['last_scan_time'] = id2scan[subnet['_id']].last_scan_time
+            else:
+                subnet['scan_enabled'] = False
+                subnet['last_scan_time'] = None
+
+        return response, address_num, address_free_num, address_assign_num, address_used_num
+
+    def summary(self, parent_id):
+        subnet_ids = self.leaf_nodes(parent_id)
+
+        subnets, address_num, address_free_num, address_assign_num, address_used_num = (
+            self.statistic_subnets(subnet_ids))
+
+        return dict(subnet_num=len(subnets),
+                    address_num=address_num,
+                    address_free_num=address_free_num,
+                    address_assign_num=address_assign_num,
+                    address_unassign_num=address_num - address_assign_num,
+                    address_used_num=address_used_num,
+                    address_used_free_num=address_num - address_used_num,
+                    subnets=subnets)
--- a/cmdb-api/api/lib/cmdb/ipam/subnet.py
+++ b/cmdb-api/api/lib/cmdb/ipam/subnet.py
@@ -0,0 +1,355 @@
+# -*- coding:utf-8 -*-
+
+from collections import defaultdict
+
+import datetime
+import ipaddress
+from flask import abort
+
+from api.lib.cmdb.cache import AttributeCache
+from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.ci import CIManager
+from api.lib.cmdb.ci import CIRelationManager
+from api.lib.cmdb.const import BuiltinModelEnum
+from api.lib.cmdb.ipam.const import OperateTypeEnum
+from api.lib.cmdb.ipam.const import SubnetBuiltinAttributes
+from api.lib.cmdb.ipam.history import OperateHistoryManager
+from api.lib.cmdb.resp_format import ErrFormat
+from api.lib.cmdb.search.ci.db.search import Search as SearchFromDB
+from api.models.cmdb import CI
+from api.models.cmdb import CIRelation
+from api.models.cmdb import IPAMSubnetScan
+
+
+class SubnetManager(object):
+    def __init__(self):
+        self.ci_type = CITypeCache.get(BuiltinModelEnum.IPAM_SUBNET) or abort(
+            404, ErrFormat.ipam_subnet_model_not_found.format(BuiltinModelEnum.IPAM_SUBNET))
+
+        self.type_id = self.ci_type.id
+
+    def scan_rules(self, oneagent_id, last_update_at=None):
+        result = []
+        rules = IPAMSubnetScan.get_by(agent_id=oneagent_id, to_dict=True)
+        ci_ids = [i['ci_id'] for i in rules]
+        if ci_ids:
+            response, _, _, _, _, _ = SearchFromDB("_type:{}".format(self.type_id),
+                                                   ci_ids=list(ci_ids),
+                                                   count=1000000,
+                                                   fl=[SubnetBuiltinAttributes.CIDR],
+                                                   parent_node_perm_passed=True).search()
+            id2ci = {i['_id']: i for i in response}
+
+            for rule in rules:
+                if rule['ci_id'] in id2ci:
+                    rule[SubnetBuiltinAttributes.CIDR] = id2ci[rule['ci_id']][SubnetBuiltinAttributes.CIDR]
+                    result.append(rule)
+
+        new_last_update_at = ""
+        for i in result:
+            __last_update_at = max([i['rule_updated_at'] or "", i['created_at'] or ""])
+            if new_last_update_at < __last_update_at:
+                new_last_update_at = __last_update_at
+
+        if not last_update_at or new_last_update_at > last_update_at:
+            return result, new_last_update_at
+        else:
+            return [], new_last_update_at
+
+    @staticmethod
+    def get_hosts(cidr):
+        try:
+            return list(map(str, ipaddress.ip_network(cidr).hosts()))
+        except ValueError:
+            return []
+
+    def get_by_id(self, subnet_id):
+        response, _, _, _, _, _ = SearchFromDB("_type:{}".format(self.type_id),
+                                               ci_ids=[subnet_id],
+                                               parent_node_perm_passed=True).search()
+        scan_rule = IPAMSubnetScan.get_by(ci_id=subnet_id, first=True, to_dict=True)
+        if scan_rule and response:
+            scan_rule.update(response[0])
+
+        return scan_rule
+
+    def tree_view(self):
+        scope = CITypeCache.get(BuiltinModelEnum.IPAM_SCOPE)
+        ci_types = scope and [scope.id, self.type_id] or [self.type_id]
+
+        relations = defaultdict(set)
+        ids = set()
+        has_parent_ids = set()
+        for i in CIRelation.get_by(only_query=True).join(
+                CI, CI.id == CIRelation.first_ci_id).filter(CI.type_id.in_(ci_types)):
+            relations[i.first_ci_id].add(i.second_ci_id)
+            ids.add(i.first_ci_id)
+            ids.add(i.second_ci_id)
+            has_parent_ids.add(i.second_ci_id)
+        for i in CIRelation.get_by(only_query=True).join(
+                CI, CI.id == CIRelation.second_ci_id).filter(CI.type_id.in_(ci_types)):
+            relations[i.first_ci_id].add(i.second_ci_id)
+            ids.add(i.first_ci_id)
+            ids.add(i.second_ci_id)
+            has_parent_ids.add(i.second_ci_id)
+
+        for i in CI.get_by(only_query=True).filter(CI.type_id.in_(ci_types)):
+            ids.add(i.id)
+
+        for _id in ids:
+            if _id not in has_parent_ids:
+                relations[None].add(_id)
+
+        type2name = dict()
+        type2name[self.type_id] = AttributeCache.get(self.ci_type.show_id or self.ci_type.unique_id).name
+
+        fl = [type2name[self.type_id]]
+        if scope:
+            type2name[scope.id] = AttributeCache.get(scope.show_id or scope.unique_id).name
+            fl.append(type2name[scope.id])
+
+        response, _, _, _, _, _ = SearchFromDB("_type:({})".format(";".join(map(str, ci_types))),
+                                               ci_ids=list(ids),
+                                               count=1000000,
+                                               fl=list(set(fl + [SubnetBuiltinAttributes.CIDR])),
+                                               parent_node_perm_passed=True).search()
+        id2ci = {i['_id']: i for i in response}
+
+        def _build_tree(_tree, parent_id=None):
+            tree = []
+            for child_id in _tree.get(parent_id, []):
+                children = sorted(_build_tree(_tree, child_id), key=lambda x: x['_id'])
+                if not id2ci.get(child_id):
+                    continue
+                tree.append({'children': children, **id2ci[child_id]})
+            return tree
+
+        result = sorted(_build_tree(relations), key=lambda x: x['_id'])
+
+        return result, type2name
+
+    @staticmethod
+    def _is_valid_cidr(cidr):
+        try:
+            cidr = ipaddress.ip_network(cidr)
+            if not (8 <= cidr.prefixlen <= 31):
+                raise ValueError
+
+            return str(cidr)
+        except ValueError:
+            return abort(400, ErrFormat.ipam_cidr_invalid_notation.format(cidr))
+
+    def _check_root_node_is_overlapping(self, cidr, _id=None):
+        none_root_nodes = [i.id for i in CI.get_by(only_query=True).join(
+            CIRelation, CIRelation.second_ci_id == CI.id).filter(CI.type_id == self.type_id)]
+        all_nodes = [i.id for i in CI.get_by(type_id=self.type_id, to_dict=False, fl=['id'])]
+
+        root_nodes = set(all_nodes) - set(none_root_nodes) - set(_id and [_id] or [])
+        response, _, _, _, _, _ = SearchFromDB("_type:{}".format(self.type_id),
+                                               ci_ids=list(root_nodes),
+                                               count=1000000,
+                                               parent_node_perm_passed=True).search()
+
+        cur_subnet = ipaddress.ip_network(cidr)
+        for item in response:
+            if item['_id'] == _id:
+                continue
+
+            if cur_subnet.overlaps(ipaddress.ip_network(item.get(SubnetBuiltinAttributes.CIDR))):
+                return abort(400, ErrFormat.ipam_subnet_overlapped.format(cidr, item.get(SubnetBuiltinAttributes.CIDR)))
+
+        return cidr
+
+    def _check_child_node_is_overlapping(self, parent_id, cidr, _id=None):
+        child_nodes = [i.second_ci_id for i in CIRelation.get_by(
+            first_ci_id=parent_id, to_dict=False, fl=['second_ci_id']) if i.second_ci_id != _id]
+        if not child_nodes:
+            return
+
+        response, _, _, _, _, _ = SearchFromDB("_type:{}".format(self.type_id),
+                                               ci_ids=list(child_nodes),
+                                               count=1000000,
+                                               parent_node_perm_passed=True).search()
+
+        cur_subnet = ipaddress.ip_network(cidr)
+        for item in response:
+            if item['_id'] == _id:
+                continue
+
+            if cur_subnet.overlaps(ipaddress.ip_network(item.get(SubnetBuiltinAttributes.CIDR))):
+                return abort(400, ErrFormat.ipam_subnet_overlapped.format(cidr, item.get(SubnetBuiltinAttributes.CIDR)))
+
+    def validate_cidr(self, parent_id, cidr, _id=None):
+        cidr = self._is_valid_cidr(cidr)
+
+        if not parent_id:
+            return self._check_root_node_is_overlapping(cidr, _id)
+
+        parent_subnet = CIManager().get_ci_by_id(parent_id, need_children=False)
+        if parent_subnet['ci_type'] == BuiltinModelEnum.IPAM_SUBNET:
+            if parent_subnet.get(SubnetBuiltinAttributes.CIDR):
+                prefix = int(cidr.split('/')[1])
+                if int(parent_subnet[SubnetBuiltinAttributes.CIDR].split('/')[1]) >= prefix:
+                    return abort(400, ErrFormat.ipam_subnet_prefix_length_invalid.format(prefix))
+
+                valid_subnets = [str(i) for i in
+                                 ipaddress.ip_network(parent_subnet[SubnetBuiltinAttributes.CIDR]).subnets(
+                                     new_prefix=prefix)]
+                if cidr not in valid_subnets:
+                    return abort(400, ErrFormat.ipam_cidr_invalid_subnet.format(cidr, valid_subnets))
+            else:
+                return abort(400, ErrFormat.ipam_parent_subnet_node_cidr_cannot_empty)
+
+        self._check_child_node_is_overlapping(parent_id, cidr, _id)
+
+        return cidr
+
+    def _add_subnet(self, cidr, **kwargs):
+        kwargs[SubnetBuiltinAttributes.HOSTS_COUNT] = len(list(ipaddress.ip_network(cidr).hosts()))
+        kwargs[SubnetBuiltinAttributes.USED_COUNT] = 0
+        kwargs[SubnetBuiltinAttributes.ASSIGN_COUNT] = 0
+        kwargs[SubnetBuiltinAttributes.FREE_COUNT] = kwargs[SubnetBuiltinAttributes.HOSTS_COUNT]
+
+        return CIManager().add(self.type_id, cidr=cidr, **kwargs)
+
+    @staticmethod
+    def _add_scan_rule(ci_id, agent_id, cron, scan_enabled=True):
+        IPAMSubnetScan.create(ci_id=ci_id, agent_id=agent_id, cron=cron, scan_enabled=scan_enabled)
+
+    @staticmethod
+    def _add_relation(parent_id, child_id):
+        if not parent_id or not child_id:
+            return
+
+        CIRelationManager().add(parent_id, child_id, valid=False)
+
+    def add(self, cidr, parent_id, agent_id, cron, scan_enabled=True, **kwargs):
+        cidr = self.validate_cidr(parent_id, cidr)
+
+        ci_id = self._add_subnet(cidr, **kwargs)
+
+        self._add_scan_rule(ci_id, agent_id, cron, scan_enabled)
+
+        self._add_relation(parent_id, ci_id)
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.ADD_SUBNET,
+                                    cidr=cidr,
+                                    description=cidr)
+
+        return ci_id
+
+    @staticmethod
+    def _update_subnet(_id, **kwargs):
+        return CIManager().update(_id, **kwargs)
+
+    @staticmethod
+    def _update_scan_rule(ci_id, agent_id, cron, scan_enabled=True):
+        existed = IPAMSubnetScan.get_by(ci_id=ci_id, first=True, to_dict=False)
+        if existed is not None:
+            existed.update(ci_id=ci_id, agent_id=agent_id, cron=cron, scan_enabled=scan_enabled,
+                           rule_updated_at=datetime.datetime.now())
+        else:
+            IPAMSubnetScan.create(ci_id=ci_id, agent_id=agent_id, cron=cron, scan_enabled=scan_enabled)
+
+    def update(self, _id, **kwargs):
+        kwargs[SubnetBuiltinAttributes.CIDR] = self.validate_cidr(kwargs.pop('parent_id', None),
+                                                                  kwargs.get(SubnetBuiltinAttributes.CIDR), _id)
+
+        agent_id = kwargs.pop('agent_id', None)
+        cron = kwargs.pop('cron', None)
+        scan_enabled = kwargs.pop('scan_enabled', True)
+
+        cur = CIManager.get_ci_by_id(_id, need_children=False)
+
+        self._update_subnet(_id, **kwargs)
+
+        self._update_scan_rule(_id, agent_id, cron, scan_enabled)
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.UPDATE_SUBNET,
+                                    cidr=cur.get(SubnetBuiltinAttributes.CIDR),
+                                    description="{} -> {}".format(cur.get(SubnetBuiltinAttributes.CIDR),
+                                                                  kwargs.get(SubnetBuiltinAttributes.CIDR)))
+
+        return _id
+
+    @classmethod
+    def delete(cls, _id):
+        if CIRelation.get_by(only_query=True).filter(CIRelation.first_ci_id == _id).first():
+            return abort(400, ErrFormat.ipam_subnet_cannot_delete)
+
+        existed = IPAMSubnetScan.get_by(ci_id=_id, first=True, to_dict=False)
+        existed and existed.delete()
+
+        delete_ci_ids = []
+        for i in CIRelation.get_by(first_ci_id=_id, to_dict=False):
+            delete_ci_ids.append(i.second_ci_id)
+            i.delete()
+
+        cur = CIManager.get_ci_by_id(_id, need_children=False)
+
+        CIManager().delete(_id)
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.DELETE_SUBNET,
+                                    cidr=cur.get(SubnetBuiltinAttributes.CIDR),
+                                    description=cur.get(SubnetBuiltinAttributes.CIDR))
+
+        # batch_delete_ci.apply_async(args=(delete_ci_ids,))
+
+        return _id
+
+
+class SubnetScopeManager(object):
+    def __init__(self):
+        self.ci_type = CITypeCache.get(BuiltinModelEnum.IPAM_SCOPE)
+        not self.ci_type and abort(400, ErrFormat.ipam_subnet_model_not_found.format(
+            BuiltinModelEnum.IPAM_SCOPE))
+
+        self.type_id = self.ci_type.id
+
+    def _add_scope(self, name):
+        return CIManager().add(self.type_id, name=name)
+
+    @staticmethod
+    def _add_relation(parent_id, child_id):
+        if not parent_id or not child_id:
+            return
+
+        CIRelationManager().add(parent_id, child_id, valid=False)
+
+    def add(self, parent_id, name):
+        ci_id = self._add_scope(name)
+
+        self._add_relation(parent_id, ci_id)
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.ADD_SCOPE,
+                                    description=name)
+
+        return ci_id
+
+    @staticmethod
+    def _update_scope(_id, name):
+        return CIManager().update(_id, name=name)
+
+    def update(self, _id, name):
+        cur = CIManager.get_ci_by_id(_id, need_children=False)
+
+        res = self._update_scope(_id, name)
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.UPDATE_SCOPE,
+                                    description="{} -> {}".format(cur.get('name'), name))
+
+        return res
+
+    @staticmethod
+    def delete(_id):
+        if CIRelation.get_by(first_ci_id=_id, first=True, to_dict=False):
+            return abort(400, ErrFormat.ipam_scope_cannot_delete)
+
+        cur = CIManager.get_ci_by_id(_id, need_children=False)
+
+        CIManager().delete(_id)
+
+        OperateHistoryManager().add(operate_type=OperateTypeEnum.DELETE_SCOPE,
+                                    description=cur.get('name'))
+
+        return _id
--- a/cmdb-api/api/lib/cmdb/perms.py
+++ b/cmdb-api/api/lib/cmdb/perms.py
@@ -1,7 +1,6 @@
 # -*- coding:utf-8 -*-
 import copy
 import functools
-
 import redis_lock
 from flask import abort
 from flask import current_app
@@ -10,6 +9,7 @@ from flask_login import current_user

 from api.extensions import db
 from api.extensions import rd
+from api.lib.cmdb.const import BUILTIN_ATTRIBUTES
 from api.lib.cmdb.const import ResourceTypeEnum
 from api.lib.cmdb.resp_format import ErrFormat
 from api.lib.mixin import DBMixin
@@ -27,7 +27,7 @@ class CIFilterPermsCRUD(DBMixin):
        result = {}
        for i in res:
            if i['attr_filter']:
-                i['attr_filter'] = i['attr_filter'].split(',')
+                i['attr_filter'] = i['attr_filter'].split(',') + list(BUILTIN_ATTRIBUTES.keys())

            if i['rid'] not in result:
                result[i['rid']] = i
@@ -62,7 +62,7 @@ class CIFilterPermsCRUD(DBMixin):
        result = {}
        for i in res:
            if i['attr_filter']:
-                i['attr_filter'] = i['attr_filter'].split(',')
+                i['attr_filter'] = i['attr_filter'].split(',') + list(BUILTIN_ATTRIBUTES.keys())

            if i['type_id'] not in result:
                result[i['type_id']] = i
@@ -163,7 +163,7 @@ class CIFilterPermsCRUD(DBMixin):

    def add(self, **kwargs):
        kwargs = self._can_add(**kwargs) or kwargs
-        with redis_lock.Lock(rd.r, 'CMDB_FILTER_{}_{}'.format(kwargs['type_id'], kwargs['rid'])):
+        with redis_lock.Lock(rd.r, 'CMDB_FILTER_{}_{}'.format(kwargs['type_id'], kwargs['rid']), expire=10):
            request_id_filter = {}
            if kwargs.get('id_filter'):
                obj = self.cls.get_by(type_id=kwargs.get('type_id'),
@@ -232,7 +232,7 @@ class CIFilterPermsCRUD(DBMixin):
        pass

    def delete(self, **kwargs):
-        with redis_lock.Lock(rd.r, 'CMDB_FILTER_{}_{}'.format(kwargs['type_id'], kwargs['rid'])):
+        with redis_lock.Lock(rd.r, 'CMDB_FILTER_{}_{}'.format(kwargs['type_id'], kwargs['rid']), expire=10):
            obj = self.cls.get_by(type_id=kwargs.get('type_id'),
                                  rid=kwargs.get('rid'),
                                  id_filter=None,
@@ -249,7 +249,7 @@ class CIFilterPermsCRUD(DBMixin):

    def delete2(self, **kwargs):

-        with redis_lock.Lock(rd.r, 'CMDB_FILTER_{}_{}'.format(kwargs['type_id'], kwargs['rid'])):
+        with redis_lock.Lock(rd.r, 'CMDB_FILTER_{}_{}'.format(kwargs['type_id'], kwargs['rid']), expire=10):
            obj = self.cls.get_by(type_id=kwargs.get('type_id'),
                                  rid=kwargs.get('rid'),
                                  ci_filter=None,
--- a/cmdb-api/api/lib/cmdb/preference.py
+++ b/cmdb-api/api/lib/cmdb/preference.py
@@ -1,10 +1,8 @@
 # -*- coding:utf-8 -*-

-
+import copy
 from collections import defaultdict

-import copy
-import six
 import toposort
 from flask import abort
 from flask import current_app
@@ -17,18 +15,21 @@ from api.lib.cmdb.cache import CITypeAttributesCache
 from api.lib.cmdb.cache import CITypeCache
 from api.lib.cmdb.cache import CMDBCounterCache
 from api.lib.cmdb.ci_type import CITypeAttributeManager
+from api.lib.cmdb.ci_type import CITypeManager
+from api.lib.cmdb.const import BUILTIN_ATTRIBUTES
 from api.lib.cmdb.const import ConstraintEnum
 from api.lib.cmdb.const import PermEnum
 from api.lib.cmdb.const import ResourceTypeEnum
 from api.lib.cmdb.const import RoleEnum
+from api.lib.cmdb.const import SysComputedAttributes
 from api.lib.cmdb.perms import CIFilterPermsCRUD
 from api.lib.cmdb.resp_format import ErrFormat
 from api.lib.exception import AbortException
 from api.lib.perm.acl.acl import ACLManager
-from api.models.cmdb import CITypeAttribute
 from api.models.cmdb import CITypeGroup
 from api.models.cmdb import CITypeGroupItem
 from api.models.cmdb import CITypeRelation
+from api.models.cmdb import PreferenceAutoSubscriptionConfig
 from api.models.cmdb import PreferenceCITypeOrder
 from api.models.cmdb import PreferenceRelationView
 from api.models.cmdb import PreferenceSearchOption
@@ -52,12 +53,24 @@ class PreferenceManager(object):
            CITypeGroup.deleted.is_(False)).filter(CITypeGroupItem.deleted.is_(False)):
            type2group[i.CITypeGroupItem.type_id] = i.CITypeGroup.to_dict()

-        types = db.session.query(PreferenceShowAttributes.type_id).filter(
-            PreferenceShowAttributes.uid == current_user.uid).filter(
-            PreferenceShowAttributes.deleted.is_(False)).group_by(
-            PreferenceShowAttributes.type_id).all() if instance else []
-        types = sorted(types, key=lambda x: {i.type_id: idx for idx, i in enumerate(
-            ci_type_order) if not i.is_tree}.get(x.type_id, 1))
+        if instance:
+            auto_types = PreferenceManager.get_auto_subscription_types(current_user.uid)
+            if auto_types is not None:
+                class TypeIdObj:
+                    def __init__(self, type_id):
+                        self.type_id = type_id
+
+                types = [TypeIdObj(t) for t in auto_types]
+            else:
+                types = db.session.query(PreferenceShowAttributes.type_id).filter(
+                    PreferenceShowAttributes.uid == current_user.uid).filter(
+                    PreferenceShowAttributes.deleted.is_(False)).group_by(
+                    PreferenceShowAttributes.type_id).all()
+        else:
+            types = []
+
+        types = sorted(types, key=lambda x: {i.type_id: idx for idx, i in enumerate(ci_type_order)
+                                             if not i.is_tree}.get(x.type_id, 1))
        group_types = []
        other_types = []
        group2idx = {}
@@ -104,19 +117,26 @@ class PreferenceManager(object):

        ci_type_order = sorted(PreferenceCITypeOrder.get_by(uid=current_user.uid, to_dict=False), key=lambda x: x.order)
        if instance:
-            types = db.session.query(PreferenceShowAttributes.type_id,
-                                     PreferenceShowAttributes.uid, PreferenceShowAttributes.created_at).filter(
-                PreferenceShowAttributes.deleted.is_(False)).filter(
-                PreferenceShowAttributes.uid == current_user.uid).group_by(
-                PreferenceShowAttributes.uid, PreferenceShowAttributes.type_id)
-            for i in types:
-                result['self']['instance'].append(i.type_id)
-                if str(i.created_at) > str(result['self']['type_id2subs_time'].get(i.type_id, "")):
-                    result['self']['type_id2subs_time'][i.type_id] = i.created_at
+            # Try auto subscription first, fallback to manual if not configured
+            auto_types = PreferenceManager.get_auto_subscription_types(current_user.uid)
+            if auto_types is not None:
+                result['self']['instance'] = auto_types
+                for type_id in auto_types:
+                    result['self']['type_id2subs_time'][type_id] = ""
+            else:
+                types = db.session.query(PreferenceShowAttributes.type_id,
+                                         PreferenceShowAttributes.uid, PreferenceShowAttributes.created_at).filter(
+                    PreferenceShowAttributes.deleted.is_(False)).filter(
+                    PreferenceShowAttributes.uid == current_user.uid).group_by(
+                    PreferenceShowAttributes.uid, PreferenceShowAttributes.type_id)
+                for i in types:
+                    result['self']['instance'].append(i.type_id)
+                    if str(i.created_at) > str(result['self']['type_id2subs_time'].get(i.type_id, "")):
+                        result['self']['type_id2subs_time'][i.type_id] = i.created_at

-            instance_order = [i.type_id for i in ci_type_order if not i.is_tree]
-            if len(instance_order) == len(result['self']['instance']):
-                result['self']['instance'] = instance_order
+                instance_order = [i.type_id for i in ci_type_order if not i.is_tree]
+                if len(instance_order) == len(result['self']['instance']):
+                    result['self']['instance'] = instance_order

        if tree:
            types = PreferenceTreeView.get_by(uid=current_user.uid, to_dict=False)
@@ -132,22 +152,83 @@ class PreferenceManager(object):
        return result

    @staticmethod
-    def get_show_attributes(type_id):
-        if not isinstance(type_id, six.integer_types):
-            _type = CITypeCache.get(type_id)
-            type_id = _type and _type.id
+    def get_auto_subscription_types(uid):
+        """Get user's auto-subscribed CI types based on config rules"""
+        config = PreferenceAutoSubscriptionConfig.get_by(
+            uid=uid, enabled=True, first=True, to_dict=False
+        )

-        attrs = db.session.query(PreferenceShowAttributes, CITypeAttribute.order).join(
-            CITypeAttribute, CITypeAttribute.attr_id == PreferenceShowAttributes.attr_id).filter(
-            PreferenceShowAttributes.uid == current_user.uid).filter(
-            PreferenceShowAttributes.type_id == type_id).filter(
-            PreferenceShowAttributes.deleted.is_(False)).filter(CITypeAttribute.deleted.is_(False)).group_by(
-            CITypeAttribute.attr_id).all()
+        if not config:
+            return None
+
+        all_permitted_types = PreferenceManager._get_permitted_ci_types()
+        result_types = PreferenceManager._apply_subscription_config(config, all_permitted_types)
+
+        return result_types
+
+    @staticmethod
+    def _get_permitted_ci_types():
+        """Get CI types that user has read permission for"""
+        from api.lib.perm.acl.acl import is_app_admin
+
+        if not current_app.config.get('USE_ACL') or is_app_admin('cmdb'):
+            return [t['id'] for t in CITypeManager.get_ci_types()]
+
+        # Regular user: filter by permissions
+        permitted_resources = ACLManager('cmdb').get_resources(ResourceTypeEnum.CI)
+        permitted_names = {r.get('name') for r in permitted_resources}
+
+        return [ci_type_dict['id'] for ci_type_dict in CITypeManager.get_ci_types()
+                if ci_type_dict['name'] in permitted_names]
+
+    @staticmethod
+    def _apply_subscription_config(config, all_permitted_types):
+        """Apply subscription rules: 'all' mode excludes, 'none' mode includes"""
+        result_types = set()
+
+        if config.base_strategy == 'all':
+            # Start with all types, then exclude
+            result_types = set(all_permitted_types)
+
+            if config.group_ids:
+                exclude_group_type_ids = PreferenceManager._get_types_by_group_ids(config.group_ids)
+                result_types.difference_update(exclude_group_type_ids)
+
+            if config.type_ids:
+                result_types.difference_update(config.type_ids)
+
+        else:  # base_strategy == 'none'
+            # Start empty, then include
+            if config.group_ids:
+                include_group_type_ids = PreferenceManager._get_types_by_group_ids(config.group_ids)
+                result_types.update(t for t in include_group_type_ids if t in all_permitted_types)
+
+            if config.type_ids:
+                result_types.update(t for t in config.type_ids if t in all_permitted_types)
+
+        return list(result_types)
+
+    @staticmethod
+    def _get_types_by_group_ids(group_ids):
+        return [i.type_id for i in CITypeGroupItem.get_by(
+            __func_in___key_group_id=group_ids, to_dict=False, fl=['type_id'])]
+
+    @staticmethod
+    def get_show_attributes(type_id):
+        _type = CITypeCache.get(type_id) or abort(404, ErrFormat.ci_type_not_found)
+        type_id = _type and _type.id
+
+        attrs = PreferenceShowAttributes.get_by(uid=current_user.uid, type_id=type_id, to_dict=False)

        result = []
-        for i in sorted(attrs, key=lambda x: x.PreferenceShowAttributes.order):
-            item = i.PreferenceShowAttributes.attr.to_dict()
-            item.update(dict(is_fixed=i.PreferenceShowAttributes.is_fixed))
+        for i in sorted(attrs, key=lambda x: x.order):
+            if i.attr_id:
+                item = i.attr.to_dict()
+            elif i.builtin_attr:
+                item = dict(name=i.builtin_attr, alias=BUILTIN_ATTRIBUTES[i.builtin_attr])
+            else:
+                item = dict(name="", alias="")
+            item.update(dict(is_fixed=i.is_fixed))
            result.append(item)

        is_subscribed = True
@@ -156,13 +237,23 @@ class PreferenceManager(object):
                                                                      choice_web_hook_parse=False,
                                                                      choice_other_parse=False)
            result = [i for i in result if i['default_show']]
+
+            for i in BUILTIN_ATTRIBUTES:
+                result.append(dict(name=i, alias=BUILTIN_ATTRIBUTES[i]))
+
            is_subscribed = False

        for i in result:
-            if i["is_choice"]:
+            if i.get("is_choice"):
                i.update(dict(choice_value=AttributeManager.get_choice_values(
                    i["id"], i["value_type"], i.get("choice_web_hook"), i.get("choice_other"))))

+            if (_type.name in SysComputedAttributes.type2attr and
+                    i['name'] in SysComputedAttributes.type2attr[_type.name]):
+                i['sys_computed'] = True
+            else:
+                i['sys_computed'] = False
+
        return is_subscribed, result

    @classmethod
@@ -173,24 +264,34 @@ class PreferenceManager(object):
                _attr, is_fixed = x
            else:
                _attr, is_fixed = x, False
-            attr = AttributeCache.get(_attr) or abort(404, ErrFormat.attribute_not_found.format("id={}".format(_attr)))
+
+            if _attr in BUILTIN_ATTRIBUTES:
+                attr = None
+                builtin_attr = _attr
+            else:
+                attr = AttributeCache.get(_attr) or abort(
+                    404, ErrFormat.attribute_not_found.format("id={}".format(_attr)))
+                builtin_attr = None
            existed = PreferenceShowAttributes.get_by(type_id=type_id,
                                                      uid=current_user.uid,
-                                                      attr_id=attr.id,
+                                                      attr_id=attr and attr.id,
+                                                      builtin_attr=builtin_attr,
                                                      first=True,
                                                      to_dict=False)
            if existed is None:
                PreferenceShowAttributes.create(type_id=type_id,
                                                uid=current_user.uid,
-                                                attr_id=attr.id,
+                                                attr_id=attr and attr.id,
+                                                builtin_attr=builtin_attr,
                                                order=order,
                                                is_fixed=is_fixed)
            else:
                existed.update(order=order, is_fixed=is_fixed)

-        attr_dict = {int(i[0]) if isinstance(i, list) else int(i): j for i, j in attr_order}
+        attr_dict = {(int(i[0]) if i[0].isdigit() else i[0]) if isinstance(i, list) else
+                     (int(i) if i.isdigit() else i): j for i, j in attr_order}
        for i in existed_all:
-            if i.attr_id not in attr_dict:
+            if (i.attr_id and i.attr_id not in attr_dict) or (i.builtin_attr and i.builtin_attr not in attr_dict):
                i.soft_delete()

        if not existed_all and attr_order:
@@ -384,14 +485,22 @@ class PreferenceManager(object):
    def add_search_option(**kwargs):
        kwargs['uid'] = current_user.uid

-        existed = PreferenceSearchOption.get_by(uid=current_user.uid,
-                                                name=kwargs.get('name'),
-                                                prv_id=kwargs.get('prv_id'),
-                                                ptv_id=kwargs.get('ptv_id'),
-                                                type_id=kwargs.get('type_id'),
-                                                )
-        if existed:
-            return abort(400, ErrFormat.preference_search_option_exists)
+        if kwargs['name'] in ('__recent__', '__favor__', '__relation_favor__'):
+            if kwargs['name'] == '__recent__':
+                for i in PreferenceSearchOption.get_by(
+                        only_query=True, name=kwargs['name'], uid=current_user.uid).order_by(
+                    PreferenceSearchOption.id.desc()).offset(20):
+                    i.delete()
+
+        else:
+            existed = PreferenceSearchOption.get_by(uid=current_user.uid,
+                                                    name=kwargs.get('name'),
+                                                    prv_id=kwargs.get('prv_id'),
+                                                    ptv_id=kwargs.get('ptv_id'),
+                                                    type_id=kwargs.get('type_id'),
+                                                    )
+            if existed:
+                return abort(400, ErrFormat.preference_search_option_exists)

        return PreferenceSearchOption.create(**kwargs)

@@ -492,3 +601,54 @@ class PreferenceManager(object):
            db.session.rollback()
            current_app.logger.error("upsert citype order failed: {}".format(e))
            return abort(400, ErrFormat.unknown_error)
+
+    @staticmethod
+    def get_auto_subscription_config():
+        """Get user's auto subscription configuration"""
+        config = PreferenceAutoSubscriptionConfig.get_by(
+            uid=current_user.uid, first=True, to_dict=True
+        )
+        return config
+
+    @staticmethod
+    def create_or_update_auto_subscription_config(base_strategy, group_ids=None, type_ids=None,
+                                                  enabled=True, description=None):
+        """Create or update user's auto subscription config"""
+        config = PreferenceAutoSubscriptionConfig.get_by(
+            uid=current_user.uid, first=True, to_dict=False
+        )
+
+        data = {
+            'base_strategy': base_strategy,
+            'group_ids': group_ids or [],
+            'type_ids': type_ids or [],
+            'enabled': enabled,
+            'description': description
+        }
+
+        if config:
+            return config.update(**data)
+        else:
+            data['uid'] = current_user.uid
+            return PreferenceAutoSubscriptionConfig.create(**data)
+
+    @staticmethod
+    def delete_auto_subscription_config():
+        """Delete user's auto subscription configuration"""
+        config = PreferenceAutoSubscriptionConfig.get_by(
+            uid=current_user.uid, first=True, to_dict=False
+        )
+        if config:
+            config.soft_delete()
+        return True
+
+    @staticmethod
+    def toggle_auto_subscription_config(enabled):
+        """Enable or disable user's auto subscription config"""
+        config = PreferenceAutoSubscriptionConfig.get_by(
+            uid=current_user.uid, first=True, to_dict=False
+        )
+        if not config:
+            return abort(404, "Auto subscription config not found")
+
+        return config.update(enabled=enabled)
--- a/cmdb-api/api/lib/cmdb/resp_format.py
+++ b/cmdb-api/api/lib/cmdb/resp_format.py
@@ -16,8 +16,9 @@ class ErrFormat(CommonErrFormat):
    argument_file_not_found = _l("The file doesn't seem to be uploaded")  # 文件似乎并未上传

    attribute_not_found = _l("Attribute {} does not exist!")  # 属性 {} 不存在!
+    # 该属性是模型的唯一标识，不能被删除!
    attribute_is_unique_id = _l(
-        "This attribute is the unique identifier of the model and cannot be deleted!")  # 该属性是模型的唯一标识，不能被删除!
+        "This attribute is the unique identifier of the model and cannot be deleted!")  
    attribute_is_ref_by_type = _l(
        "This attribute is referenced by model {} and cannot be deleted!")  # 该属性被模型 {} 引用, 不能删除!
    attribute_value_type_cannot_change = _l(
@@ -129,7 +130,8 @@ class ErrFormat(CommonErrFormat):
    adr_default_ref_once = _l("The default auto-discovery rule is already referenced by model {}!")
    # unique_key方法必须返回非空字符串!
    adr_unique_key_required = _l("The unique_key method must return a non-empty string!")
-    adr_plugin_attributes_list_required = _l("The attributes method must return a list")  # attributes方法必须返回的是list
+    # attributes方法必须返回的是list
+    adr_plugin_attributes_list_required = _l("The attributes method must return a list")  
    # attributes方法返回的list不能为空!
    adr_plugin_attributes_list_no_empty = _l("The list returned by the attributes method cannot be empty!")
    # 只有管理员才可以定义执行机器为: 所有节点!
@@ -154,3 +156,23 @@ class ErrFormat(CommonErrFormat):
    topology_group_exists = _l("Topology group {} already exists")  # 拓扑视图分组 {} 已经存在
    # 因为该分组下定义了拓扑视图，不能删除
    topo_view_exists_cannot_delete_group = _l("The group cannot be deleted because the topology view already exists")
+
+    relation_path_search_src_target_required = _l("Both the source model and the target model must be selected")
+
+    builtin_type_cannot_update_name = _l("The names of built-in models cannot be changed")
+    # # IPAM
+    ipam_subnet_model_not_found = _l("The subnet model {} does not exist")
+    ipam_address_model_not_found = _l("The IP Address model {} does not exist")
+    ipam_cidr_invalid_notation = _l("CIDR {} is an invalid notation")
+    ipam_cidr_invalid_subnet = _l("Invalid CIDR: {}, available subnets: {}")
+    ipam_subnet_prefix_length_invalid = _l("Invalid subnet prefix length: {}")
+    ipam_parent_subnet_node_cidr_cannot_empty = _l("parent node cidr must be required")
+    ipam_subnet_overlapped = _l("{} and {} overlap")
+    ipam_subnet_cannot_delete = _l("Cannot delete because child nodes exist")
+    ipam_subnet_not_found = _l("Subnet is not found")
+    ipam_scope_cannot_delete = _l("Cannot delete because child nodes exist")
+
+    # # DCIM
+    dcim_builtin_model_not_found = _l("The dcim model {} does not exist")
+    dcim_rack_u_slot_invalid = _l("Irregularities in Rack Units")
+    dcim_rack_u_count_invalid = _l("The device's position is greater than the rack unit height")
--- a/cmdb-api/api/lib/cmdb/search/ci/db/query_sql.py
+++ b/cmdb-api/api/lib/cmdb/search/ci/db/query_sql.py
@@ -107,3 +107,12 @@ FROM
    WHERE c_value_index_datetime.value LIKE "{0}") AS {1}
 GROUP BY  {1}.ci_id
 """
+
+QUERY_CI_BY_NO_ATTR_IN = """
+SELECT *
+FROM 
+    (SELECT c_value_index_texts.ci_id
+    FROM c_value_index_texts
+    WHERE c_value_index_texts.value in ({0})) AS {1}
+GROUP BY {1}.ci_id
+"""
--- a/cmdb-api/api/lib/cmdb/search/ci/db/search.py
+++ b/cmdb-api/api/lib/cmdb/search/ci/db/search.py
@@ -4,8 +4,9 @@
 from __future__ import unicode_literals

 import copy
+import six
 import time
-
+from flask import abort
 from flask import current_app
 from flask_login import current_user
 from jinja2 import Template
@@ -15,6 +16,7 @@ from api.extensions import db
 from api.lib.cmdb.cache import AttributeCache
 from api.lib.cmdb.cache import CITypeCache
 from api.lib.cmdb.ci import CIManager
+from api.lib.cmdb.const import BUILTIN_ATTRIBUTES
 from api.lib.cmdb.const import PermEnum
 from api.lib.cmdb.const import ResourceTypeEnum
 from api.lib.cmdb.const import RetKey
@@ -26,6 +28,7 @@ from api.lib.cmdb.search.ci.db.query_sql import FACET_QUERY
 from api.lib.cmdb.search.ci.db.query_sql import QUERY_CI_BY_ATTR_NAME
 from api.lib.cmdb.search.ci.db.query_sql import QUERY_CI_BY_ID
 from api.lib.cmdb.search.ci.db.query_sql import QUERY_CI_BY_NO_ATTR
+from api.lib.cmdb.search.ci.db.query_sql import QUERY_CI_BY_NO_ATTR_IN
 from api.lib.cmdb.search.ci.db.query_sql import QUERY_CI_BY_TYPE
 from api.lib.cmdb.search.ci.db.query_sql import QUERY_UNION_CI_ATTRIBUTE_IS_NULL
 from api.lib.cmdb.utils import TableMap
@@ -66,6 +69,7 @@ class Search(object):
        self.use_id_filter = use_id_filter
        self.use_ci_filter = use_ci_filter
        self.only_ids = only_ids
+        self.multi_type_has_ci_filter = False

        self.valid_type_names = []
        self.type2filter_perms = dict()
@@ -104,35 +108,58 @@ class Search(object):
        else:
            raise SearchError(ErrFormat.attribute_not_found.format(key))

-    def _type_query_handler(self, v, queries):
+    def _type_query_handler(self, v, queries, is_sub=False):
        new_v = v[1:-1].split(";") if v.startswith("(") and v.endswith(")") else [v]
+        type_num = len(new_v)
+        type_id_list = []
        for _v in new_v:
            ci_type = CITypeCache.get(_v)

-            if len(new_v) == 1 and not self.sort and ci_type and ci_type.default_order_attr:
+            if type_num == 1 and not self.sort and ci_type and ci_type.default_order_attr:
                self.sort = ci_type.default_order_attr

            if ci_type is not None:
                if self.valid_type_names == "ALL" or ci_type.name in self.valid_type_names:
-                    self.type_id_list.append(str(ci_type.id))
-                    if ci_type.id in self.type2filter_perms:
+                    if not is_sub:
+                        self.type_id_list.append(str(ci_type.id))
+                    type_id_list.append(str(ci_type.id))
+                    if ci_type.id in self.type2filter_perms and not is_sub:
                        ci_filter = self.type2filter_perms[ci_type.id].get('ci_filter')
                        if ci_filter and self.use_ci_filter and not self.use_id_filter:
                            sub = []
                            ci_filter = Template(ci_filter).render(user=current_user)
                            for i in ci_filter.split(','):
-                                if i.startswith("~") and not sub:
-                                    queries.append(i)
+                                if type_num == 1:
+                                    if i.startswith("~") and not sub:
+                                        queries.append(i)
+                                    else:
+                                        sub.append(i)
                                else:
                                    sub.append(i)
                            if sub:
-                                queries.append(dict(operator="&", queries=sub))
+                                if type_num == 1:
+                                    queries.append(dict(operator="&", queries=sub))
+                                else:
+                                    if str(ci_type.id) in self.type_id_list:
+                                        self.type_id_list.remove(str(ci_type.id))
+                                    type_id_list.remove(str(ci_type.id))
+                                    sub.extend([i for i in queries[1:] if isinstance(i, (six.string_types, list))])

+                                    sub.insert(0, "_type:{}".format(ci_type.id))
+                                    queries.append(dict(operator="|", queries=sub))
+                                    self.multi_type_has_ci_filter = True
                        if self.type2filter_perms[ci_type.id].get('attr_filter'):
-                            if not self.fl:
-                                self.fl = set(self.type2filter_perms[ci_type.id]['attr_filter'])
+                            if type_num == 1:
+                                if not self.fl:
+                                    self.fl = set(self.type2filter_perms[ci_type.id]['attr_filter'])
+                                else:
+                                    fl = set(self.fl) & set(self.type2filter_perms[ci_type.id]['attr_filter'])
+                                    not fl and abort(400, ErrFormat.ci_filter_perm_attr_no_permission.format(self.fl))
+                                    self.fl = fl
                            else:
-                                self.fl = set(self.fl) & set(self.type2filter_perms[ci_type.id]['attr_filter'])
+                                self.fl = self.fl or {}
+                                if not self.fl or isinstance(self.fl, dict):
+                                    self.fl[ci_type.id] = set(self.type2filter_perms[ci_type.id]['attr_filter'])

                        if self.type2filter_perms[ci_type.id].get('id_filter') and self.use_id_filter:

@@ -146,13 +173,17 @@ class Search(object):
            else:
                raise SearchError(ErrFormat.ci_type_not_found2.format(_v))

-        if self.type_id_list:
-            type_ids = ",".join(self.type_id_list)
+        if type_num != len(self.type_id_list) and queries and queries[0].startswith('_type') and not is_sub:
+            queries[0] = "_type:({})".format(";".join(self.type_id_list))
+
+        if type_id_list:
+            type_ids = ",".join(type_id_list)
            _query_sql = QUERY_CI_BY_TYPE.format(type_ids)
-            if self.only_type_query:
+            if self.only_type_query or self.multi_type_has_ci_filter:
                return _query_sql
-            else:
-                return ""
+        elif type_num > 1:  # there must be instance-level access control
+            return "select c_cis.id as ci_id from c_cis where c_cis.id=0"
+
        return ""

    @staticmethod
@@ -229,7 +260,7 @@ class Search(object):
            return ret_sql.format(query_sql, "ORDER BY B.ci_id {1} LIMIT {0:d}, {2};".format(
                (self.page - 1) * self.count, sort_type, self.count))

-        elif self.type_id_list:
+        elif self.type_id_list and not self.multi_type_has_ci_filter:
            self.query_sql = "SELECT B.ci_id FROM ({0}) AS B {1}".format(
                query_sql,
                "INNER JOIN c_cis on c_cis.id=B.ci_id WHERE c_cis.type_id IN ({0}) ".format(
@@ -254,7 +285,7 @@ class Search(object):
    def __sort_by_type(self, sort_type, query_sql):
        ret_sql = "SELECT SQL_CALC_FOUND_ROWS DISTINCT B.ci_id FROM ({0}) AS B {1}"

-        if self.type_id_list:
+        if self.type_id_list and not self.multi_type_has_ci_filter:
            self.query_sql = "SELECT B.ci_id FROM ({0}) AS B {1}".format(
                query_sql,
                "INNER JOIN c_cis on c_cis.id=B.ci_id WHERE c_cis.type_id IN ({0}) ".format(
@@ -278,16 +309,23 @@ class Search(object):
                    (self.page - 1) * self.count, sort_type, self.count))

    def __sort_by_field(self, field, sort_type, query_sql):
-        attr = AttributeCache.get(field)
-        attr_id = attr.id
+        if field not in BUILTIN_ATTRIBUTES:

-        table_name = TableMap(attr=attr).table_name
-        _v_query_sql = """SELECT {0}.ci_id, {1}.value
-                          FROM ({2}) AS {0} INNER JOIN {1} ON {1}.ci_id = {0}.ci_id
-                          WHERE {1}.attr_id = {3}""".format("ALIAS", table_name, query_sql, attr_id)
-        new_table = _v_query_sql
+            attr = AttributeCache.get(field)
+            attr_id = attr.id

-        if self.only_type_query or not self.type_id_list:
+            table_name = TableMap(attr=attr).table_name
+            _v_query_sql = """SELECT ALIAS.ci_id, {0}.value
+                              FROM ({1}) AS ALIAS INNER JOIN {0} ON {0}.ci_id = ALIAS.ci_id
+                              WHERE {0}.attr_id = {2}""".format(table_name, query_sql, attr_id)
+            new_table = _v_query_sql
+        else:
+            _v_query_sql = """SELECT c_cis.id AS ci_id, c_cis.{0} AS value
+                                          FROM c_cis  INNER JOIN ({1}) AS ALIAS ON ALIAS.ci_id = c_cis.id""".format(
+                field[1:], query_sql)
+            new_table = _v_query_sql
+
+        if self.only_type_query or not self.type_id_list or self.multi_type_has_ci_filter:
            return ("SELECT SQL_CALC_FOUND_ROWS DISTINCT C.ci_id FROM ({0}) AS C ORDER BY C.value {2} "
                    "LIMIT {1:d}, {3};".format(new_table, (self.page - 1) * self.count, sort_type, self.count))

@@ -325,7 +363,9 @@ class Search(object):
                           INNER JOIN ({2}) as {3} USING(ci_id)""".format(query_sql, alias, _query_sql, alias + "A")

        elif operator == "|" or operator == "|~":
-            query_sql = "SELECT * FROM ({0}) as {1} UNION ALL ({2})".format(query_sql, alias, _query_sql)
+            query_sql = "SELECT * FROM ({0}) as {1} UNION ALL SELECT * FROM ({2}) as {3}".format(query_sql, alias,
+                                                                                                 _query_sql,
+                                                                                                 alias + "A")

        elif operator == "~":
            query_sql = """SELECT * FROM ({0}) as {1} LEFT JOIN ({2}) as {3} USING(ci_id)
@@ -397,11 +437,14 @@ class Search(object):
                if not q.startswith("("):
                    raise SearchError(ErrFormat.ci_search_Parentheses_invalid)

-                operator, q = self._operator_proc(q)
-                if q.endswith(")"):
-                    result.append(dict(operator=operator, queries=[q[1:-1]]))
+                if ":" not in q:  # multi-line search
+                    result.append(q[1:-1].split(';'))
+                else:
+                    operator, q = self._operator_proc(q)
+                    if q.endswith(")"):
+                        result.append(dict(operator=operator, queries=[q[1:-1]]))

-                sub = dict(operator=operator, queries=[q[1:]])
+                    sub = dict(operator=operator, queries=[q[1:]])
            elif q.endswith(")") and sub:
                sub['queries'].append(q[:-1])
                result.append(copy.deepcopy(sub))
@@ -430,14 +473,14 @@ class Search(object):

        return result

-    def __query_by_attr(self, q, queries, alias):
+    def __query_by_attr(self, q, queries, alias, is_sub=False):
        k = q.split(":")[0].strip()
        v = "\:".join(q.split(":")[1:]).strip()
        v = v.replace("'", "\\'")
        v = v.replace('"', '\\"')
        field, field_type, operator, attr = self._attr_name_proc(k)
        if field == "_type":
-            _query_sql = self._type_query_handler(v, queries)
+            _query_sql = self._type_query_handler(v, queries, is_sub)

        elif field == "_id":
            _query_sql = self._id_query_handler(v)
@@ -484,26 +527,36 @@ class Search(object):

        return alias, _query_sql, operator

-    def __query_build_by_field(self, queries, is_first=True, only_type_query_special=True, alias='A', operator='&'):
+    def __query_build_by_field(self, queries, is_first=True, only_type_query_special=True, alias='A', operator='&',
+                               is_sub=False):
        query_sql = ""

        for q in queries:
+            # current_app.logger.debug(q)
            _query_sql = ""
            if isinstance(q, dict):
-                alias, _query_sql, operator = self.__query_build_by_field(q['queries'], True, True, alias)
-                current_app.logger.info(_query_sql)
-                current_app.logger.info((operator, is_first, alias))
-                operator = q['operator']
+                if len(q['queries']) == 1 and ";" in q['queries'][0]:
+                    values = q['queries'][0].split(";")
+                    in_values = ",".join("'{0}'".format(v) for v in values)
+                    _query_sql = QUERY_CI_BY_NO_ATTR_IN.format(in_values, alias)
+                    operator = q['operator']
+                else:
+                    alias, _query_sql, operator = self.__query_build_by_field(q['queries'], True, True, alias,
+                                                                              is_sub=True)
+                    operator = q['operator']

            elif ":" in q and not q.startswith("*"):
-                alias, _query_sql, operator = self.__query_by_attr(q, queries, alias)
+                alias, _query_sql, operator = self.__query_by_attr(q, queries, alias, is_sub)
            elif q == "*":
                continue
            elif q:
-                q = q.replace("'", "\\'")
-                q = q.replace('"', '\\"')
-                q = q.replace("*", "%").replace('\\n', '%')
-                _query_sql = QUERY_CI_BY_NO_ATTR.format(q, alias)
+                if not isinstance(q, list):
+                    q = q.replace("'", "\\'")
+                    q = q.replace('"', '\\"')
+                    q = q.replace("*", "%").replace('\\n', '%')
+                    _query_sql = QUERY_CI_BY_NO_ATTR.format(q, alias)
+                else:
+                    _query_sql = QUERY_CI_BY_NO_ATTR_IN.format(",".join("'{0}'".format(v) for v in q), alias)

            if is_first and _query_sql and not self.only_type_query:
                query_sql = "SELECT * FROM ({0}) AS {1}".format(_query_sql, alias)
@@ -547,7 +600,6 @@ class Search(object):
        queries = handle_arg_list(self.orig_query)
        queries = self._extra_handle_query_expr(queries)
        queries = self.__confirm_type_first(queries)
-        current_app.logger.debug(queries)

        _, query_sql, _ = self.__query_build_by_field(queries)

@@ -585,13 +637,16 @@ class Search(object):
        return facet_result

    def _fl_build(self):
-        _fl = list()
-        for f in self.fl:
-            k, _, _, _ = self._attr_name_proc(f)
-            if k:
-                _fl.append(k)
+        if isinstance(self.fl, list):
+            _fl = list()
+            for f in self.fl:
+                k, _, _, _ = self._attr_name_proc(f)
+                if k:
+                    _fl.append(k)

-        return _fl
+            return _fl
+        else:
+            return self.fl

    def search(self):
        numfound, ci_ids = self._query_build_raw()
@@ -610,6 +665,8 @@ class Search(object):
        if ci_ids:
            response = CIManager.get_cis_by_ids(ci_ids, ret_key=self.ret_key, fields=_fl, excludes=self.excludes)
        for res in response:
+            if not res:
+                continue
            ci_type = res.get("ci_type")
            if ci_type not in counter.keys():
                counter[ci_type] = 0
--- a/cmdb-api/api/lib/cmdb/search/ci_relation/search.py
+++ b/cmdb-api/api/lib/cmdb/search/ci_relation/search.py
@@ -1,8 +1,11 @@
 # -*- coding:utf-8 -*-
-import json
-import sys
 from collections import Counter
+from collections import defaultdict

+import copy
+import json
+import networkx as nx
+import sys
 from flask import abort
 from flask import current_app
 from flask_login import current_user
@@ -13,6 +16,7 @@ from api.lib.cmdb.cache import CITypeCache
 from api.lib.cmdb.ci import CIRelationManager
 from api.lib.cmdb.ci_type import CITypeRelationManager
 from api.lib.cmdb.const import ConstraintEnum
+from api.lib.cmdb.const import PermEnum
 from api.lib.cmdb.const import REDIS_PREFIX_CI_RELATION
 from api.lib.cmdb.const import REDIS_PREFIX_CI_RELATION2
 from api.lib.cmdb.const import ResourceTypeEnum
@@ -25,10 +29,12 @@ from api.lib.cmdb.utils import ValueTypeMap
 from api.lib.perm.acl.acl import ACLManager
 from api.lib.perm.acl.acl import is_app_admin
 from api.models.cmdb import CI
+from api.models.cmdb import CITypeRelation
+from api.models.cmdb import RelationType


 class Search(object):
-    def __init__(self, root_id,
+    def __init__(self, root_id=None,
                 level=None,
                 query=None,
                 fl=None,
@@ -58,7 +64,7 @@ class Search(object):

        self.ancestor_ids = ancestor_ids
        self.descendant_ids = descendant_ids
-        self.root_parent_path = root_parent_path
+        self.root_parent_path = root_parent_path or []
        self.has_m2m = has_m2m or False
        if not self.has_m2m:
            if self.ancestor_ids:
@@ -385,9 +391,10 @@ class Search(object):
            id2children[str(i)] = item['children']

        for lv in range(1, self.level):
+            type_id = type_ids[lv]

-            if len(type_ids or []) >= lv and type2filter_perms.get(type_ids[lv]):
-                id_filter_limit, _ = self._get_ci_filter(type2filter_perms[type_ids[lv]])
+            if len(type_ids or []) >= lv and type2filter_perms.get(type_id):
+                id_filter_limit, _ = self._get_ci_filter(type2filter_perms[type_id])
            else:
                id_filter_limit = {}

@@ -395,12 +402,12 @@ class Search(object):
                key, prefix = [i for i in level_ids], REDIS_PREFIX_CI_RELATION2
            else:
                key, prefix = [i.split(',')[-1] for i in level_ids], REDIS_PREFIX_CI_RELATION
+            
            res = [json.loads(x).items() for x in [i or '{}' for i in rd.get(key, prefix) or []]]
-            res = [[i for i in x if (not id_filter_limit or (key[idx] not in id_filter_limit or
+            res = [[i for i in x if i[1] == type_id and (not id_filter_limit or (key[idx] not in id_filter_limit or
                                                             int(i[0]) in id_filter_limit[key[idx]]) or
                                     int(i[0]) in id_filter_limit)] for idx, x in enumerate(res)]
            _level_ids = []
-            type_id = type_ids[lv]
            id2name = _get_id2name(type_id)
            for idx, node_path in enumerate(level_ids):
                for child_id, _ in (res[idx] or []):
@@ -419,3 +426,169 @@ class Search(object):
            level_ids = _level_ids

        return result
+
+    @staticmethod
+    def _get_src_ids(src):
+        q = src.get('q') or ''
+        if not q.startswith('_type:'):
+            q = "_type:{},{}".format(src['type_id'], q)
+
+        return SearchFromDB(q, use_ci_filter=True, only_ids=True, count=100000).search()
+
+    @staticmethod
+    def _filter_target_ids(target_ids, type_ids, q):
+        if not q.startswith('_type:'):
+            q = "_type:({}),{}".format(";".join(map(str, type_ids)), q)
+
+        ci_ids = SearchFromDB(q, ci_ids=target_ids, use_ci_filter=True, only_ids=True, count=100000).search()
+        cis = CI.get_by(fl=['id', 'type_id'], only_query=True).filter(CI.id.in_(ci_ids))
+
+        return [(str(i.id), i.type_id) for i in cis]
+
+    @staticmethod
+    def _path2level(src_type_id, target_type_ids, path):
+        if not src_type_id or not target_type_ids:
+            return abort(400, ErrFormat.relation_path_search_src_target_required)
+
+        graph = nx.DiGraph()
+        graph.add_edges_from([(n, _path[idx + 1]) for _path in path for idx, n in enumerate(_path[:-1])])
+        relation_types = defaultdict(dict)
+        level2type = defaultdict(set)
+        type2show_key = dict()
+        for _path in path:
+            for idx, node in enumerate(_path[1:]):
+                level2type[idx + 1].add(node)
+
+                src = CITypeCache.get(_path[idx])
+                target = CITypeCache.get(node)
+                relation_type = RelationType.get_by(only_query=True).join(
+                    CITypeRelation, CITypeRelation.relation_type_id == RelationType.id).filter(
+                    CITypeRelation.parent_id == src.id).filter(CITypeRelation.child_id == target.id).first()
+                relation_types[src.alias].update({target.alias: relation_type.name})
+
+                if src.id not in type2show_key:
+                    type2show_key[src.id] = AttributeCache.get(src.show_id or src.unique_id).name
+                if target.id not in type2show_key:
+                    type2show_key[target.id] = AttributeCache.get(target.show_id or target.unique_id).name
+
+        nodes = graph.nodes()
+
+        return level2type, list(nodes), relation_types, type2show_key
+
+    def _build_graph(self, source_ids, source_type_id, level2type, target_type_ids, acl):
+        type2filter_perms = dict()
+        if not self.is_app_admin:
+            res2 = acl.get_resources(ResourceTypeEnum.CI_FILTER)
+            if res2:
+                type2filter_perms = CIFilterPermsCRUD().get_by_ids(list(map(int, [i['name'] for i in res2])))
+
+        target_type_ids = set(target_type_ids)
+        graph = nx.DiGraph()
+        target_ids = []
+        key = [(str(i), source_type_id) for i in source_ids]
+        graph.add_nodes_from(key)
+        for level in level2type:
+            filter_type_ids = level2type[level]
+            id_filter_limit = dict()
+            for _type_id in filter_type_ids:
+                if type2filter_perms.get(_type_id):
+                    _id_filter_limit, _ = self._get_ci_filter(type2filter_perms[_type_id])
+                    id_filter_limit.update(_id_filter_limit)
+
+            has_target = filter_type_ids & target_type_ids
+
+            res = [json.loads(x).items() for x in [i or '{}' for i in rd.get([i[0] for i in key],
+                                                                             REDIS_PREFIX_CI_RELATION) or []]]
+            _key = []
+            for idx, _id in enumerate(key):
+                valid_targets = [i for i in res[idx] if i[1] in filter_type_ids and
+                                 (not id_filter_limit or int(i[0]) in id_filter_limit)]
+                _key.extend(valid_targets)
+                graph.add_edges_from(zip([_id] * len(valid_targets), valid_targets))
+
+            if has_target:
+                target_ids.extend([j[0] for i in res for j in i if j[1] in target_type_ids])
+
+            key = copy.deepcopy(_key)
+
+        return graph, target_ids
+
+    @staticmethod
+    def _find_paths(graph, source_ids, source_type_id, target_ids, valid_path, max_depth=6):
+        paths = []
+        for source_id in source_ids:
+            _paths = nx.all_simple_paths(graph,
+                                         source=(source_id, source_type_id),
+                                         target=target_ids,
+                                         cutoff=max_depth)
+            for __path in _paths:
+                if tuple([i[1] for i in __path]) in valid_path:
+                    paths.append([i[0] for i in __path])
+
+        return paths
+
+    @staticmethod
+    def _wrap_path_result(paths, types, valid_path, target_types, type2show_key):
+        ci_ids = [j for i in paths for j in i]
+
+        response, _, _, _, _, _ = SearchFromDB("_type:({})".format(";".join(map(str, types))),
+                                               use_ci_filter=False,
+                                               ci_ids=list(map(int, ci_ids)),
+                                               count=1000000).search()
+        id2ci = {str(i.get('_id')): i if i['_type'] in target_types else {
+            type2show_key[i['_type']]: i[type2show_key[i['_type']]],
+            "ci_type_alias": i["ci_type_alias"],
+            "_type": i["_type"],
+        } for i in response}
+
+        result = defaultdict(list)
+        counter = defaultdict(int)
+
+        for path in paths:
+            key = "-".join([id2ci.get(i, {}).get('ci_type_alias') or '' for i in path])
+            if tuple([id2ci.get(i, {}).get('_type') for i in path]) in valid_path:
+                counter[key] += 1
+                result[key].append(path)
+
+        return result, counter, id2ci
+
+    def search_by_path(self, source, target, path):
+        """
+
+        :param source: {type_id: id, q: expr}
+        :param target: {type_ids: [id], q: expr}
+        :param path: [source_type_id, ..., target_type_id], use type id
+        :return:
+        """
+        acl = ACLManager('cmdb')
+        if not self.is_app_admin:
+            res = {i['name'] for i in acl.get_resources(ResourceTypeEnum.CI_TYPE)}
+            for type_id in (source.get('type_id') and [source['type_id']] or []) + (target.get('type_ids') or []):
+                _type = CITypeCache.get(type_id)
+                if _type and _type.name not in res:
+                    return abort(403, ErrFormat.no_permission.format(_type.alias, PermEnum.READ))
+
+        target['type_ids'] = [i[-1] for i in path]
+        level2type, types, relation_types, type2show_key = self._path2level(
+            source.get('type_id'), target.get('type_ids'), path)
+        if not level2type:
+            return [], {}, 0, self.page, 0, {}, {}
+
+        source_ids = self._get_src_ids(source)
+
+        graph, target_ids = self._build_graph(source_ids, source['type_id'], level2type, target['type_ids'], acl)
+        target_ids = self._filter_target_ids(target_ids, target['type_ids'], target.get('q') or '')
+        paths = self._find_paths(graph,
+                                 source_ids,
+                                 source['type_id'],
+                                 set(target_ids),
+                                 {tuple(i): 1 for i in path})
+
+        numfound = len(paths)
+        paths = paths[(self.page - 1) * self.count:self.page * self.count]
+        response, counter, id2ci = self._wrap_path_result(paths,
+                                                          types,
+                                                          {tuple(i): 1 for i in path},
+                                                          set(target.get('type_ids') or []),
+                                                          type2show_key)
+        return response, counter, len(paths), self.page, numfound, id2ci, relation_types, type2show_key
--- a/cmdb-api/api/lib/cmdb/utils.py
+++ b/cmdb-api/api/lib/cmdb/utils.py
@@ -55,7 +55,6 @@ def str2datetime(x):
    return datetime.datetime.strptime(x, "%Y-%m-%d %H:%M")


-
 class ValueTypeMap(object):
    deserialize = {
        ValueTypeEnum.INT: string2int,
--- a/cmdb-api/api/lib/cmdb/value.py
+++ b/cmdb-api/api/lib/cmdb/value.py
@@ -3,7 +3,7 @@

 from __future__ import unicode_literals

-import imp
+import importlib.util

 import copy
 import jinja2
@@ -97,6 +97,8 @@ class AttributeValueManager(object):
        deserialize = ValueTypeMap.deserialize[value_type]
        try:
            v = deserialize(value)
+            if value_type in (ValueTypeEnum.DATE, ValueTypeEnum.DATETIME):
+                return str(v)
            return v
        except ValueDeserializeError as e:
            return abort(400, ErrFormat.attribute_value_invalid2.format(alias, e))
@@ -134,7 +136,7 @@ class AttributeValueManager(object):
        if not re.compile(expr).match(str(value)):
            return abort(400, ErrFormat.attribute_value_invalid2.format(alias, value))

-    def _validate(self, attr, value, value_table, ci=None, type_id=None, ci_id=None, type_attr=None):
+    def _validate(self, attr, value, value_table, ci=None, type_id=None, ci_id=None, type_attr=None, unique_name=None):
        if not attr.is_reference:
            ci = ci or {}
            v = self._deserialize_value(attr.alias, attr.value_type, value)
@@ -144,7 +146,7 @@ class AttributeValueManager(object):
        else:
            v = value or None

-        attr.is_unique and self._check_is_unique(
+        (attr.is_unique or attr.name == unique_name) and self._check_is_unique(
            value_table, attr, ci and ci.id or ci_id, ci and ci.type_id or type_id, v)
        self._check_is_required(ci and ci.type_id or type_id, attr, v, type_attr=type_attr)
        if attr.is_reference:
@@ -178,14 +180,15 @@ class AttributeValueManager(object):

    @staticmethod
    def _compute_attr_value_from_expr(expr, ci_dict):
-        t = jinja2.Template(expr).render(ci_dict)
-
        try:
-            return eval(t)
+            result = jinja2.Template(expr).render(ci_dict)
+            return result
        except Exception as e:
-            current_app.logger.warning(str(e))
-            return t
-
+            current_app.logger.warning(
+                f"Expression evaluation error - Expression: '{expr}'"
+                f"Input parameters: {ci_dict}, Error type: {type(e).__name__}, Error message: {str(e)}"
+            )
+            return None
    @staticmethod
    def _compute_attr_value_from_script(script, ci_dict):
        script = jinja2.Template(script).render(ci_dict)
@@ -196,11 +199,11 @@ class AttributeValueManager(object):

        try:
            path = script_f.name
-            dir_name, name = os.path.dirname(path), os.path.basename(path)[:-3]
+            name = os.path.basename(path)[:-3]

-            fp, path, desc = imp.find_module(name, [dir_name])
-
-            mod = imp.load_module(name, fp, path, desc)
+            spec = importlib.util.spec_from_file_location(name, path)
+            mod = importlib.util.module_from_spec(spec)
+            spec.loader.exec_module(mod)

            if hasattr(mod, 'computed'):
                return mod.computed()
@@ -235,7 +238,10 @@ class AttributeValueManager(object):
            if computed_value is not None:
                ci_dict[attr['name']] = computed_value

-    def valid_attr_value(self, ci_dict, type_id, ci_id, name2attr, alias2attr=None, ci_attr2type_attr=None):
+    def valid_attr_value(self, ci_dict, type_id, ci_id, name2attr,
+                         alias2attr=None,
+                         ci_attr2type_attr=None,
+                         unique_name=None):
        key2attr = dict()
        alias2attr = alias2attr or {}
        ci_attr2type_attr = ci_attr2type_attr or {}
@@ -266,7 +272,8 @@ class AttributeValueManager(object):

                else:
                    value = self._validate(attr, value, value_table, ci=None, type_id=type_id, ci_id=ci_id,
-                                           type_attr=ci_attr2type_attr.get(attr.id))
+                                           type_attr=ci_attr2type_attr.get(attr.id),
+                                           unique_name=unique_name)
                    ci_dict[key] = value
            except BadRequest as e:
                raise
--- a/cmdb-api/api/lib/common_setting/decorator.py
+++ b/cmdb-api/api/lib/common_setting/decorator.py
@@ -1,6 +1,6 @@
 import functools

-from flask import abort, session
+from flask import abort, session, current_app
 from api.lib.common_setting.acl import ACLManager
 from api.lib.common_setting.resp_format import ErrFormat
 from api.lib.perm.acl.acl import is_app_admin
@@ -15,6 +15,7 @@ def perms_role_required(app_name, resource_type_name, resource_name, perm, role_
            try:
                has_perms = acl.role_has_perms(session["acl"]['rid'], resource_name, resource_type_name, perm)
            except Exception as e:
+                current_app.logger.error(f"acl role_has_perms err: {e}")
                # resource_type not exist, continue check role
                if role_name:
                    if role_name not in session.get("acl", {}).get("parentRoles", []) and not is_app_admin(app_name):
--- a/cmdb-api/api/lib/common_setting/department.py
+++ b/cmdb-api/api/lib/common_setting/department.py
@@ -476,7 +476,7 @@ class EditDepartmentInACL(object):
        for employee in e_list:
            employee_acl_rid = employee.get('e_acl_rid')
            if employee_acl_rid == 0:
-                result.append(f"employee_acl_rid == 0")
+                result.append("employee_acl_rid == 0")
                continue
            cls.remove_single_employee_from_old_department(acl, employee, result)

@@ -501,8 +501,8 @@ class EditDepartmentInACL(object):
            acl.remove_user_from_role(employee.get('e_acl_rid'), payload)
            current_app.logger.info(f"remove {employee.get('e_acl_rid')} from {d_acl_rid}")
        except Exception as e:
-            result.append(
-                f"remove_user_from_role employee_acl_rid: {employee.get('e_acl_rid')}, parent_id: {d_acl_rid}, err: {e}")
+            err = f"remove_user_from_role e_acl_rid: {employee.get('e_acl_rid')}, parent_id: {d_acl_rid}, err: {e}"
+            result.append(err)

        return True

@@ -548,7 +548,7 @@ class EditDepartmentInACL(object):
        for employee in e_list:
            employee_acl_rid = employee.get('e_acl_rid')
            if employee_acl_rid == 0:
-                result.append(f"employee_acl_rid == 0")
+                result.append("employee_acl_rid == 0")
                continue

            cls.remove_single_employee_from_old_department(acl, employee, result)
--- a/cmdb-api/api/lib/common_setting/employee.py
+++ b/cmdb-api/api/lib/common_setting/employee.py
@@ -4,7 +4,7 @@ import traceback
 from datetime import datetime

 import requests
-from flask import abort
+from flask import abort, current_app
 from flask_login import current_user
 from sqlalchemy import or_, literal_column, func, not_, and_
 from werkzeug.datastructures import MultiDict
@@ -478,7 +478,7 @@ class EmployeeCRUD(object):
            Employee.deleted == 0,
            Employee.block == block,
        ]
-        if type(department_id) == list:
+        if isinstance(department_id, list):
            if len(department_id) == 0:
                return []
            else:
@@ -702,6 +702,7 @@ class EmployeeCRUD(object):
            try:
                last_login = datetime.strptime(last_login, '%Y-%m-%d %H:%M:%S')
            except Exception as e:
+                current_app.logger.error(f"strptime {last_login} err: {e}")
                last_login = datetime.now()
        else:
            last_login = datetime.now()
@@ -712,6 +713,7 @@ class EmployeeCRUD(object):
            )
            return last_login
        except Exception as e:
+            current_app.logger.error(f"update last_login err: {e}")
            return


--- a/cmdb-api/api/lib/common_setting/notice_config.py
+++ b/cmdb-api/api/lib/common_setting/notice_config.py
@@ -2,7 +2,7 @@ import requests

 from api.lib.common_setting.const import BotNameMap
 from api.lib.common_setting.resp_format import ErrFormat
-from api.models.common_setting import CompanyInfo, NoticeConfig
+from api.models.common_setting import NoticeConfig
 from wtforms import Form
 from wtforms import StringField
 from wtforms import validators
--- a/cmdb-api/api/lib/common_setting/role_perm_base.py
+++ b/cmdb-api/api/lib/common_setting/role_perm_base.py
@@ -48,11 +48,15 @@ class CMDBApp(BaseApp):
        {"page": "Model_Relationships", "page_cn": "模型关系", "perms": ["read"]},
        {"page": "Operation_Audit", "page_cn": "操作审计", "perms": ["read"]},
        {"page": "Relationship_Types", "page_cn": "关系类型", "perms": ["read"]},
-        {"page": "Auto_Discovery", "page_cn": "自动发现", "perms": ["read", "create_plugin", "update_plugin", "delete_plugin"]},
+        {"page": "Auto_Discovery", "page_cn": "自动发现",
+         "perms": ["read", "create_plugin", "update_plugin", "delete_plugin"]
+        },
        {"page": "TopologyView", "page_cn": "拓扑视图",
         "perms": ["read", "create_topology_group", "update_topology_group", "delete_topology_group",
                   "create_topology_view"],
         },
+        {"page": "IPAM", "page_cn": "IPAM", "perms": ["read"]},
+        {"page": "DCIM", "page_cn": "数据中心", "perms": ["read"]},
    ]

    def __init__(self):
--- a/cmdb-api/api/lib/mixin.py
+++ b/cmdb-api/api/lib/mixin.py
@@ -1,6 +1,7 @@
 # -*- coding:utf-8 -*-


+from flask import current_app
 from sqlalchemy import func

 from api.extensions import db
@@ -32,11 +33,21 @@ class DBMixin(object):

        for k in kwargs:
            if hasattr(cls.cls, k):
-                query = query.filter(getattr(cls.cls, k) == kwargs[k])
-                if count_query:
-                    _query = _query.filter(getattr(cls.cls, k) == kwargs[k])
+                if isinstance(kwargs[k], list):
+                    query = query.filter(getattr(cls.cls, k).in_(kwargs[k]))
+                    if count_query:
+                        _query = _query.filter(getattr(cls.cls, k).in_(kwargs[k]))
+                else:
+                    if "*" in str(kwargs[k]):
+                        query = query.filter(getattr(cls.cls, k).ilike(kwargs[k].replace('*', '%')))
+                        if count_query:
+                            _query = _query.filter(getattr(cls.cls, k).ilike(kwargs[k].replace('*', '%')))
+                    else:
+                        query = query.filter(getattr(cls.cls, k) == kwargs[k])
+                        if count_query:
+                            _query = _query.filter(getattr(cls.cls, k) == kwargs[k])

-        if reverse:
+        if reverse in current_app.config.get('BOOL_TRUE'):
            query = query.order_by(cls.cls.id.desc())

        if only_query and not count_query:
--- a/cmdb-api/api/lib/perm/acl/init.py
+++ b/cmdb-api/api/lib/perm/acl/init.py
@@ -6,7 +6,7 @@ from functools import wraps
 from flask import abort
 from flask import request

-from api.lib.perm.acl.cache import AppCache, AppAccessTokenCache
+from api.lib.perm.acl.cache import AppCache
 from api.lib.perm.acl.resp_format import ErrFormat


--- a/cmdb-api/api/lib/perm/acl/audit.py
+++ b/cmdb-api/api/lib/perm/acl/audit.py
@@ -376,7 +376,7 @@ class AuditCRUD(object):
                               origin=origin, current=current, extra=extra, source=source.value)

    @classmethod
-    def add_login_log(cls, username, is_ok, description, _id=None, logout_at=None):
+    def add_login_log(cls, username, is_ok, description, _id=None, logout_at=None, ip=None, browser=None):
        if _id is not None:
            existed = AuditLoginLog.get_by_id(_id)
            if existed is not None:
@@ -387,8 +387,9 @@ class AuditCRUD(object):
                       is_ok=is_ok,
                       description=description,
                       logout_at=logout_at,
-                       ip=request.headers.get('X-Real-IP') or request.remote_addr,
-                       browser=request.headers.get('User-Agent'),
+                       ip=(ip or request.headers.get('X-Forwarded-For') or
+                           request.headers.get('X-Real-IP') or request.remote_addr or '').split(',')[0],
+                       browser=browser or request.headers.get('User-Agent'),
                       channel=request.values.get('channel', 'web'),
                       )

--- a/cmdb-api/api/lib/perm/acl/cache.py
+++ b/cmdb-api/api/lib/perm/acl/cache.py
@@ -138,14 +138,14 @@ class HasResourceRoleCache(object):

    @classmethod
    def add(cls, rid, app_id):
-        with redis_lock.Lock(rd.r, 'HasResourceRoleCache'):
+        with redis_lock.Lock(rd.r, 'HasResourceRoleCache', expire=10):
            c = cls.get(app_id)
            c[rid] = 1
            cache.set(cls.PREFIX_KEY.format(app_id), c, timeout=0)

    @classmethod
    def remove(cls, rid, app_id):
-        with redis_lock.Lock(rd.r, 'HasResourceRoleCache'):
+        with redis_lock.Lock(rd.r, 'HasResourceRoleCache', expire=10):
            c = cls.get(app_id)
            c.pop(rid, None)
            cache.set(cls.PREFIX_KEY.format(app_id), c, timeout=0)
--- a/cmdb-api/api/lib/perm/acl/permission.py
+++ b/cmdb-api/api/lib/perm/acl/permission.py
@@ -71,7 +71,7 @@ class PermissionCRUD(object):

    @classmethod
    def get_all2(cls, resource_name, resource_type_name, app_id):
-        rt = ResourceType.get_by(name=resource_type_name, first=True, to_dict=False)
+        rt = ResourceType.get_by(name=resource_type_name, app_id=app_id, first=True, to_dict=False)
        rt or abort(404, ErrFormat.resource_type_not_found.format(resource_type_name))

        r = Resource.get_by(name=resource_name, resource_type_id=rt.id, app_id=app_id, first=True, to_dict=False)
--- a/cmdb-api/api/lib/perm/acl/role.py
+++ b/cmdb-api/api/lib/perm/acl/role.py
@@ -1,8 +1,5 @@
 # -*- coding:utf-8 -*-

-
-import time
-
 import redis_lock
 import six
 from flask import abort
@@ -145,7 +142,7 @@ class RoleRelationCRUD(object):

    @classmethod
    def add(cls, role, parent_id, child_ids, app_id):
-        with redis_lock.Lock(rd.r, "ROLE_RELATION_ADD"):
+        with redis_lock.Lock(rd.r, "ROLE_RELATION_ADD", expire=10):
            db.session.commit()

            result = []
--- a/cmdb-api/api/lib/utils.py
+++ b/cmdb-api/api/lib/utils.py
@@ -1,7 +1,6 @@
 # -*- coding:utf-8 -*- 

 import base64
-from typing import Set

 import elasticsearch
 import redis
--- a/cmdb-api/api/models/acl.py
+++ b/cmdb-api/api/models/acl.py
@@ -105,8 +105,8 @@ class User(CRUDModel, SoftDeleteMixin):
    _password = db.Column("password", db.String(80))
    key = db.Column(db.String(32), nullable=False)
    secret = db.Column(db.String(32), nullable=False)
-    date_joined = db.Column(db.DateTime, default=datetime.utcnow)
-    last_login = db.Column(db.DateTime, default=datetime.utcnow)
+    date_joined = db.Column(db.DateTime, default=datetime.now)
+    last_login = db.Column(db.DateTime, default=datetime.now)
    block = db.Column(db.Boolean, default=False)
    has_logined = db.Column(db.Boolean, default=False)
    wx_id = db.Column(db.String(32))
--- a/cmdb-api/api/models/cmdb.py
+++ b/cmdb-api/api/models/cmdb.py
@@ -253,6 +253,7 @@ class CI(Model):
    status = db.Column(db.Enum(*CIStatusEnum.all(), name="status"))
    heartbeat = db.Column(db.DateTime, default=lambda: datetime.datetime.now())
    is_auto_discovery = db.Column('a', db.Boolean, default=False)
+    updated_by = db.Column(db.String(64))

    ci_type = db.relationship("CIType", backref="c_cis.type_id")

@@ -475,6 +476,7 @@ class PreferenceShowAttributes(Model):
    uid = db.Column(db.Integer, index=True, nullable=False)
    type_id = db.Column(db.Integer, db.ForeignKey("c_ci_types.id"), nullable=False)
    attr_id = db.Column(db.Integer, db.ForeignKey("c_attributes.id"))
+    builtin_attr = db.Column(db.String(256), nullable=True)
    order = db.Column(db.SmallInteger, default=0)
    is_fixed = db.Column(db.Boolean, default=False)

@@ -523,6 +525,17 @@ class PreferenceCITypeOrder(Model):
    is_tree = db.Column(db.Boolean, default=False)  # True is tree view, False is resource view


+class PreferenceAutoSubscriptionConfig(Model):
+    __tablename__ = "c_pasc"
+
+    uid = db.Column(db.Integer, index=True, nullable=False, unique=True)
+    base_strategy = db.Column(db.Enum('all', 'none'), default='none', nullable=False)
+    group_ids = db.Column(db.JSON)
+    type_ids = db.Column(db.JSON)
+    enabled = db.Column(db.Boolean, default=True, nullable=False)
+    description = db.Column(db.Text)
+
+
 # custom
 class CustomDashboard(Model):
    __tablename__ = "c_c_d"
@@ -534,6 +547,7 @@ class CustomDashboard(Model):

    type_id = db.Column(db.Integer, db.ForeignKey('c_ci_types.id'))
    attr_id = db.Column(db.Integer, db.ForeignKey('c_attributes.id'))
+    builtin_attr = db.Column(db.String(256), nullable=True)
    level = db.Column(db.Integer)

    options = db.Column(db.JSON)
@@ -666,3 +680,52 @@ class InnerKV(Model):

    key = db.Column(db.String(128), index=True)
    value = db.Column(db.Text)
+
+
+class IPAMSubnetScan(Model):
+    __tablename__ = "c_ipam_subnet_scans"
+
+    ci_id = db.Column(db.Integer, index=True, nullable=False)
+    scan_enabled = db.Column(db.Boolean, default=True)
+    rule_updated_at = db.Column(db.DateTime)
+    last_scan_time = db.Column(db.DateTime)
+
+    # scan rules
+    agent_id = db.Column(db.String(8), index=True)
+    cron = db.Column(db.String(128))
+
+
+class IPAMSubnetScanHistory(Model2):
+    __tablename__ = "c_ipam_subnet_scan_histories"
+
+    subnet_scan_id = db.Column(db.Integer, index=True)
+    exec_id = db.Column(db.String(64), index=True)
+    cidr = db.Column(db.String(18), index=True)
+    start_at = db.Column(db.DateTime)
+    end_at = db.Column(db.DateTime)
+    status = db.Column(db.Integer, default=0)  # 0 is ok
+    stdout = db.Column(db.Text)
+    ip_num = db.Column(db.Integer)
+    ips = db.Column(db.JSON)  # keep only the last 10 records
+
+
+class IPAMOperationHistory(Model2):
+    __tablename__ = "c_ipam_operation_histories"
+
+    from api.lib.cmdb.ipam.const import OperateTypeEnum
+
+    uid = db.Column(db.Integer, index=True)
+    cidr = db.Column(db.String(18), index=True)
+    operate_type = db.Column(db.Enum(*OperateTypeEnum.all()))
+    description = db.Column(db.Text)
+
+
+class DCIMOperationHistory(Model2):
+    __tablename__ = "c_dcim_operation_histories"
+
+    from api.lib.cmdb.dcim.const import OperateTypeEnum
+
+    uid = db.Column(db.Integer, index=True)
+    rack_id = db.Column(db.Integer, index=True)
+    ci_id = db.Column(db.Integer, index=True)
+    operate_type = db.Column(db.Enum(*OperateTypeEnum.all()))
--- a/cmdb-api/api/tasks/acl.py
+++ b/cmdb-api/api/tasks/acl.py
@@ -32,7 +32,7 @@ from api.models.acl import Trigger
 def role_rebuild(rids, app_id):
    rids = rids if isinstance(rids, list) else [rids]
    for rid in rids:
-        with redis_lock.Lock(rd.r, "ROLE_REBUILD_{}_{}".format(rid, app_id)):
+        with redis_lock.Lock(rd.r, "ROLE_REBUILD_{}_{}".format(rid, app_id), expire=10):
            RoleRelationCache.rebuild(rid, app_id)

    current_app.logger.info("Role {0} App {1} rebuild..........".format(rids, app_id))
--- a/cmdb-api/api/tasks/cmdb.py
+++ b/cmdb-api/api/tasks/cmdb.py
@@ -1,10 +1,11 @@
-# -*- coding:utf-8 -*- 
+# -*- coding:utf-8 -*-


 import datetime
 import json
 import redis_lock
 from flask import current_app
+from flask import has_request_context
 from flask_login import login_user

 import api.lib.cmdb.ci
@@ -53,8 +54,9 @@ def ci_cache(ci_id, operate_type, record_id):
    current_app.logger.info("{0} flush..........".format(ci_id))

    if operate_type:
-        current_app.test_request_context().push()
-        login_user(UserCache.get('worker'))
+        if not has_request_context():
+            current_app.test_request_context().push()
+            login_user(UserCache.get('worker'))

        _, enum_map = CITypeAttributeManager.get_attr_names_label_enum(ci_dict.get('_type'))
        payload = dict()
@@ -143,7 +145,7 @@ def ci_delete_trigger(trigger, operate_type, ci_dict):
@flush_db
@reconnect_db
 def ci_relation_cache(parent_id, child_id, ancestor_ids):
-    with redis_lock.Lock(rd.r, "CIRelation_{}".format(parent_id)):
+    with redis_lock.Lock(rd.r, "CIRelation_{}".format(parent_id), expire=10):
        children = rd.get([parent_id], REDIS_PREFIX_CI_RELATION)[0]
        children = json.loads(children) if children is not None else {}

@@ -184,8 +186,9 @@ def ci_relation_add(parent_dict, child_id, uid):
    from api.lib.cmdb.search import SearchError
    from api.lib.cmdb.search.ci import search

-    current_app.test_request_context().push()
-    login_user(UserCache.get(uid))
+    if not has_request_context():
+        current_app.test_request_context().push()
+        login_user(UserCache.get(uid))

    for parent in parent_dict:
        parent_ci_type_name, _attr_name = parent.strip()[1:].split('.', 1)
@@ -220,7 +223,7 @@ def ci_relation_add(parent_dict, child_id, uid):
@celery.task(name="cmdb.ci_relation_delete", queue=CMDB_QUEUE)
@reconnect_db
 def ci_relation_delete(parent_id, child_id, ancestor_ids):
-    with redis_lock.Lock(rd.r, "CIRelation_{}".format(parent_id)):
+    with redis_lock.Lock(rd.r, "CIRelation_{}".format(parent_id), expire=10):
        children = rd.get([parent_id], REDIS_PREFIX_CI_RELATION)[0]
        children = json.loads(children) if children is not None else {}

@@ -272,8 +275,9 @@ def ci_type_attribute_order_rebuild(type_id, uid):
 def calc_computed_attribute(attr_id, uid):
    from api.lib.cmdb.ci import CIManager

-    current_app.test_request_context().push()
-    login_user(UserCache.get(uid))
+    if not has_request_context():
+        current_app.test_request_context().push()
+        login_user(UserCache.get(uid))

    cim = CIManager()
    for i in CITypeAttribute.get_by(attr_id=attr_id, to_dict=False):
@@ -370,3 +374,48 @@ def build_relations_for_ad_accept(adc, ci_id, ad_key2attr):
                                              source=RelationSourceEnum.AUTO_DISCOVERY)
                    except:
                        pass
+
+
+@celery.task(name="cmdb.add_net_device_ports", queue=CMDB_QUEUE)
+@reconnect_db
+def add_net_device_ports(ci_id, ports):
+    from api.lib.cmdb.ci import CIRelationManager
+    from api.lib.cmdb.ci import CIManager
+    from api.lib.cmdb.cache import CITypeCache
+
+    port_type = CITypeCache.get("net_port")
+    if not port_type:
+        current_app.logger.warning("CIType net port is not found")
+        return
+
+    for port in ports:
+        try:
+            port_id = CIManager.add(port_type.id, is_auto_discovery=True, _is_admin=True, **port)
+
+            CIRelationManager.add(ci_id, port_id,
+                                  valid=False,
+                                  source=RelationSourceEnum.AUTO_DISCOVERY)
+        except Exception as e:
+            current_app.logger.warning("add_net_device_ports failed: {}".format(e))
+            
+            
+@celery.task(name="cmdb.dcim_calc_u_free_count", queue=CMDB_QUEUE)
+@reconnect_db
+def dcim_calc_u_free_count():
+    from api.lib.cmdb.ci import CIManager
+    from api.lib.cmdb.dcim.rack import RackManager
+    from api.lib.cmdb.dcim.const import RackBuiltinAttributes
+
+    if not has_request_context():
+        current_app.test_request_context().push()
+        login_user(UserCache.get('worker'))
+
+    try:
+        rack_m = RackManager()
+    except Exception:
+        return
+
+    racks = CI.get_by(type_id=rack_m.type_id, to_dict=False)
+    for rack in racks:
+        payload = {RackBuiltinAttributes.FREE_U_COUNT: rack_m.calc_u_free_count(rack.id)}
+        CIManager().update(rack.id, **payload)
--- a/cmdb-api/api/translations/zh/LC_MESSAGES/messages.mo
+++ b/cmdb-api/api/translations/zh/LC_MESSAGES/messages.mo
--- a/cmdb-api/api/translations/zh/LC_MESSAGES/messages.po
+++ b/cmdb-api/api/translations/zh/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2024-08-20 13:47+0800\n"
+"POT-Creation-Date: 2024-11-26 18:54+0800\n"
 "PO-Revision-Date: 2023-12-25 20:21+0800\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language: zh\n"
@@ -92,6 +92,14 @@ msgstr "您没有操作权限!"
 msgid "Only the creator or administrator has permission!"
 msgstr "只有创建人或者管理员才有权限!"

+#: api/lib/cmdb/const.py:133
+msgid "Update Time"
+msgstr "更新时间"
+
+#: api/lib/cmdb/const.py:134
+msgid "Updated By"
+msgstr "更新人"
+
 #: api/lib/cmdb/resp_format.py:9
 msgid "CI Model"
 msgstr "模型配置"
@@ -474,11 +482,11 @@ msgstr "{}格式错误，应该为：%Y-%m-%d %H:%M:%S"

 #: api/lib/cmdb/resp_format.py:150
 msgid "CMDB data reconciliation results"
-msgstr ""
+msgstr "CMDB数据合规检查结果"

 #: api/lib/cmdb/resp_format.py:151
 msgid "Number of {} illegal: {}"
-msgstr ""
+msgstr "{} 不合规数: {}"

 #: api/lib/cmdb/resp_format.py:153
 msgid "Topology view {} already exists"
@@ -492,6 +500,62 @@ msgstr "拓扑视图分组 {} 已经存在"
 msgid "The group cannot be deleted because the topology view already exists"
 msgstr "因为该分组下定义了拓扑视图，不能删除"

+#: api/lib/cmdb/resp_format.py:158
+msgid "Both the source model and the target model must be selected"
+msgstr "源模型和目标模型不能为空!"
+
+#: api/lib/cmdb/resp_format.py:160
+msgid "The names of built-in models cannot be changed"
+msgstr "内置模型的名字不能修改"
+
+#: api/lib/cmdb/resp_format.py:162
+msgid "The subnet model {} does not exist"
+msgstr "子网模型 {} 不存在!"
+
+#: api/lib/cmdb/resp_format.py:163
+msgid "The IP Address model {} does not exist"
+msgstr "IP地址模型 {} 不存在!"
+
+#: api/lib/cmdb/resp_format.py:164
+msgid "CIDR {} is an invalid notation"
+msgstr "CIDR {} 写法不正确!"
+
+#: api/lib/cmdb/resp_format.py:165
+msgid "Invalid CIDR: {}, available subnets: {}"
+msgstr "无效的CIDR: {}, 可用的子网: {}"
+
+#: api/lib/cmdb/resp_format.py:166
+msgid "Invalid subnet prefix length: {}"
+msgstr "无效的子网前缀长度: {}"
+
+#: api/lib/cmdb/resp_format.py:167
+msgid "parent node cidr must be required"
+msgstr "必须要有父节点"
+
+#: api/lib/cmdb/resp_format.py:168
+msgid "{} and {} overlap"
+msgstr "{} 和 {} 有重叠"
+
+#: api/lib/cmdb/resp_format.py:169 api/lib/cmdb/resp_format.py:171
+msgid "Cannot delete because child nodes exist"
+msgstr "因为子节点已经存在，不能删除"
+
+#: api/lib/cmdb/resp_format.py:170
+msgid "Subnet is not found"
+msgstr "子网不存在"
+
+#: api/lib/cmdb/resp_format.py:174
+msgid "The dcim model {} does not exist"
+msgstr "DCIM模型 {} 不存在!"
+
+#: api/lib/cmdb/resp_format.py:175
+msgid "Irregularities in Rack Units"
+msgstr "机架U位异常!"
+
+#: api/lib/cmdb/resp_format.py:176
+msgid "The device's position is greater than the rack unit height"
+msgstr "有设备的位置大于机柜的U数!"
+
 #: api/lib/common_setting/resp_format.py:8
 msgid "Company info already existed"
 msgstr "公司信息已存在,无法创建!"
--- a/cmdb-api/api/views/acl/login.py
+++ b/cmdb-api/api/views/acl/login.py
@@ -1,7 +1,6 @@
 # -*- coding:utf-8 -*-

 import datetime
-
 import jwt
 import six
 from flask import abort
@@ -17,10 +16,12 @@ from api.lib.decorator import args_required
 from api.lib.decorator import args_validate
 from api.lib.perm.acl.acl import ACLManager
 from api.lib.perm.acl.audit import AuditCRUD
+from api.lib.perm.acl.cache import AppCache
 from api.lib.perm.acl.cache import RoleCache
 from api.lib.perm.acl.cache import User
 from api.lib.perm.acl.cache import UserCache
 from api.lib.perm.acl.resp_format import ErrFormat
+from api.lib.perm.acl.role import RoleRelationCRUD
 from api.lib.perm.auth import auth_abandoned
 from api.lib.perm.auth import auth_with_app_token
 from api.models.acl import Role
@@ -124,10 +125,17 @@ class AuthWithKeyView(APIView):
        if not user.get('username'):
            user['username'] = user.get('name')

-        return self.jsonify(user=user,
-                            authenticated=authenticated,
-                            rid=role and role.id,
-                            can_proxy=can_proxy)
+        result = dict(user=user,
+                      authenticated=authenticated,
+                      rid=role and role.id,
+                      can_proxy=can_proxy)
+
+        if request.values.get('need_parentRoles') in current_app.config.get('BOOL_TRUE'):
+            app_id = AppCache.get(request.values.get('app_id'))
+            parent_ids = RoleRelationCRUD.recursive_parent_ids(role and role.id, app_id and app_id.id)
+            result['user']['parentRoles'] = [RoleCache.get(rid).name for rid in set(parent_ids) if RoleCache.get(rid)]
+
+        return self.jsonify(result)


 class AuthWithTokenView(APIView):
@@ -184,6 +192,8 @@ class LogoutView(APIView):
    def post(self):
        logout_user()

-        AuditCRUD.add_login_log(None, None, None, _id=session.get('LOGIN_ID'), logout_at=datetime.datetime.now())
+        AuditCRUD.add_login_log(None, None, None,
+                                _id=session.get('LOGIN_ID') or request.values.get('LOGIN_ID'),
+                                logout_at=datetime.datetime.now())

        self.jsonify(code=200)
--- a/cmdb-api/api/views/acl/user.py
+++ b/cmdb-api/api/views/acl/user.py
@@ -11,6 +11,7 @@ from flask_login import current_user
 from api.lib.decorator import args_required
 from api.lib.decorator import args_validate
 from api.lib.perm.acl.acl import ACLManager
+from api.lib.perm.acl.acl import AuditCRUD
 from api.lib.perm.acl.acl import role_required
 from api.lib.perm.acl.cache import AppCache
 from api.lib.perm.acl.cache import UserCache
@@ -48,6 +49,13 @@ class GetUserInfoView(APIView):
                      role=dict(permissions=user_info.get('parents')),
                      avatar=user_info.get('avatar'))

+        if request.values.get('channel'):
+            _id = AuditCRUD.add_login_log(name, True, ErrFormat.login_succeed,
+                                          ip=request.values.get('ip'),
+                                          browser=request.values.get('browser'))
+            session['LOGIN_ID'] = _id
+            result['LOGIN_ID'] = _id
+
        current_app.logger.info("get user info for3: {}".format(result))
        return self.jsonify(result=result)

--- a/cmdb-api/api/views/cmdb/auto_discovery.py
+++ b/cmdb-api/api/views/cmdb/auto_discovery.py
@@ -24,11 +24,13 @@ from api.lib.cmdb.auto_discovery.const import PRIVILEGED_USERS
 from api.lib.cmdb.cache import AttributeCache
 from api.lib.cmdb.const import PermEnum
 from api.lib.cmdb.const import ResourceTypeEnum
+from api.lib.cmdb.ipam.subnet import SubnetManager
 from api.lib.cmdb.resp_format import ErrFormat
 from api.lib.cmdb.search import SearchError
 from api.lib.cmdb.search.ci import search as ci_search
 from api.lib.decorator import args_required
 from api.lib.decorator import args_validate
+from api.lib.exception import AbortException
 from api.lib.perm.acl.acl import has_perm_from_args
 from api.lib.utils import AESCrypto
 from api.lib.utils import get_page
@@ -293,9 +295,16 @@ class AutoDiscoveryRuleSyncView(APIView):

                return self.jsonify(rules=rules, last_update_at=last_update_at)

-        rules, last_update_at = AutoDiscoveryCITypeCRUD.get(None, oneagent_id, oneagent_name, last_update_at)
+        rules, last_update_at1 = AutoDiscoveryCITypeCRUD.get(None, oneagent_id, oneagent_name, last_update_at)

-        return self.jsonify(rules=rules, last_update_at=last_update_at)
+        try:
+            subnet_scan_rules, last_update_at2 = SubnetManager().scan_rules(oneagent_id, last_update_at)
+        except AbortException:
+            subnet_scan_rules, last_update_at2 = [], ""
+
+        return self.jsonify(rules=rules,
+                            subnet_scan_rules=subnet_scan_rules,
+                            last_update_at=max(last_update_at1 or "", last_update_at2 or ""))


 class AutoDiscoveryRuleSyncHistoryView(APIView):
--- a/cmdb-api/api/views/cmdb/ci_relation.py
+++ b/cmdb-api/api/views/cmdb/ci_relation.py
@@ -2,7 +2,6 @@


 import time
-
 from flask import abort
 from flask import current_app
 from flask import request
@@ -65,6 +64,42 @@ class CIRelationSearchView(APIView):
                            result=response)


+class CIRelationSearchPathView(APIView):
+    url_prefix = ("/ci_relations/path/s", "/ci_relations/path/search")
+
+    @args_required("source", "target", "path")
+    def post(self):
+        """@params: page: page number
+                    page_size | count: page size
+                    source: source CIType, e.g. {type_id: 1, q: `search expr`}
+                    target: target CIType, e.g. {type_ids: [2], q: `search expr`}
+                    path: Path from the Source CIType to the Target CIType, e.g. [1, ..., 2]
+        """
+
+        page = get_page(request.values.get("page", 1))
+        count = get_page_size(request.values.get("count") or request.values.get("page_size"))
+
+        source = request.values.get("source")
+        target = request.values.get("target")
+        path = request.values.get("path")
+
+        s = Search(page=page, count=count)
+        try:
+            (response, counter, total, page, numfound, id2ci,
+             relation_types, type2show_key) = s.search_by_path(source, target, path)
+        except SearchError as e:
+            return abort(400, str(e))
+
+        return self.jsonify(numfound=numfound,
+                            total=total,
+                            page=page,
+                            counter=counter,
+                            paths=response,
+                            id2ci=id2ci,
+                            relation_types=relation_types,
+                            type2show_key=type2show_key)
+
+
 class CIRelationStatisticsView(APIView):
    url_prefix = "/ci_relations/statistics"

--- a/cmdb-api/api/views/cmdb/ci_type.py
+++ b/cmdb-api/api/views/cmdb/ci_type.py
@@ -2,14 +2,14 @@


 import json
-from io import BytesIO
-
 from flask import abort
 from flask import current_app
 from flask import request
+from io import BytesIO

 from api.lib.cmdb.cache import AttributeCache
 from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.ci import CITriggerManager
 from api.lib.cmdb.ci_type import CITypeAttributeGroupManager
 from api.lib.cmdb.ci_type import CITypeAttributeManager
 from api.lib.cmdb.ci_type import CITypeGroupManager
@@ -64,9 +64,13 @@ class CITypeView(APIView):
                ci_type['unique_name'] = ci_type['unique_id'] and AttributeCache.get(ci_type['unique_id']).name
                ci_types.append(ci_type)
        elif type_name is not None:
-            ci_type = CITypeCache.get(type_name).to_dict()
-            ci_type['parent_ids'] = CITypeInheritanceManager.get_parents(ci_type['id'])
-            ci_types = [ci_type]
+            ci_type = CITypeCache.get(type_name)
+            if ci_type is not None:
+                ci_type = ci_type.to_dict()
+                ci_type['parent_ids'] = CITypeInheritanceManager.get_parents(ci_type['id'])
+                ci_types = [ci_type]
+            else:
+                ci_types = []
        else:
            ci_types = CITypeManager().get_ci_types(q)
        count = len(ci_types)
@@ -497,6 +501,16 @@ class CITypeTriggerView(APIView):
        return self.jsonify(code=200)


+class CITypeTriggerTestView(APIView):
+    url_prefix = ("/ci_types/<int:type_id>/triggers/<int:_id>/test_notify",)
+
+    @has_perm_from_args("type_id", ResourceTypeEnum.CI, PermEnum.CONFIG, CITypeManager.get_name_by_id)
+    def post(self, type_id, _id):
+        CITriggerManager().trigger_notify_test(type_id, _id)
+
+        return self.jsonify(code=200)
+
+
 class CITypeGrantView(APIView):
    url_prefix = "/ci_types/<int:type_id>/roles/<int:rid>/grant"

--- a/cmdb-api/api/views/cmdb/ci_type_relation.py
+++ b/cmdb-api/api/views/cmdb/ci_type_relation.py
@@ -8,7 +8,6 @@ from api.lib.cmdb.ci_type import CITypeManager
 from api.lib.cmdb.ci_type import CITypeRelationManager
 from api.lib.cmdb.const import PermEnum
 from api.lib.cmdb.const import ResourceTypeEnum
-from api.lib.cmdb.const import RoleEnum
 from api.lib.cmdb.preference import PreferenceManager
 from api.lib.cmdb.resp_format import ErrFormat
 from api.lib.common_setting.decorator import perms_role_required
@@ -17,7 +16,7 @@ from api.lib.decorator import args_required
 from api.lib.perm.acl.acl import ACLManager
 from api.lib.perm.acl.acl import has_perm_from_args
 from api.lib.perm.acl.acl import is_app_admin
-from api.lib.perm.acl.acl import role_required
+from api.lib.utils import handle_arg_list
 from api.resource import APIView

 app_cli = CMDBApp()
@@ -42,6 +41,19 @@ class GetParentsView(APIView):
        return self.jsonify(parents=CITypeRelationManager.get_parents(child_id))


+class CITypeRelationPathView(APIView):
+    url_prefix = ("/ci_type_relations/path",)
+
+    @args_required("source_type_id", "target_type_ids")
+    def get(self):
+        source_type_id = request.values.get("source_type_id")
+        target_type_ids = handle_arg_list(request.values.get("target_type_ids"))
+
+        paths = CITypeRelationManager.find_path(source_type_id, target_type_ids)
+
+        return self.jsonify(paths=paths)
+
+
 class CITypeRelationView(APIView):
    url_prefix = ("/ci_type_relations", "/ci_type_relations/<int:parent_id>/<int:child_id>")

--- a/cmdb-api/api/views/cmdb/dcim/init.py
+++ b/cmdb-api/api/views/cmdb/dcim/init.py
@@ -0,0 +1 @@
+# -*- coding:utf-8 -*-
--- a/cmdb-api/api/views/cmdb/dcim/dcim_history.py
+++ b/cmdb-api/api/views/cmdb/dcim/dcim_history.py
@@ -0,0 +1,30 @@
+# -*- coding:utf-8 -*-
+
+from flask import request
+
+from api.lib.cmdb.dcim.history import OperateHistoryManager
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.lib.utils import get_page
+from api.lib.utils import get_page_size
+from api.lib.utils import handle_arg_list
+from api.resource import APIView
+
+app_cli = CMDBApp()
+
+
+class DCIMOperateHistoryView(APIView):
+    url_prefix = ("/dcim/history/operate",)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def get(self):
+        page = get_page(request.values.pop("page", 1))
+        page_size = get_page_size(request.values.pop("page_size", None))
+        operate_type = handle_arg_list(request.values.pop('operate_type', []))
+        if operate_type:
+            request.values["operate_type"] = operate_type
+
+        numfound, result, id2ci, type2show_key = OperateHistoryManager.search(page, page_size, **request.values)
+
+        return self.jsonify(numfound=numfound, result=result, id2ci=id2ci, type2show_key=type2show_key)
--- a/cmdb-api/api/views/cmdb/dcim/idc.py
+++ b/cmdb-api/api/views/cmdb/dcim/idc.py
@@ -0,0 +1,35 @@
+# -*- coding:utf-8 -*-
+
+from flask import request
+
+from api.lib.cmdb.dcim.idc import IDCManager
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.resource import APIView
+
+app_cli = CMDBApp()
+
+
+class IDCView(APIView):
+    url_prefix = ("/dcim/idc", "/dcim/idc/<int:_id>")
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def post(self):
+        parent_id = request.values.pop("parent_id")
+
+        return self.jsonify(ci_id=IDCManager().add(parent_id, **request.values))
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def put(self, _id):
+        IDCManager().update(_id, **request.values)
+
+        return self.jsonify(ci_id=_id)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def delete(self, _id):
+        IDCManager().delete(_id)
+
+        return self.jsonify(ci_id=_id)
--- a/cmdb-api/api/views/cmdb/dcim/rack.py
+++ b/cmdb-api/api/views/cmdb/dcim/rack.py
@@ -0,0 +1,102 @@
+# -*- coding:utf-8 -*-
+
+from flask import request
+
+from api.lib.cmdb.const import CMDB_QUEUE
+from api.lib.cmdb.dcim.const import RackBuiltinAttributes
+from api.lib.cmdb.dcim.rack import RackManager
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.lib.decorator import args_required
+from api.resource import APIView
+from api.tasks.cmdb import dcim_calc_u_free_count
+
+app_cli = CMDBApp()
+
+
+class RackView(APIView):
+    url_prefix = ("/dcim/rack", "/dcim/rack/<int:_id>")
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    @args_required("parent_id")
+    def post(self):
+        parent_id = request.values.pop("parent_id")
+
+        return self.jsonify(ci_id=RackManager().add(parent_id, **request.values))
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def put(self, _id):
+        RackManager().update(_id, **request.values)
+
+        return self.jsonify(ci_id=_id)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def delete(self, _id):
+        RackManager().delete(_id)
+
+        return self.jsonify(ci_id=_id)
+
+
+class RackDetailView(APIView):
+    url_prefix = ("/dcim/rack/<int:rack_id>/device/<int:device_id>",)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    @args_required(RackBuiltinAttributes.U_START)
+    def post(self, rack_id, device_id):
+        u_start = request.values.pop(RackBuiltinAttributes.U_START)
+        u_count = request.values.get(RackBuiltinAttributes.U_COUNT)
+
+        RackManager().add_device(rack_id, device_id, u_start, u_count)
+
+        return self.jsonify(rack_id=rack_id, device_id=device_id)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    @args_required("to_u_start")
+    def put(self, rack_id, device_id):
+        to_u_start = request.values.pop("to_u_start")
+
+        RackManager().move_device(rack_id, device_id, to_u_start)
+
+        return self.jsonify(rack_id=rack_id, device_id=device_id, to_u_start=to_u_start)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def delete(self, rack_id, device_id):
+        RackManager().remove_device(rack_id, device_id)
+
+        return self.jsonify(code=200)
+
+
+class RackDeviceMigrateView(APIView):
+    url_prefix = ("/dcim/rack/<int:rack_id>/device/<int:device_id>/migrate",)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    @args_required("to_rack_id")
+    @args_required("to_u_start")
+    def put(self, rack_id, device_id):
+        to_rack_id = request.values.pop("to_rack_id")
+        to_u_start = request.values.pop("to_u_start")
+
+        RackManager().migrate_device(rack_id, device_id, to_rack_id, to_u_start)
+
+        return self.jsonify(rack_id=rack_id,
+                            device_id=device_id,
+                            to_u_start=to_u_start,
+                            to_rack_id=to_rack_id)
+
+
+class RackCalcUFreeCountView(APIView):
+    url_prefix = ("/dcim/rack/calc_u_free_count",)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def post(self):
+        dcim_calc_u_free_count.apply_async(queue=CMDB_QUEUE)
+
+        return self.jsonify(code=200)
--- a/cmdb-api/api/views/cmdb/dcim/region.py
+++ b/cmdb-api/api/views/cmdb/dcim/region.py
@@ -0,0 +1,33 @@
+# -*- coding:utf-8 -*-
+
+from flask import request
+
+from api.lib.cmdb.dcim.region import RegionManager
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.resource import APIView
+
+app_cli = CMDBApp()
+
+
+class RegionView(APIView):
+    url_prefix = ("/dcim/region", "/dcim/region/<int:_id>")
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def post(self):
+        return self.jsonify(ci_id=RegionManager().add(**request.values))
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def put(self, _id):
+        RegionManager().update(_id, **request.values)
+
+        return self.jsonify(ci_id=_id)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def delete(self, _id):
+        RegionManager().delete(_id)
+
+        return self.jsonify(ci_id=_id)
--- a/cmdb-api/api/views/cmdb/dcim/server_room.py
+++ b/cmdb-api/api/views/cmdb/dcim/server_room.py
@@ -0,0 +1,43 @@
+# -*- coding:utf-8 -*-
+
+from flask import request
+
+from api.lib.cmdb.dcim.server_room import ServerRoomManager
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.lib.decorator import args_required
+from api.resource import APIView
+
+app_cli = CMDBApp()
+
+
+class ServerRoomView(APIView):
+    url_prefix = ("/dcim/server_room", "/dcim/server_room/<int:_id>", "/dcim/server_room/<int:_id>/racks")
+
+    def get(self, _id):
+        q = request.values.get('q')
+        counter, result = ServerRoomManager.get_racks(_id, q)
+
+        return self.jsonify(counter=counter, result=result)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    @args_required("parent_id")
+    def post(self):
+        parent_id = request.values.pop("parent_id")
+
+        return self.jsonify(ci_id=ServerRoomManager().add(parent_id, **request.values))
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def put(self, _id):
+        ServerRoomManager().update(_id, **request.values)
+
+        return self.jsonify(ci_id=_id)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def delete(self, _id):
+        ServerRoomManager().delete(_id)
+
+        return self.jsonify(ci_id=_id)
--- a/cmdb-api/api/views/cmdb/dcim/tree_view.py
+++ b/cmdb-api/api/views/cmdb/dcim/tree_view.py
@@ -0,0 +1,19 @@
+# -*- coding:utf-8 -*-
+
+from api.lib.cmdb.dcim.tree_view import TreeViewManager
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.resource import APIView
+
+app_cli = CMDBApp()
+
+
+class DCIMTreeView(APIView):
+    url_prefix = "/dcim/tree_view"
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.DCIM,
+                         app_cli.op.read, app_cli.admin_name)
+    def get(self):
+        result, type2name = TreeViewManager.get()
+
+        return self.jsonify(result=result, type2name=type2name)
--- a/cmdb-api/api/views/cmdb/ipam/init.py
+++ b/cmdb-api/api/views/cmdb/ipam/init.py
@@ -0,0 +1 @@
+# -*- coding:utf-8 -*-
--- a/cmdb-api/api/views/cmdb/ipam/address.py
+++ b/cmdb-api/api/views/cmdb/ipam/address.py
@@ -0,0 +1,39 @@
+# -*- coding:utf-8 -*-
+
+from flask import request
+
+from api.lib.cmdb.ipam.address import IpAddressManager
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.lib.decorator import args_required
+from api.lib.utils import handle_arg_list
+from api.resource import APIView
+
+app_cli = CMDBApp()
+
+
+class IPAddressView(APIView):
+    url_prefix = ("/ipam/address",)
+
+    @args_required("parent_id")
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def get(self):
+        parent_id = request.args.get("parent_id")
+
+        numfound, result = IpAddressManager.list_ip_address(parent_id)
+
+        return self.jsonify(numfound=numfound, result=result)
+
+    @args_required("ips")
+    @args_required("assign_status", value_required=False)
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def post(self):
+        ips = handle_arg_list(request.values.pop("ips"))
+        parent_id = request.values.pop("parent_id", None)
+        cidr = request.values.pop("cidr", None)
+
+        IpAddressManager().assign_ips(ips, parent_id, cidr, **request.values)
+
+        return self.jsonify(code=200)
--- a/cmdb-api/api/views/cmdb/ipam/ipam_history.py
+++ b/cmdb-api/api/views/cmdb/ipam/ipam_history.py
@@ -0,0 +1,53 @@
+# -*- coding:utf-8 -*-
+
+from flask import request
+
+from api.lib.cmdb.ipam.history import OperateHistoryManager
+from api.lib.cmdb.ipam.history import ScanHistoryManager
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.lib.decorator import args_required
+from api.lib.utils import get_page
+from api.lib.utils import get_page_size
+from api.lib.utils import handle_arg_list
+from api.resource import APIView
+
+app_cli = CMDBApp()
+
+
+class IPAMOperateHistoryView(APIView):
+    url_prefix = ("/ipam/history/operate",)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def get(self):
+        page = get_page(request.values.pop("page", 1))
+        page_size = get_page_size(request.values.pop("page_size", None))
+        operate_type = handle_arg_list(request.values.pop('operate_type', []))
+        if operate_type:
+            request.values["operate_type"] = operate_type
+
+        numfound, result = OperateHistoryManager.search(page, page_size, **request.values)
+
+        return self.jsonify(numfound=numfound, result=result)
+
+
+class IPAMScanHistoryView(APIView):
+    url_prefix = ("/ipam/history/scan",)
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def get(self):
+        page = get_page(request.values.pop("page", 1))
+        page_size = get_page_size(request.values.pop("page_size", None))
+
+        numfound, result = ScanHistoryManager.search(page, page_size, **request.values)
+
+        return self.jsonify(numfound=numfound, result=result)
+
+    @args_required("exec_id")
+    def post(self):
+
+        ScanHistoryManager().add(**request.values)
+
+        return self.jsonify(code=200)
--- a/cmdb-api/api/views/cmdb/ipam/ipam_stats.py
+++ b/cmdb-api/api/views/cmdb/ipam/ipam_stats.py
@@ -0,0 +1,24 @@
+# -*- coding:utf-8 -*-
+
+
+from flask import request
+
+from api.lib.cmdb.ipam.stats import Stats
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.lib.decorator import args_required
+from api.resource import APIView
+
+app_cli = CMDBApp()
+
+
+class IPAMStatsView(APIView):
+    url_prefix = '/ipam/stats'
+
+    @args_required("parent_id")
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def get(self):
+        parent_id = request.values.get("parent_id")
+
+        return self.jsonify(Stats().summary(parent_id))
--- a/cmdb-api/api/views/cmdb/ipam/subnet.py
+++ b/cmdb-api/api/views/cmdb/ipam/subnet.py
@@ -0,0 +1,75 @@
+# -*- coding:utf-8 -*-
+
+from flask import request
+
+from api.lib.cmdb.ipam.subnet import SubnetManager
+from api.lib.cmdb.ipam.subnet import SubnetScopeManager
+from api.lib.common_setting.decorator import perms_role_required
+from api.lib.common_setting.role_perm_base import CMDBApp
+from api.lib.decorator import args_required
+from api.resource import APIView
+
+app_cli = CMDBApp()
+
+
+class SubnetView(APIView):
+    url_prefix = ("/ipam/subnet", "/ipam/subnet/hosts", "/ipam/subnet/<int:_id>")
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def get(self, _id=None):
+        if "hosts" in request.url:
+            return self.jsonify(SubnetManager.get_hosts(request.values.get('cidr')))
+
+        if _id is not None:
+            return self.jsonify(SubnetManager().get_by_id(_id))
+
+        result, type2name = SubnetManager().tree_view()
+
+        return self.jsonify(result=result, type2name=type2name)
+
+    @args_required("cidr")
+    @args_required("parent_id", value_required=False)
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def post(self):
+        cidr = request.values.pop("cidr")
+        parent_id = request.values.pop("parent_id")
+        agent_id = request.values.pop("agent_id", None)
+        cron = request.values.pop("cron", None)
+
+        return self.jsonify(SubnetManager().add(cidr, parent_id, agent_id, cron, **request.values))
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def put(self, _id):
+        return self.jsonify(id=SubnetManager().update(_id, **request.values))
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def delete(self, _id):
+        return self.jsonify(id=SubnetManager().delete(_id))
+
+
+class SubnetScopeView(APIView):
+    url_prefix = ("/ipam/scope", "/ipam/scope/<int:_id>")
+
+    @args_required("parent_id", value_required=False)
+    @args_required("name")
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def post(self):
+        parent_id = request.values.pop("parent_id")
+        name = request.values.pop("name")
+
+        return self.jsonify(SubnetScopeManager().add(parent_id, name))
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def put(self, _id):
+        return self.jsonify(id=SubnetScopeManager().update(_id, **request.values))
+
+    @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.IPAM,
+                         app_cli.op.read, app_cli.admin_name)
+    def delete(self, _id):
+        return self.jsonify(id=SubnetScopeManager.delete(_id))
--- a/cmdb-api/api/views/cmdb/preference.py
+++ b/cmdb-api/api/views/cmdb/preference.py
@@ -211,3 +211,59 @@ class PreferenceCITypeOrderView(APIView):
        PreferenceManager.upsert_ci_type_order(type_ids, is_tree)

        return self.jsonify(type_ids=type_ids, is_tree=is_tree)
+
+
+class PreferenceAutoSubscriptionView(APIView):
+    url_prefix = "/preference/auto_subscription"
+
+    def get(self):
+        config = PreferenceManager.get_auto_subscription_config()
+        return self.jsonify(config or {})
+
+    @args_required("base_strategy")
+    def put(self):
+        base_strategy = request.values.get("base_strategy")
+        group_ids = request.values.get("group_ids")
+        type_ids = request.values.get("type_ids")
+        enabled = request.values.get("enabled", 1) in current_app.config.get('BOOL_TRUE')
+        description = request.values.get("description")
+
+        if base_strategy not in ['all', 'none']:
+            return abort(400, "base_strategy must be 'all' or 'none'")
+
+        if group_ids:
+            try:
+                group_ids = [int(x) for x in group_ids.split(',') if x.strip()]
+            except ValueError:
+                return abort(400, "Invalid group_ids format")
+
+        if type_ids:
+            try:
+                type_ids = [int(x) for x in type_ids.split(',') if x.strip()]
+            except ValueError:
+                return abort(400, "Invalid type_ids format")
+
+        result = PreferenceManager.create_or_update_auto_subscription_config(
+            base_strategy=base_strategy,
+            group_ids=group_ids,
+            type_ids=type_ids,
+            enabled=enabled,
+            description=description
+        )
+
+        return self.jsonify(result.to_dict())
+
+    def delete(self):
+        PreferenceManager.delete_auto_subscription_config()
+        return self.jsonify(message="Auto subscription config deleted")
+
+
+class PreferenceAutoSubscriptionToggleView(APIView):
+    url_prefix = "/preference/auto_subscription/toggle"
+
+    @args_required("enabled")
+    def patch(self):
+        enabled = request.values.get("enabled") in current_app.config.get('BOOL_TRUE')
+
+        result = PreferenceManager.toggle_auto_subscription_config(enabled)
+        return self.jsonify(result.to_dict())
--- a/cmdb-api/api/views/common_setting/employee.py
+++ b/cmdb-api/api/views/common_setting/employee.py
@@ -131,7 +131,7 @@ class EmployeeChangePasswordWithACLID(APIView):
        if not password:
            abort(400, ErrFormat.password_is_required)

-        data = EmployeeCRUD.change_password_by_uid(_uid, password)
+        EmployeeCRUD.change_password_by_uid(_uid, password)
        return self.jsonify(200)


--- a/cmdb-api/api/views/common_setting/file_manage.py
+++ b/cmdb-api/api/views/common_setting/file_manage.py
@@ -6,7 +6,7 @@ import magic

 from api.lib.common_setting.const import MIMEExtMap
 from api.lib.common_setting.resp_format import ErrFormat
-from api.lib.common_setting.upload_file import allowed_file, generate_new_file_name, CommonFileCRUD
+from api.lib.common_setting.upload_file import generate_new_file_name, CommonFileCRUD
 from api.resource import APIView

 prefix = '/file'
--- a/cmdb-api/api/views/common_setting/system_language.py
+++ b/cmdb-api/api/views/common_setting/system_language.py
@@ -0,0 +1,37 @@
+import os
+
+from api.resource import APIView
+from api.lib.perm.auth import auth_abandoned
+
+prefix = "/system"
+
+
+class SystemLanguageView(APIView):
+    url_prefix = (f"{prefix}/language",)
+
+    method_decorators = []
+
+    @auth_abandoned
+    def get(self):
+        """Get system default language
+        Read from environment variable SYSTEM_DEFAULT_LANGUAGE, default to Chinese if not set
+        """
+        default_language = os.environ.get("SYSTEM_DEFAULT_LANGUAGE", "")
+
+        return self.jsonify(
+            {
+                "language": default_language,
+                "language_name": self._get_language_name(default_language),
+            }
+        )
+
+    def _get_language_name(self, language_code):
+        """Return language name based on language code"""
+        language_mapping = {
+            "zh-CN": "中文(简体)",
+            "zh-TW": "中文(繁体)",
+            "en-US": "English",
+            "ja-JP": "日本語",
+            "ko-KR": "한국어",
+        }
+        return language_mapping.get(language_code, "")
--- a/cmdb-api/requirements.txt
+++ b/cmdb-api/requirements.txt
@@ -16,7 +16,7 @@ Flask-Cors==4.0.0
 Flask-Login>=0.6.2
 Flask-Migrate==2.5.2
 Flask-RESTful==0.3.10
-Flask-SQLAlchemy==2.5.0
+Flask-SQLAlchemy==3.0.5
 future==0.18.3
 gunicorn==21.0.1
 hvac==2.0.0
@@ -56,3 +56,6 @@ colorama>=0.4.6
 lz4>=4.3.2
 python-magic==0.4.27
 jsonpath==0.82.2
+networkx>=3.1
+ipaddress>=1.0.23
+ruff==0.8.3
--- a/cmdb-api/settings.example.py
+++ b/cmdb-api/settings.example.py
@@ -39,9 +39,9 @@ SQLALCHEMY_ENGINE_OPTIONS = {

 # # cache
 CACHE_TYPE = 'redis'
-CACHE_REDIS_HOST = '127.0.0.1'
-CACHE_REDIS_PORT = 6379
-CACHE_REDIS_PASSWORD = ''
+CACHE_REDIS_HOST = env.str('CACHE_REDIS_HOST', default='redis')
+CACHE_REDIS_PORT = env.str('CACHE_REDIS_PORT', default='6379')
+CACHE_REDIS_PASSWORD = env.str('CACHE_REDIS_PASSWORD', default='')
 CACHE_KEY_PREFIX = 'CMDB::'
 CACHE_DEFAULT_TIMEOUT = 3000

--- a/cmdb-ui/babel.config.js
+++ b/cmdb-ui/babel.config.js
@@ -5,14 +5,6 @@ if (IS_PROD) {
  plugins.push('transform-remove-console')
 }

-// lazy load ant-design-vue
-// if your use import on Demand, Use this code
-// plugins.push(['import', {
-//   'libraryName': 'ant-design-vue',
-//   'libraryDirectory': 'es',
-//   'style': true // `style: true` 会加载 less 文件
-// }])
-
 module.exports = {
  presets: [
    '@vue/cli-plugin-babel/preset',
--- a/cmdb-ui/config/plugin.config.js
+++ b/cmdb-ui/config/plugin.config.js
@@ -2,7 +2,7 @@ const ThemeColorReplacer = require('webpack-theme-color-replacer')
 const generate = require('@ant-design/colors/lib/generate').default

 const getAntdSerials = (color) => {
-  // 淡化（即less的tint）
+  // Lighten (similar to less's tint)
  const lightens = new Array(9).fill().map((t, i) => {
    return ThemeColorReplacer.varyColor.lighten(color, i / 10)
  })
@@ -13,8 +13,8 @@ const getAntdSerials = (color) => {

 const themePluginOption = {
  fileName: 'css/theme-colors-[contenthash:8].css',
-  matchColors: getAntdSerials('#2f54eb'), // 主色系列
-  // 改变样式选择器，解决样式覆盖问题
+  matchColors: getAntdSerials('#2f54eb'), // primary color series
+  // change style selectors to solve style override issues
  changeSelector (selector) {
    switch (selector) {
      case '.ant-calendar-today .ant-calendar-date':
--- a/cmdb-ui/public/iconfont/demo_index.html
+++ b/cmdb-ui/public/iconfont/demo_index.html
--- a/cmdb-ui/public/iconfont/iconfont.css
+++ b/cmdb-ui/public/iconfont/iconfont.css
@@ -1,8 +1,8 @@
@font-face {
  font-family: "iconfont"; /* Project id 3857903 */
-  src: url('iconfont.woff2?t=1724653006782') format('woff2'),
-       url('iconfont.woff?t=1724653006782') format('woff'),
-       url('iconfont.ttf?t=1724653006782') format('truetype');
+  src: url('iconfont.woff2?t=1755240492206') format('woff2'),
+       url('iconfont.woff?t=1755240492206') format('woff'),
+       url('iconfont.ttf?t=1755240492206') format('truetype');
 }

 .iconfont {
@@ -13,6 +13,582 @@
  -moz-osx-font-smoothing: grayscale;
 }

+.auto:before {
+  content: "\ea28";
+}
+
+.oneterm-http:before {
+  content: "\ea26";
+}
+
+.oneterm-https:before {
+  content: "\ea27";
+}
+
+.ops-oneterm-access_period:before {
+  content: "\ea25";
+}
+
+.ops-oneterm-authorization:before {
+  content: "\ea24";
+}
+
+.onterm-symbolic_link:before {
+  content: "\ea23";
+}
+
+.oneterm-batch_execution:before {
+  content: "\ea20";
+}
+
+.ops-oneterm-file_log-selected:before {
+  content: "\ea21";
+}
+
+.ops-oneterm-file_log:before {
+  content: "\ea22";
+}
+
+.file:before {
+  content: "\ea1f";
+}
+
+.folder1:before {
+  content: "\ea1e";
+}
+
+.a-mongoDB1:before {
+  content: "\ea1b";
+}
+
+.a-postgreSQL1:before {
+  content: "\ea1c";
+}
+
+.a-telnet1:before {
+  content: "\ea1d";
+}
+
+.ops-oneterm-command_interception1:before {
+  content: "\ea17";
+}
+
+.quick_commands:before {
+  content: "\ea18";
+}
+
+.terminal_settings:before {
+  content: "\ea19";
+}
+
+.basic_settings:before {
+  content: "\ea1a";
+}
+
+.ops-oneterm-asset-management:before {
+  content: "\ea16";
+}
+
+.ai-seek:before {
+  content: "\ea15";
+}
+
+.ai-hate1:before {
+  content: "\ea13";
+}
+
+.ai-like1:before {
+  content: "\ea14";
+}
+
+.ai-like2:before {
+  content: "\ea11";
+}
+
+.ai-hate2:before {
+  content: "\ea12";
+}
+
+.ai-top_up:before {
+  content: "\ea10";
+}
+
+.ai-top_down:before {
+  content: "\ea0f";
+}
+
+.autoflow-script:before {
+  content: "\ea0d";
+}
+
+.autoflow-dag:before {
+  content: "\ea0e";
+}
+
+.itsm-default_line:before {
+  content: "\ea0c";
+}
+
+.veops-servicetree:before {
+  content: "\ea0b";
+}
+
+.veops-switch1:before {
+  content: "\ea0a";
+}
+
+.veops-label:before {
+  content: "\ea09";
+}
+
+.top_acl:before {
+  content: "\ea08";
+}
+
+.top_ticket:before {
+  content: "\ea06";
+}
+
+.top_agent:before {
+  content: "\ea07";
+}
+
+.itsm-table_download:before {
+  content: "\ea05";
+}
+
+.itsm-image_download:before {
+  content: "\ea04";
+}
+
+.veops-rear:before {
+  content: "\ea02";
+}
+
+.veops-front:before {
+  content: "\ea03";
+}
+
+.veops-xianggang:before {
+  content: "\ea01";
+}
+
+.a-veops-device2:before {
+  content: "\ea00";
+}
+
+.a-veops-room1:before {
+  content: "\e9ff";
+}
+
+.veops-IDC:before {
+  content: "\e9fe";
+}
+
+.veops-region:before {
+  content: "\e9fd";
+}
+
+.veops-device:before {
+  content: "\e9fb";
+}
+
+.veops-cabinet:before {
+  content: "\e9fc";
+}
+
+.veops-data_center:before {
+  content: "\e9f9";
+}
+
+.ops-setting-holidays:before {
+  content: "\e9fa";
+}
+
+.ops-itsm-logs:before {
+  content: "\e9f8";
+}
+
+.ops-setting-workday:before {
+  content: "\e9f6";
+}
+
+.ops-setting-holiday:before {
+  content: "\e9f7";
+}
+
+.ops-setting-festival:before {
+  content: "\e9f5";
+}
+
+.itsm-calc:before {
+  content: "\e9f4";
+}
+
+.itsm-reports_4:before {
+  content: "\e9f3";
+}
+
+.veops-folder:before {
+  content: "\e9f2";
+}
+
+.veops-entire_network_:before {
+  content: "\e9f1";
+}
+
+.veops-subnet:before {
+  content: "\e9f0";
+}
+
+.veops-map_view:before {
+  content: "\e9ef";
+}
+
+.veops-recycle:before {
+  content: "\e9ee";
+}
+
+.veops-catalog:before {
+  content: "\e9ed";
+}
+
+.veops-ipam:before {
+  content: "\e9ec";
+}
+
+.cmdb-calc:before {
+  content: "\e9eb";
+}
+
+.ai-users:before {
+  content: "\e9ea";
+}
+
+.ai-tokens:before {
+  content: "\e9e9";
+}
+
+.oneterm-mysql:before {
+  content: "\e9e8";
+}
+
+.oneterm-redis:before {
+  content: "\e9e7";
+}
+
+.veops-sign_out:before {
+  content: "\e9e6";
+}
+
+.veops-company:before {
+  content: "\e9e5";
+}
+
+.veops-emails:before {
+  content: "\e9e4";
+}
+
+.veops-switch:before {
+  content: "\e9e3";
+}
+
+.qiyeweixin:before {
+  content: "\e9e2";
+}
+
+.veops-progress:before {
+  content: "\e9e1";
+}
+
+.veops-completed:before {
+  content: "\e9e0";
+}
+
+.itsm-ticketTime:before {
+  content: "\e9df";
+}
+
+.veops-notification:before {
+  content: "\e9dc";
+}
+
+.a-veops-account1:before {
+  content: "\e9dd";
+}
+
+.veops-personal:before {
+  content: "\e9de";
+}
+
+.itsm-customer_satisfaction2:before {
+  content: "\e9da";
+}
+
+.itsm-over2:before {
+  content: "\e9db";
+}
+
+.veops-search1:before {
+  content: "\e9d9";
+}
+
+.itsm-customer_satisfaction:before {
+  content: "\e9d8";
+}
+
+.itsm-over:before {
+  content: "\e9d7";
+}
+
+.itsm-request:before {
+  content: "\e9d6";
+}
+
+.itsm-release:before {
+  content: "\e9d5";
+}
+
+.veops-link:before {
+  content: "\e9d4";
+}
+
+.oneterm-command_record:before {
+  content: "\e9d3";
+}
+
+.ai-question:before {
+  content: "\e9d2";
+}
+
+.ai-sending:before {
+  content: "\e9d1";
+}
+
+.ai-dialogue:before {
+  content: "\e9d0";
+}
+
+.ai-report2:before {
+  content: "\e9cf";
+}
+
+.ai-delete:before {
+  content: "\e9cd";
+}
+
+.caise-knowledge:before {
+  content: "\e9ce";
+}
+
+.ai-article:before {
+  content: "\e9cc";
+}
+
+.ai-model_setup1:before {
+  content: "\e9cb";
+}
+
+.ai-report:before {
+  content: "\e9ca";
+}
+
+.ai-customer_service:before {
+  content: "\e9c9";
+}
+
+.oneterm-connect1:before {
+  content: "\e9c6";
+}
+
+.oneterm-session1:before {
+  content: "\e9c7";
+}
+
+.oneterm-assets:before {
+  content: "\e9c8";
+}
+
+.a-oneterm-ssh1:before {
+  content: "\e9c3";
+}
+
+.a-oneterm-ssh2:before {
+  content: "\e9c4";
+}
+
+.oneterm-rdp:before {
+  content: "\e9c5";
+}
+
+.caise-websphere:before {
+  content: "\e9c2";
+}
+
+.caise-vps:before {
+  content: "\e9c1";
+}
+
+.caise-F5:before {
+  content: "\e9c0";
+}
+
+.caise-HAProxy:before {
+  content: "\e9bf";
+}
+
+.caise-JBoss:before {
+  content: "\e9be";
+}
+
+.caise-dongfangtong:before {
+  content: "\e9bd";
+}
+
+.caise-kafka:before {
+  content: "\e9b7";
+}
+
+.caise-weblogic:before {
+  content: "\e9b8";
+}
+
+.caise-TDSQL:before {
+  content: "\e9b9";
+}
+
+.caise-kingbase:before {
+  content: "\e9ba";
+}
+
+.caise-dameng:before {
+  content: "\e9bb";
+}
+
+.caise-TIDB:before {
+  content: "\e9bc";
+}
+
+.veops-expand:before {
+  content: "\e9b6";
+}
+
+.caise-public_cloud:before {
+  content: "\e9b1";
+}
+
+.caise-system:before {
+  content: "\e9b2";
+}
+
+.caise-IPAM:before {
+  content: "\e9b3";
+}
+
+.caise-hyperV:before {
+  content: "\e9b4";
+}
+
+.caise-data_center2:before {
+  content: "\e9b5";
+}
+
+.caise-hardware:before {
+  content: "\e9ad";
+}
+
+.caise-computer:before {
+  content: "\e9ae";
+}
+
+.caise-network_devices:before {
+  content: "\e9af";
+}
+
+.caise-storage_device:before {
+  content: "\e9b0";
+}
+
+.caise-load_balancing:before {
+  content: "\e9ab";
+}
+
+.caise-message_queue:before {
+  content: "\e9ac";
+}
+
+.caise-websever:before {
+  content: "\e9aa";
+}
+
+.caise-middleware:before {
+  content: "\e9a9";
+}
+
+.caise-database:before {
+  content: "\e9a7";
+}
+
+.caise-business:before {
+  content: "\e9a8";
+}
+
+.caise-virtualization:before {
+  content: "\e9a6";
+}
+
+.caise-storage_pool:before {
+  content: "\e9a4";
+}
+
+.caise-storage_volume1:before {
+  content: "\e9a5";
+}
+
+.ciase-aix:before {
+  content: "\e9a3";
+}
+
+.caise_pool:before {
+  content: "\e99b";
+}
+
+.caise-ip_address:before {
+  content: "\e99c";
+}
+
+.caise-computer_room:before {
+  content: "\e99d";
+}
+
+.caise-rack:before {
+  content: "\e99e";
+}
+
+.caise-pc:before {
+  content: "\e99f";
+}
+
+.caise-bandwidth_line:before {
+  content: "\e9a0";
+}
+
+.caise-fiber:before {
+  content: "\e9a1";
+}
+
+.caise-disk_array:before {
+  content: "\e9a2";
+}
+
+.veops-group:before {
+  content: "\e99a";
+}
+
+.veops-inheritance:before {
+  content: "\e999";
+}
+
 .veops-department:before {
  content: "\e998";
 }
@@ -641,11 +1217,11 @@
  content: "\e914";
 }

-.itsm-duration:before {
+.itsm-reports_3:before {
  content: "\e913";
 }

-.itsm-workload:before {
+.itsm-reports_2:before {
  content: "\e912";
 }

--- a/cmdb-ui/public/iconfont/iconfont.js
+++ b/cmdb-ui/public/iconfont/iconfont.js
--- a/cmdb-ui/public/iconfont/iconfont.json
+++ b/cmdb-ui/public/iconfont/iconfont.json
--- a/cmdb-ui/public/iconfont/iconfont.ttf
+++ b/cmdb-ui/public/iconfont/iconfont.ttf
--- a/cmdb-ui/public/iconfont/iconfont.woff
+++ b/cmdb-ui/public/iconfont/iconfont.woff
--- a/cmdb-ui/public/iconfont/iconfont.woff2
+++ b/cmdb-ui/public/iconfont/iconfont.woff2
--- a/cmdb-ui/public/index.html
+++ b/cmdb-ui/public/index.html
@@ -1,7 +1,6 @@
 <!DOCTYPE html>
 <html lang="zh-cmn-Hans">
  <head>
-
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width,initial-scale=1.0">
@@ -12,17 +11,19 @@
    <% for (var i in htmlWebpackPlugin.options.cdn && htmlWebpackPlugin.options.cdn.css) { %>
    <link rel="stylesheet" href="<%= htmlWebpackPlugin.options.cdn.css[i] %>" />
    <% } %>
-     <script>
-
-      const userAgent = navigator.userAgent
+    <script>
+      const userAgent = navigator.userAgent
      const isEdge = userAgent.indexOf("Edge") > -1
-      const isChrome = userAgent.indexOf("Chrome") > -1 && userAgent.indexOf("Safari") > -1 && !isEdge
-      if (!isChrome) {
-        alert("推荐使用Chrome浏览器， 其他环境下未做严格测试！")
+      const isChrome = userAgent.indexOf("Chrome") > -1 && userAgent.indexOf("Safari") > -1 && !isEdge
+      const lang = (navigator.language || navigator.userLanguage || '').toLowerCase()
+      if (!isChrome) {
+        if (lang.startsWith('zh')) {
+          alert("推荐使用Chrome浏览器，其他环境下未做严格测试！");
+        } else {
+          alert("It is recommended to use Chrome browser. Other environments are not strictly tested!");
+        }
      }
-
    </script>
-
  </head>
  <body>
    <noscript>
@@ -30,10 +31,10 @@
    </noscript>
    <div id="app">
      <div id="loading-mask">
-          <div class="loading-wrapper">
-            <span class="loading-dot loading-dot-spin"><i></i><i></i><i></i><i></i></span>
-          </div>
+        <div class="loading-wrapper">
+          <span class="loading-dot loading-dot-spin"><i></i><i></i><i></i><i></i></span>
        </div>
+      </div>
    </div>
    <!-- require cdn assets js -->
    <% for (var i in htmlWebpackPlugin.options.cdn && htmlWebpackPlugin.options.cdn.js) { %>
--- a/cmdb-ui/src/App.vue
+++ b/cmdb-ui/src/App.vue
@@ -12,6 +12,7 @@ import zhCN from 'ant-design-vue/lib/locale-provider/zh_CN'
 import enUS from 'ant-design-vue/lib/locale-provider/en_US'
 import { AppDeviceEnquire } from '@/utils/mixin'
 import { debounce } from './utils/util'
+import { getSystemLanguage } from '@/api/system.js'

 import { h } from 'snabbdom'
 import { DomEditor, Boot } from '@wangeditor/editor'
@@ -45,8 +46,7 @@ export default {
    },
  },
  created() {
-    this.SET_LOCALE(localStorage.getItem('ops_locale') || 'zh')
-    this.$i18n.locale = localStorage.getItem('ops_locale') || 'zh'
+    this.initLanguage()
    this.timer = setInterval(() => {
      this.setTime(new Date().getTime())
    }, 1000)
@@ -60,133 +60,7 @@ export default {
      })
    )

-    // 注册富文本自定义元素
-    const resume = {
-      type: 'attachment',
-      attachmentLabel: '',
-      attachmentValue: '',
-      children: [{ text: '' }], // void 元素必须有一个 children ，其中只有一个空字符串，重要！！！
-    }
-
-    function withAttachment(editor) {
-      // JS 语法
-      const { isInline, isVoid } = editor
-      const newEditor = editor
-
-      newEditor.isInline = (elem) => {
-        const type = DomEditor.getNodeType(elem)
-        if (type === 'attachment') return true // 针对 type: attachment ，设置为 inline
-        return isInline(elem)
-      }
-
-      newEditor.isVoid = (elem) => {
-        const type = DomEditor.getNodeType(elem)
-        if (type === 'attachment') return true // 针对 type: attachment ，设置为 void
-        return isVoid(elem)
-      }
-
-      return newEditor // 返回 newEditor ，重要！！！
-    }
-    Boot.registerPlugin(withAttachment)
-    /**
-     * 渲染“附件”元素到编辑器
-     * @param elem 附件元素，即上文的 myResume
-     * @param children 元素子节点，void 元素可忽略
-     * @param editor 编辑器实例
-     * @returns vnode 节点（通过 snabbdom.js 的 h 函数生成）
-     */
-    function renderAttachment(elem, children, editor) {
-      // JS 语法
-
-      // 获取“附件”的数据，参考上文 myResume 数据结构
-      const { attachmentLabel = '', attachmentValue = '' } = elem
-
-      // 附件元素 vnode
-      const attachVnode = h(
-        // HTML tag
-        'span',
-        // HTML 属性、样式、事件
-        {
-          props: { contentEditable: false }, // HTML 属性，驼峰式写法
-          style: {
-            display: 'inline-block',
-            margin: '0 3px',
-            padding: '0 3px',
-            backgroundColor: '#e6f7ff',
-            border: '1px solid #91d5ff',
-            borderRadius: '2px',
-            color: '#1890ff',
-          }, // style ，驼峰式写法
-          on: {
-            click() {
-              console.log('clicked', attachmentValue)
-            } /* 其他... */,
-          },
-        },
-        // 子节点
-        [attachmentLabel]
-      )
-
-      return attachVnode
-    }
-    const renderElemConf = {
-      type: 'attachment', // 新元素 type ，重要！！！
-      renderElem: renderAttachment,
-    }
-    Boot.registerRenderElem(renderElemConf)
-
-    /**
-     * 生成“附件”元素的 HTML
-     * @param elem 附件元素，即上文的 myResume
-     * @param childrenHtml 子节点的 HTML 代码，void 元素可忽略
-     * @returns “附件”元素的 HTML 字符串
-     */
-    function attachmentToHtml(elem, childrenHtml) {
-      // JS 语法
-
-      // 获取附件元素的数据
-      const { attachmentValue = '', attachmentLabel = '' } = elem
-
-      // 生成 HTML 代码
-      const html = `<span data-w-e-type="attachment" data-w-e-is-void data-w-e-is-inline data-attachmentValue="${attachmentValue}" data-attachmentLabel="${attachmentLabel}">${attachmentLabel}</span>`
-
-      return html
-    }
-    const elemToHtmlConf = {
-      type: 'attachment', // 新元素的 type ，重要！！！
-      elemToHtml: attachmentToHtml,
-    }
-    Boot.registerElemToHtml(elemToHtmlConf)
-
-    /**
-     * 解析 HTML 字符串，生成“附件”元素
-     * @param domElem HTML 对应的 DOM Element
-     * @param children 子节点
-     * @param editor editor 实例
-     * @returns “附件”元素，如上文的 myResume
-     */
-    function parseAttachmentHtml(domElem, children, editor) {
-      // JS 语法
-
-      // 从 DOM element 中获取“附件”的信息
-      const attachmentValue = domElem.getAttribute('data-attachmentValue') || ''
-      const attachmentLabel = domElem.getAttribute('data-attachmentLabel') || ''
-
-      // 生成“附件”元素（按照此前约定的数据结构）
-      const myResume = {
-        type: 'attachment',
-        attachmentValue,
-        attachmentLabel,
-        children: [{ text: '' }], // void node 必须有 children ，其中有一个空字符串，重要！！！
-      }
-
-      return myResume
-    }
-    const parseHtmlConf = {
-      selector: 'span[data-w-e-type="attachment"]', // CSS 选择器，匹配特定的 HTML 标签
-      parseElemHtml: parseAttachmentHtml,
-    }
-    Boot.registerParseElemHtml(parseHtmlConf)
+    this.handleEditor()
  },
  beforeDestroy() {
    clearInterval(this.timer)
@@ -200,6 +74,141 @@ export default {
        this.alive = true
      })
    },
+    async initLanguage() {
+      let saveLocale = localStorage.getItem('ops_locale')
+      if (!saveLocale) {
+        let requestLanguage = ''
+        try {
+          const languageRes = await getSystemLanguage()
+          requestLanguage = languageRes?.language || ''
+        } catch (e) {
+          console.error('getSystemLanguage error:', e)
+        }
+
+        // request language variable || user local system language
+        const userLanguage = requestLanguage || navigator.language || navigator.userLanguage
+        if (userLanguage.includes('zh')) {
+          saveLocale = 'zh'
+        } else {
+          saveLocale = 'en'
+        }
+      }
+      this.SET_LOCALE(saveLocale)
+      this.$i18n.locale = saveLocale
+    },
+
+    handleEditor() {
+      // register custom rich text element: attachment
+      function withAttachment(editor) {
+        const { isInline, isVoid } = editor
+        const newEditor = editor
+
+        newEditor.isInline = (elem) => {
+          const type = DomEditor.getNodeType(elem)
+          if (type === 'attachment') return true // For type: attachment, set to inline
+          return isInline(elem)
+        }
+
+        newEditor.isVoid = (elem) => {
+          const type = DomEditor.getNodeType(elem)
+          if (type === 'attachment') return true // For type: attachment ，set to void
+          return isVoid(elem)
+        }
+
+        return newEditor // Must return, important!!!
+      }
+      Boot.registerPlugin(withAttachment)
+      /**
+       * Render "attachment" element in editor
+       * @param elem Attachment element
+       * @param children Child nodes (ignored for void elements)
+       * @param editor Editor instance
+       * @returns vnode (generated by snabbdom's h function)
+       */
+      function renderAttachment(elem, children, editor) {
+        const { attachmentLabel = '', attachmentValue = '' } = elem
+
+        const attachVnode = h(
+          // HTML tag
+          'span',
+          // HTML attr, style, event
+          {
+            props: { contentEditable: false },
+            style: {
+              display: 'inline-block',
+              margin: '0 3px',
+              padding: '0 3px',
+              backgroundColor: '#e6f7ff',
+              border: '1px solid #91d5ff',
+              borderRadius: '2px',
+              color: '#1890ff',
+            },
+            on: {
+              click() {
+                console.log('clicked', attachmentValue)
+              }
+            },
+          },
+          // child node
+          [attachmentLabel]
+        )
+
+        return attachVnode
+      }
+      const renderElemConf = {
+        type: 'attachment',
+        renderElem: renderAttachment,
+      }
+      Boot.registerRenderElem(renderElemConf)
+
+      /**
+       * Generate HTML for "attachment" element
+       * @param elem Attachment element
+       * @param childrenHtml Child HTML (ignored for void elements)
+       * @returns HTML string
+       */
+      function attachmentToHtml(elem, childrenHtml) {
+        // Getting data for attached elements
+        const { attachmentValue = '', attachmentLabel = '' } = elem
+
+        // generate HTML
+        const html = `<span data-w-e-type="attachment" data-w-e-is-void data-w-e-is-inline data-attachmentValue="${attachmentValue}" data-attachmentLabel="${attachmentLabel}">${attachmentLabel}</span>`
+
+        return html
+      }
+      const elemToHtmlConf = {
+        type: 'attachment',
+        elemToHtml: attachmentToHtml,
+      }
+      Boot.registerElemToHtml(elemToHtmlConf)
+
+      /**
+       * Parse HTML to generate "attachment" element
+       * @param domElem DOM element
+       * @param children Children
+       * @param editor Editor instance
+       * @returns Attachment element
+       */
+      function parseAttachmentHtml(domElem, children, editor) {
+        // Getting “attachment” information from DOM element
+        const attachmentValue = domElem.getAttribute('data-attachmentValue') || ''
+        const attachmentLabel = domElem.getAttribute('data-attachmentLabel') || ''
+
+        const myResume = {
+          type: 'attachment',
+          attachmentValue,
+          attachmentLabel,
+          children: [{ text: '' }], // The void node must have children with an empty string in it, important!!!!
+        }
+
+        return myResume
+      }
+      const parseHtmlConf = {
+        selector: 'span[data-w-e-type="attachment"]', // CSS selector to match specific HTML tags
+        parseElemHtml: parseAttachmentHtml,
+      }
+      Boot.registerParseElemHtml(parseHtmlConf)
+    }
  },
 }
 </script>
--- a/cmdb-ui/src/api/system.js
+++ b/cmdb-ui/src/api/system.js
@@ -0,0 +1,8 @@
+import { axios } from '@/utils/request'
+
+export function getSystemLanguage() {
+  return axios({
+    url: '/common-setting/v1/system/language',
+    method: 'get',
+  })
+}
--- a/cmdb-ui/src/assets/login_bg.png
+++ b/cmdb-ui/src/assets/login_bg.png
--- a/cmdb-ui/src/components/CMDBFilterComp/constants.js
+++ b/cmdb-ui/src/components/CMDBFilterComp/constants.js
@@ -1,41 +1,40 @@
-import i18n from '@/lang'
-
-export const ruleTypeList = () => {
-    return [
-        { value: 'and', label: i18n.t('cmdbFilterComp.and') },
-        { value: 'or', label: i18n.t('cmdbFilterComp.or') },
-        // { value: 'not', label: '非' },
-    ]
-}
-
-export const expList = () => {
-    return [
-        { value: 'is', label: i18n.t('cmdbFilterComp.is') },
-        { value: '~is', label: i18n.t('cmdbFilterComp.~is') },
-        { value: 'contain', label: i18n.t('cmdbFilterComp.contain') },
-        { value: '~contain', label: i18n.t('cmdbFilterComp.~contain') },
-        { value: 'start_with', label: i18n.t('cmdbFilterComp.start_with') },
-        { value: '~start_with', label: i18n.t('cmdbFilterComp.~start_with') },
-        { value: 'end_with', label: i18n.t('cmdbFilterComp.end_with') },
-        { value: '~end_with', label: i18n.t('cmdbFilterComp.~end_with') },
-        { value: '~value', label: i18n.t('cmdbFilterComp.~value') }, // 为空的定义有点绕
-        { value: 'value', label: i18n.t('cmdbFilterComp.value') },
-    ]
-}
-
-export const advancedExpList = () => {
-    return [
-        { value: 'in', label: i18n.t('cmdbFilterComp.in') },
-        { value: '~in', label: i18n.t('cmdbFilterComp.~in') },
-        { value: 'range', label: i18n.t('cmdbFilterComp.range') },
-        { value: '~range', label: i18n.t('cmdbFilterComp.~range') },
-        { value: 'compare', label: i18n.t('cmdbFilterComp.compare') },
-    ]
-}
-
-export const compareTypeList = [
-    { value: '1', label: '>' },
-    { value: '2', label: '>=' },
-    { value: '3', label: '<' },
-    { value: '4', label: '<=' },
-]
+import i18n from '@/lang'
+
+export const ruleTypeList = () => {
+    return [
+        { value: 'and', label: i18n.t('cmdbFilterComp.and') },
+        { value: 'or', label: i18n.t('cmdbFilterComp.or') },
+    ]
+}
+
+export const expList = () => {
+    return [
+        { value: 'is', label: i18n.t('cmdbFilterComp.is') },
+        { value: '~is', label: i18n.t('cmdbFilterComp.~is') },
+        { value: 'contain', label: i18n.t('cmdbFilterComp.contain') },
+        { value: '~contain', label: i18n.t('cmdbFilterComp.~contain') },
+        { value: 'start_with', label: i18n.t('cmdbFilterComp.start_with') },
+        { value: '~start_with', label: i18n.t('cmdbFilterComp.~start_with') },
+        { value: 'end_with', label: i18n.t('cmdbFilterComp.end_with') },
+        { value: '~end_with', label: i18n.t('cmdbFilterComp.~end_with') },
+        { value: '~value', label: i18n.t('cmdbFilterComp.~value') },
+        { value: 'value', label: i18n.t('cmdbFilterComp.value') },
+    ]
+}
+
+export const advancedExpList = () => {
+    return [
+        { value: 'in', label: i18n.t('cmdbFilterComp.in') },
+        { value: '~in', label: i18n.t('cmdbFilterComp.~in') },
+        { value: 'range', label: i18n.t('cmdbFilterComp.range') },
+        { value: '~range', label: i18n.t('cmdbFilterComp.~range') },
+        { value: 'compare', label: i18n.t('cmdbFilterComp.compare') },
+    ]
+}
+
+export const compareTypeList = [
+    { value: '1', label: '>' },
+    { value: '2', label: '>=' },
+    { value: '3', label: '<' },
+    { value: '4', label: '<=' },
+]
--- a/cmdb-ui/src/components/CMDBFilterComp/expression.vue
+++ b/cmdb-ui/src/components/CMDBFilterComp/expression.vue
@@ -106,7 +106,7 @@
      <CIReferenceAttr
        v-if="getAttr(item.property).is_reference && (item.exp === 'is' || item.exp === '~is')"
        :style="{ width: '175px' }"
-        class="select-filter-component"
+        class="select-filter-component ops-select-bg"
        :referenceTypeId="getAttr(item.property).reference_type_id"
        :disabled="disabled"
        v-model="item.value"
@@ -114,7 +114,7 @@
      <a-select
        v-else-if="getAttr(item.property).is_bool && (item.exp === 'is' || item.exp === '~is')"
        v-model="item.value"
-        class="select-filter-component"
+        class="select-filter-component ops-select-bg"
        :style="{ width: '175px' }"
        :disabled="disabled"
        :placeholder="$t('placeholder2')"
@@ -139,9 +139,9 @@
        :normalizer="
          (node) => {
            return {
-              id: String(node[0] || ''),
-              label: node[1] ? node[1].label || node[0] : node[0],
-              children: node.children && node.children.length ? node.children : undefined,
+              id: node.id,
+              label: node.label,
+              children: node.children,
            }
          }
        "
@@ -301,7 +301,7 @@ export default {
          return [
            { value: 'is', label: this.$t('cmdbFilterComp.is') },
            { value: '~is', label: this.$t('cmdbFilterComp.~is') },
-            { value: '~value', label: this.$t('cmdbFilterComp.~value') }, // 为空的定义有点绕
+            { value: '~value', label: this.$t('cmdbFilterComp.~value') },
            { value: 'value', label: this.$t('cmdbFilterComp.value') },
          ]
        }
@@ -352,8 +352,12 @@ export default {
    },
    getChoiceValueByProperty(property) {
      const _find = this.canSearchPreferenceAttrList.find((item) => item.name === property)
-      if (_find) {
-        return _find.choice_value
+      if (_find?.choice_value?.length) {
+        return _find.choice_value.map((node) => ({
+          id: String(node?.[0] ?? ''),
+          label: node?.[1]?.label || node?.[0] || '',
+          children: node?.children?.length ? node.children : undefined
+        }))
      }
      return []
    },
@@ -394,7 +398,6 @@ export default {

  /deep/ .ant-select-selection {
    height: 24px;
-    background: #f7f8fa;
    line-height: 24px;
    border: none;

--- a/cmdb-ui/src/components/CMDBFilterComp/index.vue
+++ b/cmdb-ui/src/components/CMDBFilterComp/index.vue
@@ -1,302 +1,304 @@
-<template>
-  <div>
-    <a-popover
-      v-if="isDropdown"
-      v-model="visible"
-      trigger="click"
-      :placement="placement"
-      overlayClassName="table-filter"
-      @visibleChange="visibleChange"
-    >
-      <slot name="popover_item">
-        <a-button type="primary" ghost>{{ $t('cmdbFilterComp.conditionFilter') }}<a-icon type="filter"/></a-button>
-      </slot>
-      <template slot="content">
-        <Expression
-          :needAddHere="needAddHere"
-          v-model="ruleList"
-          :canSearchPreferenceAttrList="canSearchPreferenceAttrList.filter((attr) => !attr.is_password)"
-          :disabled="disabled"
-        />
-        <a-divider :style="{ margin: '10px 0' }" />
-        <div style="width:554px">
-          <a-space :style="{ display: 'flex', justifyContent: 'flex-end' }">
-            <a-button type="primary" size="small" @click="handleSubmit">{{ $t('confirm') }}</a-button>
-            <a-button size="small" @click="handleClear">{{ $t('clear') }}</a-button>
-          </a-space>
-        </div>
-      </template>
-    </a-popover>
-    <Expression
-      :needAddHere="needAddHere"
-      v-else
-      v-model="ruleList"
-      :canSearchPreferenceAttrList="canSearchPreferenceAttrList.filter((attr) => !attr.is_password)"
-      :disabled="disabled"
-    />
-  </div>
-</template>
-
-<script>
-import { v4 as uuidv4 } from 'uuid'
-import Expression from './expression.vue'
-import { advancedExpList, compareTypeList } from './constants'
-
-export default {
-  name: 'FilterComp',
-  components: { Expression },
-  props: {
-    canSearchPreferenceAttrList: {
-      type: Array,
-      required: true,
-      default: () => [],
-    },
-    expression: {
-      type: String,
-      default: '',
-    },
-    regQ: {
-      type: String,
-      default: '(?<=q=).+(?=&)|(?<=q=).+$',
-    },
-    placement: {
-      type: String,
-      default: 'bottomRight',
-    },
-    isDropdown: {
-      type: Boolean,
-      default: true,
-    },
-    needAddHere: {
-      type: Boolean,
-      default: false,
-    },
-    disabled: {
-      type: Boolean,
-      default: false,
-    },
-  },
-  data() {
-    return {
-      advancedExpList,
-      compareTypeList,
-      visible: false,
-      ruleList: [],
-      filterExp: '',
-    }
-  },
-
-  methods: {
-    visibleChange(open, isInitOne = true) {
-      // isInitOne  初始化exp为空时，ruleList是否默认给一条
-      //   const regQ = /(?<=q=).+(?=&)|(?<=q=).+$/g
-      const exp = this.expression.match(new RegExp(this.regQ, 'g'))
-        ? this.expression.match(new RegExp(this.regQ, 'g'))[0]
-        : null
-      if (open && exp) {
-        const expArray = exp.split(',').map((item) => {
-          let has_not = ''
-          const key = item.split(':')[0]
-          const val = item
-            .split(':')
-            .slice(1)
-            .join(':')
-          let type, property, exp, value, min, max, compareType
-          if (key.includes('-')) {
-            type = 'or'
-            if (key.includes('~')) {
-              property = key.substring(2)
-              has_not = '~'
-            } else {
-              property = key.substring(1)
-            }
-          } else {
-            type = 'and'
-            if (key.includes('~')) {
-              property = key.substring(1)
-              has_not = '~'
-            } else {
-              property = key
-            }
-          }
-
-          const in_reg = /(?<=\().+(?=\))/g
-          const range_reg = /(?<=\[).+(?=\])/g
-          const compare_reg = /(?<=>=|<=|>(?!=)|<(?!=)).+/
-          if (val === '*') {
-            exp = has_not + 'value'
-            value = ''
-          } else if (in_reg.test(val)) {
-            exp = has_not + 'in'
-            value = val.match(in_reg)[0]
-          } else if (range_reg.test(val)) {
-            exp = has_not + 'range'
-            value = val.match(range_reg)[0]
-            min = value.split('_TO_')[0]
-            max = value.split('_TO_')[1]
-          } else if (compare_reg.test(val)) {
-            exp = has_not + 'compare'
-            value = val.match(compare_reg)[0]
-            const _compareType = val.substring(0, val.match(compare_reg)['index'])
-            const idx = compareTypeList.findIndex((item) => item.label === _compareType)
-            compareType = compareTypeList[idx].value
-          } else if (!val.includes('*')) {
-            exp = has_not + 'is'
-            value = val
-          } else {
-            const resList = [
-              ['contain', /(?<=\*).*(?=\*)/g],
-              ['end_with', /(?<=\*).+/g],
-              ['start_with', /.+(?=\*)/g],
-            ]
-            for (let i = 0; i < 3; i++) {
-              const reg = resList[i]
-              if (reg[1].test(val)) {
-                exp = has_not + reg[0]
-                value = val.match(reg[1])[0]
-                break
-              }
-            }
-          }
-          return {
-            id: uuidv4(),
-            type,
-            property,
-            exp,
-            value,
-            min,
-            max,
-            compareType,
-          }
-        })
-        this.ruleList = [...expArray]
-      } else if (open) {
-        const _canSearchPreferenceAttrList = this.canSearchPreferenceAttrList.filter((attr) => !attr.is_password)
-        this.ruleList = isInitOne
-          ? [
-              {
-                id: uuidv4(),
-                type: 'and',
-                property:
-                  _canSearchPreferenceAttrList && _canSearchPreferenceAttrList.length
-                    ? _canSearchPreferenceAttrList[0].name
-                    : undefined,
-                exp: 'is',
-                value: null,
-              },
-            ]
-          : []
-      }
-    },
-    handleClear() {
-      this.ruleList = [
-        {
-          id: uuidv4(),
-          type: 'and',
-          property: this.canSearchPreferenceAttrList[0].name,
-          exp: 'is',
-          value: null,
-        },
-      ]
-      this.filterExp = ''
-      this.visible = false
-      this.$emit('setExpFromFilter', this.filterExp)
-    },
-    handleSubmit() {
-      if (this.ruleList && this.ruleList.length) {
-        this.ruleList[0].type = 'and' // 增删后，以防万一第一个不是and
-        this.filterExp = ''
-        const expList = this.ruleList.map((rule) => {
-          let singleRuleExp = ''
-          let _exp = rule.exp
-          if (rule.type === 'or') {
-            singleRuleExp += '-'
-          }
-          if (rule.exp.includes('~')) {
-            singleRuleExp += '~'
-            _exp = rule.exp.split('~')[1]
-          }
-          singleRuleExp += `${rule.property}:`
-          if (_exp === 'is') {
-            singleRuleExp += `${rule.value ?? ''}`
-          }
-          if (_exp === 'contain') {
-            singleRuleExp += `*${rule.value ?? ''}*`
-          }
-          if (_exp === 'start_with') {
-            singleRuleExp += `${rule.value ?? ''}*`
-          }
-          if (_exp === 'end_with') {
-            singleRuleExp += `*${rule.value ?? ''}`
-          }
-          if (_exp === 'value') {
-            singleRuleExp += `*`
-          }
-          if (_exp === 'in') {
-            singleRuleExp += `(${rule.value ?? ''})`
-          }
-          if (_exp === 'range') {
-            singleRuleExp += `[${rule.min}_TO_${rule.max}]`
-          }
-          if (_exp === 'compare') {
-            const idx = compareTypeList.findIndex((item) => item.value === rule.compareType)
-            singleRuleExp += `${compareTypeList[idx].label}${rule.value ?? ''}`
-          }
-          return singleRuleExp
-        })
-        this.filterExp = expList.join(',')
-        this.$emit('setExpFromFilter', this.filterExp)
-      } else {
-        this.$emit('setExpFromFilter', '')
-      }
-      this.visible = false
-    },
-  },
-}
-</script>
-
-<style lang="less" scoped>
-.table-filter {
-  .table-filter-add {
-    margin-top: 10px;
-    & > a {
-      padding: 2px 8px;
-      &:hover {
-        background-color: #f0faff;
-        border-radius: 5px;
-      }
-    }
-  }
-  .table-filter-extra-icon {
-    padding: 0px 2px;
-    &:hover {
-      display: inline-block;
-      border-radius: 5px;
-      background-color: #f0faff;
-    }
-  }
-}
-</style>
-
-<style lang="less">
-.table-filter-extra-operation {
-  .ant-popover-inner-content {
-    padding: 3px 4px;
-    .operation {
-      cursor: pointer;
-      width: 90px;
-      height: 30px;
-      line-height: 30px;
-      padding: 3px 4px;
-      border-radius: 5px;
-      transition: all 0.3s;
-      &:hover {
-        background-color: #f0faff;
-      }
-      > .anticon {
-        margin-right: 10px;
-      }
-    }
-  }
-}
-</style>
+<template>
+  <div>
+    <a-popover
+      v-if="isDropdown"
+      v-model="visible"
+      trigger="click"
+      :placement="placement"
+      overlayClassName="table-filter"
+      @visibleChange="visibleChange"
+    >
+      <slot name="popover_item">
+        <a-button type="primary" ghost>{{ $t('cmdbFilterComp.conditionFilter') }}<a-icon type="filter"/></a-button>
+      </slot>
+      <template slot="content">
+        <Expression
+          :needAddHere="needAddHere"
+          v-model="ruleList"
+          :canSearchPreferenceAttrList="canSearchPreferenceAttrList.filter((attr) => !attr.is_password)"
+          :disabled="disabled"
+        />
+        <a-divider :style="{ margin: '10px 0' }" />
+        <div style="width:554px">
+          <a-space :style="{ display: 'flex', justifyContent: 'flex-end' }">
+            <a-button type="primary" size="small" @click="handleSubmit">{{ $t('confirm') }}</a-button>
+            <a-button size="small" @click="handleClear">{{ $t('clear') }}</a-button>
+          </a-space>
+        </div>
+      </template>
+    </a-popover>
+    <Expression
+      :needAddHere="needAddHere"
+      v-else
+      v-model="ruleList"
+      :canSearchPreferenceAttrList="canSearchPreferenceAttrList.filter((attr) => !attr.is_password)"
+      :disabled="disabled"
+    />
+  </div>
+</template>
+
+<script>
+import { v4 as uuidv4 } from 'uuid'
+import Expression from './expression.vue'
+import { advancedExpList, compareTypeList } from './constants'
+
+export default {
+  name: 'FilterComp',
+  components: { Expression },
+  props: {
+    canSearchPreferenceAttrList: {
+      type: Array,
+      required: true,
+      default: () => [],
+    },
+    expression: {
+      type: String,
+      default: '',
+    },
+    regQ: {
+      type: String,
+      default: '(?<=q=).+(?=&)|(?<=q=).+$',
+    },
+    placement: {
+      type: String,
+      default: 'bottomRight',
+    },
+    isDropdown: {
+      type: Boolean,
+      default: true,
+    },
+    needAddHere: {
+      type: Boolean,
+      default: false,
+    },
+    disabled: {
+      type: Boolean,
+      default: false,
+    },
+  },
+  data() {
+    return {
+      advancedExpList,
+      compareTypeList,
+      visible: false,
+      ruleList: [],
+      filterExp: '',
+    }
+  },
+
+  methods: {
+    /**
+     * @param isInitOne When the initialization exp is null, does the ruleList default to giving one
+     */
+    visibleChange(open, isInitOne = true) {
+      // const regQ = /(?<=q=).+(?=&)|(?<=q=).+$/g
+      const exp = this.expression.match(new RegExp(this.regQ, 'g'))
+        ? this.expression.match(new RegExp(this.regQ, 'g'))[0]
+        : null
+      if (open && exp) {
+        const expArray = exp.split(',').map((item) => {
+          let has_not = ''
+          const key = item.split(':')[0]
+          const val = item
+            .split(':')
+            .slice(1)
+            .join(':')
+          let type, property, exp, value, min, max, compareType
+          if (key.includes('-')) {
+            type = 'or'
+            if (key.includes('~')) {
+              property = key.substring(2)
+              has_not = '~'
+            } else {
+              property = key.substring(1)
+            }
+          } else {
+            type = 'and'
+            if (key.includes('~')) {
+              property = key.substring(1)
+              has_not = '~'
+            } else {
+              property = key
+            }
+          }
+
+          const in_reg = /(?<=\().+(?=\))/g
+          const range_reg = /(?<=\[).+(?=\])/g
+          const compare_reg = /(?<=>=|<=|>(?!=)|<(?!=)).+/
+          if (val === '*') {
+            exp = has_not + 'value'
+            value = ''
+          } else if (in_reg.test(val)) {
+            exp = has_not + 'in'
+            value = val.match(in_reg)[0]
+          } else if (range_reg.test(val)) {
+            exp = has_not + 'range'
+            value = val.match(range_reg)[0]
+            min = value.split('_TO_')[0]
+            max = value.split('_TO_')[1]
+          } else if (compare_reg.test(val)) {
+            exp = has_not + 'compare'
+            value = val.match(compare_reg)[0]
+            const _compareType = val.substring(0, val.match(compare_reg)['index'])
+            const idx = compareTypeList.findIndex((item) => item.label === _compareType)
+            compareType = compareTypeList[idx].value
+          } else if (!val.includes('*')) {
+            exp = has_not + 'is'
+            value = val
+          } else {
+            const resList = [
+              ['contain', /(?<=\*).*(?=\*)/g],
+              ['end_with', /(?<=\*).+/g],
+              ['start_with', /.+(?=\*)/g],
+            ]
+            for (let i = 0; i < 3; i++) {
+              const reg = resList[i]
+              if (reg[1].test(val)) {
+                exp = has_not + reg[0]
+                value = val.match(reg[1])[0]
+                break
+              }
+            }
+          }
+          return {
+            id: uuidv4(),
+            type,
+            property,
+            exp,
+            value,
+            min,
+            max,
+            compareType,
+          }
+        })
+        this.ruleList = [...expArray]
+      } else if (open) {
+        const _canSearchPreferenceAttrList = this.canSearchPreferenceAttrList.filter((attr) => !attr.is_password)
+        this.ruleList = isInitOne
+          ? [
+              {
+                id: uuidv4(),
+                type: 'and',
+                property:
+                  _canSearchPreferenceAttrList && _canSearchPreferenceAttrList.length
+                    ? _canSearchPreferenceAttrList[0].name
+                    : undefined,
+                exp: 'is',
+                value: null,
+              },
+            ]
+          : []
+      }
+    },
+    handleClear() {
+      this.ruleList = [
+        {
+          id: uuidv4(),
+          type: 'and',
+          property: this.canSearchPreferenceAttrList[0].name,
+          exp: 'is',
+          value: null,
+        },
+      ]
+      this.filterExp = ''
+      this.visible = false
+      this.$emit('setExpFromFilter', this.filterExp)
+    },
+    handleSubmit() {
+      if (this.ruleList && this.ruleList.length) {
+        this.ruleList[0].type = 'and' // after add/delete, just in case the first one is not 'and'
+        this.filterExp = ''
+        const expList = this.ruleList.map((rule) => {
+          let singleRuleExp = ''
+          let _exp = rule.exp
+          if (rule.type === 'or') {
+            singleRuleExp += '-'
+          }
+          if (rule.exp.includes('~')) {
+            singleRuleExp += '~'
+            _exp = rule.exp.split('~')[1]
+          }
+          singleRuleExp += `${rule.property}:`
+          if (_exp === 'is') {
+            singleRuleExp += `${rule.value ?? ''}`
+          }
+          if (_exp === 'contain') {
+            singleRuleExp += `*${rule.value ?? ''}*`
+          }
+          if (_exp === 'start_with') {
+            singleRuleExp += `${rule.value ?? ''}*`
+          }
+          if (_exp === 'end_with') {
+            singleRuleExp += `*${rule.value ?? ''}`
+          }
+          if (_exp === 'value') {
+            singleRuleExp += `*`
+          }
+          if (_exp === 'in') {
+            singleRuleExp += `(${rule.value ?? ''})`
+          }
+          if (_exp === 'range') {
+            singleRuleExp += `[${rule.min}_TO_${rule.max}]`
+          }
+          if (_exp === 'compare') {
+            const idx = compareTypeList.findIndex((item) => item.value === rule.compareType)
+            singleRuleExp += `${compareTypeList[idx].label}${rule.value ?? ''}`
+          }
+          return singleRuleExp
+        })
+        this.filterExp = expList.join(',')
+        this.$emit('setExpFromFilter', this.filterExp)
+      } else {
+        this.$emit('setExpFromFilter', '')
+      }
+      this.visible = false
+    },
+  },
+}
+</script>
+
+<style lang="less" scoped>
+.table-filter {
+  .table-filter-add {
+    margin-top: 10px;
+    & > a {
+      padding: 2px 8px;
+      &:hover {
+        background-color: @primary-color_5;
+        border-radius: 5px;
+      }
+    }
+  }
+  .table-filter-extra-icon {
+    padding: 0px 2px;
+    &:hover {
+      display: inline-block;
+      border-radius: 5px;
+      background-color: #f0faff;
+    }
+  }
+}
+</style>
+
+<style lang="less">
+.table-filter-extra-operation {
+  .ant-popover-inner-content {
+    padding: 3px 4px;
+    .operation {
+      cursor: pointer;
+      width: 90px;
+      height: 30px;
+      line-height: 30px;
+      padding: 3px 4px;
+      border-radius: 5px;
+      transition: all 0.3s;
+      &:hover {
+        background-color: #f0faff;
+      }
+      > .anticon {
+        margin-right: 10px;
+      }
+    }
+  }
+}
+</style>
--- a/cmdb-ui/src/components/CollapseTransition/index.vue
+++ b/cmdb-ui/src/components/CollapseTransition/index.vue
@@ -14,7 +14,7 @@

 <script>
 /**
- * 元素折叠过度效果
+ * Collapse transition effect for elements
 */
 export default {
  name: 'CollapseTransition',
@@ -33,20 +33,17 @@ export default {
  },
  methods: {
    collapseBeforeEnter(el) {
-      // console.log('11, collapseBeforeEnter');
      this.oldPaddingBottom = el.style.paddingBottom
      this.oldPaddingTop = el.style.paddingTop
-      // 过渡效果开始前设置元素的maxHeight为0，让元素maxHeight有一个初始值
+      // set the element's maxHeight to 0 before the transition effect starts so that the element's maxHeight has an initial value
      el.style.paddingTop = '0'
      el.style.paddingBottom = '0'
      el.style.maxHeight = '0'
    },
    collapseEnter(el, done) {
-      // console.log('22, collapseEnter');
-      //
      this.oldOverflow = el.style.overflow
      const elHeight = el.scrollHeight
-      // 过渡效果进入后将元素的maxHeight设置为元素本身的高度，将元素maxHeight设置为auto不会有过渡效果
+      // After entering, set maxHeight to the element's height; setting maxHeight to auto will not have a transition effect
      if (elHeight > 0) {
        el.style.maxHeight = elHeight + 'px'
      } else {
@@ -59,24 +56,20 @@ export default {
      // done();
      const onTransitionDone = function() {
        done()
-        // console.log('enter onTransitionDone');
        el.removeEventListener('transitionend', onTransitionDone, false)
        el.removeEventListener('transitioncancel', onTransitionDone, false)
      }
-      // 绑定元素的transition完成事件，在transition完成后立即完成vue的过度动效
+      // Bind transition end event to finish Vue's transition immediately after the CSS transition
      el.addEventListener('transitionend', onTransitionDone, false)
      el.addEventListener('transitioncancel', onTransitionDone, false)
    },
    collapseAfterEnter(el) {
-      // console.log('33, collapseAfterEnter');
-      // 过渡效果完成后恢复元素的maxHeight
+      // Restore maxHeight after transition is complete
      el.style.maxHeight = ''
      el.style.overflow = this.oldOverflow
    },

    collapseBeforeLeave(el) {
-      // console.log('44, collapseBeforeLeave', el.scrollHeight);
-
      this.oldPaddingBottom = el.style.paddingBottom
      this.oldPaddingTop = el.style.paddingTop
      this.oldOverflow = el.style.overflow
@@ -85,8 +78,6 @@ export default {
      el.style.overflow = 'hidden'
    },
    collapseLeave(el, done) {
-      // console.log('55, collapseLeave', el.scrollHeight);
-
      if (el.scrollHeight !== 0) {
        el.style.maxHeight = '0'
        el.style.paddingBottom = '0'
@@ -95,16 +86,14 @@ export default {
      // done();
      const onTransitionDone = function() {
        done()
-        // console.log('leave onTransitionDone');
        el.removeEventListener('transitionend', onTransitionDone, false)
        el.removeEventListener('transitioncancel', onTransitionDone, false)
      }
-      // 绑定元素的transition完成事件，在transition完成后立即完成vue的过度动效
+      // Bind transition end event to finish Vue's transition immediately after the CSS transition
      el.addEventListener('transitionend', onTransitionDone, false)
      el.addEventListener('transitioncancel', onTransitionDone, false)
    },
    collapseAfterLeave(el) {
-      // console.log('66, collapseAfterLeave');
      el.style.maxHeight = ''
      el.style.overflow = this.oldOverflow
      el.style.paddingBottom = this.oldPaddingBottom
--- a/cmdb-ui/src/components/Crontab/Crontab.vue
+++ b/cmdb-ui/src/components/Crontab/Crontab.vue
@@ -341,7 +341,7 @@ export default {
  },
 }
 </script>
-<style scoped>
+<style lang="less" scoped>
 .pop_btn {
  text-align: right;
  margin-top: 24px;
--- a/cmdb-ui/src/components/Crontab/utils/index.js
+++ b/cmdb-ui/src/components/Crontab/utils/index.js
@@ -1,9 +1,6 @@
 /* eslint-disable */
 /* 
-    !!!!!!!
-    以下为凶残的cron表达式验证，胆小肾虚及心脏病者慎入!!!
-    不听劝告者后果自负T T
-    !!!!!!!
+    cron表达式验证
    cron表达式为秒，分，时，日，月，周，年
    判断正误方法：错误的话返回错误信息，正确的话返回true
 */
--- a/cmdb-ui/src/components/CustomIconSelect/constants.js
+++ b/cmdb-ui/src/components/CustomIconSelect/constants.js
@@ -47,7 +47,7 @@ export const commonIconList = ['changyong-ubuntu',
 export const linearIconList = [
  {
    value: 'database',
-    label: '数据库',
+    label: 'components.database',
    list: [{
      value: 'icon-xianxing-DB2',
      label: 'DB2'
@@ -81,7 +81,7 @@ export const linearIconList = [
    }]
  }, {
    value: 'system',
-    label: '操作系统',
+    label: 'components.system',
    list: [{
      value: 'icon-xianxing-Windows',
      label: 'Windows'
@@ -106,7 +106,7 @@ export const linearIconList = [
    }]
  }, {
    value: 'language',
-    label: '语言',
+    label: 'components.language',
    list: [{
      value: 'icon-xianxing-python',
      label: 'python'
@@ -137,7 +137,7 @@ export const linearIconList = [
    }]
  }, {
    value: 'status',
-    label: '状态',
+    label: 'components.status',
    list: [{
      value: 'icon-xianxing-yiwen',
      label: '疑问'
@@ -177,7 +177,7 @@ export const linearIconList = [
    }]
  }, {
    value: 'icon-xianxing-application',
-    label: '应用',
+    label: 'components.commonComponent',
    list: [{
      value: 'icon-xianxing-yilianjie',
      label: '已连接'
@@ -310,7 +310,7 @@ export const linearIconList = [
    }]
  }, {
    value: 'data',
-    label: '数据',
+    label: 'components.data',
    list: [{
      value: 'icon-xianxing-bingzhuangtu',
      label: '饼状图'
@@ -387,7 +387,7 @@ export const linearIconList = [
 export const fillIconList = [
  {
    value: 'database',
-    label: '数据库',
+    label: 'components.database',
    list: [{
      value: 'icon-shidi-DB2',
      label: 'DB2'
@@ -421,7 +421,7 @@ export const fillIconList = [
    }]
  }, {
    value: 'system',
-    label: '操作系统',
+    label: 'components.system',
    list: [{
      value: 'icon-shidi-Windows',
      label: 'Windows'
@@ -446,7 +446,7 @@ export const fillIconList = [
    }]
  }, {
    value: 'language',
-    label: '语言',
+    label: 'components.language',
    list: [{
      value: 'icon-shidi-python',
      label: 'python'
@@ -477,7 +477,7 @@ export const fillIconList = [
    }]
  }, {
    value: 'status',
-    label: '状态',
+    label: 'components.status',
    list: [{
      value: 'icon-shidi-yiwen',
      label: '疑问'
@@ -517,7 +517,7 @@ export const fillIconList = [
    }]
  }, {
    value: 'icon-shidi-application',
-    label: '应用',
+    label: 'components.commonComponent',
    list: [{
      value: 'icon-shidi-yilianjie',
      label: '已连接'
@@ -650,7 +650,7 @@ export const fillIconList = [
    }]
  }, {
    value: 'data',
-    label: '数据',
+    label: 'components.data',
    list: [{
      value: 'icon-shidi-bingzhuangtu',
      label: '饼状图'
@@ -727,8 +727,20 @@ export const fillIconList = [
 export const multicolorIconList = [
  {
    value: 'database',
-    label: '数据库',
+    label: 'components.database',
    list: [{
+      value: 'caise-TIDB',
+      label: 'TIDB'
+    }, {
+      value: 'caise-dameng',
+      label: '达梦'
+    }, {
+      value: 'caise-kingbase',
+      label: 'KingBase'
+    }, {
+      value: 'caise-TDSQL',
+      label: 'TDSQL'
+    }, {
      value: 'caise-DB2',
      label: 'DB2'
    }, {
@@ -761,7 +773,7 @@ export const multicolorIconList = [
    }]
  }, {
    value: 'cloud',
-    label: '云',
+    label: 'components.cloud',
    list: [{
      value: 'AWS',
      label: 'AWS'
@@ -807,8 +819,11 @@ export const multicolorIconList = [
    }]
  }, {
    value: 'system',
-    label: '操作系统',
+    label: 'components.system',
    list: [{
+      value: 'ciase-aix',
+      label: 'aix'
+    }, {
      value: 'caise-Windows',
      label: 'Windows'
    }, {
@@ -832,7 +847,7 @@ export const multicolorIconList = [
    }]
  }, {
    value: 'language',
-    label: '语言',
+    label: 'components.language',
    list: [{
      value: 'caise-python',
      label: 'python'
@@ -863,7 +878,7 @@ export const multicolorIconList = [
    }]
  }, {
    value: 'status',
-    label: '状态',
+    label: 'components.status',
    list: [{
      value: 'caise-yiwen',
      label: '疑问'
@@ -903,8 +918,113 @@ export const multicolorIconList = [
    }]
  }, {
    value: 'caise-application',
-    label: '应用',
+    label: 'components.commonComponent',
    list: [{
+      value: 'caise-websphere',
+      label: 'WebSphere'
+    }, {
+      value: 'caise-vps',
+      label: 'VPS'
+    }, {
+      value: 'caise-F5',
+      label: 'F5'
+    }, {
+      value: 'caise-HAProxy',
+      label: 'HAProxy'
+    }, {
+      value: 'caise-kafka',
+      label: 'kafka'
+    }, {
+      value: 'caise-dongfangtong',
+      label: '东方通'
+    }, {
+      value: 'cmdb-vcenter',
+      label: 'VCenter'
+    }, {
+      value: 'ops-KVM',
+      label: 'KVM'
+    }, {
+      value: 'caise-JBoss',
+      label: 'JBoss'
+    }, {
+      value: 'caise-weblogic',
+      label: 'WebLogic'
+    }, {
+      value: 'caise-disk_array',
+      label: '磁盘阵列'
+    }, {
+      value: 'caise-fiber',
+      label: '光纤交换机'
+    }, {
+      value: 'caise-bandwidth_line',
+      label: '带宽线路'
+    }, {
+      value: 'caise-pc',
+      label: 'PC'
+    }, {
+      value: 'caise-rack',
+      label: '机柜'
+    }, {
+      value: 'caise-computer_room',
+      label: '机房'
+    }, {
+      value: 'caise-ip_address',
+      label: 'ip地址'
+    }, {
+      value: 'caise_pool',
+      label: 'ip池'
+    }, {
+      value: 'caise-storage_volume1',
+      label: '存储卷'
+    }, {
+      value: 'caise-virtualization',
+      label: '虚拟化'
+    }, {
+      value: 'caise-business',
+      label: '业务'
+    }, {
+      value: 'caise-database',
+      label: '数据库'
+    }, {
+      value: 'caise-middleware',
+      label: '中间件'
+    }, {
+      value: 'caise-websever',
+      label: 'websever'
+    }, {
+      value: 'caise-message_queue',
+      label: '消息队列'
+    }, {
+      value: 'caise-load_balancing',
+      label: '负载均衡'
+    }, {
+      value: 'caise-storage_device',
+      label: '存储设备'
+    }, {
+      value: 'caise-network_devices',
+      label: '网络设备'
+    }, {
+      value: 'caise-computer',
+      label: '计算机'
+    }, {
+      value: 'caise-hardware',
+      label: '硬件设备'
+    }, {
+      value: 'caise-data_center2',
+      label: '数据中心'
+    }, {
+      value: 'caise-hyperV',
+      label: 'hyperV'
+    }, {
+      value: 'caise-IPAM',
+      label: 'IPAM'
+    }, {
+      value: 'caise-system',
+      label: '操作系统'
+    }, {
+      value: 'caise-public_cloud',
+      label: '公有云'
+    }, {
      value: 'caise-data_center',
      label: '数据中心'
    }, {
@@ -1060,7 +1180,7 @@ export const multicolorIconList = [
    }]
  }, {
    value: 'data',
-    label: '数据',
+    label: 'components.data',
    list: [{
      value: 'caise-bingzhuangtu',
      label: '饼状图'
--- a/Show More
+++ b/Show More