from kallithea.lib.middleware.permanent_repo_url import PermanentRepoUrl

from kallithea.lib.middleware.simplegit import SimpleGit

from kallithea.lib.middleware.simplehg import SimpleHg

from kallithea.lib.middleware.wrapper import RequestWrapper

from kallithea.lib.utils import check_git_version, load_rcextensions, set_app_settings, set_indexer_config, set_vcs_config

from kallithea.lib.utils2 import str2bool

log = logging.getLogger(__name__)

class KallitheaAppConfig(AppConfig):

                      'Expected database version id(s): %s\n'

                      'If you are a developer and you know what you are doing, you can add `ignore_alembic_revision = True` '

                      'to your .ini file to skip the check.\n' % (' '.join(current_heads), ' '.join(available_heads)))

            sys.exit(1)

    # store some globals into kallithea

    if str2bool(config.get('use_celery')):

        kallithea.CELERY_APP = celerypylons.make_app()

    kallithea.CONFIG = config

    load_rcextensions(root_path=config['here'])

from kallithea.lib.auth import HasPermissionAny, HasRepoPermissionLevelDecorator, LoginRequired, NotAnonymous

from kallithea.lib.base import BaseRepoController, jsonify, render

from kallithea.lib.exceptions import AttachedForksError

from kallithea.lib.utils import action_logger

from kallithea.lib.utils2 import safe_int

from kallithea.lib.vcs import RepositoryError

from kallithea.model.forms import RepoFieldForm, RepoForm, RepoPermsForm

from kallithea.model.meta import Session

from kallithea.model.repo import RepoModel

from kallithea.model.scm import AvailableRepoGroupChoices, RepoList, ScmModel

            h.flash(msg, category='error')

        raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name))

    @HasRepoPermissionLevelDecorator('admin')

    def edit_advanced(self, repo_name):

        c.repo_info = self._load_repo()

        c.in_public_journal = UserFollowing.query() \

            .filter(UserFollowing.user_id == c.default_user_id) \

            .filter(UserFollowing.follows_repository == c.repo_info).scalar()

        _repos = Repository.query(sorted=True).all()

        read_access_repos = RepoList(_repos, perm_level='read')

        :param repo_name:

        """

        try:

            repo_id = Repository.get_by_repo_name(repo_name).repo_id

            self.scm_model.toggle_following_repo(repo_id, user_id)

            h.flash(_('Updated repository visibility in public journal'),

                    category='success')

            Session().commit()

        except Exception:

            h.flash(_('An error occurred during setting this'

from sqlalchemy.sql.expression import func

from tg import app_globals, request

from tg import tmpl_context as c

from tg.i18n import ugettext as _

from webob.exc import HTTPFound, HTTPNotFound

from kallithea.config.routing import url

from kallithea.lib import auth_modules

from kallithea.lib import helpers as h

from kallithea.lib.auth import AuthUser, HasPermissionAnyDecorator, LoginRequired

from kallithea.lib.base import BaseController, IfSshEnabled, render

from kallithea.lib.exceptions import DefaultUserException, UserCreationError, UserOwnsReposException

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'ips'

        c.user_ip_map = UserIpMap.query() \

            .filter(UserIpMap.user == c.user).all()

        c.default_user_ip_map = UserIpMap.query() \

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

from formencode import htmlfill

from tg import request

from tg import tmpl_context as c

from tg.i18n import ugettext as _

from webob.exc import HTTPFound

import kallithea.lib.helpers as h

from kallithea.config.routing import url

from kallithea.lib.auth import HasPermissionAny, HasPermissionAnyDecorator, HasRepoPermissionLevel, HasRepoPermissionLevelDecorator, LoginRequired

from kallithea.lib.base import BaseRepoController, render

from kallithea.lib.page import Page

from kallithea.lib.utils2 import safe_int

from kallithea.model.forms import RepoForkForm

from kallithea.model.repo import RepoModel

from kallithea.model.scm import AvailableRepoGroupChoices, ScmModel

log = logging.getLogger(__name__)

        repo = c.db_repo.scm_instance

        if c.repo_info is None:

            h.not_mapped_error(c.repo_name)

            raise HTTPFound(location=url('repos'))

        c.in_public_journal = UserFollowing.query() \

            .filter(UserFollowing.user_id == c.default_user_id) \

            .filter(UserFollowing.follows_repository == c.repo_info).scalar()

        if c.repo_info.stats:

            last_rev = c.repo_info.stats.stat_on_revision + 1

from sqlalchemy.orm import joinedload

from sqlalchemy.orm.exc import ObjectDeletedError

from tg import request

from tg.i18n import ugettext as _

from webob.exc import HTTPForbidden, HTTPFound

from kallithea.config.routing import url

from kallithea.lib.utils import get_repo_group_slug, get_repo_slug, get_user_group_slug

from kallithea.lib.utils2 import ascii_bytes, ascii_str, safe_bytes

from kallithea.lib.vcs.utils.lazy import LazyProperty

                                UserGroupUserGroupToPerm, UserIpMap, UserToPerm)

from kallithea.model.meta import Session

from kallithea.model.user import UserModel

log = logging.getLogger(__name__)

        if new_perm_val > cur_perm_val:

            permissions[kind][key] = new_perm

    #======================================================================

    # fetch default permissions

    #======================================================================

    if user_is_admin:

        #==================================================================

        # admin users have all rights;

        # based on default permissions, just set everything to admin

        #==================================================================

    #==================================================================

    # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS

    #==================================================================

    # default global permissions taken from the default user

    default_global_perms = UserToPerm.query() \

        .options(joinedload(UserToPerm.permission))

    for perm in default_global_perms:

        permissions[GLOBAL].add(perm.permission.permission_name)

    # defaults for repositories, taken from default user

        )

    @classmethod

    def get_allowed_ips(cls, user_id):

        _set = set()

        for ip in default_ips:

            try:

                _set.add(ip.ip_addr)

            except ObjectDeletedError:

                # since we use heavy caching sometimes it happens that we get

                # deleted objects here, we just skip them

    accesses."""

    yield

    # cleanup

    user_model = UserModel()

    user_ids = []

    user_ids.append(User.get_by_username(TEST_USER_REGULAR_LOGIN).user_id)

    for user_id in user_ids:

        for ip in UserIpMap.query().filter(UserIpMap.user_id == user_id):

            user_model.delete_extra_ip(user_id, ip.ip_id)

from kallithea.model.db import User, UserIpMap

from kallithea.tests import base

class TestAdminPermissionsController(base.TestController):

        response = self.app.get(base.url('admin_permissions_ips'))

        # Test response...

        response.mustcontain('All IP addresses are allowed')

    def test_add_delete_ips(self, auto_clear_ip_permissions):

        self.log_user()

        # Add IP and verify it is shown in UI and both gives access and rejects

        response = self.app.post(base.url('edit_user_ips_update', id=default_user_id),

                                 params=dict(new_ip='0.0.0.0/24',

                                 _session_csrf_secret_token=self.session_csrf_secret_token()))

import pytest

from sqlalchemy.orm.exc import NoResultFound

from tg.util.webtest import test_context

from webob.exc import HTTPNotFound

from kallithea.controllers.admin.users import UsersController

from kallithea.lib import helpers as h

from kallithea.lib.auth import check_password

from kallithea.model import validators

from kallithea.model.db import Permission, RepoGroup, User, UserApiKeys, UserSshKeys

from kallithea.model.meta import Session

        u = UsersController()

        # a regular user should work correctly

        user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN)

        assert u._get_user_or_raise_if_default(user.user_id) == user

        # the default user should raise

        with pytest.raises(HTTPNotFound):

class TestAdminUsersControllerForDefaultUser(base.TestController):

    """

    Edit actions on the default user are not allowed.

    Validate that they throw a 404 exception.

import functools

from kallithea.model.meta import Session

from kallithea.model.repo_group import RepoGroupModel

from kallithea.tests.models.common import _check_expected_count, _create_project_tree, _destroy_project_tree, _get_perms, check_tree_perms, expected_count

test_u1_id = None

    """

    Resets all permissions to perm attribute

    """

    if not user_id:

        user_id = test_u1_id

        permissions_setup_func(group_name, perm, recursive,

    repo_group = RepoGroup.get_by_group_name(group_name=group_name)

    if not repo_group:

        raise Exception('Cannot get group %s' % group_name)

    # Start with a baseline that current group can read recursive

def test_user_permissions_on_group_with_recursive_mode_for_default_user():

    # set permission to g0 recursive mode, all children including

    # other repos and groups should have this permission now set !

    recursive = 'all'

    group = 'g0'

    permissions_setup_func(group, 'group.write', recursive=recursive,

                           user_id=default_user_id)

    # change default to get perms for default user

    _get_repo_perms = functools.partial(_get_perms, key='repositories',

                                        test_u1_id=default_user_id)

def test_user_permissions_on_group_with_recursive_repo_mode_for_default_user():

    # set permission to g0/g0_1 recursive repos only mode, all children including

    # other repos should have this permission now set, inner groups are excluded!

    recursive = 'repos'

    group = 'g0/g0_1'

    perm = 'group.none'

    permissions_setup_func(group, perm, recursive=recursive,

                           user_id=default_user_id)

    # change default to get perms for default user

    _get_repo_perms = functools.partial(_get_perms, key='repositories',

def test_user_permissions_on_group_with_recursive_group_mode_for_default_user():

    # set permission to g0/g0_1 with recursive groups only mode, all children including

    # other groups should have this permission now set. repositories should

    # remain intact as we use groups only mode !

    recursive = 'groups'

    group = 'g0/g0_1'

    permissions_setup_func(group, 'group.write', recursive=recursive,

                           user_id=default_user_id)

    # change default to get perms for default user

    _get_repo_perms = functools.partial(_get_perms, key='repositories',

                                        test_u1_id=default_user_id)