self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.permissions = {}

        self._api_key = api_key

        self.propagate_data()

    def propagate_data(self):

        user_model = UserModel()

        is_user_loaded = False

        # try go get user by api key

        if self._api_key and self._api_key != self.anonymous_user.api_key:

            log.debug('Auth User lookup by API KEY %s', self._api_key)

            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)

        # lookup by userid    

        elif (self.user_id is not None and

              self.user_id != self.anonymous_user.user_id):

            log.debug('Auth User lookup by USER ID %s', self.user_id)

            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)

        # lookup by username    

        self.user = cls.rhodecode_user

        self.user_perms = self.user.permissions

        log.debug('checking %s permissions %s for %s %s',

           self.__class__.__name__, self.required_perms, cls,

               self.user)

        if self.check_permissions():

            log.debug('Permission granted for %s %s', cls, self.user)

            return func(*fargs, **fkwargs)

        else:

            log.warning('Permission denied for %s %s', cls, self.user)

            anonymous = self.user.username == 'default'

            if anonymous:

                p = url.current()

                import rhodecode.lib.helpers as h

                h.flash(_('You need to be a signed in to '

                          'view this page'),

                        category='warning')

                return redirect(url('login_home', came_from=p))

            else:

    def __init__(self, *perms):

        available_perms = config['available_permissions']

        for perm in perms:

            if perm not in available_perms:

                raise Exception("'%s' permission in not defined" % perm)

        self.required_perms = set(perms)

        self.user_perms = None

        self.granted_for = ''

        self.repo_name = None

    def __call__(self, check_Location=''):

        if not user:

            return False

        self.user_perms = user.permissions

        self.granted_for = user

        log.debug('checking %s %s %s', self.__class__.__name__,

                  self.required_perms, user)

        if self.check_permissions():

            log.debug('Permission granted %s @ %s', self.granted_for,

                      check_Location or 'unspecified location')

            return True

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        start = time.time()

        try:

            # make sure that we update permissions each time we call controller

            api_key = request.GET.get('api_key')

            cookie_store = session.get('rhodecode_user') or {}

            user_id = cookie_store.get('user_id', None)

            username = get_container_username(environ, config)

            auth_user = AuthUser(user_id, api_key, username)

            self.rhodecode_user = c.rhodecode_user = auth_user

            if not self.rhodecode_user.is_authenticated and \

                       self.rhodecode_user.user_id is not None:

                self.rhodecode_user\

                    .set_authenticated(cookie_store.get('is_authenticated'))

            session['rhodecode_user'] = self.rhodecode_user.get_cookie_store()

            session.save()

            return WSGIController.__call__(self, environ, start_response)

        finally:

            log.debug('Request time: %.3fs' % (time.time() - start))

            meta.Session.remove()

@task(ignore_result=True)

def send_email(recipients, subject, body, html_body=''):

    """

    Sends an email with defined parameters from the .ini files.

    :param recipients: list of recipients, it this is empty the defined email

        address from field 'email_to' is used instead

    :param subject: subject of the mail

    :param body: body of the mail

    :param html_body: html version of body

    """

    log = get_logger(send_email)

    email_config = config

    subject = "%s %s" % (email_config.get('email_prefix'), subject)

    if not recipients:

        # if recipients are not defined we send to email_config + all admins

        admins = [u.email for u in User.query()

                  .filter(User.admin == True).all()]

        recipients = [email_config.get('email_to')] + admins

    mail_from = email_config.get('app_email_from', 'RhodeCode')

    user = email_config.get('smtp_username')

    passwd = email_config.get('smtp_password')

    mail_server = email_config.get('smtp_server')

    mail_port = email_config.get('smtp_port')

from rhodecode.lib.utils import BasePasterCommand, Command

from celery.app import app_or_default

from celery.bin import camqadm, celerybeat, celeryd, celeryev

from rhodecode.lib import str2bool

__all__ = ['CeleryDaemonCommand', 'CeleryBeatCommand',

           'CAMQPAdminCommand', 'CeleryEventCommand']

class CeleryCommand(BasePasterCommand):

    """Abstract class implements run methods needed for celery

            self.parser.add_option(x)

    def command(self):

        from pylons import config

        try:

            CELERY_ON = str2bool(config['app_conf'].get('use_celery'))

        except KeyError:

            CELERY_ON = False

        if CELERY_ON == False:

            raise Exception('Please enable celery_on in .ini config '

                            'file before running celeryd')

        cmd = self.celery_command(app_or_default())

        return cmd.run(**vars(self.options))

class CeleryDaemonCommand(CeleryCommand):

    """Start the celery worker

    Starts the celery worker that uses a paste.deploy configuration

    file.

    """

    usage = 'CONFIG_FILE [celeryd options...]'

    summary = __doc__.splitlines()[0]

    description = "".join(__doc__.splitlines()[2:])

    __table_args__ = {'extend_existing':True}

    users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)

    members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")

    def __repr__(self):

        return '<userGroup(%s)>' % (self.users_group_name)

    @classmethod

        if case_insensitive:

        else:

        if cache:

    @classmethod

    def get(cls, users_group_id, cache=False):

        users_group = cls.query()

        if cache:

            users_group = users_group.options(FromCache("sql_cache_short",

                                    "get_users_group_%s" % users_group_id))

        return users_group.get(users_group_id)

    @classmethod

    def create(cls, form_data):

    @classmethod

    def get_repo_forks(cls, repo_id):

        return cls.query().filter(Repository.fork_id == repo_id)

    @classmethod

    def base_path(cls):

        """

        Returns base path when all repos are stored

        :param cls:

        """

        return q.one().ui_value

    @property

    def just_name(self):

        return self.repo_name.split(Repository.url_sep())[-1]

    @property

    def groups_with_parents(self):

        groups = []

        if self.group is None:

            return groups

    permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    permission_name = Column("permission_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    permission_longname = Column("permission_longname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__,

                                  self.permission_id, self.permission_name)

    @classmethod

    def get_by_key(cls, key):

        return cls.query().filter(cls.permission_name == key).scalar()

class UserRepoToPerm(Base, BaseModel):

    __tablename__ = 'repo_to_perm'

    __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'extend_existing':True})

    repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)

    repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)

    user = relationship('User')

    permission = relationship('Permission')

    repository = relationship('Repository')

class UserToPerm(Base, BaseModel):

    __tablename__ = 'user_to_perm'

    __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'extend_existing':True})

    user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)

    user = relationship('User')

    @classmethod

    def has_perm(cls, user_id, perm):

        if not isinstance(perm, Permission):

            raise Exception('perm needs to be an instance of Permission class')

        return cls.query().filter(cls.user_id == user_id)\

            .filter(cls.permission == perm).scalar() is not None

    @classmethod

    def grant_perm(cls, user_id, perm):

        if not isinstance(perm, Permission):

        self.repos_path = repos_path

        self.order_by = order_by

        self.reversed = (order_by or '').startswith('-')

    def __len__(self):

        return len(self.db_repo_list)

    def __repr__(self):

        return '<%s (%s)>' % (self.__class__.__name__, self.__len__())

    def __iter__(self):

        for dbr in self.db_repo_list:

            scmr = dbr.scm_instance_cached

            # check permission at this level

            if not HasRepoPermissionAny('repository.read', 'repository.write',

                                        'repository.admin')(dbr.repo_name,

                                                            'get repo check'):

                continue

            if scmr is None:

                log.error('%s this repository is present in database but it '

                          'cannot be created as an scm instance',

                          dbr.repo_name)

                continue

            last_change = scmr.last_change

            tip = h.get_changeset_safe(scmr, 'tip')

            tmp_d = {}

            tmp_d['name'] = dbr.repo_name

            tmp_d['name_sort'] = tmp_d['name'].lower()

            tmp_d['description'] = dbr.description

            tmp_d['description_sort'] = tmp_d['description']

            tmp_d['last_change'] = last_change

            tmp_d['tip'] = tip.raw_id

            tmp_d['tip_sort'] = tip.revision

            tmp_d['rev'] = tip.revision

            tmp_d['contact'] = dbr.user.full_contact

            tmp_d['contact_sort'] = tmp_d['contact']

            tmp_d['owner_sort'] = tmp_d['contact']

            tmp_d['repo_archives'] = list(scmr._get_archives())

            tmp_d['last_msg'] = tip.message

            tmp_d['author'] = tip.author

            tmp_d['dbrepo'] = dbr.get_dict()

            yield tmp_d

class ScmModel(BaseModel):

    """

    Generic Scm Model

    """

    @LazyProperty

    def repos_path(self):

        """

        Get's the repositories root path from database

        """

                setattr(new_user, k, v)

            new_user.api_key = generate_api_key(form_data['username'])

            self.sa.add(new_user)

            self.sa.commit()

            return new_user

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

                         active=True, admin=False, ldap_dn=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param name:

        :param lastname:

        :param active:

        :param admin:

        :param ldap_dn:

        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for %s account in RhodeCode database', username)

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            new_user = User()

        else:

            new_user = user

        try:

            new_user.username = username

            new_user.admin = admin

            new_user.password = get_crypt_password(password)

            new_user.api_key = generate_api_key(username)

            new_user.email = email

            new_user.active = active

            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None

            new_user.name = name

            new_user.lastname = lastname

            self.sa.add(new_user)

            self.sa.commit()

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def create_for_container_auth(self, username, attrs):

        """

        Creates the given user if it's not already in the database

        :param username:

        :param attrs:

        """

        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for container account without one

            generate_email = lambda usr: '%s@container_auth.account' % usr

        works for permissions given for repositories, and for permissions that

        are granted to groups

        :param user: user instance to fill his perms

        """

        user.permissions['repositories'] = {}

        user.permissions['global'] = set()

        #======================================================================

        # fetch default permissions

        #======================================================================

        if user.is_admin:

            #==================================================================

            # #admin have all default rights set to admin

            #==================================================================

            user.permissions['global'].add('hg.admin')

            for perm in default_perms:

                p = 'repository.admin'

                user.permissions['repositories'][perm.UserRepoToPerm.

                                                 repository.repo_name] = p

        else:

            #==================================================================

            # set default permissions

            #==================================================================

            uid = user.user_id

            #default global

            default_global_perms = self.sa.query(UserToPerm)\

            for perm in default_global_perms:

                user.permissions['global'].add(perm.permission.permission_name)

            #default for repositories

            for perm in default_perms:

                if perm.Repository.private and not (perm.Repository.user_id ==

                                                    uid):

                    p = 'repository.none'

                elif perm.Repository.user_id == uid:

                    #set admin if owner

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions['repositories'][perm.UserRepoToPerm.

                                                 repository.repo_name] = p

            #==================================================================

            # overwrite default with user permissions if any

                if perm.Repository.user_id == uid:

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions['repositories'][perm.UserRepoToPerm.

                                                 repository.repo_name] = p

            #==================================================================

            # check if user is part of groups for this repository and fill in

            # (or replace with higher) permissions

            #==================================================================

            user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\

                .options(joinedload(UsersGroupToPerm.permission))\

                .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==

                       UsersGroupMember.users_group_id))\

                .filter(UsersGroupMember.user_id == uid).all()

            for perm in user_perms_from_users_groups:

                user.permissions['global'].add(perm.permission.permission_name)

            user_repo_perms_from_users_groups = self.sa.query(

                                                UsersGroupRepoToPerm,

                                                Permission, Repository,)\

                .join((Repository, UsersGroupRepoToPerm.repository_id ==

                       Repository.repo_id))\

                .join((Permission, UsersGroupRepoToPerm.permission_id ==

                       Permission.permission_id))\

                .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==

                       UsersGroupMember.users_group_id))\

                .filter(UsersGroupMember.user_id == uid).all()

            for perm in user_repo_perms_from_users_groups:

                p = perm.Permission.permission_name

                cur_perm = user.permissions['repositories'][perm.

                                                    UsersGroupRepoToPerm.

                                                    repository.repo_name]

                # given from other sources

                if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

                    user.permissions['repositories'][perm.UsersGroupRepoToPerm.

                                                     repository.repo_name] = p

        return user

#content div.box div.form div.fields div.field div.label label,div.label-summary label

    {

    color: #393939;

    font-weight: 700;

}

#content div.box div.form div.fields div.field div.input {

	margin: 0 0 0 200px;

}

#content div.box div.form div.fields div.field div.input.summary {

    margin: 0 0 0 110px;

}

#content div.box div.form div.fields div.field div.file {

	margin: 0 0 0 200px;

}

#content div.box-left div.form div.fields div.field div.input,#content div.box-right div.form div.fields div.field div.input

	{

	margin: 0 0 0 0px;

}

#content div.box div.form div.fields div.field div.input input {

	background: #FFF;

	border-top: 1px solid #b3b3b3;

<%def name="breadcrumbs_links()">

    ${h.link_to(u'Home',h.url('/'))}

    » 

    ${h.link_to(c.dbrepo.just_name,h.url('summary_home',repo_name=c.repo_name))}

    »

    ${_('summary')}

</%def>

<%def name="page_nav()">

	${self.menu('summary')}    

</%def>

<%def name="main()">

    %if c.show_stats:

        <div class="box box-left">

    %else:

        <div class="box">

    %endif

    <!-- box / title -->

    <div class="title">

        ${self.breadcrumbs()}

    </div>

    <!-- end box / title -->

	<div class="form">

	  <div id="summary" class="fields">

			 <div class="field">

			  <div class="label-summary">

			      <label>${_('Name')}:</label>

			  </div>

                  <div style="float:right;padding:5px 0px 0px 5px">		  

                     %if c.rhodecode_user.username != 'default':

                      ${h.link_to(_('RSS'),h.url('rss_feed_home',repo_name=c.dbrepo.repo_name,api_key=c.rhodecode_user.api_key),class_='rss_icon')}

                      ${h.link_to(_('ATOM'),h.url('atom_feed_home',repo_name=c.dbrepo.repo_name,api_key=c.rhodecode_user.api_key),class_='atom_icon')}

                     %else:

                      ${h.link_to(_('RSS'),h.url('rss_feed_home',repo_name=c.dbrepo.repo_name),class_='rss_icon')}

                      ${h.link_to(_('ATOM'),h.url('atom_feed_home',repo_name=c.dbrepo.repo_name),class_='atom_icon')}            

                     %endif  

                  </div>

                  %if c.rhodecode_user.username != 'default':

                      %if c.following:

                      <span id="follow_toggle" class="following" title="${_('Stop following this repository')}"

                    <a href="${h.url(str(h.hide_credentials(c.dbrepo.clone_uri)))}"><img class="icon" alt="${_('remote clone')}" title="${_('Clone from')} ${h.hide_credentials(c.dbrepo.clone_uri)}" src="${h.url('/images/icons/connect.png')}"/>

                        ${_('Clone from')} ${h.hide_credentials(c.dbrepo.clone_uri)}

                    </a>

                    </div>					

				  %endif		            		      

			  </div>

			 </div>

			 <div class="field">

			  <div class="label-summary">

			      <label>${_('Description')}:</label>

			  </div>

			 </div>

			 <div class="field">

			  <div class="label-summary">

			      <label>${_('Contact')}:</label>

			  </div>

			  	<div class="gravatar">

			  		<img alt="gravatar" src="${h.gravatar_url(c.dbrepo.user.email)}"/>

			  	</div>

			  		${_('Username')}: ${c.dbrepo.user.username}<br/>

			  		${_('Name')}: ${c.dbrepo.user.name} ${c.dbrepo.user.lastname}<br/>

			  		${_('Email')}: <a href="mailto:${c.dbrepo.user.email}">${c.dbrepo.user.email}</a>

			  </div>

			 </div>

			 <div class="field">

			  <div class="label-summary">

			      <label>${_('Last change')}:</label>

			  </div>

                  <b>${'r%s:%s' % (h.get_changeset_safe(c.rhodecode_repo,'tip').revision,

                            h.get_changeset_safe(c.rhodecode_repo,'tip').short_id)}</b> - 

			      <span class="tooltip" title="${c.rhodecode_repo.last_change}">

			      ${h.age(c.rhodecode_repo.last_change)}</span>

			      ${_('by')} ${h.get_changeset_safe(c.rhodecode_repo,'tip').author} 

			  </div>

			 </div>

			 <div class="field">

			  <div class="label-summary">

			      <label>${_('Clone url')}:</label>

			  </div>

			      <input type="text" id="clone_url" readonly="readonly" value="${c.rhodecode_repo.alias} clone ${c.clone_repo_url}" size="70"/>

			  </div>

			 </div>

			 <div class="field">

			  <div class="label-summary">

			      <label>${_('Trending files')}:</label>

			  </div>

                %if c.show_stats:

			    <div id="lang_stats"></div>

                %else:

                   %if h.HasPermissionAll('hg.admin')('enable stats on from summary'):

                %endif		   

			  </div>

			 </div>

			 <div class="field">

			  <div class="label-summary">

			      <label>${_('Download')}:</label>

			  </div>

		        %if len(c.rhodecode_repo.revisions) == 0:

		          ${_('There are no downloads yet')}

		        %elif c.enable_downloads is False:

		          ${_('Downloads are disabled for this repository')}

                    %if h.HasPermissionAll('hg.admin')('enable downloads on from summary'):

                        ${h.link_to(_('enable'),h.url('edit_repo',repo_name=c.repo_name),class_="ui-button-small")}

                    %endif  		          

		        %else:

			        ${h.select('download_options',c.rhodecode_repo.get_changeset().raw_id,c.download_options)}

			        %for cnt,archive in enumerate(c.rhodecode_repo._get_archives()):

			             %if cnt >=1:

			             |