'attr_login': ldap_settings.get('ldap_attr_login'),

                  'ldap_version': 3,

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,

                                                                password)

                log.debug('Got ldap DN response %s' % user_dn)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\

                                                           .get(k), [''])[0]

                user_attrs = {

                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),

                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),

                 'email': get_ldap_attr('ldap_attr_email'),

                 'active': 'hg.register.auto_activate' in User\

                    .get_by_username('default').AuthUser.permissions['global']

                }

                # don't store LDAP password since we don't need it. Override

                # with some random generated password

                _password = PasswordGenerator().gen_password(length=8)

                # create this user on the fly if it doesn't exist in rhodecode

                # database

                if user_model.create_ldap(username, _password, user_dn,

                                          user_attrs):

                    log.info('created new ldap user %s' % username)

                Session().commit()

                return True

            except (LdapUsernameError, LdapPasswordError,):

                pass

            except (Exception,):

                log.error(traceback.format_exc())

                pass

    return False

def login_container_auth(username):

    user = User.get_by_username(username)

    if user is None:

        user_attrs = {

            'name': username,

            'lastname': None,

            'email': None,

            'active': 'hg.register.auto_activate' in User\

               .get_by_username('default').AuthUser.permissions['global']

        }

        user = UserModel().create_for_container_auth(username, user_attrs)

        if not user:

            return None

        log.info('User %s was created by container authentication' % username)

    if not user.active:

        return None

    user.update_lastlogin()

    Session().commit()

    log.debug('User %s is now logged in by container authentication',

              user.username)

    return user

def get_container_username(environ, config, clean_username=False):

    """

    Get's the container_auth username (or email). It tries to get username

    from REMOTE_USER if container_auth_enabled is enabled, if that fails

    it tries to get username from HTTP_X_FORWARDED_USER if proxypass_auth_enabled

    is enabled. clean_username extracts the username from this data if it's

    having @ in it.

    :param environ:

    :param config:

    :param clean_username:

    """

    username = None

    if str2bool(config.get('container_auth_enabled', False)):

        from paste.httpheaders import REMOTE_USER

        username = REMOTE_USER(environ)

        log.debug('extracted REMOTE_USER:%s' % (username))

    if not username and str2bool(config.get('proxypass_auth_enabled', False)):

        username = environ.get('HTTP_X_FORWARDED_USER')

        log.debug('extracted HTTP_X_FORWARDED_USER:%s' % (username))

    if username and clean_username:

        # Removing realm and domain from username

        username = username.partition('@')[0]

        username = username.rpartition('\\')[2]

    log.debug('Received username %s from container' % username)

    return username

class CookieStoreWrapper(object):

    def __init__(self, cookie_store):

        self.cookie_store = cookie_store

    def __repr__(self):

        return 'CookieStore<%s>' % (self.cookie_store)

    def get(self, key, other=None):

        if isinstance(self.cookie_store, dict):

            return self.cookie_store.get(key, other)

        elif isinstance(self.cookie_store, AuthUser):

            return self.cookie_store.__dict__.get(key, other)

class  AuthUser(object):

    """

    A simple object that handles all attributes of user in RhodeCode

    It does lookup based on API key,given user, or user present in session

    Then it fills all required information for such user. It also checks if

    anonymous access is enabled and if so, it returns default user as logged

    in

    """

    def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):

        self.user_id = user_id

        self.api_key = None

        self.username = username

        self.ip_addr = ip_addr

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.inherit_default_permissions = False

        self.permissions = {}

        self._api_key = api_key

        self.propagate_data()

        self._instance = None

    def propagate_data(self):

        user_model = UserModel()

        self.anonymous_user = User.get_by_username('default', cache=True)

        is_user_loaded = False

        # try go get user by api key

        if self._api_key and self._api_key != self.anonymous_user.api_key:

            log.debug('Auth User lookup by API KEY %s' % self._api_key)

            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)

        # lookup by userid

        elif (self.user_id is not None and

              self.user_id != self.anonymous_user.user_id):

            log.debug('Auth User lookup by USER ID %s' % self.user_id)

            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)

        # lookup by username

        elif self.username and \

            str2bool(config.get('container_auth_enabled', False)):

            log.debug('Auth User lookup by USER NAME %s' % self.username)

            dbuser = login_container_auth(self.username)

            if dbuser is not None:

                log.debug('filling all attributes to object')

                for k, v in dbuser.get_dict().items():

                    setattr(self, k, v)

                self.set_authenticated()

                is_user_loaded = True

        else:

            log.debug('No data in %s that could been used to log in' % self)

        if not is_user_loaded:

            # if we cannot authenticate user try anonymous

            if self.anonymous_user.active is True:

                user_model.fill_data(self, user_id=self.anonymous_user.user_id)

                # then we set this user is logged in

                self.is_authenticated = True

            else:

                self.user_id = None

                self.username = None

                self.is_authenticated = False

        if not self.username:

            self.username = 'None'

        log.debug('Auth User is now %s' % self)

        user_model.fill_perms(self)

    @property

    def is_admin(self):

        return self.admin

    @property

    def ip_allowed(self):

        """

        Checks if ip_addr used in constructor is allowed from defined list of

        allowed ip_addresses for user

        :returns: boolean, True if ip is in allowed ip range

        """

        #check IP

        allowed_ips = AuthUser.get_allowed_ips(self.user_id, cache=True)

        if check_ip_access(source_ip=self.ip_addr, allowed_ips=allowed_ips):

            log.debug('IP:%s is in range of %s' % (self.ip_addr, allowed_ips))

            return True

        else:

            log.info('Access for IP:%s forbidden, '

                     'not in %s' % (self.ip_addr, allowed_ips))

            return False

    def __repr__(self):

        return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,

                                              self.is_authenticated)

    def set_authenticated(self, authenticated=True):

        if self.user_id != self.anonymous_user.user_id:

            self.is_authenticated = authenticated

    def get_cookie_store(self):

        return {'username': self.username,

                'user_id': self.user_id,

                'is_authenticated': self.is_authenticated}

    @classmethod

    def from_cookie_store(cls, cookie_store):

        """

        Creates AuthUser from a cookie store

        :param cls:

        :param cookie_store:

        """

        user_id = cookie_store.get('user_id')

        username = cookie_store.get('username')

        api_key = cookie_store.get('api_key')

        return AuthUser(user_id, api_key, username)

    @classmethod

    def get_allowed_ips(cls, user_id, cache=False):

        _set = set()

        user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)

        if cache:

            user_ips = user_ips.options(FromCache("sql_cache_short",

                                                  "get_user_ips_%s" % user_id))

        for ip in user_ips:

            try:

                _set.add(ip.ip_addr)

            except ObjectDeletedError:

                # since we use heavy caching sometimes it happens that we get

                # deleted objects here, we just skip them

                pass

        return _set or set(['0.0.0.0/0', '::/0'])

def set_available_permissions(config):

    """

    This function will propagate pylons globals with all available defined

    permission given in db. We don't want to check each time from db for new

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    :param config: current pylons config instance

    """

    log.info('getting information about all available permissions')

    try:

        sa = meta.Session

        all_perms = sa.query(Permission).all()

    except Exception:

        pass

    finally:

        meta.Session.remove()

    config['available_permissions'] = [x.permission_name for x in all_perms]

#==============================================================================

# CHECK DECORATORS

#==============================================================================

class LoginRequired(object):

    """

    Must be logged in to execute this function else

    redirect to login page

    :param api_access: if enabled this checks only for valid auth token

        and grants access based on valid token

    """

    def __init__(self, api_access=False):

        self.api_access = api_access

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        user = cls.rhodecode_user

        loc = "%s:%s" % (cls.__class__.__name__, func.__name__)

        #check IP

        ip_access_ok = True

        if not user.ip_allowed:

            from rhodecode.lib import helpers as h

            h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr))),

                    category='warning')

            ip_access_ok = False

        api_access_ok = False

        if self.api_access:

            log.debug('Checking API KEY access for %s' % cls)

            if user.api_key == request.GET.get('api_key'):

                api_access_ok = True

            else:

                log.debug("API KEY token not valid")

        log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))

        if (user.is_authenticated or api_access_ok) and ip_access_ok:

            reason = 'RegularAuth' if user.is_authenticated else 'APIAuth'

            log.info('user %s is authenticated and granted access to %s '

                     'using %s' % (user.username, loc, reason)

            )

            return func(*fargs, **fkwargs)

        else:

            log.warn('user %s NOT authenticated on func: %s' % (

                user, loc)

            )

            p = url.current()

            log.debug('redirecting to login page with %s' % p)

            return redirect(url('login_home', came_from=p))

class NotAnonymous(object):

    """

    Must be logged in to execute this function else

    redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.rhodecode_user

        log.debug('Checking if user is not anonymous @%s' % cls)

        anonymous = self.user.username == 'default'

        if anonymous:

            p = url.current()

            import rhodecode.lib.helpers as h

            h.flash(_('You need to be a registered user to '

                      'perform this action'),

                    category='warning')

            return redirect(url('login_home', came_from=p))

        else:

            return func(*fargs, **fkwargs)

class PermsDecorator(object):

    """Base class for controller decorators"""

    def __init__(self, *required_perms):

        available_perms = config['available_permissions']

        for perm in required_perms:

            if perm not in available_perms:

                raise Exception("'%s' permission is not defined" % perm)

        self.required_perms = set(required_perms)

        self.user_perms = None

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.rhodecode_user

        self.user_perms = self.user.permissions

        log.debug('checking %s permissions %s for %s %s',

           self.__class__.__name__, self.required_perms, cls, self.user)

        if self.check_permissions():

            log.debug('Permission granted for %s %s' % (cls, self.user))

            return func(*fargs, **fkwargs)

        else:

## -*- coding: utf-8 -*-

<%inherit file="/base/base.html"/>

<%def name="title()">

    ${_('Edit repos group')} ${c.repos_group.name} - ${c.rhodecode_name}

</%def>

<%def name="breadcrumbs_links()">

    ${h.link_to(_('Admin'),h.url('admin_home'))}

    »

    ${h.link_to(_('Repos groups'),h.url('repos_groups'))}

    »

    ${_('edit repos group')} "${c.repos_group.name}"

</%def>

<%def name="page_nav()">

    ${self.menu('admin')}

</%def>

<%def name="main()">

<div class="box">

    <!-- box / title -->

    <div class="title">

        ${self.breadcrumbs()}

        <ul class="links">

          <li>

          </li>

        </ul>

    </div>

    <!-- end box / title -->

    ${h.form(url('repos_group',group_name=c.repos_group.group_name),method='put')}

    <div class="form">

        <!-- fields -->

        <div class="fields">

            <div class="field">

                <div class="label">

                    <label for="group_name">${_('Group name')}:</label>

                </div>

                <div class="input">

                    ${h.text('group_name',class_='medium')}

                </div>

            </div>

            <div class="field">

                <div class="label label-textarea">

                    <label for="group_description">${_('Description')}:</label>

                </div>

                <div class="textarea text-area editor">

                    ${h.textarea('group_description',cols=23,rows=5,class_="medium")}

                </div>

            </div>

            <div class="field">

                <div class="label">

                    <label for="group_parent_id">${_('Group parent')}:</label>

                </div>

                <div class="input">

                    ${h.select('group_parent_id','',c.repo_groups,class_="medium")}

                </div>

            </div>

            <div class="field">

                <div class="label">

                    <label for="input">${_('Permissions')}:</label>

                </div>

                <div class="input">

                    <%include file="repos_group_edit_perms.html"/>

                </div>

            </div>

            <div class="field">

                <div class="label label-checkbox">

                    <label for="enable_locking">${_('Enable locking')}:</label>

                </div>

                <div class="checkboxes">

                    ${h.checkbox('enable_locking',value="True")}

                    <span class="help-block">${_('Enable lock-by-pulling on group. This option will be applied to all other groups and repositories inside')}</span>

                </div>

            </div>

            <div class="buttons">

              ${h.submit('save',_('Save'),class_="ui-btn large")}

              ${h.reset('reset',_('Reset'),class_="ui-btn large")}

            </div>

        </div>

    </div>

    ${h.end_form()}

</div>

</%def>

## -*- coding: utf-8 -*-

<%inherit file="/base/base.html"/>

<%def name="title()">

    ${_('Repositories groups administration')} - ${c.rhodecode_name}

</%def>

<%def name="breadcrumbs_links()">

    ${h.link_to(_('Admin'),h.url('admin_home'))} » ${_('Repositories')}

</%def>

<%def name="page_nav()">

    ${self.menu('admin')}

</%def>

<%def name="main()">

<div class="box">

    <!-- box / title -->

    <div class="title">

        ${self.breadcrumbs()}

        <ul class="links">

          <li>

          </li>

        </ul>

    </div>

    <!-- end box / title -->

    <div class="table">

           % if c.groups:

            <table class="table_disp">

                <thead>

                    <tr>

                        <th class="left"><a href="#">${_('Group name')}</a></th>

                        <th class="left"><a href="#">${_('Description')}</a></th>

                        <th class="left"><a href="#">${_('Number of toplevel repositories')}</a></th>

                        <th class="left" colspan="2">${_('action')}</th>

                    </tr>

                </thead>

                ## REPO GROUPS

                % for gr in c.groups:

                    <% gr_cn = gr.repositories.count() %>

                  <tr>

                      <td>

                          <div style="white-space: nowrap">

                          <img class="icon" alt="${_('Repositories group')}" src="${h.url('/images/icons/database_link.png')}"/>

                          ${h.link_to(h.literal(' » '.join(map(h.safe_unicode,[g.name for g in gr.parents+[gr]]))), url('repos_group_home',group_name=gr.group_name))}

                          </div>

                      </td>

                      <td>${gr.group_description}</td>

                      <td><b>${gr_cn}</b></td>

                      <td>

                       <a href="${h.url('edit_repos_group',group_name=gr.group_name)}" title="${_('edit')}">

                         ${h.submit('edit_%s' % gr.group_name,_('edit'),class_="edit_icon action_button")}

                       </a>

                      </td>

                      <td>

                       ${h.form(url('repos_group', group_name=gr.group_name),method='delete')}

                         ${h.submit('remove_%s' % gr.name,_('delete'),class_="delete_icon action_button",onclick="return confirm('"+ungettext('Confirm to delete this group: %s with %s repository','Confirm to delete this group: %s with %s repositories',gr_cn) % (gr.name,gr_cn)+"');")}

                       ${h.end_form()}

                      </td>

                  </tr>

                % endfor

            </table>

            % else:

                ${_('There are no repositories groups yet')}

            % endif

    </div>

</div>

</%def>

<%def name="usermenu()">

    ## USER MENU

    <li>

      <a class="menu_link" id="quick_login_link">

          <span class="icon" style="padding:5px 5px 0px 5px">

             <img src="${h.gravatar_url(c.rhodecode_user.email,20)}" alt="avatar">

          </span>

          %if c.rhodecode_user.username != 'default':

            <span class="menu_link_user">${c.rhodecode_user.username}</span>

            %if c.unread_notifications != 0:

              <span class="menu_link_notifications">${c.unread_notifications}</span>

            %endif

          %else:

              <span>${_('Not logged in')}</span>

          %endif

      </a>

  <div class="user-menu">

      <div id="quick_login">

        %if c.rhodecode_user.username == 'default':

            <h4>${_('Login to your account')}</h4>

            ${h.form(h.url('login_home',came_from=h.url.current()))}

            <div class="form">

                <div class="fields">

                    <div class="field">

                        <div class="label">

                            <label for="username">${_('Username')}:</label>

                        </div>

                        <div class="input">

                            ${h.text('username',class_='focus',size=40)}

                        </div>

                    </div>

                    <div class="field">

                        <div class="label">

                            <label for="password">${_('Password')}:</label>

                        </div>

                        <div class="input">

                            ${h.password('password',class_='focus',size=40)}

                        </div>

                    </div>

                    <div class="buttons">

                        <div class="password_forgoten">${h.link_to(_('Forgot password ?'),h.url('reset_password'))}</div>

                        <div class="register">

                        %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():

                         ${h.link_to(_("Don't have an account ?"),h.url('register'))}

                        %endif

                        </div>

                        <div class="submit">

                            ${h.submit('sign_in',_('Log In'),class_="ui-btn xsmall")}

                        </div>

                    </div>

                </div>

            </div>

            ${h.end_form()}

        %else:

            <div class="links_left">

                <div class="full_name">${c.rhodecode_user.full_name_or_username}</div>

                <div class="email">${c.rhodecode_user.email}</div>

                <div class="big_gravatar"><img alt="gravatar" src="${h.gravatar_url(c.rhodecode_user.email,48)}" /></div>

                <div class="notifications"><a href="${h.url('notifications')}">${_('Notifications')}</a></div>

                <div class="unread"><a href="${h.url('notifications')}">${_('Unread')}: ${c.unread_notifications}</a></div>

            </div>

            <div class="links_right">

            <ol class="links">

              <li>${h.link_to(_(u'Home'),h.url('home'))}</li>

              <li>${h.link_to(_(u'Journal'),h.url('journal'))}</li>

              <li>${h.link_to(_(u'My account'),h.url('admin_settings_my_account'))}</li>

              <li class="logout">${h.link_to(_(u'Log Out'),h.url('logout_home'))}</li>

            </ol>

            </div>

        %endif

      </div>

  </div>

    </li>

</%def>

<%def name="menu(current=None)">

        <%

        def is_current(selected):

            if selected == current:

                return h.literal('class="current"')

        %>

        <ul id="quick">

          <!-- repo switcher -->

          <li ${is_current('home')}>

              <a class="menu_link" id="repo_switcher" title="${_('Switch repository')}" href="${h.url('home')}">

              <span class="icon">

                  <img src="${h.url('/images/icons/database.png')}" alt="${_('Products')}" />

              </span>

              <span>${_('Repositories')}</span>

              </a>

              <ul id="repo_switcher_list" class="repo_switcher">

                  <li>

                      <a href="#">${_('loading...')}</a>

                  </li>

              </ul>

          </li>

        ## we render this menu only not for those pages

        %if current not in ['home','admin', 'search', 'journal']:

            ##REGULAR MENU

            <li ${is_current('summary')}>

               <a class="menu_link" title="${_('Summary page')}" href="${h.url('summary_home',repo_name=c.repo_name)}">

               <span class="icon">

                   <img src="${h.url('/images/icons/clipboard_16.png')}" alt="${_('Summary')}" />

               </span>

               <span>${_('Summary')}</span>

               </a>

            </li>

            <li ${is_current('changelog')}>

               <a class="menu_link" title="${_('Changeset list')}" href="${h.url('changelog_home',repo_name=c.repo_name)}">

               <span class="icon">

                   <img src="${h.url('/images/icons/time.png')}" alt="${_('Changelog')}" />

               </span>

               <span>${_('Changelog')}</span>

               </a>

            </li>

            <li ${is_current('switch_to')}>

               <a class="menu_link" id="branch_tag_switcher" title="${_('Switch to')}" href="#">

               <span class="icon">

                   <img src="${h.url('/images/icons/arrow_switch.png')}" alt="${_('Switch to')}" />

               </span>

               <span>${_('Switch to')}</span>

               </a>

                <ul id="switch_to_list" class="switch_to">

                    <li><a href="#">${_('loading...')}</a></li>

                </ul>

            </li>

            <li ${is_current('files')}>

               <a class="menu_link" title="${_('Show repository content')}" href="${h.url('files_home',repo_name=c.repo_name)}">

               <span class="icon">

                   <img src="${h.url('/images/icons/file.png')}" alt="${_('Files')}" />

               </span>

               <span>${_('Files')}</span>

               </a>

            </li>

            <li ${is_current('options')}>

               <a class="menu_link" title="${_('Options')}" href="#">

               <span class="icon">

                   <img src="${h.url('/images/icons/table_gear.png')}" alt="${_('Admin')}" />

               </span>

               <span>${_('Options')}</span>

               </a>

               <ul>

               %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):

                 %if h.HasPermissionAll('hg.admin')('access settings on repository'):

                     <li>${h.link_to(_('repository settings'),h.url('edit_repo',repo_name=c.repo_name),class_='settings')}</li>

                 %else:

                     <li>${h.link_to(_('repository settings'),h.url('repo_settings_home',repo_name=c.repo_name),class_='settings')}</li>

                 %endif

               %endif

                <li>${h.link_to(_('fork'),h.url('repo_fork_home',repo_name=c.repo_name),class_='fork')}</li>

                %if h.is_hg(c.rhodecode_repo):

                 <li>${h.link_to(_('open new pull request'),h.url('pullrequest_home',repo_name=c.repo_name),class_='pull_request')}</li>

                %endif

                %if c.rhodecode_db_repo.fork:

                 <li>${h.link_to(_('compare fork'),h.url('compare_url',repo_name=c.rhodecode_db_repo.fork.repo_name,org_ref_type='branch',org_ref='default',other_repo=c.repo_name,other_ref_type='branch',other_ref=request.GET.get('branch') or 'default'),class_='compare_request')}</li>

                %endif

                <li>${h.link_to(_('lightweight changelog'),h.url('shortlog_home',repo_name=c.repo_name),class_='shortlog')}</li>

                <li>${h.link_to(_('search'),h.url('search_repo',repo_name=c.repo_name),class_='search')}</li>

                %if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name) and c.rhodecode_db_repo.enable_locking:

                  %if c.rhodecode_db_repo.locked[0]:

                    <li>${h.link_to(_('unlock'), h.url('toggle_locking',repo_name=c.repo_name),class_='locking_del')}</li>

                  %else:

                    <li>${h.link_to(_('lock'), h.url('toggle_locking',repo_name=c.repo_name),class_='locking_add')}</li>

                  %endif

                %endif

                % if h.HasPermissionAll('hg.admin')('access admin main page'):

                 <li>

                   ${h.link_to(_('admin'),h.url('admin_home'),class_='admin')}

                    <%def name="admin_menu()">

                    <ul>

                        <li>${h.link_to(_('admin journal'),h.url('admin_home'),class_='journal')}</li>

                        <li>${h.link_to(_('repositories'),h.url('repos'),class_='repos')}</li>

                        <li>${h.link_to(_('repositories groups'),h.url('repos_groups'),class_='repos_groups')}</li>

                        <li>${h.link_to(_('users'),h.url('users'),class_='users')}</li>

                        <li>${h.link_to(_('users groups'),h.url('users_groups'),class_='groups')}</li>

                        <li>${h.link_to(_('permissions'),h.url('edit_permission',id='default'),class_='permissions')}</li>

                        <li>${h.link_to(_('ldap'),h.url('ldap_home'),class_='ldap')}</li>

                        <li>${h.link_to(_('defaults'),h.url('defaults'),class_='defaults')}</li>

                        <li class="last">${h.link_to(_('settings'),h.url('admin_settings'),class_='settings')}</li>

                    </ul>

                    </%def>

                    ## ADMIN MENU

                    ${admin_menu()}

                 </li>

                % endif

               </ul>

            </li>

            <li>

                <a class="menu_link" title="${_('Followers')}" href="${h.url('repo_followers_home',repo_name=c.repo_name)}">

                <span class="icon_short">

                    <img src="${h.url('/images/icons/heart.png')}" alt="${_('Followers')}" />

                </span>

                <span id="current_followers_count" class="short">${c.repository_followers}</span>

                </a>

            </li>

            <li>

                <a class="menu_link" title="${_('Forks')}" href="${h.url('repo_forks_home',repo_name=c.repo_name)}">

                <span class="icon_short">

                    <img src="${h.url('/images/icons/arrow_divide.png')}" alt="${_('Forks')}" />

                </span>

                <span class="short">${c.repository_forks}</span>

                </a>

            </li>

            <li>

                <a class="menu_link" title="${_('Pull requests')}" href="${h.url('pullrequest_show_all',repo_name=c.repo_name)}">

                <span class="icon_short">

                    <img src="${h.url('/images/icons/arrow_join.png')}" alt="${_('Pull requests')}" />

                </span>

                <span class="short">${c.repository_pull_requests}</span>

                </a>

            </li>

            ${usermenu()}

            <script type="text/javascript">

                YUE.on('branch_tag_switcher','mouseover',function(){

                   var loaded = YUD.hasClass('branch_tag_switcher','loaded');

                   if(!loaded){

                       YUD.addClass('branch_tag_switcher','loaded');

                       ypjax("${h.url('branch_tag_switcher',repo_name=c.repo_name)}",'switch_to_list',

                           function(o){},

                           function(o){YUD.removeClass('branch_tag_switcher','loaded');}

                           ,null);

                   }

                   return false;

                });

            </script>

        %else:

            ##ROOT MENU

            %if c.rhodecode_user.username != 'default':

             <li ${is_current('journal')}>

                <a class="menu_link" title="${_('Show recent activity')}"  href="${h.url('journal')}">

                <span class="icon">

                    <img src="${h.url('/images/icons/book.png')}" alt="${_('Journal')}" />

                </span>

                <span>${_('Journal')}</span>

                </a>

             </li>

            %else:

             <li ${is_current('journal')}>

                <a class="menu_link" title="${_('Public journal')}"  href="${h.url('public_journal')}">

                <span class="icon">

                    <img src="${h.url('/images/icons/book.png')}" alt="${_('Public journal')}" />

                </span>

                <span>${_('Public journal')}</span>

                </a>

             </li>

            %endif

            <li ${is_current('search')}>

                <a class="menu_link" title="${_('Search in repositories')}"  href="${h.url('search')}">

                <span class="icon">

                    <img src="${h.url('/images/icons/search_16.png')}" alt="${_('Search')}" />

                </span>

                <span>${_('Search')}</span>

                </a>

            </li>

            %if h.HasPermissionAll('hg.admin')('access admin main page'):

            <li ${is_current('admin')}>

               <a class="menu_link" title="${_('Admin')}" href="${h.url('admin_home')}">

               <span class="icon">

                   <img src="${h.url('/images/icons/cog_edit.png')}" alt="${_('Admin')}" />

               </span>

               <span>${_('Admin')}</span>

               </a>

                ${admin_menu()}

            </li>

            %endif

            ${usermenu()}

        %endif

<script type="text/javascript">

    YUE.on('repo_switcher','mouseover',function(){

      var target = 'q_filter_rs';

      var qfilter_activate = function(){