'locked_since': lock_time,

                    'locked_by': user.username,

                    'lock_state_changed': True,

                    'msg': ('User `%s` set lock state for repo `%s` to `%s`'

                            % (user.username, repo.repo_name, locked))

                }

                return _d

            except Exception:

                log.error(traceback.format_exc())

                raise JSONRPCError(

                    'Error occurred locking repository `%s`' % repo.repo_name

                )

    def get_locks(self, apiuser, userid=Optional(OAttr('apiuser'))):

        """

        Get all repositories with locks for given userid, if

        this command is run by non-admin account userid is set to user

        who is calling this method, thus returning locks for himself.

        :param apiuser: filled automatically from apikey

        :type apiuser: AuthUser

        :param userid: User to get locks for

        :type userid: Optional(str or int)

        OUTPUT::

          id : <id_given_in_input>

          result : {

            [repo_object, repo_object,...]

          }

          error :  null

        """

        if not HasPermissionAnyApi('hg.admin')(user=apiuser):

            # make sure normal user does not pass someone else userid,

            # he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        ret = []

        if isinstance(userid, Optional):

            user = None

        else:

            user = get_user_or_error(userid)

        # show all locks

            userid, time_ = r.locked

            if time_:

                _api_data = r.get_api_data()

                # if we use userfilter just show the locks for this user

                if user is not None:

                    if safe_int(userid) == user.user_id:

                        ret.append(_api_data)

                else:

                    ret.append(_api_data)

        return ret

    @HasPermissionAnyDecorator('hg.admin')

    def get_ip(self, apiuser, userid=Optional(OAttr('apiuser'))):

        """

        Shows IP address as seen from Kallithea server, together with all

        defined IP addresses for given user. If userid is not passed data is

        returned for user who's calling this function.

        This command can be executed only using api_key belonging to user with

        admin rights.

        :param apiuser: filled automatically from apikey

        :type apiuser: AuthUser

        :param userid: username to show ips for

        :type userid: Optional(str or int)

        OUTPUT::

            id : <id_given_in_input>

            result : {

                         "server_ip_addr": "<ip_from_clien>",

                         "user_ips": [

                                        {

                                           "ip_addr": "<ip_with_mask>",

                                           "ip_range": ["<start_ip>", "<end_ip>"],

                                        },

                                        ...

                                     ]

            }

        """

        if isinstance(userid, Optional):

            userid = apiuser.user_id

        user = get_user_or_error(userid)

        ips = UserIpMap.query().filter(UserIpMap.user == user).all()

        return dict(

            server_ip_addr=self.ip_addr,

            user_ips=ips

"""

kallithea.lib.paster_commands.update_repoinfo

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

update-repoinfo paster command for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Jul 14, 2012

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import sys

import string

from kallithea.lib.paster_commands.common import BasePasterCommand

from kallithea.lib.utils2 import safe_unicode

from kallithea.model.db import Repository

from kallithea.model.repo import RepoModel

from kallithea.model.meta import Session

# Add location of top level folder to sys.path

from os.path import dirname

rc_path = dirname(dirname(dirname(os.path.realpath(__file__))))

sys.path.append(rc_path)

class Command(BasePasterCommand):

    max_args = 1

    min_args = 1

    usage = "CONFIG_FILE"

    group_name = "Kallithea"

    takes_config_file = -1

    parser = BasePasterCommand.standard_parser(verbose=True)

    summary = "Updates repositories caches for last changeset"

    def command(self):

        #get SqlAlchemy session

        self._init_session()

        if self.options.repo_update_list is None:

        else:

            repo_names = [safe_unicode(n.strip())

                          for n in self.options.repo_update_list.split(',')]

            repo_list = list(Repository.query()

                .filter(Repository.repo_name.in_(repo_names)))

        RepoModel.update_repoinfo(repositories=repo_list)

        Session().commit()

        if self.options.invalidate_cache:

            for r in repo_list:

                r.set_invalidate()

        print 'Updated cache for %s repositories' % (len(repo_list))

    def update_parser(self):

        self.parser.add_option('--update-only',

                           action='store',

                           dest='repo_update_list',

                           help="Specifies a comma separated list of repositories "

                                "to update last commit info for. OPTIONAL")

        self.parser.add_option('--invalidate-cache',

                           action='store_true',

                           dest='invalidate_cache',

                           help="Trigger cache invalidation event for repos. "

                                "OPTIONAL")

            return instance

        elif isinstance(instance, (int, long)) or safe_str(instance).isdigit():

            return cls.get(instance)

        else:

            if instance is not None:

                if callback is None:

                    raise Exception(

                        'given object must be int, long or Instance of %s '

                        'got %s, no callback provided' % (cls, type(instance))

                    )

                else:

                    return callback(instance)

    def _get_user(self, user):

        """

        Helper method to get user by ID, or username fallback

        :param user: UserID, username, or User instance

        """

        from kallithea.model.db import User

        return self._get_instance(User, user,

                                  callback=User.get_by_username)

    def _get_repo(self, repository):

        """

        Helper method to get repository by ID, or repository name

        :param repository: RepoID, repository name or Repository Instance

        """

        from kallithea.model.db import Repository

        return self._get_instance(Repository, repository,

                                  callback=Repository.get_by_repo_name)

    def _get_perm(self, permission):

        """

        Helper method to get permission by ID, or permission name

        :param permission: PermissionID, permission_name or Permission instance

        """

        from kallithea.model.db import Permission

        return self._get_instance(Permission, permission,

                                  callback=Permission.get_by_key)

    @classmethod

    def get_all(cls):

        """

        Returns all instances of what is defined in `cls` class variable

        """

        # also use __json__() if present to get additional fields

        _json_attr = getattr(self, '__json__', None)

        if _json_attr:

            # update with attributes from __json__

            if callable(_json_attr):

                _json_attr = _json_attr()

            for k, val in _json_attr.iteritems():

                d[k] = val

        return d

    def get_appstruct(self):

        """return list with keys and values tuples corresponding

        to this model data """

        l = []

        for k in self._get_keys():

            l.append((k, getattr(self, k),))

        return l

    def populate_obj(self, populate_dict):

        """populate model with data from given populate_dict"""

        for k in self._get_keys():

            if k in populate_dict:

                setattr(self, k, populate_dict[k])

    @classmethod

    def query(cls):

        return Session().query(cls)

    @classmethod

    def get(cls, id_):

        if id_:

            return cls.query().get(id_)

    @classmethod

    def get_or_404(cls, id_):

        try:

            id_ = int(id_)

        except (TypeError, ValueError):

            raise HTTPNotFound

        res = cls.query().get(id_)

        if res is None:

            raise HTTPNotFound

        return res

    @classmethod

    def get_all(cls):

        return cls.query().all()

    @classmethod

    def delete(cls, id_):

        obj = cls.query().get(id_)

        Session().delete(obj)

    def __repr__(self):

        if hasattr(self, '__unicode__'):

            # python repr needs to return str

            try:

                return safe_str(self.__unicode__())

            except UnicodeDecodeError:

                pass

        return '<DB:%s>' % (self.__class__.__name__)

_table_args_default_dict = {'extend_existing': True,

                            'mysql_engine': 'InnoDB',

                            'mysql_charset': 'utf8',

                            'sqlite_autoincrement': True,

                           }

class Setting(Base, BaseModel):

    __tablename__ = 'settings'

    __table_args__ = (

        _table_args_default_dict,

    )

    SETTINGS_TYPES = {

        'str': safe_str,

        'int': safe_int,

        'unicode': safe_unicode,

        'bool': str2bool,

        'list': functools.partial(aslist, sep=',')

    }

    DEFAULT_UPDATE_URL = ''

    app_settings_id = Column(Integer(), primary_key=True)

    app_settings_name = Column(String(255), nullable=False, unique=True)

    _app_settings_value = Column("app_settings_value", Unicode(4096), nullable=False)

    _app_settings_type = Column("app_settings_type", String(255), nullable=True) # FIXME: not nullable?

    def __init__(self, key='', val='', type='unicode'):

        self.app_settings_name = key

        self.app_settings_value = val

        self.app_settings_type = type

        users = self.sa.query(User) \

            .filter(User.active == True) \

            .order_by(User.name, User.lastname) \

            .all()

        return json.dumps([

            {

                'id': u.user_id,

                'fname': h.escape(u.name),

                'lname': h.escape(u.lastname),

                'nname': u.username,

                'gravatar_lnk': h.gravatar_url(u.email, size=28, default='default'),

                'gravatar_size': 14,

            } for u in users]

        )

    def get_user_groups_js(self):

        user_groups = self.sa.query(UserGroup) \

            .filter(UserGroup.users_group_active == True) \

            .order_by(UserGroup.users_group_name) \

            .options(subqueryload(UserGroup.members)) \

            .all()

        user_groups = UserGroupList(user_groups, perm_set=['usergroup.read',

                                                           'usergroup.write',

                                                           'usergroup.admin'])

        return json.dumps([

            {

                'id': gr.users_group_id,

                'grname': gr.users_group_name,

                'grmembers': len(gr.members),

            } for gr in user_groups]

        )

    @classmethod

    def _render_datatable(cls, tmpl, *args, **kwargs):

        import kallithea

        from pylons import tmpl_context as c

        from pylons.i18n.translation import _

        _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        tmpl = template.get_def(tmpl)

        kwargs.update(dict(_=_, h=h, c=c))

        return tmpl.render(*args, **kwargs)

    @classmethod

    def update_repoinfo(cls, repositories=None):

        if repositories is None:

        for repo in repositories:

            repo.update_changeset_cache()

    def get_repos_as_dict(self, repos_list=None, admin=False, perm_check=True,

                          super_user_actions=False, short_name=False):

        _render = self._render_datatable

        from pylons import tmpl_context as c

        def quick_menu(repo_name):

            return _render('quick_menu', repo_name)

        def repo_lnk(name, rtype, rstate, private, fork_of):

            return _render('repo_name', name, rtype, rstate, private, fork_of,

                           short_name=short_name, admin=False)

        def last_change(last_change):

            return _render("last_change", last_change)

        def rss_lnk(repo_name):

            return _render("rss", repo_name)

        def atom_lnk(repo_name):

            return _render("atom", repo_name)

        def last_rev(repo_name, cs_cache):

            return _render('revision', repo_name, cs_cache.get('revision'),

                           cs_cache.get('raw_id'), cs_cache.get('author'),

                           cs_cache.get('message'))

        def desc(desc):

            return h.urlify_text(desc, truncate=80, stylize=c.visual.stylify_metatags)

        def state(repo_state):

            return _render("repo_state", repo_state)

        def repo_actions(repo_name):

            return _render('repo_actions', repo_name, super_user_actions)

        def owner_actions(user_id, username):

            return _render('user_name', user_id, username)

        repos_data = []

        for repo in repos_list:

            if perm_check:

                # check permission at this level

                if not HasRepoPermissionAny(

                        'repository.read', 'repository.write',

                        'repository.admin'

from kallithea.tests import *

from kallithea.tests.fixture import Fixture

from kallithea.model.meta import Session

from kallithea.model.db import Repository

from kallithea.model.repo import RepoModel

from kallithea.model.repo_group import RepoGroupModel

fixture = Fixture()

class TestHomeController(TestController):

    def test_index(self):

        self.log_user()

        response = self.app.get(url(controller='home', action='index'))

        #if global permission is set

        response.mustcontain('Add Repository')

        # html in javascript variable:

        response.mustcontain(r'href=\"/%s\"' % HG_REPO)

        response.mustcontain(r'<span class="repotag">git')

        response.mustcontain(r'<i class=\"icon-globe\"')

        response.mustcontain("""fixes issue with having custom format for git-log""")

        response.mustcontain("""/%s/changeset/5f2c6ee195929b0be80749243c18121c9864a3b3""" % GIT_REPO)

        response.mustcontain("""disable security checks on hg clone for travis""")

        response.mustcontain("""/%s/changeset/96507bd11ecc815ebc6270fdf6db110928c09c1e""" % HG_REPO)

    def test_repo_summary_with_anonymous_access_disabled(self):

        with fixture.anon_access(False):

            response = self.app.get(url(controller='summary',

                                        action='index', repo_name=HG_REPO),

                                        status=302)

            assert 'login' in response.location

    def test_index_with_anonymous_access_disabled(self):

        with fixture.anon_access(False):

            response = self.app.get(url(controller='home', action='index'),

                                    status=302)

            assert 'login' in response.location

    def test_index_page_on_groups(self):

        self.log_user()

        gr = fixture.create_repo_group(u'gr1')

        fixture.create_repo(name=u'gr1/repo_in_group', repo_group=gr)

        response = self.app.get(url('repos_group_home', group_name=u'gr1'))

        try:

            response.mustcontain(u"gr1/repo_in_group")

        finally:

            RepoModel().delete(u'gr1/repo_in_group')

            RepoGroupModel().delete(repo_group=u'gr1', force_delete=True)

            Session().commit()

        assert r.locked[0] == uid

        #push is ok and repo is now unlocked

        stdout, stderr = _add_files_and_push('hg', DEST, clone_url=clone_url.split()[0])

        assert str('remote: Released lock on repo `%s`' % fork_name) in stdout

        #we need to cleanup the Session Here !

        Session.remove()

        r = Repository.get_by_repo_name(fork_name)

        assert r.locked == [None, None]

    #TODO: fix me ! somehow during tests hooks don't get called on Git

    def test_push_unlocks_repository_git(self):

        # enable locking

        fork_name = '%s_fork%s' % (GIT_REPO, _RandomNameSequence().next())

        fixture.create_fork(GIT_REPO, fork_name)

        r = Repository.get_by_repo_name(fork_name)

        r.enable_locking = True

        Session().add(r)

        Session().commit()

        #clone some temp

        DEST = _get_tmp_dir()

        clone_url = _construct_url(fork_name, dest=DEST)

        stdout, stderr = Command(tempfile.gettempdir()).execute('git clone', clone_url)

        #check for lock repo after clone

        r = Repository.get_by_repo_name(fork_name)

        assert r.locked[0] == User.get_by_username(TEST_USER_ADMIN_LOGIN).user_id

        #push is ok and repo is now unlocked

        stdout, stderr = _add_files_and_push('git', DEST, clone_url=clone_url.split()[0])

        _check_proper_git_push(stdout, stderr)

        assert ('remote: Released lock on repo `%s`' % fork_name) in stderr

        #we need to cleanup the Session Here !

        Session.remove()

        r = Repository.get_by_repo_name(fork_name)

        assert r.locked == [None, None]

    def test_ip_restriction_hg(self):

        user_model = UserModel()

        try:

            user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')

            Session().commit()

            clone_url = _construct_url(HG_REPO)

            stdout, stderr = Command(tempfile.gettempdir()).execute('hg clone', clone_url)

            assert 'abort: HTTP Error 403: Forbidden' in stderr

        finally:

            #release IP restrictions

                UserIpMap.delete(ip.ip_id)

            Session().commit()

        time.sleep(2)

        clone_url = _construct_url(HG_REPO)

        stdout, stderr = Command(tempfile.gettempdir()).execute('hg clone', clone_url)

        assert 'requesting all changes' in stdout

        assert 'adding changesets' in stdout

        assert 'adding manifests' in stdout

        assert 'adding file changes' in stdout

        assert stderr == ''

    def test_ip_restriction_git(self):

        user_model = UserModel()

        try:

            user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')

            Session().commit()

            clone_url = _construct_url(GIT_REPO)

            stdout, stderr = Command(tempfile.gettempdir()).execute('git clone', clone_url)

            # The message apparently changed in Git 1.8.3, so match it loosely.

            assert re.search(r'\b403\b', stderr)

        finally:

            #release IP restrictions

                UserIpMap.delete(ip.ip_id)

            Session().commit()

        time.sleep(2)

        clone_url = _construct_url(GIT_REPO)

        stdout, stderr = Command(tempfile.gettempdir()).execute('git clone', clone_url)

        assert 'Cloning into' in stdout + stderr

        assert stderr == '' or stdout == ''