"""

        Fetches auth_user by user_id,or api_key if present.

        Fills auth_user attributes with those taken from database.

        Additionally set's is_authenitated if lookup fails

        present in database

        :param auth_user: instance of user to set attributes

        :param user_id: user id to fetch by

        :param api_key: api key to fetch by

        """

        if user_id is None and api_key is None:

            raise Exception('You need to pass user_id or api_key')

        try:

            if api_key:

                dbuser = self.get_by_api_key(api_key)

            else:

                dbuser = self.get(user_id)

            if dbuser is not None and dbuser.active:

                log.debug('filling %s data', dbuser)

                for k, v in dbuser.get_dict().items():

                    setattr(auth_user, k, v)

            else:

                return False

        except:

            log.error(traceback.format_exc())

            auth_user.is_authenticated = False

            return False

        return True

    def fill_perms(self, user):

        """

        Fills user permission attribute with permissions taken from database

        works for permissions given for repositories, and for permissions that

        are granted to groups

        :param user: user instance to fill his perms

        """

        user.permissions['repositories'] = {}

        user.permissions['global'] = set()

        #======================================================================

        # fetch default permissions

        #======================================================================

        default_perms = self.sa.query(UserRepoToPerm, Repository, Permission)\

            .join((Repository, UserRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UserRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .filter(UserRepoToPerm.user == default_user).all()

        if user.is_admin:

            #==================================================================

            # #admin have all default rights set to admin

            #==================================================================

            user.permissions['global'].add('hg.admin')

            for perm in default_perms:

                p = 'repository.admin'

                user.permissions['repositories'][perm.UserRepoToPerm.

                                                 repository.repo_name] = p

        else:

            #==================================================================

            # set default permissions

            #==================================================================

            uid = user.user_id

            #default global

            default_global_perms = self.sa.query(UserToPerm)\

                .filter(UserToPerm.user == default_user)

            for perm in default_global_perms:

                user.permissions['global'].add(perm.permission.permission_name)

            #default for repositories

            for perm in default_perms:

                if perm.Repository.private and not (perm.Repository.user_id ==

                                                    uid):

                    #diself.sable defaults for private repos,

                    p = 'repository.none'

                elif perm.Repository.user_id == uid:

                    #set admin if owner

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions['repositories'][perm.UserRepoToPerm.

                                                 repository.repo_name] = p

            #==================================================================