if user.username == 'default':

                raise DefaultUserException(

                                _("You can't Edit this user since it's"

                                  " crucial for entire application"))

            for k, v in form_data.items():

                if k == 'new_password' and v != '':

                    user.password = v

                    user.api_key = generate_api_key(user.username)

                else:

                    if k not in ['admin', 'active']:

                        setattr(user, k, v)

            self.sa.add(user)

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def delete(self, user_id):

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                                _("You can't remove this user since it's"

                                  " crucial for entire application"))

            if user.repositories:

                raise UserOwnsReposException(_('This user still owns %s '

                                               'repositories and cannot be '

                                               'removed. Switch owners or '

                                               'remove those repositories') \

                                               % user.repositories)

            self.sa.delete(user)

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def reset_password_link(self, data):

        from rhodecode.lib.celerylib import tasks, run_task

        run_task(tasks.send_password_link, data['email'])

    def reset_password(self, data):

        from rhodecode.lib.celerylib import tasks, run_task

        run_task(tasks.reset_user_password, data['email'])

    def fill_data(self, auth_user, user_id=None, api_key=None):

        """

        Fetches auth_user by user_id,or api_key if present.

        Fills auth_user attributes with those taken from database.

        Additionally set's is_authenitated if lookup fails

        present in database

        :param auth_user: instance of user to set attributes

        :param user_id: user id to fetch by

        :param api_key: api key to fetch by

        """

        if user_id is None and api_key is None:

            raise Exception('You need to pass user_id or api_key')

        try:

            if api_key:

                dbuser = self.get_by_api_key(api_key)

            else:

                dbuser = self.get(user_id)

            if dbuser is not None and dbuser.active:

                log.debug('filling %s data', dbuser)

                for k, v in dbuser.get_dict().items():

                    setattr(auth_user, k, v)

            else:

                return False

        except:

            log.error(traceback.format_exc())

            auth_user.is_authenticated = False

            return False

        return True

    def fill_perms(self, user):

        """

        Fills user permission attribute with permissions taken from database

        works for permissions given for repositories, and for permissions that

        are granted to groups

        :param user: user instance to fill his perms

        """

        user.permissions['repositories'] = {}

        user.permissions['global'] = set()

        #======================================================================

        # fetch default permissions

        #======================================================================

        default_perms = self.sa.query(UserRepoToPerm, Repository, Permission)\

            .join((Repository, UserRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UserRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .filter(UserRepoToPerm.user == default_user).all()

        if user.is_admin:

            #==================================================================

            # #admin have all default rights set to admin

            #==================================================================

            user.permissions['global'].add('hg.admin')

            for perm in default_perms:

                p = 'repository.admin'

                user.permissions['repositories'][perm.UserRepoToPerm.

                                                 repository.repo_name] = p

        else:

            #==================================================================

            # set default permissions

            #==================================================================

            uid = user.user_id

            #default global

            default_global_perms = self.sa.query(UserToPerm)\

                .filter(UserToPerm.user == default_user)

            for perm in default_global_perms:

                user.permissions['global'].add(perm.permission.permission_name)

            #default for repositories

            for perm in default_perms:

                if perm.Repository.private and not (perm.Repository.user_id ==

                                                    uid):

                    #diself.sable defaults for private repos,

                    p = 'repository.none'

                elif perm.Repository.user_id == uid:

                    #set admin if owner

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions['repositories'][perm.UserRepoToPerm.

                                                 repository.repo_name] = p

            #==================================================================

            # overwrite default with user permissions if any

            #==================================================================

            #user global

            user_perms = self.sa.query(UserToPerm)\

                    .options(joinedload(UserToPerm.permission))\

                    .filter(UserToPerm.user_id == uid).all()

            for perm in user_perms:

                user.permissions['global'].add(perm.permission.

                                               permission_name)

            #user repositories

            user_repo_perms = self.sa.query(UserRepoToPerm, Permission,

                                            Repository)\

                .join((Repository, UserRepoToPerm.repository_id ==

                       Repository.repo_id))\

                .join((Permission, UserRepoToPerm.permission_id ==

                       Permission.permission_id))\

                .filter(UserRepoToPerm.user_id == uid).all()

            for perm in user_repo_perms:

                # set admin if owner

                if perm.Repository.user_id == uid:

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions['repositories'][perm.UserRepoToPerm.

                                                 repository.repo_name] = p

            #==================================================================

            # check if user is part of groups for this repository and fill in

            # (or replace with higher) permissions

            #==================================================================

            #users group global

            user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\

                .options(joinedload(UsersGroupToPerm.permission))\

                .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==

                       UsersGroupMember.users_group_id))\

                .filter(UsersGroupMember.user_id == uid).all()

            for perm in user_perms_from_users_groups:

                user.permissions['global'].add(perm.permission.permission_name)

            #users group repositories

            user_repo_perms_from_users_groups = self.sa.query(

                                                UsersGroupRepoToPerm,