if user is not None and not user.ldap_dn:

        if user.active:

            if user.username == 'default' and user.active:

                log.info('user %s authenticated correctly as anonymous user',

                         username)

                return True

            elif user.username == username and check_password(password, user.password):

                log.info('user %s authenticated correctly', username)

                return True

        else:

            log.warning('user %s is disabled', username)

    else:

        log.debug('Regular authentication failed')

        user_obj = user_model.get_by_username(username, cache=False,

                                            case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:

            log.debug('this user already exists as non ldap')

            return False

        from rhodecode.model.settings import SettingsModel

        ldap_settings = SettingsModel().get_ldap_settings()

        #======================================================================

        # FALLBACK TO LDAP AUTH IF ENABLE                

        #======================================================================

        if ldap_settings.get('ldap_active', False):

            log.debug("Authenticating user using ldap")

            kwargs = {

                  'server':ldap_settings.get('ldap_host', ''),

                  'base_dn':ldap_settings.get('ldap_base_dn', ''),

                  'port':ldap_settings.get('ldap_port'),

                  'bind_dn':ldap_settings.get('ldap_dn_user'),

                  'bind_pass':ldap_settings.get('ldap_dn_pass'),

                  'use_ldaps':ldap_settings.get('ldap_ldaps'),

                  'tls_reqcert':ldap_settings.get('ldap_tls_reqcert'),

                  'ldap_filter':ldap_settings.get('ldap_filter'),

                  'search_scope':ldap_settings.get('ldap_search_scope'),

                  'attr_login':ldap_settings.get('ldap_attr_login'),

                  'ldap_version':3,

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)

                log.debug('Got ldap DN response %s', user_dn)

                user_attrs = {

                    'name'     : ldap_attrs[ldap_settings.get('ldap_attr_firstname')][0],

                    'lastname' : ldap_attrs[ldap_settings.get('ldap_attr_lastname')][0],

                    'email'    : ldap_attrs[ldap_settings.get('ldap_attr_email')][0],

                    }

                if user_model.create_ldap(username, password, user_dn, user_attrs):

                    log.info('created new ldap user %s', username)

                return True

            except (LdapUsernameError, LdapPasswordError,):

                pass

            except (Exception,):

                log.error(traceback.format_exc())

                pass

    return False

class  AuthUser(object):

    """

    A simple object that handles all attributes of user in RhodeCode

    It does lookup based on API key,given user, or user present in session

    Then it fills all required information for such user. It also checks if 

    anonymous access is enabled and if so, it returns default user as logged

    in

    """

    def __init__(self, user_id=None, api_key=None):

        self.user_id = user_id

        self.api_key = None

        self.username = 'None'

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.permissions = {}

        self._api_key = api_key

        self.propagate_data()

    def propagate_data(self):

        user_model = UserModel()

        self.anonymous_user = user_model.get_by_username('default', cache=True)

            #try go get user by api key

            log.debug('Auth User lookup by API KEY %s', self._api_key)

            user_model.fill_data(self, api_key=self._api_key)

        else:

            log.debug('Auth User lookup by USER ID %s', self.user_id)

            if self.user_id is not None and self.user_id != self.anonymous_user.user_id:

                user_model.fill_data(self, user_id=self.user_id)

            else:

                if self.anonymous_user.active is True:

                    user_model.fill_data(self, user_id=self.anonymous_user.user_id)

                    #then we set this user is logged in

                    self.is_authenticated = True

                else:

                    self.is_authenticated = False

        log.debug('Auth User is now %s', self)

        user_model.fill_perms(self)

    @property

    def is_admin(self):

        return self.admin

    def __repr__(self):

        return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,

                                              self.is_authenticated)

    def set_authenticated(self, authenticated=True):

        if self.user_id != self.anonymous_user.user_id:

            self.is_authenticated = authenticated

def set_available_permissions(config):

    """This function will propagate pylons globals with all available defined

    permission given in db. We don't want to check each time from db for new 

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    :param config: current pylons config instance

    """

    log.info('getting information about all available permissions')

    try:

        sa = meta.Session()

        all_perms = sa.query(Permission).all()

    except:

        pass

    finally:

        meta.Session.remove()

    config['available_permissions'] = [x.permission_name for x in all_perms]

#===============================================================================

# CHECK DECORATORS

#===============================================================================

class LoginRequired(object):

    """

    Must be logged in to execute this function else 

    redirect to login page

    :param api_access: if enabled this checks only for valid auth token

        and grants access based on valid token

    """

    def __init__(self, api_access=False):

        self.api_access = api_access

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        user = cls.rhodecode_user

        api_access_ok = False

        if self.api_access:

            log.debug('Checking API KEY access for %s', cls)

            if user.api_key == request.GET.get('api_key'):

                api_access_ok = True

            else:

                log.debug("API KEY token not valid")

        log.debug('Checking if %s is authenticated @ %s', user.username, cls)

        if user.is_authenticated or api_access_ok:

            log.debug('user %s is authenticated', user.username)

            return func(*fargs, **fkwargs)

        else:

            log.warn('user %s NOT authenticated', user.username)

            p = ''

            if request.environ.get('SCRIPT_NAME') != '/':

                p += request.environ.get('SCRIPT_NAME')

            p += request.environ.get('PATH_INFO')

            if request.environ.get('QUERY_STRING'):

                p += '?' + request.environ.get('QUERY_STRING')

		<%name_slug = name.lower().replace(' ','_') %>

		%if name_slug == c.sort_slug:

		  %if c.sort_by.startswith('-'):

		    <a href="?sort=${name_slug}">${name}&uarr;</a>

		  %else:

		    <a href="?sort=-${name_slug}">${name}&darr;</a>

		  %endif:

		%else:

		    <a href="?sort=${name_slug}">${name}</a>

		%endif

	</%def>

    <div class="box">

	    <!-- box / title -->

	    <div class="title">

	        <h5>${_('Dashboard')}

	        <input class="top-right-rounded-corner top-left-rounded-corner bottom-left-rounded-corner bottom-right-rounded-corner" id="q_filter" size="15" type="text" name="filter" value="${_('quick filter...')}"/>

	        </h5>

	        %if c.rhodecode_user.username != 'default':

		        %if h.HasPermissionAny('hg.admin','hg.create.repository')():

		        <ul class="links">

		          <li>

		            <span>${h.link_to(_('ADD NEW REPOSITORY'),h.url('admin_settings_create_repository'))}</span>

		          </li>          

		        </ul>  	        

		        %endif

		    %endif

	    </div>

	    <!-- end box / title -->

        <div class="table">

            <table>

            <thead>

	            <tr>

			        <th class="left">${get_sort(_('Name'))}</th>

			        <th class="left">${get_sort(_('Description'))}</th>

			        <th class="left">${get_sort(_('Last change'))}</th>

			        <th class="left">${get_sort(_('Tip'))}</th>

			        <th class="left">${get_sort(_('Owner'))}</th>

			        <th class="left">${_('RSS')}</th>

			        <th class="left">${_('Atom')}</th>

	            </tr>

            </thead>

            <tbody>

		    %for cnt,repo in enumerate(c.repos_list):

		        <tr class="parity${cnt%2}">

		            <td>

		            <div style="white-space: nowrap">

		             ## TYPE OF REPO

		             %if repo['dbrepo']['repo_type'] =='hg':

		               <img class="icon" title="${_('Mercurial repository')}" alt="${_('Mercurial repository')}" src="${h.url("/images/icons/hgicon.png")}"/>

		             %elif repo['dbrepo']['repo_type'] =='git':

		               <img class="icon" title="${_('Git repository')}" alt="${_('Git repository')}" src="${h.url("/images/icons/giticon.png")}"/>

		             %else:

		             %endif 

		             ##PRIVATE/PUBLIC

		             %if repo['dbrepo']['private']:

		                <img class="icon" title="${_('private repository')}" alt="${_('private repository')}" src="${h.url("/images/icons/lock.png")}"/>

		             %else:

		                <img class="icon" title="${_('public repository')}" alt="${_('public repository')}" src="${h.url("/images/icons/lock_open.png")}"/>

		             %endif

		            ##NAME   

		            ${h.link_to(repo['name'],

		                h.url('summary_home',repo_name=repo['name']),class_="repo_name")}

		            %if repo['dbrepo_fork']:

		            	<a href="${h.url('summary_home',repo_name=repo['dbrepo_fork']['repo_name'])}">

		            	<img class="icon" alt="${_('fork')}"

		            	title="${_('Fork of')} ${repo['dbrepo_fork']['repo_name']}" 

		            	src="${h.url("/images/icons/arrow_divide.png")}"/></a>

		            %endif

		            </div>

		            </td>

		            ##DESCRIPTION

		            <td><span class="tooltip" title="${h.tooltip(repo['description'])}">

		               ${h.truncate(repo['description'],60)}</span>

		            </td>

		            ##LAST CHANGE

		            <td>

		              <span class="tooltip" title="${repo['last_change']}">

		              ${h.age(repo['last_change'])}</span>

		            </td>

		            <td>

		            	%if repo['rev']>=0:

		            	${h.link_to('r%s:%s' % (repo['rev'],h.short_id(repo['tip'])),

		                h.url('changeset_home',repo_name=repo['name'],revision=repo['tip']),

		                class_="tooltip",

		                title=h.tooltip(repo['last_msg']))}

		            	%else:

		            		${_('No changesets yet')}

		            	%endif    

		            </td>

		            <td title="${repo['contact']}">${h.person(repo['contact'])}</td>

		            <td>

		            </td>        

		            <td>

		                <a title="${_('Subscribe to %s atom feed')%repo['name']}"  class="atom_icon" href="${h.url('atom_feed_home',repo_name=repo['name'])}"></a>

		            </td>

		        </tr>

		    %endfor

            </tbody>

            </table>

            </div>

    </div>

    <script type="text/javascript">

     var D = YAHOO.util.Dom;

     var E = YAHOO.util.Event;

     var S = YAHOO.util.Selector;

     var q_filter = D.get('q_filter');

     var F = YAHOO.namespace('q_filter'); 

     E.on(q_filter,'click',function(){

    	q_filter.value = '';

     });

     F.filterTimeout = null;

     F.updateFilter  = function() { 

    	// Reset timeout 

        F.filterTimeout = null;

        var obsolete = [];

        var nodes = S.query('div.table tr td div a.repo_name');

        var req = D.get('q_filter').value;

        for (n in nodes){

            D.setStyle(nodes[n].parentNode.parentNode.parentNode,'display','')

        }

        if (req){

	        for (n in nodes){

	        	if (nodes[n].innerHTML.toLowerCase().indexOf(req) == -1) {

	        		obsolete.push(nodes[n]); 

	        	}

	    	}

	        if(obsolete){

		        for (n in obsolete){

		        	D.setStyle(obsolete[n].parentNode.parentNode.parentNode,'display','none');

		        }

	        }

        }

     }

     E.on(q_filter,'keyup',function(e){

    	 clearTimeout(F.filterTimeout); 

    	 setTimeout(F.updateFilter,600); 

     });

    </script>

</%def>    

                        <img class="icon" alt="${_('remote clone')}"

                        title="${_('Clone from')} ${c.dbrepo.clone_uri}" 

                        src="${h.url("/images/icons/connect.png")}"/>

                        ${_('Clone from')} ${c.dbrepo.clone_uri}

                        </a>

                        </span>					

					%endif		            		      

			  </div>

			 </div>

			 <div class="field">

			  <div class="label">

			      <label>${_('Description')}:</label>

			  </div>

			  <div class="input-short">

			      ${c.dbrepo.description}

			  </div>

			 </div>

			 <div class="field">

			  <div class="label">

			      <label>${_('Contact')}:</label>

			  </div>

			  <div class="input-short">

			  	<div class="gravatar">

			  		<img alt="gravatar" src="${h.gravatar_url(c.dbrepo.user.email)}"/>

			  	</div>

			  		${_('Username')}: ${c.dbrepo.user.username}<br/>

			  		${_('Name')}: ${c.dbrepo.user.name} ${c.dbrepo.user.lastname}<br/>

			  		${_('Email')}: <a href="mailto:${c.dbrepo.user.email}">${c.dbrepo.user.email}</a>

			  </div>

			 </div>

			 <div class="field">

			  <div class="label">

			      <label>${_('Last change')}:</label>

			  </div>

			  <div class="input-short">

			      ${h.age(c.repo.last_change)} - ${c.repo.last_change} 

			      ${_('by')} ${h.get_changeset_safe(c.repo,'tip').author} 

			  </div>

			 </div>

			 <div class="field">

			  <div class="label">

			      <label>${_('Clone url')}:</label>

			  </div>

			  <div class="input-short">

			      <input type="text" id="clone_url" readonly="readonly" value="hg clone ${c.clone_repo_url}" size="70"/>

			  </div>

			 </div>

			 <div class="field">

			  <div class="label">

			      <label>${_('Trending source files')}:</label>

			  </div>

			  <div class="input-short">

			    <div id="lang_stats"></div> 			   

			  </div>

			 </div>

			 <div class="field">

			  <div class="label">

			      <label>${_('Download')}:</label>

			  </div>

			  <div class="input-short">

		        %if len(c.repo.revisions) == 0:

		          ${_('There are no downloads yet')}

		        %elif c.enable_downloads is False:

		          ${_('Downloads are disabled for this repository')}

                    %if h.HasPermissionAll('hg.admin')('enable stats on from summary'):

                        [${h.link_to(_('enable'),h.url('edit_repo',repo_name=c.repo_name))}]

                    %endif  		          

		        %else:

			        ${h.select('download_options',c.repo.get_changeset().raw_id,c.download_options)}

			        %for cnt,archive in enumerate(c.repo._get_archives()):

			             %if cnt >=1:

			             |

			             %endif

			             <span class="tooltip" title="${_('Download %s as %s') %('tip',archive['type'])}" 

			                  id="${archive['type']+'_link'}">${h.link_to(archive['type'],

			                h.url('files_archive_home',repo_name=c.repo.name,

			                fname='tip'+archive['extension']),class_="archive_icon")}</span>

			        %endfor

			    %endif

			  </div>

			 </div>

			 <div class="field">

			  <div class="label">

			      <label>${_('Feeds')}:</label>

			  </div>

			  <div class="input-short">

			  </div>

			 </div>				 			 			 

	  </div>		 

	</div>

  	<script type="text/javascript">

	  	YUE.onDOMReady(function(e){

	  	    id = 'clone_url';

	  	    YUE.on(id,'click',function(e){

	  	        YUD.get('clone_url').select();

	  	    })

	  	})

  		var data = ${c.trending_languages|n};

  		var total = 0;

  		var no_data = true;

  		for (k in data){

  		    total += data[k];

  		    no_data = false;

  		} 

		var tbl = document.createElement('table');

		tbl.setAttribute('class','trending_language_tbl');

		var cnt =0;

  		for (k in data){

  			cnt+=1;

  			var hide = cnt>2;

	  		var tr = document.createElement('tr');

	  		if (hide){

	  			tr.setAttribute('style','display:none');

	  			tr.setAttribute('class','stats_hidden');

	  		}

	  		var percentage = Math.round((data[k]/total*100),2);

			var value = data[k];

	  		var td1 = document.createElement('td');

	  		td1.width=150;

	  		var trending_language_label = document.createElement('div');

	  		trending_language_label.innerHTML = k;

	  		td1.appendChild(trending_language_label);

	  		var td2 = document.createElement('td');

	  		td2.setAttribute('style','padding-right:14px !important');

  		    var trending_language = document.createElement('div');

  		    var nr_files = value+" ${_('files')}";

  		    trending_language.title = k+" "+nr_files;

  		    if (percentage>20){

  		    	trending_language.innerHTML = "<b style='font-size:0.8em'>"+percentage+"% "+nr_files+ "</b>";	

  		    }

  		    else{

  		    	trending_language.innerHTML = "<b style='font-size:0.8em'>"+percentage+"%</b>";

  		    }

  		    trending_language.setAttribute("class", 'trending_language top-right-rounded-corner bottom-right-rounded-corner');

  		    trending_language.style.width=percentage+"%";

			td2.appendChild(trending_language);

			tr.appendChild(td1);

			tr.appendChild(td2);

  		    tbl.appendChild(tr);

  		    if(cnt == 2){

  		    	var show_more = document.createElement('tr');

  		    	var td=document.createElement('td');

  		    	lnk = document.createElement('a');

  		    	lnk.href='#';

  		    	lnk.innerHTML = "${_("show more")}";

  		    	lnk.id='code_stats_show_more';

  		        td.appendChild(lnk);

  		    	show_more.appendChild(td);

  		    	show_more.appendChild(document.createElement('td'));

  		    	tbl.appendChild(show_more);

  		    }

  		}

  		if(no_data){

  			var tr = document.createElement('tr');

  			var td1 = document.createElement('td');

  			td1.innerHTML = "${c.no_data_msg}";

  			tr.appendChild(td1);

  			tbl.appendChild(tr);

		}

  		YUD.get('lang_stats').appendChild(tbl);

  		YUE.on('code_stats_show_more','click',function(){

  			l = YUD.getElementsByClassName('stats_hidden')

  			for (e in l){

  			    YUD.setStyle(l[e],'display','');

  			};

  			YUD.setStyle(YUD.get('code_stats_show_more'),

  					'display','none');

  		})

             YUE.on('download_options','change',function(e){

                 var new_cs = e.target.options[e.target.selectedIndex];

                 var tmpl_links = {}

                 %for cnt,archive in enumerate(c.repo._get_archives()):

                	 tmpl_links['${archive['type']}'] = '${h.link_to(archive['type'],

                        h.url('files_archive_home',repo_name=c.repo.name,