log.error(traceback.format_exc())

            auth_user.is_authenticated = False

        return auth_user

    def fill_perms(self, user):

        """

        Fills user permission attribute with permissions taken from database

        works for permissions given for repositories, and for permissions that

        are granted to groups

        :param user: user instance to fill his perms

        """

        user.permissions['repositories'] = {}

        user.permissions['global'] = set()

        #======================================================================

        # fetch default permissions

        #======================================================================

        default_user = self.get_by_username('default', cache=True)

        default_perms = self.sa.query(RepoToPerm, Repository, Permission)\

            .join((Repository, RepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, RepoToPerm.permission_id ==

                   Permission.permission_id))\

            .filter(RepoToPerm.user == default_user).all()

        if user.is_admin:

            #==================================================================

            # #admin have all default rights set to admin

            #==================================================================

            user.permissions['global'].add('hg.admin')

            for perm in default_perms:

                p = 'repository.admin'

                user.permissions['repositories'][perm.RepoToPerm.

                                                 repository.repo_name] = p

        else:

            #==================================================================

            # set default permissions

            #==================================================================

            uid = user.user_id

            #default global

            default_global_perms = self.sa.query(UserToPerm)\

            for perm in default_global_perms:

                user.permissions['global'].add(perm.permission.permission_name)

            #default for repositories

            for perm in default_perms:

                if perm.Repository.private and not (perm.Repository.user_id ==

                                                    uid):

                    #diself.sable defaults for private repos,

                    p = 'repository.none'

                elif perm.Repository.user_id == uid:

                    #set admin if owner

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions['repositories'][perm.RepoToPerm.

                                                 repository.repo_name] = p

            #==================================================================

            # overwrite default with user permissions if any

            #==================================================================

            #user global

            user_perms = self.sa.query(UserToPerm)\

                    .options(joinedload(UserToPerm.permission))\

                    .filter(UserToPerm.user_id == uid).all()

            for perm in user_perms:

                user.permissions['global'].add(perm.permission.

                                               permission_name)

            #user repositories

            user_repo_perms = self.sa.query(RepoToPerm, Permission,

                                            Repository)\

                .join((Repository, RepoToPerm.repository_id ==

                       Repository.repo_id))\

                .join((Permission, RepoToPerm.permission_id ==

                       Permission.permission_id))\

                .filter(RepoToPerm.user_id == uid).all()

            for perm in user_repo_perms:

                # set admin if owner

                if perm.Repository.user_id == uid:

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions['repositories'][perm.RepoToPerm.