repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list,

                                                   admin=admin)

        #json used to render the grid

        return json.dumps(repos_data)

    def my_account(self):

        """

        GET /_admin/my_account Displays info about my account

        """

        # url('my_account')

        c.active = 'profile'

        self.__load_data()

        c.extern_type = c.user.extern_type

        c.extern_name = c.user.extern_name

        defaults = c.user.get_dict()

        update = False

        if request.POST:

            _form = UserForm(edit=True,

                             old_data={'user_id': self.authuser.user_id,

                                       'email': self.authuser.email})()

            form_result = {}

            try:

                post_data = dict(request.POST)

    def my_account_watched(self):

        c.active = 'watched'

        self.__load_data()

        #json used to render the grid

        c.data = self._load_my_repos_data(watched=True)

        return render('admin/my_account/my_account.html')

    def my_account_perms(self):

        c.active = 'perms'

        self.__load_data()

        return render('admin/my_account/my_account.html')

    def my_account_emails(self):

        c.active = 'emails'

        self.__load_data()

        c.user_email_map = UserEmailMap.query()\

            .filter(UserEmailMap.user == c.user).all()

        return render('admin/my_account/my_account.html')

    def my_account_emails_add(self):

        """PUT /users/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('update_user', id=ID),

        #           method='put')

        # url('user', id=ID)

        c.active = 'profile'

        user_model = UserModel()

        c.user = user_model.get(id)

        c.extern_type = c.user.extern_type

        c.extern_name = c.user.extern_name

        _form = UserForm(edit=True, old_data={'user_id': id,

                                              'email': c.user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            skip_attrs = ['extern_type', 'extern_name']

            #TODO: plugin should define if username can be updated

            if c.extern_type != kallithea.EXTERN_TYPE_INTERNAL:

                # forbid updating username for external accounts

                skip_attrs.append('username')

            user_model.update(id, form_result, skip_attrs=skip_attrs)

            return User.get_or_404(id, allow_default=False)

        except DefaultUserException:

            h.flash(_("The default user cannot be edited"), category='warning')

            raise HTTPNotFound

    def edit(self, id, format='html'):

        """GET /users/id/edit: Form to edit an existing item"""

        # url('edit_user', id=ID)

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'profile'

        c.extern_type = c.user.extern_type

        c.extern_name = c.user.extern_name

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_advanced(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'advanced'

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            ApiKeyModel().delete(api_key, c.user.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def update_account(self, id):

        pass

    def edit_perms(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'perms'

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

        except KeyError, e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Incorrect JSON query missing %s' % e)

        # check if we can find this session using api_key

        try:

            u = User.get_by_api_key(self._req_api_key)

            if u is None:

                return jsonrpc_error(retid=self._req_id,

                                     message='Invalid API key')

            #check if we are allowed to use this IP

                return jsonrpc_error(retid=self._req_id,

                        message='request from IP:%s not allowed' % (ip_addr,))

            else:

                log.info('Access for IP:%s allowed' % (ip_addr,))

        except Exception, e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Invalid API key')

        self._error = None

        try:

            self._func = self._find_method()

    def _redirect_to_origin(self, origin):

        '''redirect to the original page, preserving any get arguments given'''

        request.GET.pop('came_from', None)

        raise HTTPFound(location=url(origin, **request.GET))

    def index(self):

        c.came_from = safe_str(request.GET.get('came_from', ''))

        if not self._validate_came_from(c.came_from):

            c.came_from = url('home')

        not_default = self.authuser.username != User.DEFAULT_USER

        # redirect if already logged in

        if self.authuser.is_authenticated and not_default and ip_allowed:

            return self._redirect_to_origin(c.came_from)

        if request.POST:

            # import Login Form validator class

            login_form = LoginForm()

            try:

                session.invalidate()

                c.form_result = login_form.to_python(dict(request.POST))

                # form checks for username/password, now we're authenticated

    return api_access_valid

class AuthUser(object):

    """

    A simple object that handles all attributes of user in Kallithea

    It does lookup based on API key,given user, or user present in session

    Then it fills all required information for such user. It also checks if

    anonymous access is enabled and if so, it returns default user as logged in

    """

        self.user_id = user_id

        self._api_key = api_key

        self.api_key = None

        self.username = username

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.inherit_default_permissions = False

        self.propagate_data()

        self._instance = None

    @LazyProperty

    def permissions(self):

        """

        return [x[0] for x in self.permissions['repositories_groups'].iteritems()

                if x[1] == 'group.admin']

    @property

    def user_groups_admin(self):

        """

        Returns list of user groups you're an admin of

        """

        return [x[0] for x in self.permissions['user_groups'].iteritems()

                if x[1] == 'usergroup.admin']

        """

        """

        inherit = self.inherit_default_permissions

                                         inherit_from_default=inherit)

    @classmethod

    def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):

        allowed_ips = AuthUser.get_allowed_ips(user_id, cache=True,

                        inherit_from_default=inherit_from_default)

        if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):

            log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))

            return True

        else:

            log.info('Access for IP:%s forbidden, '

                     'not in %s' % (ip_addr, allowed_ips))

            return False

    def __repr__(self):

    def set_authenticated(self, authenticated=True):

        if self.user_id != self.anonymous_user.user_id:

            self.is_authenticated = authenticated

    def get_cookie_store(self):

        return {'username': self.username,

                'user_id': self.user_id,

                'is_authenticated': self.is_authenticated}

    @classmethod

    def from_cookie_store(cls, cookie_store):

    :param api_access: if enabled this checks only for valid auth token

        and grants access based on valid token

    """

    def __init__(self, api_access=False):

        self.api_access = api_access

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        log.debug('Checking access for user %s @ %s' % (user, loc))

        # check if our IP is allowed

        # check if we used an API key and it's a valid one

        api_key = request.GET.get('api_key')

        if api_key is not None:

            # explicit controller is enabled or API is in our whitelist

            if self.api_access or allowed_api_access(loc, api_key=api_key):

                if api_key in user.api_keys:

                    log.info('user %s authenticated with API key ****%s @ %s'

                             % (user, api_key[-4:], loc))

                    return func(*fargs, **fkwargs)

                else:

                    log.warning('API key ****%s is NOT valid' % api_key[-4:])

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel()\

                        .get_unread_cnt_for_user(c.authuser.user_id)

        self.cut_off_limit = safe_int(config.get('cut_off_limit'))

        c.my_pr_count = PullRequestModel().get_pullrequest_cnt_for_user(c.authuser.user_id)

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

    @staticmethod

        """

        Create an `AuthUser` object given the IP address of the request, the

        API key (if any), and the authuser from the session.

        """

        if api_key:

            # when using API_KEY we are sure user exists.

            authenticated = False

        else:

            cookie_store = CookieStoreWrapper(session_authuser)

            user_id = cookie_store.get('user_id')

            try:

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw UserCreationError to signal issues with

                # user creation. Explanation should be provided in the

                # exception object.

                from kallithea.lib import helpers as h

                h.flash(e, 'error')

            authenticated = cookie_store.get('is_authenticated')

        if not auth_user.is_authenticated and auth_user.user_id is not None:

            # user is not authenticated and not empty

            auth_user.set_authenticated(authenticated)

        return auth_user

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        try:

            self.ip_addr = _get_ip_addr(environ)

            # make sure that we update permissions each time we call controller

            #set globals for auth user

            self.authuser = c.authuser = request.user = self._determine_auth_user(

                request.GET.get('api_key'),

                session.get('authuser'),

            )

            log.info('IP: %s User: %s accessed %s',

                self.ip_addr, self.authuser,

                safe_unicode(_get_access_path(environ)),

            )

            return WSGIController.__call__(self, environ, start_response)

        finally:

            meta.Session.remove()

         <div class="field">

           <div class="gravatar_box">

               <div class="gravatar">

                 ${h.gravatar(c.user.email)}

               </div>

                <p>

                %if c.visual.use_gravatar:

                <strong>${_('Change your avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>

                <br/>${_('Using')} ${c.user.email}

                %else:

                <strong>${_('Avatars are disabled')}</strong>

                <br/>${c.user.email or _('Missing email, please update your user email address.')}

                %endif

               </p>

           </div>

         </div>

        <% readonly = None %>

        <% disabled = "" %>

        <div class="fields">

           %if c.extern_type != c.EXTERN_TYPE_INTERNAL:

                <% readonly = "readonly" %>

                <% disabled = " disabled" %>

                <strong>${_('Your user is in an external Source of Record; some details cannot be managed here')}.</strong>

        <div class="field">

           <div class="gravatar_box">

                <div class="gravatar">${h.gravatar(c.user.email)}</div>

                <p>

                %if c.visual.use_gravatar:

                <strong>${_('Change avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>

                <br/>${_('Using')} ${c.user.email}

                %else:

                <strong>${_('Avatars are disabled')}</strong>

                <br/>${c.user.email or _('Missing email, please update this user email address.')}

                        ##show current ip just if we show ourself

                        %if c.authuser.username == c.user.username:

                        %endif

                %endif

           </div>

        </div>

        <% readonly = None %>

        <% disabled = "" %>

        <div class="fields">

            %if c.extern_type != c.EXTERN_TYPE_INTERNAL:

             <div class="field">

               <% readonly = "readonly" %>

               <% disabled = " disabled" %>

               <strong>${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.extern_type)}.</strong>