admin = False

            repos_list = [x.follows_repository for x in

                          Session().query(UserFollowing).filter(

                              UserFollowing.user_id ==

                              self.authuser.user_id).all()]

        else:

            admin = True

            repos_list = Session().query(Repository)\

                         .filter(Repository.user_id ==

                                 self.authuser.user_id)\

                         .order_by(func.lower(Repository.repo_name)).all()

        repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list,

                                                   admin=admin)

        #json used to render the grid

        return json.dumps(repos_data)

    def my_account(self):

        """

        GET /_admin/my_account Displays info about my account

        """

        # url('my_account')

        c.active = 'profile'

        self.__load_data()

        c.extern_type = c.user.extern_type

        c.extern_name = c.user.extern_name

        defaults = c.user.get_dict()

        update = False

        if request.POST:

            _form = UserForm(edit=True,

                             old_data={'user_id': self.authuser.user_id,

                                       'email': self.authuser.email})()

            form_result = {}

            try:

                post_data = dict(request.POST)

                post_data['new_password'] = ''

                post_data['password_confirmation'] = ''

                form_result = _form.to_python(post_data)

                # skip updating those attrs for my account

                skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',

                              'new_password', 'password_confirmation']

                #TODO: plugin should define if username can be updated

                if c.extern_type != EXTERN_TYPE_INTERNAL:

                    # forbid updating username for external accounts

                    skip_attrs.append('username')

                UserModel().update(self.authuser.user_id, form_result,

                log.error(traceback.format_exc())

                h.flash(_('Error occurred during update of user password'),

                        category='error')

        return render('admin/my_account/my_account.html')

    def my_account_repos(self):

        c.active = 'repos'

        self.__load_data()

        #json used to render the grid

        c.data = self._load_my_repos_data()

        return render('admin/my_account/my_account.html')

    def my_account_watched(self):

        c.active = 'watched'

        self.__load_data()

        #json used to render the grid

        c.data = self._load_my_repos_data(watched=True)

        return render('admin/my_account/my_account.html')

    def my_account_perms(self):

        c.active = 'perms'

        self.__load_data()

        return render('admin/my_account/my_account.html')

    def my_account_emails(self):

        c.active = 'emails'

        self.__load_data()

        c.user_email_map = UserEmailMap.query()\

            .filter(UserEmailMap.user == c.user).all()

        return render('admin/my_account/my_account.html')

    def my_account_emails_add(self):

        email = request.POST.get('new_email')

        try:

            UserModel().add_extra_email(self.authuser.user_id, email)

            Session().commit()

            h.flash(_("Added email %s to user") % email, category='success')

        except formencode.Invalid, error:

            msg = error.error_dict['email']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during email saving'),

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during creation of user %s') \

                    % request.POST.get('username'), category='error')

        return redirect(url('users'))

    def new(self, format='html'):

        """GET /users/new: Form to create a new item"""

        # url('new_user')

        c.default_extern_type = auth_modules.auth_internal.KallitheaAuthPlugin.name

        return render('admin/users/user_add.html')

    def update(self, id):

        """PUT /users/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('update_user', id=ID),

        #           method='put')

        # url('user', id=ID)

        c.active = 'profile'

        user_model = UserModel()

        c.user = user_model.get(id)

        c.extern_type = c.user.extern_type

        c.extern_name = c.user.extern_name

        _form = UserForm(edit=True, old_data={'user_id': id,

                                              'email': c.user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            skip_attrs = ['extern_type', 'extern_name']

            #TODO: plugin should define if username can be updated

            if c.extern_type != kallithea.EXTERN_TYPE_INTERNAL:

                # forbid updating username for external accounts

                skip_attrs.append('username')

            user_model.update(id, form_result, skip_attrs=skip_attrs)

            usr = form_result['username']

            action_logger(self.authuser, 'admin_updated_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(_('User updated successfully'), category='success')

            Session().commit()

        except formencode.Invalid, errors:

            defaults = errors.value

            e = errors.error_dict or {}

            defaults.update({

                'create_repo_perm': user_model.has_perm(id,

                                                        'hg.create.repository'),

                'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during deletion of user'),

                    category='error')

        return redirect(url('users'))

    def show(self, id, format='html'):

        """GET /users/id: Show a specific item"""

        # url('user', id=ID)

        User.get_or_404(-1)

    def _get_user_or_raise_if_default(self, id):

        try:

            return User.get_or_404(id, allow_default=False)

        except DefaultUserException:

            h.flash(_("The default user cannot be edited"), category='warning')

            raise HTTPNotFound

    def edit(self, id, format='html'):

        """GET /users/id/edit: Form to edit an existing item"""

        # url('edit_user', id=ID)

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'profile'

        c.extern_type = c.user.extern_type

        c.extern_name = c.user.extern_name

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_advanced(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'advanced'

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_api_keys(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'api_keys'

        show_expired = True

        c.lifetime_values = [

            (str(-1), _('Forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

    def delete_api_key(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        api_key = request.POST.get('del_api_key')

        if request.POST.get('del_api_key_builtin'):

            user = User.get(c.user.user_id)

            if user:

                user.api_key = generate_api_key(user.username)

                Session().add(user)

                Session().commit()

                h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, c.user.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def update_account(self, id):

        pass

    def edit_perms(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'perms'

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def update_perms(self, id):

        """PUT /users_perm/id: Update an existing item"""

        # url('user_perm', id=ID, method='put')

        user = self._get_user_or_raise_if_default(id)

        try:

            form = CustomDefaultPermissionsForm()()

            form_result = form.to_python(request.POST)

        try:

            self._req_api_key = json_body['api_key']

            self._req_id = json_body['id']

            self._req_method = json_body['method']

            self._request_params = json_body['args']

            if not isinstance(self._request_params, dict):

                self._request_params = {}

            log.debug(

                'method: %s, params: %s' % (self._req_method,

                                            self._request_params)

            )

        except KeyError, e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Incorrect JSON query missing %s' % e)

        # check if we can find this session using api_key

        try:

            u = User.get_by_api_key(self._req_api_key)

            if u is None:

                return jsonrpc_error(retid=self._req_id,

                                     message='Invalid API key')

            #check if we are allowed to use this IP

                return jsonrpc_error(retid=self._req_id,

                        message='request from IP:%s not allowed' % (ip_addr,))

            else:

                log.info('Access for IP:%s allowed' % (ip_addr,))

        except Exception, e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Invalid API key')

        self._error = None

        try:

            self._func = self._find_method()

        except AttributeError, e:

            return jsonrpc_error(retid=self._req_id,

                                 message=str(e))

        # now that we have a method, add self._req_params to

        # self.kargs and dispatch control to WGIController

        argspec = inspect.getargspec(self._func)

        arglist = argspec[0][1:]

        defaults = map(type, argspec[3] or [])

        default_empty = types.NotImplementedType

        # kw arguments required by this method

        parsed = urlparse.urlparse(came_from)

        server_parsed = urlparse.urlparse(url.current())

        allowed_schemes = ['http', 'https']

        if parsed.scheme and parsed.scheme not in allowed_schemes:

            log.error('Suspicious URL scheme detected %s for url %s' %

                     (parsed.scheme, parsed))

            return False

        if server_parsed.netloc != parsed.netloc:

            log.error('Suspicious NETLOC detected %s for url %s server url '

                      'is: %s' % (parsed.netloc, parsed, server_parsed))

            return False

        return True

    def _redirect_to_origin(self, origin):

        '''redirect to the original page, preserving any get arguments given'''

        request.GET.pop('came_from', None)

        raise HTTPFound(location=url(origin, **request.GET))

    def index(self):

        c.came_from = safe_str(request.GET.get('came_from', ''))

        if not self._validate_came_from(c.came_from):

            c.came_from = url('home')

        not_default = self.authuser.username != User.DEFAULT_USER

        # redirect if already logged in

        if self.authuser.is_authenticated and not_default and ip_allowed:

            return self._redirect_to_origin(c.came_from)

        if request.POST:

            # import Login Form validator class

            login_form = LoginForm()

            try:

                session.invalidate()

                c.form_result = login_form.to_python(dict(request.POST))

                # form checks for username/password, now we're authenticated

                self._store_user_in_session(

                                        username=c.form_result['username'],

                                        remember=c.form_result['remember'])

                return self._redirect_to_origin(c.came_from)

            except formencode.Invalid, errors:

                defaults = errors.value

                # remove password from filling in form again

                del defaults['password']

                return htmlfill.render(

                    render('/login.html'),

                    defaults=errors.value,

                           sep=',')

        log.debug('whitelist of API access is: %s' % (whitelist))

    api_access_valid = controller_name in whitelist

    if api_access_valid:

        log.debug('controller:%s is in API whitelist' % (controller_name))

    else:

        msg = 'controller: %s is *NOT* in API whitelist' % (controller_name)

        if api_key:

            #if we use API key and don't have access it's a warning

            log.warning(msg)

        else:

            log.debug(msg)

    return api_access_valid

class AuthUser(object):

    """

    A simple object that handles all attributes of user in Kallithea

    It does lookup based on API key,given user, or user present in session

    Then it fills all required information for such user. It also checks if

    anonymous access is enabled and if so, it returns default user as logged in

    """

        self.user_id = user_id

        self._api_key = api_key

        self.api_key = None

        self.username = username

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.inherit_default_permissions = False

        self.propagate_data()

        self._instance = None

    @LazyProperty

    def permissions(self):

        return self.get_perms(user=self, cache=False)

    @property

    def api_keys(self):

        return self.get_api_keys()

    def propagate_data(self):

        user_model = UserModel()

        self.anonymous_user = User.get_default_user(cache=True)

        is_user_loaded = False

        # lookup by userid

    @property

    def repositories_admin(self):

        """

        Returns list of repositories you're an admin of

        """

        return [x[0] for x in self.permissions['repositories'].iteritems()

                if x[1] == 'repository.admin']

    @property

    def repository_groups_admin(self):

        """

        Returns list of repository groups you're an admin of

        """

        return [x[0] for x in self.permissions['repositories_groups'].iteritems()

                if x[1] == 'group.admin']

    @property

    def user_groups_admin(self):

        """

        Returns list of user groups you're an admin of

        """

        return [x[0] for x in self.permissions['user_groups'].iteritems()

                if x[1] == 'usergroup.admin']

        """

        """

        inherit = self.inherit_default_permissions

                                         inherit_from_default=inherit)

    @classmethod

    def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):

        allowed_ips = AuthUser.get_allowed_ips(user_id, cache=True,

                        inherit_from_default=inherit_from_default)

        if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):

            log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))

            return True

        else:

            log.info('Access for IP:%s forbidden, '

                     'not in %s' % (ip_addr, allowed_ips))

            return False

    def __repr__(self):

    def set_authenticated(self, authenticated=True):

        if self.user_id != self.anonymous_user.user_id:

            self.is_authenticated = authenticated

    def get_cookie_store(self):

        return {'username': self.username,

                'user_id': self.user_id,

                'is_authenticated': self.is_authenticated}

    @classmethod

    def from_cookie_store(cls, cookie_store):

        """

        Creates AuthUser from a cookie store

        :param cls:

        :param cookie_store:

        """

        user_id = cookie_store.get('user_id')

        username = cookie_store.get('username')

        api_key = cookie_store.get('api_key')

        return AuthUser(user_id, api_key, username)

    @classmethod

def redirect_to_login(message=None):

    from kallithea.lib import helpers as h

    p = url.current()

    if message:

        h.flash(h.literal(message), category='warning')

    log.debug('Redirecting to login page, origin: %s' % p)

    return redirect(url('login_home', came_from=p, **request.GET))

class LoginRequired(object):

    """

    Must be logged in to execute this function else

    redirect to login page

    :param api_access: if enabled this checks only for valid auth token

        and grants access based on valid token

    """

    def __init__(self, api_access=False):

        self.api_access = api_access

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        log.debug('Checking access for user %s @ %s' % (user, loc))

        # check if our IP is allowed

        # check if we used an API key and it's a valid one

        api_key = request.GET.get('api_key')

        if api_key is not None:

            # explicit controller is enabled or API is in our whitelist

            if self.api_access or allowed_api_access(loc, api_key=api_key):

                if api_key in user.api_keys:

                    log.info('user %s authenticated with API key ****%s @ %s'

                             % (user, api_key[-4:], loc))

                    return func(*fargs, **fkwargs)

                else:

                    log.warning('API key ****%s is NOT valid' % api_key[-4:])

                    return redirect_to_login(_('Invalid API key'))

            else:

                # controller does not allow API access

                log.warning('API access to %s is not allowed' % loc)

                return abort(403)

        # CSRF protection - POSTs with session auth must contain correct token

        if request.POST and user.is_authenticated:

            token = request.POST.get(secure_form.token_key)

            if not token or token != secure_form.authentication_token():

                log.error('CSRF check failed')

                return abort(403)

        c.site_name = rc_config.get('title')

        c.clone_uri_tmpl = rc_config.get('clone_uri_tmpl')

        ## INI stored

        c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))

        c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))

        c.instance_id = config.get('instance_id')

        c.issues_url = config.get('bugtracker', url('issues_url'))

        # END CONFIG VARS

        c.repo_name = get_repo_slug(request)  # can be empty

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel()\

                        .get_unread_cnt_for_user(c.authuser.user_id)

        self.cut_off_limit = safe_int(config.get('cut_off_limit'))

        c.my_pr_count = PullRequestModel().get_pullrequest_cnt_for_user(c.authuser.user_id)

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

    @staticmethod

        """

        Create an `AuthUser` object given the IP address of the request, the

        API key (if any), and the authuser from the session.

        """

        if api_key:

            # when using API_KEY we are sure user exists.

            authenticated = False

        else:

            cookie_store = CookieStoreWrapper(session_authuser)

            user_id = cookie_store.get('user_id')

            try:

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw UserCreationError to signal issues with

                # user creation. Explanation should be provided in the

                # exception object.

                from kallithea.lib import helpers as h

                h.flash(e, 'error')

            authenticated = cookie_store.get('is_authenticated')

        if not auth_user.is_authenticated and auth_user.user_id is not None:

            # user is not authenticated and not empty

            auth_user.set_authenticated(authenticated)

        return auth_user

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        try:

            self.ip_addr = _get_ip_addr(environ)

            # make sure that we update permissions each time we call controller

            #set globals for auth user

            self.authuser = c.authuser = request.user = self._determine_auth_user(

                request.GET.get('api_key'),

                session.get('authuser'),

            )

            log.info('IP: %s User: %s accessed %s',

                self.ip_addr, self.authuser,

                safe_unicode(_get_access_path(environ)),

            )

            return WSGIController.__call__(self, environ, start_response)

        finally:

            meta.Session.remove()

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.db_repo_scm_instance: instance of scm repository

    c.db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

    c.repository_following: weather the current user is following the current repo

    """

${h.form(url('my_account'), method='post')}

    <div class="form">

         <div class="field">

           <div class="gravatar_box">

               <div class="gravatar">

                 ${h.gravatar(c.user.email)}

               </div>

                <p>

                %if c.visual.use_gravatar:

                <strong>${_('Change your avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>

                <br/>${_('Using')} ${c.user.email}

                %else:

                <strong>${_('Avatars are disabled')}</strong>

                <br/>${c.user.email or _('Missing email, please update your user email address.')}

                %endif

               </p>

           </div>

         </div>

        <% readonly = None %>

        <% disabled = "" %>

        <div class="fields">

           %if c.extern_type != c.EXTERN_TYPE_INTERNAL:

                <% readonly = "readonly" %>

                <% disabled = " disabled" %>

                <strong>${_('Your user is in an external Source of Record; some details cannot be managed here')}.</strong>

           %endif

             <div class="field">

                <div class="label">

                    <label for="username">${_('Username')}:</label>

                </div>

                <div class="input">

                  ${h.text('username',class_='medium%s' % disabled, readonly=readonly)}

                  ${h.hidden('extern_name', c.extern_name)}

                  ${h.hidden('extern_type', c.extern_type)}

                </div>

             </div>

${h.form(url('update_user', id=c.user.user_id),method='put')}

<div class="form">

        <div class="field">

           <div class="gravatar_box">

                <div class="gravatar">${h.gravatar(c.user.email)}</div>

                <p>

                %if c.visual.use_gravatar:

                <strong>${_('Change avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>

                <br/>${_('Using')} ${c.user.email}

                %else:

                <strong>${_('Avatars are disabled')}</strong>

                <br/>${c.user.email or _('Missing email, please update this user email address.')}

                        ##show current ip just if we show ourself

                        %if c.authuser.username == c.user.username:

                        %endif

                %endif

           </div>

        </div>

        <% readonly = None %>

        <% disabled = "" %>

        <div class="fields">

            %if c.extern_type != c.EXTERN_TYPE_INTERNAL:

             <div class="field">

               <% readonly = "readonly" %>

               <% disabled = " disabled" %>

               <strong>${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.extern_type)}.</strong>

             </div>

            %endif

             <div class="field">

                <div class="label">

                    <label for="username">${_('Username')}:</label>

                </div>

                <div class="input">

                  ${h.text('username',class_='medium%s' % disabled, readonly=readonly)}

                </div>

             </div>