It does lookup based on API key,given user, or user present in session

    Then it fills all required information for such user. It also checks if

    anonymous access is enabled and if so, it returns default user as logged

    in

    """

    def __init__(self, user_id=None, api_key=None, username=None):

        self.user_id = user_id

        self.api_key = None

        self.username = username

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.permissions = {}

        self._api_key = api_key

        self.propagate_data()

        self._instance = None

    def propagate_data(self):

        user_model = UserModel()

        self.anonymous_user = User.get_by_username('default', cache=True)

        is_user_loaded = False

        # try go get user by api key

        if self._api_key and self._api_key != self.anonymous_user.api_key:

            log.debug('Auth User lookup by API KEY %s' % self._api_key)

            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)

        # lookup by userid

        elif (self.user_id is not None and

              self.user_id != self.anonymous_user.user_id):

            log.debug('Auth User lookup by USER ID %s' % self.user_id)

            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)

        # lookup by username

        elif self.username and \

            str2bool(config.get('container_auth_enabled', False)):

            log.debug('Auth User lookup by USER NAME %s' % self.username)

            dbuser = login_container_auth(self.username)

            if dbuser is not None:

                for k, v in dbuser.get_dict().items():

                    setattr(self, k, v)

                self.set_authenticated()

                is_user_loaded = True

        if not is_user_loaded:

            # if we cannot authenticate user try anonymous

            if self.anonymous_user.active is True:

                user_model.fill_data(self, user_id=self.anonymous_user.user_id)

                # then we set this user is logged in

                self.is_authenticated = True

            else:

                self.user_id = None

                self.username = None

                self.is_authenticated = False

        if not self.username:

            self.username = 'None'

        log.debug('Auth User is now %s' % self)

        user_model.fill_perms(self)

    @property

    def is_admin(self):

        return self.admin

    def __repr__(self):

        return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,

                                              self.is_authenticated)

    def set_authenticated(self, authenticated=True):

        if self.user_id != self.anonymous_user.user_id:

            self.is_authenticated = authenticated

    def get_cookie_store(self):

        return {'username': self.username,

                'user_id': self.user_id,

                'is_authenticated': self.is_authenticated}

    @classmethod

    def from_cookie_store(cls, cookie_store):

        """

        Creates AuthUser from a cookie store

        :param cls:

        :param cookie_store:

        """

        user_id = cookie_store.get('user_id')

        username = cookie_store.get('username')

        api_key = cookie_store.get('api_key')

        return AuthUser(user_id, api_key, username)

    def check_permissions(self):

        group_name = get_repos_group_slug(request)

        try:

            user_perms = set([self.user_perms['repositories_groups'][group_name]])

        except KeyError:

            return False

        if self.required_perms.issubset(user_perms):

            return True

        return False

class HasReposGroupPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates for specific

    repository. In order to fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        group_name = get_repos_group_slug(request)

        try:

            user_perms = set([self.user_perms['repositories_groups'][group_name]])

        except KeyError:

            return False

        if self.required_perms.intersection(user_perms):

            return True

        return False

#==============================================================================

# CHECK FUNCTIONS

#==============================================================================

class PermsFunction(object):

    """Base function for other check functions"""

    def __init__(self, *perms):

        available_perms = config['available_permissions']

        for perm in perms:

            if perm not in available_perms:

                raise Exception("'%s' permission in not defined" % perm)

        self.required_perms = set(perms)

        self.user_perms = None

        self.granted_for = ''

        self.repo_name = None

    def __call__(self, check_Location=''):

        user = request.user

        if not user:

            return False

        self.user_perms = user.permissions

        self.granted_for = user

        if self.check_permissions():

            log.debug('Permission granted %s @ %s', self.granted_for,

                      check_Location or 'unspecified location')

            return True

        else:

            log.debug('Permission denied for %s @ %s', self.granted_for,

                        check_Location or 'unspecified location')

            return False

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

class HasPermissionAll(PermsFunction):

    def check_permissions(self):

        if self.required_perms.issubset(self.user_perms.get('global')):

            return True

        return False

class HasPermissionAny(PermsFunction):

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms.get('global')):

            return True

        return False

class HasRepoPermissionAll(PermsFunction):

    def __call__(self, repo_name=None, check_Location=''):

        self.repo_name = repo_name

        return super(HasRepoPermissionAll, self).__call__(check_Location)

    def check_permissions(self):

        if not self.repo_name:

            self.repo_name = get_repo_slug(request)

        try:

            self.user_perms = set(

                [self.user_perms['repositories'][self.repo_name]]

            )

        except KeyError:

            return False

        self.granted_for = self.repo_name

        if self.required_perms.issubset(self.user_perms):

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        return True

    def __call__(self, environ, start_response):

        start = time.time()

        try:

            return self._handle_request(environ, start_response)

        finally:

            log = logging.getLogger('rhodecode.' + self.__class__.__name__)

            log.debug('Request time: %.3fs' % (time.time() - start))

            meta.Session.remove()

class BaseController(WSGIController):

    def __before__(self):

        c.rhodecode_version = __version__

        c.rhodecode_instanceid = config.get('instance_id')

        c.rhodecode_name = config.get('rhodecode_title')

        c.use_gravatar = str2bool(config.get('use_gravatar'))

        c.ga_code = config.get('rhodecode_ga_code')

        c.repo_name = get_repo_slug(request)

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel()\

                        .get_unread_cnt_for_user(c.rhodecode_user.user_id)

        self.cut_off_limit = int(config.get('cut_off_limit'))

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        start = time.time()

        try:

            # make sure that we update permissions each time we call controller

            api_key = request.GET.get('api_key')

            cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

            user_id = cookie_store.get('user_id', None)

            username = get_container_username(environ, config)

            auth_user = AuthUser(user_id, api_key, username)

            request.user = auth_user

            self.rhodecode_user = c.rhodecode_user = auth_user

            if not self.rhodecode_user.is_authenticated and \

                       self.rhodecode_user.user_id is not None:

                self.rhodecode_user.set_authenticated(

                    cookie_store.get('is_authenticated')

                )

            log.info('User: %s accessed %s' % (

                auth_user, safe_unicode(environ.get('PATH_INFO')))

            )

            return WSGIController.__call__(self, environ, start_response)

        finally:

            log.info('Request to %s time: %.3fs' % (

                safe_unicode(environ.get('PATH_INFO')), time.time() - start)

            )

            meta.Session.remove()

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.rhodecode_repo: instance of scm repository

    c.rhodecode_db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

    """

    def __before__(self):

        super(BaseRepoController, self).__before__()

        if c.repo_name:

            c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)

            c.rhodecode_repo = c.rhodecode_db_repo.scm_instance

            if c.rhodecode_repo is None:

                log.error('%s this repository is present in database but it '

                          'cannot be created as an scm instance', c.repo_name)

                redirect(url('home'))

            c.repository_followers = self.scm_model.get_followers(c.repo_name)

            c.repository_forks = self.scm_model.get_forks(c.repo_name)