# -*- coding: utf-8 -*-

"""

    rhodecode.controllers.admin.users

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Users crud controller for pylons

    :created_on: Apr 4, 2010

    :author: marcink

    :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>    

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import logging

import traceback

import formencode

from formencode import htmlfill

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.lib import helpers as h

from rhodecode.lib.base import BaseController, render

from rhodecode.model.db import User

from rhodecode.model.forms import UserForm

from rhodecode.model.user import UserModel

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('user', 'users')

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        c.admin_user = session.get('admin_user')

        c.admin_username = session.get('admin_username')

        super(UsersController, self).__before__()

    def index(self, format='html'):

        """GET /users: All items in the collection"""

        # url('users')

        c.users_list = self.sa.query(User).all()

        return render('admin/users/users.html')

    def create(self):

        """POST /users: Create a new item"""

        # url('users')

        user_model = UserModel()

        login_form = UserForm()()

        try:

            form_result = login_form.to_python(dict(request.POST))

            user_model.create(form_result)

            h.flash(_('created user %s') % form_result['username'],

                    category='success')

            #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/users/user_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during creation of user %s') \

                    % request.POST.get('username'), category='error')

        return redirect(url('users'))

    def new(self, format='html'):

        """GET /users/new: Form to create a new item"""

        # url('new_user')

        return render('admin/users/user_add.html')

    def update(self, id):

        """PUT /users/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('user', id=ID),

        #           method='put')

        # url('user', id=ID)

        user_model = UserModel()

        c.user = user_model.get(id)

        _form = UserForm(edit=True, old_data={'user_id':id,

                                              'email':c.user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            user_model.update(id, form_result)

            h.flash(_('User updated succesfully'), category='success')

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/users/user_edit.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during update of user %s') \

                    % form_result.get('username'), category='error')

        return redirect(url('users'))

    def delete(self, id):

        """DELETE /users/id: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('user', id=ID),

        #           method='delete')

        # url('user', id=ID)

        user_model = UserModel()

        try:

            user_model.delete(id)

        except (UserOwnsReposException, DefaultUserException), e:

            h.flash(str(e), category='warning')

        except Exception:

            h.flash(_('An error occurred during deletion of user'),

                    category='error')

        return redirect(url('users'))

    def show(self, id, format='html'):

        """GET /users/id: Show a specific item"""

        # url('user', id=ID)

    def edit(self, id, format='html'):

        """GET /users/id/edit: Form to edit an existing item"""

        # url('edit_user', id=ID)

        c.user = self.sa.query(User).get(id)

        if not c.user:

            return redirect(url('users'))

        if c.user.username == 'default':

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

from pylons import config, session, url, request

from pylons.controllers.util import abort, redirect

from rhodecode.lib.utils import get_repo_slug

from rhodecode.lib.auth_ldap import AuthLdap

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \

    UserToPerm

log = logging.getLogger(__name__)

class PasswordGenerator(object):

    """This is a simple class for generating password from

        different sets of characters

        usage:

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters of alphabet

        print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)        

    """

    ALPHABETS_NUM = r'''1234567890'''#[0]

    ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]

    ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]

    ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]

    ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]

    ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]

    ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL

    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]

    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]

    def __init__(self, passwd=''):

        self.passwd = passwd

    def gen_password(self, len, type):

        self.passwd = ''.join([random.choice(type) for _ in xrange(len)])

        return self.passwd

def get_crypt_password(password):

    """Cryptographic function used for password hashing based on sha1

    :param password: password to hash

    """

    return bcrypt.hashpw(password, bcrypt.gensalt(10))

def check_password(password, hashed):

    return bcrypt.hashpw(password, hashed) == hashed

def authfunc(environ, username, password):

    """

    Dummy authentication function used in Mercurial/Git/ and access control,

    :param environ: needed only for using in Basic auth

    """

    return authenticate(username, password)

def authenticate(username, password):

    """

    Authentication function used for access control,

    firstly checks for db authentication then if ldap is enabled for ldap

    authentication, also creates ldap user if not in database

    :param username: username

    :param password: password

    """

    user_model = UserModel()

    user = user_model.get_by_username(username, cache=False)

    log.debug('Authenticating user using RhodeCode account')

    if user is not None and user.is_ldap is False:

        if user.active:

            if user.username == 'default' and user.active:

                log.info('user %s authenticated correctly as anonymous user',

                         username)

                return True

            elif user.username == username and check_password(password, user.password):

                log.info('user %s authenticated correctly', username)

                return True

        else:

            log.warning('user %s is disabled', username)

    else:

        log.debug('Regular authentication failed')

        user_obj = user_model.get_by_username(username, cache=False,

                                            case_insensitive=True)

        if user_obj is not None and user_obj.is_ldap is False:

            log.debug('this user already exists as non ldap')

            return False

        from rhodecode.model.settings import SettingsModel

        ldap_settings = SettingsModel().get_ldap_settings()

        #======================================================================

        # FALLBACK TO LDAP AUTH IN ENABLE                

        #======================================================================

        if ldap_settings.get('ldap_active', False):

            log.debug("Authenticating user using ldap")

            kwargs = {

                  'server':ldap_settings.get('ldap_host', ''),

                  'base_dn':ldap_settings.get('ldap_base_dn', ''),

                  'port':ldap_settings.get('ldap_port'),

                  'bind_dn':ldap_settings.get('ldap_dn_user'),

                  'bind_pass':ldap_settings.get('ldap_dn_pass'),

                  'use_ldaps':ldap_settings.get('ldap_ldaps'),

                  'ldap_version':3,

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                res = aldap.authenticate_ldap(username, password)

                log.debug('Got ldap response %s', res)

                if user_model.create_ldap(username, password):

                    log.info('created new ldap user')

                return True

            except (LdapUsernameError, LdapPasswordError,):

                pass

            except (Exception,):

                log.error(traceback.format_exc())

                pass

    return False

class  AuthUser(object):

    """

    A simple object that handles a mercurial username for authentication

    """

    def __init__(self):

        self.username = 'None'

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.user_id = None

        self.is_authenticated = False

        self.is_admin = False

        self.permissions = {}

    def __repr__(self):

        return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)

def set_available_permissions(config):

    permission given in db. We don't wannt to check each time from db for new 

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    """

    log.info('getting information about all available permissions')

    try:

        sa = meta.Session()

        all_perms = sa.query(Permission).all()

    except:

        pass

    finally:

        meta.Session.remove()

    config['available_permissions'] = [x.permission_name for x in all_perms]

def set_base_path(config):

    config['base_path'] = config['pylons.app_globals'].base_path

def fill_perms(user):

    :param user:

    """

    sa = meta.Session()

    user.permissions['repositories'] = {}

    user.permissions['global'] = set()

    #===========================================================================

    # fetch default permissions

    #===========================================================================

    default_user = UserModel().get_by_username('default', cache=True)

    default_perms = sa.query(RepoToPerm, Repository, Permission)\

        .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

        .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

        .filter(RepoToPerm.user == default_user).all()

    if user.is_admin:

        #=======================================================================

        # #admin have all default rights set to admin        

        #=======================================================================

        user.permissions['global'].add('hg.admin')

        for perm in default_perms:

            p = 'repository.admin'

            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

    else:

        #=======================================================================

        # set default permissions

        #=======================================================================

        #default global

        default_global_perms = sa.query(UserToPerm)\

            .filter(UserToPerm.user == sa.query(User)\

                   .filter(User.username == 'default').one())

        for perm in default_global_perms:

            user.permissions['global'].add(perm.permission.permission_name)

        #default repositories

        for perm in default_perms:

            if perm.Repository.private and not perm.Repository.user_id == user.user_id:

                #disable defaults for private repos,

                p = 'repository.none'

            elif perm.Repository.user_id == user.user_id:

                #set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

        #=======================================================================

        # #overwrite default with user permissions if any

        #=======================================================================

        user_perms = sa.query(RepoToPerm, Permission, Repository)\

            .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

            .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

            .filter(RepoToPerm.user_id == user.user_id).all()

        for perm in user_perms:

            if perm.Repository.user_id == user.user_id:#set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

    meta.Session.remove()

    return user

def get_user(session):

    """

    Gets user from session, and wraps permissions into user

    :param session:

    """

    user = session.get('rhodecode_user', AuthUser())

    #if the user is not logged in we check for anonymous access

    #if user is logged and it's a default user check if we still have anonymous

    #access enabled

    if user.user_id is None or user.username == 'default':

        anonymous_user = UserModel().get_by_username('default', cache=True)

        if anonymous_user.active is True:

            #then we set this user is logged in

            user.is_authenticated = True

            user.user_id = anonymous_user.user_id

        else:

            user.is_authenticated = False

    if user.is_authenticated:

        user = UserModel().fill_data(user)

    user = fill_perms(user)

    session['rhodecode_user'] = user

    session.save()

    return user

#===============================================================================

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import logging

import datetime

from sqlalchemy import *

from sqlalchemy.exc import DatabaseError

from sqlalchemy.orm import relation, backref, class_mapper

from sqlalchemy.orm.session import Session

from rhodecode.model.meta import Base

log = logging.getLogger(__name__)

class BaseModel(object):

    @classmethod

    def _get_keys(cls):

        """return column names for this model """

        return class_mapper(cls).c.keys()

    def get_dict(self):

        """return dict with keys and values corresponding 

        to this model data """

        d = {}

        for k in self._get_keys():

            d[k] = getattr(self, k)

        return d

    def get_appstruct(self):

        """return list with keys and values tupples corresponding 

        to this model data """

        l = []

        for k in self._get_keys():

            l.append((k, getattr(self, k),))

        return l

    def populate_obj(self, populate_dict):

        """populate model with data from given populate_dict"""

        for k in self._get_keys():

            if k in populate_dict:

                setattr(self, k, populate_dict[k])

class RhodeCodeSettings(Base, BaseModel):

    __tablename__ = 'rhodecode_settings'

    __table_args__ = (UniqueConstraint('app_settings_name'), {'useexisting':True})

    app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    app_settings_name = Column("app_settings_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    app_settings_value = Column("app_settings_value", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    def __init__(self, k, v):

        self.app_settings_name = k

        self.app_settings_value = v

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__,

                                  self.app_settings_name, self.app_settings_value)

class RhodeCodeUi(Base, BaseModel):

    __tablename__ = 'rhodecode_ui'

    __table_args__ = {'useexisting':True}

    ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    ui_section = Column("ui_section", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    ui_key = Column("ui_key", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    ui_value = Column("ui_value", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)

class User(Base, BaseModel):

    __tablename__ = 'users'

    __table_args__ = (UniqueConstraint('username'), UniqueConstraint('email'), {'useexisting':True})

    user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    username = Column("username", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    password = Column("password", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    active = Column("active", Boolean(), nullable=True, unique=None, default=None)

    admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)

    name = Column("name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    lastname = Column("lastname", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    email = Column("email", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)

    is_ldap = Column("is_ldap", Boolean(), nullable=False, unique=None, default=False)

    user_log = relation('UserLog', cascade='all')

    user_perms = relation('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')

    repositories = relation('Repository')

    user_followers = relation('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')

    @property

    def full_contact(self):

        return '%s %s <%s>' % (self.name, self.lastname, self.email)

    def __repr__(self):

        return "<%s('id:%s:%s')>" % (self.__class__.__name__,

                                     self.user_id, self.username)

    def update_lastlogin(self):

        """Update user lastlogin"""

        try:

            session = Session.object_session(self)

            self.last_login = datetime.datetime.now()

            session.add(self)

            session.commit()

            log.debug('updated user %s lastlogin', self.username)

        except (DatabaseError,):

            session.rollback()

class UserLog(Base, BaseModel):

    __tablename__ = 'user_logs'

    __table_args__ = {'useexisting':True}

    user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    repository_id = Column("repository_id", Integer(length=None, convert_unicode=False, assert_unicode=None), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)

    repository_name = Column("repository_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    user_ip = Column("user_ip", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action = Column("action", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)

    user = relation('User')

    repository = relation('Repository')

class Repository(Base, BaseModel):

    __tablename__ = 'repositories'

    __table_args__ = (UniqueConstraint('repo_name'), {'useexisting':True},)

    repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    repo_name = Column("repo_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    repo_type = Column("repo_type", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg')

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)

    private = Column("private", Boolean(), nullable=True, unique=None, default=None)

    enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True)

    description = Column("description", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None)

    group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None)

    user = relation('User')

    fork = relation('Repository', remote_side=repo_id)

    group = relation('Group')

    repo_to_perm = relation('RepoToPerm', cascade='all')

    stats = relation('Statistics', cascade='all', uselist=False)

    repo_followers = relation('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__,

                                  self.repo_id, self.repo_name)

class Group(Base, BaseModel):

    __tablename__ = 'groups'

    __table_args__ = (UniqueConstraint('group_name'), {'useexisting':True},)

    group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    group_name = Column("group_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)

    parent_group = relation('Group', remote_side=group_id)

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,

                                  self.group_name)

class Permission(Base, BaseModel):

    __tablename__ = 'permissions'

    __table_args__ = {'useexisting':True}

    permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    permission_name = Column("permission_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    permission_longname = Column("permission_longname", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__,

                                  self.permission_id, self.permission_name)

class RepoToPerm(Base, BaseModel):

    __tablename__ = 'repo_to_perm'

    __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'useexisting':True})

    repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)

    repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)

    user = relation('User')

    permission = relation('Permission')

<%def name="main()">

<div class="box box-left">

    <!-- box / title -->

    <div class="title">

        ${self.breadcrumbs()}       

    </div>

    <!-- end box / title -->

    ${h.form(url('user', id=c.user.user_id),method='put')}

    <div class="form">

        <!-- fields -->

        <div class="fields">

             <div class="field">

                <div class="gravatar_box">

              		<div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(c.user.email)}"/></div>

              		<p>

              		<strong>Change your avatar at <a href="http://gravatar.com">gravatar.com</a></strong><br/> 

              		${_('Using')} ${c.user.email}

              		</p>

            	</div>

             </div>        

             <div class="field">

                <div class="label">

                    <label for="username">${_('Username')}:</label>

                </div>

                <div class="input">

                    ${h.text('username',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="new_password">${_('New password')}:</label>

                </div>

                <div class="input">

                    ${h.password('new_password',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="name">${_('First Name')}:</label>

                </div>

                <div class="input">

                    ${h.text('name',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="lastname">${_('Last Name')}:</label>

                </div>

                <div class="input">

                    ${h.text('lastname',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="email">${_('Email')}:</label>

                </div>

                <div class="input">

                    ${h.text('email',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label label-checkbox">

                    <label for="active">${_('Active')}:</label>

                </div>

                <div class="checkboxes">

                    ${h.checkbox('active',value=True)}

                </div>

             </div>

             <div class="field">

                <div class="label label-checkbox">

                    <label for="admin">${_('Admin')}:</label>

                </div>

                <div class="checkboxes">

                    ${h.checkbox('admin',value=True)}

                </div>

             </div>             

            <div class="buttons">

              ${h.submit('save','Save',class_="ui-button")}

              ${h.reset('reset','Reset',class_="ui-button")}

            </div>             

    	</div>    

    </div>

    ${h.end_form()}

</div>

<div class="box box-right">

    <!-- box / title -->

    <div class="title">

        <h5>${_('Permissions')}</h5>       

    </div>