# MA  02110-1301, USA.

"""

Created on April 7, 2010

admin controller for pylons

@author: marcink

"""

import logging

from pylons import request, response, session, tmpl_context as c

from pylons_app.lib.base import BaseController, render

from pylons_app.model import meta

from pylons_app.model.db import UserLog

from webhelpers.paginate import Page

from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator

log = logging.getLogger(__name__)

class AdminController(BaseController):

    @LoginRequired()

    def __before__(self):

        super(AdminController, self).__before__()

    @HasPermissionAllDecorator('hg.admin')        

    def index(self):

        p = int(request.params.get('page', 1))

        c.users_log = Page(users_log, page=p, items_per_page=10)

        c.log_data = render('admin/admin_log.html')

        if request.params.get('partial'):

            return c.log_data

        return render('admin/admin.html')    

#!/usr/bin/env python

# encoding: utf-8

# settings controller for pylons

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on July 14, 2010

settings controller for pylons

@author: marcink

"""

from formencode import htmlfill

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from pylons_app.lib import helpers as h

from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator

from pylons_app.lib.base import BaseController, render

from pylons_app.model.hg_model import HgModel

from pylons_app.model.user_model import UserModel

import formencode

import logging

log = logging.getLogger(__name__)

class SettingsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('setting', 'settings', controller='admin/settings', 

    #         path_prefix='/admin', name_prefix='admin_')

    @LoginRequired()

    #@HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        c.admin_user = session.get('admin_user')

        c.admin_username = session.get('admin_username')

        super(SettingsController, self).__before__()

    def index(self, format='html'):

        """GET /admin/settings: All items in the collection"""

        # url('admin_settings')

    def create(self):

        """POST /admin/settings: Create a new item"""

        # url('admin_settings')

    def new(self, format='html'):

        """GET /admin/settings/new: Form to create a new item"""

        # url('admin_new_setting')

    def update(self, id):

        """PUT /admin/settings/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('admin_setting', id=ID),

        #           method='put')

        # url('admin_setting', id=ID)

        if id == 'mapping':

            rm_obsolete = request.POST.get('destroy', False)

            log.debug('Rescanning directories with destroy=%s', rm_obsolete)

            initial = HgModel.repo_scan(g.paths[0][0], g.paths[0][1], g.baseui)

            repo2db_mapper(initial, rm_obsolete)

            invalidate_cache('cached_repo_list')

        return redirect(url('admin_settings'))

    def delete(self, id):

        """DELETE /admin/settings/id: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('admin_setting', id=ID),

        #           method='delete')

        # url('admin_setting', id=ID)

    def show(self, id, format='html'):

        """GET /admin/settings/id: Show a specific item"""

        # url('admin_setting', id=ID)

    def edit(self, id, format='html'):

        """GET /admin/settings/id/edit: Form to edit an existing item"""

        # url('admin_edit_setting', id=ID)

        """GET /users: All items in the collection"""

        # url('users')

        c.users_list = self.sa.query(User).all()     

        return render('admin/users/users.html')

    def create(self):

        """POST /users: Create a new item"""

        # url('users')

        user_model = UserModel()

        login_form = UserForm()()

        try:

            form_result = login_form.to_python(dict(request.POST))

            user_model.create(form_result)

            h.flash(_('created user %s') % form_result['username'],

                    category='success')

        except formencode.Invalid as errors:

            c.form_errors = errors.error_dict

            return htmlfill.render(

                 render('admin/users/user_add.html'),

                defaults=errors.value,

                encoding="UTF-8")

        except Exception:

            h.flash(_('error occured during creation of user') \

                    % request.POST.get('username'), category='error')            

        return redirect(url('users'))

    def new(self, format='html'):

        """GET /users/new: Form to create a new item"""

        # url('new_user')

        return render('admin/users/user_add.html')

    def update(self, id):

        """PUT /users/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('user', id=ID),

        #           method='put')

        # url('user', id=ID)

        user_model = UserModel()

        _form = UserForm(edit=True)()

        try:

            form_result = _form.to_python(dict(request.POST))

            user_model.update(id, form_result)

            h.flash(_('User updated succesfully'), category='success')

from functools import wraps

from pylons import config, session, url, request

from pylons.controllers.util import abort, redirect

from pylons_app.lib.utils import get_repo_slug

from pylons_app.model import meta

from pylons_app.model.db import User, Repo2Perm, Repository, Permission

from sqlalchemy.exc import OperationalError

from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound

import crypt

import logging

log = logging.getLogger(__name__) 

def get_crypt_password(password):

    """

    Cryptographic function used for password hashing

    @param password: password to hash

    """

    return crypt.crypt(password, '6a')

@cache_region('super_short_term', 'cached_user')

def get_user_cached(username):

    sa = meta.Session

    return user

def authfunc(environ, username, password):

    password_crypt = get_crypt_password(password)

    try:

        user = get_user_cached(username)

    except (NoResultFound, MultipleResultsFound, OperationalError) as e:

        log.error(e)

        user = None

    if user:

        if user.active:

            if user.username == username and user.password == password_crypt:

                log.info('user %s authenticated correctly', username)

                return True

        else:

            log.error('user %s is disabled', username)

    return False

class  AuthUser(object):

    """

    A simple object that handles a mercurial username for authentication

    """

    def __init__(self):

        self.username = 'None'

        self.user_id = None

        self.is_authenticated = False

        self.is_admin = False

        self.permissions = {}

def set_available_permissions(config):

    """

    This function will propagate pylons globals with all available defined

    permission given in db. We don't wannt to check each time from db for new 

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    @param config:

    """

    log.info('getting information about all available permissions')

    config['available_permissions'] = [x.permission_name for x in all_perms]

def set_base_path(config):

    config['base_path'] = config['pylons.app_globals'].base_path

def fill_perms(user):

    sa = meta.Session

    user.permissions['repositories'] = {}

    #first fetch default permissions

    default_perms = sa.query(Repo2Perm, Repository, Permission)\

        .join((Repository, Repo2Perm.repository == Repository.repo_name))\

        .join((Permission, Repo2Perm.permission_id == Permission.permission_id))\

        .filter(Repo2Perm.user_id == sa.query(User).filter(User.username == 

                                            'default').one().user_id).all()

    if user.is_admin:

        user.permissions['global'] = set(['hg.admin'])

        #admin have all rights full

        for perm in default_perms:

            p = 'repository.admin'

            user.permissions['repositories'][perm.Repo2Perm.repository] = p

    else:

        for perm in default_perms:

            if perm.Repository.private:

                #disable defaults for private repos,

                p = 'repository.none'

            elif perm.Repository.user_id == user.user_id:

                #set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions['repositories'][perm.Repo2Perm.repository] = p

        user_perms = sa.query(Repo2Perm, Permission, Repository)\

            .join((Repository, Repo2Perm.repository == Repository.repo_name))\

            .join((Permission, Repo2Perm.permission_id == Permission.permission_id))\

            .filter(Repo2Perm.user_id == user.user_id).all()

        #overwrite userpermissions with defaults

        for perm in user_perms:

            #set write if owner

            if perm.Repository.user_id == user.user_id:

                p = 'repository.write'

            else:

                p = perm.Permission.permission_name

    return user

def get_user(session):

    """

    Gets user from session, and wraps permissions into user

    @param session:

    """

    user = session.get('hg_app_user', AuthUser())

    if user.is_authenticated:

        user = fill_perms(user)

    session['hg_app_user'] = user

    session.save()

    return user

#===============================================================================

# CHECK DECORATORS

#===============================================================================

class LoginRequired(object):

    """

    Must be logged in to execute this function else redirect to login page

    """

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on April 10, 2010

database managment and creation for hg app

@author: marcink

"""

from os.path import dirname as dn, join as jn

import os

import sys

import uuid

ROOT = dn(dn(dn(os.path.realpath(__file__))))

sys.path.append(ROOT)

from pylons_app.lib.auth import get_crypt_password

from pylons_app.model import init_model

from pylons_app.model.db import User, Permission, HgAppUi, HgAppSettings

from sqlalchemy.engine import create_engine

import logging

log = logging.getLogger('db manage')

log.setLevel(logging.DEBUG)

console_handler = logging.StreamHandler()

console_handler.setFormatter(logging.Formatter("%(asctime)s.%(msecs)03d" 

                                  " %(levelname)-5.5s [%(name)s] %(message)s"))

log.addHandler(console_handler)

class DbManage(object):

    def __init__(self, log_sql):

        self.dbname = 'hg_app.db'

        dburi = 'sqlite:////%s' % jn(ROOT, self.dbname)

        engine = create_engine(dburi, echo=log_sql) 

        init_model(engine)

        self.db_exists = False

    def check_for_db(self, override):

        log.info('checking for exisiting db')

        if os.path.isfile(jn(ROOT, self.dbname)):

            self.db_exists = True

            log.info('database exisist')

            if not override:

                raise Exception('database already exists')

    def create_tables(self, override=False):

        """

        Create a auth database

        """

        self.check_for_db(override)

        if override:

            log.info("database exisist and it's going to be destroyed")

            if self.db_exists:

                os.remove(jn(ROOT, self.dbname))

        log.info('Created tables for %s', self.dbname)

    def admin_prompt(self):

        import getpass

        username = raw_input('Specify admin username:')

        password = getpass.getpass('Specify admin password:')

        self.create_user(username, password, True)

    def config_prompt(self):

        log.info('Setting up repositories config')

        path = raw_input('Specify valid full path to your repositories'

                        ' you can change this later application settings:')

        if not os.path.isdir(path):

            log.error('You entered wrong path')

            sys.exit()

        hooks = HgAppUi()

        hooks.ui_section = 'hooks'

        hooks.ui_key = 'changegroup'

        hooks.ui_value = 'hg update >&2'

from mercurial.hgweb import hgweb

from mercurial.hgweb.request import wsgiapplication

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from pylons_app.lib.auth import authfunc, HasPermissionAnyMiddleware, \

    get_user_cached

from pylons_app.lib.utils import is_mercurial, make_ui, invalidate_cache, \

    check_repo_fast

from pylons_app.model import meta

from pylons_app.model.db import UserLog, User

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

import logging

import os

import pylons_app.lib.helpers as h

import traceback

log = logging.getLogger(__name__)

class SimpleHg(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        #authenticate this mercurial request using 

    def __call__(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

        #===================================================================

        # AUTHENTICATE THIS MERCURIAL REQUEST

        #===================================================================

        username = REMOTE_USER(environ)

        if not username:

            result = self.authenticate(environ)

            if isinstance(result, str):

                AUTH_TYPE.update(environ, 'basic')

                REMOTE_USER.update(environ, result)

            else:

                return result.wsgi_application(environ, start_response)

        try:

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

        except:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

        #===================================================================

        # CHECK PERMISSIONS FOR THIS REQUEST

        #===================================================================

        action = self.__get_action(environ)

        if action:

            username = self.__get_environ_user(environ)

            try:

                user = self.__get_user(username)

            except:

                log.error(traceback.format_exc())

                return HTTPInternalServerError()(environ, start_response)

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                if mapping.has_key(cmd):

                    return mapping[cmd]

    def __log_user_action(self, user, action, repo, ipaddr):

        sa = meta.Session

        try:

            user_log = UserLog()

            user_log.user_id = user.user_id

            user_log.action = action

            user_log.repository = repo.replace('/', '')

            user_log.action_date = datetime.now()

            user_log.user_ip = ipaddr

            sa.add(user_log)

            sa.commit()

            log.info('Adding user %s, action %s on %s',

                                            user.username, action, repo)

        except Exception as e:

            sa.rollback()

            log.error('could not log user action:%s', str(e))

    def __invalidate_cache(self, repo_name):

        """we know that some change was made to repositories and we should

        invalidate the cache to see the changes right away but only for

        push requests"""

        invalidate_cache('cached_repo_list')

        invalidate_cache('full_changelog', repo_name)

    def __load_web_settings(self, hgserve):

        #set the global ui for hgserve

        hgserve.repo.ui = self.baseui

        hgrc = os.path.join(self.repo_path, '.hg', 'hgrc')

        repoui = make_ui('file', hgrc, False)

        if repoui:

            #set the repository based config

            hgserve.repo.ui = repoui

        return hgserve

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

from beaker.cache import cache_region

"""

Created on April 18, 2010

Utilities for hg app

@author: marcink

"""

import os

import logging

from mercurial import ui, config, hg

from mercurial.error import RepoError

from pylons_app.model.db import Repository, User, HgAppUi, HgAppSettings

log = logging.getLogger(__name__)

def get_repo_slug(request):

    return request.environ['pylons.routes_dict'].get('repo_name')

def is_mercurial(environ):

    """

    Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    if http_accept and http_accept.startswith('application/mercurial'):

        return True

    return False

def check_repo_dir(paths):

    repos_path = paths[0][1].split('/')

    if repos_path[-1] in ['*', '**']:

        repos_path = repos_path[:-1]

    if repos_path[0] != '/':

        repos_path[0] = '/'

    if not os.path.isdir(os.path.join(*repos_path)):

        raise Exception('Not a valid repository in %s' % paths[0][1])

    if os.path.isdir(os.path.join(base_path, repo_name)):return False

    return True

def check_repo(repo_name, base_path, verify=True):

    repo_path = os.path.join(base_path, repo_name)

    try:

        if not check_repo_fast(repo_name, base_path):

            return False

        r = hg.repository(ui.ui(), repo_path)

        if verify:

            hg.verify(r)

        #here we hnow that repo exists it was verified

        log.info('%s repo is already created', repo_name)

        return False

    except RepoError:

        #it means that there is no valid repo there...

        log.info('%s repo is free for creation', repo_name)

        return True

@cache_region('super_short_term', 'cached_hg_ui')

def get_hg_ui_cached():

def get_hg_settings():

    if not ret:

        raise Exception('Could not get application settings !')

    return ret

def make_ui(read_from='file', path=None, checkpaths=True):        

    """

    A function that will read python rc files or database

    and make an mercurial ui object from read options

    @param path: path to mercurial config file

    @param checkpaths: check the path

    @param read_from: read from 'file' or 'db'

    """

    #propagated from mercurial documentation

    sections = ['alias', 'auth',

                'decode/encode', 'defaults',

                'diff', 'email',

                'extensions', 'format',

                'merge-patterns', 'merge-tools',

                'hooks', 'http_proxy',

                'smtp', 'patch',

                'paths', 'profiling',

                'server', 'trusted',

                'ui', 'web', ]

        region_invalidate(_full_changelog_cached, None, *args)

from vcs.backends.base import BaseChangeset

from vcs.utils.lazy import LazyProperty

class EmptyChangeset(BaseChangeset):

    revision = -1

    message = ''

    @LazyProperty

    def raw_id(self):

        """

        Returns raw string identifing this changeset, useful for web

        representation.

        """

        return '0' * 12

def repo2db_mapper(initial_repo_list, remove_obsolete=False):

    """

    maps all found repositories into db

    """

    from pylons_app.model.repo_model import RepoModel

    user = sa.query(User).filter(User.admin == True).first()

    rm = RepoModel()

    for name, repo in initial_repo_list.items():

        if not sa.query(Repository).get(name):

            log.info('repository %s not found creating default', name)

            form_data = {

                         'repo_name':name,

                         'description':repo.description if repo.description != 'unknown' else \

                                        'auto description for %s' % name,

                         'private':False

                         }

            rm.create(form_data, user, just_db=True)

    if remove_obsolete:

        #remove from database those repositories that are not in the filesystem

        for repo in sa.query(Repository).all():

            if repo.repo_name not in initial_repo_list.keys():

                sa.delete(repo)

                sa.commit()

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit))

        description = UnicodeString(strip=True, min=3, not_empty=True)

        private = StringBoolean(if_missing=False)

        if edit:

            user = All(Int(not_empty=True), ValidRepoUser)

        chained_validators = [ValidPerms]

    return _RepoForm

def RepoSettingsForm(edit=False):

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit))

        description = UnicodeString(strip=True, min=3, not_empty=True)

        private = StringBoolean(if_missing=False)

        chained_validators = [ValidPerms, ValidSettings]

    return _RepoForm

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on April 9, 2010