:param auth_user: instance of user to set attributes

        :param user_id: user id to fetch by

        :param api_key: api key to fetch by

        """

        if user_id is None and api_key is None:

            raise Exception('You need to pass user_id or api_key')

        try:

            if api_key:

                dbuser = self.get_by_api_key(api_key)

            else:

                dbuser = self.get(user_id)

            if dbuser is not None and dbuser.active:

                log.debug('filling %s data' % dbuser)

                for k, v in dbuser.get_dict().items():

                    setattr(auth_user, k, v)

            else:

                return False

        except:

            log.error(traceback.format_exc())

            auth_user.is_authenticated = False

            return False

        return True

    def fill_perms(self, user, explicit=True, algo='higherwin'):

        """

        Fills user permission attribute with permissions taken from database

        works for permissions given for repositories, and for permissions that

        are granted to groups

        :param user: user instance to fill his perms

        :param explicit: In case there are permissions both for user and a group

            that user is part of, explicit flag will defiine if user will

            explicitly override permissions from group, if it's False it will

            make decision based on the algo

        :param algo: algorithm to decide what permission should be choose if

            it's multiple defined, eg user in two different groups. It also

            decides if explicit flag is turned off how to specify the permission

            for case when user is in a group + have defined separate permission

        """

        RK = 'repositories'

        GK = 'repositories_groups'

        GLOBAL = 'global'

        user.permissions[RK] = {}

        user.permissions[GK] = {}

        user.permissions[GLOBAL] = set()

        def _choose_perm(new_perm, cur_perm):

            new_perm_val = PERM_WEIGHTS[new_perm]

            cur_perm_val = PERM_WEIGHTS[cur_perm]

            if algo == 'higherwin':

                if new_perm_val > cur_perm_val:

                    return new_perm

                return cur_perm

            elif algo == 'lowerwin':

                if new_perm_val < cur_perm_val:

                    return new_perm

                return cur_perm

        #======================================================================

        # fetch default permissions

        #======================================================================

        default_user = User.get_by_username('default', cache=True)

        default_user_id = default_user.user_id

        default_repo_perms = Permission.get_default_perms(default_user_id)

        default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)

        if user.is_admin:

            #==================================================================

            # admin user have all default rights for repositories

            # and groups set to admin

            #==================================================================

            user.permissions[GLOBAL].add('hg.admin')

            # repositories

            for perm in default_repo_perms:

                r_k = perm.UserRepoToPerm.repository.repo_name

                p = 'repository.admin'

                user.permissions[RK][r_k] = p

            # repositories groups

            for perm in default_repo_groups_perms:

                rg_k = perm.UserRepoGroupToPerm.group.group_name

                p = 'group.admin'

                user.permissions[GK][rg_k] = p

            return user

        #==================================================================

        # SET DEFAULTS GLOBAL, REPOS, REPOS GROUPS

        #==================================================================

        uid = user.user_id

        # default global permissions taken fron the default user

        default_global_perms = self.sa.query(UserToPerm)\

            .filter(UserToPerm.user_id == default_user_id)

        for perm in default_global_perms:

            user.permissions[GLOBAL].add(perm.permission.permission_name)

        # defaults for repositories, taken from default user

        for perm in default_repo_perms:

            r_k = perm.UserRepoToPerm.repository.repo_name

            if perm.Repository.private and not (perm.Repository.user_id == uid):

                # disable defaults for private repos,

                p = 'repository.none'

            elif perm.Repository.user_id == uid:

                # set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions[RK][r_k] = p

        # defaults for repositories groups taken from default user permission

        # on given group

        for perm in default_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            user.permissions[GK][rg_k] = p

        #======================================================================

        # !! OVERRIDE GLOBALS !! with user permissions if any found

        #======================================================================

        # those can be configured from groups or users explicitly

        _configurable = set(['hg.fork.none', 'hg.fork.repository',

                             'hg.create.none', 'hg.create.repository'])

        # USER GROUPS comes first

        # users group global permissions

        user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\

            .options(joinedload(UsersGroupToPerm.permission))\

            .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==

                   UsersGroupMember.users_group_id))\

            .filter(UsersGroupMember.user_id == uid)\

            .order_by(UsersGroupToPerm.users_group_id)\

            .all()

        #need to group here by groups since user can be in more than one group

        _grouped = [[x, list(y)] for x, y in

                    itertools.groupby(user_perms_from_users_groups,

                                      lambda x:x.users_group)]

        for gr, perms in _grouped:

            # since user can be in multiple groups iterate over them and

            # select the lowest permissions first (more explicit)

            ##TODO: do this^^

            if not gr.inherit_default_permissions:

                # NEED TO IGNORE all configurable permissions and

                # replace them with explicitly set

                user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                                .difference(_configurable)

            for perm in perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        # user specific global permissions

        user_perms = self.sa.query(UserToPerm)\

                .options(joinedload(UserToPerm.permission))\

                .filter(UserToPerm.user_id == uid).all()

        if not user.inherit_default_permissions:

            # NEED TO IGNORE all configurable permissions and

            # replace them with explicitly set

            user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                            .difference(_configurable)

            for perm in user_perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        #======================================================================

        # !! PERMISSIONS FOR REPOSITORIES !!

        #======================================================================

        #======================================================================

        # check if user is part of user groups for this repository and

        # fill in his permission from it. _choose_perm decides of which

        # permission should be selected based on selected method

        #======================================================================

        # users group for repositories permissions

        user_repo_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\

            .join((Repository, UsersGroupRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UsersGroupRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==

                   UsersGroupMember.users_group_id))\

            .filter(UsersGroupMember.user_id == uid)\

            .all()

        for perm in user_repo_perms_from_users_groups:

            r_k = perm.UsersGroupRepoToPerm.repository.repo_name

            multiple_counter[r_k] += 1

            p = perm.Permission.permission_name

            cur_perm = user.permissions[RK][r_k]

            if perm.Repository.user_id == uid:

                # set admin if owner

                p = 'repository.admin'

            else:

                if multiple_counter[r_k] > 1:

                    p = _choose_perm(p, cur_perm)

            user.permissions[RK][r_k] = p

        # user explicit permissions for repositories, overrides any specified

        # by the group permission

        user_repo_perms = \

         self.sa.query(UserRepoToPerm, Permission, Repository)\

            .join((Repository, UserRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UserRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .filter(UserRepoToPerm.user_id == uid)\

            .all()

        for perm in user_repo_perms:

            r_k = perm.UserRepoToPerm.repository.repo_name

            cur_perm = user.permissions[RK][r_k]

            # set admin if owner

            if perm.Repository.user_id == uid:

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

                if not explicit:

                    p = _choose_perm(p, cur_perm)

            user.permissions[RK][r_k] = p

        #======================================================================

        # !! PERMISSIONS FOR REPOSITORIES GROUPS !!

        #======================================================================

        #======================================================================

        # check if user is part of user groups for this repository groups and

        # fill in his permission from it. _choose_perm decides of which

        # permission should be selected based on selected method

        #======================================================================

        # users group for repo groups permissions

        user_repo_group_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UsersGroupRepoGroupToPerm.permission_id

                == Permission.permission_id))\

         .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id

                == UsersGroupMember.users_group_id))\

         .filter(UsersGroupMember.user_id == uid)\

         .all()

        for perm in user_repo_group_perms_from_users_groups:

            g_k = perm.UsersGroupRepoGroupToPerm.group.group_name

            multiple_counter[g_k] += 1

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][g_k]

            if multiple_counter[g_k] > 1:

                p = _choose_perm(p, cur_perm)

            user.permissions[GK][g_k] = p

        # user explicit permissions for repository groups

        user_repo_groups_perms = \

         self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UserRepoGroupToPerm.permission_id

                == Permission.permission_id))\

         .filter(UserRepoGroupToPerm.user_id == uid)\

         .all()

        for perm in user_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][rg_k]

            if not explicit:

                p = _choose_perm(p, cur_perm)

            user.permissions[GK][rg_k] = p

        return user

    def has_perm(self, user, perm):

        perm = self._get_perm(perm)

        user = self._get_user(user)

        return UserToPerm.query().filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user, perm):

        """

        Grant user global permissions

        :param user:

        :param perm:

        """

        user = self._get_user(user)

        perm = self._get_perm(perm)

        # if this permission is already granted skip it

        _perm = UserToPerm.query()\

            .filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm)\

            .scalar()

        if _perm:

            return

        new = UserToPerm()

        new.user = user

        new.permission = perm

        self.sa.add(new)

    def revoke_perm(self, user, perm):

        """

        Revoke users global permissions

        :param user:

        :param perm:

        """

        user = self._get_user(user)

        perm = self._get_perm(perm)

        obj = UserToPerm.query()\

                .filter(UserToPerm.user == user)\

                .filter(UserToPerm.permission == perm)\

                .scalar()

        if obj:

            self.sa.delete(obj)

    def add_extra_email(self, user, email):

        """

        Adds email address to UserEmailMap

        :param user:

        :param email:

        """

        from rhodecode.model import forms

        form = forms.UserExtraEmailForm()()

        data = form.to_python(dict(email=email))

        user = self._get_user(user)

        obj = UserEmailMap()

        obj.user = user

        obj.email = data['email']

        self.sa.add(obj)

        return obj

    def delete_extra_email(self, user, email_id):

        """

        Removes email address from UserEmailMap

        :param user:

        :param email_id:

        """

        user = self._get_user(user)

        obj = UserEmailMap.query().get(email_id)

        if obj:

            self.sa.delete(obj)