@property

    def is_admin(self):

        return self.admin

    @property

    def AuthUser(self):

        """

        Returns instance of AuthUser for this user

        """

        from kallithea.lib.auth import AuthUser

        return AuthUser(dbuser=self)

    @hybrid_property

    def user_data(self):

        if not self._user_data:

            return {}

        try:

            return json.loads(self._user_data)

        except TypeError:

            return {}

    @user_data.setter

    def user_data(self, val):

        try:

            self._user_data = json.dumps(val)

        except Exception:

            log.error(traceback.format_exc())

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__,

                                      self.user_id, self.username)

    @classmethod

    def get_or_404(cls, id_, allow_default=True):

        '''

        Overridden version of BaseModel.get_or_404, with an extra check on

        the default user.

        '''

        user = super(User, cls).get_or_404(id_)

        if allow_default == False:

            if user.username == User.DEFAULT_USER:

                raise DefaultUserException

        return user

    @classmethod

    def get_by_username(cls, username, case_insensitive=False, cache=False):

        if case_insensitive:

        else:

            q = cls.query().filter(cls.username == username)

        if cache:

            q = q.options(FromCache(

                            "sql_cache_short",

                            "get_user_%s" % _hash_key(username)

                          )

            )

        return q.scalar()

    @classmethod

    def get_by_api_key(cls, api_key, cache=False, fallback=True):

        if len(api_key) != 40 or not api_key.isalnum():

            return None

        q = cls.query().filter(cls.api_key == api_key)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_api_key_%s" % api_key))

        res = q.scalar()

        if fallback and not res:

            #fallback to additional keys

            _res = UserApiKeys.query() \

                .filter(UserApiKeys.api_key == api_key) \

                .filter(or_(UserApiKeys.expires == -1,

                            UserApiKeys.expires >= time.time())) \

                .first()

            if _res:

                res = _res.user

        return res

    @classmethod

    def get_by_email(cls, email, cache=False):

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_email_key_%s" % email))

        ret = q.scalar()

        if ret is None:

            q = UserEmailMap.query()

            # try fetching in alternate email map

            q = q.options(joinedload(UserEmailMap.user))

            if cache:

                q = q.options(FromCache("sql_cache_short",

                                        "get_email_map_key_%s" % email))

            ret = getattr(q.scalar(), 'user', None)

        return ret

    @classmethod

    def get_from_cs_author(cls, author):

        """

        Tries to get User objects out of commit author string

        :param author:

        """

        from kallithea.lib.helpers import email, author_name

        # Valid email in the attribute passed, see if they're in the system

        _email = email(author)

        if _email:

            user = cls.get_by_email(_email)

            if user is not None:

                return user

        # Maybe we can match by username?

        _author = author_name(author)

        user = cls.get_by_username(_author, case_insensitive=True)

        if user is not None:

            return user

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session().add(self)

        log.debug('updated user %s lastlogin', self.username)

    @classmethod

    def get_first_admin(cls):

        user = User.query().filter(User.admin == True).first()

        if user is None:

            raise Exception('Missing administrative account!')

        return user

    @classmethod

    def get_default_user(cls, cache=False):

        user = User.get_by_username(User.DEFAULT_USER, cache=cache)

        if user is None:

            raise Exception('Missing default account!')

        return user

    __table_args__ = (

        _table_args_default_dict,

    )

    users_group_id = Column(Integer(), unique=True, primary_key=True)

    users_group_name = Column(Unicode(255), nullable=False, unique=True)

    user_group_description = Column(Unicode(10000), nullable=True) # FIXME: not nullable?

    users_group_active = Column(Boolean(), nullable=False)

    inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, default=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    _group_data = Column("group_data", LargeBinary(), nullable=True)  # JSON data # FIXME: not nullable?

    members = relationship('UserGroupMember', cascade="all, delete-orphan")

    users_group_to_perm = relationship('UserGroupToPerm', cascade='all')

    users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')

    users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    user_user_group_to_perm = relationship('UserUserGroupToPerm ', cascade='all')

    user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')

    user = relationship('User')

    @hybrid_property

    def group_data(self):

        if not self._group_data:

            return {}

        try:

            return json.loads(self._group_data)

        except TypeError:

            return {}

    @group_data.setter

    def group_data(self, val):

        try:

            self._group_data = json.dumps(val)

        except Exception:

            log.error(traceback.format_exc())

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__,

                                      self.users_group_id,

                                      self.users_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, cache=False,

                          case_insensitive=False):

        if case_insensitive:

        else:

            q = cls.query().filter(cls.users_group_name == group_name)

        if cache:

            q = q.options(FromCache(

                            "sql_cache_short",

                            "get_group_%s" % _hash_key(group_name)

                          )

            )

        return q.scalar()

    @classmethod

    def get(cls, user_group_id, cache=False):

        user_group = cls.query()

        if cache:

            user_group = user_group.options(FromCache("sql_cache_short",

                                    "get_users_group_%s" % user_group_id))

        return user_group.get(user_group_id)

    def get_api_data(self, with_members=True):

        user_group = self

        data = dict(

            users_group_id=user_group.users_group_id,

            group_name=user_group.users_group_name,

            group_description=user_group.user_group_description,

            active=user_group.users_group_active,

            owner=user_group.user.username,

        )

        if with_members:

            members = []

            for user in user_group.members:

                user = user.user

                members.append(user.get_api_data())

            data['members'] = members

        return data

class UserGroupMember(Base, BaseModel):

    __tablename__ = 'users_groups_members'

    __table_args__ = (

        _table_args_default_dict,

    )

    users_group_member_id = Column(Integer(), unique=True, primary_key=True)

    users_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    )

    __mapper_args__ = {'order_by': 'group_name'}

    SEP = ' » '

    group_id = Column(Integer(), unique=True, primary_key=True)

    group_name = Column(Unicode(255), nullable=False, unique=True)

    group_parent_id = Column(Integer(), ForeignKey('groups.group_id'), nullable=True)

    group_description = Column(Unicode(10000), nullable=False)

    enable_locking = Column(Boolean(), nullable=False, default=False)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    parent_group = relationship('RepoGroup', remote_side=group_id)

    user = relationship('User')

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__, self.group_id,

                                      self.group_name)

    @classmethod

    def _generate_choice(cls, repo_group):

        """Return tuple with group_id and name as html literal"""

        from webhelpers.html import literal

        if repo_group is None:

            return (-1, u'-- %s --' % _('top level'))

        return repo_group.group_id, literal(cls.SEP.join(repo_group.full_path_splitted))

    @classmethod

    def groups_choices(cls, groups):

        """Return tuples with group_id and name as html literal."""

        return sorted((cls._generate_choice(g) for g in groups),

                      key=lambda c: c[1].split(cls.SEP))

    @classmethod

    def url_sep(cls):

        return URL_SEP

    @classmethod

    def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):

        if case_insensitive:

            gr = cls.query() \

        else:

            gr = cls.query() \

                .filter(cls.group_name == group_name)

        if cache:

            gr = gr.options(FromCache(

                            "sql_cache_short",

                            "get_group_%s" % _hash_key(group_name)

                            )

            )

        return gr.scalar()

    @property

    def parents(self):

        parents_recursion_limit = 10

        groups = []

        if self.parent_group is None:

            return groups

        cur_gr = self.parent_group

        groups.insert(0, cur_gr)

        cnt = 0

        while 1:

            cnt += 1

            gr = getattr(cur_gr, 'parent_group', None)

            cur_gr = cur_gr.parent_group

            if gr is None:

                break

            if cnt == parents_recursion_limit:

                # this will prevent accidental infinite loops

                log.error(('more than %s parents found for group %s, stopping '

                           'recursive parent fetching' % (parents_recursion_limit, self)))

                break

            groups.insert(0, gr)

        return groups

    @property

    def children(self):

        return RepoGroup.query().filter(RepoGroup.parent_group == self)

    @property

    def name(self):

        return self.group_name.split(RepoGroup.url_sep())[-1]

    @property

    def full_path(self):

        return self.group_name

    @property