9b3e9e242f5c97cc0c7657e5ac93dce7de61ca16 0 iQEcBAABAgAGBQJWDuAdAAoJEJ1bI/kYT6UUAlYH/ReCa7Im5tvy+ot5oAc7xey/O2rCVHp2h6i82tTWK/0i9EaS4DP+eTbAjV4WJA4qWF5DPenEJ3X9JhrTLNvGkR0f7lUqiFVMTJ472YlSsvIWg38gVFruzwk1cODRfq72o8ERYcRSfzrL4cDpIqjEd/vVVCV/gKVvPmzr4/FED/ZmS0X6T9gxWJo/eWSuLNAxHHtE/pCWDO3XEe+iOm+hHjkyz4Hn2r9/+ucrirnzycH6DnYO/kWvQzBnzgMjJm+1rLZ5cfU89V8zfhv6z0pd8CHZfpKGc2Z8EwVJq9LR+M4/76uDlYXx7IfZAxhRNqN6MC+yvPmDo3382dNr7Wkopi0=

9bf8eb837e785b6856ccfac264e977ce3ebe1535 0 iQEcBAABAgAGBQJW5XaVAAoJEJ1bI/kYT6UUbeMH/AsGg21jTc0tTT+228T+WfrfkbxrPkkULQF/Eo3ChlrhnFZ5B1y7ellSx6XGas7yKpqHHtNmrVwY3KBfUaYEljML/osEt1kvM6JGcd0vDbAW1uA2sdJR2AXmf32MjguFVhmYi9Lj79WYtgg241YGPe4dH0ompNFVqazNxCfmDBZijzSkF57FURMpV2e6+MyNq0txSo9Q82eALy0GAIX7NKQcxtynxG9ETzVzuVpeNE9MEZh0ObbUtPGezd55GXXcVqI8ZEurZwf6KHnd5M+5wxIZf84gM/k4QgQbRiIxNj4QfVmTZlVNSkC7PwSbF8twZPjlAprwldYvMi/c7ZVocEY=

53128b6b9a4ddb6ee9554cbb83a082a6d1316b42 rhodecode-0.0.1.0.0rc4

afd98d1f817e6a6b52172735c22160239e615a6b rhodecode-0.0.1.0.0

bee56f209c40a6880f2f633b02227b5ee1f8ff5a rhodecode-0.0.1.0.1

d85b0948e53925ebbbc49e9f7967013a04f866e9 rhodecode-0.0.1.0.2

d9c8dddb96af521e346f05b88d515c536eef3d17 rhodecode-0.0.1.1.0

344f748517814ed0408a49e392dc625f4cc37fdc rhodecode-0.0.1.1.1

6c01c12eafb8cc72d4c4cbd121400fad755b2862 rhodecode-0.0.1.1.2

4fa80e0484ef5c33feaa9c39fc66916f410ba353 rhodecode-0.0.1.1.3

cb77867d69d3c5931712aac486c980a42ee90745 rhodecode-0.0.1.1.5

cb77867d69d3c5931712aac486c980a42ee90745 rhodecode-0.0.1.1.5

008bdfdd95c8bd31ae6d89f76c75c1f49cbcd0bc rhodecode-0.0.1.1.5

c5af1d3c861fb36b156224e75c2f55a97f54657d rhodecode-0.0.1.1.6

7327a0d1584cf28d33e738048af1f6809d499451 rhodecode-0.0.1.1.7

bd102f45950f779995a1beae42b6eb099cdd27b3 rhodecode-0.0.1.1.7

c8974135732aa0ceb841cee6df66e29f089b4963 rhodecode-0.0.1.1.8

c252049af24cd98eef5f4143fa3abbff3c912e29 rhodecode-0.0.1.2.0

0b8fba8ab90b01f811a50e6e7384989cced21d38 rhodecode-0.0.1.2.1

22273bec00ba2fd860c60a9277d3d7229e288e18 rhodecode-0.0.1.2.2

1ff606a7858dbd8a5f70b3da5cc89524bd0d84f9 rhodecode-0.0.1.2.3

a7a282a902b207ce34e830d643c79b7ab52e3b35 rhodecode-0.0.1.2.4

b6b611e7722e754abebaae6e265cbb4c823d344d rhodecode-0.0.1.2.5

dbc82e3362a25d2aece42060089824c4342efd17 rhodecode-0.0.1.3.0

79a95f338fd0115b2cdb77118f39e17d22ff505c rhodecode-0.0.1.3.1

9ab21c5ddb84935bea5c743b4e147ed5a398b30c rhodecode-0.0.1.3.2

934906f028b582a254e0028ba25e5d20dd32b9cd rhodecode-0.0.1.3.3

af21362474e3ab5aa0e2fbb1c872356f2c16c4f3 rhodecode-0.0.1.3.4

0e2792e04bd316fe64335cbe6a476031ac60b29b rhodecode-0.0.1.3.5

edfff9f37916389144d3a3644d0a7d7adfd79b11 rhodecode-0.0.1.3.6

9ae95fdeca184f2404205645f06c6597b74ef2db rhodecode-0.0.1.4.0

909143a4dde53c46d4f24abb426ec870471c7de1 rhodecode-0.0.1.4.1

d998cc84cf726798486a438763053f0e1dc1b646 rhodecode-0.0.1.4.2

3f5d40b9dd99ccb009ea2211ee2d4b594c634946 rhodecode-0.0.1.4.3

3148c08cf86f1849917e2d50f7ab7766c1550b0a rhodecode-0.0.1.4.4

a5f0bc867edc88be23eb808693e5393a97d4c54a rhodecode-0.0.1.5.0

3259dc7caea48687eab018ee646ae6ad7e7ef377 rhodecode-0.0.1.5.1

efe23d6c178c11d575a0214181276a3452776e48 rhodecode-0.0.1.5.2

1a498b11f1540f5b94b6f6009298f5dc3eaad9e9 rhodecode-0.0.1.5.3

3447862ad8c9ceba85857774c526e39fde3a2281 rhodecode-0.0.1.5.4

c15d7b336af58df9f1bbc8f8957464e7ea618d4c rhodecode-0.0.1.6.0rc1

78b53ee0d247f90d51b028307ff5717851b6c265 rhodecode-0.0.1.6.0

351ad34d56321349ff5bd38f537bd768b8efef2e rhodecode-0.0.1.7.0

1f71ef689d2a3c9978cea6591a1f4e9107a5ca83 rhodecode-0.0.1.7.1

cc48c1541c7e2e84114bf92a0f9cd4b8b1341545 0.0

d17e88a1a88a29f6fac948c94498129e405a40d3 0.1

ad0ce803b40cb17fc3988373052943e041030b02 0.2

c6e32714336345403adf76abb6ebf9b8116fcdc7 0.2.1

14f488a5dc4ca6647bc6acf12534fd137e968aa8 0.2.2

9b3e9e242f5c97cc0c7657e5ac93dce7de61ca16 0.3

9bf8eb837e785b6856ccfac264e977ce3ebe1535 0.3.1

List of contributors to Kallithea project:

    Mads Kiilerich <madski@unity3d.com> 2012-2016

    Takumi IINO <trot.thunder@gmail.com> 2012-2016

    Unity Technologies 2012-2016

    Andrew Shadura <andrew@shadura.me> 2012 2014-2016

    Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> 2014-2016

    Jan Heylen <heyleke@gmail.com> 2015-2016

    Robert Rauch <mail@robertrauch.de> 2015-2016

    Søren Løvborg <sorenl@unity3d.com> 2015-2016

    Angel Ezquerra <angel.ezquerra@gmail.com> 2016

    Asterios Dimitriou <steve@pci.gr> 2016

    Robert James Dennington <tinytimrob@googlemail.com> 2016

    Aras Pranckevičius <aras@unity3d.com> 2012-2013 2015

    Sean Farley <sean.michael.farley@gmail.com> 2013-2015

    Christian Oyarzun <oyarzun@gmail.com> 2014-2015

    Joseph Rivera <rivera.d.joseph@gmail.com> 2014-2015

    Michal Čihař <michal@cihar.com> 2014-2015

    Anatoly Bubenkov <bubenkoff@gmail.com> 2015

    Andrew Bartlett <abartlet@catalyst.net.nz> 2015

    Balázs Úr <urbalazs@gmail.com> 2015

    Ben Finney <ben@benfinney.id.au> 2015

    Branko Majic <branko@majic.rs> 2015

    Daniel Hobley <danielh@unity3d.com> 2015

    David Avigni <david.avigni@ankapi.com> 2015

    Denis Blanchette <dblanchette@coveo.com> 2015

    duanhongyi <duanhongyi@doopai.com> 2015

    EriCSN Chang <ericsning@gmail.com> 2015

    Grzegorz Krason <grzegorz.krason@gmail.com> 2015

    Jiří Suchan <yed@vanyli.net> 2015

    Kazunari Kobayashi <kobanari@nifty.com> 2015

    Kevin Bullock <kbullock@ringworld.org> 2015

    kobanari <kobanari@nifty.com> 2015

    Marc Abramowitz <marc@marc-abramowitz.com> 2015

    Marc Villetard <marc.villetard@gmail.com> 2015

    Matthias Zilk <matthias.zilk@gmail.com> 2015

    Michael Pohl <michael@mipapo.de> 2015

    Michael V. DePalatis <mike@depalatis.net> 2015

    Morten Skaaning <mortens@unity3d.com> 2015

    Nick High <nick@silverchip.org> 2015

    Niemand Jedermann <predatorix@web.de> 2015

    Peter Vitt <petervitt@web.de> 2015

    Ronny Pfannschmidt <opensource@ronnypfannschmidt.de> 2015

    Sam Jaques <sam.jaques@me.com> 2015

    Tuux <tuxa@galaxie.eu.org> 2015

    Viktar Palstsiuk <vipals@gmail.com> 2015

    Ante Ilic <ante@unity3d.com> 2014

    Bradley M. Kuhn <bkuhn@sfconservancy.org> 2014

    Calinou <calinou@opmbx.org> 2014

    Daniel Anderson <daniel@dattrix.com> 2014

    Henrik Stuart <hg@hstuart.dk> 2014

    Ingo von Borstel <kallithea@planetmaker.de> 2014

    Jelmer Vernooij <jelmer@samba.org> 2014

    Jim Hague <jim.hague@acm.org> 2014

    Matt Fellows <kallithea@matt-fellows.me.uk> 2014

    Max Roman <max@choloclos.se> 2014

    Na'Tosha Bard <natosha@unity3d.com> 2014

    Rasmus Selsmark <rasmuss@unity3d.com> 2014

    Tim Freund <tim@freunds.net> 2014

    Travis Burtrum <android@moparisthebest.com> 2014

    Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com> 2014

    Marcin Kuźmiński <marcin@python-works.com> 2010-2013

    xpol <xpolife@gmail.com> 2012-2013

    Aparkar <aparkar@icloud.com> 2013

    Dennis Brakhane <brakhane@googlemail.com> 2013

    Grzegorz Rożniecki <xaerxess@gmail.com> 2013

    Jonathan Sternberg <jonathansternberg@gmail.com> 2013

    Leonardo Carneiro <leonardo@unity3d.com> 2013

    Magnus Ericmats <magnus.ericmats@gmail.com> 2013

    Martin Vium <martinv@unity3d.com> 2013

    Simon Lopez <simon.lopez@slopez.org> 2013

    Ton Plomp <tcplomp@gmail.com> 2013

    Augusto Herrmann <augusto.herrmann@planejamento.gov.br> 2011-2012

    Dan Sheridan <djs@adelard.com> 2012

    Dies Koper <diesk@fast.au.fujitsu.com> 2012

    Erwin Kroon <e.kroon@smartmetersolutions.nl> 2012

    H Waldo G <gwaldo@gmail.com> 2012

    hppj <hppj@postmage.biz> 2012

    Indra Talip <indra.talip@gmail.com> 2012

    mikespook 2012

    nansenat16 <nansenat16@null.tw> 2012

    Philip Jameson <philip.j@hostdime.com> 2012

    Raoul Thill <raoul.thill@gmail.com> 2012

    Stefan Engel <mail@engel-stefan.de> 2012

    Tony Bussieres <t.bussieres@gmail.com> 2012

    Vincent Caron <vcaron@bearstech.com> 2012

    Vincent Duvert <vincent@duvert.net> 2012

    Vladislav Poluhin <nuklea@gmail.com> 2012

    Zachary Auclair <zach101@gmail.com> 2012

    Ankit Solanki <ankit.solanki@gmail.com> 2011

Using other external tools such as mercurial-server_ or using ssh key-based

authentication is fully supported.

.. note:: In an advanced setup, in order for your ssh access to use

          the same permissions as set up via the Kallithea web

          interface, you can create an authentication hook to connect

          to the Kallithea db and run check functions for permissions

          against that.

Setting up Whoosh full text search

----------------------------------

Kallithea provides full text search of repositories using `Whoosh`__.

.. __: https://pythonhosted.org/Whoosh/

For an incremental index build, run::

    paster make-index my.ini

For a full index rebuild, run::

    paster make-index my.ini -f

The ``--repo-location`` option allows the location of the repositories to be overriden;

usually, the location is retrieved from the Kallithea database.

The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list::

    paster make-index my.ini --index-only=vcs,kallithea

To keep your index up-to-date it is necessary to do periodic index builds;

for this, it is recommended to use a crontab entry. Example::

    0  3  *  *  *  /path/to/virtualenv/bin/paster make-index /path/to/kallithea/my.ini

When using incremental mode (the default), Whoosh will check the last

modification date of each file and add it to be reindexed if a newer file is

available. The indexing daemon checks for any removed files and removes them

from index.

If you want to rebuild the index from scratch, you can use the ``-f`` flag as above,

or in the admin panel you can check the "build from scratch" checkbox.

.. _ldap-setup:

Setting up LDAP support

-----------------------

Kallithea supports LDAP authentication. In order

to use LDAP, you have to install the python-ldap_ package. This package is

available via PyPI, so you can install it by running::

    pip install python-ldap

.. note:: ``python-ldap`` requires some libraries to be installed on

          your system, so before installing it check that you have at

          least the ``openldap`` and ``sasl`` libraries.

Choose *Admin > Authentication*, click the ``kallithea.lib.auth_modules.auth_ldap`` button

and then *Save*, to enable the LDAP plugin and configure its settings.

Here's a typical LDAP setup::

 Connection settings

 Enable LDAP          = checked

 Host                 = host.example.com

 Port                 = 389

 Account              = <account>

 Password             = <password>

 Connection Security  = LDAPS connection

 Certificate Checks   = DEMAND

 Search settings

 Base DN              = CN=users,DC=host,DC=example,DC=org

 LDAP Filter          = (&(objectClass=user)(!(objectClass=computer)))

 LDAP Search Scope    = SUBTREE

 Attribute mappings

 Login Attribute      = uid

 First Name Attribute = firstName

 Last Name Attribute  = lastName

 Email Attribute      = mail

If your user groups are placed in an Organisation Unit (OU) structure, the Search Settings configuration differs::

 Search settings

 Base DN              = DC=host,DC=example,DC=org

 LDAP Filter          = (&(memberOf=CN=your user group,OU=subunit,OU=unit,DC=host,DC=example,DC=org)(objectClass=user))

 LDAP Search Scope    = SUBTREE

.. _enable_ldap:

Enable LDAP : required

permissions before the user logs in for the first time, using the :ref:`create-user` API.

Container-based authentication

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

In a container-based authentication setup, Kallithea reads the user name from

the ``REMOTE_USER`` server variable provided by the WSGI container.

After setting up your container (see `Apache with mod_wsgi`_), you'll need

to configure it to require authentication on the location configured for

Kallithea.

Proxy pass-through authentication

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

In a proxy pass-through authentication setup, Kallithea reads the user name

from the ``X-Forwarded-User`` request header, which should be configured to be

sent by the reverse-proxy server.

After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,

`Apache as subdirectory`_ or `Nginx virtual host example`_), you'll need to

configure the authentication and add the username in a request header named

``X-Forwarded-User``.

For example, the following config section for Apache sets a subdirectory in a

reverse-proxy setup with basic auth:

.. code-block:: apache

    <Location /someprefix>

      ProxyPass http://127.0.0.1:5000/someprefix

      ProxyPassReverse http://127.0.0.1:5000/someprefix

      SetEnvIf X-Url-Scheme https HTTPS=1

      AuthType Basic

      AuthName "Kallithea authentication"

      AuthUserFile /srv/kallithea/.htpasswd

      Require valid-user

      RequestHeader unset X-Forwarded-User

      RewriteEngine On

      RewriteCond %{LA-U:REMOTE_USER} (.+)

      RewriteRule .* - [E=RU:%1]

      RequestHeader set X-Forwarded-User %{RU}e

    </Location>

Setting metadata in container/reverse-proxy

When a new user account is created on the first login, Kallithea has no information about

the user's email and full name. So you can set some additional request headers like in the

example below. In this example the user is authenticated via Kerberos and an Apache

mod_python fixup handler is used to get the user information from a LDAP server. But you

could set the request headers however you want.

.. code-block:: apache

    <Location /someprefix>

      ProxyPass http://127.0.0.1:5000/someprefix

      ProxyPassReverse http://127.0.0.1:5000/someprefix

      SetEnvIf X-Url-Scheme https HTTPS=1

      AuthName "Kerberos Login"

      AuthType Kerberos

      Krb5Keytab /etc/apache2/http.keytab

      KrbMethodK5Passwd off

      KrbVerifyKDC on

      Require valid-user

      PythonFixupHandler ldapmetadata

      RequestHeader set X_REMOTE_USER %{X_REMOTE_USER}e

      RequestHeader set X_REMOTE_EMAIL %{X_REMOTE_EMAIL}e

      RequestHeader set X_REMOTE_FIRSTNAME %{X_REMOTE_FIRSTNAME}e

      RequestHeader set X_REMOTE_LASTNAME %{X_REMOTE_LASTNAME}e

    </Location>

.. code-block:: python

    from mod_python import apache

    import ldap

    LDAP_SERVER = "ldap://server.mydomain.com:389"

    LDAP_USER = ""

    LDAP_PASS = ""

    LDAP_ROOT = "dc=mydomain,dc=com"

    LDAP_FILTER = "sAMAcountName=%s"

    LDAP_ATTR_LIST = ['sAMAcountName','givenname','sn','mail']

    def fixuphandler(req):

        if req.user is None:

            # no user to search for

            return apache.OK

        else:

            try:

                if('\\' in req.user):

                    username = req.user.split('\\')[1]

        c.comment = create_comment(

            text,

            status,

            revision=revision,

            f_path=request.POST.get('f_path'),

            line_no=request.POST.get('line'),

        )

        # get status if set !

        if status:

            # if latest status was from pull request and it's closed

            # disallow changing status ! RLY?

            try:

                ChangesetStatusModel().set_status(

                    c.db_repo.repo_id,

                    status,

                    c.authuser.user_id,

                    c.comment,

                    revision=revision,

                    dont_allow_on_closed_pull_request=True,

                )

            except StatusChangeOnClosedPullRequestError:

                log.debug('cannot change status on %s with closed pull request', revision)

                raise HTTPBadRequest()

        action_logger(self.authuser,

                      'user_commented_revision:%s' % revision,

                      c.db_repo, self.ip_addr, self.sa)

        Session().commit()

        data = {

           'target_id': h.safeid(h.safe_unicode(request.POST.get('f_path'))),

        }

        if c.comment is not None:

            data.update(c.comment.get_dict())

            data.update({'rendered_text':

                         render('changeset/changeset_comment_block.html')})

        return data

    @LoginRequired()

    @NotAnonymous()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    @jsonify

    def delete_comment(self, repo_name, comment_id):

        owner = co.author.user_id == c.authuser.user_id

        if h.HasPermissionAny('hg.admin')() or repo_admin or owner:

            ChangesetCommentsModel().delete(comment=co)

            Session().commit()

            return True

        else:

            raise HTTPForbidden()

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    @jsonify

    def changeset_info(self, repo_name, revision):

        if request.is_xhr:

            try:

                return c.db_repo_scm_instance.get_changeset(revision)

            except ChangesetDoesNotExistError as e:

                return EmptyChangeset(message=str(e))

        else:

            raise HTTPBadRequest()

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    @jsonify

    def changeset_children(self, repo_name, revision):

        if request.is_xhr:

            changeset = c.db_repo_scm_instance.get_changeset(revision)

            result = {"results": []}

            if changeset.children:

                result = {"results": changeset.children}

            return result

        else:

            raise HTTPBadRequest()

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    @jsonify

    def changeset_parents(self, repo_name, revision):

        if request.is_xhr:

            changeset = c.db_repo_scm_instance.get_changeset(revision)

            result = {"results": []}

            if changeset.parents:

                result = {"results": changeset.parents}

            return result

        else:

            raise HTTPBadRequest()

        descriptions = description.replace('\r\n', '\n').split('\n-- \n', 1)

        description = descriptions[0].strip() + '\n\n-- \n' + '\n'.join(infos)

        if len(descriptions) > 1:

            description += '\n\n' + descriptions[1].strip()

        try:

            pull_request = PullRequestModel().create(

                self.authuser.user_id,

                old_pull_request.org_repo.repo_name, new_org_ref,

                old_pull_request.other_repo.repo_name, new_other_ref,

                revisions, reviewers_ids, title, description

            )

        except UserInvalidException as u:

            h.flash(_('Invalid reviewer "%s" specified') % u, category='error')

            raise HTTPBadRequest()

        except Exception:

            h.flash(_('Error occurred while creating pull request'),

                    category='error')

            log.error(traceback.format_exc())

            raise HTTPFound(location=old_pull_request.url())

        ChangesetCommentsModel().create(

            text=_('Closed, replaced by %s .') % pull_request.url(canonical=True),

            repo=old_pull_request.other_repo.repo_id,

            user=c.authuser.user_id,

            pull_request=old_pull_request.pull_request_id,

            closing_pr=True)

        PullRequestModel().close_pull_request(old_pull_request.pull_request_id)

        Session().commit()

        h.flash(_('Pull request update created'),

                category='success')

        raise HTTPFound(location=pull_request.url())

    # pullrequest_post for PR editing

    @LoginRequired()

    @NotAnonymous()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def post(self, repo_name, pull_request_id):

        pull_request = PullRequest.get_or_404(pull_request_id)

        if pull_request.is_closed():

            raise HTTPForbidden()

        assert pull_request.other_repo.repo_name == repo_name

        #only owner or admin can update it

        owner = pull_request.owner.user_id == c.authuser.user_id

        repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name)

            raise HTTPForbidden()

        _form = PullRequestPostForm()().to_python(request.POST)

        reviewers_ids = [int(s) for s in _form['review_members']]

        if _form['updaterev']:

            return self.create_update(pull_request,

                                      _form['updaterev'],

                                      _form['pullrequest_title'],

                                      _form['pullrequest_desc'],

                                      reviewers_ids)

        old_description = pull_request.description

        pull_request.title = _form['pullrequest_title']

        pull_request.description = _form['pullrequest_desc'].strip() or _('No description')

        pull_request.owner = User.get_by_username(_form['owner'])

        user = User.get(c.authuser.user_id)

        try:

            PullRequestModel().mention_from_description(user, pull_request, old_description)

            PullRequestModel().update_reviewers(user, pull_request_id, reviewers_ids)

        except UserInvalidException as u:

            h.flash(_('Invalid reviewer "%s" specified') % u, category='error')

            raise HTTPBadRequest()

        Session().commit()

        h.flash(_('Pull request updated'), category='success')

        raise HTTPFound(location=pull_request.url())

    @LoginRequired()

    @NotAnonymous()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    @jsonify

    def delete(self, repo_name, pull_request_id):

        pull_request = PullRequest.get_or_404(pull_request_id)

        #only owner can delete it !

        if pull_request.owner.user_id == c.authuser.user_id:

            PullRequestModel().delete(pull_request)

            Session().commit()

            h.flash(_('Successfully deleted pull request'),

                    category='success')

            raise HTTPFound(location=url('my_pullrequests'))

        raise HTTPForbidden()

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

        action_logger(self.authuser,

                      'user_commented_pull_request:%s' % pull_request_id,

                      c.db_repo, self.ip_addr, self.sa)

        if status:

            ChangesetStatusModel().set_status(

                c.db_repo.repo_id,

                status,

                c.authuser.user_id,

                comment,

                pull_request=pull_request_id

            )

        if close_pr:

            PullRequestModel().close_pull_request(pull_request_id)

            action_logger(self.authuser,

                          'user_closed_pull_request:%s' % pull_request_id,

                          c.db_repo, self.ip_addr, self.sa)

        Session().commit()

        if not request.environ.get('HTTP_X_PARTIAL_XHR'):

            raise HTTPFound(location=pull_request.url())

        data = {

           'target_id': h.safeid(h.safe_unicode(request.POST.get('f_path'))),

        }

        if comment is not None:

            c.comment = comment

            data.update(comment.get_dict())

            data.update({'rendered_text':

                         render('changeset/changeset_comment_block.html')})

        return data

    @LoginRequired()

    @NotAnonymous()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    @jsonify

    def delete_comment(self, repo_name, comment_id):

        co = ChangesetComment.get(comment_id)

        if co.pull_request.is_closed():

            #don't allow deleting comments on closed pull request

            raise HTTPForbidden()

        owner = co.author.user_id == c.authuser.user_id

        repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name)

            ChangesetCommentsModel().delete(comment=co)

            Session().commit()

            return True

        else:

            raise HTTPForbidden()

class LoginRequired(object):

    """

    Must be logged in to execute this function else

    redirect to login page

    :param api_access: if enabled this checks only for valid auth token

        and grants access based on valid token

    """

    def __init__(self, api_access=False):

        self.api_access = api_access

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        controller = fargs[0]

        user = controller.authuser

        loc = "%s:%s" % (controller.__class__.__name__, func.__name__)

        log.debug('Checking access for user %s @ %s', user, loc)

        if not AuthUser.check_ip_allowed(user, controller.ip_addr):

            raise _redirect_to_login(_('IP %s not allowed') % controller.ip_addr)

        # check if we used an API key and it's a valid one

        api_key = request.GET.get('api_key')

        if api_key is not None:

            # explicit controller is enabled or API is in our whitelist

            if self.api_access or allowed_api_access(loc, api_key=api_key):

                if api_key in user.api_keys:

                    log.info('user %s authenticated with API key ****%s @ %s',

                             user, api_key[-4:], loc)

                    return func(*fargs, **fkwargs)

                else:

                    log.warning('API key ****%s is NOT valid', api_key[-4:])

                    raise _redirect_to_login(_('Invalid API key'))

            else:

                # controller does not allow API access

                log.warning('API access to %s is not allowed', loc)

                raise HTTPForbidden()

        # Only allow the following HTTP request methods. (We sometimes use POST

        # requests with a '_method' set to 'PUT' or 'DELETE'; but that is only

        # used for the route lookup, and does not affect request.method.)

        if request.method not in ['GET', 'HEAD', 'POST', 'PUT']:

            raise HTTPMethodNotAllowed()

        # Make sure CSRF token never appears in the URL. If so, invalidate it.

        if secure_form.token_key in request.GET:

            log.error('CSRF key leak detected')

            session.pop(secure_form.token_key, None)

            session.save()

            from kallithea.lib import helpers as h

            h.flash(_("CSRF token leak has been detected - all form tokens have been expired"),

                    category='error')

        # CSRF protection: Whenever a request has ambient authority (whether

        # through a session cookie or its origin IP address), it must include

        # the correct token, unless the HTTP method is GET or HEAD (and thus

        # guaranteed to be side effect free. In practice, the only situation

        # where we allow side effects without ambient authority is when the

        # authority comes from an API key; and that is handled above.

        if request.method not in ['GET', 'HEAD']:

            token = request.POST.get(secure_form.token_key)

            if not token or token != secure_form.authentication_token():

                log.error('CSRF check failed')

                raise HTTPForbidden()

        # WebOb already ignores request payload parameters for anything other

        # than POST/PUT, but double-check since other Kallithea code relies on

        # this assumption.

        if request.method not in ['POST', 'PUT'] and request.POST:

            log.error('%r request with payload parameters; WebOb should have stopped this', request.method)

            raise HTTPBadRequest()

        # regular user authentication

        if user.is_authenticated or user.is_default_user:

            log.info('user %s authenticated with regular auth @ %s', user, loc)

            return func(*fargs, **fkwargs)

        else:

            log.warning('user %s NOT authenticated with regular auth @ %s', user, loc)

            raise _redirect_to_login()

class NotAnonymous(object):

    """

    Must be logged in to execute this function else

    redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.authuser

    def __repr__(self):

        return self.__str__()

    def __len__(self):

        return self.count()

    def __eq__(self, other):

        same_instance = isinstance(other, self.__class__)

        return same_instance and getattr(other, 'path', None) == self.path

    def __ne__(self, other):

        return not self.__eq__(other)

    @LazyProperty

    def alias(self):

        for k, v in settings.BACKENDS.items():

            if v.split('.')[-1] == str(self.__class__.__name__):

                return k

    @LazyProperty

    def name(self):

        raise NotImplementedError

    @property

    def name_unicode(self):

        return safe_unicode(self.name)

    @LazyProperty

    def owner(self):

        raise NotImplementedError

    @LazyProperty

    def description(self):

        raise NotImplementedError

    @LazyProperty

    def size(self):

        """

        Returns combined size in bytes for all repository files

        """

        size = 0

        try:

            tip = self.get_changeset()

            for topnode, dirs, files in tip.walk('/'):

                for f in files:

                    size += tip.get_file_size(f.path)

        except RepositoryError as e:

            pass

        return size

    def is_valid(self):

        """

        Validates repository.

        """

        raise NotImplementedError

    def is_empty(self):

        return self._empty

    def get_last_change(self):

        self.get_changesets()

    #==========================================================================

    # CHANGESETS

    #==========================================================================

    def get_changeset(self, revision=None):

        """

        Returns instance of ``Changeset`` class. If ``revision`` is None, most

        recent changeset is returned.

        :raises ``EmptyRepositoryError``: if there are no revisions

        """

        raise NotImplementedError

    def __iter__(self):

        """

        Allows Repository objects to be iterated.

        *Requires* implementation of ``__getitem__`` method.

        """

        for revision in self.revisions:

            yield self.get_changeset(revision)

    def get_changesets(self, start=None, end=None, start_date=None,

                       end_date=None, branch_name=None, reverse=False):

        """

        Returns iterator of ``MercurialChangeset`` objects from start to end

        not inclusive This should behave just like a list, ie. end is not

        inclusive

        :param start: None or str

        :param end: None or str

## -*- coding: utf-8 -*-

<%inherit file="/base/base.html"/>

<%block name="title">

    ${_('About')}

</%block>

<%def name="breadcrumbs()">

    ${c.site_name}

</%def>

<%block name="header_menu">

    ${self.menu('about')}

</%block>

<%def name="main()">

<div class="box">

  <!-- box / title -->

  <div class="title">

    <h5>${_('About')} Kallithea</h5>

  </div>

  <p><a href="https://kallithea-scm.org/">Kallithea</a> is a project of the

  <a href="http://sfconservancy.org/">Software Freedom Conservancy, Inc.</a>

  and is released under the terms of the

  <a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License,

  v 3.0 (GPLv3)</a>.</p>

  <p>Kallithea is copyrighted by various authors, including but not