"msg": "created new user group `<groupname>`",

                      "user_group": <user_group_object>

                    }

            error:  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "user group `<group name>` already exist"

            or

            "failed to create group `<group name>`"

          }

        """

        if UserGroupModel().get_by_name(group_name):

            raise JSONRPCError("user group `%s` already exist" % (group_name,))

        try:

            if isinstance(owner, Optional):

                owner = request.authuser.user_id

            owner = get_user_or_error(owner)

            active = Optional.extract(active)

            description = Optional.extract(description)

            ug = UserGroupModel().create(name=group_name, description=description,

                                         owner=owner, active=active)

            Session().commit()

            return dict(

                msg='created new user group `%s`' % group_name,

                user_group=ug.get_api_data()

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to create group `%s`' % (group_name,))

    # permission check inside

    def update_user_group(self, usergroupid, group_name=Optional(''),

                          description=Optional(''), owner=Optional(None),

                          active=Optional(True)):

        """

        Updates given usergroup.  This command can be executed only using api_key

        belonging to user with admin rights or an admin of given user group

        :param usergroupid: id of user group to update

        :type usergroupid: str or int

        :param group_name: name of new user group

        :type group_name: str

        :param description: group description

        :type description: str

        :param owner: owner of group.

        :type owner: Optional(str or int)

        :param active: group is active

        :type active: Optional(bool)

        OUTPUT::

          id : <id_given_in_input>

          result : {

            "msg": 'updated user group ID:<user group id> <user group name>',

            "user_group": <user_group_object>

          }

          error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to update user group `<user group name>`"

          }

        """

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        if not isinstance(owner, Optional):

            owner = get_user_or_error(owner)

        updates = {}

        store_update(updates, group_name, 'users_group_name')

        store_update(updates, description, 'user_group_description')

        store_update(updates, owner, 'owner')

        store_update(updates, active, 'users_group_active')

        try:

            UserGroupModel().update(user_group, updates)

            Session().commit()

            return dict(

                msg='updated user group ID:%s %s' % (user_group.users_group_id,

                                                     user_group.users_group_name),

                user_group=user_group.get_api_data()

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to update user group `%s`' % (usergroupid,))

    # permission check inside

    def delete_user_group(self, usergroupid):

        """

        Delete given user group by user group id or name.

        This command can be executed only using api_key

        belonging to user with admin rights or an admin of given user group

        :param usergroupid:

        :type usergroupid: int

        OUTPUT::

          id : <id_given_in_input>

          result : {

            "msg": "deleted user group ID:<user_group_id> <user_group_name>"

          }

          error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to delete user group ID:<user_group_id> <user_group_name>"

            or

            "RepoGroup assigned to <repo_groups_list>"

          }

        """

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            UserGroupModel().delete(user_group)

            Session().commit()

            return dict(

                msg='deleted user group ID:%s %s' %

                    (user_group.users_group_id, user_group.users_group_name),

                user_group=None

            )

        except UserGroupsAssignedException as e:

            log.error(traceback.format_exc())

            raise JSONRPCError(str(e))

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to delete user group ID:%s %s' %

                               (user_group.users_group_id,

                                user_group.users_group_name)

                               )

    # permission check inside

    def add_user_to_user_group(self, usergroupid, userid):

        """

        Adds a user to a user group. If user exists in that group success will be

        `false`. This command can be executed only using api_key

        belonging to user with admin rights  or an admin of given user group

        :param usergroupid:

        :type usergroupid: int

        :param userid:

        :type userid: int

        OUTPUT::

          id : <id_given_in_input>

          result : {

              "success": True|False # depends on if member is in group

              "msg": "added member `<username>` to user group `<groupname>` |

                      User is already in that group"

          }

          error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to add member to user group `<user_group_name>`"

          }

        """

        user = get_user_or_error(userid)

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            ugm = UserGroupModel().add_user_to_group(user_group, user)

            msg = 'added member `%s` to user group `%s`' % (

                user.username, user_group.users_group_name

            )

            msg = msg if success else 'User is already in that group'

            Session().commit()

            return dict(

                success=success,

                msg=msg

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'failed to add member to user group `%s`' % (

                    user_group.users_group_name,

                )

            )

    # permission check inside

    def remove_user_from_user_group(self, usergroupid, userid):

        """

        Removes a user from a user group. If user is not in given group success will

        be `false`. This command can be executed only

        using api_key belonging to user with admin rights or an admin of given user group

        :param usergroupid:

        :param userid:

        OUTPUT::

            id : <id_given_in_input>

            result: {

                      "success":  True|False,  # depends on if member is in group

                      "msg": "removed member <username> from user group <groupname> |

                              User wasn't in group"

                    }

            error:  null

        """

        user = get_user_or_error(userid)

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            success = UserGroupModel().remove_user_from_group(user_group, user)

            msg = 'removed member `%s` from user group `%s`' % (

                user.username, user_group.users_group_name

            )

            msg = msg if success else "User wasn't in group"

            Session().commit()

            return dict(success=success, msg=msg)

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'failed to remove member from user group `%s`' % (

                    user_group.users_group_name,

                )

            )

    # permission check inside

    def get_repo(self, repoid,

                 with_revision_names=Optional(False),

                 with_pullrequests=Optional(False)):

        """

        Gets an existing repository by it's name or repository_id. Members will return

        either users_group or user associated to that repository. This command can be

        executed only using api_key belonging to user with admin

        rights or regular user that have at least read access to repository.

        :param repoid: repository name or repository id

        :type repoid: str or int

        OUTPUT::

          id : <id_given_in_input>

          result : {

            {

                "repo_id" :          "<repo_id>",

                "repo_name" :        "<reponame>"

                "repo_type" :        "<repo_type>",

                "clone_uri" :        "<clone_uri>",

                "enable_downloads":  "<bool>",

                "enable_statistics": "<bool>",

                "private":           "<bool>",

                "created_on" :       "<date_time_created>",

                "description" :      "<description>",

                "landing_rev":       "<landing_rev>",

                "last_changeset":    {

                                       "author":   "<full_author>",

                                       "date":     "<date_time_of_commit>",

                                       "message":  "<commit_message>",

                                       "raw_id":   "<raw_id>",

                                       "revision": "<numeric_revision>",

                                       "short_id": "<short_id>"

                                     }

                "owner":             "<repo_owner>",

                "fork_of":           "<name_of_fork_parent>",

                "members" :     [

                                  {

                                    "name":     "<username>",

                                    "type" :    "user",

                                    "permission" : "repository.(read|write|admin)"

                                  },

                                  …

                                  {

                                    "name":     "<usergroup name>",

                                    "type" :    "user_group",

                                    "permission" : "usergroup.(read|write|admin)"

                                  },

                                  …

                                ]

                 "followers":   [<user_obj>, ...],

                 <if with_revision_names == True>

                 "tags": {

                            "<tagname>": "<raw_id>",

                            ...

                         },

                 "branches": {

                            "<branchname>": "<raw_id>",

                            ...

                         },

                 "bookmarks": {

                            "<bookmarkname>": "<raw_id>",

                            ...

                         },

            }

          }

          error :  null

        """

        repo = get_repo_or_error(repoid)

        if not HasPermissionAny('hg.admin')():

            if not HasRepoPermissionLevel('read')(repo.repo_name):

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        members = []

        for user in repo.repo_to_perm:

            perm = user.permission.permission_name

            user = user.user

            user_data = {

                'name': user.username,

                'type': "user",

                'permission': perm

            }

            members.append(user_data)

        for user_group in repo.users_group_to_perm:

            perm = user_group.permission.permission_name

            user_group = user_group.users_group

            user_group_data = {

                'name': user_group.users_group_name,

                'type': "user_group",

                'permission': perm

            }

            members.append(user_group_data)

        followers = [

            uf.user.get_api_data()

            for uf in repo.followers

        ]

        data = repo.get_api_data(with_revision_names=Optional.extract(with_revision_names),

                                 with_pullrequests=Optional.extract(with_pullrequests))

        data['members'] = members

        data['followers'] = followers

        return data

    # permission check inside

    def get_repos(self):

        """

        Lists all existing repositories. This command can be executed only using

        api_key belonging to user with admin rights or regular user that have

        admin, write or read access to repository.

        OUTPUT::

            id : <id_given_in_input>

            result: [

                      {

                        "repo_id" :          "<repo_id>",

                        "repo_name" :        "<reponame>"

                        "repo_type" :        "<repo_type>",

                        "clone_uri" :        "<clone_uri>",

                        "private": :         "<bool>",

                        "created_on" :       "<datetimecreated>",

                        "description" :      "<description>",

                        "landing_rev":       "<landing_rev>",

# -*- coding: utf-8 -*-

import json

import urllib

import urllib2

class RecaptchaResponse(object):

    def __init__(self, is_valid, error_code=None):

        self.is_valid = is_valid

        self.error_code = error_code

    def __repr__(self):

        return '<RecaptchaResponse:%s>' % (self.is_valid)

def submit(g_recaptcha_response, private_key, remoteip):

    """

    Submits a reCAPTCHA request for verification. Returns RecaptchaResponse for the request

    g_recaptcha_response -- The value of g_recaptcha_response from the form

    private_key -- your reCAPTCHA private key

    remoteip -- the user's IP address

    """

    if not (g_recaptcha_response and len(g_recaptcha_response)):

        return RecaptchaResponse(is_valid=False, error_code='incorrect-captcha-sol')

    def encode_if_necessary(s):

        if isinstance(s, unicode):

            return s.encode('utf-8')

        return s

    params = urllib.urlencode({

        'secret': encode_if_necessary(private_key),

        'remoteip': encode_if_necessary(remoteip),

        'response': encode_if_necessary(g_recaptcha_response),

    })

    req = urllib2.Request(

        url="https://www.google.com/recaptcha/api/siteverify",

        data=params,

        headers={

            "Content-type": "application/x-www-form-urlencoded",

            "User-agent": "reCAPTCHA Python"

        }

    )

    httpresp = urllib2.urlopen(req)

    return_values = json.loads(httpresp.read())

    httpresp.close()

    if not (isinstance(return_values, dict)):

        return RecaptchaResponse(is_valid=False, error_code='incorrect-captcha-sol')

        return RecaptchaResponse(is_valid=True)

    elif (("error-codes" in return_values) and isinstance(return_values["error-codes"], list) and (len(return_values["error-codes"]) > 0)):

        return RecaptchaResponse(is_valid=False, error_code=return_values["error-codes"][0])

    else:

        return RecaptchaResponse(is_valid=False, error_code='incorrect-captcha-sol')

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.user_group

~~~~~~~~~~~~~~~~~~~~~~~~~~

user group model for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Oct 1, 2011

:author: nvinot, marcink

"""

import logging

import traceback

from kallithea.lib.exceptions import RepoGroupAssignmentError, UserGroupsAssignedException

from kallithea.model.db import (

    Permission, Session, User, UserGroup, UserGroupMember, UserGroupRepoToPerm, UserGroupToPerm, UserGroupUserGroupToPerm, UserUserGroupToPerm)

log = logging.getLogger(__name__)

class UserGroupModel(object):

    def _create_default_perms(self, user_group):

        # create default permission

        default_perm = 'usergroup.read'

        def_user = User.get_default_user()

        for p in def_user.user_perms:

            if p.permission.permission_name.startswith('usergroup.'):

                default_perm = p.permission.permission_name

                break

        user_group_to_perm = UserUserGroupToPerm()

        user_group_to_perm.permission = Permission.get_by_key(default_perm)

        user_group_to_perm.user_group = user_group

        user_group_to_perm.user_id = def_user.user_id

        Session().add(user_group_to_perm)

        return user_group_to_perm

    def _update_permissions(self, user_group, perms_new=None,

                            perms_updates=None):

        from kallithea.lib.auth import HasUserGroupPermissionLevel

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        # update permissions

        for member, perm, member_type in perms_updates:

            if member_type == 'user':

                # this updates existing one

                self.grant_user_permission(

                    user_group=user_group, user=member, perm=perm

                )

            else:

                # check if we have permissions to alter this usergroup's access

                if HasUserGroupPermissionLevel('read')(member):

                    self.grant_user_group_permission(

                        target_user_group=user_group, user_group=member, perm=perm

                    )

        # set new permissions

        for member, perm, member_type in perms_new:

            if member_type == 'user':

                self.grant_user_permission(

                    user_group=user_group, user=member, perm=perm

                )

            else:

                # check if we have permissions to alter this usergroup's access

                if HasUserGroupPermissionLevel('read')(member):

                    self.grant_user_group_permission(

                        target_user_group=user_group, user_group=member, perm=perm

                    )

    def get(self, user_group_id, cache=False):

        return UserGroup.get(user_group_id)

    def get_group(self, user_group):

        return UserGroup.guess_instance(user_group)

    def get_by_name(self, name, cache=False, case_insensitive=False):

        return UserGroup.get_by_group_name(name, cache, case_insensitive)

    def create(self, name, description, owner, active=True, group_data=None):

        try:

            new_user_group = UserGroup()

            new_user_group.owner = User.guess_instance(owner)

            new_user_group.users_group_name = name

            new_user_group.user_group_description = description

            new_user_group.users_group_active = active

            if group_data:

                new_user_group.group_data = group_data

            Session().add(new_user_group)

            self._create_default_perms(new_user_group)

            self.grant_user_permission(user_group=new_user_group,

                                       user=owner, perm='usergroup.admin')

            return new_user_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def update(self, user_group, form_data):

        try:

            user_group = UserGroup.guess_instance(user_group)

            for k, v in form_data.items():

                if k == 'users_group_members':

                    members_list = []

                    if v:

                        v = [v] if isinstance(v, basestring) else v

                        for u_id in set(v):

                            member = UserGroupMember(user_group.users_group_id, u_id)

                            members_list.append(member)

                            Session().add(member)

                    user_group.members = members_list

                setattr(user_group, k, v)

            # Flush to make db assign users_group_member_id to newly

            # created UserGroupMembers.

            Session().flush()

        except Exception:

            log.error(traceback.format_exc())

            raise

    def delete(self, user_group, force=False):

        """

        Deletes user group, unless force flag is used

        raises exception if there are members in that group, else deletes

        group and users

        :param user_group:

        :param force:

        """

        user_group = UserGroup.guess_instance(user_group)

        try:

            # check if this group is not assigned to repo

            assigned_groups = UserGroupRepoToPerm.query() \

                .filter(UserGroupRepoToPerm.users_group == user_group).all()

            assigned_groups = [x.repository.repo_name for x in assigned_groups]

            if assigned_groups and not force:

                raise UserGroupsAssignedException(

                    'User Group assigned to %s' % ", ".join(assigned_groups))

            Session().delete(user_group)

        except Exception:

            log.error(traceback.format_exc())

            raise

    def add_user_to_group(self, user_group, user):

        user_group = UserGroup.guess_instance(user_group)

        user = User.guess_instance(user)

        for m in user_group.members:

            u = m.user

            if u.user_id == user.user_id:

                # user already in the group, skip

                return True

        try:

            user_group_member = UserGroupMember()

            user_group_member.user = user

            user_group_member.users_group = user_group

            user_group.members.append(user_group_member)

            user.group_member.append(user_group_member)

            Session().add(user_group_member)

            return user_group_member

        except Exception:

            log.error(traceback.format_exc())

            raise

    def remove_user_from_group(self, user_group, user):

        user_group = UserGroup.guess_instance(user_group)

        user = User.guess_instance(user)

        user_group_member = None

        for m in user_group.members:

            if m.user_id == user.user_id:

                # Found this user's membership row

                user_group_member = m

                break

        if user_group_member:

            try:

                Session().delete(user_group_member)

                return True

            except Exception:

                log.error(traceback.format_exc())

                raise

        else:

            # User isn't in that group

            return False

    def has_perm(self, user_group, perm):

        user_group = UserGroup.guess_instance(user_group)

        perm = Permission.guess_instance(perm)

        return UserGroupToPerm.query() \

            .filter(UserGroupToPerm.users_group == user_group) \

            .filter(UserGroupToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user_group, perm):

        user_group = UserGroup.guess_instance(user_group)

        perm = Permission.guess_instance(perm)

        # if this permission is already granted skip it

        _perm = UserGroupToPerm.query() \

            .filter(UserGroupToPerm.users_group == user_group) \

            .filter(UserGroupToPerm.permission == perm) \

            .scalar()

        if _perm:

            return

        new = UserGroupToPerm()

        new.users_group = user_group

        new.permission = perm

        Session().add(new)

        return new

    def revoke_perm(self, user_group, perm):

        user_group = UserGroup.guess_instance(user_group)

        perm = Permission.guess_instance(perm)

        obj = UserGroupToPerm.query() \

            .filter(UserGroupToPerm.users_group == user_group) \

            .filter(UserGroupToPerm.permission == perm).scalar()

        if obj is not None:

            Session().delete(obj)

    def grant_user_permission(self, user_group, user, perm):

        """

        Grant permission for user on given user group, or update

        existing one if found

        :param user_group: Instance of UserGroup, users_group_id,

            or users_group_name

        :param user: Instance of User, user_id or username

        :param perm: Instance of Permission, or permission_name

        """

        user_group = UserGroup.guess_instance(user_group)

        user = User.guess_instance(user)

        permission = Permission.guess_instance(perm)

        # check if we have that permission already

        obj = UserUserGroupToPerm.query() \

            .filter(UserUserGroupToPerm.user == user) \

            .filter(UserUserGroupToPerm.user_group == user_group) \

            .scalar()

        if obj is None:

            # create new !

            obj = UserUserGroupToPerm()

            Session().add(obj)

        obj.user_group = user_group

        obj.user = user

        obj.permission = permission

        log.debug('Granted perm %s to %s on %s', perm, user, user_group)

        return obj

    def revoke_user_permission(self, user_group, user):

        """

        Revoke permission for user on given repository group

        :param user_group: Instance of RepoGroup, repositories_group_id,

            or repositories_group name

        :param user: Instance of User, user_id or username

        """

        user_group = UserGroup.guess_instance(user_group)

        user = User.guess_instance(user)

        obj = UserUserGroupToPerm.query() \

            .filter(UserUserGroupToPerm.user == user) \

            .filter(UserUserGroupToPerm.user_group == user_group) \

            .scalar()

        if obj is not None:

            Session().delete(obj)

            log.debug('Revoked perm on %s on %s', user_group, user)

    def grant_user_group_permission(self, target_user_group, user_group, perm):

        """

        Grant user group permission for given target_user_group

        :param target_user_group:

        :param user_group:

        :param perm:

        """

        target_user_group = UserGroup.guess_instance(target_user_group)

        user_group = UserGroup.guess_instance(user_group)

        permission = Permission.guess_instance(perm)

        # forbid assigning same user group to itself

        if target_user_group == user_group:

            raise RepoGroupAssignmentError('target repo:%s cannot be '

                                           'assigned to itself' % target_user_group)

        # check if we have that permission already

        obj = UserGroupUserGroupToPerm.query() \

            .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \

            .filter(UserGroupUserGroupToPerm.user_group == user_group) \

            .scalar()

        if obj is None:

            # create new !

            obj = UserGroupUserGroupToPerm()

            Session().add(obj)

        obj.user_group = user_group

        obj.target_user_group = target_user_group

        obj.permission = permission

        log.debug('Granted perm %s to %s on %s', perm, target_user_group, user_group)

        return obj

    def revoke_user_group_permission(self, target_user_group, user_group):

        """

        Revoke user group permission for given target_user_group

        :param target_user_group:

        :param user_group:

        """

        target_user_group = UserGroup.guess_instance(target_user_group)

        user_group = UserGroup.guess_instance(user_group)

        obj = UserGroupUserGroupToPerm.query() \

            .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \

            .filter(UserGroupUserGroupToPerm.user_group == user_group) \

            .scalar()

        if obj is not None:

            Session().delete(obj)

            log.debug('Revoked perm on %s on %s', target_user_group, user_group)

    def enforce_groups(self, user, groups, extern_type=None):

        user = User.guess_instance(user)

        log.debug('Enforcing groups %s on user %s', user, groups)

        current_groups = user.group_member

        # find the external created groups

        externals = [x.users_group for x in current_groups

                     if 'extern_type' in x.users_group.group_data]

        # calculate from what groups user should be removed

        # externals that are not in groups

        for gr in externals:

            if gr.users_group_name not in groups: