# -*- coding: utf-8 -*-

"""

    rhodecode.controllers.api

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    API controller for RhodeCode

    :created_on: Aug 20, 2011

    :author: marcink

    :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import traceback

import logging

from rhodecode.controllers.api import JSONRPCController, JSONRPCError

from rhodecode.lib.auth import PasswordGenerator, AuthUser, \

    HasPermissionAllDecorator, HasPermissionAnyDecorator, \

    HasPermissionAnyApi, HasRepoPermissionAnyApi

from rhodecode.lib.utils import map_groups, repo2db_mapper

from rhodecode.lib import helpers as h

from rhodecode.model.meta import Session

from rhodecode.model.scm import ScmModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.user import UserModel

from rhodecode.model.users_group import UserGroupModel

from rhodecode.model.permission import PermissionModel

from rhodecode.model.db import Repository, RhodeCodeSetting, UserIpMap

log = logging.getLogger(__name__)

class OptionalAttr(object):

    """

    Special Optional Option that defines other attribute

    """

    def __init__(self, attr_name):

        self.attr_name = attr_name

    def __repr__(self):

        return '<OptionalAttr:%s>' % self.attr_name

    def __call__(self):

        return self

#alias

OAttr = OptionalAttr

class Optional(object):

    """

    Defines an optional parameter::

        param = param.getval() if isinstance(param, Optional) else param

        param = param() if isinstance(param, Optional) else param

    is equivalent of::

        param = Optional.extract(param)

    """

    def __init__(self, type_):

        self.type_ = type_

    def __repr__(self):

        return '<Optional:%s>' % self.type_.__repr__()

    def __call__(self):

        return self.getval()

    def getval(self):

        """

        returns value from this Optional instance

        """

        return self.type_

    @classmethod

                'Error occurred during cache invalidation action'

            )

    def lock(self, apiuser, repoid, locked=Optional(None),

             userid=Optional(OAttr('apiuser'))):

        """

        Set locking state on particular repository by given user, if

        this command is runned by non-admin account userid is set to user

        who is calling this method

        :param apiuser:

        :param repoid:

        :param userid:

        :param locked:

        """

        repo = get_repo_or_error(repoid)

        if HasPermissionAnyApi('hg.admin')(user=apiuser):

            pass

        elif HasRepoPermissionAnyApi('repository.admin',

                                     'repository.write')(user=apiuser,

                                                         repo_name=repo.repo_name):

            #make sure normal user does not pass someone else userid,

            #he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        else:

            raise JSONRPCError('repository `%s` does not exist' % (repoid))

        if isinstance(userid, Optional):

            userid = apiuser.user_id

        user = get_user_or_error(userid)

        if isinstance(locked, Optional):

            lockobj = Repository.getlock(repo)

            if lockobj[0] is None:

                return ('Repo `%s` not locked. Locked=`False`.'

                        % (repo.repo_name))

            else:

                userid, time_ = lockobj

                user = get_user_or_error(userid)

                return ('Repo `%s` locked by `%s`. Locked=`True`. '

                        'Locked since: `%s`'

                    % (repo.repo_name, user.username,

        else:

            locked = str2bool(locked)

            try:

                if locked:

                    Repository.lock(repo, user.user_id)

                else:

                    Repository.unlock(repo)

                return ('User `%s` set lock state for repo `%s` to `%s`'

                        % (user.username, repo.repo_name, locked))

            except Exception:

                log.error(traceback.format_exc())

                raise JSONRPCError(

                    'Error occurred locking repository `%s`' % repo.repo_name

                )

    @HasPermissionAllDecorator('hg.admin')

    def show_ip(self, apiuser, userid):

        """

        Shows IP address as seen from RhodeCode server, together with all

        defined IP addresses for given user

        :param apiuser:

        :param userid:

        """

        user = get_user_or_error(userid)

        ips = UserIpMap.query().filter(UserIpMap.user == user).all()

        return dict(

            ip_addr_server=self.ip_addr,

            user_ips=ips

        )

    def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):

        """"

        Get a user by username, or userid, if userid is given

        :param apiuser:

        :param userid:

        """

        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:

            #make sure normal user does not pass someone else userid,

            #he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        if isinstance(userid, Optional):

            userid = apiuser.user_id

        user = get_user_or_error(userid)

        data = user.get_api_data()

        data['permissions'] = AuthUser(user_id=user.user_id).permissions

        return data

    @HasPermissionAllDecorator('hg.admin')

    def get_users(self, apiuser):

        """"

        Get all users

        :param apiuser:

        """

        result = []

"""

    rhodecode.model.db

    ~~~~~~~~~~~~~~~~~~

    Database Models for RhodeCode

    :created_on: Apr 08, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import logging

import datetime

import traceback

import hashlib

import time

from collections import defaultdict

from sqlalchemy import *

from sqlalchemy.ext.hybrid import hybrid_property

from sqlalchemy.orm import relationship, joinedload, class_mapper, validates

from sqlalchemy.exc import DatabaseError

from beaker.cache import cache_region, region_invalidate

from webob.exc import HTTPNotFound

from pylons.i18n.translation import lazy_ugettext as _

from rhodecode.lib.vcs import get_backend

from rhodecode.lib.vcs.utils.helpers import get_scm

from rhodecode.lib.vcs.exceptions import VCSError

from rhodecode.lib.vcs.utils.lazy import LazyProperty

from rhodecode.lib.vcs.backends.base import EmptyChangeset

from rhodecode.lib.utils2 import str2bool, safe_str, get_changeset_safe, \

from rhodecode.lib.compat import json

from rhodecode.lib.caching_query import FromCache

from rhodecode.model.meta import Base, Session

URL_SEP = '/'

log = logging.getLogger(__name__)

#==============================================================================

# BASE CLASSES

#==============================================================================

_hash_key = lambda k: hashlib.md5(safe_str(k)).hexdigest()

class BaseModel(object):

    """

    Base Model for all classess

    """

    @classmethod

    def _get_keys(cls):

        """return column names for this model """

        return class_mapper(cls).c.keys()

    def get_dict(self):

        """

        return dict with keys and values corresponding

        to this model data """

        d = {}

        for k in self._get_keys():

            d[k] = getattr(self, k)

        # also use __json__() if present to get additional fields

        _json_attr = getattr(self, '__json__', None)

        if _json_attr:

            # update with attributes from __json__

            if callable(_json_attr):

                _json_attr = _json_attr()

            for k, val in _json_attr.iteritems():

                d[k] = val

        return d

    def get_appstruct(self):

        """return list with keys and values tupples corresponding

        to this model data """

        """

        path_prefix = self.group.full_path_splitted if self.group else []

        return Repository.url_sep().join(path_prefix + [repo_name])

    @property

    def _ui(self):

        """

        Creates an db based ui object for this repository

        """

        from rhodecode.lib.utils import make_ui

        return make_ui('db', clear_session=False)

    @classmethod

    def inject_ui(cls, repo, extras={}):

        repo.inject_ui(extras)

    @classmethod

    def is_valid(cls, repo_name):

        """

        returns True if given repo name is a valid filesystem repository

        :param cls:

        :param repo_name:

        """

        from rhodecode.lib.utils import is_valid_repo

        return is_valid_repo(repo_name, cls.base_path())

    def get_api_data(self):

        """

        Common function for generating repo api data

        """

        repo = self

        data = dict(

            repo_id=repo.repo_id,

            repo_name=repo.repo_name,

            repo_type=repo.repo_type,

            clone_uri=repo.clone_uri,

            private=repo.private,

            created_on=repo.created_on,

            description=repo.description,

            landing_rev=repo.landing_rev,

            owner=repo.user.username,

            fork_of=repo.fork.repo_name if repo.fork else None,

            enable_statistics=repo.enable_statistics,

            enable_locking=repo.enable_locking,

            enable_downloads=repo.enable_downloads,

        )

        rc_config = RhodeCodeSetting.get_app_settings()

        repository_fields = str2bool(rc_config.get('rhodecode_repository_fields'))

        if repository_fields:

            for f in self.extra_fields:

                data[f.field_key_prefixed] = f.field_value

        return data

    @classmethod

    def lock(cls, repo, user_id):

        repo.locked = [user_id, time.time()]

        Session().add(repo)

        Session().commit()

    @classmethod

    def unlock(cls, repo):

        repo.locked = None

        Session().add(repo)

        Session().commit()

    @classmethod

    def getlock(cls, repo):

        return repo.locked

    @property

    def last_db_change(self):

        return self.updated_on

    def clone_url(self, **override):

        from pylons import url

        from urlparse import urlparse

        import urllib

        parsed_url = urlparse(url('home', qualified=True))

        default_clone_uri = '%(scheme)s://%(user)s%(pass)s%(netloc)s%(prefix)s%(path)s'

        decoded_path = safe_unicode(urllib.unquote(parsed_url.path))

        args = {

           'user': '',

           'pass': '',

           'scheme': parsed_url.scheme,

           'netloc': parsed_url.netloc,

           'prefix': decoded_path,

           'path': self.repo_name

        }

        args.update(override)

        return default_clone_uri % args

            expected = ('User `%s` set lock state for repo `%s` to `%s`'

                       % (self.TEST_USER_LOGIN, repo_name, True))

            self._compare_ok(id_, expected, given=response.body)

        finally:

            destroy_repo(repo_name)

    def test_api_lock_repo_lock_aquire_non_admin_with_userid(self):

        repo_name = 'api_delete_me'

        create_repo(repo_name, self.REPO_TYPE, owner=self.TEST_USER_LOGIN)

        try:

            id_, params = _build_data(self.apikey_regular, 'lock',

                                      userid=TEST_USER_ADMIN_LOGIN,

                                      repoid=repo_name,

                                      locked=True)

            response = api_call(self, params)

            expected = 'userid is not the same as your user'

            self._compare_error(id_, expected, given=response.body)

        finally:

            destroy_repo(repo_name)

    def test_api_lock_repo_lock_aquire_non_admin_not_his_repo(self):

        id_, params = _build_data(self.apikey_regular, 'lock',

                                  repoid=self.REPO,

                                  locked=True)

        response = api_call(self, params)

        expected = 'repository `%s` does not exist' % (self.REPO)

        self._compare_error(id_, expected, given=response.body)

    def test_api_lock_repo_lock_release(self):

        id_, params = _build_data(self.apikey, 'lock',

                                  userid=TEST_USER_ADMIN_LOGIN,

                                  repoid=self.REPO,

                                  locked=False)

        response = api_call(self, params)

        expected = ('User `%s` set lock state for repo `%s` to `%s`'

                   % (TEST_USER_ADMIN_LOGIN, self.REPO, False))

        self._compare_ok(id_, expected, given=response.body)

    def test_api_lock_repo_lock_aquire_optional_userid(self):

        id_, params = _build_data(self.apikey, 'lock',

                                  repoid=self.REPO,

                                  locked=True)

        response = api_call(self, params)

        expected = ('User `%s` set lock state for repo `%s` to `%s`'

                   % (TEST_USER_ADMIN_LOGIN, self.REPO, True))

        self._compare_ok(id_, expected, given=response.body)

    def test_api_lock_repo_lock_optional_locked(self):

        from rhodecode.lib.utils2 import  time_to_datetime

                                    .get_by_repo_name(self.REPO).locked[1]))

        id_, params = _build_data(self.apikey, 'lock',

                                  repoid=self.REPO)

        response = api_call(self, params)

        expected = ('Repo `%s` locked by `%s`. Locked=`True`. Locked since: `%s`'

                   % (self.REPO, TEST_USER_ADMIN_LOGIN, _locked_since))

        self._compare_ok(id_, expected, given=response.body)

    @mock.patch.object(Repository, 'lock', crash)

    def test_api_lock_error(self):

        id_, params = _build_data(self.apikey, 'lock',

                                  userid=TEST_USER_ADMIN_LOGIN,

                                  repoid=self.REPO,

                                  locked=True)

        response = api_call(self, params)

        expected = 'Error occurred locking repository `%s`' % self.REPO

        self._compare_error(id_, expected, given=response.body)

    def test_api_create_existing_user(self):

        id_, params = _build_data(self.apikey, 'create_user',

                                  username=TEST_USER_ADMIN_LOGIN,

                                  email='test@foo.com',

                                  password='trololo')

        response = api_call(self, params)

        expected = "user `%s` already exist" % TEST_USER_ADMIN_LOGIN

        self._compare_error(id_, expected, given=response.body)

    def test_api_create_user_with_existing_email(self):

        id_, params = _build_data(self.apikey, 'create_user',

                                  username=TEST_USER_ADMIN_LOGIN + 'new',

                                  email=TEST_USER_REGULAR_EMAIL,

                                  password='trololo')

        response = api_call(self, params)

        expected = "email `%s` already exist" % TEST_USER_REGULAR_EMAIL

        self._compare_error(id_, expected, given=response.body)

    def test_api_create_user(self):

        username = 'test_new_api_user'

        email = username + "@foo.com"

        id_, params = _build_data(self.apikey, 'create_user',

                                  username=username,

                                  email=email,

                                  password='trololo')

        response = api_call(self, params)

        usr = UserModel().get_by_username(username)

        ret = dict(

            msg='created new user `%s`' % username,

            user=jsonify(usr.get_api_data())

        )

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        UserModel().delete(usr.user_id)

        Session().commit()

    @mock.patch.object(UserModel, 'create_or_update', crash)

    def test_api_create_user_when_exception_happened(self):

        username = 'test_new_api_user'

        email = username + "@foo.com"