# -*- coding: utf-8 -*-

"""

    rhodecode.controllers.admin.users

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Users crud controller for pylons

    :created_on: Apr 4, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

import formencode

from pylons import response

from formencode import htmlfill

from pylons import request, session, tmpl_context as c, url, config

from pylons.controllers.util import redirect

from pylons.i18n.translation import _

import rhodecode

from rhodecode.lib.exceptions import DefaultUserException, \

    UserOwnsReposException

from rhodecode.lib import helpers as h

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \

    AuthUser

from rhodecode.lib.base import BaseController, render

from rhodecode.model.user import UserModel

from rhodecode.model.meta import Session

from rhodecode.lib.utils import action_logger

from rhodecode.lib.compat import json

from rhodecode.lib.utils2 import datetime_to_time, str2bool

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('user', 'users')

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        super(UsersController, self).__before__()

        c.available_permissions = config['available_permissions']

    def index(self, format='html'):

        """GET /users: All items in the collection"""

        # url('users')

        c.users_list = User.query().order_by(User.username).all()

        users_data = []

        total_records = len(c.users_list)

        _tmpl_lookup = rhodecode.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        grav_tmpl = lambda user_email, size: (

                template.get_def("user_gravatar")

                .render(user_email, size, _=_, h=h, c=c))

        user_lnk = lambda user_id, username: (

                template.get_def("user_name")

                .render(user_id, username, _=_, h=h, c=c))

        user_actions = lambda user_id, username: (

                template.get_def("user_actions")

                .render(user_id, username, _=_, h=h, c=c))

        for user in c.users_list:

            users_data.append({

                "gravatar": grav_tmpl(user. email, 24),

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during update of user %s') \

                    % form_result.get('username'), category='error')

        return redirect(url('edit_user', id=id))

    def delete(self, id):

        """DELETE /users/id: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('delete_user', id=ID),

        #           method='delete')

        # url('user', id=ID)

        usr = User.get_or_404(id)

        try:

            UserModel().delete(usr)

            Session().commit()

            h.flash(_('Successfully deleted user'), category='success')

        except (UserOwnsReposException, DefaultUserException), e:

            h.flash(e, category='warning')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during deletion of user'),

                    category='error')

        return redirect(url('users'))

    def show(self, id, format='html'):

        """GET /users/id: Show a specific item"""

        # url('user', id=ID)

        User.get_or_404(-1)

    def edit(self, id, format='html'):

        """GET /users/id/edit: Form to edit an existing item"""

        # url('edit_user', id=ID)

        c.user = User.get_or_404(id)

        if c.user.username == 'default':

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

        c.user.permissions = {}

        c.granted_permissions = UserModel().fill_perms(c.user)\

            .permissions['global']

        c.user_email_map = UserEmailMap.query()\

                        .filter(UserEmailMap.user == c.user).all()

        c.user_ip_map = UserIpMap.query()\

                        .filter(UserIpMap.user == c.user).all()

        c.ldap_dn = c.user.ldap_dn

        defaults = c.user.get_dict()

        defaults.update({

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    def update_perm(self, id):

        """PUT /users_perm/id: Update an existing item"""

        # url('user_perm', id=ID, method='put')

        try:

            else:

            else:

            Session().commit()

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during permissions saving'),

                    category='error')

        return redirect(url('edit_user', id=id))

    def add_email(self, id):

        """POST /user_emails:Add an existing item"""

        # url('user_emails', id=ID, method='put')

        email = request.POST.get('new_email')

        user_model = UserModel()

        try:

            user_model.add_extra_email(id, email)

            Session().commit()

            h.flash(_("Added email %s to user") % email, category='success')

        except formencode.Invalid, error:

            msg = error.error_dict['email']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during email saving'),

                    category='error')

        return redirect(url('edit_user', id=id))

    def delete_email(self, id):

        """DELETE /user_emails_delete/id: Delete an existing item"""

        # url('user_emails_delete', id=ID, method='delete')

        user_model = UserModel()

        user_model.delete_extra_email(id, request.POST.get('del_email'))

        Session().commit()

        h.flash(_("Removed email from user"), category='success')

        return redirect(url('edit_user', id=id))

    def add_ip(self, id):

        """POST /user_ips:Add an existing item"""

        # url('user_ips', id=ID, method='put')

        ip = request.POST.get('new_ip')

        user_model = UserModel()

        try:

            user_model.add_extra_ip(id, ip)

            Session().commit()

            h.flash(_("Added ip %s to user") % ip, category='success')

        except formencode.Invalid, error:

# -*- coding: utf-8 -*-

"""

    rhodecode.controllers.admin.users_groups

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    User Groups crud controller for pylons

    :created_on: Jan 25, 2011

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

import formencode

from formencode import htmlfill

from pylons import request, session, tmpl_context as c, url, config

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.lib import helpers as h

from rhodecode.lib.exceptions import UserGroupsAssignedException

from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\

    HasUserGroupPermissionAnyDecorator

from rhodecode.lib.base import BaseController, render

from rhodecode.model.scm import UserGroupList

from rhodecode.model.users_group import UserGroupModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import User, UserGroup, UserGroupToPerm,\

    UserGroupRepoToPerm, UserGroupRepoGroupToPerm

from rhodecode.model.meta import Session

from rhodecode.lib.utils import action_logger

from sqlalchemy.orm import joinedload

from webob.exc import HTTPInternalServerError

log = logging.getLogger(__name__)

class UsersGroupsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('users_group', 'users_groups')

    @LoginRequired()

    def __before__(self):

        super(UsersGroupsController, self).__before__()

        c.available_permissions = config['available_permissions']

    def __load_data(self, user_group_id):

        ugroup_repo_perms = UserGroupRepoToPerm.query()\

            .options(joinedload(UserGroupRepoToPerm.permission))\

            .options(joinedload(UserGroupRepoToPerm.repository))\

            .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\

            .all()

        for gr in ugroup_repo_perms:

            c.users_group.permissions['repositories'][gr.repository.repo_name]  \

                = gr.permission.permission_name

        ugroup_group_perms = UserGroupRepoGroupToPerm.query()\

            .options(joinedload(UserGroupRepoGroupToPerm.permission))\

            .options(joinedload(UserGroupRepoGroupToPerm.group))\

            .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\

            .all()

        for gr in ugroup_group_perms:

            c.users_group.permissions['repositories_groups'][gr.group.group_name] \

                = gr.permission.permission_name

        c.group_members_obj = sorted((x.user for x in c.users_group.members),

                                     key=lambda u: u.username.lower())

        c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]

        c.available_members = sorted(((x.user_id, x.username) for x in

                                      User.query().all()),

                                     key=lambda u: u[1].lower())

        repo_model = RepoModel()

        c.users_array = repo_model.get_users_js()

        # commented out due to not now supporting assignment for user group

        # on user group

        c.users_groups_array = "[]"  # repo_model.get_users_groups_js()

        c.available_permissions = config['available_permissions']

    def __load_defaults(self, user_group_id):

        """

        Load defaults settings for edit, and update

        :param user_group_id:

        """

        user_group = UserGroup.get_or_404(user_group_id)

        data = user_group.get_dict()

        ug_model = UserGroupModel()

        data.update({

            'create_repo_perm': ug_model.has_perm(user_group,

                                                  'hg.create.repository'),

            'fork_repo_perm': ug_model.has_perm(user_group,

                                                'hg.fork.repository'),

        })

        # fill user group users

        for p in user_group.user_user_group_to_perm:

            data.update({'u_perm_%s' % p.user.username:

                             p.permission.permission_name})

        return data

    def index(self, format='html'):

        """GET /users_groups: All items in the collection"""

        # url('users_groups')

        group_iter = UserGroupList(UserGroup().query().all(),

                                   perm_set=['usergroup.admin'])

        sk = lambda g: g.users_group_name

        c.users_groups_list = sorted(group_iter, key=sk)

        return render('admin/users_groups/users_groups.html')

    @HasPermissionAllDecorator('hg.admin')

    def create(self):

        """POST /users_groups: Create a new item"""

        # url('users_groups')

        users_group_form = UserGroupForm()()

        try:

            form_result = users_group_form.to_python(dict(request.POST))

            UserGroupModel().create(name=form_result['users_group_name'],

                                    owner=self.rhodecode_user.user_id,

                                    active=form_result['users_group_active'])

            gr = form_result['users_group_name']

            action_logger(self.rhodecode_user,

                          'admin_created_users_group:%s' % gr,

                          None, self.ip_addr, self.sa)

            h.flash(_('Created user group %s') % gr, category='success')

            Session().commit()

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/users_groups/users_group_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

                obj_id = safe_int(request.POST.get('user_id'))

            elif obj_type == 'user_group':

                obj_id = safe_int(request.POST.get('user_group_id'))

            if not c.rhodecode_user.is_admin:

                if obj_type == 'user' and c.rhodecode_user.user_id == obj_id:

                    msg = _('Cannot revoke permission for yourself as admin')

                    h.flash(msg, category='warning')

                    raise Exception('revoke admin permission on self')

            if obj_type == 'user':

                UserGroupModel().revoke_user_permission(user_group=id,

                                                        user=obj_id)

            elif obj_type == 'user_group':

                pass

            Session().commit()

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during revoking of permission'),

                    category='error')

            raise HTTPInternalServerError()

    def show(self, id, format='html'):

        """GET /users_groups/id: Show a specific item"""

        # url('users_group', id=ID)

    @HasUserGroupPermissionAnyDecorator('usergroup.admin')

    def edit(self, id, format='html'):

        """GET /users_groups/id/edit: Form to edit an existing item"""

        # url('edit_users_group', id=ID)

        c.users_group = UserGroup.get_or_404(id)

        self.__load_data(id)

        defaults = self.__load_defaults(id)

        return htmlfill.render(

            render('admin/users_groups/users_group_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    @HasUserGroupPermissionAnyDecorator('usergroup.admin')

    def update_perm(self, id):

        """PUT /users_perm/id: Update an existing item"""

        # url('users_group_perm', id=ID, method='put')

        users_group = UserGroup.get_or_404(id)

        try:

            users_group.inherit_default_permissions = inherit_perms

            Session().add(users_group)

            else:

                usergroup_model.grant_perm(id, 'hg.fork.none')

            Session().commit()

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during permissions saving'),

                    category='error')

        return redirect(url('edit_users_group', id=id))

    return _ApplicationVisualisationForm

def ApplicationUiSettingsForm():

    class _ApplicationUiSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        web_push_ssl = v.StringBoolean(if_missing=False)

        paths_root_path = All(

            v.ValidPath(),

            v.UnicodeString(strip=True, min=1, not_empty=True)

        )

        hooks_changegroup_update = v.StringBoolean(if_missing=False)

        hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)

        hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)

        hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)

        extensions_largefiles = v.StringBoolean(if_missing=False)

        extensions_hgsubversion = v.StringBoolean(if_missing=False)

        extensions_hggit = v.StringBoolean(if_missing=False)

    return _ApplicationUiSettingsForm

def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,

                           user_group_perms_choices, create_choices,

                           repo_group_create_choices, user_group_create_choices,

                           fork_choices, register_choices):

    class _DefaultPermissionsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        overwrite_default_repo = v.StringBoolean(if_missing=False)

        overwrite_default_group = v.StringBoolean(if_missing=False)

        overwrite_default_user_group = v.StringBoolean(if_missing=False)

        anonymous = v.StringBoolean(if_missing=False)

        default_repo_perm = v.OneOf(repo_perms_choices)

        default_group_perm = v.OneOf(group_perms_choices)

        default_user_group_perm = v.OneOf(user_group_perms_choices)

        default_repo_create = v.OneOf(create_choices)

        default_user_group_create = v.OneOf(user_group_create_choices)

        #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet

        default_fork = v.OneOf(fork_choices)

        default_register = v.OneOf(register_choices)

    return _DefaultPermissionsForm

def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):

    class _DefaultsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        default_repo_type = v.OneOf(supported_backends)

        default_repo_private = v.StringBoolean(if_missing=False)

        default_repo_enable_statistics = v.StringBoolean(if_missing=False)

        default_repo_enable_downloads = v.StringBoolean(if_missing=False)

        default_repo_enable_locking = v.StringBoolean(if_missing=False)

    return _DefaultsForm

def LdapSettingsForm(tls_reqcert_choices, search_scope_choices,

                     tls_kind_choices):

    class _LdapSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        #pre_validators = [LdapLibValidator]

        ldap_active = v.StringBoolean(if_missing=False)

        ldap_host = v.UnicodeString(strip=True,)

        ldap_port = v.Number(strip=True,)

        ldap_tls_kind = v.OneOf(tls_kind_choices)

        ldap_tls_reqcert = v.OneOf(tls_reqcert_choices)

        ldap_dn_user = v.UnicodeString(strip=True,)

        ldap_dn_pass = v.UnicodeString(strip=True,)

        ldap_base_dn = v.UnicodeString(strip=True,)

        ldap_filter = v.UnicodeString(strip=True,)

        ldap_search_scope = v.OneOf(search_scope_choices)

        ldap_attr_login = v.AttrLoginValidator()(not_empty=True)

        ldap_attr_firstname = v.UnicodeString(strip=True,)

        ldap_attr_lastname = v.UnicodeString(strip=True,)

        ldap_attr_email = v.UnicodeString(strip=True,)

    return _LdapSettingsForm

def UserExtraEmailForm():

    class _UserExtraEmailForm(formencode.Schema):

        email = All(v.UniqSystemEmail(), v.Email(not_empty=True))

    return _UserExtraEmailForm

def UserExtraIpForm():

    class _UserExtraIpForm(formencode.Schema):

        ip = v.ValidIp()(not_empty=True)

    return _UserExtraIpForm

                p = 'usergroup.admin'

                user.permissions[UK][u_k] = p

            return user

        #==================================================================

        # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS

        #==================================================================

        uid = user.user_id

        # default global permissions taken fron the default user

        default_global_perms = self.sa.query(UserToPerm)\

            .filter(UserToPerm.user_id == default_user_id)

        for perm in default_global_perms:

            user.permissions[GLOBAL].add(perm.permission.permission_name)

        # defaults for repositories, taken from default user

        for perm in default_repo_perms:

            r_k = perm.UserRepoToPerm.repository.repo_name

            if perm.Repository.private and not (perm.Repository.user_id == uid):

                # disable defaults for private repos,

                p = 'repository.none'

            elif perm.Repository.user_id == uid:

                # set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions[RK][r_k] = p

        # defaults for repository groups taken from default user permission

        # on given group

        for perm in default_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            user.permissions[GK][rg_k] = p

        # defaults for user groups taken from default user permission

        # on given user group

        for perm in default_user_group_perms:

            u_k = perm.UserUserGroupToPerm.user_group.users_group_name

            p = perm.Permission.permission_name

            user.permissions[UK][u_k] = p

        #======================================================================

        # !! OVERRIDE GLOBALS !! with user permissions if any found

        #======================================================================

        # those can be configured from groups or users explicitly

        # USER GROUPS comes first

        # user group global permissions

        user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\

            .options(joinedload(UserGroupToPerm.permission))\

            .join((UserGroupMember, UserGroupToPerm.users_group_id ==

                   UserGroupMember.users_group_id))\

            .filter(UserGroupMember.user_id == uid)\

            .order_by(UserGroupToPerm.users_group_id)\

            .all()

        #need to group here by groups since user can be in more than one group

        _grouped = [[x, list(y)] for x, y in

                    itertools.groupby(user_perms_from_users_groups,

                                      lambda x:x.users_group)]

        for gr, perms in _grouped:

            # since user can be in multiple groups iterate over them and

            # select the lowest permissions first (more explicit)

            ##TODO: do this^^

            if not gr.inherit_default_permissions:

                # NEED TO IGNORE all configurable permissions and

                # replace them with explicitly set

                user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                                .difference(_configurable)

            for perm in perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        # user specific global permissions

        user_perms = self.sa.query(UserToPerm)\

                .options(joinedload(UserToPerm.permission))\

                .filter(UserToPerm.user_id == uid).all()

        if not user.inherit_default_permissions:

            # NEED TO IGNORE all configurable permissions and

            # replace them with explicitly set

            user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                            .difference(_configurable)

            for perm in user_perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        #======================================================================

        # !! PERMISSIONS FOR REPOSITORIES !!

        #======================================================================

        #======================================================================

        # check if user is part of user groups for this repository and

        # fill in his permission from it. _choose_perm decides of which

        # permission should be selected based on selected method

        #======================================================================

        # user group for repositories permissions

        user_repo_perms_from_users_groups = \

         self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\

            .join((Repository, UserGroupRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UserGroupRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==

                   UserGroupMember.users_group_id))\

            .filter(UserGroupMember.user_id == uid)\

            .all()

        multiple_counter = collections.defaultdict(int)

        for perm in user_repo_perms_from_users_groups:

            r_k = perm.UserGroupRepoToPerm.repository.repo_name

            multiple_counter[r_k] += 1

            p = perm.Permission.permission_name

            cur_perm = user.permissions[RK][r_k]

            if perm.Repository.user_id == uid:

                # set admin if owner

                p = 'repository.admin'

            else:

                if multiple_counter[r_k] > 1:

                    p = _choose_perm(p, cur_perm)

            user.permissions[RK][r_k] = p

        # user explicit permissions for repositories, overrides any specified

        # by the group permission

        user_repo_perms = Permission.get_default_perms(uid)

        for perm in user_repo_perms:

            r_k = perm.UserRepoToPerm.repository.repo_name

            cur_perm = user.permissions[RK][r_k]

            # set admin if owner

            if perm.Repository.user_id == uid:

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

             <div class="field">

                <div class="label">

                    <label for="lastname">${_('Last Name')}:</label>

                </div>

                <div class="input">

                    ${h.text('lastname',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="email">${_('Email')}:</label>

                </div>

                <div class="input">

                    ${h.text('email',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label label-checkbox">

                    <label for="active">${_('Active')}:</label>

                </div>

                <div class="checkboxes">

                    ${h.checkbox('active',value=True)}

                </div>

             </div>

             <div class="field">

                <div class="label label-checkbox">

                    <label for="admin">${_('Admin')}:</label>

                </div>

                <div class="checkboxes">

                    ${h.checkbox('admin',value=True)}

                </div>

             </div>

            <div class="buttons">

              ${h.submit('save',_('Save'),class_="ui-btn large")}

              ${h.reset('reset',_('Reset'),class_="ui-btn large")}

            </div>

        </div>

    </div>

    ${h.end_form()}

</div>

<div style="min-height:780px" class="box box-right">

    <!-- box / title -->

    <div class="title">

        <h5>${_('Permissions')}</h5>

    </div>