"ip_addresses": "[<ip_address_for_user>,...]",

                        "active" :      "<bool: user active>",

                        "admin" :       "<bool: user is admin>",

                        "extern_name" : "<extern_name>",

                        "extern_type" : "<extern type>

                        "last_login":   "<last_login>",

                        "permissions": {

                            "global": ["hg.create.repository",

                                       "repository.read",

                                       "hg.register.manual_activate"],

                            "repositories": {"repo1": "repository.none"},

                            "repositories_groups": {"Group1": "group.read"}

                         },

                    }

            error:  null

        """

        if not HasPermissionAny('hg.admin')():

            # make sure normal user does not pass someone else userid,

            # he is not allowed to do that

            if not isinstance(userid, Optional) and userid != request.authuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        if isinstance(userid, Optional):

            userid = request.authuser.user_id

        user = get_user_or_error(userid)

        data = user.get_api_data()

        data['permissions'] = AuthUser(user_id=user.user_id).permissions

        return data

    @HasPermissionAnyDecorator('hg.admin')

    def get_users(self):

        """

        Lists all existing users. This command can be executed only using api_key

        belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result: [<user_object>, ...]

            error:  null

        """

    @HasPermissionAnyDecorator('hg.admin')

    def create_user(self, username, email, password=Optional(''),

                    firstname=Optional(''), lastname=Optional(''),

                    active=Optional(True), admin=Optional(False),

                    extern_type=Optional(User.DEFAULT_AUTH_TYPE),

                    extern_name=Optional('')):

        """

        Creates new user. Returns new user object. This command can

        be executed only using api_key belonging to user with admin rights.

        :param username: new username

        :type username: str or int

        :param email: email

        :type email: str

        :param password: password

        :type password: Optional(str)

        :param firstname: firstname

        :type firstname: Optional(str)

        :param lastname: lastname

        :type lastname: Optional(str)

        :param active: active

        :type active: Optional(bool)

        :param admin: admin

        :type admin: Optional(bool)

        :param extern_name: name of extern

        :type extern_name: Optional(str)

        :param extern_type: extern_type

        :type extern_type: Optional(str)

        OUTPUT::

            id : <id_given_in_input>

            result: {

                      "msg" : "created new user `<username>`",

                      "user": <user_obj>

                    }

            error:  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "user `<username>` already exist"

            or

            "email `<email>` already exist"

                               % (user.user_id, user.username))

    # permission check inside

    def get_user_group(self, usergroupid):

        """

        Gets an existing user group. This command can be executed only using api_key

        belonging to user with admin rights or user who has at least

        read access to user group.

        :param usergroupid: id of user_group to edit

        :type usergroupid: str or int

        OUTPUT::

            id : <id_given_in_input>

            result : None if group not exist

                     {

                       "users_group_id" : "<id>",

                       "group_name" :     "<groupname>",

                       "active":          "<bool>",

                       "members" :  [<user_obj>,...]

                     }

            error : null

        """

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasUserGroupPermissionLevel('read')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        data = user_group.get_api_data()

        return data

    # permission check inside

    def get_user_groups(self):

        """

        Lists all existing user groups. This command can be executed only using

        api_key belonging to user with admin rights or user who has at least

        read access to user group.

        OUTPUT::

            id : <id_given_in_input>

            result : [<user_group_obj>,...]

            error : null

        """

    @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')

    def create_user_group(self, group_name, description=Optional(''),

                          owner=Optional(OAttr('apiuser')), active=Optional(True)):

        """

        Creates new user group. This command can be executed only using api_key

        belonging to user with admin rights or an user who has create user group

        permission

        :param group_name: name of new user group

        :type group_name: str

        :param description: group description

        :type description: str

        :param owner: owner of group. If not passed apiuser is the owner

        :type owner: Optional(str or int)

        :param active: group is active

        :type active: Optional(bool)

        OUTPUT::

            id : <id_given_in_input>

            result: {

                      "msg": "created new user group `<groupname>`",

                      "user_group": <user_group_object>

                    }

            error:  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "user group `<group name>` already exist"

            or

            "failed to create group `<group name>`"

          }

        """

        if UserGroupModel().get_by_name(group_name):

            raise JSONRPCError("user group `%s` already exist" % (group_name,))

        try:

            if isinstance(owner, Optional):

                owner = request.authuser.user_id

            owner = get_user_or_error(owner)

            active = Optional.extract(active)

                "repo_name" :        "<reponame>"

                "repo_type" :        "<repo_type>",

                "clone_uri" :        "<clone_uri>",

                "enable_downloads":  "<bool>",

                "enable_locking":    "<bool>",

                "enable_statistics": "<bool>",

                "private":           "<bool>",

                "created_on" :       "<date_time_created>",

                "description" :      "<description>",

                "landing_rev":       "<landing_rev>",

                "last_changeset":    {

                                       "author":   "<full_author>",

                                       "date":     "<date_time_of_commit>",

                                       "message":  "<commit_message>",

                                       "raw_id":   "<raw_id>",

                                       "revision": "<numeric_revision>",

                                       "short_id": "<short_id>"

                                     }

                "owner":             "<repo_owner>",

                "fork_of":           "<name_of_fork_parent>",

                "members" :     [

                                  {

                                    "name":     "<username>",

                                    "type" :    "user",

                                    "permission" : "repository.(read|write|admin)"

                                  },

                                  …

                                  {

                                    "name":     "<usergroup name>",

                                    "type" :    "user_group",

                                    "permission" : "usergroup.(read|write|admin)"

                                  },

                                  …

                                ]

                 "followers":   [<user_obj>, ...]

                 ]

            }

          }

          error :  null

        """

        repo = get_repo_or_error(repoid)

        if not HasPermissionAny('hg.admin')():

            if not HasRepoPermissionLevel('read')(repo.repo_name):

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        members = []

        for user in repo.repo_to_perm:

            perm = user.permission.permission_name

            user = user.user

            user_data = {

                'name': user.username,

                'type': "user",

                'permission': perm

            }

            members.append(user_data)

        for user_group in repo.users_group_to_perm:

            perm = user_group.permission.permission_name

            user_group = user_group.users_group

            user_group_data = {

                'name': user_group.users_group_name,

                'type': "user_group",

                'permission': perm

            }

            members.append(user_group_data)

        data = repo.get_api_data()

        data['members'] = members

        data['followers'] = followers

        return data

    # permission check inside

    def get_repos(self):

        """

        Lists all existing repositories. This command can be executed only using

        api_key belonging to user with admin rights or regular user that have

        admin, write or read access to repository.

        OUTPUT::

            id : <id_given_in_input>

            result: [

                      {

                        "repo_id" :          "<repo_id>",

                        "repo_name" :        "<reponame>"

                        "repo_type" :        "<repo_type>",

                        "clone_uri" :        "<clone_uri>",

                        "private": :         "<bool>",

                        "created_on" :       "<datetimecreated>",

                        "description" :      "<description>",

                        "landing_rev":       "<landing_rev>",

                        "owner":             "<repo_owner>",

                        "fork_of":           "<name_of_fork_parent>",

                        "enable_downloads":  "<bool>",

                        "enable_locking":    "<bool>",

                        "enable_statistics": "<bool>",

                      },

                      …

                    ]

            error:  null

        """

        if not HasPermissionAny('hg.admin')():

            repos = RepoModel().get_all_user_repos(user=request.authuser.user_id)

        else:

            repos = Repository.query()

    # permission check inside

    def get_repo_nodes(self, repoid, revision, root_path,

                       ret_type=Optional('all')):

        """

        returns a list of nodes and it's children in a flat list for a given path

        at given revision. It's possible to specify ret_type to show only `files` or

        `dirs`.  This command can be executed only using api_key belonging to

        user with admin rights or regular user that have at least read access to repository.

        :param repoid: repository name or repository id

        :type repoid: str or int

        :param revision: revision for which listing should be done

        :type revision: str

        :param root_path: path from which start displaying

        :type root_path: str

        :param ret_type: return type 'all|files|dirs' nodes

        :type ret_type: Optional(str)

        OUTPUT::

            id : <id_given_in_input>

            result: [

                      {

                        "name" :        "<name>"

                        "type" :        "<type>",

                      },

                      …

                    ]

            error:  null

        """

        repo = get_repo_or_error(repoid)

        if not HasPermissionAny('hg.admin')():

            if not HasRepoPermissionLevel('read')(repo.repo_name):

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        ret_type = Optional.extract(ret_type)

        _map = {}

        try:

            _d, _f = ScmModel().get_nodes(repo, revision, root_path,

                                          flat=False)

            _map = {

                'all': _d + _f,

                'files': _f,

                'dirs': _d,

            }

                'failed to edit permission for user group: `%s` in '

                'repo: `%s`' % (

                    user_group.users_group_name, repo.repo_name

                )

            )

    @HasPermissionAnyDecorator('hg.admin')

    def get_repo_group(self, repogroupid):

        """

        Returns given repo group together with permissions, and repositories

        inside the group

        :param repogroupid: id/name of repository group

        :type repogroupid: str or int

        """

        repo_group = get_repo_group_or_error(repogroupid)

        members = []

        for user in repo_group.repo_group_to_perm:

            perm = user.permission.permission_name

            user = user.user

            user_data = {

                'name': user.username,

                'type': "user",

                'permission': perm

            }

            members.append(user_data)

        for user_group in repo_group.users_group_to_perm:

            perm = user_group.permission.permission_name

            user_group = user_group.users_group

            user_group_data = {

                'name': user_group.users_group_name,

                'type': "user_group",

                'permission': perm

            }

            members.append(user_group_data)

        data = repo_group.get_api_data()

        data["members"] = members

        return data

    @HasPermissionAnyDecorator('hg.admin')

    def get_repo_groups(self):

        """

        Returns all repository groups

        """

    @HasPermissionAnyDecorator('hg.admin')

    def create_repo_group(self, group_name, description=Optional(''),

                          owner=Optional(OAttr('apiuser')),

                          parent=Optional(None),

                          copy_permissions=Optional(False)):

        """

        Creates a repository group. This command can be executed only using

        api_key belonging to user with admin rights.

        :param group_name:

        :type group_name:

        :param description:

        :type description:

        :param owner:

        :type owner:

        :param parent:

        :type parent:

        :param copy_permissions:

        :type copy_permissions:

        OUTPUT::

          id : <id_given_in_input>

          result : {

              "msg": "created new repo group `<repo_group_name>`"

              "repo_group": <repogroup_object>

          }

          error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            failed to create repo group `<repogroupid>`

          }

        """

        if RepoGroup.get_by_group_name(group_name):

            raise JSONRPCError("repo group `%s` already exist" % (group_name,))

        if isinstance(owner, Optional):

            owner = request.authuser.user_id

        group_description = Optional.extract(description)

        parent_group = Optional.extract(parent)

        if not isinstance(parent, Optional):

            parent_group = get_repo_group_or_error(parent_group)

            return dict(

                msg='Revoked perm (recursive:%s) for user group: `%s` in repo group: `%s`' % (

                    apply_to_children, user_group.users_group_name, repo_group.name

                ),

                success=True

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'failed to edit permission for user group: `%s` in repo group: `%s`' % (

                    user_group.users_group_name, repo_group.name

                )

            )

    def get_gist(self, gistid):

        """

        Get given gist by id

        :param gistid: id of private or public gist

        :type gistid: str

        """

        gist = get_gist_or_error(gistid)

        if not HasPermissionAny('hg.admin')():

            if gist.owner_id != request.authuser.user_id:

                raise JSONRPCError('gist `%s` does not exist' % (gistid,))

        return gist.get_api_data()

    def get_gists(self, userid=Optional(OAttr('apiuser'))):

        """

        Get all gists for given user. If userid is empty returned gists

        are for user who called the api

        :param userid: user to get gists for

        :type userid: Optional(str or int)

        """

        if not HasPermissionAny('hg.admin')():

            # make sure normal user does not pass someone else userid,

            # he is not allowed to do that

            if not isinstance(userid, Optional) and userid != request.authuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        if isinstance(userid, Optional):

            user_id = request.authuser.user_id

        else:

            user_id = get_user_or_error(userid).user_id

    def create_gist(self, files, owner=Optional(OAttr('apiuser')),

                    gist_type=Optional(Gist.GIST_PUBLIC), lifetime=Optional(-1),

                    description=Optional('')):

        """

        Creates new Gist

        :param files: files to be added to gist

            {'filename': {'content':'...', 'lexer': null},

             'filename2': {'content':'...', 'lexer': null}}

        :type files: dict

        :param owner: gist owner, defaults to api method caller

        :type owner: Optional(str or int)

        :param gist_type: type of gist 'public' or 'private'

        :type gist_type: Optional(str)

        :param lifetime: time in minutes of gist lifetime

        :type lifetime: Optional(int)

        :param description: gist description

        :type description: Optional(str)

        OUTPUT::

          id : <id_given_in_input>

          result : {

            "msg": "created new gist",

            "gist": {}

          }

          error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to create gist"

          }

        """

        try:

            if isinstance(owner, Optional):

                owner = request.authuser.user_id

            owner = get_user_or_error(owner)

            description = Optional.extract(description)

            gist_type = Optional.extract(gist_type)

            lifetime = Optional.extract(lifetime)

            all changesets that we need to obtain

        :param other_rev: revision we want out compare to be made on other_repo

        """

        ancestors = None

        if org_rev == other_rev:

            org_changesets = []

            other_changesets = []

        elif alias == 'hg':

            #case two independent repos

            if org_repo != other_repo:

                hgrepo = unionrepo.unionrepository(other_repo.baseui,

                                                   other_repo.path,

                                                   org_repo.path)

                # all ancestors of other_rev will be in other_repo and

                # rev numbers from hgrepo can be used in other_repo - org_rev ancestors cannot

            #no remote compare do it on the same repository

            else:

                hgrepo = other_repo._repo

            ancestors = [hgrepo[ancestor].hex() for ancestor in

                         hgrepo.revs("id(%s) & ::id(%s)", other_rev, org_rev)]

            if ancestors:

                log.debug("shortcut found: %s is already an ancestor of %s", other_rev, org_rev)

            else:

                log.debug("no shortcut found: %s is not an ancestor of %s", other_rev, org_rev)

                ancestors = [hgrepo[ancestor].hex() for ancestor in

                             hgrepo.revs("heads(::id(%s) & ::id(%s))", org_rev, other_rev)] # FIXME: expensive!

            other_revs = hgrepo.revs("ancestors(id(%s)) and not ancestors(id(%s)) and not id(%s)",

                                     other_rev, org_rev, org_rev)

            other_changesets = [other_repo.get_changeset(rev) for rev in other_revs]

            org_revs = hgrepo.revs("ancestors(id(%s)) and not ancestors(id(%s)) and not id(%s)",

                                   org_rev, other_rev, other_rev)

            org_changesets = [org_repo.get_changeset(hgrepo[rev].hex()) for rev in org_revs]

        elif alias == 'git':

            if org_repo != other_repo:

                from dulwich.repo import Repo

                from dulwich.client import SubprocessGitClient

                gitrepo = Repo(org_repo.path)

                SubprocessGitClient(thin_packs=False).fetch(safe_str(other_repo.path), gitrepo)

                gitrepo_remote = Repo(other_repo.path)

                SubprocessGitClient(thin_packs=False).fetch(safe_str(org_repo.path), gitrepo_remote)

                other_changesets = [other_repo.get_changeset(rev) for rev in reversed(revs)]

                if other_changesets:

                    ancestors = [other_changesets[0].parents[0].raw_id]

                else:

                    # no changesets from other repo, ancestor is the other_rev

                    ancestors = [other_rev]

                gitrepo.close()

                gitrepo_remote.close()

            else:

                so, se = org_repo.run_git_command(

                    ['log', '--reverse', '--pretty=format:%H',

                     '-s', '%s..%s' % (org_rev, other_rev)]

                )

                other_changesets = [org_repo.get_changeset(cs)

                              for cs in re.findall(r'[0-9a-fA-F]{40}', so)]

                so, se = org_repo.run_git_command(

                    ['merge-base', org_rev, other_rev]

                )

                ancestors = [re.findall(r'[0-9a-fA-F]{40}', so)[0]]

            org_changesets = []

        else:

            raise Exception('Bad alias only git and hg is allowed')

        return other_changesets, org_changesets, ancestors

    @LoginRequired()

    @HasRepoPermissionLevelDecorator('read')

    def index(self, repo_name):

        c.compare_home = True

        c.a_ref_name = c.cs_ref_name = _('Select changeset')

        return render('compare/compare_diff.html')

    @LoginRequired()

    @HasRepoPermissionLevelDecorator('read')

    def compare(self, repo_name, org_ref_type, org_ref_name, other_ref_type, other_ref_name):

        org_ref_name = org_ref_name.strip()

        other_ref_name = other_ref_name.strip()

        # If merge is True:

        #   Show what org would get if merged with other:

        #   List changesets that are ancestors of other but not of org.

        #   New changesets in org is thus ignored.

        #   Diff will be from common ancestor, and merges of org to other will thus be ignored.

        # If merge is False:

        #   Make a raw diff from org to other, no matter if related or not.

from kallithea.lib.compat import json

from kallithea.lib.caching_query import FromCache

from kallithea.model.meta import Base, Session

URL_SEP = '/'

log = logging.getLogger(__name__)

#==============================================================================

# BASE CLASSES

#==============================================================================

_hash_key = lambda k: hashlib.md5(safe_str(k)).hexdigest()

class BaseDbModel(object):

    """

    Base Model for all classes

    """

    @classmethod

    def _get_keys(cls):

        """return column names for this model """

        return class_mapper(cls).c.keys()

    def get_dict(self):

        """

        return dict with keys and values corresponding

        to this model data """

        d = {}

        for k in self._get_keys():

            d[k] = getattr(self, k)

        # also use __json__() if present to get additional fields

        _json_attr = getattr(self, '__json__', None)

        if _json_attr:

            # update with attributes from __json__

            if callable(_json_attr):

                _json_attr = _json_attr()

            for k, val in _json_attr.iteritems():

                d[k] = val

        return d

    def get_appstruct(self):

        """return list with keys and values tuples corresponding

        to this model data """

    def populate_obj(self, populate_dict):

        """populate model with data from given populate_dict"""

        for k in self._get_keys():

            if k in populate_dict:

                setattr(self, k, populate_dict[k])

    @classmethod

    def query(cls):

        return Session().query(cls)

    @classmethod

    def get(cls, id_):

        if id_:

            return cls.query().get(id_)

    @classmethod

    def guess_instance(cls, value, callback=None):

        """Haphazardly attempt to convert `value` to a `cls` instance.

        If `value` is None or already a `cls` instance, return it. If `value`

        is a number (or looks like one if you squint just right), assume it's

        a database primary key and let SQLAlchemy sort things out. Otherwise,

        fall back to resolving it using `callback` (if specified); this could

        e.g. be a function that looks up instances by name (though that won't

        work if the name begins with a digit). Otherwise, raise Exception.

        """

        if value is None:

            return None

        if isinstance(value, cls):

            return value

        if isinstance(value, (int, long)) or safe_str(value).isdigit():

            return cls.get(value)

        if callback is not None:

            return callback(value)

        raise Exception(

            'given object must be int, long or Instance of %s '

            'got %s, no callback provided' % (cls, type(value))

        )

    @classmethod

    def get_or_404(cls, id_):

        try:

            id_ = int(id_)

        except (TypeError, ValueError):

        try:

            self._group_data = json.dumps(val)

        except Exception:

            log.error(traceback.format_exc())

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__,

                                      self.users_group_id,

                                      self.users_group_name)

    @classmethod

    def guess_instance(cls, value):

        return super(UserGroup, cls).guess_instance(value, UserGroup.get_by_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, cache=False,

                          case_insensitive=False):

        if case_insensitive:

            q = cls.query().filter(func.lower(cls.users_group_name) == func.lower(group_name))

        else:

            q = cls.query().filter(cls.users_group_name == group_name)

        if cache:

            q = q.options(FromCache(

                            "sql_cache_short",

                            "get_group_%s" % _hash_key(group_name)

                          )

            )

        return q.scalar()

    @classmethod

    def get(cls, user_group_id, cache=False):

        user_group = cls.query()

        if cache:

            user_group = user_group.options(FromCache("sql_cache_short",

                                    "get_users_group_%s" % user_group_id))

        return user_group.get(user_group_id)

    def get_api_data(self, with_members=True):

        user_group = self

        data = dict(

            users_group_id=user_group.users_group_id,

            group_name=user_group.users_group_name,

            group_description=user_group.user_group_description,

            active=user_group.users_group_active,

            owner=user_group.owner.username,

        )

        if with_members: