return _UserPermsForm

def RepoFieldForm():

    class _RepoFieldForm(formencode.Schema):

        filter_extra_fields = True

        allow_extra_fields = True

        new_field_key = All(v.FieldKey(),

                            v.UnicodeString(strip=True, min=3, not_empty=True))

        new_field_value = v.UnicodeString(not_empty=False, if_missing='')

        new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],

                                 if_missing='str')

        new_field_label = v.UnicodeString(not_empty=False)

        new_field_desc = v.UnicodeString(not_empty=False)

    return _RepoFieldForm

def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),

                 repo_groups=[], landing_revs=[]):

    class _RepoForkForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                        v.SlugifyName())

        repo_group = All(v.CanWriteGroup(),

                         v.OneOf(repo_groups, hideList=True))

        repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))

        description = v.UnicodeString(strip=True, min=1, not_empty=True)

        private = v.StringBoolean(if_missing=False)

        copy_permissions = v.StringBoolean(if_missing=False)

        update_after_clone = v.StringBoolean(if_missing=False)

        fork_parent_id = v.UnicodeString()

        chained_validators = [v.ValidForkName(edit, old_data)]

        landing_rev = v.OneOf(landing_revs, hideList=True)

    return _RepoForkForm

def ApplicationSettingsForm():

    class _ApplicationSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        rhodecode_title = v.UnicodeString(strip=True, min=1, not_empty=True)

        rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)

        rhodecode_ga_code = v.UnicodeString(strip=True, min=1, not_empty=False)

    return _ApplicationSettingsForm

def ApplicationVisualisationForm():

    class _ApplicationVisualisationForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        rhodecode_show_public_icon = v.StringBoolean(if_missing=False)

        rhodecode_show_private_icon = v.StringBoolean(if_missing=False)

        rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)

        rhodecode_lightweight_dashboard = v.StringBoolean(if_missing=False)

        rhodecode_repository_fields = v.StringBoolean(if_missing=False)

        rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)

    return _ApplicationVisualisationForm

def ApplicationUiSettingsForm():

    class _ApplicationUiSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        web_push_ssl = v.StringBoolean(if_missing=False)

        paths_root_path = All(

            v.ValidPath(),

            v.UnicodeString(strip=True, min=1, not_empty=True)

        )

        hooks_changegroup_update = v.StringBoolean(if_missing=False)

        hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)

        hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)

        hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)

        extensions_largefiles = v.StringBoolean(if_missing=False)

        extensions_hgsubversion = v.StringBoolean(if_missing=False)

        extensions_hggit = v.StringBoolean(if_missing=False)

    return _ApplicationUiSettingsForm

def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,

                           user_group_perms_choices, create_choices,

                           repo_group_create_choices, user_group_create_choices,

                           fork_choices, register_choices):

    class _DefaultPermissionsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        overwrite_default_repo = v.StringBoolean(if_missing=False)

        overwrite_default_group = v.StringBoolean(if_missing=False)

        anonymous = v.StringBoolean(if_missing=False)

        default_repo_perm = v.OneOf(repo_perms_choices)

        default_group_perm = v.OneOf(group_perms_choices)

        default_user_group_perm = v.OneOf(user_group_perms_choices)

        default_repo_create = v.OneOf(create_choices)

        default_user_group_create = v.OneOf(user_group_create_choices)

        #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet

        default_fork = v.OneOf(fork_choices)

        default_register = v.OneOf(register_choices)

    return _DefaultPermissionsForm

def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):

    class _DefaultsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        default_repo_type = v.OneOf(supported_backends)

        default_repo_private = v.StringBoolean(if_missing=False)

        default_repo_enable_statistics = v.StringBoolean(if_missing=False)

        default_repo_enable_downloads = v.StringBoolean(if_missing=False)

        default_repo_enable_locking = v.StringBoolean(if_missing=False)

    return _DefaultsForm

def LdapSettingsForm(tls_reqcert_choices, search_scope_choices,

                     tls_kind_choices):

    class _LdapSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        #pre_validators = [LdapLibValidator]

        ldap_active = v.StringBoolean(if_missing=False)

        ldap_host = v.UnicodeString(strip=True,)

        ldap_port = v.Number(strip=True,)

        ldap_tls_kind = v.OneOf(tls_kind_choices)

        ldap_tls_reqcert = v.OneOf(tls_reqcert_choices)

        ldap_dn_user = v.UnicodeString(strip=True,)

        ldap_dn_pass = v.UnicodeString(strip=True,)

        ldap_base_dn = v.UnicodeString(strip=True,)

        ldap_filter = v.UnicodeString(strip=True,)

        ldap_search_scope = v.OneOf(search_scope_choices)

        ldap_attr_login = v.AttrLoginValidator()(not_empty=True)

        ldap_attr_firstname = v.UnicodeString(strip=True,)

        ldap_attr_lastname = v.UnicodeString(strip=True,)

        ldap_attr_email = v.UnicodeString(strip=True,)

    return _LdapSettingsForm

def UserExtraEmailForm():

    class _UserExtraEmailForm(formencode.Schema):

        email = All(v.UniqSystemEmail(), v.Email(not_empty=True))

    return _UserExtraEmailForm

def UserExtraIpForm():

    class _UserExtraIpForm(formencode.Schema):

        ip = v.ValidIp()(not_empty=True)

    return _UserExtraIpForm

def PullRequestForm(repo_id):

    class _PullRequestForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        user = v.UnicodeString(strip=True, required=True)

        org_repo = v.UnicodeString(strip=True, required=True)

        org_ref = v.UnicodeString(strip=True, required=True)

        other_repo = v.UnicodeString(strip=True, required=True)

        other_ref = v.UnicodeString(strip=True, required=True)

        revisions = All(#v.NotReviewedRevisions(repo_id)(),

                        v.UniqueList(not_empty=True))

        review_members = v.UniqueList(not_empty=True)

        pullrequest_title = v.UnicodeString(strip=True, required=True, min=3)

        pullrequest_desc = v.UnicodeString(strip=True, required=False)

        ancestor_rev = v.UnicodeString(strip=True, required=True)

        merge_rev = v.UnicodeString(strip=True, required=True)

    return _PullRequestForm

# -*- coding: utf-8 -*-

"""

    rhodecode.model.permission

    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    permissions model for RhodeCode

    :created_on: Aug 20, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

from sqlalchemy.exc import DatabaseError

from rhodecode.model import BaseModel

from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\

from rhodecode.lib.utils2 import str2bool

log = logging.getLogger(__name__)

class PermissionModel(BaseModel):

    """

    Permissions model for RhodeCode

    """

    cls = Permission

    def create_permissions(self):

        """

        Create permissions for whole system

        """

        for p in Permission.PERMS:

            if not Permission.get_by_key(p[0]):

                new_perm = Permission()

                new_perm.permission_name = p[0]

                new_perm.permission_longname = p[0]  #translation err with p[1]

                self.sa.add(new_perm)

    def create_default_permissions(self, user):

        """

        Creates only missing default permissions for user

        :param user:

        """

        user = self._get_user(user)

        def _make_perm(perm):

            new_perm = UserToPerm()

            new_perm.user = user

            new_perm.permission = Permission.get_by_key(perm)

            return new_perm

        def _get_group(perm_name):

            return '.'.join(perm_name.split('.')[:1])

        perms = UserToPerm.query().filter(UserToPerm.user == user).all()

        defined_perms_groups = map(_get_group,

                                (x.permission.permission_name for x in perms))

        log.debug('GOT ALREADY DEFINED:%s' % perms)

        DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS

        # for every default permission that needs to be created, we check if

        # it's group is already defined, if it's not we create default perm

        for perm_name in DEFAULT_PERMS:

            gr = _get_group(perm_name)

            if gr not in defined_perms_groups:

                log.debug('GR:%s not found, creating permission %s'

                          % (gr, perm_name))

                new_perm = _make_perm(perm_name)

                self.sa.add(new_perm)

    def update(self, form_result):

        perm_user = User.get_by_username(username=form_result['perm_user_name'])

        try:

            # stage 1 set anonymous access

            if perm_user.username == 'default':

                perm_user.active = str2bool(form_result['anonymous'])

                self.sa.add(perm_user)

            # stage 2 reset defaults and set them from form data

            def _make_new(usr, perm_name):

                log.debug('Creating new permission:%s' % (perm_name))

                new = UserToPerm()

                new.user = usr

                new.permission = Permission.get_by_key(perm_name)

                return new

            # clear current entries, to make this function idempotent

            # it will fix even if we define more permissions or permissions

            # are somehow missing

            u2p = self.sa.query(UserToPerm)\

                .filter(UserToPerm.user == perm_user)\

                .all()

            for p in u2p:

                self.sa.delete(p)

            #create fresh set of permissions

            for def_perm_key in ['default_repo_perm', 'default_group_perm',

                                 'default_user_group_perm',

                                 'default_repo_create',

                                 #'default_repo_group_create', #not implemented yet

                                 'default_user_group_create',

                                 'default_fork', 'default_register']:

                p = _make_new(perm_user, form_result[def_perm_key])

                self.sa.add(p)

            #stage 3 update all default permissions for repos if checked

            if form_result['overwrite_default_repo'] == True:

                _def_name = form_result['default_repo_perm'].split('repository.')[-1]

                _def = Permission.get_by_key('repository.' + _def_name)

                # repos

                for r2p in self.sa.query(UserRepoToPerm)\

                               .filter(UserRepoToPerm.user == perm_user)\

                               .all():

                    #don't reset PRIVATE repositories

                    if not r2p.repository.private:

                        r2p.permission = _def

                        self.sa.add(r2p)

            if form_result['overwrite_default_group'] == True:

                _def_name = form_result['default_group_perm'].split('group.')[-1]

                # groups

                _def = Permission.get_by_key('group.' + _def_name)

                for g2p in self.sa.query(UserRepoGroupToPerm)\

                               .filter(UserRepoGroupToPerm.user == perm_user)\

                               .all():

                    g2p.permission = _def

                    self.sa.add(g2p)

            self.sa.commit()

        except (DatabaseError,):

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise