"""The base Controller API

Provides the BaseController class for subclassing.

"""

import logging

import time

import traceback

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden

from paste.httpheaders import WWW_AUTHENTICATE

from pylons import config, tmpl_context as c, request, session, url

from pylons.controllers import WSGIController

from pylons.controllers.util import redirect

from pylons.templating import render_mako as render

from rhodecode import __version__, BACKENDS

from rhodecode.lib.utils2 import str2bool, safe_unicode

from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\

    HasPermissionAnyMiddleware, CookieStoreWrapper

from rhodecode.lib.utils import get_repo_slug, invalidate_cache

from rhodecode.model import meta

from rhodecode.model.db import Repository

from rhodecode.model.notification import NotificationModel

from rhodecode.model.scm import ScmModel

log = logging.getLogger(__name__)

def _get_ip_addr(environ):

    proxy_key = 'HTTP_X_REAL_IP'

    proxy_key2 = 'HTTP_X_FORWARDED_FOR'

    def_key = 'REMOTE_ADDR'

    return environ.get(proxy_key2,

                       environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))

                       )

class BasicAuth(AuthBasicAuthenticator):

    def __init__(self, realm, authfunc, auth_http_code=None):

        self.realm = realm

        self.authfunc = authfunc

        self._rc_auth_http_code = auth_http_code

    def build_authentication(self):

        head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)

        if self._rc_auth_http_code and self._rc_auth_http_code == '403':

            # return 403 if alternative http return code is specified in

            # RhodeCode config

            return HTTPForbidden(headers=head)

        return HTTPUnauthorized(headers=head)

class BaseVCSController(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        # base path of repo locations

        self.basepath = self.config['base_path']

        #authenticate this mercurial request using authfunc

        self.authenticate = BasicAuth('', authfunc,

                                      config.get('auth_ret_code'))

        self.ipaddr = '0.0.0.0'

    def _handle_request(self, environ, start_response):

        raise NotImplementedError()

    def _get_by_id(self, repo_name):

        """

        Get's a special pattern _<ID> from clone url and tries to replace it

        with a repository_name for support of _<ID> non changable urls

        :param repo_name:

        """

        try:

            data = repo_name.split('/')

            if len(data) >= 2:

                by_id = data[1].split('_')

                if len(by_id) == 2 and by_id[1].isdigit():

                    _repo_name = Repository.get(by_id[1]).repo_name

                    data[1] = _repo_name

        except:

            log.debug('Failed to extract repo_name from id %s' % (

                      traceback.format_exc()

                      )

            )

        return '/'.join(data)

    def _invalidate_cache(self, repo_name):

        """

        Set's cache for this repository for invalidation on next access

        :param repo_name: full repo name, also a cache key

        """

        invalidate_cache('get_repo_cached_%s' % repo_name)

    def _check_permission(self, action, user, repo_name):

        """

        Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: user instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        return True

    def _get_ip_addr(self, environ):

        return _get_ip_addr(environ)

    def __call__(self, environ, start_response):

        start = time.time()

        try:

            return self._handle_request(environ, start_response)

        finally:

            log = logging.getLogger('rhodecode.' + self.__class__.__name__)

            log.debug('Request time: %.3fs' % (time.time() - start))

            meta.Session.remove()

class BaseController(WSGIController):

    def __before__(self):

        c.rhodecode_version = __version__

        c.rhodecode_instanceid = config.get('instance_id')

        c.rhodecode_name = config.get('rhodecode_title')

        c.use_gravatar = str2bool(config.get('use_gravatar'))

        c.ga_code = config.get('rhodecode_ga_code')

        c.repo_name = get_repo_slug(request)

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel()\

                        .get_unread_cnt_for_user(c.rhodecode_user.user_id)

        self.cut_off_limit = int(config.get('cut_off_limit'))

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

        self.ip_addr = ''

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        start = time.time()

        try:

            self.ip_addr = _get_ip_addr(environ)

            # make sure that we update permissions each time we call controller

            api_key = request.GET.get('api_key')

            cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

            user_id = cookie_store.get('user_id', None)

            username = get_container_username(environ, config)

            auth_user = AuthUser(user_id, api_key, username)

            request.user = auth_user

            self.rhodecode_user = c.rhodecode_user = auth_user

            if not self.rhodecode_user.is_authenticated and \

                       self.rhodecode_user.user_id is not None:

                self.rhodecode_user.set_authenticated(

                    cookie_store.get('is_authenticated')

                )

            log.info('User: %s accessed %s' % (

                auth_user, safe_unicode(environ.get('PATH_INFO')))

            )

            return WSGIController.__call__(self, environ, start_response)

        finally:

            log.info('Request to %s time: %.3fs' % (

                safe_unicode(environ.get('PATH_INFO')), time.time() - start)

            )

            meta.Session.remove()

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.rhodecode_repo: instance of scm repository

    c.rhodecode_db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

    """

    def __before__(self):

        super(BaseRepoController, self).__before__()

        if c.repo_name:

            dbr = c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)

            c.rhodecode_repo = c.rhodecode_db_repo.scm_instance

            if c.rhodecode_repo is None:

                log.error('%s this repository is present in database but it '

                          'cannot be created as an scm instance', c.repo_name)

                redirect(url('home'))

            # some globals counter for menu

            c.repository_followers = self.scm_model.get_followers(dbr)

            c.repository_forks = self.scm_model.get_forks(dbr)

# -*- coding: utf-8 -*-

"""

    rhodecode.model.db_1_4_0

    ~~~~~~~~~~~~~~~~~~~~~~~~

    Database Models for RhodeCode <=1.4.X

    :created_on: Apr 08, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

#TODO: replace that will db.py content after 1.5 Release

"""

Mercurial libs compatibility

"""

from mercurial import archival, merge as hg_merge, patch, ui

from mercurial.commands import clone, nullid, pull

from mercurial.context import memctx, memfilectx

from mercurial.error import RepoError, RepoLookupError, Abort

from mercurial.hgweb.common import get_contact

from mercurial.localrepo import localrepository

from mercurial.match import match

from mercurial.mdiff import diffopts

from mercurial.node import hex

from mercurial.encoding import tolocal

            # notification to admins

            subject = _('new user registration')

            body = ('New user registration\n'

                    '---------------------\n'

                    '- Username: %s\n'

                    '- Full Name: %s\n'

                    '- Email: %s\n')

            body = body % (new_user.username, new_user.full_name,

                           new_user.email)

            edit_url = url('edit_user', id=new_user.user_id, qualified=True)

            kw = {'registered_user_url': edit_url}

            NotificationModel().create(created_by=new_user, subject=subject,

                                       body=body, recipients=None,

                                       type_=Notification.TYPE_REGISTRATION,

                                       email_kwargs=kw)

        except:

            log.error(traceback.format_exc())

            raise

    def update(self, user_id, form_data):

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                                _("You can't Edit this user since it's"

                                  " crucial for entire application"))

            for k, v in form_data.items():

                if k == 'new_password' and v != '':

                    user.password = v

                    user.api_key = generate_api_key(user.username)

                else:

                    setattr(user, k, v)

            self.sa.add(user)

        except:

            log.error(traceback.format_exc())

            raise

    def update_my_account(self, user_id, form_data):

        from rhodecode.lib.auth import get_crypt_password

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                    _("You can't Edit this user since it's"

                      " crucial for entire application")

                )

            for k, v in form_data.items():

                if k == 'new_password' and v != '':

                    user.password = get_crypt_password(v)

                    user.api_key = generate_api_key(user.username)

                else:

                    if k not in ['admin', 'active']:

                        setattr(user, k, v)

            self.sa.add(user)

        except:

            log.error(traceback.format_exc())

            raise

    def delete(self, user):

        user = self._get_user(user)

        try:

            if user.username == 'default':

                raise DefaultUserException(

                    _(u"You can't remove this user since it's"

                      " crucial for entire application")

                )

            if user.repositories:

                repos = [x.repo_name for x in user.repositories]

                raise UserOwnsReposException(

                    _(u'user "%s" still owns %s repositories and cannot be '

                      'removed. Switch owners or remove those repositories. %s')

                    % (user.username, len(repos), ', '.join(repos))

                )

            self.sa.delete(user)

        except:

            log.error(traceback.format_exc())

            raise

    def reset_password_link(self, data):

        from rhodecode.lib.celerylib import tasks, run_task

        run_task(tasks.send_password_link, data['email'])

    def reset_password(self, data):

        from rhodecode.lib.celerylib import tasks, run_task

        run_task(tasks.reset_user_password, data['email'])

    def fill_data(self, auth_user, user_id=None, api_key=None):

        """

        Fetches auth_user by user_id,or api_key if present.

        Fills auth_user attributes with those taken from database.

        Additionally set's is_authenitated if lookup fails

        present in database

        :param auth_user: instance of user to set attributes

        :param user_id: user id to fetch by

        :param api_key: api key to fetch by

        """

        if user_id is None and api_key is None:

            raise Exception('You need to pass user_id or api_key')

        try:

            if api_key:

                dbuser = self.get_by_api_key(api_key)

            else:

                dbuser = self.get(user_id)

            if dbuser is not None and dbuser.active:

                log.debug('filling %s data' % dbuser)

                for k, v in dbuser.get_dict().items():

                    setattr(auth_user, k, v)

            else:

                return False

        except:

            log.error(traceback.format_exc())

            auth_user.is_authenticated = False

            return False

        return True

    def fill_perms(self, user):

        """

        Fills user permission attribute with permissions taken from database

        works for permissions given for repositories, and for permissions that

        are granted to groups

        :param user: user instance to fill his perms

        """

        RK = 'repositories'

        GK = 'repositories_groups'

        GLOBAL = 'global'

        user.permissions[RK] = {}

        user.permissions[GK] = {}

        user.permissions[GLOBAL] = set()

        #======================================================================

        # fetch default permissions

        #======================================================================

        default_user = User.get_by_username('default', cache=True)

        default_user_id = default_user.user_id

        default_repo_perms = Permission.get_default_perms(default_user_id)

        default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)

        if user.is_admin:

            #==================================================================

            # admin user have all default rights for repositories

            # and groups set to admin

            #==================================================================

            user.permissions[GLOBAL].add('hg.admin')

            # repositories

            for perm in default_repo_perms:

                r_k = perm.UserRepoToPerm.repository.repo_name

                p = 'repository.admin'

                user.permissions[RK][r_k] = p

            # repositories groups

            for perm in default_repo_groups_perms:

                rg_k = perm.UserRepoGroupToPerm.group.group_name

                p = 'group.admin'

                user.permissions[GK][rg_k] = p

            return user

        #==================================================================

        # set default permissions first for repositories and groups

        #==================================================================

        uid = user.user_id

        # default global permissions

        default_global_perms = self.sa.query(UserToPerm)\

            .filter(UserToPerm.user_id == default_user_id)

        for perm in default_global_perms:

            user.permissions[GLOBAL].add(perm.permission.permission_name)

        # defaults for repositories, taken from default user

        for perm in default_repo_perms:

            r_k = perm.UserRepoToPerm.repository.repo_name

            if perm.Repository.private and not (perm.Repository.user_id == uid):

                # disable defaults for private repos,

                p = 'repository.none'

            elif perm.Repository.user_id == uid:

                # set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions[RK][r_k] = p

        # defaults for repositories groups taken from default user permission

        # on given group

        for perm in default_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            user.permissions[GK][rg_k] = p

        #==================================================================

        # overwrite defaults with user permissions if any found

        #==================================================================

        # user global permissions

        user_perms = self.sa.query(UserToPerm)\

                .options(joinedload(UserToPerm.permission))\

                .filter(UserToPerm.user_id == uid).all()

        for perm in user_perms:

            user.permissions[GLOBAL].add(perm.permission.permission_name)

        # user explicit permissions for repositories

        user_repo_perms = \

         self.sa.query(UserRepoToPerm, Permission, Repository)\

         .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\

         .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\

         .filter(UserRepoToPerm.user_id == uid)\

         .all()

        for perm in user_repo_perms:

            # set admin if owner

            r_k = perm.UserRepoToPerm.repository.repo_name

            if perm.Repository.user_id == uid:

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions[RK][r_k] = p

        # USER GROUP

        #==================================================================

        # check if user is part of user groups for this repository and

        # fill in (or replace with higher) permissions

        #==================================================================

        # users group global

        user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\

            .options(joinedload(UsersGroupToPerm.permission))\

            .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==

                   UsersGroupMember.users_group_id))\

            .filter(UsersGroupMember.user_id == uid).all()

        for perm in user_perms_from_users_groups:

            user.permissions[GLOBAL].add(perm.permission.permission_name)

        # users group for repositories permissions

        user_repo_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\

         .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\

         .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\

         .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\

         .filter(UsersGroupMember.user_id == uid)\

         .all()

        for perm in user_repo_perms_from_users_groups:

            r_k = perm.UsersGroupRepoToPerm.repository.repo_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[RK][r_k]

            # overwrite permission only if it's greater than permission

            # given from other sources

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

                user.permissions[RK][r_k] = p

        # REPO GROUP

        #==================================================================

        # get access for this user for repos group and override defaults

        #==================================================================

        # user explicit permissions for repository

        user_repo_groups_perms = \

         self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\

         .filter(UserRepoGroupToPerm.user_id == uid)\

         .all()

        for perm in user_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][rg_k]

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

                user.permissions[GK][rg_k] = p

        # REPO GROUP + USER GROUP

        #==================================================================

        # check if user is part of user groups for this repo group and

        # fill in (or replace with higher) permissions

        #==================================================================

        # users group for repositories permissions

        user_repo_group_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\

         .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\

         .filter(UsersGroupMember.user_id == uid)\

         .all()

        for perm in user_repo_group_perms_from_users_groups:

            g_k = perm.UsersGroupRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][g_k]

            # overwrite permission only if it's greater than permission

            # given from other sources

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

                user.permissions[GK][g_k] = p

        return user

    def has_perm(self, user, perm):

        if not isinstance(perm, Permission):

            raise Exception('perm needs to be an instance of Permission class '

                            'got %s instead' % type(perm))

        user = self._get_user(user)

        return UserToPerm.query().filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user, perm):

        """

        Grant user global permissions

        :param user:

        :param perm:

        """

        user = self._get_user(user)

        perm = self._get_perm(perm)

        # if this permission is already granted skip it

        _perm = UserToPerm.query()\

            .filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm)\

            .scalar()

        if _perm:

            return

        new = UserToPerm()

        new.user = user

        new.permission = perm

        self.sa.add(new)

    def revoke_perm(self, user, perm):

        """

        Revoke users global permissions

        :param user:

        :param perm:

        """

        user = self._get_user(user)

        perm = self._get_perm(perm)

        obj = UserToPerm.query()\

                .filter(UserToPerm.user == user)\

                .filter(UserToPerm.permission == perm)\

                .scalar()

        if obj:

            self.sa.delete(obj)

    def add_extra_email(self, user, email):

        """

        Adds email address to UserEmailMap

        :param user:

        :param email:

        """

        user = self._get_user(user)

        obj = UserEmailMap()

        obj.user = user

        obj.email = email

        self.sa.add(obj)

        return obj

    def delete_extra_email(self, user, email_id):

        """

        Removes email address from UserEmailMap

        :param user:

        :param email_id:

        """

        user = self._get_user(user)

        obj = UserEmailMap.query().get(email_id)

        if obj:

## -*- coding: utf-8 -*-

##usage:

## <%namespace name="diff_block" file="/changeset/diff_block.html"/>

## ${diff_block.diff_block(change)}

##

<%def name="diff_block(change)">

%for op,filenode,diff,cs1,cs2,stat in change:

    %if op !='removed':

    <div id="${h.FID(filenode.changeset.raw_id,filenode.path)}_target" style="clear:both;margin-top:25px"></div>

    <div id="${h.FID(filenode.changeset.raw_id,filenode.path)}" class="diffblock  margined comm">

        <div class="code-header">

            <div class="changeset_header">

                <div class="changeset_file">

                    ${h.link_to_if(change!='removed',h.safe_unicode(filenode.path),h.url('files_home',repo_name=c.repo_name,

                    revision=filenode.changeset.raw_id,f_path=h.safe_unicode(filenode.path)))}

                </div>

                <div class="diff-actions">

                  <a href="${h.url('files_diff_home',repo_name=c.repo_name,f_path=h.safe_unicode(filenode.path),diff2=cs2,diff1=cs1,diff='diff',fulldiff=1)}" class="tooltip" title="${h.tooltip(_('diff'))}"><img class="icon" src="${h.url('/images/icons/page_white_go.png')}"/></a>

                  <a href="${h.url('files_diff_home',repo_name=c.repo_name,f_path=h.safe_unicode(filenode.path),diff2=cs2,diff1=cs1,diff='raw')}" class="tooltip" title="${h.tooltip(_('raw diff'))}"><img class="icon" src="${h.url('/images/icons/page_white.png')}"/></a>

                  <a href="${h.url('files_diff_home',repo_name=c.repo_name,f_path=h.safe_unicode(filenode.path),diff2=cs2,diff1=cs1,diff='download')}" class="tooltip" title="${h.tooltip(_('download diff'))}"><img class="icon" src="${h.url('/images/icons/page_white_get.png')}"/></a>

                  ${c.ignorews_url(request.GET, h.FID(filenode.changeset.raw_id,filenode.path))}

                  ${c.context_url(request.GET, h.FID(filenode.changeset.raw_id,filenode.path))}

                </div>

                <span style="float:right;margin-top:-3px">

                  <label>

                  ${_('show inline comments')}

                  ${h.checkbox('',checked="checked",class_="show-inline-comments",id_for=h.FID(filenode.changeset.raw_id,filenode.path))}

                  </label>

                </span>

            </div>

        </div>

        <div class="code-body">

            <div class="full_f_path" path="${h.safe_unicode(filenode.path)}"></div>

            ${diff|n}

        </div>

    </div>

    %endif

%endfor

</%def>

<%def name="diff_block_simple(change)">

  %for op,filenode_path,diff in change:

    <div id="${h.FID('',filenode_path)}_target" style="clear:both;margin-top:25px"></div>

    <div id="${h.FID('',filenode_path)}" class="diffblock  margined comm">      

      <div class="code-header">

          <div class="changeset_header">

              <div class="changeset_file">

                  <a href="#">${h.safe_unicode(filenode_path)}</a>

              </div>

          </div>

      </div>

        <div class="code-body">

            <div class="full_f_path" path="${h.safe_unicode(filenode_path)}"></div>

            ${diff|n}

        </div>

    </div>

  %endfor

## -*- coding: utf-8 -*-

<%inherit file="main.html"/>

<h4>${subject}</h4>

${body}

% if status_change is not None:

<div>

    New status -> ${status_change}

</div>